b12f/nixpkgs
1
0
Fork 0
Code Issues Pull requests Packages Projects Releases Wiki Activity

Merge #241951: staging-next 2023-07-06

Browse source
This commit is contained in:
Vladimír Čunát 2023-07-15 19:51:30 +02:00
parent 297f9c65ab 4e5bdca687
commit 3368e885d8
No known key found for this signature in database
GPG key ID: E747DF1F9575A3AA
125 changed files with 2509 additions and 1203 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

11
nixos/modules/config/no-x-libs.nix
View file

@ -26,7 +26,12 @@ with lib;
fonts.fontconfig.enable = false;
nixpkgs.overlays = singleton (const (super: {
nixpkgs.overlays = singleton (self: super: let
packageOverrides = const (python-prev: {
# tk feature requires wayland which fails to compile
matplotlib = python-prev.matplotlib.override { enableGtk3 = false; enableTk = false; enableQt = false; };
});
in {
beam = super.beam_nox;
cairo = super.cairo.override { x11Support = false; };
dbus = super.dbus.override { x11Support = false; };
@ -62,6 +67,8 @@ with lib;
pango = super.pango.override { x11Support = false; };
pinentry = super.pinentry.override { enabledFlavors = [ "curses" "tty" "emacs" ]; withLibsecret = false; };
pipewire = super.pipewire.override { x11Support = false; };
python3 = super.python3.override { inherit packageOverrides; };
python3Packages = self.python3.pkgs; # required otherwise overlays from above are not forwarded
qemu = super.qemu.override { gtkSupport = false; spiceSupport = false; sdlSupport = false; };
qrencode = super.qrencode.overrideAttrs (_: { doCheck = false; });
qt5 = super.qt5.overrideScope (const (super': {
@ -72,6 +79,6 @@ with lib;
util-linux = super.util-linux.override { translateManpages = false; };
vim-full = super.vim-full.override { guiSupport = false; };
zbar = super.zbar.override { enableVideo = false; withXorg = false; };
}));
});
};
}

3
pkgs/applications/audio/alsa-scarlett-gui/default.nix
View file

@ -25,6 +25,9 @@ stdenv.mkDerivation rec {
nativeBuildInputs = [ pkg-config wrapGAppsHook4 ];
buildInputs = [ gtk4 alsa-lib ];
# causes redefinition of _FORTIFY_SOURCE
hardeningDisable = [ "fortify3" ];
meta = with lib; {
description = "GUI for alsa controls presented by Focusrite Scarlett Gen 2/3 Mixer Driver";
homepage = "https://github.com/geoffreybennett/alsa-scarlett-gui";

4
pkgs/applications/audio/flac/default.nix
View file

@ -10,12 +10,12 @@
stdenv.mkDerivation rec {
pname = "flac";
version = "1.4.2";
version = "1.4.3";
src = fetchurl {
url = "http://downloads.xiph.org/releases/flac/${pname}-${version}.tar.xz";
# Official checksum is published at https://github.com/xiph/flac/releases/tag/${version}
sha256 = "sha256-4yLVih9I0j2d049DJnKGX2955zpvnMWl9X/KqD61qOQ=";
hash = "sha256-bFjmnNIjSPRBuGEJK4JeWR0Lgi4QbebrDuTQXScgW3A=";
};
nativeBuildInputs = [

8
pkgs/applications/audio/mympd/default.nix
View file

@ -51,8 +51,12 @@ stdenv.mkDerivation rec {
# similarly here
"-DCMAKE_INSTALL_LOCALSTATEDIR=/var/lib/mympd"
];
# See https://github.com/jcorporation/myMPD/issues/315
hardeningDisable = [ "strictoverflow" ];
hardeningDisable = [
# See https://github.com/jcorporation/myMPD/issues/315
"strictoverflow"
# causes redefinition of _FORTIFY_SOURCE
"fortify3"
];
meta = {
homepage = "https://jcorporation.github.io/myMPD";

4
pkgs/applications/editors/vim/common.nix
View file

@ -1,12 +1,12 @@
{ lib, fetchFromGitHub }:
rec {
version = "9.0.1562";
version = "9.0.1642";
src = fetchFromGitHub {
owner = "vim";
repo = "vim";
rev = "v${version}";
hash = "sha256-+QKh3CxSjwcJ+Rj9RHYHRKSZixkfA1ZCAPDIyV/Npt8=";
hash = "sha256-WWj8lZZtnGrv3pxu77otBKixS3ciLcznCyPk/iGryg4=";
};
enableParallelBuilding = true;

4
pkgs/applications/emulators/retroarch/cores.nix
View file

@ -722,6 +722,10 @@ in
# remove ccache
substituteInPlace CMakeLists.txt --replace "ccache" ""
'';
# causes redefinition of _FORTIFY_SOURCE
hardeningDisable = [ "fortify3" ];
postBuild = "cd /build/source/build/pcsx2";
meta = {
description = "Port of PCSX2 to libretro";

3
pkgs/applications/graphics/foxotron/default.nix
View file

@ -51,6 +51,9 @@ stdenv.mkDerivation rec {
"-Wno-error=array-bounds"
];
# error: writing 1 byte into a region of size 0
hardeningDisable = [ "fortify3" ];
installPhase = ''
runHook preInstall

2
pkgs/applications/misc/pot/Cargo.lock generated
View file

@ -3802,7 +3802,7 @@ dependencies = [
[[package]]
name = "tauri-plugin-single-instance"
version = "0.0.0"
source = "git+https://github.com/tauri-apps/plugins-workspace?branch=v1#c4d2c8c693a8e0da627f4c845486dbe1b1e32c64"
source = "git+https://github.com/tauri-apps/plugins-workspace?branch=dev#dce0f02bc571128308c30278cde3233f341e6a50"
dependencies = [
"log",
"serde",

7
pkgs/applications/misc/pot/default.nix
View file

@ -34,11 +34,6 @@ stdenv.mkDerivation rec {
sourceRoot = "source/src-tauri";
postUnpack = ''
sed -i -e 's/dev/v1/' source/src-tauri/Cargo.toml
cp ${./Cargo.lock} source/src-tauri/Cargo.lock
'';
postPatch = ''
substituteInPlace $cargoDepsCopy/libappindicator-sys-*/src/lib.rs \
--replace "libayatana-appindicator3.so.1" "${libayatana-appindicator}/lib/libayatana-appindicator3.so.1"
@ -81,7 +76,7 @@ stdenv.mkDerivation rec {
cargoDeps = rustPlatform.importCargoLock {
lockFile = ./Cargo.lock;
outputHashes = {
"tauri-plugin-single-instance-0.0.0" = "sha256-9eclolp+Gb8qF/KYIRiOoCJbMJLI8LyWLQu82npI7mQ=";
"tauri-plugin-single-instance-0.0.0" = "sha256-M6uGcf4UWAU+494wAK/r2ta1c3IZ07iaURLwJJR9F3U=";
"tauri-plugin-autostart-0.0.0" = "sha256-9eclolp+Gb8qF/KYIRiOoCJbMJLI8LyWLQu82npI7mQ=";
"enigo-0.1.2" = "sha256-99VJ0WYD8jV6CYUZ1bpYJBwIE2iwOZ9SjOvyA2On12Q=";
"selection-0.1.0" = "sha256-85NUACRi7TjyMNKVz93G+W1EXKIVZZge/h/HtDwiW/Q=";

3
pkgs/applications/networking/nextcloud-client/default.nix
View file

@ -87,6 +87,9 @@ mkDerivation rec {
"-DNO_SHIBBOLETH=1" # allows to compile without qtwebkit
];
# causes redefinition of _FORTIFY_SOURCE
hardeningDisable = [ "fortify3" ];
postBuild = ''
make doc-man
'';

6
pkgs/applications/science/chemistry/ergoscf/default.nix
View file

@ -28,6 +28,12 @@ stdenv.mkDerivation rec {
OMP_NUM_THREADS = 2; # required for check phase
# With "fortify3", there are test failures, such as:
# Testing cnof CAMB3LYP/6-31G using FMM
# *** buffer overflow detected ***: terminated
# ./test_fmm_camb3lyp.sh: line 81: 1061289 Aborted (core dumped) ./ergo <<EOINPUT > /dev/null
hardeningDisable = [ "fortify3" ];
doCheck = true;
meta = with lib; {

3
pkgs/applications/science/misc/root/5.nix
View file

@ -66,6 +66,9 @@ stdenv.mkDerivation rec {
})
];
# https://github.com/root-project/root/issues/13216
hardeningDisable = [ "fortify3" ];
preConfigure = ''
# binutils 2.37 fixes
fixupList=(

9
pkgs/applications/terminal-emulators/kitty/default.nix
View file

@ -99,8 +99,13 @@ buildPythonApplication rec {
./disable-test_ssh_bootstrap_with_different_launchers.patch
];
# Causes build failure due to warning
hardeningDisable = lib.optional stdenv.cc.isClang "strictoverflow";
hardeningDisable = [
# causes redefinition of _FORTIFY_SOURCE
"fortify3"
] ++ lib.optionals stdenv.cc.isClang [
# Causes build failure due to warning
"strictoverflow"
];
CGO_ENABLED = 0;
GOFLAGS = "-trimpath";

4
pkgs/applications/terminal-emulators/xterm/default.nix
View file

@ -4,14 +4,14 @@
stdenv.mkDerivation rec {
pname = "xterm";
version = "382";
version = "383";
src = fetchurl {
urls = [
"ftp://ftp.invisible-island.net/xterm/${pname}-${version}.tgz"
"https://invisible-mirror.net/archives/xterm/${pname}-${version}.tgz"
];
hash = "sha256-DNC889CqdGqEDqPxNm6imnQmNpTVNbXHd/J+tl1/zu0=";
hash = "sha256-oGYTvNpQjCob/21CMIldp0p5h5mi45ojusggide5qZg=";
};
strictDeps = true;

6
pkgs/applications/version-management/mercurial/default.nix
View file

@ -21,11 +21,11 @@ let
self = python3Packages.buildPythonApplication rec {
pname = "mercurial${lib.optionalString fullBuild "-full"}";
version = "6.4.3";
version = "6.4.5";
src = fetchurl {
url = "https://mercurial-scm.org/release/mercurial-${version}.tar.gz";
sha256 = "sha256-p3+2LTJZNKg6ALL8bbEJ9ExnuGdo/EBJA2b1E2QMf2Q=";
sha256 = "sha256-sLSwC4smOci+OHOUeW8EJb6zOTFN9+cpN/jd0qQbG4o=";
};
format = "other";
@ -35,7 +35,7 @@ let
cargoDeps = if rustSupport then rustPlatform.fetchCargoTarball {
inherit src;
name = "mercurial-${version}";
sha256 = "sha256-nm9RZZHtmPfeJ7StHZmfxcFqKeJHACQQeA/Evv3wYD8=";
sha256 = "sha256-shB2MRGATTg4l6pJ9FVYfBtnrX/eEHRvPhc8GZTA9ns=";
sourceRoot = "mercurial-${version}/rust";
} else null;
cargoRoot = if rustSupport then "rust" else null;

3
pkgs/applications/virtualization/singularity/generic.nix
View file

@ -149,6 +149,9 @@ in
++ extraConfigureFlags
;
# causes redefinition of _FORTIFY_SOURCE
hardeningDisable = [ "fortify3" ];
# Packages to prefix to the Apptainer/Singularity container runtime default PATH
# Use overrideAttrs to override
defaultPathInputs = [

10
pkgs/build-support/bintools-wrapper/add-hardening.sh
View file

@ -37,11 +37,11 @@ fi
for flag in "${!hardeningEnableMap[@]}"; do
case $flag in
pie)
if [[ ! (" $* " =~ " -shared " \
|| " $* " =~ " -static " \
|| " $* " =~ " -r " \
|| " $* " =~ " -Ur " \
|| " $* " =~ " -i ") ]]; then
if [[ ! (" ${params[*]} " =~ " -shared " \
|| " ${params[*]} " =~ " -static " \
|| " ${params[*]} " =~ " -r " \
|| " ${params[*]} " =~ " -Ur " \
|| " ${params[*]} " =~ " -i ") ]]; then
if (( "${NIX_DEBUG:-0}" >= 1 )); then echo HARDENING: enabling LDFlags -pie >&2; fi
hardeningLDFlags+=('-pie')
fi

2
pkgs/build-support/cc-wrapper/add-hardening.sh
View file

@ -71,7 +71,7 @@ for flag in "${!hardeningEnableMap[@]}"; do
# NB: we do not use `+=` here, because PIE flags must occur before any PIC flags
if (( "${NIX_DEBUG:-0}" >= 1 )); then echo HARDENING: enabling CFlags -fPIE >&2; fi
hardeningCFlags=('-fPIE' "${hardeningCFlags[@]}")
if [[ ! (" $* " =~ " -shared " || " $* " =~ " -static ") ]]; then
if [[ ! (" ${params[*]} " =~ " -shared " || " ${params[*]} " =~ " -static ") ]]; then
if (( "${NIX_DEBUG:-0}" >= 1 )); then echo HARDENING: enabling LDFlags -pie >&2; fi
hardeningCFlags=('-pie' "${hardeningCFlags[@]}")
fi

2
pkgs/build-support/cc-wrapper/setup-hook.sh
View file

@ -111,7 +111,7 @@ export CC${role_post}=@named_cc@
export CXX${role_post}=@named_cxx@
# If unset, assume the default hardening flags.
: ${NIX_HARDENING_ENABLE="fortify stackprotector pic strictoverflow format relro bindnow"}
: ${NIX_HARDENING_ENABLE="fortify fortify3 stackprotector pic strictoverflow format relro bindnow"}
export NIX_HARDENING_ENABLE
# No local scope in sourced file

2
pkgs/build-support/rust/import-cargo-lock.nix
View file

@ -201,7 +201,7 @@ let
# Set up configuration for the vendor directory.
cat > $out/.cargo-config <<EOF
[source."${gitParts.url}"]
[source."${gitParts.url}${lib.optionalString (gitParts ? type) "?${gitParts.type}=${gitParts.value}"}"]
git = "${gitParts.url}"
${lib.optionalString (gitParts ? type) "${gitParts.type} = \"${gitParts.value}\""}
replace-with = "vendored-sources"

3
pkgs/development/compilers/gcc/11/default.nix
View file

@ -176,7 +176,8 @@ lib.pipe (stdenv.mkDerivation ({
libc_dev = stdenv.cc.libc_dev;
hardeningDisable = [ "format" "pie" ];
hardeningDisable = [ "format" "pie" ]
++ optional langAda "fortify3";
postPatch = ''
configureScripts=$(find . -name configure)

6
pkgs/development/compilers/ghc/common-hadrian.nix
View file

@ -385,6 +385,12 @@ stdenv.mkDerivation ({
"--enable-dwarf-unwind"
"--with-libdw-includes=${lib.getDev elfutils}/include"
"--with-libdw-libraries=${lib.getLib elfutils}/lib"
] ++ lib.optionals targetPlatform.isDarwin [
# Darwin uses llvm-ar. GHC will try to use `-L` with `ar` when it is `llvm-ar`
# but it doesnt currently work because Cabal never uses `-L` on Darwin. See:
# https://gitlab.haskell.org/ghc/ghc/-/issues/23188
# https://github.com/haskell/cabal/issues/8882
"fp_cv_prog_ar_supports_dash_l=no"
];
# Make sure we never relax`$PATH` and hooks support for compatibility.

