Merge master into closure-size

The kde-5 stuff still didn't merge well.
I hand-fixed what I saw, but there may be more problems.

6 files changed, 26 insertions, 122 deletions

diff --git a/pkgs/servers/http/joseki/default.nix b/pkgs/servers/http/joseki/default.nix
deleted file mode 100644
index 59f9fd8624d1..000000000000
--- a/pkgs/servers/http/joseki/default.nix
+++ /dev/null
@@ -1,112 +0,0 @@
-x@{builderDefsPackage
-  , unzip
-  , ...}:
-builderDefsPackage
-(a :
-let
-  helperArgNames = ["stdenv" "fetchurl" "builderDefsPackage"] ++
-    [];
-
-  buildInputs = map (n: builtins.getAttr n x)
-    (builtins.attrNames (builtins.removeAttrs x helperArgNames));
-  sourceInfo = rec {
-    baseName="jena-joseki";
-    version="3.4.3-201103";
-    name="${baseName}-${version}";
-  };
-in
-rec {
-  inherit (sourceInfo) name version;
-  inherit buildInputs;
-
-  tarballs = {
-    jenaBin = a.fetchurl {
-      url = "mirror://sourceforge/project/jena/Jena/Jena-2.6.4/jena-2.6.4.zip";
-      sha256 = "ec23a24eee9148b1ddb366ab035a48eacd43c2b50c534a7bdd9cf31c6f8a9e7c";
-    };
-    josekiBin = a.fetchurl {
-      url = "mirror://sourceforge/project/joseki/Joseki-SPARQL/Joseki-3.4.3/joseki-3.4.3.zip";
-      sha256 = "cde1138e7bafcc2db7800dcde08f268237accd76c0a3e4b4c95cc96eacdcad12";
-    };
-    tdbBin = a.fetchurl {
-      url = "mirror://sourceforge/project/jena/TDB/TDB-0.8.9/tdb-0.8.9.zip";
-      sha256 = "78fd4b6cea5a6e412f1d58ba8a9e1fc72315becdf06f3675e4e604cd4435779e";
-    };
-    arqBin = a.fetchurl {
-      url = "mirror://sourceforge/project/jena/ARQ/ARQ-2.8.7/arq-2.8.7.zip";
-      sha256 = "66990e92514a85a9596a7efaf128041002cd098e063964dd5d2264cfcdd26070";
-    };
-    jettyBin = a.fetchurl {
-      url = "http://dist.codehaus.org/jetty/jetty-6.1.26/jetty-6.1.26.zip";
-      sha256 = "96c08eb87ec3772dccc2b3dba54fea85ccc3f804faf7429eecfba3ed55648187";
-    };
-  };
-  tarballFiles = map (x: builtins.getAttr x tarballs) (builtins.attrNames tarballs);
-
-  /* doConfigure should be removed if not needed */
-  phaseNames = ["doDeploy" "fixScripts"];
-
-  fixScripts = a.doPatchShebangs ''$TARGET/bin'';
-
-  doDeploy = a.fullDepEntry (''
-    ${a.lib.concatStringsSep ";" (map (y : "unzip ${y}") tarballFiles)}
-    for i in */; do cp -rTf $i merged; done
-    cd merged
-
-    for i in "lib/"jsp-*/*.jar; do
-      ln -s "''${i#lib/}" "lib" || true
-    done
-
-    cp [Cc]opyright* doc
-    mkdir lib/obsolete
-    (
-      ls "lib/"log4j-[0-9]*.jar | sort | tac | tail -n +2 ;
-      ls "lib/"slf4j-api-[0-9]*.jar | sort | tac | tail -n +2 ;
-      ls "lib/"xercesImpl-[0-9]*.jar | sort | tac | tail -n +2 ;
-      ls "lib/"arq-[0-9]*.jar | sort | tac | tail -n +2
-      ls "lib/"tdb-[0-9]*.jar | sort | tac | tail -n +2
-      ls "lib/"jetty-[0-9]*.jar | sort | tac | tail -n +2
-      ls "lib/"jetty-util-[0-9]*.jar | sort | tac | tail -n +2
-    ) |
-      xargs -I @@ mv @@  lib/obsolete
-
-    mv lib/slf4j-simple-*.jar lib/obsolete
-
-    mkdir -p "$out/share"
-    TARGET="$out/share/${name}-dist"
-    cp -r . "$TARGET"
-    ln -s  "$TARGET/lib" "$out/lib"
-    chmod a+x "$TARGET/bin/"*
-    mkdir -p "$out/bin"
-
-    sed -e 's/\r//g' -i "$TARGET/bin"/*
-
-    echo -e '#! ${a.stdenv.shell}\nls "'"$TARGET"'"/bin' > "$out/bin/jena-list-commands"
-    echo '#! ${a.stdenv.shell}' >> "$out/bin/jena-command"
-    echo 'export JENAROOT="'"$TARGET"'"' >> "$out/bin/jena-command"
-    echo 'export JOSEKIROOT="'"$TARGET"'"' >> "$out/bin/jena-command"
-    echo 'export TDBROOT="'"$TARGET"'"' >> "$out/bin/jena-command"
-    echo 'export ARQROOT="'"$TARGET"'"' >> "$out/bin/jena-command"
-    echo 'sh "'"$TARGET"'"/bin/"$@"' >> "$out/bin/jena-command"
-
-    chmod a+x "$out/bin/"*
-  '') ["defEnsureDir" "minInit" "addInputs"];
-
-  trimVersions = a.fullDepEntry (''
-  '') ["doDeploy" "minInit"];
-
-  passthru = {
-    inherit tarballs;
-  };
-
-  meta = {
-    description = "An RDF database with SparQL interface over HTTP";
-    maintainers = with a.lib.maintainers;
-    [
-      raskin
-    ];
-    hydraPlatforms = []; # Builder is just unpacking/mixing what is needed
-    license = a.lib.licenses.free; # mix of packages under different licenses
-    homepage = "http://openjena.org/";
-  };
-}) x
diff --git a/pkgs/servers/http/nginx/default.nix b/pkgs/servers/http/nginx/default.nix
index f7789dff5a9c..b3bc092dc401 100644
--- a/pkgs/servers/http/nginx/default.nix
+++ b/pkgs/servers/http/nginx/default.nix
@@ -1,6 +1,7 @@
 { stdenv, fetchurl, fetchFromGitHub, openssl, zlib, pcre, libxml2, libxslt, expat
 , gd, geoip
 , modules ? []
+, hardening ? true
 }:
 
