mirror of
https://github.com/NixOS/nixpkgs.git
synced 2025-01-18 19:03:28 +00:00
Merge branch 'staging'
This commit is contained in:
commit
19cd9f16a0
@ -29,6 +29,9 @@ stdenv.mkDerivation rec {
|
||||
"-DPARAVIEW_INSTALL_DEVELOPMENT=ON"
|
||||
];
|
||||
|
||||
# https://bugzilla.redhat.com/show_bug.cgi?id=1138466
|
||||
NIX_CFLAGS_COMPILE = "-DGLX_GLXEXT_LEGACY";
|
||||
|
||||
enableParallelBuilding = true;
|
||||
|
||||
buildInputs = [ cmake qt4 hdf5 mpich2 python libxml2 mesa libXt ];
|
||||
|
@ -80,8 +80,8 @@ if [ "$NIX_ENFORCE_PURITY" = 1 -a -n "$NIX_STORE" ]; then
|
||||
fi
|
||||
|
||||
if [[ "@prog@" = *++ ]]; then
|
||||
if echo "$@" | grep -qvw -- -nostdlib; then
|
||||
NIX_CFLAGS_COMPILE="$NIX_CFLAGS_COMPILE $NIX_CXXSTDLIB_COMPILE"
|
||||
if echo "$@" | grep -qv -- -nostdlib; then
|
||||
NIX_CFLAGS_COMPILE="$NIX_CFLAGS_COMPILE ${NIX_CXXSTDLIB_COMPILE-@default_cxx_stdlib_compile@}"
|
||||
NIX_CFLAGS_LINK="$NIX_CFLAGS_LINK $NIX_CXXSTDLIB_LINK"
|
||||
fi
|
||||
fi
|
||||
|
@ -169,6 +169,12 @@ stdenv.mkDerivation {
|
||||
|
||||
export real_cc=cc
|
||||
export real_cxx=c++
|
||||
export default_cxx_stdlib_compile="${
|
||||
if stdenv.isLinux && !(cc.isGNU or false)
|
||||
then "-isystem $(echo -n ${cc.gcc}/include/c++/*) -isystem $(echo -n ${cc.gcc}/include/c++/*)/$(${cc.gcc}/bin/gcc -dumpmachine)"
|
||||
else ""
|
||||
}"
|
||||
|
||||
if [ -e $ccPath/gcc ]; then
|
||||
wrap gcc ${./cc-wrapper.sh} $ccPath/gcc
|
||||
ln -s gcc $out/bin/cc
|
||||
|
@ -475,7 +475,7 @@ stdenv.mkDerivation ({
|
||||
else null;
|
||||
|
||||
passthru =
|
||||
{ inherit langC langCC langAda langFortran langVhdl langGo enableMultilib version; };
|
||||
{ inherit langC langCC langAda langFortran langVhdl langGo enableMultilib version; isGNU = true; };
|
||||
|
||||
inherit enableParallelBuilding;
|
||||
|
||||
|
@ -0,0 +1,29 @@
|
||||
diff -Naur clang-3.6.0.src-orig/CMakeLists.txt clang-3.6.0.src/CMakeLists.txt
|
||||
--- clang-3.6.0.src-orig/CMakeLists.txt 2015-03-05 05:56:20.788520896 +0100
|
||||
+++ clang-3.6.0.src/CMakeLists.txt 2015-03-05 06:02:15.589365469 +0100
|
||||
@@ -362,6 +362,7 @@
|
||||
|
||||
if (NOT LLVM_INSTALL_TOOLCHAIN_ONLY OR ${name} STREQUAL "libclang")
|
||||
install(TARGETS ${name}
|
||||
+ EXPORT ClangTargets
|
||||
LIBRARY DESTINATION lib${LLVM_LIBDIR_SUFFIX}
|
||||
ARCHIVE DESTINATION lib${LLVM_LIBDIR_SUFFIX}
|
||||
RUNTIME DESTINATION bin)
|
||||
@@ -516,15 +517,15 @@
|
||||
set(CLANG_INSTALL_PACKAGE_DIR share/clang/cmake)
|
||||
set(clang_cmake_builddir "${CMAKE_BINARY_DIR}/${CLANG_INSTALL_PACKAGE_DIR}")
|
||||
get_property(CLANG_EXPORTS GLOBAL PROPERTY CLANG_EXPORTS)
|
||||
- export(TARGETS ${CLANG_EXPORTS} FILE ${clang_cmake_builddir}/ClangTargets.cmake)
|
||||
|
||||
# Install a <prefix>/share/clang/cmake/ClangConfig.cmake file so that
|
||||
# find_package(Clang) works. Install the target list with it.
|
||||
install(FILES
|
||||
${CMAKE_CURRENT_SOURCE_DIR}/cmake/modules/ClangConfig.cmake
|
||||
- ${CLANG_BINARY_DIR}/share/clang/cmake/ClangTargets.cmake
|
||||
DESTINATION share/clang/cmake)
|
||||
|
||||
+ install(EXPORT ClangTargets DESTINATION share/clang/cmake)
|
||||
+
|
||||
# Also copy ClangConfig.cmake to the build directory so that dependent projects
|
||||
# can build against a build directory of Clang more easily.
|
||||
configure_file(
|
54
pkgs/development/compilers/llvm/3.6/clang/default.nix
Normal file
54
pkgs/development/compilers/llvm/3.6/clang/default.nix
Normal file
@ -0,0 +1,54 @@
|
||||
{ stdenv, fetch, cmake, libxml2, libedit, llvm, version, clang-tools-extra_src }:
|
||||
|
||||
let
|
||||
gcc = if stdenv.cc.cc.isGNU or false then stdenv.cc.cc else stdenv.cc.cc.gcc;
|
||||
in stdenv.mkDerivation {
|
||||
name = "clang-${version}";
|
||||
|
||||
unpackPhase = ''
|
||||
unpackFile ${fetch "cfe" "0b8825mvdhfk5r9gwcwp1j2dl9kw5glgyk7pybq2dzhrh4vnj3my"}
|
||||
mv cfe-${version}.src clang
|
||||
sourceRoot=$PWD/clang
|
||||
unpackFile ${clang-tools-extra_src}
|
||||
mv clang-tools-extra-* $sourceRoot/tools/extra
|
||||
'';
|
||||
|
||||
buildInputs = [ cmake libedit libxml2 llvm ];
|
||||
|
||||
cmakeFlags = [
|
||||
"-DCMAKE_BUILD_TYPE=Release"
|
||||
"-DCMAKE_CXX_FLAGS=-std=c++11"
