diff options
| author | Andreas Rammhold <andreas@rammhold.de> | 2018-03-17 19:17:56 +0100 |
|---|---|---|
| committer | Andreas Rammhold <andreas@rammhold.de> | 2018-03-17 19:17:56 +0100 |
| commit | 879ffc06fe559c0088c87181bb115c862ff55288 (patch) | |
| tree | c6577a5bf0fe06bcf88bd4313afe278ddd2dbe40 | |
| parent | 879f144d7fb4d49cf2afacbc4e84e045d519c792 (diff) | |
| download | nixpkgs-879ffc06fe559c0088c87181bb115c862ff55288.tar nixpkgs-879ffc06fe559c0088c87181bb115c862ff55288.tar.gz nixpkgs-879ffc06fe559c0088c87181bb115c862ff55288.tar.bz2 nixpkgs-879ffc06fe559c0088c87181bb115c862ff55288.tar.lz nixpkgs-879ffc06fe559c0088c87181bb115c862ff55288.tar.xz nixpkgs-879ffc06fe559c0088c87181bb115c862ff55288.tar.zst nixpkgs-879ffc06fe559c0088c87181bb115c862ff55288.zip | |
libvorbis: 1.3.5 -> 1.3.6
This update includes the removed patches (CVE-2017-14632, CVE-2017-14633) and additionally fixes CVE-2018-5146 [1]. The changelog: libvorbis 1.3.6 (2018-03-16) -- "Xiph.Org libVorbis I 20180316 (Now 100% fewer shells)" * Fix CVE-2018-5146 - out-of-bounds write on codebook decoding. * Fix CVE-2017-14632 - free() on unitialized data * Fix CVE-2017-14633 - out-of-bounds read * Fix bitrate metadata parsing. * Fix out-of-bounds read in codebook parsing. * Fix residue vector size in Vorbis I spec. * Appveyor support * Travis CI support * Add secondary CMake build system. * Build system fixes [1] http://seclists.org/oss-sec/2018/q1/243
| -rw-r--r-- | pkgs/development/libraries/libvorbis/default.nix | 14 |
1 files changed, 2 insertions, 12 deletions
diff --git a/pkgs/development/libraries/libvorbis/default.nix b/pkgs/development/libraries/libvorbis/default.nix index f59237ee164..2f9bca5ed95 100644 --- a/pkgs/development/libraries/libvorbis/default.nix +++ b/pkgs/development/libraries/libvorbis/default.nix @@ -1,27 +1,17 @@ { stdenv, fetchurl, libogg, pkgconfig, fetchpatch }: stdenv.mkDerivation rec { - name = "libvorbis-1.3.5"; + name = "libvorbis-1.3.6"; src = fetchurl { url = "http://downloads.xiph.org/releases/vorbis/${name}.tar.xz"; - sha256 = "1lg1n3a6r41492r7in0fpvzc7909mc5ir9z0gd3qh2pz4yalmyal"; + sha256 = "05dlzjkdpv46zb837wysxqyn8l636x3dw8v8ymlrwz2fg1dbn05g"; }; outputs = [ "out" "dev" "doc" ]; patches = [ (fetchpatch { - url = "https://github.com/xiph/vorbis/commit/a79ec216cd119069c68b8f3542c6a425a74ab993.patch"; - sha256 = "0xhsa96n3dlh2l85bxpz4b9m78mfxfgi2ibhjp77110a0nvkjr6h"; - name = "CVE-2017-14633"; - }) - (fetchpatch { - url = "https://github.com/xiph/vorbis/commit/c1c2831fc7306d5fbd7bc800324efd12b28d327f.patch"; - sha256 = "17lb86105im6fc0h0cx5sn94p004jsdbbs2vj1m9ll6z9yb4rxwc"; - name = "CVE-2017-14632"; - }) - (fetchpatch { url = "https://gitlab.xiph.org/xiph/vorbis/uploads/a68cf70fa10c8081a633f77b5c6576b7/0001-CVE-2017-14160-make-sure-we-don-t-overflow.patch"; sha256 = "0v21p59cb3z77ch1v6q5dcrd733h91f3m8ifnd7kkkr8gzn17d5x"; name = "CVE-2017-14160"; |