diff options
68 files changed, 525 insertions, 300 deletions
diff --git a/pkgs/applications/misc/audio/soxr/default.nix b/pkgs/applications/misc/audio/soxr/default.nix index 12da125bb3e2..7c4e6ff8c3d7 100644 --- a/pkgs/applications/misc/audio/soxr/default.nix +++ b/pkgs/applications/misc/audio/soxr/default.nix @@ -1,11 +1,11 @@ { stdenv, fetchurl, cmake }: stdenv.mkDerivation rec { - name = "soxr-0.1.2"; + name = "soxr-0.1.3"; src = fetchurl { url = "mirror://sourceforge/soxr/${name}-Source.tar.xz"; - sha256 = "0xf2w3piwz9gfr1xqyrj4k685q5dy53kq3igv663i4f4y4sg9rjl"; + sha256 = "12aql6svkplxq5fjycar18863hcq84c5kx8g6f4rj0lcvigw24di"; }; outputs = [ "out" "doc" ]; # headers are just two and very small diff --git a/pkgs/applications/version-management/git-and-tools/git/default.nix b/pkgs/applications/version-management/git-and-tools/git/default.nix index cf44cf5ef981..b1d5ad5b242c 100644 --- a/pkgs/applications/version-management/git-and-tools/git/default.nix +++ b/pkgs/applications/version-management/git-and-tools/git/default.nix @@ -56,11 +56,19 @@ stdenv.mkDerivation { NIX_LDFLAGS = stdenv.lib.optionalString (!stdenv.cc.isClang) "-lgcc_s" + stdenv.lib.optionalString (stdenv.isFreeBSD) "-lthr"; - makeFlags = "prefix=\${out} PERL_PATH=${perl}/bin/perl SHELL_PATH=${stdenv.shell} " - + (if pythonSupport then "PYTHON_PATH=${python}/bin/python" else "NO_PYTHON=1") - + (if stdenv.isSunOS then " INSTALL=install NO_INET_NTOP= NO_INET_PTON=" else "") - + (if stdenv.isDarwin then " NO_APPLE_COMMON_CRYPTO=1" else " sysconfdir=/etc/ ") - + (if stdenv.hostPlatform.isMusl then "NO_SYS_POLL_H=1 NO_GETTEXT=YesPlease" else ""); + preBuild = '' + makeFlagsArray+=( perllibdir=$out/$(perl -MConfig -wle 'print substr $Config{installsitelib}, 1 + length $Config{siteprefixexp}') ) + ''; + + makeFlags = stdenv.lib.concatStringsSep " " [ + "prefix=\${out}" + "PERL_PATH=${perl}/bin/perl" + "SHELL_PATH=${stdenv.shell}" + (if pythonSupport then "PYTHON_PATH=${python}/bin/python" else "NO_PYTHON=1") + (if stdenv.isSunOS then "INSTALL=install NO_INET_NTOP= NO_INET_PTON=" else "") + (if stdenv.isDarwin then "NO_APPLE_COMMON_CRYPTO=1" else "sysconfdir=/etc/ ") + (if stdenv.hostPlatform.isMusl then "NO_SYS_POLL_H=1 NO_GETTEXT=YesPlease" else "") + ]; # build git-credential-osxkeychain if darwin postBuild = stdenv.lib.optionalString stdenv.isDarwin '' diff --git a/pkgs/applications/version-management/git-and-tools/git/docbook2texi.patch b/pkgs/applications/version-management/git-and-tools/git/docbook2texi.patch index bf36b2d321f3..ab5bb3c3a6c7 100644 --- a/pkgs/applications/version-management/git-and-tools/git/docbook2texi.patch +++ b/pkgs/applications/version-management/git-and-tools/git/docbook2texi.patch @@ -2,19 +2,19 @@ This patch does two things: (1) use the right name for `docbook2texi', and (2) make sure `gitman.info' isn't produced since it's broken (duplicate node names). -diff -ru git-1.8.4-orig/Documentation/Makefile git-1.8.4/Documentation/Makefile ---- git-1.8.4-orig/Documentation/Makefile 2013-08-23 21:38:43.000000000 +0200 -+++ git-1.8.4/Documentation/Makefile 2013-09-30 14:48:51.532890378 +0200 -@@ -101,7 +101,7 @@ +diff --git a/Documentation/Makefile b/Documentation/Makefile +--- a/Documentation/Makefile ++++ b/Documentation/Makefile +@@ -122,7 +122,7 @@ MAKEINFO = makeinfo INSTALL_INFO = install-info -DOCBOOK2X_TEXI = docbook2x-texi +DOCBOOK2X_TEXI = docbook2texi DBLATEX = dblatex - ifndef PERL_PATH - PERL_PATH = /usr/bin/perl -@@ -205,7 +205,7 @@ + ASCIIDOC_DBLATEX_DIR = /etc/asciidoc/dblatex + DBLATEX_COMMON = -p $(ASCIIDOC_DBLATEX_DIR)/asciidoc-dblatex.xsl -s $(ASCIIDOC_DBLATEX_DIR)/asciidoc-dblatex.sty +@@ -240,7 +240,7 @@ man5: $(DOC_MAN5) man7: $(DOC_MAN7) @@ -23,7 +23,7 @@ diff -ru git-1.8.4-orig/Documentation/Makefile git-1.8.4/Documentation/Makefile pdf: user-manual.pdf -@@ -221,10 +221,9 @@ +@@ -256,10 +256,9 @@ install-info: info $(INSTALL) -d -m 755 $(DESTDIR)$(infodir) diff --git a/pkgs/applications/version-management/git-and-tools/git/git-send-email-honor-PATH.patch b/pkgs/applications/version-management/git-and-tools/git/git-send-email-honor-PATH.patch index 9a484262b7b2..6b93d061a3be 100644 --- a/pkgs/applications/version-management/git-and-tools/git/git-send-email-honor-PATH.patch +++ b/pkgs/applications/version-management/git-and-tools/git/git-send-email-honor-PATH.patch @@ -1,22 +1,20 @@ diff --git a/Documentation/git-send-email.txt b/Documentation/git-send-email.txt -index 8060ea35c..c81067a19 100644 --- a/Documentation/git-send-email.txt +++ b/Documentation/git-send-email.txt -@@ -203,8 +203,7 @@ a password is obtained using 'git-credential'. +@@ -208,8 +208,7 @@ a password is obtained using 'git-credential'. specify a full pathname of a sendmail-like program instead; the program must support the `-i` option. Default value can be specified by the `sendemail.smtpServer` configuration - option; the built-in default is to search for `sendmail` in - `/usr/sbin`, `/usr/lib` and $PATH if such program is -+ option; the built-in default is to search in $PATH if such program is ++ option; the built-in default is to search in $PATH if such program is available, falling back to `localhost` otherwise. --smtp-server-port=<port>:: diff --git a/git-send-email.perl b/git-send-email.perl -index edcc6d346..8e357aeab 100755 --- a/git-send-email.perl +++ b/git-send-email.perl -@@ -885,8 +885,7 @@ if (defined $initial_reply_to) { +@@ -944,8 +944,7 @@ if (defined $reply_to) { } if (!defined $smtp_server) { diff --git a/pkgs/applications/version-management/git-and-tools/git/symlinks-in-bin.patch b/pkgs/applications/version-management/git-and-tools/git/symlinks-in-bin.patch index 29d537db25f9..0a581a61d46d 100644 --- a/pkgs/applications/version-management/git-and-tools/git/symlinks-in-bin.patch +++ b/pkgs/applications/version-management/git-and-tools/git/symlinks-in-bin.patch @@ -1,7 +1,7 @@ -diff -ru -x '*~' git-1.8.2.1-orig/Makefile git-1.8.2.1/Makefile ---- git-1.8.2.1-orig/Makefile 2013-04-08 00:52:04.000000000 +0200 -+++ git-1.8.2.1/Makefile 2013-04-22 15:46:42.906026940 +0200 -@@ -2319,8 +2319,7 @@ +diff --git a/Makefile b/Makefile +--- a/Makefile ++++ b/Makefile +@@ -2609,8 +2609,7 @@ { test "$$bindir/" = "$$execdir/" || \ for p in git$X $(filter $(install_bindir_programs),$(ALL_PROGRAMS)); do \ $(RM) "$$execdir/$$p" && \ diff --git a/pkgs/build-support/bintools-wrapper/add-flags.sh b/pkgs/build-support/bintools-wrapper/add-flags.sh index 7d118d20fc68..a97809258954 100644 --- a/pkgs/build-support/bintools-wrapper/add-flags.sh +++ b/pkgs/build-support/bintools-wrapper/add-flags.sh @@ -5,6 +5,7 @@ var_templates_list=( NIX+LDFLAGS_BEFORE NIX+LDFLAGS_AFTER NIX+LDFLAGS_HARDEN + NIX+HARDENING_ENABLE ) var_templates_bool=( NIX+SET_BUILD_ID @@ -23,10 +24,10 @@ if [ "${NIX_BINTOOLS_WRAPPER_@infixSalt@_TARGET_TARGET:-}" ]; then fi for var in "${var_templates_list[@]}"; do - mangleVarList "$var" "${role_infixes[@]}" + mangleVarList "$var" ${role_infixes[@]+"${role_infixes[@]}"} done for var in "${var_templates_bool[@]}"; do - mangleVarBool "$var" "${role_infixes[@]}" + mangleVarBool "$var" ${role_infixes[@]+"${role_infixes[@]}"} done if [ -e @out@/nix-support/libc-ldflags ]; then diff --git a/pkgs/build-support/bintools-wrapper/add-hardening.sh b/pkgs/build-support/bintools-wrapper/add-hardening.sh index 5282d17fce27..b7180870860a 100644 --- a/pkgs/build-support/bintools-wrapper/add-hardening.sh +++ b/pkgs/build-support/bintools-wrapper/add-hardening.sh @@ -1,53 +1,58 @@ -hardeningFlags=(relro bindnow) -# Intentionally word-split in case 'hardeningEnable' is defined in -# Nix. Also, our bootstrap tools version of bash is old enough that -# undefined arrays trip `set -u`. -if [[ -v hardeningEnable[@] ]]; then - hardeningFlags+=(${hardeningEnable[@]}) -fi -hardeningLDFlags=() +declare -a hardeningLDFlags=() + +declare -A hardeningEnableMap=() -declare -A hardeningDisableMap +# Intentionally word-split in case 'NIX_HARDENING_ENABLE' is defined in Nix. The +# array expansion also prevents undefined variables from causing trouble with +# `set -u`. +for flag in ${NIX_@infixSalt@_HARDENING_ENABLE-}; do + hardeningEnableMap["$flag"]=1 +done -# Intentionally word-split in case 'hardeningDisable' is defined in Nix. -for flag in ${hardeningDisable[@]:-IGNORED_KEY} @hardening_unsupported_flags@ -do - hardeningDisableMap[$flag]=1 +# Remove unsupported flags. +for flag in @hardening_unsupported_flags@; do + unset -v "hardeningEnableMap[$flag]" done if (( "${NIX_DEBUG:-0}" >= 1 )); then + declare -a allHardeningFlags=(pie relro bindnow) + declare -A hardeningDisableMap=() + + # Determine