2013-12-23 16:36:37 +01:00
|
|
|
{ stdenv, fetchurl, pkgconfig, python
|
|
|
|
|
, gst-plugins-base, orc, bzip2
|
|
|
|
|
, libv4l, libdv, libavc1394, libiec61883
|
2016-04-24 19:40:20 +02:00
|
|
|
, libvpx, speex, flac, taglib, libshout
|
2013-12-23 16:36:37 +01:00
|
|
|
, cairo, gdk_pixbuf, aalib, libcaca
|
2015-05-27 21:42:15 +02:00
|
|
|
, libsoup, libpulseaudio, libintlOrEmpty
|
2013-12-23 16:36:37 +01:00
|
|
|
}:
|
|
|
|
|
|
2015-04-09 03:53:06 +02:00
|
|
|
let
|
|
|
|
|
inherit (stdenv.lib) optionals optionalString;
|
|
|
|
|
in
|
2013-12-23 16:36:37 +01:00
|
|
|
stdenv.mkDerivation rec {
|
gstreamer-*: 1.10.2 -> 1.10.3 for multiple CVEs
gst-plugins-bad:
From the Arch Linux advisory:
- CVE-2017-5843 (arbitrary code execution): A double-free issue has
been found in gstreamer before 1.10.3, in
gst_mxf_demux_update_essence_tracks.
- CVE-2017-5848 (denial of service): An out-of-bounds read has been
found in gstreamer before 1.10.3, in gst_ps_demux_parse_psm.
More: https://lwn.net/Vulnerabilities/713772/
gst-plugins-base:
From the Arch Linux advisory:
- CVE-2017-5837 (denial of service): A floating point exception issue
has been found in gstreamer before 1.10.3, in
gst_riff_create_audio_caps.
- CVE-2017-5839 (denial of service): An endless recursion issue
leading to stack overflow has been found in gstreamer before 1.10.3,
in gst_riff_create_audio_caps.
- CVE-2017-5842 (arbitrary code execution): An off-by-one write has
been found in gstreamer before 1.10.3, in
html_context_handle_element.
- CVE-2017-5844 (denial of service): A floating point exception issue
has been found in gstreamer before 1.10.3, in
gst_riff_create_audio_caps.
More: https://lwn.net/Vulnerabilities/713773/
gst-plugins-good:
From the Arch Linux advisory:
- CVE-2016-10198 (denial of service): An invalid memory read flaw has
been found in gstreamer before 1.10.3, in
gst_aac_parse_sink_setcaps.
- CVE-2016-10199 (denial of service): An out of bounds read has been
found in gstreamer before 1.10.3, in qtdemux_tag_add_str_full.
- CVE-2017-5840 (denial of service): An out-of-bounds read has been
found in gstreamer before 1.10.3, in qtdemux_parse_samples.
- CVE-2017-5841 (denial of service): An out-of-bounds read has been
found in gstreamer before 1.10.3, in gst_avi_demux_parse_ncdt.
- CVE-2017-5845 (denial of service): An out-of-bounds read has been
found in gstreamer before 1.10.3, in gst_avi_demux_parse_ncdt.
More: https://lwn.net/Vulnerabilities/713774/
gst-plugins-ugly:
From the Arch Linux advisory:
- CVE-2017-5846 (denial of service): An out-of-bounds read has been
found in gstreamer before 1.10.3, in
gst_asf_demux_process_ext_stream_props.
- CVE-2017-5847 (denial of service): An out-of-bounds read has been
found in gstreamer before 1.10.3, in
gst_asf_demux_process_ext_content_desc.
More: https://lwn.net/Vulnerabilities/713775/
gstreamer:
From the Arch Linux advisory:
An out of bounds read has been found in gstreamer before 1.10.3, in
gst_date_time_new_from_iso8601_string.
More: https://lwn.net/Vulnerabilities/713776/
2017-02-08 14:27:59 +01:00
|
|
|
name = "gst-plugins-good-1.10.3";
|
2013-12-23 16:36:37 +01:00
|
|
|
|
2014-03-17 14:43:10 +01:00
|
|
|
meta = with stdenv.lib; {
|
|
|
|
|
description = "Gstreamer Good Plugins";
|
|
|
|
|
homepage = "http://gstreamer.freedesktop.org";
|
|
|
|
|
longDescription = ''
|
|
|
|
|
a set of plug-ins that we consider to have good quality code,
|
|
|
|
|
correct functionality, our preferred license (LGPL for the plug-in
|
|
|
|
|
code, LGPL or LGPL-compatible for the supporting library).
|
|
|
|
|
'';
|
|
|
|
|
license = licenses.lgpl2Plus;
|
2016-09-01 19:39:33 +02:00
|
|
|
platforms = platforms.linux;
|
2013-12-23 16:36:37 +01:00
|
|
|
};
|
|
|
|
|
|
|
|
|
|
src = fetchurl {
|
|
|
|
|
url = "${meta.homepage}/src/gst-plugins-good/${name}.tar.xz";
|
gstreamer-*: 1.10.2 -> 1.10.3 for multiple CVEs
gst-plugins-bad:
From the Arch Linux advisory:
- CVE-2017-5843 (arbitrary code execution): A double-free issue has
been found in gstreamer before 1.10.3, in
gst_mxf_demux_update_essence_tracks.
