commit
87a19e9048
@ -10,13 +10,13 @@
|
|||||||
|
|
||||||
stdenv.mkDerivation rec {
|
stdenv.mkDerivation rec {
|
||||||
pname = "enchant";
|
pname = "enchant";
|
||||||
version = "2.2.5";
|
version = "2.2.7";
|
||||||
|
|
||||||
outputs = [ "out" "dev" ];
|
outputs = [ "out" "dev" ];
|
||||||
|
|
||||||
src = fetchurl {
|
src = fetchurl {
|
||||||
url = "https://github.com/AbiWord/${pname}/releases/download/v${version}/${pname}-${version}.tar.gz";
|
url = "https://github.com/AbiWord/${pname}/releases/download/v${version}/${pname}-${version}.tar.gz";
|
||||||
sha256 = "0r41qjz3104h5raiwlw5ywwybafbxdjz12j1bnq3kq60jlr6d2pf";
|
sha256 = "029smcna98hllgkm2gy94qa7qphxs4xaa8cdbg5kaaw16mhrf8hv";
|
||||||
};
|
};
|
||||||
|
|
||||||
nativeBuildInputs = [
|
nativeBuildInputs = [
|
||||||
|
@ -1,4 +1,4 @@
|
|||||||
{ stdenv, lib, fetchurl, libiconv, xz }:
|
{ stdenv, lib, fetchurl, libiconv, xz, fetchpatch }:
|
||||||
|
|
||||||
stdenv.mkDerivation rec {
|
stdenv.mkDerivation rec {
|
||||||
pname = "gettext";
|
pname = "gettext";
|
||||||
@ -11,7 +11,12 @@ stdenv.mkDerivation rec {
|
|||||||
patches = [
|
patches = [
|
||||||
./absolute-paths.diff
|
./absolute-paths.diff
|
||||||
./gettext.git-2336451ed68d91ff4b5ae1acbc1eca30e47a86a9.patch
|
./gettext.git-2336451ed68d91ff4b5ae1acbc1eca30e47a86a9.patch
|
||||||
];
|
]
|
||||||
|
++ lib.optional stdenv.isDarwin
|
||||||
|
(fetchpatch {
|
||||||
|
url = "https://git.savannah.gnu.org/cgit/gettext.git/patch?id=ec0e6b307456ceab352669ae6bccca9702108753";
|
||||||
|
sha256 = "0xqs01c7xl7vmw6bqvsmrzxxjxk2a4spcdpmlwm3b4hi2wc2lxnf";
|
||||||
|
});
|
||||||
|
|
||||||
outputs = [ "out" "man" "doc" "info" ];
|
outputs = [ "out" "man" "doc" "info" ];
|
||||||
|
|
||||||
|
@ -2,11 +2,11 @@
|
|||||||
|
|
||||||
stdenv.mkDerivation rec {
|
stdenv.mkDerivation rec {
|
||||||
pname = "libxkbcommon";
|
pname = "libxkbcommon";
|
||||||
version = "0.8.4";
|
version = "0.10.0";
|
||||||
|
|
||||||
src = fetchurl {
|
src = fetchurl {
|
||||||
url = "https://xkbcommon.org/download/${pname}-${version}.tar.xz";
|
url = "https://xkbcommon.org/download/${pname}-${version}.tar.xz";
|
||||||
sha256 = "12vc91ydhphd5sddz15560r41l7k0i7mq6nma8kkbzdp6bwwzpb0";
|
sha256 = "1wmnl0hngn6vrqrya4r8hvimlkr4jag39yjprls4gyrqvh667hsp";
|
||||||
};
|
};
|
||||||
|
|
||||||
outputs = [ "out" "dev" "doc" ];
|
outputs = [ "out" "dev" "doc" ];
|
||||||
|
@ -1,4 +1,4 @@
|
|||||||
{ stdenv, lib, fetchurl
|
{ stdenv, lib, fetchurl, fetchpatch
|
||||||
, zlib, xz, python, ncurses, findXMLCatalogs
|
, zlib, xz, python, ncurses, findXMLCatalogs
|
||||||
, pythonSupport ? stdenv.buildPlatform == stdenv.hostPlatform
|
, pythonSupport ? stdenv.buildPlatform == stdenv.hostPlatform
|
||||||
, icuSupport ? false, icu ? null
|
, icuSupport ? false, icu ? null
|
||||||
@ -27,6 +27,11 @@ stdenv.mkDerivation rec {
|
|||||||
# https://github.com/NixOS/nixpkgs/pull/63174
|
# https://github.com/NixOS/nixpkgs/pull/63174
|
||||||
# https://github.com/NixOS/nixpkgs/pull/72342
|
# https://github.com/NixOS/nixpkgs/pull/72342
|
||||||
./utf8-xmlErrorFuncHandler.patch
|
./utf8-xmlErrorFuncHandler.patch
|
||||||
|
(fetchpatch {
|
||||||
|
name = "CVE-2020-7595.patch";
|
||||||
|
url = "https://gitlab.gnome.org/GNOME/libxml2/commit/0e1a49c8907645d2e155f0d89d4d9895ac5112b5.patch";
|
||||||
|
sha256 = "0klvaxkzakkpyq0m44l9xrpn5kwaii194sqsivfm6zhnb9hhl15l";
|
||||||
|
})
|
||||||
];
|
];
|
||||||
|
|
||||||
outputs = [ "bin" "dev" "out" "man" "doc" ]
