nixpkgs/pkgs/development/libraries/libvorbis/default.nix

{ stdenv, fetchurl, libogg, pkgconfig, fetchpatch }:

stdenv.mkDerivation rec {
  name = "libvorbis-1.3.6";

  src = fetchurl {
    url = "http://downloads.xiph.org/releases/vorbis/${name}.tar.xz";
    sha256 = "05dlzjkdpv46zb837wysxqyn8l636x3dw8v8ymlrwz2fg1dbn05g";
  };

  outputs = [ "out" "dev" "doc" ];

  patches = [
    (fetchpatch {
      url = "https://gitlab.xiph.org/xiph/vorbis/uploads/a68cf70fa10c8081a633f77b5c6576b7/0001-CVE-2017-14160-make-sure-we-don-t-overflow.patch";
      sha256 = "0v21p59cb3z77ch1v6q5dcrd733h91f3m8ifnd7kkkr8gzn17d5x";
      name = "CVE-2017-14160";
    })
    (fetchpatch {
      url = "https://gitlab.xiph.org/xiph/vorbis/commit/112d3bd0aaa.diff";
      sha256 = "1k77y3q36npy8mkkz40f6cb46l2ldrwyrd191m29s8rnbhnafdf7";
      name = "CVE-2018-10392.patch";
    })
  ];

  nativeBuildInputs = [ pkgconfig ];
  propagatedBuildInputs = [ libogg ];

  doCheck = true;

