From 5479f742e66e90b298353a8df858840d374e1515 Mon Sep 17 00:00:00 2001 From: Franz Pletz Date: Thu, 25 May 2017 00:43:21 +0200 Subject: libtasn1: apply patch to fix CVE-2017-6891 --- pkgs/development/libraries/libtasn1/default.nix | 8 ++++++++ 1 file changed, 8 insertions(+) (limited to 'pkgs/development/libraries') diff --git a/pkgs/development/libraries/libtasn1/default.nix b/pkgs/development/libraries/libtasn1/default.nix index 3b74406d7bf1..dbd203b97cfc 100644 --- a/pkgs/development/libraries/libtasn1/default.nix +++ b/pkgs/development/libraries/libtasn1/default.nix @@ -8,6 +8,14 @@ stdenv.mkDerivation rec { sha256 = "00jsix5hny0g768zv4hk78dib7w0qmk5fbizf4jj37r51nd4s6k8"; }; + patches = [ + (fetchurl { + name = "CVE-2017-6891.patch"; + url = "https://git.savannah.gnu.org/gitweb/?p=libtasn1.git;a=patch;h=5520704d075802df25ce4ffccc010ba1641bd484"; + sha256 = "000r6wb87zkx8yhzkf1c3h7p5akwhjw51cv8f1yjnplrqqrr7h2k"; + }) + ]; + outputs = [ "out" "dev" "devdoc" ]; outputBin = "dev"; -- cgit 1.4.1 From e7fa6220d622bf352a06a4328da8679fbfffced3 Mon Sep 17 00:00:00 2001 From: Nikolay Amiantov Date: Thu, 25 May 2017 19:05:46 +0300 Subject: polkit: add patches from Fedora This fixes few leaks and adds ITS description files which are needed for some reverse dependencies. --- pkgs/development/libraries/polkit/default.nix | 29 ++++++++++++++++++++++----- 1 file changed, 24 insertions(+), 5 deletions(-) (limited to 'pkgs/development/libraries') diff --git a/pkgs/development/libraries/polkit/default.nix b/pkgs/development/libraries/polkit/default.nix index c1f8725f6f7c..804bca5f8a5e 100644 --- a/pkgs/development/libraries/polkit/default.nix +++ b/pkgs/development/libraries/polkit/default.nix @@ -1,6 +1,8 @@ -{ stdenv, fetchurl, pkgconfig, glib, expat, pam, intltool, spidermonkey_17 -, gobjectIntrospection, libxslt, docbook_xsl, docbook_xml_dtd_412 -, useSystemd ? stdenv.isLinux, systemd }: +{ stdenv, fetchurl, fetchpatch, autoreconfHook, pkgconfig, glib, expat, pam +, intltool, spidermonkey_17 , gobjectIntrospection, libxslt, docbook_xsl +, docbook_xml_dtd_412, gtk_doc +, useSystemd ? stdenv.isLinux, systemd +}: let @@ -22,11 +24,28 @@ stdenv.mkDerivation rec { sha256 = "109w86kfqrgz83g9ivggplmgc77rz8kx8646izvm2jb57h4rbh71"; }; + patches = [ + (fetchpatch { + url = "http://pkgs.fedoraproject.org/cgit/rpms/polkit.git/plain/polkit-0.113-agent-leaks.patch?id=fa6fd575804de92886c95d3bc2b7eb2abcd13760"; + sha256 = "1cxnhj0y30g7ldqq1y6zwsbdwcx7h97d3mpd3h5jy7dhg3h9ym91"; + }) + (fetchpatch { + url = "http://pkgs.fedoraproject.org/cgit/rpms/polkit.git/plain/polkit-0.113-polkitpermission-leak.patch?id=fa6fd575804de92886c95d3bc2b7eb2abcd13760"; + sha256 = "1h1rkd4avqyyr8q6836zzr3w10jf521gcqnvhrhzwdpgp1ay4si7"; + }) + (fetchpatch { + url = "http://pkgs.fedoraproject.org/cgit/rpms/polkit.git/plain/polkit-0.113-itstool.patch?id=fa6fd575804de92886c95d3bc2b7eb2abcd13760"; + sha256 = "0bxmjwp8ahy1y5g1l0kxmld0l3mlvb2l0i5n1qabia3d5iyjkyfh"; + }) + ]; + outputs = [ "bin" "dev" "out" ]; # small man pages in $bin + nativeBuildInputs = + [ gtk_doc pkgconfig autoreconfHook ] + ++ [ libxslt docbook_xsl docbook_xml_dtd_412 ]; # man pages buildInputs = - [ pkgconfig glib expat pam intltool spidermonkey_17 gobjectIntrospection ] - ++ [ libxslt docbook_xsl docbook_xml_dtd_412 ] # man pages + [ glib expat pam intltool spidermonkey_17 gobjectIntrospection ] ++ stdenv.lib.optional useSystemd systemd; # Ugly hack to overwrite hardcoded directories -- cgit 1.4.1 From f71b83ad7e61137f552ee96be8f6ca7bdc29d357 Mon Sep 17 00:00:00 2001 From: Vladimír Čunát Date: Sat, 27 May 2017 09:54:20 +0200 Subject: libdrm: 2.4.79 -> 2.4.81 --- pkgs/development/libraries/libdrm/default.nix | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'pkgs/development/libraries') diff --git a/pkgs/development/libraries/libdrm/default.nix b/pkgs/development/libraries/libdrm/default.nix index de219bee382f..4071b607d22c 100644 --- a/pkgs/development/libraries/libdrm/default.nix +++ b/pkgs/development/libraries/libdrm/default.nix @@ -1,11 +1,11 @@ { stdenv, fetchurl, pkgconfig, libpthreadstubs, libpciaccess, valgrind }: stdenv.mkDerivation rec { - name = "libdrm-2.4.79"; + name = "libdrm-2.4.81"; src = fetchurl { url = "http://dri.freedesktop.org/libdrm/${name}.tar.bz2"; - sha256 = "c6aaf319293bce38023e9a637471b0f45c93c807d2a279060d741fc7a2e5b197"; + sha256 = "8cc05c195ac8708199979a94c4e4d1a928c14ec338ecbcb38ead09f54dae11ae"; }; outputs = [ "out" "dev" ]; -- cgit 1.4.1 From b4bb39642e80205355593468d8514c7e6a27d96a Mon Sep 17 00:00:00 2001 From: Vladimír Čunát Date: Fri, 19 May 2017 17:18:07 +0200 Subject: libdrm: support valgrind suppression via a lighter version Fixes #25917. It's all only about build-time dependency bloat and consequent rebuild propagation. --- pkgs/development/libraries/libdrm/default.nix | 6 +++--- pkgs/top-level/all-packages.nix | 3 ++- 2 files changed, 5 insertions(+), 4 deletions(-) (limited to 'pkgs/development/libraries') diff --git a/pkgs/development/libraries/libdrm/default.nix b/pkgs/development/libraries/libdrm/default.nix index 4071b607d22c..a8cf28648079 100644 --- a/pkgs/development/libraries/libdrm/default.nix +++ b/pkgs/development/libraries/libdrm/default.nix @@ -1,4 +1,4 @@ -{ stdenv, fetchurl, pkgconfig, libpthreadstubs, libpciaccess, valgrind }: +{ stdenv, fetchurl, pkgconfig, libpthreadstubs, libpciaccess, valgrind-light }: stdenv.mkDerivation rec { name = "libdrm-2.4.81"; @@ -11,7 +11,7 @@ stdenv.mkDerivation rec { outputs = [ "out" "dev" ]; nativeBuildInputs = [ pkgconfig ]; - buildInputs = [ libpthreadstubs libpciaccess ]; + buildInputs = [ libpthreadstubs libpciaccess valgrind-light ]; # libdrm as of 2.4.70 does not actually do anything with udev. patches = stdenv.lib.optional stdenv.isDarwin ./libdrm-apple.patch; @@ -19,7 +19,7 @@ stdenv.mkDerivation rec { preConfigure = stdenv.lib.optionalString