which flags were effectively disabled so we can report below. + for flag in "${allHardeningFlags[@]}"; do + if [[ -z "${hardeningEnableMap[$flag]-}" ]]; then + hardeningDisableMap[$flag]=1 + fi + done + printf 'HARDENING: disabled flags:' >&2 (( "${#hardeningDisableMap[@]}" )) && printf ' %q' "${!hardeningDisableMap[@]}" >&2 echo >&2 -fi -if [[ -z "${hardeningDisableMap[all]:-}" ]]; then - if (( "${NIX_DEBUG:-0}" >= 1 )); then + if (( "${#hardeningEnableMap[@]}" )); then echo 'HARDENING: Is active (not completely disabled with "all" flag)' >&2; fi - for flag in "${hardeningFlags[@]}" - do - if [[ -z "${hardeningDisableMap[$flag]:-}" ]]; then - case $flag in - pie) - if [[ ! ("$*" =~ " -shared " || "$*" =~ " -static ") ]]; then - if (( "${NIX_DEBUG:-0}" >= 1 )); then echo HARDENING: enabling LDFlags -pie >&2; fi - hardeningLDFlags+=('-pie') - fi - ;; - relro) - if (( "${NIX_DEBUG:-0}" >= 1 )); then echo HARDENING: enabling relro >&2; fi - hardeningLDFlags+=('-z' 'relro') - ;; - bindnow) - if (( "${NIX_DEBUG:-0}" >= 1 )); then echo HARDENING: enabling bindnow >&2; fi - hardeningLDFlags+=('-z' 'now') - ;; - *) - # Ignore unsupported. Checked in Nix that at least *some* - # tool supports each flag. - ;; - esac - fi - done fi + +for flag in "${!hardeningEnableMap[@]}"; do + case $flag in + pie) + if [[ ! ("$*" =~ " -shared " || "$*" =~ " -static ") ]]; then + if (( "${NIX_DEBUG:-0}" >= 1 )); then echo HARDENING: enabling LDFlags -pie >&2; fi + hardeningLDFlags+=('-pie') + fi + ;; + relro) + if (( "${NIX_DEBUG:-0}" >= 1 )); then echo HARDENING: enabling relro >&2; fi + hardeningLDFlags+=('-z' 'relro') + ;; + bindnow) + if (( "${NIX_DEBUG:-0}" >= 1 )); then echo HARDENING: enabling bindnow >&2; fi + hardeningLDFlags+=('-z' 'now') + ;; + *) + # Ignore unsupported. Checked in Nix that at least *some* + # tool supports each flag. + ;; + esac +done diff --git a/pkgs/build-support/bintools-wrapper/ld-wrapper.sh b/pkgs/build-support/bintools-wrapper/ld-wrapper.sh index 991ed0fe263c..672a3dcbe385 100644 --- a/pkgs/build-support/bintools-wrapper/ld-wrapper.sh +++ b/pkgs/build-support/bintools-wrapper/ld-wrapper.sh @@ -57,8 +57,8 @@ fi source @out@/nix-support/add-hardening.sh -extraAfter=("${hardeningLDFlags[@]}") -extraBefore=() +extraAfter=() +extraBefore=(${hardeningLDFlags[@]+"${hardeningLDFlags[@]}"}) if [ -z "${NIX_@infixSalt@_LDFLAGS_SET:-}" ]; then extraAfter+=($NIX_@infixSalt@_LDFLAGS) diff --git a/pkgs/build-support/bintools-wrapper/setup-hook.sh b/pkgs/build-support/bintools-wrapper/setup-hook.sh index 48a00b0b9b07..831ee9b03872 100644 --- a/pkgs/build-support/bintools-wrapper/setup-hook.sh +++ b/pkgs/build-support/bintools-wrapper/setup-hook.sh @@ -83,6 +83,10 @@ do fi done +# If unset, assume the default hardening flags. +: ${NIX_HARDENING_ENABLE="fortify stackprotector pic strictoverflow format relro bindnow"} +export NIX_HARDENING_ENABLE + # No local scope in sourced file unset -v role_pre role_post cmd upper_case set +u diff --git a/pkgs/build-support/cc-wrapper/add-flags.sh b/pkgs/build-support/cc-wrapper/add-flags.sh index 604aaf6b6cf0..e384d30ecbb6 100644 --- a/pkgs/build-support/cc-wrapper/add-flags.sh +++ b/pkgs/build-support/cc-wrapper/add-flags.sh @@ -30,10 +30,10 @@ fi # We need to mangle names for hygiene, but also take parameters/overrides # from the environment. for var in "${var_templates_list[@]}"; do - mangleVarList "$var" "${role_infixes[@]}" + mangleVarList "$var" ${role_infixes[@]+"${role_infixes[@]}"} done for var in "${var_templates_bool[@]}"; do - mangleVarBool "$var" "${role_infixes[@]}" + mangleVarBool "$var" ${role_infixes[@]+"${role_infixes[@]}"} done # `-B@out@/bin' forces cc to use ld-wrapper.sh when calling ld. diff --git a/pkgs/build-support/cc-wrapper/add-hardening.sh b/pkgs/build-support/cc-wrapper/add-hardening.sh index a35ff3cb4260..fc40fe7408b6 100644 --- a/pkgs/build-support/cc-wrapper/add-hardening.sh +++ b/pkgs/build-support/cc-wrapper/add-hardening.sh @@ -1,67 +1,72 @@ -hardeningFlags=(fortify stackprotector pic strictoverflow format relro bindnow) -# Intentionally word-split in case 'hardeningEnable' is defined in -# Nix. Also, our bootstrap tools version of bash is old enough that -# undefined arrays trip `set -u`. -if [[ -v hardeningEnable[@] ]]; then - hardeningFlags+=(${hardeningEnable[@]}) -fi -hardeningCFlags=() +declare -a hardeningCFlags=() + +declare -A hardeningEnableMap=() -declare -A hardeningDisableMap +# Intentionally word-split in case 'NIX_HARDENING_ENABLE' is defined in Nix. The +# array expansion also prevents undefined variables from causing trouble with +# `set -u`. +for flag in ${NIX_@infixSalt@_HARDENING_ENABLE-}; do + hardeningEnableMap["$flag"]=1 +done -# Intentionally word-split in case 'hardeningDisable' is defined in Nix. -for flag in ${hardeningDisable[@]:-IGNORED_KEY} @hardening_unsupported_flags@ -do - hardeningDisableMap[$flag]=1 +# Remove unsupported flags. +for flag in @hardening_unsupported_flags@; do + unset -v "hardeningEnableMap[$flag]" done if (( "${NIX_DEBUG:-0}" >= 1 )); then + declare -a allHardeningFlags=(fortify stackprotector pie pic strictoverflow format) + declare -A hardeningDisableMap=() + + # Determine which flags were effectively disabled so we can report below. + for flag in "${allHardeningFlags[@]}"; do + if [[ -z "${hardeningEnableMap[$flag]-}" ]]; then + hardeningDisableMap["$flag"]=1 + fi + done + printf 'HARDENING: disabled flags:' >&2 (( "${#hardeningDisableMap[@]}" )) && printf ' %q' "${!hardeningDisableMap[@]}" >&2 echo >&2 -fi -if [[ -z "${hardeningDisableMap[all]:-}" ]]; then - if (( "${NIX_DEBUG:-0}" >= 1 )); then + if (( "${#hardeningEnableMap[@]}" )); then echo 'HARDENING: Is active (not completely disabled with "all" flag)' >&2; fi - for flag in "${hardeningFlags[@]}" - do - if [[ -z "${hardeningDisableMap[$flag]:-}" ]]; then - case $flag in - fortify) - if (( "${NIX_DEBUG:-0}" >= 1 )); then echo HARDENING: enabling fortify >&2; fi - hardeningCFlags+=('-O2' '-D_FORTIFY_SOURCE=2') - ;; - stackprotector) - if (( "${NIX_DEBUG:-0}" >= 1 )); then echo HARDENING: enabling stackprotector >&2; fi - hardeningCFlags+=('-fstack-protector-strong' '--param' 'ssp-buffer-size=4') - ;; - pie) - if (( "${NIX_DEBUG:-0}" >= 1 )); then echo HARDENING: enabling CFlags -fPIE >&2; fi - hardeningCFlags+=('-fPIE') - if [[ ! ("$*" =~ " -shared " || "$*" =~ " -static ") ]]; then - if (( "${NIX_DEBUG:-0}" >= 1 )); then echo HARDENING: enabling LDFlags -pie >&2; fi - hardeningCFlags+=('-pie') - fi - ;; - pic) - if (( "${NIX_DEBUG:-0}" >= 1 )); then echo HARDENING: enabling pic >&2; fi - hardeningCFlags+=('-fPIC') - ;; - strictoverflow) - if (( "${NIX_DEBUG:-0}" >= 1 )); then echo HARDENING: enabling strictoverflow >&2; fi - hardeningCFlags+=('-fno-strict-overflow') - ;; - format) - if (( "${NIX_DEBUG:-0}" >= 1 )); then echo HARDENING: enabling format >&2; fi - hardeningCFlags+=('-Wformat' '-Wformat-security' '-Werror=format-security') - ;; - *) - # Ignore unsupported. Checked in Nix that at least *some* - # tool supports each flag. - ;; - esac - fi - done fi + +for flag in "${!hardeningEnableMap[@]}"; do + case $flag in + fortify) + if (( "${NIX_DEBUG:-0}" >= 1 )); then echo HARDENING: enabling fortify >&2; fi + hardeningCFlags+=('-O2' '-D_FORTIFY_SOURCE=2') + ;; + stackprotector) + if (( "${NIX_DEBUG:-0}" >= 1 )); then echo HARDENING: enabling stackprotector >&2; fi + hardeningCFlags+=('-fstack-protector-strong' '--param' 'ssp-buffer-size=4') + ;; + pie) + if (( "${NIX_DEBUG:-0}" >= 1 )); then echo HARDENING: enabling CFlags -fPIE >&2; fi + hardeningCFlags+=('-fPIE') + if [[ ! ("$*" =~ " -shared " || "$*" =~ " -static ") ]]; then + if (( "${NIX_DEBUG:-0}" >= 1 )); then echo HARDENING: enabling LDFlags -pie >&2; fi + hardeningCFlags+=('-pie') + fi + ;; + pic) + if (( "${NIX_DEBUG:-0}" >= 1 )); then echo HARDENING: enabling pic >&2; fi + hardeningCFlags+=('-fPIC') + ;; + strictoverflow) + if (( "${NIX_DEBUG:-0}" >= 1 )); then echo HARDENING: enabling strictoverflow >&2; fi + hardeningCFlags+=('-fno-strict-overflow') + ;; + format) + if (( "${NIX_DEBUG:-0}" >= 1 )); then echo HARDENING: enabling format >&2; fi + hardeningCFlags+=('-Wformat' '-Wformat-security' '-Werror=format-security') + ;; + *) + # Ignore unsupported. Checked in Nix that at least *some* + # tool supports each flag. + ;; + esac +done diff --git a/pkgs/build-support/cc-wrapper/cc-wrapper.sh b/pkgs/build-support/cc-wrapper/cc-wrapper.sh index c2e6c1406358..8a3cfb694b4f 100644 --- a/pkgs/build-support/cc-wrapper/cc-wrapper.sh +++ b/pkgs/build-support/cc-wrapper/cc-wrapper.sh @@ -134,8 +134,8 @@ fi source @out@/nix-support/add-hardening.sh # Add the flags for the C compiler proper. -extraAfter=($NIX_@infixSalt@_CFLAGS_COMPILE "${hardeningCFlags[@]}") -extraBefore=() +extraAfter=($NIX_@infixSalt@_CFLAGS_COMPILE) +extraBefore=(${hardeningCFlags[@]+"${hardeningCFlags[@]}"}) if [ "$dontLink" != 1 ]; then diff --git a/pkgs/build-support/cc-wrapper/setup-hook.sh b/pkgs/build-support/cc-wrapper/setup-hook.sh index 29a7306b9b7e..15b84dca2794 100644 --- a/pkgs/build-support/cc-wrapper/setup-hook.sh +++ b/pkgs/build-support/cc-wrapper/setup-hook.sh @@ -147,6 +147,10 @@ export ${role_pre}CXX=@named_cxx@ export CC${role_post}=@named_cc@ export CXX${role_post}=@named_cxx@ +# If unset, assume the default hardening flags. +: ${NIX_HARDENING_ENABLE="fortify stackprotector pic strictoverflow format relro bindnow"} +export NIX_HARDENING_ENABLE + # No local scope in sourced file unset -v role_pre role_post set +u diff --git a/pkgs/desktops/gnome-3/apps/gnome-boxes/default.nix b/pkgs/desktops/gnome-3/apps/gnome-boxes/default.nix index 8921d70787ca..8ce9617aaae4 100644 --- a/pkgs/desktops/gnome-3/apps/gnome-boxes/default.nix +++ b/pkgs/desktops/gnome-3/apps/gnome-boxes/default.nix @@ -24,6 +24,9 @@ in stdenv.mkDerivation rec { meson ninja vala pkgconfig gettext itstool wrapGAppsHook gobjectIntrospection desktop-file-utils ]; + # Required for USB redirection PolicyKit rules file + propagatedUserEnvPkgs = [ spice-gtk ]; + buildInputs = [ libvirt-glib glib gtk3 gtkvnc libxml2 libvirt spice-gtk spice-protocol libsoup json-glib webkitgtk libosinfo systemd diff --git a/pkgs/development/compilers/llvm/3.4/clang.nix b/pkgs/development/compilers/llvm/3.4/clang.nix index 10510c750354..863e7eb22474 100644 --- a/pkgs/development/compilers/llvm/3.4/clang.nix +++ b/pkgs/development/compilers/llvm/3.4/clang.nix @@ -29,7 +29,10 @@ stdenv.mkDerivation { # Clang expects to find LLVMgold in its own prefix # Clang expects to find sanitizer libraries in its own prefix postInstall = '' - ln -sv ${llvm}/lib/LLVMgold.so $out/lib + if [ -e ${llvm}/lib/LLVMgold.so ]; then + ln -sv ${llvm}/lib/LLVMgold.so $out/lib + fi + ln -sv ${llvm}/lib/clang/${version}/lib $out/lib/clang/${version}/ ''; diff --git a/pkgs/development/compilers/llvm/3.5/clang.nix b/pkgs/development/compilers/llvm/3.5/clang.nix index f15c989ef510..7e0163577baf 100644 --- a/pkgs/development/compilers/llvm/3.5/clang.nix +++ b/pkgs/development/compilers/llvm/3.5/clang.nix @@ -1,4 +1,4 @@ -{ stdenv, fetch, cmake, libxml2, libedit, llvm, version, clang-tools-extra_src }: +{ stdenv, fetch, cmake, libxml2, llvm, version, clang-tools-extra_src }: let gcc = if stdenv.cc.isGNU then stdenv.cc.cc else stdenv.cc.cc.gcc; in stdenv.mkDerivation { @@ -12,7 +12,7 @@ in stdenv.mkDerivation { mv clang-tools-extra-* $sourceRoot/tools/extra ''; - buildInputs = [ cmake libedit libxml2 llvm ]; + buildInputs = [ cmake libxml2 llvm ]; cmakeFlags = [ "-DCMAKE_CXX_FLAGS=-std=c++11" @@ -31,7 +31,10 @@ in stdenv.mkDerivation { # Clang expects to find LLVMgold in its own prefix # Clang expects to find sanitizer libraries in its own prefix postInstall = '' - ln -sv ${llvm}/lib/LLVMgold.so $out/lib + if [ -e ${llvm}/lib/LLVMgold.so ]; then + ln -sv ${llvm}/lib/LLVMgold.so $out/lib + fi + ln -sv ${llvm}/lib/clang/${version}/lib $out/lib/clang/${version}/ ln -sv $out/bin/clang $out/bin/cpp ''; diff --git a/pkgs/development/compilers/llvm/3.7/clang/default.nix b/pkgs/development/compilers/llvm/3.7/clang/default.nix index f27e3f0089e2..4ccd00af6846 100644 --- a/pkgs/development/compilers/llvm/3.7/clang/default.nix +++ b/pkgs/development/compilers/llvm/3.7/clang/default.nix @@ -1,4 +1,4 @@ -{ stdenv, fetch, cmake, libxml2, libedit, llvm, version, clang-tools-extra_src }: +{ stdenv, fetch, cmake, libxml2, llvm, version, clang-tools-extra_src }: let gcc = if stdenv.cc.isGNU then stdenv.cc.cc else stdenv.cc.cc.gcc; @@ -13,7 +13,7 @@ let mv clang-tools-extra-* $sourceRoot/tools/extra ''; - buildInputs = [ cmake libedit libxml2 llvm ]; + buildInputs = [ cmake libxml2 llvm ]; cmakeFlags = [ "-DCMAKE_CXX_FLAGS=-std=c++11" @@ -32,7 +32,10 @@ let # Clang expects to find LLVMgold in its own prefix # Clang expects to find sanitizer libraries in its own prefix postInstall = '' - ln -sv ${llvm}/lib/LLVMgold.so $out/lib + if [ -e ${llvm}/lib/LLVMgold.so ]; then + ln -sv ${llvm}/lib/LLVMgold.so $out/lib + fi + ln -sv ${llvm}/lib/clang/${version}/lib $out/lib/clang/${version}/ ln -sv $out/bin/clang $out/bin/cpp ''; diff --git a/pkgs/development/compilers/llvm/3.8/clang/default.nix b/pkgs/development/compilers/llvm/3.8/clang/default.nix index 0147485dd58d..05893704d872 100644 --- a/pkgs/development/compilers/llvm/3.8/clang/default.nix +++ b/pkgs/development/compilers/llvm/3.8/clang/default.nix @@ -1,4 +1,4 @@ -{ stdenv, fetch, cmake, libxml2, libedit, llvm, version, clang-tools-extra_src, python }: +{ stdenv, fetch, cmake, libxml2, llvm, version, clang-tools-extra_src, python }: let gcc = if stdenv.cc.isGNU then stdenv.cc.cc else stdenv.cc.cc.gcc; @@ -13,7 +13,7 @@ let mv clang-tools-extra-* $sourceRoot/tools/extra ''; - buildInputs = [ cmake libedit libxml2 llvm python ]; + buildInputs = [ cmake libxml2 llvm python ]; cmakeFlags = [ "-DCMAKE_CXX_FLAGS=-std=c++11" @@ -34,7 +34,10 @@ let # Clang expects to find LLVMgold in its own prefix # Clang expects to find sanitizer libraries in its own prefix postInstall = '' - ln -sv ${llvm}/lib/LLVMgold.so $out/lib + if [ -e ${llvm}/lib/LLVMgold.so ]; then + ln -sv ${llvm}/lib/LLVMgold.so $out/lib + fi + ln -sv ${llvm}/lib/clang/${version}/lib $out/lib/clang/${version}/ ln -sv $out/bin/clang $out/bin/cpp diff --git a/pkgs/development/compilers/llvm/3.9/clang/default.nix b/pkgs/development/compilers/llvm/3.9/clang/default.nix index aafe30e4c9b3..1f6d80ab3be9 100644 --- a/pkgs/development/compilers/llvm/3.9/clang/default.nix +++ b/pkgs/development/compilers/llvm/3.9/clang/default.nix @@ -1,4 +1,4 @@ -{ stdenv, fetch, cmake, libxml2, libedit, llvm, version, clang-tools-extra_src, python }: +{ stdenv, fetch, cmake, libxml2, llvm, version, clang-tools-extra_src, python }: let gcc = if stdenv.cc.isGNU then stdenv.cc.cc else stdenv.cc.cc.gcc; @@ -15,7 +15,7 @@ let nativeBuildInputs = [ cmake ]; - buildInputs = [ libedit libxml2 llvm python ]; + buildInputs = [ libxml2 llvm python ]; cmakeFlags = [ "-DCMAKE_CXX_FLAGS=-std=c++11" @@ -36,7 +36,10 @@ let # Clang expects to find LLVMgold in its own prefix # Clang expects to find sanitizer libraries in its own prefix postInstall = '' - ln -sv ${llvm}/lib/LLVMgold.so $out/lib + if [ -e ${llvm}/lib/LLVMgold.so ]; then + ln -sv ${llvm}/lib/LLVMgold.so $out/lib + fi + ln -sv ${llvm}/lib/clang/${version}/lib $out/lib/clang/${version}/ ln -sv $out/bin/clang $out/bin/cpp diff --git a/pkgs/development/compilers/llvm/4/clang/default.nix b/pkgs/development/compilers/llvm/4/clang/default.nix index 5531fd2ab77e..c6538282f23e 100644 --- a/pkgs/development/compilers/llvm/4/clang/default.nix +++ b/pkgs/development/compilers/llvm/4/clang/default.nix @@ -1,4 +1,4 @@ -{ stdenv, fetch, cmake, libxml2, libedit, llvm, version, release_version, clang-tools-extra_src, python +{ stdenv, fetch, cmake, libxml2, llvm, version, release_version, clang-tools-extra_src, python , fixDarwinDylibNames , enableManpages ? false }: @@ -19,7 +19,7 @@ let nativeBuildInputs = [ cmake python ] ++ stdenv.lib.optional enableManpages python.pkgs.sphinx; - buildInputs = [ libedit libxml2 llvm ] + buildInputs = [ libxml2 llvm ] ++ stdenv.lib.optional stdenv.isDarwin fixDarwinDylibNames; cmakeFlags = [ @@ -52,7 +52,10 @@ let # Clang expects to find LLVMgold in its own prefix # Clang expects to find sanitizer libraries in its own prefix postInstall = '' - ln -sv ${llvm}/lib/LLVMgold.so $out/lib + if [ -e ${llvm}/lib/LLVMgold.so ]; then + ln -sv ${llvm}/lib/LLVMgold.so $out/lib + fi + ln -sv ${llvm}/lib/clang/${release_version}/lib $out/lib/clang/${release_version}/ ln -sv $out/bin/clang $out/bin/cpp diff --git a/pkgs/development/compilers/llvm/5/clang/default.nix b/pkgs/development/compilers/llvm/5/clang/default.nix index b5aea54b5771..6499be2a0bdc 100644 --- a/pkgs/development/compilers/llvm/5/clang/default.nix +++ b/pkgs/development/compilers/llvm/5/clang/default.nix @@ -1,4 +1,4 @@ -{ stdenv, fetch, cmake, libxml2, libedit, llvm, version, release_version, clang-tools-extra_src, python +{ stdenv, fetch, cmake, libxml2, llvm, version, release_version, clang-tools-extra_src, python , fixDarwinDylibNames , enableManpages ? false }: @@ -19,7 +19,7 @@ let nativeBuildInputs = [ cmake python ] ++ stdenv.lib.optional