Skip to content

Commit

Permalink
Merge branch 'staging'
Browse files Browse the repository at this point in the history 
Contains security fixes in X server and X libs.
On Hydra, the amount to rebuild on master is now higher than on staging;
the comparison looks OK.
  • Loading branch information
@vcunat
vcunat committed Oct 15, 2017
2 parents 5a21efd + 75e4191 commit 3ee33f3
Show file tree
Hide file tree
Showing 54 changed files with 180 additions and 221 deletions.
8 changes: 0 additions & 8 deletions pkgs/applications/altcoins/go-ethereum.nix
View file
Expand Up @@ -19,14 +19,6 @@ buildGoPackage rec {
sha256 = "11n77zlf8qixhx26sqf33v911716msi6h0z4ng8gxhzhznrn2nrd";
};

# Fix cyclic referencing on Darwin
postInstall = stdenv.lib.optionalString (stdenv.isDarwin) ''
for file in $bin/bin/*; do
# Not all files are referencing $out/lib so consider this step non-critical
install_name_tool -delete_rpath $out/lib $file || true
done
'';

meta = with stdenv.lib; {
homepage = https://ethereum.github.io/go-ethereum/;
description = "Official golang implementation of the Ethereum protocol";
Expand Down
11 changes: 2 additions & 9 deletions pkgs/applications/networking/mailreaders/neomutt/default.nix
View file
@@ -1,5 +1,5 @@
{ stdenv, fetchFromGitHub, which, autoreconfHook, ncurses, perl
, cyrus_sasl, gss, gpgme, kerberos, libidn, notmuch, openssl, lmdb, libxslt, docbook_xsl }:
, cyrus_sasl, gss, gpgme, kerberos, libidn, notmuch, openssl, lmdb, libxslt, docbook_xsl, docbook_xml_dtd_42 }:

stdenv.mkDerivation rec {
version = "20171013";
Expand All @@ -12,19 +12,12 @@ stdenv.mkDerivation rec {
sha256 = "0zn8imqfa76bxpkpy111c4vn6vjarbxc8gqv6m18qkksk0ly26l1";
};

nativeBuildInputs = [ autoreconfHook docbook_xsl libxslt.bin which ];
nativeBuildInputs = [ autoreconfHook docbook_xsl docbook_xml_dtd_42 libxslt.bin which ];
buildInputs = [
cyrus_sasl gss gpgme kerberos libidn ncurses
notmuch openssl perl lmdb
];

postPatch = ''
for f in doc/*.xsl ; do
substituteInPlace $f \
--replace http://docbook.sourceforge.net/release/xsl/current ${docbook_xsl}/share/xml/docbook-xsl
done
'';

configureFlags = [
"--enable-debug"
"--enable-gpgme"
Expand Down
2 changes: 0 additions & 2 deletions pkgs/applications/networking/syncthing/inotify.nix
View file
Expand Up @@ -25,8 +25,6 @@ buildGoPackage rec {
substitute $src/etc/linux-systemd/user/syncthing-inotify.service \
$bin/lib/systemd/user/syncthing-inotify.service \
--replace /usr/bin/syncthing-inotify $bin/bin/syncthing-inotify
'' + stdenv.lib.optionalString stdenv.isDarwin ''
install_name_tool -delete_rpath $out/lib -add_rpath $bin $bin/bin/syncthing-inotify
'';

meta = with stdenv.lib; {
Expand Down
4 changes: 1 addition & 3 deletions pkgs/applications/version-management/gogs/default.nix
View file
Expand Up @@ -29,9 +29,7 @@ buildGoPackage rec {

outputs = [ "bin" "out" "data" ];

postInstall = stdenv.lib.optionalString stdenv.isDarwin ''
install_name_tool -delete_rpath $out/lib $bin/bin/gogs
'' + ''
postInstall = ''
mkdir $data
cp -R $src/{public,templates} $data
Expand Down
3 changes: 3 additions & 0 deletions pkgs/applications/video/aegisub/default.nix
View file
Expand Up @@ -29,6 +29,9 @@ stdenv.mkDerivation rec {
sha256 = "11b83qazc8h0iidyj1rprnnjdivj1lpphvpa08y53n42bfa36pn5";
};

