diff --git a/pkgs/applications/audio/mpg321/default.nix b/pkgs/applications/audio/mpg321/default.nix index 65dfe3484b66..fdefcf7e77d6 100644 --- a/pkgs/applications/audio/mpg321/default.nix +++ b/pkgs/applications/audio/mpg321/default.nix @@ -1,4 +1,4 @@ -{stdenv, fetchurl, libao, libmad, libid3tag, zlib, alsaLib +{stdenv, fetchurl, fetchpatch, libao, libmad, libid3tag, zlib, alsaLib # Specify default libao output plugin to use (e.g. "alsa", "pulse" …). # If null, it will use the libao system default. , defaultAudio ? null @@ -13,6 +13,14 @@ stdenv.mkDerivation rec { sha256 = "0ki8mh76bbmdh77qsiw682dvi8y468yhbdabqwg05igmwc1wqvq5"; }; + patches = [ + (fetchpatch { + name = "CVE-2018-7263.patch"; + url = "https://sources.debian.org/data/main/m/mpg321/0.3.2-3/debian/patches/handle_illegal_bitrate_value.patch"; + sha256 = "15simp5fjvm9b024ryfh441rkh2d5bcrizqkzlrh07n9sm7fkw6x"; + }) + ]; + hardeningDisable = [ "format" ]; configureFlags =