enableManpages python.pkgs.sphinx; - buildInputs = [ libedit libxml2 llvm ] + buildInputs = [ libxml2 llvm ] ++ stdenv.lib.optional stdenv.isDarwin fixDarwinDylibNames; cmakeFlags = [ @@ -50,10 +50,12 @@ let outputs = [ "out" "lib" "python" ]; - # Clang expects to find LLVMgold in its own prefix - # Clang expects to find sanitizer libraries in its own prefix postInstall = '' - ln -sv ${llvm}/lib/LLVMgold.so $out/lib + # Clang expects to find LLVMgold in its own prefix + if [ -e ${llvm}/lib/LLVMgold.so ]; then + ln -sv ${llvm}/lib/LLVMgold.so $out/lib + fi + # Clang expects to find sanitizer libraries in its own prefix ln -sv ${llvm}/lib/clang/${release_version}/lib $out/lib/clang/${release_version}/ ln -sv $out/bin/clang $out/bin/cpp diff --git a/pkgs/development/compilers/llvm/6/clang/default.nix b/pkgs/development/compilers/llvm/6/clang/default.nix index 919efdc8ef97..3d02062a4a32 100644 --- a/pkgs/development/compilers/llvm/6/clang/default.nix +++ b/pkgs/development/compilers/llvm/6/clang/default.nix @@ -1,4 +1,4 @@ -{ stdenv, fetch, cmake, libxml2, libedit, llvm, version, release_version, clang-tools-extra_src, python +{ stdenv, fetch, cmake, libxml2, llvm, version, release_version, clang-tools-extra_src, python , fixDarwinDylibNames , enableManpages ? false }: @@ -19,7 +19,7 @@ let nativeBuildInputs = [ cmake python ] ++ stdenv.lib.optional enableManpages python.pkgs.sphinx; - buildInputs = [ libedit libxml2 llvm ] + buildInputs = [ libxml2 llvm ] ++ stdenv.lib.optional stdenv.isDarwin fixDarwinDylibNames; cmakeFlags = [ @@ -53,7 +53,10 @@ let # Clang expects to find LLVMgold in its own prefix # Clang expects to find sanitizer libraries in its own prefix postInstall = '' - ln -sv ${llvm}/lib/LLVMgold.so $out/lib + if [ -e ${llvm}/lib/LLVMgold.so ]; then + ln -sv ${llvm}/lib/LLVMgold.so $out/lib + fi + ln -sv ${llvm}/lib/clang/${release_version}/lib $out/lib/clang/${release_version}/ ln -sv $out/bin/clang $out/bin/cpp diff --git a/pkgs/development/interpreters/ruby/default.nix b/pkgs/development/interpreters/ruby/default.nix index 4ebc488d9988..0df7ec0a7959 100644 --- a/pkgs/development/interpreters/ruby/default.nix +++ b/pkgs/development/interpreters/ruby/default.nix @@ -94,7 +94,7 @@ let # support is disabled (if it's enabled, we already have it) and we're # running on darwin ++ (op (!cursesSupport && stdenv.isDarwin) readline) - ++ (op (isRuby25 && stdenv.isDarwin) Foundation) + ++ (op stdenv.isDarwin Foundation) ++ (ops stdenv.isDarwin (with darwin; [ libiconv libobjc libunwind ])); enableParallelBuilding = true; @@ -200,26 +200,26 @@ let in { ruby_2_3 = generic { - version = rubyVersion "2" "3" "6" ""; + version = rubyVersion "2" "3" "7" ""; sha256 = { - src = "07jpa7fw1gyf069m7alf2b0zm53qm08w2ns45mhzmvgrg4r528l3"; - git = "1bk59i0ygdc5z3zz3k6indfrxd2ix55np6rwvkcdpdw8svm749ds"; + src = "0zvx5kdp1frjs9n95n7ba7dy0alax33wi3nj8034m3ppvnf39k9m"; + git = "11wbzw2ywwfnvlkg3qjg0as2pzk5zyk63y2iis42d91lg1l2flrk"; }; }; ruby_2_4 = generic { - version = rubyVersion "2" "4" "3" ""; + version = rubyVersion "2" "4" "4" ""; sha256 = { - src = "161smb52q19r9lrzy22b3bhnkd0z8wjffm0qsfkml14j5ic7a0zx"; - git = "0x2lqbqm2rq9j5zh1p72dma56nqvdkfbgzb9wybm4y4hwhiw8c1m"; + src = "0nmfr2lijik6cykk0zbj11zcapcrvmdvq83k3r6q3k74g4d1qkr5"; + git = "103cs7hz1v0h84lbrippl87s4lawi20m406rs5dgxl2gr2wyjpy5"; }; }; ruby_2_5 = generic { - version = rubyVersion "2" "5" "0" ""; + version = rubyVersion "2" "5" "1" ""; sha256 = { - src = "1azj0d2lzziw6iml7bx3sxpxzcdmfwfq3yhm7djyp20q1xiz7rj6"; - git = "0d436nqmp3ykdkp4sck5bb8sf3qvx30x1p58xh8axv66mvsyc2jd"; + src = "1c99k0fjaq7k09104h1b1cqx6mrk2b14ic1jjnxc6yav68i1ij6s"; + git = "1j0fd16aq9x98n0kq9c3kfp2sh6xcsq8q4733p0wfqjh3vz50kyj"; }; }; } diff --git a/pkgs/development/interpreters/ruby/patchsets.nix b/pkgs/development/interpreters/ruby/patchsets.nix index fc79761252f2..e53f231884d9 100644 --- a/pkgs/development/interpreters/ruby/patchsets.nix +++ b/pkgs/development/interpreters/ruby/patchsets.nix @@ -6,17 +6,17 @@ rec { "${patchSet}/patches/ruby/2.2/head/railsexpress/02-improve-gc-stats.patch" "${patchSet}/patches/ruby/2.2/head/railsexpress/03-display-more-detailed-stack-trace.patch" ]; - "2.3.6" = ops useRailsExpress [ + "2.3.7" = ops useRailsExpress [ "${patchSet}/patches/ruby/2.3/head/railsexpress/01-skip-broken-tests.patch" "${patchSet}/patches/ruby/2.3/head/railsexpress/02-improve-gc-stats.patch" "${patchSet}/patches/ruby/2.3/head/railsexpress/03-display-more-detailed-stack-trace.patch" ]; - "2.4.3" = ops useRailsExpress [ + "2.4.4" = ops useRailsExpress [ "${patchSet}/patches/ruby/2.4/head/railsexpress/01-skip-broken-tests.patch" "${patchSet}/patches/ruby/2.4/head/railsexpress/02-improve-gc-stats.patch" "${patchSet}/patches/ruby/2.4/head/railsexpress/03-display-more-detailed-stack-trace.patch" ]; - "2.5.0" = ops useRailsExpress [ + "2.5.1" = ops useRailsExpress [ "${patchSet}/patches/ruby/2.5/head/railsexpress/01-fix-broken-tests-caused-by-ad.patch" "${patchSet}/patches/ruby/2.5/head/railsexpress/02-improve-gc-stats.patch" "${patchSet}/patches/ruby/2.5/head/railsexpress/03-more-detailed-stacktrace.patch" diff --git a/pkgs/development/libraries/boehm-gc/default.nix b/pkgs/development/libraries/boehm-gc/default.nix index d4e91deb7449..14479a560913 100644 --- a/pkgs/development/libraries/boehm-gc/default.nix +++ b/pkgs/development/libraries/boehm-gc/default.nix @@ -4,14 +4,14 @@ stdenv.mkDerivation rec { name = "boehm-gc-${version}"; - version = "7.6.4"; + version = "7.6.6"; src = fetchurl { urls = [ "http://www.hboehm.info/gc/gc_source/gc-${version}.tar.gz" "https://github.com/ivmai/bdwgc/releases/download/v${version}/gc-${version}.tar.gz" ]; - sha256 = "076dzsqqyxd3nlzs0z277vvhqjp8nv5dqi763s0m90zr6ljiyk5r"; + sha256 = "1p1r015a7jbpvkkbgzv1y8nxrbbp6dg0mq3ksi6ji0qdz3wfss79"; }; buildInputs = [ libatomic_ops ]; diff --git a/pkgs/development/libraries/boost/generic.nix b/pkgs/development/libraries/boost/generic.nix index 14ea512afbd2..efe1151359d7 100644 --- a/pkgs/development/libraries/boost/generic.nix +++ b/pkgs/development/libraries/boost/generic.nix @@ -55,11 +55,11 @@ let "--layout=${layout}" "variant=${variant}" "threading=${threading}" - "runtime-link=${runtime-link}" "link=${link}" "-sEXPAT_INCLUDE=${expat.dev}/include" "-sEXPAT_LIBPATH=${expat.out}/lib" - ] ++ optional (variant == "release") "debug-symbols=off" + ] ++ optional (link != "static") "runtime-link=${runtime-link}" + ++ optional (variant == "release") "debug-symbols=off" ++ optional (toolset != null) "toolset=${toolset}" ++ optional (mpi != null || hostPlatform != buildPlatform) "--user-config=user-config.jam" ++ optionals (hostPlatform.libc == "msvcrt") [ diff --git a/pkgs/development/libraries/c-ares/default.nix b/pkgs/development/libraries/c-ares/default.nix index 6b3b69f99971..a384a7707832 100644 --- a/pkgs/development/libraries/c-ares/default.nix +++ b/pkgs/development/libraries/c-ares/default.nix @@ -2,11 +2,11 @@ let self = stdenv.mkDerivation rec { - name = "c-ares-1.13.0"; + name = "c-ares-1.14.0"; src = fetchurl { url = "http://c-ares.haxx.se/download/${name}.tar.gz"; - sha256 = "19qxhv9aiw903fr808y77r6l9js0fq9m3gcaqckan9jan7qhixq3"; + sha256 = "0vnwmbvymw677k780kpb6sb8i3szdp89rzy8mz1fwg1657yw3ls5"; }; meta = with stdenv.lib; { diff --git a/pkgs/development/libraries/cairo/default.nix b/pkgs/development/libraries/cairo/default.nix index 6a7beb1cc1a8..6d7b79c0b20a 100644 --- a/pkgs/development/libraries/cairo/default.nix +++ b/pkgs/development/libraries/cairo/default.nix @@ -9,25 +9,17 @@ assert glSupport -> libGL != null; -let inherit (stdenv.lib) optional optionals; in - -stdenv.mkDerivation rec { - name = "cairo-1.14.10"; +let + version = "1.15.10"; + inherit (stdenv.lib) optional optionals; +in stdenv.mkDerivation rec { + name = "cairo-${version}"; src = fetchurl { - url = "http://cairographics.org/releases/${name}.tar.xz"; - sha256 = "02banr0wxckq62nbhc3mqidfdh2q956i2r7w2hd9bjgjb238g1vy"; + url = "http://cairographics.org/${if stdenv.lib.mod (builtins.fromJSON (stdenv.lib.versions.minor version)) 2 == 0 then "releases" else "snapshots"}/${name}.tar.xz"; + sha256 = "14l3jll98pjdlpm8f972v0spzcsf6y5nz85y2k8iybyg6ihj5jk2"; }; - patches = [ - # from https://bugs.freedesktop.org/show_bug.cgi?id=98165 - (fetchpatch { - name = "cairo-CVE-2016-9082.patch"; - url = "https://bugs.freedesktop.org/attachment.cgi?id=127421"; - sha256 = "03sfyaclzlglip4pvfjb4zj4dmm8mlphhxl30mb6giinkc74bfri"; - }) - ]; - outputs = [ "out" "dev" "devdoc" ]; outputBin = "dev"; # very small diff --git a/pkgs/development/libraries/geoclue/2.0.nix b/pkgs/development/libraries/geoclue/2.0.nix