nixpkgs/pkgs/development/libraries/gstreamer/ugly/default.nix

{ stdenv, fetchurl, pkgconfig, python
, gst-plugins-base, orc
, a52dec, libcdio, libdvdread
, lame, libmad, libmpeg2, x264, libintlOrEmpty
}:

stdenv.mkDerivation rec {
  name = "gst-plugins-ugly-1.10.3";

  meta = with stdenv.lib; {
    description = "Gstreamer Ugly Plugins";
    homepage    = "http://gstreamer.freedesktop.org";
    longDescription = ''
      a set of plug-ins that have good quality and correct functionality,
      but distributing them might pose problems.  The license on either
      the plug-ins or the supporting libraries might not be how we'd
      like. The code might be widely known to present patent problems.
    '';
    license     = licenses.lgpl2Plus;
    platforms   = platforms.unix;
  };

  src = fetchurl {
    url = "${meta.homepage}/src/gst-plugins-ugly/${name}.tar.xz";
    sha256 = "1lkb8kznc9wxmhbp7k67b50y27nz8jp2x2flb91xzydz7b89f5f9";
  };

  outputs = [ "out" "dev" ];

  nativeBuildInputs = [ pkgconfig python ];

  buildInputs = [
    gst-plugins-base orc
    a52dec libcdio libdvdread
    lame libmad libmpeg2 x264
  ] ++ libintlOrEmpty;

  NIX_LDFLAGS = if stdenv.isDarwin then "-lintl" else null;
}
add gstreamer 1.2.1 2013-12-23 07:36:37 -08:00			`{ stdenv, fetchurl, pkgconfig, python`
			`, gst-plugins-base, orc`
			`, a52dec, libcdio, libdvdread`
gst-plugins-ugly 1.x: fix Darwin build 2015-04-08 18:55:19 -07:00			`, lame, libmad, libmpeg2, x264, libintlOrEmpty`
add gstreamer 1.2.1 2013-12-23 07:36:37 -08:00			`}:`

			`stdenv.mkDerivation rec {`
gstreamer-*: 1.10.2 -> 1.10.3 for multiple CVEs gst-plugins-bad: From the Arch Linux advisory: - CVE-2017-5843 (arbitrary code execution): A double-free issue has been found in gstreamer before 1.10.3, in gst_mxf_demux_update_essence_tracks. - CVE-2017-5848 (denial of service): An out-of-bounds read has been found in gstreamer before 1.10.3, in gst_ps_demux_parse_psm. More: https://lwn.net/Vulnerabilities/713772/ gst-plugins-base: From the Arch Linux advisory: - CVE-2017-5837 (denial of service): A floating point exception issue has been found in gstreamer before 1.10.3, in gst_riff_create_audio_caps. - CVE-2017-5839 (denial of service): An endless recursion issue leading to stack overflow has been found in gstreamer before 1.10.3, in gst_riff_create_audio_caps. - CVE-2017-5842 (arbitrary code execution): An off-by-one write has been found in gstreamer before 1.10.3, in html_context_handle_element. - CVE-2017-5844 (denial of service): A floating point exception issue has been found in gstreamer before 1.10.3, in gst_riff_create_audio_caps. More: https://lwn.net/Vulnerabilities/713773/ gst-plugins-good: From the Arch Linux advisory: - CVE-2016-10198 (denial of service): An invalid memory read flaw has been found in gstreamer before 1.10.3, in gst_aac_parse_sink_setcaps. - CVE-2016-10199 (denial of service): An out of bounds read has been found in gstreamer before 1.10.3, in qtdemux_tag_add_str_full. - CVE-2017-5840 (denial of service): An out-of-bounds read has been found in gstreamer before 1.10.3, in qtdemux_parse_samples. - CVE-2017-5841 (denial of service): An out-of-bounds read has been found in gstreamer before 1.10.3, in gst_avi_demux_parse_ncdt. - CVE-2017-5845 (denial of service): An out-of-bounds read has been found in gstreamer before 1.10.3, in gst_avi_demux_parse_ncdt. More: https://lwn.net/Vulnerabilities/713774/ gst-plugins-ugly: From the Arch Linux advisory: - CVE-2017-5846 (denial of service): An out-of-bounds read has been found in gstreamer before 1.10.3, in gst_asf_demux_process_ext_stream_props. - CVE-2017-5847 (denial of service): An out-of-bounds read has been found in gstreamer before 1.10.3, in gst_asf_demux_process_ext_content_desc. More: https://lwn.net/Vulnerabilities/713775/ gstreamer: From the Arch Linux advisory: An out of bounds read has been found in gstreamer before 1.10.3, in gst_date_time_new_from_iso8601_string. More: https://lwn.net/Vulnerabilities/713776/ 2017-02-08 05:27:59 -08:00			`name = "gst-plugins-ugly-1.10.3";`
add gstreamer 1.2.1 2013-12-23 07:36:37 -08:00
gst-plugins-ugly: add description 2014-03-17 06:47:58 -07:00			`meta = with stdenv.lib; {`
			`description = "Gstreamer Ugly Plugins";`
			`homepage = "http://gstreamer.freedesktop.org";`
			`longDescription = ''`
			`a set of plug-ins that have good quality and correct functionality,`
			`but distributing them might pose problems. The license on either`
			`the plug-ins or the supporting libraries might not be how we'd`
			`like. The code might be widely known to present patent problems.`
			`'';`
			`license = licenses.lgpl2Plus;`
gst-plugins-ugly 1.x: fix Darwin build 2015-04-08 18:55:19 -07:00			`platforms = platforms.unix;`
add gstreamer 1.2.1 2013-12-23 07:36:37 -08:00			`};`

