Merge pull request #213209 from LeSuisse/gpac-2.2.0

gpac: 2.0.0 -> 2.2.0
2024-11-27 09:23:01 +00:00 · 2023-01-28 21:22:15 +01:00 · 2023-01-28 21:22:15 +01:00 · 10ababba02
commit 10ababba02
parent 3efb469016 d200764b36
1 changed files with 10 additions and 15 deletions
--- a/pkgs/applications/video/gpac/default.nix
+++ b/pkgs/applications/video/gpac/default.nix
@ -1,19 +1,23 @@
-{ lib, stdenv, fetchFromGitHub, pkg-config, zlib }:
+{ lib, stdenv, fetchFromGitHub, fetchpatch, pkg-config, zlib }:

 stdenv.mkDerivation rec {
-  version = "2.0.0";
+  version = "2.2.0";
  pname = "gpac";

  src = fetchFromGitHub {
    owner = "gpac";
    repo = "gpac";
    rev = "v${version}";
-    sha256 = "sha256-MIX32lSqf/lrz9240h4wMIQp/heUmwvDJz8WN08yf6c=";
+    sha256 = "sha256-m2qXTXLGgAyU9y6GEk4Hp/7Al57IPRSqImJatIcwswQ=";
  };

-  postPatch = ''
-    substituteInPlace Makefile --replace 'dh_link' 'ln -s'
-  '';
+  patches = [
+    (fetchpatch {
+      name = "CVE-2023-0358.patch";
+      url = "https://github.com/gpac/gpac/commit/9971fb125cf91cefd081a080c417b90bbe4a467b.patch";
+      sha256 = "sha256-0PDQXahbJCOo1JJAC0T0N1u2mqmwAkdm87wXMJnBicM=";
+    })
+  ];

  # this is the bare minimum configuration, as I'm only interested in MP4Box
  # For most other functionality, this should probably be extended
@ -41,14 +45,5 @@ stdenv.mkDerivation rec {
    license = licenses.lgpl21;
    maintainers = with maintainers; [ bluescreen303 mgdelacroix ];
    platforms = platforms.linux;
-    knownVulnerabilities = [
-      "CVE-2022-1035"
-      "CVE-2022-1172"
-      "CVE-2022-1222"
-      "CVE-2022-1795"
-      "CVE-2022-2453"
-      "CVE-2022-2454"
-      "CVE-2022-2549"
-    ];
  };
 }