index 495a113391e3..4d348c92171b 100644 --- a/pkgs/development/libraries/geoclue/2.0.nix +++ b/pkgs/development/libraries/geoclue/2.0.nix @@ -5,11 +5,11 @@ with stdenv.lib; stdenv.mkDerivation rec { - name = "geoclue-2.4.7"; + name = "geoclue-2.4.8"; src = fetchurl { url = "http://www.freedesktop.org/software/geoclue/releases/2.4/${name}.tar.xz"; - sha256 = "19hfmr8fa1js8ynazdyjxlyrqpjn6m1719ay70ilga4rayxrcyyi"; + sha256 = "08yg1r7m0n9hwyvcy769qkmkf8lslqwv69cjfffwnc3zm5km25qj"; }; outputs = [ "out" "dev" ]; diff --git a/pkgs/development/libraries/libdvdcss/default.nix b/pkgs/development/libraries/libdvdcss/default.nix index 66cb5215a8a9..f18e0622d0cc 100644 --- a/pkgs/development/libraries/libdvdcss/default.nix +++ b/pkgs/development/libraries/libdvdcss/default.nix @@ -2,13 +2,13 @@ stdenv.mkDerivation rec { name = "libdvdcss-${version}"; - version = "1.4.1"; + version = "1.4.2"; buildInputs = stdenv.lib.optional stdenv.isDarwin IOKit; src = fetchurl { url = "http://get.videolan.org/libdvdcss/${version}/${name}.tar.bz2"; - sha256 = "1b7awvyahivglp7qmgx2g5005kc5npv257gw7wxdprjsnx93f1zb"; + sha256 = "0x957zzpf4w2cp8zlk29prj8i2q6hay3lzdzsyz8y3cwxivyvhkq"; }; meta = with stdenv.lib; { diff --git a/pkgs/development/libraries/libevdev/default.nix b/pkgs/development/libraries/libevdev/default.nix index 5bcb9a1ede22..2ef1d3965ce9 100644 --- a/pkgs/development/libraries/libevdev/default.nix +++ b/pkgs/development/libraries/libevdev/default.nix @@ -1,11 +1,11 @@ { stdenv, fetchurl, python }: stdenv.mkDerivation rec { - name = "libevdev-1.5.8"; + name = "libevdev-1.5.9"; src = fetchurl { url = "https://www.freedesktop.org/software/libevdev/${name}.tar.xz"; - sha256 = "0vac7n1miqdprikq4g63vsk681q8v416r0nbh2xai7b08qgdi0v0"; + sha256 = "0xca343ff12wh6nsq76r0nbsfrm8dypjrzm4fqz9vv9v8i8kfrp1"; }; buildInputs = [ python ]; diff --git a/pkgs/development/libraries/libidn/default.nix b/pkgs/development/libraries/libidn/default.nix index 54d669f1913b..185cd2ede84c 100644 --- a/pkgs/development/libraries/libidn/default.nix +++ b/pkgs/development/libraries/libidn/default.nix @@ -1,11 +1,11 @@ { fetchurl, stdenv, libiconv }: stdenv.mkDerivation rec { - name = "libidn-1.33"; + name = "libidn-1.34"; src = fetchurl { url = "mirror://gnu/libidn/${name}.tar.gz"; - sha256 = "068fjg2arlppjqqpzd714n1lf6gxkpac9v5yyvp1qwmv6nvam9s4"; + sha256 = "0g3fzypp0xjcgr90c5cyj57apx1cmy0c6y9lvw2qdcigbyby469p"; }; outputs = [ "bin" "dev" "out" "info" "devdoc" ]; diff --git a/pkgs/development/libraries/libinput/default.nix b/pkgs/development/libraries/libinput/default.nix index 0e2458a38959..6773b7c1b1f1 100644 --- a/pkgs/development/libraries/libinput/default.nix +++ b/pkgs/development/libraries/libinput/default.nix @@ -16,11 +16,11 @@ in with stdenv.lib; stdenv.mkDerivation rec { name = "libinput-${version}"; - version = "1.10.0"; + version = "1.10.3"; src = fetchurl { url = "http://www.freedesktop.org/software/libinput/${name}.tar.xz"; - sha256 = "0mrzsf0349d1g68lizkzxw7vaw459fl8xhl7v0s8njb31hp2riy2"; + sha256 = "0002xk9cqzpqrlhgav1wp8nimsbp9d2w8rd8mgygczq2hjar0lhd"; }; outputs = [ "out" "dev" ]; diff --git a/pkgs/development/libraries/libjpeg/default.nix b/pkgs/development/libraries/libjpeg/default.nix index 8b0a4ec98eda..96dbd463370b 100644 --- a/pkgs/development/libraries/libjpeg/default.nix +++ b/pkgs/development/libraries/libjpeg/default.nix @@ -3,11 +3,11 @@ with stdenv.lib; stdenv.mkDerivation { - name = "libjpeg-8d"; + name = "libjpeg-9c"; src = fetchurl { - url = http://www.ijg.org/files/jpegsrc.v8d.tar.gz; - sha256 = "1cz0dy05mgxqdgjf52p54yxpyy95rgl30cnazdrfmw7hfca9n0h0"; + url = http://www.ijg.org/files/jpegsrc.v9c.tar.gz; + sha256 = "08kixcf3a7s9x91174abjnk1xbvj4v8crdc73zi4k9h3jfbm00k5"; }; configureFlags = optional static "--enable-static --disable-shared"; diff --git a/pkgs/development/libraries/librsvg/default.nix b/pkgs/development/libraries/librsvg/default.nix index c2e1739117b5..7ee1733f34d2 100644 --- a/pkgs/development/libraries/librsvg/default.nix +++ b/pkgs/development/libraries/librsvg/default.nix @@ -5,14 +5,14 @@ let pname = "librsvg"; - version = "2.42.2"; + version = "2.42.3"; in stdenv.mkDerivation rec { name = "${pname}-${version}"; src = fetchurl { url = "mirror://gnome/sources/${pname}/${gnome3.versionBranch version}/${name}.tar.xz"; - sha256 = "0c550a0bffef768a436286116c03d9f6cd3f97f5021c13e7f093b550fac12562"; + sha256 = "0mz6rdxpnnjnk15nahlwpa2gba0ws1hs2dnyk1agqw5ip522qkvh"; }; outputs = [ "out" "dev" ]; diff --git a/pkgs/development/libraries/libuv/default.nix b/pkgs/development/libraries/libuv/default.nix index e8877c7f54b6..e6b29a6c36be 100644 --- a/pkgs/development/libraries/libuv/default.nix +++ b/pkgs/development/libraries/libuv/default.nix @@ -2,14 +2,14 @@ , ApplicationServices, CoreServices }: stdenv.mkDerivation rec { - version = "1.19.2"; + version = "1.20.0"; name = "libuv-${version}"; src = fetchFromGitHub { owner = "libuv"; repo = "libuv"; rev = "v${version}"; - sha256 = "118r8wigm65107fm7kzfz7gc4awy8xxg0knvwnshx1j40ks08x9z"; + sha256 = "0bjxny5bjl0qy978i9n2b96vd72h9dd7ghylvhfsi1aqfwc0s1qz"; }; postPatch = let diff --git a/pkgs/development/libraries/libvpx/default.nix b/pkgs/development/libraries/libvpx/default.nix index 1e96ff9bb1ad..f8894de3c752 100644 --- a/pkgs/development/libraries/libvpx/default.nix +++ b/pkgs/development/libraries/libvpx/default.nix @@ -58,13 +58,13 @@ assert isCygwin -> unitTestsSupport && webmIOSupport && libyuvSupport; stdenv.mkDerivation rec { name = "libvpx-${version}"; - version = "1.6.1"; + version = "1.7.0"; src = fetchFromGitHub { owner = "webmproject"; repo = "libvpx"; rev = "v${version}"; - sha256 = "10fs7xilf2bsj5bqw206lb5r5dgl84p5m6nibiirk28lmjx1i3l0"; + sha256 = "0vvh89hvp8qg9an9vcmwb7d9k3nixhxaz6zi65qdjnd0i56kkcz6"; }; patchPhase = ''patchShebangs .''; diff --git a/pkgs/development/libraries/libwacom/default.nix b/pkgs/development/libraries/libwacom/default.nix index 8e36edff7edd..cc3f19ab7d31 100644 --- a/pkgs/development/libraries/libwacom/default.nix +++ b/pkgs/development/libraries/libwacom/default.nix @@ -2,11 +2,11 @@ stdenv.mkDerivation rec { name = "libwacom-${version}"; - version = "0.28"; + version = "0.29"; src = fetchurl { url = "mirror://sourceforge/linuxwacom/libwacom/${name}.tar.bz2"; - sha256 = "1vv768870597rvwxdb59v6pjn1pxaxg4r6znbb5j3cl828q35mp7"; + sha256 = "1diklgcjhmvcxi9p1ifp6wcnyr6k7z9jhrlzfhzjqd6zipk01slw"; }; nativeBuildInputs = [ pkgconfig ]; diff --git a/pkgs/development/libraries/libxml2/default.nix b/pkgs/development/libraries/libxml2/default.nix index c4f3ff1efdd5..be2f83cb498e 100644 --- a/pkgs/development/libraries/libxml2/default.nix +++ b/pkgs/development/libraries/libxml2/default.nix @@ -10,11 +10,11 @@ let in stdenv.mkDerivation rec { name = "libxml2-${version}"; - version = "2.9.7"; + version = "2.9.8"; src = fetchurl { url = "http://xmlsoft.org/sources/${name}.tar.gz"; - sha256 = "034hylzspvkm0p4bczqbf8q05a7r2disr8dz725x4bin61ymwg7n"; + sha256 = "0ci7is75bwqqw2p32vxvrk6ds51ik7qgx73m920rakv5jlayax0b"; }; outputs = [ "bin" "dev" "out" "man" "doc" ] diff --git a/pkgs/development/libraries/nspr/default.nix b/pkgs/development/libraries/nspr/default.nix index 17805f32afb1..ce18498ee858 100644 --- a/pkgs/development/libraries/nspr/default.nix +++ b/pkgs/development/libraries/nspr/default.nix @@ -1,14 +1,14 @@ { stdenv, fetchurl , CoreServices ? null }: -let version = "4.18"; in +let version = "4.19"; in stdenv.mkDerivation { name = "nspr-${version}"; src = fetchurl { url = "mirror://mozilla/nspr/releases/v${version}/src/nspr-${version}.tar.gz"; - sha256 = "0d7vr3wrgp73qbywrvdkikk8vq1s1n9vhf62db80g1zqkg05g5mq"; + sha256 = "0agpv3f17h8kmzi0ifibaaxc1k3xc0q61wqw3l6r2xr2z8bmkn9f"; }; outputs = [ "out" "dev" ]; diff --git a/pkgs/development/libraries/nss/default.nix b/pkgs/development/libraries/nss/default.nix index 8662b956ce22..840b349035b1 100644 --- a/pkgs/development/libraries/nss/default.nix +++ b/pkgs/development/libraries/nss/default.nix @@ -15,11 +15,11 @@ let in stdenv.mkDerivation rec { name = "nss-${version}"; - version = "3.35"; + version = "3.36.1"; src = fetchurl { - url = "mirror://mozilla/security/nss/releases/NSS_3_35_RTM/src/${name}.tar.gz"; - sha256 = "1ypn68z9ncbbshi3184ywrhx5i846lyd72gps1grzqzdkgh7s4pl"; + url = "mirror://mozilla/security/nss/releases/NSS_3_36_1_RTM/src/${name}.tar.gz"; + sha256 = "1zrb49mp7cy3snnday1zv8d76h1mgppbcwxnlkqsgxlga8fl89b0"; }; buildInputs = [ perl zlib sqlite ] diff --git a/pkgs/development/libraries/openssl/default.nix b/pkgs/development/libraries/openssl/default.nix index 5a9052222cb8..370616745d33 