diff options
| author | Orivej Desh <orivej@gmx.fr> | 2018-06-12 20:41:41 +0000 |
|---|---|---|
| committer | Orivej Desh <orivej@gmx.fr> | 2018-06-12 20:41:41 +0000 |
| commit | 7f3de607584bd21b5b2512e2551a9f13289b2d7a (patch) | |
| tree | 6e5c9453cf25d10a3e2385a9764807d2c11179a3 /pkgs | |
| parent | 2ed34da4cec1656f35d048a5075cf961251a9459 (diff) | |
| parent | 4d5565e87e134ccdb9e245c1753b086e2b0a20e7 (diff) | |
| download | nixlib-7f3de607584bd21b5b2512e2551a9f13289b2d7a.tar nixlib-7f3de607584bd21b5b2512e2551a9f13289b2d7a.tar.gz nixlib-7f3de607584bd21b5b2512e2551a9f13289b2d7a.tar.bz2 nixlib-7f3de607584bd21b5b2512e2551a9f13289b2d7a.tar.lz nixlib-7f3de607584bd21b5b2512e2551a9f13289b2d7a.tar.xz nixlib-7f3de607584bd21b5b2512e2551a9f13289b2d7a.tar.zst nixlib-7f3de607584bd21b5b2512e2551a9f13289b2d7a.zip | |
Merge branch 'master' into staging
* master: (161 commits)
pcsclite: clean up after #41790
tor: 0.3.3.6 -> 0.3.3.7
opae: init at 1.0.0
tinc: 1.0.33 -> 10.0.34
tinc_pre: 1.1pre15 -> 1.1pre16
sit: 0.3.2 -> 0.4.0 (#41863)
platforms/raspberrypi: enable kernelAutoModules
libupnp: 1.6.21 -> 1.8.3 (#41684)
androidStudioPackages.{dev,canary}: 3.2.0.16 -> 3.2.0.17
tdesktop: 1.3.0 -> 1.3.7
gns3Packages.{server,gui}{Stable,Preview}: 2.1.6 -> 2.1.7
aws-sam-cli: init at 0.3.0 (#41877)
nixos/nat: optional networking.nat.externalInterface (#41864)
linux: 4.17 -> 4.17.1
linux: 4.16.14 -> 4.16.15
linux: 4.14.48 -> 4.14.49
nixos/unbound: add restart (#41885)
maintainers/create-azure.sh: remove hydra.nixos.org as binary cache (#41883)
gshogi: init at 0.5.1 (#41840)
neovim: add missing libiconv
...
Diffstat (limited to 'pkgs')
154 files changed, 5488 insertions, 472 deletions
diff --git a/pkgs/applications/altcoins/go-ethereum.nix b/pkgs/applications/altcoins/go-ethereum.nix index 021764f5023f..9917ffdf9c01 100644 --- a/pkgs/applications/altcoins/go-ethereum.nix +++ b/pkgs/applications/altcoins/go-ethereum.nix @@ -2,7 +2,7 @@ buildGoPackage rec { name = "go-ethereum-${version}"; - version = "1.8.8"; + version = "1.8.10"; goPackagePath = "github.com/ethereum/go-ethereum"; # Fix for usb-related segmentation faults on darwin @@ -27,7 +27,7 @@ buildGoPackage rec { owner = "ethereum"; repo = "go-ethereum"; rev = "v${version}"; - sha256 = "059nd2jvklziih679dd4cd34xjpj1ci7fha83wv86xjz61awyb16"; + sha256 = "1n36pz4y3xa4d46mynym98bra79qx5n9lb29chyxfpvi5fmprdg1"; }; meta = with stdenv.lib; { diff --git a/pkgs/applications/altcoins/litecoin.nix b/pkgs/applications/altcoins/litecoin.nix index 12cf5dcb71c1..b930923e8f45 100644 --- a/pkgs/applications/altcoins/litecoin.nix +++ b/pkgs/applications/altcoins/litecoin.nix @@ -8,13 +8,13 @@ with stdenv.lib; stdenv.mkDerivation rec { name = "litecoin" + (toString (optional (!withGui) "d")) + "-" + version; - version = "0.15.1"; + version = "0.16.0"; src = fetchFromGitHub { owner = "litecoin-project"; repo = "litecoin"; rev = "v${version}"; - sha256 = "01q0lj0grabyfh67ar984m9lv9xs0rakadkci8jpfbp8xw166r40"; + sha256 = "1g79sbplkn2bnb17i2kyh1d64bjl3ihbx83n0xssvjaajn56hbzw"; }; nativeBuildInputs = [ pkgconfig autoreconfHook ]; diff --git a/pkgs/applications/editors/android-studio/default.nix b/pkgs/applications/editors/android-studio/default.nix index 5e37ba47fa5f..ea5dce4fa1a6 100644 --- a/pkgs/applications/editors/android-studio/default.nix +++ b/pkgs/applications/editors/android-studio/default.nix @@ -13,9 +13,9 @@ let sha256Hash = "196yaswbxh2nd83gimjxr8ggr5xkdxq7n3xlh6ax73v59pj4hryq"; }; latestVersion = { - version = "3.2.0.16"; # "Android Studio 3.2 Canary 17" - build = "181.4823740"; - sha256Hash = "04282zd28kn2a4rjsi0ikx4bc9ab668xm7cc87ga60pzyg5gmmgk"; + version = "3.2.0.17"; # "Android Studio 3.2 Canary 18" + build = "181.4830125"; + sha256Hash = "14yarl1vqhy21ljrn5k2dy8z0y407g9nqw4lqzjbxb7zmascnlx4"; }; in rec { # Old alias diff --git a/pkgs/applications/editors/atom/default.nix b/pkgs/applications/editors/atom/default.nix index a68c841d53bc..b13e9fe12587 100644 --- a/pkgs/applications/editors/atom/default.nix +++ b/pkgs/applications/editors/atom/default.nix @@ -35,6 +35,8 @@ let patchelf --set-interpreter "$(cat $NIX_CC/nix-support/dynamic-linker)" \ --set-rpath "${atomEnv.libPath}" \ $share/resources/app/apm/bin/node + patchelf --set-interpreter "$(cat $NIX_CC/nix-support/dynamic-linker)" \ + $out/share/atom/resources/app.asar.unpacked/node_modules/symbols-view/vendor/ctags-linux dugite=$share/resources/app.asar.unpacked/node_modules/dugite rm -f $dugite/git/bin/git @@ -53,7 +55,7 @@ let homepage = https://atom.io/; license = licenses.mit; maintainers = with maintainers; [ offline nequissimus synthetica ysndr ]; - platforms = [ "x86_64-linux" ]; + platforms = platforms.x86_64; }; }; in stdenv.lib.mapAttrs common { diff --git a/pkgs/applications/editors/neovim/default.nix b/pkgs/applications/editors/neovim/default.nix index b090b0c84f96..f47688b82802 100644 --- a/pkgs/applications/editors/neovim/default.nix +++ b/pkgs/applications/editors/neovim/default.nix @@ -1,4 +1,4 @@ -{ stdenv, fetchFromGitHub, cmake, gettext, libmsgpack, libtermkey +{ stdenv, fetchFromGitHub, cmake, gettext, libmsgpack, libtermkey, libiconv , libtool, libuv, luaPackages, ncurses, perl, pkgconfig , unibilium, vimUtils, xsel, gperf, callPackage , libvterm-neovim @@ -11,13 +11,13 @@ let neovim = stdenv.mkDerivation rec { name = "neovim-unwrapped-${version}"; - version = "0.2.2"; + version = "0.3.0"; src = fetchFromGitHub { owner = "neovim"; repo = "neovim"; rev = "v${version}"; - sha256 = "1dxr29d0hyag7snbww5s40as90412qb61rgj7gd9rps1iccl9gv4"; + sha256 = "10c8y309fdwvr3d9n6vm1f2c0k6pzicnhc64l2dvbw1lnabp04vv"; }; enableParallelBuilding = true; @@ -32,6 +32,7 @@ let luaPackages.lua gperf ] ++ optional withJemalloc jemalloc + ++ optional stdenv.isDarwin libiconv ++ lualibs; nativeBuildInputs = [ diff --git a/pkgs/applications/editors/vscode/with-extensions.nix b/pkgs/applications/editors/vscode/with-extensions.nix index c54c8a4277f1..9b0d69ae65aa 100644 --- a/pkgs/applications/editors/vscode/with-extensions.nix +++ b/pkgs/applications/editors/vscode/with-extensions.nix @@ -12,7 +12,7 @@ # When the extension is already available in the default extensions set. vscodeExtensions = with vscode-extensions; [ bbenoist.Nix - ] + ] # Concise version from the vscode market place when not available in the default set. ++ vscode-utils.extensionsFromVscodeMarketplace [ @@ -26,11 +26,11 @@ } ~~~ - This expression should fetch + This expression should fetch - the *nix* vscode extension from whatever source defined in the default nixpkgs extensions set `vscodeExtensions`. - - the *code-runner* vscode extension from the marketplace using the + - the *code-runner* vscode extension from the marketplace using the following url: ~~~ @@ -72,6 +72,11 @@ runCommand "${wrappedPkgName}-with-extensions-${wrappedPkgVersion}" { meta = vscode.meta; } '' mkdir -p "$out/bin" + mkdir -p "$out/share/applications" + mkdir -p "$out/share/pixmaps" + + ln -sT "${vscode}/share/applications/code.desktop" "$out/share/applications/code.desktop" + ln -sT "${vscode}/share/pixmaps/code.png" "$out/share/pixmaps/code.png" ${if [] == vscodeExtensions then '' ln -sT "${vscode}/bin/${wrappedExeName}" "$out/bin/${exeName}" diff --git a/pkgs/applications/misc/chirp/default.nix b/pkgs/applications/misc/chirp/default.nix index 90d7ecd082c8..7004b247667d 100644 --- a/pkgs/applications/misc/chirp/default.nix +++ b/pkgs/applications/misc/chirp/default.nix @@ -3,11 +3,11 @@ stdenv.mkDerivation rec { name = "chirp-daily-${version}"; - version = "20180519"; + version = "20180606"; src = fetchurl { url = "https://trac.chirp.danplanet.com/chirp_daily/daily-${version}/${name}.tar.gz"; - sha256 = "1sb4cw95lcj2cdfzzgnwjgmnpk2nqjys4am5qvj4pnh0x447sznv"; + sha256 = "1v1s02675gyghhxasp4pxjrifkgshc82p99haxph1yzkq7gsf03w"; }; nativeBuildInputs = [ makeWrapper ]; diff --git a/pkgs/applications/misc/cura/default.nix b/pkgs/applications/misc/cura/default.nix index 10f6837761bb..3b00bba709a0 100644 --- a/pkgs/applications/misc/cura/default.nix +++ b/pkgs/applications/misc/cura/default.nix @@ -2,27 +2,30 @@ mkDerivation rec { name = "cura-${version}"; - version = "3.2.1"; + version = "3.3.1"; src = fetchFromGitHub { owner = "Ultimaker"; repo = "Cura"; rev = version; - sha256 = "0yaya0ww92qjm7g31q85m5f95nwdapldjx1kdf1ar4yzwh4r15rp"; + sha256 = "0a2xxiw1h5cq4nd4pdkq757hap85p2i29msxs57kbfdd78izrjlx"; }; materials = fetchFromGitHub { owner = "Ultimaker"; repo = "fdm_materials"; - rev = "3.2.1"; - sha256 = "1kr9ga727x0kazw2ypac9bi6g6lddbsx80qw8fbn0514kg2mr9n3"; + rev = "3.3.0"; + sha256 = "0vf7s4m14aqhdg4m2yjj87kjxi2gpa46mgx86p0a91jwvkxa8a1q"; }; buildInputs = [ qtbase qtquickcontrols2 ]; propagatedBuildInputs = with python3.pkgs; [ uranium zeroconf pyserial numpy-stl ]; nativeBuildInputs = [ cmake python3.pkgs.wrapPython ]; - cmakeFlags = [ "-DURANIUM_DIR=${python3.pkgs.uranium.src}" ]; + cmakeFlags = [ + "-DURANIUM_DIR=${python3.pkgs.uranium.src}" + "-DCURA_VERSION=${version}" + ]; postPatch = '' sed -i 's,/python''${PYTHON_VERSION_MAJOR}/dist-packages,/python''${PYTHON_VERSION_MAJOR}.''${PYTHON_VERSION_MINOR}/site-packages,g' CMakeLists.txt diff --git a/pkgs/applications/misc/curaengine/default.nix b/pkgs/applications/misc/curaengine/default.nix index c3a19e6551a2..ac4c68f9b536 100644 --- a/pkgs/applications/misc/curaengine/default.nix +++ b/pkgs/applications/misc/curaengine/default.nix @@ -2,19 +2,19 @@ stdenv.mkDerivation rec { name = "curaengine-${version}"; - version = "3.2.1"; + version = "3.3.0"; src = fetchFromGitHub { owner = "Ultimaker"; repo = "CuraEngine"; rev = version; - sha256 = "1yqpp6qhixzni3ik11vbk5kcdrhlz2j4ylzmh8f6c86r4d73a0cp"; + sha256 = "1dj80lk58qb54apdv7n9cmcck4smb00lidgqld21xnndnnqqb4lw"; }; nativeBuildInputs = [ cmake ]; buildInputs = [ libarcus ]; - enableParallelBuilding = true; + cmakeFlags = [ "-DCURA_ENGINE_VERSION=${version}" ]; meta = with stdenv.lib; { description = "A powerful, fast and robust engine for processing 3D models into 3D printing instruction"; diff --git a/pkgs/applications/misc/guake/default.nix b/pkgs/applications/misc/guake/default.nix index c34f0e48f3ec..dc9b0c29aa10 100644 --- a/pkgs/applications/misc/guake/default.nix +++ b/pkgs/applications/misc/guake/default.nix @@ -2,7 +2,7 @@ , gtk3, keybinder3, libnotify, libutempter, vte }: let - version = "3.2.1"; + version = "3.2.2"; in python3.pkgs.buildPythonApplication rec { name = "guake-${version}"; format = "other"; @@ -11,7 +11,7 @@ in python3.pkgs.buildPythonApplication rec { owner = "Guake"; repo = "guake"; rev = version; - sha256 = "0qzrkmjizpc3kirvhml62wya1sr3pbig25nfcrfhk1hhr3jxq17s"; + sha256 = "1wx8vghn0h52xryyn6cf9z1lbwsk766lhff162szbaxlxyl6xsc0"; }; nativeBuildInputs = [ gettext gobjectIntrospection wrapGAppsHook python3.pkgs.pip glibcLocales ]; diff --git a/pkgs/applications/misc/mupdf/default.nix b/pkgs/applications/misc/mupdf/default.nix index fbc7da070211..a8458e3432c5 100644 --- a/pkgs/applications/misc/mupdf/default.nix +++ b/pkgs/applications/misc/mupdf/default.nix @@ -23,12 +23,15 @@ in stdenv.mkDerivation rec { }; patches = [ + (fetchpatch { + # CVE-2018-10289 + url = "https://bugs.ghostscript.com/attachment.cgi?id=15230"; + sha256 = "0jmpacxd9930g6k57kda9jrcrbk75whdlv8xwmqg5jwn848qvy4q"; + }) ] - - # Use shared libraries to decrease size - ++ stdenv.lib.optional (!stdenv.isDarwin) ./mupdf-1.13-shared_libs-1.patch - - ++ stdenv.lib.optional stdenv.isDarwin ./darwin.patch + # Use shared libraries to decrease size + ++ stdenv.lib.optional (!stdenv.isDarwin) ./mupdf-1.13-shared_libs-1.patch + ++ stdenv.lib.optional stdenv.isDarwin ./darwin.patch ; postPatch = '' diff --git a/pkgs/applications/misc/rofi/wrapper.nix b/pkgs/applications/misc/rofi/wrapper.nix index 44c6f892bf58..17bbf1583c46 100644 --- a/pkgs/applications/misc/rofi/wrapper.nix +++ b/pkgs/applications/misc/rofi/wrapper.nix @@ -1,14 +1,19 @@ { stdenv, rofi-unwrapped, makeWrapper, theme ? null, lib }: +if theme == null then rofi-unwrapped else stdenv.mkDerivation { name = "rofi-${rofi-unwrapped.version}"; buildInputs = [ makeWrapper ]; preferLocalBuild = true; - passthru = { unwrapped = rofi-unwrapped; }; + passthru.unwrapped = rofi-unwrapped; buildCommand = '' - mkdir -p $out/bin - ln -s ${rofi-unwrapped}/bin/rofi $out/bin/rofi - ${lib.optionalString (theme != null) ''wrapProgram $out/bin/rofi --add-flags "-theme ${theme}"''} + mkdir $out + ln -s ${rofi-unwrapped}/* $out + rm $out/bin + mkdir $out/bin + ln -s ${rofi-unwrapped}/bin/* $out/bin + rm $out/bin/rofi + makeWrapper ${rofi-unwrapped}/bin/rofi $out/bin/rofi --add-flags "-theme ${theme}" ''; meta = rofi-unwrapped.meta // { diff --git a/pkgs/applications/misc/sequeler/default.nix b/pkgs/applications/misc/sequeler/default.nix index 2c8753efcd74..82b73f58e8df 100644 --- a/pkgs/applications/misc/sequeler/default.nix +++ b/pkgs/applications/misc/sequeler/default.nix @@ -1,10 +1,10 @@ { stdenv, fetchFromGitHub -, cmake, ninja, pkgconfig, vala, gobjectIntrospection, gettext, wrapGAppsHook -, gtk3, glib, granite, libgee, libgda, gtksourceview, libxml2 }: +, meson, ninja, pkgconfig, vala, gobjectIntrospection, gettext, wrapGAppsHook +, gtk3, glib, granite, libgee, libgda, gtksourceview, libxml2, libsecret }: let - version = "0.5.4"; + version = "0.5.5"; sqlGda = libgda.override { mysqlSupport = true; postgresSupport = true; @@ -17,12 +17,17 @@ in stdenv.mkDerivation rec { owner = "Alecaddd"; repo = "sequeler"; rev = "v${version}"; - sha256 = "05c7y6xdyq3h9bn90pbz03jhy9kabmgpxi4zz0i26q0qphljskbx"; + sha256 = "0jv7nx9k1qw2i3cmg0vnahz4qfam03xypas975x40icqd3bhfgj3"; }; - nativeBuildInputs = [ cmake ninja pkgconfig vala gobjectIntrospection gettext wrapGAppsHook ]; + nativeBuildInputs = [ meson ninja pkgconfig vala gobjectIntrospection gettext wrapGAppsHook ]; - buildInputs = [ gtk3 glib granite libgee sqlGda gtksourceview libxml2 ]; + buildInputs = [ gtk3 glib granite libgee sqlGda gtksourceview libxml2 libsecret ]; + + postPatch = '' + chmod +x meson/post_install.py + patchShebangs meson/post_install.py + ''; meta = with stdenv.lib; { description = "Friendly SQL Client"; diff --git a/pkgs/applications/misc/slic3r/default.nix b/pkgs/applications/misc/slic3r/default.nix index 8624cc9dda58..21b55e6e7a01 100644 --- a/pkgs/applications/misc/slic3r/default.nix +++ b/pkgs/applications/misc/slic3r/default.nix @@ -21,6 +21,7 @@ stdenv.mkDerivation rec { MathConvexHullMonotoneChain MathGeometryVoronoi MathPlanePath Moo IOStringy ClassXSAccessor Wx GrowlGNTP NetDBus ImportInto XMLSAX ExtUtilsMakeMaker OpenGL WxGLCanvas ModuleBuild LWP + ExtUtilsCppGuess ModuleBuildWithXSpp ExtUtilsTypemapsDefault ]; desktopItem = makeDesktopItem { diff --git a/pkgs/applications/misc/unixcw/default.nix b/pkgs/applications/misc/unixcw/default.nix new file mode 100644 index 000000000000..2aeba5fb5f4a --- /dev/null +++ b/pkgs/applications/misc/unixcw/default.nix @@ -0,0 +1,37 @@ +{stdenv, fetchurl, libpulseaudio, alsaLib , pkgconfig, qt5}: +stdenv.mkDerivation rec { + name = "unixcw-${version}"; + version = "3.5.1"; + src = fetchurl { + url = "mirror://sourceforge/unixcw/unixcw_${version}.orig.tar.gz"; + sha256 ="5f3aacd8a26e16e6eff437c7ae1e9b389956fb137eeb3de24670ce05de479e7a"; + }; + patches = [ + ./remove-use-of-dlopen.patch + ]; + buildInputs = [libpulseaudio alsaLib pkgconfig qt5.qtbase]; + CFLAGS ="-lasound -lpulse-simple"; + + meta = with stdenv.lib; { + description = "sound characters as Morse code on the soundcard or console speaker"; + longDescription = '' + unixcw is a project providing libcw library and a set of programs + using the library: cw, cwgen, cwcp and xcwcp. + The programs are intended for people who want to learn receiving + and sending Morse code. + unixcw is developed and tested primarily on GNU/Linux system. + + cw reads characters from an input file, or from standard input, + and sounds each valid character as Morse code on either the system sound card, + or the system console speaker. + After it sounds a character, cw echoes it to standard output. + The input stream can contain embedded command strings. + These change the parameters used when sounding the Morse code. + cw reports any errors in embedded commands + ''; + homepage = "http://unixcw.sourceforge.net"; + maintainers = [ maintainers.mafo ]; + license = licenses.gpl2; + platforms=platforms.linux; + }; +} diff --git a/pkgs/applications/misc/unixcw/remove-use-of-dlopen.patch b/pkgs/applications/misc/unixcw/remove-use-of-dlopen.patch new file mode 100644 index 000000000000..0475c008ba22 --- /dev/null +++ b/pkgs/applications/misc/unixcw/remove-use-of-dlopen.patch @@ -0,0 +1,677 @@ +From e4b91b5a7943a3b54f555ff2e0029b83bd96b131 Mon Sep 17 00:00:00 2001 +From: MarcFontaine <MarcFontaine@users.noreply.github.com> +Date: Sat, 9 Jun 2018 11:02:11 +0200 +Subject: [PATCH] remove use of dlopen + +--- + src/libcw/libcw_alsa.c | 215 ++++++++++--------------------------------------- + src/libcw/libcw_pa.c | 118 ++++----------------------- + 2 files changed, 56 insertions(+), 277 deletions(-) + +diff --git a/src/libcw/libcw_alsa.c b/src/libcw/libcw_alsa.c +index a669c6e..17c306d 100644 +--- a/src/libcw/libcw_alsa.c ++++ b/src/libcw/libcw_alsa.c +@@ -35,7 +35,6 @@ + + + +-#include <dlfcn.h> /* dlopen() and related symbols */ + #include <alsa/asoundlib.h> + + +@@ -65,7 +64,6 @@ static const snd_pcm_format_t CW_ALSA_SAMPLE_FORMAT = SND_PCM_FORMAT_S16; /* "Si + + + static int cw_alsa_set_hw_params_internal(cw_gen_t *gen, snd_pcm_hw_params_t *params); +-static int cw_alsa_dlsym_internal(void *handle); + static int cw_alsa_write_internal(cw_gen_t *gen); + static int cw_alsa_debug_evaluate_write_internal(cw_gen_t *gen, int rv); + static int cw_alsa_open_device_internal(cw_gen_t *gen); +@@ -80,56 +78,6 @@ static int cw_alsa_print_params_internal(snd_pcm_hw_params_t *hw_params); + + + +-static struct { +- void *handle; +- +- int (* snd_pcm_open)(snd_pcm_t **pcm, const char *name, snd_pcm_stream_t stream, int mode); +- int (* snd_pcm_close)(snd_pcm_t *pcm); +- int (* snd_pcm_prepare)(snd_pcm_t *pcm); +- int (* snd_pcm_drop)(snd_pcm_t *pcm); +- snd_pcm_sframes_t (* snd_pcm_writei)(snd_pcm_t *pcm, const void *buffer, snd_pcm_uframes_t size); +- +- const char *(* snd_strerror)(int errnum); +- +- int (* snd_pcm_hw_params_malloc)(snd_pcm_hw_params_t **ptr); +- int (* snd_pcm_hw_params_any)(snd_pcm_t *pcm, snd_pcm_hw_params_t *params); +- int (* snd_pcm_hw_params_set_format)(snd_pcm_t *pcm, snd_pcm_hw_params_t *params, snd_pcm_format_t val); +- int (* snd_pcm_hw_params_set_rate_near)(snd_pcm_t *pcm, snd_pcm_hw_params_t *params, unsigned int *val, int *dir); +- int (* snd_pcm_hw_params_set_access)(snd_pcm_t *pcm, snd_pcm_hw_params_t *params, snd_pcm_access_t _access); +- int (* snd_pcm_hw_params_set_channels)(snd_pcm_t *pcm, snd_pcm_hw_params_t *params, unsigned int val); +- int (* snd_pcm_hw_params)(snd_pcm_t *pcm, snd_pcm_hw_params_t *params); +- int (* snd_pcm_hw_params_get_periods)(const snd_pcm_hw_params_t *params, unsigned int *val, int *dir); +- int (* snd_pcm_hw_params_get_period_size)(const snd_pcm_hw_params_t *params, snd_pcm_uframes_t *frames, int *dir); +- int (* snd_pcm_hw_params_get_period_size_min)(const snd_pcm_hw_params_t *params, snd_pcm_uframes_t *frames, int *dir); +- int (* snd_pcm_hw_params_get_buffer_size)(const snd_pcm_hw_params_t *params, snd_pcm_uframes_t *val); +-} cw_alsa = { +- .handle = NULL, +- +- .snd_pcm_open = NULL, +- .snd_pcm_close = NULL, +- .snd_pcm_prepare = NULL, +- .snd_pcm_drop = NULL, +- .snd_pcm_writei = NULL, +- +- .snd_strerror = NULL, +- +- .snd_pcm_hw_params_malloc = NULL, +- .snd_pcm_hw_params_any = NULL, +- .snd_pcm_hw_params_set_format = NULL, +- .snd_pcm_hw_params_set_rate_near = NULL, +- .snd_pcm_hw_params_set_access = NULL, +- .snd_pcm_hw_params_set_channels = NULL, +- .snd_pcm_hw_params = NULL, +- .snd_pcm_hw_params_get_periods = NULL, +- .snd_pcm_hw_params_get_period_size = NULL, +- .snd_pcm_hw_params_get_period_size_min = NULL, +- .snd_pcm_hw_params_get_buffer_size = NULL +-}; +- +- +- +- +- + + /** + \brief Check if it is possible to open ALSA output +@@ -144,34 +92,19 @@ static struct { + */ + bool cw_is_alsa_possible(const char *device) + { +- const char *library_name = "libasound.so.2"; +- if (!cw_dlopen_internal(library_name, &(cw_alsa.handle))) { +- cw_debug_msg ((&cw_debug_object), CW_DEBUG_SOUND_SYSTEM, CW_DEBUG_ERROR, +- "cw_alsa: can't access ALSA library \"%s\"", library_name); +- return false; +- } +- +- int rv = cw_alsa_dlsym_internal(cw_alsa.handle); +- if (rv < 0) { +- cw_debug_msg ((&cw_debug_object), CW_DEBUG_SOUND_SYSTEM, CW_DEBUG_ERROR, +- "cw_alsa: failed to resolve ALSA symbol #%d, can't correctly load ALSA library", rv); +- dlclose(cw_alsa.handle); +- return false; +- } +- +- const char *dev = device ? device : CW_DEFAULT_ALSA_DEVICE; ++ int rv; ++ const char *dev = device ? device : CW_DEFAULT_ALSA_DEVICE; + snd_pcm_t *alsa_handle; +- rv = cw_alsa.snd_pcm_open(&alsa_handle, ++ rv = snd_pcm_open(&alsa_handle, + dev, /* name */ + SND_PCM_STREAM_PLAYBACK, /* stream (playback/capture) */ + 0); /* mode, 0 | SND_PCM_NONBLOCK | SND_PCM_ASYNC */ + if (rv < 0) { + cw_debug_msg ((&cw_debug_object), CW_DEBUG_SOUND_SYSTEM, CW_DEBUG_ERROR, + "cw_alsa: can't open ALSA device \"%s\"", dev); +- dlclose(cw_alsa.handle); + return false; + } else { +- cw_alsa.snd_pcm_close(alsa_handle); ++ snd_pcm_close(alsa_handle); + return true; + } + } +@@ -204,7 +137,7 @@ int cw_alsa_write_internal(cw_gen_t *gen) + /* Send audio buffer to ALSA. + Size of correct and current data in the buffer is the same as + ALSA's period, so there should be no underruns */ +- int rv = cw_alsa.snd_pcm_writei(gen->alsa_data.handle, gen->buffer, gen->buffer_n_samples); ++ int rv = snd_pcm_writei(gen->alsa_data.handle, gen->buffer, gen->buffer_n_samples); + cw_alsa_debug_evaluate_write_internal(gen, rv); + /* + cw_debug_msg ((&cw_debug_object_dev), CW_DEBUG_SOUND_SYSTEM, CW_DEBUG_INFO, +@@ -231,7 +164,7 @@ int cw_alsa_write_internal(cw_gen_t *gen) + */ + int cw_alsa_open_device_internal(cw_gen_t *gen) + { +- int rv = cw_alsa.snd_pcm_open(&gen->alsa_data.handle, ++ int rv = snd_pcm_open(&gen->alsa_data.handle, + gen->audio_device, /* name */ + SND_PCM_STREAM_PLAYBACK, /* stream (playback/capture) */ + 0); /* mode, 0 | SND_PCM_NONBLOCK | SND_PCM_ASYNC */ +@@ -251,7 +184,7 @@ int cw_alsa_open_device_internal(cw_gen_t *gen) + /* TODO: move this to cw_alsa_set_hw_params_internal(), + deallocate hw_params */ + snd_pcm_hw_params_t *hw_params = NULL; +- rv = cw_alsa.snd_pcm_hw_params_malloc(&hw_params); ++ rv = snd_pcm_hw_params_malloc(&hw_params); + if (rv < 0) { + cw_debug_msg ((&cw_debug_object), CW_DEBUG_SOUND_SYSTEM, CW_DEBUG_ERROR, + "cw_alsa: can't allocate memory for ALSA hw params"); +@@ -265,7 +198,7 @@ int cw_alsa_open_device_internal(cw_gen_t *gen) + return CW_FAILURE; + } + +- rv = cw_alsa.snd_pcm_prepare(gen->alsa_data.handle); ++ rv = snd_pcm_prepare(gen->alsa_data.handle); + if (rv < 0) { + cw_debug_msg ((&cw_debug_object), CW_DEBUG_SOUND_SYSTEM, CW_DEBUG_ERROR, + "cw_alsa: can't prepare ALSA handler"); +@@ -275,7 +208,7 @@ int cw_alsa_open_device_internal(cw_gen_t *gen) + /* Get size for data buffer */ + snd_pcm_uframes_t frames; /* period size in frames */ + int dir = 1; +- rv = cw_alsa.snd_pcm_hw_params_get_period_size_min(hw_params, &frames, &dir); ++ rv = snd_pcm_hw_params_get_period_size_min(hw_params, &frames, &dir); + cw_debug_msg ((&cw_debug_object_dev), CW_DEBUG_SOUND_SYSTEM, CW_DEBUG_INFO, + "cw_alsa: rv = %d, ALSA buffer size would be %u frames", rv, (unsigned int) frames); + +@@ -305,14 +238,11 @@ int cw_alsa_open_device_internal(cw_gen_t *gen) + void cw_alsa_close_device_internal(cw_gen_t *gen) + { + /* "Stop a PCM dropping pending frames. " */ +- cw_alsa.snd_pcm_drop(gen->alsa_data.handle); +- cw_alsa.snd_pcm_close(gen->alsa_data.handle); ++ snd_pcm_drop(gen->alsa_data.handle); ++ snd_pcm_close(gen->alsa_data.handle); + + gen->audio_device_is_open = false; + +- if (cw_alsa.handle) { +- dlclose(cw_alsa.handle); +- } + + #if CW_DEV_RAW_SINK + if (gen->dev_raw_sink != -1) { +@@ -332,11 +262,11 @@ int cw_alsa_debug_evaluate_write_internal(cw_gen_t *gen, int rv) + if (rv == -EPIPE) { + cw_debug_msg ((&cw_debug_object), CW_DEBUG_SOUND_SYSTEM, CW_DEBUG_WARNING, + "cw_alsa: underrun"); +- cw_alsa.snd_pcm_prepare(gen->alsa_data.handle); ++ snd_pcm_prepare(gen->alsa_data.handle); + } else if (rv < 0) { + cw_debug_msg ((&cw_debug_object), CW_DEBUG_SOUND_SYSTEM, CW_DEBUG_WARNING, +- "cw_alsa: writei: %s", cw_alsa.snd_strerror(rv)); +- cw_alsa.snd_pcm_prepare(gen->alsa_data.handle); ++ "cw_alsa: writei: %s", snd_strerror(rv)); ++ snd_pcm_prepare(gen->alsa_data.handle); + } else if (rv != gen->buffer_n_samples) { + cw_debug_msg ((&cw_debug_object), CW_DEBUG_SOUND_SYSTEM, CW_DEBUG_WARNING, + "cw_alsa: short write, %d != %d", rv, gen->buffer_n_samples); +@@ -363,19 +293,19 @@ int cw_alsa_debug_evaluate_write_internal(cw_gen_t *gen, int rv) + int cw_alsa_set_hw_params_internal(cw_gen_t *gen, snd_pcm_hw_params_t *hw_params) + { + /* Get current hw configuration. */ +- int rv = cw_alsa.snd_pcm_hw_params_any(gen->alsa_data.handle, hw_params); ++ int rv = snd_pcm_hw_params_any(gen->alsa_data.handle, hw_params); + if (rv < 0) { + cw_debug_msg ((&cw_debug_object), CW_DEBUG_SOUND_SYSTEM, CW_DEBUG_ERROR, +- "cw_alsa: get current hw params: %s", cw_alsa.snd_strerror(rv)); ++ "cw_alsa: get current hw params: %s", snd_strerror(rv)); + return CW_FAILURE; + } + + + /* Set the sample format */ +- rv = cw_alsa.snd_pcm_hw_params_set_format(gen->alsa_data.handle, hw_params, CW_ALSA_SAMPLE_FORMAT); ++ rv = snd_pcm_hw_params_set_format(gen->alsa_data.handle, hw_params, CW_ALSA_SAMPLE_FORMAT); + if (rv < 0) { + cw_debug_msg ((&cw_debug_object), CW_DEBUG_SOUND_SYSTEM, CW_DEBUG_ERROR, +- "cw_alsa: can't set sample format: %s", cw_alsa.snd_strerror(rv)); ++ "cw_alsa: can't set sample format: %s", snd_strerror(rv)); + return CW_FAILURE; + } + +@@ -387,7 +317,7 @@ int cw_alsa_set_hw_params_internal(cw_gen_t *gen, snd_pcm_hw_params_t *hw_params + bool success = false; + for (int i = 0; cw_supported_sample_rates[i]; i++) { + rate = cw_supported_sample_rates[i]; +- int rv = cw_alsa.snd_pcm_hw_params_set_rate_near(gen->alsa_data.handle, hw_params, &rate, &dir); ++ int rv = snd_pcm_hw_params_set_rate_near(gen->alsa_data.handle, hw_params, &rate, &dir); + if (!rv) { + if (rate != cw_supported_sample_rates[i]) { + cw_debug_msg ((&cw_debug_object_dev), CW_DEBUG_SOUND_SYSTEM, CW_DEBUG_WARNING, "cw_alsa: imprecise sample rate:"); +@@ -402,7 +332,7 @@ int cw_alsa_set_hw_params_internal(cw_gen_t *gen, snd_pcm_hw_params_t *hw_params + + if (!success) { + cw_debug_msg ((&cw_debug_object), CW_DEBUG_SOUND_SYSTEM, CW_DEBUG_ERROR, +- "cw_alsa: can't get sample rate: %s", cw_alsa.snd_strerror(rv)); ++ "cw_alsa: can't get sample rate: %s", snd_strerror(rv)); + return CW_FAILURE; + } else { + cw_debug_msg ((&cw_debug_object_dev), CW_DEBUG_SOUND_SYSTEM, CW_DEBUG_INFO, +@@ -410,18 +340,18 @@ int cw_alsa_set_hw_params_internal(cw_gen_t *gen, snd_pcm_hw_params_t *hw_params + } + + /* Set PCM access type */ +- rv = cw_alsa.snd_pcm_hw_params_set_access(gen->alsa_data.handle, hw_params, SND_PCM_ACCESS_RW_INTERLEAVED); ++ rv = snd_pcm_hw_params_set_access(gen->alsa_data.handle, hw_params, SND_PCM_ACCESS_RW_INTERLEAVED); + if (rv < 0) { + cw_debug_msg ((&cw_debug_object), CW_DEBUG_SOUND_SYSTEM, CW_DEBUG_ERROR, +- "cw_alsa: can't set access type: %s", cw_alsa.snd_strerror(rv)); ++ "cw_alsa: can't set access type: %s", snd_strerror(rv)); + return CW_FAILURE; + } + + /* Set number of channels */ +- rv = cw_alsa.snd_pcm_hw_params_set_channels(gen->alsa_data.handle, hw_params, CW_AUDIO_CHANNELS); ++ rv = snd_pcm_hw_params_set_channels(gen->alsa_data.handle, hw_params, CW_AUDIO_CHANNELS); + if (rv < 0) { + cw_debug_msg ((&cw_debug_object), CW_DEBUG_SOUND_SYSTEM, CW_DEBUG_ERROR, +- "cw_alsa: can't set number of channels: %s", cw_alsa.snd_strerror(rv)); ++ "cw_alsa: can't set number of channels: %s", snd_strerror(rv)); + return CW_FAILURE; + } + +@@ -496,7 +426,7 @@ int cw_alsa_set_hw_params_internal(cw_gen_t *gen, snd_pcm_hw_params_t *hw_params + snd_pcm_uframes_t accepted = 0; /* buffer size in frames */ + dir = 0; + for (snd_pcm_uframes_t val = 0; val < 10000; val++) { +- rv = cw_alsa.snd_pcm_hw_params_test_buffer_size(gen->alsa_data.handle, hw_params, val); ++ rv = snd_pcm_hw_params_test_buffer_size(gen->alsa_data.handle, hw_params, val); + if (rv == 0) { + cw_debug_msg ((&cw_debug_object_dev), CW_DEBUG_SOUND_SYSTEM, CW_DEBUG_INFO, + "cw_alsa: accepted buffer size: %u", (unsigned int) accepted); +@@ -507,10 +437,10 @@ int cw_alsa_set_hw_params_internal(cw_gen_t *gen, snd_pcm_hw_params_t *hw_params + } + + if (accepted > 0) { +- rv = cw_alsa.snd_pcm_hw_params_set_buffer_size(gen->alsa_data.handle, hw_params, accepted); ++ rv = snd_pcm_hw_params_set_buffer_size(gen->alsa_data.handle, hw_params, accepted); + if (rv < 0) { + cw_debug_msg ((&cw_debug_object), CW_DEBUG_SOUND_SYSTEM, CW_DEBUG_ERROR, +- "cw_alsa: can't set accepted buffer size %u: %s", (unsigned int) accepted, cw_alsa.snd_strerror(rv)); ++ "cw_alsa: can't set accepted buffer size %u: %s", (unsigned int) accepted, snd_strerror(rv)); + } + } else { + cw_debug_msg ((&cw_debug_object), CW_DEBUG_SOUND_SYSTEM, CW_DEBUG_ERROR, +@@ -526,7 +456,7 @@ int cw_alsa_set_hw_params_internal(cw_gen_t *gen, snd_pcm_hw_params_t *hw_params + /* this limit should be enough, "accepted" on my machine is 8 */ + const unsigned int n_periods_max = 30; + for (unsigned int val = 1; val < n_periods_max; val++) { +- rv = cw_alsa.snd_pcm_hw_params_test_periods(gen->alsa_data.handle, hw_params, val, dir); ++ rv = snd_pcm_hw_params_test_periods(gen->alsa_data.handle, hw_params, val, dir); + if (rv == 0) { + accepted = val; + cw_debug_msg ((&cw_debug_object_dev), CW_DEBUG_SOUND_SYSTEM, CW_DEBUG_INFO, +@@ -534,10 +464,10 @@ int cw_alsa_set_hw_params_internal(cw_gen_t *gen, snd_pcm_hw_params_t *hw_params + } + } + if (accepted > 0) { +- rv = cw_alsa.snd_pcm_hw_params_set_periods(gen->alsa_data.handle, hw_params, accepted, dir); ++ rv = snd_pcm_hw_params_set_periods(gen->alsa_data.handle, hw_params, accepted, dir); + if (rv < 0) { + cw_debug_msg ((&cw_debug_object_dev), CW_DEBUG_SOUND_SYSTEM, CW_DEBUG_ERROR, +- "cw_alsa: can't set accepted number of periods %d: %s", accepted, cw_alsa.snd_strerror(rv)); ++ "cw_alsa: can't set accepted number of periods %d: %s", accepted, snd_strerror(rv)); + } + } else { + cw_debug_msg ((&cw_debug_object), CW_DEBUG_SOUND_SYSTEM, CW_DEBUG_ERROR, +@@ -549,7 +479,7 @@ int cw_alsa_set_hw_params_internal(cw_gen_t *gen, snd_pcm_hw_params_t *hw_params + /* Test period size */ + dir = 0; + for (snd_pcm_uframes_t val = 0; val < 100000; val++) { +- rv = cw_alsa.snd_pcm_hw_params_test_period_size(gen->alsa_data.handle, hw_params, val, dir); ++ rv = snd_pcm_hw_params_test_period_size(gen->alsa_data.handle, hw_params, val, dir); + if (rv == 0) { + cw_debug_msg ((&cw_debug_object_dev), CW_DEBUG_SOUND_SYSTEM, CW_DEBUG_INFO, + "cw_alsa: accepted period size: %lu", val); +@@ -562,7 +492,7 @@ int cw_alsa_set_hw_params_internal(cw_gen_t *gen, snd_pcm_hw_params_t *hw_params + /* Test buffer time */ + dir = 0; + for (unsigned int val = 0; val < 100000; val++) { +- rv = cw_alsa.snd_pcm_hw_params_test_buffer_time(gen->alsa_data.handle, hw_params, val, dir); ++ rv = snd_pcm_hw_params_test_buffer_time(gen->alsa_data.handle, hw_params, val, dir); + if (rv == 0) { + cw_debug_msg ((&cw_debug_object_dev), CW_DEBUG_SOUND_SYSTEM, CW_DEBUG_INFO, + "cw_alsa: accepted buffer time: %d", val); +@@ -573,10 +503,10 @@ int cw_alsa_set_hw_params_internal(cw_gen_t *gen, snd_pcm_hw_params_t *hw_params + #endif /* #if CW_ALSA_HW_BUFFER_CONFIG */ + + /* Save hw parameters to device */ +- rv = cw_alsa.snd_pcm_hw_params(gen->alsa_data.handle, hw_params); ++ rv = snd_pcm_hw_params(gen->alsa_data.handle, hw_params); + if (rv < 0) { + cw_debug_msg ((&cw_debug_object), CW_DEBUG_SOUND_SYSTEM, CW_DEBUG_ERROR, +- "cw_alsa: can't save hw parameters: %s", cw_alsa.snd_strerror(rv)); ++ "cw_alsa: can't save hw parameters: %s", snd_strerror(rv)); + return CW_FAILURE; + } else { + return CW_SUCCESS; +@@ -600,30 +530,30 @@ int cw_alsa_print_params_internal(snd_pcm_hw_params_t *hw_params) + unsigned int val = 0; + int dir = 0; + +- int rv = cw_alsa.snd_pcm_hw_params_get_periods(hw_params, &val, &dir); ++ int rv = snd_pcm_hw_params_get_periods(hw_params, &val, &dir); + if (rv < 0) { + cw_debug_msg ((&cw_debug_object), CW_DEBUG_SOUND_SYSTEM, CW_DEBUG_ERROR, +- "cw_alsa: can't get 'periods': %s", cw_alsa.snd_strerror(rv)); ++ "cw_alsa: can't get 'periods': %s", snd_strerror(rv)); + } else { + cw_debug_msg ((&cw_debug_object_dev), CW_DEBUG_SOUND_SYSTEM, CW_DEBUG_INFO, + "cw_alsa: 'periods' = %u", val); + } + + snd_pcm_uframes_t period_size = 0; +- rv = cw_alsa.snd_pcm_hw_params_get_period_size(hw_params, &period_size, &dir); ++ rv = snd_pcm_hw_params_get_period_size(hw_params, &period_size, &dir); + if (rv < 0) { + cw_debug_msg ((&cw_debug_object), CW_DEBUG_SOUND_SYSTEM, CW_DEBUG_ERROR, +- "cw_alsa: can't get 'period size': %s", cw_alsa.snd_strerror(rv)); ++ "cw_alsa: can't get 'period size': %s", snd_strerror(rv)); + } else { + cw_debug_msg ((&cw_debug_object_dev), CW_DEBUG_SOUND_SYSTEM, CW_DEBUG_INFO, + "cw_alsa: 'period size' = %u", (unsigned int) period_size); + } + + snd_pcm_uframes_t buffer_size; +- rv = cw_alsa.snd_pcm_hw_params_get_buffer_size(hw_params, &buffer_size); ++ rv = snd_pcm_hw_params_get_buffer_size(hw_params, &buffer_size); + if (rv < 0) { + cw_debug_msg ((&cw_debug_object), CW_DEBUG_SOUND_SYSTEM, CW_DEBUG_ERROR, +- "cw_alsa: can't get buffer size: %s", cw_alsa.snd_strerror(rv)); ++ "cw_alsa: can't get buffer size: %s", snd_strerror(rv)); + } else { + cw_debug_msg ((&cw_debug_object_dev), CW_DEBUG_SOUND_SYSTEM, CW_DEBUG_INFO, + "cw_alsa: 'buffer size' = %u", (unsigned int) buffer_size); +@@ -642,70 +572,9 @@ int cw_alsa_print_params_internal(snd_pcm_hw_params_t *hw_params) + + + +-/** +- \brief Resolve/get symbols from ALSA library +- +- Function resolves/gets addresses of few ALSA functions used by +- libcw and stores them in cw_alsa global variable. +- +- On failure the function returns negative value, different for every +- symbol that the funciton failed to resolve. Function stops and returns +- on first failure. +- +- \param handle - handle to open ALSA library +- +- \return 0 on success +- \return negative value on failure +-*/ +-static int cw_alsa_dlsym_internal(void *handle) +-{ +- *(void **) &(cw_alsa.snd_pcm_open) = dlsym(handle, "snd_pcm_open"); +- if (!cw_alsa.snd_pcm_open) return -1; +- *(void **) &(cw_alsa.snd_pcm_close) = dlsym(handle, "snd_pcm_close"); +- if (!cw_alsa.snd_pcm_close) return -2; +- *(void **) &(cw_alsa.snd_pcm_prepare) = dlsym(handle, "snd_pcm_prepare"); +- if (!cw_alsa.snd_pcm_prepare) return -3; +- *(void **) &(cw_alsa.snd_pcm_drop) = dlsym(handle, "snd_pcm_drop"); +- if (!cw_alsa.snd_pcm_drop) return -4; +- *(void **) &(cw_alsa.snd_pcm_writei) = dlsym(handle, "snd_pcm_writei"); +- if (!cw_alsa.snd_pcm_writei) return -5; +- +- *(void **) &(cw_alsa.snd_strerror) = dlsym(handle, "snd_strerror"); +- if (!cw_alsa.snd_strerror) return -10; +- +- *(void **) &(cw_alsa.snd_pcm_hw_params_malloc) = dlsym(handle, "snd_pcm_hw_params_malloc"); +- if (!cw_alsa.snd_pcm_hw_params_malloc) return -20; +- *(void **) &(cw_alsa.snd_pcm_hw_params_any) = dlsym(handle, "snd_pcm_hw_params_any"); +- if (!cw_alsa.snd_pcm_hw_params_any) return -21; +- *(void **) &(cw_alsa.snd_pcm_hw_params_set_format) = dlsym(handle, "snd_pcm_hw_params_set_format"); +- if (!cw_alsa.snd_pcm_hw_params_set_format) return -22; +- *(void **) &(cw_alsa.snd_pcm_hw_params_set_rate_near) = dlsym(handle, "snd_pcm_hw_params_set_rate_near"); +- if (!cw_alsa.snd_pcm_hw_params_set_rate_near) return -23; +- *(void **) &(cw_alsa.snd_pcm_hw_params_set_access) = dlsym(handle, "snd_pcm_hw_params_set_access"); +- if (!cw_alsa.snd_pcm_hw_params_set_access) return -24; +- *(void **) &(cw_alsa.snd_pcm_hw_params_set_channels) = dlsym(handle, "snd_pcm_hw_params_set_channels"); +- if (!cw_alsa.snd_pcm_hw_params_set_channels) return -25; +- *(void **) &(cw_alsa.snd_pcm_hw_params) = dlsym(handle, "snd_pcm_hw_params"); +- if (!cw_alsa.snd_pcm_hw_params) return -26; +- *(void **) &(cw_alsa.snd_pcm_hw_params_get_periods) = dlsym(handle, "snd_pcm_hw_params_get_periods"); +- if (!cw_alsa.snd_pcm_hw_params_get_periods) return -27; +- *(void **) &(cw_alsa.snd_pcm_hw_params_get_period_size) = dlsym(handle, "snd_pcm_hw_params_get_period_size"); +- if (!cw_alsa.snd_pcm_hw_params_get_period_size) return -28; +- *(void **) &(cw_alsa.snd_pcm_hw_params_get_period_size_min) = dlsym(handle, "snd_pcm_hw_params_get_period_size_min"); +- if (!cw_alsa.snd_pcm_hw_params_get_period_size_min) return -29; +- *(void **) &(cw_alsa.snd_pcm_hw_params_get_buffer_size) = dlsym(handle, "snd_pcm_hw_params_get_buffer_size"); +- if (!cw_alsa.snd_pcm_hw_params_get_buffer_size) return -30; +- +- return 0; +-} +- +- +- +- +- + void cw_alsa_drop(cw_gen_t *gen) + { +- cw_alsa.snd_pcm_drop(gen->alsa_data.handle); ++ snd_pcm_drop(gen->alsa_data.handle); + + return; + } +@@ -721,7 +590,7 @@ void cw_alsa_drop(cw_gen_t *gen) + + + #include <stdbool.h> +-#include "libcw_alsa.h" ++#include "libh" + + + +diff --git a/src/libcw/libcw_pa.c b/src/libcw/libcw_pa.c +index 8269e9d..e190200 100644 +--- a/src/libcw/libcw_pa.c ++++ b/src/libcw/libcw_pa.c +@@ -39,7 +39,6 @@ + #include <unistd.h> + #include <stdlib.h> + #include <stdbool.h> +-#include <dlfcn.h> /* dlopen() and related symbols */ + #include <string.h> + #include <assert.h> + #include <sys/types.h> +@@ -63,39 +62,12 @@ extern cw_debug_t cw_debug_object_dev; + + + static pa_simple *cw_pa_simple_new_internal(pa_sample_spec *ss, pa_buffer_attr *ba, const char *device, const char *stream_name, int *error); +-static int cw_pa_dlsym_internal(void *handle); + static int cw_pa_open_device_internal(cw_gen_t *gen); + static void cw_pa_close_device_internal(cw_gen_t *gen); + static int cw_pa_write_internal(cw_gen_t *gen); + + + +-static struct { +- void *handle; +- +- pa_simple *(* pa_simple_new)(const char *server, const char *name, pa_stream_direction_t dir, const char *dev, const char *stream_name, const pa_sample_spec *ss, const pa_channel_map *map, const pa_buffer_attr *attr, int *error); +- void (* pa_simple_free)(pa_simple *s); +- int (* pa_simple_write)(pa_simple *s, const void *data, size_t bytes, int *error); +- pa_usec_t (* pa_simple_get_latency)(pa_simple *s, int *error); +- int (* pa_simple_drain)(pa_simple *s, int *error); +- +- size_t (* pa_usec_to_bytes)(pa_usec_t t, const pa_sample_spec *spec); +- char *(* pa_strerror)(int error); +-} cw_pa = { +- .handle = NULL, +- +- .pa_simple_new = NULL, +- .pa_simple_free = NULL, +- .pa_simple_write = NULL, +- .pa_simple_get_latency = NULL, +- .pa_simple_drain = NULL, +- +- .pa_usec_to_bytes = NULL, +- .pa_strerror = NULL +-}; +- +- +- + + static const pa_sample_format_t CW_PA_SAMPLE_FORMAT = PA_SAMPLE_S16LE; /* Signed 16 bit, Little Endian */ + static const int CW_PA_BUFFER_N_SAMPLES = 1024; +@@ -117,21 +89,6 @@ static const int CW_PA_BUFFER_N_SAMPLES = 1024; + */ + bool cw_is_pa_possible(const char *device) + { +- const char *library_name = "libpulse-simple.so"; +- if (!cw_dlopen_internal(library_name, &(cw_pa.handle))) { +- cw_debug_msg ((&cw_debug_object), CW_DEBUG_SOUND_SYSTEM, CW_DEBUG_ERROR, +- "libcw_pa: can't access PulseAudio library \"%s\"", library_name); +- return false; +- } +- +- int rv = cw_pa_dlsym_internal(cw_pa.handle); +- if (rv < 0) { +- cw_debug_msg ((&cw_debug_object), CW_DEBUG_SOUND_SYSTEM, CW_DEBUG_ERROR, +- "libcw_pa: failed to resolve PulseAudio symbol #%d, can't correctly load PulseAudio library", rv); +- dlclose(cw_pa.handle); +- return false; +- } +- + const char *dev = (char *) NULL; + if (device && strcmp(device, CW_DEFAULT_PA_DEVICE)) { + dev = device; +@@ -145,13 +102,10 @@ bool cw_is_pa_possible(const char *device) + + if (!s) { + cw_debug_msg ((&cw_debug_object), CW_DEBUG_SOUND_SYSTEM, CW_DEBUG_ERROR, +- "libcw_pa: can't connect to PulseAudio server: %s", cw_pa.pa_strerror(error)); +- if (cw_pa.handle) { +- dlclose(cw_pa.handle); +- } ++ "libcw_pa: can't connect to PulseAudio server: %s", pa_strerror(error)); + return false; + } else { +- cw_pa.pa_simple_free(s); ++ pa_simple_free(s); + s = NULL; + return true; + } +@@ -186,10 +140,10 @@ int cw_pa_write_internal(cw_gen_t *gen) + + int error = 0; + size_t n_bytes = sizeof (gen->buffer[0]) * gen->buffer_n_samples; +- int rv = cw_pa.pa_simple_write(gen->pa_data.s, gen->buffer, n_bytes, &error); ++ int rv = pa_simple_write(gen->pa_data.s, gen->buffer, n_bytes, &error); + if (rv < 0) { + cw_debug_msg ((&cw_debug_object), CW_DEBUG_SOUND_SYSTEM, CW_DEBUG_ERROR, +- "libcw_pa: pa_simple_write() failed: %s", cw_pa.pa_strerror(error)); ++ "libcw_pa: pa_simple_write() failed: %s", pa_strerror(error)); + } else { + //cw_debug_msg ((&cw_debug_object_dev), CW_DEBUG_SOUND_SYSTEM, CW_DEBUG_INFO, "libcw_pa: written %d samples with PulseAudio", gen->buffer_n_samples); + } +@@ -237,13 +191,13 @@ pa_simple *cw_pa_simple_new_internal(pa_sample_spec *ss, pa_buffer_attr *ba, con + } + + // http://www.mail-archive.com/pulseaudio-tickets@mail.0pointer.de/msg03295.html +- ba->tlength = cw_pa.pa_usec_to_bytes(50*1000, ss); +- ba->minreq = cw_pa.pa_usec_to_bytes(0, ss); +- ba->maxlength = cw_pa.pa_usec_to_bytes(50*1000, ss); ++ ba->tlength = pa_usec_to_bytes(50*1000, ss); ++ ba->minreq = pa_usec_to_bytes(0, ss); ++ ba->maxlength = pa_usec_to_bytes(50*1000, ss); + /* ba->prebuf = ; */ /* ? */ + /* ba->fragsize = sizeof(uint32_t) -1; */ /* not relevant to playback */ + +- pa_simple *s = cw_pa.pa_simple_new(NULL, /* server name (NULL for default) */ ++ pa_simple *s = pa_simple_new(NULL, /* server name (NULL for default) */ + "libcw", /* descriptive name of client (application name etc.) */ + PA_STREAM_PLAYBACK, /* stream direction */ + dev, /* device/sink name (NULL for default) */ +@@ -258,47 +212,6 @@ pa_simple *cw_pa_simple_new_internal(pa_sample_spec *ss, pa_buffer_attr *ba, con + + + +- +- +-/** +- \brief Resolve/get symbols from PulseAudio library +- +- Function resolves/gets addresses of few PulseAudio functions used by +- libcw and stores them in cw_pa global variable. +- +- On failure the function returns negative value, different for every +- symbol that the funciton failed to resolve. Function stops and returns +- on first failure. +- +- \param handle - handle to open PulseAudio library +- +- \return 0 on success +- \return negative value on failure +-*/ +-int cw_pa_dlsym_internal(void *handle) +-{ +- *(void **) &(cw_pa.pa_simple_new) = dlsym(handle, "pa_simple_new"); +- if (!cw_pa.pa_simple_new) return -1; +- *(void **) &(cw_pa.pa_simple_free) = dlsym(handle, "pa_simple_free"); +- if (!cw_pa.pa_simple_free) return -2; +- *(void **) &(cw_pa.pa_simple_write) = dlsym(handle, "pa_simple_write"); +- if (!cw_pa.pa_simple_write) return -3; +- *(void **) &(cw_pa.pa_strerror) = dlsym(handle, "pa_strerror"); +- if (!cw_pa.pa_strerror) return -4; +- *(void **) &(cw_pa.pa_simple_get_latency) = dlsym(handle, "pa_simple_get_latency"); +- if (!cw_pa.pa_simple_get_latency) return -5; +- *(void **) &(cw_pa.pa_simple_drain) = dlsym(handle, "pa_simple_drain"); +- if (!cw_pa.pa_simple_drain) return -6; +- *(void **) &(cw_pa.pa_usec_to_bytes) = dlsym(handle, "pa_usec_to_bytes"); +- if (!cw_pa.pa_usec_to_bytes) return -7; +- +- return 0; +-} +- +- +- +- +- + /** + \brief Open PulseAudio output, associate it with given generator + +@@ -325,16 +238,16 @@ int cw_pa_open_device_internal(cw_gen_t *gen) + + if (!gen->pa_data.s) { + cw_debug_msg ((&cw_debug_object_dev), CW_DEBUG_SOUND_SYSTEM, CW_DEBUG_ERROR, +- "libcw_pa: can't connect to PulseAudio server: %s", cw_pa.pa_strerror(error)); ++ "libcw_pa: can't connect to PulseAudio server: %s", pa_strerror(error)); + return false; + } + + gen->buffer_n_samples = CW_PA_BUFFER_N_SAMPLES; + gen->sample_rate = gen->pa_data.ss.rate; + +- if ((gen->pa_data.latency_usecs = cw_pa.pa_simple_get_latency(gen->pa_data.s, &error)) == (pa_usec_t) -1) { ++ if ((gen->pa_data.latency_usecs = pa_simple_get_latency(gen->pa_data.s, &error)) == (pa_usec_t) -1) { + cw_debug_msg ((&cw_debug_object_dev), CW_DEBUG_SOUND_SYSTEM, CW_DEBUG_ERROR, +- "libcw_pa: pa_simple_get_latency() failed: %s", cw_pa.pa_strerror(error)); ++ "libcw_pa: pa_simple_get_latency() failed: %s", pa_strerror(error)); + } + + #if CW_DEV_RAW_SINK +@@ -357,20 +270,17 @@ void cw_pa_close_device_internal(cw_gen_t *gen) + if (gen->pa_data.s) { + /* Make sure that every single sample was played */ + int error; +- if (cw_pa.pa_simple_drain(gen->pa_data.s, &error) < 0) { ++ if (pa_simple_drain(gen->pa_data.s, &error) < 0) { + cw_debug_msg ((&cw_debug_object_dev), CW_DEBUG_SOUND_SYSTEM, CW_DEBUG_ERROR, +- "libcw_pa: pa_simple_drain() failed: %s", cw_pa.pa_strerror(error)); ++ "libcw_pa: pa_simple_drain() failed: %s", pa_strerror(error)); + } +- cw_pa.pa_simple_free(gen->pa_data.s); ++ pa_simple_free(gen->pa_data.s); + gen->pa_data.s = NULL; + } else { + cw_debug_msg ((&cw_debug_object_dev), CW_DEBUG_SOUND_SYSTEM, CW_DEBUG_WARNING, + "libcw_pa: called the function for NULL PA sink"); + } + +- if (cw_pa.handle) { +- dlclose(cw_pa.handle); +- } + + #if CW_DEV_RAW_SINK + if (gen->dev_raw_sink != -1) { +-- +2.16.2 + diff --git a/pkgs/applications/misc/xmr-stak/default.nix b/pkgs/applications/misc/xmr-stak/default.nix index 51fd2ee80648..5dcaeb1226e5 100644 --- a/pkgs/applications/misc/xmr-stak/default.nix +++ b/pkgs/applications/misc/xmr-stak/default.nix @@ -12,13 +12,13 @@ in stdenv'.mkDerivation rec { name = "xmr-stak-${version}"; - version = "2.4.3"; + version = "2.4.4"; src = fetchFromGitHub { owner = "fireice-uk"; repo = "xmr-stak"; rev = "${version}"; - sha256 = "0plks4yyd9gjnfg7sfsgsvdgczkbghf5xjwb8bzv01f0fndn10r1"; + sha256 = "1j75466hfs18w05k64yb60pw865ah226vjib46qr1wb1mcd82i5s"; }; NIX_CFLAGS_COMPILE = "-O3"; diff --git a/pkgs/applications/networking/browsers/firefox/packages.nix b/pkgs/applications/networking/browsers/firefox/packages.nix index 4d55c52fbbf9..4e7d35f105c3 100644 --- a/pkgs/applications/networking/browsers/firefox/packages.nix +++ b/pkgs/applications/networking/browsers/firefox/packages.nix @@ -137,35 +137,18 @@ rec { in rec { - tor-browser-7-0 = common (rec { - pname = "tor-browser"; - version = "7.0.1"; - isTorBrowserLike = true; - - # FIXME: fetchFromGitHub is not ideal, unpacked source is >900Mb - src = fetchFromGitHub { - owner = "SLNOS"; - repo = "tor-browser"; - # branch "tor-browser-52.5.0esr-7.0-1-slnos"; - rev = "830ff8d622ef20345d83f386174f790b0fc2440d"; - sha256 = "169mjkr0bp80yv9nzza7kay7y2k03lpnx71h4ybcv9ygxgzdgax5"; - }; - - patches = nixpkgsPatches; - } // commonAttrs) {}; - tor-browser-7-5 = common (rec { pname = "tor-browser"; - version = "7.5.4"; + version = "7.5.5"; isTorBrowserLike = true; # FIXME: fetchFromGitHub is not ideal, unpacked source is >900Mb src = fetchFromGitHub { owner = "SLNOS"; repo = "tor-browser"; - # branch "tor-browser-52.8.0esr-7.5-1-slnos" - rev = "dbaabe129d2982bee00a753146fbe610fec0ca50"; - sha256 = "0j60vz18bwabqbzv0r1id3vcyh3832mzx6cg5r7x5c03s5hn40a4"; + # branch "tor-browser-52.8.1esr-7.5-1-slnos" + rev = "08e246847f0ccbee42f61d9449344d461c886cf1"; + sha256 = "023k7427g2hqkpdsw1h384djlyy6jyidpssrrwzbs3qv4s13slah"; }; patches = nixpkgsPatches; diff --git a/pkgs/applications/networking/gns3/default.nix b/pkgs/applications/networking/gns3/default.nix index 91bcfc73f2c7..9123477bb3ed 100644 --- a/pkgs/applications/networking/gns3/default.nix +++ b/pkgs/applications/networking/gns3/default.nix @@ -1,7 +1,7 @@ { callPackage, stdenv }: let - stableVersion = "2.1.6"; + stableVersion = "2.1.7"; # Currently there is no preview version. previewVersion = stableVersion; addVersion = args: @@ -10,8 +10,8 @@ let in args // { inherit version branch; }; mkGui = args: callPackage (import ./gui.nix (addVersion args)) { }; mkServer = args: callPackage (import ./server.nix (addVersion args)) { }; - guiSrcHash = "0wrh0x5ig2x2pxyyf99z4bfiyxn19akyjic5kgf0pv2snifw2481"; - serverSrcHash = "0jy5700bshz54mdsh5qpcb2qrczg9isxhr4y0bmglrl23pywvisc"; + guiSrcHash = "10zf429zjzf7v4y9r7mmkp42kh5ppmqinhvwqzb7jmsrpv2cnxj6"; + serverSrcHash = "056swz6ygqdi37asah51v1yy0ky8q0p32vf7dxs697hd7nv78aqj"; in { guiStable = mkGui { stable = true; diff --git a/pkgs/applications/networking/instant-messengers/telegram/tdesktop/default.nix b/pkgs/applications/networking/instant-messengers/telegram/tdesktop/default.nix index 071f82a8cbec..3e0e60594f82 100644 --- a/pkgs/applications/networking/instant-messengers/telegram/tdesktop/default.nix +++ b/pkgs/applications/networking/instant-messengers/telegram/tdesktop/default.nix @@ -4,8 +4,8 @@ let mkTelegram = args: qt5.callPackage (import ./generic.nix args) { }; stableVersion = { stable = true; - version = "1.3.0"; - sha256Hash = "1h5zcvd58bjm02b0rfb7fx1nx1gmzdlk1854lm6kg1hd6mqrrb0i"; + version = "1.3.7"; + sha256Hash = "1rwnqgla061icvyvw8gxqd7qki1jnq0f46hvyffp74ng5r1b6wjg"; # svn log svn://svn.archlinux.org/community/telegram-desktop/trunk archPatchesRevision = "310557"; archPatchesHash = "1v134dal3xiapgh3akfr61vh62j24m9vkb62kckwvap44iqb0hlk"; @@ -14,7 +14,5 @@ in { stable = mkTelegram stableVersion; preview = mkTelegram (stableVersion // { stable = false; - version = "1.3.4"; - sha256Hash = "17xdzyl7jb5g69a2h6fyk67z7s6h2dqjg8j478px6n0br1n420wk"; }); } diff --git a/pkgs/applications/office/gnucash/default.nix b/pkgs/applications/office/gnucash/default.nix index d12b1327e8f7..c09d0b3aa39b 100644 --- a/pkgs/applications/office/gnucash/default.nix +++ b/pkgs/applications/office/gnucash/default.nix @@ -37,8 +37,9 @@ stdenv.mkDerivation rec { buildInputs = [ boost icu libxml2 libxslt gettext swig isocodes gtk3 glibcLocales webkit dconf hicolor-icon-theme libofx aqbanking gwenhywfar libdbi - libdbiDrivers guile perlWrapper - ]; + libdbiDrivers guile + perlWrapper perl + ] ++ (with perlPackages; [ FinanceQuote DateManip ]); propagatedUserEnvPkgs = [ dconf ]; @@ -58,6 +59,7 @@ stdenv.mkDerivation rec { wrapProgram "$out/bin/gnucash" \ --prefix XDG_DATA_DIRS : "$GSETTINGS_SCHEMAS_PATH:$out/share/gsettings-schemas/${name}" \ --prefix XDG_DATA_DIRS : "${hicolor-icon-theme}/share" \ + --prefix PERL5LIB ":" "$PERL5LIB" \ --prefix GIO_EXTRA_MODULES : "${stdenv.lib.getLib dconf}/lib/gio/modules" ''; diff --git a/pkgs/applications/office/mendeley/default.nix b/pkgs/applications/office/mendeley/default.nix index 15a57ba9de4b..cf40392c6dd9 100644 --- a/pkgs/applications/office/mendeley/default.nix +++ b/pkgs/applications/office/mendeley/default.nix @@ -42,14 +42,14 @@ let then "i386" else "amd64"; - shortVersion = "1.18-stable"; + shortVersion = "1.19.1-stable"; version = "${shortVersion}_${arch}"; url = "http://desktop-download.mendeley.com/download/apt/pool/main/m/mendeleydesktop/mendeleydesktop_${version}.deb"; sha256 = if stdenv.system == arch32 - then "046v1j4sc6m0bf89f52zsg8riygrhldplyih5p0cjhcsd45q6fx8" - else "072fppgxhiryb6m1fb4qvq8nbblx88xpknnklygch1sw0lyks69h"; + then "0fcyl5i8xdgb5j0x1643qc0j74d8p11jczvqmgqkqh0wgid1y1ad" + else "1dzwa2cnn9xakrhhq159fhh71gw5wlbf017rrikdlia694m8akq6"; deps = [ qtbase diff --git a/pkgs/applications/science/electronics/ngspice/default.nix b/pkgs/applications/science/electronics/ngspice/default.nix index 96025e8faa62..73e770b63e2d 100644 --- a/pkgs/applications/science/electronics/ngspice/default.nix +++ b/pkgs/applications/science/electronics/ngspice/default.nix @@ -1,11 +1,11 @@ {stdenv, fetchurl, readline, bison, flex, libX11, libICE, libXaw, libXext, fftw}: stdenv.mkDerivation { - name = "ngspice-27"; + name = "ngspice-28"; src = fetchurl { - url = "mirror://sourceforge/ngspice/ngspice-27.tar.gz"; - sha256 = "15862npsy5sj56z5yd1qiv3y0fgicrzj7wwn8hbcy89fgbawf20c"; + url = "mirror://sourceforge/ngspice/ngspice-28.tar.gz"; + sha256 = "0rnz2rdgyav16w7wfn3sfrk2lwvvgz1fh0l9107zkcldijklz04l"; }; nativeBuildInputs = [ flex bison ]; diff --git a/pkgs/applications/version-management/gitaly/default.nix b/pkgs/applications/version-management/gitaly/default.nix index 375e7ad001d1..52d46a991187 100644 --- a/pkgs/applications/version-management/gitaly/default.nix +++ b/pkgs/applications/version-management/gitaly/default.nix @@ -23,6 +23,8 @@ in buildGoPackage rec { inherit rubyEnv; }; + buildInputs = [rubyEnv.wrappedRuby]; + postInstall = '' mkdir -p $ruby cp -rv $src/ruby/{bin,lib,vendor} $ruby diff --git a/pkgs/applications/version-management/sit/aarch64-isel.patch b/pkgs/applications/version-management/sit/aarch64-isel.patch deleted file mode 100644 index 411922cfd8e7..000000000000 --- a/pkgs/applications/version-management/sit/aarch64-isel.patch +++ /dev/null @@ -1,9 +0,0 @@ -diff --git a/.cargo/config b/.cargo/config -new file mode 100644 -index 0000000..15e7649 ---- /dev/null -+++ b/.cargo/config -@@ -0,0 +1,3 @@ -+# https://github.com/rust-lang/rust/issues/50516 -+[target.'cfg(all(debug_assertions, target_arch = "aarch64"))'] -+rustflags = ["-C", "llvm-args=-fast-isel"] diff --git a/pkgs/applications/version-management/sit/default.nix b/pkgs/applications/version-management/sit/default.nix index e189241531d6..75368bd88463 100644 --- a/pkgs/applications/version-management/sit/default.nix +++ b/pkgs/applications/version-management/sit/default.nix @@ -1,25 +1,30 @@ -{ stdenv, fetchFromGitHub, rustPlatform, cmake, libzip }: +{ stdenv, fetchFromGitHub, rustPlatform, cmake, libzip, gnupg, + # Darwin + libiconv, CoreFoundation, Security }: rustPlatform.buildRustPackage rec { name = "sit-${version}"; - version = "0.3.2"; + version = "0.4.0"; src = fetchFromGitHub { - owner = "sit-it"; + owner = "sit-fyi"; repo = "sit"; rev = "v${version}"; - sha256 = "0lhl4rrfmsi76498mg5si2xagl8l2pi5d92dxhsyzszpwn5jdp57"; + sha256 = "10ycs6vc7mfzxnxrki09xn974pcwh196h1pfnsds98x6r87hxkpn"; }; - buildInputs = [ cmake libzip ]; + buildInputs = [ cmake libzip gnupg ] ++ + (if stdenv.isDarwin then [ libiconv CoreFoundation Security ] else []); - cargoSha256 = "102haqix13nwcncng1s8qkw68spn6fhh3vysk2nbahw6f78zczqg"; + preCheck = '' + export HOME=$(mktemp -d) + ''; - patches = [ ./aarch64-isel.patch ]; + cargoSha256 = "023anmnprxbsvqww1b1bdyfhbhjh1ah2kc67cdihvdvi4lqdmbia"; meta = with stdenv.lib; { description = "Serverless Information Tracker"; - homepage = https://sit.sh/; + homepage = https://sit.fyi/; license = with licenses; [ asl20 /* or */ mit ]; maintainers = with maintainers; [ dywedir yrashk ]; platforms = platforms.all; diff --git a/pkgs/applications/virtualization/docker/default.nix b/pkgs/applications/virtualization/docker/default.nix index 2ab2bd022199..1a2c850f1569 100644 --- a/pkgs/applications/virtualization/docker/default.nix +++ b/pkgs/applications/virtualization/docker/default.nix @@ -27,7 +27,7 @@ rec { patches = []; }); - docker-containerd = containerd.overrideAttrs (oldAttrs: rec { + docker-containerd = (containerd.override { inherit go; }).overrideAttrs (oldAttrs: rec { name = "docker-containerd"; src = fetchFromGitHub { owner = "docker"; diff --git a/pkgs/applications/virtualization/qemu/default.nix b/pkgs/applications/virtualization/qemu/default.nix index 8c429ff1d062..05d8c1edec29 100644 --- a/pkgs/applications/virtualization/qemu/default.nix +++ b/pkgs/applications/virtualization/qemu/default.nix @@ -15,6 +15,7 @@ , xenSupport ? false, xen , openGLSupport ? sdlSupport, mesa_noglu, epoxy, libdrm , virglSupport ? openGLSupport, virglrenderer +, smbdSupport ? false, samba , hostCpuOnly ? false , nixosTestRunner ? false }: @@ -63,7 +64,8 @@ stdenv.mkDerivation rec { ++ optionals stdenv.isLinux [ alsaLib libaio libcap_ng libcap attr ] ++ optionals xenSupport [ xen ] ++ optionals openGLSupport [ mesa_noglu epoxy libdrm ] - ++ optionals virglSupport [ virglrenderer ]; + ++ optionals virglSupport [ virglrenderer ] + ++ optionals smbdSupport [ samba ]; enableParallelBuilding = true; @@ -100,8 +102,7 @@ stdenv.mkDerivation rec { ''; configureFlags = - [ "--smbd=smbd" # use `smbd' from $PATH - "--audio-drv-list=${audio}" + [ "--audio-drv-list=${audio}" "--sysconfdir=/etc" "--localstatedir=/var" ] @@ -117,7 +118,8 @@ stdenv.mkDerivation rec { ++ optional gtkSupport "--enable-gtk" ++ optional xenSupport "--enable-xen" ++ optional openGLSupport "--enable-opengl" - ++ optional virglSupport "--enable-virglrenderer"; + ++ optional virglSupport "--enable-virglrenderer" + ++ optional smbdSupport "--smbd=${samba}/bin/smbd"; doCheck = false; # tries to access /dev diff --git a/pkgs/applications/window-managers/dwm/dwm-status.nix b/pkgs/applications/window-managers/dwm/dwm-status.nix new file mode 100644 index 000000000000..4a46d4ef7ba8 --- /dev/null +++ b/pkgs/applications/window-managers/dwm/dwm-status.nix @@ -0,0 +1,36 @@ +{ stdenv, lib, rustPlatform, fetchFromGitHub, dbus, gdk_pixbuf, libnotify, makeWrapper, pkgconfig, xorg, alsaUtils }: + +let + runtimeDeps = [ xorg.xsetroot ] + ++ lib.optional (alsaUtils != null) alsaUtils; +in + +rustPlatform.buildRustPackage rec { + name = "dwm-status-${version}"; + version = "0.4.0"; + + src = fetchFromGitHub { + owner = "Gerschtli"; + repo = "dwm-status"; + rev = version; + sha256 = "0nw0iz78mnrmgpc471yjv7yzsaf7346mwjp6hm5kbsdclvrdq9d7"; + }; + + nativeBuildInputs = [ makeWrapper pkgconfig ]; + buildInputs = [ dbus gdk_pixbuf libnotify ]; + + cargoSha256 = "0169k91pb7ipvi0m71cmkppp1klgp5ghampa7x0fxkyrvrf0dvqg"; + + postInstall = '' + wrapProgram $out/bin/dwm-status \ + --prefix "PATH" : "${stdenv.lib.makeBinPath runtimeDeps}" + ''; + + meta = with stdenv.lib; { + description = "DWM status service which dynamically updates when needed"; + homepage = https://github.com/Gerschtli/dwm-status; + license = with licenses; [ mit ]; + maintainers = with maintainers; [ gerschtli ]; + platforms = platforms.linux; + }; +} diff --git a/pkgs/applications/window-managers/fvwm/default.nix b/pkgs/applications/window-managers/fvwm/default.nix index 0b9c286aa9de..20a95f36cee3 100644 --- a/pkgs/applications/window-managers/fvwm/default.nix +++ b/pkgs/applications/window-managers/fvwm/default.nix @@ -9,12 +9,12 @@ assert gestures -> libstroke != null; stdenv.mkDerivation rec { pname = "fvwm"; - version = "2.6.7"; + version = "2.6.8"; name = "${pname}-${version}"; src = fetchurl { url = "https://github.com/fvwmorg/fvwm/releases/download/${version}/${name}.tar.gz"; - sha256 = "01654d5abdcde6dac131cae9befe5cf6f01f9f7524d097c3b0f316e39f84ef73"; + sha256 = "0hgkkdzcqjnaabvv9cnh0bz90nnjskbhjg9qnzpi2x0mbliwjdpv"; }; nativeBuildInputs = [ pkgconfig ]; diff --git a/pkgs/build-support/fetchurl/builder.sh b/pkgs/build-support/fetchurl/builder.sh index 7c2bdf260b4e..f9bc8b602f4c 100644 --- a/pkgs/build-support/fetchurl/builder.sh +++ b/pkgs/build-support/fetchurl/builder.sh @@ -2,20 +2,24 @@ source $stdenv/setup source $mirrorsFile +curlVersion=$(curl -V | head -1 | cut -d' ' -f2) # Curl flags to handle redirects, not use EPSV, handle cookies for # servers to need them during redirects, and work on SSL without a # certificate (this isn't a security problem because we check the # cryptographic hash of the output anyway). -curl="curl \ - --location --max-redirs 20 \ - --retry 3 \ - --disable-epsv \ - --cookie-jar cookies \ - --insecure \ - $curlOpts \ - $NIX_CURL_FLAGS" - +curl=( + curl + --location + --max-redirs 20 + --retry 3 + --disable-epsv + --cookie-jar cookies + --insecure + --user-agent "curl/$curlVersion Nixpkgs/$nixpkgsVersion" + $curlOpts + $NIX_CURL_FLAGS +) downloadedFile="$out" if [ -n "$downloadToTemp" ]; then downloadedFile="$TMPDIR/file"; fi @@ -32,7 +36,7 @@ tryDownload() { # if we get error code 18, resume partial download while [ $curlexit -eq 18 ]; do # keep this inside an if statement, since on failure it doesn't abort the script - if $curl -C - --fail "$url" --output "$downloadedFile"; then + if "${curl[@]}" -C - --fail "$url" --output "$downloadedFile"; then success=1 break else @@ -61,7 +65,7 @@ tryHashedMirrors() { for mirror in $hashedMirrors; do url="$mirror/$outputHashAlgo/$outputHash" - if $curl --retry 0 --connect-timeout "${NIX_CONNECT_TIMEOUT:-15}" \ + if "${curl[@]}" --retry 0 --connect-timeout "${NIX_CONNECT_TIMEOUT:-15}" \ --fail --silent --show-error --head "$url" \ --write-out "%{http_code}" --output /dev/null > code 2> log; then tryDownload "$url" diff --git a/pkgs/build-support/fetchurl/default.nix b/pkgs/build-support/fetchurl/default.nix index 0bf529caa75e..5f0c1384c79e 100644 --- a/pkgs/build-support/fetchurl/default.nix +++ b/pkgs/build-support/fetchurl/default.nix @@ -92,7 +92,6 @@ in assert sha512 != "" -> builtins.compareVersions "1.11" builtins.nixVersion <= 0; let - urls_ = if urls != [] && url == "" then (if lib.isList urls then urls @@ -107,7 +106,6 @@ let else if sha256 != "" then { outputHashAlgo = "sha256"; outputHash = sha256; } else if sha1 != "" then { outputHashAlgo = "sha1"; outputHash = sha1; } else throw "fetchurl requires a hash for fixed-output derivation: ${lib.concatStringsSep ", " urls_}"; - in stdenvNoCC.mkDerivation { @@ -135,6 +133,8 @@ stdenvNoCC.mkDerivation { impureEnvVars = impureEnvVars ++ netrcImpureEnvVars; + nixpkgsVersion = lib.trivial.release; + # Doing the download on a remote machine just duplicates network # traffic, so don't do that. preferLocalBuild = true; diff --git a/pkgs/build-support/fetchurl/mirrors.nix b/pkgs/build-support/fetchurl/mirrors.nix index cc015f9d6046..2d1773531532 100644 --- a/pkgs/build-support/fetchurl/mirrors.nix +++ b/pkgs/build-support/fetchurl/mirrors.nix @@ -405,4 +405,12 @@ rec { http://repo1.maven.org/maven2/ http://central.maven.org/maven2/ ]; + + # Alsa Project + alsa = [ + ftp://ftp.alsa-project.org/pub/ + http://alsa.cybermirror.org/ + http://www.mirrorservice.org/sites/ftp.alsa-project.org/pub/ + http://alsa.mirror.fr/ + ]; } diff --git a/pkgs/build-support/setup-hooks/prune-libtool-files.sh b/pkgs/build-support/setup-hooks/prune-libtool-files.sh new file mode 100644 index 000000000000..d75812e05b60 --- /dev/null +++ b/pkgs/build-support/setup-hooks/prune-libtool-files.sh @@ -0,0 +1,22 @@ +# Clear dependency_libs in libtool files for shared libraries. + +# Shared libraries already encode their dependencies with locations. .la +# files do not always encode those locations, and sometimes encode the +# locations in the wrong Nix output. .la files are not needed for shared +# libraries, but without dependency_libs they do not hurt either. + +fixupOutputHooks+=(_pruneLibtoolFiles) + +_pruneLibtoolFiles() { + if [ "$dontPruneLibtoolFiles" ]; then + return + fi + + # Libtool uses "dlname" and "library_names" fields for shared libraries and + # the "old_library" field for static libraries. We are processing only + # those .la files that do not describe static libraries. + find "$prefix" -type f -name '*.la' \ + -exec grep -q '^# Generated by libtool' {} \; \ + -exec grep -q "^old_library=''" {} \; \ + -exec sed -i {} -e "/^dependency_libs='[^']/ c dependency_libs='' #pruned" \; +} diff --git a/pkgs/build-support/vm/default.nix b/pkgs/build-support/vm/default.nix index 622fba0686f4..9cdcc2a752d0 100644 --- a/pkgs/build-support/vm/default.nix +++ b/pkgs/build-support/vm/default.nix @@ -14,16 +14,6 @@ rec { qemu = pkgs.qemu_kvm; - qemu-220 = lib.overrideDerivation pkgs.qemu_kvm (attrs: rec { - version = "2.2.0"; - src = fetchurl { - url = "http://wiki.qemu.org/download/qemu-${version}.tar.bz2"; - sha256 = "1703c3scl5n07gmpilg7g2xzyxnr7jczxgx6nn4m8kv9gin9p35n"; - }; - patches = [ ../../../nixos/modules/virtualisation/azure-qemu-220-no-etc-install.patch ]; - }); - - modulesClosure = makeModulesClosure { inherit kernel rootModules; firmware = kernel; diff --git a/pkgs/data/fonts/fira-mono/default.nix b/pkgs/data/fonts/fira-mono/default.nix index 4fc6aab95108..2f50a83a70b4 100644 --- a/pkgs/data/fonts/fira-mono/default.nix +++ b/pkgs/data/fonts/fira-mono/default.nix @@ -3,17 +3,17 @@ fetchzip { name = "fira-mono-3.206"; - url = http://www.carrois.com/downloads/fira_mono_3_2/FiraMonoFonts3206.zip; + url = https://github.com/mozilla/Fira/archive/4.106.zip; postFetch = '' mkdir -p $out/share/fonts - unzip -j $downloadedFile \*.otf -d $out/share/fonts/opentype + unzip -j $downloadedFile Fira-4.106/otf/FiraMono\*.otf -d $out/share/fonts/opentype ''; - sha256 = "0m4kdjh4xjyznybpgh21a0gibv4wsxq0rqyl3wv942zk6mclmgdf"; + sha256 = "1ci3fxhdwabvfj4nl16pwcgqnh7s2slp8vblribk8zkpx8cbp1dj"; meta = with stdenv.lib; { - homepage = http://www.carrois.com/fira-4-1/; + homepage = https://mozilla.github.io/Fira/; description = "Monospace font for Firefox OS"; longDescription = '' Fira Mono is a monospace font designed by Erik Spiekermann, diff --git a/pkgs/data/fonts/fira/default.nix b/pkgs/data/fonts/fira/default.nix index cddb8cd726a5..ce6e011d8a65 100644 --- a/pkgs/data/fonts/fira/default.nix +++ b/pkgs/data/fonts/fira/default.nix @@ -3,17 +3,17 @@ fetchzip rec { name = "fira-4.106"; - url = http://www.carrois.com/downloads/fira_4_1/FiraFonts4106.zip; + url = https://github.com/mozilla/Fira/archive/4.106.zip; postFetch = '' mkdir -p $out/share/fonts - unzip -j $downloadedFile \*.otf -d $out/share/fonts/opentype + unzip -j $downloadedFile Fira-4.106/otf/FiraSans\*.otf -d $out/share/fonts/opentype ''; - sha256 = "174nwmpvxqg1qjfj6h3yvrphs1s3n6zricdh27iaxilajm0ilbgs"; + sha256 = "0c97nmihcq0ki7ywj8zn048a2bgrszc61lb9p0djfi65ar52jab4"; meta = with stdenv.lib; { - homepage = http://www.carrois.com/fira-4-1/; + homepage = https://mozilla.github.io/Fira/; description = "Sans-serif font for Firefox OS"; longDescription = '' Fira Sans is a sans-serif font designed by Erik Spiekermann, diff --git a/pkgs/development/compilers/avian/default.nix b/pkgs/development/compilers/avian/default.nix index 4dc384f70a34..387ae906b88d 100644 --- a/pkgs/development/compilers/avian/default.nix +++ b/pkgs/development/compilers/avian/default.nix @@ -14,7 +14,7 @@ stdenv.mkDerivation rec { buildInputs = [ zlib jdk ] ++ stdenv.lib.optionals stdenv.isDarwin [ CoreServices Foundation ]; - NIX_CFLAGS_COMPILE = stdenv.lib.optionalString stdenv.cc.isClang "-Wno-error"; + NIX_CFLAGS_COMPILE = "-Wno-error"; postPatch = '' substituteInPlace makefile \ diff --git a/pkgs/development/compilers/ghc/7.10.3.nix b/pkgs/development/compilers/ghc/7.10.3.nix index 2565afab334b..3dd320e02572 100644 --- a/pkgs/development/compilers/ghc/7.10.3.nix +++ b/pkgs/development/compilers/ghc/7.10.3.nix @@ -16,7 +16,7 @@ , # If enabled, GHC will be built with the GPL-free but slower integer-simple # library instead of the faster but GPLed integer-gmp library. - enableIntegerSimple ? false, gmp ? null + enableIntegerSimple ? !(gmp.meta.available or false), gmp , # If enabled, use -fPIC when compiling static libs. enableRelocatedStaticLibs ? targetPlatform != hostPlatform @@ -30,8 +30,6 @@ ghcFlavour ? stdenv.lib.optionalString (targetPlatform != hostPlatform) "perf-cross" }: -assert !enableIntegerSimple -> gmp != null; - let inherit (bootPkgs) ghc; diff --git a/pkgs/development/compilers/ghc/8.0.2.nix b/pkgs/development/compilers/ghc/8.0.2.nix index 4aa9f3fc81cb..53c5a218cb13 100644 --- a/pkgs/development/compilers/ghc/8.0.2.nix +++ b/pkgs/development/compilers/ghc/8.0.2.nix @@ -15,7 +15,7 @@ , # If enabled, GHC will be built with the GPL-free but slower integer-simple # library instead of the faster but GPLed integer-gmp library. - enableIntegerSimple ? false, gmp ? null + enableIntegerSimple ? !(gmp.meta.available or false), gmp , # If enabled, use -fPIC when compiling static libs. enableRelocatedStaticLibs ? targetPlatform != hostPlatform @@ -29,8 +29,6 @@ ghcFlavour ? stdenv.lib.optionalString (targetPlatform != hostPlatform) "perf-cross" }: -assert !enableIntegerSimple -> gmp != null; - let inherit (bootPkgs) ghc; diff --git a/pkgs/development/compilers/ghc/8.2.2.nix b/pkgs/development/compilers/ghc/8.2.2.nix index 87de0fd53f62..4e9eff06f26e 100644 --- a/pkgs/development/compilers/ghc/8.2.2.nix +++ b/pkgs/development/compilers/ghc/8.2.2.nix @@ -16,7 +16,7 @@ , # If enabled, GHC will be built with the GPL-free but slower integer-simple # library instead of the faster but GPLed integer-gmp library. - enableIntegerSimple ? false, gmp ? null + enableIntegerSimple ? !(gmp.meta.available or false), gmp , # If enabled, use -fPIC when compiling static libs. enableRelocatedStaticLibs ? targetPlatform != hostPlatform @@ -34,8 +34,6 @@ deterministicProfiling ? false }: -assert !enableIntegerSimple -> gmp != null; - let inherit (bootPkgs) ghc; diff --git a/pkgs/development/compilers/ghc/8.4.2.nix b/pkgs/development/compilers/ghc/8.4.2.nix index 9a57161d3a71..d793f0b391af 100644 --- a/pkgs/development/compilers/ghc/8.4.2.nix +++ b/pkgs/development/compilers/ghc/8.4.2.nix @@ -15,7 +15,7 @@ , # If enabled, GHC will be built with the GPL-free but slower integer-simple # library instead of the faster but GPLed integer-gmp library. - enableIntegerSimple ? false, gmp ? null + enableIntegerSimple ? !(gmp.meta.available or false), gmp , # If enabled, use -fPIC when compiling static libs. enableRelocatedStaticLibs ? targetPlatform != hostPlatform @@ -32,8 +32,6 @@ ghcFlavour ? stdenv.lib.optionalString (targetPlatform != hostPlatform) "perf-cross" }: -assert !enableIntegerSimple -> gmp != null; - let inherit (bootPkgs) ghc; diff --git a/pkgs/development/compilers/ghc/head.nix b/pkgs/development/compilers/ghc/head.nix index c9effb90ac33..c128891ec382 100644 --- a/pkgs/development/compilers/ghc/head.nix +++ b/pkgs/development/compilers/ghc/head.nix @@ -15,7 +15,7 @@ , # If enabled, GHC will be built with the GPL-free but slower integer-simple # library instead of the faster but GPLed integer-gmp library. - enableIntegerSimple ? false, gmp ? null + enableIntegerSimple ? !