3
pkgs/development/compilers/intel-graphics-compiler/default.nix
View file

@ -86,6 +86,9 @@ stdenv.mkDerivation rec {
"-DIGC_PREFERRED_LLVM_VERSION=${lib.getVersion llvm}"
];
# causes redefinition of _FORTIFY_SOURCE
hardeningDisable = [ "fortify3" ];
meta = with lib; {
homepage = "https://github.com/intel/intel-graphics-compiler";
description = "LLVM-based compiler for OpenCL targeting Intel Gen graphics hardware";

5
pkgs/development/compilers/orc/default.nix
View file

@ -18,11 +18,11 @@
inherit (lib) optional optionals;
in stdenv.mkDerivation rec {
pname = "orc";
version = "0.4.33";
version = "0.4.34";
src = fetchurl {
url = "https://gstreamer.freedesktop.org/src/orc/${pname}-${version}.tar.xz";
sha256 = "sha256-hE5tfbgIb3k/V2GNPUto0p2ZsWA05xQw3zwhz9PDVCo=";
sha256 = "sha256-j0ers/CXFx5E64B63Nq9hg+6Lv/TfY08T71fNByt1B8=";
};
postPatch = lib.optionalString stdenv.isAarch32 ''
@ -58,6 +58,7 @@ in stdenv.mkDerivation rec {
meta = with lib; {
description = "The Oil Runtime Compiler";
homepage = "https://gstreamer.freedesktop.org/projects/orc.html";
changelog = "https://cgit.freedesktop.org/gstreamer/orc/plain/RELEASE?h=${version}";
# The source code implementing the Marsenne Twister algorithm is licensed
# under the 3-clause BSD license. The rest is 2-clause BSD license.
license = with licenses; [ bsd3 bsd2 ];

2
pkgs/development/compilers/rust/rustc.nix
View file

@ -53,7 +53,7 @@ in stdenv.mkDerivation rec {
NIX_LDFLAGS = toString (
# when linking stage1 libstd: cc: undefined reference to `__cxa_begin_catch'
optional (stdenv.isLinux && !withBundledLLVM) "--push-state --as-needed -lstdc++ --pop-state"
++ optional (stdenv.isDarwin && !withBundledLLVM) "-lc++"
++ optional (stdenv.isDarwin && !withBundledLLVM) "-lc++ -lc++abi"
++ optional stdenv.isDarwin "-rpath ${llvmSharedForHost}/lib");
# Increase codegen units to introduce parallelism within the compiler.

4
pkgs/development/interpreters/ruby/rubygems/default.nix
View file

@ -2,11 +2,11 @@
stdenv.mkDerivation rec {
pname = "rubygems";
version = "3.4.14";
version = "3.4.16";
src = fetchurl {
url = "https://rubygems.org/rubygems/rubygems-${version}.tgz";
hash = "sha256-l5sYQoSKOb5NkO/J05nClKygtuZ9RfgAsmyTzCLQOYM=";
hash = "sha256-T58wDLMOCPPwoPuXdZvpXeF7yERXvW1lPxVqe8zFs6M=";
};
patches = [

4
pkgs/development/libraries/SDL2/default.nix
View file

@ -55,11 +55,11 @@
stdenv.mkDerivation rec {
pname = "SDL2";
version = "2.28.0";
version = "2.28.1";
src = fetchurl {
url = "https://www.libsdl.org/release/${pname}-${version}.tar.gz";
sha256 = "sha256-0hWuRUHmnWKJU3EUls17DouNXI2BHVsPmP3H/RQimYo=";
sha256 = "sha256-SXfOulwAVNvmwvEUZBrO1DzjvytB6mS2o3LWuhKcsV0=";
};
dontDisableStatic = if withStatic then 1 else 0;
outputs = [ "out" "dev" ];

24
pkgs/development/libraries/boost/generic.nix
View file

@ -112,7 +112,29 @@ stdenv.mkDerivation {
url = "https://github.com/boostorg/math/commit/7d482f6ebc356e6ec455ccb5f51a23971bf6ce5b.patch";
relative = "include";
sha256 = "sha256-KlmIbixcds6GyKYt1fx5BxDIrU7msrgDdYo9Va/KJR4=";
});
})
# This fixes another issue regarding ill-formed constant expressions, which is a default error
# in clang 16 and will be a hard error in clang 17.
++ lib.optional (lib.versionOlder version "1.80") (fetchpatch {
url = "https://github.com/boostorg/log/commit/77f1e20bd69c2e7a9e25e6a9818ae6105f7d070c.patch";
relative = "include";
hash = "sha256-6qOiGJASm33XzwoxVZfKJd7sTlQ5yd+MMFQzegXm5RI=";
})
++ lib.optionals (lib.versionOlder version "1.81") [
# libc++ 15 dropped support for `std::unary_function` and `std::binary_function` in C++17+.
# C++17 is the default for clang 16, but clang 15 is also affected in that language mode.
# This patch is for Boost 1.80, but it also applies to earlier versions.
(fetchpatch {
url = "https://www.boost.org/patches/1_80_0/0005-config-libcpp15.patch";
hash = "sha256-ULFMzKphv70unvPZ3o4vSP/01/xbSM9a2TlIV67eXDQ=";
})
# This fixes another ill-formed contant expressions issue flagged by clang 16.
(fetchpatch {
url = "https://github.com/boostorg/numeric_conversion/commit/50a1eae942effb0a9b90724323ef8f2a67e7984a.patch";
relative = "include";
hash = "sha256-dq4SVgxkPJSC7Fvr59VGnXkM4Lb09kYDaBksCHo9C0s=";
})
];
meta = with lib; {
homepage = "http://boost.org/";

4
pkgs/development/libraries/dav1d/default.nix
View file

@ -10,13 +10,13 @@ assert useVulkan -> withExamples;
stdenv.mkDerivation rec {
pname = "dav1d";
version = "1.2.0";
version = "1.2.1";
src = fetchFromGitHub {
owner = "videolan";
repo = pname;
rev = version;
hash = "sha256-Y9wqa6lIs0eKT+q+95gjzfHIc3pglXzLNaDjsWy1gok=";
hash = "sha256-RrEim3HXXjx2RUU7K3wPH3QbhNTRN9ZX/oAcyE9aV8I=";
};
outputs = [ "out" "dev" ];

64
pkgs/development/libraries/db/clang-4.8.patch
View file

@ -139,3 +139,67 @@ index f3922e0..e40fcdf 100644
} else {
DB_ASSERT(env, sharecount > 0);
MEMBAR_EXIT();
diff -ur a/dist/aclocal/clock.m4 b/dist/aclocal/clock.m4
--- a/dist/aclocal/clock.m4 1969-12-31 19:00:01.000000000 -0500
+++ b/dist/aclocal/clock.m4 2023-06-05 19:14:02.007080500 -0400
@@ -21,6 +21,7 @@
AC_CACHE_CHECK([for clock_gettime monotonic clock], db_cv_clock_monotonic, [
AC_TRY_RUN([
#include <sys/time.h>
+int
main() {
struct timespec t;
return (clock_gettime(CLOCK_MONOTONIC, &t) != 0);
diff -ur a/dist/aclocal/mutex.m4 b/dist/aclocal/mutex.m4
--- a/dist/aclocal/mutex.m4 1969-12-31 19:00:01.000000000 -0500
+++ b/dist/aclocal/mutex.m4 2023-06-05 19:14:47.214158196 -0400
@@ -4,6 +4,7 @@
AC_DEFUN(AM_PTHREADS_SHARED, [
AC_TRY_RUN([
#include <pthread.h>
+int
main() {
pthread_cond_t cond;
pthread_mutex_t mutex;
@@ -46,6 +47,7 @@
AC_DEFUN(AM_PTHREADS_PRIVATE, [
AC_TRY_RUN([
#include <pthread.h>
+int
main() {
pthread_cond_t cond;
pthread_mutex_t mutex;
diff -ur a/dist/aclocal/sequence.m4 b/dist/aclocal/sequence.m4
--- a/dist/aclocal/sequence.m4 1969-12-31 19:00:01.000000000 -0500
+++ b/dist/aclocal/sequence.m4 2023-06-05 19:14:02.007869956 -0400
@@ -43,6 +43,9 @@
# test, which won't test for the appropriate printf format strings.
if test "$db_cv_build_sequence" = "yes"; then
AC_TRY_RUN([
+ #include <string.h>
+ #include <stdio.h>
+ int
main() {
$db_cv_seq_type l;
unsigned $db_cv_seq_type u;
@@ -59,7 +62,9 @@
return (1);
return (0);
}],, [db_cv_build_sequence="no"],
- AC_TRY_LINK(,[
+ AC_TRY_LINK([
+ #include <string.h>
+ #include <stdio.h>],[
$db_cv_seq_type l;
unsigned $db_cv_seq_type u;
char buf@<:@100@:>@;
diff -ur a/dist/RELEASE b/dist/RELEASE
--- a/dist/RELEASE 1969-12-31 19:00:01.000000000 -0500
+++ b/dist/RELEASE 2023-07-02 17:32:34.703953049 -0400
@@ -7,5 +7,5 @@
DB_VERSION_UNIQUE_NAME=`printf "_%d%03d" $DB_VERSION_MAJOR $DB_VERSION_MINOR`
-DB_RELEASE_DATE=`date "+%B %e, %Y"`
+DB_RELEASE_DATE="April 9, 2010"
DB_VERSION_STRING="Berkeley DB $DB_VERSION: ($DB_RELEASE_DATE)"

108
pkgs/development/libraries/db/clang-5.3.patch
View file

@ -139,3 +139,111 @@ index 106b161..fc4de9d 100644
} else {
DB_ASSERT(env, sharecount > 0);
MEMBAR_EXIT();
diff -ur a/dist/aclocal/clock.m4 b/dist/aclocal/clock.m4
--- a/dist/aclocal/clock.m4 1969-12-31 19:00:01.000000000 -0500
+++ b/dist/aclocal/clock.m4 2023-06-05 19:14:02.007080500 -0400
@@ -21,6 +21,7 @@
AC_CACHE_CHECK([for clock_gettime monotonic clock], db_cv_clock_monotonic, [
AC_TRY_RUN([
#include <sys/time.h>
+int
main() {
struct timespec t;
return (clock_gettime(CLOCK_MONOTONIC, &t) != 0);
diff -ur a/dist/aclocal/mmap.m4 b/dist/aclocal/mmap.m4
--- a/dist/aclocal/mmap.m4 1969-12-31 19:00:01.000000000 -0500
+++ b/dist/aclocal/mmap.m4 2023-06-05 19:14:02.007323624 -0400
@@ -29,6 +29,8 @@
* system to system.
*/
#include <stdio.h>
+ #include <stdlib.h>
+ #include <unistd.h>
#include <string.h>
#include <sys/types.h>
#include <sys/stat.h>
@@ -42,12 +44,13 @@
#define MAP_FAILED (-1)
#endif
- int catch_sig(sig)
+ void catch_sig(sig)
int sig;
{
exit(1);
}
+ int
main() {
const char *underlying;
unsigned gapsize;
@@ -88,8 +91,8 @@
return (4);
}
- (void) signal(SIGSEGV, catch_sig);
- (void) signal(SIGBUS, catch_sig);
+ (void) signal(SIGSEGV, &catch_sig);
+ (void) signal(SIGBUS, &catch_sig);
for (i = sizeof(buf); i < total_size; i += gapsize)
base[i] = 'A';
diff -ur a/dist/aclocal/mutex.m4 b/dist/aclocal/mutex.m4
--- a/dist/aclocal/mutex.m4 1969-12-31 19:00:01.000000000 -0500
+++ b/dist/aclocal/mutex.m4 2023-06-05 19:14:47.214158196 -0400
@@ -5,6 +5,7 @@
AC_TRY_RUN([
#include <stdlib.h>
#include <pthread.h>
+int
main() {
pthread_cond_t cond;
pthread_mutex_t mutex;
@@ -49,6 +50,7 @@
AC_TRY_RUN([
#include <stdlib.h>
#include <pthread.h>
+int
main() {
pthread_cond_t cond;
pthread_mutex_t mutex;
@@ -89,6 +91,7 @@
AC_TRY_RUN([
#include <stdlib.h>
#include <pthread.h>
+int
main() {
pthread_cond_t cond;
pthread_condattr_t condattr;
@@ -110,6 +113,7 @@
AC_TRY_RUN([
#include <stdlib.h>
#include <pthread.h>
+int
main() {
pthread_rwlock_t rwlock;
pthread_rwlockattr_t rwlockattr;
diff -ur a/dist/aclocal/sequence.m4 b/dist/aclocal/sequence.m4
--- a/dist/aclocal/sequence.m4 1969-12-31 19:00:01.000000000 -0500
+++ b/dist/aclocal/sequence.m4 2023-06-05 19:14:02.007869956 -0400
@@ -43,6 +43,9 @@
# test, which won't test for the appropriate printf format strings.
if test "$db_cv_build_sequence" = "yes"; then
AC_TRY_RUN([
+ #include <string.h>
+ #include <stdio.h>
+ int
main() {
$db_cv_seq_type l;
unsigned $db_cv_seq_type u;
@@ -59,7 +62,9 @@
return (1);
return (0);
}],, [db_cv_build_sequence="no"],
- AC_TRY_LINK(,[
+ AC_TRY_LINK([
+ #include <string.h>
+ #include <stdio.h>],[
$db_cv_seq_type l;
unsigned $db_cv_seq_type u;
char buf@<:@100@:>@;

55
pkgs/development/libraries/db/darwin-mutexes-4.8.patch Normal file
View file

@ -0,0 +1,55 @@
diff -ur a/dist/aclocal/mutex.m4 b/dist/aclocal/mutex.m4
--- a/dist/aclocal/mutex.m4 1969-12-31 19:00:01.000000000 -0500
+++ b/dist/aclocal/mutex.m4 2023-06-05 19:14:47.214158196 -0400
@@ -372,10 +376,11 @@
# _spin_lock_try/_spin_unlock: Apple/Darwin
if test "$db_cv_mutex" = no; then
-AC_TRY_LINK(,[
- int x;
- _spin_lock_try(&x);
- _spin_unlock(&x);
+AC_TRY_LINK([
+#include <os/lock.h>],[
+ os_unfair_lock x = OS_UNFAIR_LOCK_INIT;
+ bool _ = os_unfair_lock_trylock(&x);
+ os_unfair_lock_unlock(&x);
], [db_cv_mutex=Darwin/_spin_lock_try])
fi
diff -ur a/dbinc/mutex_int.h b/dbinc/mutex_int.h
--- a/dbinc/mutex_int.h 1969-12-31 19:00:01.000000000 -0500
+++ b/dbinc/mutex_int.h 2023-06-05 19:15:37.510514745 -0400
@@ -154,14 +154,13 @@
* Apple/Darwin library functions.
*********************************************************************/
#ifdef HAVE_MUTEX_DARWIN_SPIN_LOCK_TRY
-typedef u_int32_t tsl_t;
+#include <os/lock.h>
+typedef os_unfair_lock tsl_t;
#ifdef LOAD_ACTUAL_MUTEX_CODE
-extern int _spin_lock_try(tsl_t *);
-extern void _spin_unlock(tsl_t *);
-#define MUTEX_SET(tsl) _spin_lock_try(tsl)
-#define MUTEX_UNSET(tsl) _spin_unlock(tsl)
-#define MUTEX_INIT(tsl) (MUTEX_UNSET(tsl), 0)
+#define MUTEX_SET(tsl) os_unfair_lock_trylock(tsl)
+#define MUTEX_UNSET(tsl) os_unfair_lock_unlock(tsl)
+#define MUTEX_INIT(tsl) ({ *(tsl) = OS_UNFAIR_LOCK_INIT; tsl; })
#endif
#endif
diff -ur a/dbinc/mutex_int.h b/dbinc/mutex_int.h
--- a/dbinc_auto/mutex_ext.h 1969-12-31 19:00:01.000000000 -0500
+++ b/dbinc_auto/mutex_ext.h 2023-07-01 22:38:20.749201366 -0400
@@ -34,6 +34,9 @@
#if !defined(HAVE_ATOMIC_SUPPORT) && defined(HAVE_MUTEX_SUPPORT)
atomic_value_t __atomic_dec __P((ENV *, db_atomic_t *));
#endif
+#if !defined(HAVE_ATOMIC_SUPPORT) && defined(HAVE_MUTEX_SUPPORT)
+int atomic_compare_exchange __P((ENV *, db_atomic_t *, atomic_value_t, atomic_value_t));
+#endif
int __db_pthread_mutex_init __P((ENV *, db_mutex_t, u_int32_t));
int __db_pthread_mutex_lock __P((ENV *, db_mutex_t));
#if defined(HAVE_SHARED_LATCHES)

