opusfile: apply patch for CVE-2022-47021

Upstream issue: xiph/opusfile#36
LeSuisse · Jan 27, 2023 · 6515a7a · 6515a7a
1 parent 99e3030
commit 6515a7a
Showing 1 changed file with 9 additions and 2 deletions.
diff --git a/pkgs/applications/audio/opusfile/default.nix b/pkgs/applications/audio/opusfile/default.nix
@@ -1,4 +1,4 @@
-{ lib, stdenv, fetchurl, pkg-config, openssl, libogg, libopus }:
+{ lib, stdenv, fetchurl, pkg-config, openssl, libogg, libopus, fetchpatch }:
 
 stdenv.mkDerivation rec {
   pname = "opusfile";
@@ -12,7 +12,14 @@ stdenv.mkDerivation rec {
   buildInputs = [ openssl libogg ];
   propagatedBuildInputs = [ libopus ];
   outputs = [ "out" "dev" ];
-  patches = [ ./include-multistream.patch ]
+  patches = [
+    ./include-multistream.patch
+    (fetchpatch {
+      name = "CVE-2022-47021.patch";
+      url = "https://github.com/xiph/opusfile/commit/0a4cd796df5b030cb866f3f4a5e41a4b92caddf5.patch";
+      sha256 = "sha256-XThI/ys5caB+OncFVfxm5IsvQPy1MbLQKwIlYjPvTJQ=";
+    })
+  ]
     # fixes problem with openssl 1.1 dependency
     # see https://github.com/xiph/opusfile/issues/13
     ++ lib.optionals stdenv.hostPlatform.isWindows [ ./disable-cert-store.patch ];