about summary refs log tree commit diff
path: root/pkgs/servers
diff options
context:
space:
mode:
Diffstat (limited to 'pkgs/servers')
-rw-r--r--pkgs/servers/beanstalkd/default.nix2
-rw-r--r--pkgs/servers/firebird/default.nix4
-rw-r--r--pkgs/servers/gpm/default.nix2
-rw-r--r--pkgs/servers/http/nginx/generic.nix11
-rw-r--r--pkgs/servers/icecast/default.nix2
-rw-r--r--pkgs/servers/irc/charybdis/default.nix2
-rw-r--r--pkgs/servers/mail/postfix/default.nix6
-rw-r--r--pkgs/servers/mail/postfix/pfixtools.nix2
-rw-r--r--pkgs/servers/memcached/default.nix2
-rw-r--r--pkgs/servers/nosql/mongodb/default.nix3
-rw-r--r--pkgs/servers/nosql/riak/2.1.1.nix2
-rw-r--r--pkgs/servers/openafs-client/default.nix2
-rw-r--r--pkgs/servers/sip/freeswitch/default.nix12
-rw-r--r--pkgs/servers/sql/virtuoso/7.x.nix2
-rw-r--r--pkgs/servers/x11/xorg/builder.sh1
-rw-r--r--pkgs/servers/x11/xorg/default.nix4
-rw-r--r--pkgs/servers/x11/xorg/overrides.nix4
17 files changed, 44 insertions, 19 deletions
diff --git a/pkgs/servers/beanstalkd/default.nix b/pkgs/servers/beanstalkd/default.nix
index cea7ca0b337f..ef4621fb9a65 100644
--- a/pkgs/servers/beanstalkd/default.nix
+++ b/pkgs/servers/beanstalkd/default.nix
@@ -10,6 +10,8 @@ stdenv.mkDerivation rec {
     sha256 = "0n9dlmiddcfl7i0f1lwfhqiwyvf26493fxfcmn8jm30nbqciwfwj";
   };
 
+  hardeningDisable = [ "fortify" ];
+
   meta = with stdenv.lib; {
     homepage = http://kr.github.io/beanstalkd/;
     description = "A simple, fast work queue";
diff --git a/pkgs/servers/firebird/default.nix b/pkgs/servers/firebird/default.nix
index 3e778317169c..3e258ee6d3f1 100644
--- a/pkgs/servers/firebird/default.nix
+++ b/pkgs/servers/firebird/default.nix
@@ -11,7 +11,7 @@
   # icu version missmatch may cause such error when selecting from a table:
   # "Collation unicode for character set utf8 is not installed"
 
-  # icu 3.0 can still be build easily by nix (by dropping the #elif case and
+  # icu 3.0 can still be built easily by nix (by dropping the #elif case and
   # make | make)
   icu ? null
 
@@ -65,6 +65,8 @@ stdenv.mkDerivation rec {
     sha256 = "0887a813wffp44hnc2gmwbc4ylpqw3fh3hz3bf6q3648344a9fdv";
   };
 
+  hardeningDisable = [ "format" ];
+
   # configurePhase = ''
   #   sed -i 's@cp /usr/share/automake-.*@@' autogen.sh
   #   sh autogen.sh $configureFlags --prefix=$out
diff --git a/pkgs/servers/gpm/default.nix b/pkgs/servers/gpm/default.nix
index a9fac485f905..ac5e0b7c1b1c 100644
--- a/pkgs/servers/gpm/default.nix
+++ b/pkgs/servers/gpm/default.nix
@@ -15,6 +15,8 @@ stdenv.mkDerivation rec {
   nativeBuildInputs = [ automake autoconf libtool flex bison texinfo ];
   buildInputs = [ ncurses ];
 
+  hardeningDisable = [ "format" ];
+
   preConfigure = ''
     ./autogen.sh
   '';
diff --git a/pkgs/servers/http/nginx/generic.nix b/pkgs/servers/http/nginx/generic.nix
index 6817f18bd1db..b1d70907e28c 100644
--- a/pkgs/servers/http/nginx/generic.nix
+++ b/pkgs/servers/http/nginx/generic.nix
@@ -49,14 +49,9 @@ stdenv.mkDerivation {
 