|
||||
] ++
|
||||
# Maybe with compiler-rt this won't be needed?
|
||||
(stdenv.lib.optional stdenv.isLinux "-DGCC_INSTALL_PREFIX=${gcc}") ++
|
||||
(stdenv.lib.optional (stdenv.cc.libc != null) "-DC_INCLUDE_DIRS=${stdenv.cc.libc}/include");
|
||||
|
||||
patches = [ ./purity.patch ./cmake-exports.patch ];
|
||||
|
||||
postPatch = ''
|
||||
sed -i -e 's/Args.hasArg(options::OPT_nostdlibinc)/true/' lib/Driver/Tools.cpp
|
||||
sed -i -e 's/DriverArgs.hasArg(options::OPT_nostdlibinc)/true/' lib/Driver/ToolChains.cpp
|
||||
'';
|
||||
|
||||
# Clang expects to find LLVMgold in its own prefix
|
||||
# Clang expects to find sanitizer libraries in its own prefix
|
||||
postInstall = ''
|
||||
ln -sv ${llvm}/lib/LLVMgold.so $out/lib
|
||||
ln -sv ${llvm}/lib/clang/${version}/lib $out/lib/clang/${version}/
|
||||
ln -sv $out/bin/clang $out/bin/cpp
|
||||
'';
|
||||
|
||||
enableParallelBuilding = true;
|
||||
|
||||
passthru = stdenv.lib.optionalAttrs stdenv.isLinux {
|
||||
inherit gcc;
|
||||
};
|
||||
|
||||
meta = {
|
||||
description = "A c, c++, objective-c, and objective-c++ frontend for the llvm compiler";
|
||||
homepage = http://llvm.org/;
|
||||
license = stdenv.lib.licenses.bsd3;
|
||||
maintainers = [ stdenv.lib.maintainers.shlevy ];
|
||||
platforms = stdenv.lib.platforms.all;
|
||||
};
|
||||
}
|
22
pkgs/development/compilers/llvm/3.6/clang/purity.patch
Normal file
22
pkgs/development/compilers/llvm/3.6/clang/purity.patch
Normal file
@ -0,0 +1,22 @@
|
||||
diff --git a/lib/Driver/Tools.cpp b/lib/Driver/Tools.cpp
|
||||
index 198e82e..810d006 100644
|
||||
--- a/lib/Driver/Tools.cpp
|
||||
+++ b/lib/Driver/Tools.cpp
|
||||
@@ -7355,17 +7355,6 @@ void gnutools::Link::ConstructJob(Compilation &C, const JobAction &JA,
|
||||
CmdArgs.push_back("-shared");
|
||||
}
|
||||
|
||||
- if (ToolChain.getArch() == llvm::Triple::arm ||
|
||||
- ToolChain.getArch() == llvm::Triple::armeb ||
|
||||
- ToolChain.getArch() == llvm::Triple::thumb ||
|
||||
- ToolChain.getArch() == llvm::Triple::thumbeb ||
|
||||
- (!Args.hasArg(options::OPT_static) &&
|
||||
- !Args.hasArg(options::OPT_shared))) {
|
||||
- CmdArgs.push_back("-dynamic-linker");
|
||||
- CmdArgs.push_back(Args.MakeArgString(
|
||||
- D.DyldPrefix + getLinuxDynamicLinker(Args, ToolChain)));
|
||||
- }
|
||||
-
|
||||
CmdArgs.push_back("-o");
|
||||
CmdArgs.push_back(Output.getFilename());
|
||||
|
35
pkgs/development/compilers/llvm/3.6/default.nix
Normal file
35
pkgs/development/compilers/llvm/3.6/default.nix
Normal file
@ -0,0 +1,35 @@
|
||||
{ pkgs, newScope, stdenv, isl, fetchurl, overrideCC, wrapCC }:
|
||||
let
|
||||
callPackage = newScope (self // { inherit isl version fetch; });
|
||||
|
||||
version = "3.6.0";
|
||||
|
||||
fetch = fetch_v version;
|
||||
fetch_v = ver: name: sha256: fetchurl {
|
||||
url = "http://llvm.org/releases/${ver}/${name}-${ver}.src.tar.xz";
|
||||
inherit sha256;
|
||||
};
|
||||
|
||||
compiler-rt_src = fetch "compiler-rt" "04bbn946jninynkrjyp337xqs8ihn4fkz5xgvmywxkddwmwznjbz";
|
||||
clang-tools-extra_src = fetch "clang-tools-extra" "04n83gsmy2ghvn7vp9hamsgn332rx2g7sa4paskr0d4ihax4ka9s";
|
||||
|
||||
self = {
|
||||
llvm = callPackage ./llvm.nix {
|
||||
inherit compiler-rt_src stdenv;
|
||||
};
|
||||
|
||||
clang-unwrapped = callPackage ./clang {
|
||||
inherit clang-tools-extra_src stdenv;
|
||||
};
|
||||
|
||||
clang = wrapCC self.clang-unwrapped;
|
||||
|
||||
stdenv = overrideCC stdenv self.clang;
|
||||
|
||||
lldb = callPackage ./lldb.nix {};
|
||||
|
||||
libcxx = callPackage ./libc++ {};
|
||||
|
||||
libcxxabi = callPackage ./libc++abi.nix {};
|
||||
};
|
||||
in self
|
30
pkgs/development/compilers/llvm/3.6/libc++/darwin.patch
Normal file
30
pkgs/development/compilers/llvm/3.6/libc++/darwin.patch
Normal file
@ -0,0 +1,30 @@
|
||||
diff -ru -x '*~' libcxx-3.4.2.src-orig/lib/CMakeLists.txt libcxx-3.4.2.src/lib/CMakeLists.txt
|
||||
--- libcxx-3.4.2.src-orig/lib/CMakeLists.txt 2013-11-15 18:18:57.000000000 +0100
|
||||
+++ libcxx-3.4.2.src/lib/CMakeLists.txt 2014-09-24 14:04:01.000000000 +0200
|
||||
@@ -56,7 +56,7 @@
|
||||
"-compatibility_version 1"
|
||||
"-current_version ${LIBCXX_VERSION}"
|
||||
"-install_name /usr/lib/libc++.1.dylib"
|
||||
- "-Wl,-reexport_library,/usr/lib/libc++abi.dylib"
|
||||
+ "-Wl,-reexport_library,${LIBCXX_LIBCXXABI_LIB_PATH}/libc++abi.dylib"
|
||||
"-Wl,-unexported_symbols_list,${CMAKE_CURRENT_SOURCE_DIR}/libc++unexp.exp"
|
||||
"/usr/lib/libSystem.B.dylib")
|
||||
else()
|
||||
@@ -64,14 +64,14 @@
|
||||
list(FIND ${CMAKE_OSX_ARCHITECTURES} "armv7" OSX_HAS_ARMV7)
|
||||
if (OSX_HAS_ARMV7)
|
||||
set(OSX_RE_EXPORT_LINE
|
||||
- "${CMAKE_OSX_SYSROOT}/usr/lib/libc++abi.dylib"
|
||||
+ "${CMAKE_OSX_SYSROOT}${LIBCXX_LIBCXXABI_LIB_PATH}/libc++abi.dylib"
|
||||
"-Wl,-reexported_symbols_list,${CMAKE_CURRENT_SOURCE_DIR}/libc++sjlj-abi.exp")
|
||||
else()
|
||||
set(OSX_RE_EXPORT_LINE
|
||||
- "-Wl,-reexport_library,${CMAKE_OSX_SYSROOT}/usr/lib/libc++abi.dylib")
|
||||
+ "-Wl,-reexport_library,${CMAKE_OSX_SYSROOT}${LIBCXX_LIBCXXABI_LIB_PATH}/libc++abi.dylib")
|
||||
endif()
|
||||
else()
|
||||
- set (OSX_RE_EXPORT_LINE "/usr/lib/libc++abi.dylib -Wl,-reexported_symbols_list,${CMAKE_CURRENT_SOURCE_DIR}/libc++abi${LIBCXX_LIBCPPABI_VERSION}.exp")
|
||||
+ set (OSX_RE_EXPORT_LINE "${LIBCXX_LIBCXXABI_LIB_PATH}/libc++abi.dylib -Wl,-reexported_symbols_list,${CMAKE_CURRENT_SOURCE_DIR}/libc++abi${LIBCXX_LIBCPPABI_VERSION}.exp")
|
||||
endif()
|
||||
|
||||
list(APPEND link_flags
|
41
pkgs/development/compilers/llvm/3.6/libc++/default.nix
Normal file
41
pkgs/development/compilers/llvm/3.6/libc++/default.nix
Normal file
@ -0,0 +1,41 @@
|
||||
