From 822101ec374753a88e4c661daca1db8a316764e4 Mon Sep 17 00:00:00 2001
From: Viet Nguyen Duc <nguyenducviet4496@gmail.com>
Date: Mon, 23 Dec 2024 18:04:11 +0700
Subject: [PATCH] Patch CVE-2024-45338 for package rclone in image ffmpeg

Signed-off-by: Viet Nguyen Duc <nguyenducviet4496@gmail.com>
---
 .ffmpeg/Dockerfile | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/.ffmpeg/Dockerfile b/.ffmpeg/Dockerfile
index 2a3cb9e10..e9b48cbe1 100644
--- a/.ffmpeg/Dockerfile
+++ b/.ffmpeg/Dockerfile
@@ -3,6 +3,7 @@ ARG VERSION_FFMPEG="7.1"
 ARG VERSION_RCLONE="v1.68.2"
 ARG VERSION_GO="latest"
 ARG GO_CRYPTO_VERSION="v0.31.0"
+ARG GO_NET_VERSION="v0.33.0"
 
 USER root
 
@@ -33,6 +34,7 @@ RUN cd /usr/local/src \
     && git checkout $VERSION_RCLONE \
     # Patch deps version in go.mod to fix CVEs
     && sed -i "s|golang.org/x/crypto v.*|golang.org/x/crypto ${GO_CRYPTO_VERSION}|g" go.mod \
+    && sed -i "s|golang.org/x/net v.*|golang.org/x/net ${GO_NET_VERSION}|g" go.mod \
     && go mod tidy \
     # Build rclone
     && make \