(gmp.meta.available or false), gmp , # If enabled, use -fPIC when compiling static libs. enableRelocatedStaticLibs ? targetPlatform != hostPlatform @@ -33,8 +33,6 @@ ghcFlavour ? stdenv.lib.optionalString (targetPlatform != hostPlatform) "perf-cross" }: -assert !enableIntegerSimple -> gmp != null; - let inherit (bootPkgs) ghc; diff --git a/pkgs/development/compilers/openjdk/read-truststore-from-env-jdk10.patch b/pkgs/development/compilers/openjdk/read-truststore-from-env-jdk10.patch index b5abc1d794db..6203064f5c06 100644 --- a/pkgs/development/compilers/openjdk/read-truststore-from-env-jdk10.patch +++ b/pkgs/development/compilers/openjdk/read-truststore-from-env-jdk10.patch @@ -8,12 +8,22 @@ * jssecacerts * cacerts */ -@@ -144,6 +145,9 @@ +@@ -132,7 +133,8 @@ + public TrustStoreDescriptor run() { + // Get the system properties for trust store. + String storePropName = System.getProperty( +- "javax.net.ssl.trustStore", jsseDefaultStore); ++ "javax.net.ssl.trustStore", ++ System.getenv("JAVAX_NET_SSL_TRUSTSTORE")); + String storePropType = System.getProperty( + "javax.net.ssl.trustStoreType", + KeyStore.getDefaultType()); +@@ -144,6 +146,9 @@ String temporaryName = ""; File temporaryFile = null; long temporaryTime = 0L; -+ if (storePropName == null){ -+ storePropName = System.getenv("JAVAX_NET_SSL_TRUSTSTORE"); ++ if (storePropName == null) { ++ storePropName = jsseDefaultStore; + } if (!"NONE".equals(storePropName)) { String[] fileNames = diff --git a/pkgs/development/compilers/ponyc/default.nix b/pkgs/development/compilers/ponyc/default.nix index 061b9b8639d2..cc993af82080 100644 --- a/pkgs/development/compilers/ponyc/default.nix +++ b/pkgs/development/compilers/ponyc/default.nix @@ -3,13 +3,13 @@ stdenv.mkDerivation ( rec { name = "ponyc-${version}"; - version = "0.22.6"; + version = "0.23.0"; src = fetchFromGitHub { owner = "ponylang"; repo = "ponyc"; rev = version; - sha256 = "05y0qcfdyzv6cgizhbg6yl7rrlbfbkcr0jmxjlzhvhz7dypk20cl"; + sha256 = "1m0zvl30926652akyzpvy5m7jn35697d5mkg3xbn3yqwbsfk4yhk"; }; buildInputs = [ llvm makeWrapper which ]; diff --git a/pkgs/development/compilers/solc/default.nix b/pkgs/development/compilers/solc/default.nix index d94ce75e3f55..edb7fc61d2a3 100644 --- a/pkgs/development/compilers/solc/default.nix +++ b/pkgs/development/compilers/solc/default.nix @@ -1,16 +1,15 @@ { stdenv, fetchzip, fetchFromGitHub, boost, cmake, z3 }: let - version = "0.4.23"; - rev = "124ca40dc525a987a88176c6e5170978e82fa290"; - sha256 = "07l8rfqh95yrdmbxc4pfb77s06k5v65dk3rgdqscqmwchkndrmm0"; - jsoncppURL = https://github.com/open-source-parsers/jsoncpp/archive/1.7.7.tar.gz; + version = "0.4.24"; + rev = "e67f0147998a9e3835ed3ce8bf6a0a0c634216c5"; + sha256 = "1gy2miv6ia1z98zy6w4y03balwfr964bnvwzyg8v7pn2mayqnaap"; + jsoncppURL = https://github.com/open-source-parsers/jsoncpp/archive/1.8.4.tar.gz; jsoncpp = fetchzip { url = jsoncppURL; - sha256 = "0jz93zv17ir7lbxb3dv8ph2n916rajs8i96immwx9vb45pqid3n0"; + sha256 = "1z0gj7a6jypkijmpknis04qybs1hkd04d1arr3gy89lnxmp6qzlm"; }; in - stdenv.mkDerivation { name = "solc-${version}"; @@ -21,7 +20,6 @@ stdenv.mkDerivation { }; patches = [ - ./patches/boost-shared-libs.patch ./patches/shared-libs-install.patch ]; @@ -30,17 +28,23 @@ stdenv.mkDerivation { echo >commit_hash.txt "${rev}" substituteInPlace cmake/jsoncpp.cmake \ --replace "${jsoncppURL}" ${jsoncpp} - substituteInPlace cmake/EthCompilerSettings.cmake \ - --replace "add_compile_options(-Werror)" "" + + # To allow non-standard CMAKE_INSTALL_LIBDIR (fixed in upstream, not yet released) + substituteInPlace cmake/jsoncpp.cmake \ + --replace "\''${CMAKE_INSTALL_LIBDIR}" "lib" \ + --replace "# Build static lib but suitable to be included in a shared lib." "-DCMAKE_INSTALL_LIBDIR=lib" ''; cmakeFlags = [ "-DBoost_USE_STATIC_LIBS=OFF" "-DBUILD_SHARED_LIBS=ON" "-DINSTALL_LLLC=ON" - "-DTESTS=OFF" ]; + doCheck = stdenv.hostPlatform.isLinux && stdenv.hostPlatform == stdenv.buildPlatform; + checkPhase = "LD_LIBRARY_PATH=./libsolc:./libsolidity:./liblll:./libevmasm:./libdevcore:$LD_LIBRARY_PATH " + + "./test/soltest -p -- --no-ipc --no-smt --testpath ../test"; + nativeBuildInputs = [ cmake ]; buildInputs = [ boost z3 ]; diff --git a/pkgs/development/compilers/solc/patches/boost-shared-libs.patch b/pkgs/development/compilers/solc/patches/boost-shared-libs.patch deleted file mode 100644 index 499fc46c6caf..000000000000 --- a/pkgs/development/compilers/solc/patches/boost-shared-libs.patch +++ /dev/null @@ -1,24 +0,0 @@ -diff --git a/libsolidity/CMakeLists.txt b/libsolidity/CMakeLists.txt -index 97b01c83..0bdec4b4 100644 ---- a/libsolidity/CMakeLists.txt -+++ b/libsolidity/CMakeLists.txt -@@ -28,7 +28,7 @@ else() - endif() - - add_library(solidity ${sources} ${headers}) --target_link_libraries(solidity PUBLIC evmasm devcore) -+target_link_libraries(solidity PUBLIC evmasm devcore ${Boost_FILESYSTEM_LIBRARY} ${Boost_SYSTEM_LIBRARY}) - - if (${Z3_FOUND}) - target_link_libraries(solidity PUBLIC ${Z3_LIBRARY}) -diff --git a/lllc/CMakeLists.txt b/lllc/CMakeLists.txt -index 5c480093..d6538ee2 100644 ---- a/lllc/CMakeLists.txt -+++ b/lllc/CMakeLists.txt -@@ -1,5 +1,5 @@ - add_executable(lllc main.cpp) --target_link_libraries(lllc PRIVATE lll) -+target_link_libraries(lllc PRIVATE lll ${Boost_SYSTEM_LIBRARY}) - - if (INSTALL_LLLC) - include(GNUInstallDirs) diff --git a/pkgs/development/compilers/solc/patches/shared-libs-install.patch b/pkgs/development/compilers/solc/patches/shared-libs-install.patch index 732797e5ae7d..70162bfbcb6a 100644 --- a/pkgs/development/compilers/solc/patches/shared-libs-install.patch +++ b/pkgs/development/compilers/solc/patches/shared-libs-install.patch @@ -1,11 +1,12 @@ diff --git a/CMakeLists.txt b/CMakeLists.txt -index 4ac56b43..dacf3853 100644 +index 0c05208f..8893648e 100644 --- a/CMakeLists.txt +++ b/CMakeLists.txt -@@ -48,6 +48,19 @@ add_subdirectory(libevmasm) +@@ -48,6 +48,20 @@ add_subdirectory(libevmasm) add_subdirectory(libsolidity) add_subdirectory(libsolc) ++ +install(DIRECTORY libdevcore/ + DESTINATION ${CMAKE_INSTALL_INCLUDEDIR}/libdevcore + FILES_MATCHING PATTERN "*.h") @@ -38,7 +39,7 @@ index 86192c1b..e7f15e93 100644 @@ -3,3 +3,4 @@ file(GLOB headers "*.h") add_library(evmasm ${sources} ${headers}) - target_link_libraries(evmasm PUBLIC jsoncpp devcore) + target_link_libraries(evmasm PUBLIC devcore) +install(TARGETS evmasm LIBRARY DESTINATION ${CMAKE_INSTALL_LIBDIR}) diff --git a/liblll/CMakeLists.txt b/liblll/CMakeLists.txt index 4cdc073a..b61f03c7 100644 @@ -50,11 +51,10 @@ index 4cdc073a..b61f03c7 100644 target_link_libraries(lll PUBLIC evmasm devcore) +install(TARGETS lll LIBRARY DESTINATION ${CMAKE_INSTALL_LIBDIR}) diff --git a/libsolidity/CMakeLists.txt b/libsolidity/CMakeLists.txt -index 97b01c83..e876177e 100644 +index 0bdec4b4..e876177e 100644 --- a/libsolidity/CMakeLists.txt +++ b/libsolidity/CMakeLists.txt -@@ -28,7 +28,8 @@ else() - endif() +@@ -29,6 +29,7 @@ endif() add_library(solidity ${sources} ${headers}) target_link_libraries(solidity PUBLIC evmasm devcore ${Boost_FILESYSTEM_LIBRARY} ${Boost_SYSTEM_LIBRARY}) diff --git a/pkgs/development/haskell-modules/configuration-common.nix b/pkgs/development/haskell-modules/configuration-common.nix index ad07da83c4e3..425b48f9ad6a 100644 --- a/pkgs/development/haskell-modules/configuration-common.nix +++ b/pkgs/development/haskell-modules/configuration-common.nix @@ -348,7 +348,7 @@ self: super: { itanium-abi = dontCheck super.itanium-abi; katt = dontCheck super.katt; language-slice = dontCheck super.language-slice; - language-nix = overrideCabal super.language-nix (drv: { broken = pkgs.stdenv.isLinux && pkgs.stdenv.isi686; }); # Tests crash on 32-bit linux; see https://github.com/peti/language-nix/issues/4 + language-nix = if pkgs.stdenv.isi686 then dontCheck super.language-nix else super.language-nix; ldap-client = dontCheck super.ldap-client; lensref = dontCheck super.lensref; lucid = dontCheck super.lucid; #https://github.com/chrisdone/lucid/issues/25 diff --git a/pkgs/development/haskell-modules/configuration-ghcjs.nix b/pkgs/development/haskell-modules/configuration-ghcjs.nix index c04686734675..0482d03ba8fb 100644 --- a/pkgs/development/haskell-modules/configuration-ghcjs.nix +++ b/pkgs/development/haskell-modules/configuration-ghcjs.nix @@ -23,13 +23,6 @@ self: super: }; in stage1 // stage2 // { - old-time = overrideCabal stage2.old-time (drv: { - postPatch = '' - ${pkgs.autoconf}/bin/autoreconf --install --force --verbose - ''; - buildTools = pkgs.lib.optional pkgs.stdenv.isDarwin pkgs.darwin.libiconv; - }); - network = addBuildTools super.network (pkgs.lib.optional pkgs.stdenv.isDarwin pkgs.darwin.libiconv); zlib = addBuildTools super.zlib (pkgs.lib.optional pkgs.stdenv.isDarwin pkgs.darwin.libiconv); unix-compat = addBuildTools super.unix-compat (pkgs.lib.optional pkgs.stdenv.isDarwin pkgs.darwin.libiconv); @@ -201,4 +194,7 @@ self: super: # triggers an internal pattern match failure in haddock # https://github.com/haskell/haddock/issues/553 wai = dontHaddock super.wai; + + base-orphans = dontCheck super.base-orphans; + distributive = dontCheck super.distributive; } diff --git a/pkgs/development/java-modules/jogl/default.nix b/pkgs/development/java-modules/jogl/default.nix index 474eaa0e1dc4..cceec44e6ae6 100644 --- a/pkgs/development/java-modules/jogl/default.nix +++ b/pkgs/development/java-modules/jogl/default.nix @@ -1,4 +1,4 @@ -{ stdenv, fetchgit, makeWrapper, ant, jdk, openjdk8, zulu8, git, xorg, udev }: +{ stdenv, fetchgit, makeWrapper, ant, jdk, openjdk8, zulu8, git, xorg, udev, libGL, libGLU }: let # workaround https://github.com/NixOS/nixpkgs/issues/37364 @@ -19,12 +19,18 @@ in name = "jogl-${version}"; src = fetchgit { - url = http://jogamp.org/srv/scm/jogl.git; + url = git://jogamp.org/srv/scm/jogl.git; rev = "v${version}"; sha256 = "0msi2gxiqm2yqwkmxqbh521xdrimw1fly20g890r357rcgj8fsn3"; fetchSubmodules = true; }; + postPatch = '' + find . -type f -name '*.java' \ + -exec sed -i 's@"libGL.so"@"${libGL}/lib/libGL.so"@' {} \; \ + -exec sed -i 's@"libGLU.so"@"${libGLU}/lib/libGLU.so"@' {} \; + ''; + buildInputs = [ jdk-without-symlinks ant git udev xorg.libX11 xorg.libXrandr xorg.libXcursor xorg.libXt xorg.libXxf86vm xorg.libXrender ]; buildPhase = '' diff --git a/pkgs/development/libraries/appstream-glib/default.nix b/pkgs/development/libraries/appstream-glib/default.nix index b09f5f67f563..3a0868ccecb4 100644 --- a/pkgs/development/libraries/appstream-glib/default.nix +++ b/pkgs/development/libraries/appstream-glib/default.nix @@ -4,7 +4,7 @@ , libuuid, json-glib, meson, gperf, ninja }: stdenv.mkDerivation rec { - name = "appstream-glib-0.7.8"; + name = "appstream-glib-0.7.9"; outputs = [ "out" "dev" "man" "installedTests" ]; outputBin = "dev"; @@ -13,7 +13,7 @@ stdenv.mkDerivation rec { owner = "hughsie"; repo = "appstream-glib"; rev = stdenv.lib.replaceStrings ["." "-"] ["_" "_"] name; - sha256 = "10hcl3sl3g8ajg9mssq3g4dbzz0d4b2ybimrcq71cpycqrqhilhx"; + sha256 = "10b32qw7iy0v1jvmf18wqgs8d1cpy52zm5rzw0wv421n90qiyidk"; }; nativeBuildInputs = [ diff --git a/pkgs/development/libraries/asio/1.10.nix b/pkgs/development/libraries/asio/1.10.nix new file mode 100644 index 000000000000..f63fbbd495cb --- /dev/null +++ b/pkgs/development/libraries/asio/1.10.nix @@ -0,0 +1,6 @@ +{callPackage, ... } @ args: + +callPackage ./generic.nix (args // { + version = "1.10.8"; + sha256 = "0jgdl4fxw0hwy768rl3lhdc0czz7ak7czf3dg10j21pdpfpfvpi6"; +}) diff --git a/pkgs/development/libraries/asio/1.12.nix b/pkgs/development/libraries/asio/1.12.nix new file mode 100644 index 000000000000..94fe4c703670 --- /dev/null +++ b/pkgs/development/libraries/asio/1.12.nix @@ -0,0 +1,6 @@ +{callPackage, ... } @ args: + +callPackage ./generic.nix (args // { + version = "1.12.1"; + sha256 = "0nln45662kg799ykvqx5m9z9qcsmadmgg6r5najryls7x16in2d9"; +}) diff --git a/pkgs/development/libraries/asio/default.nix b/pkgs/development/libraries/asio/default.nix deleted file mode 100644 index 1126b4a7f2c9..000000000000 --- a/pkgs/development/libraries/asio/default.nix +++ /dev/null @@ -1,21 +0,0 @@ -{stdenv, fetchurl, boost, openssl}: - -stdenv.mkDerivation rec { - name = "asio-1.12.1"; - - src = fetchurl { - url = "mirror://sourceforge/asio/${name}.tar.bz2"; - sha256 = "0nln45662kg799ykvqx5m9z9qcsmadmgg6r5najryls7x16in2d9"; - }; - - propagatedBuildInputs = [ boost ]; - buildInputs = [ openssl ]; - - meta = { - homepage = http://asio.sourceforge.net/; - description = "Cross-platform C++ library for network and low-level I/O programming"; - license = stdenv.lib.licenses.boost; - platforms = stdenv.lib.platforms.unix; - }; - -} diff --git a/pkgs/development/libraries/asio/generic.nix b/pkgs/development/libraries/asio/generic.nix new file mode 100644 index 000000000000..58dd4f614231 --- /dev/null +++ b/pkgs/development/libraries/asio/generic.nix @@ -0,0 +1,25 @@ +{stdenv, fetchurl, boost, openssl +, version, sha256, ... +}: + +with stdenv.lib; + +stdenv.mkDerivation { + name = "asio-${version}"; + + src = fetchurl { + url = "mirror://sourceforge/asio/asio-${version}.tar.bz2"; + inherit sha256; + }; + + propagatedBuildInputs = [ boost ]; + + buildInputs = [ openssl ]; + + meta = { + homepage = http://asio.sourceforge.net/; + description = "Cross-platform C++ library for network and low-level I/O programming"; + license = licenses.boost; + platforms = platforms.unix; + }; +} diff --git a/pkgs/development/libraries/audio/libbass/default.nix b/pkgs/development/libraries/audio/libbass/default.nix index 4c2918c922da..703679ba3a55 100644 --- a/pkgs/development/libraries/audio/libbass/default.nix +++ b/pkgs/development/libraries/audio/libbass/default.nix @@ -11,7 +11,7 @@ let x86_64-linux = "x64/libbass.so"; }; urlpath = "bass${version}-linux.zip"; - sha256 = "1a2z9isabkymz7qmkgklbjpj2wxkvv1cngfp9aj0c9178v97pjd7"; + sha256 = "0alxx7knkvzwwifqrmzavafwq53flja7s1ckaabk6p2ir2f0j5cp"; }; bass_fx = { diff --git a/pkgs/development/libraries/cctz/default.nix b/pkgs/development/libraries/cctz/default.nix new file mode 100644 index 000000000000..e61b5840cf93 --- /dev/null +++ b/pkgs/development/libraries/cctz/default.nix @@ -0,0 +1,27 @@ +{ stdenv, fetchFromGitHub }: + +stdenv.mkDerivation rec { + name = "cctz-${version}"; + version = "2.2"; + + src = fetchFromGitHub { + owner = "google"; + repo = "cctz"; + rev = "v${version}"; + sha256 = "0liiqz1swfc019rzfaa9y5kavs2hwabs2vnwbn9jfczhyxy34y89"; + }; + + makeFlags = [ "PREFIX=$(out)" ]; + + installTargets = [ "install_hdrs" "install_shared_lib" ]; + + enableParallelBuilding = true; + + meta = with stdenv.lib; { + homepage = https://github.com/google/cctz; + description = "C++ library for translating between absolute and civil times"; + license = licenses.asl20; + maintainers = with maintainers; [ orivej ]; + platforms = platforms.all; + }; +} diff --git a/pkgs/development/libraries/fftw/default.nix b/pkgs/development/libraries/fftw/default.nix index 3c5100f2f7f4..12b30cf0349f 100644 --- a/pkgs/development/libraries/fftw/default.nix +++ b/pkgs/development/libraries/fftw/default.nix @@ -13,7 +13,10 @@ stdenv.mkDerivation rec { name = "fftw-${precision}-${version}"; src = fetchurl { - url = "ftp://ftp.fftw.org/pub/fftw/fftw-${version}.tar.gz"; + urls = [ + "http://fftw.org/fftw-${version}.tar.gz" + "ftp://ftp.fftw.org/pub/fftw/fftw-${version}.tar.gz" + ]; sha256 = "00z3k8fq561wq2khssqg0kallk0504dzlx989x3vvicjdqpjc4v1"; }; diff --git a/pkgs/development/libraries/gmp/6.x.nix b/pkgs/development/libraries/gmp/6.x.nix index 551e7e5e1f6b..2635aed3eaca 100644 --- a/pkgs/development/libraries/gmp/6.x.nix +++ b/pkgs/development/libraries/gmp/6.x.nix @@ -75,6 +75,7 @@ let self = stdenv.mkDerivation rec { asymptotically faster algorithms. ''; + broken = with stdenv.hostPlatform; useAndroidPrebuilt || useiOSPrebuilt; platforms = platforms.all; maintainers = [ maintainers.peti maintainers.vrthra ]; }; diff --git a/pkgs/development/libraries/libblockdev/default.nix b/pkgs/development/libraries/libblockdev/default.nix new file mode 100644 index 000000000000..077efe299ec3 --- /dev/null +++ b/pkgs/development/libraries/libblockdev/default.nix @@ -0,0 +1,39 @@ +{ stdenv, fetchFromGitHub, autoreconfHook, pkgconfig, gtk-doc, libxslt, docbook_xsl +, docbook_xml_dtd_43, python3, gobjectIntrospection, glib, libudev, kmod, parted +, cryptsetup, devicemapper, dmraid, utillinux, libbytesize, libndctl, nss, volume_key +}: + +let + version = "2.17"; +in stdenv.mkDerivation rec { + name = "libblockdev-${version}"; + + src = fetchFromGitHub { + owner = "storaged-project"; + repo = "libblockdev"; + rev = "${version}-1"; + sha256 = "14f52cj2qcnm8i2zb57qfpdk3kij2gb3xgqkbvidmf6sjicq84z2"; + }; + + outputs = [ "out" "dev" "devdoc" ]; + + postPatch = '' + patchShebangs scripts + ''; + + nativeBuildInputs = [ + autoreconfHook pkgconfig gtk-doc libxslt docbook_xsl docbook_xml_dtd_43 python3 gobjectIntrospection + ]; + + buildInputs = [ + glib libudev kmod parted cryptsetup devicemapper dmraid utillinux libbytesize libndctl nss volume_key + ]; + + meta = with stdenv.lib; { + description = "A library for manipulating block devices"; + homepage = http://storaged.org/libblockdev/; + license = licenses.lgpl2Plus; # lgpl2Plus for the library, gpl2Plus for the utils + maintainers = with maintainers; []; + platforms = platforms.linux; + }; +} diff --git a/pkgs/development/libraries/libbytesize/default.nix b/pkgs/development/libraries/libbytesize/default.nix new file mode 100644 index 000000000000..f1dcf60b3b94 --- /dev/null +++ b/pkgs/development/libraries/libbytesize/default.nix @@ -0,0 +1,31 @@ +{ stdenv, fetchFromGitHub, autoreconfHook, pkgconfig, gettext +, gtk-doc, libxslt, docbook_xml_dtd_43, docbook_xsl +, python3, pcre, gmp, mpfr +}: + +let + version = "1.3"; +in stdenv.mkDerivation rec { + name = "libbytesize-${version}"; + + src = fetchFromGitHub { + owner = "storaged-project"; + repo = "libbytesize"; + rev = version; + sha256 = "1ys5d8rya8x4q34gn1hr96z7797s9gdzah0y0d7g84x5x6k50p30"; + }; + + outputs = [ "out" "dev" "devdoc" ]; + + nativeBuildInputs = [ autoreconfHook pkgconfig gettext gtk-doc libxslt docbook_xml_dtd_43 docbook_xsl python3 ]; + + buildInputs = [ pcre gmp mpfr ]; + + meta = with stdenv.lib; { + description = "A tiny library providing a C “class” for working with arbitrary big sizes in bytes"; + homepage = src.meta.homepage; + license = licenses.lgpl2Plus; + maintainers = with maintainers; []; + platforms = platforms.linux; + }; +} diff --git a/pkgs/development/libraries/libcanberra/default.nix b/pkgs/development/libraries/libcanberra/default.nix index 83f86c40c0d1..0d1772d0c549 100644 --- a/pkgs/development/libraries/libcanberra/default.nix +++ b/pkgs/development/libraries/libcanberra/default.nix @@ -1,5 +1,7 @@ -{ stdenv, fetchurl, pkgconfig, libtool, gtk ? null, libcap -, alsaLib, libpulseaudio, gst_all_1, libvorbis }: +{ stdenv, lib, fetchurl, fetchpatch, pkgconfig, libtool +, gtk ? null +, libpulseaudio, gst_all_1, libvorbis, libcap +, withAlsa ? stdenv.isLinux, alsaLib }: stdenv.mkDerivation rec { name = "libcanberra-0.30"; @@ -11,11 +13,20 @@ stdenv.mkDerivation rec { nativeBuildInputs = [ pkgconfig libtool ]; buildInputs = [ - alsaLib libpulseaudio libvorbis gtk libcap - ] ++ (with gst_all_1; [ gstreamer gst-plugins-base ]); + libpulseaudio libvorbis gtk + ] ++ (with gst_all_1; [ gstreamer gst-plugins-base ]) + ++ lib.optional stdenv.isLinux libcap + ++ lib.optional withAlsa alsaLib; configureFlags = "--disable-oss"; + patchFlags = "-p0"; + patches = stdenv.lib.optional stdenv.isDarwin + (fetchpatch { + url = "https://raw.githubusercontent.com/macports/macports-ports/master/audio/libcanberra/files/patch-configure.diff"; + sha256 = "1f7h7ifpqvbfhqygn1b7klvwi80zmpv3538vbmq7ql7bkf1q8h31"; + }); + postInstall = '' for f in $out/lib/*.la; do sed 's|-lltdl|-L${libtool.lib}/lib -lltdl|' -i $f @@ -42,6 +53,6 @@ stdenv.mkDerivation rec { license = stdenv.lib.licenses.lgpl2Plus; maintainers = [ ]; - platforms = stdenv.lib.platforms.gnu ++ stdenv.lib.platforms.linux; # arbitrary choice + platforms = stdenv.lib.platforms.unix; }; } diff --git a/pkgs/development/libraries/libcouchbase/default.nix b/pkgs/development/libraries/libcouchbase/default.nix index bf72ec767258..8474b387d851 100644 --- a/pkgs/development/libraries/libcouchbase/default.nix +++ b/pkgs/development/libraries/libcouchbase/default.nix @@ -16,7 +16,7 @@ stdenv.mkDerivation rec { nativeBuildInputs = [ cmake pkgconfig ]; buildInputs = [ libevent openssl ]; - doCheck = true; + doCheck = (!stdenv.isDarwin); checkPhase = "ctest"; meta = with stdenv.lib; { diff --git a/pkgs/development/libraries/libgtop/default.nix b/pkgs/development/libraries/libgtop/default.nix index 656395b8867d..6498014aee8d 100644 --- a/pkgs/development/libraries/libgtop/default.nix +++ b/pkgs/development/libraries/libgtop/default.nix @@ -1,4 +1,4 @@ -{ stdenv, fetchurl, glib, pkgconfig, perl, gettext, gobjectIntrospection, libintl, gnome3 }: +{ stdenv, fetchurl, fetchpatch, glib, pkgconfig, perl, gettext, gobjectIntrospection, libintl, libtool, gnome3, gtk-doc }: let pname = "libgtop"; version = "2.38.0"; @@ -11,8 +11,20 @@ stdenv.mkDerivation rec { sha256 = "04mnxgzyb26wqk6qij4iw8cxwl82r8pcsna5dg8vz2j3pdi0wv2g"; }; + patches = [ + # Fix darwin build + (fetchpatch { + url = https://gitlab.gnome.org/GNOME/libgtop/commit/42b049f338363f92c1e93b4549fc944098eae674.patch; + sha256 = "0kf9ihgb0wqji6dcvg36s6igkh7b79k6y1n7w7wzsxya84x3hhyn"; + }) + ]; + propagatedBuildInputs = [ glib ]; - nativeBuildInputs = [ pkgconfig perl gettext gobjectIntrospection ]; + nativeBuildInputs = [ pkgconfig gnome3.gnome-common libtool gtk-doc perl gettext gobjectIntrospection ]; + + preConfigure = '' + ./autogen.sh + ''; passthru = { updateScript = gnome3.updateScript { @@ -24,6 +36,6 @@ stdenv.mkDerivation rec { description = "A library that reads information about processes and the running system"; license = licenses.gpl2Plus; maintainers = gnome3.maintainers; - platforms = with platforms; linux ++ darwin; + platforms = platforms.unix; }; } diff --git a/pkgs/development/libraries/libndctl/default.nix b/pkgs/development/libraries/libndctl/default.nix new file mode 100644 index 000000000000..fa48fc390aa0 --- /dev/null +++ b/pkgs/development/libraries/libndctl/default.nix @@ -0,0 +1,40 @@ +{ stdenv, fetchFromGitHub, autoreconfHook, autoconf, automake, asciidoc, docbook_xsl, docbook_xml_dtd_45, libxslt, xmlto, pkgconfig, json_c, kmod, which, systemd, utillinux +}: + +let + version = "60.3"; +in stdenv.mkDerivation rec { + name = "libndctl-${version}"; + + src = fetchFromGitHub { + owner = "pmem"; + repo = "ndctl"; + rev = "v${version}"; + sha256 = "0w19yh6f9skf5zy4bhdjlrn3wdx5xx9cq8j6h04cmw4nla6zj9ar"; + }; + + outputs = [ "out" "man" "dev" ]; + + nativeBuildInputs = [ + autoreconfHook asciidoc pkgconfig xmlto docbook_xml_dtd_45 docbook_xsl libxslt + ]; + + buildInputs = [ + json_c kmod systemd utillinux + ]; + + preAutoreconf = '' + substituteInPlace configure.ac --replace "which" "${which}/bin/which" + substituteInPlace git-version --replace /bin/bash ${stdenv.shell} + substituteInPlace git-version-gen --replace /bin/sh ${stdenv.shell} + echo "m4_define([GIT_VERSION], [${version}])" > version.m4; + ''; + + meta = with stdenv.lib; { + description = "Utility library for managing the libnvdimm (non-volatile memory device) sub-system in the Linux kernel"; + homepage = https://github.com/pmem/ndctl; + license = licenses.lgpl21; + maintainers = with maintainers; []; + platforms = platforms.linux; + }; +} diff --git a/pkgs/development/libraries/libtiff/default.nix b/pkgs/development/libraries/libtiff/default.nix index ab1bda9ed299..6676944d5291 100644 --- a/pkgs/development/libraries/libtiff/default.nix +++ b/pkgs/development/libraries/libtiff/default.nix @@ -13,12 +13,12 @@ stdenv.mkDerivation rec { prePatch = let debian = fetchurl { - url = http://snapshot.debian.org/archive/debian-debug/20180128T155203Z//pool/main/t/tiff/tiff_4.0.9-3.debian.tar.xz; - sha256 = "0wya42y7kcq093g3h7ca10cm5sns1mgnkjmdd2qdi59v8arga4y4"; + url = http://http.debian.net/debian/pool/main/t/tiff/tiff_4.0.9-5.debian.tar.xz; + sha256 = "15lwcsd46gini27akms2ngyxnwi1hs2yskrv5x2wazs5fw5ii62w"; }; in '' - tar xf '${debian}' - patches="$patches $(cat debian/patches/series | sed 's|^|debian/patches/|')" + tar xf ${debian} + patches="$patches $(sed 's|^|debian/patches/|' < debian/patches/series)" ''; outputs = [ "bin" "dev" "out" "man" "doc" ]; diff --git a/pkgs/development/libraries/opae/default.nix b/pkgs/development/libraries/opae/default.nix new file mode 100644 index 000000000000..b60a53e55ca1 --- /dev/null +++ b/pkgs/development/libraries/opae/default.nix @@ -0,0 +1,44 @@ +{ stdenv, fetchFromGitHub, cmake +, libuuid, json_c +, doxygen, perl, python2, python2Packages +}: + +stdenv.mkDerivation rec { + name = "opae-${version}"; + version = "1.0.0"; + + # the tag has a silly name for some reason. drop this in the future if + # possible + tver = "${version}-5"; + + src = fetchFromGitHub { + owner = "opae"; + repo = "opae-sdk"; + rev = "refs/tags/${tver}"; + sha256 = "1dmkpnr9dqxwjhbdzx2r3fdfylvinda421yyg319am5gzlysxwi8"; + }; + + doCheck = false; + + nativeBuildInputs = [ cmake doxygen perl python2Packages.sphinx ]; + buildInputs = [ libuuid json_c python2 ]; + + # Set the Epoch to 1980; otherwise the Python wheel/zip code + # gets very angry + preConfigure = '' + find . -type f | while read file; do + touch -d @315532800 $file; + done + ''; + + cmakeFlags = [ "-DBUILD_ASE=1" ]; + enableParallelBuilding = true; + + meta = with stdenv.lib; { + description = "Open Programmable Acceleration Engine SDK"; + homepage = https://01.org/opae; + license = licenses.bsd3; + platforms = [ "x86_64-linux" ]; + maintainers = with maintainers; [ thoughtpolice ]; + }; +} diff --git a/pkgs/development/libraries/openzwave/default.nix b/pkgs/development/libraries/openzwave/default.nix index 63c51996b227..087a22dd61ba 100644 --- a/pkgs/development/libraries/openzwave/default.nix +++ b/pkgs/development/libraries/openzwave/default.nix @@ -19,6 +19,8 @@ in stdenv.mkDerivation rec { buildInputs = [ systemd ]; + hardeningDisable = [ "format" ]; + enableParallelBuilding = true; installPhase = '' diff --git a/pkgs/development/libraries/pupnp/default.nix b/pkgs/development/libraries/pupnp/default.nix index fd738faf5074..018a57ad0571 100644 --- a/pkgs/development/libraries/pupnp/default.nix +++ b/pkgs/development/libraries/pupnp/default.nix @@ -2,13 +2,13 @@ stdenv.mkDerivation rec { name = "libupnp-${version}"; - version = "1.6.21"; + version = "1.8.3"; src = fetchFromGitHub { owner = "mrjimenez"; repo = "pupnp"; rev = "release-${version}"; - sha256 = "07ksfhadinaa20542gblrxi9pqz0v6y70a836hp3qr4037id4nm9"; + sha256 = "1w0kfq1pg3y2wl6gwkm1w872g0qz29w1z9wj08xxmwnk5mkpvsrl"; }; nativeBuildInputs = [ autoreconfHook ]; diff --git a/pkgs/development/libraries/talloc/default.nix b/pkgs/development/libraries/talloc/default.nix index 1d6818276eb8..e8f0d61b2f4f 100644 --- a/pkgs/development/libraries/talloc/default.nix +++ b/pkgs/development/libraries/talloc/default.nix @@ -3,11 +3,11 @@ }: stdenv.mkDerivation rec { - name = "talloc-2.1.12"; + name = "talloc-2.1.13"; src = fetchurl { url = "mirror://samba/talloc/${name}.tar.gz"; - sha256 = "0jv0ri9vj93fczzgl7rn7xvnfgl2kfx4x85cr8h8v52yh7v0qz4q"; + sha256 = "0iv09iv385x69gfzvassq6m3y0rd8ncylls95dm015xdy3drkww4"; }; nativeBuildInputs = [ pkgconfig ]; diff --git a/pkgs/development/libraries/volume-key/default.nix b/pkgs/development/libraries/volume-key/default.nix new file mode 100644 index 000000000000..53faf07623e9 --- /dev/null +++ b/pkgs/development/libraries/volume-key/default.nix @@ -0,0 +1,38 @@ +{ stdenv, fetchgit, fetchpatch, autoreconfHook, pkgconfig, gettext, python2 +, swig, glib, utillinux, cryptsetup, nss, gpgme +}: + +let + version = "0.3.10"; +in stdenv.mkDerivation rec { + name = "volume_key-${version}"; + + src = fetchgit { + url = https://pagure.io/volume_key.git; + rev = "ece1ce305234da454e330905c615ec474d9781c5"; + sha256 = "16qdi5s6ycsh0iyc362gly7ggrwamky8i0zgbd4ajp3ymk9vqdva"; + }; + + outputs = [ "out" "man" "dev" ]; + + nativeBuildInputs = [ autoreconfHook pkgconfig gettext python2 swig ]; + + buildInputs = [ glib cryptsetup nss utillinux gpgme ]; + + patches = [ + # Use pkg-config for locating Python.h + # https://pagure.io/volume_key/pull-request/12 + (fetchpatch { + url = https://pagure.io/fork/cathay4t/volume_key/c/8eda66d3b734ea335e37cf9d7d173b9e8ebe2fd9.patch; + sha256 = "01lr1zijk0imkk681zynm4w5ad3y6c9vdrmrzaib7w7ima75iczr"; + }) + ]; + + meta = with stdenv.lib; { + description = "A library for manipulating storage volume encryption keys and storing them separately from volumes to handle forgotten passphrases, and the associated command-line tool"; + homepage = https://pagure.io/volume_key/; + license = licenses.gpl2; + maintainers = with maintainers; []; + platforms = platforms.linux; + }; +} diff --git a/pkgs/development/python-modules/GitPython/default.nix b/pkgs/development/python-modules/GitPython/default.nix index c2f3706923a3..89b941c34fc2 100644 --- a/pkgs/development/python-modules/GitPython/default.nix +++ b/pkgs/development/python-modules/GitPython/default.nix @@ -1,4 +1,4 @@ -{ lib, buildPythonPackage, fetchPypi, gitdb2, mock, nose, ddt }: +{ lib, buildPythonPackage, fetchPypi, git, gitdb2, mock, nose, ddt }: buildPythonPackage rec { version = "2.1.9"; @@ -12,6 +12,10 @@ buildPythonPackage rec { checkInputs = [ mock nose ddt ]; propagatedBuildInputs = [ gitdb2 ]; + postPatch = '' + sed -i "s|^refresh()$|refresh(path='${git}/bin/git')|" git/__init__.py + ''; + # Tests require a git repo doCheck = false; diff --git a/pkgs/development/python-modules/ansiconv/default.nix b/pkgs/development/python-modules/ansiconv/default.nix new file mode 100644 index 000000000000..08f93134b325 --- /dev/null +++ b/pkgs/development/python-modules/ansiconv/default.nix @@ -0,0 +1,24 @@ +{ stdenv, buildPythonPackage, fetchFromGitHub, pytest }: + +buildPythonPackage rec { + pname = "ansiconv"; + version = "1.0.0"; + + src = fetchFromGitHub { + owner = "ansible"; + repo = pname; + rev = "v${version}"; + sha256 = "0ljfpl8x069arzginvpi1v6hlaq4x2qpjqj01qds2ylz33scq8r4"; + }; + + checkInputs = [ pytest ]; + + meta = with stdenv.lib; { + description = "A module for converting ANSI coded text and converts it to either plain text or HTML"; + homepage = https://github.com/ansible/ansiconv; + license = licenses.mit; + maintainers = with maintainers; [ psyanticy ]; + }; + +} + diff --git a/pkgs/development/python-modules/astunparse/default.nix b/pkgs/development/python-modules/astunparse/default.nix new file mode 100644 index 000000000000..4c46f93b547c --- /dev/null +++ b/pkgs/development/python-modules/astunparse/default.nix @@ -0,0 +1,17 @@ +{ stdenv, fetchPypi, buildPythonPackage, six }: + +buildPythonPackage rec { + pname = "astunparse"; + version = "1.5.0"; + src = fetchPypi { + inherit pname version; + sha256 = "1kc9lm2jvfcip3z8snj04dar5a9jh857a704m6lvcv4xclm3rpsm"; + }; + propagatedBuildInputs = [ six ]; + doCheck = false; # no tests + meta = with stdenv.lib; { + description = "This is a factored out version of unparse found in the Python source distribution"; + license = licenses.bsd3; + maintainers = with maintainers; [ jyp ]; + }; +} diff --git a/pkgs/development/python-modules/aws-sam-translator/default.nix b/pkgs/development/python-modules/aws-sam-translator/default.nix new file mode 100644 index 000000000000..514ccc7f619c --- /dev/null +++ b/pkgs/development/python-modules/aws-sam-translator/default.nix @@ -0,0 +1,38 @@ +{ lib +, buildPythonPackage +, fetchPypi +, isPy3k +, boto3 +, enum34 +, jsonschema +, six +}: + +buildPythonPackage rec { + pname = "aws-sam-translator"; + version = "1.5.4"; + + src = fetchPypi { + inherit pname version; + sha256 = "9d8a25e058c78d2cef5c07aec7f98cbc2070dbfc2eb6a2e102a16beafd14e3ca"; + }; + + # Tests are not included in the PyPI package + doCheck = false; + + disabled = isPy3k; + + propagatedBuildInputs = [ + boto3 + enum34 + jsonschema + six + ]; + + meta = { + homepage = https://github.com/awslabs/serverless-application-model; + description = "Python library to transform SAM templates into AWS CloudFormation templates"; + license = lib.licenses.asl20; + maintainers = [ lib.maintainers.andreabedini ]; + }; +} diff --git a/pkgs/development/python-modules/click/default.nix b/pkgs/development/python-modules/click/default.nix index d5dfba61010c..4a96ef7f6730 100644 --- a/pkgs/development/python-modules/click/default.nix +++ b/pkgs/development/python-modules/click/default.nix @@ -1,4 +1,4 @@ -{ stdenv, buildPythonPackage, fetchPypi, pytest }: +{ stdenv, buildPythonPackage, fetchPypi, substituteAll, locale, pytest }: buildPythonPackage rec { pname = "click"; @@ -9,6 +9,13 @@ buildPythonPackage rec { sha256 = "02qkfpykbq35id8glfgwc38yc430427yd05z1wc5cnld8zgicmgi"; }; + patches = [ + (substituteAll { + src = ./fix-paths.patch; + locale = "${locale}/bin/locale"; + }) + ]; + buildInputs = [ pytest ]; checkPhase = '' diff --git a/pkgs/development/python-modules/click/fix-paths.patch b/pkgs/development/python-modules/click/fix-paths.patch new file mode 100644 index 000000000000..04719871b76c --- /dev/null +++ b/pkgs/development/python-modules/click/fix-paths.patch @@ -0,0 +1,11 @@ +--- a/click/_unicodefun.py 2018-06-11 15:08:59.369358278 +0200 ++++ b/click/_unicodefun.py 2018-06-11 15:09:09.342325998 +0200 +@@ -60,7 +60,7 @@ + extra = '' + if os.name == 'posix': + import subprocess +- rv = subprocess.Popen(['locale', '-a'], stdout=subprocess.PIPE, ++ rv = subprocess.Popen(['@locale@', '-a'], stdout=subprocess.PIPE, + stderr=subprocess.PIPE).communicate()[0] + good_locales = set() + has_c_utf8 = False diff --git a/pkgs/development/python-modules/deap/default.nix b/pkgs/development/python-modules/deap/default.nix new file mode 100644 index 000000000000..fbc915c8eb04 --- /dev/null +++ b/pkgs/development/python-modules/deap/default.nix @@ -0,0 +1,26 @@ +{ stdenv, buildPythonPackage, fetchPypi, python, numpy, matplotlib }: + +buildPythonPackage rec { + pname = "deap"; + version = "1.2.2"; + + src = fetchPypi { + inherit pname version; + sha256 = "95c63e66d755ec206c80fdb2908851c0bef420ee8651ad7be4f0578e9e909bcf"; + }; + + propagatedBuildInputs = [ numpy matplotlib ]; + + checkPhase = '' + ${python.interpreter} setup.py nosetests --verbosity=3 + ''; + + meta = with stdenv.lib; { + description = "DEAP is a novel evolutionary computation framework for rapid prototyping and testing of ideas."; + homepage = https://github.com/DEAP/deap; + license = licenses.lgpl3; + maintainers = with maintainers; [ psyanticy ]; + }; + +} + diff --git a/pkgs/development/python-modules/gast/default.nix b/pkgs/development/python-modules/gast/default.nix new file mode 100644 index 000000000000..036bed9dd792 --- /dev/null +++ b/pkgs/development/python-modules/gast/default.nix @@ -0,0 +1,16 @@ +{ stdenv, fetchPypi, buildPythonPackage, astunparse }: + +buildPythonPackage rec { + pname = "gast"; + version = "0.2.0"; + src = fetchPypi { + inherit pname version; + sha256 = "0c296xm1vz9x4w4inmdl0k8mnc0i9arw94si2i7pglpc461r0s3h"; + }; + checkInputs = [ astunparse ] ; + meta = with stdenv.lib; { + description = "GAST provides a compatibility layer between the AST of various Python versions, as produced by ast.parse from the standard ast module."; + license = licenses.bsd3; + maintainers = with maintainers; [ jyp ]; + }; +} diff --git a/pkgs/development/python-modules/libarcus/default.nix b/pkgs/development/python-modules/libarcus/default.nix index d9cc5fb0d9e5..cf556a790033 100644 --- a/pkgs/development/python-modules/libarcus/default.nix +++ b/pkgs/development/python-modules/libarcus/default.nix @@ -7,7 +7,7 @@ else stdenv.mkDerivation rec { pname = "libarcus"; name = "${pname}-${version}"; - version = "3.2.1"; + version = "3.3.0"; src = fetchFromGitHub { owner = "Ultimaker"; @@ -26,7 +26,7 @@ stdenv.mkDerivation rec { meta = with stdenv.lib; { description = "Communication library between internal components for Ultimaker software"; - homepage = "https://github.com/Ultimaker/libArcus"; + homepage = https://github.com/Ultimaker/libArcus; license = licenses.agpl3; platforms = platforms.linux; maintainers = with maintainers; [ abbradar ]; diff --git a/pkgs/development/python-modules/mygpoclient/default.nix b/pkgs/development/python-modules/mygpoclient/default.nix index 097898a2d84f..5f30316eb711 100644 --- a/pkgs/development/python-modules/mygpoclient/default.nix +++ b/pkgs/development/python-modules/mygpoclient/default.nix @@ -17,6 +17,8 @@ buildPythonPackage rec { nosetests ''; + doCheck = (!stdenv.isDarwin); + meta = with stdenv.lib; { description = "A gpodder.net client library"; longDescription = '' diff --git a/pkgs/development/python-modules/pdf2image/default.nix b/pkgs/development/python-modules/pdf2image/default.nix new file mode 100644 index 000000000000..373bedaa1100 --- /dev/null +++ b/pkgs/development/python-modules/pdf2image/default.nix @@ -0,0 +1,21 @@ +{ stdenv, buildPythonPackage, fetchPypi, pillow, poppler_utils }: + +buildPythonPackage rec { + pname = "pdf2image"; + version = "0.1.13"; + + buildInputs = [ pillow poppler_utils ]; + + src = fetchPypi { + inherit pname version; + sha256 = "784928038588059e00c7f97e5608047cb754b6ec8fd10e7551e7ad0f40d2cd56"; + }; + + meta = with stdenv.lib; { + description = "A python module that wraps the pdftoppm utility to convert PDF to PIL Image object"; + homepage = https://github.com/Belval/pdf2image; + license = licenses.mit; + maintainers = with maintainers; [ gerschtli ]; + platforms = platforms.all; + }; +} diff --git a/pkgs/development/python-modules/pynisher/default.nix b/pkgs/development/python-modules/pynisher/default.nix new file mode 100644 index 000000000000..f389bee21586 --- /dev/null +++ b/pkgs/development/python-modules/pynisher/default.nix @@ -0,0 +1,25 @@ +{ stdenv, buildPythonPackage, fetchPypi, psutil, docutils }: + +buildPythonPackage rec { + pname = "pynisher"; + version = "0.4.2"; + + src = fetchPypi { + inherit pname version; + sha256 = "0sqa3zzqcr4vl5yhnafw1y187z62m4alajggc7dm2riw2ihd9kxl"; + }; + + propagatedBuildInputs = [ psutil docutils ]; + + # no tests in the Pypi archive + doCheck = false; + + meta = with stdenv.lib; { + description = "The pynisher is a little module intended to limit a functions resources."; + homepage = https://github.com/sfalkner/pynisher; + license = licenses.mit; + maintainers = with maintainers; [ psyanticy ]; + }; + +} + diff --git a/pkgs/development/python-modules/pyqt/5.x.nix b/pkgs/development/python-modules/pyqt/5.x.nix index 331366e379dd..d9de2edce683 100644 --- a/pkgs/development/python-modules/pyqt/5.x.nix +++ b/pkgs/development/python-modules/pyqt/5.x.nix @@ -1,4 +1,4 @@ -{ lib, fetchurl, pythonPackages, pkgconfig, makeWrapper, qmake +{ lib, fetchurl, pythonPackages, pkgconfig, makeWrapper, qmake, fetchpatch , lndir, qtbase, qtsvg, qtwebkit, qtwebengine, dbus_libs , withWebSockets ? false, qtwebsockets , withConnectivity ? false, qtconnectivity @@ -64,6 +64,17 @@ in buildPythonPackage { runHook postConfigure ''; + patches = [ + # This patch from Arch Linux fixes Cura segfaulting on startup + # https://github.com/Ultimaker/Cura/issues/3438 + # It can probably removed on 5.10.3 + (fetchpatch { + name = "pyqt5-cura-crash.patch"; + url = https://git.archlinux.org/svntogit/packages.git/plain/repos/extra-x86_64/pyqt5-cura-crash.patch?id=6cfe64a3d1827e0ed9cc62f1683a53b582315f4f; + sha256 = "02a0mw1z8p9hhqhl4bgjrmf1xq82xjmpivn5bg6r4yv6pidsh7ck"; + }) + ]; + postInstall = '' for i in $out/bin/*; do wrapProgram $i --prefix PYTHONPATH : "$PYTHONPATH" diff --git a/pkgs/development/python-modules/python-hosts/default.nix b/pkgs/development/python-modules/python-hosts/default.nix new file mode 100644 index 000000000000..08c617d750c3 --- /dev/null +++ b/pkgs/development/python-modules/python-hosts/default.nix @@ -0,0 +1,33 @@ +{ stdenv, buildPythonPackage, fetchPypi, pyyaml, pytest, pytestcov }: + +buildPythonPackage rec { + pname = "python-hosts"; + version = "0.4.1"; + + src = fetchPypi { + inherit pname version; + sha256 = "4a169a4669bddb720c032ef0132203ff8a7b6646266f7e6ab349177bab02b3ba"; + }; + + # win_inet_pton is required for windows support + prePatch = '' + substituteInPlace setup.py --replace "install_requires=['win_inet_pton']," "" + substituteInPlace python_hosts/utils.py --replace "import win_inet_pton" "" + ''; + + checkInputs = [ pyyaml pytest pytestcov ]; + + # Removing 1 test file (it requires internet connection) and keeping the other two + checkPhase = '' + pytest tests/test_hosts_entry.py + pytest tests/test_utils.py + ''; + + meta = with stdenv.lib; { + description = "A library for managing a hosts file. It enables adding and removing entries, or importing them from a file or URL"; + homepage = https://github.com/jonhadfield/python-hosts; + license = licenses.mit; + maintainers = with maintainers; [ psyanticy ]; + }; +} + diff --git a/pkgs/development/python-modules/spglib/default.nix b/pkgs/development/python-modules/spglib/default.nix new file mode 100644 index 000000000000..07273d0fa0d4 --- /dev/null +++ b/pkgs/development/python-modules/spglib/default.nix @@ -0,0 +1,27 @@ +{ stdenv, buildPythonPackage, fetchPypi, numpy, python }: + +buildPythonPackage rec { + pname = "spglib"; + version = "1.10.3.65"; + + src = fetchPypi { + inherit pname version; + sha256 = "55b49227835396b2bcd6afe724e9f37202ad0f61e273bedebd5bf740bad2e8e3"; + }; + + propagatedBuildInputs = [ numpy ]; + + checkPhase = '' + cd test + ${python.interpreter} -m unittest discover -bv + ''; + + meta = with stdenv.lib; { + description = "Python bindings for C library for finding and handling crystal symmetries"; + homepage = https://atztogo.github.io/spglib; + license = licenses.bsd3; + maintainers = with maintainers; [ psyanticy ]; + }; + +} + diff --git a/pkgs/development/python-modules/tensorflow-tensorboard/default.nix b/pkgs/development/python-modules/tensorflow-tensorboard/default.nix index f0b4e6f341d4..a767120ddf32 100644 --- a/pkgs/development/python-modules/tensorflow-tensorboard/default.nix +++ b/pkgs/development/python-modules/tensorflow-tensorboard/default.nix @@ -3,33 +3,34 @@ , numpy , werkzeug , protobuf +, grpcio , markdown , futures }: -# tensorflow is built from a downloaded wheel, because -# https://github.com/tensorflow/tensorboard/issues/719 -# blocks buildBazelPackage. +# tensorflow/tensorboard is built from a downloaded wheel, because +# https://github.com/tensorflow/tensorboard/issues/719 blocks +# buildBazelPackage. buildPythonPackage rec { pname = "tensorflow-tensorboard"; - version = "1.5.1"; + version = "1.7.0"; name = "${pname}-${version}"; format = "wheel"; src = fetchPypi ({ - pname = "tensorflow_tensorboard"; + pname = "tensorboard"; inherit version; format = "wheel"; } // (if isPy3k then { python = "py3"; - sha256 = "1cydgvrr0s05xqz1v9z2wdiv60gzbs8wv9wvbflw5700a2llb63l"; + sha256 = "1aa42rl3fkpllqch09d311gk1j281qry6nn07ywgbs6j0kwr6isc"; } else { python = "py2"; - sha256 = "0dhljddlirq6nr84zg4yrk5k69gj3x2abb6wg3crgrparb6qbya7"; + sha256 = "1vcdkyvw22kpljmj4gxb8m1q54ry02iwvw54w8v8hmdigvc77a7k"; })); - propagatedBuildInputs = [ bleach_1_5_0 numpy werkzeug protobuf markdown ] ++ lib.optional (!isPy3k) futures; + propagatedBuildInputs = [ bleach_1_5_0 numpy werkzeug protobuf markdown grpcio ] ++ lib.optional (!isPy3k) futures; meta = with stdenv.lib; { description = "TensorFlow's Visualization Toolkit"; diff --git a/pkgs/development/python-modules/tensorflow/bin.nix b/pkgs/development/python-modules/tensorflow/bin.nix index 9c6b84e8c7ac..21b21f174d0b 100644 --- a/pkgs/development/python-modules/tensorflow/bin.nix +++ b/pkgs/development/python-modules/tensorflow/bin.nix @@ -3,8 +3,11 @@ , fetchurl , buildPythonPackage , isPy3k, isPy35, isPy36, pythonOlder +, astor +, gast , numpy , six +, termcolor , protobuf , absl-py , mock @@ -47,7 +50,7 @@ in buildPythonPackage rec { dls = import ./tf1.7.1-hashes.nix; in fetchurl dls.