{ lib, stdenv, fetch, cmake, libcxxabi, fixDarwinDylibNames, version }:
|
||||
|
||||
stdenv.mkDerivation rec {
|
||||
name = "libc++-${version}";
|
||||
|
||||
src = fetch "libcxx" "1dzvhyrzj54v823biadag5lwxfz37gm8a65aq72pjsh8n211x719";
|
||||
|
||||
# instead of allowing libc++ to link with /usr/lib/libc++abi.dylib,
|
||||
# force it to link with our copy
|
||||
preConfigure = stdenv.lib.optionalString stdenv.isDarwin ''
|
||||
substituteInPlace lib/CMakeLists.txt \
|
||||
--replace 'OSX_RE_EXPORT_LINE "/usr/lib/libc++abi.dylib' \
|
||||
'OSX_RE_EXPORT_LINE "${libcxxabi}/lib/libc++abi.dylib' \
|
||||
--replace '"''${CMAKE_OSX_SYSROOT}/usr/lib/libc++abi.dylib"' \
|
||||
'"${libcxxabi}/lib/libc++abi.dylib"'
|
||||
'';
|
||||
|
||||
patches = [ ./darwin.patch ];
|
||||
|
||||
buildInputs = [ cmake libcxxabi ] ++ lib.optional stdenv.isDarwin fixDarwinDylibNames;
|
||||
|
||||
cmakeFlags =
|
||||
[ "-DCMAKE_BUILD_TYPE=Release"
|
||||
"-DLIBCXX_LIBCXXABI_INCLUDE_PATHS=${libcxxabi}/include"
|
||||
"-DLIBCXX_LIBCXXABI_LIB_PATH=${libcxxabi}/lib"
|
||||
"-DLIBCXX_LIBCPPABI_VERSION=2"
|
||||
"-DLIBCXX_CXX_ABI=libcxxabi"
|
||||
];
|
||||
|
||||
enableParallelBuilding = true;
|
||||
|
||||
setupHook = ./setup-hook.sh;
|
||||
|
||||
meta = {
|
||||
homepage = http://libcxx.llvm.org/;
|
||||
description = "A new implementation of the C++ standard library, targeting C++11";
|
||||
license = "BSD";
|
||||
maintainers = [ stdenv.lib.maintainers.shlevy ];
|
||||
platforms = stdenv.lib.platforms.unix;
|
||||
};
|
||||
}
|
4
pkgs/development/compilers/llvm/3.6/libc++/setup-hook.sh
Normal file
4
pkgs/development/compilers/llvm/3.6/libc++/setup-hook.sh
Normal file
@ -0,0 +1,4 @@
|
||||
export NIX_CFLAGS_COMPILE+=" -isystem @out@/include/c++/v1"
|
||||
|
||||
export NIX_CXXSTDLIB_COMPILE=" -stdlib=libc++"
|
||||
export NIX_CXXSTDLIB_LINK=" -stdlib=libc++"
|
47
pkgs/development/compilers/llvm/3.6/libc++abi.nix
Normal file
47
pkgs/development/compilers/llvm/3.6/libc++abi.nix
Normal file
@ -0,0 +1,47 @@
|
||||
{ stdenv, cmake, fetch, libcxx, libunwind, llvm, version }:
|
||||
|
||||
stdenv.mkDerivation {
|
||||
name = "libc++abi-${version}";
|
||||
|
||||
src = fetch "libcxxabi" "1xclv63l7cmrxkl129w6j9fsxgdm8jjlcm8gswl2y9qmh3dwz2zp";
|
||||
|
||||
buildInputs = [ cmake ] ++ stdenv.lib.optional (!stdenv.isDarwin) libunwind;
|
||||
|
||||
postUnpack = ''
|
||||
unpackFile ${libcxx.src}
|
||||
unpackFile ${llvm.src}
|
||||
export NIX_CFLAGS_COMPILE+=" -I$PWD/include"
|
||||
export cmakeFlags="-DLLVM_PATH=$PWD/$(ls -d llvm-*) -DLIBCXXABI_LIBCXX_INCLUDES=$PWD/$(ls -d libcxx-*)/include"
|
||||
'' + stdenv.lib.optionalString stdenv.isDarwin ''
|
||||
export TRIPLE=x86_64-apple-darwin
|
||||
'';
|
||||
|
||||
installPhase = if stdenv.isDarwin
|
||||
then ''
|
||||
for file in lib/*; do
|
||||
# this should be done in CMake, but having trouble figuring out
|
||||
# the magic combination of necessary CMake variables
|
||||
# if you fancy a try, take a look at
|
||||
# http://www.cmake.org/Wiki/CMake_RPATH_handling
|
||||
install_name_tool -id $out/$file $file
|
||||
done
|
||||
make install
|
||||
install -d 755 $out/include
|
||||
install -m 644 ../include/cxxabi.h $out/include
|
||||
''
|
||||
else ''
|
||||
install -d -m 755 $out/include $out/lib
|
||||
install -m 644 lib/libc++abi.so.1.0 $out/lib
|
||||
install -m 644 ../include/cxxabi.h $out/include
|
||||
ln -s libc++abi.so.1.0 $out/lib/libc++abi.so
|
||||
ln -s libc++abi.so.1.0 $out/lib/libc++abi.so.1
|
||||
'';
|
||||
|
||||
meta = {
|
||||
homepage = http://libcxxabi.llvm.org/;
|
||||
description = "A new implementation of low level support for a standard C++ library";
|
||||
license = "BSD";
|
||||
maintainers = with stdenv.lib.maintainers; [ shlevy vlstill ];
|
||||
platforms = stdenv.lib.platforms.unix;
|
||||
};
|
||||
}
|
44
pkgs/development/compilers/llvm/3.6/lldb.nix
Normal file
44
pkgs/development/compilers/llvm/3.6/lldb.nix
Normal file
@ -0,0 +1,44 @@
|
||||
{ stdenv
|
||||
, fetch
|
||||
, cmake
|
||||
, zlib
|
||||
, ncurses
|
||||
, swig
|
||||
, which
|
||||
, libedit
|
||||
, llvm
|
||||
, clang-unwrapped
|
||||
, python
|
||||
, version
|
||||
}:
|
||||
|
||||
stdenv.mkDerivation {
|
||||
name = "lldb-${version}";
|
||||
|
||||
src = fetch "lldb" "1cphxbc8c0yqs2rxn94vcn8his465m97rnynklpzm8sf5kad26ib";
|
||||
|
||||
patchPhase = ''
|
||||
sed -i 's|/usr/bin/env||' \
|
||||
scripts/Python/finish-swig-Python-LLDB.sh \
|
||||
scripts/Python/build-swig-Python.sh
|
||||
'';
|
||||
|
||||
buildInputs = [ cmake python which swig ncurses zlib libedit ];
|
||||
|
||||
cmakeFlags = [
|
||||
"-DCMAKE_BUILD_TYPE=Release"
|
||||
"-DCMAKE_CXX_FLAGS=-std=c++11"
|
||||
"-DLLDB_PATH_TO_LLVM_BUILD=${llvm}"
|
||||
"-DLLDB_PATH_TO_CLANG_BUILD=${clang-unwrapped}"
|
||||
];
|
||||
|
||||
enableParallelBuilding = true;
|
||||
|
||||
meta = {
|
||||
description = "A next-generation high-performance debugger";
|
||||
homepage = http://llvm.org/;
|
||||
license = stdenv.lib.licenses.bsd3;
|
||||
maintainers = [ stdenv.lib.maintainers.shlevy ];
|
||||
platforms = stdenv.lib.platforms.all;
|
||||
};
|
||||
}
|
73
pkgs/development/compilers/llvm/3.6/llvm.nix
Normal file
73
pkgs/development/compilers/llvm/3.6/llvm.nix
Normal file
@ -0,0 +1,73 @@
|
||||
{ stdenv
|
||||
, fetch
|
||||
, perl
|
||||
, groff
|
||||
, cmake
|
||||
, python
|
||||
, libffi
|
||||
, binutils
|
||||
, libxml2
|
||||
, valgrind
|
||||
, ncurses
|
||||
, version
|
||||
, zlib
|
||||
, compiler-rt_src
|
||||
}:
|
||||
|
||||
let
|
||||
src = fetch "llvm" "1kmr5vlnz1419nnvyc7lsrcfx09n65ravjbmzxrqz7ml07jnk6mk";
|
||||
in stdenv.mkDerivation rec {
|
||||
name = "llvm-${version}";
|
||||
|
||||
unpackPhase = ''
|
||||