|
outputs = [ "bin" "dev" "out" "man" "doc" ]
|
||||||
|
@ -27,7 +27,7 @@
|
|||||||
with stdenv.lib;
|
with stdenv.lib;
|
||||||
|
|
||||||
let
|
let
|
||||||
version = "19.3.2";
|
version = "19.3.3";
|
||||||
branch = versions.major version;
|
branch = versions.major version;
|
||||||
in
|
in
|
||||||
|
|
||||||
@ -42,7 +42,7 @@ stdenv.mkDerivation {
|
|||||||
"ftp://ftp.freedesktop.org/pub/mesa/older-versions/${branch}.x/${version}/mesa-${version}.tar.xz"
|
"ftp://ftp.freedesktop.org/pub/mesa/older-versions/${branch}.x/${version}/mesa-${version}.tar.xz"
|
||||||
"https://mesa.freedesktop.org/archive/mesa-${version}.tar.xz"
|
"https://mesa.freedesktop.org/archive/mesa-${version}.tar.xz"
|
||||||
];
|
];
|
||||||
sha256 = "1hg1gvcwvayksrdh9z8rfz66h3z1ffspmm2qgyy2nd8n8qrfwfjf";
|
sha256 = "02czqdqf64i3az5p1allnxycyjad3x35cj0hz0017mi5pc84ikl1";
|
||||||
};
|
};
|
||||||
|
|
||||||
prePatch = "patchShebangs .";
|
prePatch = "patchShebangs .";
|
||||||
|
@ -1,11 +1,11 @@
|
|||||||
{ stdenv, fetchurl }:
|
{ stdenv, fetchurl }:
|
||||||
|
|
||||||
stdenv.mkDerivation rec {
|
stdenv.mkDerivation rec {
|
||||||
name = "mtdev-1.1.5";
|
name = "mtdev-1.1.6";
|
||||||
|
|
||||||
src = fetchurl {
|
src = fetchurl {
|
||||||
url = "http://bitmath.org/code/mtdev/${name}.tar.bz2";
|
url = "http://bitmath.org/code/mtdev/${name}.tar.bz2";
|
||||||
sha256 = "0zxs7shzgbalkvlaiibi25bd902rbmkv9n1lww6q8j3ri9qdaxv6";
|
sha256 = "1q700h9dqcm3zl6c3gj0qxxjcx6ibw2c51wjijydhwdcm26v5mqm";
|
||||||
};
|
};
|
||||||
|
|
||||||
meta = with stdenv.lib; {
|
meta = with stdenv.lib; {
|
||||||
|
@ -1,11 +1,11 @@
|
|||||||
{ stdenv, fetchurl, openssl, cyrus_sasl, db, groff, libtool }:
|
{ stdenv, fetchurl, openssl, cyrus_sasl, db, groff, libtool }:
|
||||||
|
|
||||||
stdenv.mkDerivation rec {
|
stdenv.mkDerivation rec {
|
||||||
name = "openldap-2.4.48";
|
name = "openldap-2.4.49";
|
||||||
|
|
||||||
src = fetchurl {
|
src = fetchurl {
|
||||||
url = "https://www.openldap.org/software/download/OpenLDAP/openldap-release/${name}.tgz";
|
url = "https://www.openldap.org/software/download/OpenLDAP/openldap-release/${name}.tgz";
|
||||||
sha256 = "0k87qra4kirb6xgja4q1jyw6piwb9v8b8g6gkxq4plawmgy3ylnr";
|
sha256 = "0vp524rsngdcykf6ki7vprsyg7gj8z7hszg8xwxz50219fa1gcg3";
|
||||||
};
|
};
|
||||||
|
|
||||||
# TODO: separate "out" and "bin"
|
# TODO: separate "out" and "bin"
|
||||||
|
@ -1,12 +0,0 @@
|
|||||||
Index: TimeDate-2.30/t/getdate.t
|
|
||||||
===================================================================
|
|
||||||
--- TimeDate-2.30.orig/t/getdate.t
|
|
||||||
+++ TimeDate-2.30/t/getdate.t
|
|
||||||
@@ -156,7 +156,7 @@ Jul 22 10:00:00 UTC 2002 ;102733200
|
|
||||||
!;
|
|
||||||
|
|
||||||
require Time::Local;
|
|
||||||
-my $offset = Time::Local::timegm(0,0,0,1,0,70);
|
|
||||||
+my $offset = Time::Local::timegm(0,0,0,1,0,1970);
|
|
||||||
|
|
||||||
@data = split(/\n/, $data);
|
|
@ -1,4 +1,4 @@
|
|||||||
{ stdenv, lib, buildPythonPackage, fetchPypi, pytz, pytest, freezegun, glibcLocales }:
|
{ stdenv, lib, buildPythonPackage, fetchPypi, fetchpatch, pytz, pytest, freezegun, glibcLocales }:
|
||||||
|
|
||||||
buildPythonPackage rec {
|
buildPythonPackage rec {
|
||||||
pname = "Babel";
|
pname = "Babel";
|
||||||
@ -9,14 +9,31 @@ buildPythonPackage rec {
|
|||||||
sha256 = "e86135ae101e31e2c8ec20a4e0c5220f4eed12487d5cf3f78be7e98d3a57fc28";
|
sha256 = "e86135ae101e31e2c8ec20a4e0c5220f4eed12487d5cf3f78be7e98d3a57fc28";
|
||||||
};
|
};
