diff options
| author | Vladimír Čunát <vcunat@gmail.com> | 2015-12-29 17:14:35 +0100 |
|---|---|---|
| committer | Vladimír Čunát <vcunat@gmail.com> | 2015-12-29 17:14:35 +0100 |
| commit | 08dd527cc7bfeed76e2ed991e445ad615843a119 (patch) | |
| tree | ef3141bd0ea653fdd2307ee6cdd821dc84bb3bb0 /pkgs | |
| parent | 6a51a615b4c144702a64c586eccc35ad709ab119 (diff) | |
| parent | 0e07172c6d8eb4527f5cfc173889943e3221e417 (diff) | |
| download | nixlib-08dd527cc7bfeed76e2ed991e445ad615843a119.tar nixlib-08dd527cc7bfeed76e2ed991e445ad615843a119.tar.gz nixlib-08dd527cc7bfeed76e2ed991e445ad615843a119.tar.bz2 nixlib-08dd527cc7bfeed76e2ed991e445ad615843a119.tar.lz nixlib-08dd527cc7bfeed76e2ed991e445ad615843a119.tar.xz nixlib-08dd527cc7bfeed76e2ed991e445ad615843a119.tar.zst nixlib-08dd527cc7bfeed76e2ed991e445ad615843a119.zip | |
Merge branch 'staging'
http://hydra.nixos.org/eval/1234895 The mass errors on Hydra seem transient; I verified ghc on i686-linux. Only darwin jobs are queued ATM. There's a libpng security update included in this merge, so I don't want to wait too long.
Diffstat (limited to 'pkgs')
32 files changed, 681 insertions, 258 deletions
diff --git a/pkgs/applications/networking/browsers/w3m/RAND_egd.libressl.patch b/pkgs/applications/networking/browsers/w3m/RAND_egd.libressl.patch new file mode 100644 index 000000000000..49dd417d1c39 --- /dev/null +++ b/pkgs/applications/networking/browsers/w3m/RAND_egd.libressl.patch @@ -0,0 +1,11 @@ +--- a/url.c 2014-07-14 12:31:30.476563116 +0200 ++++ b/url.c 2014-07-14 12:32:16.364918248 +0200 +@@ -268,7 +268,7 @@ init_PRNG() + if (RAND_status()) + return; + if ((file = RAND_file_name(buffer, sizeof(buffer)))) { +-#ifdef USE_EGD ++#if defined(USE_EGD) && defined(HAVE_SSL_RAND_EGD) + if (RAND_egd(file) > 0) + return; + #endif diff --git a/pkgs/applications/networking/browsers/w3m/default.nix b/pkgs/applications/networking/browsers/w3m/default.nix index bea74f62358a..6f37477c1b37 100644 --- a/pkgs/applications/networking/browsers/w3m/default.nix +++ b/pkgs/applications/networking/browsers/w3m/default.nix @@ -1,9 +1,10 @@ -{ stdenv, fetchurl +{ stdenv, fetchurl, fetchpatch , ncurses, boehmgc, gettext, zlib , sslSupport ? true, openssl ? null , graphicsSupport ? true, imlib2 ? null , x11Support ? graphicsSupport, libX11 ? null , mouseSupport ? !stdenv.isDarwin, gpm-ncurses ? null +, perl, man }: assert sslSupport -> openssl != null; @@ -21,15 +22,49 @@ stdenv.mkDerivation rec { sha256 = "1qx9f0kprf92r1wxl3sacykla0g04qsi0idypzz24b7xy9ix5579"; }; - NIX_LDFLAGS = stdenv.lib.optionalString stdenv.isSunOS "-lsocket -lnsl"; + NIX_LDFLAGS = optionalString stdenv.isSunOS "-lsocket -lnsl"; - patches = [ ./glibc214.patch ] - # Patch for the newer unstable boehm-gc 7.2alpha. Not all platforms use that - # alpha. At the time of writing this, boehm-gc-7.1 is the last stable. - ++ optional (boehmgc.name != "boehm-gc-7.1") [ ./newgc.patch ] - ++ optional stdenv.isCygwin ./cygwin.patch - # for frame buffer only version - ++ optional (graphicsSupport && !x11Support) [ ./no-x11.patch ]; + # we must set these so that the generated files (e.g. w3mhelp.cgi) contain + # the correct paths. + PERL = "${perl}/bin/perl"; + MAN = "${man}/bin/man"; + + # the Arch patches were pulled from: + # https://aur.archlinux.org/cgit/aur.git/?h=w3m-mouse + patches = [ + ./RAND_egd.libressl.patch + (fetchpatch { + name = "file_handle.patch"; + url = "https://aur.archlinux.org/cgit/aur.git/plain/file_handle.patch?h=w3m-mouse&id=5b5f0fbb59f674575e87dd368fed834641c35f03"; + sha256 = "0kkqm68ig9d658kf1iwa1dwcf651f6dy2j98gplcks1mn3bdlak4"; + }) + (fetchpatch { + name = "form_unknown.patch"; + url = "https://aur.archlinux.org/cgit/aur.git/plain/form_unknown.patch?h=w3m-mouse&id=5b5f0fbb59f674575e87dd368fed834641c35f03"; + sha256 = "1mbfclid3bihb1xv7sxcahprn3slzd6ga8rjzlq4rbq80bl053fw"; + }) + (fetchpatch { + name = "gc72.patch"; + url = "https://aur.archlinux.org/cgit/aur.git/plain/gc72.patch?h=w3m-mouse&id=5b5f0fbb59f674575e87dd368fed834641c35f03"; + sha256 = "1n6anaw17by0s6rn25bwkgj2mck7ffspizpwbijvx1ynk451459a"; + }) + (fetchpatch { + name = "https.patch"; + url = "https://aur.archlinux.org/cgit/aur.git/plain/https.patch?h=w3m-mouse&id=5b5f0fbb59f674575e87dd368fed834641c35f03"; + sha256 = "08skvaha1hjyapsh8zw5dgfy433mw2hk7qy9yy9avn8rjqj7kjxk"; + }) + (fetchpatch { + name = "perl.patch"; + url = "https://aur.archlinux.org/cgit/aur.git/plain/perl.patch?h=w3m-mouse&id=5b5f0fbb59f674575e87dd368fed834641c35f03"; + sha256 = "15cq7cwh0d2v64i8by44rgxw48156sgh872921hxrqdakr95p3gy"; + }) + (fetchpatch { + name = "w3m_rgba.patch"; + url = "https://aur.archlinux.org/cgit/aur.git/plain/w3m_rgba.patch?h=w3m-mouse&id=5b5f0fbb59f674575e87dd368fed834641c35f03"; + sha256 = "1dhp1p6z621ayyl9zip9w35x2cxyhhj72jv5dvf0zp4rk6cjm781"; + }) + ] ++ optional (graphicsSupport && !x11Support) [ ./no-x11.patch ] + ++ optional stdenv.isCygwin ./cygwin.patch; buildInputs = [ncurses boehmgc gettext zlib] ++ optional sslSupport openssl @@ -37,6 +72,10 @@ stdenv.mkDerivation rec { ++ optional graphicsSupport imlib2 ++ optional x11Support libX11; + postInstall = optionalString graphicsSupport '' + ln -s $out/libexec/w3m/w3mimgdisplay $out/bin + ''; + configureFlags = "--with-ssl=${openssl} --with-gc=${boehmgc}" + optionalString graphicsSupport " --enable-image=${optionalString x11Support "x11,"}fb"; @@ -48,11 +87,12 @@ stdenv.mkDerivation rec { enableParallelBuilding = false; # for w3mimgdisplay + # see: https://bbs.archlinux.org/viewtopic.php?id=196093 LIBS = optionalString x11Support "-lX11"; meta = { homepage = http://w3m.sourceforge.net/; description = "A text-mode web browser"; - maintainers = [ maintainers.mornfall ]; + maintainers = [ maintainers.mornfall maintainers.cstrahan ]; }; } diff --git a/pkgs/applications/networking/browsers/w3m/glibc214.patch b/pkgs/applications/networking/browsers/w3m/glibc214.patch deleted file mode 100644 index 37e466e21067..000000000000 --- a/pkgs/applications/networking/browsers/w3m/glibc214.patch +++ /dev/null @@ -1,60 +0,0 @@ -http://sources.gentoo.org/cgi-bin/viewvc.cgi/gentoo-x86/www-client/w3m/files/w3m-0.5.3-glibc214.patch?revision=1.1 - ---- a/istream.c.~1.27.~ 2011-01-04 18:22:22.000000000 +0900 -+++ b/istream.c 2011-06-24 08:15:23.522990618 +0900 -@@ -22,8 +22,8 @@ - static void basic_close(int *handle); - static int basic_read(int *handle, char *buf, int len); - --static void file_close(struct file_handle *handle); --static int file_read(struct file_handle *handle, char *buf, int len); -+static void file_close(struct afile_handle *handle); -+static int file_read(struct afile_handle *handle, char *buf, int len); - - static int str_read(Str handle, char *buf, int len); - -@@ -114,7 +114,7 @@ - stream = New(union input_stream); - init_base_stream(&stream->base, STREAM_BUF_SIZE); - stream->file.type = IST_FILE; -- stream->file.handle = New(struct file_handle); -+ stream->file.handle = New(struct afile_handle); - stream->file.handle->f = f; - if (closep) - stream->file.handle->close = closep; -@@ -658,13 +658,13 @@ - } - - static void --file_close(struct file_handle *handle) -+file_close(struct afile_handle *handle) - { - handle->close(handle->f); - } - - static int --file_read(struct file_handle *handle, char *buf, int len) -+file_read(struct afile_handle *handle, char *buf, int len) - { - return fread(buf, 1, len, handle->f); - } ---- a/istream.h.