stdenv.isDarwin "echo : \\\${ac_cv_func_clock_gettime=\'yes\'} > config.cache"; - configureFlags = [ "--disable-valgrind" ] + configureFlags = [ ] ++ stdenv.lib.optionals (stdenv.isArm || stdenv.isAarch64) [ "--enable-tegra-experimental-api" "--enable-etnaviv-experimental-api" ] ++ stdenv.lib.optional stdenv.isDarwin "-C"; diff --git a/pkgs/top-level/all-packages.nix b/pkgs/top-level/all-packages.nix index 7eab38dc9d5a..798752121f2f 100644 --- a/pkgs/top-level/all-packages.nix +++ b/pkgs/top-level/all-packages.nix @@ -7154,7 +7154,8 @@ with pkgs; valgrind = callPackage ../development/tools/analysis/valgrind { inherit (darwin) xnu bootstrap_cmds cctools; llvm = llvm_39; - }; + }; + valgrind-light = self.valgrind.override { gdb = null; }; valkyrie = callPackage ../development/tools/analysis/valkyrie { }; -- cgit 1.4.1 From 1f407a46d60dd7e001ec662edf3be4ccf8cccc38 Mon Sep 17 00:00:00 2001 From: Vladimír Čunát Date: Sat, 27 May 2017 11:25:23 +0200 Subject: mesa: feature update 17.0.6 -> 17.1.1 Main changes: https://www.mesa3d.org/relnotes/17.1.0.html - two options got renamed - "ilo" driver was removed upstream - python is no longer needed for build I tested nouveau for a bit. --- pkgs/development/libraries/mesa/default.nix | 13 ++++++------- pkgs/development/libraries/mesa/symlink-drivers.patch | 19 +++++++++++-------- 2 files changed, 17 insertions(+), 15 deletions(-) (limited to 'pkgs/development/libraries') diff --git a/pkgs/development/libraries/mesa/default.nix b/pkgs/development/libraries/mesa/default.nix index b6ca7a0a4766..a8561d22bf50 100644 --- a/pkgs/development/libraries/mesa/default.nix +++ b/pkgs/development/libraries/mesa/default.nix @@ -2,7 +2,7 @@ , pkgconfig, intltool, autoreconfHook, substituteAll , file, expat, libdrm, xorg, wayland, openssl , llvmPackages, libffi, libomxil-bellagio, libva -, libelf, libvdpau, python2 +, libelf, libvdpau , grsecEnabled ? false , enableRadv ? false # Texture floats are patented, see docs/patents.txt, so we don't enable them for full Mesa. @@ -36,7 +36,7 @@ let then ["nouveau" "freedreno" "vc4" "etnaviv" "imx"] else if stdenv.isAarch64 then ["nouveau" "vc4" ] - else ["i915" "ilo" "r300" "r600" "radeonsi" "nouveau"]; + else ["i915" "r300" "r600" "radeonsi" "nouveau"]; defaultDriDrivers = if (stdenv.isArm || stdenv.isAarch64) then ["nouveau"] @@ -67,7 +67,7 @@ let in let - version = "17.0.6"; + version = "17.1.1"; branch = head (splitString "." version); driverLink = "/run/opengl-driver" + optionalString stdenv.isi686 "-32"; in @@ -82,7 +82,7 @@ stdenv.mkDerivation { "ftp://ftp.freedesktop.org/pub/mesa/older-versions/${branch}.x/${version}/mesa-${version}.tar.xz" "https://launchpad.net/mesa/trunk/${version}/+download/mesa-${version}.tar.xz" ]; - sha256 = "17d60jjzg4ddm95gk2cqx0xz6b9anmmz6ax4majwr3gis2yg7v49"; + sha256 = "aed503f94c0c1630a162a3e276f4ee12a86764cee4cb92338ea2dea99a04e7ef"; }; prePatch = "patchShebangs ."; @@ -103,7 +103,7 @@ stdenv.mkDerivation { "--localstatedir=/var" "--with-dri-driverdir=$(drivers)/lib/dri" "--with-dri-searchpath=${driverLink}/lib/dri" - "--with-egl-platforms=x11,wayland,drm" + "--with-platforms=x11,wayland,drm" ] ++ (optional (galliumDrivers != []) ("--with-gallium-drivers=" + @@ -126,7 +126,7 @@ stdenv.mkDerivation { "--enable-glx" "--enable-glx-tls" "--enable-gallium-osmesa" # used by wine - "--enable-gallium-llvm" + "--enable-llvm" "--enable-egl" "--enable-xa" # used in vmware driver "--enable-gbm" @@ -152,7 +152,6 @@ stdenv.mkDerivation { libX11 libXext libxcb libXt libXfixes libxshmfence libffi wayland libvdpau libelf libXvMC libomxil-bellagio libva libpthreadstubs openssl/*or another sha1 provider*/ - (python2.withPackages (ps: [ ps.Mako ])) ]; diff --git a/pkgs/development/libraries/mesa/symlink-drivers.patch b/pkgs/development/libraries/mesa/symlink-drivers.patch index 68c0f1da26b6..af2ec9fdb096 100644 --- a/pkgs/development/libraries/mesa/symlink-drivers.patch +++ b/pkgs/development/libraries/mesa/symlink-drivers.patch @@ -11,11 +11,12 @@ diff -ru -x '*~' mesa-12.0.3-orig/src/gallium/targets/dri/Makefile.am mesa-12.0. install-data-hook: for i in $(TARGET_DRIVERS); do \ - ln -f $(DESTDIR)$(dridir)/gallium_dri.so \ -+ ln -srf $(DESTDIR)$(dridir)/gallium_dri.so \ ++ ln -srf $(DESTDIR)$(dridir)/gallium_dri.so \ $(DESTDIR)$(dridir)/$${i}_dri.so; \ done; \ -- $(RM) $(DESTDIR)$(dridir)/gallium_dri.* -+ $(RM) $(DESTDIR)$(dridir)/gallium_dri.la +- $(RM) $(DESTDIR)$(dridir)/gallium_dri.*; \ ++ $(RM) $(DESTDIR)$(dridir)/gallium_dri.la \ + $(RM) -d $(DESTDIR)$(dridir) &>/dev/null || true uninstall-hook: for i in $(TARGET_DRIVERS); do \ @@ -60,8 +61,9 @@ diff -ru -x '*~' mesa-12.0.3-orig/src/gallium/targets/vdpau/Makefile.am mesa-12. ln -sf $${l} \ $${dest_dir}/$${k}; \ done; \ -- $(RM) $${dest_dir}/libvdpau_gallium.* -+ $(RM) $${dest_dir}/libvdpau_gallium.la +- $(RM) $${dest_dir}/libvdpau_gallium.*; \ ++ $(RM) $${dest_dir}/libvdpau_gallium.la \ + $(RM) -d $${dest_dir} &>/dev/null || true uninstall-hook: for i in $(TARGET_DRIVERS); do \ @@ -73,7 +75,7 @@ diff -ru -x '*~' mesa-12.0.3-orig/src/gallium/targets/xvmc/Makefile.am mesa-12.0 k=libXvMC$${i}.$(LIB_EXT); \ l=$${k}.$(XVMC_MAJOR).$(XVMC_MINOR).0; \ - ln -f $${dest_dir}/$${j}.$(XVMC_MAJOR).$(XVMC_MINOR).0 \ -+ ln -srf $${dest_dir}/$${j}.$(XVMC_MAJOR).$(XVMC_MINOR).0 \ ++ ln -srf $${dest_dir}/$${j}.$(XVMC_MAJOR).$(XVMC_MINOR).0 \ $${dest_dir}/$${l}; \ ln -sf $${l} \ $${dest_dir}/$${k}.$(XVMC_MAJOR).$(XVMC_MINOR); \ @@ -81,8 +83,9 @@ diff -ru -x '*~' mesa-12.0.3-orig/src/gallium/targets/xvmc/Makefile.am mesa-12.0 ln -sf $${l} \ $${dest_dir}/$${k}; \ done; \ -- $(RM) $${dest_dir}/libXvMCgallium.* -+ $(RM) $${dest_dir}/libXvMCgallium.la +- $(RM) $${dest_dir}/libXvMCgallium.*; \ ++ $(RM) $${dest_dir}/libXvMCgallium.la \ + $(RM) -d $${dest_dir} &>/dev/null || true uninstall-hook: for i in $(TARGET_DRIVERS); do \ -- cgit 1.4.1