dav1d: add patch for CVE-2024-1580

author: Robert Scott <code@humanleg.org.uk> 2024-02-23 19:14:46 +0000
committer: Robert Scott <code@humanleg.org.uk> 2024-02-23 19:14:46 +0000
commit: f673c1bfa9cc13953b907a4c3ce1ea891e225898 (patch)
tree: d754c06ef03421101fb052001d869306173ddb86
parent: Merge pull request #290699 from NixOS/backport-289832-to-release-23.11 (diff)
download: nixpkgs-f673c1bfa9cc13953b907a4c3ce1ea891e225898.tar.gz
1 files changed, 9 insertions, 1 deletions
diff --git a/pkgs/development/libraries/dav1d/default.nix b/pkgs/development/libraries/dav1d/default.nix
index 9c5e5101c8af..5391ce7938e7 100644
--- a/pkgs/development/libraries/dav1d/default.nix
+++ b/pkgs/development/libraries/dav1d/default.nix
@@ -1,4 +1,4 @@
-{ lib, stdenv, fetchFromGitHub
+{ lib, stdenv, fetchFromGitHub, fetchpatch
 , meson, ninja, nasm, pkg-config
 , xxHash
 , withTools ? false # "dav1d" binary
@@ -26,6 +26,14 @@ stdenv.mkDerivation rec {
     hash = "sha256-RrEim3HXXjx2RUU7K3wPH3QbhNTRN9ZX/oAcyE9aV8I=";
   };
 
+  patches = [
+    (fetchpatch {
+      name = "CVE-2024-1580.patch";
+      url = "https://code.videolan.org/videolan/dav1d/-/commit/2b475307dc11be9a1c3cc4358102c76a7f386a51.patch";
+      hash = "sha256-QexrqCBqWdXc9NyVyNNkGMe6yJVZlJI3h0/xK23d97E=";
+    })
+  ];
+
   outputs = [ "out" "dev" ];
 
   nativeBuildInputs = [ meson ninja nasm pkg-config ];
author	Robert Scott <code@humanleg.org.uk>	2024-02-23 19:14:46 +0000
committer	Robert Scott <code@humanleg.org.uk>	2024-02-23 19:14:46 +0000
commit	f673c1bfa9cc13953b907a4c3ce1ea891e225898 (patch)
tree	d754c06ef03421101fb052001d869306173ddb86
parent	Merge pull request #290699 from NixOS/backport-289832-to-release-23.11 (diff)
download	nixpkgs-f673c1bfa9cc13953b907a4c3ce1ea891e225898.tar.gz