unpackFile ${src}
|
||||
mv llvm-${version}.src llvm
|
||||
sourceRoot=$PWD/llvm
|
||||
unpackFile ${compiler-rt_src}
|
||||
mv compiler-rt-* $sourceRoot/projects/compiler-rt
|
||||
'';
|
||||
|
||||
buildInputs = [ perl groff cmake libxml2 python libffi ] ++ stdenv.lib.optional stdenv.isLinux valgrind;
|
||||
|
||||
propagatedBuildInputs = [ ncurses zlib ];
|
||||
|
||||
# hacky fix: created binaries need to be run before installation
|
||||
preBuild = ''
|
||||
mkdir -p $out/
|
||||
ln -sv $PWD/lib $out
|
||||
'';
|
||||
|
||||
cmakeFlags = with stdenv; [
|
||||
"-DCMAKE_BUILD_TYPE=Release"
|
||||
"-DLLVM_BUILD_TESTS=ON"
|
||||
"-DLLVM_ENABLE_FFI=ON"
|
||||
] ++ stdenv.lib.optionals (!isDarwin) [
|
||||
"-DBUILD_SHARED_LIBS=ON"
|
||||
"-DLLVM_BINUTILS_INCDIR=${binutils}/include"
|
||||
] ++ stdenv.lib.optionals ( isDarwin) [
|
||||
"-DCMAKE_CXX_FLAGS=-stdlib=libc++"
|
||||
"-DCAN_TARGET_i386=false"
|
||||
];
|
||||
|
||||
postBuild = ''
|
||||
rm -fR $out
|
||||
|
||||
paxmark m bin/{lli,llvm-rtdyld}
|
||||
|
||||
paxmark m unittests/ExecutionEngine/JIT/JITTests
|
||||
paxmark m unittests/ExecutionEngine/MCJIT/MCJITTests
|
||||
paxmark m unittests/Support/SupportTests
|
||||
'';
|
||||
|
||||
enableParallelBuilding = true;
|
||||
|
||||
passthru.src = src;
|
||||
|
||||
meta = {
|
||||
description = "Collection of modular and reusable compiler and toolchain technologies";
|
||||
homepage = http://llvm.org/;
|
||||
license = stdenv.lib.licenses.bsd3;
|
||||
maintainers = with stdenv.lib.maintainers; [ shlevy lovek323 raskin viric ];
|
||||
platforms = stdenv.lib.platforms.all;
|
||||
};
|
||||
}
|
@ -13,7 +13,7 @@ cross:
|
||||
|
||||
let
|
||||
|
||||
version = "2.20";
|
||||
version = "2.21";
|
||||
|
||||
in
|
||||
|
||||
@ -127,7 +127,8 @@ stdenv.mkDerivation ({
|
||||
# I.e. when gcc is compiled with --with-arch=i686, then the
|
||||
# preprocessor symbol `__i686' will be defined to `1'. This causes
|
||||
# the symbol __i686.get_pc_thunk.dx to be mangled.
|
||||
NIX_CFLAGS_COMPILE = stdenv.lib.optionalString (stdenv.system == "i686-linux") "-U__i686";
|
||||
NIX_CFLAGS_COMPILE = stdenv.lib.optionalString (stdenv.system == "i686-linux") "-U__i686"
|
||||
+ " -Wno-error=strict-prototypes";
|
||||
}
|
||||
|
||||
# Remove the `gccCross' attribute so that the *native* glibc store path
|
||||
@ -150,7 +151,7 @@ stdenv.mkDerivation ({
|
||||
}
|
||||
else fetchurl {
|
||||
url = "mirror://gnu/glibc/glibc-${version}.tar.gz";
|
||||
sha256 = "1g6ysvk15arpi7c1f1fpx5slgfr2k3dqd5xr0yvijajp1m0xxq9p";
|
||||
sha256 = "0f4prv4c0fcpi85wv4028wqxn075197gwxhgf0vp571fiw2pi3wd";
|
||||
};
|
||||
|
||||
# Remove absolute paths from `configure' & co.; build out-of-tree.
|
||||
|
@ -15,13 +15,14 @@ diff -ru glibc-2.16.0-orig/elf/Makefile glibc-2.16.0/elf/Makefile
|
||||
+++ glibc-2.16.0/elf/Makefile 2012-09-18 12:03:30.031955196 -0400
|
||||
@@ -415,12 +415,12 @@
|
||||
|
||||
$(objpfx)pldd: $(pldd-modules:%=$(objpfx)%.o)
|
||||
$(objpfx)ldconfig: $(ldconfig-modules:%=$(objpfx)%.o)
|
||||
|
||||
-SYSCONF-FLAGS := -D'SYSCONFDIR="$(sysconfdir)"'
|
||||
-CFLAGS-ldconfig.c = $(SYSCONF-FLAGS) -D'LIBDIR="$(libdir)"' \
|
||||
+PREFIX-FLAGS := -D'PREFIX="$(prefix)"'
|
||||
+CFLAGS-ldconfig.c = $(PREFIX-FLAGS) -D'LIBDIR="$(libdir)"' \
|
||||
-D'SLIBDIR="$(slibdir)"' -DIS_IN_ldconfig=1
|
||||
-D'SLIBDIR="$(slibdir)"'
|
||||
libof-ldconfig = ldconfig
|
||||
-CFLAGS-dl-cache.c = $(SYSCONF-FLAGS)
|
||||
-CFLAGS-cache.c = $(SYSCONF-FLAGS)
|
||||
-CFLAGS-rtld.c = $(SYSCONF-FLAGS)
|
||||
@ -29,8 +30,8 @@ diff -ru glibc-2.16.0-orig/elf/Makefile glibc-2.16.0/elf/Makefile
|
||||
+CFLAGS-cache.c = $(PREFIX-FLAGS)
|
||||
+CFLAGS-rtld.c = $(PREFIX-FLAGS)
|
||||
|
||||
CPPFLAGS-.os += $(if $(filter $(@F),$(patsubst %,%.os,$(all-rtld-routines))),\
|
||||
-DNOT_IN_libc=1 -DIS_IN_rtld=1 -DIN_LIB=rtld)
|
||||
cpp-srcs-left := $(all-rtld-routines:=.os)
|
||||
lib := rtld
|
||||
diff -ru glibc-2.16.0-orig/sysdeps/generic/dl-cache.h glibc-2.16.0/sysdeps/generic/dl-cache.h
|
||||
--- glibc-2.16.0-orig/sysdeps/generic/dl-cache.h 2012-06-30 15:12:34.000000000 -0400
|
||||
+++ glibc-2.16.0/sysdeps/generic/dl-cache.h 2012-09-18 11:59:27.465284809 -0400
|
||||
|
@ -8,11 +8,11 @@ assert xineramaSupport -> xlibs.libXinerama != null;
|
||||
assert cupsSupport -> cups != null;
|
||||
|
||||
stdenv.mkDerivation rec {
|
||||
name = "gtk+-2.24.26";
|
||||
name = "gtk+-2.24.27";
|
||||
|
||||
src = fetchurl {
|
||||
url = "mirror://gnome/sources/gtk+/2.24/${name}.tar.xz";
|
||||
sha256 = "d84fc0f1e3cd99e8b9ec756e754f42653940638579a8f28d0eabffc37018d133";
|
||||
sha256 = "1x14rnjvqslpa1q19fp1qalz5sxds72amsgjk8m7769rwk511jr0";
|
||||
};
|
||||
|
||||
enableParallelBuilding = true;
|
||||
|
@ -9,7 +9,7 @@ stdenv.mkDerivation {
|
||||
};
|
||||
|
||||
# For the x86_64 GNU/Linux arch to be recognized by 'configure'
|
||||
preConfigure = "cp ${libtool}/share/libtool/config/config.sub .";
|
||||
preConfigure = "cp ${libtool}/share/libtool/build-aux/config.sub .";
|
||||
|
||||
meta = {
|
||||
description = "Library for rasterizing 2-D vector graphics";
|
||||
|
@ -2,10 +2,10 @@
|
||||
ftgl, freetype}:
|
||||
|
||||
stdenv.mkDerivation rec {
|
||||
name = "opencascade-6.5.4";
|
||||
name = "opencascade-6.5.5";
|
||||
src = fetchurl {
|
||||
url = http://files.opencascade.com/OCCT/OCC_6.5.4_release/OpenCASCADE654.tar.gz;
|
||||
sha256 = "1di08mc0wly4cdi3rh9kj52bk0bfpyk6dy03c9yfnv04i7z03kmy";
|
||||
url = http://files.opencascade.com/OCCT/OCC_6.5.5_release/OpenCASCADE655.tgz;
|
||||
sha256 = "1dnik00adfh6dxvn9kgf35yjda8chbi05f71i9119idmmrcapipm";
|
||||
};
|
||||
|
||||
buildInputs = [ mesa tcl tk file libXmu automake autoconf libtool qt4 ftgl freetype ];
