diff options
| author | Vladimír Čunát <vcunat@gmail.com> | 2017-01-10 21:13:18 +0100 |
|---|---|---|
| committer | Vladimír Čunát <vcunat@gmail.com> | 2017-01-10 21:13:18 +0100 |
| commit | 0300418a6998058d45cd377ad81ea5c7ddb05ca2 (patch) | |
| tree | d4d2743fbc5c87ed260d52fdb3489a74dccf1e0e /pkgs | |
| parent | f2713ce805bbd2e8f369748e046acc4701b96391 (diff) | |
| parent | ee2edd4527e18ae942609e718018e4072046f7a8 (diff) | |
| download | nixlib-0300418a6998058d45cd377ad81ea5c7ddb05ca2.tar nixlib-0300418a6998058d45cd377ad81ea5c7ddb05ca2.tar.gz nixlib-0300418a6998058d45cd377ad81ea5c7ddb05ca2.tar.bz2 nixlib-0300418a6998058d45cd377ad81ea5c7ddb05ca2.tar.lz nixlib-0300418a6998058d45cd377ad81ea5c7ddb05ca2.tar.xz nixlib-0300418a6998058d45cd377ad81ea5c7ddb05ca2.tar.zst nixlib-0300418a6998058d45cd377ad81ea5c7ddb05ca2.zip | |
Merge branch 'staging'
Diffstat (limited to 'pkgs')
| -rw-r--r-- | pkgs/applications/audio/flac/default.nix | 4 | ||||
| -rw-r--r-- | pkgs/applications/misc/subsurface/default.nix | 2 | ||||
| -rw-r--r-- | pkgs/development/libraries/gdk-pixbuf/default.nix | 4 | ||||
| -rw-r--r-- | pkgs/development/libraries/gtk+/3.x.nix | 4 | ||||
| -rw-r--r-- | pkgs/development/libraries/harfbuzz/default.nix | 4 | ||||
| -rw-r--r-- | pkgs/development/libraries/libpng/default.nix | 4 | ||||
| -rw-r--r-- | pkgs/development/libraries/mesa/default.nix | 4 | ||||
| -rw-r--r-- | pkgs/development/libraries/zlib/CVE-2016-9840.patch | 71 | ||||
| -rw-r--r-- | pkgs/development/libraries/zlib/CVE-2016-9841.patch | 224 | ||||
| -rw-r--r-- | pkgs/development/libraries/zlib/CVE-2016-9842.patch | 29 | ||||
| -rw-r--r-- | pkgs/development/libraries/zlib/CVE-2016-9843.patch | 49 | ||||
| -rw-r--r-- | pkgs/development/libraries/zlib/default.nix | 12 | ||||
| -rw-r--r-- | pkgs/development/perl-modules/Compress-Raw-Zlib/default.nix | 8 | ||||
| -rw-r--r-- | pkgs/tools/security/clamav/default.nix | 1 | ||||
| -rw-r--r-- | pkgs/top-level/perl-packages.nix | 11 |
15 files changed, 27 insertions, 404 deletions
diff --git a/pkgs/applications/audio/flac/default.nix b/pkgs/applications/audio/flac/default.nix index e571758fabb3..52e29e3da4c8 100644 --- a/pkgs/applications/audio/flac/default.nix +++ b/pkgs/applications/audio/flac/default.nix @@ -1,11 +1,11 @@ { stdenv, fetchurl, libogg }: stdenv.mkDerivation rec { - name = "flac-1.3.1"; + name = "flac-1.3.2"; src = fetchurl { url = "http://downloads.xiph.org/releases/flac/${name}.tar.xz"; - sha256 = "4773c0099dba767d963fd92143263be338c48702172e8754b9bc5103efe1c56c"; + sha256 = "0gymm2j3276kr9nz6vmgfwsdfrq6c449n40a0mzz8h6wc7nw7kwi"; }; buildInputs = [ libogg ]; diff --git a/pkgs/applications/misc/subsurface/default.nix b/pkgs/applications/misc/subsurface/default.nix index a18a06f1b873..06b367fa6e78 100644 --- a/pkgs/applications/misc/subsurface/default.nix +++ b/pkgs/applications/misc/subsurface/default.nix @@ -35,7 +35,7 @@ stdenv.mkDerivation rec { qtconnectivity libgit2 libssh2 curl ]; nativeBuildInputs = [ pkgconfig cmake ]; - enableParallelBuilding = true; + #enableParallelBuilding = true; # fatal error: ui_mainwindow.h: No such file or directory # hack incoming... preConfigure = '' diff --git a/pkgs/development/libraries/gdk-pixbuf/default.nix b/pkgs/development/libraries/gdk-pixbuf/default.nix index 736014d665ca..1245381efcd6 100644 --- a/pkgs/development/libraries/gdk-pixbuf/default.nix +++ b/pkgs/development/libraries/gdk-pixbuf/default.nix @@ -3,14 +3,14 @@ let ver_maj = "2.36"; - ver_min = "2"; + ver_min = "3"; in stdenv.mkDerivation rec { name = "gdk-pixbuf-${ver_maj}.