Merge pull request #111330 from dotlambda/libav-insecure

libav: mark as insecure
This commit is contained in:
Robert Schütz 2021-02-08 12:18:05 +01:00 committed by GitHub
commit 9a200f6091
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
20 changed files with 63 additions and 96 deletions

View File

@ -17,7 +17,6 @@
, hicolor-icon-theme
, intltool
, ladspaH
, libav
, libjack2
, libsndfile
, lilv
@ -74,7 +73,6 @@ stdenv.mkDerivation rec {
gtk3
gtkmm3
ladspaH
libav
libjack2
libsndfile
lilv

View File

@ -1,17 +1,17 @@
{ lib, stdenv, fetchFromGitHub, libav, libkeyfinder }:
{ lib, stdenv, fetchFromGitHub, ffmpeg, libkeyfinder }:
stdenv.mkDerivation rec {
pname = "keyfinder-cli";
version = "2015-09-13";
version = "1.1.1";
src = fetchFromGitHub {
repo = "keyfinder-cli";
owner = "EvanPurkhiser";
rev = "8579282f15ab3ebad937fed398ec5c88843be03d";
sha256 = "0jylykigxmsqvdny265k58vpxa4cqs1hq2f7mph1nl3apfx2shrh";
rev = "v${version}";
sha256 = "1mlcygbj3gqii3cz8jd6ks1lz612i4jp0343qjg293xm39fg47ns";
};
buildInputs = [ libav libkeyfinder ];
buildInputs = [ ffmpeg libkeyfinder ];
makeFlags = [ "PREFIX=$(out)" ];

View File

@ -1,12 +1,12 @@
{ lib, stdenv, fetchFromGitHub, libav_0_8, libkeyfinder, qtbase, qtxmlpatterns, qmake, taglib }:
{ lib, mkDerivation, fetchFromGitHub, libav_0_8, libkeyfinder, qtbase, qtxmlpatterns, qmake, taglib }:
stdenv.mkDerivation rec {
mkDerivation rec {
pname = "keyfinder";
version = "2.2";
version = "2.4";
src = fetchFromGitHub {
sha256 = "0vjszk1h8vj2qycgbffzy6k7amg75jlvlnzwaqhz9nll2pcvw0zl";
rev = version;
sha256 = "11yhdwan7bz8nn8vxr54drckyrnlxynhx5s981i475bbccg8g7ls";
rev = "530034d6fe86d185f6a68b817f8db5f552f065d7"; # tag is missing
repo = "is_KeyFinder";
owner = "ibsh";
};

View File

@ -1,4 +1,4 @@
{ lib, stdenv, fetchFromGitHub, cmake, eigen, libav }:
{ lib, stdenv, fetchFromGitHub, cmake, eigen, ffmpeg }:
stdenv.mkDerivation {
pname = "musly";
version = "unstable-2017-04-26";
@ -9,7 +9,7 @@ stdenv.mkDerivation {
sha256 = "1q42wvdwy2pac7bhfraqqj2czw7w2m33ms3ifjl8phm7d87i8825";
};
nativeBuildInputs = [ cmake ];
buildInputs = [ eigen (libav.override { vaapiSupport = stdenv.isLinux; }) ];
buildInputs = [ eigen ffmpeg ];
fixupPhase = if stdenv.isDarwin then ''
install_name_tool -change libmusly.dylib $out/lib/libmusly.dylib $out/bin/musly
install_name_tool -change libmusly_resample.dylib $out/lib/libmusly_resample.dylib $out/bin/musly

View File

@ -1,5 +1,5 @@
{ lib, stdenv, fetchurl, makeWrapper, makeDesktopItem, wrapGAppsHook, gtk3, gsettings-desktop-schemas
, zlib , libX11, libXext, libXi, libXrender, libXtst, libGL, alsaLib, libav, cairo, freetype, pango, gdk-pixbuf, glib }:
, zlib , libX11, libXext, libXi, libXrender, libXtst, libGL, alsaLib, cairo, freetype, pango, gdk-pixbuf, glib }:
stdenv.mkDerivation rec {
version = "5.1";
@ -25,7 +25,7 @@ stdenv.mkDerivation rec {
nativeBuildInputs = [ makeWrapper wrapGAppsHook ];
buildInputs = [ gsettings-desktop-schemas ] ++ systemLibs;
systemLibs = [ gtk3 zlib libX11 libXext libXi libXrender libXtst libGL alsaLib libav cairo freetype pango gdk-pixbuf glib ];
systemLibs = [ gtk3 zlib libX11 libXext libXi libXrender libXtst libGL alsaLib cairo freetype pango gdk-pixbuf glib ];
systemLibPaths = lib.makeLibraryPath systemLibs;
installPhase = ''