# Fixup build with icu-59
postPatch = "sed '1i#include <unicode/unistr.h>' -i src/utils.cpp";

buildInputs = with stdenv.lib;
[ pkgconfig intltool libX11 wxGTK fontconfig freetype mesa
libass fftw ffms ffmpeg zlib icu boost boost.out libiconv
Expand Down
8 changes: 5 additions & 3 deletions pkgs/build-support/cc-wrapper/ld-wrapper.sh
View file
Expand Up @@ -171,11 +171,13 @@ if [ "$NIX_@infixSalt@_DONT_SET_RPATH" != 1 ]; then
done
done

if [ -n "${NIX_COREFOUNDATION_RPATH:-}" ]; then
extraAfter+=(-rpath $NIX_COREFOUNDATION_RPATH)
fi
fi

# This is outside the DONT_SET_RPATH branch because it's more targeted and we
# usually want it (on Darwin) even if DONT_SET_RPATH is set.
if [ -n "${NIX_COREFOUNDATION_RPATH:-}" ]; then
extraAfter+=(-rpath $NIX_COREFOUNDATION_RPATH)
fi

# Only add --build-id if this is a final link. FIXME: should build gcc
# with --enable-linker-build-id instead?
Expand Down
4 changes: 2 additions & 2 deletions pkgs/data/sgml+xml/schemas/xml-dtd/docbook/4.1.2.nix
View file
@@ -1,4 +1,4 @@
{stdenv, fetchurl, unzip}:
{stdenv, fetchurl, unzip, findXMLCatalogs}:

let

Expand All @@ -12,7 +12,7 @@ let
in

import ./generic.nix {
inherit stdenv fetchurl unzip;
inherit stdenv fetchurl unzip findXMLCatalogs;
name = "docbook-xml-4.1.2";
src = fetchurl {
url = http://www.docbook.org/xml/4.1.2/docbkx412.zip;
Expand Down
4 changes: 2 additions & 2 deletions pkgs/data/sgml+xml/schemas/xml-dtd/docbook/4.2.nix
View file
@@ -1,7 +1,7 @@
{stdenv, fetchurl, unzip}:
{stdenv, fetchurl, unzip, findXMLCatalogs}:

import ./generic.nix {
inherit stdenv fetchurl unzip;
inherit stdenv fetchurl unzip findXMLCatalogs;
name = "docbook-xml-4.2";
src = fetchurl {
url = http://www.docbook.org/xml/4.2/docbook-xml-4.2.zip;
Expand Down
4 changes: 2 additions & 2 deletions pkgs/data/sgml+xml/schemas/xml-dtd/docbook/4.3.nix
View file
@@ -1,7 +1,7 @@
{stdenv, fetchurl, unzip}:
{stdenv, fetchurl, unzip, findXMLCatalogs}:

import ./generic.nix {
inherit stdenv fetchurl unzip;
inherit stdenv fetchurl unzip findXMLCatalogs;
name = "docbook-xml-4.3";
src = fetchurl {
url = http://www.docbook.org/xml/4.3/docbook-xml-4.3.zip;
Expand Down
4 changes: 2 additions & 2 deletions pkgs/data/sgml+xml/schemas/xml-dtd/docbook/4.4.nix
View file
@@ -1,7 +1,7 @@
{stdenv, fetchurl, unzip}:
{stdenv, fetchurl, unzip, findXMLCatalogs}:

import ./generic.nix {
inherit stdenv fetchurl unzip;
inherit stdenv fetchurl unzip findXMLCatalogs;
name = "docbook-xml-4.4";
src = fetchurl {
url = http://www.docbook.org/xml/4.4/docbook-xml-4.4.zip;
Expand Down
4 changes: 2 additions & 2 deletions pkgs/data/sgml+xml/schemas/xml-dtd/docbook/4.5.nix
View file
@@ -1,7 +1,7 @@
{stdenv, fetchurl, unzip}:
{stdenv, fetchurl, unzip, findXMLCatalogs}:

