Skip to content
Permalink

Comparing changes

Choose two branches to see what’s changed or to start a new pull request. If you need to, you can also or learn more about diff comparisons.

Open a pull request

Create a new pull request by comparing changes across two branches. If you need to, you can also . Learn more about diff comparisons here.
base repository: NixOS/nixpkgs
Failed to load repositories. Confirm that selected base ref is valid, then try again.
Loading
base: cfab198c1665
Choose a base ref
...
head repository: NixOS/nixpkgs
Failed to load repositories. Confirm that selected head ref is valid, then try again.
Loading
compare: 374a7386b601
Choose a head ref
  • 1 commit
  • 1 file changed
  • 1 contributor

Commits on Nov 6, 2020

  1. libvorbis: 1.3.6 -> 1.3.7 

    New release contains various security fixes. Among others for:
* CVE-2017-14160
* CVE-2018-10392
* CVE-2018-10393

(cherry picked from commit 160f912)
    @ehmry
    Christian Kauhaus authored and ehmry committed Nov 6, 2020
    Copy the full SHA
    374a738 View commit details
Showing with 3 additions and 16 deletions.
  1. +3 −16 pkgs/development/libraries/libvorbis/default.nix
19 changes: 3 additions & 16 deletions pkgs/development/libraries/libvorbis/default.nix
View file
Original file line number Diff line number Diff line change
@@ -1,28 +1,15 @@
{ stdenv, fetchurl, libogg, pkgconfig, fetchpatch }:
{ stdenv, fetchurl, libogg, pkgconfig }:

stdenv.mkDerivation rec {
name = "libvorbis-1.3.6";
name = "libvorbis-1.3.7";

src = fetchurl {
url = "http://downloads.xiph.org/releases/vorbis/${name}.tar.xz";
sha256 = "05dlzjkdpv46zb837wysxqyn8l636x3dw8v8ymlrwz2fg1dbn05g";
sha256 = "0jwmf87x5sdis64rbv0l87mdpah1rbilkkxszipbzg128f9w8g5k";
};

outputs = [ "out" "dev" "doc" ];

patches = [
(fetchpatch {
url = "https://gitlab.xiph.org/xiph/vorbis/commit/018ca26dece618457dd13585cad52941193c4a25.patch";
sha256 = "18k4vp0nmrxxpis641ylnw6dgwxrymh5bf74njr6v8dizmmz1bkj";
name = "CVE-2017-14160+CVE-2018-10393.patch";
})
(fetchpatch {
url = "https://gitlab.xiph.org/xiph/vorbis/commit/112d3bd0aaacad51305e1464d4b381dabad0e88b.diff";
sha256 = "1k77y3q36npy8mkkz40f6cb46l2ldrwyrd191m29s8rnbhnafdf7";
name = "CVE-2018-10392.patch";
})
];

nativeBuildInputs = [ pkgconfig ];
propagatedBuildInputs = [ libogg ];