From a92c42d197eee1d4a077d25ed9d23d74bf350b79 Mon Sep 17 00:00:00 2001 From: Pierre Bourdon Date: Wed, 2 Oct 2019 23:19:18 +0200 Subject: [PATCH] gst-plugins-base: apply patch for CVE-2019-9928 Refactor the patchPhase management for the package along the way to something more standard. --- .../gstreamer/legacy/gst-plugins-base/default.nix | 13 ++++++++++--- 1 file changed, 10 insertions(+), 3 deletions(-) diff --git a/pkgs/development/libraries/gstreamer/legacy/gst-plugins-base/default.nix b/pkgs/development/libraries/gstreamer/legacy/gst-plugins-base/default.nix index db75705c825..5a942b49cc0 100644 --- a/pkgs/development/libraries/gstreamer/legacy/gst-plugins-base/default.nix +++ b/pkgs/development/libraries/gstreamer/legacy/gst-plugins-base/default.nix @@ -18,11 +18,18 @@ stdenv.mkDerivation rec { sha256 = "0jp6hjlra98cnkal4n6bdmr577q8mcyp3c08s3a02c4hjhw5rr0z"; }; - patchPhase = '' + patches = [ + ./gcc-4.9.patch + (fetchurl { + url = "https://gitlab.freedesktop.org/gstreamer/gst-plugins-base/commit/f672277509705c4034bc92a141eefee4524d15aa.patch"; + name = "CVE-2019-9928.patch"; + sha256 = "0hz3lsq3ppmaf329sbyi05y1qniqfj9vlp2f3z918383pvrcms4i"; + }) + ]; + + postPatch = '' sed -i 's@/bin/echo@echo@g' configure sed -i -e 's/^ /\t/' docs/{libs,plugins}/Makefile.in - - patch -p1 < ${./gcc-4.9.patch} ''; outputs = [ "out" "dev" ];