~1.12.~ 2003-10-21 01:41:56.000000000 +0900 -+++ b/istream.h 2011-06-24 08:15:54.392991144 +0900 -@@ -20,7 +20,7 @@ - - typedef struct stream_buffer *StreamBuffer; - --struct file_handle { -+struct afile_handle { - FILE *f; - void (*close) (); - }; -@@ -53,7 +53,7 @@ - - struct file_stream { - struct stream_buffer stream; -- struct file_handle *handle; -+ struct afile_handle *handle; - char type; - char iseos; - int (*read) (); diff --git a/pkgs/applications/networking/browsers/w3m/newgc.patch b/pkgs/applications/networking/browsers/w3m/newgc.patch deleted file mode 100644 index db25e305c8c1..000000000000 --- a/pkgs/applications/networking/browsers/w3m/newgc.patch +++ /dev/null @@ -1,15 +0,0 @@ -https://bugzilla.redhat.com/show_bug.cgi?id=555467 - ---- a/main.c.old 2007-05-31 06:49:50.000000000 +0530 -+++ b/main.c 2010-02-16 16:16:24.000000000 +0530 -@@ -842,7 +842,9 @@ - mySignal(SIGPIPE, SigPipe); - #endif - -- orig_GC_warn_proc = GC_set_warn_proc(wrap_GC_warn_proc); -+ orig_GC_warn_proc = GC_get_warn_proc(); -+ GC_set_warn_proc(wrap_GC_warn_proc); -+ - err_msg = Strnew(); - if (load_argc == 0) { - /* no URL specified */ diff --git a/pkgs/development/interpreters/perl/5.20/default.nix b/pkgs/development/interpreters/perl/5.20/default.nix index 05d64e9c511e..659fad6bb9b0 100644 --- a/pkgs/development/interpreters/perl/5.20/default.nix +++ b/pkgs/development/interpreters/perl/5.20/default.nix @@ -21,11 +21,11 @@ in with stdenv.lib; stdenv.mkDerivation rec { - name = "perl-5.20.2"; + name = "perl-5.20.3"; src = fetchurl { url = "mirror://cpan/authors/id/S/SH/SHAY/${name}.tar.gz"; - sha256 = "17cvplgpxbm1hshxlkra2fldn4da1iap1lsnb04hdm8ply93k95i"; + sha256 = "0jlvpd5l5nk7lzfd4akdg1sw6vinbkj6izclyyr0lrbidfky691m"; }; outputs = [ "out" "man" ]; @@ -33,8 +33,6 @@ stdenv.mkDerivation rec { patches = [ # Do not look in /usr etc. for dependencies. ./no-sys-dirs.patch - # Remove in 5.20.3 - ./perl-5.20.2-gcc5_fixes-1.patch ] ++ optional stdenv.isSunOS ./ld-shared.patch ++ stdenv.lib.optional stdenv.isDarwin [ ./cpp-precomp.patch ./no-libutil.patch ] ; @@ -84,6 +82,9 @@ stdenv.mkDerivation rec { ''} '' + optionalString stdenv.isDarwin '' substituteInPlace hints/darwin.sh --replace "env MACOSX_DEPLOYMENT_TARGET=10.3" "" + '' + optionalString (!enableThreading) '' + # We need to do this because the bootstrap doesn't have a static libpthread + sed -i 's,\(libswanted.*\)pthread,\1,g' Configure ''; preBuild = optionalString (!(stdenv ? cc && stdenv.cc.nativeTools)) diff --git a/pkgs/development/interpreters/perl/5.20/perl-5.20.2-gcc5_fixes-1.patch b/pkgs/development/interpreters/perl/5.20/perl-5.20.2-gcc5_fixes-1.patch deleted file mode 100644 index 21f3ca8d7a54..000000000000 --- a/pkgs/development/interpreters/perl/5.20/perl-5.20.2-gcc5_fixes-1.patch +++ /dev/null @@ -1,127 +0,0 @@ -Submitted By: Ken Moffat <ken at linuxfromscratch dot org> -Date: 2015-04-17 -Initial Package Version: 5.20.2 -Upstream Status: Committed -Origin: Petr Pisař and Tony Cook -Description: Fixes Errno.pm and h2ph with gcc-5. - -1. cherry-picked because the change to $version will not apply, from -commit 816b056ffb99ae54642320e20dc30a59fd1effef -Author: Petr Písař <ppisar@redhat.com> -Date: Wed Feb 11 15:46:37 2015 +0100 - - Fix Errno.pm generation for gcc-5.0 - - gcc-5.0 -E interleaves now line numbers with expended macros, so that - the generated errno.c will be preprocessed to - - EBFONT => [[ - 59 - ]] - - which is hard to parse in in line-based reader. - - So use -P option with gcc >= 5.0. Global -P usage would break makedepend, - global -ftrack-macro-expansion=0 would break lib/h2ph.t. - - RT#123784 - -diff --git a/ext/Errno/Errno_pm.PL b/ext/Errno/Errno_pm.PL -index 3dadfce..c6bfa06 100644 ---- a/ext/Errno/Errno_pm.PL -+++ b/ext/Errno/Errno_pm.PL -@@ -215,20 +215,31 @@ sub write_errno_pm { - { # BeOS (support now removed) did not enter this block - # invoke CPP and read the output - -+ my $inhibit_linemarkers = ''; -+ if ($Config{gccversion} =~ /\A(\d+)\./ and $1 >= 5) { -+ # GCC 5.0 interleaves expanded macros with line numbers breaking -+ # each line into multiple lines. RT#123784 -+ $inhibit_linemarkers = ' -P'; -+ } -+ - if ($^O eq 'VMS') { -- my $cpp = "$Config{cppstdin} $Config{cppflags} $Config{cppminus}"; -+ my $cpp = "$Config{cppstdin} $Config{cppflags}" . -+ $inhibit_linemarkers . " $Config{cppminus}"; - $cpp =~ s/sys\$input//i; - open(CPPO,"$cpp errno.c |") or - die "Cannot exec $Config{cppstdin}"; - } elsif ($IsMSWin32 || $^O eq 'NetWare') { -- open(CPPO,"$Config{cpprun} $Config{cppflags} errno.c |") or -- die "Cannot run '$Config{cpprun} $Config{cppflags} errno.c'"; -+ my $cpp = "$Config{cpprun} $Config{cppflags}" . -+ $inhibit_linemarkers; -+ open(CPPO,"$cpp errno.c |") or -+ die "Cannot run '$cpp errno.c'"; - } elsif ($IsSymbian) { -- my $cpp = "gcc -E -I$ENV{SDK}\\epoc32\\include\\libc -"; -+ my $cpp = "gcc -E -I$ENV{SDK}\\epoc32\\include\\libc" . -+ $inhibit_linemarkers ." -"; - open(CPPO,"$cpp < errno.c |") - or die "Cannot exec $cpp"; - } else { -- my $cpp = default_cpp(); -+ my $cpp = default_cpp() . $inhibit_linemarkers; - open(CPPO,"$cpp < errno.c |") - or die "Cannot exec $cpp"; - } - -commit 3bea78d24634e630b610f59957e7a019205a67b2 -Author: Tony Cook <tony@develop-help.com> -Date: Mon Feb 16 15:57:00 2015 +1100 - - h2ph: correct handling of hex constants for the preamble - - Previously they were treated as identifiers resulting in code - generated like C< &0xFFF >. - - We also try to prevent compile-time warnings from large hex integers, - the user isn't responsible for the generated code, so we delay those - warnings to run-time. - -diff --git a/utils/h2ph.PL b/utils/h2ph.PL -index 9a8b14d..d082f22 100644 ---- a/utils/h2ph.PL -+++ b/utils/h2ph.PL -@@ -769,7 +769,7 @@ sub inc_dirs - sub build_preamble_if_necessary - { - # Increment $VERSION every time this function is modified: -- my $VERSION = 3; -+ my $VERSION = 4; - my $preamble = "$Dest_dir/_h2ph_pre.ph"; - - # Can we skip building the preamble file? -@@ -788,6 +788,11 @@ sub build_preamble_if_necessary - - open PREAMBLE, ">$preamble" or die "Cannot open $preamble: $!"; - print PREAMBLE "# This file was created by h2ph version $VERSION\n"; -+ # Prevent non-portable hex constants