Merge branch 'master' into staging

Conflicts:
      pkgs/applications/misc/navit/default.nix
      pkgs/applications/networking/mailreaders/alpine/default.nix
      pkgs/applications/networking/mailreaders/realpine/default.nix
      pkgs/development/compilers/ghc/head.nix
      pkgs/development/libraries/openssl/default.nix
      pkgs/games/liquidwar/default.nix
      pkgs/games/spring/springlobby.nix
      pkgs/os-specific/linux/kernel/perf.nix
      pkgs/servers/sip/freeswitch/default.nix
      pkgs/tools/archivers/cromfs/default.nix
      pkgs/tools/graphics/plotutils/default.nix

3 files changed, 17 insertions, 13 deletions

diff --git a/pkgs/tools/security/chaps/default.nix b/pkgs/tools/security/chaps/default.nix
index 43e324ec2694..2c6b31500895 100644
--- a/pkgs/tools/security/chaps/default.nix
+++ b/pkgs/tools/security/chaps/default.nix
@@ -31,6 +31,9 @@ stdenv.mkDerivation rec {
     sha256 = "0chk6pnn365d5kcz6vfqx1d0383ksk97icc0lzg0vvb0kvyj0ff1";
   };
 
+  # readdir_r(3) is deprecated in glibc >= 2.24
+  NIX_CFLAGS_COMPILE = "-Wno-error=deprecated-declarations";
+
   patches = [ ./fix_absolute_path.patch  ./fix_environment_variables.patch  ./fix_scons.patch  ./insert_prefetches.patch ];
 
   postPatch = ''
diff --git a/pkgs/tools/security/duo-unix/default.nix b/pkgs/tools/security/duo-unix/default.nix
index af5e72faca44..05ce60a05084 100644
--- a/pkgs/tools/security/duo-unix/default.nix
+++ b/pkgs/tools/security/duo-unix/default.nix
@@ -2,11 +2,11 @@
 
 stdenv.mkDerivation rec {
   name = "duo-unix-${version}";
-  version = "1.9.11";
+  version = "1.9.19";
 
   src = fetchurl {
     url    = "https://dl.duosecurity.com/duo_unix-${version}.tar.gz";
-    sha256 = "0747avzmzzz1gaisahgjlpxyxxbrn04w1mip90lfj9wp2x6a9jgm";
+    sha256 = "02hvayknj0kvdik4mqm9j9isqzxk0f992i9v274s27891xqgj8rd";
   };
 
   buildInputs = [ pam openssl zlib ];
diff --git a/pkgs/tools/security/tor/default.nix b/pkgs/tools/security/tor/default.nix
index 8ac7472a2bc3..533cb0dcd8eb 100644
--- a/pkgs/tools/security/tor/default.nix
+++ b/pkgs/tools/security/tor/default.nix
@@ -1,29 +1,30 @@
-{ stdenv, fetchurl, libevent, openssl, zlib, torsocks, libseccomp }:
+{ stdenv, fetchurl, pkgconfig, libevent, openssl, zlib, torsocks
+, libseccomp, systemd, libcap
+}:
 
 stdenv.mkDerivation rec {
-  name = "tor-0.2.7.6";
+  name = "tor-0.2.8.7";
 
   src = fetchurl {
     url = "https://archive.torproject.org/tor-package-archive/${name}.tar.gz";
-    sha256 = "0p8hjlfi8dwghlyjif5s0q98cmpgz9kn9jja25430l04z5wqcfj9";
+    sha256 = "1iigfi8ljl88s8b5y1g4ak8im57simazscl467zvfbg8k6vf4i5f";
   };
 
-  # Note: torsocks is specified as a dependency, as the distributed
-  # 'torify' wrapper attempts to use it; although there is no
-  # ./configure time check for any of this.
-  buildInputs = [ libevent openssl zlib torsocks ] ++
-    stdenv.lib.optional stdenv.isLinux libseccomp;
+  nativeBuildInputs = [ pkgconfig ];
+  buildInputs = [ libevent openssl zlib ] ++
+    stdenv.lib.optionals stdenv.isLinux [ libseccomp systemd libcap ];
 
   NIX_CFLAGS_LINK = stdenv.lib.optionalString stdenv.cc.isGNU "-lgcc_s";
 
-  # Patch 'torify' to point directly to torsocks.
-  patchPhase = ''
+  postPatch = ''
     substituteInPlace contrib/client-tools/torify \
       --replace 'pathfind torsocks' true          \
       --replace 'exec torsocks' 'exec ${torsocks}/bin/torsocks'
   '';
 
-  doCheck = true;
+  # Fails in a sandboxed environment; at some point we want to disable
+  # just the tests that require networking.
+  doCheck = false;
 
   meta = with stdenv.lib; {
     homepage = https://www.torproject.org/;