From 3e99b5aec1668549bf4f608e74e84f18d4eb8375 Mon Sep 17 00:00:00 2001
From: Robert Scott <code@humanleg.org.uk>
Date: Mon, 8 Jul 2024 23:23:16 +0100
Subject: [PATCH 1/2] ffmpeg_5: add patch for CVE-2023-51794

---
 pkgs/development/libraries/ffmpeg/generic.nix | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/pkgs/development/libraries/ffmpeg/generic.nix b/pkgs/development/libraries/ffmpeg/generic.nix
index 6d54d63c6ca8..3b58c9c814a2 100644
--- a/pkgs/development/libraries/ffmpeg/generic.nix
+++ b/pkgs/development/libraries/ffmpeg/generic.nix
@@ -462,6 +462,11 @@ stdenv.mkDerivation (finalAttrs: {
         url = "https://git.ffmpeg.org/gitweb/ffmpeg.git/patch/e01a55c5283b82667dad347331816a5e20869ce9";
         hash = "sha256-m4rq+UFG3nXdgOJ3S6XcruMZ+CPw+twmy2HFv3cnvJc=";
       })
+      (fetchpatch2 {
+        name = "CVE-2023-51794.patch";
+        url = "https://git.ffmpeg.org/gitweb/ffmpeg.git/patch/50f0f8c53c818f73fe2d752708e2fa9d2a2d8a07";
+        hash = "sha256-5G9lmKjMEa0+vqbA8EEiNIr6QG+PeEoIL+uZP4Hlo28=";
+      })
     ]
     ++ optionals (lib.versionAtLeast version "6.1" && lib.versionOlder version "6.2") [
       (fetchpatch2 { # this can be removed post 6.1

From 0aded3256340f896837cbd03496acbd80114b8ec Mon Sep 17 00:00:00 2001
From: Robert Scott <code@humanleg.org.uk>
Date: Mon, 8 Jul 2024 23:23:31 +0100
Subject: [PATCH 2/2] ffmpeg_4: add patch for CVE-2023-51794

---
 pkgs/development/libraries/ffmpeg/generic.nix | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/pkgs/development/libraries/ffmpeg/generic.nix b/pkgs/development/libraries/ffmpeg/generic.nix
index 3b58c9c814a2..2a3415784b67 100644
--- a/pkgs/development/libraries/ffmpeg/generic.nix
+++ b/pkgs/development/libraries/ffmpeg/generic.nix
@@ -424,6 +424,11 @@ stdenv.mkDerivation (finalAttrs: {
             --replace 'const AVInputFormat *const ' 'const AVInputFormat *'
         '';
       })
+      (fetchpatch2 {
+        name = "CVE-2023-51794.patch";
+        url = "https://git.ffmpeg.org/gitweb/ffmpeg.git/patch/50f0f8c53c818f73fe2d752708e2fa9d2a2d8a07";
+        hash = "sha256-5G9lmKjMEa0+vqbA8EEiNIr6QG+PeEoIL+uZP4Hlo28=";
+      })
     ]
     ++ optionals (lib.versionAtLeast version "5" && lib.versionOlder version "6") [
       (fetchpatch2 {