mpg321: fix CVE-2018-7263

Close #57154
Close #70105
This commit is contained in:
c0bw3b 2019-11-11 17:50:37 +01:00 committed by Robert Helgesson
parent 92edb06109
commit 1289606e02
No known key found for this signature in database
GPG Key ID: 36BDAA14C2797E89

View File

@ -1,4 +1,4 @@
{stdenv, fetchurl, libao, libmad, libid3tag, zlib, alsaLib
{stdenv, fetchurl, fetchpatch, libao, libmad, libid3tag, zlib, alsaLib
# Specify default libao output plugin to use (e.g. "alsa", "pulse" …).
# If null, it will use the libao system default.
, defaultAudio ? null
@ -13,6 +13,14 @@ stdenv.mkDerivation rec {
sha256 = "0ki8mh76bbmdh77qsiw682dvi8y468yhbdabqwg05igmwc1wqvq5";
};
patches = [
(fetchpatch {
name = "CVE-2018-7263.patch";
url = "https://sources.debian.org/data/main/m/mpg321/0.3.2-3/debian/patches/handle_illegal_bitrate_value.patch";
sha256 = "15simp5fjvm9b024ryfh441rkh2d5bcrizqkzlrh07n9sm7fkw6x";
})
];
hardeningDisable = [ "format" ];
configureFlags =