42
pkgs/development/libraries/db/darwin-mutexes.patch Normal file
View file

@ -0,0 +1,42 @@
diff -ur a/dist/aclocal/mutex.m4 b/dist/aclocal/mutex.m4
--- a/dist/aclocal/mutex.m4 1969-12-31 19:00:01.000000000 -0500
+++ b/dist/aclocal/mutex.m4 2023-06-05 19:14:47.214158196 -0400
@@ -441,10 +445,11 @@
# _spin_lock_try/_spin_unlock: Apple/Darwin
if test "$db_cv_mutex" = no; then
-AC_TRY_LINK(,[
- int x;
- _spin_lock_try(&x);
- _spin_unlock(&x);
+AC_TRY_LINK([
+#include <os/lock.h>],[
+ os_unfair_lock x = OS_UNFAIR_LOCK_INIT;
+ bool _ = os_unfair_lock_trylock(&x);
+ os_unfair_lock_unlock(&x);
], [db_cv_mutex=Darwin/_spin_lock_try])
fi
diff -ur a/src/dbinc/mutex_int.h b/src/dbinc/mutex_int.h
--- a/src/dbinc/mutex_int.h 1969-12-31 19:00:01.000000000 -0500
+++ b/src/dbinc/mutex_int.h 2023-06-05 19:15:37.510514745 -0400
@@ -154,14 +154,13 @@
* Apple/Darwin library functions.
*********************************************************************/
#ifdef HAVE_MUTEX_DARWIN_SPIN_LOCK_TRY
-typedef u_int32_t tsl_t;
+#include <os/lock.h>
+typedef os_unfair_lock tsl_t;
#ifdef LOAD_ACTUAL_MUTEX_CODE
-extern int _spin_lock_try(tsl_t *);
-extern void _spin_unlock(tsl_t *);
-#define MUTEX_SET(tsl) _spin_lock_try(tsl)
-#define MUTEX_UNSET(tsl) _spin_unlock(tsl)
-#define MUTEX_INIT(tsl) (MUTEX_UNSET(tsl), 0)
+#define MUTEX_SET(tsl) os_unfair_lock_trylock(tsl)
+#define MUTEX_UNSET(tsl) os_unfair_lock_unlock(tsl)
+#define MUTEX_INIT(tsl) ({ *(tsl) = OS_UNFAIR_LOCK_INIT; tsl; })
#endif
#endif

5
pkgs/development/libraries/db/db-4.8.nix
View file

@ -1,9 +1,10 @@
{ lib, stdenv, fetchurl, ... } @ args:
{ lib, stdenv, fetchurl, autoreconfHook, ... } @ args:
import ./generic.nix (args // {
version = "4.8.30";
sha256 = "0ampbl2f0hb1nix195kz1syrqqxpmvnvnfvphambj7xjrl3iljg0";
extraPatches = [ ./clang-4.8.patch ./CVE-2017-10140-4.8-cwd-db_config.patch ];
extraPatches = [ ./clang-4.8.patch ./CVE-2017-10140-4.8-cwd-db_config.patch ]
++ lib.optionals stdenv.isDarwin [ ./darwin-mutexes-4.8.patch ];
drvArgs.hardeningDisable = [ "format" ];
drvArgs.doCheck = false;

5
pkgs/development/libraries/db/db-5.3.nix
View file

@ -1,7 +1,8 @@
{ lib, stdenv, fetchurl, ... } @ args:
{ lib, stdenv, fetchurl, autoreconfHook, ... } @ args:
import ./generic.nix (args // {
version = "5.3.28";
sha256 = "0a1n5hbl7027fbz5lm0vp0zzfp1hmxnz14wx3zl9563h83br5ag0";
extraPatches = [ ./clang-5.3.patch ./CVE-2017-10140-cwd-db_config.patch ];
extraPatches = [ ./clang-5.3.patch ./CVE-2017-10140-cwd-db_config.patch ]
++ lib.optionals stdenv.isDarwin [ ./darwin-mutexes.patch ];
})

5
pkgs/development/libraries/db/db-6.0.nix
View file

@ -1,8 +1,9 @@
{ lib, stdenv, fetchurl, ... } @ args:
{ lib, stdenv, fetchurl, autoreconfHook, ... } @ args:
import ./generic.nix (args // {
version = "6.0.20";
sha256 = "00r2aaglq625y8r9xd5vw2y070plp88f1mb2gbq3kqsl7128lsl0";
license = lib.licenses.agpl3;
extraPatches = [ ./clang-6.0.patch ./CVE-2017-10140-cwd-db_config.patch ];
extraPatches = [ ./clang-6.0.patch ./CVE-2017-10140-cwd-db_config.patch ]
++ lib.optionals stdenv.isDarwin [ ./darwin-mutexes.patch ];
})

5
pkgs/development/libraries/db/db-6.2.nix
View file

@ -1,8 +1,9 @@
{ lib, stdenv, fetchurl, ... } @ args:
{ lib, stdenv, fetchurl, autoreconfHook, ... } @ args:
import ./generic.nix (args // {
version = "6.2.23";
sha256 = "1isxx4jfmnh913jzhp8hhfngbk6dsg46f4kjpvvc56maj64jqqa7";
license = lib.licenses.agpl3;
extraPatches = [ ./clang-6.0.patch ./CVE-2017-10140-cwd-db_config.patch ];
extraPatches = [ ./clang-6.0.patch ./CVE-2017-10140-cwd-db_config.patch ]
++ lib.optionals stdenv.isDarwin [ ./darwin-mutexes.patch ];
})

43
pkgs/development/libraries/db/generic.nix
View file

@ -1,4 +1,4 @@
{ lib, stdenv, fetchurl
{ lib, stdenv, fetchurl, autoreconfHook
, cxxSupport ? true
, compat185 ? true
, dbmSupport ? false
@ -10,6 +10,9 @@
, drvArgs ? {}
}:
let
shouldReconfigure = stdenv.cc.isClang;
in
stdenv.mkDerivation (rec {
pname = "db";
inherit version;
@ -19,10 +22,48 @@ stdenv.mkDerivation (rec {
sha256 = sha256;
};
# The provided configure script features `main` returning implicit `int`, which causes
# configure checks to work incorrectly with clang 16.
nativeBuildInputs = lib.optionals stdenv.cc.isClang [ autoreconfHook ];
patches = extraPatches;
outputs = [ "bin" "out" "dev" ];
# Required when regenerated the configure script to make sure the vendored macros are found.
autoreconfFlags = lib.optionalString shouldReconfigure [ "-fi" "-Iaclocal" "-Iaclocal_java" ];
preAutoreconf = lib.optionalString shouldReconfigure ''
pushd dist
# Upstreams `dist/s_config` cats everything into `aclocal.m4`, but that doesnt work with
# autoreconfHook, so cat `config.m4` to another file. Otherwise, it wont be found by `aclocal`.
cat aclocal/config.m4 >> aclocal/options.m4
'';
# This isnt pretty. The version information is kept separate from the configure script.
# After the configure script is regenerated, the version information has to be replaced with the
# contents of `dist/RELEASE`.
postAutoreconf = lib.optionalString shouldReconfigure ''
(
declare -a vars=(
"DB_VERSION_FAMILY"
"DB_VERSION_RELEASE"
"DB_VERSION_MAJOR"
"DB_VERSION_MINOR"
"DB_VERSION_PATCH"
"DB_VERSION_STRING"
"DB_VERSION_FULL_STRING"
"DB_VERSION_UNIQUE_NAME"
"DB_VERSION"
)
source RELEASE
for var in "''${vars[@]}"; do
sed -e "s/__EDIT_''${var}__/''${!var}/g" -i configure
done
)
popd
'';
configureFlags =
[
(if cxxSupport then "--enable-cxx" else "--disable-cxx")

3
pkgs/development/libraries/gvm-libs/default.nix
View file

@ -60,6 +60,9 @@ stdenv.mkDerivation rec {
"-DGVM_RUN_DIR=${placeholder "out"}/run/gvm"
];
# causes redefinition of _FORTIFY_SOURCE
hardeningDisable = [ "fortify3" ];
meta = with lib; {
description = "Libraries module for the Greenbone Vulnerability Management Solution";
homepage = "https://github.com/greenbone/gvm-libs";

3
pkgs/development/libraries/libffi/3.3.nix
View file

@ -29,6 +29,9 @@ stdenv.mkDerivation rec {
"--disable-exec-static-tramp"
];
# with fortify3, tests fail for some reason
hardeningDisable = [ "fortify3" ];
preCheck = ''
# The tests use -O0 which is not compatible with -D_FORTIFY_SOURCE.
NIX_HARDENING_ENABLE=''${NIX_HARDENING_ENABLE/fortify/}

3
pkgs/development/libraries/libfido2/default.nix
View file

@ -44,6 +44,9 @@ stdenv.mkDerivation rec {
"-DUSE_PCSC=1"
];
# causes possible redefinition of _FORTIFY_SOURCE?
hardeningDisable = [ "fortify3" ];
meta = with lib; {
description = ''
Provides library functionality for FIDO 2.0, including communication with a device over USB.

31
pkgs/development/libraries/libtiff/default.nix
View file

@ -1,7 +1,6 @@
{ lib
, stdenv
, fetchFromGitLab
, fetchpatch
, nix-update-script
, autoreconfHook
@ -25,13 +24,13 @@
stdenv.mkDerivation rec {
pname = "libtiff";
version = "4.5.0";
version = "4.5.1";
src = fetchFromGitLab {
owner = "libtiff";
repo = "libtiff";
rev = "v${version}";
hash = "sha256-KG6rB940JMjFUTAgtkzg+Zh75gylPY6Q7/4gEbL0Hcs=";
hash = "sha256-qQEthy6YhNAQmdDMyoCIvK8f3Tx25MgqhJZW74CB93E=";
};
patches = [
@ -40,32 +39,6 @@ stdenv.mkDerivation rec {
# libc++abi 11 has an `#include <version>`, this picks up files name
# `version` in the project's include paths
./rename-version.patch
(fetchpatch {
name = "CVE-2022-48281.patch";
url = "https://gitlab.com/libtiff/libtiff/-/commit/d1b6b9c1b3cae2d9e37754506c1ad8f4f7b646b5.diff";
sha256 = "sha256-FWUlyJyHXac6fuM5f9PG33kcF5Bm4fyFmYnaDal46iM=";
})
(fetchpatch {
name = "CVE-2023-0800.CVE-2023-0801.CVE-2023-0802.CVE-2023-0803.CVE-2023-0804.patch";
url = "https://gitlab.com/libtiff/libtiff/-/commit/33aee1275d9d1384791d2206776eb8152d397f00.patch";
sha256 = "sha256-wNSa1D9EWObTs331utjIKgo9p9PUWqTM54qG+1Hhm1A=";
})
(fetchpatch {
name = "CVE-2023-0795.CVE-2023-0796.CVE-2023-0797.CVE-2023-0798.CVE-2023-0799.prerequisite-0.patch";
url = "https://gitlab.com/libtiff/libtiff/-/commit/9c22495e5eeeae9e00a1596720c969656bb8d678.patch";
sha256 = "sha256-NTs+dCUweKddQDzJLqbdIdvNbaSweGG0cSVt57tntoI=";
})
(fetchpatch {
name = "CVE-2023-0795.CVE-2023-0796.CVE-2023-0797.CVE-2023-0798.CVE-2023-0799.prerequisite-1.patch";
url = "https://gitlab.com/libtiff/libtiff/-/commit/d63de61b1ec3385f6383ef9a1f453e4b8b11d536.patch";
includes = [ "tools/tiffcrop.c" ];
sha256 = "sha256-VHg5aAcHKwRkDFDyC1rLjCjj1rMzcq/2SUR/r1fQubQ=";
})
(fetchpatch {
name = "CVE-2023-0795.CVE-2023-0796.CVE-2023-0797.CVE-2023-0798.CVE-2023-0799.patch";
url = "https://gitlab.com/libtiff/libtiff/-/commit/afaabc3e50d4e5d80a94143f7e3c997e7e410f68.patch";
sha256 = "sha256-9+oXKVJEeaIuMBdtvhNlUBNpw9uzg31s+zxt4GJo6Lo=";
})
];
postPatch = ''

6
pkgs/development/libraries/libuv/default.nix
View file

@ -23,14 +23,14 @@
}:
stdenv.mkDerivation (finalAttrs: {
version = "1.45.0";
version = "1.46.0";
pname = "libuv";
src = fetchFromGitHub {
owner = "libuv";
repo = "libuv";
rev = "v${finalAttrs.version}";
sha256 = "sha256-qKw9QFR24Uw7pVA9isPH8Va+9/5DYuqXz6l6jWcXn+4=";
sha256 = "sha256-Lrsyh4qd3OkTw1cSPfahzfSGNt6+pRN1X21iiv1SsFo=";
};
outputs = [ "out" "dev" ];
@ -62,7 +62,7 @@ stdenv.mkDerivation (finalAttrs: {
"tcp_create_early" "tcp_close" "tcp_bind_error_inval"
"tcp_bind_error_addrinuse" "tcp_shutdown_after_write"
"tcp_open" "tcp_write_queue_order" "tcp_try_write" "tcp_writealot"
"multiple_listen" "delayed_accept"
"multiple_listen" "delayed_accept" "udp_recv_in_a_row"
"shutdown_close_tcp" "shutdown_eof" "shutdown_twice" "callback_stack"
"tty_pty" "condvar_5" "hrtime" "udp_multicast_join"
# Tests that fail when sandboxing is enabled.