|
||||||
|
|
||||||
|
patches = [
|
||||||
|
# The following 2 patches fix the test suite failing on nix < 2.3 with
|
||||||
|
# Python < 3 because those nix versions do not run in a pseudoterminal,
|
||||||
|
# which makes Python 2 not set the default encoding to UTF-8, and the
|
||||||
|
# Babel code crashes when printing a warning in that case.
|
||||||
|
# See #75676 and https://github.com/python-babel/babel/pull/691.
|
||||||
|
# It is important to fix this because otherwise Babel is not buildable
|
||||||
|
# with older nix versions (e.g. on machines used as --builders).
|
||||||
|
# TODO: Remove at release > 2.8.0.
|
||||||
|
(fetchpatch {
|
||||||
|
name = "Babel-Introduce-invariant-that-invalid_pofile-takes-unicode-line.patch";
|
||||||
|
url = "https://github.com/python-babel/babel/commit/f4f6653e6aa053724d2c6dc0ee71dcb928013352.patch";
|
||||||
|
sha256 = "1kyknwn9blspcf9yxmgdiaxdii1dnkblyhcflqwhxyl1mss1dxv5";
|
||||||
|
})
|
||||||
|
(fetchpatch {
|
||||||
|
name = "Babel-Fix-unicode-printing-error-on-Python-2-without-TTY.patch";
|
||||||
|
url = "https://github.com/python-babel/babel/commit/da7f31143847659b6b74d802618b03438aceb350.patch";
|
||||||
|
sha256 = "09yny8614knr8ngrrddmqzkxk70am135rccv2ncc6dji4xbqbfln";
|
||||||
|
})
|
||||||
|
];
|
||||||
|
|
||||||
propagatedBuildInputs = [ pytz ];
|
propagatedBuildInputs = [ pytz ];
|
||||||
|
|
||||||
checkInputs = [ pytest freezegun ];
|
checkInputs = [ pytest freezegun ];
|
||||||
|
|
||||||
# Note that a test will fail with an encoding error on Python 2 with Nix < 2.3
|
|
||||||
# due to https://github.com/NixOS/nixpkgs/pull/75676#issuecomment-579008837.
|
|
||||||
# TODO: Remove the above comment when we use a version that includes the fix
|
|
||||||
# from https://github.com/python-babel/babel/pull/691
|
|
||||||
doCheck = !stdenv.isDarwin;
|
doCheck = !stdenv.isDarwin;
|
||||||
|
|
||||||
meta = with lib; {
|
meta = with lib; {
|
||||||
|
@ -2,12 +2,12 @@
|
|||||||
|
|
||||||
buildPythonPackage rec {
|
buildPythonPackage rec {
|
||||||
pname = "pyatspi";
|
pname = "pyatspi";
|
||||||
version = "2.32.1";
|
version = "2.34.0";
|
||||||
format = "other";
|
format = "other";
|
||||||
|
|
||||||
src = fetchurl {
|
src = fetchurl {
|
||||||
url = "mirror://gnome/sources/${pname}/${stdenv.lib.versions.majorMinor version}/${pname}-${version}.tar.xz";
|
url = "mirror://gnome/sources/${pname}/${stdenv.lib.versions.majorMinor version}/${pname}-${version}.tar.xz";
|
||||||
sha256 = "1283cbwd2kacgdij96xk26721f6amyzdhy2py11kdj5cprdlm5c4";
|
sha256 = "0j3f75j0zd6ca8msg7yr19qsfirqkn9fk8pqbjnlhqrpri455g4p";
|
||||||
};
|
};
|
||||||
|
|
||||||
nativeBuildInputs = [ pkgconfig ];
|
nativeBuildInputs = [ pkgconfig ];
|
||||||
|
@ -3,13 +3,13 @@ pycairo, cairo, which, ncurses, meson, ninja, isPy3k, gnome3 }:
|
|||||||
|
|
||||||
buildPythonPackage rec {
|
buildPythonPackage rec {
|
||||||
pname = "pygobject";
|
pname = "pygobject";
|
||||||
version = "3.32.1";
|
version = "3.34.0";
|
||||||
|
|
||||||
format = "other";
|
format = "other";
|
||||||
|
|
||||||
src = fetchurl {
|
src = fetchurl {
|
||||||
url = "mirror://gnome/sources/${pname}/${stdenv.lib.versions.majorMinor version}/${pname}-${version}.tar.xz";
|
url = "mirror://gnome/sources/${pname}/${stdenv.lib.versions.majorMinor version}/${pname}-${version}.tar.xz";
|
||||||
sha256 = "1n04dnvq3bx7vk7pgnxlg6kiwnc7xxv9bjabkv7abpmqjkprvj9j";
|
sha256 = "06i7ynnbvgpz0gw09zsjbvhgcp5qz4yzdifw27qjwdazg2mckql7";
|
||||||
};
|
};
|
||||||
|
|
||||||
outputs = [ "out" "dev" ];
|
outputs = [ "out" "dev" ];
|
||||||
|
@ -50,13 +50,12 @@ cmakeConfigurePhase() {
|
|||||||
# because we usually do not package the framework
|
# because we usually do not package the framework
|
||||||
cmakeFlags="-DCMAKE_FIND_FRAMEWORK=last $cmakeFlags"
|
cmakeFlags="-DCMAKE_FIND_FRAMEWORK=last $cmakeFlags"
|
||||||
|
|
||||||
|
# on macOS i686 was only relevant for 10.5 or earlier.
|
||||||
|
cmakeFlags="-DCMAKE_OSX_ARCHITECTURES=x86_64 $cmakeFlags"
|
||||||
|
|
||||||
# we never want to use the global macOS SDK
|
# we never want to use the global macOS SDK
|
||||||
cmakeFlags="-DCMAKE_OSX_SYSROOT= $cmakeFlags"
|
cmakeFlags="-DCMAKE_OSX_SYSROOT= $cmakeFlags"
|
||||||
|
|
||||||
# disable OSX deployment target
|
|
||||||
# we don't want our binaries to have a "minimum" OSX version
|
|
||||||
cmakeFlags="-DCMAKE_OSX_DEPLOYMENT_TARGET= $cmakeFlags"
|
|
||||||
|
|
||||||
# correctly detect our clang compiler
|
