Commit Graph

104 Commits

Author SHA1 Message Date
Markus S. Wamser
8cd9c041b4
zlib: 1.2.11 -> 1.2.12 (security, CVE-2018-25032)
This version bump is the official fix for CVE-2018-25032.

Release Notes:
https://zlib.net/
2022-03-31 20:18:15 +02:00
Tom Wieczorek
1832678aee zlib: add patches to fix CVE-2018-25032
https://nvd.nist.gov/vuln/detail/CVE-2018-25032
https://www.openwall.com/lists/oss-security/2022/03/24/1

A similar change landed in Alpine: https://git.alpinelinux.org/aports/commit/?id=361df5902aa1e81594b17f06a13e10527dfb8aed
2022-03-31 19:42:59 +02:00
Felix Bühler
3b8270ac54
zlib: rename name to pname&version (#157751) 2022-02-03 20:05:47 -05:00
John Ericson
904625852d pkgsStatic: Inline more of static overlay 2021-08-19 21:55:06 +00:00
Andrew Childs
24a378c070 zlib: fix cross compilation on darwin 2021-05-17 00:27:00 +09:00
Taeer Bar-Yam
9c662a39b2 zlib: fix windows static compile 2021-04-28 10:06:20 -04:00
Ben Siraphob
66e44425c6 pkgs/development/libraries: stdenv.lib -> lib 2021-01-21 19:11:02 -08:00
John Ericson
f52263ced0 treewide: Start to break up static overlay
We can use use `stdenv.hostPlatform.isStatic` instead, and move the
logic per package. The least opionated benefit of this is that it makes
it much easier to replace packages with modified ones, as there is no
longer any issue of overlay order.

CC @FRidh @matthewbauer
2021-01-03 19:18:16 +00:00
Matthew Bauer
d0677e6d45 treewide: add warning comment to “boot” packages
This adds a warning to the top of each “boot” package that reads:

  Note: this package is used for bootstrapping fetchurl, and thus cannot
  use fetchpatch! All mutable patches (generated by GitHub or cgit) that
  are needed here should be included directly in Nixpkgs as files.

This makes it clear to maintainer that they may need to treat this
package a little differently than others. Importantly, we can’t use
fetchpatch here due to using <nix/fetchurl.nix>. To avoid having stale
hashes, we need to include patches that are subject to changing
overtime (for instance, gitweb’s patches contain a version number at
the bottom).
2020-07-31 08:56:53 +02:00
Michael Reilly
84cf00f980
treewide: Per RFC45, remove all unquoted URLs 2020-04-10 17:54:53 +01:00
Niklas Hambüchen
6393bdb0ed zlib: Fix typo in comment. No eval changes.
This created confusion in #71813.
2019-12-06 20:45:58 +01:00
Benjamin Hipple
11acf66e00 zlib: enable check and parallel building (#62025)
* zlib: enable check and parallel building

* Remove empty maintainers line
2019-08-31 23:20:02 -04:00
Niklas Hambüchen
aa99a263cc zlib: Properly clean up static/shared distinction
This improves what commit

    e999def1 zlib: clean up static/shared distincion

described as "kind of a mess" and "confusing". And indeed it was confusing.

Now, the concept whether or not the .a file is moved to a split output
is controlled by a clean variable.

The defaults remain unchanged.

The new approach also finally cleanly allows building statically but NOT
using a split output, like all other autoconf-based projects in nixpkgs do
(using the `dontDisableStatic` setting).
That is important for overlays that want to enable static libs for all
packages in one go, without having to hand-patch idiosynchrasies like zlib
had until now.

Until now, if you wanted the .a in the main output, the only way was to go via
`static=false, shared=true` -- which made no sense, because you had to say
`static=false` even though you want a static lib. That is fixed now.
2019-08-17 15:59:29 +02:00
Niklas Hambüchen
bda6618bb6 zlib: Add comments regarding static/shared linking.
The main explanation was taken from commit:

    e999def1 zlib: clean up static/shared distincion

The `SHARED_MODE=1` bit was originally introduced in commit:

    0bfc84b0 Cross-compile zlib for Windows
2019-08-11 21:32:22 +02:00
worldofpeace
cab7c6cbd9 treewide: use dontConfigure 2019-07-01 04:23:51 -04:00
Matthew Bauer
e999def159 zlib: clean up static/shared distincion
This is kind of a mess, but basically:

- static=true, shared=true means to build statically but move it to
  the static output
- static=true, shared=false means to build statically and leave it in
  the main output
- static=false, shared=true means to not build static at all

Confusingly, the old default was static=true, shared=true even though
static=false? Still can’t figure out what was meant by that.
2018-12-04 21:14:41 -06:00
Matthew Bauer
845a364564 zlib: skip configure in windows
configure spits out an error when running on windows
2018-10-17 12:43:07 -05:00
John Ericson
cc83d59333 zlib: Fix iOS cross build
1. CHOST is how one specifies the cross host platform with this
  non-standard configure script. We were just getting lucky with Linux
  cross.

  2. install_name_tool needs the the binutils prefix.
2018-09-19 12:10:09 -04:00
John Ericson
0828e2d8c3 treewide: Remove usage of remaining redundant platform compatability stuff
Want to get this out of here for 18.09, so it can be deprecated
thereafter.
2018-08-30 17:20:32 -04:00
Markus Kowalewski
2ff7660178
zlib: add license 2018-08-09 11:13:44 +02:00
Silvan Mosberger
57bccb3cb8 treewide: http -> https sources (#42676)
* treewide: http -> https sources

This updates the source urls of all top-level packages from http to
https where possible.

