diff options
Diffstat (limited to 'pkgs/development/libraries')
22 files changed, 128 insertions, 70 deletions
diff --git a/pkgs/development/libraries/boehm-gc/default.nix b/pkgs/development/libraries/boehm-gc/default.nix index 34e26f5470937..de5aff6c3b6eb 100644 --- a/pkgs/development/libraries/boehm-gc/default.nix +++ b/pkgs/development/libraries/boehm-gc/default.nix @@ -1,7 +1,6 @@ { lib , stdenv , fetchurl -, autoreconfHook # doc: https://github.com/ivmai/bdwgc/blob/v8.2.2/doc/README.macros (LARGE_CONFIG) , enableLargeConfig ? false , enableMmap ? true @@ -36,14 +35,14 @@ stdenv.mkDerivation (finalAttrs: { # don't forget to disable the fix (and if the next release does # not fix the problem the test failure will be a reminder to # extend the set of versions requiring the workaround). - makeFlags = if (stdenv.hostPlatform.isPower64 && + makeFlags = lib.optionals (stdenv.hostPlatform.isPower64 && finalAttrs.version == "8.2.2") - then [ + [ # do not use /proc primitives to track dirty bits; see: # https://github.com/ivmai/bdwgc/issues/479#issuecomment-1279687537 # https://github.com/ivmai/bdwgc/blob/54522af853de28f45195044dadfd795c4e5942aa/include/private/gcconfig.h#L741 "CFLAGS_EXTRA=-DNO_SOFT_VDB" - ] else null; + ]; # `gctest` fails under emulation on aarch64-darwin doCheck = !(stdenv.isDarwin && stdenv.isx86_64); diff --git a/pkgs/development/libraries/ffmpeg/4.nix b/pkgs/development/libraries/ffmpeg/4.nix index e37e90d553a3b..ac88df930768a 100644 --- a/pkgs/development/libraries/ffmpeg/4.nix +++ b/pkgs/development/libraries/ffmpeg/4.nix @@ -1,15 +1,8 @@ -{ callPackage, fetchpatch, ... }@args: +{ callPackage, ... }@args: callPackage ./generic.nix (rec { - version = "4.4.2"; + version = "4.4.3"; branch = version; - sha256 = "sha256-+YpIJSDEdQdSGpB5FNqp77wThOBZG1r8PaGKqJfeKUg="; + sha256 = "sha256-M7jC281TD+HbVxBBU0Vgm0yiJ70NoeOpMy27DxH9Jzo="; - patches = [ - # SDL2 recently changed their versioning - (fetchpatch { - url = "https://git.videolan.org/?p=ffmpeg.git;a=patch;h=e5163b1d34381a3319214a902ef1df923dd2eeba"; - hash = "sha256-nLhP2+34cj5EgpnUrePZp60nYAxmbhZAEDfay4pBVk0="; - }) - ]; } // args) diff --git a/pkgs/development/libraries/gd/default.nix b/pkgs/development/libraries/gd/default.nix index 7ea8ce6d29b44..c9845feb96783 100644 --- a/pkgs/development/libraries/gd/default.nix +++ b/pkgs/development/libraries/gd/default.nix @@ -1,4 +1,6 @@ -{ lib, stdenv, fetchurl +{ lib +, stdenv +, fetchurl , fetchpatch , autoconf , automake @@ -8,6 +10,7 @@ , libjpeg , libwebp , libtiff +, withXorg ? true , libXpm , libavif , fontconfig @@ -33,20 +36,22 @@ stdenv.mkDerivation rec { hardeningDisable = [ "format" ]; - configureFlags = - [ - "--enable-gd-formats" - ] + configureFlags = [ + "--enable-gd-formats" + ] # -pthread gets passed to clang, causing warnings ++ lib.optional stdenv.isDarwin "--enable-werror=no"; nativeBuildInputs = [ autoconf automake pkg-config ]; - buildInputs = [ zlib fontconfig freetype libpng libjpeg libwebp libtiff libXpm libavif ]; + buildInputs = [ zlib fontconfig freetype libpng libjpeg libwebp libtiff libavif ] + ++ lib.optional withXorg libXpm; outputs = [ "bin" "dev" "out" ]; - postFixup = ''moveToOutput "bin/gdlib-config" $dev''; + postFixup = '' + moveToOutput "bin/gdlib-config" $dev + ''; enableParallelBuilding = true; @@ -57,5 +62,6 @@ stdenv.mkDerivation rec { description = "A dynamic image creation library"; license = licenses.free; # some custom license platforms = platforms.unix; + maintainers = with maintainers; [ ]; }; } diff --git a/pkgs/development/libraries/gettext/default.nix b/pkgs/development/libraries/gettext/default.nix index a1270af259cda..ae5b9f48293a3 100644 --- a/pkgs/development/libraries/gettext/default.nix +++ b/pkgs/development/libraries/gettext/default.nix @@ -60,7 +60,9 @@ stdenv.mkDerivation rec { ../../../build-support/setup-hooks/role.bash ./gettext-setup-hook.sh ]; - gettextNeedsLdflags = stdenv.hostPlatform.libc != "glibc" && !stdenv.hostPlatform.isMusl; + env = { + gettextNeedsLdflags = stdenv.hostPlatform.libc != "glibc" && !stdenv.hostPlatform.isMusl; + }; enableParallelBuilding = true; enableParallelChecking = false; # fails sometimes diff --git a/pkgs/development/libraries/glibc/common.nix b/pkgs/development/libraries/glibc/common.nix index 61c0c92d5280a..889ca7bf48fd6 100644 --- a/pkgs/development/libraries/glibc/common.nix +++ b/pkgs/development/libraries/glibc/common.nix @@ -54,9 +54,6 @@ assert withGd -> gd != null && libpng != null; stdenv.mkDerivation ({ version = version + patchSuffix; - linuxHeaders = if withLinuxHeaders then linuxHeaders else null; - - inherit (stdenv) is64bit; enableParallelBuilding = true; @@ -175,10 +172,14 @@ stdenv.mkDerivation ({ nativeBuildInputs = [ bison python3Minimal ] ++ extraNativeBuildInputs; buildInputs = [ linuxHeaders ] ++ lib.optionals withGd [ gd libpng ] ++ extraBuildInputs; - # Needed to install share/zoneinfo/zone.tab. Set to impure /bin/sh to - # prevent a retained dependency on the bootstrap tools in the stdenv-linux - # bootstrap. - BASH_SHELL = "/bin/sh"; + env = { + linuxHeaders = if withLinuxHeaders then linuxHeaders else ""; + inherit (stdenv) is64bit; + # Needed to install share/zoneinfo/zone.tab. Set to impure /bin/sh to + # prevent a retained dependency on the bootstrap tools in the stdenv-linux + # bootstrap. + BASH_SHELL = "/bin/sh"; + }; # Used by libgcc, elf-header, and others to determine ABI passthru = { inherit version; minorRelease = version; }; diff --git a/pkgs/development/libraries/glibc/locales-builder.sh b/pkgs/development/libraries/glibc/locales-builder.sh index d732e208fa22a..d91f936c937b1 100644 --- a/pkgs/development/libraries/glibc/locales-builder.sh +++ b/pkgs/development/libraries/glibc/locales-builder.sh @@ -1,3 +1,4 @@ +if [ -e .attrs.sh ]; then source .attrs.sh; fi # Glibc cannot have itself in its RPATH. export NIX_NO_SELF_RPATH=1 diff --git a/pkgs/development/libraries/gtk-sharp/builder.sh b/pkgs/development/libraries/gtk-sharp/builder.sh index 4b8f757540b55..73914495d6d41 100644 --- a/pkgs/development/libraries/gtk-sharp/builder.sh +++ b/pkgs/development/libraries/gtk-sharp/builder.sh @@ -1,3 +1,4 @@ +if [ -e .attrs.sh ]; then source .attrs.sh; fi source $stdenv/setup genericBuild diff --git a/pkgs/development/libraries/libarchive/default.nix b/pkgs/development/libraries/libarchive/default.nix index 066ea8b60ddcf..c7e9f117f94cb 100644 --- a/pkgs/development/libraries/libarchive/default.nix +++ b/pkgs/development/libraries/libarchive/default.nix @@ -28,13 +28,13 @@ assert xarSupport -> libxml2 != null; stdenv.mkDerivation rec { pname = "libarchive"; - version = "3.6.1"; + version = "3.6.2"; src = fetchFromGitHub { owner = "libarchive"; repo = "libarchive"; rev = "v${version}"; - hash = "sha256-G4wL5DDbX0FqaA4cnOlVLZ25ObN8dNsRtxyas29tpDA="; + hash = "sha256-wQbA6vlXH8pnpY7LJLkjrRFEBpcaPR1SqxnK71UVwxg="; }; postPatch = '' diff --git a/pkgs/development/libraries/libdevil/default.nix b/pkgs/development/libraries/libdevil/default.nix index a79e5371c01b4..35637512e0a55 100644 --- a/pkgs/development/libraries/libdevil/default.nix +++ b/pkgs/development/libraries/libdevil/default.nix @@ -1,22 +1,36 @@ -{ lib, stdenv, fetchurl, libjpeg, libpng, libmng, lcms1, libtiff, openexr, libGL -, libX11, pkg-config, OpenGL +{ lib +, stdenv +, fetchurl +, libjpeg +, libpng +, libmng +, lcms1 +, libtiff +, openexr +, libGL +, libX11 +, pkg-config +, OpenGL +, runtimeShell +, withXorg ? true }: stdenv.mkDerivation rec { - pname = "libdevil"; version = "1.7.8"; + outputs = [ "out" "dev" ]; + src = fetchurl { url = "mirror://sourceforge/openil/DevIL-${version}.tar.gz"; sha256 = "1zd850nn7nvkkhasrv7kn17kzgslr5ry933v6db62s4lr0zzlbv8"; }; - outputs = [ "out" "dev" ]; + nativeBuildInputs = [ pkg-config ]; - buildInputs = [ libjpeg libpng libmng lcms1 libtiff openexr libGL libX11 ] + buildInputs = [ libjpeg libpng libmng lcms1 libtiff openexr ] + ++ lib.optionals withXorg [ libX11 libGL ] ++ lib.optionals stdenv.isDarwin [ OpenGL ]; - nativeBuildInputs = [ pkg-config ]; configureFlags = [ "--enable-ILU" "--enable-ILUT" ]; @@ -31,29 +45,29 @@ stdenv.mkDerivation rec { sed -i '/RESTRICT_KEYWORD/d' include/IL/config.h ''; - patches = - [ ( fetchurl { + patches = [ + (fetchurl { url = "https://sources.debian.org/data/main/d/devil/1.7.8-10/debian/patches/03_CVE-2009-3994.diff"; sha256 = "0qkx2qfv02igbrmsn6z5a3lbrbwjfh3rb0c2sj54wy0j1f775hbc"; - } ) - ./ftbfs-libpng15.patch - ./il_endian.h.patch - ]; + }) + ./ftbfs-libpng15.patch + ./il_endian.h.patch + ]; enableParallelBuilding = true; postPatch = '' for a in test/Makefile.in test/format_test/format_checks.sh.in ; do substituteInPlace $a \ - --replace /bin/bash ${stdenv.shell} + --replace /bin/bash ${runtimeShell} done ''; meta = with lib; { - homepage = "http://openil.sourceforge.net/"; + homepage = "https://openil.sourceforge.net/"; description = "An image library which can can load, save, convert, manipulate, filter and display a wide variety of image formats"; license = licenses.lgpl2; platforms = platforms.mesaPlatforms; - maintainers = [ ]; + maintainers = with maintainers; [ ]; }; } diff --git a/pkgs/development/libraries/librsvg/default.nix b/pkgs/development/libraries/librsvg/default.nix index 6b174a7dfa4df..a60da602e0709 