pjsip: add patches for CVE-2022-23537 & CVE-2022-23547

2023-01-07 15:30:31 +00:00 · 2023-01-07 15:30:31 +00:00 · 513b812939
parent ac7445e754
commit 513b812939
1 changed files with 19 additions and 1 deletions
--- a/pkgs/applications/networking/pjsip/default.nix
+++ b/pkgs/applications/networking/pjsip/default.nix
@ -1,4 +1,12 @@
-{ lib, stdenv, fetchFromGitHub, openssl, libsamplerate, alsa-lib, AppKit }:
+{ lib
+, stdenv
+, fetchFromGitHub
+, fetchpatch
+, openssl
+, libsamplerate
+, alsa-lib
+, AppKit
+}:

 stdenv.mkDerivation rec {
  pname = "pjsip";
@ -13,6 +21,16 @@ stdenv.mkDerivation rec {

  patches = [
    ./fix-aarch64.patch
+    (fetchpatch {
+      name = "CVE-2022-23537.patch";
+      url = "https://github.com/pjsip/pjproject/commit/d8440f4d711a654b511f50f79c0445b26f9dd1e1.patch";
+      sha256 = "sha256-7ueQCHIiJ7MLaWtR4+GmBc/oKaP+jmEajVnEYqiwLRA=";
+    })
+    (fetchpatch {
+      name = "CVE-2022-23547.patch";
+      url = "https://github.com/pjsip/pjproject/commit/bc4812d31a67d5e2f973fbfaf950d6118226cf36.patch";
+      sha256 = "sha256-bpc8e8VAQpfyl5PX96G++6fzkFpw3Or1PJKNPKl7N5k=";
+    })
  ];

  buildInputs = [ openssl libsamplerate ]