${key}; - propagatedBuildInputs = [ numpy six protobuf absl-py ] + propagatedBuildInputs = [ numpy six protobuf absl-py astor gast termcolor ] ++ lib.optional (!isPy3k) mock ++ lib.optionals (pythonOlder "3.4") [ backports_weakref enum34 ] ++ lib.optional (pythonOlder "3.6") tensorflow-tensorboard; @@ -68,7 +71,7 @@ in buildPythonPackage rec { lib.optionalString (stdenv.isLinux) '' rrPath="$out/${python.sitePackages}/tensorflow/:${rpath}" internalLibPath="$out/${python.sitePackages}/tensorflow/python/_pywrap_tensorflow_internal.so" - find $out -name '*.${stdenv.hostPlatform.extensions.sharedLibrary}' -exec patchelf --set-rpath "$rrPath" {} \; + find $out -name '*${stdenv.hostPlatform.extensions.sharedLibrary}' -exec patchelf --set-rpath "$rrPath" {} \; ''; diff --git a/pkgs/development/python-modules/warrant/default.nix b/pkgs/development/python-modules/warrant/default.nix index ac83430fbae2..c152271af335 100644 --- a/pkgs/development/python-modules/warrant/default.nix +++ b/pkgs/development/python-modules/warrant/default.nix @@ -1,4 +1,4 @@ -{ lib, buildPythonPackage, fetchFromGitHub, fetchPypi +{ lib, buildPythonPackage, fetchFromGitHub, fetchPypi, fetchpatch , mock , boto3, envs, python-jose, requests }: @@ -14,6 +14,14 @@ buildPythonPackage rec { sha256 = "0gw3crg64p1zx3k5js0wh0x5bldgs7viy4g8hld9xbka8q0374hi"; }; + patches = [ + (fetchpatch { + name = "fix-pip10-compat.patch"; + url = " https://github.com/capless/warrant/commit/ae17d17d9888b9218a8facf6f6ad0bf4adae9a12.patch"; + sha256 = "1lvqi2qfa3kxdz05ab2lc7xnd3piyvvnz9kla2jl4pchi876z17c"; + }) + ]; + # this needs to go when 0.6.2 or later is released postPatch = '' substituteInPlace requirements.txt \ diff --git a/pkgs/development/tools/aws-sam-cli/default.nix b/pkgs/development/tools/aws-sam-cli/default.nix new file mode 100644 index 000000000000..85307d58704d --- /dev/null +++ b/pkgs/development/tools/aws-sam-cli/default.nix @@ -0,0 +1,37 @@ +{ lib +, python +}: + +with python; + +pkgs.buildPythonApplication rec { + pname = "aws-sam-cli"; + version = "0.3.0"; + + src = pkgs.fetchPypi { + inherit pname version; + sha256 = "7e7275a34e7e9d926198fd9516404310faa2a9681b7a8b0c8b2f9aa31aeb1bfb"; + }; + + # Tests are not included in the PyPI package + doCheck = false; + + propagatedBuildInputs = with pkgs; [ + aws-sam-translator + boto3 + click + cookiecutter + docker + enum34 + flask + pyyaml + six + ]; + + meta = with lib; { + homepage = https://github.com/awslabs/aws-sam-cli; + description = "CLI tool for local development and testing of Serverless applications"; + license = licenses.asl20; + maintainers = with maintainers; [ andreabedini ]; + }; +} diff --git a/pkgs/development/tools/build-managers/cmake/default.nix b/pkgs/development/tools/build-managers/cmake/default.nix index 051b8107703d..438aa81a9d0a 100644 --- a/pkgs/development/tools/build-managers/cmake/default.nix +++ b/pkgs/development/tools/build-managers/cmake/default.nix @@ -58,7 +58,7 @@ stdenv.mkDerivation rec { # Don't search in non-Nix locations such as /usr, but do search in our libc. patches = [ ./search-path-3.9.patch ] # Don't depend on frameworks. - ++ optional useSharedLibraries ./application-services.patch # TODO: remove conditional + ++ optional (useSharedLibraries && majorVersion == "3.11") ./application-services.patch # TODO: remove conditional ++ optional stdenv.isCygwin ./3.2.2-cygwin.patch; outputs = [ "out" ]; diff --git a/pkgs/development/tools/selenium/chromedriver/default.nix b/pkgs/development/tools/selenium/chromedriver/default.nix index d865a20fbb9f..f140c1a74508 100644 --- a/pkgs/development/tools/selenium/chromedriver/default.nix +++ b/pkgs/development/tools/selenium/chromedriver/default.nix @@ -6,7 +6,7 @@ let allSpecs = { "x86_64-linux" = { system = "linux64"; - sha256 = "1h7avlns00hd44ayi53lvdj2l85h9higky0jk7bad07hm39nagks"; + sha256 = "1rkdlf9v5lciaq3yp7cp2vwmca612vngbcnz55ck76jgx6rknh3g"; }; "x86_64-darwin" = { @@ -28,7 +28,7 @@ let in stdenv.mkDerivation rec { name = "chromedriver-${version}"; - version = "2.38"; + version = "2.39"; src = fetchurl { url = "http://chromedriver.storage.googleapis.com/${version}/chromedriver_${spec.system}.zip"; diff --git a/pkgs/games/anki/default.nix b/pkgs/games/anki/default.nix index efc30c1bbf3c..e9f239b4df32 100644 --- a/pkgs/games/anki/default.nix +++ b/pkgs/games/anki/default.nix @@ -28,7 +28,7 @@ let qt4 = pyqt4.qt; in buildPythonApplication rec { - version = "2.0.51"; + version = "2.0.52"; name = "anki-${version}"; src = fetchurl { @@ -37,7 +37,7 @@ in buildPythonApplication rec { # "http://ankisrs.net/download/mirror/${name}.tgz" # "http://ankisrs.net/download/mirror/archive/${name}.tgz" ]; - sha256 = "17prfkz9hbz1sdb62ddi6m4jwsb50n08myhai997x8d0r0xxilw0"; + sha256 = "0yjyxgpk79rplz9z2r93kmlk09ari6xxfrz1cfm2yl9v8zfw1n6l"; }; propagatedBuildInputs = [ pyqt4 sqlalchemy pyaudio beautifulsoup httplib2 ] diff --git a/pkgs/games/dwarf-fortress/dfhack/default.nix b/pkgs/games/dwarf-fortress/dfhack/default.nix index a77f50a51711..11964c627da2 100644 --- a/pkgs/games/dwarf-fortress/dfhack/default.nix +++ b/pkgs/games/dwarf-fortress/dfhack/default.nix @@ -1,6 +1,7 @@ { stdenv, hostPlatform, lib, fetchFromGitHub, cmake, writeScriptBin, callPackage , perl, XMLLibXML, XMLLibXSLT, zlib , enableStoneSense ? false, allegro5, libGLU_combined +, SDL }: let @@ -39,13 +40,14 @@ in stdenv.mkDerivation rec { src = fetchFromGitHub { owner = "DFHack"; repo = "dfhack"; - sha256 = "0srgymyd57hk9iffhi2i0ra5vzw2vzlpzn4042yb90vqpmvz2zrj"; + sha256 = "15hz90lfg7asgm4bqa2yi2lkwzrljphb42q6616sriwzs66xia6h"; rev = version; + fetchSubmodules = true; }; nativeBuildInputs = [ cmake perl XMLLibXML XMLLibXSLT fakegit ]; # We don't use system libraries because dfhack needs old C++ ABI. - buildInputs = [ zlib ] + buildInputs = [ zlib SDL ] ++ lib.optionals enableStoneSense [ allegro5 libGLU_combined ]; preConfigure = '' diff --git a/pkgs/games/dwarf-fortress/dwarf-therapist/default.nix b/pkgs/games/dwarf-fortress/dwarf-therapist/default.nix index 2e54258c4be9..305f3cdb1fa3 100644 --- a/pkgs/games/dwarf-fortress/dwarf-therapist/default.nix +++ b/pkgs/games/dwarf-fortress/dwarf-therapist/default.nix @@ -14,11 +14,16 @@ stdenv.mkDerivation rec { buildInputs = [ qtbase qtdeclarative ]; nativeBuildInputs = [ texlive cmake ninja ]; + installPhase = if stdenv.isDarwin then '' + mkdir -p $out/Applications + cp -r DwarfTherapist.app $out/Applications + '' else null; + meta = with stdenv.lib; { description = "Tool to manage dwarves in in a running game of Dwarf Fortress"; maintainers = with maintainers; [ the-kenny abbradar bendlas ]; license = licenses.mit; - platforms = [ "x86_64-linux" "i686-linux" ]; + platforms = platforms.unix; homepage = https://github.com/Dwarf-Therapist/Dwarf-Therapist; }; } diff --git a/pkgs/games/dxx-rebirth/default.nix b/pkgs/games/dxx-rebirth/default.nix index b780d5327f2e..9dde1da868dd 100644 --- a/pkgs/games/dxx-rebirth/default.nix +++ b/pkgs/games/dxx-rebirth/default.nix @@ -37,6 +37,8 @@ in stdenv.mkDerivation rec { enableParallelBuilding = true; + hardeningDisable = [ "format" ]; + buildPhase = '' runHook preBuild diff --git a/pkgs/games/gshogi/default.nix b/pkgs/games/gshogi/default.nix new file mode 100644 index 000000000000..9759eb8956ab --- /dev/null +++ b/pkgs/games/gshogi/default.nix @@ -0,0 +1,37 @@ +{ stdenv, buildPythonApplication, fetchFromGitHub +, gtk3, gobjectIntrospection +, wrapGAppsHook, python3Packages }: + +buildPythonApplication rec { + pname = "gshogi"; + version = "0.5.1"; + + src = fetchFromGitHub { + owner = "johncheetham"; + repo = "gshogi"; + rev = "v${version}"; + sha256 = "06vgndfgwyfi50wg3cw92zspc9z0k7xn2pp6qsjih0l5yih8iwqh"; + }; + + doCheck = false; # no tests available + + buildInputs = [ + gtk3 + gobjectIntrospection + ]; + + nativeBuildInputs = [ wrapGAppsHook ]; + + propagatedBuildInputs = with python3Packages; [ + pygobject3 + pycairo + ]; + + meta = with stdenv.lib; { + description = "A graphical implementation of the Shogi board game, also known as Japanese Chess"; + homepage = http://johncheetham.com/projects/gshogi/; + license = licenses.gpl3; + platforms = platforms.linux; + maintainers = [ maintainers.ciil ]; + }; +} diff --git a/pkgs/games/nethack/default.nix b/pkgs/games/nethack/default.nix index b67a79aa3fe7..9dd76581fd8b 100644 --- a/pkgs/games/nethack/default.nix +++ b/pkgs/games/nethack/default.nix @@ -13,11 +13,11 @@ let binPath = lib.makeBinPath [ coreutils less ]; in stdenv.mkDerivation { - name = "nethack-3.6.0"; + name = "nethack-3.6.1"; src = fetchurl { - url = "mirror://sourceforge/nethack/nethack-360-src.tgz"; - sha256 = "12mi5kgqw3q029y57pkg3gnp930p7yvlqi118xxdif2qhj6nkphs"; + url = "http://nethack.org/download/3.6.1/nethack-361-src.tgz"; + sha256 = "1dha0ijvxhx7c9hr0452h93x81iiqsll8bc9msdnp7xdqcfbz32b"; }; buildInputs = [ ncurses ]; diff --git a/pkgs/misc/emulators/dolphin-emu/master.nix b/pkgs/misc/emulators/dolphin-emu/master.nix index 5d4e22fefae3..2798306c3002 100644 --- a/pkgs/misc/emulators/dolphin-emu/master.nix +++ b/pkgs/misc/emulators/dolphin-emu/master.nix @@ -1,10 +1,8 @@ -{ stdenv, fetchFromGitHub, pkgconfig, cmake, bluez, ffmpeg, libao, libGLU_combined, gtk2, glib +{ stdenv, fetchFromGitHub, pkgconfig, cmake, makeWrapper, bluez, ffmpeg, libao, libGLU_combined, gtk2, glib , pcre, gettext, libpthreadstubs, libXrandr, libXext, libXxf86vm, libXinerama, libSM, readline -, openal, libXdmcp, portaudio, libusb, libevdev +, openal, libXdmcp, portaudio, libusb, libevdev, curl, qt5 +, vulkan-loader ? null , libpulseaudio ? null -, curl - -, qt5 # - Inputs used for Darwin , CoreBluetooth, cf-private, ForceFeedback, IOKit, OpenGL , wxGTK @@ -20,12 +18,12 @@ assert dolphin-wxgui || dolphin-qtgui; assert !(dolphin-wxgui && dolphin-qtgui); stdenv.mkDerivation rec { - name = "dolphin-emu-20180430"; + name = "dolphin-emu-20180609"; src = fetchFromGitHub { owner = "dolphin-emu"; repo = "dolphin"; - rev = "ad098283c023b0f5f0d314c646bc5d5756c35e3d"; - sha256 = "17fv3vz0nc5jax1bbl4wny1kzsshbbhms82dxd8rzcwwvd2ad1g7"; + rev = "1d87584d69e3fdd730502127274fcbd85cebd591"; + sha256 = "0sxzmmv8gvfsy96p1x1aya1cpq0237gip3zkl4bks4grgxf8958b"; }; cmakeFlags = [ @@ -38,13 +36,14 @@ stdenv.mkDerivation rec { enableParallelBuilding = true; - nativeBuildInputs = [ cmake pkgconfig ]; + nativeBuildInputs = [ cmake pkgconfig ] + ++ stdenv.lib.optionals stdenv.isLinux [ makeWrapper ]; buildInputs = [ curl ffmpeg libao libGLU_combined gtk2 glib pcre gettext libpthreadstubs libXrandr libXext libXxf86vm libXinerama libSM readline openal libXdmcp portaudio libusb libpulseaudio libpng hidapi ] ++ stdenv.lib.optionals stdenv.isDarwin [ wxGTK CoreBluetooth cf-private ForceFeedback IOKit OpenGL ] - ++ stdenv.lib.optionals stdenv.isLinux [ bluez libevdev ] + ++ stdenv.lib.optionals stdenv.isLinux [ bluez libevdev vulkan-loader ] ++ stdenv.lib.optionals dolphin-qtgui [ qt5.qtbase ]; # - Change install path to Applications relative to $out @@ -59,6 +58,11 @@ stdenv.mkDerivation rec { mkdir -p "$out/Applications" ''; + postInstall = stdenv.lib.optionalString stdenv.isLinux '' + wrapProgram $out/bin/dolphin-emu-nogui --prefix LD_LIBRARY_PATH : ${vulkan-loader}/lib + wrapProgram $out/bin/dolphin-emu-wx --prefix LD_LIBRARY_PATH : ${vulkan-loader}/lib + ''; + meta = { homepage = http://dolphin-emu.org/; description = "Gamecube/Wii/Triforce emulator for x86_64 and ARM"; diff --git a/pkgs/os-specific/bsd/netbsd/default.nix b/pkgs/os-specific/bsd/netbsd/default.nix index 950694d0bfe3..aae11b6affcf 100644 --- a/pkgs/os-specific/bsd/netbsd/default.nix +++ b/pkgs/os-specific/bsd/netbsd/default.nix @@ -600,4 +600,11 @@ in rec { makeFlags = [ "BINDIR=/share" ]; }; + locale = netBSDDerivation { + path = "usr.bin/locale"; + version = "7.1.2"; + sha256 = "0kk6v9k2bygq0wf9gbinliqzqpzs9bgxn0ndyl2wcv3hh2bmsr9p"; + patches = [ ./locale.patch ]; + }; + } diff --git a/pkgs/os-specific/bsd/netbsd/locale.patch b/pkgs/os-specific/bsd/netbsd/locale.patch new file mode 100644 index 000000000000..1df9eb385625 --- /dev/null +++ b/pkgs/os-specific/bsd/netbsd/locale.patch @@ -0,0 +1,85 @@ +--- a/locale.c 2018-06-11 14:39:06.449762000 -0400 ++++ b/locale.c 2018-06-11 14:42:28.461122899 -0400 +@@ -56,14 +56,8 @@ + #include <stringlist.h> + #include <unistd.h> + +-#include "citrus_namespace.h" +-#include "citrus_region.h" +-#include "citrus_lookup.h" +-#include "setlocale_local.h" +- + /* Local prototypes */ + void init_locales_list(void); +-void init_locales_list_alias(void); + void list_charmaps(void); + void list_locales(void); + const char *lookup_localecat(int); +@@ -221,6 +215,8 @@ + }; + #define NKWINFO (sizeof(kwinfo)/sizeof(kwinfo[0])) + ++const char *_PathLocale = NULL; ++ + int + main(int argc, char *argv[]) + { +@@ -411,8 +407,7 @@ + while ((dp = readdir(dirp)) != NULL) { + /* exclude "." and "..", _LOCALE_ALIAS_NAME */ + if ((dp->d_name[0] != '.' || (dp->d_name[1] != '\0' && +- (dp->d_name[1] != '.' || dp->d_name[2] != '\0'))) && +- strcmp(_LOCALE_ALIAS_NAME, dp->d_name) != 0) { ++ (dp->d_name[1] != '.' || dp->d_name[2] != '\0')))) { + s = strdup(dp->d_name); + if (s == NULL) + err(1, "could not allocate memory"); +@@ -431,48 +426,10 @@ + if (sl_find(locales, "C") == NULL) + sl_add(locales, "C"); + +- init_locales_list_alias(); +- + /* make output nicer, sort the list */ + qsort(locales->sl_str, locales->sl_cur, sizeof(char *), scmp); + } + +-void +-init_locales_list_alias(void) +-{ +- char aliaspath[PATH_MAX]; +- struct _lookup *hlookup; +- struct _region key, dat; +- size_t n; +- char *s, *t; +- +- _DIAGASSERT(locales != NULL); +- _DIAGASSERT(_PathLocale != NULL); +- +- (void)snprintf(aliaspath, sizeof(aliaspath), +- "%s/" _LOCALE_ALIAS_NAME, _PathLocale); +- +- if (_lookup_seq_open(&hlookup, aliaspath, +- _LOOKUP_CASE_SENSITIVE) == 0) { +- while (_lookup_seq_next(hlookup, &key, &dat) == 0) { +- n = _region_size((const struct _region *)&key); +- s = _region_head((const struct _region *)&key); +- for (t = s; n > 0 && *s!= '/'; --n, ++s); +- n = (size_t)(s - t); +- s = malloc(n + 1); +- if (s == NULL) +- err(1, "could not allocate memory"); +- memcpy(s, t, n); +- s[n] = '\0'; +- if (sl_find(locales, s) == NULL) +- sl_add(locales, s); +- else +- free(s); +- } +- _lookup_seq_close(hlookup); +- } +-} +- + /* + * Show current locale status, depending on environment variables + */ diff --git a/pkgs/os-specific/linux/alsa-firmware/default.nix b/pkgs/os-specific/linux/alsa-firmware/default.nix index 5871d1c6990a..fb312b6bcb00 100644 --- a/pkgs/os-specific/linux/alsa-firmware/default.nix +++ b/pkgs/os-specific/linux/alsa-firmware/default.nix @@ -4,10 +4,7 @@ stdenv.mkDerivation rec { name = "alsa-firmware-1.0.29"; src = fetchurl { - urls = [ - "ftp://ftp.alsa-project.org/pub/firmware/${name}.tar.bz2" - "http://alsa.cybermirror.org/firmware/${name}.tar.bz2" - ]; + url = "mirror://alsa/firmware/${name}.tar.bz2"; sha256 = "0gfcyj5anckjn030wcxx5v2xk2s219nyf99s9m833275b5wz2piw"; }; @@ -28,7 +25,7 @@ stdenv.mkDerivation rec { ''; meta = { - homepage = http://www.alsa-project.org/main/index.php/Main_Page; + homepage = http://www.alsa-project.org/; description = "Soundcard firmwares from the alsa project"; license = stdenv.lib.licenses.gpl2Plus; platforms = stdenv.lib.platforms.linux; diff --git a/pkgs/os-specific/linux/alsa-lib/default.nix b/pkgs/os-specific/linux/alsa-lib/default.nix index c2c612db5422..41b43afc242c 100644 --- a/pkgs/os-specific/linux/alsa-lib/default.nix +++ b/pkgs/os-specific/linux/alsa-lib/default.nix @@ -4,10 +4,7 @@ stdenv.mkDerivation rec { name = "alsa-lib-1.1.6"; src = fetchurl { - urls = [ - "ftp://ftp.alsa-project.org/pub/lib/${name}.tar.bz2" - "http://alsa.cybermirror.org/lib/${name}.tar.bz2" - ]; + url = "mirror://alsa/lib/${name}.tar.bz2"; sha256 = "096pwrnhj36yndldvs2pj4r871zhcgisks0is78f1jkjn9sd4b2z"; }; diff --git a/pkgs/os-specific/linux/alsa-oss/default.nix b/pkgs/os-specific/linux/alsa-oss/default.nix index 5cd937a37928..a13e178e4183 100644 --- a/pkgs/os-specific/linux/alsa-oss/default.nix +++ b/pkgs/os-specific/linux/alsa-oss/default.nix @@ -4,10 +4,7 @@ stdenv.mkDerivation rec { name = "alsa-oss-1.1.6"; src = fetchurl { - urls = [ - "ftp://ftp.alsa-project.org/pub/oss-lib/${name}.tar.bz2" - "http://alsa.cybermirror.org/oss-lib/${name}.tar.bz2" - ]; + url = "mirror://alsa/oss-lib/${name}.tar.bz2"; sha256 = "1sj512wyci5qv8cisps96xngh7y9r5mv18ybqnazy18zwr1zgly3"; }; diff --git a/pkgs/os-specific/linux/alsa-plugins/default.nix b/pkgs/os-specific/linux/alsa-plugins/default.nix index f57f84b293b5..9012f32f31df 100644 --- a/pkgs/os-specific/linux/alsa-plugins/default.nix +++ b/pkgs/os-specific/linux/alsa-plugins/default.nix @@ -4,10 +4,7 @@ stdenv.mkDerivation rec { name = "alsa-plugins-1.1.6"; src = fetchurl { - urls = [ - "ftp://ftp.alsa-project.org/pub/plugins/${name}.tar.bz2" - "http://alsa.cybermirror.org/plugins/${name}.tar.bz2" - ]; + url = "mirror://alsa/plugins/${name}.tar.bz2"; sha256 = "04qcwkisbh0d6lnh0rw1k6n869fbs6zbfq6yvb41rymiwgmk27bg"; }; diff --git a/pkgs/os-specific/linux/alsa-tools/default.nix b/pkgs/os-specific/linux/alsa-tools/default.nix index 67cae46164fc..1ce94d14803c 100644 --- a/pkgs/os-specific/linux/alsa-tools/default.nix +++ b/pkgs/os-specific/linux/alsa-tools/default.nix @@ -7,10 +7,7 @@ stdenv.mkDerivation rec { version = "1.1.6"; src = fetchurl { - urls = [ - "ftp://ftp.alsa-project.org/pub/tools/${name}.tar.bz2" - "http://alsa.cybermirror.org/tools/${name}.tar.bz2" - ]; + url = "mirror://alsa/tools/${name}.tar.bz2"; sha256 = "09rjb6hw1mn9y1jfdfj5djncgc2cr5wfps83k56rf6k4zg14v76n"; }; diff --git a/pkgs/os-specific/linux/alsa-utils/default.nix b/pkgs/os-specific/linux/alsa-utils/default.nix index b8498c096d33..376c42a8f9b8 100644 --- a/pkgs/os-specific/linux/alsa-utils/default.nix +++ b/pkgs/os-specific/linux/alsa-utils/default.nix @@ -5,10 +5,7 @@ stdenv.mkDerivation rec { version = "1.1.6"; src = fetchurl { - urls = [ - "ftp://ftp.alsa-project.org/pub/utils/${name}.tar.bz2" - "http://alsa.cybermirror.org/utils/${name}.tar.bz2" - ]; + url = "mirror://alsa/utils/${name}.tar.bz2"; sha256 = "0vnkyymgwj9rfdb11nvab30dnfrylmakdfildxl0y8mj836awp0m"; }; @@ -27,7 +24,6 @@ stdenv.mkDerivation rec { meta = { homepage = http://www.alsa-project.org/; description = "ALSA, the Advanced Linux Sound Architecture utils"; - longDescription = '' The Advanced Linux Sound Architecture (ALSA) provides audio and MIDI functionality to the Linux-based operating system. diff --git a/pkgs/os-specific/linux/fwts/default.nix b/pkgs/os-specific/linux/fwts/default.nix index c02bfb1615c3..a3d8d0a0eece 100644 --- a/pkgs/os-specific/linux/fwts/default.nix +++ b/pkgs/os-specific/linux/fwts/default.nix @@ -3,11 +3,11 @@ stdenv.mkDerivation rec { name = "fwts-${version}"; - version = "18.03.00"; + version = "18.05.00"; src = fetchzip { url = "http://fwts.ubuntu.com/release/fwts-V${version}.tar.gz"; - sha256 = "1f2gdnaygsj0spd6a559bzf3wii7l59k3sk49rjbbdb9g77nkhg2"; + sha256 = "0ixc82zdv4cfj8g2mwd851fc47cpjj81mwjhn00n5wddb9cxmgkj"; stripRoot = false; }; diff --git a/pkgs/os-specific/linux/kernel/common-config.nix b/pkgs/os-specific/linux/kernel/common-config.nix index a226061ecbfa..d1314431abe1 100644 --- a/pkgs/os-specific/linux/kernel/common-config.nix +++ b/pkgs/os-specific/linux/kernel/common-config.nix @@ -463,6 +463,7 @@ with stdenv.lib; PPP_FILTER y REGULATOR y # Voltage and Current Regulator Support RC_DEVICES? y # Enable IR devices + RT2800USB_RT53XX y RT2800USB_RT55XX y SCHED_AUTOGROUP y CFS_BANDWIDTH y diff --git a/pkgs/os-specific/linux/kernel/copperhead-4-14.patch b/pkgs/os-specific/linux/kernel/copperhead-4-14.patch new file mode 100644 index 000000000000..78112d164f06 --- /dev/null +++ b/pkgs/os-specific/linux/kernel/copperhead-4-14.patch @@ -0,0 +1,2864 @@ +diff --git a/Documentation/admin-guide/kernel-parameters.txt b/Documentation/admin-guide/kernel-parameters.txt +index 0380a45ecf4b..39956a3ef645 100644 +--- a/Documentation/admin-guide/kernel-parameters.txt ++++ b/Documentation/admin-guide/kernel-parameters.txt +@@ -490,16 +490,6 @@ + nosocket -- Disable socket memory accounting. + nokmem -- Disable kernel memory accounting. + +- checkreqprot [SELINUX] Set initial checkreqprot flag value. +- Format: { "0" | "1" } +- See security/selinux/Kconfig help text. +- 0 -- check protection applied by kernel (includes +- any implied execute protection). +- 1 -- check protection requested by application. +- Default value is set via a kernel config option. +- Value can be changed at runtime via +- /selinux/checkreqprot. +- + cio_ignore= [S390] + See Documentation/s390/CommonIO for details. + clk_ignore_unused +@@ -2899,6 +2889,11 @@ + the specified number of seconds. This is to be used if + your oopses keep scrolling off the screen. + ++ extra_latent_entropy ++ Enable a very simple form of latent entropy extraction ++ from the first 4GB of memory as the bootmem allocator ++ passes the memory pages to the buddy allocator. ++ + pcbit= [HW,ISDN] + + pcd. [PARIDE] +diff --git a/Documentation/sysctl/kernel.txt b/Documentation/sysctl/kernel.txt +index 694968c7523c..002d86416ef8 100644 +--- a/Documentation/sysctl/kernel.txt ++++ b/Documentation/sysctl/kernel.txt +@@ -91,6 +91,7 @@ show up in /proc/sys/kernel: + - sysctl_writes_strict + - tainted + - threads-max ++- tiocsti_restrict + - unknown_nmi_panic + - watchdog + - watchdog_thresh +@@ -999,6 +1000,26 @@ available RAM pages threads-max is reduced accordingly. + + ============================================================== + ++tiocsti_restrict: ++ ++This toggle indicates whether unprivileged users are prevented ++from using the TIOCSTI ioctl to inject commands into other processes ++which share a tty session. ++ ++When tiocsti_restrict is set to (0) there are no restrictions(accept ++the default restriction of only being able to injection commands into ++one's own tty). When tiocsti_restrict is set to (1), users must ++have CAP_SYS_ADMIN to use the TIOCSTI ioctl. ++ ++When user namespaces are in use, the check for the capability ++CAP_SYS_ADMIN is done against the user namespace that originally ++opened the tty. ++ ++The kernel config option CONFIG_SECURITY_TIOCSTI_RESTRICT sets the ++default value of tiocsti_restrict. ++ ++============================================================== ++ + unknown_nmi_panic: + + The value in this file affects behavior of handling NMI. When the +diff --git a/Makefile b/Makefile +index 787cf6605209..e4fda5330730 100644 +--- a/Makefile ++++ b/Makefile +@@ -710,6 +710,9 @@ endif + KBUILD_CFLAGS += $(stackp-flag) + + ifeq ($(cc-name),clang) ++ifdef CONFIG_LOCAL_INIT ++KBUILD_CFLAGS += -fsanitize=local-init ++endif + KBUILD_CPPFLAGS += $(call cc-option,-Qunused-arguments,) + KBUILD_CFLAGS += $(call cc-disable-warning, unused-variable) + KBUILD_CFLAGS += $(call cc-disable-warning, format-invalid-specifier) +diff --git a/arch/Kconfig b/arch/Kconfig +index 400b9e1b2f27..4637096f7902 100644 +--- a/arch/Kconfig ++++ b/arch/Kconfig +@@ -440,6 +440,11 @@ config GCC_PLUGIN_LATENT_ENTROPY + is some slowdown of the boot process (about 0.5%) and fork and + irq processing. + ++ When extra_latent_entropy is passed on the kernel command line, ++ entropy will be extracted from up to the first 4GB of RAM while the ++ runtime memory allocator is being initialized. This costs even more ++ slowdown of the boot process. ++ + Note that entropy extracted this way is not cryptographically + secure! + +@@ -533,7 +538,7 @@ config CC_STACKPROTECTOR + choice + prompt "Stack Protector buffer overflow detection" + depends on HAVE_CC_STACKPROTECTOR +- default CC_STACKPROTECTOR_NONE ++ default CC_STACKPROTECTOR_STRONG + help + This option turns on the "stack-protector" GCC feature. This + feature puts, at the beginning of functions, a canary value on +@@ -735,7 +740,7 @@ config ARCH_MMAP_RND_BITS + int "Number of bits to use for ASLR of mmap base address" if EXPERT + range ARCH_MMAP_RND_BITS_MIN ARCH_MMAP_RND_BITS_MAX + default ARCH_MMAP_RND_BITS_DEFAULT if ARCH_MMAP_RND_BITS_DEFAULT +- default ARCH_MMAP_RND_BITS_MIN ++ default ARCH_MMAP_RND_BITS_MAX + depends on HAVE_ARCH_MMAP_RND_BITS + help + This value can be used to select the number of bits to use to +@@ -769,7 +774,7 @@ config ARCH_MMAP_RND_COMPAT_BITS + int "Number of bits to use for ASLR of mmap base address for compatible applications" if EXPERT + range ARCH_MMAP_RND_COMPAT_BITS_MIN ARCH_MMAP_RND_COMPAT_BITS_MAX + default ARCH_MMAP_RND_COMPAT_BITS_DEFAULT if ARCH_MMAP_RND_COMPAT_BITS_DEFAULT +- default ARCH_MMAP_RND_COMPAT_BITS_MIN ++ default ARCH_MMAP_RND_COMPAT_BITS_MAX + depends on HAVE_ARCH_MMAP_RND_COMPAT_BITS + help + This value can be used to select the number of bits to use to +@@ -952,6 +957,7 @@ config ARCH_HAS_REFCOUNT + + config REFCOUNT_FULL + bool "Perform full reference count validation at the expense of speed" ++ default y + help + Enabling this switches the refcounting infrastructure from a fast + unchecked atomic_t implementation to a fully state checked +diff --git a/arch/arm64/Kconfig b/arch/arm64/Kconfig +index 2d5f7aca156d..aa4839a74c6a 100644 +--- a/arch/arm64/Kconfig ++++ b/arch/arm64/Kconfig +@@ -918,6 +918,7 @@ endif + + config ARM64_SW_TTBR0_PAN + bool "Emulate Privileged Access Never using TTBR0_EL1 switching" ++ default y + help + Enabling this option prevents the kernel from accessing + user-space memory directly by pointing TTBR0_EL1 to a reserved +@@ -1044,6 +1045,7 @@ config RANDOMIZE_BASE + bool "Randomize the address of the kernel image" + select ARM64_MODULE_PLTS if MODULES + select RELOCATABLE ++ default y + help + Randomizes the virtual address at which the kernel image is + loaded, as a security feature that deters exploit attempts +diff --git a/arch/arm64/Kconfig.debug b/arch/arm64/Kconfig.debug +index cc6bd559af85..01d5442d4722 100644 +--- a/arch/arm64/Kconfig.debug ++++ b/arch/arm64/Kconfig.debug +@@ -45,6 +45,7 @@ config ARM64_RANDOMIZE_TEXT_OFFSET + config DEBUG_WX + bool "Warn on W+X mappings at boot" + select ARM64_PTDUMP_CORE ++ default y + ---help--- + Generate a warning if any W+X mappings are found at boot. + +diff --git a/arch/arm64/configs/defconfig b/arch/arm64/configs/defconfig +index 34480e9af2e7..26304242250c 100644 +--- a/arch/arm64/configs/defconfig ++++ b/arch/arm64/configs/defconfig +@@ -1,4 +1,3 @@ +-CONFIG_SYSVIPC=y + CONFIG_POSIX_MQUEUE=y + CONFIG_AUDIT=y + CONFIG_NO_HZ_IDLE=y +diff --git a/arch/arm64/include/asm/elf.h b/arch/arm64/include/asm/elf.h +index 33be513ef24c..6f0c0e3ef0dd 100644 +--- a/arch/arm64/include/asm/elf.h ++++ b/arch/arm64/include/asm/elf.h +@@ -114,10 +114,10 @@ + + /* + * This is the base location for PIE (ET_DYN with INTERP) loads. On +- * 64-bit, this is above 4GB to leave the entire 32-bit address ++ * 64-bit, this is raised to 4GB to leave the entire 32-bit address + * space open for things that want to use the area for 32-bit pointers. + */ +-#define ELF_ET_DYN_BASE (2 * TASK_SIZE_64 / 3) ++#define ELF_ET_DYN_BASE 0x100000000UL + + #ifndef __ASSEMBLY__ + +@@ -158,10 +158,10 @@ extern int arch_setup_additional_pages(struct linux_binprm *bprm, + /* 1GB of VA */ + #ifdef CONFIG_COMPAT + #define STACK_RND_MASK (test_thread_flag(TIF_32BIT) ? \ +- 0x7ff >> (PAGE_SHIFT - 12) : \ +- 0x3ffff >> (PAGE_SHIFT - 12)) ++ ((1UL << mmap_rnd_compat_bits) - 1) >> (PAGE_SHIFT - 12) : \ ++ ((1UL << mmap_rnd_bits) - 1) >> (PAGE_SHIFT - 12)) + #else +-#define STACK_RND_MASK (0x3ffff >> (PAGE_SHIFT - 12)) ++#define STACK_RND_MASK (((1UL << mmap_rnd_bits) - 1) >> (PAGE_SHIFT - 12)) + #endif + + #ifdef __AARCH64EB__ +diff --git a/arch/arm64/kernel/process.c b/arch/arm64/kernel/process.c +index 9e773732520c..91359f45b5fc 100644 +--- a/arch/arm64/kernel/process.c ++++ b/arch/arm64/kernel/process.c +@@ -419,9 +419,9 @@ unsigned long arch_align_stack(unsigned long sp) + unsigned long arch_randomize_brk(struct mm_struct *mm) + { + if (is_compat_task()) +- return randomize_page(mm->brk, SZ_32M); ++ return mm->brk + get_random_long() % SZ_32M + PAGE_SIZE; + else +- return randomize_page(mm->brk, SZ_1G); ++ return mm->brk + get_random_long() % SZ_1G + PAGE_SIZE; + } + + /* +diff --git a/arch/x86/Kconfig b/arch/x86/Kconfig +index 7483cd514c32..835a86c45fb0 100644 +--- a/arch/x86/Kconfig ++++ b/arch/x86/Kconfig +@@ -1153,8 +1153,7 @@ config VM86 + default X86_LEGACY_VM86 + + config X86_16BIT +- bool "Enable support for 16-bit segments" if EXPERT +- default y ++ bool "Enable support for 16-bit segments" + depends on MODIFY_LDT_SYSCALL + ---help--- + This option is required by programs like Wine to run 16-bit +@@ -2228,7 +2227,7 @@ config COMPAT_VDSO + choice + prompt "vsyscall table for legacy applications" + depends on X86_64 +- default LEGACY_VSYSCALL_EMULATE ++ default LEGACY_VSYSCALL_NONE + help + Legacy user code that does not know how to find the vDSO expects + to be able to issue three syscalls by calling fixed addresses in +@@ -2318,8 +2317,7 @@ config CMDLINE_OVERRIDE + be set to 'N' under normal conditions. + + config MODIFY_LDT_SYSCALL +- bool "Enable the LDT (local descriptor table)" if EXPERT +- default y ++ bool "Enable the LDT (local descriptor table)" + ---help--- + Linux can allow user programs to install a per-process x86 + Local Descriptor Table (LDT) using the modify_ldt(2) system +diff --git a/arch/x86/Kconfig.debug b/arch/x86/Kconfig.debug +index 6293a8768a91..add82e0f1df3 100644 +--- a/arch/x86/Kconfig.debug ++++ b/arch/x86/Kconfig.debug +@@ -101,6 +101,7 @@ config EFI_PGT_DUMP + config DEBUG_WX + bool "Warn on W+X mappings at boot" + select X86_PTDUMP_CORE ++ default y + ---help--- + Generate a warning if any W+X mappings are found at boot. + +diff --git a/arch/x86/configs/x86_64_defconfig b/arch/x86/configs/x86_64_defconfig +index e32fc1f274d8..d08acc76502a 100644 +--- a/arch/x86/configs/x86_64_defconfig ++++ b/arch/x86/configs/x86_64_defconfig +@@ -1,5 +1,4 @@ + # CONFIG_LOCALVERSION_AUTO is not set +-CONFIG_SYSVIPC=y + CONFIG_POSIX_MQUEUE=y + CONFIG_BSD_PROCESS_ACCT=y + CONFIG_TASKSTATS=y +diff --git a/arch/x86/entry/vdso/vma.c b/arch/x86/entry/vdso/vma.c +index 1911310959f8..bba8dbbc07a8 100644 +--- a/arch/x86/entry/vdso/vma.c ++++ b/arch/x86/entry/vdso/vma.c +@@ -203,55 +203,9 @@ static int map_vdso(const struct vdso_image *image, unsigned long addr) + } + + #ifdef CONFIG_X86_64 +-/* +- * Put the vdso above the (randomized) stack with another randomized +- * offset. This way there is no hole in the middle of address space. +- * To save memory make sure it is still in the same PTE as the stack +- * top. This doesn't give that many random bits. +- * +- * Note that this algorithm is imperfect: the distribution of the vdso +- * start address within a PMD is biased toward the end. +- * +- * Only used for the 64-bit and x32 vdsos. +- */ +-static unsigned long vdso_addr(unsigned long start, unsigned len) +-{ +- unsigned long addr, end; +- unsigned offset; +- +- /* +- * Round up the start address. It can start out unaligned as a result +- * of stack start randomization. +- */ +- start = PAGE_ALIGN(start); +- +- /* Round the lowest possible end address up to a PMD boundary. */ +- end = (start + len + PMD_SIZE - 1) & PMD_MASK; +- if (end >= TASK_SIZE_MAX) +- end = TASK_SIZE_MAX; +- end -= len; +- +- if (end > start) { +- offset = get_random_int() % (((end - start) >> PAGE_SHIFT) + 1); +- addr = start + (offset << PAGE_SHIFT); +- } else { +- addr = start; +- } +- +- /* +- * Forcibly align the final address in case we have a hardware +- * issue that requires alignment for performance reasons. +- */ +- addr = align_vdso_addr(addr); +- +- return addr; +-} +- + static int map_vdso_randomized(const struct vdso_image *image) + { +- unsigned long addr = vdso_addr(current->mm->start_stack, image->size-image->sym_vvar_start); +- +- return map_vdso(image, addr); ++ return map_vdso(image, 0); + } + #endif + +diff --git a/arch/x86/include/asm/elf.h b/arch/x86/include/asm/elf.h +index 3a091cea36c5..0931c05a3348 100644 +--- a/arch/x86/include/asm/elf.h ++++ b/arch/x86/include/asm/elf.h +@@ -249,11 +249,11 @@ extern int force_personality32; + + /* + * This is the base location for PIE (ET_DYN with INTERP) loads. On +- * 64-bit, this is above 4GB to leave the entire 32-bit address ++ * 64-bit, this is raised to 4GB to leave the entire 32-bit address + * space open for things that want to use the area for 32-bit pointers. + */ + #define ELF_ET_DYN_BASE (mmap_is_ia32() ? 0x000400000UL : \ +- (DEFAULT_MAP_WINDOW / 3 * 2)) ++ 0x100000000UL) + + /* This yields a mask that user programs can use to figure out what + instruction set this CPU supports. This could be done in user space, +@@ -312,8 +312,8 @@ extern unsigned long get_mmap_base(int is_legacy); + + #ifdef CONFIG_X86_32 + +-#define __STACK_RND_MASK(is32bit) (0x7ff) +-#define STACK_RND_MASK (0x7ff) ++#define __STACK_RND_MASK(is32bit) ((1UL << mmap_rnd_bits) - 1) ++#define STACK_RND_MASK ((1UL << mmap_rnd_bits) - 1) + + #define ARCH_DLINFO ARCH_DLINFO_IA32 + +@@ -322,7 +322,11 @@ extern unsigned long get_mmap_base(int is_legacy); + #else /* CONFIG_X86_32 */ + + /* 1GB for 64bit, 8MB for 32bit */ +-#define __STACK_RND_MASK(is32bit) ((is32bit) ? 