View File

@ -9,7 +9,7 @@ fftwFloat,
glew,
hackrf,
lib,
libav,
ffmpeg,
libiio,
libopus,
libpulseaudio,
@ -44,7 +44,7 @@ mkDerivation rec {
nativeBuildInputs = [ cmake pkg-config ];
buildInputs = [
glew opencv3 libusb1 boost libopus limesuite libav libiio libpulseaudio
glew opencv3 libusb1 boost libopus limesuite ffmpeg libiio libpulseaudio
qtbase qtwebsockets qtmultimedia rtl-sdr airspy hackrf
fftwFloat codec2 cm256cc serialdv qtserialport
libbladeRF uhd soapysdr-with-plugins

View File

@ -121,7 +121,6 @@ rec {
libusb1
udev
dbus-glib
libav
atk
at-spi2-atk
libudev0-shim

View File

@ -1,4 +1,4 @@
{ lib, stdenv, requireFile, perl, unzip, glibc, zlib, bzip2, gdk-pixbuf, xorg, glib, fontconfig, freetype, cairo, pango, gtk3, gtk2, ffmpeg, libGL, atk, alsaLib, libav_0_8, setJavaClassPath }:
{ lib, stdenv, requireFile, perl, unzip, glibc, zlib, bzip2, gdk-pixbuf, xorg, glib, fontconfig, freetype, cairo, pango, gtk3, gtk2, ffmpeg, libGL, atk, alsaLib, setJavaClassPath }:
let
common = javaVersion:

View File

@ -1,5 +1,5 @@
{ stdenv, lib, fetchurl, unzip, makeWrapper, setJavaClassPath
, zulu, glib, libxml2, libav_0_8, ffmpeg_3, libxslt, libGL, alsaLib
, zulu, glib, libxml2, ffmpeg_3, libxslt, libGL, alsaLib
, fontconfig, freetype, pango, gtk2, cairo, gdk-pixbuf, atk, xorg
, swingSupport ? true }:
@ -15,7 +15,7 @@ let
extension = if stdenv.isDarwin then "zip" else "tar.gz";
libraries = [
stdenv.cc.libc glib libxml2 libav_0_8 ffmpeg_3 libxslt libGL
stdenv.cc.libc glib libxml2 ffmpeg_3 libxslt libGL
xorg.libXxf86vm alsaLib fontconfig freetype pango
gtk2 cairo gdk-pixbuf atk
] ++ (lib.optionals swingSupport (with xorg; [

View File

@ -1,5 +1,5 @@
{ stdenv, lib, fetchurl, unzip, makeWrapper, setJavaClassPath
, zulu, glib, libxml2, libav_0_8, ffmpeg_3, libxslt, libGL, alsaLib
, zulu, glib, libxml2, ffmpeg_3, libxslt, libGL, alsaLib
, fontconfig, freetype, pango, gtk2, cairo, gdk-pixbuf, atk, xorg, zlib
, swingSupport ? true }:
@ -15,7 +15,7 @@ let
extension = if stdenv.isDarwin then "zip" else "tar.gz";
libraries = [
stdenv.cc.libc glib libxml2 libav_0_8 ffmpeg_3 libxslt libGL
stdenv.cc.libc glib libxml2 ffmpeg_3 libxslt libGL
xorg.libXxf86vm alsaLib fontconfig freetype pango
gtk2 cairo gdk-pixbuf atk zlib
] ++ (lib.optionals swingSupport (with xorg; [

View File

@ -127,6 +127,10 @@ let
license = with licenses; if enableUnfree then unfree #ToDo: redistributable or not?
else if enableGPL then gpl2Plus else lgpl21Plus;
platforms = with platforms; linux ++ darwin;
knownVulnerabilities =
lib.optional (lib.versionOlder version "12.1") "CVE-2017-9051"
++ lib.optionals (lib.versionOlder version "12.3") [ "CVE-2018-5684" "CVE-2018-5766" ]
++ lib.optionals (lib.versionOlder version "12.4") [ "CVE-2019-9717" "CVE-2019-9720" ];
};
}; # libavFun

