From 879ffc06fe559c0088c87181bb115c862ff55288 Mon Sep 17 00:00:00 2001
From: Andreas Rammhold <andreas@rammhold.de>
Date: Sat, 17 Mar 2018 19:17:56 +0100
Subject: [PATCH 1/3] libvorbis: 1.3.5 -> 1.3.6

This update includes the removed patches (CVE-2017-14632,
CVE-2017-14633) and additionally fixes CVE-2018-5146 [1].

The changelog:

libvorbis 1.3.6 (2018-03-16) -- "Xiph.Org libVorbis I 20180316 (Now 100% fewer shells)"

* Fix CVE-2018-5146 - out-of-bounds write on codebook decoding.
* Fix CVE-2017-14632 - free() on unitialized data
* Fix CVE-2017-14633 - out-of-bounds read
* Fix bitrate metadata parsing.
* Fix out-of-bounds read in codebook parsing.
* Fix residue vector size in Vorbis I spec.
* Appveyor support
* Travis CI support
* Add secondary CMake build system.
* Build system fixes

[1] http://seclists.org/oss-sec/2018/q1/243
---
 pkgs/development/libraries/libvorbis/default.nix | 14 ++------------
 1 file changed, 2 insertions(+), 12 deletions(-)

diff --git a/pkgs/development/libraries/libvorbis/default.nix b/pkgs/development/libraries/libvorbis/default.nix
index f59237ee164c..2f9bca5ed95f 100644
--- a/pkgs/development/libraries/libvorbis/default.nix
+++ b/pkgs/development/libraries/libvorbis/default.nix
@@ -1,26 +1,16 @@
 { stdenv, fetchurl, libogg, pkgconfig, fetchpatch }:
 
 stdenv.mkDerivation rec {
-  name = "libvorbis-1.3.5";
+  name = "libvorbis-1.3.6";
 
   src = fetchurl {
     url = "http://downloads.xiph.org/releases/vorbis/${name}.tar.xz";
-    sha256 = "1lg1n3a6r41492r7in0fpvzc7909mc5ir9z0gd3qh2pz4yalmyal";
+    sha256 = "05dlzjkdpv46zb837wysxqyn8l636x3dw8v8ymlrwz2fg1dbn05g";
   };
 
   outputs = [ "out" "dev" "doc" ];
 
   patches = [
-    (fetchpatch {
-      url = "https://github.com/xiph/vorbis/commit/a79ec216cd119069c68b8f3542c6a425a74ab993.patch";
-      sha256 = "0xhsa96n3dlh2l85bxpz4b9m78mfxfgi2ibhjp77110a0nvkjr6h";
-      name = "CVE-2017-14633";
-    })
-    (fetchpatch {
-      url = "https://github.com/xiph/vorbis/commit/c1c2831fc7306d5fbd7bc800324efd12b28d327f.patch";
-      sha256 = "17lb86105im6fc0h0cx5sn94p004jsdbbs2vj1m9ll6z9yb4rxwc";
-      name = "CVE-2017-14632";
-    })
     (fetchpatch {
       url = "https://gitlab.xiph.org/xiph/vorbis/uploads/a68cf70fa10c8081a633f77b5c6576b7/0001-CVE-2017-14160-make-sure-we-don-t-overflow.patch";
       sha256 = "0v21p59cb3z77ch1v6q5dcrd733h91f3m8ifnd7kkkr8gzn17d5x";

From c89ec027eb51da7ab8ff8b3bfddbf2538a6c0091 Mon Sep 17 00:00:00 2001
From: Andreas Rammhold <andreas@rammhold.de>
Date: Sat, 17 Mar 2018 19:25:51 +0100
Subject: [PATCH 2/3] tremor: svn-17866 -> git-562307a

This updates tremor to a newer version and it's new home in a git
repository. It hasn't been updated since 2011 and is used as a build
input for other packages.

Also fixes CVE-2018-5146 [1].

[1] http://seclists.org/oss-sec/2018/q1/243
---
 pkgs/development/libraries/tremor/default.nix | 12 ++++++------
 1 file changed, 6 insertions(+), 6 deletions(-)

diff --git a/pkgs/development/libraries/tremor/default.nix b/pkgs/development/libraries/tremor/default.nix
index 5e08a61cd1bb..6c6d144f9942 100644
--- a/pkgs/development/libraries/tremor/default.nix
+++ b/pkgs/development/libraries/tremor/default.nix
@@ -1,12 +1,12 @@
-{ stdenv, fetchsvn, autoreconfHook, pkgconfig, libogg }:
+{ stdenv, fetchgit, autoreconfHook, pkgconfig, libogg }:
 
 stdenv.mkDerivation rec {
-  name = "tremor-svn-${src.rev}";
+  name = "tremor-git-${src.rev}";
 
-  src = fetchsvn {
-    url = http://svn.xiph.org/trunk/Tremor;
-    rev = "17866";
-    sha256 = "161411cbefa1527da7a8fc087e78d8e21d19143d3a6eb42fb281e5026aad7568";
+  src = fetchgit {
+    url = https://git.xiph.org/tremor.git;
+    rev = "562307a4a7082e24553f3d2c55dab397a17c4b4f";
+    sha256 = "0m07gq4zfgigsiz8b518xyb19v7qqp76qmp7lb262825vkqzl3zq";
   };
 
   nativeBuildInputs = [ autoreconfHook pkgconfig ];

From 488ef9a7a09378047289db2285c59239349a2c87 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Vladim=C3=ADr=20=C4=8Cun=C3=A1t?= <vcunat@gmail.com>
Date: Sun, 18 Mar 2018 10:17:57 +0100
Subject: [PATCH 3/3] SDL: avoid cryptic error from /bin/sh impurity

---
 pkgs/development/libraries/SDL/default.nix | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/pkgs/development/libraries/SDL/default.nix b/pkgs/development/libraries/SDL/default.nix
index 534f31ad1f47..5e1c527eb8b5 100644
--- a/pkgs/development/libraries/SDL/default.nix
+++ b/pkgs/development/libraries/SDL/default.nix
@@ -42,6 +42,9 @@ stdenv.mkDerivation rec {
     sha256 = "005d993xcac8236fpvd1iawkz4wqjybkpn8dbwaliqz5jfkidlyn";
   };
 
+  # make: *** No rule to make target 'build/*.lo', needed by 'build/libSDL.la'.  Stop.
+  postPatch = "patchShebangs ./configure";
+
   outputs = [ "out" "dev" ];
   outputBin = "dev"; # sdl-config