|
||||
@ -20,7 +20,9 @@ stdenv.mkDerivation rec {
|
||||
|
||||
# -fpermissive helps building opencascade, although gcc detects a flaw in the code
|
||||
# and reports an error otherwise. Further versions may fix that.
|
||||
NIX_CFLAGS_COMPILE = "-fpermissive";
|
||||
NIX_CFLAGS_COMPILE = "-fpermissive"
|
||||
# https://bugs.freedesktop.org/show_bug.cgi?id=83631
|
||||
+ " -DGLX_GLXEXT_LEGACY";
|
||||
|
||||
configureFlags = [ "--with-tcl=${tcl}/lib" "--with-tk=${tk}/lib" "--with-qt=${qt4}" "--with-ftgl=${ftgl}" "--with-freetype=${freetype}" ];
|
||||
|
||||
|
@ -14,6 +14,9 @@ stdenv.mkDerivation rec {
|
||||
cmakeFlags="$cmakeFlags -DINSTALL_DIR=$out -D3RDPARTY_TCL_DIR=${tcl} -D3RDPARTY_FREETYPE_DIR=${freetype}"
|
||||
'';
|
||||
|
||||
# https://bugs.freedesktop.org/show_bug.cgi?id=83631
|
||||
NIX_CFLAGS_COMPILE = "-DGLX_GLXEXT_LEGACY";
|
||||
|
||||
postInstall = ''
|
||||
mv $out/inc $out/include
|
||||
mkdir -p $out/share/doc/${name}
|
||||
|
@ -14,6 +14,9 @@ stdenv.mkDerivation rec {
|
||||
cmakeFlags="$cmakeFlags -DOCE_INSTALL_PREFIX=$out"
|
||||
'';
|
||||
|
||||
# https://bugs.freedesktop.org/show_bug.cgi?id=83631
|
||||
NIX_CFLAGS_COMPILE = "-DGLX_GLXEXT_LEGACY";
|
||||
|
||||
enableParallelBuilding = true;
|
||||
|
||||
meta = {
|
||||
|
@ -18,7 +18,7 @@ let
|
||||
# hardcoding something like /etc/ssl/cert.pem is impure and
|
||||
# cannot be overriden per-process. For security, the
|
||||
# environment variable is ignored for setuid binaries.
|
||||
./cert-file.patch
|
||||
./cert-file-1.0.1j.patch
|
||||
# Remove the compilation time from the library
|
||||
./no-date-in-library.patch
|
||||
]
|
||||
|
41
pkgs/development/libraries/openssl/cert-file-1.0.1j.patch
Normal file
41
pkgs/development/libraries/openssl/cert-file-1.0.1j.patch
Normal file
@ -0,0 +1,41 @@
|
||||
diff -ru -x '*~' openssl-1.0.0e-orig/crypto/x509/x509_def.c openssl-1.0.0e/crypto/x509/x509_def.c
|
||||
--- openssl-1.0.0e-orig/crypto/x509/x509_def.c 1999-09-11 19:54:11.000000000 +0200
|
||||
+++ openssl-1.0.0e/crypto/x509/x509_def.c 2011-09-12 18:30:59.386501609 +0200
|
||||
@@ -57,6 +57,10 @@
|
||||
*/
|
||||
|
||||
#include <stdio.h>
|
||||
+#include <stdlib.h>
|
||||
+#include <limits.h>
|
||||
+#include <unistd.h>
|
||||
+#include <sys/types.h>
|
||||
#include "cryptlib.h"
|
||||
#include <openssl/crypto.h>
|
||||
#include <openssl/x509.h>
|
||||
@@ -71,7 +75,25 @@
|
||||
{ return(X509_CERT_DIR); }
|
||||
|
||||
const char *X509_get_default_cert_file(void)
|
||||
- { return(X509_CERT_FILE); }
|
||||
+ {
|
||||
+ static char buf[PATH_MAX] = X509_CERT_FILE;
|
||||
+ static int init = 0;
|
||||
+ if (!init) {
|
||||
+ init = 1;
|
||||
+ char * s = getenv("OPENSSL_X509_CERT_FILE");
|
||||
+ if (s) {
|
||||
+#ifndef OPENSSL_SYS_WINDOWS
|
||||
+ if (getuid() == geteuid()) {
|
||||
+#endif
|
||||
+ strncpy(buf, s, sizeof(buf));
|
||||
+ buf[sizeof(buf) - 1] = 0;
|
||||
+#ifndef OPENSSL_SYS_WINDOWS
|
||||
+ }
|
||||
+#endif
|
||||
+ }
|
||||
+ }
|
||||
+ return buf;
|
||||
+ }
|
||||
|
||||
const char *X509_get_default_cert_dir_env(void)
|
||||
{ return(X509_CERT_DIR_EVP); }
|
@ -1,6 +1,6 @@
|
||||
diff -ru -x '*~' openssl-1.0.0e-orig/crypto/x509/x509_def.c openssl-1.0.0e/crypto/x509/x509_def.c
|
||||
--- openssl-1.0.0e-orig/crypto/x509/x509_def.c 1999-09-11 19:54:11.000000000 +0200
|
||||
+++ openssl-1.0.0e/crypto/x509/x509_def.c 2011-09-12 18:30:59.386501609 +0200
|
||||
diff -ru openssl-1.0.1m-orig/crypto/x509/x509_def.c openssl-1.0.1m/crypto/x509/x509_def.c
|
||||
--- openssl-1.0.1m-orig/crypto/x509/x509_def.c 2015-03-19 14:19:00.000000000 +0100
|
||||
+++ openssl-1.0.1m/crypto/x509/x509_def.c 2015-03-19 15:50:44.676683616 +0100
|
||||
@@ -57,6 +57,10 @@
|
||||
*/
|
||||
|
||||
@ -12,30 +12,28 @@ diff -ru -x '*~' openssl-1.0.0e-orig/crypto/x509/x509_def.c openssl-1.0.0e/crypt
|
||||
#include "cryptlib.h"
|
||||
#include <openssl/crypto.h>
|
||||
#include <openssl/x509.h>
|
||||
@@ -71,7 +75,25 @@
|
||||
{ return(X509_CERT_DIR); }
|
||||
@@ -78,7 +82,23 @@
|
||||
|
||||
const char *X509_get_default_cert_file(void)
|
||||
- { return(X509_CERT_FILE); }
|
||||
+ {
|
||||
+ static char buf[PATH_MAX] = X509_CERT_FILE;
|
||||
+ static int init = 0;
|
||||
+ if (!init) {
|
||||
+ init = 1;
|
||||
+ char * s = getenv("OPENSSL_X509_CERT_FILE");
|
||||
+ if (s) {
|
||||
{
|
||||
- return (X509_CERT_FILE);
|
||||
+ static char buf[PATH_MAX] = X509_CERT_FILE;
|
||||
+ static int init = 0;
|
||||
+ if (!init) {
|
||||
+ init = 1;
|
||||
+ char * s = getenv("OPENSSL_X509_CERT_FILE");
|
||||
+ if (s) {
|
||||
+#ifndef OPENSSL_SYS_WINDOWS
|
||||
+ if (getuid() == geteuid()) {
|
||||
+ if (getuid() == geteuid()) {
|
||||
+#endif
|
||||
+ strncpy(buf, s, sizeof(buf));
|
||||
+ buf[sizeof(buf) - 1] = 0;
|
||||
+ strncpy(buf, s, sizeof(buf));
|
||||
+ buf[sizeof(buf) - 1] = 0;
|
||||
+#ifndef OPENSSL_SYS_WINDOWS
|
||||
+ }
|
||||
+ }
|
||||
+#endif
|
||||
+ }
|
||||
+ }
|
||||
+ return buf;
|
||||
+ }
|
||||
+ }
|
||||
+ }
|
||||
+ return buf;
|
||||
}
|
||||
|
||||
const char *X509_get_default_cert_dir_env(void)
|
||||
{ return(X509_CERT_DIR_EVP); }
|
||||
|
@ -2,7 +2,7 @@
|
||||
, withCryptodev ? false, cryptodevHeaders }:
|
||||
|
||||
let
|
||||
name = "openssl-1.0.1l";
|
||||
name = "openssl-1.0.1m";
|
||||
|
||||
opensslCrossSystem = stdenv.lib.attrByPath [ "openssl" "system" ]
|
||||
(throw "openssl needs its platform name cross building" null)