${ver_min}"; src = fetchurl { url = "mirror://gnome/sources/gdk-pixbuf/${ver_maj}/${name}.tar.xz"; - sha256 = "3a082ad67d68b55970aed0b2034a06618167be98a42d5c70de736756b45d325d"; + sha256 = "5223138f7d31afc6b356a049930304ec0abd6ac1113a5d3d1dba5cd4a4d639ec"; }; outputs = [ "out" "dev" "devdoc" ]; diff --git a/pkgs/development/libraries/gtk+/3.x.nix b/pkgs/development/libraries/gtk+/3.x.nix index 1b938215d176..64f5a1e3bdd0 100644 --- a/pkgs/development/libraries/gtk+/3.x.nix +++ b/pkgs/development/libraries/gtk+/3.x.nix @@ -13,7 +13,7 @@ with stdenv.lib; let ver_maj = "3.22"; - ver_min = "5"; + ver_min = "6"; version = "${ver_maj}.${ver_min}"; in stdenv.mkDerivation rec { @@ -21,7 +21,7 @@ stdenv.mkDerivation rec { src = fetchurl { url = "mirror://gnome/sources/gtk+/${ver_maj}/gtk+-${version}.tar.xz"; - sha256 = "693fa0ac643c59ccd51db99cabe476b4e0a41fd4f0c3c8b3e3ef38f94b2e7334"; + sha256 = "eba75a216a117f4391beb2971ba20ff8a1823f109893f0ab6c2eac2210ea172f"; }; outputs = [ "out" "dev" ]; diff --git a/pkgs/development/libraries/harfbuzz/default.nix b/pkgs/development/libraries/harfbuzz/default.nix index b2edd39764c2..ec9b45101683 100644 --- a/pkgs/development/libraries/harfbuzz/default.nix +++ b/pkgs/development/libraries/harfbuzz/default.nix @@ -5,7 +5,7 @@ }: let - version = "1.3.4"; + version = "1.4.1"; inherit (stdenv.lib) optional optionals optionalString; in @@ -14,7 +14,7 @@ stdenv.mkDerivation { src = fetchurl { url = "http://www.freedesktop.org/software/harfbuzz/release/harfbuzz-${version}.tar.bz2"; - sha256 = "0ava7y24797k5ps3ghq2ccjjds97ri1gx32v6546a6pgmpyad2ki"; + sha256 = "85a27fab639a1d651737dcb6b69e4101e3fd09522fdfdcb793df810b5cb315bd"; }; outputs = [ "out" "dev" ]; diff --git a/pkgs/development/libraries/libpng/default.nix b/pkgs/development/libraries/libpng/default.nix index 8c6e1c4af15a..545c58f976e9 100644 --- a/pkgs/development/libraries/libpng/default.nix +++ b/pkgs/development/libraries/libpng/default.nix @@ -3,10 +3,10 @@ assert zlib != null; let - version = "1.6.27"; + version = "1.6.28"; patchVersion = "1.6.26"; # patchVersion = version; - sha256 = "0yxmajq2ri1smpz5spi0f055izbdkmmr7a5zp7d6qd9nfgczz8pw"; + sha256 = "0ylgyx93hnk38haqrh8prd3ax5ngzwvjqw5cxw7p9nxmwsfyrlyq"; patch_src = fetchurl { url = "mirror://sourceforge/libpng-apng/libpng-${patchVersion}-apng.patch.gz"; sha256 = "0b6p2k4afvhk1svargpllcvhxb4g3p857wkqk85cks0yv42ckph1"; diff --git a/pkgs/development/libraries/mesa/default.nix b/pkgs/development/libraries/mesa/default.nix index c363cbcd3718..2fc1bfea0842 100644 --- a/pkgs/development/libraries/mesa/default.nix +++ b/pkgs/development/libraries/mesa/default.nix @@ -26,7 +26,7 @@ if ! lists.elem stdenv.system platforms.mesaPlatforms then else let - version = "13.0.2"; + version = "13.0.3"; branch = head (splitString "." version); driverLink = "/run/opengl-driver" + optionalString stdenv.isi686 "-32"; in @@ -40,7 +40,7 @@ stdenv.mkDerivation { "ftp://ftp.freedesktop.org/pub/mesa/older-versions/${branch}.x/${version}/mesa-${version}.tar.xz" "https://launchpad.net/mesa/trunk/${version}/+download/mesa-${version}.tar.xz" ]; - sha256 = "a6ed622645f4ed61da418bf65adde5bcc4bb79023c36ba7d6b45b389da4416d5"; + sha256 = "d9aa8be5c176d00d0cd503cb2f64a5a403ea471ec819c022581414860d7ba40e"; }; prePatch = "patchShebangs ."; diff --git a/pkgs/development/libraries/zlib/CVE-2016-9840.patch b/pkgs/development/libraries/zlib/CVE-2016-9840.patch deleted file mode 100644 index a8b84ff84132..000000000000 --- a/pkgs/development/libraries/zlib/CVE-2016-9840.patch +++ /dev/null @@ -1,71 +0,0 @@ -From 6a043145ca6e9c55184013841a67b2fef87e44c0 Mon Sep 17 00:00:00 2001 -From: Mark Adler <madler@alumni.caltech.edu> -Date: Wed, 21 Sep 2016 23:35:50 -0700 -Subject: [PATCH] Remove offset pointer optimization in inftrees.c. - -inftrees.c was subtracting an offset from a pointer to an array, -in order to provide a pointer that allowed indexing starting at -the offset. This is not compliant with the C standard, for which -the behavior of a pointer decremented before its allocated memory -is undefined. Per the recommendation of a security audit of the -zlib code by Trail of Bits and TrustInSoft, in support of the -Mozilla Foundation, this tiny optimization was removed, in order -to avoid the possibility of undefined behavior. ---- - inftrees.c | 18 ++++++++---------- - 1 file changed, 8 insertions(+), 10 deletions(-) - -diff --git a/inftrees.c b/inftrees.c -index 22fcd66..0d2670d 100644 ---- a/inftrees.c -+++ b/inftrees.c -@@ -54,7 +54,7 @@ unsigned short FAR *work; - code FAR *next; /* next available space in table */ - const unsigned short FAR *base; /* base value table to use */ - const unsigned short FAR *extra; /* extra bits table to use */ -- int end; /* use base and extra for symbol > end */ -+ unsigned match; /* use base and extra for symbol >= match */ - unsigned short count[MAXBITS+1]; /* number of codes of each length */ - unsigned short offs[MAXBITS+1]; /* offsets in table for each length */ - static const unsigned short lbase[31] = { /* Length codes 257..285 base */ -@@ -181,19 +181,17 @@ unsigned short FAR *work; - switch (type) { - case CODES: - base = extra = work; /* dummy value--not used */ -- end = 19; -+ match = 20; - break; - case LENS: - base = lbase; -- base -= 257; - extra = lext; -- extra -= 257; -- end = 256; -+ match = 257; - break; - default: /* DISTS */ - base = dbase; - extra = dext; -- end = -1; -+ match = 0; - } - - /* initialize state for loop */ -@@ -216,13 +214,13 @@ unsigned short FAR *work; - for (;;) { - /* create table entry */ - here.bits = (unsigned char)(len - drop); -- if ((int)(work[sym]) < end) { -+ if (work[sym] + 1 < match) { - here.op = (unsigned char)0; - here.val = work[sym]; - } -- else if ((int)(work[sym]) > end) { -- here.op = (unsigned char)(extra[work[sym]]); -- here.val = base[work[sym]]; -+ else if (work[sym] >= match) { -+ here.op = (unsigned char)(extra[work[sym] - match]); -+ here.val = base[work[sym] - match]; - } - else { - here.op = (unsigned char)(32 + 64); /* end of block */ diff --git a/pkgs/development/libraries/zlib/CVE-2016-9841.patch b/pkgs/development/libraries/zlib/CVE-2016-9841.patch deleted file mode 100644 index e350b3d96423..000000000000 --- a/pkgs/development/libraries/zlib/CVE-2016-9841.patch +++ /dev/null @@ -1,224 +0,0 @@ -From 9aaec95e82117c1cb0f9624264c3618fc380cecb Mon Sep 17 00:00:00 2001 -From: Mark Adler <madler@alumni.caltech.edu> -Date: Wed, 21 Sep 2016 22:25:21 -0700 -Subject: [PATCH] Use post-increment only in inffast.c. - -An old inffast.c optimization turns out to not be optimal anymore -with modern compilers, and furthermore was not compliant with the -C standard, for which decrementing a pointer before its allocated -memory is undefined. Per the recommendation of a security audit of -the zlib code by Trail of Bits and TrustInSoft, in support of the -Mozilla Foundation, this "optimization" was removed, in order to -avoid the possibility of undefined behavior. ---- - inffast.c | 81 ++++++++++++++++++++++++--------------------------------------- - 1 file changed, 31 insertions(+), 50 deletions(-) - -diff --git a/inffast.c b/inffast.c -index bda59ce..f0d163d 100644 ---- a/inffast.c -+++ b/inffast.c -@@ -10,25 +10,6 @@ - - #ifndef ASMINF - --/* Allow machine dependent optimization for post-increment or pre-increment. -- Based on testing to date, -- Pre-increment preferred for: -- - PowerPC G3 (Adler) -- - MIPS R5000 (Randers-Pehrson) -- Post-increment preferred for: -- - none -- No measurable difference: -- - Pentium III (Anderson) -- - M68060 (Nikl) -- */ --#ifdef POSTINC --# define OFF 0 --# define PUP(a) *(a)++ --#else --# define OFF 1 --# define PUP(a) *++(a) --#endif -- - /* - Decode literal, length, and distance codes and write out the resulting - literal and match bytes until either not enough input or output is -@@ -96,9 +77,9 @@ unsigned start; /* inflate()'s starting value for strm->avail_out */ - - /* copy state to local variables */ - state = (struct inflate_state FAR *)strm->state; -- in = strm->next_in - OFF; -+ in = strm->next_in; - last = in + (strm->avail_in - 5); -- out = strm->next_out - OFF; -+ out = strm->next_out; - beg = out - (start - strm->avail_out); - end = out + (strm->avail_out - 257); - #ifdef INFLATE_STRICT -@@ -119,9 +100,9 @@ unsigned start; /* inflate()'s starting value for strm->avail_out */ - input data or output space */ - do { - if (bits < 15) { -- hold += (unsigned long)(PUP(in)) << bits; -+ hold += (unsigned long)(*in++) << bits; - bits += 8; -- hold += (unsigned long)(PUP(in)) << bits; -+ hold += (unsigned long)(*in++) << bits; - bits += 8; - } - here = lcode[hold & lmask]; -@@ -134,14 +115,14 @@ unsigned start; /* inflate()'s starting value for strm->avail_out */ - Tracevv((stderr, here.val >= 0x20 && here.val < 0x7f ? - "inflate: literal '%c'\n" : - "inflate: literal 0x%02x\n", here.val)); -- PUP(out) = (unsigned char)(here.val); -+ *out++ = (unsigned char)(here.val); - } - else if (op & 16) { /* length base */ - len = (unsigned)(here.val); - op &= 15; /* number of extra bits */ - if (op) { - if (bits < op) { -- hold += (unsigned long)(PUP(in)) << bits; -+ hold += (unsigned long)(*in++) << bits; - bits += 8; - } - len += (unsigned)hold & ((1U << op) - 1); -@@ -150,9 +131,9 @@ unsigned start; /* inflate()'s starting value for strm->avail_out */ - } - Tracevv((stderr, "inflate: length %u\n", len)); - if (bits < 15) { -- hold += (unsigned long)(PUP(in)) << bits; -+ hold += (unsigned long)(*in++) << bits; - bits += 8; -- hold += (unsigned long)(PUP(in)) << bits; -+ hold += (unsigned long)(*in++) << bits; - bits += 8; - } - here = dcode[hold & dmask]; -@@ -165,10 +146,10 @@ unsigned start; /* inflate()'s starting value for strm->avail_out */ - dist = (unsigned)(here.val); - op &= 15; /* number of extra bits */ - if (bits < op) { -- hold += (unsigned long)(PUP(in)) << bits; -+ hold += (unsigned long)(*in++) << bits; - bits += 8; - if (bits < op) { -- hold += (unsigned long)(PUP(in)) << bits; -+ hold += (unsigned long)(*in++) << bits; - bits += 8; - } - } -@@ -196,30 +177,30 @@ unsigned start; /* inflate()'s starting value for strm->avail_out */ - #ifdef INFLATE_ALLOW_INVALID_DISTANCE_TOOFAR_ARRR - if (len <= op - whave) { - do { -- PUP(out) = 0; -+ *out++ = 0; - } while (--len); - continue; - } - len -= op - whave; - do { -- PUP(out) = 0; -+ *out++ = 0; - } while (--op > whave); - if (op == 0) { - from = out - dist; - do { -- PUP(out) = PUP(from); -+ *out++ = *from++; - } while (--len); - continue; - } - #endif - } -- from = window - OFF; -+ from = window; - if (wnext == 0) { /* very common case */ - from += wsize - op; - if (op < len) { /* some from window */ - len -= op; - do { -- PUP(out) = PUP(from); -+ *out++ = *from++; - } while (--op); - from = out - dist; /* rest from output */ - } -@@ -230,14 +211,14 @@ unsigned start; /* inflate()'s starting value for strm->avail_out */ - if (op < len) { /* some from end of window */ - len -= op; - do { -- PUP(out) = PUP(from); -+ *out++ = *from++; - } while (--op); -- from = window - OFF; -+ from = window; - if (wnext < len) { /* some from start of window */ - op = wnext; - len -= op; - do { -- PUP(out) = PUP(from); -+ *out++ = *from++; - } while (--op); - from = out - dist; /* rest from output */ - } -@@ -248,35 +229,35 @@ unsigned start; /* inflate()'s starting value for strm->avail_out */ - if (op < len) { /* some from window */ - len -= op; - do { -- PUP(out) = PUP(from); -+ *out++ = *from++; - } while (--op); - from = out - dist; /* rest from output */ - } - } - while (len > 2) { -- PUP(out) = PUP(from); -- PUP(out) = PUP(from); -- PUP(out) = PUP(from); -+ *out++ = *from++; -+ *out++ = *from++; -+ *out++ = *from++; - len -= 3; - } - if (len) { -- PUP(out) = PUP(from); -+ *out++ = *from++; - if (len > 1) -- PUP(out) = PUP(from); -+ *out++ = *from++; - } - } - else { - from = out - dist; /* copy direct from output */ - do { /* minimum length is three */ -- PUP(out) = PUP(from); -- PUP(out) = PUP(from); -- PUP(out) = PUP(from); -+ *out++ = *from++; -+ *out++ = *from++; -+ *out++ = *from++; - len -= 3; - } while (len > 2); - if (len) { -- PUP(out) = PUP(from); -+ *out++ = *from++; - if (len > 1) -- PUP(out) = PUP(from); -+ *out++ = *from++; - } - } - } -@@ -313,8 +294,8 @@ unsigned start; /* inflate()'s starting value for strm->avail_out */ - hold &= (1U << bits) - 1; - - /* update state and return */ -- strm->next_in = in + OFF; -- strm->next_out = out + OFF; -+ strm->next_in = in; -+ strm->next_out = out; - strm->avail_in = (unsigned)(in < last ? 5 + (last - in) : 5 - (in - last)); - strm->avail_out = (unsigned)(out < end ? - 257 + (end - out) : 257 - (out - end)); diff --git a/pkgs/development/libraries/zlib/CVE-2016-9842.patch b/pkgs/development/libraries/zlib/CVE-2016-9842.patch deleted file mode 100644 index e729f7e162cb..000000000000 --- a/pkgs/development/libraries/zlib/CVE-2016-9842.patch +++ /dev/null @@ -1,29 +0,0 @@ -From e54e1299404101a5a9d0cf5e45512b543967f958 Mon Sep 17 00:00:00 2001 -From: Mark Adler <madler@alumni.caltech.edu> -Date: Sat, 5 Sep 2015 17:45:55 -0700 -Subject: [PATCH] Avoid shifts of negative values inflateMark(). - -The