0x7ff : 0x3fffff) ++#ifdef CONFIG_COMPAT ++#define __STACK_RND_MASK(is32bit) ((is32bit) ? (1UL << mmap_rnd_compat_bits) - 1 : (1UL << mmap_rnd_bits) - 1) ++#else ++#define __STACK_RND_MASK(is32bit) ((1UL << mmap_rnd_bits) - 1) ++#endif + #define STACK_RND_MASK __STACK_RND_MASK(mmap_is_ia32()) + + #define ARCH_DLINFO \ +@@ -380,5 +384,4 @@ struct va_alignment { + } ____cacheline_aligned; + + extern struct va_alignment va_align; +-extern unsigned long align_vdso_addr(unsigned long); + #endif /* _ASM_X86_ELF_H */ +diff --git a/arch/x86/include/asm/tlbflush.h b/arch/x86/include/asm/tlbflush.h +index 704f31315dde..bb82b6344a7b 100644 +--- a/arch/x86/include/asm/tlbflush.h ++++ b/arch/x86/include/asm/tlbflush.h +@@ -253,6 +253,7 @@ static inline void cr4_set_bits(unsigned long mask) + unsigned long cr4; + + cr4 = this_cpu_read(cpu_tlbstate.cr4); ++ BUG_ON(cr4 != __read_cr4()); + if ((cr4 | mask) != cr4) { + cr4 |= mask; + this_cpu_write(cpu_tlbstate.cr4, cr4); +@@ -266,6 +267,7 @@ static inline void cr4_clear_bits(unsigned long mask) + unsigned long cr4; + + cr4 = this_cpu_read(cpu_tlbstate.cr4); ++ BUG_ON(cr4 != __read_cr4()); + if ((cr4 & ~mask) != cr4) { + cr4 &= ~mask; + this_cpu_write(cpu_tlbstate.cr4, cr4); +@@ -278,6 +280,7 @@ static inline void cr4_toggle_bits(unsigned long mask) + unsigned long cr4; + + cr4 = this_cpu_read(cpu_tlbstate.cr4); ++ BUG_ON(cr4 != __read_cr4()); + cr4 ^= mask; + this_cpu_write(cpu_tlbstate.cr4, cr4); + __write_cr4(cr4); +@@ -386,6 +389,7 @@ static inline void __native_flush_tlb_global(void) + raw_local_irq_save(flags); + + cr4 = this_cpu_read(cpu_tlbstate.cr4); ++ BUG_ON(cr4 != __read_cr4()); + /* toggle PGE */ + native_write_cr4(cr4 ^ X86_CR4_PGE); + /* write old PGE again and flush TLBs */ +diff --git a/arch/x86/kernel/cpu/common.c b/arch/x86/kernel/cpu/common.c +index 48e98964ecad..a94dc690612f 100644 +--- a/arch/x86/kernel/cpu/common.c ++++ b/arch/x86/kernel/cpu/common.c +@@ -1637,7 +1637,6 @@ void cpu_init(void) + wrmsrl(MSR_KERNEL_GS_BASE, 0); + barrier(); + +- x86_configure_nx(); + x2apic_setup(); + + /* +diff --git a/arch/x86/kernel/process.c b/arch/x86/kernel/process.c +index 988a98f34c66..dc36d2d9078a 100644 +--- a/arch/x86/kernel/process.c ++++ b/arch/x86/kernel/process.c +@@ -40,6 +40,8 @@ + #include <asm/desc.h> + #include <asm/prctl.h> + #include <asm/spec-ctrl.h> ++#include <asm/elf.h> ++#include <linux/sizes.h> + + /* + * per-CPU TSS segments. Threads are completely 'soft' on Linux, +@@ -719,7 +721,10 @@ unsigned long arch_align_stack(unsigned long sp) + + unsigned long arch_randomize_brk(struct mm_struct *mm) + { +- return randomize_page(mm->brk, 0x02000000); ++ if (mmap_is_ia32()) ++ return mm->brk + get_random_long() % SZ_32M + PAGE_SIZE; ++ else ++ return mm->brk + get_random_long() % SZ_1G + PAGE_SIZE; + } + + /* +diff --git a/arch/x86/kernel/sys_x86_64.c b/arch/x86/kernel/sys_x86_64.c +index a63fe77b3217..e1085e76043e 100644 +--- a/arch/x86/kernel/sys_x86_64.c ++++ b/arch/x86/kernel/sys_x86_64.c +@@ -54,13 +54,6 @@ static unsigned long get_align_bits(void) + return va_align.bits & get_align_mask(); + } + +-unsigned long align_vdso_addr(unsigned long addr) +-{ +- unsigned long align_mask = get_align_mask(); +- addr = (addr + align_mask) & ~align_mask; +- return addr | get_align_bits(); +-} +- + static int __init control_va_addr_alignment(char *str) + { + /* guard against enabling this on other CPU families */ +@@ -122,10 +115,7 @@ static void find_start_end(unsigned long addr, unsigned long flags, + } + + *begin = get_mmap_base(1); +- if (in_compat_syscall()) +- *end = task_size_32bit(); +- else +- *end = task_size_64bit(addr > DEFAULT_MAP_WINDOW); ++ *end = get_mmap_base(0); + } + + unsigned long +@@ -206,7 +196,7 @@ arch_get_unmapped_area_topdown(struct file *filp, const unsigned long addr0, + + info.flags = VM_UNMAPPED_AREA_TOPDOWN; + info.length = len; +- info.low_limit = PAGE_SIZE; ++ info.low_limit = get_mmap_base(1); + info.high_limit = get_mmap_base(0); + + /* +diff --git a/arch/x86/mm/init_32.c b/arch/x86/mm/init_32.c +index 3141e67ec24c..e93173193f60 100644 +--- a/arch/x86/mm/init_32.c ++++ b/arch/x86/mm/init_32.c +@@ -558,7 +558,7 @@ static void __init pagetable_init(void) + permanent_kmaps_init(pgd_base); + } + +-pteval_t __supported_pte_mask __read_mostly = ~(_PAGE_NX | _PAGE_GLOBAL); ++pteval_t __supported_pte_mask __ro_after_init = ~(_PAGE_NX | _PAGE_GLOBAL); + EXPORT_SYMBOL_GPL(__supported_pte_mask); + + /* user-defined highmem size */ +@@ -865,7 +865,7 @@ int arch_remove_memory(u64 start, u64 size) + #endif + #endif + +-int kernel_set_to_readonly __read_mostly; ++int kernel_set_to_readonly __ro_after_init; + + void set_kernel_text_rw(void) + { +@@ -917,12 +917,11 @@ void mark_rodata_ro(void) + unsigned long start = PFN_ALIGN(_text); + unsigned long size = PFN_ALIGN(_etext) - start; + ++ kernel_set_to_readonly = 1; + set_pages_ro(virt_to_page(start), size >> PAGE_SHIFT); + printk(KERN_INFO "Write protecting the kernel text: %luk\n", + size >> 10); + +- kernel_set_to_readonly = 1; +- + #ifdef CONFIG_CPA_DEBUG + printk(KERN_INFO "Testing CPA: Reverting %lx-%lx\n", + start, start+size); +diff --git a/arch/x86/mm/init_64.c b/arch/x86/mm/init_64.c +index 642357aff216..8bbf93ce3cd2 100644 +--- a/arch/x86/mm/init_64.c ++++ b/arch/x86/mm/init_64.c +@@ -65,7 +65,7 @@ + * around without checking the pgd every time. + */ + +-pteval_t __supported_pte_mask __read_mostly = ~0; ++pteval_t __supported_pte_mask __ro_after_init = ~0; + EXPORT_SYMBOL_GPL(__supported_pte_mask); + + int force_personality32; +@@ -1185,7 +1185,7 @@ void __init mem_init(void) + mem_init_print_info(NULL); + } + +-int kernel_set_to_readonly; ++int kernel_set_to_readonly __ro_after_init; + + void set_kernel_text_rw(void) + { +@@ -1234,9 +1234,8 @@ void mark_rodata_ro(void) + + printk(KERN_INFO "Write protecting the kernel read-only data: %luk\n", + (end - start) >> 10); +- set_memory_ro(start, (end - start) >> PAGE_SHIFT); +- + kernel_set_to_readonly = 1; ++ set_memory_ro(start, (end - start) >> PAGE_SHIFT); + + /* + * The rodata/data/bss/brk section (but not the kernel text!) +diff --git a/block/blk-softirq.c b/block/blk-softirq.c +index 01e2b353a2b9..9aeddca4a29f 100644 +--- a/block/blk-softirq.c ++++ b/block/blk-softirq.c +@@ -20,7 +20,7 @@ static DEFINE_PER_CPU(struct list_head, blk_cpu_done); + * Softirq action handler - move entries to local list and loop over them + * while passing them to the queue registered handler. + */ +-static __latent_entropy void blk_done_softirq(struct softirq_action *h) ++static __latent_entropy void blk_done_softirq(void) + { + struct list_head *cpu_list, local_list; + +diff --git a/drivers/ata/libata-core.c b/drivers/ata/libata-core.c +index 473f150d6b22..65a65f9824ed 100644 +--- a/drivers/ata/libata-core.c ++++ b/drivers/ata/libata-core.c +@@ -5141,7 +5141,7 @@ void ata_qc_free(struct ata_queued_cmd *qc) + struct ata_port *ap; + unsigned int tag; + +- WARN_ON_ONCE(qc == NULL); /* ata_qc_from_tag _might_ return NULL */ ++ BUG_ON(qc == NULL); /* ata_qc_from_tag _might_ return NULL */ + ap = qc->ap; + + qc->flags = 0; +@@ -5158,7 +5158,7 @@ void __ata_qc_complete(struct ata_queued_cmd *qc) + struct ata_port *ap; + struct ata_link *link; + +- WARN_ON_ONCE(qc == NULL); /* ata_qc_from_tag _might_ return NULL */ ++ BUG_ON(qc == NULL); /* ata_qc_from_tag _might_ return NULL */ + WARN_ON_ONCE(!(qc->flags & ATA_QCFLAG_ACTIVE)); + ap = qc->ap; + link = qc->dev->link; +diff --git a/drivers/char/Kconfig b/drivers/char/Kconfig +index c28dca0c613d..d4813f0d25ca 100644 +--- a/drivers/char/Kconfig ++++ b/drivers/char/Kconfig +@@ -9,7 +9,6 @@ source "drivers/tty/Kconfig" + + config DEVMEM + bool "/dev/mem virtual device support" +- default y + help + Say Y here if you want to support the /dev/mem device. + The /dev/mem device is used to access areas of physical +@@ -568,7 +567,6 @@ config TELCLOCK + config DEVPORT + bool "/dev/port character device" + depends on ISA || PCI +- default y + help + Say Y here if you want to support the /dev/port device. The /dev/port + device is similar to /dev/mem, but for I/O ports. +diff --git a/drivers/media/dvb-frontends/cx24116.c b/drivers/media/dvb-frontends/cx24116.c +index e105532bfba8..e07d52bb9b62 100644 +--- a/drivers/media/dvb-frontends/cx24116.c ++++ b/drivers/media/dvb-frontends/cx24116.c +@@ -1462,7 +1462,7 @@ static int cx24116_tune(struct dvb_frontend *fe, bool re_tune, + return cx24116_read_status(fe, status); + } + +-static int cx24116_get_algo(struct dvb_frontend *fe) ++static enum dvbfe_algo cx24116_get_algo(struct dvb_frontend *fe) + { + return DVBFE_ALGO_HW; + } +diff --git a/drivers/media/dvb-frontends/cx24117.c b/drivers/media/dvb-frontends/cx24117.c +index d37cb7762bd6..97e0feff0ede 100644 +--- a/drivers/media/dvb-frontends/cx24117.c ++++ b/drivers/media/dvb-frontends/cx24117.c +@@ -1555,7 +1555,7 @@ static int cx24117_tune(struct dvb_frontend *fe, bool re_tune, + return cx24117_read_status(fe, status); + } + +-static int cx24117_get_algo(struct dvb_frontend *fe) ++static enum dvbfe_algo cx24117_get_algo(struct dvb_frontend *fe) + { + return DVBFE_ALGO_HW; + } +diff --git a/drivers/media/dvb-frontends/cx24120.c b/drivers/media/dvb-frontends/cx24120.c +index 7f11dcc94d85..01da670760ba 100644 +--- a/drivers/media/dvb-frontends/cx24120.c ++++ b/drivers/media/dvb-frontends/cx24120.c +@@ -1491,7 +1491,7 @@ static int cx24120_tune(struct dvb_frontend *fe, bool re_tune, + return cx24120_read_status(fe, status); + } + +-static int cx24120_get_algo(struct dvb_frontend *fe) ++static enum dvbfe_algo cx24120_get_algo(struct dvb_frontend *fe) + { + return DVBFE_ALGO_HW; + } +diff --git a/drivers/media/dvb-frontends/cx24123.c b/drivers/media/dvb-frontends/cx24123.c +index 1d59d1d3bd82..41cd0e9ea199 100644 +--- a/drivers/media/dvb-frontends/cx24123.c ++++ b/drivers/media/dvb-frontends/cx24123.c +@@ -1005,7 +1005,7 @@ static int cx24123_tune(struct dvb_frontend *fe, + return retval; + } + +-static int cx24123_get_algo(struct dvb_frontend *fe) ++static enum dvbfe_algo cx24123_get_algo(struct dvb_frontend *fe) + { + return DVBFE_ALGO_HW; + } +diff --git a/drivers/media/dvb-frontends/cxd2820r_core.c b/drivers/media/dvb-frontends/cxd2820r_core.c +index f6ebbb47b9b2..3e0d8cbd76da 100644 +--- a/drivers/media/dvb-frontends/cxd2820r_core.c ++++ b/drivers/media/dvb-frontends/cxd2820r_core.c +@@ -403,7 +403,7 @@ static enum dvbfe_search cxd2820r_search(struct dvb_frontend *fe) + return DVBFE_ALGO_SEARCH_ERROR; + } + +-static int cxd2820r_get_frontend_algo(struct dvb_frontend *fe) ++static enum dvbfe_algo cxd2820r_get_frontend_algo(struct dvb_frontend *fe) + { + return DVBFE_ALGO_CUSTOM; + } +diff --git a/drivers/media/dvb-frontends/mb86a20s.c b/drivers/media/dvb-frontends/mb86a20s.c +index e8ac8c3e2ec0..e0f4ba8302d1 100644 +--- a/drivers/media/dvb-frontends/mb86a20s.c ++++ b/drivers/media/dvb-frontends/mb86a20s.c +@@ -2055,7 +2055,7 @@ static void mb86a20s_release(struct dvb_frontend *fe) + kfree(state); + } + +-static int mb86a20s_get_frontend_algo(struct dvb_frontend *fe) ++static enum dvbfe_algo mb86a20s_get_frontend_algo(struct dvb_frontend *fe) + { + return DVBFE_ALGO_HW; + } +diff --git a/drivers/media/dvb-frontends/s921.c b/drivers/media/dvb-frontends/s921.c +index 274544a3ae0e..9ef9b9bc1bd2 100644 +--- a/drivers/media/dvb-frontends/s921.c ++++ b/drivers/media/dvb-frontends/s921.c +@@ -464,7 +464,7 @@ static int s921_tune(struct dvb_frontend *fe, + return rc; + } + +-static int s921_get_algo(struct dvb_frontend *fe) ++static enum dvbfe_algo s921_get_algo(struct dvb_frontend *fe) + { + return DVBFE_ALGO_HW; + } +diff --git a/drivers/media/pci/bt8xx/dst.c b/drivers/media/pci/bt8xx/dst.c +index 7166d2279465..fa682f9fdc4b 100644 +--- a/drivers/media/pci/bt8xx/dst.c ++++ b/drivers/media/pci/bt8xx/dst.c +@@ -1657,7 +1657,7 @@ static int dst_tune_frontend(struct dvb_frontend* fe, + return 0; + } + +-static int dst_get_tuning_algo(struct dvb_frontend *fe) ++static enum dvbfe_algo dst_get_tuning_algo(struct dvb_frontend *fe) + { + return dst_algo ? DVBFE_ALGO_HW : DVBFE_ALGO_SW; + } +diff --git a/drivers/media/pci/pt1/va1j5jf8007s.c b/drivers/media/pci/pt1/va1j5jf8007s.c +index f75f69556be7..d913a6050e8c 100644 +--- a/drivers/media/pci/pt1/va1j5jf8007s.c ++++ b/drivers/media/pci/pt1/va1j5jf8007s.c +@@ -98,7 +98,7 @@ static int va1j5jf8007s_read_snr(struct dvb_frontend *fe, u16 *snr) + return 0; + } + +-static int va1j5jf8007s_get_frontend_algo(struct dvb_frontend *fe) ++static enum dvbfe_algo va1j5jf8007s_get_frontend_algo(struct dvb_frontend *fe) + { + return DVBFE_ALGO_HW; + } +diff --git a/drivers/media/pci/pt1/va1j5jf8007t.c b/drivers/media/pci/pt1/va1j5jf8007t.c +index 63fda79a75c0..4115c3ccd4a8 100644 +--- a/drivers/media/pci/pt1/va1j5jf8007t.c ++++ b/drivers/media/pci/pt1/va1j5jf8007t.c +@@ -88,7 +88,7 @@ static int va1j5jf8007t_read_snr(struct dvb_frontend *fe, u16 *snr) + return 0; + } + +-static int va1j5jf8007t_get_frontend_algo(struct dvb_frontend *fe) ++static enum dvbfe_algo va1j5jf8007t_get_frontend_algo(struct dvb_frontend *fe) + { + return DVBFE_ALGO_HW; + } +diff --git a/drivers/misc/lkdtm_core.c b/drivers/misc/lkdtm_core.c +index 981b3ef71e47..9883da1da383 100644 +--- a/drivers/misc/lkdtm_core.c ++++ b/drivers/misc/lkdtm_core.c +@@ -78,7 +78,7 @@ static irqreturn_t jp_handle_irq_event(unsigned int irq, + return 0; + } + +-static void jp_tasklet_action(struct softirq_action *a) ++static void jp_tasklet_action(void) + { + lkdtm_handler(); + jprobe_return(); +diff --git a/drivers/tty/Kconfig b/drivers/tty/Kconfig +index b811442c5ce6..4f62a63cbcb1 100644 +--- a/drivers/tty/Kconfig ++++ b/drivers/tty/Kconfig +@@ -122,7 +122,6 @@ config UNIX98_PTYS + + config LEGACY_PTYS + bool "Legacy (BSD) PTY support" +- default y + ---help--- + A pseudo terminal (PTY) is a software device consisting of two + halves: a master and a slave. The slave device behaves identical to +diff --git a/drivers/tty/tty_io.c b/drivers/tty/tty_io.c +index 562d31073f9a..2184b9b5485f 100644 +--- a/drivers/tty/tty_io.c ++++ b/drivers/tty/tty_io.c +@@ -171,6 +171,7 @@ static void free_tty_struct(struct tty_struct *tty) + put_device(tty->dev); + kfree(tty->write_buf); + tty->magic = 0xDEADDEAD; ++ put_user_ns(tty->owner_user_ns); + kfree(tty); + } + +@@ -2154,11 +2155,19 @@ static int tty_fasync(int fd, struct file *filp, int on) + * FIXME: may race normal receive processing + */ + ++int tiocsti_restrict = IS_ENABLED(CONFIG_SECURITY_TIOCSTI_RESTRICT); ++ + static int tiocsti(struct tty_struct *tty, char __user *p) + { + char ch, mbz = 0; + struct tty_ldisc *ld; + ++ if (tiocsti_restrict && ++ !ns_capable(tty->owner_user_ns, CAP_SYS_ADMIN)) { ++ dev_warn_ratelimited(tty->dev, ++ "Denied TIOCSTI ioctl for non-privileged process\n"); ++ return -EPERM; ++ } + if ((current->signal->tty != tty) && !capable(CAP_SYS_ADMIN)) + return -EPERM; + if (get_user(ch, p)) +@@ -2841,6 +2850,7 @@ struct tty_struct *alloc_tty_struct(struct tty_driver *driver, int idx) + tty->index = idx; + tty_line_name(driver, idx, tty->name); + tty->dev = tty_get_device(tty); ++ tty->owner_user_ns = get_user_ns(current_user_ns()); + + return tty; + } +diff --git a/drivers/usb/core/hub.c b/drivers/usb/core/hub.c +index 442be7f312f6..788557d5c454 100644 +--- a/drivers/usb/core/hub.c ++++ b/drivers/usb/core/hub.c +@@ -38,6 +38,8 @@ + #define USB_VENDOR_GENESYS_LOGIC 0x05e3 + #define HUB_QUIRK_CHECK_PORT_AUTOSUSPEND 0x01 + ++extern int deny_new_usb; ++ + /* Protect struct usb_device->state and ->children members + * Note: Both are also protected by ->dev.sem, except that ->state can + * change to USB_STATE_NOTATTACHED even when the semaphore isn't held. */ +@@ -4806,6 +4808,12 @@ static void hub_port_connect(struct usb_hub *hub, int port1, u16 portstatus, + goto done; + return; + } ++ ++ if (deny_new_usb) { ++ dev_err(&port_dev->dev, "denied insert of USB device on port %d\n", port1); ++ goto done; ++ } ++ + if (hub_is_superspeed(hub->hdev)) + unit_load = 150; + else +diff --git a/fs/exec.c b/fs/exec.c +index 0da4d748b4e6..69fcee853363 100644 +--- a/fs/exec.c ++++ b/fs/exec.c +@@ -62,6 +62,7 @@ + #include <linux/oom.h> + #include <linux/compat.h> + #include <linux/vmalloc.h> ++#include <linux/random.h> + + #include <linux/uaccess.h> + #include <asm/mmu_context.h> +@@ -321,6 +322,8 @@ static int __bprm_mm_init(struct linux_binprm *bprm) + arch_bprm_mm_init(mm, vma); + up_write(&mm->mmap_sem); + bprm->p = vma->vm_end - sizeof(void *); ++ if (randomize_va_space) ++ bprm->p ^= get_random_int() & ~PAGE_MASK; + return 0; + err: + up_write(&mm->mmap_sem); +diff --git a/fs/namei.c b/fs/namei.c +index 0b46b858cd42..3ae8e72341da 100644 +--- a/fs/namei.c ++++ b/fs/namei.c +@@ -902,8 +902,8 @@ static inline void put_link(struct nameidata *nd) + path_put(&last->link); + } + +-int sysctl_protected_symlinks __read_mostly = 0; +-int sysctl_protected_hardlinks __read_mostly = 0; ++int sysctl_protected_symlinks __read_mostly = 1; ++int sysctl_protected_hardlinks __read_mostly = 1; + + /** + * may_follow_link - Check symlink following for unsafe situations +diff --git a/fs/nfs/Kconfig b/fs/nfs/Kconfig +index 5f93cfacb3d1..cea0d7d3b23e 100644 +--- a/fs/nfs/Kconfig ++++ b/fs/nfs/Kconfig +@@ -195,4 +195,3 @@ config NFS_DEBUG + bool + depends on NFS_FS && SUNRPC_DEBUG + select CRC32 +- default y +diff --git a/fs/pipe.c b/fs/pipe.c +index 8ef7d7bef775..b82f305ec13d 100644 +--- a/fs/pipe.c ++++ b/fs/pipe.c +@@ -38,7 +38,7 @@ unsigned int pipe_max_size = 1048576; + /* + * Minimum pipe size, as required by POSIX + */ +-unsigned int pipe_min_size = PAGE_SIZE; ++unsigned int pipe_min_size __read_only = PAGE_SIZE; + + /* Maximum allocatable pages per user. Hard limit is unset by default, soft + * matches default values. +diff --git a/fs/proc/Kconfig b/fs/proc/Kconfig +index 1ade1206bb89..60b0f76dec47 100644 +--- a/fs/proc/Kconfig ++++ b/fs/proc/Kconfig +@@ -39,7 +39,6 @@ config PROC_KCORE + config PROC_VMCORE + bool "/proc/vmcore support" + depends on PROC_FS && CRASH_DUMP +- default y + help + Exports the dump image of crashed kernel in ELF format. + +diff --git a/fs/stat.c b/fs/stat.c +index 873785dae022..d3c2ada8b9c7 100644 +--- a/fs/stat.c ++++ b/fs/stat.c +@@ -40,8 +40,13 @@ void generic_fillattr(struct inode *inode, struct kstat *stat) + stat->gid = inode->i_gid; + stat->rdev = inode->i_rdev; + stat->size = i_size_read(inode); +- stat->atime = inode->i_atime; +- stat->mtime = inode->i_mtime; ++ if (is_sidechannel_device(inode) && !capable_noaudit(CAP_MKNOD)) { ++ stat->atime = inode->i_ctime; ++ stat->mtime = inode->i_ctime; ++ } else { ++ stat->atime = inode->i_atime; ++ stat->mtime = inode->i_mtime; ++ } + stat->ctime = inode->i_ctime; + stat->blksize = i_blocksize(inode); + stat->blocks = inode->i_blocks; +@@ -75,9 +80,14 @@ int vfs_getattr_nosec(const struct path *path, struct kstat *stat, + stat->result_mask |= STATX_BASIC_STATS; + request_mask &= STATX_ALL; + query_flags &= KSTAT_QUERY_FLAGS; +- if (inode->i_op->getattr) +- return inode->i_op->getattr(path, stat, request_mask, +- query_flags); ++ if (inode->i_op->getattr) { ++ int retval = inode->i_op->getattr(path, stat, request_mask, query_flags); ++ if (!retval && is_sidechannel_device(inode) && !capable_noaudit(CAP_MKNOD)) { ++ stat->atime = stat->ctime; ++ stat->mtime = stat->ctime; ++ } ++ return retval; ++ } + + generic_fillattr(inode, stat); + return 0; +diff --git a/include/linux/cache.h b/include/linux/cache.h +index 750621e41d1c..e7157c18c62c 100644 +--- a/include/linux/cache.h ++++ b/include/linux/cache.h +@@ -31,6 +31,8 @@ + #define __ro_after_init __attribute__((__section__(".data..ro_after_init"))) + #endif + ++#define __read_only __ro_after_init ++ + #ifndef ____cacheline_aligned + #define ____cacheline_aligned __attribute__((__aligned__(SMP_CACHE_BYTES))) + #endif +diff --git a/include/linux/capability.h b/include/linux/capability.h +index f640dcbc880c..2b4f5d651f19 100644 +--- a/include/linux/capability.h ++++ b/include/linux/capability.h +@@ -207,6 +207,7 @@ extern bool has_capability_noaudit(struct task_struct *t, int cap); + extern bool has_ns_capability_noaudit(struct task_struct *t, + struct user_namespace *ns, int cap); + extern bool capable(int cap); ++extern bool capable_noaudit(int cap); + extern bool ns_capable(struct user_namespace *ns, int cap); + extern bool ns_capable_noaudit(struct user_namespace *ns, int cap); + #else +@@ -232,6 +233,10 @@ static inline bool capable(int cap) + { + return true; + } ++static inline bool capable_noaudit(int cap) ++{ ++ return true; ++} + static inline bool ns_capable(struct user_namespace *ns, int cap) + { + return true; +diff --git a/include/linux/fs.h b/include/linux/fs.h +index cc613f20e5a6..7606596d6c2e 100644 +--- a/include/linux/fs.h ++++ b/include/linux/fs.h +@@ -3392,4 +3392,15 @@ static inline bool dir_relax_shared(struct inode *inode) + extern bool path_noexec(const struct path *path); + extern void inode_nohighmem(struct inode *inode); + ++extern int device_sidechannel_restrict; ++ ++static inline bool is_sidechannel_device(const struct inode *inode) ++{ ++ umode_t mode; ++ if (!device_sidechannel_restrict) ++ return false; ++ mode = inode->i_mode; ++ return ((S_ISCHR(mode) || S_ISBLK(mode)) && (mode & (S_IROTH | S_IWOTH))); ++} ++ + #endif /* _LINUX_FS_H */ +diff --git a/include/linux/fsnotify.h b/include/linux/fsnotify.h +index bdaf22582f6e..326ff15d4637 100644 +--- a/include/linux/fsnotify.h ++++ b/include/linux/fsnotify.h +@@ -181,6 +181,9 @@ static inline void fsnotify_access(struct file *file) + struct inode *inode = path->dentry->d_inode; + __u32 mask = FS_ACCESS; + ++ if (is_sidechannel_device(inode)) ++ return; ++ + if (S_ISDIR(inode->i_mode)) + mask |= FS_ISDIR; + +@@ -199,6 +202,9 @@ static inline void fsnotify_modify(struct file *file) + struct inode *inode = path->dentry->d_inode; + __u32 mask = FS_MODIFY; + ++ if (is_sidechannel_device(inode)) ++ return; ++ + if (S_ISDIR(inode->i_mode)) + mask |= FS_ISDIR; + +diff --git a/include/linux/gfp.h b/include/linux/gfp.h +index b041f94678de..a5e0175c79e0 100644 +--- a/include/linux/gfp.h ++++ b/include/linux/gfp.h +@@ -518,9 +518,9 @@ extern struct page *alloc_pages_vma(gfp_t gfp_mask, int order, + extern unsigned long __get_free_pages(gfp_t gfp_mask, unsigned int order); + extern unsigned long get_zeroed_page(gfp_t gfp_mask); + +-void *alloc_pages_exact(size_t size, gfp_t gfp_mask); ++void *alloc_pages_exact(size_t size, gfp_t gfp_mask) __attribute__((alloc_size(1))); + void free_pages_exact(void *virt, size_t size); +-void * __meminit alloc_pages_exact_nid(int nid, size_t size, gfp_t gfp_mask); ++void * __meminit alloc_pages_exact_nid(int nid, size_t size, gfp_t gfp_mask) __attribute__((alloc_size(1))); + + #define __get_free_page(gfp_mask) \ + __get_free_pages((gfp_mask), 0) +diff --git a/include/linux/highmem.h b/include/linux/highmem.h +index 776f90f3a1cd..3f5c47000059 100644 +--- a/include/linux/highmem.h ++++ b/include/linux/highmem.h +@@ -191,6 +191,13 @@ static inline void clear_highpage(struct page *page) + kunmap_atomic(kaddr); + } + ++static inline void verify_zero_highpage(struct page *page) ++{ ++ void *kaddr = kmap_atomic(page); ++ BUG_ON(memchr_inv(kaddr, 0, PAGE_SIZE)); ++ kunmap_atomic(kaddr); ++} ++ + static inline void zero_user_segments(struct page *page, + unsigned start1, unsigned end1, + unsigned start2, unsigned end2) +diff --git a/include/linux/interrupt.h b/include/linux/interrupt.h +index 69c238210325..ee487ea4f48f 100644 +--- a/include/linux/interrupt.h ++++ b/include/linux/interrupt.h +@@ -485,7 +485,7 @@ extern const char * const softirq_to_name[NR_SOFTIRQS]; + + struct softirq_action + { +- void (*action)(struct softirq_action *); ++ void (*action)(void); + }; + + asmlinkage void do_softirq(void); +@@ -500,7 +500,7 @@ static inline void do_softirq_own_stack(void) + } + #endif + +-extern void open_softirq(int nr, void (*action)(struct softirq_action *)); ++extern void __init open_softirq(int nr, void (*action)(void)); + extern void softirq_init(void); + extern void __raise_softirq_irqoff(unsigned int nr); + +diff --git a/include/linux/kobject_ns.h b/include/linux/kobject_ns.h +index df32d2508290..c992d130b94d 100644 +--- a/include/linux/kobject_ns.h ++++ b/include/linux/kobject_ns.h +@@ -46,7 +46,7 @@ struct kobj_ns_type_operations { + void (*drop_ns)(void *); + }; + +-int kobj_ns_type_register(const struct kobj_ns_type_operations *ops); ++int __init kobj_ns_type_register(const struct kobj_ns_type_operations *ops); + int kobj_ns_type_registered(enum kobj_ns_type type); + const struct kobj_ns_type_operations *kobj_child_ns_ops(struct kobject *parent); + const struct kobj_ns_type_operations *kobj_ns_ops(struct kobject *kobj); +diff --git a/include/linux/mm.h b/include/linux/mm.h +index f23215854c80..98df98c44cc0 100644 +--- a/include/linux/mm.h ++++ b/include/linux/mm.h +@@ -525,7 +525,7 @@ static inline int is_vmalloc_or_module_addr(const void *x) + } + #endif + +-extern void *kvmalloc_node(size_t size, gfp_t flags, int node); ++extern void *kvmalloc_node(size_t size, gfp_t flags, int node) __attribute__((alloc_size(1))); + static inline void *kvmalloc(size_t size, gfp_t flags) + { + return kvmalloc_node(size, flags, NUMA_NO_NODE); +diff --git a/include/linux/percpu.h b/include/linux/percpu.h +index 296bbe49d5d1..b26652c9a98d 100644 +--- a/include/linux/percpu.h ++++ b/include/linux/percpu.h +@@ -129,7 +129,7 @@ extern int __init pcpu_page_first_chunk(size_t reserved_size, + pcpu_fc_populate_pte_fn_t populate_pte_fn); + #endif + +-extern void __percpu *__alloc_reserved_percpu(size_t size, size_t align); ++extern void __percpu *__alloc_reserved_percpu(size_t size, size_t align) __attribute__((alloc_size(1))); + extern bool __is_kernel_percpu_address(unsigned long addr, unsigned long *can_addr); + extern bool is_kernel_percpu_address(unsigned long addr); + +@@ -137,8 +137,8 @@ extern bool is_kernel_percpu_address(unsigned long addr); + extern void __init setup_per_cpu_areas(void); + #endif + +-extern void __percpu *__alloc_percpu_gfp(size_t size, size_t align, gfp_t gfp); +-extern void __percpu *__alloc_percpu(size_t size, size_t align); ++extern void __percpu *__alloc_percpu_gfp(size_t size, size_t align, gfp_t gfp) __attribute__((alloc_size(1))); ++extern void __percpu *__alloc_percpu(size_t size, size_t align) __attribute__((alloc_size(1))); + extern void free_percpu(void __percpu *__pdata); + extern phys_addr_t per_cpu_ptr_to_phys(void *addr); + +diff --git a/include/linux/perf_event.h b/include/linux/perf_event.h +index 8e22f24ded6a..b7fecdfa6de5 100644 +--- a/include/linux/perf_event.h ++++ b/include/linux/perf_event.h +@@ -1165,6 +1165,11 @@ extern int perf_cpu_time_max_percent_handler(struct ctl_table *table, int write, + int perf_event_max_stack_handler(struct ctl_table *table, int write, + void __user *buffer, size_t *lenp, loff_t *ppos); + ++static inline bool perf_paranoid_any(void) ++{ ++ return sysctl_perf_event_paranoid > 2; ++} ++ + static inline bool perf_paranoid_tracepoint_raw(void) + { + return sysctl_perf_event_paranoid > -1; +diff --git a/include/linux/slab.h b/include/linux/slab.h +index ae5ed6492d54..fd0786124504 100644 +--- a/include/linux/slab.h ++++ b/include/linux/slab.h +@@ -146,8 +146,8 @@ void memcg_destroy_kmem_caches(struct mem_cgroup *); + /* + * Common kmalloc functions provided by all allocators + */ +-void * __must_check __krealloc(const void *, size_t, gfp_t); +-void * __must_check krealloc(const void *, size_t, gfp_t); ++void * __must_check __krealloc(const void *, size_t, gfp_t) __attribute__((alloc_size(2))); ++void * __must_check krealloc(const void *, size_t, gfp_t) __attribute((alloc_size(2))); + void kfree(const void *); + void kzfree(const void *); + size_t ksize(const void *); +@@ -324,7 +324,7 @@ static __always_inline int kmalloc_index(size_t size) + } + #endif /* !CONFIG_SLOB */ + +-void *__kmalloc(size_t size, gfp_t flags) __assume_kmalloc_alignment __malloc; ++void *__kmalloc(size_t size, gfp_t flags) __assume_kmalloc_alignment __malloc __attribute__((alloc_size(1))); + void *kmem_cache_alloc(struct kmem_cache *, gfp_t flags) __assume_slab_alignment __malloc; + void kmem_cache_free(struct kmem_cache *, void *); + +@@ -348,7 +348,7 @@ static __always_inline void kfree_bulk(size_t size, void **p) + } + + #ifdef CONFIG_NUMA +-void *__kmalloc_node(size_t size, gfp_t flags, int node) __assume_kmalloc_alignment __malloc; ++void *__kmalloc_node(size_t size, gfp_t flags, int node) __assume_kmalloc_alignment __malloc __attribute__((alloc_size(1))); + void *kmem_cache_alloc_node(struct kmem_cache *, gfp_t flags, int node) __assume_slab_alignment __malloc; + #else + static __always_inline void *__kmalloc_node(size_t size, gfp_t flags, int node) +@@ -473,7 +473,7 @@ static __always_inline void *kmalloc_large(size_t size, gfp_t flags) + * for general use, and so are not documented here. For a full list of + * potential flags, always refer to linux/gfp.h. + */ +-static __always_inline void *kmalloc(size_t size, gfp_t flags) ++static __always_inline __attribute__((alloc_size(1))) void *kmalloc(size_t size, gfp_t flags) + { + if (__builtin_constant_p(size)) { + if (size > KMALLOC_MAX_CACHE_SIZE) +@@ -513,7 +513,7 @@ static __always_inline int kmalloc_size(int n) + return 0; + } + +-static __always_inline void *kmalloc_node(size_t size, gfp_t flags, int node) ++static __always_inline __attribute__((alloc_size(1))) void *kmalloc_node(size_t size, gfp_t flags, int node) + { + #ifndef CONFIG_SLOB + if (__builtin_constant_p(size) && +diff --git a/include/linux/slub_def.h b/include/linux/slub_def.h +index 39fa09bcde23..0b7a48cd883b 100644 +--- a/include/linux/slub_def.h ++++ b/include/linux/slub_def.h +@@ -120,6 +120,11 @@ struct kmem_cache { + unsigned long random; + #endif + ++#ifdef CONFIG_SLAB_CANARY ++ unsigned long random_active; ++ unsigned long random_inactive; ++#endif ++ + #ifdef CONFIG_NUMA + /* + * Defragmentation by allocating from a remote node. +diff --git a/include/linux/string.h b/include/linux/string.h +index cfd83eb2f926..b9ecb42c762d 100644 +--- a/include/linux/string.h ++++ b/include/linux/string.h +@@ -234,10 +234,16 @@ void __read_overflow2(void) __compiletime_error("detected read beyond size of ob + void __read_overflow3(void) __compiletime_error("detected read beyond size of object passed as 3rd parameter"); + void __write_overflow(void) __compiletime_error("detected write beyond size of object passed as 1st parameter"); + ++#ifdef CONFIG_FORTIFY_SOURCE_STRICT_STRING ++#define __string_size(p) __builtin_object_size(p, 1) ++#else ++#define __string_size(p) __builtin_object_size(p, 0) ++#endif ++ + #if !defined(__NO_FORTIFY) && defined(__OPTIMIZE__) && defined(CONFIG_FORTIFY_SOURCE) + __FORTIFY_INLINE char *strncpy(char *p, const char *q, __kernel_size_t size) + { +- size_t p_size = __builtin_object_size(p, 0); ++ size_t p_size = __string_size(p); + if (__builtin_constant_p(size) && p_size < size) + __write_overflow(); + if (p_size < size) +@@ -247,7 +253,7 @@ __FORTIFY_INLINE char *strncpy(char *p, const char *q, __kernel_size_t size) + + __FORTIFY_INLINE char *strcat(char *p, const char *q) + { +- size_t p_size = __builtin_object_size(p, 0); ++ size_t p_size = __string_size(p); + if (p_size == (size_t)-1) + return __builtin_strcat(p, q); + if (strlcat(p, q, p_size) >= p_size) +@@ -258,7 +264,7 @@ __FORTIFY_INLINE char *strcat(char *p, const char *q) + __FORTIFY_INLINE __kernel_size_t strlen(const char *p) + { + __kernel_size_t ret; +- size_t p_size = __builtin_object_size(p, 0); ++ size_t p_size = __string_size(p); + + /* Work around gcc excess stack consumption issue */ + if (p_size == (size_t)-1 || +@@ -273,7 +279,7 @@ __FORTIFY_INLINE __kernel_size_t strlen(const char *p) + extern __kernel_size_t __real_strnlen(const char *, __kernel_size_t) __RENAME(strnlen); + __FORTIFY_INLINE __kernel_size_t strnlen(const char *p, __kernel_size_t maxlen) + { +- size_t p_size = __builtin_object_size(p, 0); ++ size_t p_size = __string_size(p); + __kernel_size_t ret = __real_strnlen(p, maxlen < p_size ? maxlen : p_size); + if (p_size <= ret && maxlen != ret) + fortify_panic(__func__); +@@ -285,8 +291,8 @@ extern size_t __real_strlcpy(char *, const char *, size_t) __RENAME(strlcpy); + __FORTIFY_INLINE size_t strlcpy(char *p, const char *q, size_t size) + { + size_t ret; +- size_t p_size = __builtin_object_size(p, 0); +- size_t q_size = __builtin_object_size(q, 0); ++ size_t p_size = __string_size(p); ++ size_t q_size = __string_size(q); + if (p_size == (size_t)-1 && q_size == (size_t)-1) + return __real_strlcpy(p, q, size); + ret = strlen(q); +@@ -306,8 +312,8 @@ __FORTIFY_INLINE size_t strlcpy(char *p, const char *q, size_t size) + __FORTIFY_INLINE char *strncat(char *p, const char *q, __kernel_size_t count) + { + size_t p_len, copy_len; +- size_t p_size = __builtin_object_size(p, 0); +- size_t q_size = __builtin_object_size(q, 0); ++ size_t p_size = __string_size(p); ++ size_t q_size = __string_size(q); + if (p_size == (size_t)-1 && q_size == (size_t)-1) + return __builtin_strncat(p, q, count); + p_len = strlen(p); +@@ -420,8 +426,8 @@ __FORTIFY_INLINE void *kmemdup(const void *p, size_t size, gfp_t gfp) + /* defined after fortified strlen and memcpy to reuse them */ + __FORTIFY_INLINE char *strcpy(char *p, const char *q) + { +- size_t p_size = __builtin_object_size(p, 0); +- size_t q_size = __builtin_object_size(q, 0); ++ size_t p_size = __string_size(p); ++ size_t q_size = __string_size(q); + if (p_size == (size_t)-1 && q_size == (size_t)-1) + return __builtin_strcpy(p, q); + memcpy(p, q, strlen(q) + 1); +diff --git a/include/linux/tty.h b/include/linux/tty.h +index 1dd587ba6d88..9a9a04fb641d 100644 +--- a/include/linux/tty.h ++++ b/include/linux/tty.h +@@ -13,6 +13,7 @@ + #include <uapi/linux/tty.h> + #include <linux/rwsem.h> + #include <linux/llist.h> ++#include <linux/user_namespace.h> + + + /* +@@ -335,6 +336,7 @@ struct tty_struct { + /* If the tty has a pending do_SAK, queue it here - akpm */ + struct work_struct SAK_work; + struct tty_port *port; ++ struct user_namespace *owner_user_ns; + } __randomize_layout; + + /* Each of a tty's open files has private_data pointing to tty_file_private */ +@@ -344,6 +346,8 @@ struct tty_file_private { + struct list_head list; + }; + ++extern int tiocsti_restrict; ++ + /* tty magic number */ + #define TTY_MAGIC 0x5401 + +diff --git a/include/linux/vmalloc.h b/include/linux/vmalloc.h +index 1e5d8c392f15..66d0e49c9987 100644 +--- a/include/linux/vmalloc.h ++++ b/include/linux/vmalloc.h +@@ -68,19 +68,19 @@ static inline void vmalloc_init(void) + } + #endif + +-extern void *vmalloc(unsigned long size); +-extern void *vzalloc(unsigned long size); +-extern void *vmalloc_user(unsigned long size); +-extern void *vmalloc_node(unsigned long size, int node); +-extern void *vzalloc_node(unsigned long size, int node); +-extern void *vmalloc_exec(unsigned long size); +-extern void *vmalloc_32(unsigned long size); +-extern void *vmalloc_32_user(unsigned long size); +-extern void *__vmalloc(unsigned long size, gfp_t gfp_mask, pgprot_t prot); ++extern void *vmalloc(unsigned long size) __attribute__((alloc_size(1))); ++extern void *vzalloc(unsigned long size) __attribute__((alloc_size(1))); ++extern void *vmalloc_user(unsigned long size) __attribute__((alloc_size(1))); ++extern void *vmalloc_node(unsigned long size, int node) __attribute__((alloc_size(1))); ++extern void *vzalloc_node(unsigned long size, int node) __attribute__((alloc_size(1))); ++extern void *vmalloc_exec(unsigned long size) __attribute__((alloc_size(1))); ++extern void *vmalloc_32(unsigned long size) __attribute__((alloc_size(1))); ++extern void *vmalloc_32_user(unsigned long size) __attribute__((alloc_size(1))); ++extern void *__vmalloc(unsigned long size, gfp_t gfp_mask, pgprot_t prot) __attribute__((alloc_size(1))); + extern void *__vmalloc_node_range(unsigned long size, unsigned long align, + unsigned long start, unsigned long end, gfp_t gfp_mask, + pgprot_t prot, unsigned long vm_flags, int node, +- const void *caller); ++ const void *caller) __attribute__((alloc_size(1))); + #ifndef CONFIG_MMU + extern void *__vmalloc_node_flags(unsigned long size, int node, gfp_t flags); + static inline void *__vmalloc_node_flags_caller(unsigned long size, int node, +diff --git a/init/Kconfig b/init/Kconfig +index 46075327c165..0c78750bc76d 100644 +--- a/init/Kconfig ++++ b/init/Kconfig +@@ -309,6 +309,7 @@ config USELIB + config AUDIT + bool "Auditing support" + depends on NET ++ default y + help + Enable auditing infrastructure that can be used with another + kernel subsystem, such as SELinux (which requires this for +@@ -1052,6 +1053,12 @@ config CC_OPTIMIZE_FOR_SIZE + + endchoice + ++config LOCAL_INIT ++ bool "Zero uninitialized locals" ++ help ++ Zero-fill uninitialized local variables, other than variable-length ++ arrays. Requires compiler support. ++ + config SYSCTL + bool + +@@ -1361,8 +1368,7 @@ config SHMEM + which may be appropriate on small systems without swap. + + config AIO +- bool "Enable AIO support" if EXPERT +- default y ++ bool "Enable AIO support" + help + This option enables POSIX asynchronous I/O which may by used + by some high performance threaded applications. Disabling +@@ -1491,7 +1497,7 @@ config VM_EVENT_COUNTERS + + config SLUB_DEBUG + default y +- bool "Enable SLUB debugging support" if EXPERT ++ bool "Enable SLUB debugging support" + depends on SLUB && SYSFS + help + SLUB has extensive debug support features. Disabling these