# correctly detect our clang compiler
|
||||||
cmakeFlags="-DCMAKE_POLICY_DEFAULT_CMP0025=NEW $cmakeFlags"
|
cmakeFlags="-DCMAKE_POLICY_DEFAULT_CMP0025=NEW $cmakeFlags"
|
||||||
|
|
||||||
|
@ -1,4 +1,4 @@
|
|||||||
{ stdenv, fetchFromGitLab, fetchpatch, python, ensureNewerSourcesForZipFilesHook
|
{ stdenv, fetchFromGitLab, python, ensureNewerSourcesForZipFilesHook
|
||||||
# optional list of extra waf tools, e.g. `[ "doxygen" "pytest" ]`
|
# optional list of extra waf tools, e.g. `[ "doxygen" "pytest" ]`
|
||||||
, withTools ? null
|
, withTools ? null
|
||||||
}:
|
}:
|
||||||
@ -8,22 +8,15 @@ let
|
|||||||
in
|
in
|
||||||
stdenv.mkDerivation rec {
|
stdenv.mkDerivation rec {
|
||||||
pname = "waf";
|
pname = "waf";
|
||||||
version = "2.0.18";
|
version = "2.0.19";
|
||||||
|
|
||||||
src = fetchFromGitLab {
|
src = fetchFromGitLab {
|
||||||
owner = "ita1024";
|
owner = "ita1024";
|
||||||
repo = "waf";
|
repo = "waf";
|
||||||
rev = "${pname}-${version}";
|
rev = "${pname}-${version}";
|
||||||
sha256 = "1ifcanm2x2i8qwgfkwgdxwaqcdwsx5jg8bd1d6sqjps3pz7s5qxx";
|
sha256 = "1ydmx20blr776qnmnqp0whyiy81a3glln49m9fva2cmampmandpb";
|
||||||
};
|
};
|
||||||
|
|
||||||
patches = [
|
|
||||||
(fetchpatch {
|
|
||||||
url = "https://gitlab.com/grahamc/waf/commit/fc1c98f1fb575fb26b867a61cbca79aa894db2ea.patch";
|
|
||||||
sha256 = "0kzfrr6nh1ay8nyk0i69nhkkrq7hskn7yw1qyjxrda1y3wxj6jp8";
|
|
||||||
})
|
|
||||||
];
|
|
||||||
|
|
||||||
buildInputs = [ python ensureNewerSourcesForZipFilesHook ];
|
buildInputs = [ python ensureNewerSourcesForZipFilesHook ];
|
||||||
|
|
||||||
configurePhase = ''
|
configurePhase = ''
|
||||||
|
@ -15,10 +15,7 @@ stdenv.mkDerivation rec {
|
|||||||
nativeBuildInputs = [ cmake ];
|
nativeBuildInputs = [ cmake ];
|
||||||
buildInputs = with llvmPackages; [ clang-unwrapped llvm rapidjson ];
|
buildInputs = with llvmPackages; [ clang-unwrapped llvm rapidjson ];
|
||||||
|
|
||||||
cmakeFlags = [
|
cmakeFlags = [ "-DCCLS_VERSION=${version}" ];
|
||||||
"-DCCLS_VERSION=${version}"
|
|
||||||
"-DCMAKE_OSX_DEPLOYMENT_TARGET=10.12"
|
|
||||||
];
|
|
||||||
|
|
||||||
preConfigure = ''
|
preConfigure = ''
|
||||||
cmakeFlagsArray+=(-DCMAKE_CXX_FLAGS="-fvisibility=hidden -fno-rtti")
|
cmakeFlagsArray+=(-DCMAKE_CXX_FLAGS="-fvisibility=hidden -fno-rtti")
|
||||||
|
@ -26,7 +26,6 @@ stdenv.mkDerivation {
|
|||||||
cmakeFlags = [
|
cmakeFlags = [
|
||||||
"-DSYSTEM_CLANG=ON"
|
"-DSYSTEM_CLANG=ON"
|
||||||
"-DCLANG_CXX=ON"
|
"-DCLANG_CXX=ON"
|
||||||
"-DCMAKE_OSX_DEPLOYMENT_TARGET=10.12"
|
|
||||||
];
|
];
|
||||||
|
|
||||||
shell = runtimeShell;
|
shell = runtimeShell;
|
||||||
|
@ -1,10 +1,15 @@
|
|||||||
{ stdenv, fetchurl, xar, cpio, pkgs, python3, pbzx, lib }:
|
{ stdenv, fetchurl, xar, cpio, pkgs, python3, pbzx, lib }:
|
||||||
|
|
||||||
|
let version = "10.12"; in
|
||||||
|
|
||||||
|
# Ensure appleSdkVersion is up to date.
|
||||||
|
assert stdenv.isDarwin -> stdenv.appleSdkVersion == version;
|
||||||
|
|
||||||
let
|
let
|
||||||
# sadly needs to be exported because security_tool needs it
|
# sadly needs to be exported because security_tool needs it
|
||||||
sdk = stdenv.mkDerivation rec {
|
sdk = stdenv.mkDerivation rec {
|
||||||
version = "10.12";
|
|
||||||
pname = "MacOS_SDK";
|
pname = "MacOS_SDK";
|
||||||
|
inherit version;
|
||||||
|
|
||||||
# This URL comes from https://swscan.apple.com/content/catalogs/others/index-10.12.merged-1.sucatalog, which we found by:
|
# This URL comes from https://swscan.apple.com/content/catalogs/others/index-10.12.merged-1.sucatalog, which we found by:
|
||||||
# 1. Google: site:swscan.apple.com and look for a name that seems appropriate for your version
|
# 1. Google: site:swscan.apple.com and look for a name that seems appropriate for your version
|
||||||
|
@ -31,7 +31,6 @@ self = stdenv.mkDerivation rec {
|
|||||||
outputs = [ "out" "static" ];
|
outputs = [ "out" "static" ];
|
||||||
|
|
||||||
cmakeFlags = [
|
cmakeFlags = [
|
||||||
"-DCMAKE_OSX_DEPLOYMENT_TARGET=10.12" # For std::shared_timed_mutex.
|
|
||||||
"-DCMAKE_SKIP_BUILD_RPATH=OFF" # To run libmysql/libmysql_api_test during build.
|
"-DCMAKE_SKIP_BUILD_RPATH=OFF" # To run libmysql/libmysql_api_test during build.
|
||||||
"-DFORCE_UNSUPPORTED_COMPILER=1" # To configure on Darwin.
|
"-DFORCE_UNSUPPORTED_COMPILER=1" # To configure on Darwin.
|
||||||
"-DWITH_ROUTER=OFF" # It may be packaged separately.
|
"-DWITH_ROUTER=OFF" # It may be packaged separately.
