ffmpeg{_4,-full}: 4.1.3 -> 4.1.4 (security)

Fixes #64656 CVE-2019-13312 CVE-2019-13390.
2019-07-30 15:30:19 +02:00 · 2019-07-30 15:30:19 +02:00 · 3e17fe4522
commit 3e17fe4522
parent ccc55347c5
2 changed files with 15 additions and 5 deletions
--- a/pkgs/development/libraries/ffmpeg-full/default.nix
+++ b/pkgs/development/libraries/ffmpeg-full/default.nix
@ -1,4 +1,4 @@
-{ stdenv, fetchurl, pkgconfig, perl, texinfo, yasm
+{ stdenv, fetchurl, fetchpatch, pkgconfig, perl, texinfo, yasm
 /*
 *  Licensing options (yes some are listed twice, filters and such are not listed)
 */
@ -234,12 +234,17 @@ assert opensslExtlib -> gnutls == null && openssl != null && nonfreeLicensing;

 stdenv.mkDerivation rec {
  name = "ffmpeg-full-${version}";
-  version = "4.1.3";
+  version = "4.1.4";

  src = fetchurl {
    url = "https://www.ffmpeg.org/releases/ffmpeg-${version}.tar.xz";
-    sha256 = "0gdnprc7gk4b7ckq8wbxbrj7i00r76r9a5g9mj7iln40512j0c0c";
+    sha256 = "1qd7a10gs12ifcp31gramcgqjl77swskjfp7cijibgyg5yl4kw7i";
  };
+  patches = [(fetchpatch { # remove on update
+    name = "fix-hardcoded-tables.diff";
+    url = "http://git.ffmpeg.org/gitweb/ffmpeg.git/commitdiff_plain/c8232e50074f";
+    sha256 = "0jlksks4fjajby8fjk7rfp414gxfdgd6q9khq26i52xvf4kg2dw6";
+  })];

  prePatch = ''
    patchShebangs .
--- a/pkgs/development/libraries/ffmpeg/4.nix
+++ b/pkgs/development/libraries/ffmpeg/4.nix
@ -6,7 +6,12 @@

 callPackage ./generic.nix (args // rec {
  version = "${branch}";
-  branch = "4.1.3";
-  sha256 = "0aka5pibjhpks1wrsvqpy98v8cbvyvnngwqhh4ajkg6pbdl7k9i9";
+  branch = "4.1.4";
+  sha256 = "01w44ygm5bvc243hlhfnvb2lxfb0blz2cxnphxqgw30vj3c1prx7";
+  patches = [(fetchpatch { # remove on update
+    name = "fix-hardcoded-tables.diff";
+    url = "http://git.ffmpeg.org/gitweb/ffmpeg.git/commitdiff_plain/c8232e50074f";
+    sha256 = "0jlksks4fjajby8fjk7rfp414gxfdgd6q9khq26i52xvf4kg2dw6";
+  })];
  darwinFrameworks = [ Cocoa CoreMedia VideoToolbox ];
 })