from warning. -+ # -+ # We still produce an overflow warning if we can't represent -+ # a hex constant as an integer. -+ print PREAMBLE "no warnings qw(portable);\n"; - - foreach (sort keys %define) { - if ($opt_D) { -@@ -814,6 +819,18 @@ DEFINE - # integer: - print PREAMBLE - "unless (defined &$_) { sub $_() { $1 } }\n\n"; -+ } elsif ($define{$_} =~ /^([+-]?0x[\da-f]+)U?L{0,2}$/i) { -+ # hex integer -+ # Special cased, since perl warns on hex integers -+ # that can't be represented in a UV. -+ # -+ # This way we get the warning at time of use, so the user -+ # only gets the warning if they happen to use this -+ # platform-specific definition. -+ my $code = $1; -+ $code = "hex('$code')" if length $code > 10; -+ print PREAMBLE -+ "unless (defined &$_) { sub $_() { $code } }\n\n"; - } elsif ($define{$_} =~ /^\w+$/) { - my $def = $define{$_}; - if ($isatype{$def}) { diff --git a/pkgs/development/interpreters/ruby/patchsets.nix b/pkgs/development/interpreters/ruby/patchsets.nix index 5f270dfe9c71..286301dc0a5d 100644 --- a/pkgs/development/interpreters/ruby/patchsets.nix +++ b/pkgs/development/interpreters/ruby/patchsets.nix @@ -1,7 +1,8 @@ { patchSet, useRailsExpress, ops, patchLevel }: -let self = rec { +rec { "1.9.3" = [ + ./ssl_v3.patch ./ruby19-parallel-install.patch ./bitperfect-rdoc.patch ] ++ ops useRailsExpress [ @@ -25,13 +26,17 @@ let self = rec { "${patchSet}/patches/ruby/1.9.3/p${patchLevel}/railsexpress/18-fix-missing-c-return-event.patch" "${patchSet}/patches/ruby/1.9.3/p${patchLevel}/railsexpress/19-fix-process-daemon-call.patch" ]; - "2.0.0" = ops useRailsExpress [ + "2.0.0" = [ + ./ssl_v3.patch + ] ++ ops useRailsExpress [ "${patchSet}/patches/ruby/2.0.0/p${patchLevel}/railsexpress/01-zero-broken-tests.patch" "${patchSet}/patches/ruby/2.0.0/p${patchLevel}/railsexpress/02-railsexpress-gc.patch" "${patchSet}/patches/ruby/2.0.0/p${patchLevel}/railsexpress/03-display-more-detailed-stack-trace.patch" "${patchSet}/patches/ruby/2.0.0/p${patchLevel}/railsexpress/04-show-full-backtrace-on-stack-overflow.patch" ]; - "2.1.0" = ops useRailsExpress [ + "2.1.0" = [ + ./ssl_v3.patch + ] ++ ops useRailsExpress [ "${patchSet}/patches/ruby/2.1.0/railsexpress/01-current-2.1.1-fixes.patch" "${patchSet}/patches/ruby/2.1.0/railsexpress/02-zero-broken-tests.patch" "${patchSet}/patches/ruby/2.1.0/railsexpress/03-improve-gc-stats.patch" @@ -45,7 +50,9 @@ let self = rec { "${patchSet}/patches/ruby/2.1.0/railsexpress/11-funny-falcon-method-cache.patch" "${patchSet}/patches/ruby/2.1.0/railsexpress/12-backport-r44370.patch" ]; - "2.1.1" = ops useRailsExpress [ + "2.1.1" = [ + ./ssl_v3.patch + ] ++ ops useRailsExpress [ "${patchSet}/patches/ruby/2.1.0/railsexpress/01-zero-broken-tests.patch" "${patchSet}/patches/ruby/2.1.0/railsexpress/02-improve-gc-stats.patch" "${patchSet}/patches/ruby/2.1.0/railsexpress/03-display-more-detailed-stack-trace.patch" @@ -58,7 +65,9 @@ let self = rec { "${patchSet}/patches/ruby/2.1.0/railsexpress/11-funny-falcon-method-cache.patch" "${patchSet}/patches/ruby/2.1.0/railsexpress/12-backport-r44370.patch" ]; - "2.1.2" = ops useRailsExpress [ + "2.1.2" = [ + ./ssl_v3.patch + ] ++ ops useRailsExpress [ "${patchSet}/patches/ruby/2.1.2/railsexpress/01-zero-broken-tests.patch" "${patchSet}/patches/ruby/2.1.2/railsexpress/02-improve-gc-stats.patch" "${patchSet}/patches/ruby/2.1.2/railsexpress/03-display-more-detailed-stack-trace.patch" @@ -70,7 +79,9 @@ let self = rec { "${patchSet}/patches/ruby/2.1.2/railsexpress/09-aman-opt-aset-aref-str.patch" "${patchSet}/patches/ruby/2.1.2/railsexpress/10-funny-falcon-method-cache.patch" ]; - "2.1.3" = ops useRailsExpress [ + "2.1.3" = [ + ./ssl_v3.patch + ] ++ ops useRailsExpress [ "${patchSet}/patches/ruby/2.1.3/railsexpress/01-zero-broken-tests.patch" "${patchSet}/patches/ruby/2.1.3/railsexpress/02-improve-gc-stats.patch" "${patchSet}/patches/ruby/2.1.3/railsexpress/03-display-more-detailed-stack-trace.patch" @@ -80,7 +91,9 @@ let self = rec { "${patchSet}/patches/ruby/2.1.3/railsexpress/07-aman-opt-aset-aref-str.patch" "${patchSet}/patches/ruby/2.1.3/railsexpress/08-funny-falcon-method-cache.patch" ]; - "2.1.6" = ops useRailsExpress [ + "2.1.6" = [ + ./ssl_v3.patch + ] ++ ops useRailsExpress [ "${patchSet}/patches/ruby/2.1.6/railsexpress/01-zero-broken-tests.patch" "${patchSet}/patches/ruby/2.1.6/railsexpress/02-improve-gc-stats.patch" "${patchSet}/patches/ruby/2.1.6/railsexpress/03-display-more-detailed-stack-trace.patch" @@ -91,7 +104,9 @@ let self = rec { "${patchSet}/patches/ruby/2.1.6/railsexpress/08-funny-falcon-method-cache.patch" "${patchSet}/patches/ruby/2.1.6/railsexpress/09-heap-dump-support.patch" ]; - "2.1.7" = ops useRailsExpress [ + "2.1.7" = [ + ./ssl_v3.patch + ] ++ ops useRailsExpress [ "${patchSet}/patches/ruby/2.1.7/railsexpress/01-zero-broken-tests.patch" "${patchSet}/patches/ruby/2.1.7/railsexpress/02-improve-gc-stats.patch" "${patchSet}/patches/ruby/2.1.7/railsexpress/03-display-more-detailed-stack-trace.patch" @@ -102,22 +117,28 @@ let self = rec { "${patchSet}/patches/ruby/2.1.7/railsexpress/08-funny-falcon-method-cache.patch" "${patchSet}/patches/ruby/2.1.7/railsexpress/09-heap-dump-support.patch" ]; - "2.2.0" = ops useRailsExpress [ + "2.2.0" = [ + ./ssl_v3.patch + ] ++ ops useRailsExpress [ "${patchSet}/patches/ruby/2.2.0/railsexpress/01-zero-broken-tests.patch" "${patchSet}/patches/ruby/2.2.0/railsexpress/02-improve-gc-stats.patch" "${patchSet}/patches/ruby/2.2.0/railsexpress/03-display-more-detailed-stack-trace.patch" "${patchSet}/patches/ruby/2.2.0/railsexpress/04-backport-401c8bb.patch" "${patchSet}/patches/ruby/2.2.0/railsexpress/05-fix-packed-bitfield-compat-warning-for-older-gccs.patch" ]; - "2.2.2" = ops useRailsExpress [ + "2.2.2" = [ + ./ssl_v3.patch + ] ++ ops useRailsExpress [ "${patchSet}/patches/ruby/2.2.2/railsexpress/01-zero-broken-tests.patch" "${patchSet}/patches/ruby/2.2.2/railsexpress/02-improve-gc-stats.patch" "${patchSet}/patches/ruby/2.2.2/railsexpress/03-display-more-detailed-stack-trace.patch" "${patchSet}/patches/ruby/2.2.2/railsexpress/04-backported-bugfixes-222.patch" ]; - "2.2.3" = ops useRailsExpress [ + "2.2.3" = [ + ./ssl_v3.patch + ] ++ ops useRailsExpress [ "${patchSet}/patches/ruby/2.2.3/railsexpress/01-zero-broken-tests.patch" "${patchSet}/patches/ruby/2.2.3/railsexpress/02-improve-gc-stats.patch" "${patchSet}/patches/ruby/2.2.3/railsexpress/03-display-more-detailed-stack-trace.patch" ]; -}; in self +} diff --git a/pkgs/development/interpreters/ruby/ssl_v3.patch b/pkgs/development/interpreters/ruby/ssl_v3.patch new file mode 100644 index 000000000000..faa402165751 --- /dev/null +++ b/pkgs/development/interpreters/ruby/ssl_v3.patch @@ -0,0 +1,16 @@ +--- a/ext/openssl/ossl_ssl.c 2015-11-26 16:41:03.775058140 +0000 ++++ b/ext/openssl/ossl_ssl.c 2015-11-26 16:40:56.191907346 +0000 +@@ -138,9 +138,12 @@ + OSSL_SSL_METHOD_ENTRY(SSLv2_server), + OSSL_SSL_METHOD_ENTRY(SSLv2_client), + #endif ++#if defined(HAVE_SSLV3_METHOD) && defined(HAVE_SSLV3_SERVER_METHOD) && \ ++ defined(HAVE_SSLV3_CLIENT_METHOD) + OSSL_SSL_METHOD_ENTRY(SSLv3), + OSSL_SSL_METHOD_ENTRY(SSLv3_server), + OSSL_SSL_METHOD_ENTRY(SSLv3_client), ++#endif + OSSL_SSL_METHOD_ENTRY(SSLv23), + OSSL_SSL_METHOD_ENTRY(SSLv23_server), + OSSL_SSL_METHOD_ENTRY(SSLv23_client), + diff --git a/pkgs/development/libraries/gettext/default.nix b/pkgs/development/libraries/gettext/default.nix index 874c767046b2..3d7cfc0ca310 100644 --- a/pkgs/development/libraries/gettext/default.nix +++ b/pkgs/development/libraries/gettext/default.nix @@ -28,6 +28,12 @@ stdenv.mkDerivation (rec { "gt_cv_func_CFLocaleCopyCurrent=no" ]); + patchPhase = '' + substituteInPlace gettext-tools/projects/KDE/trigger --replace "/bin/pwd" pwd + substituteInPlace gettext-tools/projects/GNOME/trigger --replace "/bin/pwd" pwd + substituteInPlace gettext-tools/src/project-id --replace "/bin/pwd" pwd + ''; + # On cross building, gettext supposes that the wchar.h from libc # does not fulfill gettext needs, so it tries to work with its # own wchar.h file, which does not cope well with the system's @@ -90,8 +96,8 @@ stdenv.mkDerivation (rec { # Make sure `error.c' gets compiled and is part of `libgettextlib.la'. # This fixes: # gettext-0.18.1.1/gettext-tools/src/msgcmp.c:371: undefined reference to `_error_message_count' - - '' sed -i gettext-tools/gnulib-lib/Makefile.in \ + '' + sed -i gettext-tools/gnulib-lib/Makefile.in \ -e 's/am_libgettextlib_la_OBJECTS =/am_libgettextlib_la_OBJECTS = error.lo/g' ''; }) diff --git a/pkgs/development/libraries/glibc/common.nix b/pkgs/development/libraries/glibc/common.nix index cf356ccefbed..26d2f2454b45 100644 --- a/pkgs/development/libraries/glibc/common.nix +++ b/pkgs/development/libraries/glibc/common.nix @@ -61,6 +61,8 @@ stdenv.mkDerivation ({ ./security-bdf1ff05.patch ./cve-2014-8121.patch ./cve-2015-1781.patch + + ./glibc-locale-incompatibility.patch ]; postPatch = diff --git a/pkgs/development/libraries/glibc/glibc-locale-incompatibility.patch b/pkgs/development/libraries/glibc/glibc-locale-incompatibility.patch new file mode 100644 index 000000000000..8ca2ce4cd88a --- /dev/null +++ b/pkgs/development/libraries/glibc/glibc-locale-incompatibility.patch @@ -0,0 +1,25 @@ +http://git.savannah.gnu.org/cgit/guix.git/plain/gnu/packages/patches/glibc-locale-incompatibility.patch + +This patch avoids an assertion failure when incompatible locale data +is encountered: + + https://sourceware.org/ml/libc-alpha/2015-09/msg00575.html + +--- glibc-2.22/locale/loadlocale.c 2015-09-22 17:16:02.321981548 +0200 ++++ glibc-2.22/locale/loadlocale.c 2015-09-22 17:17:34.814659064 +0200 +@@ -120,10 +120,11 @@ + _nl_value_type_LC_XYZ array. There are all pointers. */ + switch (category) + { +-#define CATTEST(cat) \ +- case LC_##cat: \ +- assert (cnt < (sizeof (_nl_value_type_LC_##cat) \ +- / sizeof (_nl_value_type_LC_##cat[0]))); \ ++#define CATTEST(cat) \ ++ case LC_##cat: \ ++ if (cnt >= (sizeof (_nl_value_type_LC_##cat) \ ++ / sizeof (_nl_value_type_LC_##cat[0]))) \ ++ goto puntdata; \ + break + CATTEST (NUMERIC); + CATTEST (TIME); diff --git a/pkgs/development/libraries/libffi/default.nix b/pkgs/development/libraries/libffi/default.nix index 824b909f1d91..5c981e664cb4 100644 --- a/pkgs/development/libraries/libffi/default.nix +++ b/pkgs/development/libraries/libffi/default.nix @@ -1,4 +1,4 @@ -{ fetchurl, stdenv }: +{ fetchurl, stdenv, dejagnu, doCheck ? false }: stdenv.mkDerivation rec { name = "libffi-3.2.1"; @@ -10,11 +10,15 @@ stdenv.mkDerivation rec { patches = if stdenv.isCygwin then [ ./3.2.1-cygwin.patch ] else null; + buildInputs = stdenv.lib.optional doCheck dejagnu; + configureFlags = [ "--with-gcc-arch=generic" # no detection of -march= or -mtune= "--enable-pax_emutramp" ]; + inherit doCheck; + dontStrip = stdenv ? cross; # Don't run the native `strip' when cross-compiling. # Install headers in the right place. @@ -22,7 +26,7 @@ stdenv.mkDerivation rec { ln -s${if (stdenv.isFreeBSD || stdenv.isOpenBSD || stdenv.isDarwin) then "" else "r"}v "$out/lib/"libffi*/include "$out/include" ''; - meta = { + meta = with stdenv.lib; { description = "A foreign function call interface library"; longDescription = '' The libffi library provides a portable, high level programming @@ -40,8 +44,8 @@ stdenv.mkDerivation rec { ''; homepage = http://sourceware.org/libffi/; # See http://github.com/atgreen/libffi/blob/master/LICENSE . - license = stdenv.lib.licenses.free; + license = licenses.free; maintainers = [ ]; - platforms = stdenv.lib.platforms.all; + platforms = platforms.all; }; } diff --git a/pkgs/development/libraries/libpng/default.nix b/pkgs/development/libraries/libpng/default.nix index a2454aa02f04..4e18dcb680f9 100644 --- a/pkgs/development/libraries/libpng/default.nix +++ b/pkgs/development/libraries/libpng/default.nix @@ -3,11 +3,11 @@ assert zlib != null; let - version = "1.6.19"; - sha256 = "1s1mmkl79ghiczi2x2rbnp6y70v4c5pr8g3icxn9h5imymbmc71i"; + version = "1.6.20"; + sha256 = "12wis4rlisfnw79pj2778m42m94xpi9nq8m385hxk11lkyg9biam"; patch_src = fetchurl { url = "mirror://sourceforge/libpng-apng/libpng-${version}-apng.patch.gz"; - sha256 = "0bgqkac16yhl0zwjzq2zwkixg2l2x3a6blbk3k0wqz0lza2a6jrh"; + sha256 = "11xgal9qk6fmqdgcb37xg55f2y58wizszw54p1pyq855d2xpwfz6"; }; whenPatched = stdenv.lib.optionalString apngSupport; diff --git a/pkgs/development/libraries/mesa/default.nix b/pkgs/development/libraries/mesa/default.nix index 3bfdf8f3a777..c6af00d08b87 100644 --- a/pkgs/development/libraries/mesa/default.nix +++ b/pkgs/development/libraries/mesa/default.nix @@ -22,7 +22,7 @@ else */ let - version = "11.0.5"; + version = "11.0.8"; # this is the default search path for DRI drivers driverLink = "/run/opengl-driver" + stdenv.lib.optionalString stdenv.isi686 "-32"; in @@ -38,7 +38,7 @@ stdenv.mkDerivation { + head (splitString "." version) + ''.x/${version}/mesa-${version}.tar.xz'') "https://launchpad.net/mesa/trunk/${version}/+download/mesa-${version}.tar.xz" ]; - sha256 = "9c255a2a6695fcc6ef4a279e1df0aeaf417dc142f39ee59dfb533d80494bb67a"; + sha256 = "5696e4730518b6805d2ed5def393c4293f425a2c2c01bd5ed4bdd7ad62f7ad75"; }; prePatch = "patchShebangs ."; diff --git a/pkgs/development/libraries/qca2/default.nix b/pkgs/development/libraries/qca2/default.nix index 43ef6f78b576..4e6b50502d62 100644 --- a/pkgs/development/libraries/qca2/default.nix +++ b/pkgs/development/libraries/qca2/default.nix @@ -13,6 +13,8 @@ stdenv.mkDerivation rec { enableParallelBuilding = true; + patches = [ ./libressl.patch ]; + meta = with stdenv.lib; { description = "Qt Cryptographic Architecture"; license = "LGPL"; diff --git a/pkgs/development/libraries/qca2/libressl.patch