From 954e9903adc837c201a7bd70eede50d874aadbf6 Mon Sep 17 00:00:00 2001
From: Franz Pletz <fpletz@fnordicwalking.de>
Date: Wed, 23 Dec 2015 02:59:47 +0100
Subject: Use a hardened stdenv by default

---
 pkgs/tools/admin/tightvnc/default.nix          | 2 ++
 pkgs/tools/archivers/sharutils/default.nix     | 2 ++
 pkgs/tools/archivers/unzip/default.nix         | 2 ++
 pkgs/tools/archivers/zip/default.nix           | 2 ++
 pkgs/tools/cd-dvd/cdrkit/default.nix           | 2 ++
 pkgs/tools/graphics/graphviz/default.nix       | 2 ++
 pkgs/tools/graphics/transfig/default.nix       | 2 ++
 pkgs/tools/misc/expect/default.nix             | 2 ++
 pkgs/tools/misc/grub/2.0x.nix                  | 2 ++
 pkgs/tools/misc/gummiboot/default.nix          | 2 ++
 pkgs/tools/networking/iperf/2.nix              | 2 ++
 pkgs/tools/networking/vde2/default.nix         | 2 ++
 pkgs/tools/typesetting/tex/texlive-new/bin.nix | 2 ++
 13 files changed, 26 insertions(+)

(limited to 'pkgs/tools')

diff --git a/pkgs/tools/admin/tightvnc/default.nix b/pkgs/tools/admin/tightvnc/default.nix
index 22b8a607fd34..1e562ee3ecf1 100644
--- a/pkgs/tools/admin/tightvnc/default.nix
+++ b/pkgs/tools/admin/tightvnc/default.nix
@@ -13,6 +13,8 @@ stdenv.mkDerivation {
   inherit xauth fontDirectories perl;
   gcc = stdenv.cc.cc;
 
+  noHardening_format = true;
+
   buildInputs = [ xlibsWrapper zlib libjpeg imake gccmakedep libXmu libXaw
                   libXpm libXp xauth openssh ];
 
diff --git a/pkgs/tools/archivers/sharutils/default.nix b/pkgs/tools/archivers/sharutils/default.nix
index e806a962eabb..5d60c449173e 100644
--- a/pkgs/tools/archivers/sharutils/default.nix
+++ b/pkgs/tools/archivers/sharutils/default.nix
@@ -8,6 +8,8 @@ stdenv.mkDerivation rec {
     sha256 = "1mallg1gprimlggdisfzdmh1xi676jsfdlfyvanlcw72ny8fsj3g";
   };
 
+  noHardening_format = true;
+
   preConfigure = ''
      # Fix for building on Glibc 2.16.  Won't be needed once the
      # gnulib in sharutils is updated.
diff --git a/pkgs/tools/archivers/unzip/default.nix b/pkgs/tools/archivers/unzip/default.nix
index b5d03bc18b27..dcc51320bbd1 100644
--- a/pkgs/tools/archivers/unzip/default.nix
+++ b/pkgs/tools/archivers/unzip/default.nix
@@ -9,6 +9,8 @@ stdenv.mkDerivation {
     sha256 = "0dxx11knh3nk95p2gg2ak777dd11pr7jx5das2g49l262scrcv83";
   };
 
+  noHardening_format = true;
+
   patches = [
     ./CVE-2014-8139.diff
     ./CVE-2014-8140.diff
diff --git a/pkgs/tools/archivers/zip/default.nix b/pkgs/tools/archivers/zip/default.nix
index 431ed354d21c..f9349937b8f9 100644
--- a/pkgs/tools/archivers/zip/default.nix
+++ b/pkgs/tools/archivers/zip/default.nix
@@ -13,6 +13,8 @@ stdenv.mkDerivation {
     sha256 = "0sb3h3067pzf3a7mlxn1hikpcjrsvycjcnj9hl9b1c3ykcgvps7h";
   };
 
+  noHardening_format = true;
+
   makefile = "unix/Makefile";
   buildFlags = if stdenv.isCygwin then "cygwin" else "generic";
   installFlags = "prefix=$(out) INSTALL=cp";
diff --git a/pkgs/tools/cd-dvd/cdrkit/default.nix b/pkgs/tools/cd-dvd/cdrkit/default.nix
index bcf9ec2c0cc3..5fcccbee02cf 100644
--- a/pkgs/tools/cd-dvd/cdrkit/default.nix
+++ b/pkgs/tools/cd-dvd/cdrkit/default.nix
@@ -10,6 +10,8 @@ stdenv.mkDerivation rec {
 
   buildInputs = [cmake libcap zlib bzip2];
 
+  noHardening_format = true;
+
   # efi-boot-patch extracted from http://arm.koji.fedoraproject.org/koji/rpminfo?rpmID=174244
   patches = [ ./include-path.patch ./cdrkit-1.1.9-efi-boot.patch ];
 
diff --git a/pkgs/tools/graphics/graphviz/default.nix b/pkgs/tools/graphics/graphviz/default.nix
index 5635e3a69ff7..090af09fca0c 100644
--- a/pkgs/tools/graphics/graphviz/default.nix
+++ b/pkgs/tools/graphics/graphviz/default.nix
@@ -12,6 +12,8 @@ stdenv.mkDerivation rec {
     sha256 = "17l5czpvv5ilmg17frg0w4qwf89jzh2aglm9fgx0l0aakn6j7al1";
   };
 
