mirror of
https://github.com/NixOS/nixpkgs.git
synced 2024-12-24 06:33:42 +00:00
afd59811a1
gst-plugins-bad: From the Arch Linux advisory: - CVE-2017-5843 (arbitrary code execution): A double-free issue has been found in gstreamer before 1.10.3, in gst_mxf_demux_update_essence_tracks. - CVE-2017-5848 (denial of service): An out-of-bounds read has been found in gstreamer before 1.10.3, in gst_ps_demux_parse_psm. More: https://lwn.net/Vulnerabilities/713772/ gst-plugins-base: From the Arch Linux advisory: - CVE-2017-5837 (denial of service): A floating point exception issue has been found in gstreamer before 1.10.3, in gst_riff_create_audio_caps. - CVE-2017-5839 (denial of service): An endless recursion issue leading to stack overflow has been found in gstreamer before 1.10.3, in gst_riff_create_audio_caps. - CVE-2017-5842 (arbitrary code execution): An off-by-one write has been found in gstreamer before 1.10.3, in html_context_handle_element. - CVE-2017-5844 (denial of service): A floating point exception issue has been found in gstreamer before 1.10.3, in gst_riff_create_audio_caps. More: https://lwn.net/Vulnerabilities/713773/ gst-plugins-good: From the Arch Linux advisory: - CVE-2016-10198 (denial of service): An invalid memory read flaw has been found in gstreamer before 1.10.3, in gst_aac_parse_sink_setcaps. - CVE-2016-10199 (denial of service): An out of bounds read has been found in gstreamer before 1.10.3, in qtdemux_tag_add_str_full. - CVE-2017-5840 (denial of service): An out-of-bounds read has been found in gstreamer before 1.10.3, in qtdemux_parse_samples. - CVE-2017-5841 (denial of service): An out-of-bounds read has been found in gstreamer before 1.10.3, in gst_avi_demux_parse_ncdt. - CVE-2017-5845 (denial of service): An out-of-bounds read has been found in gstreamer before 1.10.3, in gst_avi_demux_parse_ncdt. More: https://lwn.net/Vulnerabilities/713774/ gst-plugins-ugly: From the Arch Linux advisory: - CVE-2017-5846 (denial of service): An out-of-bounds read has been found in gstreamer before 1.10.3, in gst_asf_demux_process_ext_stream_props. - CVE-2017-5847 (denial of service): An out-of-bounds read has been found in gstreamer before 1.10.3, in gst_asf_demux_process_ext_content_desc. More: https://lwn.net/Vulnerabilities/713775/ gstreamer: From the Arch Linux advisory: An out of bounds read has been found in gstreamer before 1.10.3, in gst_date_time_new_from_iso8601_string. More: https://lwn.net/Vulnerabilities/713776/
59 lines
1.7 KiB
Nix
59 lines
1.7 KiB
Nix
{ stdenv, fetchurl, pkgconfig, python, gst-plugins-base, orc
|
|
, faacSupport ? false, faac ? null
|
|
, faad2, libass, libkate, libmms
|
|
, libmodplug, mpeg2dec, mpg123
|
|
, openjpeg, libopus, librsvg
|
|
, wildmidi, fluidsynth, libvdpau, wayland
|
|
, libwebp, xvidcore, gnutls, mjpegtools
|
|
, mesa, libintlOrEmpty
|
|
}:
|
|
|
|
assert faacSupport -> faac != null;
|
|
|
|
let
|
|
inherit (stdenv.lib) optional optionalString;
|
|
in
|
|
stdenv.mkDerivation rec {
|
|
name = "gst-plugins-bad-1.10.3";
|
|
|
|
meta = with stdenv.lib; {
|
|
description = "Gstreamer Bad Plugins";
|
|
homepage = "http://gstreamer.freedesktop.org";
|
|
longDescription = ''
|
|
a set of plug-ins that aren't up to par compared to the
|
|
rest. They might be close to being good quality, but they're missing
|
|
something - be it a good code review, some documentation, a set of tests,
|
|
a real live maintainer, or some actual wide use.
|
|
'';
|
|
license = licenses.lgpl2Plus;
|
|
platforms = platforms.linux;
|
|
};
|
|
|
|
src = fetchurl {
|
|
url = "${meta.homepage}/src/gst-plugins-bad/${name}.tar.xz";
|
|
sha256 = "1rwla1p57yzygb68z2xk5l5kvqzj5w3nxq0davkwk139zd8r6294";
|
|
};
|
|
|
|
outputs = [ "out" "dev" ];
|
|
|
|
nativeBuildInputs = [ pkgconfig python ];
|
|
|
|
buildInputs = [
|
|
gst-plugins-base orc
|
|
faad2 libass libkate libmms
|
|
libmodplug mpeg2dec mpg123
|
|
openjpeg libopus librsvg
|
|
fluidsynth libvdpau
|
|
libwebp xvidcore gnutls mesa
|
|
mjpegtools
|
|
]
|
|
++ libintlOrEmpty
|
|
++ optional faacSupport faac
|
|
++ optional stdenv.isLinux wayland
|
|
# wildmidi requires apple's OpenAL
|
|
# TODO: package apple's OpenAL, fix wildmidi, include on Darwin
|
|
++ optional (!stdenv.isDarwin) wildmidi;
|
|
|
|
LDFLAGS = optionalString stdenv.isDarwin "-lintl";
|
|
}
|