b/pkgs/development/libraries/qca2/libressl.patch new file mode 100644 index 000000000000..c9b0267f85d8 --- /dev/null +++ b/pkgs/development/libraries/qca2/libressl.patch @@ -0,0 +1,28 @@ +--- a/plugins/qca-ossl/qca-ossl.cpp 2015-12-02 09:34:25.810682094 +0000 ++++ b/plugins/qca-ossl/qca-ossl.cpp 2015-12-02 09:29:51.720392423 +0000 +@@ -5403,11 +5403,13 @@ + ctx = SSL_CTX_new(SSLv2_client_method()); + break; + #endif ++#ifndef OPENSSL_NO_SSL3 + case TLS::SSL_v3: + ctx = SSL_CTX_new(SSLv3_client_method()); + break; ++#endif + case TLS::TLS_v1: ++ ctx = SSL_CTX_new(SSLv23_client_method()); +- ctx = SSL_CTX_new(TLSv1_client_method()); + break; + case TLS::DTLS_v1: + default: +@@ -7133,8 +7135,10 @@ + return new opensslInfoContext(this); + else if ( type == "sha1" ) + return new opensslHashContext( EVP_sha1(), this, type); ++#ifndef OPENSSL_NO_SHA0 + else if ( type == "sha0" ) + return new opensslHashContext( EVP_sha(), this, type); ++#endif + else if ( type == "ripemd160" ) + return new opensslHashContext( EVP_ripemd160(), this, type); + #ifdef HAVE_OPENSSL_MD2 diff --git a/pkgs/development/libraries/qt-4.x/4.8/default.nix b/pkgs/development/libraries/qt-4.x/4.8/default.nix index e4d1bae636cf..25b547bf1cf6 100644 --- a/pkgs/development/libraries/qt-4.x/4.8/default.nix +++ b/pkgs/development/libraries/qt-4.x/4.8/default.nix @@ -50,6 +50,7 @@ stdenv.mkDerivation rec { patches = [ ./glib-2.32.patch + ./libressl.patch (substituteAll { src = ./dlopen-absolute-paths.diff; inherit cups icu libXfixes; diff --git a/pkgs/development/libraries/qt-4.x/4.8/libressl.patch b/pkgs/development/libraries/qt-4.x/4.8/libressl.patch new file mode 100644 index 000000000000..5432610d9dc9 --- /dev/null +++ b/pkgs/development/libraries/qt-4.x/4.8/libressl.patch @@ -0,0 +1,64 @@ +$OpenBSD: patch-src_network_ssl_qsslsocket_openssl_symbols_cpp,v 1.3 2015/09/17 12:24:42 dcoppa Exp $ +--- a/src/network/ssl/qsslsocket_openssl_symbols.cpp Wed Sep 16 13:27:39 2015 ++++ b/src/network/ssl/qsslsocket_openssl_symbols.cpp Wed Sep 16 13:33:06 2015 +@@ -228,13 +228,17 @@ DEFINEFUNC(int, SSL_shutdown, SSL *a, a, return -1, re + #ifndef OPENSSL_NO_SSL2 + DEFINEFUNC(const SSL_METHOD *, SSLv2_client_method, DUMMYARG, DUMMYARG, return 0, return) + #endif ++#ifndef OPENSSL_NO_SSL3 + DEFINEFUNC(const SSL_METHOD *, SSLv3_client_method, DUMMYARG, DUMMYARG, return 0, return) ++#endif + DEFINEFUNC(const SSL_METHOD *, SSLv23_client_method, DUMMYARG, DUMMYARG, return 0, return) + DEFINEFUNC(const SSL_METHOD *, TLSv1_client_method, DUMMYARG, DUMMYARG, return 0, return) + #ifndef OPENSSL_NO_SSL2 + DEFINEFUNC(const SSL_METHOD *, SSLv2_server_method, DUMMYARG, DUMMYARG, return 0, return) + #endif ++#ifndef OPENSSL_NO_SSL3 + DEFINEFUNC(const SSL_METHOD *, SSLv3_server_method, DUMMYARG, DUMMYARG, return 0, return) ++#endif + DEFINEFUNC(const SSL_METHOD *, SSLv23_server_method, DUMMYARG, DUMMYARG, return 0, return) + DEFINEFUNC(const SSL_METHOD *, TLSv1_server_method, DUMMYARG, DUMMYARG, return 0, return) + #else +@@ -822,13 +826,17 @@ bool q_resolveOpenSslSymbols() + #ifndef OPENSSL_NO_SSL2 + RESOLVEFUNC(SSLv2_client_method) + #endif ++#ifndef OPENSSL_NO_SSL3 + RESOLVEFUNC(SSLv3_client_method) ++#endif + RESOLVEFUNC(SSLv23_client_method) + RESOLVEFUNC(TLSv1_client_method) + #ifndef OPENSSL_NO_SSL2 + RESOLVEFUNC(SSLv2_server_method) + #endif ++#ifndef OPENSSL_NO_SSL3 + RESOLVEFUNC(SSLv3_server_method) ++#endif + RESOLVEFUNC(SSLv23_server_method) + RESOLVEFUNC(TLSv1_server_method) + RESOLVEFUNC(X509_NAME_entry_count) +--- a/src/network/ssl/qsslsocket_openssl.cpp Thu May 7 16:14:44 2015 ++++ b/src/network/ssl/qsslsocket_openssl.cpp Wed Sep 16 13:30:03 2015 +@@ -267,15 +267,19 @@ init_context: + #endif + break; + case QSsl::SslV3: ++#ifndef OPENSSL_NO_SSL3 + ctx = q_SSL_CTX_new(client ? q_SSLv3_client_method() : q_SSLv3_server_method()); ++#else ++ ctx = 0; // SSL 3 not supported by the system, but chosen deliberately -> error ++#endif + break; +- case QSsl::SecureProtocols: // SslV2 will be disabled below +- case QSsl::TlsV1SslV3: // SslV2 will be disabled below + case QSsl::AnyProtocol: +- default: + ctx = q_SSL_CTX_new(client ? q_SSLv23_client_method() : q_SSLv23_server_method()); + break; + case QSsl::TlsV1: ++ case QSsl::SecureProtocols: ++ case QSsl::TlsV1SslV3: ++ default: + ctx = q_SSL_CTX_new(client ? q_TLSv1_client_method() : q_TLSv1_server_method()); + break; + } diff --git a/pkgs/development/libraries/qt-5/5.5/qtbase/libressl.patch b/pkgs/development/libraries/qt-5/5.5/qtbase/libressl.patch new file mode 100644 index 000000000000..e483ad14e05e --- /dev/null +++ b/pkgs/development/libraries/qt-5/5.5/qtbase/libressl.patch @@ -0,0 +1,36 @@ +From 81494e67eccba04fc3fe554d76a9ca6fe7f2250e Mon Sep 17 00:00:00 2001 +From: hasufell <hasufell@gentoo.org> +Date: Sat, 10 Oct 2015 01:15:01 +0200 +Subject: [PATCH] Fix compilation with libressl + +By additionally checking for defined(SSL_CTRL_SET_CURVES), which +is defined in openssl, but not in libressl. +--- + src/network/ssl/qsslcontext_openssl.cpp | 4 ++-- + 1 file changed, 2 insertions(+), 2 deletions(-) + +diff --git a/qtbase/src/network/ssl/qsslcontext_openssl.cpp b/qtbase/src/network/ssl/qsslcontext_openssl.cpp +index b88ab54..cfc4f6d 100644 +--- a/qtbase/src/network/ssl/qsslcontext_openssl.cpp ++++ b/qtbase/src/network/ssl/qsslcontext_openssl.cpp +@@ -338,7 +338,7 @@ init_context: + + const QVector<QSslEllipticCurve> qcurves = sslContext->sslConfiguration.ellipticCurves(); + if (!qcurves.isEmpty()) { +-#if OPENSSL_VERSION_NUMBER >= 0x10002000L && !defined(OPENSSL_NO_EC) ++#if OPENSSL_VERSION_NUMBER >= 0x10002000L && defined(SSL_CTRL_SET_CURVES) && !defined(OPENSSL_NO_EC) + // Set the curves to be used + if (q_SSLeay() >= 0x10002000L) { + // SSL_CTX_ctrl wants a non-const pointer as last argument, +@@ -352,7 +352,7 @@ init_context: + return sslContext; + } + } else +-#endif // OPENSSL_VERSION_NUMBER >= 0x10002000L && !defined(OPENSSL_NO_EC) ++#endif // OPENSSL_VERSION_NUMBER >= 0x10002000L && defined(SSL_CTRL_SET_CURVES) && !defined(OPENSSL_NO_EC) + { + // specific curves requested, but not possible to set -> error + sslContext->errorStr = msgErrorSettingEllipticCurves(QSslSocket::tr("OpenSSL version too old, need at least v1.0.2")); +-- +2.6.0 + diff --git a/pkgs/development/libraries/qt-5/5.5/qtbase/series b/pkgs/development/libraries/qt-5/5.5/qtbase/series index 3cfa50e85b70..2196d8383752 100644 --- a/pkgs/development/libraries/qt-5/5.5/qtbase/series +++ b/pkgs/development/libraries/qt-5/5.5/qtbase/series @@ -6,3 +6,4 @@ dlopen-dbus.patch xdg-config-dirs.patch nix-profiles-library-paths.patch compose-search-path.patch +libressl.patch diff --git a/pkgs/development/tools/misc/texinfo/5.2.nix b/pkgs/development/tools/misc/texinfo/5.2.nix index c43ebcd2de28..99582e0f8a3d 100644 --- a/pkgs/development/tools/misc/texinfo/5.2.nix +++ b/pkgs/development/tools/misc/texinfo/5.2.nix @@ -1,4 +1,6 @@ -{ stdenv, fetchurl, ncurses, perl, xz, interactive ? false }: +{ stdenv, fetchurl, ncurses, perl, xz, procps, interactive ? false }: + +with stdenv.lib; stdenv.mkDerivation rec { name = "texinfo-5.2"; @@ -9,7 +11,8 @@ stdenv.mkDerivation rec { }; buildInputs = [ perl xz ] - ++ stdenv.lib.optional interactive ncurses; + ++ optional interactive ncurses + ++ optional doCheck procps; # for tests preInstall = '' installFlags="TEXMF=$out/texmf-dist"; @@ -21,8 +24,8 @@ stdenv.mkDerivation rec { meta = { homepage = "http://www.gnu.org/software/texinfo/"; description = "The GNU documentation system"; - license = stdenv.lib.licenses.gpl3Plus; - platforms = stdenv.lib.platforms.all; + license = licenses.gpl3Plus; + platforms = platforms.all; longDescription = '' Texinfo is the official documentation format of the GNU project. diff --git a/pkgs/development/tools/misc/texinfo/6.0.nix b/pkgs/development/tools/misc/texinfo/6.0.nix index 670c7182150e..507ca22cd1ae 100644 --- a/pkgs/development/tools/misc/texinfo/6.0.nix +++ b/pkgs/development/tools/misc/texinfo/6.0.nix @@ -1,4 +1,6 @@ -{ stdenv, fetchurl, ncurses, perl, xz, libiconv, gawk, interactive ? false }: +{ stdenv, fetchurl, ncurses, perl, xz, libiconv, gawk, procps, interactive ? false }: + +with stdenv.lib; stdenv.mkDerivation rec { name = "texinfo-6.0"; @@ -9,17 +11,19 @@ stdenv.mkDerivation rec { }; buildInputs = [ perl xz ] - ++ stdenv.lib.optionals stdenv.isSunOS [ libiconv gawk ] - ++ stdenv.lib.optional interactive ncurses; + ++ optionals stdenv.isSunOS [ libiconv gawk ] + ++ optional interactive ncurses + ++ optional doCheck procps; # for tests - configureFlags = stdenv.lib.optionalString stdenv.isSunOS "AWK=${gawk}/bin/awk"; + configureFlags = stdenv.lib.optional stdenv.isSunOS "AWK=${gawk}/bin/awk"; preInstall = '' installFlags="TEXMF=$out/texmf-dist"; installTargets="install install-tex"; ''; - doCheck = !stdenv.isDarwin && !interactive && !stdenv.isSunOS/*flaky*/; + doCheck = interactive # simplify bootstrapping + && !stdenv.isDarwin && !stdenv.isSunOS/*flaky*/; meta = with stdenv.lib; { homepage = "http://www.gnu.org/software/texinfo/"; diff --git a/pkgs/os-specific/linux/wpa_supplicant/default.nix b/pkgs/os-specific/linux/wpa_supplicant/default.nix index d75410d74d50..0edd2d6e0f45 100644 --- a/pkgs/os-specific/linux/wpa_supplicant/default.nix +++ b/pkgs/os-specific/linux/wpa_supplicant/default.nix @@ -79,6 +79,7 @@ stdenv.mkDerivation rec { patches = [ ./build-fix.patch + ./libressl.patch ]; postInstall = '' diff --git a/pkgs/os-specific/linux/wpa_supplicant/libressl.patch b/pkgs/os-specific/linux/wpa_supplicant/libressl.patch new file mode 100644 index 000000000000..0de3810daccd --- /dev/null +++ b/pkgs/os-specific/linux/wpa_supplicant/libressl.patch @@ -0,0 +1,69 @@ +$OpenBSD: patch-src_crypto_tls_openssl_c,v 1.3 2015/09/29 11:57:54 dcoppa Exp $ + +Compatibility fixes for LibreSSL + +--- a/src/crypto/tls_openssl.c Sun Sep 27 21:02:05 2015 ++++ b/src/crypto/tls_openssl.c Mon Sep 28 13:43:46 2015 +@@ -2229,7 +2229,7 @@ static int tls_parse_pkcs12(struct tls_data *data, SSL + } + + if (certs) { +-#if OPENSSL_VERSION_NUMBER >= 0x10002000L ++#if OPENSSL_VERSION_NUMBER >= 0x10002000L && !defined(LIBRESSL_VERSION_NUMBER) + SSL_clear_chain_certs(ssl); + while ((cert = sk_X509_pop(certs)) != NULL) { + X509_NAME_oneline(X509_get_subject_name(cert), buf, +@@ -2247,7 +2247,7 @@ static int tls_parse_pkcs12(struct tls_data *data, SSL + /* Try to continue anyway */ + } + sk_X509_free(certs); +-#ifndef OPENSSL_IS_BORINGSSL ++#if !defined(OPENSSL_IS_BORINGSSL) && !defined(LIBRESSL_VERSION_NUMBER) + res = SSL_build_cert_chain(ssl, + SSL_BUILD_CHAIN_FLAG_CHECK | + SSL_BUILD_CHAIN_FLAG_IGNORE_ERROR); +@@ -2812,7 +2812,7 @@ int tls_connection_get_random(void *ssl_ctx, struct tl + if (conn == NULL || keys == NULL) + return -1; + ssl = conn->ssl; +-#if OPENSSL_VERSION_NUMBER < 0x10100000L ++#if OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER) + if (ssl == NULL || ssl->s3 == NULL || ssl->session == NULL) + return -1; + +@@ -2841,7 +2841,7 @@ int tls_connection_get_random(void *ssl_ctx, struct tl + #ifndef CONFIG_FIPS + static int openssl_get_keyblock_size(SSL *ssl) + { +-#if OPENSSL_VERSION_NUMBER < 0x10100000L ++#if OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER) + const EVP_CIPHER *c; + const EVP_MD *h; + int md_size; +@@ -2911,7 +2911,7 @@ static int openssl_tls_prf(struct tls_connection *conn + "mode"); + return -1; + #else /* CONFIG_FIPS */ +-#if OPENSSL_VERSION_NUMBER < 0x10100000L ++#if OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER) + SSL *ssl; + u8 *rnd; + int ret = -1; +@@ -3394,7 +3394,7 @@ int tls_connection_set_cipher_list(void *tls_ctx, stru + + wpa_printf(MSG_DEBUG, "OpenSSL: cipher suites: %s", buf + 1); + +-#if OPENSSL_VERSION_NUMBER >= 0x10100000L ++#if OPENSSL_VERSION_NUMBER >= 0x10100000L && !defined(LIBRESSL_VERSION_NUMBER) + #if defined(EAP_FAST) || defined(EAP_FAST_DYNAMIC) || defined(EAP_SERVER_FAST) + if (os_strstr(buf, ":ADH-")) { + /* +@@ -3977,7 +3977,7 @@ static int tls_sess_sec_cb(SSL *s, void *secret, int * + struct tls_connection *conn = arg; + int ret; + +-#if OPENSSL_VERSION_NUMBER < 0x10100000L ++#if OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER) + if (conn == NULL || conn->session_ticket_cb == NULL) + return 0; + diff --git a/pkgs/servers/dns/bind/default.nix b/pkgs/servers/dns/bind/default.nix index c44f507f2ead..a6933653e605 100644 --- a/pkgs/servers/dns/bind/default.nix +++ b/pkgs/servers/dns/bind/default.nix @@ -10,9 +10,7 @@ stdenv.mkDerivation rec { sha256 = "1w4gp4hdkb452nmz91l413d1rx89isl2l6wv8kpbdd2afpc3phws"; }; - patchPhase = '' - sed -i 's/^\t.*run/\t/' Makefile.in - ''; + patches = [ ./libressl.patch ./remove-mkdir-var.patch ]; buildInputs = [ openssl libtool perl libxml2 ]; diff --git a/pkgs/servers/dns/bind/libressl.patch b/pkgs/servers/dns/bind/libressl.patch new file mode 100644 index 000000000000..b77f24ee429a --- /dev/null +++ b/pkgs/servers/dns/bind/libressl.patch @@ -0,0 +1,102 @@ +$OpenBSD: patch-lib_dns_openssl_link_c,v 1.1 2015/09/16 15:28:16 sthen Exp $ +--- a/lib/dns/openssl_link.c Wed Sep 16 14:01:23 2015 ++++ b/lib/dns/openssl_link.c Wed Sep 16 14:01:46 2015 +@@ -88,7 +88,7 @@ entropy_getpseudo(unsigned char *buf, int num) { + return (result == ISC_R_SUCCESS ? 