+  noHardening_all = true;
+
   patches =
     [ ./0001-vimdot-lookup-vim-in-PATH.patch
     
diff --git a/pkgs/tools/graphics/transfig/default.nix b/pkgs/tools/graphics/transfig/default.nix
index f540029cbc73..bcbbe71b897f 100644
--- a/pkgs/tools/graphics/transfig/default.nix
+++ b/pkgs/tools/graphics/transfig/default.nix
@@ -11,6 +11,8 @@ stdenv.mkDerivation rec {
   buildInputs = [zlib libjpeg libpng imake];
   inherit libpng;
 
+  noHardening_format = true;
+
   patches = [prefixPatch1 prefixPatch2 prefixPatch3 varargsPatch gensvgPatch];
 
   prefixPatch1 =
diff --git a/pkgs/tools/misc/expect/default.nix b/pkgs/tools/misc/expect/default.nix
index a50717d53992..4efa94612322 100644
--- a/pkgs/tools/misc/expect/default.nix
+++ b/pkgs/tools/misc/expect/default.nix
@@ -12,6 +12,8 @@ stdenv.mkDerivation rec {
   buildInputs = [ tcl ];
   nativeBuildInputs = [ makeWrapper ];
 
+  noHardening_format = true;
+
   patchPhase = ''
     sed -i "s,/bin/stty,$(type -p stty),g" configure
   '';
diff --git a/pkgs/tools/misc/grub/2.0x.nix b/pkgs/tools/misc/grub/2.0x.nix
index 8e52adc76991..abe690ca0e45 100644
--- a/pkgs/tools/misc/grub/2.0x.nix
+++ b/pkgs/tools/misc/grub/2.0x.nix
@@ -52,6 +52,8 @@ stdenv.mkDerivation rec {
     ++ optional doCheck qemu
     ++ optional zfsSupport zfs;
 
+  noHardening_all = true;
+
   preConfigure =
     '' for i in "tests/util/"*.in
        do
diff --git a/pkgs/tools/misc/gummiboot/default.nix b/pkgs/tools/misc/gummiboot/default.nix
index 9d9b7700c90b..e831bbdab6f5 100644
--- a/pkgs/tools/misc/gummiboot/default.nix
+++ b/pkgs/tools/misc/gummiboot/default.nix
@@ -5,6 +5,8 @@ stdenv.mkDerivation rec {
 
   buildInputs = [ gnu-efi pkgconfig libxslt utillinux ];
 
+  noHardening_all = true;
+
   # Sigh, gummiboot should be able to find this in buildInputs
   configureFlags = [
     "--with-efi-includedir=${gnu-efi}/include"
diff --git a/pkgs/tools/networking/iperf/2.nix b/pkgs/tools/networking/iperf/2.nix
index 33d8ee2fd636..6d9fe64f1694 100644
--- a/pkgs/tools/networking/iperf/2.nix
+++ b/pkgs/tools/networking/iperf/2.nix
@@ -8,6 +8,8 @@ stdenv.mkDerivation rec {
     sha256 = "0nr6c81x55ihs7ly2dwq19v9i1n6wiyad1gacw3aikii0kzlwsv3";
   };
 
+  noHardening_format = true;
+
   meta = with stdenv.lib; {
     homepage = "http://sourceforge.net/projects/iperf/"; 
     description = "Tool to measure IP bandwidth using UDP or TCP";
diff --git a/pkgs/tools/networking/vde2/default.nix b/pkgs/tools/networking/vde2/default.nix
index 72a31262e26f..4aecc41aa3db 100644
--- a/pkgs/tools/networking/vde2/default.nix
+++ b/pkgs/tools/networking/vde2/default.nix
@@ -10,6 +10,8 @@ stdenv.mkDerivation rec {
 
   buildInputs = [ openssl libpcap python ];
 
+  noHardening_format = true;
+
   meta = {
     homepage = http://vde.sourceforge.net/;
     description = "Virtual Distributed Ethernet, an Ethernet compliant virtual network";
diff --git a/pkgs/tools/typesetting/tex/texlive-new/bin.nix b/pkgs/tools/typesetting/tex/texlive-new/bin.nix
index 431f3926a13e..37c19319ef76 100644
--- a/pkgs/tools/typesetting/tex/texlive-new/bin.nix
+++ b/pkgs/tools/typesetting/tex/texlive-new/bin.nix
@@ -64,6 +64,8 @@ core = stdenv.mkDerivation rec {
     perl
   ];
 
+  noHardening_format = true;
+
   preConfigure = ''
     rm -r libs/{cairo,freetype2,gd,gmp,graphite2,harfbuzz,icu,libpaper,libpng} \
       libs/{mpfr,pixman,poppler,potrace,xpdf,zlib,zziplib}
-- 
cgit 1.4.1