diff --git a/pkgs/applications/audio/fdkaac/default.nix b/pkgs/applications/audio/fdkaac/default.nix index 7aef140da651..be6e0fcca228 100644 --- a/pkgs/applications/audio/fdkaac/default.nix +++ b/pkgs/applications/audio/fdkaac/default.nix @@ -1,4 +1,4 @@ -{ lib, stdenv, autoreconfHook, fetchFromGitHub, fdk_aac }: +{ lib, stdenv, autoreconfHook, fetchFromGitHub, fetchpatch, fdk_aac }: stdenv.mkDerivation rec { pname = "fdkaac"; @@ -11,6 +11,15 @@ stdenv.mkDerivation rec { sha256 = "sha256-7a8JlQtMGuMWgU/HePd31/EvtBNc2tBMz8V8NQivuNo="; }; + patches = [ + # To be removed when 1.0.4 is released, see https://github.com/nu774/fdkaac/issues/54 + (fetchpatch { + name = "CVE-2022-37781.patch"; + url = "https://github.com/nu774/fdkaac/commit/ecddb7d63306e01d137d65bbbe7b78c1e779943c.patch"; + sha256 = "sha256-uZPf5tqBmF7VWp1fJcjp5pbYGRfzqgPZpBHpkdWYkV0="; + }) + ]; + nativeBuildInputs = [ autoreconfHook ]; buildInputs = [ fdk_aac ];