|
||||||
|
@ -1,6 +1,9 @@
|
|||||||
{ lib
|
{ lib
|
||||||
, localSystem, crossSystem, config, overlays, crossOverlays ? []
|
, localSystem, crossSystem, config, overlays, crossOverlays ? []
|
||||||
|
# The version of darwin.apple_sdk used for sources provided by apple.
|
||||||
|
, appleSdkVersion ? "10.12"
|
||||||
|
# Minimum required macOS version, used both for compatibility as well as reproducability.
|
||||||
|
, macosVersionMin ? "10.12"
|
||||||
# Allow passing in bootstrap files directly so we can test the stdenv bootstrap process when changing the bootstrap tools
|
# Allow passing in bootstrap files directly so we can test the stdenv bootstrap process when changing the bootstrap tools
|
||||||
, bootstrapFiles ? let
|
, bootstrapFiles ? let
|
||||||
fetch = { file, sha256, executable ? true }: import <nix/fetchurl.nix> {
|
fetch = { file, sha256, executable ? true }: import <nix/fetchurl.nix> {
|
||||||
@ -28,15 +31,19 @@ let
|
|||||||
];
|
];
|
||||||
in rec {
|
in rec {
|
||||||
commonPreHook = ''
|
commonPreHook = ''
|
||||||
export NIX_ENFORCE_PURITY="''${NIX_ENFORCE_PURITY-1}"
|
export NIX_ENFORCE_NO_NATIVE=''${NIX_ENFORCE_NO_NATIVE-1}
|
||||||
export NIX_ENFORCE_NO_NATIVE="''${NIX_ENFORCE_NO_NATIVE-1}"
|
export NIX_ENFORCE_PURITY=''${NIX_ENFORCE_PURITY-1}
|
||||||
export NIX_IGNORE_LD_THROUGH_GCC=1
|
export NIX_IGNORE_LD_THROUGH_GCC=1
|
||||||
stripAllFlags=" " # the Darwin "strip" command doesn't know "-s"
|
|
||||||
export MACOSX_DEPLOYMENT_TARGET=10.12
|
|
||||||
export SDKROOT=
|
export SDKROOT=
|
||||||
export CMAKE_OSX_ARCHITECTURES=x86_64
|
|
||||||
|
# Ensure consistent LC_VERSION_MIN_MACOSX and remove LC_UUID.
|
||||||
|
export MACOSX_DEPLOYMENT_TARGET=${macosVersionMin}
|
||||||
|
export NIX_LDFLAGS+=" -macosx_version_min ${macosVersionMin} -sdk_version ${appleSdkVersion} -no_uuid"
|
||||||
|
|
||||||
# Workaround for https://openradar.appspot.com/22671534 on 10.11.
|
# Workaround for https://openradar.appspot.com/22671534 on 10.11.
|
||||||
export gl_cv_func_getcwd_abort_bug=no
|
export gl_cv_func_getcwd_abort_bug=no
|
||||||
|
|
||||||
|
stripAllFlags=" " # the Darwin "strip" command doesn't know "-s"
|
||||||
'';
|
'';
|
||||||
|
|
||||||
bootstrapTools = derivation {
|
bootstrapTools = derivation {
|
||||||
@ -130,8 +137,7 @@ in rec {
|
|||||||
__extraImpureHostDeps = commonImpureHostDeps;
|
__extraImpureHostDeps = commonImpureHostDeps;
|
||||||
|
|
||||||
extraAttrs = {
|
extraAttrs = {
|
||||||
inherit platform;
|
inherit macosVersionMin appleSdkVersion platform;
|
||||||
parent = last;
|
|
||||||
};
|
};
|
||||||
overrides = self: super: (overrides self super) // { fetchurl = thisStdenv.fetchurlBoot; };
|
overrides = self: super: (overrides self super) // { fetchurl = thisStdenv.fetchurlBoot; };
|
||||||
};
|
};
|
||||||
@ -400,9 +406,9 @@ in rec {
|
|||||||
extraBuildInputs = [ pkgs.darwin.CF ];
|
extraBuildInputs = [ pkgs.darwin.CF ];
|
||||||
|
|
||||||
extraAttrs = {
|
extraAttrs = {
|
||||||
inherit platform bootstrapTools;
|
libc = pkgs.darwin.Libsystem;
|
||||||
libc = pkgs.darwin.Libsystem;
|
|
||||||
shellPackage = pkgs.bash;
|
shellPackage = pkgs.bash;
|
||||||
|
inherit macosVersionMin appleSdkVersion platform bootstrapTools;
|
||||||
};
|
};
|
||||||
|
|
||||||
allowedRequisites = (with pkgs; [
|
allowedRequisites = (with pkgs; [
|
||||||
|
@ -10,11 +10,11 @@ let
|
|||||||
pythonForDocs = python3.withPackages (pkgs: with pkgs; [ pygobject3 ]);
|
pythonForDocs = python3.withPackages (pkgs: with pkgs; [ pygobject3 ]);
|
||||||
in stdenv.mkDerivation rec {
|
in stdenv.mkDerivation rec {
|
||||||
pname = "network-manager";
|
pname = "network-manager";
|
||||||
version = "1.22.4";
|
version = "1.22.6";
|
||||||
|
|
||||||
src = fetchurl {
|
src = fetchurl {
|
||||||
url = "mirror://gnome/sources/NetworkManager/${stdenv.lib.versions.majorMinor version}/NetworkManager-${version}.tar.xz";
|
url = "mirror://gnome/sources/NetworkManager/${stdenv.lib.versions.majorMinor version}/NetworkManager-${version}.tar.xz";
|
||||||
sha256 = "0682hm5l3ix8cq35yl5pxidri4kxbdnvj9llf8vg9mcg5abdaslv";
|
sha256 = "0r65hk7nw44jq4k6h91wrprr0x9410ibd1n7mpmlh4f4kgy276dw";
|
||||||
};
|
};
|
||||||
|
|
||||||
outputs = [ "out" "dev" "devdoc" "man" "doc" ];
|
outputs = [ "out" "dev" "devdoc" "man" "doc" ];
|
||||||
|
@ -0,0 +1,33 @@
|
|||||||
|
From b5a91a01e5d0897facdd0f49d64b76b0f02b43e1 Mon Sep 17 00:00:00 2001
|
||||||
|
From: Andreas Gruenbacher <agruen@gnu.org>
|
||||||
|
Date: Fri, 6 Apr 2018 11:34:51 +0200
|
||||||
|
Subject: Allow input files to be missing for ed-style patches
|
||||||
|
|
||||||
|
* src/pch.c (do_ed_script): Allow input files to be missing so that new
|
||||||
|
files will be created as with non-ed-style patches.
