diff --git a/pkgs/servers/pulseaudio/default.nix b/pkgs/servers/pulseaudio/default.nix index 0665222a9e0..2c6f6c10493 100644 --- a/pkgs/servers/pulseaudio/default.nix +++ b/pkgs/servers/pulseaudio/default.nix @@ -1,4 +1,4 @@ -{ stdenv, fetchurl, pkgconfig, gnum4, gdbm, libtool, glib, dbus, avahi +{ stdenv, fetchurl, fetchpatch, pkgconfig, gnum4, gdbm, libtool, glib, dbus, avahi , gconf, gtk, intltool, gettext, alsaLib, libsamplerate, libsndfile, speex , bluez, sbc, udev, libcap, json_c , jackaudioSupport ? false, jack2 ? null @@ -15,6 +15,13 @@ stdenv.mkDerivation rec { sha256 = "0fgrr8v7yfh0byhzdv4c87v9lkj8g7gpjm8r9xrbvpa92a5kmhcr"; }; + patches = [(fetchpatch { + name = "CVE-2014-3970.patch"; + url = "http://cgit.freedesktop.org/pulseaudio/pulseaudio/patch/" + + "?id=26b9d22dd24c17eb118d0205bf7b02b75d435e3c"; + sha256 = "13vxp6520djgfrfxkzy5qvabl94sga3yl5pj93xawbkgwzqymdyq"; + })]; + # Since `libpulse*.la' contain `-lgdbm' and `-lcap', it must be propagated. propagatedBuildInputs = [ gdbm ] ++ stdenv.lib.optionals stdenv.isLinux [ libcap ];