|
||||
@ -18,6 +18,8 @@ let
|
||||
# hardcoding something like /etc/ssl/cert.pem is impure and
|
||||
# cannot be overriden per-process. For security, the
|
||||
# environment variable is ignored for setuid binaries.
|
||||
# FIXME: drop this patch; it really isn't necessary, because
|
||||
# OpenSSL already supports a ‘SSL_CERT_FILE’ variable.
|
||||
./cert-file.patch
|
||||
]
|
||||
|
||||
@ -43,7 +45,7 @@ stdenv.mkDerivation {
|
||||
"http://www.openssl.org/source/${name}.tar.gz"
|
||||
"http://openssl.linux-mirror.org/source/${name}.tar.gz"
|
||||
];
|
||||
sha256 = "1m6i80y9c9g7h4303bqbxnsk5wm6jd0n57hwqr0g4jaxzr44vkxj";
|
||||
sha256 = "0x7gvyybmqm4lv62mlhlm80f1rn7il2qh8224rahqv0i15xhnpq9";
|
||||
};
|
||||
|
||||
patches = patchesCross false;
|
||||
|
@ -1,4 +1,4 @@
|
||||
{ stdenv, fetchurl, cmake, mesa, libX11, xproto, libXt
|
||||
{ stdenv, fetchurl, fetchpatch, cmake, mesa, libX11, xproto, libXt
|
||||
, qtLib ? null }:
|
||||
|
||||
with stdenv.lib;
|
||||
@ -17,6 +17,9 @@ stdenv.mkDerivation rec {
|
||||
sha256 = "1fxxgsa7967gdphkl07lbfr6dcbq9a72z5kynlklxn7hyp0l18pi";
|
||||
};
|
||||
|
||||
# https://bugzilla.redhat.com/show_bug.cgi?id=1138466
|
||||
postPatch = "sed '/^#define GL_GLEXT_LEGACY/d' -i ./Rendering/vtkOpenGL.h";
|
||||
|
||||
buildInputs = [ cmake mesa libX11 xproto libXt ]
|
||||
++ optional (qtLib != null) qtLib;
|
||||
|
||||
|
@ -1,4 +1,4 @@
|
||||
{ stdenv, fetchurl, perl, gdb }:
|
||||
{ stdenv, fetchurl, fetchpatch, perl, gdb }:
|
||||
|
||||
stdenv.mkDerivation rec {
|
||||
name = "valgrind-3.10.1";
|
||||
@ -8,6 +8,13 @@ stdenv.mkDerivation rec {
|
||||
sha256 = "15xrzhfnwwn7n1sfbkwvdbvs6zk0zx718n6zd5i1nrnvdp13s9gs";
|
||||
};
|
||||
|
||||
patches = [(fetchpatch {
|
||||
name = "glibc-2.21.patch";
|
||||
url = "https://projects.archlinux.org/svntogit/packages.git/plain/trunk"
|
||||
+ "/valgrind-3.9.0-glibc-2.21.patch?h=packages/valgrind&id=41e87313b69";
|
||||
sha256 = "14sgsvjjalbcqpcayyv5cndc9hfm5bigkp684b6cr6virksmlk19";
|
||||
})];
|
||||
|
||||
# Perl is needed for `cg_annotate'.
|
||||
# GDB is needed to provide a sane default for `--db-command'.
|
||||
nativeBuildInputs = [ perl ];
|
||||
|
@ -1,6 +1,5 @@
|
||||
{ stdenv, fetchurl, autoconf, automake, cairo, docbook_xsl, gtk
|
||||
, libdrm, libpng , libtool, libxslt, makeWrapper, pango, pkgconfig
|
||||
, udev
|
||||
{ stdenv, fetchurl, autoreconfHook, cairo, docbook_xsl, gtk
|
||||
, libdrm, libpng, libxslt, makeWrapper, pango, pkgconfig, udev
|
||||
}:
|
||||
|
||||
stdenv.mkDerivation rec {
|
||||
@ -13,7 +12,7 @@ stdenv.mkDerivation rec {
|
||||
};
|
||||
|
||||
buildInputs = [
|
||||
autoconf automake cairo docbook_xsl gtk libdrm libpng libtool
|
||||
autoreconfHook cairo docbook_xsl gtk libdrm libpng
|
||||
libxslt makeWrapper pango pkgconfig udev
|
||||
];
|
||||
|
||||
@ -22,23 +21,23 @@ stdenv.mkDerivation rec {
|
||||
-i configure.ac
|
||||
'';
|
||||
|
||||
configurePhase = ''
|
||||
./configure \
|
||||
--prefix=$out \
|
||||
-bindir=$out/bin \
|
||||
-sbindir=$out/sbin \
|
||||
--exec-prefix=$out \
|
||||
--libdir=$out/lib \
|
||||
--libexecdir=$out/lib \
|
||||
--sysconfdir=$out/etc \
|
||||
--localstatedir=/var \
|
||||
--with-log-viewer \
|
||||
--without-system-root-install \
|
||||
--without-rhgb-compat-link \
|
||||
--enable-tracing \
|
||||
--enable-systemd-integration \
|
||||
--enable-pango \
|
||||
--enable-gtk
|
||||
postPatch = ''
|
||||
configureFlags="
|
||||
--prefix=$out
|
||||
--bindir=$out/bin
|
||||
--sbindir=$out/sbin
|
||||
--exec-prefix=$out
|
||||
--libdir=$out/lib
|
||||
--libexecdir=$out/lib
|
||||
--sysconfdir=$out/etc
|
||||
--localstatedir=/var
|
||||
--with-log-viewer
|
||||
--without-system-root-install
|
||||
--without-rhgb-compat-link
|
||||
--enable-tracing
|
||||
--enable-systemd-integration
|
||||
--enable-pango
|
||||
--enable-gtk"
|
||||
'';
|
||||
|
||||
meta = with stdenv.lib; {
|
||||
|
@ -1,15 +1,14 @@
|
||||
{ stdenv, fetchurl, zlib, ncurses ? null, perl ? null, pam }:
|
||||
|
||||
stdenv.mkDerivation rec {
|
||||
name = "util-linux-2.25.2";
|
||||
name = "util-linux-2.26";
|
||||
|
||||
src = fetchurl {
|
||||
url = "mirror://kernel/linux/utils/util-linux/v2.25/${name}.tar.xz";
|
||||
sha256 = "e0457f715b73f4a349e1acb08cb410bf0edc9a74a3f75c357070f31f70e33cd6";
|
||||
url = "mirror://kernel/linux/utils/util-linux/v2.26/${name}.tar.xz";
|
||||
sha256 = "a23c6f39dea0ed215ccd589509ffc7bb6f706f6e1a04760f493fb0fd7e93c489";
|
||||
};
|
||||
|
||||
patches = [ ./rtcwake-search-PATH-for-shutdown.patch
|
||||
./unshare-fix-map-root-user.patch
|
||||
];
|
||||
|
||||
#FIXME: make it also work on non-nixos?