			`src = fetchurl {`
			`url = "${meta.homepage}/src/gst-plugins-ugly/${name}.tar.xz";`
gstreamer-*: 1.10.2 -> 1.10.3 for multiple CVEs gst-plugins-bad: From the Arch Linux advisory: - CVE-2017-5843 (arbitrary code execution): A double-free issue has been found in gstreamer before 1.10.3, in gst_mxf_demux_update_essence_tracks. - CVE-2017-5848 (denial of service): An out-of-bounds read has been found in gstreamer before 1.10.3, in gst_ps_demux_parse_psm. More: https://lwn.net/Vulnerabilities/713772/ gst-plugins-base: From the Arch Linux advisory: - CVE-2017-5837 (denial of service): A floating point exception issue has been found in gstreamer before 1.10.3, in gst_riff_create_audio_caps. - CVE-2017-5839 (denial of service): An endless recursion issue leading to stack overflow has been found in gstreamer before 1.10.3, in gst_riff_create_audio_caps. - CVE-2017-5842 (arbitrary code execution): An off-by-one write has been found in gstreamer before 1.10.3, in html_context_handle_element. - CVE-2017-5844 (denial of service): A floating point exception issue has been found in gstreamer before 1.10.3, in gst_riff_create_audio_caps. More: https://lwn.net/Vulnerabilities/713773/ gst-plugins-good: From the Arch Linux advisory: - CVE-2016-10198 (denial of service): An invalid memory read flaw has been found in gstreamer before 1.10.3, in gst_aac_parse_sink_setcaps. - CVE-2016-10199 (denial of service): An out of bounds read has been found in gstreamer before 1.10.3, in qtdemux_tag_add_str_full. - CVE-2017-5840 (denial of service): An out-of-bounds read has been found in gstreamer before 1.10.3, in qtdemux_parse_samples. - CVE-2017-5841 (denial of service): An out-of-bounds read has been found in gstreamer before 1.10.3, in gst_avi_demux_parse_ncdt. - CVE-2017-5845 (denial of service): An out-of-bounds read has been found in gstreamer before 1.10.3, in gst_avi_demux_parse_ncdt. More: https://lwn.net/Vulnerabilities/713774/ gst-plugins-ugly: From the Arch Linux advisory: - CVE-2017-5846 (denial of service): An out-of-bounds read has been found in gstreamer before 1.10.3, in gst_asf_demux_process_ext_stream_props. - CVE-2017-5847 (denial of service): An out-of-bounds read has been found in gstreamer before 1.10.3, in gst_asf_demux_process_ext_content_desc. More: https://lwn.net/Vulnerabilities/713775/ gstreamer: From the Arch Linux advisory: An out of bounds read has been found in gstreamer before 1.10.3, in gst_date_time_new_from_iso8601_string. More: https://lwn.net/Vulnerabilities/713776/ 2017-02-08 05:27:59 -08:00			`sha256 = "1lkb8kznc9wxmhbp7k67b50y27nz8jp2x2flb91xzydz7b89f5f9";`
add gstreamer 1.2.1 2013-12-23 07:36:37 -08:00			`};`

treewide: Shuffle outputs Make either 'bin' or 'out' the first output. 2016-08-28 17:30:01 -07:00			`outputs = [ "out" "dev" ];`
gstreamer-1.0: multiple outputs 2016-04-24 05:39:30 -07:00
add gstreamer 1.2.1 2013-12-23 07:36:37 -08:00			`nativeBuildInputs = [ pkgconfig python ];`

			`buildInputs = [`
			`gst-plugins-base orc`
			`a52dec libcdio libdvdread`
			`lame libmad libmpeg2 x264`
gst-plugins-ugly 1.x: fix Darwin build 2015-04-08 18:55:19 -07:00			`] ++ libintlOrEmpty;`

			`NIX_LDFLAGS = if stdenv.isDarwin then "-lintl" else null;`
add gstreamer 1.2.1 2013-12-23 07:36:37 -08:00			`}`