vlc: add patch to fix CVE-2017-9300

This commit is contained in:
Franz Pletz 2017-10-02 17:42:54 +02:00
parent c0d41119b1
commit ad2ae842bb
No known key found for this signature in database
GPG Key ID: 846FDED7792617B4

View File

@ -11,6 +11,7 @@
, qt4 ? null
, withQt5 ? false, qtbase ? null, qtx11extras ? null
, jackSupport ? false
, fetchpatch
}:
with stdenv.lib;
@ -27,6 +28,14 @@ stdenv.mkDerivation rec {
sha256 = "1a22b913p2227ljz89c4fgjlyln5gcz8z58w32r0wh4srnnd60y4";
};
patches = [
(fetchpatch {
name = "CVE-2017-9300.patch";
url = "https://git.videolan.org/?p=vlc/vlc-2.2.git;a=patch;h=55a82442cfea9dab8b853f3a4610f2880c5fadf3;hp=dbe888f9ca9c3b102478b4a16a3d1d985c267899";
sha256 = "0l0fwqkn31lggwc5dkhb58gkv8pc6ng51y0izjigqvfqvhwdnzxn";
})
];
# Comment-out the Qt 5.5 version check, as we do apply the relevant patch.
# https://trac.videolan.org/vlc/ticket/16497
postPatch = if (!withQt5) then null else