100644 --- a/pkgs/development/libraries/openssl/default.nix +++ b/pkgs/development/libraries/openssl/default.nix @@ -71,8 +71,7 @@ let makeFlags = [ "MANDIR=$(man)/share/man" ]; - # Parallel building is broken in OpenSSL. - enableParallelBuilding = false; + enableParallelBuilding = true; postInstall = '' # If we're building dynamic libraries, then don't install static diff --git a/pkgs/development/libraries/spice-gtk/default.nix b/pkgs/development/libraries/spice-gtk/default.nix index 0564459b24c0..05fd952eb2e8 100644 --- a/pkgs/development/libraries/spice-gtk/default.nix +++ b/pkgs/development/libraries/spice-gtk/default.nix @@ -52,7 +52,7 @@ in stdenv.mkDerivation rec { nativeBuildInputs = [ pkgconfig gettext libsoup autoreconfHook vala gobjectIntrospection ]; - PKG_CONFIG_POLKIT_GOBJECT_1_POLICYDIR = "share/polkit-1/actions"; + PKG_CONFIG_POLKIT_GOBJECT_1_POLICYDIR = "$(out)/share/polkit-1/actions"; configureFlags = [ "--with-gtk3" diff --git a/pkgs/development/libraries/wayland/default.nix b/pkgs/development/libraries/wayland/default.nix index a5b7a6a99ce4..bbc33f33e701 100644 --- a/pkgs/development/libraries/wayland/default.nix +++ b/pkgs/development/libraries/wayland/default.nix @@ -8,11 +8,11 @@ assert expat != null; stdenv.mkDerivation rec { name = "wayland-${version}"; - version = "1.14.0"; + version = "1.15.0"; src = fetchurl { url = "https://wayland.freedesktop.org/releases/${name}.tar.xz"; - sha256 = "1f3sla6h0bw15fz8pjc67jhwj7pwmfdc7qlj42j5k9v116ycm07d"; + sha256 = "1c5fnys8hi71cnzjv5k7j0r8gx80p0yyqlrpmn06mmarhnxvwgzb"; }; configureFlags = [ "--with-scanner" "--disable-documentation" ]; diff --git a/pkgs/development/libraries/x265/default.nix b/pkgs/development/libraries/x265/default.nix index 418829e7af8a..d11a93254bfb 100644 --- a/pkgs/development/libraries/x265/default.nix +++ b/pkgs/development/libraries/x265/default.nix @@ -16,14 +16,14 @@ in stdenv.mkDerivation rec { name = "x265-${version}"; - version = "2.6"; + version = "2.7"; src = fetchurl { urls = [ "http://get.videolan.org/x265/x265_${version}.tar.gz" "https://github.com/videolan/x265/archive/${version}.tar.gz" ]; - sha256 = "1gyd94jkwdii9308m07nymsbxrmrcl81c0j8i10zhslr2mj07w0v"; + sha256 = "18llni1m8kfvdwy5bp950z6gyd0nijmvi3hzd6gd8vpy5yk5zrym"; }; enableParallelBuilding = true; diff --git a/pkgs/development/python-modules/deprecation/default.nix b/pkgs/development/python-modules/deprecation/default.nix new file mode 100644 index 000000000000..63c3fcd74cac --- /dev/null +++ b/pkgs/development/python-modules/deprecation/default.nix @@ -0,0 +1,25 @@ +{ lib, buildPythonPackage, fetchPypi, python, packaging, unittest2 }: + +buildPythonPackage rec { + pname = "deprecation"; + version = "2.0.2"; + + src = fetchPypi { + inherit pname version; + sha256 = "e8d0dc5a17d7d551730e5f23ff3a53fc9e438364b9efb47d41c3e9b05522eabe"; + }; + + propagatedBuildInputs = [ packaging ]; + + checkInputs = [ unittest2 ]; + + checkPhase = '' + ${python.interpreter} -m unittest discover + ''; + + meta = with lib; { + description = "A library to handle automated deprecations"; + homepage = https://deprecation.readthedocs.io/; + license = licenses.asl20; + }; +} diff --git a/pkgs/development/python-modules/pycairo/default.nix b/pkgs/development/python-modules/pycairo/default.nix index 39c06bff3bf7..091ac809a9bb 100644 --- a/pkgs/development/python-modules/pycairo/default.nix +++ b/pkgs/development/python-modules/pycairo/default.nix @@ -2,8 +2,7 @@ buildPythonPackage rec { pname = "pycairo"; - version = "1.15.4"; - name = "${pname}-${version}"; + version = "1.16.3"; disabled = isPyPy; @@ -11,13 +10,21 @@ buildPythonPackage rec { owner = "pygobject"; repo = "pycairo"; rev = "v${version}"; - sha256 = "02vzmfxx8nl6dbwzc911wcj7hqspgqz6v9xmq6579vwfla0vaglv"; + sha256 = "0clk6wrfls3fa1xrn844762qfaw6gs4ivwkrfysidbzmlbxhpngl"; }; - postPatch = '' - # we are unable to pass --prefix to bdist_wheel - # see https://github.com/NixOS/nixpkgs/pull/32034#discussion_r153285955 - substituteInPlace setup.py --replace '"prefix": self.install_base' "'prefix': '$out'" + # We need to create the pkgconfig file but it cannot be installed as a wheel since wheels + # are supposed to be relocatable and do not support --prefix option + buildPhase = '' + ${python.interpreter} setup.py build + ''; + + installPhase = '' + ${python.interpreter} setup.py install --skip-build --prefix="$out" --optimize=1 + ''; + + checkPhase = '' + ${python.interpreter} setup.py test ''; nativeBuildInputs = [ pkgconfig ]; diff --git a/pkgs/development/tools/build-managers/conan/default.nix b/pkgs/development/tools/build-managers/conan/default.nix index 04d7d93455e9..849c722e5548 100644 --- a/pkgs/development/tools/build-managers/conan/default.nix +++ b/pkgs/development/tools/build-managers/conan/default.nix @@ -20,12 +20,12 @@ let newPython = python.override { }; in newPython.pkgs.buildPythonApplication rec { - version = "1.1.1"; # remove patch below when updating + version = "1.2.3"; pname = "conan"; src = newPython.pkgs.fetchPypi { inherit pname version; - sha256 = "1k1r401bc9fgmhd5n5f29mjcn346r3zdrm7p28nwpr2r2p3fslrl"; + sha256 = "623e92d99cd0f4ec92552b23af66a6bb066071e213659f502480bb9a96d7be23"; }; checkInputs = with newPython.pkgs; [ @@ -39,15 +39,7 @@ in newPython.pkgs.buildPythonApplication rec { propagatedBuildInputs = with newPython.pkgs; [ requests fasteners pyyaml pyjwt colorama patch bottle pluginbase six distro pylint node-semver - future pygments mccabe - ]; - - patches = [ - # already merged, remove with the next package update - (fetchpatch { - url = "https://github.com/conan-io/conan/commit/51cc4cbd51ac8f9b9efa2bf678a2d7810e273ff3.patch"; - sha256 = "0d93g4hjpfk8z870imwdswkw5qba2h5zhfgwwijiqhr2pv7fl1y7"; - }) + future pygments mccabe deprecation ]; preCheck = '' diff --git a/pkgs/development/tools/misc/binutils/default.nix b/pkgs/development/tools/misc/binutils/default.nix index 123f679d779d..0829139595d7 100644 --- a/pkgs/development/tools/misc/binutils/default.nix +++ b/pkgs/development/tools/misc/binutils/default.nix @@ -64,6 +64,12 @@ stdenv.mkDerivation rec { # https://sourceware.org/bugzilla/show_bug.cgi?id=22868 ./gold-symbol-visibility.patch + + ] ++ stdenv.lib.optionals targetPlatform.isAarch64 [ + # Version 2.30 introduced strict requirements on ELF relocations which cannot + # be satisfied on aarch64 platform. Add backported fix from bugzilla. + # https://sourceware.org/bugzilla/show_bug.cgi?id=22764 + ./relax-R_AARCH64_ABS32-R_AARCH64_ABS16-absolute.patch ] ++ stdenv.lib.optional targetPlatform.isiOS ./support-ios.patch; outputs = [ "out" "info" "man" ]; diff --git a/pkgs/development/tools/misc/binutils/relax-R_AARCH64_ABS32-R_AARCH64_ABS16-absolute.patch b/pkgs/development/tools/misc/binutils/relax-R_AARCH64_ABS32-R_AARCH64_ABS16-absolute.patch new file mode 100644 index 000000000000..6a04b3cc5588 --- /dev/null +++ b/pkgs/development/tools/misc/binutils/relax-R_AARCH64_ABS32-R_AARCH64_ABS16-absolute.patch @@ -0,0 +1,130 @@ +diff --git a/bfd/ChangeLog b/bfd/ChangeLog +index c310da6ed3..d31f46171f 100644 +--- a/bfd/ChangeLog ++++ b/bfd/ChangeLog +@@ -1,3 +1,10 @@ ++2018-02-05 Renlin Li <renlin.li@arm.com> ++ ++ PR ld/22764 ++ * elfnn-aarch64.c (elfNN_aarch64_check_relocs): Relax the ++ R_AARCH64_ABS32 and R_AARCH64_ABS16 for absolute symbol. Apply the ++ check for writeable section as well. ++ + 2018-01-27 Nick Clifton <nickc@redhat.com> + + This is the 2.30 release: +diff --git a/bfd/elfnn-aarch64.c b/bfd/elfnn-aarch64.c +index d5711e0eb1..973188220b 100644 +--- a/bfd/elfnn-aarch64.c ++++ b/bfd/elfnn-aarch64.c +@@ -7074,10 +7074,19 @@ elfNN_aarch64_check_relocs (bfd *abfd, struct bfd_link_info *info, + #if ARCH_SIZE == 64 + case BFD_RELOC_AARCH64_32: + #endif +- if (bfd_link_pic (info) +- && (sec->flags & SEC_ALLOC) != 0 +- && (sec->flags & SEC_READONLY) != 0) ++ if (bfd_link_pic (info) && (sec->flags & SEC_ALLOC) != 0) + { ++ if (h != NULL ++ /* This is an absolute symbol. It represents a value instead ++ of an address. */ ++ && ((h->root.type == bfd_link_hash_defined ++ && bfd_is_abs_section (h->root.u.def.section)) ++ /* This is an undefined symbol. */ ++ || h->root.type == bfd_link_hash_undefined)) ++ break; ++ ++ /* For local symbols, defined global symbols in a non-ABS section, ++ it is assumed that the value is an address. */ + int howto_index = bfd_r_type - BFD_RELOC_AARCH64_RELOC_START; + _bfd_error_handler + /* xgettext:c-format */ +diff --git a/ld/ChangeLog b/ld/ChangeLog +index 6337cd0cb6..1aaa6da3b5 100644 +--- a/ld/ChangeLog ++++ b/ld/ChangeLog +@@ -1,3 +1,11 @@ ++2018-02-05 Renlin Li <renlin.li@arm.com> ++ ++ PR ld/22764 ++ * testsuite/ld-aarch64/emit-relocs-258.s: Define symbol as an address. ++ * testsuite/ld-aarch64/emit-relocs-259.s: Likewise. ++ * testsuite/ld-aarch64/pr22764.s: New. ++ * testsuite/ld-aarch64/pr22764.d: New. ++ + 2018-01-27 Nick Clifton <nickc@redhat.com> + + This is the 2.30 release: +diff --git a/ld/testsuite/ld-aarch64/aarch64-elf.exp b/ld/testsuite/ld-aarch64/aarch64-elf.exp +index f31089361b..d766f3736b 100644 +--- a/ld/testsuite/ld-aarch64/aarch64-elf.exp ++++ b/ld/testsuite/ld-aarch64/aarch64-elf.exp +@@ -275,6 +275,7 @@ run_dump_test "pr17415" + run_dump_test_lp64 "tprel_g2_overflow" + run_dump_test "tprel_add_lo12_overflow" + run_dump_test "protected-data" ++run_dump_test_lp64 "pr22764" + + # ifunc tests + run_dump_test "ifunc-1" +diff --git a/ld/testsuite/ld-aarch64/emit-relocs-258.s b/ld/testsuite/ld-aarch64/emit-relocs-258.s +index f724776243..87bb657c5d 100644 +--- a/ld/testsuite/ld-aarch64/emit-relocs-258.s ++++ b/ld/testsuite/ld-aarch64/emit-relocs-258.s +@@ -1,5 +1,6 @@ ++.global dummy + .text +- ++dummy: + ldr x0, .L1 + + .L1: +diff --git a/ld/testsuite/ld-aarch64/emit-relocs-259.s b/ld/testsuite/ld-aarch64/emit-relocs-259.s +index 7e1ba3ceb4..0977c9d869 100644 +--- a/ld/testsuite/ld-aarch64/emit-relocs-259.s ++++ b/ld/testsuite/ld-aarch64/emit-relocs-259.s +@@ -1,5 +1,6 @@ ++.global dummy + .text +- ++dummy: + ldr x0, .L1 + + .L1: +diff --git a/ld/testsuite/ld-aarch64/pr22764.d b/ld/testsuite/ld-aarch64/pr22764.d +new file mode 100644 +index 0000000000..997519f469 +--- /dev/null ++++ b/ld/testsuite/ld-aarch64/pr22764.d +@@ -0,0 +1,18 @@ ++#source: pr22764.s ++#ld: -shared -T relocs.ld -defsym sym_abs1=0x1 -defsym sym_abs2=0x2 -defsym sym_abs3=0x3 -e0 --emit-relocs ++#notarget: aarch64_be-*-* ++#objdump: -dr ++#... ++ ++Disassembly of section \.text: ++ ++0000000000010000 \<\.text\>: ++ 10000: d503201f nop ++ ... ++ 10004: R_AARCH64_ABS64 sym_abs1 ++ 1000c: 00000002 \.word 0x00000002 ++ 1000c: R_AARCH64_ABS32 sym_abs2 ++ 10010: 0003 \.short 0x0003 ++ 10010: R_AARCH64_ABS16 sym_abs3 ++ 10012: 0000 \.short 0x0000 ++ 10014: d503201f nop +diff --git a/ld/testsuite/ld-aarch64/pr22764.s b/ld/testsuite/ld-aarch64/pr22764.s +new file mode 100644 +index 0000000000..25e36b4a12 +--- /dev/null ++++ b/ld/testsuite/ld-aarch64/pr22764.s +@@ -0,0 +1,6 @@ ++ .text ++ nop ++ .xword sym_abs1 ++ .word sym_abs2 ++ .short sym_abs3 ++ nop diff --git a/pkgs/development/tools/misc/itstool/default.nix b/pkgs/development/tools/misc/itstool/default.nix index 70ed9cd0570e..129c1c6b3a93 100644 --- a/pkgs/development/tools/misc/itstool/default.nix +++ b/pkgs/development/tools/misc/itstool/default.nix @@ -2,11 +2,11 @@ # We need the same Python as is used to build libxml2Python stdenv.mkDerivation rec { - name = "itstool-2.0.2"; + name = "itstool-2.0.4"; src = fetchurl { url = "http://files.itstool.org/itstool/${name}.tar.bz2"; - sha256 = "bf909fb59b11a646681a8534d5700fec99be83bb2c57badf8c1844512227033a"; + sha256 = "0q7b4qrc758zfx3adsgvz0r93swdbxjr42w37rahngm33nshihlp"; }; buildInputs = [ python2 libxml2Python ]; diff --git a/pkgs/os-specific/linux/libcap-ng/default.nix b/pkgs/os-specific/linux/libcap-ng/default.nix index d4625687c472..845e4e704eba 100644 --- a/pkgs/os-specific/linux/libcap-ng/default.nix +++ b/pkgs/os-specific/linux/libcap-ng/default.nix @@ -6,11 +6,11 @@ stdenv.mkDerivation rec { name = "libcap-ng-${version}"; # When updating make sure to test that the version with # all of the python bindings still works - version = "0.7.8"; + version = "0.7.9"; src = fetchurl { url = "${meta.homepage}/${name}.tar.gz"; - sha256 = "0pyhjxgsph3p28ayk4ynxab6wvzaqmazk1nkamx11m2w8jbzj6n2"; + sha256 = "0a0k484kwv0zilry2mbl9k56cnpdhsjxdxin17jas6kkyfy345aa"; }; nativeBuildInputs = [ swig ]; diff --git a/pkgs/os-specific/linux/procps-ng/default.nix b/pkgs/os-specific/linux/procps-ng/default.nix index 316f0ad1a28d..d164af63315f 100644 --- a/pkgs/os-specific/linux/procps-ng/default.nix +++ b/pkgs/os-specific/linux/procps-ng/default.nix @@ -1,33 +1,17 @@ -{ lib, stdenv, fetchFromGitLab, fetchpatch, ncurses, libtool, gettext, autoconf, automake, pkgconfig }: +{ lib, stdenv, fetchurl, ncurses, libtool, gettext, autoconf, automake, pkgconfig }: stdenv.mkDerivation rec { name = "procps-${version}"; - version = "3.3.13"; + version = "3.3.14"; - src = fetchFromGitLab { - owner ="procps-ng"; - repo = "procps"; - rev = "v${version}"; - sha256 = "0r3h9adhqi5fi62lx65z839fww35lfh2isnknhkaw71xndjpzr0q"; + src = fetchurl { + url = "https://gitlab.com/procps-ng/procps/-/archive/v${version}/procps-v${version}.tar.bz2"; + sha256 = "0igvsl3s7m5ygxgypzksk4cp2wkvv3lk49s7i9m5wbimyakmr0vf"; }; buildInputs = [ ncurses ]; nativeBuildInputs = [ libtool gettext autoconf automake pkgconfig ]; - # https://gitlab.com/procps-ng/procps/issues/88 - # Patches needed for musl and glibc 2.28 - patches = [ - (fetchpatch { - url = "https://gitlab.com/procps-ng/procps/uploads/f91ff094be1e4638aeffb67bdbb751ba/numa.h.diff"; - sha256 = "16r537d2wfrvbv6dg9vyfck8n31xa58903mnssw1s4kb5ap83yd5"; - extraPrefix = ""; - }) - (fetchpatch { - url = "https://gitlab.com/procps-ng/procps/uploads/6a7bdea4d82ba781451316fda74192ae/libio_detection.diff"; - sha256 = "0qp0j60kiycjsv213ih10imjirmxz8zja3rk9fq5lr5xf7k2lr3p"; - }) - ]; - # autoreconfHook doesn't quite get, what procps-ng buildprocss does # with po/Makefile.in.in and stuff. preConfigure = '' diff --git a/pkgs/os-specific/linux/v4l-utils/default.nix b/pkgs/os-specific/linux/v4l-utils/default.nix index 84b31d4d516b..9bdb16cd1f16 100644 --- a/pkgs/os-specific/linux/v4l-utils/default.nix +++ b/pkgs/os-specific/linux/v4l-utils/default.nix @@ -8,11 +8,11 @@ stdenv.mkDerivation rec { name = "v4l-utils-${version}"; - version = "1.12.3"; + version = "1.14.2"; src = fetchurl { url = "http://linuxtv.org/downloads/v4l-utils/${name}.tar.bz2"; - sha256 = "0vpl3jl0x441y7b5cn7zhdsyi954hp9h2p30jhnr1zkx1rpxsiss"; + sha256 = "14h6d2p3n4jmxhd8i0p1m5dbwz5vnpb3z88xqd9ghg15n7265fg6"; }; outputs = [ "out" "dev" ]; diff --git a/pkgs/servers/amqp/rabbitmq-server/default.nix b/pkgs/servers/amqp/rabbitmq-server/default.nix index 3d4a8902c918..4cc187846d0d 100644 --- a/pkgs/servers/amqp/rabbitmq-server/default.nix +++ b/pkgs/servers/amqp/rabbitmq-server/default.nix @@ -1,17 +1,11 @@ { stdenv, fetchurl, runCommand , erlang, python, libxml2, libxslt, xmlto , docbook_xml_dtd_45, docbook_xsl, zip, unzip, rsync - , AppKit, Carbon, Cocoa +, getconf }: -let - # we only need that one glibc binary (28k instead of 2.7M) - getconf = runCommand "getconf" {} '' - install -D ${stdenv.lib.getBin stdenv.cc.libc}/bin/getconf $out/bin/getconf - ''; - -in stdenv.mkDerivation rec { +stdenv.mkDerivation rec { name = "rabbitmq-server-${version}"; version = "3.6.15"; diff --git a/pkgs/servers/sql/mariadb/default.nix b/pkgs/servers/sql/mariadb/default.nix index 60462f83d108..a63a9f103c7b 100644 --- a/pkgs/servers/sql/mariadb/default.nix +++ b/pkgs/servers/sql/mariadb/default.nix @@ -167,11 +167,11 @@ everything = stdenv.mkDerivation (common // { connector-c = stdenv.mkDerivation rec { name = "mariadb-connector-c-${version}"; - version = "2.3.4"; + version = "2.3.5"; src = fetchurl { url = "https://downloads.mariadb.org/interstitial/connector-c-${version}/mariadb-connector-c-${version}-src.tar.gz/from/http%3A//ftp.hosteurope.de/mirror/archive.mariadb.org/?serve"; - sha256 = "1g1sq5knarxkfhpkcczr6qxmq12pid65cdkqnhnfs94av89hbswb"; + sha256 = "0vvlfs56hxin130vh8pcs5w7jpv1yc6g76bhpzg88hnp4v1z8frg"; name = "mariadb-connector-c-${version}-src.tar.gz"; }; diff --git a/pkgs/servers/x11/xorg/default.nix b/pkgs/servers/x11/xorg/default.nix index 07faa8d3cc7e..d15c5924b771 100644 --- a/pkgs/servers/x11/xorg/default.nix +++ b/pkgs/servers/x11/xorg/default.nix @@ -2468,11 +2468,11 @@ let }) // {inherit inputproto libX11 libXaw xproto libXt ;}; xkeyboardconfig = (mkDerivation "xkeyboardconfig" { - name = "xkeyboard-config-2.22"; + name = "xkeyboard-config-2.23.1"; builder = ./builder.sh; src = fetchurl { - url = mirror://xorg/individual/data/xkeyboard-config/xkeyboard-config-2.22.tar.bz2; - sha256 = "1garmbyfjp0han04l2l90zzwlfbdgdxl6r1qnic36i5wkycckbny"; + url = mirror://xorg/individual/data/xkeyboard-config/xkeyboard-config-2.23.1.tar.bz2; + sha256 = "1wq27cs1c9y7d1d7zp5yhq29paj9smajdb68lyvm28d2zq2vqjra"; }; nativeBuildInputs = [ pkgconfig ]; buildInputs = [ libX11 xproto ]; diff --git a/pkgs/stdenv/generic/make-derivation.nix b/pkgs/stdenv/generic/make-derivation.nix index 46df958b8396..7b5f9f7d6b0b 100644 --- a/pkgs/stdenv/generic/make-derivation.nix +++ b/pkgs/stdenv/generic/make-derivation.nix @@ -74,6 +74,11 @@ rec { # TODO(@Ericson2314): Make this more modular, and not O(n^2). let supportedHardeningFlags = [ "fortify" "stackprotector" "pie" "pic" "strictoverflow" "format" "relro" "bindnow" ]; + defaultHardeningFlags = lib.remove "pie" supportedHardeningFlags; + enabledHardeningOptions = + if builtins.elem "all" hardeningDisable + then [] + else lib.subtractLists hardeningDisable (defaultHardeningFlags ++ hardeningEnable); # hardeningDisable additionally supports "all". erroneousHardeningFlags = lib.subtractLists supportedHardeningFlags (hardeningEnable ++ lib.remove "all" hardeningDisable); in if builtins.length erroneousHardeningFlags != 0 @@ -179,6 +184,8 @@ rec { ++ optional (elem "host" configurePlatforms) "--host=${stdenv.hostPlatform.config}" ++ optional (elem "target" configurePlatforms) "--target=${stdenv.targetPlatform.config}"; + } // lib.optionalAttrs (hardeningDisable != [] || hardeningEnable != []) { + NIX_HARDENING_ENABLE = enabledHardeningOptions; } // lib.optionalAttrs (stdenv.buildPlatform.isDarwin) { # TODO: remove lib.unique once nix has a list canonicalization primitive __sandboxProfile = diff --git a/pkgs/tools/compression/brotli/default.nix b/pkgs/tools/compression/brotli/default.nix index 707b8f0d799f..1a42ba03d464 100644 --- a/pkgs/tools/compression/brotli/default.nix +++ b/pkgs/tools/compression/brotli/default.nix @@ -4,13 +4,13 @@ stdenv.mkDerivation rec { name = "brotli-${version}"; - version = "1.0.3"; + version = "1.0.4"; src = fetchFromGitHub { owner = "google"; repo = "brotli"; rev = "v" + version; - sha256 = "1hlkqgkm2gv6q83dswg6b19hpw8j33y6iw924j8r647pd4qg1xs7"; + sha256 = "0n5snycxgwqj2v8sgxiqxq4zqh5ydx70dr7qa4ygizs02ms69n1i"; }; nativeBuildInputs = [ cmake ]; diff --git a/pkgs/tools/misc/ethtool/default.nix b/pkgs/tools/misc/ethtool/default.nix index 2527c34feebb..62c782b26fec 100644 --- a/pkgs/tools/misc/ethtool/default.nix +++ b/pkgs/tools/misc/ethtool/default.nix @@ -2,11 +2,11 @@ stdenv.mkDerivation rec { name = "ethtool-${version}"; - version = "4.15"; + version = "4.16"; src = fetchurl { url = "mirror://kernel/software/network/ethtool/${name}.tar.xz"; - sha256 = "06pr3s7wg2pbvfbf7js61bgh3caff4qf50nqqk3cgz9z90rgvxvi"; + sha256 = "00ss07jc7p276d83f6jpafgwyc9yiribciyqcgx9j86v49kpm5py"; }; meta = with stdenv.lib; { diff --git a/pkgs/tools/misc/file/default.nix b/pkgs/tools/misc/file/default.nix index 3765f9134308..aeb43d7c1151 100644 --- a/pkgs/tools/misc/file/default.nix +++ b/pkgs/tools/misc/file/default.nix @@ -2,14 +2,14 @@ stdenv.mkDerivation rec { name = "file-${version}"; - version = "5.32"; + version = "5.33"; src = fetchurl { urls = [ "ftp://ftp.astron.com/pub/file/${name}.tar.gz" "https://distfiles.macports.org/file/${name}.tar.gz" ]; - sha256 = "0l1bfa0icng9vdwya00ff48fhvjazi5610ylbhl35qi13d6xqfc6"; + sha256 = "1iipnwjkag7q04zjkaqic41r9nlw0ml6mhqian6qkkbisb1whlhw"; }; nativeBuildInputs = stdenv.lib.optional (stdenv.hostPlatform != stdenv.buildPlatform) file; diff --git a/pkgs/tools/networking/dhcp/default.nix b/pkgs/tools/networking/dhcp/default.nix index 8b1ac864a434..1ebf57997d00 100644 --- a/pkgs/tools/networking/dhcp/default.nix +++ b/pkgs/tools/networking/dhcp/default.nix @@ -4,11 +4,11 @@ stdenv.mkDerivation rec { name = "dhcp-${version}"; - version = "4.3.6-P1"; + version = "4.4.1"; src = fetchurl { url = "http://ftp.isc.org/isc/dhcp/${version}/${name}.tar.gz"; - sha256 = "1hx3az6ckvgvybr1ag4k9kqr8zfcpzcww4vpw5gz0mi8y2z7gl9g"; + sha256 = "025nfqx4zwdgv4b3rkw26ihcj312vir08jk6yi57ndmb4a4m08ia"; }; patches = diff --git a/pkgs/tools/text/gnupatch/CVE-2018-6951.patch b/pkgs/tools/text/gnupatch/CVE-2018-6951.patch new file mode 100644 index 000000000000..22d5f061c332 --- /dev/null +++ b/pkgs/tools/text/gnupatch/CVE-2018-6951.patch @@ -0,0 +1,28 @@ +From f290f48a621867084884bfff87f8093c15195e6a Mon Sep 17 00:00:00 2001 +From: Andreas Gruenbacher <agruen@gnu.org> +Date: Mon, 12 Feb 2018 16:48:24 +0100 +Subject: Fix segfault with mangled rename patch + +http://savannah.gnu.org/bugs/?53132 +* src/pch.c (intuit_diff_type): Ensure that two filenames are specified +for renames and copies (fix the existing check). +--- + src/pch.c | 3 ++- + 1 file changed, 2 insertions(+), 1 deletion(-) + +diff --git a/src/pch.c b/src/pch.c +index ff9ed2c..bc6278c 100644 +--- a/src/pch.c ++++ b/src/pch.c +@@ -974,7 +974,8 @@ intuit_diff_type (bool need_header, mode_t *p_file_type) + if ((pch_rename () || pch_copy ()) + && ! inname + && ! ((i == OLD || i == NEW) && +- p_name[! reverse] && ++ p_name[reverse] && p_name[! reverse] && ++ name_is_valid (p_name[reverse]) && + name_is_valid (p_name[! reverse]))) + { + say ("Cannot %s file without two valid file names\n", pch_rename () ? "rename" : "copy"); +-- +cgit v1.0-41-gc330 diff --git a/pkgs/tools/text/gnupatch/default.nix b/pkgs/tools/text/gnupatch/default.nix index 3840811a3e36..c83eab2e2ef6 100644 --- a/pkgs/tools/text/gnupatch/default.nix +++ b/pkgs/tools/text/gnupatch/default.nix @@ -11,6 +11,11 @@ stdenv.mkDerivation rec { sha256 = "1zfqy4rdcy279vwn2z1kbv19dcfw25d2aqy9nzvdkq5bjzd0nqdc"; }; + patches = [ + # https://git.savannah.gnu.org/cgit/patch.git/patch/?id=f290f48a621867084884bfff87f8093c15195e6a + ./CVE-2018-6951.patch + ]; + buildInputs = stdenv.lib.optional doCheck ed; configureFlags = stdenv.lib.optionals (hostPlatform != buildPlatform) [ diff --git a/pkgs/tools/text/gnused/default.nix b/pkgs/tools/text/gnused/default.nix index 72d632533ffa..47193e61615d 100644 --- a/pkgs/tools/text/gnused/default.nix +++ b/pkgs/tools/text/gnused/default.nix @@ -2,11 +2,11 @@ stdenv.mkDerivation rec { name = "gnused-${version}"; - version = "4.4"; + version = "4.5"; src = fetchurl { url = "mirror://gnu/sed/sed-${version}.tar.xz"; - sha256 = "0fv88bcnraixc8jvpacvxshi30p5x9m7yb8ns1hfv07hmb2ypmnb"; + sha256 = "0h3b2jfj57wmz680vkbyavlsrkak556qhvs7m7fdlawwhg477bbs"; }; outputs = [ "out" "info" ]; diff --git a/pkgs/top-level/all-packages.nix b/pkgs/top-level/all-packages.nix index 1e22c7e93a79..1b463afbcda5 100644 --- a/pkgs/top-level/all-packages.nix +++ b/pkgs/top-level/all-packages.nix @@ -13756,14 +13756,6 @@ with pkgs; musl-fts = callPackage ../os-specific/linux/musl/fts.nix { }; musl-getconf = callPackage ../os-specific/linux/musl/getconf.nix { }; musl-getent = callPackage ../os-specific/linux/musl/getent.nix { }; - getent = - if hostPlatform.isMusl then musl-getent - # This may not be right on other platforms, but preserves existing behavior - else /* if hostPlatform.libc == "glibc" then */ glibc.bin; - - getconf = - if hostPlatform.isMusl then musl-getconf - else lib.getBin stdenv.cc.libc; nettools = if stdenv.isLinux then callPackage ../os-specific/linux/net-tools { } else unixtools.nettools; @@ -21364,5 +21356,6 @@ with pkgs; # Unix tools unixtools = recurseIntoAttrs (callPackages ./unix-tools.nix { }); inherit (unixtools) hexdump ps logger eject umount - mount wall hostname more sysctl; + mount wall hostname more sysctl getconf + getent; } diff --git a/pkgs/top-level/python-packages.nix b/pkgs/top-level/python-packages.nix index 5b1877875344..86cd192665bc 100644 --- a/pkgs/top-level/python-packages.nix +++ b/pkgs/top-level/python-packages.nix @@ -2075,6 +2075,8 @@ in { demjson = callPackage ../development/python-modules/demjson { }; + deprecation = callPackage ../development/python-modules/deprecation { }; + derpconf = callPackage ../development/python-modules/derpconf { }; deskcon = self.buildPythonPackage rec { diff --git a/pkgs/top-level/unix-tools.nix b/pkgs/top-level/unix-tools.nix index 26adcda8ee17..9946bb1c4dc4 100644 --- a/pkgs/top-level/unix-tools.nix +++ b/pkgs/top-level/unix-tools.nix @@ -1,4 +1,4 @@ -{ pkgs, buildEnv, runCommand, hostPlatform, lib }: +{ pkgs, buildEnv, runCommand, hostPlatform, stdenv, lib }: # These are some unix tools that are commonly included in the /usr/bin # and /usr/sbin directory under more normal distributions. Along with @@ -24,7 +24,7 @@ let exit 1 fi - ln -s "${provider}" "$out/bin/${cmd}" + cp "${provider}" "$out/bin/${cmd}" ''; in rec { @@ -48,6 +48,16 @@ in rec { eject = singleBinary "eject" { linux = pkgs.utillinux; }; + getconf = singleBinary "getconf" { + linux = if hostPlatform.isMusl then pkgs.musl-getconf + else lib.getBin stdenv.cc.libc; + darwin = pkgs.darwin.system_cmds; + }; + getent = singleBinary "getent" { + linux = if hostPlatform.isMusl then pkgs.musl-getent + # This may not be right on other platforms, but preserves existing behavior + else /* if hostPlatform.libc == "glibc" then */ pkgs.glibc.bin; + }; getopt = singleBinary "getopt" { linux = pkgs.utillinux; darwin = pkgs.getopt; |