nixpkgs/pkgs/development/libraries/libsndfile/default.nix
Franz Pletz 58218d4d8e
libsndfile: add patches for multiple CVEs
Fixes the patches names for security tools to parse CVEs.

Adds patch to fix CVE-2017-14634.

cc #30959
2017-11-19 18:51:22 +01:00

87 lines
3.3 KiB
Nix

{ stdenv, fetchurl, flac, libogg, libvorbis, pkgconfig
, Carbon, AudioToolbox
}:
stdenv.mkDerivation rec {
name = "libsndfile-1.0.28";
src = fetchurl {
url = "http://www.mega-nerd.com/libsndfile/files/${name}.tar.gz";
sha256 = "1afzm7jx34jhqn32clc5xghyjglccam2728yxlx37yj2y0lkkwqz";
};
patches = [
(fetchurl {
name = "CVE-2017-12562.patch";
url = "https://github.com/erikd/libsndfile/commit/cf7a8182c2642c50f1cf90dddea9ce96a8bad2e8.patch";
sha256 = "1jg3wq30wdn9nv52mcyv6jyi4d80h4r1h9p96czcria7l91yh4sy";
})
(fetchurl {
name = "CVE-2017-6892.patch";
url = "https://github.com/erikd/libsndfile/commit/f833c53cb596e9e1792949f762e0b33661822748.patch";
sha256 = "05xkmz2ihc1zcj73sbmj1ikrv9qlcym2bkp1v6ak7w53ky619mwq";
})
(fetchurl {
name = "CVE-2017-8361+CVE-2017-8363+CVE-2017-8365.patch";
url = "https://github.com/erikd/libsndfile/commit/fd0484aba8e51d16af1e3a880f9b8b857b385eb3.patch";
sha256 = "0ccndnvjzx5fw18zvy03vnb29rr81h5vsh1m16msqbxk8ibndln2";
})
(fetchurl {
name = "CVE-2017-8362.patch";
url = "https://github.com/erikd/libsndfile/commit/ef1dbb2df1c0e741486646de40bd638a9c4cd808.patch";
sha256 = "1xyv30ga71cpy4wx5f76sc4dma91la2lcc6s9f3pk9rndyi7gj9x";
})
(fetchurl {
name = "CVE-2017-14634.patch";
url = "https://github.com/erikd/libsndfile/commit/85c877d5072866aadbe8ed0c3e0590fbb5e16788.patch";
sha256 = "0kc7vp22qsxidhvmlc6nfamw7k92n0hcfpmwhb3gaksjamwhb2df";
})
];
nativeBuildInputs = [ pkgconfig ];
buildInputs = [ flac libogg libvorbis ]
++ stdenv.lib.optionals stdenv.isDarwin [ Carbon AudioToolbox ];
enableParallelBuilding = true;
outputs = [ "bin" "dev" "out" "man" "doc" ];
# need headers from the Carbon.framework in /System/Library/Frameworks to
# compile this on darwin -- not sure how to handle
preConfigure = stdenv.lib.optionalString stdenv.isDarwin
''
NIX_CFLAGS_COMPILE+=" -I$SDKROOT/System/Library/Frameworks/Carbon.framework/Versions/A/Headers"
'';
# Needed on Darwin.
NIX_CFLAGS_LINK = "-logg -lvorbis";
meta = with stdenv.lib; {
description = "A C library for reading and writing files containing sampled sound";
homepage = http://www.mega-nerd.com/libsndfile/;
license = licenses.lgpl2Plus;
maintainers = with maintainers; [ lovek323 ];
platforms = platforms.unix;
longDescription = ''
Libsndfile is a C library for reading and writing files containing
sampled sound (such as MS Windows WAV and the Apple/SGI AIFF format)
through one standard library interface. It is released in source
code format under the GNU Lesser General Public License.
The library was written to compile and run on a Linux system but
should compile and run on just about any Unix (including macOS).
There are also pre-compiled binaries available for 32 and 64 bit
windows.
It was designed to handle both little-endian (such as WAV) and
big-endian (such as AIFF) data, and to compile and run correctly on
little-endian (such as Intel and DEC/Compaq Alpha) processor systems
as well as big-endian processor systems such as Motorola 68k, Power
PC, MIPS and SPARC. Hopefully the design of the library will also
make it easy to extend for reading and writing new sound file
formats.
'';
};
}