8
pkgs/development/libraries/libva/default.nix
View file

@ -1,6 +1,6 @@
{ stdenv, lib, fetchFromGitHub, meson, pkg-config, ninja, wayland-scanner
, libdrm
, minimal ? false, libva-minimal
, minimal ? false
, libX11, libXext, libXfixes, wayland, libffi, libGL
, mesa
# for passthru.tests
@ -26,11 +26,11 @@ stdenv.mkDerivation rec {
depsBuildBuild = [ pkg-config ];
nativeBuildInputs = [ meson pkg-config ninja wayland-scanner ];
nativeBuildInputs = [ meson pkg-config ninja ]
++ lib.optional (!minimal) wayland-scanner;
buildInputs = [ libdrm ]
++ lib.optionals (!minimal) [ libva-minimal libX11 libXext libXfixes wayland libffi libGL ];
# TODO: share libs between minimal and !minimal - perhaps just symlink them
++ lib.optionals (!minimal) [ libX11 libXext libXfixes wayland libffi libGL ];
mesonFlags = [
# Add FHS and Debian paths for non-NixOS applications

14
pkgs/development/libraries/libwebp/default.nix
View file

@ -1,5 +1,4 @@
{ lib, stdenv, fetchFromGitHub, autoreconfHook, libtool
, fetchpatch
, threadingSupport ? true # multi-threading
, openglSupport ? false, freeglut, libGL, libGLU # OpenGL (required for vwebp)
, pngSupport ? true, libpng # PNG image format
@ -28,24 +27,15 @@
stdenv.mkDerivation rec {
pname = "libwebp";
version = "1.3.0";
version = "1.3.1";
src = fetchFromGitHub {
owner = "webmproject";
repo = pname;
rev = "v${version}";
hash = "sha256-nhXkq+qKpaa75YQB/W/cRozslTIFPdXeqj1y6emQeHk=";
hash = "sha256-Q94avvKjPdwdGt5ADo30cf2V4T7MCTubDHJxTtbG4xQ=";
};
patches = [
# https://www.mozilla.org/en-US/security/advisories/mfsa2023-13/#MFSA-TMP-2023-0001
(fetchpatch {
url = "https://github.com/webmproject/libwebp/commit/a486d800b60d0af4cc0836bf7ed8f21e12974129.patch";
name = "fix-msfa-tmp-2023-0001.patch";
hash = "sha256-TRKXpNkYVzftBw09mX+WeQRhRoOzBgXFTNZBzSdCKvc=";
})
];
configureFlags = [
(lib.enableFeature threadingSupport "threading")
(lib.enableFeature openglSupport "gl")

2
pkgs/development/libraries/libxcrypt/default.nix
View file

@ -24,7 +24,7 @@ stdenv.mkDerivation (finalAttrs: {
"--enable-hashes=${enableHashes}"
"--enable-obsolete-api=glibc"
"--disable-failure-tokens"
] ++ lib.optionals (stdenv.hostPlatform.isMusl || stdenv.hostPlatform.libc == "bionic") [
# required for musl, android, march=native
"--disable-werror"
];

3
pkgs/development/libraries/libxlsxwriter/default.nix
View file

@ -31,6 +31,9 @@ stdenv.mkDerivation rec {
"USE_SYSTEM_MINIZIP=1"
];
# TEST 428/429 worksheet:worksheet_table15 *** buffer overflow detected ***: terminated
hardeningDisable = [ "fortify3" ];
doCheck = true;
checkTarget = "test";

3
pkgs/development/libraries/linbox/default.nix
View file

@ -52,6 +52,9 @@ stdenv.mkDerivation rec {
"--enable-sage"
];
# https://github.com/linbox-team/linbox/issues/304
hardeningDisable = [ "fortify3" ];
doCheck = true;
enableParallelBuilding = true;

1
pkgs/development/libraries/mesa/default.nix
View file

@ -30,6 +30,7 @@
] ++ lib.optionals stdenv.hostPlatform.isx86 [
"iris" # new Intel, could work on non-x86 with PCIe cards, but doesn't build as of 22.3.4
"crocus" # Intel legacy, x86 only
"i915" # Intel extra legacy, x86 only
]
else [ "auto" ]
, vulkanDrivers ?

76
pkgs/development/libraries/nss/85_security_load_3.77+.patch
View file

@ -1,76 +0,0 @@
diff --git nss/cmd/shlibsign/shlibsign.c nss/cmd/shlibsign/shlibsign.c
index ad8f3b84e..74676d039 100644
--- nss/cmd/shlibsign/shlibsign.c
+++ nss/cmd/shlibsign/shlibsign.c
@@ -875,6 +875,8 @@ main(int argc, char **argv)
goto cleanup;
}
lib = PR_LoadLibrary(libname);
+ if (!lib)
+ lib = PR_LoadLibrary(NIX_NSS_LIBDIR"libsoftokn3.so");
assert(lib != NULL);
if (!lib) {
PR_fprintf(PR_STDERR, "loading softokn3 failed");
diff --git nss/lib/pk11wrap/pk11load.c nss/lib/pk11wrap/pk11load.c
index 119c8c512..720d39ccc 100644
--- nss/lib/pk11wrap/pk11load.c
+++ nss/lib/pk11wrap/pk11load.c
@@ -486,6 +486,15 @@ secmod_LoadPKCS11Module(SECMODModule *mod, SECMODModule **oldModule)
#else
library = PR_LoadLibrary(mod->dllName);
#endif // defined(_WIN32)
+#ifndef NSS_STATIC_SOFTOKEN
+ if ((library == NULL) &&
+ !rindex(mod->dllName, PR_GetDirectorySeparator())) {
+ library = PORT_LoadLibraryFromOrigin(my_shlib_name,
+ (PRFuncPtr) &softoken_LoadDSO,
+ mod->dllName);
+ }
+#endif
+
mod->library = (void *)library;
if (library == NULL) {
diff --git nss/lib/util/secload.c nss/lib/util/secload.c
index 12efd2f75..8b74478f6 100644
--- nss/lib/util/secload.c
+++ nss/lib/util/secload.c
@@ -70,9 +70,14 @@ loader_LoadLibInReferenceDir(const char* referencePath, const char* name)
/* Remove the trailing filename from referencePath and add the new one */
c = strrchr(referencePath, PR_GetDirectorySeparator());
+ if (!c) { /* referencePath doesn't contain a / means that dladdr gave us argv[0]
+ * and program was called from $PATH. Hack to get libs from NIX_NSS_LIBDIR */
+ referencePath = NIX_NSS_LIBDIR;
+ c = (char*) &referencePath[sizeof(NIX_NSS_LIBDIR) - 1]; /* last / */
+ }
if (c) {
size_t referencePathSize = 1 + c - referencePath;
- fullName = (char*)PORT_Alloc(strlen(name) + referencePathSize + 1);
+ fullName = (char*) PORT_Alloc(strlen(name) + referencePathSize + 5);
if (fullName) {
memcpy(fullName, referencePath, referencePathSize);
strcpy(fullName + referencePathSize, name);
@@ -82,6 +87,11 @@ loader_LoadLibInReferenceDir(const char* referencePath, const char* name)
#endif
libSpec.type = PR_LibSpec_Pathname;
libSpec.value.pathname = fullName;
+ if ((referencePathSize >= 4) &&
+ (strncmp(fullName + referencePathSize - 4, "bin", 3) == 0)) {
+ memcpy(fullName + referencePathSize -4, "lib", 3);
+ }
+ strcpy(fullName + referencePathSize, name);
dlh = PR_LoadLibraryWithFlags(libSpec, PR_LD_NOW | PR_LD_LOCAL
#ifdef PR_LD_ALT_SEARCH_PATH
/* allow library's dependencies to be found in the same directory
@@ -89,6 +99,10 @@ loader_LoadLibInReferenceDir(const char* referencePath, const char* name)
| PR_LD_ALT_SEARCH_PATH
#endif
);
+ if (! dlh) {
+ strcpy(fullName + referencePathSize, name);
+ dlh = PR_LoadLibraryWithFlags(libSpec, PR_LD_NOW | PR_LD_LOCAL);
+ }
PORT_Free(fullName);
}
}

4
pkgs/development/libraries/nss/esr.nix
View file

@ -1,4 +1,4 @@
import ./generic.nix {
version = "3.79.4";
hash = "sha256-Skcdv6Wzo7fsB4U8b8CijNBmn2mEEp4k9VQeLOFdcdU=";
version = "3.90";
hash = "sha256-ms1lNMQdjq0Z/Kb8s//+0vnwnEN8PXn+5qTuZoqqk7Y=";
}

44
pkgs/development/libraries/nss/gcc-13-esr.patch
View file

@ -1,44 +0,0 @@
https://bugzilla.mozilla.org/show_bug.cgi?id=1771273
https://hg.mozilla.org/projects/nss/raw-rev/21e7aaa1f7d94bca15d997e5b4c2329b32fad21a
# HG changeset patch
# User Sergei Trofimovich <slyich@gmail.com>
# Date 1653552519 0
# Node ID 21e7aaa1f7d94bca15d997e5b4c2329b32fad21a
# Parent ad1046e9eee5f5dc17dac7c9343e2f7f0da44b4e
Bug 1771273 - cpputil/databuffer.h: add missing <cstdint> include r=nss-reviewers,mt
Without the change build fails on this week's gcc-13 snapshot as:
../../cpputil/databuffer.h:20:20: error: 'uint8_t' does not name a type
20 | DataBuffer(const uint8_t* d, size_t l) : data_(nullptr), len_(0) {
| ^~~~~~~
../../cpputil/databuffer.h:14:1: note: 'uint8_t' is defined in header '<cstdint>'; did you forget to '#include <cstdint>'?
13 | #include <iostream>
+++ |+#include <cstdint>
14 |
Differential Revision: https://phabricator.services.mozilla.com/D147404
diff --git a/cpputil/databuffer.h b/cpputil/databuffer.h
--- nss/cpputil/databuffer.h
+++ nss/cpputil/databuffer.h
@@ -6,16 +6,17 @@
#ifndef databuffer_h__
#define databuffer_h__
#include <algorithm>
#include <cstring>
#include <iomanip>
#include <iostream>
+#include <cstdint>
namespace nss_test {
class DataBuffer {
public:
DataBuffer() : data_(nullptr), len_(0) {}
DataBuffer(const uint8_t* d, size_t l) : data_(nullptr), len_(0) {
Assign(d, l);

13
pkgs/development/libraries/nss/generic.nix
View file

@ -42,18 +42,9 @@ stdenv.mkDerivation rec {
patches = [
# Based on http://patch-tracker.debian.org/patch/series/dl/nss/2:3.15.4-1/85_security_load.patch
(if (lib.versionOlder version "3.84") then
./85_security_load_3.77+.patch
else
./85_security_load_3.85+.patch
)
./85_security_load_3.85+.patch
./fix-cross-compilation.patch
] ++ lib.optionals (lib.versionOlder version "3.89") [
# Backport gcc-13 build fix:
# https://bugzilla.mozilla.org/show_bug.cgi?id=1771273
# https://hg.mozilla.org/projects/nss/raw-rev/21e7aaa1f7d94bca15d997e5b4c2329b32fad21a
./gcc-13-esr.patch
] ++ lib.optionals (lib.versionAtLeast version "3.90" && lib.versionOlder version "3.91") [
] ++ lib.optionals (lib.versionOlder version "3.91") [
# https://bugzilla.mozilla.org/show_bug.cgi?id=1836925
# https://phabricator.services.mozilla.com/D180068
./remove-c25519-support.patch

4
pkgs/development/libraries/openexr/default.nix
View file

@ -48,7 +48,9 @@ stdenv.mkDerivation rec {
done
'';
cmakeFlags = lib.optional stdenv.hostPlatform.isStatic "-DCMAKE_SKIP_RPATH=ON";
cmakeFlags = [
"-DCMAKE_CTEST_ARGUMENTS=--timeout;3600"
] ++ lib.optional stdenv.hostPlatform.isStatic "-DCMAKE_SKIP_RPATH=ON";
nativeBuildInputs = [ cmake ];
propagatedBuildInputs = [ ilmbase zlib ];

11
pkgs/development/libraries/pipewire/default.nix
View file

@ -66,6 +66,8 @@
, mysofaSupport ? true
, libmysofa
, tinycompress
, ffadoSupport ? stdenv.buildPlatform.canExecute stdenv.hostPlatform
, ffado
}:
let
@ -73,7 +75,7 @@ let
self = stdenv.mkDerivation rec {
pname = "pipewire";
version = "0.3.71";
version = "0.3.74";
outputs = [
"out"
@ -91,7 +93,7 @@ let
owner = "pipewire";
repo = "pipewire";
rev = version;
sha256 = "sha256-NPYWl+WeI/z70gNHX1BAKslGFX634D7XrV04vuJgGOo=";
sha256 = "sha256-ZV66niKeR4PDaqUuVqiosY7LSDLmIjrDsmCZyQkR72Y=";
};
patches = [
@ -149,7 +151,8 @@ let
++ lib.optional raopSupport openssl
++ lib.optional rocSupport roc-toolkit
++ lib.optionals x11Support [ libcanberra xorg.libX11 xorg.libXfixes ]
++ lib.optional mysofaSupport libmysofa;
++ lib.optional mysofaSupport libmysofa
++ lib.optional ffadoSupport ffado;
# Valgrind binary is required for running one optional test.
nativeCheckInputs = lib.optional withValgrind valgrind;
@ -163,6 +166,7 @@ let
"-Dlibjack-path=${placeholder "jack"}/lib"
"-Dlibv4l2-path=${placeholder "out"}/lib"
"-Dlibcamera=${mesonEnableFeature libcameraSupport}"
"-Dlibffado=${mesonEnableFeature ffadoSupport}"
"-Droc=${mesonEnableFeature rocSupport}"
"-Dlibpulse=${mesonEnableFeature pulseTunnelSupport}"
"-Davahi=${mesonEnableFeature zeroconfSupport}"
@ -221,6 +225,7 @@ let
meta = with lib; {
description = "Server and user space API to deal with multimedia pipelines";
changelog = "https://gitlab.freedesktop.org/pipewire/pipewire/-/releases/${version}";
homepage = "https://pipewire.org/";
license = licenses.mit;
platforms = platforms.linux;

4
pkgs/development/libraries/s2n-tls/default.nix
View file

@ -8,13 +8,13 @@
stdenv.mkDerivation rec {
pname = "s2n-tls";
version = "1.3.45";
version = "1.3.46";
src = fetchFromGitHub {
owner = "aws";
repo = pname;
rev = "v${version}";
sha256 = "sha256-ZipZXCwat3H0NoUX9T6XB7/qMRvViB2QrYpgj0U41nU=";
sha256 = "sha256-X+ZwM53ensCeUoxNa8cBO4KcWxWbb7iKxIRysImvKxw=";
};
nativeBuildInputs = [ cmake ];

4
pkgs/development/libraries/srt/default.nix
View file

@ -3,13 +3,13 @@
stdenv.mkDerivation rec {
pname = "srt";
version = "1.5.1";
version = "1.5.2";
src = fetchFromGitHub {
owner = "Haivision";
repo = "srt";
rev = "v${version}";
sha256 = "sha256-qVvoHtROtJjrUd+YpjN/0I6KmiH7c24+pQ4xYTUGPXk=";
sha256 = "sha256-HW5l26k9w4F6IJrtiahU/8/CPY6M/cKn8AgESsntC6A=";
};
nativeBuildInputs = [ cmake ];

