From 81ed9fd47b3949f86d0fb5a4ba3106628b8c86db Mon Sep 17 00:00:00 2001 From: Izorkin Date: Mon, 5 Jul 2021 13:59:30 +0300 Subject: [PATCH 1/2] ffmpeg_4: fix incorrect segment length in hls (cherry picked from commit ae8dd3c149b4d49e683f1414d417801b80b283e2) --- pkgs/development/libraries/ffmpeg/4.nix | 18 +++++++++++++++--- 1 file changed, 15 insertions(+), 3 deletions(-) diff --git a/pkgs/development/libraries/ffmpeg/4.nix b/pkgs/development/libraries/ffmpeg/4.nix index df3d0732393..d557c87ebdf 100644 --- a/pkgs/development/libraries/ffmpeg/4.nix +++ b/pkgs/development/libraries/ffmpeg/4.nix @@ -2,6 +2,7 @@ # Darwin frameworks , Cocoa, CoreMedia, VideoToolbox , stdenv, lib +, fetchpatch , ... }@args: @@ -11,7 +12,18 @@ callPackage ./generic.nix (rec { sha256 = "03kxc29y8190k4y8s8qdpsghlbpmchv1m8iqygq2qn0vfm4ka2a2"; darwinFrameworks = [ Cocoa CoreMedia VideoToolbox ]; - /* Work around https://trac.ffmpeg.org/ticket/9242 */ - patches = lib.optional stdenv.isDarwin - ./v2-0001-avcodec-videotoolboxenc-define-TARGET_CPU_ARM64-t.patch; + patches = [ + # Fix incorrect segment length in HLS child playlist with fmp4 segment format + # FIXME remove in version 4.5 + # https://trac.ffmpeg.org/ticket/9193 + # https://trac.ffmpeg.org/ticket/9205 + (fetchpatch { + name = "ffmpeg_fix_incorrect_segment_length_in_hls.patch"; + url = "https://git.videolan.org/?p=ffmpeg.git;a=commitdiff_plain;h=59032494e81a1a65c0b960aaae7ec4c2cc9db35a"; + sha256 = "03zz1lw51kkc3g3vh47xa5hfiz3g3g1rbrll3kcnslvwylmrqmy3"; + }) + ] ++ lib.optionals stdenv.isDarwin [ + # Work around https://trac.ffmpeg.org/ticket/9242 + ./v2-0001-avcodec-videotoolboxenc-define-TARGET_CPU_ARM64-t.patch + ]; } // args) From 568b939c3eb38fc1e211a105c2adf188de8867c1 Mon Sep 17 00:00:00 2001 From: TredwellGit Date: Tue, 17 Aug 2021 02:31:11 +0000 Subject: [PATCH 2/2] ffmpeg: patch CVE-2021-33815 and CVE-2021-38114 https://nvd.nist.gov/vuln/detail/CVE-2021-33815 https://nvd.nist.gov/vuln/detail/CVE-2021-38114 (cherry picked from commit a83f82576b578531eb2894e0d7b279b59af23cd6) --- pkgs/development/libraries/ffmpeg-full/default.nix | 2 +- pkgs/development/libraries/ffmpeg/4.nix | 10 ++++++++++ 2 files changed, 11 insertions(+), 1 deletion(-) diff --git a/pkgs/development/libraries/ffmpeg-full/default.nix b/pkgs/development/libraries/ffmpeg-full/default.nix index dcd1388143d..2186c154f80 100644 --- a/pkgs/development/libraries/ffmpeg-full/default.nix +++ b/pkgs/development/libraries/ffmpeg-full/default.nix @@ -243,7 +243,7 @@ assert opensslExtlib -> gnutls == null && openssl != null && nonfreeLicensing; stdenv.mkDerivation rec { pname = "ffmpeg-full"; - inherit (ffmpeg) src version; + inherit (ffmpeg) src version patches; prePatch = '' patchShebangs . diff --git a/pkgs/development/libraries/ffmpeg/4.nix b/pkgs/development/libraries/ffmpeg/4.nix index d557c87ebdf..f3758ca5392 100644 --- a/pkgs/development/libraries/ffmpeg/4.nix +++ b/pkgs/development/libraries/ffmpeg/4.nix @@ -13,6 +13,16 @@ callPackage ./generic.nix (rec { darwinFrameworks = [ Cocoa CoreMedia VideoToolbox ]; patches = [ + (fetchpatch { + name = "CVE-2021-33815.patch"; + url = "https://github.com/FFmpeg/FFmpeg/commit/26d3c81bc5ef2f8c3f09d45eaeacfb4b1139a777.patch"; + sha256 = "0l8dqga5845f7d3wdbvd05i23saldq4pm2cyfdgszbr0c18sxagf"; + }) + (fetchpatch { + name = "CVE-2021-38114.patch"; + url = "https://github.com/FFmpeg/FFmpeg/commit/7150f9575671f898382c370acae35f9087a30ba1.patch"; + sha256 = "0gwkc7v1wsh4j0am2nnskhsca1b5aqzhcfd41sd9mh2swsdyf27i"; + }) # Fix incorrect segment length in HLS child playlist with fmp4 segment format # FIXME remove in version 4.5 # https://trac.ffmpeg.org/ticket/9193