100644 --- a/pkgs/development/libraries/librsvg/default.nix +++ b/pkgs/development/libraries/librsvg/default.nix @@ -15,7 +15,7 @@ , rustPlatform , rustc , rust -, cargo +, cargo-auditable-cargo-wrapper , gi-docgen , python3Packages , gnome @@ -57,7 +57,7 @@ stdenv.mkDerivation rec { gdk-pixbuf pkg-config rustc - cargo + cargo-auditable-cargo-wrapper python3Packages.docutils vala rustPlatform.cargoSetupHook diff --git a/pkgs/development/libraries/nghttp2/default.nix b/pkgs/development/libraries/nghttp2/default.nix index 8e3264dcbc510..f118467b56cf4 100644 --- a/pkgs/development/libraries/nghttp2/default.nix +++ b/pkgs/development/libraries/nghttp2/default.nix @@ -31,11 +31,11 @@ assert enableJemalloc -> enableApp; stdenv.mkDerivation rec { pname = "nghttp2"; - version = "1.49.0"; + version = "1.51.0"; src = fetchurl { url = "https://github.com/${pname}/${pname}/releases/download/v${version}/${pname}-${version}.tar.bz2"; - sha256 = "sha256-LNTbfXX3FJQVMknL6UoJLaTG7NdCQPirGM9kTZ1l9u4="; + sha256 = "sha256-6z6m9bYMbT7b8GXgT0NOjtYpGlyxoHkZxBcwqx/MAOA="; }; outputs = [ "bin" "out" "dev" "lib" ] diff --git a/pkgs/development/libraries/oniguruma/default.nix b/pkgs/development/libraries/oniguruma/default.nix index bc084829e7bb5..3062c3cb4e11c 100644 --- a/pkgs/development/libraries/oniguruma/default.nix +++ b/pkgs/development/libraries/oniguruma/default.nix @@ -1,16 +1,18 @@ -{ lib, stdenv, fetchFromGitHub, autoreconfHook }: +{ lib, stdenv, fetchurl, autoreconfHook }: stdenv.mkDerivation rec { - pname = "onig"; + pname = "oniguruma"; version = "6.9.8"; - src = fetchFromGitHub { - owner = "kkos"; - repo = "oniguruma"; - rev = "v${version}"; - sha256 = "sha256-8aFZdhh6ovLCR0A17rvWq/Oif66rSMnHcCYHjClNElw="; + # Note: do not use fetchpatch or fetchFromGitHub to keep this package available in __bootPackages + src = fetchurl { + url = "https://github.com/kkos/oniguruma/releases/download/v${version}/onig-${version}.tar.gz"; + sha256 = "sha256-KM1iwUZGI8eRBWX7HMqqAQSy/osSvNZG6B9ztHU1IT4="; }; + outputs = [ "dev" "lib" "out" ]; + outputBin = "dev"; # onig-config + nativeBuildInputs = [ autoreconfHook ]; configureFlags = [ "--enable-posix-api=yes" ]; @@ -18,7 +20,7 @@ stdenv.mkDerivation rec { homepage = "https://github.com/kkos/oniguruma"; description = "Regular expressions library"; license = licenses.bsd2; - maintainers = with maintainers; [ ]; + maintainers = with maintainers; [ artturin ]; platforms = platforms.unix; }; } diff --git a/pkgs/development/libraries/openssl/3.0/CVE-2022-3996.patch b/pkgs/development/libraries/openssl/3.0/CVE-2022-3996.patch new file mode 100644 index 0000000000000..2acedda0e3a49 --- /dev/null +++ b/pkgs/development/libraries/openssl/3.0/CVE-2022-3996.patch @@ -0,0 +1,36 @@ +From 7725e7bfe6f2ce8146b6552b44e0d226be7638e7 Mon Sep 17 00:00:00 2001 +From: Pauli <pauli@openssl.org> +Date: Fri, 11 Nov 2022 09:40:19 +1100 +Subject: [PATCH] x509: fix double locking problem + +This reverts commit 9aa4be691f5c73eb3c68606d824c104550c053f7 and removed the +redundant flag setting. + +Fixes #19643 + +Fixes LOW CVE-2022-3996 + +Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com> +Reviewed-by: Tomas Mraz <tomas@openssl.org> +(Merged from https://github.com/openssl/openssl/pull/19652) + +(cherry picked from commit 4d0340a6d2f327700a059f0b8f954d6160f8eef5) +--- + crypto/x509/pcy_map.c | 4 ---- + 1 file changed, 4 deletions(-) + +diff --git a/crypto/x509/pcy_map.c b/crypto/x509/pcy_map.c +index 05406c6493fc..60dfd1e3203b 100644 +--- a/crypto/x509/pcy_map.c ++++ b/crypto/x509/pcy_map.c +@@ -73,10 +73,6 @@ int ossl_policy_cache_set_mapping(X509 *x, POLICY_MAPPINGS *maps) + + ret = 1; + bad_mapping: +- if (ret == -1 && CRYPTO_THREAD_write_lock(x->lock)) { +- x->ex_flags |= EXFLAG_INVALID_POLICY; +- CRYPTO_THREAD_unlock(x->lock); +- } + sk_POLICY_MAPPING_pop_free(maps, POLICY_MAPPING_free); + return ret; + diff --git a/pkgs/development/libraries/openssl/default.nix b/pkgs/development/libraries/openssl/default.nix index 45a34971c8f04..4c322997963a6 100644 --- a/pkgs/development/libraries/openssl/default.nix +++ b/pkgs/development/libraries/openssl/default.nix @@ -241,6 +241,9 @@ in { (if stdenv.hostPlatform.isDarwin then ./use-etc-ssl-certs-darwin.patch else ./use-etc-ssl-certs.patch) + + # Remove with 3.0.8 release + ./3.0/CVE-2022-3996.patch ]; withDocs = true; diff --git a/pkgs/development/libraries/pcre2/default.nix b/pkgs/development/libraries/pcre2/default.nix index 226b92ccfdd35..82fc33670bc56 100644 --- a/pkgs/development/libraries/pcre2/default.nix +++ b/pkgs/development/libraries/pcre2/default.nix @@ -6,11 +6,11 @@ stdenv.mkDerivation rec { pname = "pcre2"; - version = "10.40"; + version = "10.42"; src = fetchurl { url = "https://github.com/PhilipHazel/pcre2/releases/download/pcre2-${version}/pcre2-${version}.tar.bz2"; - hash = "sha256-FOS4PEeDkz3BfpZDGOYyT3yuG8ddjzx5vGlp8AwVnWg="; + hash = "sha256-jTbNjLbqKkwrs1j/ZBGwx4hjOipF2rvxrrS3AdG16EA="; }; configureFlags = [ diff --git a/pkgs/development/libraries/polkit/default.nix b/pkgs/development/libraries/polkit/default.nix index e9f9120620ac4..6d2a56d03ac35 100644 --- a/pkgs/development/libraries/polkit/default.nix +++ b/pkgs/development/libraries/polkit/default.nix @@ -167,7 +167,7 @@ stdenv.mkDerivation rec { rsync --archive "${DESTDIR}${system}"/* "$out" rm --recursive "${DESTDIR}${system}"/* rmdir --parents --ignore-fail-on-non-empty "${DESTDIR}${system}" - for o in $outputs; do + for o in $(getAllOutputNames); do rsync --archive "${DESTDIR}/''${!o}" "$(dirname "''${!o}")" rm --recursive "${DESTDIR}/''${!o}" done diff --git a/pkgs/development/libraries/spirv-headers/default.nix b/pkgs/development/libraries/spirv-headers/default.nix index 8abdea5249b79..78dc373d4ab6e 100644 --- a/pkgs/development/libraries/spirv-headers/default.nix +++ b/pkgs/development/libraries/spirv-headers/default.nix @@ -2,13 +2,13 @@ stdenv.mkDerivation rec { pname = "spirv-headers"; - version = "1.3.231.0"; + version = "1.3.236.0"; src = fetchFromGitHub { owner = "KhronosGroup"; repo = "SPIRV-Headers"; rev = "sdk-${version}"; - hash = "sha256-lUWgZYGPu+IaLUrbtyC7R0o3Hq/q7C7BE8r7DAsiC30="; + hash = "sha256-eWI1MyIWxcg1JepRsnHBmitehDigDa+dR8kXvIkYejY="; }; nativeBuildInputs = [ cmake ]; diff --git a/pkgs/development/libraries/vulkan-headers/default.nix b/pkgs/development/libraries/vulkan-headers/default.nix index 1db531e3732cd..8f1202088e58e 100644 --- a/pkgs/development/libraries/vulkan-headers/default.nix +++ b/pkgs/development/libraries/vulkan-headers/default.nix @@ -1,7 +1,7 @@ { lib, stdenv, fetchFromGitHub, cmake }: stdenv.mkDerivation rec { pname = "vulkan-headers"; - version = "1.3.231.0"; + version = "1.3.236.0"; nativeBuildInputs = [ cmake ]; @@ -9,7 +9,7 @@ stdenv.mkDerivation rec { owner = "KhronosGroup"; repo = "Vulkan-Headers"; rev = "sdk-${version}"; - hash = "sha256-EoD48jBoJmIet4BDC6bYxOsKK2358SZ/NcZeM61q/5g="; + hash = "sha256-b1q9QugFH4lieS8CTOyZ3uoQ7bd44G8NPEwRtUPD+24="; }; meta = with lib; { diff --git a/pkgs/development/libraries/vulkan-loader/default.nix b/pkgs/development/libraries/vulkan-loader/default.nix index 27c1423d94e50..8d38f725a64d6 100644 --- a/pkgs/development/libraries/vulkan-loader/default.nix +++ b/pkgs/development/libraries/vulkan-loader/default.nix @@ -3,14 +3,14 @@ stdenv.mkDerivation rec { pname = "vulkan-loader"; - version = "1.3.231.0"; + version = "1.3.236.0"; src = (assert version == vulkan-headers.version; fetchFromGitHub { owner = "KhronosGroup"; repo = "Vulkan-Loader"; rev = "sdk-${version}"; - hash = "sha256-HWaa3JT0znhvqbvZdcsAwy8Dr6HDQp4rgpVmMOuCo0s="; + hash = "sha256-Y6OakowZlb40ZatITQCFBK/qSZqSdgTNew1XUFD/jMo="; }); patches = [ ./fix-pkgconfig.patch ]; diff --git a/pkgs/development/libraries/wtk/builder.sh b/pkgs/development/libraries/wtk/builder.sh index 86f2719537cd0..c3ad173b09338 100644 --- a/pkgs/development/libraries/wtk/builder.sh +++ b/pkgs/development/libraries/wtk/builder.sh @@ -1,3 +1,4 @@ +if [ -e .attrs.sh ]; then source .attrs.sh; fi source $stdenv/setup mkdir unzipped diff --git a/pkgs/development/libraries/x265/default.nix b/pkgs/development/libraries/x265/default.nix index 92f7f11170f6e..b63b0101d54be 100644 --- a/pkgs/development/libraries/x265/default.nix +++ b/pkgs/development/libraries/x265/default.nix @@ -35,8 +35,7 @@ let (mkFlag vtuneSupport "ENABLE_VTUNE") (mkFlag werrorSupport "WARNINGS_AS_ERRORS") # Potentially riscv cross could be fixed by providing the correct CMAKE_SYSTEM_PROCESSOR flag - (mkFlag (with stdenv; !(isCross && hostPlatform.isRiscV || isDarwin && isAarch64)) "ENABLE_ASSEMBLY") - ]; + ] ++ lib.optional (isCross && stdenv.hostPlatform.isRiscV) "-DENABLE_ASSEMBLY=OFF"; cmakeStaticLibFlags = [ "-DHIGH_BIT_DEPTH=ON" diff --git a/pkgs/development/libraries/xapian/default.nix b/pkgs/development/libraries/xapian/default.nix index 700fa1d13dd12..3c0a555dd9780 100644 --- a/pkgs/development/libraries/xapian/default.nix +++ b/pkgs/development/libraries/xapian/default.nix @@ -26,7 +26,7 @@ let nativeBuildInputs = [ autoreconfHook ]; doCheck = true; - AUTOMATED_TESTING = true; # https://trac.xapian.org/changeset/8be35f5e1/git + env.AUTOMATED_TESTING = true; # https://trac.xapian.org/changeset/8be35f5e1/git patches = lib.optionals stdenv.isDarwin [ ./skip-flaky-darwin-test.patch ]; |