|
||||
|
@ -1,66 +0,0 @@
|
||||
In rare cases droping groups with setgroups(0, NULL) is an operation
|
||||
that can grant a user additional privileges. User namespaces were
|
||||
allwoing that operation to unprivileged users and that had to be
|
||||
fixed.
|
||||
|
||||
Update unshare --map-root-user to disable the setgroups operation
|
||||
before setting the gid_map.
|
||||
|
||||
This is needed as after the security fix gid_map is restricted to
|
||||
privileged users unless setgroups has been disabled.
|
||||
|
||||
Signed-off-by: "Eric W. Biederman" <ebiederm@xxxxxxxxxxxx>
|
||||
---
|
||||
include/pathnames.h | 1 +
|
||||
sys-utils/unshare.c | 19 +++++++++++++++++++
|
||||
2 files changed, 20 insertions(+)
|
||||
|
||||
diff --git a/include/pathnames.h b/include/pathnames.h
|
||||
index 1cc4e15e6e4f..1c53e4554268 100644
|
||||
--- a/include/pathnames.h
|
||||
+++ b/include/pathnames.h
|
||||
@@ -92,6 +92,7 @@
|
||||
|
||||
#define _PATH_PROC_UIDMAP "/proc/self/uid_map"
|
||||
#define _PATH_PROC_GIDMAP "/proc/self/gid_map"
|
||||
+#define _PATH_PROC_SETGROUPS "/proc/self/setgroups"
|
||||
|
||||
#define _PATH_PROC_ATTR_CURRENT "/proc/self/attr/current"
|
||||
#define _PATH_PROC_ATTR_EXEC "/proc/self/attr/exec"
|
||||
diff --git a/sys-utils/unshare.c b/sys-utils/unshare.c
|
||||
index 95e4afbd055e..d409a7c936b6 100644
|
||||
--- a/sys-utils/unshare.c
|
||||
+++ b/sys-utils/unshare.c
|
||||
@@ -39,6 +39,24 @@
|
||||
#include "pathnames.h"
|
||||
#include "all-io.h"
|
||||
|
||||
+static void disable_setgroups(void)
|
||||
+{
|
||||
+ const char *file = _PATH_PROC_SETGROUPS;
|
||||
+ const char *deny = "deny";
|
||||
+ int fd;
|
||||
+
|
||||
+ fd = open(file, O_WRONLY);
|
||||
+ if (fd < 0) {
|
||||
+ if (errno == ENOENT)
|
||||
+ return;
|
||||
+ err(EXIT_FAILURE, _("cannot open %s"), file);
|
||||
+ }
|
||||
+
|
||||
+ if (write_all(fd, deny, strlen(deny)))
|
||||
+ err(EXIT_FAILURE, _("write failed %s"), file);
|
||||
+ close(fd);
|
||||
+}
|
||||
+
|
||||
static void map_id(const char *file, uint32_t from, uint32_t to)
|
||||
{
|
||||
char *buf;
|
||||
@@ -178,6 +196,7 @@ int main(int argc, char *argv[])
|
||||
}
|
||||
|
||||
if (maproot) {
|
||||
+ disable_setgroups();
|
||||
map_id(_PATH_PROC_UIDMAP, 0, real_euid);
|
||||
map_id(_PATH_PROC_GIDMAP, 0, real_egid);
|
||||
}
|
24
pkgs/tools/graphics/graphviz/cve-2014-9157.patch
Normal file
24
pkgs/tools/graphics/graphviz/cve-2014-9157.patch
Normal file
@ -0,0 +1,24 @@
|
||||
From https://lists.debian.org/debian-qa-packages/2014/12/msg00048.html , which
|
||||
seems to come from Ubuntu.
|
||||
|
||||
Subject: Fix format string vulnerability (CVE-2014-9157) in yyerror() routine
|
||||
Origin: https://github.com/ellson/graphviz/commit/99eda421f7ddc27b14e4ac1d2126e5fe41719081
|
||||
Author: Emden R. Gansner
|
||||
|
||||
---
|
||||
lib/cgraph/scan.l | 2 +-
|
||||
1 file changed, 1 insertion(+), 1 deletion(-)
|
||||
|
||||
Index: b/lib/cgraph/scan.l
|
||||
===================================================================
|
||||
--- a/lib/cgraph/scan.l
|
||||
+++ b/lib/cgraph/scan.l
|
||||
@@ -225,7 +225,7 @@
|
||||
agxbput (&xb, buf);
|
||||
agxbput (&xb, yytext);
|
||||
agxbput (&xb,"'\n");
|
||||
- agerr(AGERR,agxbuse(&xb));
|
||||
+ agerr(AGERR, "%s", agxbuse(&xb));
|
||||
agxbfree(&xb);
|
||||
}
|
||||
/* must be here to see flex's macro defns */
|
@ -1,5 +1,6 @@
|
||||
{ stdenv, fetchurl, pkgconfig, libpng, libjpeg, expat, libXaw
|
||||
, yacc, libtool, fontconfig, pango, gd, xlibs, gts, libdevil, gettext, cairo
|
||||
, flex
|
||||
}:
|
||||
|
||||
stdenv.mkDerivation rec {
|
||||
@ -11,10 +12,16 @@ stdenv.mkDerivation rec {
|
||||
sha256 = "17l5czpvv5ilmg17frg0w4qwf89jzh2aglm9fgx0l0aakn6j7al1";
|
||||
};
|
||||
|
||||
patches = [ ./0001-vimdot-lookup-vim-in-PATH.patch ];
|
||||
patches =
|
||||
[ ./0001-vimdot-lookup-vim-in-PATH.patch
|
||||
|
||||
# NOTE: Once this patch is removed, flex can probably be removed from
|
||||
# buildInputs.
|
||||
./cve-2014-9157.patch
|
||||
];
|
||||
|
||||
buildInputs =
|
||||
[ pkgconfig libpng libjpeg expat yacc libtool fontconfig gd gts libdevil
|
||||
[ pkgconfig libpng libjpeg expat yacc libtool fontconfig gd gts libdevil flex
|
||||
] ++ stdenv.lib.optionals (xlibs != null) [ xlibs.xlibs xlibs.libXrender pango libXaw ]
|
||||
++ stdenv.lib.optional (stdenv.system == "x86_64-darwin") gettext;
|
||||
|
||||
|
@ -18,6 +18,11 @@ let
|
||||
sha256 = "0bdq6yggyl7nkc2pbl6pxhhyx15nyqhz3ds6rfn448n6rxdwlhzc";
|
||||
};