- CVE-2017-5848 (denial of service): An out-of-bounds read has been
found in gstreamer before 1.10.3, in gst_ps_demux_parse_psm.
More: https://lwn.net/Vulnerabilities/713772/
gst-plugins-base:
From the Arch Linux advisory:
- CVE-2017-5837 (denial of service): A floating point exception issue
has been found in gstreamer before 1.10.3, in
gst_riff_create_audio_caps.
- CVE-2017-5839 (denial of service): An endless recursion issue
leading to stack overflow has been found in gstreamer before 1.10.3,
in gst_riff_create_audio_caps.
- CVE-2017-5842 (arbitrary code execution): An off-by-one write has
been found in gstreamer before 1.10.3, in
html_context_handle_element.
- CVE-2017-5844 (denial of service): A floating point exception issue
has been found in gstreamer before 1.10.3, in
gst_riff_create_audio_caps.
More: https://lwn.net/Vulnerabilities/713773/
gst-plugins-good:
From the Arch Linux advisory:
- CVE-2016-10198 (denial of service): An invalid memory read flaw has
been found in gstreamer before 1.10.3, in
gst_aac_parse_sink_setcaps.
- CVE-2016-10199 (denial of service): An out of bounds read has been
found in gstreamer before 1.10.3, in qtdemux_tag_add_str_full.
- CVE-2017-5840 (denial of service): An out-of-bounds read has been
found in gstreamer before 1.10.3, in qtdemux_parse_samples.
- CVE-2017-5841 (denial of service): An out-of-bounds read has been
found in gstreamer before 1.10.3, in gst_avi_demux_parse_ncdt.
- CVE-2017-5845 (denial of service): An out-of-bounds read has been
found in gstreamer before 1.10.3, in gst_avi_demux_parse_ncdt.
More: https://lwn.net/Vulnerabilities/713774/
gst-plugins-ugly:
From the Arch Linux advisory:
- CVE-2017-5846 (denial of service): An out-of-bounds read has been
found in gstreamer before 1.10.3, in
gst_asf_demux_process_ext_stream_props.
- CVE-2017-5847 (denial of service): An out-of-bounds read has been
found in gstreamer before 1.10.3, in
gst_asf_demux_process_ext_content_desc.
More: https://lwn.net/Vulnerabilities/713775/
gstreamer:
From the Arch Linux advisory:
An out of bounds read has been found in gstreamer before 1.10.3, in
gst_date_time_new_from_iso8601_string.
More: https://lwn.net/Vulnerabilities/713776/
2017-02-08 14:27:59 +01:00
|
|
|
sha256 = "0mar8ss8bvpz699ql4kgndvna8qsv7kj372py4435ffl6hzfj1sf";
|
2013-12-23 16:36:37 +01:00
|
|
|
};
|
|
|
|
|
|
2016-08-29 02:30:01 +02:00
|
|
|
outputs = [ "out" "dev" ];
|
2016-04-24 14:39:30 +02:00
|
|
|
|
2013-12-23 16:36:37 +01:00
|
|
|
nativeBuildInputs = [ pkgconfig python ];
|
|
|
|
|
|
|
|
|
|
buildInputs = [
|
|
|
|
|
gst-plugins-base orc bzip2
|
2015-04-09 03:53:06 +02:00
|
|
|
libdv libvpx speex flac taglib
|
2013-12-23 16:36:37 +01:00
|
|
|
cairo gdk_pixbuf aalib libcaca
|
2016-04-24 19:40:20 +02:00
|
|
|
libsoup libshout
|
2015-04-09 03:53:06 +02:00
|
|
|
]
|
|
|
|
|
++ libintlOrEmpty
|
2015-05-27 21:42:15 +02:00
|
|
|
++ optionals stdenv.isLinux [ libv4l libpulseaudio libavc1394 libiec61883 ];
|
2015-04-09 03:53:06 +02:00
|
|
|
|
2016-04-24 14:39:30 +02:00
|
|
|
preFixup = ''
|
|
|
|
|
mkdir -p "$dev/lib/gstreamer-1.0"
|
|
|
|
|
mv "$out/lib/gstreamer-1.0/"*.la "$dev/lib/gstreamer-1.0"
|
|
|
|
|
'';
|
|
|
|
|
|
2015-04-09 03:53:06 +02:00
|
|
|
LDFLAGS = optionalString stdenv.isDarwin "-lintl";
|
2013-12-23 16:36:37 +01:00
|
|
|
}
|
