diff options
Diffstat (limited to 'pkgs/development')
134 files changed, 509 insertions, 775 deletions
diff --git a/pkgs/development/compilers/ccl/default.nix b/pkgs/development/compilers/ccl/default.nix index e5e07705a18b0..ee0153c13b0f8 100644 --- a/pkgs/development/compilers/ccl/default.nix +++ b/pkgs/development/compilers/ccl/default.nix @@ -5,7 +5,7 @@ let /* TODO: there are also MacOS, FreeBSD and Windows versions */ x86_64-linux = { arch = "linuxx86"; - sha256 = "0d2vhp5n74yhwixnvlsnp7dzaf9aj6zd2894hr2728djyd8x9fx6"; + sha256 = "07cny2qkzc624bzpdsy4iakcln0p7v5rhf8bv0vnh6rhpvnahrnq"; runtime = "lx86cl64"; kernel = "linuxx8664"; }; diff --git a/pkgs/development/compilers/clean/default.nix b/pkgs/development/compilers/clean/default.nix index 7f3e679e84763..3fed2289f9549 100644 --- a/pkgs/development/compilers/clean/default.nix +++ b/pkgs/development/compilers/clean/default.nix @@ -14,6 +14,8 @@ stdenv.mkDerivation rec { }) else throw "Architecture not supported"; + hardeningDisable = [ "format" "pic" ]; + # clm uses timestamps of dcl, icl, abc and o files to decide what must be rebuild # and for chroot builds all of the library files will have equal timestamps. This # makes clm try to rebuild the library modules (and fail due to absence of write permission diff --git a/pkgs/development/compilers/dev86/default.nix b/pkgs/development/compilers/dev86/default.nix index c9d58e433f697..ec33869761be5 100644 --- a/pkgs/development/compilers/dev86/default.nix +++ b/pkgs/development/compilers/dev86/default.nix @@ -9,6 +9,8 @@ stdenv.mkDerivation rec { sha256 = "154dyr2ph4n0kwi8yx0n78j128kw29rk9r9f7s2gddzrdl712jr3"; }; + hardeningDisable = [ "format" ]; + makeFlags = "PREFIX=$(out)"; meta = { diff --git a/pkgs/development/compilers/ecl/default.nix b/pkgs/development/compilers/ecl/default.nix index ee7dffdf06522..73c4755e9cd6a 100644 --- a/pkgs/development/compilers/ecl/default.nix +++ b/pkgs/development/compilers/ecl/default.nix @@ -23,9 +23,11 @@ in stdenv.mkDerivation { inherit (s) name version; inherit buildInputs propagatedBuildInputs; + src = fetchurl { inherit (s) url sha256; }; + configureFlags = [ "--enable-threads" "--with-gmp-prefix=${gmp}" @@ -35,12 +37,16 @@ stdenv.mkDerivation { (stdenv.lib.optional (! noUnicode) "--enable-unicode") ; + + hardeningDisable = [ "format" ]; + postInstall = '' sed -e 's/@[-a-zA-Z_]*@//g' -i $out/bin/ecl-config wrapProgram "$out/bin/ecl" \ --prefix NIX_LDFLAGS ' ' "-L${gmp.lib or gmp.out or gmp}/lib" \ --prefix NIX_LDFLAGS ' ' "-L${libffi.lib or libffi.out or libffi}/lib" ''; + meta = { inherit (s) version; description = "Lisp implementation aiming to be small, fast and easy to embed"; diff --git a/pkgs/development/compilers/edk2/default.nix b/pkgs/development/compilers/edk2/default.nix index f68681e60232c..da178e80a1a49 100644 --- a/pkgs/development/compilers/edk2/default.nix +++ b/pkgs/development/compilers/edk2/default.nix @@ -11,7 +11,7 @@ else edk2 = stdenv.mkDerivation { name = "edk2-2014-12-10"; - + src = fetchgit { url = git://github.com/tianocore/edk2; rev = "684a565a04"; @@ -20,9 +20,9 @@ edk2 = stdenv.mkDerivation { buildInputs = [ libuuid pythonFull ]; - buildPhase = '' - make -C BaseTools - ''; + makeFlags = "-C BaseTools"; + + hardeningDisable = [ "format" "fortify" ]; installPhase = '' mkdir -vp $out diff --git a/pkgs/development/compilers/gcc/4.5/default.nix b/pkgs/development/compilers/gcc/4.5/default.nix index 6cde7aba92a0b..7d84cb2451641 100644 --- a/pkgs/development/compilers/gcc/4.5/default.nix +++ b/pkgs/development/compilers/gcc/4.5/default.nix @@ -134,6 +134,8 @@ stdenv.mkDerivation ({ inherit langC langCC langFortran langJava langAda; }; + hardeningDisable = [ "format" ] ++ optional (name != "gnat") "all"; + patches = [ ] ++ optional (cross != null) ../libstdc++-target.patch @@ -207,7 +209,7 @@ stdenv.mkDerivation ({ nativeBuildInputs = [ texinfo which ] ++ optional (perl != null) perl; - + buildInputs = [ gmp mpfr libmpc libelf gettext ] ++ (optional (ppl != null) ppl) ++ (optional (cloogppl != null) cloogppl) diff --git a/pkgs/development/compilers/gcc/4.6/default.nix b/pkgs/development/compilers/gcc/4.6/default.nix index bc968d1f66e31..bdffbc043d0f7 100644 --- a/pkgs/development/compilers/gcc/4.6/default.nix +++ b/pkgs/development/compilers/gcc/4.6/default.nix @@ -193,6 +193,8 @@ stdenv.mkDerivation ({ inherit patches enableMultilib; + hardeningDisable = [ "format" ]; + libc_dev = stdenv.cc.libc_dev; postPatch = diff --git a/pkgs/development/compilers/gcc/4.8/default.nix b/pkgs/development/compilers/gcc/4.8/default.nix index 5089f703d5edf..bc6c64eb70949 100644 --- a/pkgs/development/compilers/gcc/4.8/default.nix +++ b/pkgs/development/compilers/gcc/4.8/default.nix @@ -216,6 +216,8 @@ stdenv.mkDerivation ({ inherit patches; + hardeningDisable = [ "format" ]; + outputs = [ "out" "lib" "doc" ]; setOutputFlags = false; NIX_NO_SELF_RPATH = true; diff --git a/pkgs/development/compilers/gcc/4.9/default.nix b/pkgs/development/compilers/gcc/4.9/default.nix index 2124136482367..7e6da2dc93e48 100644 --- a/pkgs/development/compilers/gcc/4.9/default.nix +++ b/pkgs/development/compilers/gcc/4.9/default.nix @@ -218,6 +218,8 @@ stdenv.mkDerivation ({ inherit patches; + hardeningDisable = [ "format" ]; + outputs = if langJava || langGo then ["out" "man" "info"] else [ "out" "lib" "man" "info" ]; setOutputFlags = false; diff --git a/pkgs/development/compilers/gcc/5/default.nix b/pkgs/development/compilers/gcc/5/default.nix index d7ff8fe99dfc1..fe48cdfd4855c 100644 --- a/pkgs/development/compilers/gcc/5/default.nix +++ b/pkgs/development/compilers/gcc/5/default.nix @@ -215,6 +215,9 @@ stdenv.mkDerivation ({ sha256 = "1ny4smkp5bzs3cp8ss7pl6lk8yss0d9m4av1mvdp72r1x695akxq"; }; + # FIXME stackprotector needs gcc 4.9 in bootstrap tools + hardeningDisable = [ "stackprotector" "format" ]; + inherit patches; outputs = [ "out" "lib" "man" "info" ]; diff --git a/pkgs/development/compilers/gcc/gfortran-darwin.nix b/pkgs/development/compilers/gcc/gfortran-darwin.nix index 66f273482cfb2..5162f311e4e05 100644 --- a/pkgs/development/compilers/gcc/gfortran-darwin.nix +++ b/pkgs/development/compilers/gcc/gfortran-darwin.nix @@ -7,12 +7,18 @@ stdenv.mkDerivation rec { name = "gfortran-${version}"; version = "5.1.0"; - buildInputs = [gmp mpfr libmpc isl_0_14 cloog zlib]; + + buildInputs = [ gmp mpfr libmpc isl_0_14 cloog zlib ]; + src = fetchurl { url = "mirror://gnu/gcc/gcc-${version}/gcc-${version}.tar.bz2"; sha256 = "1bd5vj4px3s8nlakbgrh38ynxq4s654m6nxz7lrj03mvkkwgvnmp"; }; + patches = ./gfortran-darwin.patch; + + hardeningDisable = [ "format" ]; + configureFlags = '' --disable-bootstrap --disable-cloog-version-check @@ -28,11 +34,15 @@ stdenv.mkDerivation rec { --with-native-system-header-dir=${Libsystem}/include --with-system-zlib ''; + postConfigure = '' export DYLD_LIBRARY_PATH=`pwd`/`uname -m`-apple-darwin`uname -r`/libgcc ''; - makeFlags = ["CC=clang"]; + + makeFlags = [ "CC=clang" ]; + passthru.cc = stdenv.cc.cc; + meta = with stdenv.lib; { description = "GNU Fortran compiler, part of the GNU Compiler Collection"; homepage = "https://gcc.gnu.org/fortran/"; diff --git a/pkgs/development/compilers/gcl/default.nix b/pkgs/development/compilers/gcl/default.nix index cf5b862646e48..cf25f989c7c43 100644 --- a/pkgs/development/compilers/gcl/default.nix +++ b/pkgs/development/compilers/gcl/default.nix @@ -32,24 +32,9 @@ stdenv.mkDerivation rec { "--enable-ansi" ]; - # Upstream bug submitted - http://savannah.gnu.org/bugs/index.php?30371 - # $TMPDIR must have no extension - # setVars = a.noDepEntry '' - # export TMPDIR="''${TMPDIR:-''${TMP:-''${TEMP}}}/tmp-for-gcl" - # mkdir -p "$TMPDIR" - # ''; - - preBuild = '' - # sed -re "s@/bin/cat@$(which cat)@g" -i configure */configure - # sed -re "s@if test -d /proc/self @if false @" -i configure - # sed -re 's^([ \t])cpp ^\1cpp -I${stdenv.cc.cc}/include -I${stdenv.cc.libc}/include ^g' -i makefile - - export NIX_CFLAGS_COMPILE="$NIX_CFLAGS_COMPILE -fgnu89-inline" - ''; - - /* doConfigure