can +@@ -1515,7 +1521,6 @@ config SLUB_MEMCG_SYSFS_ON + + config COMPAT_BRK + bool "Disable heap randomization" +- default y + help + Randomizing heap placement makes heap exploits harder, but it + also breaks ancient binaries (including anything libc5 based). +@@ -1562,7 +1567,6 @@ endchoice + + config SLAB_MERGE_DEFAULT + bool "Allow slab caches to be merged" +- default y + help + For reduced kernel memory fragmentation, slab caches can be + merged when they share the same size and other characteristics. +@@ -1575,9 +1579,9 @@ config SLAB_MERGE_DEFAULT + command line. + + config SLAB_FREELIST_RANDOM +- default n + depends on SLAB || SLUB + bool "SLAB freelist randomization" ++ default y + help + Randomizes the freelist order used on creating new pages. This + security feature reduces the predictability of the kernel slab +@@ -1586,12 +1590,56 @@ config SLAB_FREELIST_RANDOM + config SLAB_FREELIST_HARDENED + bool "Harden slab freelist metadata" + depends on SLUB ++ default y + help + Many kernel heap attacks try to target slab cache metadata and + other infrastructure. This options makes minor performance + sacrifies to harden the kernel slab allocator against common + freelist exploit methods. + ++config SLAB_HARDENED ++ default y ++ depends on SLUB ++ bool "Hardened SLAB infrastructure" ++ help ++ Make minor performance sacrifices to harden the kernel slab ++ allocator. ++ ++config SLAB_CANARY ++ depends on SLUB ++ depends on !SLAB_MERGE_DEFAULT ++ bool "SLAB canaries" ++ default y ++ help ++ Place canaries at the end of kernel slab allocations, sacrificing ++ some performance and memory usage for security. ++ ++ Canaries can detect some forms of heap corruption when allocations ++ are freed and as part of the HARDENED_USERCOPY feature. It provides ++ basic use-after-free detection for HARDENED_USERCOPY. ++ ++ Canaries absorb small overflows (rendering them harmless), mitigate ++ non-NUL terminated C string overflows on 64-bit via a guaranteed zero ++ byte and provide basic double-free detection. ++ ++config SLAB_SANITIZE ++ bool "Sanitize SLAB allocations" ++ depends on SLUB ++ default y ++ help ++ Zero fill slab allocations on free, reducing the lifetime of ++ sensitive data and helping to mitigate use-after-free bugs. ++ ++ For slabs with debug poisoning enabling, this has no impact. ++ ++config SLAB_SANITIZE_VERIFY ++ depends on SLAB_SANITIZE && PAGE_SANITIZE ++ default y ++ bool "Verify sanitized SLAB allocations" ++ help ++ Verify that newly allocated slab allocations are zeroed to detect ++ write-after-free bugs. ++ + config SLUB_CPU_PARTIAL + default y + depends on SLUB && SMP +diff --git a/kernel/audit.c b/kernel/audit.c +index 5b34d3114af4..e57930192ce1 100644 +--- a/kernel/audit.c ++++ b/kernel/audit.c +@@ -1573,6 +1573,9 @@ static int __init audit_enable(char *str) + audit_default = !!simple_strtol(str, NULL, 0); + if (!audit_default) + audit_initialized = AUDIT_DISABLED; ++ else ++ audit_initialized = AUDIT_UNINITIALIZED; ++ + audit_enabled = audit_default; + audit_ever_enabled = !!audit_enabled; + +diff --git a/kernel/bpf/core.c b/kernel/bpf/core.c +index d203a5d6b726..2a6c3e2c57a6 100644 +--- a/kernel/bpf/core.c ++++ b/kernel/bpf/core.c +@@ -539,7 +539,7 @@ void __weak bpf_jit_free(struct bpf_prog *fp) + bpf_prog_unlock_free(fp); + } + +-int bpf_jit_harden __read_mostly; ++int bpf_jit_harden __read_mostly = 2; + + static int bpf_jit_blind_insn(const struct bpf_insn *from, + const struct bpf_insn *aux, +diff --git a/kernel/bpf/syscall.c b/kernel/bpf/syscall.c +index 4e933219fec6..0f37db32a2b1 100644 +--- a/kernel/bpf/syscall.c ++++ b/kernel/bpf/syscall.c +@@ -37,7 +37,7 @@ static DEFINE_SPINLOCK(prog_idr_lock); + static DEFINE_IDR(map_idr); + static DEFINE_SPINLOCK(map_idr_lock); + +-int sysctl_unprivileged_bpf_disabled __read_mostly; ++int sysctl_unprivileged_bpf_disabled __read_mostly = 1; + + static const struct bpf_map_ops * const bpf_map_types[] = { + #define BPF_PROG_TYPE(_id, _ops) +diff --git a/kernel/capability.c b/kernel/capability.c +index 1e1c0236f55b..452062fe45ce 100644 +--- a/kernel/capability.c ++++ b/kernel/capability.c +@@ -431,6 +431,12 @@ bool capable(int cap) + return ns_capable(&init_user_ns, cap); + } + EXPORT_SYMBOL(capable); ++ ++bool capable_noaudit(int cap) ++{ ++ return ns_capable_noaudit(&init_user_ns, cap); ++} ++EXPORT_SYMBOL(capable_noaudit); + #endif /* CONFIG_MULTIUSER */ + + /** +diff --git a/kernel/events/core.c b/kernel/events/core.c +index cb8274d7824f..c1b3d232b0a4 100644 +--- a/kernel/events/core.c ++++ b/kernel/events/core.c +@@ -397,8 +397,13 @@ static cpumask_var_t perf_online_mask; + * 0 - disallow raw tracepoint access for unpriv + * 1 - disallow cpu events for unpriv + * 2 - disallow kernel profiling for unpriv ++ * 3 - disallow all unpriv perf event use + */ ++#ifdef CONFIG_SECURITY_PERF_EVENTS_RESTRICT ++int sysctl_perf_event_paranoid __read_mostly = 3; ++#else + int sysctl_perf_event_paranoid __read_mostly = 2; ++#endif + + /* Minimum for 512 kiB + 1 user control page */ + int sysctl_perf_event_mlock __read_mostly = 512 + (PAGE_SIZE / 1024); /* 'free' kiB per user */ +@@ -9941,6 +9946,9 @@ SYSCALL_DEFINE5(perf_event_open, + if (flags & ~PERF_FLAG_ALL) + return -EINVAL; + ++ if (perf_paranoid_any() && !capable(CAP_SYS_ADMIN)) ++ return -EACCES; ++ + err = perf_copy_attr(attr_uptr, &attr); + if (err) + return err; +diff --git a/kernel/fork.c b/kernel/fork.c +index 98c91bd341b4..dbb9540ee61c 100644 +--- a/kernel/fork.c ++++ b/kernel/fork.c +@@ -102,6 +102,11 @@ + + #define CREATE_TRACE_POINTS + #include <trace/events/task.h> ++#ifdef CONFIG_USER_NS ++extern int unprivileged_userns_clone; ++#else ++#define unprivileged_userns_clone 0 ++#endif + + /* + * Minimum number of threads to boot the kernel +@@ -1554,6 +1559,10 @@ static __latent_entropy struct task_struct *copy_process( + if ((clone_flags & (CLONE_NEWUSER|CLONE_FS)) == (CLONE_NEWUSER|CLONE_FS)) + return ERR_PTR(-EINVAL); + ++ if ((clone_flags & CLONE_NEWUSER) && !unprivileged_userns_clone) ++ if (!capable(CAP_SYS_ADMIN)) ++ return ERR_PTR(-EPERM); ++ + /* + * Thread groups must share signals as well, and detached threads + * can only be started up within the thread group. +@@ -2347,6 +2356,12 @@ SYSCALL_DEFINE1(unshare, unsigned long, unshare_flags) + if (unshare_flags & CLONE_NEWNS) + unshare_flags |= CLONE_FS; + ++ if ((unshare_flags & CLONE_NEWUSER) && !unprivileged_userns_clone) { ++ err = -EPERM; ++ if (!capable(CAP_SYS_ADMIN)) ++ goto bad_unshare_out; ++ } ++ + err = check_unshare_flags(unshare_flags); + if (err) + goto bad_unshare_out; +diff --git a/kernel/power/snapshot.c b/kernel/power/snapshot.c +index 0972a8e09d08..00dde7aad47a 100644 +--- a/kernel/power/snapshot.c ++++ b/kernel/power/snapshot.c +@@ -1136,7 +1136,7 @@ void free_basic_memory_bitmaps(void) + + void clear_free_pages(void) + { +-#ifdef CONFIG_PAGE_POISONING_ZERO ++#if defined(CONFIG_PAGE_POISONING_ZERO) || defined(CONFIG_PAGE_SANITIZE) + struct memory_bitmap *bm = free_pages_map; + unsigned long pfn; + +@@ -1153,7 +1153,7 @@ void clear_free_pages(void) + } + memory_bm_position_reset(bm); + pr_info("PM: free pages cleared after restore\n"); +-#endif /* PAGE_POISONING_ZERO */ ++#endif /* PAGE_POISONING_ZERO || PAGE_SANITIZE */ + } + + /** +diff --git a/kernel/rcu/tiny.c b/kernel/rcu/tiny.c +index a64eee0db39e..4d7de378fe4c 100644 +--- a/kernel/rcu/tiny.c ++++ b/kernel/rcu/tiny.c +@@ -164,7 +164,7 @@ static void __rcu_process_callbacks(struct rcu_ctrlblk *rcp) + } + } + +-static __latent_entropy void rcu_process_callbacks(struct softirq_action *unused) ++static __latent_entropy void rcu_process_callbacks(void) + { + __rcu_process_callbacks(&rcu_sched_ctrlblk); + __rcu_process_callbacks(&rcu_bh_ctrlblk); +diff --git a/kernel/rcu/tree.c b/kernel/rcu/tree.c +index 3e3650e94ae6..7ecd7a5d04b3 100644 +--- a/kernel/rcu/tree.c ++++ b/kernel/rcu/tree.c +@@ -2918,7 +2918,7 @@ __rcu_process_callbacks(struct rcu_state *rsp) + /* + * Do RCU core processing for the current CPU. + */ +-static __latent_entropy void rcu_process_callbacks(struct softirq_action *unused) ++static __latent_entropy void rcu_process_callbacks(void) + { + struct rcu_state *rsp; + +diff --git a/kernel/sched/fair.c b/kernel/sched/fair.c +index 5c09ddf8c832..f5db6ece105a 100644 +--- a/kernel/sched/fair.c ++++ b/kernel/sched/fair.c +@@ -8986,7 +8986,7 @@ static void nohz_idle_balance(struct rq *this_rq, enum cpu_idle_type idle) { } + * run_rebalance_domains is triggered when needed from the scheduler tick. + * Also triggered for nohz idle balancing (with nohz_balancing_kick set). + */ +-static __latent_entropy void run_rebalance_domains(struct softirq_action *h) ++static __latent_entropy void run_rebalance_domains(void) + { + struct rq *this_rq = this_rq(); + enum cpu_idle_type idle = this_rq->idle_balance ? +diff --git a/kernel/softirq.c b/kernel/softirq.c +index e89c3b0cff6d..0d3ebd520931 100644 +--- a/kernel/softirq.c ++++ b/kernel/softirq.c +@@ -53,7 +53,7 @@ irq_cpustat_t irq_stat[NR_CPUS] ____cacheline_aligned; + EXPORT_SYMBOL(irq_stat); + #endif + +-static struct softirq_action softirq_vec[NR_SOFTIRQS] __cacheline_aligned_in_smp; ++static struct softirq_action softirq_vec[NR_SOFTIRQS] __ro_after_init __aligned(PAGE_SIZE); + + DEFINE_PER_CPU(struct task_struct *, ksoftirqd); + +@@ -281,7 +281,7 @@ asmlinkage __visible void __softirq_entry __do_softirq(void) + kstat_incr_softirqs_this_cpu(vec_nr); + + trace_softirq_entry(vec_nr); +- h->action(h); ++ h->action(); + trace_softirq_exit(vec_nr); + if (unlikely(prev_count != preempt_count())) { + pr_err("huh, entered softirq %u %s %p with preempt_count %08x, exited with %08x?\n", +@@ -444,7 +444,7 @@ void __raise_softirq_irqoff(unsigned int nr) + or_softirq_pending(1UL << nr); + } + +-void open_softirq(int nr, void (*action)(struct softirq_action *)) ++void __init open_softirq(int nr, void (*action)(void)) + { + softirq_vec[nr].action = action; + } +@@ -486,7 +486,7 @@ void __tasklet_hi_schedule(struct tasklet_struct *t) + } + EXPORT_SYMBOL(__tasklet_hi_schedule); + +-static __latent_entropy void tasklet_action(struct softirq_action *a) ++static __latent_entropy void tasklet_action(void) + { + struct tasklet_struct *list; + +@@ -522,7 +522,7 @@ static __latent_entropy void tasklet_action(struct softirq_action *a) + } + } + +-static __latent_entropy void tasklet_hi_action(struct softirq_action *a) ++static __latent_entropy void tasklet_hi_action(void) + { + struct tasklet_struct *list; + +diff --git a/kernel/sysctl.c b/kernel/sysctl.c +index 069550540a39..822783a174aa 100644 +--- a/kernel/sysctl.c ++++ b/kernel/sysctl.c +@@ -66,6 +66,7 @@ + #include <linux/kexec.h> + #include <linux/bpf.h> + #include <linux/mount.h> ++#include <linux/tty.h> + + #include <linux/uaccess.h> + #include <asm/processor.h> +@@ -98,12 +99,19 @@ + #if defined(CONFIG_SYSCTL) + + /* External variables not in a header file. */ ++#if IS_ENABLED(CONFIG_USB) ++int deny_new_usb __read_mostly = 0; ++EXPORT_SYMBOL(deny_new_usb); ++#endif + extern int suid_dumpable; + #ifdef CONFIG_COREDUMP + extern int core_uses_pid; + extern char core_pattern[]; + extern unsigned int core_pipe_limit; + #endif ++#ifdef CONFIG_USER_NS ++extern int unprivileged_userns_clone; ++#endif + extern int pid_max; + extern int pid_max_min, pid_max_max; + extern int percpu_pagelist_fraction; +@@ -115,40 +123,43 @@ extern int sysctl_nr_trim_pages; + + /* Constants used for minimum and maximum */ + #ifdef CONFIG_LOCKUP_DETECTOR +-static int sixty = 60; ++static int sixty __read_only = 60; + #endif + +-static int __maybe_unused neg_one = -1; ++static int __maybe_unused neg_one __read_only = -1; + + static int zero; +-static int __maybe_unused one = 1; +-static int __maybe_unused two = 2; +-static int __maybe_unused four = 4; +-static unsigned long one_ul = 1; +-static int one_hundred = 100; +-static int one_thousand = 1000; ++static int __maybe_unused one __read_only = 1; ++static int __maybe_unused two __read_only = 2; ++static int __maybe_unused four __read_only = 4; ++static unsigned long one_ul __read_only = 1; ++static int one_hundred __read_only = 100; ++static int one_thousand __read_only = 1000; + #ifdef CONFIG_PRINTK +-static int ten_thousand = 10000; ++static int ten_thousand __read_only = 10000; + #endif + #ifdef CONFIG_PERF_EVENTS +-static int six_hundred_forty_kb = 640 * 1024; ++static int six_hundred_forty_kb __read_only = 640 * 1024; + #endif + + /* this is needed for the proc_doulongvec_minmax of vm_dirty_bytes */ +-static unsigned long dirty_bytes_min = 2 * PAGE_SIZE; ++static unsigned long dirty_bytes_min __read_only = 2 * PAGE_SIZE; + + /* this is needed for the proc_dointvec_minmax for [fs_]overflow UID and GID */ +-static int maxolduid = 65535; +-static int minolduid; ++static int maxolduid __read_only = 65535; ++static int minolduid __read_only; + +-static int ngroups_max = NGROUPS_MAX; ++static int ngroups_max __read_only = NGROUPS_MAX; + static const int cap_last_cap = CAP_LAST_CAP; + + /*this is needed for proc_doulongvec_minmax of sysctl_hung_task_timeout_secs */ + #ifdef CONFIG_DETECT_HUNG_TASK +-static unsigned long hung_task_timeout_max = (LONG_MAX/HZ); ++static unsigned long hung_task_timeout_max __read_only = (LONG_MAX/HZ); + #endif + ++int device_sidechannel_restrict __read_mostly = 1; ++EXPORT_SYMBOL(device_sidechannel_restrict); ++ + #ifdef CONFIG_INOTIFY_USER + #include <linux/inotify.h> + #endif +@@ -286,19 +297,19 @@ static struct ctl_table sysctl_base_table[] = { + }; + + #ifdef CONFIG_SCHED_DEBUG +-static int min_sched_granularity_ns = 100000; /* 100 usecs */ +-static int max_sched_granularity_ns = NSEC_PER_SEC; /* 1 second */ +-static int min_wakeup_granularity_ns; /* 0 usecs */ +-static int max_wakeup_granularity_ns = NSEC_PER_SEC; /* 1 second */ ++static int min_sched_granularity_ns __read_only = 100000; /* 100 usecs */ ++static int max_sched_granularity_ns __read_only = NSEC_PER_SEC; /* 1 second */ ++static int min_wakeup_granularity_ns __read_only; /* 0 usecs */ ++static int max_wakeup_granularity_ns __read_only = NSEC_PER_SEC; /* 1 second */ + #ifdef CONFIG_SMP +-static int min_sched_tunable_scaling = SCHED_TUNABLESCALING_NONE; +-static int max_sched_tunable_scaling = SCHED_TUNABLESCALING_END-1; ++static int min_sched_tunable_scaling __read_only = SCHED_TUNABLESCALING_NONE; ++static int max_sched_tunable_scaling __read_only = SCHED_TUNABLESCALING_END-1; + #endif /* CONFIG_SMP */ + #endif /* CONFIG_SCHED_DEBUG */ + + #ifdef CONFIG_COMPACTION +-static int min_extfrag_threshold; +-static int max_extfrag_threshold = 1000; ++static int min_extfrag_threshold __read_only; ++static int max_extfrag_threshold __read_only = 1000; + #endif + + static struct ctl_table kern_table[] = { +@@ -512,6 +523,15 @@ static struct ctl_table kern_table[] = { + .proc_handler = proc_dointvec, + }, + #endif ++#ifdef CONFIG_USER_NS ++ { ++ .procname = "unprivileged_userns_clone", ++ .data = &unprivileged_userns_clone, ++ .maxlen = sizeof(int), ++ .mode = 0644, ++ .proc_handler = proc_dointvec, ++ }, ++#endif + #ifdef CONFIG_PROC_SYSCTL + { + .procname = "tainted", +@@ -853,6 +873,37 @@ static struct ctl_table kern_table[] = { + .extra1 = &zero, + .extra2 = &two, + }, ++#endif ++#if defined CONFIG_TTY ++ { ++ .procname = "tiocsti_restrict", ++ .data = &tiocsti_restrict, ++ .maxlen = sizeof(int), ++ .mode = 0644, ++ .proc_handler = proc_dointvec_minmax_sysadmin, ++ .extra1 = &zero, ++ .extra2 = &one, ++ }, ++#endif ++ { ++ .procname = "device_sidechannel_restrict", ++ .data = &device_sidechannel_restrict, ++ .maxlen = sizeof(int), ++ .mode = 0644, ++ .proc_handler = proc_dointvec_minmax_sysadmin, ++ .extra1 = &zero, ++ .extra2 = &one, ++ }, ++#if IS_ENABLED(CONFIG_USB) ++ { ++ .procname = "deny_new_usb", ++ .data = &deny_new_usb, ++ .maxlen = sizeof(int), ++ .mode = 0644, ++ .proc_handler = proc_dointvec_minmax_sysadmin, ++ .extra1 = &zero, ++ .extra2 = &one, ++ }, + #endif + { + .procname = "ngroups_max", +diff --git a/kernel/time/timer.c b/kernel/time/timer.c +index 9fe525f410bf..6a85b0e1292e 100644 +--- a/kernel/time/timer.c ++++ b/kernel/time/timer.c +@@ -1624,7 +1624,7 @@ static inline void __run_timers(struct timer_base *base) + /* + * This function runs timers and the timer-tq in bottom half context. + */ +-static __latent_entropy void run_timer_softirq(struct softirq_action *h) ++static __latent_entropy void run_timer_softirq(void) + { + struct timer_base *base = this_cpu_ptr(&timer_bases[BASE_STD]); + +diff --git a/kernel/user_namespace.c b/kernel/user_namespace.c +index c490f1e4313b..dd03bd39d7bf 100644 +--- a/kernel/user_namespace.c ++++ b/kernel/user_namespace.c +@@ -24,6 +24,9 @@ + #include <linux/projid.h> + #include <linux/fs_struct.h> + ++/* sysctl */ ++int unprivileged_userns_clone; ++ + static struct kmem_cache *user_ns_cachep __read_mostly; + static DEFINE_MUTEX(userns_state_mutex); + +diff --git a/lib/Kconfig.debug b/lib/Kconfig.debug +index 62d0e25c054c..3953072277eb 100644 +--- a/lib/Kconfig.debug ++++ b/lib/Kconfig.debug +@@ -937,6 +937,7 @@ endmenu # "Debug lockups and hangs" + + config PANIC_ON_OOPS + bool "Panic on Oops" ++ default y + help + Say Y here to enable the kernel to panic when it oopses. This + has the same effect as setting oops=panic on the kernel command +@@ -946,7 +947,7 @@ config PANIC_ON_OOPS + anything erroneous after an oops which could result in data + corruption or other issues. + +- Say N if unsure. ++ Say Y if unsure. + + config PANIC_ON_OOPS_VALUE + int +@@ -1319,6 +1320,7 @@ config DEBUG_BUGVERBOSE + config DEBUG_LIST + bool "Debug linked list manipulation" + depends on DEBUG_KERNEL || BUG_ON_DATA_CORRUPTION ++ default y + help + Enable this to turn on extended checks in the linked-list + walking routines. +@@ -1932,6 +1934,7 @@ config MEMTEST + config BUG_ON_DATA_CORRUPTION + bool "Trigger a BUG when data corruption is detected" + select DEBUG_LIST ++ default y + help + Select this option if the kernel should BUG when it encounters + data corruption in kernel memory structures when they get checked +@@ -1952,7 +1955,7 @@ config STRICT_DEVMEM + bool "Filter access to /dev/mem" + depends on MMU && DEVMEM + depends on ARCH_HAS_DEVMEM_IS_ALLOWED +- default y if TILE || PPC ++ default y + ---help--- + If this option is disabled, you allow userspace (root) access to all + of memory, including kernel and userspace memory. Accidental +@@ -1971,6 +1974,7 @@ config STRICT_DEVMEM + config IO_STRICT_DEVMEM + bool "Filter I/O access to /dev/mem" + depends on STRICT_DEVMEM ++ default y + ---help--- + If this option is disabled, you allow userspace (root) access to all + io-memory regardless of whether a driver is actively using that +diff --git a/lib/irq_poll.c b/lib/irq_poll.c +index 86a709954f5a..6f15787fcb1b 100644 +--- a/lib/irq_poll.c ++++ b/lib/irq_poll.c +@@ -75,7 +75,7 @@ void irq_poll_complete(struct irq_poll *iop) + } + EXPORT_SYMBOL(irq_poll_complete); + +-static void __latent_entropy irq_poll_softirq(struct softirq_action *h) ++static void __latent_entropy irq_poll_softirq(void) + { + struct list_head *list = this_cpu_ptr(&blk_cpu_iopoll); + int rearm = 0, budget = irq_poll_budget; +diff --git a/lib/kobject.c b/lib/kobject.c +index 34f847252c02..4fda329de614 100644 +--- a/lib/kobject.c ++++ b/lib/kobject.c +@@ -956,9 +956,9 @@ EXPORT_SYMBOL_GPL(kset_create_and_add); + + + static DEFINE_SPINLOCK(kobj_ns_type_lock); +-static const struct kobj_ns_type_operations *kobj_ns_ops_tbl[KOBJ_NS_TYPES]; ++static const struct kobj_ns_type_operations *kobj_ns_ops_tbl[KOBJ_NS_TYPES] __ro_after_init; + +-int kobj_ns_type_register(const struct kobj_ns_type_operations *ops) ++int __init kobj_ns_type_register(const struct kobj_ns_type_operations *ops) + { + enum kobj_ns_type type = ops->type; + int error; +diff --git a/lib/nlattr.c b/lib/nlattr.c +index 3d8295c85505..3fa3b3409d69 100644 +--- a/lib/nlattr.c ++++ b/lib/nlattr.c +@@ -341,6 +341,8 @@ int nla_memcpy(void *dest, const struct nlattr *src, int count) + { + int minlen = min_t(int, count, nla_len(src)); + ++ BUG_ON(minlen < 0); ++ + memcpy(dest, nla_data(src), minlen); + if (count > minlen) + memset(dest + minlen, 0, count - minlen); +diff --git a/lib/vsprintf.c b/lib/vsprintf.c +index 86c3385b9eb3..c482070e379b 100644 +--- a/lib/vsprintf.c ++++ b/lib/vsprintf.c +@@ -1591,7 +1591,7 @@ char *device_node_string(char *buf, char *end, struct device_node *dn, + return widen_string(buf, buf - buf_start, end, spec); + } + +-int kptr_restrict __read_mostly; ++int kptr_restrict __read_mostly = 2; + + /* + * Show a '%p' thing. A kernel extension is that the '%p' is followed +diff --git a/mm/Kconfig b/mm/Kconfig +index 59efbd3337e0..c070e14ec83d 100644 +--- a/mm/Kconfig ++++ b/mm/Kconfig +@@ -319,7 +319,8 @@ config KSM + config DEFAULT_MMAP_MIN_ADDR + int "Low address space to protect from user allocation" + depends on MMU +- default 4096 ++ default 32768 if ARM || (ARM64 && COMPAT) ++ default 65536 + help + This is the portion of low virtual memory which should be protected + from userspace allocation. Keeping a user from writing to low pages +diff --git a/mm/mmap.c b/mm/mmap.c +index 11f96fad5271..632e7f9a710e 100644 +--- a/mm/mmap.c ++++ b/mm/mmap.c +@@ -220,6 +220,13 @@ SYSCALL_DEFINE1(brk, unsigned long, brk) + + newbrk = PAGE_ALIGN(brk); + oldbrk = PAGE_ALIGN(mm->brk); ++ /* properly handle unaligned min_brk as an empty heap */ ++ if (min_brk & ~PAGE_MASK) { ++ if (brk == min_brk) ++ newbrk -= PAGE_SIZE; ++ if (mm->brk == min_brk) ++ oldbrk -= PAGE_SIZE; ++ } + if (oldbrk == newbrk) + goto set_brk; + +diff --git a/mm/page_alloc.c b/mm/page_alloc.c +index 1d7693c35424..8963a3b4d37c 100644 +--- a/mm/page_alloc.c ++++ b/mm/page_alloc.c +@@ -67,6 +67,7 @@ + #include <linux/ftrace.h> + #include <linux/lockdep.h> + #include <linux/nmi.h> ++#include <linux/random.h> + + #include <asm/sections.h> + #include <asm/tlbflush.h> +@@ -98,6 +99,15 @@ int _node_numa_mem_[MAX_NUMNODES]; + DEFINE_MUTEX(pcpu_drain_mutex); + DEFINE_PER_CPU(struct work_struct, pcpu_drain); + ++bool __meminitdata extra_latent_entropy; ++ ++static int __init setup_extra_latent_entropy(char *str) ++{ ++ extra_latent_entropy = true; ++ return 0; ++} ++early_param("extra_latent_entropy", setup_extra_latent_entropy); ++ + #ifdef CONFIG_GCC_PLUGIN_LATENT_ENTROPY + volatile unsigned long latent_entropy __latent_entropy; + EXPORT_SYMBOL(latent_entropy); +@@ -1063,6 +1073,13 @@ static __always_inline bool free_pages_prepare(struct page *page, + debug_check_no_obj_freed(page_address(page), + PAGE_SIZE << order); + } ++ ++ if (IS_ENABLED(CONFIG_PAGE_SANITIZE)) { ++ int i; ++ for (i = 0; i < (1 << order); i++) ++ clear_highpage(page + i); ++ } ++ + arch_free_page(page, order); + kernel_poison_pages(page, 1 << order, 0); + kernel_map_pages(page, 1 << order, 0); +@@ -1278,6 +1295,21 @@ static void __init __free_pages_boot_core(struct page *page, unsigned int order) + __ClearPageReserved(p); + set_page_count(p, 0); + ++ if (extra_latent_entropy && !PageHighMem(page) && page_to_pfn(page) < 0x100000) { ++ unsigned long hash = 0; ++ size_t index, end = PAGE_SIZE * nr_pages / sizeof hash; ++ const unsigned long *data = lowmem_page_address(page); ++ ++ for (index = 0; index < end; index++) ++ hash ^= hash + data[index]; ++#ifdef CONFIG_GCC_PLUGIN_LATENT_ENTROPY ++ latent_entropy ^= hash; ++ add_device_randomness((const void *)&latent_entropy, sizeof(latent_entropy)); ++#else ++ add_device_randomness((const void *)&hash, sizeof(hash)); ++#endif ++ } ++ + page_zone(page)->managed_pages += nr_pages; + set_page_refcounted(page); + __free_pages(page, order); +@@ -1718,8 +1750,8 @@ static inline int check_new_page(struct page *page) + + static inline bool free_pages_prezeroed(void) + { +- return IS_ENABLED(CONFIG_PAGE_POISONING_ZERO) && +- page_poisoning_enabled(); ++ return IS_ENABLED(CONFIG_PAGE_SANITIZE) || ++ (IS_ENABLED(CONFIG_PAGE_POISONING_ZERO) && page_poisoning_enabled()); + } + + #ifdef CONFIG_DEBUG_VM +@@ -1776,6 +1808,11 @@ static void prep_new_page(struct page *page, unsigned int order, gfp_t gfp_flags + + post_alloc_hook(page, order, gfp_flags); + ++ if (IS_ENABLED(CONFIG_PAGE_SANITIZE_VERIFY)) { ++ for (i = 0; i < (1 << order); i++) ++ verify_zero_highpage(page + i); ++ } ++ + if (!free_pages_prezeroed() && (gfp_flags & __GFP_ZERO)) + for (i = 0; i < (1 << order); i++) + clear_highpage(page + i); +diff --git a/mm/slab.h b/mm/slab.h +index 485d9fbb8802..436461588804 100644 +--- a/mm/slab.h ++++ b/mm/slab.h +@@ -311,7 +311,11 @@ static inline bool is_root_cache(struct kmem_cache *s) + static inline bool slab_equal_or_root(struct kmem_cache *s, + struct kmem_cache *p) + { ++#ifdef CONFIG_SLAB_HARDENED ++ return p == s; ++#else + return true; ++#endif + } + + static inline const char *cache_name(struct kmem_cache *s) +@@ -363,18 +367,26 @@ static inline struct kmem_cache *cache_from_obj(struct kmem_cache *s, void *x) + * to not do even the assignment. In that case, slab_equal_or_root + * will also be a constant. + */ +- if (!memcg_kmem_enabled() && ++ if (!IS_ENABLED(CONFIG_SLAB_HARDENED) && ++ !memcg_kmem_enabled() && + !unlikely(s->flags & SLAB_CONSISTENCY_CHECKS)) + return s; + + page = virt_to_head_page(x); ++#ifdef CONFIG_SLAB_HARDENED ++ BUG_ON(!PageSlab(page)); ++#endif + cachep = page->slab_cache; + if (slab_equal_or_root(cachep, s)) + return cachep; + + pr_err("%s: Wrong slab cache. %s but object is from %s\n", + __func__, s->name, cachep->name); ++#ifdef CONFIG_BUG_ON_DATA_CORRUPTION ++ BUG_ON(1); ++#else + WARN_ON_ONCE(1); ++#endif + return s; + } + +@@ -399,7 +411,7 @@ static inline size_t slab_ksize(const struct kmem_cache *s) + * back there or track user information then we can + * only use the space before that information. + */ +- if (s->flags & (SLAB_TYPESAFE_BY_RCU | SLAB_STORE_USER)) ++ if ((s->flags & (SLAB_TYPESAFE_BY_RCU | SLAB_STORE_USER)) || IS_ENABLED(CONFIG_SLAB_CANARY)) + return s->inuse; + /* + * Else we can use all the padding etc for the allocation +diff --git a/mm/slab_common.c b/mm/slab_common.c +index 65212caa1f2a..d8bf8a75f445 100644 +--- a/mm/slab_common.c ++++ b/mm/slab_common.c +@@ -26,10 +26,10 @@ + + #include "slab.h" + +-enum slab_state slab_state; ++enum slab_state slab_state __ro_after_init; + LIST_HEAD(slab_caches); + DEFINE_MUTEX(slab_mutex); +-struct kmem_cache *kmem_cache; ++struct kmem_cache *kmem_cache __ro_after_init; + + static LIST_HEAD(slab_caches_to_rcu_destroy); + static void slab_caches_to_rcu_destroy_workfn(struct work_struct *work); +@@ -49,7 +49,7 @@ static DECLARE_WORK(slab_caches_to_rcu_destroy_work, + /* + * Merge control. If this is set then no merging of slab caches will occur. + */ +-static bool slab_nomerge = !IS_ENABLED(CONFIG_SLAB_MERGE_DEFAULT); ++static bool slab_nomerge __ro_after_init = !IS_ENABLED(CONFIG_SLAB_MERGE_DEFAULT); + + static int __init setup_slab_nomerge(char *str) + { +@@ -927,7 +927,7 @@ EXPORT_SYMBOL(kmalloc_dma_caches); + * of two cache sizes there. The size of larger slabs can be determined using + * fls. + */ +-static s8 size_index[24] = { ++static s8 size_index[24] __ro_after_init = { + 3, /* 8 */ + 4, /* 16 */ + 5, /* 24 */ +diff --git a/mm/slub.c b/mm/slub.c +index 41c01690d116..591dd60d37f3 100644 +--- a/mm/slub.c ++++ b/mm/slub.c +@@ -125,6 +125,16 @@ static inline int kmem_cache_debug(struct kmem_cache *s) + #endif + } + ++static inline bool has_sanitize(struct kmem_cache *s) ++{ ++ return IS_ENABLED(CONFIG_SLAB_SANITIZE) && !(s->flags & (SLAB_TYPESAFE_BY_RCU | SLAB_POISON)); ++} ++ ++static inline bool has_sanitize_verify(struct kmem_cache *s) ++{ ++ return IS_ENABLED(CONFIG_SLAB_SANITIZE_VERIFY) && has_sanitize(s); ++} ++ + void *fixup_red_left(struct kmem_cache *s, void *p) + { + if (kmem_cache_debug(s) && s->flags & SLAB_RED_ZONE) +@@ -297,6 +307,35 @@ static inline void set_freepointer(struct kmem_cache *s, void *object, void *fp) + *(void **)freeptr_addr = freelist_ptr(s, fp, freeptr_addr); + } + ++#ifdef CONFIG_SLAB_CANARY ++static inline unsigned long *get_canary(struct kmem_cache *s, void *object) ++{ ++ if (s->offset) ++ return object + s->offset + sizeof(void *); ++ return object + s->inuse; ++} ++ ++static inline unsigned long get_canary_value(const void *canary, unsigned long value) ++{ ++ return (value ^ (unsigned long)canary) & CANARY_MASK; ++} ++ ++static inline void set_canary(struct kmem_cache *s, void *object, unsigned long value) ++{ ++ unsigned long *canary = get_canary(s, object); ++ *canary = get_canary_value(canary, value); ++} ++ ++static inline void check_canary(struct kmem_cache *s, void *object, unsigned long value) ++{ ++ unsigned long *canary = get_canary(s, object); ++ BUG_ON(*canary != get_canary_value(canary, value)); ++} ++#else ++#define set_canary(s, object, value) ++#define check_canary(s, object, value) ++#endif ++ + /* Loop over all objects in a slab */ + #define for_each_object(__p, __s, __addr, __objects) \ + for (__p = fixup_red_left(__s, __addr); \ +@@ -484,13 +523,13 @@ static inline void *restore_red_left(struct kmem_cache *s, void *p) + * Debug settings: + */ + #if defined(CONFIG_SLUB_DEBUG_ON) +-static int slub_debug = DEBUG_DEFAULT_FLAGS; ++static int slub_debug __ro_after_init = DEBUG_DEFAULT_FLAGS; + #else +-static int slub_debug; ++static int slub_debug __ro_after_init; + #endif + +-static char *slub_debug_slabs; +-static int disable_higher_order_debug; ++static char *slub_debug_slabs __ro_after_init; ++static int disable_higher_order_debug __ro_after_init; + + /* + * slub is about to manipulate internal object metadata. This memory lies +@@ -550,6 +589,9 @@ static struct track *get_track(struct kmem_cache *s, void *object, + else + p = object + s->inuse; + ++ if (IS_ENABLED(CONFIG_SLAB_CANARY)) ++ p = (void *)p + sizeof(void *); ++ + return p + alloc; + } + +@@ -688,6 +730,9 @@ static void print_trailer(struct kmem_cache *s, struct page *page, u8 *p) + else + off = s->inuse; + ++ if (IS_ENABLED(CONFIG_SLAB_CANARY)) ++ off += sizeof(void *); ++ + if (s->flags & SLAB_STORE_USER) + off += 2 * sizeof(struct track); + +@@ -817,6 +862,9 @@ static int check_pad_bytes(struct kmem_cache *s, struct page *page, u8 *p) + /* Freepointer is placed after the object. */ + off += sizeof(void *); + ++ if (IS_ENABLED(CONFIG_SLAB_CANARY)) ++ off += sizeof(void *); ++ + if (s->flags & SLAB_STORE_USER) + /* We also have user information there */ + off += 2 * sizeof(struct track); +@@ -1416,8 +1464,9 @@ static void setup_object(struct kmem_cache *s, struct page *page, + void *object) + { + setup_object_debug(s, page, object); ++ set_canary(s, object, s->random_inactive); + kasan_init_slab_obj(s, object); +- if (unlikely(s->ctor)) { ++ if (unlikely(s->ctor) && !has_sanitize_verify(s)) { + kasan_unpoison_object_data(s, object); + s->ctor(object); + kasan_poison_object_data(s, object); +@@ -2717,9 +2766,21 @@ static __always_inline void *slab_alloc_node(struct kmem_cache *s, + stat(s, ALLOC_FASTPATH); + } + +- if (unlikely(gfpflags & __GFP_ZERO) && object) ++ if (has_sanitize_verify(s) && object) { ++ size_t offset = s->offset ? 0 : sizeof(void *); ++ BUG_ON(memchr_inv(object + offset, 0, s->object_size - offset)); ++ if (s->ctor) ++ s->ctor(object); ++ if (unlikely(gfpflags & __GFP_ZERO) && offset) ++ memset(object, 0, sizeof(void *)); ++ } else if (unlikely(gfpflags & __GFP_ZERO) && object) + memset(object, 0, s->object_size); + ++ if (object) { ++ check_canary(s, object, s->random_inactive); ++ set_canary(s, object, s->random_active); ++ } ++ + slab_post_alloc_hook(s, gfpflags, 1, &object); + + return object; +@@ -2926,6 +2987,27 @@ static __always_inline void do_slab_free(struct kmem_cache *s, + void *tail_obj = tail ? : head; + struct kmem_cache_cpu *c; + unsigned long tid; ++ bool sanitize = has_sanitize(s); ++ ++ if (IS_ENABLED(CONFIG_SLAB_CANARY) || sanitize) { ++ __maybe_unused int offset = s->offset ? 0 : sizeof(void *); ++ void *x = head; ++ ++ while (1) { ++ check_canary(s, x, s->random_active); ++ set_canary(s, x, s->random_inactive); ++ ++ if (sanitize) { ++ memset(x + offset, 0, s->object_size - offset); ++ if (!IS_ENABLED(CONFIG_SLAB_SANITIZE_VERIFY) && s->ctor) ++ s->ctor(x); ++ } ++ if (x == tail_obj) ++ break; ++ x = get_freepointer(s, x); ++ } ++ } ++ + redo: + /* + * Determine the currently cpus per cpu slab. +@@ -3104,7 +3186,7 @@ int kmem_cache_alloc_bulk(struct kmem_cache *s, gfp_t flags, size_t size, + void **p) + { + struct kmem_cache_cpu *c; +- int i; ++ int i, k; + + /* memcg and kmem_cache debug support */ + s = slab_pre_alloc_hook(s, flags); +@@ -3141,13 +3223,29 @@ int kmem_cache_alloc_bulk(struct kmem_cache *s, gfp_t flags, size_t size, + local_irq_enable(); + + /* Clear memory outside IRQ disabled fastpath loop */ +- if (unlikely(flags & __GFP_ZERO)) { ++ if (has_sanitize_verify(s)) { ++ int j; ++ ++ for (j = 0; j < i; j++) { ++ size_t offset = s->offset ? 0 : sizeof(void *); ++ BUG_ON(memchr_inv(p[j] + offset, 0, s->object_size - offset)); ++ if (s->ctor) ++ s->ctor(p[j]); ++ if (unlikely(flags & __GFP_ZERO) && offset) ++ memset(p[j], 0, sizeof(void *)); ++ } ++ } else if (unlikely(flags & __GFP_ZERO)) { + int j; + + for (j = 0; j < i; j++) + memset(p[j], 0, s->object_size); + } + ++ for (k = 0; k < i; k++) { ++ check_canary(s, p[k], s->random_inactive); ++ set_canary(s, p[k], s->random_active); ++ } ++ + /* memcg and kmem_cache debug support */ + slab_post_alloc_hook(s, flags, size, p); + return i; +@@ -3179,9 +3277,9 @@ EXPORT_SYMBOL(kmem_cache_alloc_bulk); + * and increases the number of allocations possible without having to + * take the list_lock. + */ +-static int slub_min_order; +-static int slub_max_order = PAGE_ALLOC_COSTLY_ORDER; +-static int slub_min_objects; ++static int slub_min_order __ro_after_init; ++static int slub_max_order __ro_after_init = PAGE_ALLOC_COSTLY_ORDER; ++static int slub_min_objects __ro_after_init; + + /* + * Calculate the order of allocation given an slab object size. +@@ -3351,6 +3449,7 @@ static void early_kmem_cache_node_alloc(int node) + init_object(kmem_cache_node, n, SLUB_RED_ACTIVE); + init_tracking(kmem_cache_node, n); + #endif ++ set_canary(kmem_cache_node, n, kmem_cache_node->random_active); + kasan_kmalloc(kmem_cache_node, n, sizeof(struct kmem_cache_node), + GFP_KERNEL); + init_kmem_cache_node(n); +@@ -3507,6 +3606,9 @@ static int calculate_sizes(struct kmem_cache *s, int forced_order) + size += sizeof(void *); + } + ++ if (IS_ENABLED(CONFIG_SLAB_CANARY)) ++ size += sizeof(void *); ++ + #ifdef CONFIG_SLUB_DEBUG + if (flags & SLAB_STORE_USER) + /* +@@ -3577,6 +3679,10 @@ static int kmem_cache_open(struct kmem_cache *s, unsigned long flags) + #ifdef CONFIG_SLAB_FREELIST_HARDENED + s->random = get_random_long(); + #endif ++#ifdef CONFIG_SLAB_CANARY ++ s->random_active = get_random_long(); ++ s->random_inactive = get_random_long(); ++#endif + + if (need_reserve_slab_rcu && (s->flags & SLAB_TYPESAFE_BY_RCU)) + s->reserved = sizeof(struct rcu_head); +@@ -3841,6 +3947,8 @@ const char *__check_heap_object(const void *ptr, unsigned long n, + offset -= s->red_left_pad; + } + ++ check_canary(s, (void *)ptr - offset, s->random_active); ++ + /* Allow address range falling entirely within object size. */ + if (offset <= object_size && n <= object_size - offset) + return NULL; +@@ -3859,7 +3967,11 @@ static size_t __ksize(const void *object) + page = virt_to_head_page(object); + + if (unlikely(!PageSlab(page))) { ++#ifdef CONFIG_BUG_ON_DATA_CORRUPTION ++ BUG_ON(!PageCompound(page)); ++#else + WARN_ON(!PageCompound(page)); ++#endif + return PAGE_SIZE << compound_order(page); + } + +@@ -4724,7 +4836,7 @@ enum slab_stat_type { + #define SO_TOTAL (1 << SL_TOTAL) + + #ifdef CONFIG_MEMCG +-static bool memcg_sysfs_enabled = IS_ENABLED(CONFIG_SLUB_MEMCG_SYSFS_ON); ++static bool memcg_sysfs_enabled __ro_after_init = IS_ENABLED(CONFIG_SLUB_MEMCG_SYSFS_ON); + + static int __init setup_slub_memcg_sysfs(char *str) + { +diff --git a/mm/swap.c b/mm/swap.c +index a77d68f2c1b6..d1f1d75f4d1f 100644 +--- a/mm/swap.c ++++ b/mm/swap.c +@@ -92,6 +92,13 @@ static void __put_compound_page(struct page *page) + if (!PageHuge(page)) + __page_cache_release(page); + dtor = get_compound_page_dtor(page); ++ if (!PageHuge(page)) ++ BUG_ON(dtor != free_compound_page ++#ifdef CONFIG_TRANSPARENT_HUGEPAGE ++ && dtor != free_transhuge_page ++#endif ++ ); ++ + (*dtor)(page); + } + +diff --git a/net/core/dev.c b/net/core/dev.c +index 6ca771f2f25b..6da2c9c3e6a5 100644 +--- a/net/core/dev.c ++++ b/net/core/dev.c +@@ -4095,7 +4095,7 @@ int netif_rx_ni(struct sk_buff *skb) + } + EXPORT_SYMBOL(netif_rx_ni); + +-static __latent_entropy void net_tx_action(struct softirq_action *h) ++static __latent_entropy void net_tx_action(void) + { + struct softnet_data *sd = this_cpu_ptr(&softnet_data); + +@@ -5609,7 +5609,7 @@ static int napi_poll(struct napi_struct *n, struct list_head *repoll) + return work; + } + +-static __latent_entropy void net_rx_action(struct softirq_action *h) ++static __latent_entropy void net_rx_action(void) + { + struct softnet_data *sd = this_cpu_ptr(&softnet_data); + unsigned long time_limit = jiffies + +diff --git a/net/ipv4/Kconfig b/net/ipv4/Kconfig +index f48fe6fc7e8c..d78c52835c08 100644 +--- a/net/ipv4/Kconfig ++++ b/net/ipv4/Kconfig +@@ -261,6 +261,7 @@ config IP_PIMSM_V2 + + config SYN_COOKIES + bool "IP: TCP syncookie support" ++ default y + ---help--- + Normal TCP/IP networking is open to an attack known as "SYN + flooding". This denial-of-service attack prevents legitimate remote +diff --git a/scripts/mod/modpost.c b/scripts/mod/modpost.c +index 54deaa1066cf..211f97bd5ee3 100644 +--- a/scripts/mod/modpost.c ++++ b/scripts/mod/modpost.c +@@ -37,6 +37,7 @@ static int vmlinux_section_warnings = 1; + static int warn_unresolved = 0; + /* How a symbol is exported */ + static int sec_mismatch_count = 0; ++static int writable_fptr_count = 0; + static int sec_mismatch_verbose = 1; + static int sec_mismatch_fatal = 0; + /* ignore missing files */ +@@ -965,6 +966,7 @@ enum mismatch { + ANY_EXIT_TO_ANY_INIT, + EXPORT_TO_INIT_EXIT, + EXTABLE_TO_NON_TEXT, ++ DATA_TO_TEXT + }; + + /** +@@ -1091,6 +1093,12 @@ static const struct sectioncheck sectioncheck[] = { + .good_tosec = {ALL_TEXT_SECTIONS , NULL}, + .mismatch = EXTABLE_TO_NON_TEXT, + .handler = extable_mismatch_handler, ++}, ++/* Do not reference code from writable data */ ++{ ++ .fromsec = { DATA_SECTIONS, NULL }, ++ .bad_tosec = { ALL_TEXT_SECTIONS, NULL }, ++ .mismatch = DATA_TO_TEXT + } + }; + +@@ -1240,10 +1248,10 @@ static Elf_Sym *find_elf_symbol(struct elf_info *elf, Elf64_Sword addr, + continue; + if (ELF_ST_TYPE(sym->st_info) == STT_SECTION) + continue; +- if (sym->st_value == addr) +- return sym; + /* Find a symbol nearby - addr are maybe negative */ + d = sym->st_value - addr; ++ if (d == 0) ++ return sym; + if (d < 0) + d = addr - sym->st_value; + if (d < distance) { +@@ -1402,7 +1410,11 @@ static void report_sec_mismatch(const char *modname, + char *prl_from; + char *prl_to; + +- sec_mismatch_count++; ++ if (mismatch->mismatch == DATA_TO_TEXT) ++ writable_fptr_count++; ++ else ++ sec_mismatch_count++; ++ + if (!sec_mismatch_verbose) + return; + +@@ -1526,6 +1538,14 @@ static void report_sec_mismatch(const char *modname, + fatal("There's a special handler for this mismatch type, " + "we should never get here."); + break; ++ case DATA_TO_TEXT: ++#if 0 ++ fprintf(stderr, ++ "The %s %s:%s references\n" ++ "the %s %s:%s%s\n", ++ from, fromsec, fromsym, to, tosec, tosym, to_p); ++#endif ++ break; + } + fprintf(stderr, "\n"); + } +@@ -2539,6 +2559,14 @@ int main(int argc, char **argv) + } + } + free(buf.p); ++ if (writable_fptr_count) { ++ if (!sec_mismatch_verbose) { ++ warn("modpost: Found %d writable function pointer(s).