19
pkgs/development/libraries/tpm2-tss/default.nix
View file

@ -1,8 +1,8 @@
{ stdenv, lib, fetchFromGitHub
{ stdenv, lib, fetchFromGitHub, fetchurl
, autoreconfHook, autoconf-archive, pkg-config, doxygen, perl
, openssl, json_c, curl, libgcrypt
, cmocka, uthash, ibm-sw-tpm2, iproute2, procps, which
, shadow
, shadow, libuuid
}:
let
# Avoid a circular dependency on Linux systems (systemd depends on tpm2-tss,
@ -15,13 +15,13 @@ in
stdenv.mkDerivation rec {
pname = "tpm2-tss";
version = "3.2.0";
version = "4.0.1";
src = fetchFromGitHub {
owner = "tpm2-software";
repo = pname;
rev = version;
sha256 = "1jijxnvjcsgz5yw4i9fj7ycdnnz90r3l0zicpwinswrw47ac3yy5";
sha256 = "sha256-75yiKVZrR1vcCwKp4tDO4A9JB0KDM0MXPJ1N85kAaRk=";
};
outputs = [ "out" "man" "dev" ];
@ -33,7 +33,7 @@ stdenv.mkDerivation rec {
# cmocka is checked / used(?) in the configure script
# when unit and/or integration testing is enabled
buildInputs = [ openssl json_c curl libgcrypt uthash ]
buildInputs = [ openssl json_c curl libgcrypt uthash libuuid ]
# cmocka doesn't build with pkgsStatic, and we don't need it anyway
# when tests are not run
++ lib.optionals (stdenv.buildPlatform == stdenv.hostPlatform) [
@ -53,6 +53,11 @@ stdenv.mkDerivation rec {
# Do not rely on dynamic loader path
# TCTI loader relies on dlopen(), this patch prefixes all calls with the output directory
./no-dynamic-loader-path.patch
(fetchurl {
name = "skip-test-fapi-fix-provisioning-with template-if-no-certificate-available.patch";
url = "https://github.com/tpm2-software/tpm2-tss/commit/218c0da8d9f675766b1de502a52e23a3aa52648e.patch";
sha256 = "sha256-dnl9ZAknCdmvix2TdQvF0fHoYeWp+jfCTg8Uc7h0voA=";
})
];
postPatch = ''
@ -61,8 +66,8 @@ stdenv.mkDerivation rec {
--replace '@PREFIX@' $out/lib/
substituteInPlace ./test/unit/tctildr-dl.c \
--replace '@PREFIX@' $out/lib
substituteInPlace ./configure.ac \
--replace 'm4_esyscmd_s([git describe --tags --always --dirty])' '${version}'
substituteInPlace ./bootstrap \
--replace 'git describe --tags --always --dirty' 'echo "${version}"'
'';
configureFlags = lib.optionals (stdenv.buildPlatform == stdenv.hostPlatform) [

49
pkgs/development/libraries/tpm2-tss/no-dynamic-loader-path.patch
View file

@ -1,8 +1,17 @@
diff --git a/src/tss2-tcti/tctildr-dl.c b/src/tss2-tcti/tctildr-dl.c
index b364695c..d026de71 100644
index 622637dc..88fc3d8f 100644
--- a/src/tss2-tcti/tctildr-dl.c
+++ b/src/tss2-tcti/tctildr-dl.c
@@ -116,6 +116,50 @@ handle_from_name(const char *file,
@@ -92,7 +92,7 @@ handle_from_name(const char *file,
LOG_DEBUG("Could not load TCTI file: \"%s\": %s", file, dlerror());
}
- len = snprintf(NULL, 0, TCTI_NAME_TEMPLATE_0, file);
+ len = snprintf(NULL, 0, "@PREFIX@" TCTI_NAME_TEMPLATE_0, file);
if (len >= PATH_MAX) {
LOG_ERROR("TCTI name truncated in transform.");
return TSS2_TCTI_RC_BAD_VALUE;
@@ -129,6 +129,50 @@ handle_from_name(const char *file,
return TSS2_TCTI_RC_BAD_VALUE;
}
*handle = dlopen(file_xfrm, RTLD_NOW);
@ -12,10 +21,10 @@ index b364695c..d026de71 100644
+ LOG_DEBUG("Failed to load TCTI for name \"%s\": %s", file, dlerror());
+ }
+ size = snprintf(file_xfrm,
+ sizeof (file_xfrm),
+ len + 1,
+ "@PREFIX@%s",
+ file);
+ if (size >= sizeof (file_xfrm)) {
+ if (size >= len + 1) {
+ LOG_ERROR("TCTI name truncated in transform.");
+ return TSS2_TCTI_RC_BAD_VALUE;
+ }
@ -27,10 +36,10 @@ index b364695c..d026de71 100644
+ }
+ /* 'name' alone didn't work, try libtss2-tcti-<name>.so.0 */
+ size = snprintf(file_xfrm,
+ sizeof (file_xfrm),
+ len + 1,
+ "@PREFIX@" TCTI_NAME_TEMPLATE_0,
+ file);
+ if (size >= sizeof (file_xfrm)) {
+ if (size >= len + 1) {
+ LOG_ERROR("TCTI name truncated in transform.");
+ return TSS2_TCTI_RC_BAD_VALUE;
+ }
@ -42,22 +51,22 @@ index b364695c..d026de71 100644
+ }
+ /* libtss2-tcti-<name>.so.0 didn't work, try libtss2-tcti-<name>.so */
+ size = snprintf(file_xfrm,
+ sizeof (file_xfrm),
+ len + 1,
+ "@PREFIX@" TCTI_NAME_TEMPLATE,
+ file);
+ if (size >= sizeof (file_xfrm)) {
+ if (size >= len + 1) {
+ LOG_ERROR("TCTI name truncated in transform.");
+ return TSS2_TCTI_RC_BAD_VALUE;
+ }
+ *handle = dlopen(file_xfrm, RTLD_NOW);
if (*handle == NULL) {
LOG_DEBUG("Failed to load TCTI for name \"%s\": %s", file, dlerror());
return TSS2_TCTI_RC_NOT_SUPPORTED;
SAFE_FREE(file_xfrm);
diff --git a/test/unit/tctildr-dl.c b/test/unit/tctildr-dl.c
index 873a4531..c17b939e 100644
index 4279baee..6685c811 100644
--- a/test/unit/tctildr-dl.c
+++ b/test/unit/tctildr-dl.c
@@ -223,6 +223,18 @@ test_get_info_default_success (void **state)
@@ -229,6 +229,18 @@ test_get_info_default_success (void **state)
expect_value(__wrap_dlopen, flags, RTLD_NOW);
will_return(__wrap_dlopen, NULL);
@ -76,7 +85,7 @@ index 873a4531..c17b939e 100644
expect_string(__wrap_dlopen, filename, "libtss2-tcti-tabrmd.so.0");
expect_value(__wrap_dlopen, flags, RTLD_NOW);
will_return(__wrap_dlopen, HANDLE);
@@ -255,6 +267,18 @@ test_get_info_default_info_fail (void **state)
@@ -261,6 +273,18 @@ test_get_info_default_info_fail (void **state)
expect_value(__wrap_dlopen, flags, RTLD_NOW);
will_return(__wrap_dlopen, NULL);
@ -95,7 +104,7 @@ index 873a4531..c17b939e 100644
expect_string(__wrap_dlopen, filename, "libtss2-tcti-tabrmd.so.0");
expect_value(__wrap_dlopen, flags, RTLD_NOW);
will_return(__wrap_dlopen, HANDLE);
@@ -407,6 +431,15 @@ test_tcti_fail_all (void **state)
@@ -413,6 +437,15 @@ test_tcti_fail_all (void **state)
expect_string(__wrap_dlopen, filename, "libtss2-tcti-libtss2-tcti-default.so.so");
expect_value(__wrap_dlopen, flags, RTLD_NOW);
will_return(__wrap_dlopen, NULL);
@ -111,7 +120,7 @@ index 873a4531..c17b939e 100644
/* Skip over libtss2-tcti-tabrmd.so */
expect_string(__wrap_dlopen, filename, "libtss2-tcti-tabrmd.so.0");
@@ -418,6 +451,15 @@ test_tcti_fail_all (void **state)
@@ -424,6 +457,15 @@ test_tcti_fail_all (void **state)
expect_string(__wrap_dlopen, filename, "libtss2-tcti-libtss2-tcti-tabrmd.so.0.so");
expect_value(__wrap_dlopen, flags, RTLD_NOW);
will_return(__wrap_dlopen, NULL);
@ -127,7 +136,7 @@ index 873a4531..c17b939e 100644
/* Skip over libtss2-tcti-device.so, /dev/tpmrm0 */
expect_string(__wrap_dlopen, filename, "libtss2-tcti-device.so.0");
@@ -429,6 +471,15 @@ test_tcti_fail_all (void **state)
@@ -435,6 +477,15 @@ test_tcti_fail_all (void **state)
expect_string(__wrap_dlopen, filename, "libtss2-tcti-libtss2-tcti-device.so.0.so");
expect_value(__wrap_dlopen, flags, RTLD_NOW);
will_return(__wrap_dlopen, NULL);
@ -143,7 +152,7 @@ index 873a4531..c17b939e 100644
/* Skip over libtss2-tcti-device.so, /dev/tpm0 */
expect_string(__wrap_dlopen, filename, "libtss2-tcti-device.so.0");
@@ -440,6 +491,15 @@ test_tcti_fail_all (void **state)
@@ -446,6 +497,15 @@ test_tcti_fail_all (void **state)
expect_string(__wrap_dlopen, filename, "libtss2-tcti-libtss2-tcti-device.so.0.so");
expect_value(__wrap_dlopen, flags, RTLD_NOW);
will_return(__wrap_dlopen, NULL);
@ -159,7 +168,7 @@ index 873a4531..c17b939e 100644
/* Skip over libtss2-tcti-swtpm.so */
expect_string(__wrap_dlopen, filename, "libtss2-tcti-swtpm.so.0");
@@ -451,6 +511,15 @@ test_tcti_fail_all (void **state)
@@ -457,6 +517,15 @@ test_tcti_fail_all (void **state)
expect_string(__wrap_dlopen, filename, "libtss2-tcti-libtss2-tcti-swtpm.so.0.so");
expect_value(__wrap_dlopen, flags, RTLD_NOW);
will_return(__wrap_dlopen, NULL);
@ -175,7 +184,7 @@ index 873a4531..c17b939e 100644
/* Skip over libtss2-tcti-mssim.so */
expect_string(__wrap_dlopen, filename, "libtss2-tcti-mssim.so.0");
@@ -462,6 +531,15 @@ test_tcti_fail_all (void **state)
@@ -468,6 +537,15 @@ test_tcti_fail_all (void **state)
expect_string(__wrap_dlopen, filename, "libtss2-tcti-libtss2-tcti-mssim.so.0.so");
expect_value(__wrap_dlopen, flags, RTLD_NOW);
will_return(__wrap_dlopen, NULL);
@ -191,7 +200,7 @@ index 873a4531..c17b939e 100644
TSS2_RC r;
TSS2_TCTI_CONTEXT *tcti;
@@ -490,6 +568,15 @@ test_info_from_name_handle_fail (void **state)
@@ -496,6 +574,15 @@ test_info_from_name_handle_fail (void **state)
expect_string(__wrap_dlopen, filename, "libtss2-tcti-foo.so");
expect_value(__wrap_dlopen, flags, RTLD_NOW);
will_return(__wrap_dlopen, NULL);
@ -207,7 +216,7 @@ index 873a4531..c17b939e 100644
TSS2_RC rc = info_from_name ("foo", &info, &data);
assert_int_equal (rc, TSS2_TCTI_RC_NOT_SUPPORTED);
@@ -606,6 +693,15 @@ test_tctildr_get_info_from_name (void **state)
@@ -612,6 +699,15 @@ test_tctildr_get_info_from_name (void **state)
expect_string(__wrap_dlopen, filename, "libtss2-tcti-foo.so");
expect_value(__wrap_dlopen, flags, RTLD_NOW);
will_return(__wrap_dlopen, NULL);

4
pkgs/development/libraries/zimg/default.nix
View file

@ -2,13 +2,13 @@
stdenv.mkDerivation rec {
pname = "zimg";
version = "3.0.4";
version = "3.0.5";
src = fetchFromGitHub {
owner = "sekrit-twc";
repo = "zimg";
rev = "release-${version}";
sha256 = "1069x49l7kh1mqcq1h3f0m5j0h832jp5x230bh4c613ymgg5kn00";
sha256 = "sha256-DCSqHCnOyIvKtIAfprb8tgtzLn67Ix6BWyeIliu0HO4=";
};
outputs = [ "out" "dev" "doc" ];

4
pkgs/development/python-modules/asgiref/default.nix
View file

@ -9,7 +9,7 @@
}:
buildPythonPackage rec {
version = "3.6.0";
version = "3.7.2";
pname = "asgiref";
format = "setuptools";
@ -19,7 +19,7 @@ buildPythonPackage rec {
owner = "django";
repo = "asgiref";
rev = "refs/tags/${version}";
hash = "sha256-Kl4483rfuFKbnD7pBSTND1QAtBsZP6jKsrDlpVCZLDs=";
hash = "sha256-VW1PBh6+nLMD7qxmL83ymuxCPYKVY3qGKsB7ZiMqMu8=";
};
propagatedBuildInputs = [

8
pkgs/development/python-modules/cryptography/default.nix
View file

@ -52,14 +52,14 @@ buildPythonPackage rec {
cargoRoot = "src/rust";
nativeBuildInputs = lib.optionals (!isPyPy) [
cffi
pkg-config
] ++ [
nativeBuildInputs = [
rustPlatform.cargoSetupHook
setuptools-rust
cargo
rustc
pkg-config
] ++ lib.optionals (!isPyPy) [
cffi
];
buildInputs = [ openssl ]

4
pkgs/development/python-modules/django/3.nix
View file

@ -15,14 +15,14 @@
buildPythonPackage rec {
pname = "django";
version = "3.2.19";
version = "3.2.20";
disabled = pythonOlder "3.7";
src = fetchPypi {
pname = "Django";
inherit version;
hash = "sha256-AxNluuloFNoZwQcGIYxE3/O2VMxN4gqYvS0pub3kafA=";
hash = "sha256-3sKhFnh7jhSWIBS/eOEgu6RUE1EI4a+em5Gt57KWTEA=";
};
patches = [

19
pkgs/development/python-modules/execnet/default.nix
View file

@ -27,13 +27,14 @@ buildPythonPackage rec {
})
];
# remove vbox tests
postPatch = ''
rm -v testing/test_termination.py
rm -v testing/test_channel.py
rm -v testing/test_xspec.py
rm -v testing/test_gateway.py
${lib.optionalString isPyPy "rm -v testing/test_multi.py"}
# remove vbox tests
rm testing/test_termination.py
rm testing/test_channel.py
rm testing/test_xspec.py
rm testing/test_gateway.py
'' + lib.optionalString isPyPy ''
rm testing/test_multi.py
'';
nativeBuildInputs = [
@ -44,8 +45,11 @@ buildPythonPackage rec {
apipkg
];
# sometimes crashes with: OSError: [Errno 9] Bad file descriptor
doCheck = !isPyPy;
nativeCheckInputs = [
py
py # no longer required with 1.10.0
pytestCheckHook
];
@ -62,5 +66,4 @@ buildPythonPackage rec {
license = licenses.mit;
maintainers = with maintainers; [ ];
};
}

2
pkgs/development/python-modules/matplotlib/default.nix
View file

@ -10,6 +10,7 @@
# build-system
, pkg-config
, pybind11
, setuptools
, setuptools-scm
# native libraries
@ -117,6 +118,7 @@ buildPythonPackage rec {
nativeBuildInputs = [
pkg-config
pybind11
setuptools
setuptools-scm
numpy
];

