vorbis-tools: security patches and fix meta

Patches: CVE-2014-9638, CVE-2014-9639, CVE-2015-6749, and some non-security.
Also drop glibc from buildInputs.
This commit is contained in:
Vladimír Čunát 2015-09-25 11:36:09 +02:00
parent 0322596721
commit 000a2108ba

View File

@ -1,6 +1,12 @@
{stdenv, fetchurl, libogg, libvorbis, libao, pkgconfig, curl, glibc
, speex, flac}:
{ stdenv, fetchurl, fetchzip, libogg, libvorbis, libao, pkgconfig, curl
, speex, flac }:
let
debPatch = fetchzip {
url = "mirror://debian/pool/main/v/vorbis-tools/vorbis-tools_1.4.0-6.debian.tar.xz";
sha256 = "1xmmpdvxyr84lazlg23c6ck5ic97ga2rkiqabb1d98ix2zdzyqz5";
};
in
stdenv.mkDerivation {
name = "vorbis-tools-1.4.0";
src = fetchurl {
@ -8,14 +14,23 @@ stdenv.mkDerivation {
sha256 = "1g12bnh5ah08v529y72kfdz5lhvy75iaz7f9jskyby23m9dkk2d3";
};
buildInputs = [ libogg libvorbis libao pkgconfig curl speex glibc flac ];
postPatch = ''
for patch in $(ls "${debPatch}"/patches/*.{diff,patch} | grep -v debian_subdir)
do patch -p1 < "$patch"
done
'';
meta = {
buildInputs = [ libogg libvorbis libao pkgconfig curl speex flac ];
meta = with stdenv.lib; {
description = "Extra tools for Ogg-Vorbis audio codec";
longDescription = ''
A set of command-line tools to manipulate Ogg Vorbis audio
files, notably the `ogg123' player and the `oggenc' encoder.
'';
homepage = http://xiph.org/vorbis/;
license = stdenv.lib.licenses.gpl2;
license = licenses.gpl2;
platforms = platforms.all;
};
}