From 487fb291d9d0761c118b579ad4cd7bea597d414d Mon Sep 17 00:00:00 2001 From: devhell Date: Sun, 18 Oct 2020 15:19:10 +0100 Subject: [PATCH] mp3gain: Fix vulnerabilities This commit fetches a patch for CVE-2019-18359 from Gentoo's repository [1]. Previously openSuSE[2] was used, but that did not work well with `fetchpatch` and having copies of patches is discouraged. This commit should also close https://github.com/NixOS/nixpkgs/issues/90893 [1]: https://gitweb.gentoo.org/repo/gentoo.git/commit/media-sound/mp3gain?id=36f8689f7903548f5d89827a6e7bdf70a9882cee [2]: https://build.opensuse.org/package/view_file/openSUSE:Factory/mp3gain/0001-fix-security-bugs.patch --- pkgs/applications/audio/mp3gain/default.nix | 18 +++++++++++++----- 1 file changed, 13 insertions(+), 5 deletions(-) diff --git a/pkgs/applications/audio/mp3gain/default.nix b/pkgs/applications/audio/mp3gain/default.nix index f2b4564c7ccf..9bf0b5b8f64c 100644 --- a/pkgs/applications/audio/mp3gain/default.nix +++ b/pkgs/applications/audio/mp3gain/default.nix @@ -1,4 +1,4 @@ -{ stdenv, fetchurl, unzip, mpg123 }: +{ stdenv, fetchurl, fetchpatch, unzip, mpg123 }: stdenv.mkDerivation { name = "mp3gain-1.6.2"; @@ -11,17 +11,25 @@ stdenv.mkDerivation { sourceRoot = "."; + patches = [ + (fetchpatch { + name = "0001-fix-security-bugs.patch"; + url = "https://gitweb.gentoo.org/repo/gentoo.git/plain/media-sound/mp3gain/files/mp3gain-1.6.2-CVE-2019-18359-plus.patch?id=36f8689f7903548f5d89827a6e7bdf70a9882cee"; + sha256 = "10n53wm0xynlcxqlnaqfgamjzcpfz41q1jlg0bhw4kq1kzhs4yyw"; + }) + ]; + buildFlags = [ "OSTYPE=linux" ]; installPhase = '' install -vD mp3gain "$out/bin/mp3gain" ''; - meta = { + meta = with stdenv.lib; { description = "Lossless mp3 normalizer with statistical analysis"; homepage = "http://mp3gain.sourceforge.net/"; - license = stdenv.lib.licenses.lgpl21; - platforms = stdenv.lib.platforms.linux; - maintainers = [ stdenv.lib.maintainers.devhell ]; + license = licenses.lgpl21; + platforms = platforms.linux; + maintainers = with maintainers; [ devhell ]; }; }