C standard says that bit shifts of negative integers is -undefined. This casts to unsigned values to assure a known -result. ---- - inflate.c | 5 +++-- - 1 file changed, 3 insertions(+), 2 deletions(-) - -diff --git a/inflate.c b/inflate.c -index 2889e3a..a718416 100644 ---- a/inflate.c -+++ b/inflate.c -@@ -1506,9 +1506,10 @@ z_streamp strm; - { - struct inflate_state FAR *state; - -- if (strm == Z_NULL || strm->state == Z_NULL) return -1L << 16; -+ if (strm == Z_NULL || strm->state == Z_NULL) -+ return (long)(((unsigned long)0 - 1) << 16); - state = (struct inflate_state FAR *)strm->state; -- return ((long)(state->back) << 16) + -+ return (long)(((unsigned long)((long)state->back)) << 16) + - (state->mode == COPY ? state->length : - (state->mode == MATCH ? state->was - state->length : 0)); - } diff --git a/pkgs/development/libraries/zlib/CVE-2016-9843.patch b/pkgs/development/libraries/zlib/CVE-2016-9843.patch deleted file mode 100644 index 1fe4c4daa03c..000000000000 --- a/pkgs/development/libraries/zlib/CVE-2016-9843.patch +++ /dev/null @@ -1,49 +0,0 @@ -From d1d577490c15a0c6862473d7576352a9f18ef811 Mon Sep 17 00:00:00 2001 -From: Mark Adler <madler@alumni.caltech.edu> -Date: Wed, 28 Sep 2016 20:20:25 -0700 -Subject: [PATCH] Avoid pre-decrement of pointer in big-endian CRC calculation. - -There was a small optimization for PowerPCs to pre-increment a -pointer when accessing a word, instead of post-incrementing. This -required prefacing the loop with a decrement of the pointer, -possibly pointing before the object passed. This is not compliant -with the C standard, for which decrementing a pointer before its -allocated memory is undefined. When tested on a modern PowerPC -with a modern compiler, the optimization no longer has any effect. -Due to all that, and per the recommendation of a security audit of -the zlib code by Trail of Bits and TrustInSoft, in support of the -Mozilla Foundation, this "optimization" was removed, in order to -avoid the possibility of undefined behavior. ---- - crc32.c | 4 +--- - 1 file changed, 1 insertion(+), 3 deletions(-) - -diff --git a/crc32.c b/crc32.c -index 979a719..05733f4 100644 ---- a/crc32.c -+++ b/crc32.c -@@ -278,7 +278,7 @@ local unsigned long crc32_little(crc, buf, len) - } - - /* ========================================================================= */ --#define DOBIG4 c ^= *++buf4; \ -+#define DOBIG4 c ^= *buf4++; \ - c = crc_table[4][c & 0xff] ^ crc_table[5][(c >> 8) & 0xff] ^ \ - crc_table[6][(c >> 16) & 0xff] ^ crc_table[7][c >> 24] - #define DOBIG32 DOBIG4; DOBIG4; DOBIG4; DOBIG4; DOBIG4; DOBIG4; DOBIG4; DOBIG4 -@@ -300,7 +300,6 @@ local unsigned long crc32_big(crc, buf, len) - } - - buf4 = (const z_crc_t FAR *)(const void FAR *)buf; -- buf4--; - while (len >= 32) { - DOBIG32; - len -= 32; -@@ -309,7 +308,6 @@ local unsigned long crc32_big(crc, buf, len) - DOBIG4; - len -= 4; - } -- buf4++; - buf = (const unsigned char FAR *)buf4; - - if (len) do { diff --git a/pkgs/development/libraries/zlib/default.nix b/pkgs/development/libraries/zlib/default.nix index dd73974b140e..dca6483dc84d 100644 --- a/pkgs/development/libraries/zlib/default.nix +++ b/pkgs/development/libraries/zlib/default.nix @@ -1,6 +1,6 @@ { stdenv, fetchurl, static ? false }: -let version = "1.2.8"; in +let version = "1.2.10"; in stdenv.mkDerivation rec { name = "zlib-${version}"; @@ -10,16 +10,9 @@ stdenv.mkDerivation rec { [ "http://www.zlib.net/fossils/${name}.tar.gz" # stable archive path "mirror://sourceforge/libpng/zlib/${version}/${name}.tar.gz" ]; - sha256 = "039agw5rqvqny92cpkrfn243x2gd4xn13hs3xi6isk55d2vqqr9n"; + sha256 = "05w0jwsqib44jz5jazh7cqz311z4g7znnzn6w6v8g1z4iilryzld"; }; - patches = [ - ./CVE-2016-9840.patch - ./CVE-2016-9841.patch - ./CVE-2016-9842.patch - ./CVE-2016-9843.patch - ]; - postPatch = stdenv.lib.optionalString stdenv.isDarwin '' substituteInPlace configure \ --replace '/usr/bin/libtool' 'ar' \ @@ -31,7 +24,6 @@ stdenv.mkDerivation rec { setOutputFlags = false; outputDoc = "dev"; # single tiny man3 page - preConfigure = '' if test -n "$crossConfig"; then export CC=$crossConfig-gcc diff --git a/pkgs/development/perl-modules/Compress-Raw-Zlib/default.nix b/pkgs/development/perl-modules/Compress-Raw-Zlib/default.nix index 7f2f8e9e4e58..5cd197b9d3fd 100644 --- a/pkgs/development/perl-modules/Compress-Raw-Zlib/default.nix +++ b/pkgs/development/perl-modules/Compress-Raw-Zlib/default.nix @@ -1,11 +1,11 @@ { fetchurl, buildPerlPackage, zlib, stdenv }: buildPerlPackage rec { - name = "Compress-Raw-Zlib-2.065"; + name = "Compress-Raw-Zlib-2.071"; src = fetchurl { url = "mirror://cpan/authors/id/P/PM/PMQS/${name}.tar.gz"; - sha256 = "1i09h3dvn8ipaj1l2nq2qd19wzhn7wcpbsipdkcniwi0sgy1kf1p"; + sha256 = "0dk7pcmhnl7n811q3p4rrz5ijdhz6jx367h6rypgvg1y39z4arfs"; }; preConfigure = '' @@ -18,7 +18,9 @@ buildPerlPackage rec { EOF ''; - doCheck = !stdenv.isDarwin; + # Try untested for now. Upstream bug: + # https://rt.cpan.org/Public/Bug/Display.html?id=119762 + doCheck = false && !stdenv.isDarwin; meta = { license = with stdenv.lib.licenses; [ artistic1 gpl1Plus ]; diff --git a/pkgs/tools/security/clamav/default.nix b/pkgs/tools/security/clamav/default.nix index 88df4d78d26b..da469771c6ec 100644 --- a/pkgs/tools/security/clamav/default.nix +++ b/pkgs/tools/security/clamav/default.nix @@ -22,6 +22,7 @@ stdenv.mkDerivation rec { configureFlags = [ "--sysconfdir=/etc/clamav" "--with-zlib=${zlib.dev}" + "--disable-zlib-vcheck" # it fails to recognize that 1.2.10 >= 1.2.2 "--with-libbz2-prefix=${bzip2.dev}" "--with-iconv-dir=${libiconv}" "--with-xml=${libxml2.dev}" diff --git a/pkgs/top-level/perl-packages.nix b/pkgs/top-level/perl-packages.nix index 112665811c60..1587cee7430c 100644 --- a/pkgs/top-level/perl-packages.nix +++ b/pkgs/top-level/perl-packages.nix @@ -6568,11 +6568,11 @@ let self = _self // overrides; _self = with self; { }; }; - IOCompress = buildPerlPackage { - name = "IO-Compress-2.063"; + IOCompress = buildPerlPackage rec { + name = "IO-Compress-2.070"; src = fetchurl { - url = mirror://cpan/authors/id/P/PM/PMQS/IO-Compress-2.063.tar.gz; - sha256 = "1198jqsfyshc8pc74dvn04gmqa0x6nwngkbf731zgd4chrjlylhd"; + url = "mirror://cpan/authors/id/P/PM/PMQS/${name}.tar.gz"; + sha256 = "3e761b833c8e55eb811a5eeab07831bb380dcdce256cc45cfe8816602a3574ff"; }; propagatedBuildInputs = [ CompressRawBzip2 CompressRawZlib ]; meta = { @@ -6581,7 +6581,8 @@ let self = _self // overrides; _self = with self; { license = with stdenv.lib.licenses; [ artistic1 gpl1Plus ]; platforms = stdenv.lib.platforms.linux; }; - doCheck = !stdenv.isDarwin; + # Same as CompressRawZlib + doCheck = false && !stdenv.isDarwin; }; IODigest = buildPerlPackage { |