diff options
Diffstat (limited to 'pkgs/development/libraries')
28 files changed, 384 insertions, 145 deletions
diff --git a/pkgs/development/libraries/audio/libgme/default.nix b/pkgs/development/libraries/audio/libgme/default.nix index bcd6070831bb..3ac8293986d8 100644 --- a/pkgs/development/libraries/audio/libgme/default.nix +++ b/pkgs/development/libraries/audio/libgme/default.nix @@ -1,4 +1,4 @@ -{ stdenv, fetchFromBitbucket, cmake }: +{ stdenv, fetchFromBitbucket, cmake, removeReferencesTo }: let version = "0.6.3"; in stdenv.mkDerivation { @@ -21,4 +21,14 @@ in stdenv.mkDerivation { }; buildInputs = [ cmake ]; + + nativeBuildInputs = [ removeReferencesTo ]; + + # It used to reference it, in the past, but thanks to the postFixup hook, now + # it doesn't. + disallowedReferences = [ stdenv.cc.cc ]; + + postFixup = stdenv.lib.optionalString stdenv.isLinux '' + remove-references-to -t ${stdenv.cc.cc} "$(readlink -f $out/lib/libgme.so)" + ''; } diff --git a/pkgs/development/libraries/dbus/default.nix b/pkgs/development/libraries/dbus/default.nix index a3e3c4ebd89a..049623d3d911 100644 --- a/pkgs/development/libraries/dbus/default.nix +++ b/pkgs/development/libraries/dbus/default.nix @@ -20,11 +20,11 @@ assert enableSystemd -> systemd != null; stdenv.mkDerivation rec { pname = "dbus"; - version = "1.12.16"; + version = "1.12.18"; src = fetchurl { url = "https://dbus.freedesktop.org/releases/dbus/dbus-${version}.tar.gz"; - sha256 = "107ckxaff1cv4q6kmfdi2fb1nlsv03312a7kf6lb4biglhpjv8jl"; + sha256 = "01jkm6shm76bl3cflmnn37dv6nkph0w1akbqpklyac02hiq4vkv4"; }; patches = lib.optional stdenv.isSunOS ./implement-getgrouplist.patch; diff --git a/pkgs/development/libraries/glibc/2.30-cve-2020-1752.patch b/pkgs/development/libraries/glibc/2.30-cve-2020-1752.patch new file mode 100644 index 000000000000..75d874b93d09 --- /dev/null +++ b/pkgs/development/libraries/glibc/2.30-cve-2020-1752.patch @@ -0,0 +1,62 @@ +From: Andreas Schwab <schwab@suse.de> +Date: Wed, 19 Feb 2020 16:21:46 +0000 (+0100) +Subject: Fix use-after-free in glob when expanding ~user (bug 25414) +X-Git-Url: https://sourceware.org/git/?p=glibc.git;a=commitdiff_plain;h=da97c6b88eb03fb834e92964b0895c2ac8d61f63;hp=dd34bce38c822b67fcc42e73969bf6699d6874b6 + +Fix use-after-free in glob when expanding ~user (bug 25414) + +The value of `end_name' points into the value of `dirname', thus don't +deallocate the latter before the last use of the former. + +(cherry picked from commit ddc650e9b3dc916eab417ce9f79e67337b05035c) +--- + +diff --git a/posix/glob.c b/posix/glob.c +index e73e35c510..c6cbd0eb43 100644 +--- a/posix/glob.c ++++ b/posix/glob.c +@@ -827,31 +827,32 @@ __glob (const char *pattern, int flags, int (*errfunc) (const char *, int), + { + size_t home_len = strlen (p->pw_dir); + size_t rest_len = end_name == NULL ? 0 : strlen (end_name); +- char *d; ++ char *d, *newp; ++ bool use_alloca = glob_use_alloca (alloca_used, ++ home_len + rest_len + 1); + +- if (__glibc_unlikely (malloc_dirname)) +- free (dirname); +- malloc_dirname = 0; +- +- if (glob_use_alloca (alloca_used, home_len + rest_len + 1)) +- dirname = alloca_account (home_len + rest_len + 1, +- alloca_used); ++ if (use_alloca) ++ newp = alloca_account (home_len + rest_len + 1, alloca_used); + else + { +- dirname = malloc (home_len + rest_len + 1); +- if (dirname == NULL) ++ newp = malloc (home_len + rest_len + 1); ++ if (newp == NULL) + { + scratch_buffer_free (&pwtmpbuf); + retval = GLOB_NOSPACE; + goto out; + } +- malloc_dirname = 1; + } +- d = mempcpy (dirname, p->pw_dir, home_len); ++ d = mempcpy (newp, p->pw_dir, home_len); + if (end_name != NULL) + d = mempcpy (d, end_name, rest_len); + *d = '\0'; + ++ if (__glibc_unlikely (malloc_dirname)) ++ free (dirname); ++ dirname = newp; ++ malloc_dirname = !use_alloca; ++ + dirlen = home_len + rest_len; + dirname_modified = 1; + } diff --git a/pkgs/development/libraries/glibc/common.nix b/pkgs/development/libraries/glibc/common.nix index 0429c7295fb8..36b6bea61cd4 100644 --- a/pkgs/development/libraries/glibc/common.nix +++ b/pkgs/development/libraries/glibc/common.nix @@ -106,10 +106,10 @@ stdenv.mkDerivation ({ url = "https://salsa.debian.org/glibc-team/glibc/raw/49767c9f7de4828220b691b29de0baf60d8a54ec/debian/patches/localedata/locale-C.diff"; sha256 = "0irj60hs2i91ilwg5w7sqrxb695c93xg0ik7yhhq9irprd7fidn4"; }) - ] - ++ lib.optionals stdenv.isx86_64 [ + ./fix-x64-abi.patch ./2.27-CVE-2019-19126.patch + ./2.30-cve-2020-1752.patch ] ++ lib.optional stdenv.hostPlatform.isMusl ./fix-rpc-types-musl-conflicts.patch ++ lib.optional stdenv.buildPlatform.isDarwin ./darwin-cross-build.patch; diff --git a/pkgs/development/libraries/gnutls/default.nix b/pkgs/development/libraries/gnutls/default.nix index 6d0faa03a888..f75d107718da 100644 --- a/pkgs/development/libraries/gnutls/default.nix +++ b/pkgs/development/libraries/gnutls/default.nix @@ -8,7 +8,7 @@ assert guileBindings -> guile != null; let - version = "3.6.13"; + version = "3.6.14"; # XXX: Gnulib's `test-select' fails on FreeBSD: # https://hydra.nixos.org/build/2962084/nixlog/1/raw . @@ -24,7 +24,7 @@ stdenv.mkDerivation { src = fetchurl { url = "mirror://gnupg/gnutls/v3.6/gnutls-${version}.tar.xz"; - sha256 = "0f1gnm0756qms5cpx6yn6xb8d3imc2gkqmygf12n9x6r8zs1s11j"; + sha256 = "0qwxsfizynly0ns537vnhnlm5lh03la4vbsmz675n0n7vqd7ac2n"; }; outputs = [ "bin" "dev" "out" "man" "devdoc" ]; diff --git a/pkgs/development/libraries/jbig2dec/default.nix b/pkgs/development/libraries/jbig2dec/default.nix index 8cc2ce008716..22d38a080cab 100644 --- a/pkgs/development/libraries/jbig2dec/default.nix +++ b/pkgs/development/libraries/jbig2dec/default.nix @@ -1,18 +1,19 @@ -{ stdenv, fetchurl, python3, autoconf }: +{ stdenv, fetchurl, python3, autoreconfHook }: stdenv.mkDerivation rec { - name = "jbig2dec-0.17"; + pname = "jbig2dec"; + version = "0.18"; src = fetchurl { - url = "https://github.com/ArtifexSoftware/ghostpdl-downloads/releases/download/gs950/${name}.tar.gz"; - sha256 = "0wpvslmwazia3z8gyk343kbq6yj47pxr4x5yjvx332v309qssazp"; + url = "https://github.com/ArtifexSoftware/ghostpdl-downloads/releases/download/gs952/${pname}-${version}.tar.gz"; + sha256 = "0pigfw2v0ppvr0lbysm69gx0zsa5q2q92yrb8af2j3im6x97f6cy"; }; postPatch = '' patchShebangs test_jbig2dec.py ''; - buildInputs = [ autoconf ]; + buildInputs = [ autoreconfHook ]; checkInputs = [ python3 ]; doCheck = true; diff --git a/pkgs/development/libraries/libarchive/default.nix b/pkgs/development/libraries/libarchive/default.nix index 118adc61623a..d1917de37d6a 100644 --- a/pkgs/development/libraries/libarchive/default.nix +++ b/pkgs/development/libraries/libarchive/default.nix @@ -1,6 +1,6 @@ { fetchFromGitHub, stdenv, pkgconfig, autoreconfHook, - acl, attr, bzip2, e2fsprogs, libxml2, lzo, openssl, sharutils, xz, zlib, + acl, attr, bzip2, e2fsprogs, libxml2, lzo, openssl, sharutils, xz, zlib, zstd, # Optional but increases closure only negligibly. xarSupport ? true, @@ -22,7 +22,7 @@ stdenv.mkDerivation rec { outputs = [ "out" "lib" "dev" ]; nativeBuildInputs = [ pkgconfig autoreconfHook ]; - buildInputs = [ sharutils zlib bzip2 openssl xz lzo ] + buildInputs = [ sharutils zlib bzip2 openssl xz lzo zstd ] ++ stdenv.lib.optionals stdenv.isLinux [ e2fsprogs attr acl ] ++ stdenv.lib.optional xarSupport libxml2; diff --git a/pkgs/development/libraries/libdap/default.nix b/pkgs/development/libraries/libdap/default.nix index 27084e54a827..bc05e774cd86 100644 --- a/pkgs/development/libraries/libdap/default.nix +++ b/pkgs/development/libraries/libdap/default.nix @@ -1,7 +1,7 @@ { stdenv, fetchurl, bison, libuuid, curl, libxml2, flex }: stdenv.mkDerivation rec { - version = "3.20.5"; + version = "3.20.6"; pname = "libdap"; nativeBuildInputs = [ bison flex ]; @@ -9,7 +9,7 @@ stdenv.mkDerivation rec { src = fetchurl { url = "https://www.opendap.org/pub/source/${pname}-${version}.tar.gz"; - sha256 = "15jysnsmdjs7q4iafb4qzq4b76cfyvmbxgcxnqg4sr0x4bplwfnb"; + sha256 = "0jn5bi8k2lq6mmrsw7r1r5aviyf8gb39b2iy20v4kpkj5napzk1m"; }; meta = with stdenv.lib; { diff --git a/pkgs/development/libraries/libexif/default.nix b/pkgs/development/libraries/libexif/default.nix index 090c6a2fff34..fd2ed39e34a4 100644 --- a/pkgs/development/libraries/libexif/default.nix +++ b/pkgs/development/libraries/libexif/default.nix @@ -1,45 +1,24 @@ -{ stdenv, fetchurl, fetchpatch, gettext }: +{ stdenv, fetchFromGitHub, autoreconfHook, gettext }: stdenv.mkDerivation rec { - name = "libexif-0.6.21"; + pname = "libexif"; + version = "0.6.22"; - src = fetchurl { - url = "mirror://sourceforge/libexif/${name}.tar.bz2"; - sha256 = "06nlsibr3ylfwp28w8f5466l6drgrnydgxrm4jmxzrmk5svaxk8n"; + src = fetchFromGitHub { + owner = pname; + repo = pname; + rev = "${pname}-${builtins.replaceStrings ["."] ["_"] version}-release"; + sha256 = "0mzndakdi816zcs13z7yzp7hj031p2dcyfq2p391r63d9z21jmy1"; }; - patches = [ - (fetchpatch { - name = "CVE-2017-7544.patch"; - url = "https://github.com/libexif/libexif/commit/c39acd1692023b26290778a02a9232c873f9d71a.patch"; - sha256 = "0xgx6ly2i4q05shb61mfx6njwf1yp347jkznm0ka4m85i41xm6sd"; - }) - (fetchpatch { - name = "CVE-2018-20030-1.patch"; - url = "https://github.com/libexif/libexif/commit/5d28011c40ec86cf52cffad541093d37c263898a.patch"; - sha256 = "1wv8s962wmbn2m2xypgirf12g6msrbplpsmd5bh86irfwhkcppj3"; - }) - (fetchpatch { - name = "CVE-2018-20030-2.patch"; - url = "https://github.com/libexif/libexif/commit/6aa11df549114ebda520dde4cdaea2f9357b2c89.patch"; - sha256 = "01aqvz63glwq6wg0wr7ykqqghb4abgq77ghvhizbzadg1k4h7drx"; - excludes = [ "NEWS" ]; - }) - (fetchpatch { - name = "CVE-2019-9278.patch"; - url = "https://github.com/libexif/libexif/commit/75aa73267fdb1e0ebfbc00369e7312bac43d0566.patch"; - sha256 = "10ikg33mips5zq9as7l9xqnyzbg1wwr4sw17517nzf4hafjpasrj"; - }) - ]; + nativeBuildInputs = [ autoreconfHook gettext ]; - buildInputs = [ gettext ]; - - meta = { + meta = with stdenv.lib; { homepage = "https://libexif.github.io/"; description = "A library to read and manipulate EXIF data in digital photographs"; - license = stdenv.lib.licenses.lgpl21; - platforms = stdenv.lib.platforms.unix; - maintainers = [ stdenv.lib.maintainers.erictapen ]; + license = licenses.lgpl21; + platforms = platforms.unix; + maintainers = with maintainers; [ erictapen ]; }; } diff --git a/pkgs/development/libraries/libgpg-error/default.nix b/pkgs/development/libraries/libgpg-error/default.nix index e170e4931b83..1e49a72096a3 100644 --- a/pkgs/development/libraries/libgpg-error/default.nix +++ b/pkgs/development/libraries/libgpg-error/default.nix @@ -1,4 +1,4 @@ -{ stdenv, lib, buildPackages, fetchurl, gettext, fetchpatch +{ stdenv, lib, buildPackages, fetchurl, gettext , genPosixLockObjOnly ? false }: let genPosixLockObjOnlyAttrs = lib.optionalAttrs genPosixLockObjOnly { @@ -17,25 +17,14 @@ }; in stdenv.mkDerivation (rec { pname = "libgpg-error"; - version = "1.36"; + version = "1.38"; src = fetchurl { url = "mirror://gnupg/${pname}/${pname}-${version}.tar.bz2"; - sha256 = "0z696dmhfxm2n6pmr8b857wwljq9h633yi99bhbn7h88f91rigds"; + sha256 = "00px79xzyc5lj8aig7i4fhk29h1lkqp4840wjfgi9mv9m9sq566q"; }; - # Remove gawk buildfix on > 1.36 - patches = [ - (fetchpatch { - url = "https://dev.gnupg.org/rE7865041c77f4f7005282f10f9b6666b19072fbdf?diff=1"; - sha256 = "0hs4rpwqq2afpsbqliq451jjaysq2iyzxvd9sx3992b4vnllgqqq"; - }) - ]; - postPatch = '' - # Remove on > 1.36 release: gawk upgrade fix didn't include Makefile regeneration - sed 's/-v namespace=errnos_/-v pkg_namespace=errnos_/' -i src/Makefile.in - sed '/BUILD_TIMESTAMP=/s/=.*/=1970-01-01T00:01+0000/' -i ./configure '' + lib.optionalString (stdenv.hostPlatform.isAarch32 && stdenv.buildPlatform != stdenv.hostPlatform) '' ln -s lock-obj-pub.arm-unknown-linux-gnueabi.h src/syscfg/lock-obj-pub.linux-gnueabihf.h diff --git a/pkgs/development/libraries/libheif/default.nix b/pkgs/development/libraries/libheif/default.nix index b5717034da0e..d147820cff1c 100644 --- a/pkgs/development/libraries/libheif/default.nix +++ b/pkgs/development/libraries/libheif/default.nix @@ -2,7 +2,7 @@ stdenv.mkDerivation rec { pname = "libheif"; - version = "1.6.2"; + version = "1.7.0"; outputs = [ "bin" "out" "dev" "man" ]; @@ -10,7 +10,7 @@ stdenv.mkDerivation rec { owner = "strukturag"; repo = "libheif"; rev = "v${version}"; - sha256 = "0ngbzban585hsgs6fb6fkhccc91kxn1n59qvqjp8bw41l24i3nr2"; + sha256 = "0alri5h486ck9b5z6wwrmlpzydhz58l223z3zxkizqrzxlllhr6p"; }; nativeBuildInputs = [ autoreconfHook pkgconfig ]; diff --git a/pkgs/development/libraries/liblastfm/default.nix b/pkgs/development/libraries/liblastfm/default.nix index 762e707528a6..830e125685e7 100644 --- a/pkgs/development/libraries/liblastfm/default.nix +++ b/pkgs/development/libraries/liblastfm/default.nix @@ -1,27 +1,24 @@ -{ stdenv, fetchurl, pkgconfig, which, cmake +{ stdenv, fetchFromGitHub, fetchpatch, pkgconfig, which, cmake , fftwSinglePrec, libsamplerate, qtbase , darwin }: -let version = "1.1.0"; in - stdenv.mkDerivation rec { - pname = "liblastfm"; - inherit version; + pname = "liblastfm-unstable"; + version = "2019-08-23"; - # Upstream does not package git tags as tarballs. Get tarball from github. - src = fetchurl { - url = "https://github.com/lastfm/liblastfm/tarball/${version}"; - name = "${pname}-${version}.tar.gz"; - sha256 = "1j34xc30vg7sfszm2jx9mlz9hy7p1l929fka9wnfcpbib8gfi43x"; + src = fetchFromGitHub { + owner = "lastfm"; + repo = "liblastfm"; + rev = "2ce2bfe1879227af8ffafddb82b218faff813db9"; + sha256 = "1crih9xxf3rb109aqw12bjqv47z28lvlk2dpvyym5shf82nz6yd0"; }; - postPatch = '' - substituteInPlace CMakeLists.txt \ - --replace 'find_package(Qt5Core QUIET)' \ - 'find_package(Qt5 REQUIRED COMPONENTS Core Network Sql Test Xml)' - ''; + patches = [(fetchpatch { + url = "https://github.com/lastfm/liblastfm/commit/9c5d072b55f2863310e40291677e6397e9cbc3c2.patch"; + name = "0001-Remove-deprecated-staging-server-and-fix-test-for-QT5-at-Ubuntu-19.10.patch"; + sha256 = "04r14prydxshjgfws3pjajjmp2msszhjjs1mjh8s66yg29vq620l"; + })]; - prefixKey = "--prefix "; nativeBuildInputs = [ pkgconfig which cmake ]; buildInputs = [ fftwSinglePrec libsamplerate qtbase ] ++ stdenv.lib.optional stdenv.isDarwin darwin.apple_sdk.frameworks.SystemConfiguration; @@ -31,7 +28,7 @@ stdenv.mkDerivation rec { repositories.git = "git://github.com/lastfm/liblastfm.git"; description = "Official LastFM library"; platforms = platforms.unix; - maintainers = [ maintainers.phreedom ]; + maintainers = [ maintainers.phreedom ]; license = licenses.gpl3; }; } diff --git a/pkgs/development/libraries/libpcap/default.nix b/pkgs/development/libraries/libpcap/default.nix index 35cf4485f72e..d9cb91e4fb3b 100644 --- a/pkgs/development/libraries/libpcap/default.nix +++ b/pkgs/development/libraries/libpcap/default.nix @@ -24,12 +24,14 @@ stdenv.mkDerivation rec { ] ++ optionals (stdenv.hostPlatform == stdenv.buildPlatform) [ "ac_cv_linux_vers=2" ]; - dontStrip = stdenv.hostPlatform != stdenv.buildPlatform; - prePatch = optionalString stdenv.isDarwin '' substituteInPlace configure --replace " -arch i386" "" ''; + postInstall = '' + rm -f $out/lib/libpcap.a + ''; + meta = { homepage = "https://www.tcpdump.org"; description = "Packet Capture Library"; diff --git a/pkgs/development/libraries/librealsense/default.nix b/pkgs/development/libraries/librealsense/default.nix index 8fd90c60bdad..21f80f80efa0 100644 --- a/pkgs/development/libraries/librealsense/default.nix +++ b/pkgs/development/libraries/librealsense/default.nix @@ -2,7 +2,7 @@ stdenv.mkDerivation rec { pname = "librealsense"; - version = "2.34.0"; + version = "2.35.2"; outputs = [ "out" "dev" ]; @@ -10,7 +10,7 @@ stdenv.mkDerivation rec { owner = "IntelRealSense"; repo = pname; rev = "v${version}"; - sha256 = "0bi7pszrryz18aqna0z73mb1hzz2vqdb0m00pf93hnwc2hba7hwm"; + sha256 = "14vf76vlyhh7b4yjzsnqpg1x3wdhwxrf1syvgf8wyxbjwb9plw82"; }; buildInputs = [ diff --git a/pkgs/development/libraries/libssh2/CVE-2019-17498.patch b/pkgs/development/libraries/libssh2/CVE-2019-17498.patch new file mode 100644 index 000000000000..8681c3ef6091 --- /dev/null +++ b/pkgs/development/libraries/libssh2/CVE-2019-17498.patch @@ -0,0 +1,210 @@ +From b9aa7c2495694d0527e4e7fd560a3f0f18556c72 Mon Sep 17 00:00:00 2001 +From: Will Cosgrove <will@panic.com> +Date: Thu, 29 Aug 2019 15:14:19 -0700 +Subject: [PATCH 1/5] packet.c: improve parsing of packets + +file: packet.c + +notes: +Use _libssh2_get_string API in SSH_MSG_DEBUG, additional uint32 bounds check in SSH_MSG_GLOBAL_REQUEST +--- + src/packet.c | 30 +++++++++++++++--------------- + 1 file changed, 15 insertions(+), 15 deletions(-) + +diff --git a/src/packet.c b/src/packet.c +index 38ab62944..ac69768cd 100644 +--- a/src/packet.c ++++ b/src/packet.c +@@ -537,26 +537,26 @@ _libssh2_packet_add(LIBSSH2_SESSION * session, unsigned char *data, + case SSH_MSG_DEBUG: + if(datalen >= 2) { + int always_display = data[1]; +- ++ + if(datalen >= 6) { +- message_len = _libssh2_ntohu32(data + 2); +- +- if(message_len <= (datalen - 10)) { +- /* 6 = packet_type(1) + display(1) + message_len(4) */ +- message = (char *) data + 6; +- language_len = _libssh2_ntohu32(data + 6 + +- message_len); +- +- if(language_len <= (datalen - 10 - message_len)) +- language = (char *) data + 10 + message_len; +- } ++ struct string_buf buf; ++ buf.data = (unsigned char *)data; ++ buf.dataptr = buf.data; ++ buf.len = datalen; ++ buf.dataptr += 2; /* advance past type & always display */ ++ ++ _libssh2_get_string(&buf, &message, &message_len); ++ _libssh2_get_string(&buf, &language, &language_len); + } + + if(session->ssh_msg_debug) { +- LIBSSH2_DEBUG(session, always_display, message, +- message_len, language, language_len); ++ LIBSSH2_DEBUG(session, always_display, ++ (const char *)message, ++ message_len, (const char *)language, ++ language_len); + } + } ++ + /* + * _libssh2_debug will actually truncate this for us so + * that it's not an inordinate about of data +@@ -579,7 +579,7 @@ _libssh2_packet_add(LIBSSH2_SESSION * session, unsigned char *data, + uint32_t len = 0; + unsigned char want_reply = 0; + len = _libssh2_ntohu32(data + 1); +- if(datalen >= (6 + len)) { ++ if((len <= (UINT_MAX - 6) && (datalen >= (6 + len))) { + want_reply = data[5 + len]; + _libssh2_debug(session, + LIBSSH2_TRACE_CONN, + +From 8b3cf0b17c1b84a138bed9423a9e0743452b4de9 Mon Sep 17 00:00:00 2001 +From: Will Cosgrove <will@panic.com> +Date: Thu, 29 Aug 2019 15:15:33 -0700 +Subject: [PATCH 2/5] stray whitespace + +--- + src/packet.