\n" ++ "To see full details build your kernel with:\n" ++ "'make CONFIG_DEBUG_SECTION_MISMATCH=y'\n", ++ writable_fptr_count); ++ } ++ } + + return err; + } +diff --git a/security/Kconfig b/security/Kconfig +index 87f2a6f842fd..7bdbb7edf5bf 100644 +--- a/security/Kconfig ++++ b/security/Kconfig +@@ -8,7 +8,7 @@ source security/keys/Kconfig + + config SECURITY_DMESG_RESTRICT + bool "Restrict unprivileged access to the kernel syslog" +- default n ++ default y + help + This enforces restrictions on unprivileged users reading the kernel + syslog via dmesg(8). +@@ -18,10 +18,34 @@ config SECURITY_DMESG_RESTRICT + + If you are unsure how to answer this question, answer N. + ++config SECURITY_PERF_EVENTS_RESTRICT ++ bool "Restrict unprivileged use of performance events" ++ depends on PERF_EVENTS ++ default y ++ help ++ If you say Y here, the kernel.perf_event_paranoid sysctl ++ will be set to 3 by default, and no unprivileged use of the ++ perf_event_open syscall will be permitted unless it is ++ changed. ++ ++config SECURITY_TIOCSTI_RESTRICT ++ bool "Restrict unprivileged use of tiocsti command injection" ++ default y ++ help ++ This enforces restrictions on unprivileged users injecting commands ++ into other processes which share a tty session using the TIOCSTI ++ ioctl. This option makes TIOCSTI use require CAP_SYS_ADMIN. ++ ++ If this option is not selected, no restrictions will be enforced ++ unless the tiocsti_restrict sysctl is explicitly set to (1). ++ ++ If you are unsure how to answer this question, answer N. ++ + config SECURITY + bool "Enable different security models" + depends on SYSFS + depends on MULTIUSER ++ default y + help + This allows you to choose different security modules to be + configured into your kernel. +@@ -48,6 +72,7 @@ config SECURITYFS + config SECURITY_NETWORK + bool "Socket and Networking Security Hooks" + depends on SECURITY ++ default y + help + This enables the socket and networking security hooks. + If enabled, a security module can use these hooks to +@@ -155,6 +180,7 @@ config HARDENED_USERCOPY + depends on HAVE_HARDENED_USERCOPY_ALLOCATOR + select BUG + imply STRICT_DEVMEM ++ default y + help + This option checks for obviously wrong memory regions when + copying memory to/from the kernel (via copy_to_user() and +@@ -178,10 +204,36 @@ config HARDENED_USERCOPY_PAGESPAN + config FORTIFY_SOURCE + bool "Harden common str/mem functions against buffer overflows" + depends on ARCH_HAS_FORTIFY_SOURCE ++ default y + help + Detect overflows of buffers in common string and memory functions + where the compiler can determine and validate the buffer sizes. + ++config FORTIFY_SOURCE_STRICT_STRING ++ bool "Harden common functions against buffer overflows" ++ depends on FORTIFY_SOURCE ++ depends on EXPERT ++ help ++ Perform stricter overflow checks catching overflows within objects ++ for common C string functions rather than only between objects. ++ ++ This is not yet intended for production use, only bug finding. ++ ++config PAGE_SANITIZE ++ bool "Sanitize pages" ++ default y ++ help ++ Zero fill page allocations on free, reducing the lifetime of ++ sensitive data and helping to mitigate use-after-free bugs. ++ ++config PAGE_SANITIZE_VERIFY ++ bool "Verify sanitized pages" ++ depends on PAGE_SANITIZE ++ default y ++ help ++ Verify that newly allocated pages are zeroed to detect ++ write-after-free bugs. ++ + config STATIC_USERMODEHELPER + bool "Force all usermode helper calls through a single binary" + help +diff --git a/security/selinux/Kconfig b/security/selinux/Kconfig +index 8af7a690eb40..6539694b0fd3 100644 +--- a/security/selinux/Kconfig ++++ b/security/selinux/Kconfig +@@ -2,7 +2,7 @@ config SECURITY_SELINUX + bool "NSA SELinux Support" + depends on SECURITY_NETWORK && AUDIT && NET && INET + select NETWORK_SECMARK +- default n ++ default y + help + This selects NSA Security-Enhanced Linux (SELinux). + You will also need a policy configuration and a labeled filesystem. +@@ -79,23 +79,3 @@ config SECURITY_SELINUX_AVC_STATS + This option collects access vector cache statistics to + /selinux/avc/cache_stats, which may be monitored via + tools such as avcstat. +- +-config SECURITY_SELINUX_CHECKREQPROT_VALUE +- int "NSA SELinux checkreqprot default value" +- depends on SECURITY_SELINUX +- range 0 1 +- default 0 +- help +- This option sets the default value for the 'checkreqprot' flag +- that determines whether SELinux checks the protection requested +- by the application or the protection that will be applied by the +- kernel (including any implied execute for read-implies-exec) for +- mmap and mprotect calls. If this option is set to 0 (zero), +- SELinux will default to checking the protection that will be applied +- by the kernel. If this option is set to 1 (one), SELinux will +- default to checking the protection requested by the application. +- The checkreqprot flag may be changed from the default via the +- 'checkreqprot=' boot parameter. It may also be changed at runtime +- via /selinux/checkreqprot if authorized by policy. +- +- If you are unsure how to answer this question, answer 0. +diff --git a/security/selinux/include/objsec.h b/security/selinux/include/objsec.h +index 1649cd18eb0b..067f35559aa7 100644 +--- a/security/selinux/include/objsec.h ++++ b/security/selinux/include/objsec.h +@@ -150,6 +150,6 @@ struct pkey_security_struct { + u32 sid; /* SID of pkey */ + }; + +-extern unsigned int selinux_checkreqprot; ++extern const unsigned int selinux_checkreqprot; + + #endif /* _SELINUX_OBJSEC_H_ */ +diff --git a/security/selinux/selinuxfs.c b/security/selinux/selinuxfs.c +index 00eed842c491..8f7b8d7e6f91 100644 +--- a/security/selinux/selinuxfs.c ++++ b/security/selinux/selinuxfs.c +@@ -41,16 +41,7 @@ + #include "objsec.h" + #include "conditional.h" + +-unsigned int selinux_checkreqprot = CONFIG_SECURITY_SELINUX_CHECKREQPROT_VALUE; +- +-static int __init checkreqprot_setup(char *str) +-{ +- unsigned long checkreqprot; +- if (!kstrtoul(str, 0, &checkreqprot)) +- selinux_checkreqprot = checkreqprot ? 1 : 0; +- return 1; +-} +-__setup("checkreqprot=", checkreqprot_setup); ++const unsigned int selinux_checkreqprot; + + static DEFINE_MUTEX(sel_mutex); + +@@ -610,10 +601,9 @@ static ssize_t sel_write_checkreqprot(struct file *file, const char __user *buf, + return PTR_ERR(page); + + length = -EINVAL; +- if (sscanf(page, "%u", &new_value) != 1) ++ if (sscanf(page, "%u", &new_value) != 1 || new_value) + goto out; + +- selinux_checkreqprot = new_value ? 1 : 0; + length = count; + out: + kfree(page); +diff --git a/security/yama/Kconfig b/security/yama/Kconfig +index 96b27405558a..485c1b85c325 100644 +--- a/security/yama/Kconfig ++++ b/security/yama/Kconfig +@@ -1,7 +1,7 @@ + config SECURITY_YAMA + bool "Yama support" + depends on SECURITY +- default n ++ default y + help + This selects Yama, which extends DAC support with additional + system-wide security settings beyond regular Linux discretionary diff --git a/pkgs/os-specific/linux/kernel/linux-4.14.nix b/pkgs/os-specific/linux/kernel/linux-4.14.nix index 786709d53283..79bc8e510933 100644 --- a/pkgs/os-specific/linux/kernel/linux-4.14.nix +++ b/pkgs/os-specific/linux/kernel/linux-4.14.nix @@ -1,15 +1,18 @@ -{ stdenv, buildPackages, hostPlatform, fetchurl, perl, buildLinux, ... } @ args: +{ stdenv, buildPackages, hostPlatform, fetchurl, perl, buildLinux, modDirVersionArg ? null, ... } @ args: with stdenv.lib; buildLinux (args // rec { - version = "4.14.48"; + version = "4.14.49"; + + # modDirVersion needs to be x.y.z, will automatically add .0 if needed + modDirVersion = if (modDirVersionArg == null) then concatStrings (intersperse "." (take 3 (splitString "." "${version}.0"))) else modDirVersionArg; # branchVersion needs to be x.y extraMeta.branch = concatStrings (intersperse "." (take 2 (splitString "." version))); src = fetchurl { url = "mirror://kernel/linux/kernel/v4.x/linux-${version}.tar.xz"; - sha256 = "1f92pz92mf0x9jfv3qf4w40i78l053f2qh2n8p2sbrqzc67n1840"; + sha256 = "1xrvklrh0zf3ma61qkbng2495j4bcvif45l8bm5074pk3rrlk7y6"; }; } // (args.argsOverride or {})) diff --git a/pkgs/os-specific/linux/kernel/linux-4.16.nix b/pkgs/os-specific/linux/kernel/linux-4.16.nix index 0a06c4dd434e..2643faac48a0 100644 --- a/pkgs/os-specific/linux/kernel/linux-4.16.nix +++ b/pkgs/os-specific/linux/kernel/linux-4.16.nix @@ -3,7 +3,7 @@ with stdenv.lib; buildLinux (args // rec { - version = "4.16.14"; + version = "4.16.15"; # modDirVersion needs to be x.y.z, will automatically add .0 if needed modDirVersion = if (modDirVersionArg == null) then concatStrings (intersperse "." (take 3 (splitString "." "${version}.0"))) else modDirVersionArg; @@ -13,6 +13,6 @@ buildLinux (args // rec { src = fetchurl { url = "mirror://kernel/linux/kernel/v4.x/linux-${version}.tar.xz"; - sha256 = "1h6zjnwpdyqk9fp72c35565lhw00kpjl55faakwx7xsxfpyvc25p"; + sha256 = "0v13g5ancr85hr24y7xagjn9w168h2d87m4m4hr4a2i45mrsdwjq"; }; } // (args.argsOverride or {})) diff --git a/pkgs/os-specific/linux/kernel/linux-4.17.nix b/pkgs/os-specific/linux/kernel/linux-4.17.nix index b360e98f0c09..ca8abcc0ef1e 100644 --- a/pkgs/os-specific/linux/kernel/linux-4.17.nix +++ b/pkgs/os-specific/linux/kernel/linux-4.17.nix @@ -3,7 +3,7 @@ with stdenv.lib; buildLinux (args // rec { - version = "4.17"; + version = "4.17.1"; # modDirVersion needs to be x.y.z, will automatically add .0 if needed modDirVersion = if (modDirVersionArg == null) then concatStrings (intersperse "." (take 3 (splitString "." "${version}.0"))) else modDirVersionArg; @@ -13,6 +13,6 @@ buildLinux (args // rec { src = fetchurl { url = "mirror://kernel/linux/kernel/v4.x/linux-${version}.tar.xz"; - sha256 = "04yd7hnsdyaq4xmrgg7509qjf09k1dy6k1p8qqfrdspajvc1valz"; + sha256 = "0w3hma7k4nwjp1zsfgn2i18dsmmdn1lxccqx3vapwsz6pjy3ygy9"; }; } // (args.argsOverride or {})) diff --git a/pkgs/os-specific/linux/kernel/patches.nix b/pkgs/os-specific/linux/kernel/patches.nix index c22762bde7c7..69495e5fc439 100644 --- a/pkgs/os-specific/linux/kernel/patches.nix +++ b/pkgs/os-specific/linux/kernel/patches.nix @@ -28,6 +28,11 @@ rec { patch = ./tag-hardened.patch; }; + copperhead_4_14 = rec { + name = "copperhead-4.14"; + patch = ./copperhead-4-14.patch; + }; + copperhead_4_16 = rec { name = "copperhead-4.16"; patch = ./copperhead-4-16.patch; diff --git a/pkgs/os-specific/linux/nvidia-x11/default.nix b/pkgs/os-specific/linux/nvidia-x11/default.nix index 11a97d420a83..8eeaf502020d 100644 --- a/pkgs/os-specific/linux/nvidia-x11/default.nix +++ b/pkgs/os-specific/linux/nvidia-x11/default.nix @@ -17,13 +17,11 @@ in rec { # Policy: use the highest stable version as the default (on our master). stable = generic { - version = "390.48"; - sha256_32bit = "1y6n2hfz9vd0h7gd31fgxcl76s5pjf8afwqyq5slqpcxpd78j5ai"; - sha256_64bit = "16a3blvizcksmaxr644s857yanw3i3vcvqvn7qnwbsbqpmxga09c"; - settingsSha256 = "058xaiw5g0kxrvc3lvy4424fqbjkvmsznj2v73cgbm25i1m83krl"; - persistencedSha256 = "0y86bhzl42lqyrbibqzf8a8yd49zbq3ryb78vgsl13i44f9sl79k"; - - patches = [ ./fix_missing_symbol.patch ]; + version = "390.67"; + sha256_32bit = "01c8fa80njyyr39c1pyf7ssmfq65ci8mapbs94fd6gnhwc7gfjkg"; + sha256_64bit = "0np6xj93fali2hss8xsdlmy5ykjgn4hx6mzjr8dpbdi0fhdcmwkd"; + settingsSha256 = "1wk4587czysnbj5yxijmv3bldcffzwp4yvfx133apsr31dqca0s7"; + persistencedSha256 = "1zia1r97lyj6fbmvsw4hv5qfcj84x3sz971m4430d8qyks2c4sdw"; }; beta = stable; # not enough interest to maintain beta ATM diff --git a/pkgs/os-specific/linux/nvidia-x11/fix_missing_symbol.patch b/pkgs/os-specific/linux/nvidia-x11/fix_missing_symbol.patch deleted file mode 100644 index ea783b4f011e..000000000000 --- a/pkgs/os-specific/linux/nvidia-x11/fix_missing_symbol.patch +++ /dev/null @@ -1,19 +0,0 @@ -https://devtalk.nvidia.com/default/topic/1030082/linux/kernel-4-16-rc1-breaks-latest-drivers-unknown-symbol-swiotlb_map_sg_attrs-/ ---- a/kernel/common/inc/nv-linux.h~ 2018-01-25 06:09:41.000000000 +0100 -+++ b/kernel/common/inc/nv-linux.h 2018-03-05 13:58:17.746725638 +0100 -@@ -1209,6 +1209,7 @@ static inline NvU32 nv_alloc_init_flags( - static inline NvBool nv_dma_maps_swiotlb(struct pci_dev *dev) - { - NvBool swiotlb_in_use = NV_FALSE; -+#if 0 - #if defined(CONFIG_SWIOTLB) - #if defined(NV_DMA_OPS_PRESENT) || defined(NV_GET_DMA_OPS_PRESENT) - /* -@@ -1251,7 +1252,7 @@ static inline NvBool nv_dma_maps_swiotlb - swiotlb_in_use = (swiotlb == 1); - #endif - #endif -- -+#endif - return swiotlb_in_use; - } diff --git a/pkgs/os-specific/linux/tiscamera/allow-pipeline-stop-in-trigger-mode.patch b/pkgs/os-specific/linux/tiscamera/allow-pipeline-stop-in-trigger-mode.patch new file mode 100644 index 000000000000..48a520f6ec3a --- /dev/null +++ b/pkgs/os-specific/linux/tiscamera/allow-pipeline-stop-in-trigger-mode.patch @@ -0,0 +1,48 @@ +diff --git a/src/gstreamer-1.0/gsttcamsrc.cpp b/src/gstreamer-1.0/gsttcamsrc.cpp +index d482e1e..e36afd8 100644 +--- a/src/gstreamer-1.0/gsttcamsrc.cpp ++++ b/src/gstreamer-1.0/gsttcamsrc.cpp +@@ -1112,6 +1112,7 @@ bool gst_tcam_src_init_camera (GstTcamSrc* self) + + static void gst_tcam_src_close_camera (GstTcamSrc* self) + { ++ GST_INFO("Closing device"); + if (self->device != NULL) + { + self->device->dev->stop_stream(); +@@ -1156,7 +1157,7 @@ static gboolean gst_tcam_src_stop (GstBaseSrc* src) + + self->device->dev->stop_stream(); + gst_element_send_event(GST_ELEMENT(self), gst_event_new_eos()); +- GST_DEBUG_OBJECT (self, "Stopped acquisition"); ++ GST_DEBUG("Stopped acquisition"); + + return TRUE; + } +@@ -1556,6 +1557,18 @@ static void gst_tcam_src_get_property (GObject* object, + } + + ++static gboolean gst_tcam_src_unlock (GstBaseSrc* src) ++{ ++ GstTcamSrc* self = GST_TCAM_SRC(src); ++ ++ self->is_running = FALSE; ++ ++ self->cv.notify_all(); ++ ++ return TRUE; ++} ++ ++ + static void gst_tcam_src_class_init (GstTcamSrcClass* klass) + { + GObjectClass *gobject_class = G_OBJECT_CLASS (klass); +@@ -1616,6 +1629,7 @@ static void gst_tcam_src_class_init (GstTcamSrcClass* klass) + gstbasesrc_class->fixate = gst_tcam_src_fixate_caps; + gstbasesrc_class->start = gst_tcam_src_start; + gstbasesrc_class->stop = gst_tcam_src_stop; ++ gstbasesrc_class->unlock = gst_tcam_src_unlock; + gstbasesrc_class->negotiate = gst_tcam_src_negotiate; + gstbasesrc_class->get_times = gst_tcam_src_get_times; + diff --git a/pkgs/os-specific/linux/tiscamera/default.nix b/pkgs/os-specific/linux/tiscamera/default.nix new file mode 100644 index 000000000000..d4d6ae18ce62 --- /dev/null +++ b/pkgs/os-specific/linux/tiscamera/default.nix @@ -0,0 +1,98 @@ +{ lib +, stdenv +, fetchFromGitHub +, cmake +, pkgconfig +, pcre +, tinyxml +, libusb1 +, libzip +, glib +, gobjectIntrospection +, gst_all_1 +, libwebcam +}: + +stdenv.mkDerivation rec { + pname = "tiscamera"; + version = "0.9.1"; + name = "${pname}-${version}"; + + src = fetchFromGitHub { + owner = "TheImagingSource"; + repo = pname; + rev = "v-${name}"; + sha256 = "143yp6bpzj3rqfnrcnlrcwggay37fg6rkphh4w9y9v7v4wllzf87"; + }; + + nativeBuildInputs = [ + cmake + pkgconfig + ]; + + buildInputs = [ + pcre + tinyxml + libusb1 + libzip + glib + gobjectIntrospection + gst_all_1.gstreamer + gst_all_1.gst-plugins-base + libwebcam + ]; + + + cmakeFlags = [ + "-DBUILD_ARAVIS=OFF" # For GigE support. Won't need it as our camera is usb. + "-DBUILD_GST_1_0=ON" + "-DBUILD_TOOLS=ON" + "-DBUILD_V4L2=ON" + "-DBUILD_LIBUSB=ON" + ]; + + + patches = [ + ./allow-pipeline-stop-in-trigger-mode.patch # To be removed next release. + ]; + + postPatch = '' + substituteInPlace ./data/udev/80-theimagingsource-cameras.rules \ + --replace "/usr/bin/uvcdynctrl" "${libwebcam}/bin/uvcdynctrl" \ + --replace "/path/to/tiscamera/uvc-extensions" "$out/share/uvcdynctrl/data/199e" + + substituteInPlace ./src/BackendLoader.cpp \ + --replace '"libtcam-v4l2.so"' "\"$out/lib/tcam-0/libtcam-v4l2.so\"" \ + --replace '"libtcam-aravis.so"' "\"$out/lib/tcam-0/libtcam-aravis.so\"" \ + --replace '"libtcam-libusb.so"' "\"$out/lib/tcam-0/libtcam-libusb.so\"" + ''; + + preConfigure = '' + cmakeFlagsArray=( + $cmakeFlagsArray + "-DCMAKE_INSTALL_PREFIX=$out" + "-DTCAM_INSTALL_UDEV=$out/lib/udev/rules.d" + "-DTCAM_INSTALL_UVCDYNCTRL=$out/share/uvcdynctrl/data/199e" + "-DTCAM_INSTALL_GST_1_0=$out/lib/gstreamer-1.0" + "-DTCAM_INSTALL_GIR=$out/share/gir-1.0" + "-DTCAM_INSTALL_TYPELIB=$out/lib/girepository-1.0" + "-DTCAM_INSTALL_SYSTEMD=$out/etc/systemd/system" + ) + ''; + + + # There are gobject introspection commands launched as part of the build. Those have a runtime + # dependency on `libtcam` (which itself is built as part of this build). In order to allow + # that, we set the dynamic linker's path to point on the build time location of the library. + preBuild = '' + export LD_LIBRARY_PATH=$PWD/src:$LD_LIBRARY_PATH + ''; + + meta = with lib; { + description = "The Linux sources and UVC firmwares for The Imaging Source cameras"; + homepage = https://github.com/TheImagingSource/tiscamera; + license = with licenses; [ asl20 ]; + platforms = platforms.linux; + maintainers = with maintainers; [ jraygauthier ]; + }; +} \ No newline at end of file diff --git a/pkgs/os-specific/linux/udisks/2-default.nix b/pkgs/os-specific/linux/udisks/2-default.nix index a057cb3c101e..6bb12c2c792a 100644 --- a/pkgs/os-specific/linux/udisks/2-default.nix +++ b/pkgs/os-specific/linux/udisks/2-default.nix @@ -1,43 +1,55 @@ -{ stdenv, fetchurl, pkgconfig, intltool, gnused -, expat, acl, systemd, glib, libatasmart, polkit -, libxslt, docbook_xsl, utillinux, mdadm, libgudev -, gobjectIntrospection +{ stdenv, fetchFromGitHub, substituteAll, libtool, pkgconfig, intltool, gnused +, gnome3, gtk-doc, acl, systemd, glib, libatasmart, polkit, coreutils, bash +, expat, libxslt, docbook_xsl, utillinux, mdadm, libgudev, libblockdev, parted +, gobjectIntrospection, docbook_xml_dtd_412, docbook_xml_dtd_43 +, libxfs, f2fs-tools, dosfstools, e2fsprogs, btrfs-progs, exfat, nilfs-utils, udftools, ntfs3g }: -stdenv.mkDerivation rec { - name = "udisks-2.1.8"; +let + version = "2.7.6"; +in stdenv.mkDerivation rec { + name = "udisks-${version}"; - src = fetchurl { - url = "http://udisks.freedesktop.org/releases/${name}.tar.bz2"; - sha256 = "1nkxhnqh39c9pzvm4zfj50rgv6apqawdx09bv3sfaxrah4a6jhfs"; + src = fetchFromGitHub { + owner = "storaged-project"; + repo = "udisks"; + rev = name; + sha256 = "16kf104vv2xbk8cdgaqygszcl69d7lz9gf3vmi7ggywn7nfbp2ks"; }; - outputs = [ "out" "man" "dev" ]; + outputs = [ "out" "man" "dev" "devdoc" ]; - patches = [ ./force-path.patch ]; + patches = [ + (substituteAll { + src = ./fix-paths.patch; + bash = "${bash}/bin/bash"; + blkid = "${utillinux}/bin/blkid"; + false = "${coreutils}/bin/false"; + mdadm = "${mdadm}/bin/mdadm"; + sed = "${gnused}/bin/sed"; + sh = "${bash}/bin/sh"; + sleep = "${coreutils}/bin/sleep"; + true = "${coreutils}/bin/true"; + }) + (substituteAll { + src = ./force-path.patch; + path = stdenv.lib.makeBinPath [ btrfs-progs coreutils dosfstools e2fsprogs exfat f2fs-tools nilfs-utils libxfs ntfs3g parted utillinux ]; + }) + ]; - # FIXME remove /var/run/current-system/sw/* references - # FIXME add references to parted, cryptsetup, etc (see the sources) - postPatch = - '' - substituteInPlace src/main.c --replace \ - "@path@" \ - "${utillinux}/bin:${mdadm}/bin:/run/current-system/sw/bin" - substituteInPlace data/80-udisks2.rules \ - --replace "/bin/sh" "${stdenv.shell}" \ - --replace "/sbin/mdadm" "${mdadm}/bin/mdadm" \ - --replace " sed " " ${gnused}/bin/sed " - '' + stdenv.lib.optionalString stdenv.hostPlatform.isMusl '' - substituteInPlace udisks/udisksclient.c \ - --replace 'defined( __GNUC_PREREQ)' 1 \ - --replace '__GNUC_PREREQ(4,6)' 1 - ''; + nativeBuildInputs = [ + pkgconfig gnome3.gnome-common libtool intltool gobjectIntrospection + gtk-doc libxslt docbook_xml_dtd_412 docbook_xml_dtd_43 docbook_xsl + ]; - nativeBuildInputs = [ pkgconfig intltool gobjectIntrospection ]; + buildInputs = [ + expat libgudev libblockdev acl systemd glib libatasmart polkit + ]; - buildInputs = [ libxslt docbook_xsl libgudev expat acl systemd glib libatasmart polkit ]; + preConfigure = "./autogen.sh"; configureFlags = [ + "--enable-gtk-doc" "--localstatedir=/var" "--with-systemdsystemunitdir=$(out)/etc/systemd/system" "--with-udevdir=$(out)/lib/udev" @@ -50,9 +62,11 @@ stdenv.mkDerivation rec { doCheck = false; # fails - meta = { - homepage = http://www.freedesktop.org/wiki/Software/udisks; - description = "A daemon and command-line utility for querying and manipulating storage devices"; - platforms = stdenv.lib.platforms.linux; + meta = with stdenv.lib; { + description = "A daemon, tools and libraries to access and manipulate disks, storage devices and technologies"; + homepage = https://www.freedesktop.org/wiki/Software/udisks/; + license = licenses.gpl2Plus; # lgpl2Plus for the library, gpl2Plus for the tools & daemon + maintainers = with maintainers; []; + platforms = platforms.linux; }; } diff --git a/pkgs/os-specific/linux/udisks/fix-paths.patch b/pkgs/os-specific/linux/udisks/fix-paths.patch new file mode 100644 index 000000000000..c2744c3b42e1 --- /dev/null +++ b/pkgs/os-specific/linux/udisks/fix-paths.patch @@ -0,0 +1,131 @@ +--- a/Makefile.am ++++ b/Makefile.am +@@ -1,6 +1,6 @@ + ## Process this file with automake to produce Makefile.in + +-SHELL = /bin/bash ++SHELL = @bash@ + .SHELLFLAGS = -o pipefail -c + + PYTHON ?= python3 +--- a/data/80-udisks2.rules ++++ b/data/80-udisks2.rules +@@ -17,9 +17,9 @@ + # + # TODO: file bug against mdadm(8) to have --export-prefix option that can be used with e.g. UDISKS_MD_MEMBER + # +-SUBSYSTEM=="block", ENV{ID_FS_USAGE}=="raid", ENV{ID_FS_TYPE}=="linux_raid_member", ENV{UDISKS_MD_MEMBER_LEVEL}=="", IMPORT{program}="/bin/sh -c '/sbin/mdadm --examine --export $tempnode | /bin/sed s/^MD_/UDISKS_MD_MEMBER_/g'" ++SUBSYSTEM=="block", ENV{ID_FS_USAGE}=="raid", ENV{ID_FS_TYPE}=="linux_raid_member", ENV{UDISKS_MD_MEMBER_LEVEL}=="", IMPORT{program}="@sh@ -c '@mdadm@ --examine --export $tempnode | @sed@ s/^MD_/UDISKS_MD_MEMBER_/g'" + +-SUBSYSTEM=="block", KERNEL=="md*", ENV{DEVTYPE}!="partition", IMPORT{program}="/bin/sh -c '/sbin/mdadm --detail --export $tempnode | /bin/sed s/^MD_/UDISKS_MD_/g'" ++SUBSYSTEM=="block", KERNEL=="md*", ENV{DEVTYPE}!="partition", IMPORT{program}="@sh@ -c '@mdadm@ --detail --export $tempnode | @sed@ s/^MD_/UDISKS_MD_/g'" + + LABEL="udisks_probe_end" + +--- a/modules/zram/udiskslinuxmanagerzram.c ++++ b/modules/zram/udiskslinuxmanagerzram.c +@@ -250,7 +250,7 @@ + + g_snprintf (tmp, 255, "zram%" G_GUINT64_FORMAT, i); + filename = g_build_filename (PACKAGE_ZRAMCONF_DIR, tmp, NULL); +- contents = g_strdup_printf ("#!/bin/bash\n\n" ++ contents = g_strdup_printf ("#!@bash@\n\n" + "ZRAM_NUM_STR=%" G_GUINT64_FORMAT "\n" + "ZRAM_DEV_SIZE=%" G_GUINT64_FORMAT "\n" + "SWAP=n\n", +--- a/src/tests/install-udisks/runtest.sh ++++ b/src/tests/install-udisks/runtest.sh +@@ -1,4 +1,4 @@ +-#!/bin/bash ++#!@bash@ + # vim: dict+=/usr/share/beakerlib/dictionary.vim cpt=.,w,b,u,t,i,k + # ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + # +--- a/src/tests/integration-test ++++ b/src/tests/integration-test +@@ -414,7 +414,7 @@ + f.write('KERNEL=="sr*", ENV{DISK_EJECT_REQUEST}!="?*", ' + 'ATTRS{model}=="scsi_debug*", ' + 'ENV{ID_CDROM_MEDIA}=="?*", ' +- 'IMPORT{program}="/sbin/blkid -o udev -p -u noraid $tempnode"\n') ++ 'IMPORT{program}="@blkid@ -o udev -p -u noraid $tempnode"\n') + # reload udev + subprocess.call('sync; pkill --signal HUP udevd || ' + 'pkill --signal HUP systemd-udevd', +@@ -1079,7 +1079,7 @@ + self.assertFalse(os.access(f, os.X_OK)) + + f = os.path.join(mount_point, 'simple.exe') +- shutil.copy('/bin/bash', f) ++ shutil.copy('@bash@', f) + self.assertTrue(os.access(f, os.R_OK)) + self.assertTrue(os.access(f, os.W_OK)) + self.assertTrue(os.access(f, os.X_OK)) +@@ -1092,7 +1092,7 @@ + self.assertFalse(os.access(f, os.X_OK)) + + f = os.path.join(mount_point, 'subdir', 'subdir.exe') +- shutil.copy('/bin/bash', f) ++ shutil.copy('@bash@', f) + self.assertTrue(os.access(f, os.R_OK)) + self.assertTrue(os.access(f, os.W_OK)) + self.assertTrue(os.access(f, os.X_OK)) +--- a/src/tests/storadectl/runtest.sh ++++ b/src/tests/storadectl/runtest.sh +@@ -1,4 +1,4 @@ +-#!/bin/bash ++#!@bash@ + # vim: dict+=/usr/share/beakerlib/dictionary.vim cpt=.,w,b,u,t,i,k + # ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + # +--- a/src/tests/test.c ++++ b/src/tests/test.c +@@ -71,7 +71,7 @@ + { + UDisksSpawnedJob *job; + +- job = udisks_spawned_job_new ("/bin/true", NULL, getuid (), geteuid (), NULL, NULL); ++ job = udisks_spawned_job_new ("@true@", NULL, getuid (), geteuid (), NULL, NULL); + udisks_spawned_job_start (job); + _g_assert_signal_received (job, "completed", G_CALLBACK (on_completed_expect_success), NULL); + g_object_unref (job); +@@ -84,10 +84,10 @@ + { + UDisksSpawnedJob *job; + +- job = udisks_spawned_job_new ("/bin/false", NULL, getuid (), geteuid (), NULL, NULL); ++ job = udisks_spawned_job_new ("@false@", NULL, getuid (), geteuid (), NULL, NULL); + udisks_spawned_job_start (job); + _g_assert_signal_received (job, "completed", G_CALLBACK (on_completed_expect_failure), +- (gpointer) "Command-line `/bin/false' exited with non-zero exit status 1: "); ++ (gpointer) "Command-line `@false@' exited with non-zero exit status 1: "); + g_object_unref (job); + } + +@@ -119,7 +119,7 @@ + + cancellable = g_cancellable_new (); + g_cancellable_cancel (cancellable); +- job = udisks_spawned_job_new ("/bin/true", NULL, getuid (), geteuid (), NULL, cancellable); ++ job = udisks_spawned_job_new ("@true@", NULL, getuid (), geteuid (), NULL, cancellable); + udisks_spawned_job_start (job); + _g_assert_signal_received (job, "completed", G_CALLBACK (on_completed_expect_failure), + (gpointer) "Operation was cancelled (g-io-error-quark, 19)"); +@@ -145,7 +145,7 @@ + GCancellable *cancellable; + + cancellable = g_cancellable_new (); +- job = udisks_spawned_job_new ("/bin/sleep 0.5", NULL, getuid (), geteuid (), NULL, cancellable); ++ job = udisks_spawned_job_new ("@sleep@ 0.5", NULL, getuid (), geteuid (), NULL, cancellable); + udisks_spawned_job_start (job); + g_timeout_add (10, on_timeout, cancellable); /* 10 msec */ + g_main_loop_run (loop); +@@ -199,7 +199,7 @@ + { + UDisksSpawnedJob *job; + +- job = udisks_spawned_job_new ("/bin/sleep 1000", NULL, getuid (), geteuid (), NULL, NULL /* GCancellable */); ++ job = udisks_spawned_job_new ("@sleep@ 1000", NULL, getuid (), geteuid (), NULL, NULL /* GCancellable */); + udisks_spawned_job_start (job); + g_object_unref (job); + } diff --git a/pkgs/servers/clickhouse/default.nix b/pkgs/servers/clickhouse/default.nix index f4a6b47a45a4..58a178a8b2ea 100644 --- a/pkgs/servers/clickhouse/default.nix +++ b/pkgs/servers/clickhouse/default.nix @@ -1,34 +1,30 @@ -{ stdenv, fetchFromGitHub, cmake, libtool, boost, double-conversion, gperftools -, icu, mysql, lz4, openssl, poco, re2, rdkafka, readline, sparsehash, unixODBC -, zookeeper_mt, zstd }: +{ stdenv, fetchFromGitHub, cmake, libtool, boost, cctz, double-conversion, gperftools +, icu, lz4, mysql, openssl, poco, re2, rdkafka, readline, sparsehash, unixODBC, zstd +}: stdenv.mkDerivation rec { name = "clickhouse-${version}"; - version = "1.1.54310"; + version = "1.1.54385"; src = fetchFromGitHub { owner = "yandex"; repo = "ClickHouse"; rev = "v${version}-stable"; - sha256 = "167pihqak8ip7bmlyrbzl9x3mpn381j8v7pl7nhrl9bfnzgrq69v"; + sha256 = "0s290xnx9dil2lbxdir5p5zmakvq5h523gdwax2cb37606wg8yj7"; }; - patches = [ ./termcap.patch ]; + patches = [ ./find-mysql.patch ./termcap.patch ]; nativeBuildInputs = [ cmake libtool ]; buildInputs = [ - boost double-conversion gperftools icu mysql.connector-c lz4 openssl poco - re2 rdkafka readline sparsehash unixODBC zookeeper_mt zstd + boost cctz double-conversion gperftools icu lz4 mysql.connector-c openssl poco + re2 rdkafka readline sparsehash unixODBC zstd ]; cmakeFlags = [ "-DENABLE_TESTS=OFF" "-DUNBUNDLED=ON" "-DUSE_STATIC_LIBRARIES=OFF" ]; - NIX_CFLAGS_COMPILE = [ "-Wno-error=unused-function" ]; - - enableParallelBuilding = true; - meta = with stdenv.lib; { homepage = https://clickhouse.yandex/; description = "Column-oriented database management system"; diff --git a/pkgs/servers/clickhouse/find-mysql.patch b/pkgs/servers/clickhouse/find-mysql.patch new file mode 100644 index 000000000000..3a5ec5181d1a --- /dev/null +++ b/pkgs/servers/clickhouse/find-mysql.patch @@ -0,0 +1,11 @@ +--- a/libs/libmysqlxx/cmake/find_mysqlclient.cmake ++++ b/libs/libmysqlxx/cmake/find_mysqlclient.cmake +@@ -24,7 +24,7 @@ if (ENABLE_MYSQL) + if (USE_STATIC_LIBRARIES) + find_library (STATIC_MYSQLCLIENT_LIB mariadbclient mysqlclient PATHS ${MYSQL_LIB_PATHS}) + else () +- find_library (MYSQLCLIENT_LIBRARIES mariadbclient mysqlclient PATHS ${MYSQL_LIB_PATHS}) ++ find_library (MYSQLCLIENT_LIBRARIES mariadbclient mysqlclient PATH_SUFFIXES mysql PATHS ${MYSQL_LIB_PATHS}) + endif () + + if (MYSQL_INCLUDE_DIR AND (STATIC_MYSQLCLIENT_LIB OR MYSQLCLIENT_LIBRARIES)) diff --git a/pkgs/servers/dns/bind/default.nix b/pkgs/servers/dns/bind/default.nix index d424d510cd28..b0fb29677f9a 100644 --- a/pkgs/servers/dns/bind/default.nix +++ b/pkgs/servers/dns/bind/default.nix @@ -24,7 +24,8 @@ stdenv.mkDerivation rec { stdenv.lib.optional stdenv.isDarwin ./darwin-openssl-linking-fix.patch; nativeBuildInputs = [ perl ]; - buildInputs = [ libcap libtool libxml2 openssl ] + buildInputs = [ libtool libxml2 openssl ] + ++ lib.optional stdenv.isLinux libcap ++ lib.optional enableSeccomp libseccomp ++ lib.optional enablePython python3; @@ -34,7 +35,6 @@ stdenv.mkDerivation rec { configureFlags = [ "--localstatedir=/var" - "--with-libcap=${libcap.dev}" "--with-libtool" "--with-libxml2=${libxml2.dev}" "--with-openssl=${openssl.dev}" @@ -54,7 +54,8 @@ stdenv.mkDerivation rec { "--with-gost" "--without-eddsa" "--with-aes" - ] ++ lib.optional enableSeccomp "--enable-seccomp"; + ] ++ lib.optional stdenv.isLinux "--with-libcap=${libcap.dev}" + ++ lib.optional enableSeccomp "--enable-seccomp"; postInstall = '' moveToOutput bin/bind9-config $dev diff --git a/pkgs/servers/nextcloud/default.nix b/pkgs/servers/nextcloud/default.nix index fb43643f9038..0121d748129b 100644 --- a/pkgs/servers/nextcloud/default.nix +++ b/pkgs/servers/nextcloud/default.nix @@ -2,11 +2,11 @@ stdenv.mkDerivation rec { name= "nextcloud-${version}"; - version = "13.0.3"; + version = "13.0.4"; src = fetchurl { url = "https://download.nextcloud.com/server/releases/${name}.tar.bz2"; - sha256 = "1r4k3vbjxm07mlm430hmp61dx052ikgzw0bqlmg09p8011a6fdhq"; + sha256 = "18d514145fcddc86f48d0a5fa4a0d4b07617135a1b23107137a6ea3ed519bd54"; }; installPhase = '' diff --git a/pkgs/servers/samba/4.x.nix b/pkgs/servers/samba/4.x.nix index ba7e9c923e3b..ee14ec6443bf 100644 --- a/pkgs/servers/samba/4.x.nix +++ b/pkgs/servers/samba/4.x.nix @@ -1,4 +1,5 @@ { lib, stdenv, fetchurl, python, pkgconfig, perl, libxslt, docbook_xsl +, fetchpatch , docbook_xml_dtd_42, docbook_xml_dtd_45, readline, talloc , popt, iniparser, libbsd, libarchive, libiconv, gettext , krb5Full, zlib, openldap, cups, pam, avahi, acl, libaio, fam, libceph, glusterfs @@ -13,6 +14,8 @@ , enableRegedit ? true , enableCephFS ? false , enableGlusterFS ? false +, enableAcl ? (!stdenv.isDarwin) +, enablePam ? (!stdenv.isDarwin) }: with lib; @@ -32,14 +35,18 @@ stdenv.mkDerivation rec { [ ./4.x-no-persistent-install.patch ./patch-source3__libads__kerberos_keytab.c.patch ./4.x-no-persistent-install-dynconfig.patch + (fetchpatch { + url = "https://patch-diff.githubusercontent.com/raw/samba-team/samba/pull/107.patch"; + sha256 = "0r6q34vjj0bdzmcbnrkad9rww58k4krbwicv4gs1g3dj49skpvd6"; + }) ]; buildInputs = [ python pkgconfig perl libxslt docbook_xsl docbook_xml_dtd_42 /* docbook_xml_dtd_45 */ readline talloc popt iniparser - libbsd libarchive zlib acl fam libiconv gettext libunwind krb5Full + libbsd libarchive zlib fam libiconv gettext libunwind krb5Full ] - ++ optionals stdenv.isLinux [ libaio pam systemd ] + ++ optionals stdenv.isLinux [ libaio systemd ] ++ optionals (enableInfiniband && stdenv.isLinux) [ libibverbs librdmacm ] ++ optional enableLDAP openldap ++ optional (enablePrinting && stdenv.isLinux) cups @@ -47,7 +54,9 @@ stdenv.mkDerivation rec { ++ optional enableDomainController gnutls ++ optional enableRegedit ncurses ++ optional (enableCephFS && stdenv.isLinux) libceph - ++ optional (enableGlusterFS && stdenv.isLinux) glusterfs; + ++ optional (enableGlusterFS && stdenv.isLinux) glusterfs + ++ optional enableAcl acl + ++ optional enablePam pam; postPatch = '' # Removes absolute paths in scripts @@ -67,7 +76,9 @@ stdenv.mkDerivation rec { "--localstatedir=/var" ] ++ optional (!enableDomainController) "--without-ad-dc" - ++ optionals (!enableLDAP) [ "--without-ldap" "--without-ads" ]; + ++ optionals (!enableLDAP) [ "--without-ldap" "--without-ads" ] + ++ optional (!enableAcl) "--without-acl-support" + ++ optional (!enablePam) "--without-pam"; # To build in parallel. buildPhase = "python buildtools/bin/waf build -j $NIX_BUILD_CORES"; diff --git a/pkgs/servers/sql/mariadb/default.nix b/pkgs/servers/sql/mariadb/default.nix index 064b6218a05c..4b254262f9f1 100644 --- a/pkgs/servers/sql/mariadb/default.nix +++ b/pkgs/servers/sql/mariadb/default.nix @@ -2,6 +2,7 @@ , libiconv, openssl, pcre, boost, judy, bison, libxml2 , libaio, libevent, groff, jemalloc, cracklib, systemd, numactl, perl , fixDarwinDylibNames, cctools, CoreServices +, asio, buildEnv, check, scons }: with stdenv.lib; @@ -12,6 +13,12 @@ mariadb = everything // { inherit client; # libmysqlclient.so in .out, necessary headers in .dev and utils in .bin server = everything; # a full single-output build, including everything in `client` again inherit connector-c; # libmysqlclient.so + inherit galera; +}; + +galeraLibs = buildEnv { + name = "galera-lib-inputs-united"; + paths = [ openssl.out boost check ]; }; common = rec { # attributes common to both builds @@ -150,6 +157,7 @@ everything = stdenv.mkDerivation (common // { "-DWITHOUT_EXAMPLE_STORAGE_ENGINE=1" "-DWITHOUT_FEDERATED_STORAGE_ENGINE=1" "-DWITH_WSREP=ON" + "-DWITH_INNODB_DISALLOW_WRITES=ON" ] ++ stdenv.lib.optionals stdenv.isDarwin [ "-DWITHOUT_OQGRAPH_STORAGE_ENGINE=1" "-DWITHOUT_TOKUDB=1" @@ -159,6 +167,8 @@ everything = stdenv.mkDerivation (common // { rm -r "$out"/data # Don't need testing data rm "$out"/share/man/man1/mysql-test-run.pl.1 rm "$out"/bin/rcmysql + '' + optionalString (! stdenv.isDarwin) '' + sed -i 's/-mariadb/-mysql/' "$out"/bin/galera_new_cluster ''; CXXFLAGS = optionalString stdenv.isi686 "-fpermissive" @@ -206,4 +216,52 @@ connector-c = stdenv.mkDerivation rec { }; }; +galera = stdenv.mkDerivation rec { + name = "mariadb-galera-${version}"; + version = "25.3.23"; + + src = fetchurl { + url = "https://mirrors.nxthost.com/mariadb/mariadb-10.2.14/galera-${version}/src/galera-${version}.tar.gz"; + sha256 = "11pfc85z29jk0h6g6bmi3hdv4in4yb00xsr2r0qm1b0y7m2wq3ra"; + }; + + buildInputs = [ asio boost check openssl scons ]; + + patchPhase = '' + substituteInPlace SConstruct \ + --replace "boost_library_path = '''" "boost_library_path = '${boost}/lib'" + ''; + + preConfigure = '' + export CPPFLAGS="-I${asio}/include -I${boost.dev}/include -I${check}/include -I${openssl.dev}/include" + export LIBPATH="${galeraLibs}/lib" + ''; + + buildPhase = '' + scons -j$NIX_BUILD_CORES ssl=1 system_asio=1 strict_build_flags=0 + ''; + + installPhase = '' + # copied with modifications from scripts/packages/freebsd.sh + GALERA_LICENSE_DIR="$share/licenses/${name}" + install -d $out/{bin,lib/galera,share/doc/galera,$GALERA_LICENSE_DIR} + install -m 555 "garb/garbd" "$out/bin/garbd" + install -m 444 "libgalera_smm.so" "$out/lib/galera/libgalera_smm.so" + install -m 444 "scripts/packages/README" "$out/share/doc/galera/" + install -m 444 "scripts/packages/README-MySQL" "$out/share/doc/galera/" + install -m 444 "scripts/packages/freebsd/LICENSE" "$out/$GALERA_LICENSE_DIR" + install -m 444 "LICENSE" "$out/$GALERA_LICENSE_DIR/GPLv2" + install -m 444 "asio/LICENSE_1_0.txt" "$out/$GALERA_LICENSE_DIR/LICENSE.asio" + install -m 444 "www.evanjones.ca/LICENSE" "$out/$GALERA_LICENSE_DIR/LICENSE.crc32c" + install -m 444 "chromium/LICENSE" "$out/$GALERA_LICENSE_DIR/LICENSE.chromium" + ''; + + meta = { + description = "Galera 3 wsrep provider library"; + homepage = http://galeracluster.com/; + license = licenses.lgpl2; + maintainers = with maintainers; [ izorkin ]; + platforms = platforms.all; + }; +}; in mariadb diff --git a/pkgs/tools/admin/azure-cli/default.nix b/pkgs/tools/admin/azure-cli/default.nix new file mode 100644 index 000000000000..e69de29bb2d1 --- /dev/null +++ b/pkgs/tools/admin/azure-cli/default.nix diff --git a/pkgs/tools/admin/ssl-cert-check/default.nix b/pkgs/tools/admin/ssl-cert-check/default.nix new file mode 100644 index 000000000000..8d30307af2d3 --- /dev/null +++ b/pkgs/tools/admin/ssl-cert-check/default.nix @@ -0,0 +1,59 @@ +{ stdenv +, lib +, fetchFromGitHub +, makeWrapper +, openssl +, which +, gnugrep +, gnused +, gawk +, mktemp +, coreutils +, findutils +}: + +stdenv.mkDerivation rec { + pname = "ssl-cert-check"; + name = "${pname}-${version}"; + version = "3.31"; + + src = fetchFromGitHub { + owner = "Matty9191"; + repo = pname; + rev = "698c1996d05152cfaf2a1a3df4cc70482411fac8"; + sha256 = "0jvi9phs0ngfwrj9zixb03v9byavbwxx8xkp0h5m98qppn1kvl3n"; + }; + + nativeBuildInputs = [ makeWrapper ]; + + buildInputs = [ + openssl + which + gnugrep + mktemp + gawk + gnused + coreutils + findutils + ]; + + prePatch = '' + substituteInPlace $pname --replace PATH= NOT_PATH= + ''; + + installPhase = '' + mkdir -p $out/bin + cp $pname $out/bin/$pname + wrapProgram $out/bin/$pname \ + --set PATH "${stdenv.lib.makeBinPath buildInputs}" + ''; + + meta = with stdenv.lib; { + description = "a Bourne shell script that can be used to report on expiring SSL certificates"; + homepage = https://github.com/Matty9191/ssl-cert-check; + license = licenses.gpl2; + maintainers = [ maintainers.ryantm ]; + platforms = platforms.linux; + }; + +} diff --git a/pkgs/tools/backup/borg/default.nix b/pkgs/tools/backup/borg/default.nix index 6de4d3d859ed..0d11ba394e6b 100644 --- a/pkgs/tools/backup/borg/default.nix +++ b/pkgs/tools/backup/borg/default.nix @@ -2,18 +2,13 @@ python3Packages.buildPythonApplication rec { pname = "borgbackup"; - version = "1.1.5"; + version = "1.1.6"; src = python3Packages.fetchPypi { inherit pname version; - sha256 = "4356e6c712871f389e3cb1d6382e341ea635f9e5c65de1cd8fcd103d0fb66d3d"; + sha256 = "a1d2e474c85d3ad3d59b3f8209b5549653c88912082ea0159d27a2e80c910930"; }; - postPatch = '' - # loosen constraint on msgpack version, only 0.5.0 had problems - sed -i "s/'msgpack-python.