Merge branch 'staging'; security /cc #21642

NixOS · Jan 6, 2017 · 07bf828 · 07bf828
2 parents 99c8e8e + d442a0f
commit 07bf828
Show file tree

Hide file tree

Showing 41 changed files with 261 additions and 183 deletions.
diff --git a/pkgs/applications/misc/pcmanx-gtk2/default.nix b/pkgs/applications/misc/pcmanx-gtk2/default.nix
@@ -9,7 +9,7 @@ stdenv.mkDerivation {
 
   buildInputs = [ gtk2 libXft intltool automake115x autoconf libtool pkgconfig ];
 
-  preConfigurePhases = ''
+  preConfigure = ''
     ./autogen.sh
   '';
 

diff --git a/pkgs/applications/networking/browsers/firefox/default.nix b/pkgs/applications/networking/browsers/firefox/default.nix
@@ -44,7 +44,7 @@ common = { pname, version, sha512, updateScript }: stdenv.mkDerivation rec {
     ++ lib.optional enableGTK3 gtk3
     ++ lib.optionals (!passthru.ffmpegSupport) [ gstreamer gst_plugins_base ];
 
-  nativeBuildInputs = [autoconf213 which];
+  nativeBuildInputs = [ autoconf213 which gnused ];
 
   configureFlags =
     [ "--enable-application=browser"

diff --git a/pkgs/applications/networking/mailreaders/thunderbird/default.nix b/pkgs/applications/networking/mailreaders/thunderbird/default.nix
@@ -25,6 +25,13 @@ stdenv.mkDerivation rec {
     sha512 = "1f4579ac37b8ab98c91fe2e3e6742ba1b005ca9346d23f467d19e6af45eb457cab749bf91ed2a79f2058bd66f54da661da3ea5d5786f8c4b472d8a2a6c34db4b";
   };
 
+  # New sed no longer tolerates this mistake.
+  postPatch = ''
+    for f in mozilla/{js/src,}/configure; do
+      substituteInPlace "$f" --replace '[:space:]*' '[[:space:]]*'
+    done
+  '';
+
   buildInputs = # from firefox30Pkgs.xulrunner, without gstreamer and libvpx
     [ pkgconfig which libpng gtk2 perl zip libIDL libjpeg zlib bzip2
       python2 dbus dbus_glib pango freetype fontconfig xorg.libXi

diff --git a/pkgs/applications/office/zim/default.nix b/pkgs/applications/office/zim/default.nix
@@ -30,12 +30,13 @@ pythonPackages.buildPythonApplication rec {
     export makeWrapperArgs="--prefix XDG_DATA_DIRS : $out/share --argv0 $out/bin/.zim-wrapped"
   '';
 
-  postFixup = ''
-    substituteInPlace $out/bin/.zim-wrapped \
-    --replace "sys.argv[0] = 'zim'" "sys.argv[0] = '$out/bin/zim'"
+  # RuntimeError: could not create GtkClipboard object
+  doCheck = false;
+
+  checkPhase = ''
+    python test.py
   '';
 
-  doCheck = true;
 
   meta = {
       description = "A desktop wiki";

diff --git a/pkgs/applications/science/misc/root/default.nix b/pkgs/applications/science/misc/root/default.nix
@@ -3,11 +3,11 @@
 
 stdenv.mkDerivation rec {
   name = "root-${version}";
-  version = "6.04.18";
+  version = "6.08.02";
 
   src = fetchurl {
     url = "https://root.cern.ch/download/root_v${version}.source.tar.gz";
-    sha256 = "00f3v3l8nimfkcxpn9qpyh3h23na0mi4wkds2y5gwqh8wh3jryq9";
+    sha256 = "0530v1r4rvds52hgb13f00l3phhn76z6vii550mwv8bj3sl5070k";
   };
 
   buildInputs = [ cmake pcre pkgconfig python2 zlib lzma gsl ]
@@ -16,10 +16,6 @@ stdenv.mkDerivation rec {
     ;
 
   patches = [
-    (fetchpatch {
-      url = "https://github.com/root-mirror/root/commit/ee9964210c56e7c1868618a4434c5340fef38fe4.patch";
-      sha256 = "186i7ni75yvjydy6lpmaplqxfb5z2019bgpbhff1n6zn2qlrff2r";
-    })
     ./sw_vers.patch
 