import ./generic.nix {
inherit stdenv fetchurl unzip;
inherit stdenv fetchurl unzip findXMLCatalogs;
name = "docbook-xml-4.5";
src = fetchurl {
url = http://www.docbook.org/xml/4.5/docbook-xml-4.5.zip;
Expand Down
3 changes: 2 additions & 1 deletion pkgs/data/sgml+xml/schemas/xml-dtd/docbook/generic.nix
View file
@@ -1,11 +1,12 @@
{ stdenv, fetchurl, unzip, src, name, postInstall ? "true", meta ? {} }:
{ stdenv, fetchurl, unzip, src, name, postInstall ? "true", meta ? {}, findXMLCatalogs }:

assert unzip != null;

stdenv.mkDerivation {
inherit src name postInstall;
builder = ./builder.sh;
buildInputs = [unzip];
propagatedBuildInputs = [ findXMLCatalogs ];

meta = meta // {
platforms = stdenv.lib.platforms.unix;
Expand Down
4 changes: 3 additions & 1 deletion pkgs/data/sgml+xml/stylesheets/xslt/docbook-xsl/default.nix
View file
@@ -1,4 +1,4 @@
{ lib, stdenv, fetchurl }:
{ lib, stdenv, fetchurl, findXMLCatalogs }:

let

Expand All @@ -10,6 +10,8 @@ let
inherit sha256;
};

propagatedBuildInputs = [ findXMLCatalogs ];

dontBuild = true;

installPhase = ''
Expand Down
10 changes: 5 additions & 5 deletions pkgs/desktops/gnome-3/core/libgee/default.nix
View file
@@ -1,22 +1,22 @@
{ stdenv, fetchurl, autoconf, vala_0_32, pkgconfig, glib, gobjectIntrospection, gnome3 }:
{ stdenv, fetchurl, autoconf, vala, pkgconfig, glib, gobjectIntrospection, gnome3 }:
let
ver_maj = "0.18";
ver_maj = "0.20";
ver_min = "0";
in
stdenv.mkDerivation rec {
name = "libgee-${ver_maj}.${ver_min}";

src = fetchurl {
url = "mirror://gnome/sources/libgee/${ver_maj}/${name}.tar.xz";
sha256 = "16a34js81w9m2bw4qd8csm4pcgr3zq5z87867j4b8wfh6zwrxnaa";
sha256 = "1fy24dr8imrjlmsqj1syn0gi139gba6hwk3j5vd6sr3pxniqnc11";
};

doCheck = true;

patches = [ ./fix_introspection_paths.patch ];

nativeBuildInputs = [ pkgconfig ];
buildInputs = [ autoconf vala_0_32 glib gobjectIntrospection ];
nativeBuildInputs = [ pkgconfig autoconf vala pkgconfig gobjectIntrospection ];
buildInputs = [ glib ];

meta = with stdenv.lib; {
description = "Utility library providing GObject-based interfaces and classes for commonly used data structures";
Expand Down
5 changes: 1 addition & 4 deletions pkgs/desktops/gnome-3/default.nix
View file
Expand Up @@ -366,10 +366,7 @@ let

california = callPackage ./misc/california { };

geary = callPackage ./misc/geary {
# https://bugzilla.gnome.org/show_bug.cgi?id=728002
webkitgtk = pkgs.webkitgtk24x-gtk3;
};
geary = callPackage ./misc/geary { };

gfbgraph = callPackage ./misc/gfbgraph { };

Expand Down
27 changes: 10 additions & 17 deletions pkgs/desktops/gnome-3/misc/geary/default.nix
View file
@@ -1,41 +1,34 @@
{ stdenv, fetchurl, intltool, pkgconfig, gtk3, vala_0_32
, makeWrapper, gdk_pixbuf, cmake, desktop_file_utils
{ stdenv, fetchurl, intltool, pkgconfig, gtk3, vala_0_38, enchant
, wrapGAppsHook, gdk_pixbuf, cmake, desktop_file_utils
, libnotify, libcanberra_gtk3, libsecret, gmime
, libpthreadstubs, sqlite
, gnome3, librsvg, gnome_doc_utils, webkitgtk }:

let
majorVersion = "0.11";
majorVersion = "0.12";
in
stdenv.mkDerivation rec {
name = "geary-${majorVersion}.3";
name = "geary-${majorVersion}.0";

src = fetchurl {
url = "mirror://gnome/sources/geary/${majorVersion}/${name}.tar.xz";
sha256 = "1r42ijxafach5lv8ibs6y0l5k4nacjg427dnma8fj00xr1sri7j1";
sha256 = "0ii4qaqfqx90kvqwg0g9jahygkir4mb03ja55fa55yyx6cq0kwff";
};

propagatedUserEnvPkgs = [ gnome3.gnome_themes_standard ];

nativeBuildInputs = [ pkgconfig ];
buildInputs = [ intltool gtk3 makeWrapper cmake desktop_file_utils gnome_doc_utils
vala_0_32 webkitgtk libnotify libcanberra_gtk3 gnome3.libgee libsecret gmime sqlite
nativeBuildInputs = [ vala_0_38 intltool pkgconfig wrapGAppsHook cmake desktop_file_utils gnome_doc_utils ];
buildInputs = [ gtk3 enchant webkitgtk libnotify libcanberra_gtk3 gnome3.libgee libsecret gmime sqlite
libpthreadstubs gnome3.gsettings_desktop_schemas gnome3.gcr
gdk_pixbuf librsvg gnome3.defaultIconTheme ];

preConfigure = ''
substituteInPlace src/CMakeLists.txt --replace '`pkg-config --variable=girdir gobject-introspection-1.0`' '${webkitgtk}/share/gir-1.0'
'';

postInstall = ''
mkdir -p $out/share/gsettings-schemas/${name}/
mv $out/share/glib-2.0 $out/share/gsettings-schemas/${name}
substituteInPlace src/CMakeLists.txt --replace '`''${PKG_CONFIG_EXECUTABLE} --variable=girdir gobject-introspection-1.0`' '${webkitgtk.dev}/share/gir-1.0'
'';

preFixup = ''
wrapProgram "$out/bin/geary" \
--set GDK_PIXBUF_MODULE_FILE "$GDK_PIXBUF_MODULE_FILE" \
--prefix XDG_DATA_DIRS : "$XDG_ICON_DIRS:${gnome3.gnome_themes_standard}/share:$out/share:$GSETTINGS_SCHEMAS_PATH"
# Add geary to path for geary-attach
gappsWrapperArgs+=(--prefix PATH : "$out/bin")
'';

enableParallelBuilding = true;
Expand Down
6 changes: 6 additions & 0 deletions pkgs/development/compilers/llvm/3.5/llvm.nix
View file
Expand Up @@ -33,6 +33,12 @@ in stdenv.mkDerivation rec {

propagatedBuildInputs = [ ncurses zlib ];

prePatch = ''
substituteInPlace CMakeLists.txt \
--replace 'set(CMAKE_INSTALL_NAME_DIR "@rpath")' "set(CMAKE_INSTALL_NAME_DIR "$out/lib")" \
--replace 'set(CMAKE_INSTALL_RPATH "@executable_path/../lib")' ""
'';

# hacky fix: created binaries need to be run before installation
preBuild = ''
mkdir -p $out/
Expand Down
7 changes: 5 additions & 2 deletions pkgs/development/compilers/llvm/3.8/llvm.nix
View file
Expand Up @@ -44,7 +44,11 @@ in stdenv.mkDerivation rec {
# 10.9. This is a temporary measure until nixpkgs darwin support is
# updated.
postPatch = stdenv.lib.optionalString stdenv.isDarwin ''
sed -i 's/os_trace(\(.*\)");$/printf(\1\\n");/g' ./projects/compiler-rt/lib/sanitizer_common/sanitizer_mac.cc
sed -i 's/os_trace(\(.*\)");$/printf(\1\\n");/g' ./projects/compiler-rt/lib/sanitizer_common/sanitizer_mac.cc
substituteInPlace CMakeLists.txt \
--replace 'set(CMAKE_INSTALL_NAME_DIR "@rpath")' "set(CMAKE_INSTALL_NAME_DIR "$out/lib")" \
--replace 'set(CMAKE_INSTALL_RPATH "@executable_path/../lib")' ""
'';

