diff --git a/pkgs/development/libraries/libde265/default.nix b/pkgs/development/libraries/libde265/default.nix index bbbcdc3f0544..762fe1765fd2 100644 --- a/pkgs/development/libraries/libde265/default.nix +++ b/pkgs/development/libraries/libde265/default.nix @@ -1,4 +1,4 @@ -{ lib, stdenv, fetchFromGitHub, autoreconfHook, pkg-config }: +{ lib, stdenv, fetchFromGitHub, fetchpatch, autoreconfHook, pkg-config }: stdenv.mkDerivation rec { version = "1.0.8"; @@ -11,6 +11,14 @@ stdenv.mkDerivation rec { sha256 = "1dzflqbk248lz5ws0ni5acmf32b3rmnq5gsfaz7691qqjxkl1zml"; }; + patches = [ + (fetchpatch { + name = "CVE-2022-1253.patch"; + url = "https://github.com/strukturag/libde265/commit/8e89fe0e175d2870c39486fdd09250b230ec10b8.patch"; + sha256 = "sha256-F1BOWFx9oXR2trM22atyD3AJ5x6vVfURQ/PTlYP2Ibg="; + }) + ]; + nativeBuildInputs = [ autoreconfHook pkg-config ]; enableParallelBuilding = true; @@ -22,5 +30,4 @@ stdenv.mkDerivation rec { platforms = lib.platforms.unix; maintainers = with lib.maintainers; [ gebner ]; }; - }