 with stdenv.lib;
@@ -53,7 +54,14 @@ stdenv.mkDerivation rec {
 
   NIX_CFLAGS_COMPILE = [ "-I${libxml2.dev}/include/libxml2" ] ++ optional stdenv.isDarwin "-Wno-error=deprecated-declarations -Wno-error=conditional-uninitialized";
 
-  preConfigure = concatMapStringsSep "\n" (mod: mod.preConfigure or "") modules;
+  preConfigure = (concatMapStringsSep "\n" (mod: mod.preConfigure or "") modules)
+    + optionalString (hardening && (stdenv.cc.cc.isGNU or false)) ''
+      configureFlagsArray=(
+        --with-cc-opt="-fPIE -fstack-protector-all --param ssp-buffer-size=4 -O2 -D_FORTIFY_SOURCE=2"
+        --with-ld-opt="-pie -Wl,-z,relro,-z,now"
+      )
+    ''
+    ;
 
   meta = {
     description = "A reverse proxy and lightweight webserver";
diff --git a/pkgs/servers/http/nginx/unstable.nix b/pkgs/servers/http/nginx/unstable.nix
index cfc55c0f55db..257cf96b4a70 100644
--- a/pkgs/servers/http/nginx/unstable.nix
+++ b/pkgs/servers/http/nginx/unstable.nix
@@ -2,15 +2,16 @@
 , gd, geoip
 , withStream ? false
 , modules ? []
+, hardening ? true
 }:
 