   NIX_CFLAGS_COMPILE = [ "-I${libxml2.dev}/include/libxml2" ] ++ optional stdenv.isDarwin "-Wno-error=deprecated-declarations";
 
-  preConfigure = (concatMapStringsSep "\n" (mod: mod.preConfigure or "") modules)
-    + optionalString (hardening && (stdenv.cc.cc.isGNU or false)) ''
-      configureFlagsArray=(
-        --with-cc-opt="-fPIE -fstack-protector-all --param ssp-buffer-size=4 -O2 -D_FORTIFY_SOURCE=2"
-        --with-ld-opt="-pie -Wl,-z,relro,-z,now"
-      )
-    ''
-    ;
+  preConfigure = (concatMapStringsSep "\n" (mod: mod.preConfigure or "") modules);
+
+  hardeningEnable = [ "pie" ];
 
   postInstall = ''
     mv $out/sbin $out/bin
diff --git a/pkgs/servers/icecast/default.nix b/pkgs/servers/icecast/default.nix
index 9beb961de207..d241b59c3feb 100644
--- a/pkgs/servers/icecast/default.nix
+++ b/pkgs/servers/icecast/default.nix
@@ -12,6 +12,8 @@ stdenv.mkDerivation rec {
 
   buildInputs = [ libxml2 libxslt curl libvorbis libtheora speex libkate libopus ];
 
+  hardeningEnable = [ "pie" ];
+
   meta = {
     description = "Server software for streaming multimedia";
 
diff --git a/pkgs/servers/irc/charybdis/default.nix b/pkgs/servers/irc/charybdis/default.nix
index df4250c81fa7..89eeeaecb34a 100644
--- a/pkgs/servers/irc/charybdis/default.nix
+++ b/pkgs/servers/irc/charybdis/default.nix
@@ -21,6 +21,8 @@ stdenv.mkDerivation rec {
     "--with-program-prefix=charybdis-"
   ];
 
+  hardeningDisable = [ "format" ];
+
   buildInputs = [ bison flex openssl ];
 
   meta = with stdenv.lib; {
diff --git a/pkgs/servers/mail/postfix/default.nix b/pkgs/servers/mail/postfix/default.nix
index 99371f41b0f1..43cdffd660cd 100644
--- a/pkgs/servers/mail/postfix/default.nix
+++ b/pkgs/servers/mail/postfix/default.nix
@@ -9,12 +9,11 @@ let
   ccargs = lib.concatStringsSep " " ([
     "-DUSE_TLS" "-DUSE_SASL_AUTH" "-DUSE_CYRUS_SASL" "-I${cyrus_sasl.dev}/include/sasl"
     "-DHAS_DB_BYPASS_MAKEDEFS_CHECK"
-    "-fPIE" "-fstack-protector-all" "--param" "ssp-buffer-size=4" "-O2" "-D_FORTIFY_SOURCE=2"
    ] ++ lib.optional withPgSQL "-DHAS_PGSQL"
      ++ lib.optionals withMySQL [ "-DHAS_MYSQL" "-I${lib.getDev libmysql}/include/mysql" ]
      ++ lib.optional withSQLite "-DHAS_SQLITE");
    auxlibs = lib.concatStringsSep " " ([
-     "-ldb" "-lnsl" "-lresolv" "-lsasl2" "-lcrypto" "-lssl" "-pie" "-Wl,-z,relro,-z,now"
+     "-ldb" "-lnsl" "-lresolv" "-lsasl2" "-lcrypto" "-lssl"
    ] ++ lib.optional withPgSQL "-lpq"
      ++ lib.optional withMySQL "-lmysqlclient"
      ++ lib.optional withSQLite "-lsqlite3");
@@ -35,6 +34,9 @@ in stdenv.mkDerivation rec {
                 ++ lib.optional withMySQL libmysql
                 ++ lib.optional withSQLite sqlite;
 