should be removed if not needed */ - # phaseNames = ["setVars" "doUnpack" "preBuild" - # "doConfigure" "doMakeInstall"]; + hardeningDisable = [ "pic" ]; + + NIX_CFLAGS_COMPILE = "-fgnu89-inline"; meta = { description = "GNU Common Lisp compiler working via GCC"; diff --git a/pkgs/development/compilers/ghc/6.10.4.nix b/pkgs/development/compilers/ghc/6.10.4.nix index d8d25ef8082c4..9a816797291bb 100644 --- a/pkgs/development/compilers/ghc/6.10.4.nix +++ b/pkgs/development/compilers/ghc/6.10.4.nix @@ -12,6 +12,8 @@ stdenv.mkDerivation rec { buildInputs = [ghc libedit perl gmp]; + hardeningDisable = [ "format" ]; + configureFlags = [ "--with-gmp-libraries=${gmp.out}/lib" "--with-gmp-includes=${gmp.dev}/include" diff --git a/pkgs/development/compilers/go/1.4.nix b/pkgs/development/compilers/go/1.4.nix index 17c3cc0521778..5b6af31d684f1 100644 --- a/pkgs/development/compilers/go/1.4.nix +++ b/pkgs/development/compilers/go/1.4.nix @@ -20,6 +20,8 @@ stdenv.mkDerivation rec { buildInputs = [ pcre ]; propagatedBuildInputs = lib.optional stdenv.isDarwin Security; + hardeningDisable = [ "all" ]; + # I'm not sure what go wants from its 'src', but the go installation manual # describes an installation keeping the src. preUnpack = '' diff --git a/pkgs/development/compilers/go/1.5.nix b/pkgs/development/compilers/go/1.5.nix index b5bfac850280e..7f7abd8a6e755 100644 --- a/pkgs/development/compilers/go/1.5.nix +++ b/pkgs/development/compilers/go/1.5.nix @@ -29,6 +29,8 @@ stdenv.mkDerivation rec { Security Foundation ]; + hardeningDisable = [ "all" ]; + # I'm not sure what go wants from its 'src', but the go installation manual # describes an installation keeping the src. preUnpack = '' diff --git a/pkgs/development/compilers/go/1.6.nix b/pkgs/development/compilers/go/1.6.nix index be6f1a5402d63..71f427d466457 100644 --- a/pkgs/development/compilers/go/1.6.nix +++ b/pkgs/development/compilers/go/1.6.nix @@ -29,6 +29,8 @@ stdenv.mkDerivation rec { Security Foundation ]; + hardeningDisable = [ "all" ]; + # I'm not sure what go wants from its 'src', but the go installation manual # describes an installation keeping the src. preUnpack = '' diff --git a/pkgs/development/compilers/gprolog/default.nix b/pkgs/development/compilers/gprolog/default.nix index 283bfedcf54e4..1465206484d4c 100644 --- a/pkgs/development/compilers/gprolog/default.nix +++ b/pkgs/development/compilers/gprolog/default.nix @@ -11,6 +11,8 @@ stdenv.mkDerivation rec { sha256 = "13miyas47bmijmadm68cbvb21n4s156gjafz7kfx9brk9djfkh0q"; }; + hardeningDisable = stdenv.lib.optional stdenv.isi686 "pic"; + patchPhase = '' sed -i -e "s|/tmp/make.log|$TMPDIR/make.log|g" src/Pl2Wam/check_boot ''; diff --git a/pkgs/development/compilers/mkcl/default.nix b/pkgs/development/compilers/mkcl/default.nix index af1ebd6a19678..1678a6e509158 100644 --- a/pkgs/development/compilers/mkcl/default.nix +++ b/pkgs/development/compilers/mkcl/default.nix @@ -13,6 +13,8 @@ stdenv.mkDerivation rec { buildInputs = [ makeWrapper ]; propagatedBuildInputs = [ gmp ]; + hardeningDisable = [ "format" ]; + configureFlags = [ "GMP_CFLAGS=-I${gmp.dev}/include" "GMP_LDFLAGS=-L${gmp.out}/lib" diff --git a/pkgs/development/compilers/qcmm/builder.sh b/pkgs/development/compilers/qcmm/builder.sh deleted file mode 100644 index acdfbaa08dce0..0000000000000 --- a/pkgs/development/compilers/qcmm/builder.sh +++ /dev/null @@ -1,29 +0,0 @@ -source $stdenv/setup - -configureFlags="--with-lua=$lua" - -MKFLAGS="-w$lua/include/lauxlib.h,$lua/include/luadebug.h,$lua/include/lua.h,$lua/include/lualib.h" - -buildPhase() { - mk timestamps - mk $MKFLAGS all.opt -} - -installPhase() { - mk $MKFLAGS install.opt - - for file in $out/bin/*.opt; do - mv $file ${file%.opt} - done - - find $out/man -type f -exec gzip -9n {} \; - - find $out -name \*.a -exec echo stripping {} \; \ - -exec strip -S {} \; - - patchELF $out -} - -checkPhase="mk $MKFLAGS test.opt" - -genericBuild diff --git a/pkgs/development/compilers/qcmm/default.nix b/pkgs/development/compilers/qcmm/default.nix deleted file mode 100644 index a221ae29f04d5..0000000000000 --- a/pkgs/development/compilers/qcmm/default.nix +++ /dev/null @@ -1,12 +0,0 @@ -{stdenv, fetchurl, mk, ocaml, noweb, lua, groff }: -stdenv.mkDerivation { - name = "qcmm-2006-01-31"; - src = fetchurl { - url = http://tarballs.nixos.org/qc--20060131.tar.gz; - md5 = "9097830775bcf22c9bad54f389f5db23"; - }; - buildInputs = [ mk ocaml noweb groff ]; - patches = [ ./qcmm.patch ]; - builder = ./builder.sh; - inherit lua; -} diff --git a/pkgs/development/compilers/qcmm/qcmm.patch b/pkgs/development/compilers/qcmm/qcmm.patch deleted file mode 100644 index 414f18a9f73ac..0000000000000 --- a/pkgs/development/compilers/qcmm/qcmm.patch +++ /dev/null @@ -1,121 +0,0 @@ -diff -ur qc--20060131.orig/configure qc--20060131/configure ---- qc--20060131.orig/configure 2005-11-05 22:15:24.000000000 +0100 -+++ qc--20060131/configure 2006-02-02 14:29:07.000000000 +0100 -@@ -93,7 +93,22 @@ - # for file in dirs and return, full path, if found, and "" otherwise. - # - --sub search { search_with( sub($) { return (-f shift) }, @_) } -+sub combine { -+ my $base = shift; -+ my $file = shift; -+ return ("$base/$file") -+}; -+ -+sub search { search_with( sub($) { return (-f shift) }, \&combine, @_) } -+ -+sub search_suffix { -+ my $f = sub($) { -+ my $suffix = shift; -+ my $base = shift; -+ return ($base . $suffix); -+ }; -+ search_with(sub($) { return (-f shift) }, $f, @_) -+} - - sub searchx { - my $f = sub($) { -@@ -105,16 +120,17 @@ - } - return (1==2); # how do you write false in perl? - }; -- search_with($f, @_) -+ search_with($f, \&combine, @_) - } - - sub search_with { - my $p = shift; -+ my $com = shift; - my $file = shift; - -- printf(LOG "searching for %-20s", $file); -+ printf(LOG "searching for %-20s ", $file); - while ($f = shift (@_)) { -- my $x = "$f/$file"; -+ my $x = &$com($f, $file); - if (&$p($x)) { - print LOG "found $x\n"; - return $x -@@ -124,6 +140,20 @@ - return ""; - } - -+#configure lua based on some known installation prefix -+sub config_lua { -+ my $base = shift; -+ @libsuffix = ( ".so", "40.so", ".a", "40.a" ); -+ -+ $x{lua_h} = "$base/include/lua.h"; -+ $x{lualib_h} = "$base/include/lualib.h"; -+ $x{liblua} = search_suffix("$base/lib/liblua", @libsuffix); -+ $x{liblualib} = search_suffix("$base/lib/liblualib", @libsuffix); -+ $x{lua_inc} = "-I$base/include"; -+ $x{lua_lib} = "-L$base/lib/"; -+ $x{lua_libs} = "-llua -llualib"; -+} -+ - - # - # compile and run a small C program to find out about architecture -@@ -183,6 +213,8 @@ - - ./configure [options] - -+ --with-lua=/lua/path lua is installed in /lua/path the default -+ is to search for standard locations - --prefix=/usr/local install into the /usr/local hierarchy which - is also the default - -h, --help this summary -@@ -224,15 +256,15 @@ - # We start from here with reading the command line - # ------------------------------------------------------------------ - -+open (LOG, ">$configure_log") || die "cannot write configure.log: $!"; -+ - foreach (@ARGV) { - if (/^--?prefix=(.*)$/) { $x{prefix}=$1 } - elsif (/^--?h(elp?)$/) { usage(); exit 0 } -+ elsif (/^--?with-lua=(.