summary refs log tree commit diff
diff options
context:
space:
mode:
authorPeter Simons <simons@cryp.to>2018-05-29 11:42:15 +0200
committerGitHub <noreply@github.com>2018-05-29 11:42:15 +0200
commit5418dfcd5c30c40afef10457ddc65bbbf324450e (patch)
treed9e50c4b32940636afaee8b7bccef4f240d37192
parent89c20aa46c63b88d78b9287d4870aa5be8d25544 (diff)
parent29757f379025a507f45a4cda12fc882b730d8053 (diff)
downloadnixlib-5418dfcd5c30c40afef10457ddc65bbbf324450e.tar
nixlib-5418dfcd5c30c40afef10457ddc65bbbf324450e.tar.gz
nixlib-5418dfcd5c30c40afef10457ddc65bbbf324450e.tar.bz2
nixlib-5418dfcd5c30c40afef10457ddc65bbbf324450e.tar.lz
nixlib-5418dfcd5c30c40afef10457ddc65bbbf324450e.tar.xz
nixlib-5418dfcd5c30c40afef10457ddc65bbbf324450e.tar.zst
nixlib-5418dfcd5c30c40afef10457ddc65bbbf324450e.zip
Merge pull request #41192 from oxij/tree/hardening-unformat
remove some format hardenings
Diffstat
-rw-r--r--pkgs/development/compilers/ghc/8.0.2.nix2
-rw-r--r--pkgs/development/compilers/ghc/8.4.2.nix2
-rw-r--r--pkgs/development/libraries/a52dec/default.nix6
-rw-r--r--pkgs/development/libraries/enchant/default.nix9
-rw-r--r--pkgs/development/libraries/tinyxml/2.6.2.nix3
-rw-r--r--pkgs/os-specific/linux/kernel/perf.nix2
-rw-r--r--pkgs/top-level/all-packages.nix2
-rw-r--r--pkgs/top-level/perl-packages.nix5
8 files changed, 23 insertions, 8 deletions
diff --git a/pkgs/development/compilers/ghc/8.0.2.nix b/pkgs/development/compilers/ghc/8.0.2.nix
index 63e3899671df..4aa9f3fc81cb 100644
--- a/pkgs/development/compilers/ghc/8.0.2.nix
+++ b/pkgs/development/compilers/ghc/8.0.2.nix
@@ -162,6 +162,8 @@ stdenv.mkDerivation rec {
   # that in turn causes GHCi to abort
   stripDebugFlags = [ "-S" ] ++ stdenv.lib.optional (!targetPlatform.isDarwin) "--keep-file-symbols";
 
+  hardeningDisable = [ "format" ];
+
   postInstall = ''
     for bin in "$out"/lib/${name}/bin/*; do
       isELF "$bin" || continue
diff --git a/pkgs/development/compilers/ghc/8.4.2.nix b/pkgs/development/compilers/ghc/8.4.2.nix
index aa78480e3326..a2c1a751bc35 100644
--- a/pkgs/development/compilers/ghc/8.4.2.nix
+++ b/pkgs/development/compilers/ghc/8.4.2.nix
@@ -172,6 +172,8 @@ stdenv.mkDerivation rec {
 
   checkTarget = "test";
 
+  hardeningDisable = [ "format" ];
+
   postInstall = ''
     for bin in "$out"/lib/${name}/bin/*; do
       isELF "$bin" || continue
diff --git a/pkgs/development/libraries/a52dec/default.nix b/pkgs/development/libraries/a52dec/default.nix
index 0bfe3a88e9f4..183400c7786e 100644
--- a/pkgs/development/libraries/a52dec/default.nix
+++ b/pkgs/development/libraries/a52dec/default.nix
@@ -8,6 +8,12 @@ stdenv.mkDerivation rec {
     sha256 = "0czccp4fcpf2ykp16xcrzdfmnircz1ynhls334q374xknd5747d2";
   };
 