7
pkgs/development/python-modules/sqlalchemy/default.nix
View file

@ -41,7 +41,7 @@
buildPythonPackage rec {
pname = "SQLAlchemy";
version = "2.0.15";
version = "2.0.17";
format = "pyproject";
disabled = pythonOlder "3.7";
@ -50,7 +50,7 @@ buildPythonPackage rec {
owner = "sqlalchemy";
repo = "sqlalchemy";
rev = "refs/tags/rel_${lib.replaceStrings [ "." ] [ "_" ] version}";
hash = "sha256-05GhFearTA9At8MgmEfeXfbS3MAZ0Rmx8jER18q7fmI=";
hash = "sha256-thwPqyxhojyHZpo7LK6nl69Z1B1Z6+WR1dAdlVrgiaY=";
};
nativeBuildInputs =[
@ -113,6 +113,9 @@ buildPythonPackage rec {
postgresql_psycopg = [
psycopg
];
postgresql_psycopgbinary = [
psycopg
];
pymysql = [
pymysql
];

3
pkgs/development/python-modules/torch/default.nix
View file

@ -208,6 +208,9 @@ in buildPythonPackage rec {
# Use pytorch's custom configurations
dontUseCmakeConfigure = true;
# causes possible redefinition of _FORTIFY_SOURCE
hardeningDisable = [ "fortify3" ];
BUILD_NAMEDTENSOR = setBool true;
BUILD_DOCS = setBool buildDocs;

13
pkgs/development/python-modules/zstd/default.nix
View file

@ -1,14 +1,19 @@
{ lib, pkg-config, fetchPypi, buildPythonPackage
{ lib
, pkg-config
, fetchPypi
, buildPythonPackage
, buildPackages
, zstd, pytest }:
, zstd
, pytest
}:
buildPythonPackage rec {
pname = "zstd";
version = "1.5.4.0";
version = "1.5.5.1";
src = fetchPypi {
inherit pname version;
hash = "sha256-oNEd9wqXhSk0G1duaaTwsqI+dGaG4k+bkCYKM85JBC0=";
hash = "sha256-HvmAq/Dh4HKwKNLXbvlbR2YyZRyWIlzzC2Gcbu9iVnI=";
};
postPatch = ''

4
pkgs/development/ruby-modules/bundler/default.nix
View file

@ -4,8 +4,8 @@ buildRubyGem rec {
inherit ruby;
name = "${gemName}-${version}";
gemName = "bundler";
version = "2.4.14";
source.sha256 = "sha256-lIJKzVEK30D43O5q0YwJ+FcSyJxGij2uWlxH+mlIfHI=";
version = "2.4.16";
source.sha256 = "sha256-FjRuBn1YnZUgCoDzPFEbMLii6JASiFJbLTKS4hdenWk=";
dontPatchShebangs = true;
postFixup = ''

8
pkgs/development/tools/analysis/sparse/default.nix
View file

@ -22,6 +22,14 @@ in stdenv.mkDerivation rec {
doCheck = true;
buildFlags = [ "GCC_BASE:=${GCC_BASE}" ];
# Test failures with "fortify3" on, such as:
# +*** buffer overflow detected ***: terminated
# +Aborted (core dumped)
# error: Actual exit value does not match the expected one.
# error: expected 0, got 134.
# error: FAIL: test 'bool-float.c' failed
hardeningDisable = [ "fortify3" ];
passthru.tests = {
simple-execution = callPackage ./tests.nix { };
};

10
pkgs/development/tools/build-managers/build2/bootstrap.nix
View file

@ -1,6 +1,7 @@
{ lib, stdenv
, fetchurl
, pkgs
, buildPackages
, fixDarwinDylibNames
}:
stdenv.mkDerivation rec {
@ -25,6 +26,10 @@ stdenv.mkDerivation rec {
propagatedBuildInputs = lib.optionals stdenv.targetPlatform.isDarwin [
fixDarwinDylibNames
# Build2 needs to use lld on Darwin because it creates thin archives when it detects `llvm-ar`,
# which ld64 does not support.
(lib.getBin buildPackages.llvmPackages_16.lld)
];
doCheck = true;
@ -40,5 +45,10 @@ stdenv.mkDerivation rec {
runHook postInstall
'';
postFixup = ''
substituteInPlace $out/nix-support/setup-hook \
--subst-var-by isTargetDarwin '${toString stdenv.targetPlatform.isDarwin}'
'';
inherit (pkgs.build2) passthru;
}

10
pkgs/development/tools/build-managers/build2/default.nix
View file

@ -4,6 +4,7 @@
, fixDarwinDylibNames
, libbutl
, libpkgconf
, buildPackages
, enableShared ? !stdenv.hostPlatform.isStatic
, enableStatic ? !enableShared
}:
@ -57,6 +58,10 @@ stdenv.mkDerivation rec {
# LC_LOAD_DYLIB entries containing @rpath, requiring manual fixup
propagatedBuildInputs = lib.optionals stdenv.targetPlatform.isDarwin [
fixDarwinDylibNames
# Build2 needs to use lld on Darwin because it creates thin archives when it detects `llvm-ar`,
# which ld64 does not support.
(lib.getBin buildPackages.llvmPackages_16.lld)
];
postPatch = ''
@ -73,6 +78,11 @@ stdenv.mkDerivation rec {
install_name_tool -add_rpath "''${!outputLib}/lib" "''${!outputBin}/bin/b"
'';
postFixup = ''
substituteInPlace $dev/nix-support/setup-hook \
--subst-var-by isTargetDarwin '${toString stdenv.targetPlatform.isDarwin}'
'';
passthru = {
bootstrap = build2;
inherit configSharedStatic;

6
pkgs/development/tools/build-managers/build2/setup-hook.sh
View file

@ -19,6 +19,12 @@ build2ConfigurePhase() {
$build2ConfigureFlags "${build2ConfigureFlagsArray[@]}"
)
if [ -n "@isTargetDarwin@" ]; then
flagsArray+=("config.bin.ld=ld64-lld")
flagsArray+=("config.cc.loptions+=-fuse-ld=lld")
flagsArray+=("config.cc.loptions+=-headerpad_max_install_names")
fi
echo 'configure flags' "${flagsArray[@]}"
b configure "${flagsArray[@]}"

12
pkgs/development/tools/jq/default.nix
View file

@ -2,6 +2,7 @@
, stdenv
, fetchurl
, autoreconfHook
, bison
, onigurumaSupport ? true
, oniguruma
}:
@ -38,7 +39,16 @@ stdenv.mkDerivation rec {
'';
buildInputs = lib.optionals onigurumaSupport [ oniguruma ];
nativeBuildInputs = [ autoreconfHook ];
nativeBuildInputs = [ autoreconfHook bison ];
# Darwin requires _REENTRANT be defined to use functions like `lgamma_r`.
# Otherwise, configure will detect that theyre in libm, but the build will fail
# with clang 16+ due to calls to undeclared functions.
# This is fixed upstream and can be removed once jq is updated (to 1.7 or an unstable release).
env.NIX_CFLAGS_COMPILE = lib.optionalString stdenv.isDarwin (toString [
"-D_REENTRANT=1"
"-D_DARWIN_C_SOURCE=1"
]);
configureFlags = [
"--bindir=\${bin}/bin"

6
pkgs/development/tools/rust/bindgen/unwrapped.nix
View file

@ -7,15 +7,15 @@ let
rustfmt-nightly = rustfmt.override { asNightly = true; };
in rustPlatform.buildRustPackage rec {
pname = "rust-bindgen-unwrapped";
version = "0.66.0";
version = "0.66.1";
src = fetchCrate {
pname = "bindgen-cli";
inherit version;
sha256 = "sha256-Or5gaYXqfRcxAzBf4nOjmM9CQMvfwb8KbpD8hDJJQ4o=";
sha256 = "sha256-xVTVC3dNGIJeFm/v3swekzuJ2RQOe+wSh05vuWYTDRs=";
};
cargoHash = "sha256-rsowGeBSuqHyz90qozeCi5dXsH4EHKhIUQbDaNJKabI=";
cargoHash = "sha256-eIvl0RSKErNPip0r6iz7JVHm5YvuY3ke/6aMgkryRcI=";
buildInputs = [ clang.cc.lib ];

3
pkgs/games/cdogs-sdl/default.nix
View file

@ -50,6 +50,9 @@ stdenv.mkDerivation rec {
protobuf
];
# inlining failed in call to 'tinydir_open': --param max-inline-insns-single limit reached
hardeningDisable = [ "fortify3" ];
meta = with lib; {
homepage = "https://cxong.github.io/cdogs-sdl";
description = "Open source classic overhead run-and-gun game";

3
pkgs/games/doom-ports/rbdoom-3-bfg/default.nix
View file

@ -59,6 +59,9 @@ stdenv.mkDerivation rec {
"-DUSE_SYSTEM_ZLIB=ON"
];
# it caused build failure
hardeningDisable = [ "fortify3" ];
installPhase = ''
runHook preInstall

3
pkgs/misc/beep/default.nix
View file

@ -16,6 +16,9 @@ stdenv.mkDerivation rec {
makeFlags = [ "prefix=${placeholder "out"}"];
# causes redefinition of _FORTIFY_SOURCE
hardeningDisable = [ "fortify3" ];
meta = with lib; {
description = "The advanced PC speaker beeper";
homepage = "https://github.com/spkr-beep/beep";

4
pkgs/misc/cups/default.nix
View file

@ -23,11 +23,11 @@
stdenv.mkDerivation rec {
pname = "cups";
version = "2.4.5";
version = "2.4.6";
src = fetchurl {
url = "https://github.com/OpenPrinting/cups/releases/download/v${version}/cups-${version}-source.tar.gz";
sha256 = "sha256-mkBN5V90UlsKaFHfDP3r+hIVrsDnwve+a5sJtpFvsAA=";
sha256 = "sha256-WOlwzxlV4cyH0IR8MlJtnCzO4zXl8OOIKygxOLoOcmI=";
};
outputs = [ "out" "lib" "dev" "man" ];

6
pkgs/misc/ghostscript/default.nix
View file

@ -61,11 +61,11 @@ let
in
stdenv.mkDerivation rec {
pname = "ghostscript${lib.optionalString x11Support "-with-X"}";
version = "10.01.1";
version = "10.01.2";
src = fetchurl {
url = "https://github.com/ArtifexSoftware/ghostpdl-downloads/releases/download/gs${lib.replaceStrings ["."] [""] version}/ghostscript-${version}.tar.xz";
hash = "sha512-2US+norvaNEXbWTEDbb6htVdDJ4wBH8hR8AoBqthz+msLLANTlshj/PFHMbtR87/4brE3Z1MwXYLeXTzDGwnNQ==";
hash = "sha512-7iDw4S9VOj0EV45xoNRd7+vHERfOTcLBQEOYW/5zSK1/iy/pj8m09bk17LMuUNw0C+Z9bvWBkFQuxtD52h3jgA==";
};
patches = [
@ -141,6 +141,7 @@ stdenv.mkDerivation rec {
dylib_version = lib.versions.majorMinor version;
preFixup = lib.optionalString stdenv.isDarwin ''
install_name_tool -change libgs.dylib.$dylib_version $out/lib/libgs.dylib.$dylib_version $out/bin/gs
install_name_tool -change libgs.dylib.$dylib_version $out/lib/libgs.dylib.$dylib_version $out/bin/gsx
'';
# validate dynamic linkage
@ -149,6 +150,7 @@ stdenv.mkDerivation rec {
runHook preInstallCheck
$out/bin/gs --version
$out/bin/gsx --version
pushd examples
for f in *.{ps,eps,pdf}; do
echo "Rendering $f"

1
pkgs/os-specific/darwin/apple-source-releases/configd/default.nix
View file

@ -13,6 +13,7 @@ appleDerivation' stdenv {
NIX_CFLAGS_COMPILE = toString [
"-ISystemConfiguration.framework/Headers"
"-I${xnu}/Library/Frameworks/System.framework/Versions/B/PrivateHeaders"
"-D_DNS_SD_LIBDISPATCH" # Needed for DNSServiceSetDispatchQueue to be available
];
};

6
pkgs/os-specific/darwin/cctools/darwin-no-memstream.patch → pkgs/os-specific/darwin/cctools/darwin-memstream.patch
View file

@ -1,7 +1,3 @@
MacOS SDKs before 10.13 don't support open_memstream. This is already replaced
by a runtime check in cctools-port, but because we build with SDK 10.12 by
default, linking still fails for us. Disable it entirely here.
--- a/cctools/include/stuff/diagnostics.h
+++ b/cctools/include/stuff/diagnostics.h
@@ -60,13 +60,6 @@ void diagnostics_log_msg(enum diagnostic_level level, const char* message);
@ -16,6 +12,6 @@ default, linking still fails for us. Disable it entirely here.
-#ifndef HAVE_OPENMEMSTREAM_RUNTIME
-# define HAVE_OPENMEMSTREAM_RUNTIME 1
-#endif
+#define HAVE_OPENMEMSTREAM_RUNTIME 0
+#define HAVE_OPENMEMSTREAM_RUNTIME 1
#endif /* diagnostics_h */

17
pkgs/os-specific/darwin/cctools/llvm.nix
View file

@ -1,9 +1,11 @@
# Create a cctools-compatible bintools that uses equivalent tools from LLVM in place of the ones
# from cctools when possible.
{ lib, stdenv, makeWrapper, cctools-port, llvmPackages, enableManpages ? true }:
{ lib, stdenv, makeWrapper, cctools-port, llvmPackages, enableManpages ? stdenv.targetPlatform == stdenv.hostPlatform }:
let
inherit (stdenv) targetPlatform hostPlatform;
cctoolsVersion = lib.getVersion cctools-port;
llvmVersion = llvmPackages.release_version;
@ -18,6 +20,10 @@ let
# not appear to have issues, but the source is not available yet (as of June 2023).
useLLVMStrip = lib.versionAtLeast llvmVersion "15" || lib.versionAtLeast cctoolsVersion "1005.2";
# Clang 11 performs an optimization on x86_64 that is sensitive to the presence of debug info.
# This causes GCC to fail to bootstrap due to object file differences between stages 2 and 3.
useClangAssembler = lib.versionAtLeast llvmVersion "12" || !stdenv.isx86_64;
llvm_bins = [
"dwarfdump"
"nm"
@ -50,9 +56,10 @@ let
]
++ lib.optional (!useLLVMBitcodeStrip) "bitcode_strip"
++ lib.optional (!useLLVMOtool) "otool"
++ lib.optional (!useLLVMStrip) "strip";
++ lib.optional (!useLLVMStrip) "strip"
++ lib.optional (!useClangAssembler) "as";
inherit (stdenv.cc) targetPrefix;
targetPrefix = lib.optionalString (targetPlatform != hostPlatform) "${targetPlatform.config}-";
linkManPages = pkg: source: target: lib.optionalString enableManpages ''
sourcePath=${pkg}/share/man/man1/${source}.1.gz
@ -77,11 +84,13 @@ stdenv.mkDerivation {
mkdir -p "$out/bin" "$man"
ln -s ${lib.getDev cctools-port} "$dev"
'' + lib.optionalString useClangAssembler ''
# Use the clang-integrated assembler instead of using `as` from cctools.
makeWrapper "${lib.getBin llvmPackages.clang-unwrapped}/bin/clang" "$out/bin/${targetPrefix}as" \
--add-flags "-x assembler -integrated-as -c"
ln -s "${lib.getBin llvmPackages.bintools-unwrapped}/bin/llvm-ar" "$out/bin/${targetPrefix}ar"
'' + ''
ln -s "${lib.getBin llvmPackages.bintools-unwrapped}/bin/${targetPrefix}llvm-ar" "$out/bin/${targetPrefix}ar"
${linkManPages llvmPackages.llvm-manpages "llvm-ar" "ar"}
for tool in ${toString llvm_bins}; do