*)$/) { config_lua($1) } - else { usage(); exit 1 } - } - -- --open (LOG, ">$configure_log") || die "cannot write configure.log: $!"; -- - # check for various executables and versions. Only update variable if - # it is not already set. - # -diff -ur qc--20060131.orig/doc/mkfile qc--20060131/doc/mkfile ---- qc--20060131.orig/doc/mkfile 2005-11-07 01:41:21.000000000 +0100 -+++ qc--20060131/doc/mkfile 2006-02-02 00:38:00.000000000 +0100 -@@ -92,7 +92,7 @@ - # and accessible from Lua as This.manual. - - qc--.man:D: qc--.1 -- GROFF_NO_SGR=1 nroff -man -Tascii qc--.1 | ul -t dump > $target -+ GROFF_NO_SGR=1 nroff -man -Tascii qc--.1 > $target - - release.tex:D: release.nw - noweave -delay $prereq > $target -diff -ur qc--20060131.orig/mkfile qc--20060131/mkfile ---- qc--20060131.orig/mkfile 2005-07-01 22:29:52.000000000 +0200 -+++ qc--20060131/mkfile 2006-02-02 19:15:53.000000000 +0100 -@@ -97,7 +97,7 @@ - cd test2 && NPROC=1 mk $MKFLAGS all - - test.opt:V: all.opt -- cd test2 && NPROC=1 mk QC=../bin/qc--.opt $MKFLAGS all -+ cd test2 && NPROC=1 mk $MKFLAGS QC=../bin/qc--.opt all - - coverage: test2/ocamlprof.dump - rm -f $target diff --git a/pkgs/development/compilers/squeak/default.nix b/pkgs/development/compilers/squeak/default.nix index 8aa980b72e601..69529ab762b0a 100644 --- a/pkgs/development/compilers/squeak/default.nix +++ b/pkgs/development/compilers/squeak/default.nix @@ -27,6 +27,8 @@ stdenv.mkDerivation rec { enableParallelBuilding = true; + hardeningDisable = [ "format" ]; + meta = with stdenv.lib; { description = "Smalltalk programming language and environment"; longDescription = '' diff --git a/pkgs/development/compilers/strategoxt/0.16.nix b/pkgs/development/compilers/strategoxt/0.16.nix deleted file mode 100644 index 4cfa2c7989202..0000000000000 --- a/pkgs/development/compilers/strategoxt/0.16.nix +++ /dev/null @@ -1,47 +0,0 @@ -{stdenv, fetchurl, aterm, pkgconfig, getopt}: - -rec { - - inherit aterm; - - - sdf = stdenv.mkDerivation rec { - name = "sdf2-bundle-2.3.3"; - - src = fetchurl { - url = ftp://ftp.stratego-language.org/pub/stratego/sdf2/sdf2-bundle-2.3.3/sdf2-bundle-2.3.3.tar.gz; - md5 = "62ecabe5fbb8bbe043ee18470107ef88"; - }; - - buildInputs = [pkgconfig aterm getopt]; - - preConfigure = '' - substituteInPlace pgen/src/sdf2table.src \ - --replace getopt ${getopt}/bin/getopt - ''; - - meta = { - homepage = http://www.program-transformation.org/Sdf/SdfBundle; - meta = "Tools for the SDF2 Syntax Definition Formalism, including the `pgen' parser generator and `sglr' parser"; - }; - }; - - - strategoxt = stdenv.mkDerivation { - name = "strategoxt-0.16"; - - src = fetchurl { - url = ftp://ftp.strategoxt.org/pub/stratego/StrategoXT/strategoxt-0.16/strategoxt-0.16.tar.gz; - md5 = "8b8eabbd785faa84ec20134b63d4829e"; - }; - - buildInputs = [pkgconfig aterm sdf getopt]; - - meta = { - homepage = http://strategoxt.org/; - meta = "A language and toolset for program transformation"; - }; - }; - - -} diff --git a/pkgs/development/compilers/strategoxt/0.17.nix b/pkgs/development/compilers/strategoxt/0.17.nix deleted file mode 100644 index d621cbf5f0c25..0000000000000 --- a/pkgs/development/compilers/strategoxt/0.17.nix +++ /dev/null @@ -1,112 +0,0 @@ -{stdenv, fetchurl, aterm, pkgconfig, getopt, jdk, readline, ncurses}: - -rec { - - inherit aterm; - - - sdf = stdenv.mkDerivation ( rec { - name = "sdf2-bundle-2.4"; - - src = fetchurl { - url = "ftp://ftp.strategoxt.org/pub/stratego/StrategoXT/strategoxt-0.17/sdf2-bundle-2.4.tar.gz"; - sha256 = "2ec83151173378f48a3326e905d11049d094bf9f0c7cff781bc2fce0f3afbc11"; - }; - - buildInputs = [pkgconfig aterm]; - - preConfigure = '' - substituteInPlace pgen/src/sdf2table.src \ - --replace getopt ${getopt}/bin/getopt - ''; - - meta = { - homepage = http://www.program-transformation.org/Sdf/SdfBundle; - meta = "Tools for the SDF2 Syntax Definition Formalism, including the `pgen' parser generator and `sglr' parser"; - }; - } // ( if stdenv.system == "i686-cygwin" then { CFLAGS = "-O2 -Wl,--stack=0x2300000"; } else {} ) ) ; - - - strategoxt = stdenv.mkDerivation rec { - name = "strategoxt-0.17"; - - src = fetchurl { - url = "ftp://ftp.strategoxt.org/pub/stratego/StrategoXT/strategoxt-0.17/strategoxt-0.17.tar.gz"; - sha256 = "70355576c3ce3c5a8a26435705a49cf7d13e91eada974a654534d63e0d34acdb"; - }; - - buildInputs = [pkgconfig aterm sdf getopt]; - - meta = { - homepage = http://strategoxt.org/; - meta = "A language and toolset for program transformation"; - }; - }; - - strategoShell = stdenv.mkDerivation rec { - name = "stratego-shell-0.7"; - - src = fetchurl { - url = "ftp://ftp.strategoxt.org/pub/stratego/StrategoXT/strategoxt-0.17/stratego-shell-0.7.tar.gz"; - sha256 = "0q21vks9gaw9v4rxz90wb0pxzb19l7gwi4nbjvk4zb1imdk7znck"; - }; - - buildInputs = [pkgconfig aterm sdf strategoxt getopt readline ncurses]; - - meta = { - homepage = http://strategoxt.org/; - meta = "A language and toolset for program transformation"; - }; - }; - - - javafront = stdenv.mkDerivation (rec { - name = "java-front-0.9"; - - src = fetchurl { - url = "ftp://ftp.strategoxt.org/pub/stratego/java-front/java-front-0.9/java-front-0.9.tar.gz"; - sha256 = "96f40bf31486d3ced3ecebdcc0067e83ce6acbdbe57e3c847136ac3d7b62cc3c"; - }; - - buildInputs = [pkgconfig aterm sdf strategoxt]; - - # !!! The explicit `--with-strategoxt' is necessary; otherwise we - # get an XTC registration that refers to "/share/strategoxt/XTC". - configureFlags = "--enable-xtc --with-strategoxt=${strategoxt}"; - - meta = { - homepage = http://strategoxt.org/Stratego/JavaFront; - meta = "Tools for generating or transforming Java code"; - }; - } // ( if stdenv.system == "i686-cygwin" then { CFLAGS = "-O2"; } else {} ) ) ; - - - dryad = stdenv.mkDerivation rec { - name = "dryad-0.2pre18355"; - - src = fetchurl { - url = "http://releases.strategoxt.org/dryad/${name}-zbqfh1rm/dryad-0.2pre18355.tar.gz"; - sha256 = "2c27b7f82f87ffc27b75969acc365560651275d348b3b5cbb530276d20ae83ab"; - }; - - buildInputs = [jdk pkgconfig aterm sdf strategoxt javafront]; - - meta = { - homepage = http://strategoxt.org/Stratego/TheDryad; - meta = "A collection of tools for developing transformation systems for Java source and bytecode"; - }; - }; - - - /* - libraries = ... { - configureFlags = - if stdenv ? isMinGW && stdenv.isMinGW then "--with-std=C99" else ""; - - # avoids loads of warnings about too big description fields because of a broken debug format - CFLAGS = - if stdenv ? isMinGW && stdenv.isMinGW then "-O2" else null; - }; - */ - -} diff --git a/pkgs/development/compilers/strategoxt/0.18.nix b/pkgs/development/compilers/strategoxt/0.18.nix deleted file mode 100644 index 611586c5d9328..0000000000000 --- a/pkgs/development/compilers/strategoxt/0.18.nix +++ /dev/null @@ -1,124 +0,0 @@ -{stdenv, fetchurl, aterm, pkgconfig, getopt, jdk, makeStaticBinaries, readline, ncurses}: - -rec { - - inherit aterm; - - sdf = stdenv.mkDerivation ( rec { - name = "sdf2-bundle-2.4"; - - src = fetchurl { - url = "ftp://ftp.strategoxt.org/pub/stratego/StrategoXT/strategoxt-0.17/sdf2-bundle-2.4.tar.gz"; - sha256 = "2ec83151173378f48a3326e905d11049d094bf9f0c7cff781bc2fce0f3afbc11"; - }; - - buildInputs = [pkgconfig aterm]; - - preConfigure = '' - substituteInPlace pgen/src/sdf2table.src \ - --replace getopt ${getopt}/bin/getopt - ''; - - meta = { - homepage = http://www.program-transformation.org/Sdf/SdfBundle; - meta = "Tools for the SDF2 Syntax Definition Formalism, including the `pgen' parser generator and `sglr' parser"; - }; - } // ( if stdenv.system == "i686-cygwin" then { CFLAGS = "-O2 -Wl,--stack=0x2300000"; } else {} ) ) ; - - - strategoxt = stdenv.mkDerivation rec { - name = "strategoxt-1.8pre24429"; - - src = fetchurl { - url = http://hydra.nixos.org/build/2175544/download/1/strategoxt-1.8pre24429.tar.gz; - sha256 = "124f1d61a440b94c38b731c2e7015340dbbc1deb6d442b31dbecb46b0a00fa83"; - }; - - buildInputs = [pkgconfig aterm sdf getopt]; - - meta = { - homepage = http://strategoxt.org/; - meta = "A language and toolset for program transformation"; - }; - }; - - strategoShell = stdenv.mkDerivation rec { - name = "stratego-shell-0.7"; - - src = fetchurl { - url = "ftp://ftp.strategoxt.org/pub/stratego/StrategoXT/strategoxt-0.17/stratego-shell-0.7.tar.gz"; - sha256 = "0q21vks9gaw9v4rxz90wb0pxzb19l7gwi4nbjvk4zb1imdk7znck"; - }; - - buildInputs = [pkgconfig aterm sdf strategoxt getopt readline ncurses]; - - meta = { - homepage = http://strategoxt.org/; - meta = "A language and toolset for program transformation"; - broken = true; - }; - }; - - javafront = stdenv.mkDerivation (rec { - name = "java-front-0.9.1pre20122"; - - src = fetchurl { - url = "http://hydra.nixos.org/build/766286/download/1/java-front-0.9.1pre20122.tar.gz"; - sha256 = "ef85d3af962fcd54e028ea501e64220b86af335a49143f2819bd3f4789bef7e6"; - }; - - buildInputs = [pkgconfig aterm sdf strategoxt]; - - # !!! The explicit `--with-strategoxt' is necessary; otherwise we - # get an XTC registration that refers to "/share/strategoxt/XTC". - configureFlags = "--enable-xtc --with-strategoxt=${strategoxt}"; - - meta = { - homepage = http://strategoxt.org/Stratego/JavaFront; - meta = "Tools for generating or transforming Java code"; - }; - } // ( if stdenv.system == "i686-cygwin" then { CFLAGS = "-O2"; } else {} ) ) ; - - - aspectjfront = stdenv.mkDerivation (rec { - name = "aspectj-front-0.2pre20035"; - - src = fetchurl { - url = "http://hydra.nixos.org/build/175690/download/1/aspectj-front-0.2pre20035.tar.gz"; - sha256 = "48f6cda6f9f19436e9553e8d27e6bb42500d08370332e3ad214affb49851e58e"; - }; - - buildInputs = [pkgconfig aterm sdf strategoxt javafront]; - - } // ( if stdenv.system == "i686-cygwin" then { CFLAGS = "-O2"; } else {} ) ) ; - - dryad = stdenv.mkDerivation rec { - name = "dryad-0.2pre18355"; - - src = fetchurl { - url = "http://releases.strategoxt.org/dryad/${name}-zbqfh1rm/dryad-0.2pre18355.tar.gz"; - sha256 = "2c27b7f82f87ffc27b75969acc365560651275d348b3b5cbb530276d20ae83ab"; - }; - - buildInputs = [jdk pkgconfig aterm sdf strategoxt javafront]; - - meta = { - homepage = http://strategoxt.org/Stratego/TheDryad; - meta = "A collection of tools for developing transformation systems for Java source and bytecode"; - broken = true; - }; - }; - - - /* - libraries = ... { - configureFlags = - if stdenv ? isMinGW && stdenv.isMinGW then "--with-std=C99" else ""; - - # avoids loads of warnings about too big description fields because of a broken debug format - CFLAGS = - if stdenv ? isMinGW && stdenv.isMinGW then "-O2" else null; - }; - */ - -} diff --git a/pkgs/development/compilers/swi-prolog/default.nix b/pkgs/development/compilers/swi-prolog/default.nix index f9857fcc56902..0507e5a3c92c2 100644 --- a/pkgs/development/compilers/swi-prolog/default.nix +++ b/pkgs/development/compilers/swi-prolog/default.nix @@ -17,6 +17,8 @@ stdenv.mkDerivation { buildInputs = [ gmp readline openssl libjpeg unixODBC libXinerama libXft libXpm libSM libXt zlib freetype pkgconfig fontconfig ]; + hardeningDisable = [ "format" ]; + configureFlags = "--with-world --enable-gmp --enable-shared"; buildFlags = "world"; diff --git a/pkgs/development/compilers/teyjus/default.nix b/pkgs/development/compilers/teyjus/default.nix index b16b32a6a0620..301915b7a26b7 100644 --- a/pkgs/development/compilers/teyjus/default.nix +++ b/pkgs/development/compilers/teyjus/default.nix @@ -12,6 +12,8 @@ stdenv.mkDerivation { buildInputs = [ omake ocaml flex bison ]; + hardeningDisable = [ "format" ]; + buildPhase = "omake all"; checkPhase = "omake check"; diff --git a/pkgs/development/compilers/tinycc/default.nix b/pkgs/development/compilers/tinycc/default.nix index fbadb9d743662..40e4d49d51e81 100644 --- a/pkgs/development/compilers/tinycc/default.nix +++ b/pkgs/development/compilers/tinycc/default.nix @@ -18,6 +18,8 @@ stdenv.mkDerivation rec { nativeBuildInputs = [ perl texinfo ]; + hardeningDisable = [ "fortify" ]; + postPatch = '' substituteInPlace "texi2pod.pl" \ --replace "/usr/bin/perl" "${perl}/bin/perl" diff --git a/pkgs/development/compilers/webdsl/default.nix b/pkgs/development/compilers/webdsl/default.nix deleted file mode 100644 index a0122319aed74..0000000000000 --- a/pkgs/development/compilers/webdsl/default.nix +++ /dev/null @@ -1,24 +0,0 @@ -{ stdenv, fetchurl, pkgconfig, strategoPackages }: - -stdenv.mkDerivation rec { - name = "webdsl-9.7pre4168"; - - src = fetchurl { - url = "http://hydra.nixos.org/build/654196/download/1/${name}.tar.gz"; - sha256 = "08bec3ba02254ec7474ce70206b7be4390fe07456cfc57d927d96a21dd6dcb33"; - }; - - buildInputs = - [ pkgconfig strategoPackages.aterm strategoPackages.sdf - strategoPackages.strategoxt strategoPackages.javafront - ]; - - # This corrected a failing build on at least one 64 bit Linux system. - # See the comment about this here: http://webdsl.org/selectpage/Download/WebDSLOnLinux - preBuild = (if stdenv.system == "x86_64-linux" then "ulimit -s unlimited" else ""); - - meta = { - homepage = http://webdsl.org/; - description = "A domain-specific language for developing dynamic web applications with a rich data model"; - }; -} diff --git a/pkgs/development/compilers/wla-dx/default.nix b/pkgs/development/compilers/wla-dx/default.nix index 535868bee3bab..f91c555b6b992 100644 --- a/pkgs/development/compilers/wla-dx/default.nix +++ b/pkgs/development/compilers/wla-dx/default.nix @@ -2,16 +2,21 @@ stdenv.mkDerivation rec { name = "wla-dx-git-2016-02-27"; + src = fetchFromGitHub { owner = "vhelin"; repo = "wla-dx"; rev = "8189fe8d5620584ea16563875ff3c5430527c86a"; sha256 = "02zgkcyfx7y8j6jvyi12lm29fydnd7m3rxv6g2psv23fyzmpkkir"; }; + + hardeningDisable = [ "format" ]; + installPhase = '' mkdir -p $out/bin install binaries/* $out/bin ''; + nativeBuildInputs = [ cmake ]; meta = with stdenv.lib; { diff --git a/pkgs/development/haskell-modules/configuration-common.nix b/pkgs/development/haskell-modules/configuration-common.nix index 5f1335ca72fb7..7a9c28e516c53 100644 --- a/pkgs/development/haskell-modules/configuration-common.nix +++ b/pkgs/development/haskell-modules/configuration-common.nix @@ -42,7 +42,15 @@ self: super: { options_1_2 = dontCheck super.options_1_2; options = dontCheck super.options; statistics = dontCheck super.statistics; - c2hs = if pkgs.stdenv.isDarwin then dontCheck super.c2hs else super.c2hs; + c2hs = dontCheck super.c2hs; + + # fix errors caused by hardening flags + epanet-haskell = super.epanet-haskell.overrideDerivation (drv: { + hardeningDisable = [ "format" ]; + }); + pango = super.pango.overrideDerivation (drv: { + hardeningDisable = [ "fortify" ]; + }); # Use the default version of mysql to build this package (which is actually mariadb). mysql = super.mysql.override { mysql = pkgs.mysql.lib; }; @@ -229,11 +237,15 @@ self: super: { jwt = dontCheck super.jwt; # https://github.com/NixOS/cabal2nix/issues/136 - gio = addPkgconfigDepend super.gio pkgs.glib; + gio = pkgs.lib.overrideDerivation (addPkgconfigDepend super.gio pkgs.glib) (drv: { + hardeningDisable = [ "fortify" ]; + }); gio_0_13_0_3 = addPkgconfigDepend super.gio_0_13_0_3 pkgs.glib; gio_0_13_0_4 = addPkgconfigDepend super.gio_0_13_0_4 pkgs.glib; gio_0_13_1_0 = addPkgconfigDepend super.gio_0_13_1_0 pkgs.glib; - glib = addPkgconfigDepend super.glib pkgs.glib; + glib = pkgs.lib.overrideDerivation (addPkgconfigDepend super.glib pkgs.glib) (drv: { + hardeningDisable = [ "fortify" ]; + }); gtk3 = super.gtk3.override { inherit (pkgs) gtk3; }; gtk = addPkgconfigDepend super.gtk pkgs.gtk; gtksourceview2 = (addPkgconfigDepend super.gtksourceview2 pkgs.gtk2).override { inherit (pkgs.gnome2) gtksourceview; }; @@ -419,7 +431,9 @@ self: super: { lensref = dontCheck super.lensref; liquidhaskell = dontCheck super.liquidhaskell; lucid = dontCheck super.lucid; #https://github.com/chrisdone/lucid/issues/25 - lvmrun = dontCheck super.lvmrun; + lvmrun = pkgs.lib.overrideDerivation (dontCheck super.lvmrun) (drv: { + hardeningDisable = [ "format" ]; + }); memcache = dontCheck super.memcache; milena = dontCheck super.milena; nats-queue = dontCheck super.nats-queue; diff --git a/pkgs/development/interpreters/clisp/2.44.1.nix b/pkgs/development/interpreters/clisp/2.44.1.nix index 682978a5ac8d5..b7b329ea9560b 100644 --- a/pkgs/development/interpreters/clisp/2.44.1.nix +++ b/pkgs/development/interpreters/clisp/2.44.1.nix @@ -1,11 +1,11 @@ { stdenv, fetchurl, libsigsegv, gettext, ncurses, readline, libX11 , libXau, libXt, pcre, zlib, libXpm, xproto, libXext, xextproto , libffi, libffcall, coreutils }: - + stdenv.mkDerivation rec { v = "2.44.1"; name = "clisp-${v}"; - + src = fetchurl { url = "mirror://gnu/clisp/release/${v}/${name}.tar.gz"; sha256 = "0rkp6j6rih4s5d9acifh7pi4b9xfgcspif512l269dqy9qgyy4j1"; @@ -16,7 +16,7 @@ stdenv.mkDerivation rec { zlib libXpm xproto libXext xextproto libffi libffcall ]; patches = [ ./bits_ipctypes_to_sys_ipc.patch ]; # from Gentoo - + # First, replace port 9090 (rather low, can be used) # with 64237 (much higher, IANA private area, not # anything rememberable). @@ -29,7 +29,7 @@ stdenv.mkDerivation rec { substituteInPlace modules/bindings/glibc/linux.lisp --replace "(def-c-type __swblk_t)" "" ''; - + configureFlags = '' --with-readline builddir --with-dynamic-ffi @@ -45,6 +45,8 @@ stdenv.mkDerivation rec { NIX_CFLAGS_COMPILE = "-O0 ${stdenv.lib.optionalString (!stdenv.is64bit) "-falign-functions=4"}"; + hardeningDisable = [ "format" ]; + # TODO : make mod-check fails doCheck = false; diff --git a/pkgs/development/interpreters/erlang/R14.nix b/pkgs/development/interpreters/erlang/R14.nix new file mode 100644 index 0000000000000..cf4355a38e16f --- /dev/null +++ b/pkgs/development/interpreters/erlang/R14.nix @@ -0,0 +1,65 @@ +{ stdenv, fetchurl, perl, gnum4, ncurses, openssl +, makeWrapper, gnused, gawk }: + +let version = "14B04"; in + +stdenv.mkDerivation { + name = "erlang-" + version; + + src = fetchurl { + url = "http://www.erlang.org/download/otp_src_R${version}.tar.gz"; + sha256 = "0vlvjlg8vzcy6inb4vj00bnj0aarvpchzxwhmi492nv31s8kb6q9"; + }; + + buildInputs = [ perl gnum4 ncurses openssl makeWrapper ]; + + patchPhase = '' sed -i "s@/bin/rm@rm@" lib/odbc/configure erts/configure ''; + + preConfigure = '' + export HOME=$PWD/../ + sed -e s@/bin/pwd@pwd@g -i otp_build + ''; + + configureFlags = "--with-ssl=${openssl}"; + + hardeningDisable = [ "format" ]; + + postInstall = let + manpages = fetchurl { + url = "http://www.erlang.org/download/otp_doc_man_R${version}.tar.gz"; + sha256 = "1nh7l7wilyyaxvlwkjxgm3cq7wpd90sk6vxhgpvg7hwai8g52545"; + }; + in '' + tar xf "${manpages}" -C "$out/lib/erlang" + for i in "$out"/lib/erlang/man/man[0-9]/*.[0-9]; do + prefix="''${i%/*}" + ensureDir "$out/share/man/''${prefix##*/}" + ln -s "$i" "$out/share/man/''${prefix##*/}/''${i##*/}erl" + done + ''; + + # Some erlang bin/ scripts run sed and awk + postFixup = '' + wrapProgram $out/lib/erlang/bin/erl --prefix PATH ":" "${gnused}/bin/" + wrapProgram $out/lib/erlang/bin/start_erl --prefix PATH ":" "${gnused}/bin/:${gawk}/bin" + ''; + + setupHook = ./setup-hook.sh; + + meta = { + homepage = "http://www.erlang.org/"; + description = "Programming language used for massively scalable soft real-time systems"; + + longDescription = '' + Erlang is a programming language used to build massively scalable + soft real-time systems with requirements on high availability. + Some of its uses are in telecoms, banking, e-commerce, computer + telephony and instant messaging. Erlang's runtime system has + built-in support for concurrency, distribution and fault + tolerance. + ''; + + platforms = stdenv.lib.platforms.linux; + maintainers = [ stdenv.lib.maintainers.simons ]; + }; +} diff --git a/pkgs/development/interpreters/lua-4/default.nix b/pkgs/development/interpreters/lua-4/default.nix index 2d216389bd7c9..d6f385f5b503f 100644 --- a/pkgs/development/interpreters/lua-4/default.nix +++ b/pkgs/development/interpreters/lua-4/default.nix @@ -12,6 +12,8 @@ stdenv.mkDerivation { buildFlags = "all so sobin"; installFlags = "INSTALL_ROOT=$$out"; + hardeningDisable = stdenv.lib.optional stdenv.isi686 "stackprotector"; + meta = { homepage = "http://www.lua.org"; description = "Powerful, fast, lightweight, embeddable scripting language"; diff --git a/pkgs/development/interpreters/lua-5/sec.nix b/pkgs/development/interpreters/lua-5/sec.nix index 08eb1c89308ca..7af17ae200c28 100644 --- a/pkgs/development/interpreters/lua-5/sec.nix +++ b/pkgs/development/interpreters/lua-5/sec.nix @@ -10,6 +10,8 @@ stdenv.mkDerivation rec { buildInputs = [ lua5 openssl ]; + hardeningDisable = stdenv.lib.optional stdenv.isi686 "stackprotector"; + preBuild = '' makeFlagsArray=( linux diff --git a/pkgs/development/interpreters/lush/default.nix b/pkgs/development/interpreters/lush/default.nix index 63cf85bc506be..dcfdc11c7a9e8 100644 --- a/pkgs/development/interpreters/lush/default.nix +++ b/pkgs/development/interpreters/lush/default.nix @@ -1,32 +1,29 @@ {stdenv, fetchurl, libX11, xproto, indent, readline, gsl, freeglut, mesa, SDL , blas, binutils, intltool, gettext, zlib}: -let - s = # Generated upstream information - rec { - baseName="lush"; - version="2.0.1"; - name="${baseName}-${version}"; - hash="02pkfn3nqdkm9fm44911dbcz0v3r0l53vygj8xigl6id5g3iwi4k"; + +stdenv.mkDerivation rec { + baseName = "lush"; + version = "2.0.1"; + name = "${baseName}-${version}"; + + src = fetchurl { url="mirror://sourceforge/project/lush/lush2/lush-2.0.1.tar.gz"; sha256="02pkfn3nqdkm9fm44911dbcz0v3r0l53vygj8xigl6id5g3iwi4k"; }; + buildInputs = [ libX11 xproto indent readline gsl freeglut mesa SDL blas binutils intltool gettext zlib ]; -in -stdenv.mkDerivation { - inherit (s) name version; - inherit buildInputs; - src = fetchurl { - inherit (s) url sha256; - }; + + hardeningDisable = [ "pic" ]; + NIX_LDFLAGS=" -lz "; + meta = { - inherit (s) version; - description = ''Lisp Universal SHell''; + description = "Lisp Universal SHell"; license = stdenv.lib.licenses.gpl2Plus ; - maintainers = [stdenv.lib.maintainers.raskin]; + maintainers = [ stdenv.lib.maintainers.raskin ]; platforms = stdenv.lib.platforms.linux; }; } diff --git a/pkgs/development/interpreters/perl/default.nix b/pkgs/development/interpreters/perl/default.nix index d3ee18e2ac874..440acad1b4761 100644 --- a/pkgs/development/interpreters/perl/default.nix +++ b/pkgs/development/interpreters/perl/default.nix @@ -68,6 +68,9 @@ let enableParallelBuilding = true; + # FIXME needs gcc 4.9 in bootstrap tools + hardeningDisable = [ "stackprotector" ]; + preConfigure = '' configureFlags="$configureFlags -Dprefix=$out -Dman1dir=$out/share/man/man1 -Dman3dir=$out/share/man/man3" diff --git a/pkgs/development/interpreters/php/default.nix b/pkgs/development/interpreters/php/default.nix index 5856604c53da6..2070e61ee98c7 100644 --- a/pkgs/development/interpreters/php/default.nix +++ b/pkgs/development/interpreters/php/default.nix @@ -255,6 +255,8 @@ let calendarSupport = config.php.calendar or true; }; + hardeningDisable = [ "bindnow" ]; + configurePhase = '' # Don't record the configure flags since this causes unnecessary # runtime dependencies. diff --git a/pkgs/development/interpreters/ruby/patchsets.nix b/pkgs/development/interpreters/ruby/patchsets.nix index 0e81db4e047f7..bf848aba58258 100644 --- a/pkgs/development/interpreters/ruby/patchsets.nix +++ b/pkgs/development/interpreters/ruby/patchsets.nix @@ -3,6 +3,7 @@ rec { "1.9.3" = [ ./ssl_v3.patch + ./rand-egd.patch ./ruby19-parallel-install.patch ./bitperfect-rdoc.patch ] ++ ops useRailsExpress [ @@ -28,6 +29,7 @@ rec { ]; "2.0.0" = [ ./ssl_v3.patch + ./rand-egd.patch ] ++ ops useRailsExpress [ "${patchSet}/patches/ruby/2.0.0/p${patchLevel}/railsexpress/01-zero-broken-tests.patch" "${patchSet}/patches/ruby/2.0.0/p${patchLevel}/railsexpress/02-railsexpress-gc.patch" @@ -36,6 +38,7 @@ rec { ]; "2.1.7" = [ ./ssl_v3.patch + ./rand-egd.patch ] ++ ops useRailsExpress [ "${patchSet}/patches/ruby/2.1.7/railsexpress/01-zero-broken-tests.patch" "${patchSet}/patches/ruby/2.1.7/railsexpress/02-improve-gc-stats.patch" @@ -49,6 +52,7 @@ rec { ]; "2.2.3" = [ ./ssl_v3.patch + ./ruby22-rand-egd.patch ] ++ ops useRailsExpress [ "${patchSet}/patches/ruby/2.2.3/railsexpress/01-zero-broken-tests.patch" "${patchSet}/patches/ruby/2.2.3/railsexpress/02-improve-gc-stats.patch" diff --git a/pkgs/development/interpreters/ruby/rand-egd.patch b/pkgs/development/interpreters/ruby/rand-egd.patch new file mode 100644 index 0000000000000..e4f6452000c22 --- /dev/null +++ b/pkgs/development/interpreters/ruby/rand-egd.patch @@ -0,0 +1,42 @@ +diff --git a/ext/openssl/extconf.rb b/ext/openssl/extconf.rb +index e272cba..3a1fa71 100644 +--- a/ext/openssl/extconf.rb ++++ b/ext/openssl/extconf.rb +@@ -87,6 +87,7 @@ + have_func("PEM_def_callback") + have_func("PKCS5_PBKDF2_HMAC") + have_func("PKCS5_PBKDF2_HMAC_SHA1") ++have_func("RAND_egd") + have_func("X509V3_set_nconf") + have_func("X509V3_EXT_nconf_nid") + have_func("X509_CRL_add0_revoked") +diff --git a/ext/openssl/ossl_rand.c b/ext/openssl/ossl_rand.c +index 29cbf8c..27466fe 100644 +--- a/ext/openssl/ossl_rand.c ++++ b/ext/openssl/ossl_rand.c +@@ -148,6 +148,7 @@ ossl_rand_pseudo_bytes(VALUE self, VALUE len) + return str; + } + ++#ifdef HAVE_RAND_EGD + /* + * call-seq: + * egd(filename) -> true +@@ -186,6 +187,7 @@ ossl_rand_egd_bytes(VALUE self, VALUE filename, VALUE len) + } + return Qtrue; + } ++#endif /* HAVE_RAND_EGD */ + + /* + * call-seq: +@@ -219,7 +221,9 @@ Init_ossl_rand(void) + DEFMETH(mRandom, "write_random_file", ossl_rand_write_file, 1); + DEFMETH(mRandom, "random_bytes", ossl_rand_bytes, 1); + DEFMETH(mRandom, "pseudo_bytes", ossl_rand_pseudo_bytes, 1); ++#ifdef HAVE_RAND_EGD + DEFMETH(mRandom, "egd", ossl_rand_egd, 1); + DEFMETH(mRandom, "egd_bytes", ossl_rand_egd_bytes, 2); ++#endif /* HAVE_RAND_EGD */ + DEFMETH(mRandom, "status?", ossl_rand_status, 0) + } diff --git a/pkgs/development/interpreters/ruby/ruby22-rand-egd.patch b/pkgs/development/interpreters/ruby/ruby22-rand-egd.patch new file mode 100644 index 0000000000000..ebf2bf56fcfa3 --- /dev/null +++ b/pkgs/development/interpreters/ruby/ruby22-rand-egd.patch @@ -0,0 +1,42 @@ +diff --git a/ext/openssl/extconf.rb b/ext/openssl/extconf.rb +index e272cba..3a1fa71 100644 +--- a/ext/openssl/extconf.rb ++++ b/ext/openssl/extconf.rb +@@ -87,6 +87,7 @@ + have_func("PEM_def_callback") + have_func("PKCS5_PBKDF2_HMAC") + have_func("PKCS5_PBKDF2_HMAC_SHA1") ++have_func("RAND_egd") + have_func("X509V3_set_nconf") + have_func("X509V3_EXT_nconf_nid") + have_func("X509_CRL_add0_revoked") +diff --git a/ext/openssl/ossl_rand.c b/ext/openssl/ossl_rand.c +index 29cbf8c..27466fe 100644 +--- a/ext/openssl/ossl_rand.c ++++ b/ext/openssl/ossl_rand.c +@@ -148,6 +148,7 @@ ossl_rand_pseudo_bytes(VALUE self, VALUE len) + return str; + } + ++#ifdef HAVE_RAND_EGD + /* + * call-seq: + * egd(filename) -> true +@@ -186,6 +187,7 @@ ossl_rand_egd_bytes(VALUE self, VALUE filename, VALUE len) + } + return Qtrue; + } ++#endif /* HAVE_RAND_EGD */ + + /* + * call-seq: +@@ -219,8 +221,10 @@ Init_ossl_rand(void) + rb_define_module_function(mRandom, "write_random_file", ossl_rand_write_file, 1); + rb_define_module_function(mRandom, "random_bytes", ossl_rand_bytes, 1); + rb_define_module_function(mRandom, "pseudo_bytes", ossl_rand_pseudo_bytes, 1); ++#ifdef HAVE_RAND_EGD + rb_define_module_function(mRandom, "egd", ossl_rand_egd, 1); + rb_define_module_function(mRandom, "egd_bytes", ossl_rand_egd_bytes, 2); ++#endif /* HAVE_RAND_EGD */ + rb_define_module_function(mRandom, "status?", ossl_rand_status, 0); + } diff --git a/pkgs/development/interpreters/spidermonkey/default.nix b/pkgs/development/interpreters/spidermonkey/default.nix index 21ba0b8cba484..1fe4b90b2b80b 100644 --- a/pkgs/development/interpreters/spidermonkey/default.nix +++ b/pkgs/development/interpreters/spidermonkey/default.nix @@ -8,6 +8,9 @@ stdenv.mkDerivation rec { sha256 = "12v6v2ccw1y6ng3kny3xw0lfs58d1klylqq707k0x04m707kydj4"; }; + hardeningDisable = [ "format" ] + ++ stdenv.lib.optional stdenv.isi686 "stackprotector"; + buildInputs = [ readline ]; postUnpack = "sourceRoot=\${sourceRoot}/src"; diff --git a/pkgs/development/interpreters/supercollider/default.nix b/pkgs/development/interpreters/supercollider/default.nix index f44347c61b74a..c1a4c17707c8e 100644 --- a/pkgs/development/interpreters/supercollider/default.nix +++ b/pkgs/development/interpreters/supercollider/default.nix @@ -3,10 +3,10 @@ , libXt, qt, readline , useSCEL ? false, emacs }: - + let optional = stdenv.lib.optional; in -stdenv.mkDerivation rec { +stdenv.mkDerivation rec { name = "supercollider-3.6.6"; meta = { @@ -21,6 +21,8 @@ stdenv.mkDerivation rec { sha256 = "11khrv6jchs0vv0lv43am8lp0x1rr3h6l2xj9dmwrxcpdayfbalr"; }; + hardeningDisable = [ "stackprotector" ]; + # QGtkStyle unavailable patchPhase = '' substituteInPlace editors/sc-ide/widgets/code_editor/autocompleter.cpp \ @@ -29,12 +31,12 @@ stdenv.mkDerivation rec { cmakeFlags = '' -DSC_WII=OFF - -DSC_EL=${if useSCEL then "ON" else "OFF"} + -DSC_EL=${if useSCEL then "ON" else "OFF"} ''; nativeBuildInputs = [ cmake pkgconfig ]; - buildInputs = [ + buildInputs = [ gcc libjack2 libsndfile fftw curl libXt qt readline ] ++ optional useSCEL emacs; } diff --git a/pkgs/development/libraries/CoinMP/default.nix b/pkgs/development/libraries/CoinMP/default.nix index e819078f78685..079c0a5cf6f7c 100644 --- a/pkgs/development/libraries/CoinMP/default.nix +++ b/pkgs/development/libraries/CoinMP/default.nix @@ -9,6 +9,8 @@ stdenv.mkDerivation rec { sha256 = "0gqi2vqkg35gazzzv8asnhihchnbjcd6bzjfzqhmj7wy1dw9iiw6"; }; + hardeningDisable = [ "format" ]; + meta = with stdenv.lib; { homepage = https://projects.coin-or.org/CoinMP/; description = "COIN-OR lightweight API for COIN-OR libraries CLP, CBC, and CGL"; diff --git a/pkgs/development/libraries/a52dec/default.nix b/pkgs/development/libraries/a52dec/default.nix index 7d5c5fab39347..5a47d50284f5b 100644 --- a/pkgs/development/libraries/a52dec/default.nix +++ b/pkgs/development/libraries/a52dec/default.nix @@ -8,8 +8,6 @@ stdenv.mkDerivation rec { sha256 = "0czccp4fcpf2ykp16xcrzdfmnircz1ynhls334q374xknd5747d2"; }; - NIX_CFLAGS_COMPILE = "-fpic"; - # From Handbrake patches = [ ./A00-a52-state-t-public.patch diff --git a/pkgs/development/libraries/accelio/default.nix b/pkgs/development/libraries/accelio/default.nix index 76c5cf32bbdbb..002b26078f539 100644 --- a/pkgs/development/libraries/accelio/default.nix +++ b/pkgs/development/libraries/accelio/default.nix @@ -15,6 +15,8 @@ stdenv.mkDerivation rec { sha256 = "172frqk2n43g0arhazgcwfvj0syf861vdzdpxl7idr142bb0ykf7"; }; + hardeningDisable = [ "format" "pic" ]; + patches = [ ./fix-printfs.patch ]; postPatch = '' diff --git a/pkgs/development/libraries/allegro/default.nix b/pkgs/development/libraries/allegro/default.nix index deb3a6877e895..997a8d223054e 100644 --- a/pkgs/development/libraries/allegro/default.nix +++ b/pkgs/development/libraries/allegro/default.nix @@ -18,6 +18,8 @@ stdenv.mkDerivation rec { xf86dgaproto xf86miscproto xf86vidmodeproto libXxf86vm openal mesa ]; + hardeningDisable = [ "format" ]; + cmakeFlags = [ "-DCMAKE_SKIP_RPATH=ON" ]; meta = with stdenv.lib; { diff --git a/pkgs/development/libraries/aterm/2.5.nix b/pkgs/development/libraries/aterm/2.5.nix deleted file mode 100644 index c1bbbb0ae5a92..0000000000000 --- a/pkgs/development/libraries/aterm/2.5.nix +++ /dev/null @@ -1,34 +0,0 @@ -{stdenv, fetchurl}: - -stdenv.mkDerivation { - name = "aterm-2.5-r21238"; - - src = fetchurl { - url = http://buildfarm.st.ewi.tudelft.nl/releases/meta-environment/aterm-2.5pre21238-l2q7rg38/aterm-2.5.tar.gz; - md5 = "33ddcb1a229baf406ad1f603eb1d5995"; - }; - - patches = [ - # Fix for http://bugzilla.sen.cwi.nl:8080/show_bug.cgi?id=841 - ./max-long.patch - - # Patch the ATerm header files so that they don't rely on - # SIZEOF_LONG, SIZEOF_INT and SIZEOF_VOID_P being set. - ./sizeof.patch - ]; - - doCheck = true; - - dontDisableStatic = true; - - NIX_CFLAGS_COMPILE = "-D__USE_BSD"; - - meta = { - homepage = http://www.cwi.nl/htbin/sen1/twiki/bin/view/SEN1/ATerm; - license = "LGPL"; - description = "Library for manipulation of term data structures in C"; - platforms = stdenv.lib.platforms.linux ++ stdenv.lib.platforms.darwin; - maintainers = [ stdenv.lib.maintainers.eelco ]; - broken = true; - }; -} diff --git a/pkgs/development/libraries/aterm/max-long.patch b/pkgs/development/libraries/aterm/max-long.patch deleted file mode 100644 index a2f260b970b3d..0000000000000 --- a/pkgs/development/libraries/aterm/max-long.patch +++ /dev/null @@ -1,77 +0,0 @@ -diff -rc aterm-2.8-orig/aterm/hash.c aterm-2.8/aterm/hash.c -*** aterm-2.8-orig/aterm/hash.c 2008-11-10 13:54:22.000000000 +0100 ---- aterm-2.8/aterm/hash.c 2009-01-27 18:14:14.000000000 +0100 -*************** -*** 93,146 **** - } - - /*}}} */ -- /*{{{ static long calc_long_max() */ -- static long