*'/'msgpack-python'/g" setup.py - ''; - nativeBuildInputs = with python3Packages; [ # For building documentation: sphinx guzzle_sphinx_theme diff --git a/pkgs/tools/inputmethods/uim/default.nix b/pkgs/tools/inputmethods/uim/default.nix index 1bdbef2fde6c..b8510b102cbb 100644 --- a/pkgs/tools/inputmethods/uim/default.nix +++ b/pkgs/tools/inputmethods/uim/default.nix @@ -38,15 +38,15 @@ assert withFFI -> libffi != null; assert withMisc -> libeb != null; stdenv.mkDerivation rec { - version = "1.8.6-20180501-git"; + version = "1.8.8"; name = "uim-${version}"; src = fetchFromGitHub { owner = "uim"; repo = "uim"; - rev = "c79432cb5aba3a67fb7e7557f4817c749865cc8a"; + rev = "2c0958c9c505a87e70e344c2192e2e5123c71ea5"; fetchSubmodules = true; - sha256 = "12rznfwq1mh750i18bl1743c51akyyvy6la5rgrxmrnp0mha9ba5"; + sha256 = "1hkjxi5r49gcna37m3jvykny5hz9ram4y8a3q7lw4qzr52mz9pdp"; }; nativeBuildInputs = [ diff --git a/pkgs/tools/misc/diffoscope/default.nix b/pkgs/tools/misc/diffoscope/default.nix index 1987c6aed0ad..e2e2f66f558b 100644 --- a/pkgs/tools/misc/diffoscope/default.nix +++ b/pkgs/tools/misc/diffoscope/default.nix @@ -8,12 +8,12 @@ python3Packages.buildPythonApplication rec { name = "diffoscope-${version}"; - version = "91"; + version = "95"; src = fetchgit { url = "https://anonscm.debian.org/git/reproducible/diffoscope.git"; rev = "refs/tags/${version}"; - sha256 = "16xqy71115cj4kws6bkcjm98nlaff3a32fz82rn2l1xk9w9n3dnz"; + sha256 = "1x06krs3lp41x5w2l8ck8g47il3qzlclyphw9a2wv71sqkb5zxzi"; }; patches = [ diff --git a/pkgs/tools/misc/hyperfine/default.nix b/pkgs/tools/misc/hyperfine/default.nix index 0b04ee1e2811..d9c255d2a7a8 100644 --- a/pkgs/tools/misc/hyperfine/default.nix +++ b/pkgs/tools/misc/hyperfine/default.nix @@ -1,16 +1,14 @@ { stdenv, fetchFromGitHub, rustPlatform }: -with rustPlatform; - -buildRustPackage rec { +rustPlatform.buildRustPackage rec { name = "hyperfine-${version}"; - version = "1.0.0"; + version = "1.1.0"; src = fetchFromGitHub { owner = "sharkdp"; repo = "hyperfine"; rev = "refs/tags/v${version}"; - sha256 = "0prmnhyp20w71l3mjqgdr38q94cqr1xayzgj7ibbq2hdick4w5nn"; + sha256 = "13h43sjp059yq3bmdbb9i1082fkx5yzmhrkf5kpkxhnyn67xbdsg"; }; cargoSha256 = "0saf0hl21ba2ckqbsw64908nvs0x1rjrnm73ackzpmv5pi9j567s"; diff --git a/pkgs/tools/misc/trash-cli/default.nix b/pkgs/tools/misc/trash-cli/default.nix index 77308ecf2ed8..113c7e127d4f 100644 --- a/pkgs/tools/misc/trash-cli/default.nix +++ b/pkgs/tools/misc/trash-cli/default.nix @@ -1,8 +1,6 @@ { stdenv, fetchFromGitHub, fetchpatch, coreutils , python3, python3Packages, substituteAll }: -assert stdenv.isLinux; - python3Packages.buildPythonApplication rec { name = "trash-cli-${version}"; version = "0.17.1.14"; @@ -19,7 +17,8 @@ python3Packages.buildPythonApplication rec { (substituteAll { src = ./nix-paths.patch; df = "${coreutils}/bin/df"; - libc = "${stdenv.cc.libc.out}/lib/libc.so.6"; + libc = let ext = if stdenv.isDarwin then ".dylib" else ".so.6"; + in "${stdenv.cc.libc}/lib/libc${ext}"; }) # Fix build on Python 3.6. @@ -37,7 +36,7 @@ python3Packages.buildPythonApplication rec { homepage = https://github.com/andreafrancia/trash-cli; description = "Command line tool for the desktop trash can"; maintainers = [ maintainers.rycee ]; - platforms = platforms.all; + platforms = platforms.unix; license = licenses.gpl2; }; } diff --git a/pkgs/tools/networking/dnsperf/default.nix b/pkgs/tools/networking/dnsperf/default.nix index 97aad141239e..b978925c62b5 100644 --- a/pkgs/tools/networking/dnsperf/default.nix +++ b/pkgs/tools/networking/dnsperf/default.nix @@ -1,4 +1,4 @@ -{ stdenv, fetchurl, bind, libseccomp, zlib, openssl }: +{ stdenv, fetchurl, bind, libseccomp, zlib, openssl, libcap }: stdenv.mkDerivation rec { name = "dnsperf-${version}"; @@ -12,7 +12,8 @@ stdenv.mkDerivation rec { outputs = [ "out" "man" "doc" ]; - buildInputs = [ bind libseccomp zlib openssl ]; + buildInputs = [ bind zlib openssl ] + ++ stdenv.lib.optional stdenv.isLinux [ libcap libseccomp ]; postInstall = '' mkdir -p "$out/share/doc/" @@ -29,4 +30,3 @@ stdenv.mkDerivation rec { maintainers = [ maintainers.vcunat ]; }; } - diff --git a/pkgs/tools/networking/maxscale/default.nix b/pkgs/tools/networking/maxscale/default.nix new file mode 100644 index 000000000000..425e531419e4 --- /dev/null +++ b/pkgs/tools/networking/maxscale/default.nix @@ -0,0 +1,87 @@ +{ stdenv, fetchFromGitHub, cmake, pkgconfig, gcc, glibc +, bison2, curl, flex, gperftools, jansson, jemalloc, kerberos, lua, mariadb +, ncurses, openssl, pcre, pcre2, perl, rabbitmq-c, sqlite, tcl +, libaio, libedit, libtool, libui, libuuid, zlib +}: + +stdenv.mkDerivation rec { + name = "maxscale-${version}"; + version = "2.1.17"; + + src = fetchFromGitHub { + owner = "mariadb-corporation"; + repo = "MaxScale"; + rev = "${name}"; + sha256 = "161kc6aqqj3z509q4qwvsd86h06hlyzdask4gawn2ij0h3ca58q6"; + }; + + nativeBuildInputs = [ cmake pkgconfig ]; + + buildInputs = [ + bison2 curl flex gperftools jansson jemalloc kerberos lua mariadb.connector-c + ncurses openssl pcre pcre2 perl rabbitmq-c sqlite tcl + libaio libedit libtool libui libuuid zlib + ]; + + patches = [ ./getopt.patch ]; + + preConfigure = '' + for i in `grep -l -R '#include <getopt.h>' .`; do + substituteInPlace $i --replace "#include <getopt.h>" "#include <${glibc.dev}/include/getopt.h>" + done + ''; + + cmakeFlags = [ + "-DUSE_C99=YES" + "-DDEFAULT_ADMIN_USER=root" + "-DWITH_MAXSCALE_CNF=YES" + "-DSTATIC_EMBEDDED=YES" + "-DBUILD_RABBITMQ=YES" + "-DBUILD_BINLOG=YES" + "-DBUILD_CDC=NO" + "-DBUILD_MMMON=YES" + "-DBUILD_LUAFILTER=YES" + "-DLUA_LIBRARIES=${lua}/lib" + "-DLUA_INCLUDE_DIR=${lua}/include" + "-DGCOV=NO" + "-DWITH_SCRIPTS=OFF" + "-DBUILD_TESTS=NO" + "-DBUILD_TOOLS=NO" + "-DPROFILE=NO" + "-DWITH_TCMALLOC=YES" + "-DWITH_JEMALLOC=YES" + "-DINSTALL_EXPERIMENTAL=YES" + "-DTARGET_COMPONENT=all" + ]; + + CFLAGS = "-std=gnu99"; + + enableParallelBuilding = false; + + dontStrip = true; + + postInstall = '' + find $out/bin -type f -perm -0100 | while read f1; do + patchelf \ + --set-rpath "$(patchelf --print-rpath $f1):${mariadb.connector-c}/lib/mariadb:$out/lib/maxscale" \ + --set-interpreter "$(cat ${stdenv.cc}/nix-support/dynamic-linker)" $f1 \ + && patchelf --shrink-rpath $f1 + done + + find $out/lib/maxscale -type f -perm -0100 | while read f2; do + patchelf \ + --set-rpath "$(patchelf --print-rpath $f2)":$out/lib/maxscale $f2 + done + + mv $out/share/maxscale/create_grants $out/bin + rm -rf $out/{etc,var} + ''; + + meta = with stdenv.lib; { + description = ''MaxScale database proxy extends MariaDB Server's high availability''; + homepage = https://mariadb.com/products/technology/maxscale; + license = licenses.bsl11; + platforms = platforms.linux; + maintainers = with maintainers; [ izorkin ]; + }; +} diff --git a/pkgs/tools/networking/maxscale/getopt.patch b/pkgs/tools/networking/maxscale/getopt.patch new file mode 100644 index 000000000000..db09a8e8f1ec --- /dev/null +++ b/pkgs/tools/networking/maxscale/getopt.patch @@ -0,0 +1,11 @@ +--- a/server/core/maxpasswd.c 2018-01-12 05:06:49.000000000 -0500 ++++ b/server/core/maxpasswd.c 2018-01-12 06:50:18.518000000 -0500 +@@ -25,6 +25,7 @@ + + #include <maxscale/cdefs.h> + ++#include <getopt.h> + #include <stdio.h> + #include <errno.h> + #include <sys/stat.h> + diff --git a/pkgs/tools/networking/mitmproxy/default.nix b/pkgs/tools/networking/mitmproxy/default.nix index 5f7537eda18d..d3b62d3259cc 100644 --- a/pkgs/tools/networking/mitmproxy/default.nix +++ b/pkgs/tools/networking/mitmproxy/default.nix @@ -18,6 +18,8 @@ buildPythonPackage rec { sed 's/>=\([0-9]\.\?\)\+\( \?, \?<\([0-9]\.\?\)\+\)\?//' -i setup.py ''; + doCheck = (!stdenv.isDarwin); + checkPhase = '' export HOME=$(mktemp -d) export LC_CTYPE=en_US.UTF-8 diff --git a/pkgs/tools/networking/ntp/seccomp.patch b/pkgs/tools/networking/ntp/seccomp.patch index 28de2f01d073..872bf8e7fcc2 100644 --- a/pkgs/tools/networking/ntp/seccomp.patch +++ b/pkgs/tools/networking/ntp/seccomp.patch @@ -34,11 +34,12 @@ diff -urN ntp-4.2.8p10.orig/ntpd/ntpd.c ntp-4.2.8p10/ntpd/ntpd.c SCMP_SYS(madvise), SCMP_SYS(mmap), SCMP_SYS(mmap2), -@@ -1211,6 +1216,7 @@ +@@ -1211,6 +1216,8 @@ SCMP_SYS(select), SCMP_SYS(setitimer), SCMP_SYS(setsid), + SCMP_SYS(setsockopt), ++ SCMP_SYS(openat), SCMP_SYS(sigprocmask), SCMP_SYS(sigreturn), SCMP_SYS(socketcall), diff --git a/pkgs/tools/networking/tinc/default.nix b/pkgs/tools/networking/tinc/default.nix index 4f6bec9c0084..9ef5ff2a4f08 100644 --- a/pkgs/tools/networking/tinc/default.nix +++ b/pkgs/tools/networking/tinc/default.nix @@ -1,12 +1,12 @@ {stdenv, fetchurl, lzo, openssl, zlib}: stdenv.mkDerivation rec { - version = "1.0.33"; + version = "1.0.34"; name = "tinc-${version}"; src = fetchurl { url = "http://www.tinc-vpn.org/packages/tinc-${version}.tar.gz"; - sha256 = "1x0hpfz13vn4pl6dcpnls6xq3rfcbdsg90awcfn53ijb8k35svvz"; + sha256 = "1nngdp2x5kykrgh13q5wjry8m82vahqv53csvlb22ifxvrhrnfn0"; }; buildInputs = [ lzo openssl zlib ]; diff --git a/pkgs/tools/networking/tinc/pre.nix b/pkgs/tools/networking/tinc/pre.nix index 0f5fd2836921..db4b6a2281d4 100644 --- a/pkgs/tools/networking/tinc/pre.nix +++ b/pkgs/tools/networking/tinc/pre.nix @@ -2,12 +2,12 @@ stdenv.mkDerivation rec { name = "tinc-${version}"; - version = "1.1pre15"; + version = "1.1pre16"; src = fetchgit { rev = "refs/tags/release-${version}"; url = "git://tinc-vpn.org/tinc"; - sha256 = "1msym63jpipvzb5dn8yn8yycrii43ncfq6xddxh2ifrakr48l6y5"; + sha256 = "03dsm1kxagq8srskzg649xyhbdqbbqxc84pdwrz7yakpa9m6225c"; }; outputs = [ "out" "man" "info" ]; @@ -23,10 +23,6 @@ stdenv.mkDerivation rec { sed -i '/AC_INIT/s/m4_esyscmd_s.*/${version})/' configure.ac ''; - postInstall = '' - rm $out/bin/tinc-gui - ''; - configureFlags = [ "--sysconfdir=/etc" "--localstatedir=/var" diff --git a/pkgs/tools/networking/whois/default.nix b/pkgs/tools/networking/whois/default.nix index 4a40c3200407..e644578b6642 100644 --- a/pkgs/tools/networking/whois/default.nix +++ b/pkgs/tools/networking/whois/default.nix @@ -1,14 +1,14 @@ { stdenv, fetchFromGitHub, perl, gettext, pkgconfig, libidn2, libiconv }: stdenv.mkDerivation rec { - version = "5.3.0"; + version = "5.3.1"; name = "whois-${version}"; src = fetchFromGitHub { owner = "rfc1036"; repo = "whois"; rev = "v${version}"; - sha256 = "01pfl1ap62hc27574sx1a4yaaf7hr2zkksspn5z97sgacl6h1rnf"; + sha256 = "1xqvcsh70590bwmy37kwlwyl0rvnlqx987km3mnij93q4kvabg5n"; }; nativeBuildInputs = [ perl gettext pkgconfig ]; diff --git a/pkgs/tools/networking/wireguard-go/default.nix b/pkgs/tools/networking/wireguard-go/default.nix index 62ea3d64468a..cbd28b6954a3 100644 --- a/pkgs/tools/networking/wireguard-go/default.nix +++ b/pkgs/tools/networking/wireguard-go/default.nix @@ -13,11 +13,6 @@ buildGoPackage rec { goDeps = ./deps.nix; - postPatch = '' - # Replace local imports so that go tools do not trip on them - find . -name '*.go' -exec sed -i '/import (/,/)/s@"./@"${goPackagePath}/@' {} \; - ''; - meta = with stdenv.lib; { description = "Userspace Go implementation of WireGuard"; homepage = https://git.zx2c4.com/wireguard-go/about/; diff --git a/pkgs/tools/security/gnupg/22.nix b/pkgs/tools/security/gnupg/22.nix index 0f575d748b6c..f28d57fa62bd 100644 --- a/pkgs/tools/security/gnupg/22.nix +++ b/pkgs/tools/security/gnupg/22.nix @@ -15,11 +15,11 @@ assert guiSupport -> pinentry != null; stdenv.mkDerivation rec { name = "gnupg-${version}"; - version = "2.2.7"; + version = "2.2.8"; src = fetchurl { url = "mirror://gnupg/gnupg/${name}.tar.bz2"; - sha256 = "0vlpis0q7gvq9mhdc43hkyn3cdriz4mwgj20my3gyzpgwqg3cnyr"; + sha256 = "1k8dnnfs9888yp713l7kg2jg110lw47s4krx0njna6fjrsw4qyvp"; }; nativeBuildInputs = [ pkgconfig ]; diff --git a/pkgs/tools/security/nwipe/default.nix b/pkgs/tools/security/nwipe/default.nix new file mode 100644 index 000000000000..214ffccc7aea --- /dev/null +++ b/pkgs/tools/security/nwipe/default.nix @@ -0,0 +1,22 @@ +{ stdenv, fetchFromGitHub, ncurses, parted, automake, autoconf, pkgconfig }: + +stdenv.mkDerivation rec { + version = "0.24"; + name = "nwipe-${version}"; + src = fetchFromGitHub { + owner = "martijnvanbrummelen"; + repo = "nwipe"; + rev = "v${version}"; + sha256 = "0zminjngz98b4jl1ii6ssa7pkmf4xw6mmk8apxz3xr68cps12ls0"; + }; + nativeBuildInputs = [ automake autoconf pkgconfig ]; + buildInputs = [ ncurses parted ]; + preConfigure = "sh init.sh || :"; + meta = with stdenv.lib; { + description = "Securely erase disks"; + homepage = https://github.com/martijnvanbrummelen/nwipe; + license = licenses.gpl2; + maintainers = [ maintainers.woffs ]; + platforms = platforms.linux; + }; +} diff --git a/pkgs/tools/security/pcsclite/default.nix b/pkgs/tools/security/pcsclite/default.nix index 589316b1d1c5..bf5856aec357 100644 --- a/pkgs/tools/security/pcsclite/default.nix +++ b/pkgs/tools/security/pcsclite/default.nix @@ -6,9 +6,7 @@ stdenv.mkDerivation rec { version = "1.8.23"; src = fetchurl { - # This URL changes in unpredictable ways, so it is not sensible - # to put a version variable in there. - url = "https://alioth.debian.org/frs/download.php/file/4235/pcsc-lite-1.8.23.tar.bz2"; + url = "https://pcsclite.apdu.fr/files/pcsc-lite-${version}.tar.bz2"; sha256 = "1jc9ws5ra6v3plwraqixin0w0wfxj64drahrbkyrrwzghqjjc9ss"; }; @@ -36,7 +34,7 @@ stdenv.mkDerivation rec { meta = with stdenv.lib; { description = "Middleware to access a smart card using SCard API (PC/SC)"; - homepage = http://pcsclite.alioth.debian.org/; + homepage = https://pcsclite.apdu.fr/; license = licenses.bsd3; maintainers = with maintainers; [ viric wkennington ]; platforms = with platforms; unix; diff --git a/pkgs/tools/security/tor/default.nix b/pkgs/tools/security/tor/default.nix index 795925a221c2..3efba58ea11d 100644 --- a/pkgs/tools/security/tor/default.nix +++ b/pkgs/tools/security/tor/default.nix @@ -15,11 +15,11 @@ }: stdenv.mkDerivation rec { - name = "tor-0.3.3.6"; + name = "tor-0.3.3.7"; src = fetchurl { url = "https://dist.torproject.org/${name}.tar.gz"; - sha256 = "1drk2h8zd05xrfpx7xn77pcxz0hs4nrq6figw56qk5gkvgv5kg4r"; + sha256 = "036ybfvldj7yfci9ipjki8smpzyxdg8c5r12bghc9yxdqh9basza"; }; outputs = [ "out" "geoip" ]; diff --git a/pkgs/tools/system/acpica-tools/default.nix b/pkgs/tools/system/acpica-tools/default.nix index edb7828f95b7..c9a33bc64e0c 100644 --- a/pkgs/tools/system/acpica-tools/default.nix +++ b/pkgs/tools/system/acpica-tools/default.nix @@ -2,11 +2,11 @@ stdenv.mkDerivation rec { name = "acpica-tools-${version}"; - version = "20180508"; + version = "20180531"; src = fetchurl { url = "https://acpica.org/sites/acpica/files/acpica-unix-${version}.tar.gz"; - sha256 = "1n7lqmv77kg28drahvxzybwl9v4hzwi8i7xkpgliclfcp5ff909b"; + sha256 = "0rbn0anxs6r1ks1lgaxqhiv2kqgh4f1fq5qi2kdv7hir82mdqv4g"; }; NIX_CFLAGS_COMPILE = "-O3"; diff --git a/pkgs/tools/system/loadwatch/default.nix b/pkgs/tools/system/loadwatch/default.nix new file mode 100644 index 000000000000..eb7f1e3bb59b --- /dev/null +++ b/pkgs/tools/system/loadwatch/default.nix @@ -0,0 +1,20 @@ +{ stdenv, fetchgit, ... }: + +stdenv.mkDerivation { + name = "loadwatch-1.1-1-g6d2544c"; + src = fetchgit { + url = "git://woffs.de/git/fd/loadwatch.git"; + sha256 = "1bhw5ywvhyb6snidsnllfpdi1migy73wg2gchhsfbcpm8aaz9c9b"; + rev = "6d2544c0caaa8a64bbafc3f851e06b8056c30e6e"; + }; + installPhase = '' + mkdir -p $out/bin + install loadwatch lw-ctl $out/bin + ''; + meta = with stdenv.lib; { + description = "Run a program using only idle cycles"; + license = licenses.gpl2; + maintainers = with maintainers; [ woffs ]; + platforms = platforms.linux; + }; +} diff --git a/pkgs/top-level/all-packages.nix b/pkgs/top-level/all-packages.nix index 06a70709d84e..8bce97b87b6a 100644 --- a/pkgs/top-level/all-packages.nix +++ b/pkgs/top-level/all-packages.nix @@ -344,6 +344,9 @@ with pkgs; pathsFromGraph = ../build-support/kernel/paths-from-graph.pl; + pruneLibtoolFiles = makeSetupHook { name = "prune-libtool-files"; } + ../build-support/setup-hooks/prune-libtool-files.sh; + closureInfo = callPackage ../build-support/closure-info.nix { }; setupSystemdUnits = callPackage ../build-support/setup-systemd-units.nix { }; @@ -568,6 +571,8 @@ with pkgs; aws_shell = pythonPackages.callPackage ../tools/admin/aws_shell { }; + aws-sam-cli = callPackage ../development/tools/aws-sam-cli { }; + aws-vault = callPackage ../tools/admin/aws-vault { }; iamy = callPackage ../tools/admin/iamy { }; @@ -1340,6 +1345,8 @@ with pkgs; languagetool = callPackage ../tools/text/languagetool { }; + loadwatch = callPackage ../tools/system/loadwatch { }; + loccount = callPackage ../development/tools/misc/loccount { }; long-shebang = callPackage ../misc/long-shebang {}; @@ -1386,6 +1393,8 @@ with pkgs; nrsc5 = callPackage ../applications/misc/nrsc5 { }; + nwipe = callPackage ../tools/security/nwipe { }; + onboard = callPackage ../applications/misc/onboard { }; optar = callPackage ../tools/graphics/optar {}; @@ -4232,6 +4241,8 @@ with pkgs; update-resolv-conf = callPackage ../tools/networking/openvpn/update-resolv-conf.nix { }; + opae = callPackage ../development/libraries/opae { }; + openvswitch = callPackage ../os-specific/linux/openvswitch { }; optipng = callPackage ../tools/graphics/optipng { @@ -4433,23 +4444,23 @@ with pkgs; libcap = if stdenv.isDarwin then null else libcap; }; - pinentry_ncurses = pinentry.override { + pinentry_ncurses = self.pinentry.override { gtk2 = null; }; - pinentry_emacs = pinentry.override { + pinentry_emacs = self.pinentry.override { enableEmacs = true; }; - pinentry_gnome = pinentry.override { + pinentry_gnome = self.pinentry.override { gcr = gnome3.gcr; }; - pinentry_qt4 = pinentry.override { + pinentry_qt4 = self.pinentry.override { qt = qt4; }; - pinentry_qt5 = pinentry.override { + pinentry_qt5 = self.pinentry.override { qt = qt5.qtbase; }; @@ -4985,7 +4996,9 @@ with pkgs; sisco.lv2 = callPackage ../applications/audio/sisco.lv2 { }; - sit = callPackage ../applications/version-management/sit { }; + sit = callPackage ../applications/version-management/sit { + inherit (darwin.apple_sdk.frameworks) CoreFoundation Security; + }; skippy-xd = callPackage ../tools/X11/skippy-xd {}; @@ -5512,6 +5525,8 @@ with pkgs; vobsub2srt = callPackage ../tools/cd-dvd/vobsub2srt { }; + volume_key = callPackage ../development/libraries/volume-key { }; + vorbisgain = callPackage ../tools/misc/vorbisgain { }; vpnc = callPackage ../tools/networking/vpnc { }; @@ -6460,7 +6475,7 @@ with pkgs; haskell = callPackage ./haskell-packages.nix { }; haskellPackages = haskell.packages.ghc822.override { - overrides = config.haskellPackageOverrides or (self: super: {}); + overrides = config.haskellPackageOverrides or haskell.packageOverrides; }; inherit (haskellPackages) ghc; @@ -6784,8 +6799,8 @@ with pkgs; inherit (stdenvAdapters) overrideCC; buildLlvmTools = buildPackages.llvmPackages_5.tools; targetLlvmLibraries = targetPackages.llvmPackages_5.libraries; - } // stdenv.lib.optionalAttrs stdenv.isDarwin { - cmake = cmake.override { + } // stdenv.lib.optionalAttrs (stdenv.isDarwin && hostPlatform == buildPlatform) { + cmake = buildPackages.cmake.override { isBootstrap = true; majorVersion = "3.9"; # 3.10.2: 'ApplicationServices/ApplicationServices.h' file not found }; @@ -8601,7 +8616,9 @@ with pkgs; assimp = callPackage ../development/libraries/assimp { }; - asio = callPackage ../development/libraries/asio { }; + asio = asio_1_12; + asio_1_10 = callPackage ../development/libraries/asio/1.10.nix { }; + asio_1_12 = callPackage ../development/libraries/asio/1.12.nix { }; aspell = callPackage ../development/libraries/aspell { }; @@ -8723,6 +8740,8 @@ with pkgs; ccrtp_1_8 = callPackage ../development/libraries/ccrtp/1.8.nix { }; + cctz = callPackage ../development/libraries/cctz { }; + celt = callPackage ../development/libraries/celt {}; celt_0_7 = callPackage ../development/libraries/celt/0.7.nix {}; celt_0_5_1 = callPackage ../development/libraries/celt/0.5.1.nix {}; @@ -8966,12 +8985,15 @@ with pkgs; ffmpeg_0_10 = callPackage ../development/libraries/ffmpeg/0.10.nix { inherit (darwin.apple_sdk.frameworks) Cocoa; + stdenv = gccStdenv; }; ffmpeg_1_2 = callPackage ../development/libraries/ffmpeg/1.2.nix { inherit (darwin.apple_sdk.frameworks) Cocoa; + stdenv = gccStdenv; }; ffmpeg_2_8 = callPackage ../development/libraries/ffmpeg/2.8.nix { inherit (darwin.apple_sdk.frameworks) Cocoa; + stdenv = gccStdenv; }; ffmpeg_3_4 = callPackage ../development/libraries/ffmpeg/3.4.nix { inherit (darwin.apple_sdk.frameworks) Cocoa CoreMedia; @@ -8979,6 +9001,7 @@ with pkgs; }; ffmpeg_4 = callPackage ../development/libraries/ffmpeg/4.nix { inherit (darwin.apple_sdk.frameworks) Cocoa CoreMedia; + stdenv = gccStdenv; }; # Aliases @@ -9789,6 +9812,8 @@ with pkgs; libbdplus = callPackage ../development/libraries/libbdplus { }; + libblockdev = callPackage ../development/libraries/libblockdev { }; + libblocksruntime = callPackage ../development/libraries/libblocksruntime { }; libbluray = callPackage ../development/libraries/libbluray { }; @@ -9799,13 +9824,19 @@ with pkgs; libburn = callPackage ../development/libraries/libburn { }; + libbytesize = callPackage ../development/libraries/libbytesize { }; + libcaca = callPackage ../development/libraries/libcaca { inherit (xorg) libX11 libXext; }; libcanberra = callPackage ../development/libraries/libcanberra { }; - libcanberra-gtk3 = pkgs.libcanberra.override { gtk = pkgs.gtk3; }; - libcanberra-gtk2 = pkgs.libcanberra-gtk3.override { gtk = pkgs.gtk2; }; + libcanberra-gtk3 = pkgs.libcanberra.override { + gtk = gtk3; + }; + libcanberra-gtk2 = pkgs.libcanberra-gtk3.override { + gtk = gtk2.override { gdktarget = "x11"; }; + }; libcanberra_kde = if (config.kde_runtime.libcanberraWithoutGTK or true) then pkgs.libcanberra @@ -10351,6 +10382,8 @@ with pkgs; libmx = callPackage ../development/libraries/libmx { }; + libndctl = callPackage ../development/libraries/libndctl { }; + libnet = callPackage ../development/libraries/libnet { }; libnetfilter_conntrack = callPackage ../development/libraries/libnetfilter_conntrack { }; @@ -11823,6 +11856,8 @@ with pkgs; tinyxml-2 = callPackage ../development/libraries/tinyxml-2 { }; + tiscamera = callPackage ../os-specific/linux/tiscamera { }; + tivodecode = callPackage ../applications/video/tivodecode { }; tix = callPackage ../development/libraries/tix { }; @@ -12772,6 +12807,7 @@ with pkgs; rpcbind = callPackage ../servers/rpcbind { }; mariadb = callPackage ../servers/sql/mariadb { + asio = asio_1_10; inherit (darwin) cctools; inherit (pkgs.darwin.apple_sdk.frameworks) CoreServices; }; @@ -13492,13 +13528,13 @@ with pkgs; ]; }; - linux_copperhead_lts = callPackage ../os-specific/linux/kernel/linux-copperhead-lts.nix { - kernelPatches = with kernelPatches; [ - bridge_stp_helper - modinst_arg_list_too_long - tag_hardened - ]; - }; + linux_copperhead_lts = (linux_4_14.override { + kernelPatches = linux_4_14.kernelPatches ++ [ + kernelPatches.copperhead_4_14 + kernelPatches.tag_hardened + ]; + modDirVersionArg = linux_4_14.modDirVersion + "-hardened"; + }); linux_copperhead_stable = (linux_4_16.override { kernelPatches = linux_4_16.kernelPatches ++ [ @@ -15434,6 +15470,8 @@ with pkgs; patches = config.dwm.patches or []; }; + dwm-status = callPackage ../applications/window-managers/dwm/dwm-status.nix { }; + dynamips = callPackage ../applications/virtualization/dynamips { }; evilwm = callPackage ../applications/window-managers/evilwm { @@ -17225,6 +17263,10 @@ with pkgs; maxlib = callPackage ../applications/audio/pd-plugins/maxlib { }; + maxscale = callPackage ../tools/networking/maxscale { + stdenv = overrideCC stdenv gcc6; + }; + pdfdiff = callPackage ../applications/misc/pdfdiff { }; mupdf = callPackage ../applications/misc/mupdf { }; @@ -19291,6 +19333,8 @@ with pkgs; gogui = callPackage ../games/gogui {}; + gshogi = python3Packages.callPackage ../games/gshogi {}; + gtetrinet = callPackage ../games/gtetrinet { inherit (gnome2) GConf libgnome libgnomeui; }; @@ -19570,6 +19614,8 @@ with pkgs; springLobby = callPackage ../games/spring/springlobby.nix { }; + ssl-cert-check = callPackage ../tools/admin/ssl-cert-check { }; + stardust = callPackage ../games/stardust {}; stockfish = callPackage ../games/stockfish { }; @@ -20936,6 +20982,52 @@ with pkgs; nixops-dns = callPackage ../tools/package-management/nixops/nixops-dns.nix { }; + /* + * Evaluate a NixOS configuration using this evaluation of Nixpkgs. + * + * With this function you can write, for example, a package that + * depends on a custom virtual machine image. + * + * Parameter: A module, path or list of those that represent the + * configuration of the NixOS system to be constructed. + * + * Result: An attribute set containing packages produced by this + * evaluation of NixOS, such as toplevel, kernel and + * initialRamdisk. + * The result can be extended in the modules by defining + * extra options in system.build. + * + * Unlike in plain NixOS, the nixpkgs.config, nixpkgs.overlays and + * nixpkgs.system options will be ignored by default. Instead, + * nixpkgs.pkgs will have the default value of pkgs as it was + * constructed right after invoking the nixpkgs function (e.g. the + * value of import <nixpkgs> { overlays = [./my-overlay.nix]; } + * but not the value of (import <nixpkgs> {} // { extra = ...; }). + * + * If you do want to use the config.nixpkgs options, you are + * probably better off by calling nixos/lib/eval-config.nix + * directly, even though it is possible to set config.nixpkgs.pkgs. + * + * For more information about writing NixOS modules, see + * https://nixos.org/nixos/manual/index.html#sec-writing-modules + * + * Note that you will need to have called Nixpkgs with the system + * parameter set to the right value for your deployment target. + */ + nixos = configuration: + (import (self.path + "/nixos/lib/eval-config.nix") { + inherit (pkgs) system; + modules = [( + { lib, ... }: { + config.nixpkgs.pkgs = lib.mkDefault pkgs; + } + )] ++ ( + if builtins.isList configuration + then configuration + else [configuration] + ); + }).config.system.build; + nixui = callPackage ../tools/package-management/nixui { node_webkit = nwjs_0_12; }; nix-bundle = callPackage ../tools/package-management/nix-bundle { }; @@ -21258,6 +21350,8 @@ with pkgs; unicode-paracode = callPackage ../tools/misc/unicode { }; + unixcw = callPackage ../applications/misc/unixcw { }; + valauncher = callPackage ../applications/misc/valauncher { }; vault = callPackage ../tools/security/vault { }; @@ -21554,7 +21648,7 @@ with pkgs; unixtools = recurseIntoAttrs (callPackages ./unix-tools.nix { }); inherit (unixtools) hexdump ps logger eject umount mount wall hostname more sysctl getconf - getent; + getent locale; fts = if hostPlatform.isMusl then netbsd.fts else null; diff --git a/pkgs/top-level/haskell-packages.nix b/pkgs/top-level/haskell-packages.nix index 7ec9da39a9c5..c5f0378049e1 100644 --- a/pkgs/top-level/haskell-packages.nix +++ b/pkgs/top-level/haskell-packages.nix @@ -8,7 +8,6 @@ let integerSimpleExcludes = [ "ghc7103Binary" "ghc821Binary" - "ghcCross" "ghcjs" "ghcjs710" "ghcjs80" diff --git a/pkgs/top-level/perl-packages.nix b/pkgs/top-level/perl-packages.nix index 4d79decc50cc..00689e1f5b2e 100644 --- a/pkgs/top-level/perl-packages.nix +++ b/pkgs/top-level/perl-packages.nix @@ -6470,6 +6470,18 @@ let self = _self // overrides; _self = with self; { doCheck = false; # seems to access the network }; + GetoptArgvFile = buildPerlPackage rec { + name = "Getopt-ArgvFile-1.11"; + src = fetchurl { + url = "mirror://cpan/authors/id/J/JS/JSTENZEL/${name}.tar.gz"; + sha256 = "3709aa513ce6fd71d1a55a02e34d2f090017d5350a9bd447005653c9b0835b22"; + }; + meta = { + license = stdenv.lib.licenses.artistic1; + maintainers = [ maintainers.pSub ]; + }; + }; + GetoptLong = buildPerlPackage rec { name = "Getopt-Long-2.50"; src = fetchurl { @@ -8121,6 +8133,10 @@ let self = _self // overrides; _self = with self; { url = mirror://cpan/authors/id/I/IS/ISHIGAKI/JSON-2.97001.tar.gz; sha256 = "0nlgdzy40q26z8qhwngsd461glyai8dpwaccyhiljmrkaqwdjxz2"; }; + # Do not abort cross-compilation on failure to load native JSON module into host perl + preConfigure = '' + substituteInPlace Makefile.PL --replace "exit 0;" "" + ''; meta = { description = "JSON (JavaScript Object Notation) encoder/decoder"; license = with stdenv.lib.licenses; [ artistic1 gpl1Plus ]; @@ -14358,6 +14374,19 @@ let self = _self // overrides; _self = with self; { }; }; + SysMemInfo = buildPerlPackage rec { + name = "Sys-MemInfo-0.99"; + src = fetchurl { + url = "mirror://cpan/authors/id/S/SC/SCRESTO/${name}.tar.gz"; + sha256 = "0786319d3a3a8bae5d727939244bf17e140b714f52734d5e9f627203e4cf3e3b"; + }; + meta = { + description = "Memory informations"; + maintainers = [ maintainers.pSub ]; + license = with stdenv.lib.licenses; [ gpl2Plus ]; + }; + }; + SysCPU = buildPerlPackage rec { name = "Sys-CPU-0.61"; src = fetchurl { diff --git a/pkgs/top-level/python-packages.nix b/pkgs/top-level/python-packages.nix index e0ae870cae0f..9f0a0f45b12d 100644 --- a/pkgs/top-level/python-packages.nix +++ b/pkgs/top-level/python-packages.nix @@ -199,12 +199,16 @@ in { automat = callPackage ../development/python-modules/automat { }; + aws-sam-translator = callPackage ../development/python-modules/aws-sam-translator { }; + aws-xray-sdk = callPackage ../development/python-modules/aws-xray-sdk { }; # packages defined elsewhere amazon_kclpy = callPackage ../development/python-modules/amazon_kclpy { }; + ansiconv = callPackage ../development/python-modules/ansiconv { }; + backports_csv = callPackage ../development/python-modules/backports_csv {}; bap = callPackage ../development/python-modules/bap { @@ -235,6 +239,8 @@ in { dbfread = callPackage ../development/python-modules/dbfread { }; + deap = callPackage ../development/python-modules/deap { }; + dkimpy = callPackage ../development/python-modules/dkimpy { }; diff_cover = callPackage ../development/python-modules/diff_cover { }; @@ -315,6 +321,8 @@ in { outcome = callPackage ../development/python-modules/outcome {}; + pdf2image = callPackage ../development/python-modules/pdf2image { }; + pdfminer = callPackage ../development/python-modules/pdfminer_six { }; plantuml = callPackage ../tools/misc/plantuml { }; @@ -390,6 +398,8 @@ in { inherit (pkgs.llvmPackages) openmp; }; + pynisher = callPackage ../development/python-modules/pynisher { }; + pyparser = callPackage ../development/python-modules/pyparser { }; pyqt4 = callPackage ../development/python-modules/pyqt/4.x.nix { @@ -418,6 +428,8 @@ in { pytest-tornado = callPackage ../development/python-modules/pytest-tornado { }; + python-hosts = callPackage ../development/python-modules/python-hosts { }; + python-openid = callPackage (if isPy3k then ../development/python-modules/python3-openid else ../development/python-modules/python-openid) { }; @@ -452,6 +464,8 @@ in { sip = callPackage ../development/python-modules/sip { }; + spglib = callPackage ../development/python-modules/spglib { }; + supervise_api = callPackage ../development/python-modules/supervise_api { }; syncserver = callPackage ../development/python-modules/syncserver {}; @@ -10839,13 +10853,20 @@ in { }; PyICU = buildPythonPackage rec { - name = "PyICU-1.9.7"; + name = "PyICU-2.0.3"; src = pkgs.fetchurl { url = "mirror://pypi/P/PyICU/${name}.tar.gz"; - sha256 = "0qavhngmn7c90fz25a8a2k50wd5gzp3vwwjq8v2pkf2hq4fcs9yv"; + sha256 = "0pzss3l0b0vcsyr7wlqdd6pkcqldspajfgd9k2iijf6r152d2ln4"; }; + patches = [ + (pkgs.fetchpatch { + url = https://sources.debian.org/data/main/p/pyicu/2.0.3-1/debian/patches/icu_test.patch; + sha256 = "1iavdkyqixm9i753svl17barla93b7jzgkw09dn3hnggamx7zwx9"; + }) + ]; + buildInputs = [ pkgs.icu self.pytest ]; propagatedBuildInputs = [ self.six ]; @@ -18177,6 +18198,10 @@ EOF spectral-cube = callPackage ../development/python-modules/spectral-cube { }; + astunparse = callPackage ../development/python-modules/astunparse { }; + + gast = callPackage ../development/python-modules/gast { }; + }); in fix' (extends overrides packages) diff --git a/pkgs/top-level/unix-tools.nix b/pkgs/top-level/unix-tools.nix index 34d04fdec492..c1bd46ad68dc 100644 --- a/pkgs/top-level/unix-tools.nix +++ b/pkgs/top-level/unix-tools.nix @@ -81,6 +81,10 @@ let linux = pkgs.nettools; darwin = pkgs.darwin.network_cmds; }; + locale = { + linux = pkgs.glibc; + darwin = pkgs.netbsd.locale; + }; logger = { linux = pkgs.utillinux; }; |