     # this prevents thisroot.sh from setting $p, which interferes with stdenv setup

diff --git a/pkgs/applications/science/misc/root/sw_vers.patch b/pkgs/applications/science/misc/root/sw_vers.patch
@@ -42,12 +42,12 @@ diff --git a/cmake/modules/SetUpMacOS.cmake b/cmake/modules/SetUpMacOS.cmake
 @@ -38,27 +24,6 @@ if (CMAKE_SYSTEM_NAME MATCHES Darwin)
         SET(CMAKE_CXX_FLAGS "${CMAKE_CXX_FLAGS} -m64")
         SET(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -m64")
-        SET(CMAKE_FORTRAN_FLAGS "${CMAKE_FORTRAN_FLAGS} -m64")
+        SET(CMAKE_Fortran_FLAGS "${CMAKE_Fortran_FLAGS} -m64")
 -    else(${SYSCTL_OUTPUT} MATCHES 64)
 -       MESSAGE(STATUS "Found a 32bit system")
 -       SET(CMAKE_CXX_FLAGS "${CMAKE_CXX_FLAGS} -m32")
 -       SET(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -m32")
--       SET(CMAKE_FORTRAN_FLAGS "${CMAKE_FORTRAN_FLAGS} -m32")
+-       SET(CMAKE_Fortran_FLAGS "${CMAKE_Fortran_FLAGS} -m32")
 -    endif(${SYSCTL_OUTPUT} MATCHES 64)
 -  endif()
 -

diff --git a/pkgs/development/compilers/llvm/3.7/libc++/default.nix b/pkgs/development/compilers/llvm/3.7/libc++/default.nix
@@ -14,7 +14,10 @@ stdenv.mkDerivation rec {
     cmakeFlagsArray=($cmakeFlagsArray -DLIBCXX_CXX_ABI_INCLUDE_PATHS="$NIX_BUILD_TOP/libcxxabi-${version}.src/include")
   '';
 
-  patches = [ ./darwin.patch ];
+  patches = [
+    ./darwin.patch
+    ./r242056.patch
+  ];
 
   buildInputs = [ cmake libcxxabi ] ++ lib.optional stdenv.isDarwin fixDarwinDylibNames;
 

diff --git a/pkgs/development/compilers/llvm/3.7/libc++/r242056.patch b/pkgs/development/compilers/llvm/3.7/libc++/r242056.patch
@@ -0,0 +1,16 @@
+--- a/include/string	2015/07/13 20:04:56	242056
++++ b/include/string	2015/07/18 20:40:46	242623
+@@ -1936,7 +1936,12 @@
+ template <class _CharT, class _Traits, class _Allocator>
+ inline _LIBCPP_INLINE_VISIBILITY
+ basic_string<_CharT, _Traits, _Allocator>::basic_string(const allocator_type& __a)
+-    : __r_(__a)
++#if _LIBCPP_STD_VER <= 14
++        _NOEXCEPT_(is_nothrow_copy_constructible<allocator_type>::value)
++#else
++        _NOEXCEPT
++#endif
++: __r_(__a)
+ {
+ #if _LIBCPP_DEBUG_LEVEL >= 2
+     __get_db()->__insert_c(this);
diff --git a/pkgs/development/interpreters/python/cpython/2.7/default.nix b/pkgs/development/interpreters/python/cpython/2.7/default.nix
@@ -6,7 +6,7 @@
 , openssl
 , readline
 , sqlite
-, tcl ? null, tk ? null, xlibsWrapper ? null, libX11 ? null, x11Support ? false
+, tcl ? null, tk ? null, tix ? null, xlibsWrapper ? null, libX11 ? null, x11Support ? false
 , zlib
 , callPackage
 , self
@@ -150,6 +150,10 @@ in stdenv.mkDerivation {
 
     setupHook = ./setup-hook.sh;
 
+    postPatch = optionalString (x11Support && (tix != null)) ''
+          substituteInPlace "Lib/lib-tk/Tix.py" --replace "os.environ.get('TIX_LIBRARY')" "os.environ.get('TIX_LIBRARY') or '${tix}/lib'"
+    '';
+
     postInstall =
       ''
         # needed for some packages, especially packages that backport

diff --git a/pkgs/development/interpreters/python/cpython/3.3/default.nix b/pkgs/development/interpreters/python/cpython/3.3/default.nix
@@ -6,7 +6,7 @@
 , openssl
 , readline
 , sqlite
-, tcl ? null, tk ? null, libX11 ? null, xproto ? null, x11Support ? false
+, tcl ? null, tk ? null, tix ? null, libX11 ? null, xproto ? null, x11Support ? false
 , zlib
 , callPackage
 , self
@@ -50,6 +50,10 @@ in stdenv.mkDerivation {
 
