This addresses CVE-2015-8618 (a vulnerability in math/big)
This issue can affect RSA computations in crypto/rsa, which is used by
crypto/tls. TLS servers on 32-bit systems could plausibly leak their RSA
private key due to this issue. Other protocol implementations that
create many RSA signatures could also be impacted in the same way.
https://groups.google.com/forum/#!topic/golang-dev/MEATuOi_ei4
Citing from http://hydra.cryp.to/build/1533084/log/raw:
Configuring ghcjs-0.2.0...
Setup: At least the following dependencies are missing:
aeson >=0.7 && <0.10,
haskell-src-exts ==1.16.*,
optparse-applicative ==0.11.*,
syb >=0.4 && <0.6
This issue has been present for a while now, and it's only gotten worse.
Adding stdenv.cc into the PATH, also setting CC, so that on Darwin
clang will be used by default. Still allowing to use an existing value
of CC if it is set already.
Replacing __inline_isnanl with __inline_isnan on darwin since the former
one was not defined.
Also sync a tiny difference in docs outputs from gcc-5.
I originally assumed that people will push gcc-5 support to master
long before closure-size gets there, but I overestimated the situation.
We haven't really settled even the issue of ABI switch,
so let's use the same gcc version on closure-size and master.
The new GHC version contains a patch [1] that passes linker and compiler flags
to GCC via response files rather than directly on the command-line. This is
supposed to be beneficial on Windows and other platforms that have trouble
dealing with long argument lists. On NixOS, however, this feature breaks the
flag handling provided by gcc-wrapper [2] and therefore causes the entire GHC
build to fail.
This issue has been reported upstream at [3]. It's not clear yet how to remedy
this problem, but until we've figured that out we just don't pass compiler flags
in response files on NixOS to fix https://github.com/NixOS/nixpkgs/issues/10752.
[1] 296bc70b5f
[2] https://github.com/NixOS/nixpkgs/issues/11762
[3] https://ghc.haskell.org/trac/ghc/ticket/11147
