ilyakooo0/nixpkgs
1
0
Fork 0
mirror of https://github.com/ilyakooo0/nixpkgs.git synced 2024-12-26 04:43:09 +03:00
Code Issues Projects Releases Wiki Activity

libvorbis: 1.3.5 -> 1.3.6

Browse Source 
This update includes the removed patches (CVE-2017-14632,
CVE-2017-14633) and additionally fixes CVE-2018-5146 [1].

The changelog:

libvorbis 1.3.6 (2018-03-16) -- "Xiph.Org libVorbis I 20180316 (Now 100% fewer shells)"

* Fix CVE-2018-5146 - out-of-bounds write on codebook decoding.
* Fix CVE-2017-14632 - free() on unitialized data
* Fix CVE-2017-14633 - out-of-bounds read
* Fix bitrate metadata parsing.
* Fix out-of-bounds read in codebook parsing.
* Fix residue vector size in Vorbis I spec.
* Appveyor support
* Travis CI support
* Add secondary CMake build system.
* Build system fixes

[1] http://seclists.org/oss-sec/2018/q1/243
This commit is contained in:
Andreas Rammhold 2018-03-17 19:17:56 +01:00
parent 879f144d7f
commit 879ffc06fe
No known key found for this signature in database
GPG Key ID: E432E410B5E48C86
1 changed files with 2 additions and 12 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

14
pkgs/development/libraries/libvorbis/default.nix
View File

@ -1,26 +1,16 @@
{ stdenv, fetchurl, libogg, pkgconfig, fetchpatch }: { stdenv, fetchurl, libogg, pkgconfig, fetchpatch }:
stdenv.mkDerivation rec { stdenv.mkDerivation rec {
name = "libvorbis-1.3.5"; name = "libvorbis-1.3.6";
src = fetchurl { src = fetchurl {
url = "http://downloads.xiph.org/releases/vorbis/${name}.tar.xz"; url = "http://downloads.xiph.org/releases/vorbis/${name}.tar.xz";
sha256 = "1lg1n3a6r41492r7in0fpvzc7909mc5ir9z0gd3qh2pz4yalmyal"; sha256 = "05dlzjkdpv46zb837wysxqyn8l636x3dw8v8ymlrwz2fg1dbn05g";
}; };
outputs = [ "out" "dev" "doc" ]; outputs = [ "out" "dev" "doc" ];
patches = [ patches = [
(fetchpatch {
url = "https://github.com/xiph/vorbis/commit/a79ec216cd119069c68b8f3542c6a425a74ab993.patch";
sha256 = "0xhsa96n3dlh2l85bxpz4b9m78mfxfgi2ibhjp77110a0nvkjr6h";
name = "CVE-2017-14633";
})
(fetchpatch {
url = "https://github.com/xiph/vorbis/commit/c1c2831fc7306d5fbd7bc800324efd12b28d327f.patch";
sha256 = "17lb86105im6fc0h0cx5sn94p004jsdbbs2vj1m9ll6z9yb4rxwc";
name = "CVE-2017-14632";
})
(fetchpatch { (fetchpatch {
url = "https://gitlab.xiph.org/xiph/vorbis/uploads/a68cf70fa10c8081a633f77b5c6576b7/0001-CVE-2017-14160-make-sure-we-don-t-overflow.patch"; url = "https://gitlab.xiph.org/xiph/vorbis/uploads/a68cf70fa10c8081a633f77b5c6576b7/0001-CVE-2017-14160-make-sure-we-don-t-overflow.patch";
sha256 = "0v21p59cb3z77ch1v6q5dcrd733h91f3m8ifnd7kkkr8gzn17d5x"; sha256 = "0v21p59cb3z77ch1v6q5dcrd733h91f3m8ifnd7kkkr8gzn17d5x";