10
pkgs/os-specific/darwin/cctools/port.nix
View file

@ -1,4 +1,4 @@
{ lib, stdenv, fetchFromGitHub, autoconf, automake, libtool, autoreconfHook
{ lib, stdenv, fetchFromGitHub, autoconf, automake, libtool, autoreconfHook, memstreamHook
, installShellFiles
, libuuid
, libobjc ? null, maloader ? null
@ -35,7 +35,8 @@ stdenv.mkDerivation {
outputs = [ "out" "dev" "man" ];
nativeBuildInputs = [ autoconf automake libtool autoreconfHook installShellFiles ];
nativeBuildInputs = [ autoconf automake libtool autoreconfHook installShellFiles ]
++ lib.optionals (stdenv.isDarwin && stdenv.isx86_64) [ memstreamHook ];
buildInputs = [ libuuid ]
++ lib.optionals stdenv.isDarwin [ libobjc ]
++ lib.optional enableTapiSupport libtapi;
@ -51,8 +52,9 @@ stdenv.mkDerivation {
url = "https://github.com/MercuryTechnologies/cctools-port/commit/025899b7b3593dedb0c681e689e57c0e7bbd9b80.patch";
hash = "sha256-SWVUzFaJHH2fu9y8RcU3Nx/QKx60hPE5zFx0odYDeQs=";
})
]
++ lib.optional stdenv.isDarwin ./darwin-no-memstream.patch;
# Always use `open_memstream`. This is provided by memstream via hook on x86_64-darwin.
./darwin-memstream.patch
];
__propagatedImpureHostDeps = [
# As far as I can tell, otool from cctools is the only thing that depends on these two, and we should fix them

11
pkgs/os-specific/darwin/swift-corelibs/0002-Add-missing-launchd-header.patch Normal file
View file

@ -0,0 +1,11 @@
--- a/CoreFoundation/RunLoop.subproj/CFMessagePort.c 1969-12-31 19:00:01.000000000 -0500
+++ b/CoreFoundation/RunLoop.subproj/CFMessagePort.c 2023-06-09 20:25:28.599209755 -0400
@@ -28,6 +28,8 @@
#endif
#endif
+#include <bootstrap.h>
+
extern pid_t getpid(void);
#define __kCFMessagePortMaxNameLengthMax 255

25
pkgs/os-specific/darwin/swift-corelibs/0003-Fix-incompatible-pointer-conversion.patch Normal file
View file

@ -0,0 +1,25 @@
diff -u a/CoreFoundation/URL.subproj/CFURLComponents.c b/CoreFoundation/URL.subproj/CFURLComponents.c
--- a/CoreFoundation/URL.subproj/CFURLComponents.c 1969-12-31 19:00:01.000000000 -0500
+++ b/CoreFoundation/URL.subproj/CFURLComponents.c 2023-06-09 20:36:52.995514573 -0400
@@ -66,7 +66,8 @@
return CFRetain(CFSTR("A really nice CFURLComponents object"));
}
-CF_CROSS_PLATFORM_EXPORT void __CFURLComponentsDeallocate(CFURLComponentsRef instance) {
+CF_CROSS_PLATFORM_EXPORT void __CFURLComponentsDeallocate(CFTypeRef cf) {
+ CFURLComponentsRef instance = (CFURLComponentsRef)cf;
__CFGenericValidateType(instance, _CFURLComponentsGetTypeID());
if (instance->_urlString) CFRelease(instance->_urlString);
diff -u a/CoreFoundation/URL.subproj/CFURLComponents.h b/CoreFoundation/URL.subproj/CFURLComponents.h
--- a/CoreFoundation/URL.subproj/CFURLComponents.h 1969-12-31 19:00:01.000000000 -0500
+++ b/CoreFoundation/URL.subproj/CFURLComponents.h 2023-06-09 20:39:36.967857713 -0400
@@ -38,7 +38,7 @@
CF_EXPORT CFTypeID _CFURLComponentsGetTypeID(void);
-CF_CROSS_PLATFORM_EXPORT void __CFURLComponentsDeallocate(CFURLComponentsRef);
+CF_CROSS_PLATFORM_EXPORT void __CFURLComponentsDeallocate(CFTypeRef);
// URLComponents are always mutable.
CF_EXPORT _Nullable CFURLComponentsRef _CFURLComponentsCreate(CFAllocatorRef alloc);

66
pkgs/os-specific/darwin/swift-corelibs/0004-Fix-Darwin-cmake-build.patch Normal file
View file

@ -0,0 +1,66 @@
--- a/CoreFoundation/CMakeLists.txt 1969-12-31 19:00:01.000000000 -0500
+++ b/CoreFoundation/CMakeLists.txt 2023-06-29 18:52:49.096019700 -0400
@@ -129,7 +129,7 @@
Base.subproj/CFByteOrder.h
Base.subproj/CFUUID.h
Base.subproj/CFUtilities.h
- Base.subproj/SwiftRuntime/CoreFoundation.h
+ Base.subproj/CoreFoundation.h # The SwiftRuntime version of this file causes linker errors and is not correct for standalone CF.
Base.subproj/SwiftRuntime/TargetConditionals.h
# Collections
Collections.subproj/CFArray.h
@@ -245,6 +245,8 @@
# RunLoop
RunLoop.subproj/CFRunLoop.c
RunLoop.subproj/CFSocket.c
+ RunLoop.subproj/CFMachPort.c # These files are missing from the upstream `CMakeLists.txt` but required to build on Darwin.
+ RunLoop.subproj/CFMessagePort.c
# Stream
Stream.subproj/CFConcreteStreams.c
Stream.subproj/CFSocketStream.c
@@ -336,6 +338,11 @@
target_include_directories(CoreFoundation
PRIVATE
${CURL_INCLUDE_DIRS})
+elseif(CMAKE_SYSTEM_NAME STREQUAL Darwin)
+ find_package(CURL REQUIRED)
+ target_include_directories(CoreFoundation PRIVATE ${CURL_INCLUDE_DIRS})
+ find_package(LibXml2 REQUIRED)
+ target_include_directories(CoreFoundation PRIVATE ${LIBXML2_INCLUDE_DIR})
else()
target_include_directories(CoreFoundation
PRIVATE
@@ -365,6 +372,10 @@
PRIVATE
${CURL_LIBRARIES}
${LIBXML2_LIBRARIES})
+elseif(CMAKE_SYSTEM_NAME STREQUAL Darwin)
+ target_link_libraries(CoreFoundation PRIVATE
+ ${CURL_LIBRARIES}
+ ${LIBXML2_LIBRARIES})
else()
target_link_libraries(CoreFoundation
PRIVATE
@@ -398,9 +400,19 @@
target_link_libraries(CoreFoundation
PRIVATE
icucore)
- set_target_properties(CoreFoundation
- PROPERTIES LINK_FLAGS
- -Xlinker;-alias_list;-Xlinker;Base.subproj/DarwinSymbolAliases;-twolevel_namespace;-sectcreate;__UNICODE;__csbitmaps;CharacterSets/CFCharacterSetBitmaps.bitmap;-sectcreate;__UNICODE;__properties;CharacterSets/CFUniCharPropertyDatabase.data;-sectcreate;__UNICODE;__data;CharacterSets/CFUnicodeData-L.mapping;-segprot;__UNICODE;r;r)
+ target_link_options(CoreFoundation
+ PUBLIC
+ "LINKER:-alias_list,../Base.subproj/DarwinSymbolAliases"
+ "LINKER:-twolevel_namespace"
+ "LINKER:-sectcreate,__UNICODE,__csbitmaps,../CharacterSets/CFCharacterSetBitmaps.bitmap"
+ "LINKER:-sectcreate,__UNICODE,__properties,../CharacterSets/CFUniCharPropertyDatabase.data"
+ "LINKER:-sectcreate,__UNICODE,__data,../CharacterSets/CFUnicodeData-L.mapping"
+ "LINKER:-segprot,__UNICODE,r,r"
+ "LINKER:-current_version,1454.90.0"
+ "LINKER:-compatibility_version,150.0.0"
+ "LINKER:-init,___CFInitialize")
+ set(CMAKE_SHARED_LIBRARY_PREFIX "")
+ set(CMAKE_SHARED_LIBRARY_SUFFIX "")
endif()
install(TARGETS

23
pkgs/os-specific/darwin/swift-corelibs/0005-Fix-framework-installation-path.patch Normal file
View file

@ -0,0 +1,23 @@
diff -u aa/CoreFoundation/CMakeLists.txt b/CoreFoundation/CMakeLists.txt
--- a/CoreFoundation/CMakeLists.txt 1969-12-31 19:00:01.000000000 -0500
+++ b/CoreFoundation/CMakeLists.txt 2023-06-29 18:59:19.492601179 -0400
@@ -424,16 +424,11 @@
set(CMAKE_SHARED_LIBRARY_SUFFIX "")
endif()
-install(TARGETS
- CoreFoundation
- DESTINATION
- "${CMAKE_INSTALL_FULL_LIBDIR}")
install(DIRECTORY
${CoreFoundation_FRAMEWORK_DIRECTORY}
DESTINATION
- ${CMAKE_INSTALL_PREFIX}/System/Library/Frameworks
- USE_SOURCE_PERMISSIONS
- PATTERN PrivateHeaders EXCLUDE)
+ ${CMAKE_INSTALL_PREFIX}/Library/Frameworks
+ USE_SOURCE_PERMISSIONS)
# TODO(compnerd) formalize this

84
pkgs/os-specific/darwin/swift-corelibs/0006-System-CF-framework-compatibility.patch Normal file
View file

@ -0,0 +1,84 @@
diff -u a/CoreFoundation/CMakeLists.txt b/CoreFoundation/CMakeLists.txt
--- a/CoreFoundation/CMakeLists.txt 1969-12-31 19:00:01.000000000 -0500
+++ b/CoreFoundation/CMakeLists.txt 2023-06-29 18:59:08.659632504 -0400
@@ -1,5 +1,5 @@
-cmake_minimum_required(VERSION 3.4.3)
+cmake_minimum_required(VERSION 3.14)
list(APPEND CMAKE_MODULE_PATH
"${CMAKE_CURRENT_SOURCE_DIR}/cmake/modules")
@@ -45,6 +45,8 @@
${FRAMEWORK_LIBRARY_TYPE}
FRAMEWORK_DIRECTORY
CoreFoundation_FRAMEWORK_DIRECTORY
+ VERSION
+ A
MODULE_MAP
Base.subproj/module.modulemap
PRIVATE_HEADERS
diff -u a/CoreFoundation/cmake/modules/CoreFoundationAddFramework.cmake b/CoreFoundation/cmake/modules/CoreFoundationAddFramework.cmake
--- a/CoreFoundation/cmake/modules/CoreFoundationAddFramework.cmake 1969-12-31 19:00:01.000000000 -0500
+++ b/CoreFoundation/cmake/modules/CoreFoundationAddFramework.cmake 2023-06-29 18:57:55.792860996 -0400
@@ -3,7 +3,7 @@
function(add_framework NAME)
set(options STATIC SHARED)
- set(single_value_args MODULE_MAP FRAMEWORK_DIRECTORY)
+ set(single_value_args MODULE_MAP FRAMEWORK_DIRECTORY VERSION)
set(multiple_value_args PRIVATE_HEADERS PUBLIC_HEADERS SOURCES)
cmake_parse_arguments(AF "${options}" "${single_value_args}" "${multiple_value_args}" ${ARGN})
@@ -14,26 +14,32 @@
set(AF_TYPE SHARED)
endif()
+ file(MAKE_DIRECTORY ${CMAKE_BINARY_DIR}/${NAME}.framework/Versions/${AF_VERSION})
+ file(CREATE_LINK ${AF_VERSION} ${CMAKE_BINARY_DIR}/${NAME}.framework/Versions/Current SYMBOLIC)
+
if(AF_MODULE_MAP)
file(COPY
${AF_MODULE_MAP}
DESTINATION
- ${CMAKE_BINARY_DIR}/${NAME}.framework/Modules
+ ${CMAKE_BINARY_DIR}/${NAME}.framework/Versions/Current/Modules
NO_SOURCE_PERMISSIONS)
+ file(CREATE_LINK Versions/Current/Modules ${CMAKE_BINARY_DIR}/${NAME}.framework/Modules SYMBOLIC)
endif()
if(AF_PUBLIC_HEADERS)
file(COPY
${AF_PUBLIC_HEADERS}
DESTINATION
- ${CMAKE_BINARY_DIR}/${NAME}.framework/Headers
+ ${CMAKE_BINARY_DIR}/${NAME}.framework/Versions/Current/Headers
NO_SOURCE_PERMISSIONS)
+ file(CREATE_LINK Versions/Current/Headers ${CMAKE_BINARY_DIR}/${NAME}.framework/Headers SYMBOLIC)
endif()
if(AF_PRIVATE_HEADERS)
file(COPY
${AF_PRIVATE_HEADERS}
DESTINATION
- ${CMAKE_BINARY_DIR}/${NAME}.framework/PrivateHeaders
+ ${CMAKE_BINARY_DIR}/${NAME}.framework/Versions/Current/PrivateHeaders
NO_SOURCE_PERMISSIONS)
+ file(CREATE_LINK Versions/Current/PrivateHeaders ${CMAKE_BINARY_DIR}/${NAME}.framework/PrivateHeaders SYMBOLIC)
endif()
add_custom_target(${NAME}_POPULATE_HEADERS
DEPENDS
@@ -51,13 +57,15 @@
set_target_properties(${NAME}
PROPERTIES
LIBRARY_OUTPUT_DIRECTORY
- ${CMAKE_BINARY_DIR}/${NAME}.framework)
+ ${CMAKE_BINARY_DIR}/${NAME}.framework/Versions/Current)
target_compile_options(${NAME}
PRIVATE
-F;${CMAKE_BINARY_DIR}
-I;${CMAKE_BINARY_DIR}/${NAME}.framework/PrivateHeaders)
add_dependencies(${NAME} ${NAME}_POPULATE_HEADERS)
+ file(CREATE_LINK Versions/Current/${NAME} ${CMAKE_BINARY_DIR}/${NAME}.framework/${NAME} SYMBOLIC)
+
if(AF_FRAMEWORK_DIRECTORY)
set(${AF_FRAMEWORK_DIRECTORY} ${CMAKE_BINARY_DIR}/${NAME}.framework PARENT_SCOPE)
endif()

31
pkgs/os-specific/darwin/swift-corelibs/0007-Use-nixpkgs-icu.patch Normal file
View file