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/src/packet.c b/src/packet.c +index ac69768cd..8908b2c5a 100644 +--- a/src/packet.c ++++ b/src/packet.c +@@ -537,7 +537,7 @@ _libssh2_packet_add(LIBSSH2_SESSION * session, unsigned char *data, + case SSH_MSG_DEBUG: + if(datalen >= 2) { + int always_display = data[1]; +- ++ + if(datalen >= 6) { + struct string_buf buf; + buf.data = (unsigned char *)data; + +From 1c6fa92b77e34d089493fe6d3e2c6c8775858b94 Mon Sep 17 00:00:00 2001 +From: Will Cosgrove <will@panic.com> +Date: Thu, 29 Aug 2019 15:24:22 -0700 +Subject: [PATCH 3/5] fixed type issue, updated SSH_MSG_DISCONNECT + +SSH_MSG_DISCONNECT now also uses _libssh2_get API. +--- + src/packet.c | 40 +++++++++++++++------------------------- + 1 file changed, 15 insertions(+), 25 deletions(-) + +diff --git a/src/packet.c b/src/packet.c +index 8908b2c5a..97f0cdd4b 100644 +--- a/src/packet.c ++++ b/src/packet.c +@@ -419,8 +419,8 @@ _libssh2_packet_add(LIBSSH2_SESSION * session, unsigned char *data, + size_t datalen, int macstate) + { + int rc = 0; +- char *message = NULL; +- char *language = NULL; ++ unsigned char *message = NULL; ++ unsigned char *language = NULL; + size_t message_len = 0; + size_t language_len = 0; + LIBSSH2_CHANNEL *channelp = NULL; +@@ -472,33 +472,23 @@ _libssh2_packet_add(LIBSSH2_SESSION * session, unsigned char *data, + + case SSH_MSG_DISCONNECT: + if(datalen >= 5) { +- size_t reason = _libssh2_ntohu32(data + 1); ++ uint32_t reason = 0; ++ struct string_buf buf; ++ buf.data = (unsigned char *)data; ++ buf.dataptr = buf.data; ++ buf.len = datalen; ++ buf.dataptr++; /* advance past type */ + +- if(datalen >= 9) { +- message_len = _libssh2_ntohu32(data + 5); ++ _libssh2_get_u32(&buf, &reason); ++ _libssh2_get_string(&buf, &message, &message_len); ++ _libssh2_get_string(&buf, &language, &language_len); + +- if(message_len < datalen-13) { +- /* 9 = packet_type(1) + reason(4) + message_len(4) */ +- message = (char *) data + 9; +- +- language_len = +- _libssh2_ntohu32(data + 9 + message_len); +- language = (char *) data + 9 + message_len + 4; +- +- if(language_len > (datalen-13-message_len)) { +- /* bad input, clear info */ +- language = message = NULL; +- language_len = message_len = 0; +- } +- } +- else +- /* bad size, clear it */ +- message_len = 0; +- } + if(session->ssh_msg_disconnect) { +- LIBSSH2_DISCONNECT(session, reason, message, +- message_len, language, language_len); ++ LIBSSH2_DISCONNECT(session, reason, (const char *)message, ++ message_len, (const char *)language, ++ language_len); + } ++ + _libssh2_debug(session, LIBSSH2_TRACE_TRANS, + "Disconnect(%d): %s(%s)", reason, + message, language); + +From 77616117cc9dbbdd0fe1157098435bff73a83a0f Mon Sep 17 00:00:00 2001 +From: Will Cosgrove <will@panic.com> +Date: Thu, 29 Aug 2019 15:26:32 -0700 +Subject: [PATCH 4/5] fixed stray ( + +bad paste +--- + src/packet.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/src/packet.c b/src/packet.c +index 97f0cdd4b..bd4c39e46 100644 +--- a/src/packet.c ++++ b/src/packet.c +@@ -569,7 +569,7 @@ _libssh2_packet_add(LIBSSH2_SESSION * session, unsigned char *data, + uint32_t len = 0; + unsigned char want_reply = 0; + len = _libssh2_ntohu32(data + 1); +- if((len <= (UINT_MAX - 6) && (datalen >= (6 + len))) { ++ if(len <= (UINT_MAX - 6) && datalen >= (6 + len)) { + want_reply = data[5 + len]; + _libssh2_debug(session, + LIBSSH2_TRACE_CONN, + +From 436c45dc143cadc8c59afac6c4255be332856581 Mon Sep 17 00:00:00 2001 +From: Will Cosgrove <will@panic.com> +Date: Thu, 29 Aug 2019 15:29:00 -0700 +Subject: [PATCH 5/5] added additional parentheses for clarity + +--- + src/packet.