|
||||||
|
---
|
||||||
|
src/pch.c | 8 +++++---
|
||||||
|
1 file changed, 5 insertions(+), 3 deletions(-)
|
||||||
|
|
||||||
|
diff --git a/src/pch.c b/src/pch.c
|
||||||
|
index bc6278c..0c5cc26 100644
|
||||||
|
--- a/src/pch.c
|
||||||
|
+++ b/src/pch.c
|
||||||
|
@@ -2394,9 +2394,11 @@ do_ed_script (char const *inname, char const *outname,
|
||||||
|
|
||||||
|
if (! dry_run && ! skip_rest_of_patch) {
|
||||||
|
int exclusive = *outname_needs_removal ? 0 : O_EXCL;
|
||||||
|
- assert (! inerrno);
|
||||||
|
- *outname_needs_removal = true;
|
||||||
|
- copy_file (inname, outname, 0, exclusive, instat.st_mode, true);
|
||||||
|
+ if (inerrno != ENOENT)
|
||||||
|
+ {
|
||||||
|
+ *outname_needs_removal = true;
|
||||||
|
+ copy_file (inname, outname, 0, exclusive, instat.st_mode, true);
|
||||||
|
+ }
|
||||||
|
sprintf (buf, "%s %s%s", editor_program,
|
||||||
|
verbosity == VERBOSE ? "" : "- ",
|
||||||
|
outname);
|
||||||
|
--
|
||||||
|
cgit v1.0-41-gc330
|
||||||
|
|
211
pkgs/tools/text/gnupatch/CVE-2018-1000156.patch
Normal file
211
pkgs/tools/text/gnupatch/CVE-2018-1000156.patch
Normal file
@ -0,0 +1,211 @@
|
|||||||
|
From 123eaff0d5d1aebe128295959435b9ca5909c26d Mon Sep 17 00:00:00 2001
|
||||||
|
From: Andreas Gruenbacher <agruen@gnu.org>
|
||||||
|
Date: Fri, 6 Apr 2018 12:14:49 +0200
|
||||||
|
Subject: Fix arbitrary command execution in ed-style patches
|
||||||
|
(CVE-2018-1000156)
|
||||||
|
|
||||||
|
* src/pch.c (do_ed_script): Write ed script to a temporary file instead
|
||||||
|
of piping it to ed: this will cause ed to abort on invalid commands
|
||||||
|
instead of rejecting them and carrying on.
|
||||||
|
* tests/ed-style: New test case.
|
||||||
|
* tests/Makefile.am (TESTS): Add test case.
|
||||||
|
---
|
||||||
|
src/pch.c | 91 ++++++++++++++++++++++++++++++++++++++++---------------
|
||||||
|
tests/Makefile.am | 1 +
|
||||||
|
tests/ed-style | 41 +++++++++++++++++++++++++
|
||||||
|
3 files changed, 108 insertions(+), 25 deletions(-)
|
||||||
|
create mode 100644 tests/ed-style
|
||||||
|
|
||||||
|
diff --git a/src/pch.c b/src/pch.c
|
||||||
|
index 0c5cc26..4fd5a05 100644
|
||||||
|
--- a/src/pch.c
|
||||||
|
+++ b/src/pch.c
|
||||||
|
@@ -33,6 +33,7 @@
|
||||||
|
# include <io.h>
|
||||||
|
#endif
|
||||||
|
#include <safe.h>
|
||||||
|
+#include <sys/wait.h>
|
||||||
|
|
||||||
|
#define INITHUNKMAX 125 /* initial dynamic allocation size */
|
||||||
|
|
||||||
|
@@ -2389,24 +2390,28 @@ do_ed_script (char const *inname, char const *outname,
|
||||||
|
static char const editor_program[] = EDITOR_PROGRAM;
|
||||||
|
|
||||||
|
file_offset beginning_of_this_line;
|
||||||
|
- FILE *pipefp = 0;
|
||||||
|
size_t chars_read;
|
||||||
|
+ FILE *tmpfp = 0;
|
||||||
|
+ char const *tmpname;
|
||||||
|
+ int tmpfd;
|
||||||
|
+ pid_t pid;
|
||||||
|
+
|
||||||
|
+ if (! dry_run && ! skip_rest_of_patch)
|
||||||
|
+ {
|
||||||
|
+ /* Write ed script to a temporary file. This causes ed to abort on
|
||||||
|
+ invalid commands such as when line numbers or ranges exceed the
|
||||||
|
+ number of available lines. When ed reads from a pipe, it rejects
|
||||||
|
+ invalid commands and treats the next line as a new command, which
|
||||||
|
+ can lead to arbitrary command execution. */
|
||||||
|
+
|
||||||
|
+ tmpfd = make_tempfile (&tmpname, 'e', NULL, O_RDWR | O_BINARY, 0);
|
||||||
|
+ if (tmpfd == -1)
|
||||||
|
+ pfatal ("Can't create temporary file %s", quotearg (tmpname));
|
||||||
|
+ tmpfp = fdopen (tmpfd, "w+b");
|
||||||
|
+ if (! tmpfp)
|
||||||
|
+ pfatal ("Can't open stream for file %s", quotearg (tmpname));
|
||||||
|
+ }
|
||||||
|
|
||||||
|
- if (! dry_run && ! skip_rest_of_patch) {
|
||||||
|
- int exclusive = *outname_needs_removal ? 0 : O_EXCL;
|
||||||
|
- if (inerrno != ENOENT)
|
||||||
|
- {
|
||||||
|
- *outname_needs_removal = true;
|
||||||
|
- copy_file (inname, outname, 0, exclusive, instat.st_mode, true);
|
||||||
|
- }
|
||||||
|
- sprintf (buf, "%s %s%s", editor_program,
|
||||||
|
- verbosity == VERBOSE ? "" : "- ",
|
||||||
|
- outname);
|
||||||
|
- fflush (stdout);
|
||||||
|
- pipefp = popen(buf, binary_transput ? "wb" : "w");
