Skip to content
Permalink

Comparing changes

Choose two branches to see what’s changed or to start a new pull request. If you need to, you can also or learn more about diff comparisons.

Open a pull request

Create a new pull request by comparing changes across two branches. If you need to, you can also . Learn more about diff comparisons here.
base repository: NixOS/nixpkgs
Failed to load repositories. Confirm that selected base ref is valid, then try again.
Loading
base: 7974217f94c2
Choose a base ref
...
head repository: NixOS/nixpkgs
Failed to load repositories. Confirm that selected head ref is valid, then try again.
Loading
compare: df6af9daab6e
Choose a head ref
  • 2 commits
  • 1 file changed
  • 2 contributors

Commits on May 15, 2021

  1. flac: fix out of bound reads due to heap buffer overflow 

    Fixes: CVE-2020-0499
(cherry picked from commit 279bdc9)
    @mweinelt
    mweinelt authored and Jonathan Ringer committed May 15, 2021

    Unverified

    This commit is not signed, but one or more authors requires that any commit attributed to them is signed.
    Learn about vigilant mode
    Copy the full SHA
    335237d View commit details

Commits on May 16, 2021

  1. Merge branch 'staging-20.09' into release-20.09

    @vcunat
    vcunat committed May 16, 2021

    Verified

    This commit was signed with the committer’s verified signature.
    vcunat Vladimír Čunát
    GPG key ID: E747DF1F9575A3AA
    Verified
    Learn about vigilant mode
    Copy the full SHA
    df6af9d View commit details
Showing with 12 additions and 3 deletions.
  1. +12 −3 pkgs/applications/audio/flac/default.nix
15 changes: 12 additions & 3 deletions pkgs/applications/audio/flac/default.nix
View file
Original file line number Diff line number Diff line change
@@ -1,13 +1,22 @@
{ stdenv, fetchurl, libogg }:
{ stdenv, fetchurl, fetchpatch, libogg }:

stdenv.mkDerivation rec {
name = "flac-1.3.3";
pname = "flac";
version = "1.3.3";

src = fetchurl {
url = "http://downloads.xiph.org/releases/flac/${name}.tar.xz";
url = "http://downloads.xiph.org/releases/flac/${pname}-${version}.tar.xz";
sha256 = "0j0p9sf56a2fm2hkjnf7x3py5ir49jyavg4q5zdyd7bcf6yq4gi1";
};

patches = [
(fetchpatch {
name = "CVE-2020-0499.patch";
url = "https://github.com/xiph/flac/commit/2e7931c27eb15e387da440a37f12437e35b22dd4.patch";
sha256 = "160qzq9ms5addz7sx06pnyjjkqrffr54r4wd8735vy4x008z71ah";
})
];

buildInputs = [ libogg ];

#doCheck = true; # takes lots of time