 with stdenv.lib;
 
 let
-  version = "1.9.10";
+  version = "1.9.11";
   mainSrc = fetchurl {
     url = "http://nginx.org/download/nginx-${version}.tar.gz";
-    sha256 = "1n9icvi9hq7gak21ixlhcyazjx2yjqlbws07i2habc6a8ildf57v";
+    sha256 = "07x5d2ryf547xrj4wp8w90kz2d93sxjhkfjb0vdscmxgmzs74p3a";
   };
 
 in
@@ -51,7 +52,14 @@ stdenv.mkDerivation rec {
 
   NIX_CFLAGS_COMPILE = [ "-I${libxml2.dev}/include/libxml2" ] ++ optional stdenv.isDarwin "-Wno-error=deprecated-declarations";
 
-  preConfigure = concatMapStringsSep "\n" (mod: mod.preConfigure or "") modules;
+  preConfigure = (concatMapStringsSep "\n" (mod: mod.preConfigure or "") modules)
+    + optionalString (hardening && (stdenv.cc.cc.isGNU or false)) ''
+      configureFlagsArray=(
+        --with-cc-opt="-fPIE -fstack-protector-all --param ssp-buffer-size=4 -O2 -D_FORTIFY_SOURCE=2"
+        --with-ld-opt="-pie -Wl,-z,relro,-z,now"
+      )
+    ''
+    ;
 
   postInstall = ''
     mv $out/sbin $out/bin
diff --git a/pkgs/servers/http/tomcat/6.0.nix b/pkgs/servers/http/tomcat/6.0.nix
index 71f1d62f4d80..c01e5065764c 100644
--- a/pkgs/servers/http/tomcat/6.0.nix
+++ b/pkgs/servers/http/tomcat/6.0.nix
@@ -1,6 +1,6 @@
 import ./recent.nix 
   {
     versionMajor = "6";
-    versionMinor = "0.44";
-    sha256 = "0942f0ss6w9k23xg94nir2dbbkqrqp5k628jflk51ikm5qr95dxa";
+    versionMinor = "0.45";
+    sha256 = "0ba8h86padpk23xmscp7sg70g0v8ji2jbwwriz59hxqy5zhd76wg";
   }
diff --git a/pkgs/servers/http/tomcat/7.0.nix b/pkgs/servers/http/tomcat/7.0.nix
index 221feb9c30eb..b38f4353cc45 100644
--- a/pkgs/servers/http/tomcat/7.0.nix
+++ b/pkgs/servers/http/tomcat/7.0.nix
@@ -1,6 +1,6 @@
 import ./recent.nix 
   {
     versionMajor = "7";
-    versionMinor = "0.62";
-    sha256 = "0v8zvyd4h85ynnday58x0ppplw4flxyjsrmrpg78rrv3w49fm1x7";
+    versionMinor = "0.68";
+    sha256 = "1q5qgci5ia25zqa1k1n2xzarsgk1317ya89mfgg0fmi65x1046ic";
   }
diff --git a/pkgs/servers/http/tomcat/8.0.nix b/pkgs/servers/http/tomcat/8.0.nix
index a6da1198c9aa..004601796672 100644
--- a/pkgs/servers/http/tomcat/8.0.nix
+++ b/pkgs/servers/http/tomcat/8.0.nix
@@ -1,6 +1,6 @@
 import ./recent.nix 
   {
     versionMajor = "8";
-    versionMinor = "0.23";
-    sha256 = "0f0s35iqs1zpifya0qvdrk55r77jr074sc0zk5cjivxaxnhik2y9";
+    versionMinor = "0.32";
+    sha256 = "1f59x5z8qf4rzy49m8d5ifi4h1ghkz5r33l3i67sib414h7jc8vy";
   }