|
||||||
|
- if (!pipefp)
|
||||||
|
- pfatal ("Can't open pipe to %s", quotearg (buf));
|
||||||
|
- }
|
||||||
|
for (;;) {
|
||||||
|
char ed_command_letter;
|
||||||
|
beginning_of_this_line = file_tell (pfp);
|
||||||
|
@@ -2417,14 +2422,14 @@ do_ed_script (char const *inname, char const *outname,
|
||||||
|
}
|
||||||
|
ed_command_letter = get_ed_command_letter (buf);
|
||||||
|
if (ed_command_letter) {
|
||||||
|
- if (pipefp)
|
||||||
|
- if (! fwrite (buf, sizeof *buf, chars_read, pipefp))
|
||||||
|
+ if (tmpfp)
|
||||||
|
+ if (! fwrite (buf, sizeof *buf, chars_read, tmpfp))
|
||||||
|
write_fatal ();
|
||||||
|
if (ed_command_letter != 'd' && ed_command_letter != 's') {
|
||||||
|
p_pass_comments_through = true;
|
||||||
|
while ((chars_read = get_line ()) != 0) {
|
||||||
|
- if (pipefp)
|
||||||
|
- if (! fwrite (buf, sizeof *buf, chars_read, pipefp))
|
||||||
|
+ if (tmpfp)
|
||||||
|
+ if (! fwrite (buf, sizeof *buf, chars_read, tmpfp))
|
||||||
|
write_fatal ();
|
||||||
|
if (chars_read == 2 && strEQ (buf, ".\n"))
|
||||||
|
break;
|
||||||
|
@@ -2437,13 +2442,49 @@ do_ed_script (char const *inname, char const *outname,
|
||||||
|
break;
|
||||||
|
}
|
||||||
|
}
|
||||||
|
- if (!pipefp)
|
||||||
|
+ if (!tmpfp)
|
||||||
|
return;
|
||||||
|
- if (fwrite ("w\nq\n", sizeof (char), (size_t) 4, pipefp) == 0
|
||||||
|
- || fflush (pipefp) != 0)
|
||||||
|
+ if (fwrite ("w\nq\n", sizeof (char), (size_t) 4, tmpfp) == 0
|
||||||
|
+ || fflush (tmpfp) != 0)
|
||||||
|
write_fatal ();
|
||||||
|
- if (pclose (pipefp) != 0)
|
||||||
|
- fatal ("%s FAILED", editor_program);
|
||||||
|
+
|
||||||
|
+ if (lseek (tmpfd, 0, SEEK_SET) == -1)
|
||||||
|
+ pfatal ("Can't rewind to the beginning of file %s", quotearg (tmpname));
|
||||||
|
+
|
||||||
|
+ if (! dry_run && ! skip_rest_of_patch) {
|
||||||
|
+ int exclusive = *outname_needs_removal ? 0 : O_EXCL;
|
||||||
|
+ *outname_needs_removal = true;
|
||||||
|
+ if (inerrno != ENOENT)
|
||||||
|
+ {
|
||||||
|
+ *outname_needs_removal = true;
|
||||||
|
+ copy_file (inname, outname, 0, exclusive, instat.st_mode, true);
|
||||||
|
+ }
|
||||||
|
+ sprintf (buf, "%s %s%s", editor_program,
|
||||||
|
+ verbosity == VERBOSE ? "" : "- ",
|
||||||
|
+ outname);
|
||||||
|
+ fflush (stdout);
|
||||||
|
+
|
||||||
|
+ pid = fork();
|
||||||
|
+ if (pid == -1)
|
||||||
|
+ pfatal ("Can't fork");
|
||||||
|
+ else if (pid == 0)
|
||||||
|
+ {
|
||||||
|
+ dup2 (tmpfd, 0);
|
||||||
|
+ execl ("/bin/sh", "sh", "-c", buf, (char *) 0);
|
||||||
|
+ _exit (2);
|
||||||
|
+ }
|
||||||
|
+ else
|
||||||
|
+ {
|
||||||
|
+ int wstatus;
|
||||||
|
+ if (waitpid (pid, &wstatus, 0) == -1
|
||||||
|
+ || ! WIFEXITED (wstatus)
|
||||||
|
+ || WEXITSTATUS (wstatus) != 0)
|
||||||
|
+ fatal ("%s FAILED", editor_program);
|
||||||
|
+ }
|
||||||
|
+ }
|
||||||
|
+
|
||||||
|
+ fclose (tmpfp);
|
||||||
|
+ safe_unlink (tmpname);
|
||||||
|
|
||||||
|
if (ofp)
|
||||||
|
{
|
||||||
|
diff --git a/tests/Makefile.am b/tests/Makefile.am
|
||||||
|
index 6b6df63..16f8693 100644
|
||||||
|
--- a/tests/Makefile.am
|
||||||
|
+++ b/tests/Makefile.am
|
||||||
|
@@ -32,6 +32,7 @@ TESTS = \
|
||||||
|
crlf-handling \
|
||||||
|
dash-o-append \
|
||||||
|
deep-directories \
|
||||||
|
+ ed-style \
|
||||||
|
empty-files \
|
||||||
|
false-match \
|
||||||
|
fifo \
|
||||||
|
diff --git a/tests/ed-style b/tests/ed-style
|
||||||
|
new file mode 100644
|
||||||
|
index 0000000..d8c0689
|
||||||
|
--- /dev/null
|
||||||
|
+++ b/tests/ed-style
|
||||||
|
@@ -0,0 +1,41 @@
|
||||||
|
+# Copyright (C) 2018 Free Software Foundation, Inc.
|
||||||
|
+#
|
||||||
|
+# Copying and distribution of this file, with or without modification,
|
||||||
|
+# in any medium, are permitted without royalty provided the copyright
|
||||||
|
+# notice and this notice are preserved.
|
||||||
|
+
|
||||||
|
+. $srcdir/test-lib.sh
|
||||||
|
+
|
||||||
|
+require cat
|
||||||
|
+use_local_patch
|
||||||
|
+use_tmpdir
|
||||||
|
+
|
||||||
|
+# ==============================================================
|
||||||
|
+
|
||||||
|
+cat > ed1.diff <<EOF
|
||||||
|
+0a
|
||||||
|
+foo
|
||||||
|
+.