   NIX_LDFLAGS = stdenv.lib.optionalString stdenv.isLinux "-lgcc_s";
 
+  postPatch = optionalString (x11Support && (tix != null)) ''
+    substituteInPlace "Lib/tkinter/tix.py" --replace "os.environ.get('TIX_LIBRARY')" "os.environ.get('TIX_LIBRARY') or '${tix}/lib'"
+  '';
+
   preConfigure = ''
     for i in /usr /sw /opt /pkg; do	# improve purity
       substituteInPlace ./setup.py --replace $i /no-such-path

diff --git a/pkgs/development/interpreters/python/cpython/3.4/default.nix b/pkgs/development/interpreters/python/cpython/3.4/default.nix
@@ -6,7 +6,7 @@
 , openssl
 , readline
 , sqlite
-, tcl ? null, tk ? null, libX11 ? null, xproto ? null, x11Support ? false
+, tcl ? null, tk ? null, tix ? null, libX11 ? null, xproto ? null, x11Support ? false
 , zlib
 , callPackage
 , self
@@ -55,6 +55,10 @@ in stdenv.mkDerivation {
     substituteInPlace configure --replace '-Wl,-stack_size,1000000' ' '
   '';
 
+  postPatch = optionalString (x11Support && (tix != null)) ''
+    substituteInPlace "Lib/tkinter/tix.py" --replace "os.environ.get('TIX_LIBRARY')" "os.environ.get('TIX_LIBRARY') or '${tix}/lib'"
+  '';
+
   preConfigure = ''
     for i in /usr /sw /opt /pkg; do	# improve purity
       substituteInPlace ./setup.py --replace $i /no-such-path

diff --git a/pkgs/development/interpreters/python/cpython/3.5/default.nix b/pkgs/development/interpreters/python/cpython/3.5/default.nix
@@ -6,7 +6,7 @@
 , openssl
 , readline
 , sqlite
-, tcl ? null, tk ? null, libX11 ? null, xproto ? null, x11Support ? false
+, tcl ? null, tk ? null, tix ? null, libX11 ? null, xproto ? null, x11Support ? false
 , zlib
 , callPackage
 , self
@@ -55,6 +55,10 @@ in stdenv.mkDerivation {
     substituteInPlace configure --replace '-Wl,-stack_size,1000000' ' '
   '';
 
+  postPatch = optionalString (x11Support && (tix != null)) ''
+    substituteInPlace "Lib/tkinter/tix.py" --replace "os.environ.get('TIX_LIBRARY')" "os.environ.get('TIX_LIBRARY') or '${tix}/lib'"
+  '';
+
   preConfigure = ''
     for i in /usr /sw /opt /pkg; do	# improve purity
       substituteInPlace ./setup.py --replace $i /no-such-path

diff --git a/pkgs/development/interpreters/python/cpython/3.6/default.nix b/pkgs/development/interpreters/python/cpython/3.6/default.nix
@@ -7,7 +7,7 @@
 , openssl
 , readline
 , sqlite
-, tcl ? null, tk ? null, libX11 ? null, xproto ? null, x11Support ? false
+, tcl ? null, tk ? null, tix ? null, libX11 ? null, xproto ? null, x11Support ? false
 , zlib
 , callPackage
 , self
@@ -55,6 +55,10 @@ in stdenv.mkDerivation {
     substituteInPlace configure --replace '-Wl,-stack_size,1000000' ' '
   '';
 
+  postPatch = optionalString (x11Support && (tix != null)) ''
+    substituteInPlace "Lib/tkinter/tix.py" --replace "os.environ.get('TIX_LIBRARY')" "os.environ.get('TIX_LIBRARY') or '${tix}/lib'"
+  '';
+
   preConfigure = ''
     for i in /usr /sw /opt /pkg; do	# improve purity
       substituteInPlace ./setup.py --replace $i /no-such-path