View File

@ -1,4 +1,4 @@
{ lib, stdenv, fetchFromGitHub, cmake, libav, SDL2, chromaprint, libebur128 }:
{ lib, stdenv, fetchFromGitHub, fetchpatch, cmake, ffmpeg_3, SDL2, chromaprint, libebur128 }:
stdenv.mkDerivation rec {
version = "4.3.0";
@ -11,10 +11,17 @@ stdenv.mkDerivation rec {
sha256 = "1la9d9kig50mc74bxvhx6hzqv0nrci9aqdm4k2j4q0s1nlfgxipd";
};
patches = [ ./no-warnings-as-errors.patch ];
patches = [
./no-warnings-as-errors.patch
(fetchpatch {
name = "update-for-ffmpeg-3.0.patch";
url = "https://aur.archlinux.org/cgit/aur.git/plain/0001-update-for-ffmpeg-3.0.patch?h=libgroove&id=a9f3bd2a5afd3227733414a5d54c7a2aa0a1249e";
sha256 = "0800drk9df1kwbv80f2ffv77xk888249fk0d961rp2a305hvyrk0";
})
];
nativeBuildInputs = [ cmake ];
buildInputs = [ libav SDL2 chromaprint libebur128 ];
buildInputs = [ ffmpeg_3 SDL2 chromaprint libebur128 ];
meta = with lib; {
description = "Streaming audio processing library";

View File

@ -1,6 +1,6 @@
{ lib, stdenv, fetchFromGitHub, cmake, pkg-config, gettext
, glibmm, libxmlxx, pango, librsvg
, SDL2, glew, boost, libav, portaudio, epoxy
, SDL2, glew, boost, ffmpeg, portaudio, epoxy
}:
stdenv.mkDerivation rec {
@ -27,6 +27,6 @@ stdenv.mkDerivation rec {
buildInputs = [
glibmm libxmlxx pango librsvg
SDL2 glew boost libav portaudio epoxy
SDL2 glew boost ffmpeg portaudio epoxy
];
}

View File

@ -171,7 +171,7 @@ in buildFHSUserEnv rec {
SDL2
libusb1
dbus-glib
libav
ffmpeg
atk
# Only libraries are needed from those two
libudev0-shim

View File

@ -1,4 +1,4 @@
{ lib, stdenv, fetchFromGitHub, autoreconfHook, wxGTK30, libav, lua5_1, curl
{ lib, stdenv, fetchFromGitHub, autoreconfHook, wxGTK30, ffmpeg, lua5_1, curl
, libpng, xorg, pkg-config, flam3, libgtop, boost, tinyxml, freeglut, libGLU, libGL
, glee }:
@ -16,7 +16,7 @@ stdenv.mkDerivation rec {
nativeBuildInputs = [ autoreconfHook pkg-config ];
buildInputs = [
wxGTK30 libav lua5_1 curl libpng xorg.libXrender
wxGTK30 ffmpeg lua5_1 curl libpng xorg.libXrender
flam3 libgtop boost tinyxml freeglut libGLU libGL glee
];

