freeswitch: patch CVE-2023-5217 and CVE-2023-44488 (b153175f) · Commits · nix / nixpkgs

pkgs/servers/sip/freeswitch/default.nix

+37 −7

Original line number	Diff line number	Diff line
		{ fetchFromGitHub, stdenv, lib, pkg-config, autoreconfHook
		, ncurses, gnutls, readline
		, openssl, perl, sqlite, libjpeg, speex, pcre, libuuid
		, ldns, libedit, yasm, which, libsndfile, libtiff, libxcrypt

		{ fetchFromGitHub
		, fetchpatch
		, stdenv
		, lib
		, pkg-config
		, autoreconfHook
		, ncurses
		, gnutls
		, readline
		, openssl
		, perl
		, sqlite
		, libjpeg
		, speex
		, pcre
		, libuuid
		, ldns
		, libedit
		, yasm
		, which
		, libsndfile
		, libtiff
		, libxcrypt
		, callPackage

		, SystemConfiguration

		, modules ? null
		, nixosTests
		}:
		@@ -110,6 +126,20 @@ stdenv.mkDerivation rec {
		done
		'';

		## TODO Validate with the next upstream release
		patches = [
		(fetchpatch {
		name = "CVE-2023-44488.patch";
		url = "https://github.com/signalwire/freeswitch/commit/f1fb05214e4f427dcf922f531431ab649cf0622b.patch";
		hash = "sha256-6GMebE6O2EBx60NE2LSRVljaiLm9T4zTrkIpwGvaB08=";
		})
		(fetchpatch {
		name = "CVE-2023-5217.patch";
		url = "https://github.com/signalwire/freeswitch/commit/6f9e72c585265d8def8a613b36cd4f524c201980.patch";
		hash = "sha256-l64mBpyq/TzRM78n73kbuD0UNsk5zIH5QNJlMKdPfr4=";
		})
		];

		strictDeps = true;
		nativeBuildInputs = [ pkg-config autoreconfHook perl which yasm ];
		buildInputs = [