+  # fails 1 out of 1 tests with "BAD GLOBAL SYMBOLS" on i686
+  # which can also be fixed with
+  # hardeningDisable = stdenv.lib.optional stdenv.isi686 "pic";
+  # but it's better to disable tests than loose ASLR on i686
+  doCheck = !stdenv.isi686;
+
   meta = {
     description = "ATSC A/52 stream decoder";
     homepage = http://liba52.sourceforge.net/;
diff --git a/pkgs/development/libraries/enchant/default.nix b/pkgs/development/libraries/enchant/default.nix
index 7363a0239352..c51475ecc2a9 100644
--- a/pkgs/development/libraries/enchant/default.nix
+++ b/pkgs/development/libraries/enchant/default.nix
@@ -4,16 +4,17 @@ stdenv.mkDerivation rec {
   name = "${pname}-${version}";
   version = "1.6.0";
   pname = "enchant";
-  
+
   src = fetchurl {
     url = "http://www.abisource.com/downloads/${pname}/${version}/${name}.tar.gz";
     sha256 = "0zq9yw1xzk8k9s6x83n1f9srzcwdavzazn3haln4nhp9wxxrxb1g";
   };
-  
+
   nativeBuildInputs = [ pkgconfig ];
-  buildInputs = [aspell glib hunspell hspell];
-  
+  buildInputs = [ aspell glib hunspell hspell ];
+
   meta = {
+    description = "Generic spell checking library";
     homepage = http://www.abisource.com/enchant;
     platforms = stdenv.lib.platforms.unix;
   };
diff --git a/pkgs/development/libraries/tinyxml/2.6.2.nix b/pkgs/development/libraries/tinyxml/2.6.2.nix
index cc374345c2eb..2ec9c57e2411 100644
--- a/pkgs/development/libraries/tinyxml/2.6.2.nix
+++ b/pkgs/development/libraries/tinyxml/2.6.2.nix
@@ -21,8 +21,11 @@ in stdenv.mkDerivation {
     # Use CC, CXX, and LD from environment
     ./2.6.2-cxx.patch
   ];
+
   preConfigure = "export LD=${if stdenv.isDarwin then "clang++" else "g++"}";
 
+  hardeningDisable = [ "format" ];
+
   NIX_CFLAGS_COMPILE =
     stdenv.lib.optional stdenv.isDarwin "-mmacosx-version-min=10.9";
 
diff --git a/pkgs/os-specific/linux/kernel/perf.nix b/pkgs/os-specific/linux/kernel/perf.nix
index bbef2bd19aea..c58851bb03ec 100644
--- a/pkgs/os-specific/linux/kernel/perf.nix
+++ b/pkgs/os-specific/linux/kernel/perf.nix
@@ -31,6 +31,8 @@ stdenv.mkDerivation {
 
   makeFlags = ["prefix=$(out)" "WERROR=0"] ++ kernel.makeFlags;
 
+  hardeningDisable = [ "format" ];
+
   # perf refers both to newt and slang
   nativeBuildInputs = [
     asciidoc xmlto docbook_xsl docbook_xml_dtd_45 libxslt
diff --git a/pkgs/top-level/all-packages.nix b/pkgs/top-level/all-packages.nix
index 34ecad0c1d1c..bc3dde1d1d6e 100644
--- a/pkgs/top-level/all-packages.nix
+++ b/pkgs/top-level/all-packages.nix
@@ -9263,7 +9263,7 @@ with pkgs;
 
   qt-gstreamer = callPackage ../development/libraries/gstreamer/legacy/qt-gstreamer {};
 
-  qt-gstreamer1 = callPackage ../development/libraries/gstreamer/qt-gstreamer { boost = boost155;};
+  qt-gstreamer1 = callPackage ../development/libraries/gstreamer/qt-gstreamer { boost = boost155; };
 
   qtstyleplugin-kvantum-qt4 = callPackage ../development/libraries/qtstyleplugin-kvantum-qt4 { };
 
diff --git a/pkgs/top-level/perl-packages.nix b/pkgs/top-level/perl-packages.nix
index 41a3e7098620..b89b8403dd22 100644
--- a/pkgs/top-level/perl-packages.nix
+++ b/pkgs/top-level/perl-packages.nix
@@ -6462,10 +6462,9 @@ let self = _self // overrides; _self = with self; {
     patches = [ ../development/perl-modules/gd-options-passthrough-and-fontconfig.patch ];
 
     # otherwise "cc1: error: -Wformat-security ignored without -Wformat [-Werror=format-security]"
-    NIX_CFLAGS_COMPILE = [ "-Wno-error=format-security" ];
+    hardeningDisable = [ "format" ];
 
-    # tests fail
-    doCheck = false;
+    doCheck = false; # fails 1 out of 13 tests
 
     makeMakerFlags = "--lib_png_path=${pkgs.libpng.out} --lib_jpeg_path=${pkgs.libjpeg.out} --lib_zlib_path=${pkgs.zlib.out} --lib_ft_path=${pkgs.freetype.out} --lib_fontconfig_path=${pkgs.fontconfig.lib} --lib_xpm_path=${pkgs.xorg.libXpm.out}";
   };
generated by cgit-pink 1.4.1 (git 2.36.1) at 2024-08-08 14:28:33 +0000