# hacky fix: created binaries need to be run before installation
Expand Down Expand Up @@ -75,7 +79,6 @@ in stdenv.mkDerivation rec {
'';

postInstall = stdenv.lib.optionalString (stdenv.isDarwin && enableSharedLibraries) ''
install_name_tool -id $out/lib/libLLVM.dylib $out/lib/libLLVM.dylib
ln -s $out/lib/libLLVM.dylib $out/lib/libLLVM-${version}.dylib
'';

Expand Down
6 changes: 4 additions & 2 deletions pkgs/development/compilers/llvm/3.9/llvm.nix
View file
Expand Up @@ -82,6 +82,10 @@ in stdenv.mkDerivation rec {
+ stdenv.lib.optionalString stdenv.isDarwin ''
substituteInPlace ./projects/compiler-rt/cmake/config-ix.cmake \
--replace 'set(COMPILER_RT_HAS_TSAN TRUE)' 'set(COMPILER_RT_HAS_TSAN FALSE)'
substituteInPlace CMakeLists.txt \
--replace 'set(CMAKE_INSTALL_NAME_DIR "@rpath")' "set(CMAKE_INSTALL_NAME_DIR "$lib/lib")" \
--replace 'set(CMAKE_INSTALL_RPATH "@executable_path/../lib")' ""
''
# Patch llvm-config to return correct library path based on --link-{shared,static}.
+ stdenv.lib.optionalString (enableSharedLibraries) ''
Expand Down Expand Up @@ -130,8 +134,6 @@ in stdenv.mkDerivation rec {
+ stdenv.lib.optionalString (stdenv.isDarwin && enableSharedLibraries) ''
substituteInPlace "$out/lib/cmake/llvm/LLVMExports-release.cmake" \
--replace "\''${_IMPORT_PREFIX}/lib/libLLVM.dylib" "$lib/lib/libLLVM.dylib"
install_name_tool -id $lib/lib/libLLVM.dylib $lib/lib/libLLVM.dylib
install_name_tool -change @rpath/libLLVM.dylib $lib/lib/libLLVM.dylib $out/bin/llvm-config
ln -s $lib/lib/libLLVM.dylib $lib/lib/libLLVM-${shortVersion}.dylib
ln -s $lib/lib/libLLVM.dylib $lib/lib/libLLVM-${version}.dylib
'';
Expand Down
6 changes: 4 additions & 2 deletions pkgs/development/compilers/llvm/4/llvm.nix
View file
Expand Up @@ -58,6 +58,10 @@ in stdenv.mkDerivation rec {
postPatch = stdenv.lib.optionalString stdenv.isDarwin ''
substituteInPlace ./projects/compiler-rt/cmake/config-ix.cmake \
--replace 'set(COMPILER_RT_HAS_TSAN TRUE)' 'set(COMPILER_RT_HAS_TSAN FALSE)'
substituteInPlace cmake/modules/AddLLVM.cmake \
--replace 'set(_install_name_dir INSTALL_NAME_DIR "@rpath")' "set(_install_name_dir INSTALL_NAME_DIR "$lib/lib")" \
--replace 'set(_install_rpath "@loader_path/../lib" ''${extra_libdir})' ""
''
# Patch llvm-config to return correct library path based on --link-{shared,static}.
+ stdenv.lib.optionalString (enableSharedLibraries) ''
Expand Down Expand Up @@ -121,8 +125,6 @@ in stdenv.mkDerivation rec {
+ stdenv.lib.optionalString (stdenv.isDarwin && enableSharedLibraries) ''
substituteInPlace "$out/lib/cmake/llvm/LLVMExports-${if debugVersion then "debug" else "release"}.cmake" \
--replace "\''${_IMPORT_PREFIX}/lib/libLLVM.dylib" "$lib/lib/libLLVM.dylib"
install_name_tool -id $lib/lib/libLLVM.dylib $lib/lib/libLLVM.dylib
install_name_tool -change @rpath/libLLVM.dylib $lib/lib/libLLVM.dylib $out/bin/llvm-config
ln -s $lib/lib/libLLVM.dylib $lib/lib/libLLVM-${shortVersion}.dylib
ln -s $lib/lib/libLLVM.dylib $lib/lib/libLLVM-${release_version}.dylib
'';
Expand Down
6 changes: 4 additions & 2 deletions pkgs/development/compilers/llvm/5/llvm.nix
View file
Expand Up @@ -58,6 +58,10 @@ in stdenv.mkDerivation rec {
postPatch = stdenv.lib.optionalString stdenv.isDarwin ''
substituteInPlace ./projects/compiler-rt/cmake/config-ix.cmake \
--replace 'set(COMPILER_RT_HAS_TSAN TRUE)' 'set(COMPILER_RT_HAS_TSAN FALSE)'
substituteInPlace cmake/modules/AddLLVM.cmake \
--replace 'set(_install_name_dir INSTALL_NAME_DIR "@rpath")' "set(_install_name_dir INSTALL_NAME_DIR "$lib/lib")" \
--replace 'set(_install_rpath "@loader_path/../lib" ''${extra_libdir})' ""
''
# Patch llvm-config to return correct library path based on --link-{shared,static}.
+ stdenv.lib.optionalString (enableSharedLibraries) ''
Expand Down Expand Up @@ -129,8 +133,6 @@ in stdenv.mkDerivation rec {
+ stdenv.lib.optionalString (stdenv.isDarwin && enableSharedLibraries) ''
substituteInPlace "$out/lib/cmake/llvm/LLVMExports-${if debugVersion then "debug" else "release"}.cmake" \
--replace "\''${_IMPORT_PREFIX}/lib/libLLVM.dylib" "$lib/lib/libLLVM.dylib"
install_name_tool -id $lib/lib/libLLVM.dylib $lib/lib/libLLVM.dylib
install_name_tool -change @rpath/libLLVM.dylib $lib/lib/libLLVM.dylib $out/bin/llvm-config
ln -s $lib/lib/libLLVM.dylib $lib/lib/libLLVM-${shortVersion}.dylib
ln -s $lib/lib/libLLVM.dylib $lib/lib/libLLVM-${release_version}.dylib
'';
Expand Down
4 changes: 2 additions & 2 deletions pkgs/development/libraries/dbus/default.nix
View file
Expand Up @@ -6,8 +6,8 @@ assert x11Support -> libX11 != null
&& libSM != null;