+  hardeningDisable = [ "format" ];
+  hardeningEnable = [ "pie" ];
+
   patches = [
     ./postfix-script-shell.patch
     ./postfix-3.0-no-warnings.patch
diff --git a/pkgs/servers/mail/postfix/pfixtools.nix b/pkgs/servers/mail/postfix/pfixtools.nix
index 3e7ef9f23db5..b17beeb095f2 100644
--- a/pkgs/servers/mail/postfix/pfixtools.nix
+++ b/pkgs/servers/mail/postfix/pfixtools.nix
@@ -38,6 +38,8 @@ stdenv.mkDerivation {
                       --replace /bin/bash ${bash}/bin/bash;
   '';
 
+  NIX_CFLAGS_COMPILE = "-Wno-error=unused-result";
+
   makeFlags = "DESTDIR=$(out) prefix=";
 
   meta = {
diff --git a/pkgs/servers/memcached/default.nix b/pkgs/servers/memcached/default.nix
index 9d110d9c1461..5e4edd0b0322 100644
--- a/pkgs/servers/memcached/default.nix
+++ b/pkgs/servers/memcached/default.nix
@@ -10,6 +10,8 @@ stdenv.mkDerivation rec {
 
   buildInputs = [cyrus_sasl libevent];
 
+  hardeningEnable = [ "pie" ];
+
   meta = with stdenv.lib; {
     description = "A distributed memory object caching system";
     repositories.git = https://github.com/memcached/memcached.git;
diff --git a/pkgs/servers/nosql/mongodb/default.nix b/pkgs/servers/nosql/mongodb/default.nix
index 127d807133e0..d18de78bdde3 100644
--- a/pkgs/servers/nosql/mongodb/default.nix
+++ b/pkgs/servers/nosql/mongodb/default.nix
@@ -19,6 +19,7 @@ let version = "3.2.1";
       #"stemmer"  -- not nice to package yet (no versioning, no makefile, no shared libs).
       "yaml"
     ] ++ optionals stdenv.isLinux [ "tcmalloc" ];
+
     buildInputs = [
       sasl boost gperftools pcre-cpp snappy
       zlib libyamlcpp sasl openssl libpcap
@@ -92,6 +93,8 @@ in stdenv.mkDerivation rec {
 
   enableParallelBuilding = true;
 
+  hardeningEnable = [ "pie" ];
+
   meta = {
     description = "A scalable, high-performance, open source NoSQL database";
     homepage = http://www.mongodb.org;
diff --git a/pkgs/servers/nosql/riak/2.1.1.nix b/pkgs/servers/nosql/riak/2.1.1.nix
index c62cea180be7..b66e99f0afbe 100644
--- a/pkgs/servers/nosql/riak/2.1.1.nix
+++ b/pkgs/servers/nosql/riak/2.1.1.nix
@@ -34,6 +34,8 @@ stdenv.mkDerivation rec {
 
   src = srcs.riak;
 
+  hardeningDisable = [ "format" ];
+
   postPatch = ''
     sed -i deps/node_package/priv/base/env.sh \
       -e 's@{{platform_data_dir}}@''${RIAK_DATA_DIR:-/var/db/riak}@' \
diff --git a/pkgs/servers/openafs-client/default.nix b/pkgs/servers/openafs-client/default.nix
index 40d3edcf21a4..52a7941d0932 100644
--- a/pkgs/servers/openafs-client/default.nix
+++ b/pkgs/servers/openafs-client/default.nix
@@ -14,6 +14,8 @@ stdenv.mkDerivation rec {
 
   buildInputs = [ ncurses ];
 