|
||||||
|
+EOF
|
||||||
|
+
|
||||||
|
+check 'patch -e foo -i ed1.diff' <<EOF
|
||||||
|
+EOF
|
||||||
|
+
|
||||||
|
+check 'cat foo' <<EOF
|
||||||
|
+foo
|
||||||
|
+EOF
|
||||||
|
+
|
||||||
|
+cat > ed2.diff <<EOF
|
||||||
|
+1337a
|
||||||
|
+r !echo bar
|
||||||
|
+,p
|
||||||
|
+EOF
|
||||||
|
+
|
||||||
|
+check 'patch -e foo -i ed2.diff 2> /dev/null || echo "Status: $?"' <<EOF
|
||||||
|
+?
|
||||||
|
+Status: 2
|
||||||
|
+EOF
|
||||||
|
+
|
||||||
|
+check 'cat foo' <<EOF
|
||||||
|
+foo
|
||||||
|
+EOF
|
||||||
|
--
|
||||||
|
cgit v1.0-41-gc330
|
||||||
|
|
@ -13,16 +13,13 @@ stdenv.mkDerivation rec {
|
|||||||
patches = [
|
patches = [
|
||||||
# https://git.savannah.gnu.org/cgit/patch.git/patch/?id=f290f48a621867084884bfff87f8093c15195e6a
|
# https://git.savannah.gnu.org/cgit/patch.git/patch/?id=f290f48a621867084884bfff87f8093c15195e6a
|
||||||
./CVE-2018-6951.patch
|
./CVE-2018-6951.patch
|
||||||
(fetchurl {
|
|
||||||
url = https://git.savannah.gnu.org/cgit/patch.git/patch/?id=b5a91a01e5d0897facdd0f49d64b76b0f02b43e1;
|
# https://git.savannah.gnu.org/cgit/patch.git/patch/?id=b5a91a01e5d0897facdd0f49d64b76b0f02b43e1
|
||||||
name = "Allow_input_files_to_be_missing_for_ed-style_patches.patch";
|
./Allow_input_files_to_be_missing_for_ed-style_patches.patch
|
||||||
sha256 = "0iw0lk0yhnhvfjzal48ij6zdr92mgb84jq7fwryy1hdhi47hhq64";
|
|
||||||
})
|
# https://git.savannah.gnu.org/cgit/patch.git/patch/?id=123eaff0d5d1aebe128295959435b9ca5909c26d
|
||||||
(fetchurl {
|
./CVE-2018-1000156.patch
|
||||||
url = https://git.savannah.gnu.org/cgit/patch.git/patch/?id=123eaff0d5d1aebe128295959435b9ca5909c26d;
|
|
||||||
name = "CVE-2018-1000156.patch";
|
|
||||||
sha256 = "1bpy16n3hm5nv9xkrn6c4wglzsdzj3ss1biq16w9kfv48p4hx2vg";
|
|
||||||
})
|
|
||||||
# https://git.savannah.gnu.org/cgit/patch.git/commit/?id=9c986353e420ead6e706262bf204d6e03322c300
|
# https://git.savannah.gnu.org/cgit/patch.git/commit/?id=9c986353e420ead6e706262bf204d6e03322c300
|
||||||
./CVE-2018-6952.patch
|
./CVE-2018-6952.patch
|
||||||
|
|
||||||
|
@ -5258,11 +5258,11 @@ in
|
|||||||
|
|
||||||
networkmanager-fortisslvpn = callPackage ../tools/networking/network-manager/fortisslvpn { };
|
networkmanager-fortisslvpn = callPackage ../tools/networking/network-manager/fortisslvpn { };
|
||||||
|
|
||||||
networkmanager_strongswan = callPackage ../tools/networking/network-manager/strongswan.nix { };
|
networkmanager_strongswan = callPackage ../tools/networking/network-manager/strongswan { };
|
||||||
|
|
||||||
networkmanagerapplet = callPackage ../tools/networking/network-manager/applet.nix { };
|
networkmanagerapplet = callPackage ../tools/networking/network-manager/applet { };
|
||||||
|
|
||||||
networkmanager_dmenu = callPackage ../tools/networking/network-manager/dmenu.nix { };
|
networkmanager_dmenu = callPackage ../tools/networking/network-manager/dmenu { };
|
||||||
|
|
||||||
newsboat = callPackage ../applications/networking/feedreaders/newsboat {
|
newsboat = callPackage ../applications/networking/feedreaders/newsboat {
|
||||||
inherit (darwin.apple_sdk.frameworks) Security;
|
inherit (darwin.apple_sdk.frameworks) Security;
|
||||||
|
@ -19545,8 +19545,13 @@ let
|
|||||||
url = mirror://cpan/authors/id/G/GB/GBARR/TimeDate-2.30.tar.gz;
|
url = mirror://cpan/authors/id/G/GB/GBARR/TimeDate-2.30.tar.gz;
|
||||||
sha256 = "11lf54akr9nbivqkjrhvkmfdgkbhw85sq0q4mak56n6bf542bgbm";
|
sha256 = "11lf54akr9nbivqkjrhvkmfdgkbhw85sq0q4mak56n6bf542bgbm";
|
||||||
};
|
};
|
||||||
# https://rt.cpan.org/Public/Bug/Display.html?id=124509
|
patches = [
|
||||||
patches = [ ../development/perl-modules/timedate-2020.patch ];
|
# https://rt.cpan.org/Public/Bug/Display.html?id=124509
|
||||||
|
(fetchpatch {
|
||||||
|
url = "https://github.com/atoomic/perl-TimeDate/commit/4b67ccbdc1846620470ca524a5f3e2afd7b33f66.patch";
|
||||||
|
sha256 = "1q37yw0b2pammvl0aana70nq7krqwhpcanqa11h2pg9sa9ls7q87";
|
||||||
|
})
|
||||||
|
];
|
||||||
};
|
};
|
||||||
|
|
||||||
TimeDuration = buildPerlPackage {
|
TimeDuration = buildPerlPackage {
|
||||||
|
Loading…
Reference in New Issue
Block a user