View File

@ -2,18 +2,17 @@
, cmake, pkg-config
# required
, libupnp, libuuid, pugixml, libiconv, sqlite, zlib, spdlog, fmt
, pkgs
# options
, enableDuktape ? true
, enableCurl ? true
, enableTaglib ? true
, enableLibmagic ? true
, enableLibmatroska ? true
, enableAvcodec ? false
, enableLibexif ? true
, enableExiv2 ? false
, enableFFmpegThumbnailer ? false
, enableInotifyTools ? true
, enableDuktape ? true, duktape
, enableCurl ? true, curl
, enableTaglib ? true, taglib
, enableLibmagic ? true, file
, enableLibmatroska ? true, libmatroska, libebml
, enableAvcodec ? false, ffmpeg
, enableLibexif ? true, libexif
, enableExiv2 ? false, exiv2
, enableFFmpegThumbnailer ? false, ffmpegthumbnailer
, enableInotifyTools ? true, inotify-tools
}:
with lib;
@ -51,16 +50,16 @@ in stdenv.mkDerivation rec {
libupnp libuuid pugixml libiconv sqlite zlib fmt.dev
spdlog
]
++ optionals enableDuktape [ pkgs.duktape ]
++ optionals enableCurl [ pkgs.curl ]
++ optionals enableTaglib [ pkgs.taglib ]
++ optionals enableLibmagic [ pkgs.file ]
++ optionals enableLibmatroska [ pkgs.libmatroska pkgs.libebml ]
++ optionals enableAvcodec [ pkgs.libav.dev ]
++ optionals enableLibexif [ pkgs.libexif ]
++ optionals enableExiv2 [ pkgs.exiv2 ]
++ optionals enableInotifyTools [ pkgs.inotify-tools ]
++ optionals enableFFmpegThumbnailer [ pkgs.ffmpegthumbnailer ];
++ optionals enableDuktape [ duktape ]
++ optionals enableCurl [ curl ]
++ optionals enableTaglib [ taglib ]
++ optionals enableLibmagic [ file ]
++ optionals enableLibmatroska [ libmatroska libebml ]
++ optionals enableAvcodec [ ffmpeg.dev ]
++ optionals enableLibexif [ libexif ]
++ optionals enableExiv2 [ exiv2 ]
++ optionals enableInotifyTools [ inotify-tools ]
++ optionals enableFFmpegThumbnailer [ ffmpegthumbnailer ];
meta = with lib; {

View File

@ -1,4 +1,4 @@
{ lib, stdenv, fetchurl, pkg-config, libav, libxslt }:
{ lib, stdenv, fetchurl, pkg-config, ffmpeg, libxslt }:
stdenv.mkDerivation rec {
pname = "unpaper";
@ -10,7 +10,7 @@ stdenv.mkDerivation rec {
};
nativeBuildInputs = [ pkg-config ];
buildInputs = [ libav libxslt ];
buildInputs = [ ffmpeg libxslt ];
meta = with lib; {
homepage = "https://www.flameeyes.eu/projects/unpaper";

View File

@ -1,39 +0,0 @@
{ lib, stdenv, gcc, libav_12, fetchFromGitHub }:
stdenv.mkDerivation {
pname = "untrunc";
version = "2020.02.09";
src = fetchFromGitHub {
owner = "ponchio";
repo = "untrunc";
rev = "4eed44283168c727ace839ff7590092fda2e0848";
sha256 = "0nfj67drc6bxqlkf8a1iazqhi0w38a7rjrb2bpa74gwq6xzygvbr";
};
buildInputs = [ gcc libav_12 ];
# Untrunc uses the internal libav headers 'h264dec.h' and 'config.h'.
# The latter must be created through 'configure'.
libavConfiguredSrc = libav_12.overrideAttrs (oldAttrs: {
name = "libav-configured-src";
outputs = [ "out" ];
phases = [ "unpackPhase" "patchPhase" "configurePhase" "installPhase" ];
installPhase = "cp -r . $out";
});
buildCommand = ''
mkdir -p $out/bin
g++ -o $out/bin/untrunc \
-Wno-deprecated-declarations \
$src/file.cpp $src/main.cpp $src/track.cpp $src/atom.cpp $src/mp4.cpp \
-I$libavConfiguredSrc -lavformat -lavcodec -lavutil
'';
meta = with lib; {
description = "Restore a damaged (truncated) mp4, m4v, mov, 3gp video from a similar, undamaged video";
license = licenses.gpl2;
homepage = "https://github.com/ponchio/untrunc";
maintainers = [ maintainers.earvstedt ];
};
}

View File

@ -709,6 +709,7 @@ mapAliases ({
ultrastardx-beta = ultrastardx; # added 2017-08-12
unicorn-emu = unicorn; # added 2020-10-29
unifiStable = unifi6; # added 2020-12-28
untrunc = untrunc-anthwlock; # added 2021-02-01
usb_modeswitch = usb-modeswitch; # added 2016-05-10
usbguard-nox = usbguard; # added 2019-09-04
utillinux = util-linux; # added 2020-11-24

View File

@ -8559,8 +8559,6 @@ in
untex = callPackage ../tools/text/untex { };
untrunc = callPackage ../tools/video/untrunc { };
untrunc-anthwlock = callPackage ../tools/video/untrunc-anthwlock { };
up = callPackage ../tools/misc/up { };