From 6694363a3a4393edb5b5f6b4b59da69d112ac078 Mon Sep 17 00:00:00 2001
From: Alyssa Ross <hi@alyssa.is>
Date: Fri, 12 Feb 2021 20:51:31 +0000
Subject: swftools: mark insecure; clarify license

Fixes: https://github.com/NixOS/nixpkgs/issues/90991
---
 pkgs/tools/video/swftools/default.nix | 22 +++++++++++++++++++---
 1 file changed, 19 insertions(+), 3 deletions(-)

diff --git a/pkgs/tools/video/swftools/default.nix b/pkgs/tools/video/swftools/default.nix
index cd3af661840ec..4d3014388c8c6 100644
--- a/pkgs/tools/video/swftools/default.nix
+++ b/pkgs/tools/video/swftools/default.nix
@@ -1,6 +1,5 @@
 { lib, stdenv, fetchurl, freetype, libjpeg, libungif, zlib }:
 
-with lib;
 stdenv.mkDerivation rec {
   pname = "swftools";
   version = "0.9.2";
@@ -14,11 +13,28 @@ stdenv.mkDerivation rec {
 
   buildInputs = [ freetype libjpeg libungif zlib ];
 
-  meta = {
+  meta = with lib; {
     description = "Collection of SWF manipulation and creation utilities";
     homepage = "http://www.swftools.org/about.html";
-    license = licenses.gpl2;
+    license = licenses.gpl2Only;
     maintainers = [ maintainers.koral ];
     platforms = lib.platforms.unix;
+    broken = true;
+    knownVulnerabilities = [
+      "CVE-2017-10976"
+      "CVE-2017-11096"
+      "CVE-2017-11097"
+      "CVE-2017-11098"
+      "CVE-2017-11099"
+      "CVE-2017-11100"
+      "CVE-2017-11101"
+      "CVE-2017-16711"
+      "CVE-2017-16793"
+      "CVE-2017-16794"
+      "CVE-2017-16796"
+      "CVE-2017-16797"
+      "CVE-2017-16868"
+      "CVE-2017-16890"
+    ];
   };
 }
-- 
cgit 1.4.1