  meta = with stdenv.lib; {
    homepage = https://xiph.org/vorbis/;
    license = licenses.bsd3;
    maintainers = [ maintainers.ehmry ];
    platforms = platforms.all;
  };
}
libvorbis: Fix CVE-2017-14160, CVE-2017-14632 & CVE-2017-14633 2018-01-09 10:05:11 -08:00			`{ stdenv, fetchurl, libogg, pkgconfig, fetchpatch }:`
added libvorbis libogg and flac svn path=/nixpkgs/trunk/; revision=2063 2005-01-19 13:48:45 -08:00
Style fix 2014-09-24 06:07:18 -07:00			`stdenv.mkDerivation rec {`
libvorbis: 1.3.5 -> 1.3.6 This update includes the removed patches (CVE-2017-14632, CVE-2017-14633) and additionally fixes CVE-2018-5146 [1]. The changelog: libvorbis 1.3.6 (2018-03-16) -- "Xiph.Org libVorbis I 20180316 (Now 100% fewer shells)" * Fix CVE-2018-5146 - out-of-bounds write on codebook decoding. * Fix CVE-2017-14632 - free() on unitialized data * Fix CVE-2017-14633 - out-of-bounds read * Fix bitrate metadata parsing. * Fix out-of-bounds read in codebook parsing. * Fix residue vector size in Vorbis I spec. * Appveyor support * Travis CI support * Add secondary CMake build system. * Build system fixes [1] http://seclists.org/oss-sec/2018/q1/243 2018-03-17 11:17:56 -07:00			`name = "libvorbis-1.3.6";`
Split a few libraries into multiple outputs 2012-08-23 12:01:00 -07:00
added libvorbis libogg and flac svn path=/nixpkgs/trunk/; revision=2063 2005-01-19 13:48:45 -08:00			`src = fetchurl {`
Updating libvorbis and libogg, and enabling by default libvorbis and libxvid on ffmpeg. I think there are little drawbacks on that, whlie there are benefits. svn path=/nixpkgs/trunk/; revision=32145 2012-02-08 11:54:16 -08:00			`url = "http://downloads.xiph.org/releases/vorbis/${name}.tar.xz";`
libvorbis: 1.3.5 -> 1.3.6 This update includes the removed patches (CVE-2017-14632, CVE-2017-14633) and additionally fixes CVE-2018-5146 [1]. The changelog: libvorbis 1.3.6 (2018-03-16) -- "Xiph.Org libVorbis I 20180316 (Now 100% fewer shells)" * Fix CVE-2018-5146 - out-of-bounds write on codebook decoding. * Fix CVE-2017-14632 - free() on unitialized data * Fix CVE-2017-14633 - out-of-bounds read * Fix bitrate metadata parsing. * Fix out-of-bounds read in codebook parsing. * Fix residue vector size in Vorbis I spec. * Appveyor support * Travis CI support * Add secondary CMake build system. * Build system fixes [1] http://seclists.org/oss-sec/2018/q1/243 2018-03-17 11:17:56 -07:00			`sha256 = "05dlzjkdpv46zb837wysxqyn8l636x3dw8v8ymlrwz2fg1dbn05g";`
added libvorbis libogg and flac svn path=/nixpkgs/trunk/; revision=2063 2005-01-19 13:48:45 -08:00			`};`
libvorbis: Propagate `libogg'. svn path=/nixpkgs/trunk/; revision=13813 2009-01-20 01:50:05 -08:00
treewide: Shuffle outputs Make either 'bin' or 'out' the first output. 2016-08-28 17:30:01 -07:00			`outputs = [ "out" "dev" "doc" ];`
libvorbis: use pkgconfig instead of guessing paths. Closes #3014 2014-06-22 03:39:07 -07:00
libvorbis: Fix CVE-2017-14160, CVE-2017-14632 & CVE-2017-14633 2018-01-09 10:05:11 -08:00			`patches = [`
			`(fetchpatch {`
			`url = "https://gitlab.xiph.org/xiph/vorbis/uploads/a68cf70fa10c8081a633f77b5c6576b7/0001-CVE-2017-14160-make-sure-we-don-t-overflow.patch";`
			`sha256 = "0v21p59cb3z77ch1v6q5dcrd733h91f3m8ifnd7kkkr8gzn17d5x";`
			`name = "CVE-2017-14160";`
			`})`
libvorbis: upstream patch for CVE-2018-10392 /cc #41748. 2018-06-17 02:43:27 -07:00			`(fetchpatch {`
			`url = "https://gitlab.xiph.org/xiph/vorbis/commit/112d3bd0aaa.diff";`
			`sha256 = "1k77y3q36npy8mkkz40f6cb46l2ldrwyrd191m29s8rnbhnafdf7";`
			`name = "CVE-2018-10392.patch";`
			`})`
libvorbis: Fix CVE-2017-14160, CVE-2017-14632 & CVE-2017-14633 2018-01-09 10:05:11 -08:00			`];`
* Updated libogg and libvorbis. svn path=/nixpkgs/trunk/; revision=22838 2010-08-01 07:33:43 -07:00
libvorbis: Get rid of propagatedBuildInputs 2015-05-01 22:02:24 -07:00			`nativeBuildInputs = [ pkgconfig ];`
WIP: getting good 2014-08-26 16:14:09 -07:00			`propagatedBuildInputs = [ libogg ];`
Split a few libraries into multiple outputs 2012-08-23 12:01:00 -07:00
libogg, libvorbis: update to 1.3.2, 1.3.4 2014-06-12 15:53:21 -07:00			`doCheck = true;`

			`meta = with stdenv.lib; {`
treewide: homepage+src updates (found by repology, #33263) 2018-01-05 11:42:46 -08:00			`homepage = https://xiph.org/vorbis/;`
libogg, libvorbis: update to 1.3.2, 1.3.4 2014-06-12 15:53:21 -07:00			`license = licenses.bsd3;`
Rename 'emery' maintainer handle to 'ehmry', fixes #11493 Communication happens on Github so names should be consistent. 2015-12-05 13:41:25 -08:00			`maintainers = [ maintainers.ehmry ];`
libogg, libvorbis: update to 1.3.2, 1.3.4 2014-06-12 15:53:21 -07:00			`platforms = platforms.all;`
* Updated libogg and libvorbis. svn path=/nixpkgs/trunk/; revision=22838 2010-08-01 07:33:43 -07:00			`};`
added libvorbis libogg and flac svn path=/nixpkgs/trunk/; revision=2063 2005-01-19 13:48:45 -08:00			`}`