+  hardeningDisable = [ "pic" ];
+
   preConfigure = ''
     ln -s "${kernel.dev}/lib/modules/"*/build $TMP/linux
 
diff --git a/pkgs/servers/sip/freeswitch/default.nix b/pkgs/servers/sip/freeswitch/default.nix
index efa70875549f..1cce4c518ea9 100644
--- a/pkgs/servers/sip/freeswitch/default.nix
+++ b/pkgs/servers/sip/freeswitch/default.nix
@@ -1,18 +1,20 @@
 { fetchurl, stdenv, ncurses, curl, pkgconfig, gnutls, readline, openssl, perl, libjpeg
-, libzrtpcpp, gcc48 }:
+, libzrtpcpp }:
 
 stdenv.mkDerivation rec {
-  name = "freeswitch-1.2.3";
+  name = "freeswitch-1.6.6";
 
   src = fetchurl {
-    url = http://files.freeswitch.org/freeswitch-1.2.3.tar.bz2;
+    url = "http://files.freeswitch.org/releases/freeswitch/${name}.tar.bz2";
     sha256 = "0kfvn5f75c6r6yp18almjz9p6llvpm66gpbxcjswrg3ddgbkzg0k";
   };
 
   buildInputs = [ ncurses curl pkgconfig gnutls readline openssl perl libjpeg
-    libzrtpcpp gcc48 ];
+    libzrtpcpp ];
 
-  NIX_CFLAGS_COMPILE = "-Wno-error=cpp";
+  NIX_CFLAGS_COMPILE = "-Wno-error";
+
+  hardeningDisable = [ "format" ];
 
   meta = {
     description = "Cross-Platform Scalable FREE Multi-Protocol Soft Switch";
diff --git a/pkgs/servers/sql/virtuoso/7.x.nix b/pkgs/servers/sql/virtuoso/7.x.nix
index 192bdc9dcb1e..7a8db3f2962c 100644
--- a/pkgs/servers/sql/virtuoso/7.x.nix
+++ b/pkgs/servers/sql/virtuoso/7.x.nix
@@ -29,7 +29,7 @@ stdenv.mkDerivation rec {
   meta = with stdenv.lib; {
     description = "SQL/RDF database used by, e.g., KDE-nepomuk";
     homepage = http://virtuoso.openlinksw.com/dataspace/dav/wiki/Main/;
-    #configure: The current version [...] can only be build on 64bit platforms
+    #configure: The current version [...] can only be built on 64bit platforms
     platforms = [ "x86_64-linux" "x86_64-darwin" ];
     maintainers = [ maintainers.urkud ];
   };
diff --git a/pkgs/servers/x11/xorg/builder.sh b/pkgs/servers/x11/xorg/builder.sh
index c9e53f3800d3..055886374df4 100644
--- a/pkgs/servers/x11/xorg/builder.sh
+++ b/pkgs/servers/x11/xorg/builder.sh
@@ -46,5 +46,4 @@ fi
 
 enableParallelBuilding=1
 
-
 genericBuild
diff --git a/pkgs/servers/x11/xorg/default.nix b/pkgs/servers/x11/xorg/default.nix
index da74fcb4ca6d..6d09116a867a 100644
--- a/pkgs/servers/x11/xorg/default.nix
+++ b/pkgs/servers/x11/xorg/default.nix
@@ -9,7 +9,9 @@ let
   mkDerivation = name: attrs:
     let newAttrs = (overrides."${name}" or (x: x)) attrs;
         stdenv = newAttrs.stdenv or args.stdenv;
-    in stdenv.mkDerivation (removeAttrs newAttrs [ "stdenv" ]);
+      in stdenv.mkDerivation ((removeAttrs newAttrs [ "stdenv" ]) // {
+        hardeningDisable = [ "bindnow" "relro" ];
+      });
 
   overrides = import ./overrides.nix {inherit args xorg;};
 
diff --git a/pkgs/servers/x11/xorg/overrides.nix b/pkgs/servers/x11/xorg/overrides.nix
index ebd09e3096ee..10b0b3ce2ad6 100644
--- a/pkgs/servers/x11/xorg/overrides.nix
+++ b/pkgs/servers/x11/xorg/overrides.nix
@@ -561,4 +561,8 @@ in
     configureFlags = "--with-cpp=${args.mcpp}/bin/mcpp";
   };
 
+  sessreg = attrs: attrs // {
+    preBuild = "sed -i 's|gcc -E|gcc -E -P|' man/Makefile";
+  };
+
 }
generated by cgit-pink 1.4.1 (git 2.36.1) at 2024-07-11 19:08:46 +0000