* buildtorrent: fix url and tab -> spaces
2018-06-28 20:43:35 +02:00
John Ericson
e755a8a27d treewide: Use targetPrefix instead of prefix for platform name prefixes
Certain tools, e.g. compilers, are customarily prefixed with the name of
their target platform so that multiple builds can be used at once
without clobbering each other on the PATH. I was using identifiers named
`prefix` for this purpose, but that conflicts with the standard use of
`prefix` to mean the directory where something is installed. To avoid
conflict and confusion, I renamed those to `targetPrefix`.
2017-11-27 03:15:50 -05:00
John Ericson
e5567bae2d treewide: Do not limit hardenging because gcc 4.9 in bootstrap
Bootstrap tools has since been bumped
2017-09-14 10:27:13 -04:00
John Ericson
95c8277701 misc pkgs: Remove unneeded *Platform == *Platform comparisons
PR #26007 used these to avoid causing a mass rebuild. Now that we know
things work, we do that to clean up.
2017-06-30 10:09:31 -04:00
John Ericson
16be434b0b Merge accepted cross compilation PRs into staging 2017-06-28 23:17:21 -04:00
John Ericson
da668f66c7 zlib: cc-wrapper can be relied on to export this env var 2017-06-28 18:31:37 -04:00
David McFarland
cbc0db08f9 zlib: fix cygwin build 2017-06-26 09:33:25 -03:00
Ross MacLeod
f63f96ae35 zlib: don't really override CC at ay point
but leave the preConfigure script as it was when not cross building in order to avoid hash breakage
2017-06-22 17:53:52 -04:00
John Ericson
594d264205 cross stdenv adaptor: Support --host --build --target across the board
Packages get --host and --target by default, but can explicitly request
any subset to be passed as needed. See docs for more info.

rustc: Avoid hash breakage by using the old (ignored)
dontSetConfigureCross when not cross building
2017-06-22 17:52:28 -04:00
Vladimír Čunát
150cddca6f
zlib: 1.2.10 -> 1.2.11 2017-02-05 13:30:44 +01:00
Daiderd Jordan
bba12a6c90
Merge branch 'master' into staging 2017-01-09 23:57:47 +01:00
Sebastian Hagen
d042abef26 zlib: Fix zlib.net URL. (#21753)
Look for primary source file below
  http://zlib.net/fossils/ as opposed to
  http://zlib.net/
. zlib-1.2.8.tar.gz is still available at the former location, and will likely
remain there. In addition, it's important that the first URL work since zlib
is in the bootstrap path, and 16.09 (at least) bootstrap doesn't try to fetch
from later ones.
2017-01-08 18:09:57 +01:00
Vladimír Čunát
948e9edce6
zlib: maintenance 1.2.8 -> 1.2.10
The removed CVEs should be fixed in the release.
2017-01-06 21:45:20 +01:00
Graham Christensen
41f55691a9
zlib: patch for CVE-2016-9840, CVE-2016-9841, CVE-9842, CVE-9843 2016-12-21 17:15:52 -05:00
Tuomas Tynkkynen
a17216af4c treewide: Shuffle outputs
Make either 'bin' or 'out' the first output.
2016-08-29 14:49:51 +03:00
Franz Pletz
f8d481754c
Merge remote-tracking branch 'origin/master' into hardened-stdenv 2016-05-18 17:10:02 +02:00
Vladimír Čunát
1dc36904d8 Merge #14920: windows improvements, mainly mingw 2016-05-05 08:30:19 +02:00
Vladimír Čunát
c7377b0e4a zlib, bash: mass-rebuild cleanup 2016-04-25 17:12:49 +02:00
Vladimír Čunát
321ecde8a1 zlib: on mingw, add another DLL link
Also clean up the expression a little.
It fixes at least libpng's DLL.
2016-04-23 10:52:03 +02:00
Robin Gloster
d020caa5b2 Merge remote-tracking branch 'upstream/master' into hardened-stdenv 2016-04-18 13:49:22 +00:00
Franz Pletz
aff1f4ab94 Use general hardening flag toggle lists
The following parameters are now available:

  * hardeningDisable
    To disable specific hardening flags
  * hardeningEnable
    To enable specific hardening flags

Only the cc-wrapper supports this right now, but these may be reused by
other wrappers, builders or setup hooks.

cc-wrapper supports the following flags:

  * fortify
  * stackprotector
  * pie (disabled by default)
  * pic
  * strictoverflow
  * format
  * relro
  * bindnow
2016-03-05 18:55:26 +01:00
Robin Gloster
402d57ee8e bootstrap env: disable stackprotector hardening until gcc >=4.9 2016-02-22 18:32:53 +00:00
Robin Gloster
acb408646e remove local pic flags, now set by hardened stdenv 2016-01-30 16:36:57 +00:00
Vladimír Čunát
716aac2519 Merge branch 'staging' into closure-size 2016-01-19 09:55:31 +01:00
janus
55aa9163cc FreeBSD: minor fixes, add notes and make stdenv more robust 2016-01-01 17:01:13 +00:00
janus
f351aaaf85 FreeBSD: use own stdenv, do not run libtiff tests, use PIC for zlib 2016-01-01 17:01:13 +00:00
Luca Bruno
e289717414 rename moveToOutput and propagatedBuildInputs 2015-12-02 10:05:36 +01:00
Vladimír Čunát
302b27f64b zlib: don't split the tiny man page 2015-10-28 10:09:33 +01:00
Vladimír Čunát
5227fb1dd5 Merge commit staging+systemd into closure-size
Many non-conflict problems weren't (fully) resolved in this commit yet.
2015-10-03 13:33:37 +02:00
Jude Taylor
fa9c81f694 pure darwin stdenv 2015-06-18 12:37:41 -07:00