vorbis-tools: security patches and fix meta

Patches: CVE-2014-9638, CVE-2014-9639, CVE-2015-6749, and some non-security.
Also drop glibc from buildInputs.

pkgs/applications/audio/vorbis-tools/default.nix

@@ -1,6 +1,12 @@
-{stdenv, fetchurl, libogg, libvorbis, libao, pkgconfig, curl, glibc
+{ stdenv, fetchurl, fetchzip, libogg, libvorbis, libao, pkgconfig, curl
 , speex, flac }:
 
+let
+  debPatch = fetchzip {
+    url = "mirror://debian/pool/main/v/vorbis-tools/vorbis-tools_1.4.0-6.debian.tar.xz";
+    sha256 = "1xmmpdvxyr84lazlg23c6ck5ic97ga2rkiqabb1d98ix2zdzyqz5";
+  };
+in
 stdenv.mkDerivation {
   name = "vorbis-tools-1.4.0";
   src = fetchurl {
@@ -8,14 +14,23 @@ stdenv.mkDerivation {
     sha256 = "1g12bnh5ah08v529y72kfdz5lhvy75iaz7f9jskyby23m9dkk2d3";
   };
 
-  buildInputs = [ libogg libvorbis libao pkgconfig curl speex glibc flac ];
+  postPatch = ''
+    for patch in $(ls "${debPatch}"/patches/*.{diff,patch} | grep -v debian_subdir)
+    do patch -p1 < "$patch"
+    done
+  '';
 
-  meta = {
+  buildInputs = [ libogg libvorbis libao pkgconfig curl speex flac ];
+
+  meta = with stdenv.lib; {
+    description = "Extra tools for Ogg-Vorbis audio codec";
     longDescription = ''
       A set of command-line tools to manipulate Ogg Vorbis audio
       files, notably the `ogg123' player and the `oggenc' encoder.
     '';
     homepage = http://xiph.org/vorbis/;
-    license = stdenv.lib.licenses.gpl2;
+    license = licenses.gpl2;
+    platforms = platforms.all;
   };
 }
+