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/src/packet.c b/src/packet.c +index bd4c39e46..2e01bfc5d 100644 +--- a/src/packet.c ++++ b/src/packet.c +@@ -569,7 +569,7 @@ _libssh2_packet_add(LIBSSH2_SESSION * session, unsigned char *data, + uint32_t len = 0; + unsigned char want_reply = 0; + len = _libssh2_ntohu32(data + 1); +- if(len <= (UINT_MAX - 6) && datalen >= (6 + len)) { ++ if((len <= (UINT_MAX - 6)) && (datalen >= (6 + len))) { + want_reply = data[5 + len]; + _libssh2_debug(session, + LIBSSH2_TRACE_CONN, diff --git a/pkgs/development/libraries/libssh2/default.nix b/pkgs/development/libraries/libssh2/default.nix index 5cc0232e17de..8ce9c814df05 100644 --- a/pkgs/development/libraries/libssh2/default.nix +++ b/pkgs/development/libraries/libssh2/default.nix @@ -15,12 +15,8 @@ stdenv.mkDerivation rec { ++ stdenv.lib.optional stdenv.hostPlatform.isMinGW windows.mingw_w64; patches = [ - # not able to use fetchpatch here: infinite recursion - (fetchurl { - name = "CVE-2019-17498.patch"; - url = "https://github.com/libssh2/libssh2/pull/402.patch"; - sha256 = "1n9s2mcz5dkw0xpm3c5x4hzj8bar4i6z0pr1rmqjplhfg888vdvc"; - }) + # Not able to use fetchpatch here: infinite recursion + ./CVE-2019-17498.patch ]; meta = with stdenv.lib; { diff --git a/pkgs/development/libraries/libu2f-host/default.nix b/pkgs/development/libraries/libu2f-host/default.nix index 3becd075b255..f033aa9f610f 100644 --- a/pkgs/development/libraries/libu2f-host/default.nix +++ b/pkgs/development/libraries/libu2f-host/default.nix @@ -14,10 +14,6 @@ stdenv.mkDerivation rec { doCheck = true; - postInstall = '' - install -D -t $out/lib/udev/rules.d 70-u2f.rules - ''; - meta = with stdenv.lib; { homepage = "https://developers.yubico.com/libu2f-host"; description = "A C library and command-line tool that implements the host-side of the U2F protocol"; diff --git a/pkgs/development/libraries/libxslt/default.nix b/pkgs/development/libraries/libxslt/default.nix index a03fca12581f..cf91d7656bf0 100644 --- a/pkgs/development/libraries/libxslt/default.nix +++ b/pkgs/development/libraries/libxslt/default.nix @@ -1,10 +1,8 @@ -{ stdenv, fetchurl, fetchpatch, libxml2, findXMLCatalogs, python, libgcrypt +{ stdenv, fetchurl, fetchpatch, libxml2, findXMLCatalogs, gettext, python, libgcrypt , cryptoSupport ? false , pythonSupport ? stdenv.buildPlatform == stdenv.hostPlatform }: -with stdenv.lib; - stdenv.mkDerivation rec { pname = "libxslt"; version = "1.1.34"; @@ -17,6 +15,7 @@ stdenv.mkDerivation rec { outputs = [ "bin" "dev" "out" "man" "doc" ] ++ stdenv.lib.optional pythonSupport "py"; buildInputs = [ libxml2.dev ] + ++ stdenv.lib.optional stdenv.isDarwin gettext ++ stdenv.lib.optionals pythonSupport [ libxml2.py python ] ++ stdenv.lib.optionals cryptoSupport [ libgcrypt ]; @@ -27,14 +26,14 @@ stdenv.mkDerivation rec { "--without-debug" "--without-mem-debug" "--without-debugger" - ] ++ optional pythonSupport "--with-python=${python}" - ++ optional (!cryptoSupport) "--without-crypto"; + ] ++ stdenv.lib.optional pythonSupport "--with-python=${python}" + ++ stdenv.lib.optional (!cryptoSupport) "--without-crypto"; postFixup = '' moveToOutput bin/xslt-config "$dev" moveToOutput lib/xsltConf.sh "$dev" moveToOutput share/man/man1 "$bin" - '' + optionalString pythonSupport '' + '' + stdenv.lib.optionalString pythonSupport '' mkdir -p $py/nix-support echo ${libxml2.py} >> $py/nix-support/propagated-build-inputs moveToOutput ${python.libPrefix} "$py" diff --git a/pkgs/development/libraries/mesa/default.nix b/pkgs/development/libraries/mesa/default.nix index aa70e9e5a549..03977c74f11d 100644 --- a/pkgs/development/libraries/mesa/default.nix +++ b/pkgs/development/libraries/mesa/default.nix @@ -11,6 +11,8 @@ , eglPlatforms ? [ "x11" "surfaceless" ] ++ lib.optionals stdenv.isLinux [ "wayland" "drm" ] , OpenGL, Xplugin , withValgrind ? stdenv.hostPlatform.isLinux && !stdenv.hostPlatform.isAarch32, valgrind-light +, enableGalliumNine ? stdenv.isLinux +, enableOSMesa ? stdenv.isLinux }: /** Packaging design: @@ -27,7 +29,9 @@ with stdenv.lib; let - version = "20.0.2"; + # Release calendar: https://www.mesa3d.org/release-calendar.html + # Release frequency: https://www.mesa3d.org/releasing.html#schedule + version = "20.0.7"; # Update only to the final (last planned) release (i.e. X.Y.MAX)? branch = versions.major version; in @@ -37,12 +41,12 @@ stdenv.mkDerivation { src = fetchurl { urls = [ + "https://mesa.freedesktop.org/archive/mesa-${version}.tar.xz" "ftp://ftp.freedesktop.org/pub/mesa/mesa-${version}.tar.xz" "ftp://ftp.freedesktop.org/pub/mesa/${version}/mesa-${version}.tar.xz" "ftp://ftp.freedesktop.org/pub/mesa/older-versions/${branch}.x/${version}/mesa-${version}.tar.xz" - "https://mesa.freedesktop.org/archive/mesa-${version}.tar.xz" ]; - sha256 = "0vz8k07d23qdwy67fnna9y0ynnni0m8lgswcmdm60l4mcv5z2m5a"; + sha256 = "0y517qpdg6v6dsdgzb365p03m30511sbyh8pq0mcvhvjwy7javpy"; }; prePatch = "patchShebangs ."; @@ -79,7 +83,7 @@ stdenv.mkDerivation { "find_program('${buildPackages.pkg-config.targetPrefix}pkg-config')" ''; - outputs = [ "out" "dev" "drivers" "osmesa" ]; + outputs = [ "out" "dev" "drivers" ] ++ lib.optional enableOSMesa "osmesa"; # TODO: Figure out how to enable opencl without having a runtime dependency on clang mesonFlags = [ @@ -103,10 +107,10 @@ stdenv.mkDerivation { "-Domx-libs-path=${placeholder "drivers"}/lib/bellagio" "-Dva-libs-path=${placeholder "drivers"}/lib/dri" "-Dd3d-drivers-path=${placeholder "drivers"}/lib/d3d" + "-Dgallium-nine=${if enableGalliumNine then "true" else "false"}" # Direct3D in Wine + "-Dosmesa=${if enableOSMesa then "gallium" else "none"}" # used by wine ] ++ optionals stdenv.isLinux [ "-Dglvnd=true" - "-Dosmesa=gallium" # used by wine - "-Dgallium-nine=true" # Direct3D in Wine ]; buildInputs = with xorg; [ @@ -142,17 +146,17 @@ stdenv.mkDerivation { '' + optionalString stdenv.isLinux '' mkdir -p $drivers/lib - # move gallium-related stuff to $drivers, so $out doesn't depend on LLVM - mv -t $drivers/lib \ - $out/lib/libxatracker* \ - $out/lib/libvulkan_* - - # Move other drivers to a separate output - mv $out/lib/lib*_mesa* $drivers/lib + if [ -n "$(shopt -s nullglob; echo "$out/lib/libxatracker"*)" -o -n "$(shopt -s nullglob; echo "$out/lib/libvulkan_"*)" ]; then + # move gallium-related stuff to $drivers, so $out doesn't depend on LLVM + mv -t $drivers/lib \ + $out/lib/libxatracker* \ + $out/lib/libvulkan_* + fi - # move libOSMesa to $osmesa, as it's relatively big - mkdir -p $osmesa/lib - mv -t $osmesa/lib/ $out/lib/libOSMesa* + if [ -n "$(shopt -s nullglob; echo "$out"/lib/lib*_mesa*)" ]; then + # Move other drivers to a separate output + mv $out/lib/lib*_mesa* $drivers/lib + fi # move vendor files mv $out/share/ $drivers/ @@ -167,6 +171,10 @@ stdenv.mkDerivation { for js in $drivers/share/vulkan/icd.d/*.json; do substituteInPlace "$js" --replace "$out" "$drivers" done + '' + lib.optionalString enableOSMesa '' + # move libOSMesa to $osmesa, as it's relatively big + mkdir -p $osmesa/lib + mv -t $osmesa/lib/ $out/lib/libOSMesa* ''; # TODO: @@ -181,7 +189,9 @@ stdenv.mkDerivation { # Update search path used by pkg-config for pc in $dev/lib/pkgconfig/{d3d,dri,xatracker}.pc; do - substituteInPlace "$pc" --replace $out $drivers + if [ -f "$pc" ]; then + substituteInPlace "$pc" --replace $out $drivers + fi done # add RPATH so the drivers can find the moved libgallium and libdricore9 @@ -215,6 +225,6 @@ stdenv.mkDerivation { changelog = "https://www.mesa3d.org/relnotes/${version}.html"; license = licenses.mit; # X11 variant, in most files platforms = platforms.mesaPlatforms; - maintainers = with maintainers; [ vcunat ]; + maintainers = with maintainers; [ primeos vcunat ]; # Help is welcome :) }; } diff --git a/pkgs/development/libraries/nss/default.nix b/pkgs/development/libraries/nss/default.nix index 622d11c31605..4ec5518008a1 100644 --- a/pkgs/development/libraries/nss/default.nix +++ b/pkgs/development/libraries/nss/default.nix @@ -5,7 +5,7 @@ let url = "http://dev.gentoo.org/~polynomial-c/mozilla/nss-3.15.4-pem-support-20140109.patch.xz"; sha256 = "10ibz6y0hknac15zr6dw4gv9nb5r5z9ym6gq18j3xqx7v7n3vpdw"; }; - version = "3.52"; + version = "3.52.1"; underscoreVersion = builtins.replaceStrings ["."] ["_"] version; in stdenv.mkDerivation rec { @@ -14,7 +14,7 @@ in stdenv.mkDerivation rec { src = fetchurl { url = "mirror://mozilla/security/nss/releases/NSS_${underscoreVersion}_RTM/src/${pname}-${version}.tar.gz"; - sha256 = "0q8m9jf6zgkbhx71myjb7y0gcl5ib3gj6qkl9yvdqpd6vl6fn2ha"; + sha256 = "0y4jb9095f7bbgw7d7kvzm4c3g4p5i6y68fwhb8wlkpb7b1imj5w"; }; depsBuildBuild = [ buildPackages.stdenv.cc ]; diff --git a/pkgs/development/libraries/openh264/default.nix b/pkgs/development/libraries/openh264/default.nix index e038bb7f66de..ee430f800dd3 100644 --- a/pkgs/development/libraries/openh264/default.nix +++ b/pkgs/development/libraries/openh264/default.nix @@ -2,13 +2,13 @@ stdenv.mkDerivation rec { pname = "openh264"; - version = "2.1.0"; + version = "2.1.1"; src = fetchFromGitHub { owner = "cisco"; repo = pname; rev = "v${version}"; - sha256 = "1wba260n1932vafd5ni2jqv9kzc7lj6a1asm1cqk8jv690m6zvpi"; + sha256 = "0ffav46pz3sbj92nipd62z03fibyqgclfq9w8lgr80s6za6zdk5s"; }; nativeBuildInputs = [ nasm ]; diff --git a/pkgs/development/libraries/pcre2/default.nix b/pkgs/development/libraries/pcre2/default.nix index 6c5d526d523b..d39b91355b98 100644 --- a/pkgs/development/libraries/pcre2/default.nix +++ b/pkgs/development/libraries/pcre2/default.nix @@ -2,10 +2,10 @@ stdenv.mkDerivation rec { pname = "pcre2"; - version = "10.34"; + version = "10.35"; src = fetchurl { url = "https://ftp.pcre.org/pub/pcre/${pname}-${version}.tar.bz2"; - sha256 = "1jlqnzcz2yi70dm40wyfa9w8is9z2kh4dl8zjnv3vqd9mgzp7i3l"; + sha256 = "04s6kmk9qdd4rjz477h547j4bx7hfz0yalpvrm381rqc5ghaijww"; }; configureFlags = [ diff --git a/pkgs/development/libraries/readline/6.3.nix b/pkgs/development/libraries/readline/6.3.nix index 3f3503bb2ba6..2b0cf978d43e 100644 --- a/pkgs/development/libraries/readline/6.3.nix +++ b/pkgs/development/libraries/readline/6.3.nix @@ -32,10 +32,6 @@ stdenv.mkDerivation { in import ./readline-6.3-patches.nix patch); - # Don't run the native `strip' when cross-compiling. - dontStrip = stdenv.hostPlatform != stdenv.buildPlatform; - bash_cv_func_sigsetjmp = if stdenv.isCygwin then "missing" else null; - meta = with stdenv.lib; { description = "Library for interactive line editing"; diff --git a/pkgs/development/libraries/readline/7.0.nix b/pkgs/development/libraries/readline/7.0.nix index c4bcda0110a4..248ef55cce88 100644 --- a/pkgs/development/libraries/readline/7.0.nix +++ b/pkgs/development/libraries/readline/7.0.nix @@ -32,10 +32,6 @@ stdenv.mkDerivation rec { ] ++ upstreamPatches; - # Don't run the native `strip' when cross-compiling. - dontStrip = stdenv.hostPlatform != stdenv.buildPlatform; - bash_cv_func_sigsetjmp = if stdenv.isCygwin then "missing" else null; - meta = with stdenv.lib; { description = "Library for interactive line editing"; diff --git a/pkgs/development/libraries/readline/8.0.nix b/pkgs/development/libraries/readline/8.0.nix index 23075abd6f2e..6e1182647c29 100644 --- a/pkgs/development/libraries/readline/8.0.nix +++ b/pkgs/development/libraries/readline/8.0.nix @@ -32,10 +32,6 @@ stdenv.mkDerivation rec { ] ++ upstreamPatches; - # Don't run the native `strip' when cross-compiling. - dontStrip = stdenv.hostPlatform != stdenv.buildPlatform; - bash_cv_func_sigsetjmp = if stdenv.isCygwin then "missing" else null; - meta = with stdenv.lib; { description = "Library for interactive line editing"; diff --git a/pkgs/development/libraries/sqlite/analyzer.nix b/pkgs/development/libraries/sqlite/analyzer.nix index 4e37febbe756..cf8a9aaa7326 100644 --- a/pkgs/development/libraries/sqlite/analyzer.nix +++ b/pkgs/development/libraries/sqlite/analyzer.nix @@ -6,11 +6,11 @@ in stdenv.mkDerivation rec { pname = "sqlite-analyzer"; - version = "3.31.1"; + version = "3.32.2"; src = assert version == sqlite.version; fetchurl { url = "https://sqlite.org/2020/sqlite-src-${archiveVersion version}.zip"; - sha256 = "0n7f3w59gr80s6k4l5a9bp2s97dlfapfbhb3qdhak6axhn127p7j"; + sha256 = "1jqhs896cvp9l399mjpbv1x2qbfvq875l1vrgnl3zc4ffdjxs9z0"; }; nativeBuildInputs = [ unzip ]; diff --git a/pkgs/development/libraries/sqlite/default.nix b/pkgs/development/libraries/sqlite/default.nix index 245c55e9ea88..35d3d062ab78 100644 --- a/pkgs/development/libraries/sqlite/default.nix +++ b/pkgs/development/libraries/sqlite/default.nix @@ -10,12 +10,12 @@ in stdenv.mkDerivation rec { pname = "sqlite"; - version = "3.31.1"; + version = "3.32.2"; # NB! Make sure to update analyzer.nix src (in the same directory). src = fetchurl { url = "https://sqlite.org/2020/sqlite-autoconf-${archiveVersion version}.tar.gz"; - sha256 = "1bj936svd8i5g25xd1bj52hj4zca01fgl3sqkj86z9q5pkz4wa32"; + sha256 = "1130bcd70s2vlsq0d638pb5qrw9kwqvjswnp2dfypghx9hjz3gid"; }; outputs = [ "bin" "dev" "out" ]; diff --git a/pkgs/development/libraries/trompeloeil/default.nix b/pkgs/development/libraries/trompeloeil/default.nix index 782af4ab0331..625b16cc99a0 100644 --- a/pkgs/development/libraries/trompeloeil/default.nix +++ b/pkgs/development/libraries/trompeloeil/default.nix @@ -2,13 +2,13 @@ stdenv.mkDerivation rec { pname = "trompeloeil"; - version = "37"; + version = "38"; src = fetchFromGitHub { owner = "rollbear"; repo = "trompeloeil"; rev = "v${version}"; - sha256 = "04f9vpzh4fc15w4ynirzs9ipm9r31dbggb2zilmk0fj4qr79am42"; + sha256 = "068q4xx09vwjs7i89w47qzymdb4l6jqi27gx2jmd3yb6fp2k7nsb"; }; nativeBuildInputs = [ cmake ]; |