1 : -1); + } + +-#if OPENSSL_VERSION_NUMBER < 0x10100000L ++#if OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER) + static void + entropy_add(const void *buf, int num, double entropy) { + /* +@@ -121,7 +121,7 @@ lock_callback(int mode, int type, const char *file, in + UNLOCK(&locks[type]); + } + +-#if OPENSSL_VERSION_NUMBER < 0x10100000L ++#if OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER) + static unsigned long + id_callback(void) { + return ((unsigned long)isc_thread_self()); +@@ -187,7 +187,7 @@ dst__openssl_init(const char *engine) { + if (result != ISC_R_SUCCESS) + goto cleanup_mutexalloc; + CRYPTO_set_locking_callback(lock_callback); +-#if OPENSSL_VERSION_NUMBER < 0x10100000L ++#if OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER) + CRYPTO_set_id_callback(id_callback); + #endif + +@@ -287,7 +287,7 @@ dst__openssl_destroy(void) { + CRYPTO_cleanup_all_ex_data(); + #endif + ERR_clear_error(); +-#if OPENSSL_VERSION_NUMBER < 0x10100000L ++#if OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER) + ERR_remove_state(0); + #endif + ERR_free_strings(); +--- a/lib/dns/dst_openssl.h Wed Sep 16 14:00:47 2015 ++++ b/lib/dns/dst_openssl.h Wed Sep 16 14:02:42 2015 +@@ -36,7 +36,7 @@ + #define USE_ENGINE 1 + #endif + +-#if OPENSSL_VERSION_NUMBER < 0x10100000L ++#if OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER) + /* + * These are new in OpenSSL 1.1.0. BN_GENCB _cb needs to be declared in + * the function like this before the BN_GENCB_new call: +--- a/lib/dns/openssldh_link.c Wed Sep 16 14:01:23 2015 ++++ b/lib/dns/openssldh_link.c Wed Sep 16 14:02:06 2015 +@@ -173,7 +173,7 @@ openssldh_generate(dst_key_t *key, int generator, void + DH *dh = NULL; + #if OPENSSL_VERSION_NUMBER > 0x00908000L + BN_GENCB *cb; +-#if OPENSSL_VERSION_NUMBER < 0x10100000L ++#if OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER) + BN_GENCB _cb; + #endif + union { +@@ -210,7 +210,7 @@ openssldh_generate(dst_key_t *key, int generator, void + if (dh == NULL) + return (dst__openssl_toresult(ISC_R_NOMEMORY)); + cb = BN_GENCB_new(); +-#if OPENSSL_VERSION_NUMBER >= 0x10100000L ++#if OPENSSL_VERSION_NUMBER >= 0x10100000L && !defined(LIBRESSL_VERSION_NUMBER) + if (cb == NULL) { + DH_free(dh); + return (dst__openssl_toresult(ISC_R_NOMEMORY)); +--- a/lib/dns/openssldsa_link.c Wed Sep 16 14:01:23 2015 ++++ b/lib/dns/openssldsa_link.c Wed Sep 16 14:02:22 2015 +@@ -359,7 +359,7 @@ openssldsa_generate(dst_key_t *key, int unused, void ( + isc_result_t result; + #if OPENSSL_VERSION_NUMBER > 0x00908000L + BN_GENCB *cb; +-#if OPENSSL_VERSION_NUMBER < 0x10100000L ++#if OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER) + BN_GENCB _cb; + #endif + union { +@@ -383,7 +383,7 @@ openssldsa_generate(dst_key_t *key, int unused, void ( + if (dsa == NULL) + return (dst__openssl_toresult(DST_R_OPENSSLFAILURE)); + cb = BN_GENCB_new(); +-#if OPENSSL_VERSION_NUMBER >= 0x10100000L ++#if OPENSSL_VERSION_NUMBER >= 0x10100000L && !defined(LIBRESSL_VERSION_NUMBER) + if (cb == NULL) { + DSA_free(dsa); + return (dst__openssl_toresult(DST_R_OPENSSLFAILURE)); +$OpenBSD: patch-lib_dns_opensslrsa_link_c,v 1.1 2015/09/16 15:28:16 sthen Exp $ +--- a/lib/dns/opensslrsa_link.c Wed Sep 16 14:01:23 2015 ++++ b/lib/dns/opensslrsa_link.c Wed Sep 16 14:02:31 2015 +@@ -771,7 +771,7 @@ opensslrsa_generate(dst_key_t *key, int exp, void (*ca + } u; + RSA *rsa = RSA_new(); + BIGNUM *e = BN_new(); +-#if OPENSSL_VERSION_NUMBER < 0x10100000L ++#if OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER) + BN_GENCB _cb; + #endif + BN_GENCB *cb = BN_GENCB_new(); diff --git a/pkgs/servers/dns/bind/remove-mkdir-var.patch b/pkgs/servers/dns/bind/remove-mkdir-var.patch new file mode 100644 index 000000000000..d0dcd580c20a --- /dev/null +++ b/pkgs/servers/dns/bind/remove-mkdir-var.patch @@ -0,0 +1,12 @@ +--- a/Makefile.in ++++ b/Makefile.in +@@ -53,8 +53,7 @@ docclean manclean maintainer-clean:: + doc man:: ${MANOBJS} + + installdirs: +- $(SHELL) ${top_srcdir}/mkinstalldirs ${DESTDIR}${bindir} \ +- ${DESTDIR}${localstatedir}/run ${DESTDIR}${sysconfdir} ++ $(SHELL) ${top_srcdir}/mkinstalldirs ${DESTDIR}${bindir} ${DESTDIR}${sysconfdir} + $(SHELL) ${top_srcdir}/mkinstalldirs ${DESTDIR}${mandir}/man1 + + install:: isc-config.sh installdirs diff --git a/pkgs/shells/bash/bash-4.3-patches.nix b/pkgs/shells/bash/bash-4.3-patches.nix index c994ed636a96..f84ac836e941 100644 --- a/pkgs/shells/bash/bash-4.3-patches.nix +++ b/pkgs/shells/bash/bash-4.3-patches.nix @@ -42,5 +42,5 @@ patch: [ (patch "039" "1v3l3vkc3g2b6fjycqwlakr8xhiw6bmw6q0zd6bi0m0m4bnxr55b") (patch "040" "0sypv66vsldmc95gwvf7ylz1k7y37vnvdsjg8ajjr6b2j9mkkfw4") (patch "041" "06ic2gdpbi1afik3wqf9d4vh95if4bz8bmhcgr555621dsb35i2f") -(patch "042" "1bwhssay66n75fy0pxcrwbm032s6fvfg7dblzbrzzn5k38a56nmp") +(patch "042" "06a90k0p6bqc4wk2dsmapna69124an76xvlnlj3xm497vci968dc") ] diff --git a/pkgs/tools/networking/socat/2.x.nix b/pkgs/tools/networking/socat/2.x.nix index 2d4438b5759d..a1cea0348367 100644 --- a/pkgs/tools/networking/socat/2.x.nix +++ b/pkgs/tools/networking/socat/2.x.nix @@ -12,12 +12,14 @@ stdenv.mkDerivation rec { configureFlags = stdenv.lib.optionalString stdenv.isDarwin "--disable-ip6"; - meta = { + patches = stdenv.lib.singleton ./libressl-fixes.patch ; + + meta = with stdenv.lib; { description = "A utility for bidirectional data transfer between two independent data channels"; homepage = http://www.dest-unreach.org/socat/; repositories.git = git://repo.or.cz/socat.git; - platforms = stdenv.lib.platforms.unix; - license = stdenv.lib.licenses.gpl2; - maintainers = [ stdenv.lib.maintainers.eelco ]; + platforms = platforms.unix; + license = licenses.gpl2; + maintainers = [ maintainers.eelco ]; }; } diff --git a/pkgs/tools/networking/socat/default.nix b/pkgs/tools/networking/socat/default.nix index 65d3b01e89cf..c672801262be 100644 --- a/pkgs/tools/networking/socat/default.nix +++ b/pkgs/tools/networking/socat/default.nix @@ -10,7 +10,7 @@ stdenv.mkDerivation rec { buildInputs = [ openssl ]; - patches = [ ./enable-ecdhe.patch ]; + patches = [ ./enable-ecdhe.patch ./libressl-fixes.patch ]; meta = { description = "A utility for bidirectional data transfer between two independent data channels"; diff --git a/pkgs/tools/networking/socat/libressl-fixes.patch b/pkgs/tools/networking/socat/libressl-fixes.patch new file mode 100644 index 000000000000..cf66033584eb --- /dev/null +++ b/pkgs/tools/networking/socat/libressl-fixes.patch @@ -0,0 +1,173 @@ +Patch from OpenBSD +--- a/sslcls.c Sat Jan 24 03:15:22 2015 ++++ b/sslcls.c Sat Jul 18 20:01:59 2015 +@@ -55,6 +55,7 @@ const SSL_METHOD *sycSSLv2_server_method(void) { + } + #endif + ++#ifdef HAVE_SSLv3_client_method + const SSL_METHOD *sycSSLv3_client_method(void) { + const SSL_METHOD *result; + Debug("SSLv3_client_method()"); +@@ -62,7 +63,9 @@ const SSL_METHOD *sycSSLv3_client_method(void) { + Debug1("SSLv3_client_method() -> %p", result); + return result; + } ++#endif + ++#ifdef HAVE_SSLv3_server_method + const SSL_METHOD *sycSSLv3_server_method(void) { + const SSL_METHOD *result; + Debug("SSLv3_server_method()"); +@@ -70,6 +73,7 @@ const SSL_METHOD *sycSSLv3_server_method(void) { + Debug1("SSLv3_server_method() -> %p", result); + return