let
version = "1.10.22";
sha256 = "15vv9gz5i4f5l7h0d045qz5iyvl89hjk2k83lb4vbizd7qg41cg2";
version = "1.10.24";
sha256 = "06ydmrg76l1kwl3190d72zpiy3qxy248x6gskxbj9qiqfsr4w63i";

self = stdenv.mkDerivation {
name = "dbus-${version}";
Expand Down
15 changes: 1 addition & 14 deletions pkgs/development/libraries/drumstick/default.nix
View file
Expand Up @@ -15,25 +15,12 @@ stdenv.mkDerivation rec {

enableParallelBuilding = true;

# Prevent the manpage builds from attempting to access the Internet.
prePatch = ''
substituteInPlace cmake_admin/CreateManpages.cmake --replace \
http://docbook.sourceforge.net/release/xsl/current/manpages/docbook.xsl \
${docbook_xsl}/xml/xsl/docbook/manpages/docbook.xsl
for xml in doc/*.xml.in; do
substituteInPlace "$xml" --replace \
http://www.docbook.org/xml/4.5/docbookx.dtd \
${docbook_xml_dtd_45}/xml/dtd/docbook/docbookx.dtd
done
'';

#Temporarily remove drumstick-piano; Gives segment fault. Submitted ticket
postInstall = ''
rm $out/bin/drumstick-vpiano
'';

nativeBuildInputs = [ cmake pkgconfig ];
nativeBuildInputs = [ cmake pkgconfig docbook_xsl docbook_xml_dtd_45 docbook_xml_dtd_45 ];
buildInputs = [
alsaLib doxygen fluidsynth qt5.qtbase qt5.qtsvg
];
Expand Down

0 comments on commit 3ee33f3

Please sign in to comment.