diff --git a/pkgs/development/interpreters/python/pypy/2.7/default.nix b/pkgs/development/interpreters/python/pypy/2.7/default.nix
@@ -1,5 +1,5 @@
 { stdenv, fetchurl, zlib ? null, zlibSupport ? true, bzip2, pkgconfig, libffi
-, sqlite, openssl, ncurses, python, expat, tcl, tk, xlibsWrapper, libX11
+, sqlite, openssl, ncurses, python, expat, tcl, tk, tix, xlibsWrapper, libX11
 , makeWrapper, callPackage, self, gdbm, db
 # For the Python package set
 , pkgs, packageOverrides ? (self: super: {})
@@ -35,6 +35,7 @@ let
       };
       in ''
       patch lib-python/2.7/test/test_pyexpat.py < '${expatch}'
+      substituteInPlace "lib-python/2.7/lib-tk/Tix.py" --replace "os.environ.get('TIX_LIBRARY')" "os.environ.get('TIX_LIBRARY') or '${tix}/lib'"
     '';
 
     buildInputs = [ bzip2 openssl pkgconfig python libffi ncurses expat sqlite tk tcl xlibsWrapper libX11 makeWrapper gdbm db ]

diff --git a/pkgs/development/interpreters/python/wrap-python.nix b/pkgs/development/interpreters/python/wrap-python.nix
@@ -35,7 +35,7 @@ makeSetupHook {
           import sys
           import site
           import functools
-          sys.argv[0] = '"'$(basename "$f")'"'
+          sys.argv[0] = '"'$(readlink -f "$f")'"'
           functools.reduce(lambda k, p: site.addsitedir(p, k), ['"$([ -n "$program_PYTHONPATH" ] && (echo "'$program_PYTHONPATH'" | sed "s|:|','|g") || true)"'], site._init_pathinfo())
         '';
 

diff --git a/pkgs/development/libraries/fontconfig-ultimate/default.nix b/pkgs/development/libraries/fontconfig-ultimate/default.nix
@@ -11,8 +11,6 @@ stdenv.mkDerivation {
     owner = "bohoomil";
   };
 
-  phases = "$prePhases unpackPhase installPhase $postPhases";
-
   installPhase = ''
     mkdir -p $out/etc/fonts/conf.d
     cp conf.d.infinality/*.conf $out/etc/fonts/conf.d

diff --git a/pkgs/development/libraries/soundtouch/default.nix b/pkgs/development/libraries/soundtouch/default.nix
@@ -10,7 +10,7 @@ stdenv.mkDerivation rec {
 
   buildInputs = [ autoconf automake libtool ];
 
-  preConfigurePhases = "./bootstrap";
+  preConfigure = "./bootstrap";
 
   meta = {
       description = "A program and library for changing the tempo, pitch and playback rate of audio";

diff --git a/pkgs/development/libraries/tix/default.nix b/pkgs/development/libraries/tix/default.nix
@@ -0,0 +1,55 @@
+{ stdenv, fetchurl, tcl, tk, fetchpatch } :
+
+stdenv.mkDerivation rec {
+  version = "8.4.3";
+  name = "tix-${version}";
+  src = fetchurl {
+     url = "mirror://sourceforge/tix/tix/8.4.3/Tix8.4.3-src.tar.gz";
+     sha256 = "1jq3dkyk9mqkj4cg7mdk5r0cclqsby9l2b7wrysi0zk5yw7h8bsn";
+  };
+  patches = [ 
+  (fetchpatch {
+    name = "tix-8.4.3-tcl8.5.patch";
+    url = "https://gitweb.gentoo.org/repo/gentoo.git/plain/dev-tcltk/tix/files/tix-8.4.3-tcl8.5.patch?id=56bd759df1d0c750a065b8c845e93d5dfa6b549d";
+    sha256 = "0wzqmcxxq0rqpnjgxz10spw92yhfygnlwv0h8pcx2ycnqiljz6vj";
+    })
+  ] ++ stdenv.lib.optional (tcl.release == "8.6")
+  (fetchpatch {
+    name = "tix-8.4.3-tcl8.6.patch";
+    url = "https://gitweb.gentoo.org/repo/gentoo.git/plain/dev-tcltk/tix/files/tix-8.4.3-tcl8.6.patch?id=56bd759df1d0c750a065b8c845e93d5dfa6b549d";
+    sha256 = "1jaz0l22xj7x1k4rb9ia6i1psnbwk4pblgq4gfvya7gg7fbb7r36";
+    })
+  ;
+  buildInputs = [ tcl tk ];
+  # the configure script expects to find the location of the sources of
+  # tcl and tk in {tcl,tk}Config.sh
+  # In fact, it only needs some private headers. We copy them in 
+  # the private_headers folders and trick the configure script into believing
+  # the sources are here.
+  preConfigure = ''
+    mkdir -p private_headers/generic
+    < ${tcl}/lib/tclConfig.sh sed "s@TCL_SRC_DIR=.*@TCL_SRC_DIR=private_headers@" > tclConfig.sh
+    < ${tk}/lib/tkConfig.sh sed "s@TK_SRC_DIR=.*@TK_SRC_DIR=private_headers@" > tkConfig.sh
+    for i in ${tcl}/include/* ${tk.dev}/include/*; do
+      ln -s $i private_headers/generic;
+    done;
+    '';
+  configureFlags = ''
+      --with-tclinclude=${tcl}/include
+      --with-tclconfig=.
+      --with-tkinclude=${tk.dev}/include
+      --with-tkconfig=.
+      --libdir=''${prefix}/lib
+    '';
+
+  meta = with stdenv.lib; {
+    description = "A widget library for Tcl/Tk";
+    homepage    = http://tix.sourceforge.net/;
+    platforms   = platforms.all;
+    license     = with licenses; [
+      bsd2 # tix
+      gpl2 # patches from portage
+    ];
+  };
+}
+
diff --git a/pkgs/development/libraries/tk/generic.nix b/pkgs/development/libraries/tk/generic.nix
@@ -16,6 +16,7 @@ stdenv.mkDerivation {
 