result; + } ++#endif + + const SSL_METHOD *sycSSLv23_client_method(void) { + const SSL_METHOD *result; +@@ -331,14 +335,6 @@ void sycSSL_free(SSL *ssl) { + return; + } + +-int sycRAND_egd(const char *path) { +- int result; +- Debug1("RAND_egd(\"%s\")", path); +- result = RAND_egd(path); +- Debug1("RAND_egd() -> %d", result); +- return result; +-} +- + DH *sycPEM_read_bio_DHparams(BIO *bp, DH **x, pem_password_cb *cb, void *u) { + DH *result; + Debug4("PEM_read_bio_DHparams(%p, %p, %p, %p)", +@@ -375,7 +371,7 @@ int sycFIPS_mode_set(int onoff) { + } + #endif /* WITH_FIPS */ + +-#if OPENSSL_VERSION_NUMBER >= 0x00908000L ++#if (OPENSSL_VERSION_NUMBER >= 0x00908000L) && !defined(OPENSSL_NO_COMP) + const COMP_METHOD *sycSSL_get_current_compression(SSL *ssl) { + const COMP_METHOD *result; + Debug1("SSL_get_current_compression(%p)", ssl); +--- a/sslcls.h Sat Jan 24 11:15:22 2015 ++++ b/sslcls.h Mon Apr 13 15:06:25 2015 +@@ -47,7 +47,6 @@ X509 *sycSSL_get_peer_certificate(SSL *ssl); + int sycSSL_shutdown(SSL *ssl); + void sycSSL_CTX_free(SSL_CTX *ctx); + void sycSSL_free(SSL *ssl); +-int sycRAND_egd(const char *path); + + DH *sycPEM_read_bio_DHparams(BIO *bp, DH **x, pem_password_cb *cb, void *u); + +@@ -55,7 +54,7 @@ BIO *sycBIO_new_file(const char *filename, const char + + int sycFIPS_mode_set(int onoff); + +-#if OPENSSL_VERSION_NUMBER >= 0x00908000L ++#if (OPENSSL_VERSION_NUMBER >= 0x00908000L) && !defined(OPENSSL_NO_COMP) + const COMP_METHOD *sycSSL_get_current_compression(SSL *ssl); + const COMP_METHOD *sycSSL_get_current_expansion(SSL *ssl); + const char *sycSSL_COMP_get_name(const COMP_METHOD *comp); +@@ -98,7 +97,6 @@ const char *sycSSL_COMP_get_name(const COMP_METHOD *co + #define sycSSL_shutdown(s) SSL_shutdown(s) + #define sycSSL_CTX_free(c) SSL_CTX_free(c) + #define sycSSL_free(s) SSL_free(s) +-#define sycRAND_egd(p) RAND_egd(p) + + #define sycPEM_read_bio_DHparams(b,x,p,u) PEM_read_bio_DHparams(b,x,p,u) + +--- a/xio-openssl.c Sat Jan 24 15:33:42 2015 ++++ b/xio-openssl.c Mon Apr 13 14:59:12 2015 +@@ -108,7 +108,6 @@ const struct optdesc opt_openssl_key = { "open + const struct optdesc opt_openssl_dhparam = { "openssl-dhparam", "dh", OPT_OPENSSL_DHPARAM, GROUP_OPENSSL, PH_SPEC, TYPE_FILENAME, OFUNC_SPEC }; + const struct optdesc opt_openssl_cafile = { "openssl-cafile", "cafile", OPT_OPENSSL_CAFILE, GROUP_OPENSSL, PH_SPEC, TYPE_FILENAME, OFUNC_SPEC }; + const struct optdesc opt_openssl_capath = { "openssl-capath", "capath", OPT_OPENSSL_CAPATH, GROUP_OPENSSL, PH_SPEC, TYPE_FILENAME, OFUNC_SPEC }; +-const struct optdesc opt_openssl_egd = { "openssl-egd", "egd", OPT_OPENSSL_EGD, GROUP_OPENSSL, PH_SPEC, TYPE_FILENAME, OFUNC_SPEC }; + const struct optdesc opt_openssl_pseudo = { "openssl-pseudo", "pseudo", OPT_OPENSSL_PSEUDO, GROUP_OPENSSL, PH_SPEC, TYPE_BOOL, OFUNC_SPEC }; + #if OPENSSL_VERSION_NUMBER >= 0x00908000L + const struct optdesc opt_openssl_compress = { "openssl-compress", "compress", OPT_OPENSSL_COMPRESS, GROUP_OPENSSL, PH_SPEC, TYPE_STRING, OFUNC_SPEC }; +@@ -147,7 +146,7 @@ int xio_reset_fips_mode(void) { + static void openssl_conn_loginfo(SSL *ssl) { + Notice1("SSL connection using %s", SSL_get_cipher(ssl)); + +-#if OPENSSL_VERSION_NUMBER >= 0x00908000L ++#if (OPENSSL_VERSION_NUMBER >= 0x00908000L) && !defined(OPENSSL_NO_COMP) + { + const COMP_METHOD *comp, *expansion; + +@@ -722,7 +721,6 @@ int + char *opt_dhparam = NULL; /* file name of DH params */ + char *opt_cafile = NULL; /* certificate authority file */ + char *opt_capath = NULL; /* certificate authority directory */ +- char *opt_egd = NULL; /* entropy gathering daemon socket path */ + #if OPENSSL_VERSION_NUMBER >= 0x00908000L + char *opt_compress = NULL; /* compression method */ + #endif +@@ -741,7 +739,6 @@ int + retropt_string(opts, OPT_OPENSSL_CAPATH, &opt_capath); + retropt_string(opts, OPT_OPENSSL_KEY, &opt_key); + retropt_string(opts, OPT_OPENSSL_DHPARAM, &opt_dhparam); +- retropt_string(opts, OPT_OPENSSL_EGD, &opt_egd); + retropt_bool(opts,OPT_OPENSSL_PSEUDO, &opt_pseudo); + #if OPENSSL_VERSION_NUMBER >= 0x00908000L + retropt_string(opts, OPT_OPENSSL_COMPRESS, &opt_compress); +@@ -877,10 +874,6 @@ int + } + } + +- if (opt_egd) { +- sycRAND_egd(opt_egd); +- } +- + if (opt_pseudo) { + long int randdata; + /* initialize libc random from actual microseconds */ +@@ -1098,7 +1091,7 @@ static int openssl_SSL_ERROR_SSL(int level, const char + if (e == ((ERR_LIB_RAND<<24)| + (RAND_F_SSLEAY_RAND_BYTES<<12)| + (RAND_R_PRNG_NOT_SEEDED)) /*0x24064064*/) { +- Error("too few entropy; use options \"egd\" or \"pseudo\""); ++ Error("too few entropy; use option \"pseudo\""); + stat = STAT_NORETRY; + } else { + Msg2(level, "%s(): %s", funcname, ERR_error_string(e, buf)); +--- a/xio-openssl.h Sun Jun 23 07:16:48 2013 ++++ b/xio-openssl.h Sat Apr 19 15:58:21 2014 +@@ -21,7 +21,6 @@ extern const struct optdesc opt_openssl_key; + extern const struct optdesc opt_openssl_dhparam; + extern const struct optdesc opt_openssl_cafile; + extern const struct optdesc opt_openssl_capath; +-extern const struct optdesc opt_openssl_egd; + extern const struct optdesc opt_openssl_pseudo; + #if OPENSSL_VERSION_NUMBER >= 0x00908000L + extern const struct optdesc opt_openssl_compress; +--- a/xioopts.c Sat Jan 24 11:15:22 2015 ++++ b/xioopts.c Mon Apr 13 15:06:25 2015 +@@ -412,7 +412,6 @@ const struct optname optionnames[] = { + #ifdef ECHOPRT + IF_TERMIOS("echoprt", &opt_echoprt) + #endif +- IF_OPENSSL("egd", &opt_openssl_egd) + IF_ANY ("end-close", &opt_end_close) + IF_TERMIOS("eof", &opt_veof) + IF_TERMIOS("eol", &opt_veol) +@@ -1102,7 +1101,6 @@ const struct optname optionnames[] = { + IF_OPENSSL("openssl-compress", &opt_openssl_compress) + #endif + IF_OPENSSL("openssl-dhparam", &opt_openssl_dhparam) +- IF_OPENSSL("openssl-egd", &opt_openssl_egd) + #if WITH_FIPS + IF_OPENSSL("openssl-fips", &opt_openssl_fips) + #endif +--- a/xioopts.h Sat Jan 24 11:15:22 2015 ++++ b/xioopts.h Mon Apr 13 15:06:25 2015 +@@ -478,7 +478,6 @@ enum e_optcode { + OPT_OPENSSL_COMPRESS, + #endif + OPT_OPENSSL_DHPARAM, +- OPT_OPENSSL_EGD, + OPT_OPENSSL_FIPS, + OPT_OPENSSL_KEY, + OPT_OPENSSL_METHOD, diff --git a/pkgs/top-level/all-packages.nix b/pkgs/top-level/all-packages.nix index c20403321c88..510b65d73fa2 100644 --- a/pkgs/top-level/all-packages.nix +++ b/pkgs/top-level/all-packages.nix @@ -6672,7 +6672,10 @@ let }; glib = callPackage ../development/libraries/glib { }; - glib-tested = glib.override { doCheck = true; }; # checked version separate to break cycles + glib-tested = glib.override { # checked version separate to break cycles + doCheck = true; + libffi = libffi.override { doCheck = true; }; + }; glibmm = callPackage ../development/libraries/glibmm { }; glib_networking = callPackage ../development/libraries/glib-networking {}; |