@ -0,0 +1,31 @@
diff -ur d/CoreFoundation/CMakeLists.txt e/CoreFoundation/CMakeLists.txt
--- d/CoreFoundation/CMakeLists.txt 1969-12-31 19:00:01.000000000 -0500
+++ e/CoreFoundation/CMakeLists.txt 2023-06-29 19:13:15.561253229 -0400
@@ -343,6 +343,7 @@
elseif(CMAKE_SYSTEM_NAME STREQUAL Darwin)
find_package(CURL REQUIRED)
target_include_directories(CoreFoundation PRIVATE ${CURL_INCLUDE_DIRS})
+ find_package(ICU COMPONENTS uc i18n data REQUIRED)
find_package(LibXml2 REQUIRED)
target_include_directories(CoreFoundation PRIVATE ${LIBXML2_INCLUDE_DIR})
else()
@@ -377,6 +378,9 @@
elseif(CMAKE_SYSTEM_NAME STREQUAL Darwin)
target_link_libraries(CoreFoundation PRIVATE
${CURL_LIBRARIES}
+ ICU::uc
+ ICU::i18n
+ ICU::data
${LIBXML2_LIBRARIES})
else()
target_link_libraries(CoreFoundation
@@ -408,9 +412,6 @@
PROPERTIES LINK_FLAGS
-Xlinker;@${CMAKE_SOURCE_DIR}/linux.ld;-Bsymbolic)
elseif(CMAKE_SYSTEM_NAME STREQUAL Darwin)
- target_link_libraries(CoreFoundation
- PRIVATE
- icucore)
target_link_options(CoreFoundation
PUBLIC
"LINKER:-alias_list,../Base.subproj/DarwinSymbolAliases"

46
pkgs/os-specific/darwin/swift-corelibs/0008-Dont-link-libcurl.patch Normal file
View file

@ -0,0 +1,46 @@
diff -u a/CoreFoundation/CMakeLists.txt b/CoreFoundation/CMakeLists.txt
--- a/CoreFoundation/CMakeLists.txt 1969-12-31 19:00:01.000000000 -0500
+++ b/CoreFoundation/CMakeLists.txt 2023-06-29 19:39:30.074449222 -0400
@@ -104,7 +104,6 @@
# URL
URL.subproj/CFURL.inc.h
URL.subproj/CFURLPriv.h
- URL.subproj/CFURLSessionInterface.h
PUBLIC_HEADERS
# FIXME: PrivateHeaders referenced by public headers
Base.subproj/CFKnownLocations.h
@@ -120,7 +119,6 @@
String.subproj/CFRegularExpression.h
String.subproj/CFRunArray.h
URL.subproj/CFURLPriv.h
- URL.subproj/CFURLSessionInterface.h
# AppServices
AppServices.subproj/CFNotificationCenter.h
@@ -280,8 +278,7 @@
URL.subproj/CFURL.c
URL.subproj/CFURLAccess.c
URL.subproj/CFURLComponents.c
- URL.subproj/CFURLComponents_URIParser.c
- URL.subproj/CFURLSessionInterface.c)
+ URL.subproj/CFURLComponents_URIParser.c)
if(CMAKE_SYSTEM_NAME STREQUAL Linux OR CMAKE_SYSTEM_NAME STREQUAL Android)
target_compile_definitions(CoreFoundation
PRIVATE
@@ -341,8 +338,6 @@
PRIVATE
${CURL_INCLUDE_DIRS})
elseif(CMAKE_SYSTEM_NAME STREQUAL Darwin)
- find_package(CURL REQUIRED)
- target_include_directories(CoreFoundation PRIVATE ${CURL_INCLUDE_DIRS})
find_package(ICU COMPONENTS uc i18n data REQUIRED)
find_package(LibXml2 REQUIRED)
target_include_directories(CoreFoundation PRIVATE ${LIBXML2_INCLUDE_DIR})
@@ -377,7 +372,6 @@
${LIBXML2_LIBRARIES})
elseif(CMAKE_SYSTEM_NAME STREQUAL Darwin)
target_link_libraries(CoreFoundation PRIVATE
- ${CURL_LIBRARIES}
ICU::uc
ICU::i18n
ICU::data

102
pkgs/os-specific/darwin/swift-corelibs/corefoundation.nix
View file

@ -1,4 +1,4 @@
{ lib, stdenv, fetchFromGitHub, fetchurl, makeSetupHook, ninja, python3, curl, libxml2, objc4, ICU }:
{ lib, stdenv, fetchFromGitHub, fetchurl, makeSetupHook, cmake, ninja, pkg-config, launchd, libdispatch, python3, libxml2, objc4, icu }:
let
# 10.12 adds a new sysdir.h that our version of CF in the main derivation depends on, but
@ -21,29 +21,39 @@ stdenv.mkDerivation {
sha256 = "17kpql0f27xxz4jjw84vpas5f5sn4vdqwv10g151rc3rswbwln1z";
};
nativeBuildInputs = [ ninja python3 ];
buildInputs = [ curl libxml2 objc4 ICU ];
nativeBuildInputs = [ cmake ninja pkg-config python3 ];
buildInputs = [ (lib.getDev launchd) libdispatch libxml2 objc4 icu ];
patches = [ ./0001-Add-missing-TARGET_OS_-defines.patch ];
patches = [
./0001-Add-missing-TARGET_OS_-defines.patch
# CFMessagePort.h uses `bootstrap_check_in` without declaring it, which is defined in the launchd headers.
./0002-Add-missing-launchd-header.patch
# CFURLComponents fails to build with clang 16 due to an invalid pointer conversion. This is fixed upstream.
./0003-Fix-incompatible-pointer-conversion.patch
# Fix `CMakeLists.txt` to allow it to be used instead of `build.py` to build on Darwin.
./0004-Fix-Darwin-cmake-build.patch
# Install CF framework in `$out/Library/Frameworks` instead of `$out/System/Frameworks`.
./0005-Fix-framework-installation-path.patch
# Build a framework that matches the contents of the system CoreFoundation. This patch adds
# versioning and drops the prefix and suffix, so the dynamic library is named `CoreFoundation`
# instead of `libCoreFoundation.dylib`.
./0006-System-CF-framework-compatibility.patch
# Link against the nixpkgs ICU instead of using Apples vendored version.
./0007-Use-nixpkgs-icu.patch
# Dont link against libcurl. This breaks a cycle between CF and curl, which depends on CF and
# uses the SystemConfiguration framework to support NAT64.
# This is safe because the symbols provided in CFURLSessionInterface are not provided by the
# system CoreFoundation. They are meant to be used by the implementation of `NSURLSession` in
# swift-corelibs-foundation, which is not built because it is not fully compatible with the
# system Foundation used on Darwin.
./0008-Dont-link-libcurl.patch
];
postPatch = ''
cd CoreFoundation
cp ${sysdir-free-system-directories} Base.subproj/CFSystemDirectories.c
# In order, since I can't comment individual lines:
# 1. Disable dispatch support for now
# 2. For the linker too
# 3. Use the legit CoreFoundation.h, not the one telling you not to use it because of Swift
substituteInPlace build.py \
--replace "cf.CFLAGS += '-DDEPLOYMENT" '#' \
--replace "cf.LDFLAGS += '-ldispatch" '#'
# Fix sandbox impurities.
substituteInPlace ../lib/script.py \
--replace '/bin/cp' cp
patchShebangs --build ../configure
# Includes xpc for some initialization routine that they don't define anyway, so no harm here
substituteInPlace PlugIn.subproj/CFBundlePriv.h \
--replace '#if (TARGET_OS_MAC' '#if (0'
@ -55,55 +65,27 @@ stdenv.mkDerivation {
# The MIN macro doesn't seem to be defined sensibly for us. Not sure if our stdenv or their bug
substituteInPlace Base.subproj/CoreFoundation_Prefix.h \
--replace '#if DEPLOYMENT_TARGET_WINDOWS || DEPLOYMENT_TARGET_LINUX' '#if 1'
# Somehow our ICU doesn't have this, probably because it's too old (we'll update it soon when we update the rest of the SDK)
substituteInPlace Locale.subproj/CFLocale.c \
--replace '#if U_ICU_VERSION_MAJOR_NUM' '#if 0 //'
'';
BUILD_DIR = "./Build";
CFLAGS = "-DINCLUDE_OBJC -I${libxml2.dev}/include/libxml2"; # They seem to assume we include objc in some places and not in others, make a PR; also not sure why but libxml2 include path isn't getting picked up from buildInputs
env.NIX_CFLAGS_COMPILE = toString [
# Silence warnings regarding other targets
"-Wno-error=undef-prefix"
# Avoid redefinitions when including objc headers
"-DINCLUDE_OBJC=1"
];
# I'm guessing at the version here. https://github.com/apple/swift-corelibs-foundation/commit/df3ec55fe6c162d590a7653d89ad669c2b9716b1 imported "high sierra"
# and this version is a version from there. No idea how accurate it is.
LDFLAGS = "-current_version 1454.90.0 -compatibility_version 150.0.0 -init ___CFInitialize";
configurePhase = ''
../configure release --sysroot UNUSED
'';
cmakeFlags = [
"-DBUILD_SHARED_LIBS=ON"
"-DCF_ENABLE_LIBDISPATCH=OFF"
];
enableParallelBuilding = true;
buildPhase = ''
runHook preBuild
postInstall = ''
install_name_tool -id '@rpath/CoreFoundation.framework/Versions/A/CoreFoundation' \
"$out/Library/Frameworks/CoreFoundation.framework/Versions/A/CoreFoundation"
ninja -j $NIX_BUILD_CORES
runHook postBuild
mkdir -p "$out/nix-support"
substituteAll ${./pure-corefoundation-hook.sh} "$out/nix-support/setup-hook"
'';
# TODO: their build system sorta kinda can do this, but it doesn't seem to work right now
# Also, this includes a bunch of private headers in the framework, which is not what we want
installPhase = ''
base="$out/Library/Frameworks/CoreFoundation.framework"
mkdir -p $base/Versions/A/{Headers,PrivateHeaders,Modules}
cp ./Build/CoreFoundation/libCoreFoundation.dylib $base/Versions/A/CoreFoundation
# Note that this could easily live in the ldflags above as `-install_name @rpath/...` but
# https://github.com/NixOS/nixpkgs/issues/46434 thwarts that, so for now I'm hacking it up
# after the fact.
install_name_tool -id '@rpath/CoreFoundation.framework/Versions/A/CoreFoundation' $base/Versions/A/CoreFoundation
cp ./Build/CoreFoundation/usr/include/CoreFoundation/*.h $base/Versions/A/Headers
cp ./Build/CoreFoundation/usr/include/CoreFoundation/module.modulemap $base/Versions/A/Modules
ln -s A $base/Versions/Current
for i in CoreFoundation Headers Modules; do
ln -s Versions/Current/$i $base/$i
done
'';
darwinEnvHook = makeSetupHook { name = "darwin-env-hook"; } ./pure-corefoundation-hook.sh;
}

8
pkgs/os-specific/linux/apparmor/default.nix
View file

@ -22,13 +22,13 @@
}:
let
apparmor-version = "3.1.5";
apparmor-version = "3.1.6";
apparmor-meta = component: with lib; {
homepage = "https://apparmor.net/";
description = "A mandatory access control system - ${component}";
license = licenses.gpl2;
maintainers = with maintainers; [ julm thoughtpolice ];
license = with licenses; [ gpl2Only lgpl21Only ];
maintainers = with maintainers; [ julm thoughtpolice ajs124 ];
platforms = platforms.linux;
};
@ -36,7 +36,7 @@ let
owner = "apparmor";
repo = "apparmor";
rev = "v${apparmor-version}";
hash = "sha256-nqIRs2REbSQNKglEEjAO/YSZc6r2ks128sUNq61gRWE=";
hash = "sha256-VPgRmmQv+kgLduc6RTu9gotyjT6OImUXsPeatgG7m9E=";
};
aa-teardown = writeShellScript "aa-teardown" ''

1
pkgs/os-specific/linux/bluez/default.nix
View file

@ -85,7 +85,6 @@ in stdenv.mkDerivation rec {
"--enable-mesh"
"--enable-midi"
"--enable-nfc"
"--enable-sap"
"--enable-sixaxis"
"--enable-btpclient"
"--enable-hid2hci"

3
pkgs/os-specific/linux/intel-compute-runtime/default.nix
View file

@ -35,6 +35,9 @@ stdenv.mkDerivation rec {
outputs = [ "out" "drivers" ];
# causes redefinition of _FORTIFY_SOURCE
hardeningDisable = [ "fortify3" ];
postInstall = ''
# Avoid clash with intel-ocl
mv $out/etc/OpenCL/vendors/intel.icd $out/etc/OpenCL/vendors/intel-neo.icd

8
pkgs/os-specific/linux/iproute/default.nix
View file

@ -6,11 +6,11 @@
stdenv.mkDerivation rec {
pname = "iproute2";
version = "6.3.0";
version = "6.4.0";
src = fetchurl {
url = "mirror://kernel/linux/utils/net/${pname}/${pname}-${version}.tar.xz";
sha256 = "sha256-37KpjbluemU8/8ZpMzWhpGbimjS2rFKL5I814dJ2ZzI=";
sha256 = "sha256-TFG43svH5NoVn/sGb1kM+5Pb+a9/+GsWR85Ct8F5onI=";
};
patches = [
@ -22,8 +22,8 @@ stdenv.mkDerivation rec {
# fix build on musl. applied anywhere to prevent patchrot.
(fetchpatch {
url = "https://git.alpinelinux.org/aports/plain/main/iproute2/min.patch?id=4b78dbe29d18151402052c56af43cc12d04b1a69";
sha256 = "sha256-0ROZQAN3mUPPgggictr23jyA4JDG7m9vmBUhgRp4ExY=";
url = "https://git.alpinelinux.org/aports/plain/main/iproute2/include.patch?id=bd46efb8a8da54948639cebcfa5b37bd608f1069";
sha256 = "sha256-NpNnSXQntuzzpjswE42yzo7nqmrQgI5YcHR2kp9NEwA=";
})
];

4
pkgs/os-specific/linux/kernel-headers/default.nix
View file

@ -111,12 +111,12 @@ let
in {
inherit makeLinuxHeaders;
linuxHeaders = let version = "6.3"; in
linuxHeaders = let version = "6.4"; in
makeLinuxHeaders {
inherit version;
src = fetchurl {
url = "mirror://kernel/linux/kernel/v${lib.versions.major version}.x/linux-${version}.tar.xz";
hash = "sha256-ujSR9e1r0nCjcMRAQ049aQhfzdUoki+gHnPXZX23Ox4=";
hash = "sha256-j6BYjwws7KRMrHeg45ukjJ8AprncaXYcAqXT76yNp/M=";
};
patches = [
./no-relocs.patch # for building x86 kernel headers on non-ELF platforms

3
pkgs/os-specific/linux/libevdevc/default.nix
View file

@ -19,6 +19,9 @@ stdenv.mkDerivation rec {
makeFlags = [ "DESTDIR=$(out)" "LIBDIR=/lib" ];
# causes redefinition of _FORTIFY_SOURCE
hardeningDisable = [ "fortify3" ];
meta = with lib; {
description = "ChromiumOS libevdev. Renamed to avoid conflicts with the standard libevdev found in Linux distros";
license = licenses.bsd3;

3
pkgs/os-specific/linux/mmc-utils/default.nix
View file

@ -12,6 +12,9 @@ stdenv.mkDerivation {
makeFlags = [ "CC=${stdenv.cc.targetPrefix}cc" "prefix=$(out)" ];
# causes redefinition of _FORTIFY_SOURCE
hardeningDisable = [ "fortify3" ];
postInstall = ''
mkdir -p $out/share/man/man1
cp man/mmc.1 $out/share/man/man1/

5
pkgs/os-specific/linux/sgx/psw/default.nix
View file

@ -59,7 +59,10 @@ stdenv.mkDerivation rec {
protobuf
];
hardeningDisable = lib.optionals debug [
hardeningDisable = [
# causes redefinition of _FORTIFY_SOURCE
"fortify3"
] ++ lib.optionals debug [
"fortify"
];

Some files were not shown because too many files have changed in this diff Show more