   postInstall = ''
     ln -s $out/bin/wish* $out/bin/wish
+    cp ../{unix,generic}/*.h $out/include
   '';
 
   configureFlags = [

diff --git a/pkgs/development/libraries/zimlib/default.nix b/pkgs/development/libraries/zimlib/default.nix
@@ -10,7 +10,7 @@ stdenv.mkDerivation {
   };
   buildInputs = [ automake autoconf libtool lzma ];
   setSourceRoot = "cd openzim-*/zimlib; export sourceRoot=`pwd`";
-  preConfigurePhases = [ "./autogen.sh" ];
+  preConfigure = "./autogen.sh";
 
   meta = {
     description = "Library for reading and writing ZIM files (file format for storing Web content offline)";

diff --git a/pkgs/development/tools/misc/gnum4/default.nix b/pkgs/development/tools/misc/gnum4/default.nix
@@ -1,11 +1,11 @@
 { stdenv, fetchurl }:
 
 stdenv.mkDerivation rec {
-  name = "gnum4-1.4.17";
+  name = "gnum4-1.4.18";
 
   src = fetchurl {
-    url = "mirror://gnu/m4/m4-1.4.17.tar.bz2";
-    sha256 = "0w0da1chh12mczxa5lnwzjk9czi3dq6gnnndbpa6w4rj76b1yklf";
+    url = "mirror://gnu/m4/m4-1.4.18.tar.bz2";
+    sha256 = "1xkwwq0sgv05cla0g0a01yzhk0wpsn9y40w9kh9miiiv0imxfh36";
   };
 
   doCheck = false;

diff --git a/pkgs/development/tools/parsing/flex/2.6.1.nix b/pkgs/development/tools/parsing/flex/2.6.1.nix
@@ -0,0 +1,37 @@
+{ stdenv, fetchurl, bison, m4 }:
+
+stdenv.mkDerivation rec {
+  name = "flex-2.6.1";
+
+  src = fetchurl {
+    url = "https://github.com/westes/flex/releases/download/v2.6.1/flex-2.6.1.tar.gz";
+    sha256 = "0fy14c35yz2m1n1m4f02by3501fn0cca37zn7jp8lpp4b3kgjhrw";
+  };
+
+  buildInputs = [ bison ];
+
+  propagatedNativeBuildInputs = [ m4 ];
+
+  postConfigure = stdenv.lib.optionalString (stdenv.isDarwin || stdenv.isCygwin) ''
+    sed -i Makefile -e 's/-no-undefined//;'
+  '';
+
+  crossAttrs = {
+
+    # disable tests which can't run on build machine
+    postPatch = ''
+      substituteInPlace Makefile.in --replace "tests" " ";
+    '';
+
+    preConfigure = ''
+      export ac_cv_func_malloc_0_nonnull=yes
+      export ac_cv_func_realloc_0_nonnull=yes
+    '';
+  };
+
+  meta = {
+    homepage = https://github.com/westes/flex;
+    description = "A fast lexical analyser generator";
+    platforms = stdenv.lib.platforms.unix;
+  };
+}