|
||||
|
||||
# The test tends to fail on btrfs and maybe other unusual filesystems.
|
||||
postPatch = ''
|
||||
sed '2i echo Skipping dd sparse test && exit 0' -i ./tests/dd/sparse.sh
|
||||
'';
|
||||
|
||||
nativeBuildInputs = [ perl ];
|
||||
buildInputs = [ gmp ]
|
||||
++ optional aclSupport acl
|
||||
|
@ -12,11 +12,11 @@ assert scpSupport -> libssh2 != null;
|
||||
assert c-aresSupport -> c-ares != null;
|
||||
|
||||
stdenv.mkDerivation rec {
|
||||
name = "curl-7.40.0";
|
||||
name = "curl-7.41.0";
|
||||
|
||||
src = fetchurl {
|
||||
url = "http://curl.haxx.se/download/${name}.tar.bz2";
|
||||
sha256 = "1fizi07p0h76zaa3wxh4d9vr4hln97sgfpcr5y56pyh077mhk4c9";
|
||||
sha256 = "1slbbxp2k8m34mdzrl5qhafr5zhhcv7fgjhs2mcxjmswvimm92wz";
|
||||
};
|
||||
|
||||
# Zlib and OpenSSL must be propagated because `libcurl.la' contains
|
||||
|
@ -1520,6 +1520,7 @@ let
|
||||
|
||||
grub = callPackage_i686 ../tools/misc/grub {
|
||||
buggyBiosCDSupport = config.grub.buggyBiosCDSupport or true;
|
||||
automake = automake112x; # fails with 13 and 14
|
||||
};
|
||||
|
||||
trustedGrub = callPackage_i686 ../tools/misc/grub/trusted.nix {
|
||||
@ -2275,7 +2276,9 @@ let
|
||||
|
||||
panomatic = callPackage ../tools/graphics/panomatic { };
|
||||
|
||||
par2cmdline = callPackage ../tools/networking/par2cmdline { };
|
||||
par2cmdline = callPackage ../tools/networking/par2cmdline {
|
||||
automake = automake112x; # fails with 14
|
||||
};
|
||||
|
||||
parallel = callPackage ../tools/misc/parallel { };
|
||||
|
||||
@ -2398,7 +2401,9 @@ let
|
||||
|
||||
ponysay = callPackage ../tools/misc/ponysay { };
|
||||
|
||||
povray = callPackage ../tools/graphics/povray { };
|
||||
povray = callPackage ../tools/graphics/povray {
|
||||
automake = automake113x; # fails with 14
|
||||
};
|
||||
|
||||
ppl = callPackage ../development/libraries/ppl { };
|
||||
|
||||
@ -3269,8 +3274,9 @@ let
|
||||
|
||||
ccl = callPackage ../development/compilers/ccl { };
|
||||
|
||||
clang = wrapCC llvmPackages.clang;
|
||||
clang = llvmPackages.clang;
|
||||
|
||||
clang_36 = llvmPackages.clang;
|
||||
clang_35 = wrapCC llvmPackages_35.clang;
|
||||
clang_34 = wrapCC llvmPackages_34.clang;
|
||||
clang_33 = wrapCC (clangUnwrapped llvm_33 ../development/compilers/llvm/3.3/clang.nix);
|
||||
@ -3298,8 +3304,8 @@ let
|
||||
};
|
||||
|
||||
#Use this instead of stdenv to build with clang
|
||||
clangStdenv = if stdenv.isDarwin then stdenv else lowPrio (stdenvAdapters.overrideCC stdenv clang);
|
||||
libcxxStdenv = stdenvAdapters.overrideCC stdenv (clangWrapSelf llvmPackages.clang);
|
||||
clangStdenv = if stdenv.isDarwin then stdenv else lowPrio llvmPackages.stdenv;
|
||||
libcxxStdenv = stdenvAdapters.overrideCC stdenv (clangWrapSelf llvmPackages.clang-unwrapped);
|
||||
|
||||
clean = callPackage ../development/compilers/clean { };
|
||||
|
||||
@ -3808,13 +3814,14 @@ let
|
||||
|
||||
llvm = llvmPackages.llvm;
|
||||
|
||||
llvm_36 = llvmPackages_36.llvm;
|
||||
llvm_35 = llvmPackages_35.llvm;
|
||||
llvm_34 = llvmPackages_34.llvm;
|
||||
llvm_33 = llvm_v ../development/compilers/llvm/3.3/llvm.nix;
|
||||
|
||||
llvm_v = path: callPackage path { };
|
||||
|
||||
llvmPackages = llvmPackages_35;
|
||||
llvmPackages = llvmPackages_36;
|
||||
|
||||
llvmPackages_34 = recurseIntoAttrs (import ../development/compilers/llvm/3.4 {
|
||||
inherit stdenv newScope fetchurl;
|
||||
@ -3826,6 +3833,11 @@ let
|
||||
inherit pkgs stdenv newScope fetchurl isl;
|
||||
};
|
||||
|
||||
llvmPackages_36 = import ../development/compilers/llvm/3.6 {
|
||||
inherit pkgs stdenv newScope fetchurl isl wrapCC;
|
||||
inherit (stdenvAdapters) overrideCC;
|
||||
};
|
||||
|
||||
manticore = callPackage ../development/compilers/manticore { };
|
||||
|
||||
mentorToolchains = recurseIntoAttrs (
|
||||
@ -4920,8 +4932,8 @@ let
|
||||
|
||||
csslint = callPackage ../development/web/csslint { };
|
||||
|
||||
libcxx = llvmPackages_35.libcxx;
|
||||
libcxxabi = llvmPackages_35.libcxxabi;
|
||||
libcxx = llvmPackages.libcxx;
|
||||
libcxxabi = llvmPackages.libcxxabi;
|
||||
|
||||
libsigrok = callPackage ../development/tools/libsigrok { };
|
||||
|
||||
@ -5018,7 +5030,7 @@ let
|
||||
gnumake382 = callPackage ../development/tools/build-managers/gnumake/3.82 { };
|
||||
gnumake40 = callPackage ../development/tools/build-managers/gnumake/4.0 { };
|
||||
gnumake41 = callPackage ../development/tools/build-managers/gnumake/4.1 { };
|
||||
gnumake = gnumake382;
|
||||
gnumake = gnumake41;
|
||||
|
||||
gob2 = callPackage ../development/tools/misc/gob2 { };
|
||||
|
||||
@ -5548,7 +5560,7 @@ let
|
||||
|
||||
dssi = callPackage ../development/libraries/dssi {};
|
||||
|
||||
dragonegg = llvmPackages.dragonegg;
|
||||
dragonegg = llvmPackages_35.dragonegg;
|
||||
|
||||
dxflib = callPackage ../development/libraries/dxflib {};
|
||||
|
||||
@ -6130,7 +6142,9 @@ let
|
||||
|
||||
libassuan = callPackage ../development/libraries/libassuan { };
|
||||
|
||||
libassuan2_1 = callPackage ../development/libraries/libassuan/git.nix { };
|
||||
libassuan2_1 = callPackage ../development/libraries/libassuan/git.nix {
|
||||
automake = automake112x; # fails with 13 and 14
|
||||
};
|
||||
|
||||
libatomic_ops = callPackage ../development/libraries/libatomic_ops {};
|
||||
|
||||
@ -6727,7 +6741,9 @@ let
|
||||
|
||||
libunwindNative = callPackage ../development/libraries/libunwind/native.nix {};
|
||||
|
||||
libuvVersions = recurseIntoAttrs (callPackage ../development/libraries/libuv { });
|
||||
libuvVersions = recurseIntoAttrs (callPackage ../development/libraries/libuv {
|
||||
automake = automake113x; # fails with 14
|
||||
});
|
||||
|
||||
libv4l = lowPrio (v4l_utils.override {
|
||||
withQt4 = false;
|
||||
@ -9245,9 +9261,7 @@ let
|
||||
|
||||
perf-tools = callPackage ../os-specific/linux/perf-tools { };
|
||||
|
||||
plymouth = callPackage ../os-specific/linux/plymouth {
|
||||
automake = automake113x;
|
||||
};
|
||||
plymouth = callPackage ../os-specific/linux/plymouth { };
|
||||
|
||||
pmount = callPackage ../os-specific/linux/pmount { };
|
||||
|
||||
|
Loading…
Reference in New Issue
Block a user