Merge pull request #197782 from risicle/ris-pjsip-CVE-2022-39269-CVE-2022-39244

2022-10-27 01:14:38 +02:00 · 2022-10-27 01:14:38 +02:00 · 50d91e7871
commit 50d91e7871
parent b05729432a 91a37f5d6d
2 changed files with 15 additions and 1 deletions
--- a/pkgs/applications/networking/instant-messengers/jami/default.nix
+++ b/pkgs/applications/networking/instant-messengers/jami/default.nix
@ -71,10 +71,14 @@ rec {
        sha256 = "sha256-ENRfQh/HCXqInTV0tu8tGQO7+vTbST6XXpptERXMACE=";
      };

-      patches = old.patches ++ (map (x: patch-src + x) (readLinesToList ./config/pjsip_patches));
+      patches = (map (x: patch-src + x) (readLinesToList ./config/pjsip_patches));

      configureFlags = (readLinesToList ./config/pjsip_args_common)
        ++ lib.optionals stdenv.isLinux (readLinesToList ./config/pjsip_args_linux);
+
+      meta = {
+        knownVulnerabilities = [ "CVE-2022-39269" "CVE-2022-39244" ];
+      } // old.meta;
    });

  opendht-jami = opendht.override {
--- a/pkgs/applications/networking/pjsip/default.nix
+++ b/pkgs/applications/networking/pjsip/default.nix
@ -13,6 +13,16 @@ stdenv.mkDerivation rec {

  patches = [
    ./fix-aarch64.patch
+    (fetchpatch {
+      name = "CVE-2022-39269.patch";
+      url = "https://github.com/pjsip/pjproject/commit/d2acb9af4e27b5ba75d658690406cec9c274c5cc.patch";
+      sha256 = "sha256-bKE/MrRAqN1FqD2ubhxIOOf5MgvZluHHeVXPjbR12iQ=";
+    })
+    (fetchpatch {
+      name = "CVE-2022-39244.patch";
+      url = "https://github.com/pjsip/pjproject/commit/c4d34984ec92b3d5252a7d5cddd85a1d3a8001ae.patch";
+      sha256 = "sha256-hTUMh6bYAizn6GF+sRV1vjKVxSf9pnI+eQdPOqsdJI4=";
+    })
  ];

  buildInputs = [ openssl libsamplerate ]