calc_long_max() -- { -- long try_long_max; -- long long_max; -- long delta; -- -- try_long_max = 1; -- do { -- long_max = try_long_max; -- try_long_max = long_max * 2; -- } while (try_long_max > 0); -- -- delta = long_max; -- while (delta > 1) { -- while (long_max + delta < 0) { -- delta /= 2; -- } -- long_max += delta; -- } -- -- return long_max; -- -- } -- /*}}} */ - /*{{{ static long calculateNewSize(sizeMinus1, nrdel, nrentries) */ - - static long calculateNewSize - (long sizeMinus1, long nr_deletions, long nr_entries) - { -- -- /* Hack: LONG_MAX (limits.h) is often unreliable, we need to find -- * out the maximum possible value of a signed long dynamically. -- */ -- static long st_long_max = 0; -- -- /* the resulting length has the form 2^k-1 */ -- - if (nr_deletions >= nr_entries/2) { - return sizeMinus1; - } - -! if (st_long_max == 0) { -! st_long_max = calc_long_max(); -! } -! -! if (sizeMinus1 > st_long_max / 2) { -! return st_long_max-1; - } - - return (2*sizeMinus1)+1; ---- 93,109 ---- - } - - /*}}} */ - /*{{{ static long calculateNewSize(sizeMinus1, nrdel, nrentries) */ - - static long calculateNewSize - (long sizeMinus1, long nr_deletions, long nr_entries) - { - if (nr_deletions >= nr_entries/2) { - return sizeMinus1; - } - -! if (sizeMinus1 > LONG_MAX / 2) { -! return LONG_MAX-1; - } - - return (2*sizeMinus1)+1; diff --git a/pkgs/development/libraries/aterm/sizeof.patch b/pkgs/development/libraries/aterm/sizeof.patch deleted file mode 100644 index 2649cc564913a..0000000000000 --- a/pkgs/development/libraries/aterm/sizeof.patch +++ /dev/null @@ -1,56 +0,0 @@ -diff -rc -x '*~' aterm-2.5-orig/aterm/aterm.c aterm-2.5/aterm/aterm.c -*** aterm-2.5-orig/aterm/aterm.c 2007-02-27 23:41:31.000000000 +0100 ---- aterm-2.5/aterm/aterm.c 2010-02-23 15:10:38.000000000 +0100 -*************** -*** 150,155 **** ---- 150,157 ---- - if (initialized) - return; - -+ assert(sizeof(long) == sizeof(void *)); -+ - /*{{{ Handle arguments */ - - for (lcv=1; lcv < argc; lcv++) { -diff -rc -x '*~' aterm-2.5-orig/aterm/encoding.h aterm-2.5/aterm/encoding.h -*** aterm-2.5-orig/aterm/encoding.h 2007-02-27 23:41:31.000000000 +0100 ---- aterm-2.5/aterm/encoding.h 2010-02-23 15:36:05.000000000 +0100 -*************** -*** 10,24 **** - { - #endif/* __cplusplus */ - -! #if SIZEOF_LONG > 4 -! #define AT_64BIT - #endif - -! #if SIZEOF_LONG != SIZEOF_VOID_P -! #error Size of long is not the same as the size of a pointer - #endif - -! #if SIZEOF_INT > 4 - #error Size of int is not 32 bits - #endif - ---- 10,30 ---- - { - #endif/* __cplusplus */ - -! #include <limits.h> -! -! #ifndef SIZEOF_LONG -! #if ULONG_MAX > 4294967295 -! #define SIZEOF_LONG 8 -! #else -! #define SIZEOF_LONG 4 -! #endif - #endif - -! #if SIZEOF_LONG > 4 -! #define AT_64BIT - #endif - -! #if UINT_MAX > 4294967295 - #error Size of int is not 32 bits - #endif - diff --git a/pkgs/development/libraries/audio/libbs2b/default.nix b/pkgs/development/libraries/audio/libbs2b/default.nix index e43a5acb6bdbb..7195110b0bb9a 100644 --- a/pkgs/development/libraries/audio/libbs2b/default.nix +++ b/pkgs/development/libraries/audio/libbs2b/default.nix @@ -11,6 +11,8 @@ stdenv.mkDerivation rec { buildInputs = [ pkgconfig libsndfile ]; + hardeningDisable = [ "format" ]; + meta = { homepage = "http://bs2b.sourceforge.net/"; description = "Bauer stereophonic-to-binaural DSP library"; diff --git a/pkgs/development/libraries/cgui/default.nix b/pkgs/development/libraries/cgui/default.nix index 0f11786223602..da9d1122cc54a 100644 --- a/pkgs/development/libraries/cgui/default.nix +++ b/pkgs/development/libraries/cgui/default.nix @@ -12,10 +12,11 @@ stdenv.mkDerivation rec { buildInputs = [ texinfo allegro perl ]; configurePhase = '' - export NIX_CFLAGS_COMPILE="$NIX_CFLAGS_COMPILE -fPIC" sh fix.sh unix ''; + hardeningDisable = [ "format" ]; + makeFlags = [ "SYSTEM_DIR=$(out)" ]; meta = with stdenv.lib; { diff --git a/pkgs/development/libraries/cloog/0.18.0.nix b/pkgs/development/libraries/cloog/0.18.0.nix index ccd938283199d..359bde2e0582a 100644 --- a/pkgs/development/libraries/cloog/0.18.0.nix +++ b/pkgs/development/libraries/cloog/0.18.0.nix @@ -18,6 +18,9 @@ stdenv.mkDerivation rec { doCheck = true; + # FIXME needs gcc 4.9 in bootstrap tools + hardeningDisable = [ "stackprotector" ]; + meta = { description = "Library that generates loops for scanning polyhedra"; diff --git a/pkgs/development/libraries/cwiid/default.nix b/pkgs/development/libraries/cwiid/default.nix index a86bdc8e035b9..5af34145197e9 100644 --- a/pkgs/development/libraries/cwiid/default.nix +++ b/pkgs/development/libraries/cwiid/default.nix @@ -1,26 +1,34 @@ { stdenv, autoreconfHook, fetchgit, bison, flex, bluez, pkgconfig, gtk }: stdenv.mkDerivation rec { - name = "cwiid-2010-02-21-git"; - src = fetchgit { - url = https://github.com/abstrakraft/cwiid; - sha256 = "6f5355d036dab017da713c49d3042011fa24fb732ed0d5ee338ab6f5ff400f06"; - rev = "fadf11e89b579bcc0336a0692ac15c93785f3f82"; - }; - configureFlags = "--without-python"; - prePatch = '' - sed -i -e '/$(LDCONFIG)/d' common/include/lib.mak.in - ''; - buildInputs = [ autoreconfHook bison flex bluez pkgconfig gtk ]; - postInstall = '' - # Some programs (for example, cabal-install) have problems with the double 0 - sed -i -e "s/0.6.00/0.6.0/" $out/lib/pkgconfig/cwiid.pc - ''; - meta = { - description = "Linux Nintendo Wiimote interface"; - homepage = http://cwiid.org; - license = stdenv.lib.licenses.gpl2Plus; - maintainers = [ stdenv.lib.maintainers.bennofs ]; - platforms = stdenv.lib.platforms.linux; - }; + name = "cwiid-2010-02-21-git"; + + src = fetchgit { + url = https://github.com/abstrakraft/cwiid; + sha256 = "6f5355d036dab017da713c49d3042011fa24fb732ed0d5ee338ab6f5ff400f06"; + rev = "fadf11e89b579bcc0336a0692ac15c93785f3f82"; + }; + + hardeningDisable = [ "format" ]; + + configureFlags = "--without-python"; + + prePatch = '' + sed -i -e '/$(LDCONFIG)/d' common/include/lib.mak.in + ''; + + buildInputs = [ autoreconfHook bison flex bluez pkgconfig gtk ]; + + postInstall = '' + # Some programs (for example, cabal-install) have problems with the double 0 + sed -i -e "s/0.6.00/0.6.0/" $out/lib/pkgconfig/cwiid.pc + ''; + + meta = { + description = "Linux Nintendo Wiimote interface"; + homepage = http://cwiid.org; + license = stdenv.lib.licenses.gpl2Plus; + maintainers = [ stdenv.lib.maintainers.bennofs ]; + platforms = stdenv.lib.platforms.linux; + }; } diff --git a/pkgs/development/libraries/db/db-4.4.nix b/pkgs/development/libraries/db/db-4.4.nix index 757b1f71405b6..00875d73f4189 100644 --- a/pkgs/development/libraries/db/db-4.4.nix +++ b/pkgs/development/libraries/db/db-4.4.nix @@ -5,4 +5,5 @@ import ./generic.nix (args // rec { extraPatches = [ ./cygwin-4.4.patch ]; sha256 = "0y9vsq8dkarx1mhhip1vaciz6imbbyv37c1dm8b20l7p064bg2i9"; branch = "4.4"; + drvArgs = { hardeningDisable = [ "format" ]; }; }) diff --git a/pkgs/development/libraries/db/db-4.5.nix b/pkgs/development/libraries/db/db-4.5.nix index b1e4b2c47085e..84b5ea67420ad 100644 --- a/pkgs/development/libraries/db/db-4.5.nix +++ b/pkgs/development/libraries/db/db-4.5.nix @@ -5,4 +5,5 @@ import ./generic.nix (args // rec { extraPatches = [ ./cygwin-4.5.patch ./register-race-fix.patch ]; sha256 = "0bd81k0qv5i8w5gbddrvld45xi9k1gvmcrfm0393v0lrm37dab7m"; branch = "4.5"; + drvArgs = { hardeningDisable = [ "format" ]; }; }) diff --git a/pkgs/development/libraries/db/db-4.7.nix b/pkgs/development/libraries/db/db-4.7.nix index 9a7d586cd0428..6016d112d5171 100644 --- a/pkgs/development/libraries/db/db-4.7.nix +++ b/pkgs/development/libraries/db/db-4.7.nix @@ -4,4 +4,5 @@ import ./generic.nix (args // rec { version = "4.7.25"; sha256 = "0gi667v9cw22c03hddd6xd6374l0pczsd56b7pba25c9sdnxjkzi"; branch = "4.7"; + drvArgs = { hardeningDisable = [ "format" ]; }; }) diff --git a/pkgs/development/libraries/db/db-4.8.nix b/pkgs/development/libraries/db/db-4.8.nix index 6a161b0b72d8d..40869a865ae5f 100644 --- a/pkgs/development/libraries/db/db-4.8.nix +++ b/pkgs/development/libraries/db/db-4.8.nix @@ -5,4 +5,5 @@ import ./generic.nix (args // rec { extraPatches = [ ./clang-4.8.patch ]; sha256 = "0ampbl2f0hb1nix195kz1syrqqxpmvnvnfvphambj7xjrl3iljg0"; branch = "4.8"; + drvArgs = { hardeningDisable = [ "format" ]; }; }) diff --git a/pkgs/development/libraries/db/generic.nix b/pkgs/development/libraries/db/generic.nix index f5ee4e440ff00..fdc828effdfbe 100644 --- a/pkgs/development/libraries/db/generic.nix +++ b/pkgs/development/libraries/db/generic.nix @@ -7,9 +7,10 @@ , extraPatches ? [ ] , license ? stdenv.lib.licenses.sleepycat , branch ? null +, drvArgs ? {} }: -stdenv.mkDerivation rec { +stdenv.mkDerivation (rec { name = "db-${version}"; src = fetchurl { @@ -42,4 +43,4 @@ stdenv.mkDerivation rec { platforms = platforms.unix; branch = branch; }; -} +} // drvArgs) diff --git a/pkgs/development/libraries/faac/default.nix b/pkgs/development/libraries/faac/default.nix index 802aafc444c3f..1ab01033f4df0 100644 --- a/pkgs/development/libraries/faac/default.nix +++ b/pkgs/development/libraries/faac/default.nix @@ -19,6 +19,8 @@ stdenv.mkDerivation rec { ++ optional mp4v2Support "--with-mp4v2" ++ optional drmSupport "--enable-drm"; + hardeningDisable = [ "format" ]; + buildInputs = [ ] ++ optional mp4v2Support mp4v2; diff --git a/pkgs/development/libraries/fox/default.nix b/pkgs/development/libraries/fox/default.nix index 2d44444ab40de..d47a028cbf865 100644 --- a/pkgs/development/libraries/fox/default.nix +++ b/pkgs/development/libraries/fox/default.nix @@ -18,6 +18,8 @@ stdenv.mkDerivation rec { enableParallelBuilding = true; + hardeningDisable = [ "format" ]; + meta = { description = "C++ based class library for building Graphical User Interfaces"; longDescription = '' diff --git a/pkgs/development/libraries/fox/fox-1.6.nix b/pkgs/development/libraries/fox/fox-1.6.nix index 3c823adf91b6d..ce778e4a3473f 100644 --- a/pkgs/development/libraries/fox/fox-1.6.nix +++ b/pkgs/development/libraries/fox/fox-1.6.nix @@ -20,6 +20,8 @@ stdenv.mkDerivation rec { enableParallelBuilding = true; + hardeningDisable = [ "format" ]; + meta = { branch = "1.6"; description = "A C++ based class library for building Graphical User Interfaces"; diff --git a/pkgs/development/libraries/freetds/default.nix b/pkgs/development/libraries/freetds/default.nix index 695abcfbba2ba..3ed308a349208 100644 --- a/pkgs/development/libraries/freetds/default.nix +++ b/pkgs/development/libraries/freetds/default.nix @@ -11,6 +11,8 @@ stdenv.mkDerivation rec { sha256 = "0r946axzxs0czsmr7283w7vmk5jx3jnxxc32d2ncxsrsh2yli0ba"; }; + hardeningDisable = [ "format" ]; + buildInputs = stdenv.lib.optional odbcSupport [ unixODBC ]; configureFlags = stdenv.lib.optionalString odbcSupport "--with-odbc=${unixODBC}"; diff --git a/pkgs/development/libraries/fribidi/default.nix b/pkgs/development/libraries/fribidi/default.nix index 23795e9633ed7..d138015e6bb86 100644 --- a/pkgs/development/libraries/fribidi/default.nix +++ b/pkgs/development/libraries/fribidi/default.nix @@ -3,12 +3,14 @@ stdenv.mkDerivation rec { name = "fribidi-${version}"; version = "0.19.6"; - + src = fetchurl { url = "http://fribidi.org/download/${name}.tar.bz2"; sha256 = "0zg1hpaml34ny74fif97j7ngrshlkl3wk3nja3gmlzl17i1bga6b"; }; + hardeningDisable = [ "format" ]; + meta = with stdenv.lib; { homepage = http://fribidi.org/; description = "GNU implementation of the Unicode Bidirectional Algorithm (bidi)"; diff --git a/pkgs/development/libraries/gd/default.nix b/pkgs/development/libraries/gd/default.nix index bf3b63db399bd..47218a803c024 100644 --- a/pkgs/development/libraries/gd/default.nix +++ b/pkgs/development/libraries/gd/default.nix @@ -22,6 +22,8 @@ stdenv.mkDerivation rec { ./CVE-2016-3074.patch ]; + hardeningDisable = [ "format" ]; + nativeBuildInputs = [ pkgconfig ]; buildInputs = [ zlib fontconfig freetype libjpeg libpng libtiff libXpm ]; diff --git a/pkgs/development/libraries/gdal/default.nix b/pkgs/development/libraries/gdal/default.nix index 1607387160d20..8f00bee8911a4 100644 --- a/pkgs/development/libraries/gdal/default.nix +++ b/pkgs/development/libraries/gdal/default.nix @@ -18,6 +18,8 @@ composableDerivation.composableDerivation {} (fixed: rec { ++ (with pythonPackages; [ python numpy wrapPython ]) ++ (stdenv.lib.optionals netcdfSupport [ netcdf hdf5 curl ]); + hardeningDisable = [ "format" ]; + patches = [ # This ensures that the python package is installed into gdal's prefix, # rather than trying to install into python's prefix. diff --git a/pkgs/development/libraries/gdal/gdal-1_11.nix b/pkgs/development/libraries/gdal/gdal-1_11.nix index 0e4b4d03541c4..2640159725a71 100644 --- a/pkgs/development/libraries/gdal/gdal-1_11.nix +++ b/pkgs/development/libraries/gdal/gdal-1_11.nix @@ -19,6 +19,8 @@ composableDerivation.composableDerivation {} (fixed: rec { ./python.patch ]; + hardeningDisable = [ "format" ]; + # Don't use optimization for gcc >= 4.3. That's said to be causing segfaults. # Unset CC and CXX as they confuse libtool. preConfigure = "export CFLAGS=-O0 CXXFLAGS=-O0; unset CC CXX"; diff --git a/pkgs/development/libraries/gdome2/default.nix b/pkgs/development/libraries/gdome2/default.nix index cc8f76949eeac..e9643da221ef4 100644 --- a/pkgs/development/libraries/gdome2/default.nix +++ b/pkgs/development/libraries/gdome2/default.nix @@ -13,6 +13,8 @@ stdenv.mkDerivation { sha256 = "0hyms5s3hziajp3qbwdwqjc2xcyhb783damqg8wxjpwfxyi81fzl"; }; + hardeningDisable = [ "format" ]; + buildInputs = [pkgconfig glib libxml2 gtkdoc]; propagatedBuildInputs = [glib libxml2]; patches = [ ./xml-document.patch ]; diff --git a/pkgs/development/libraries/geoclue/default.nix b/pkgs/development/libraries/geoclue/default.nix index 1b703e2fdba8d..754c85ecf030a 100644 --- a/pkgs/development/libraries/geoclue/default.nix +++ b/pkgs/development/libraries/geoclue/default.nix @@ -11,6 +11,8 @@ stdenv.mkDerivation rec { propagatedBuildInputs = [dbus glib dbus_glib]; + hardeningDisable = [ "format" ]; + preConfigure = '' sed -e '/-Werror/d' -i configure ''; diff --git a/pkgs/development/libraries/gettext/default.nix b/pkgs/development/libraries/gettext/default.nix index 78a8756b59b4e..1d3644be6a7ef 100644 --- a/pkgs/development/libraries/gettext/default.nix +++ b/pkgs/development/libraries/gettext/default.nix @@ -12,6 +12,9 @@ stdenv.mkDerivation rec { outputs = [ "out" "doc" ]; + # FIXME stackprotector needs gcc 4.9 in bootstrap tools + hardeningDisable = [ "format" "stackprotector" ]; + LDFLAGS = if stdenv.isSunOS then "-lm -lmd -lmp -luutil -lnvpair -lnsl -lidmap -lavl -lsec" else ""; configureFlags = [ "--disable-csharp" "--with-xz" ] diff --git a/pkgs/development/libraries/giflib/4.1.nix b/pkgs/development/libraries/giflib/4.1.nix index 13cd1c79b6a75..59204e7e7e5aa 100644 --- a/pkgs/development/libraries/giflib/4.1.nix +++ b/pkgs/development/libraries/giflib/4.1.nix @@ -2,10 +2,14 @@ stdenv.mkDerivation { name = "giflib-4.1.6"; + src = fetchurl { url = mirror://sourceforge/giflib/giflib-4.1.6.tar.bz2; sha256 = "1v9b7ywz7qg8hli0s9vv1b8q9xxb2xvqq2mg1zpr73xwqpcwxhg1"; }; + + hardeningDisable = [ "format" ]; + meta = { branch = "4.1"; }; diff --git a/pkgs/development/libraries/giflib/libungif.nix b/pkgs/development/libraries/giflib/libungif.nix index ca2d094572250..123cfca1b82c5 100644 --- a/pkgs/development/libraries/giflib/libungif.nix +++ b/pkgs/development/libraries/giflib/libungif.nix @@ -6,5 +6,7 @@ stdenv.mkDerivation { url = mirror://sourceforge/giflib/libungif-4.1.4.tar.gz; sha256 = "5e65e1e5deacd0cde489900dbf54c6c2ee2ebc818199e720dbad685d87abda3d"; }; + + hardeningDisable = [ "format" ]; } diff --git a/pkgs/development/libraries/glibc/default.nix b/pkgs/development/libraries/glibc/default.nix index 80fc2ce1e93d3..a164c21890ed9 100644 --- a/pkgs/development/libraries/glibc/default.nix +++ b/pkgs/development/libraries/glibc/default.nix @@ -19,6 +19,8 @@ in builder = ./builder.sh; + hardeningDisable = [ "stackprotector" "fortify" ]; + # When building glibc from bootstrap-tools, we need libgcc_s at RPATH for # any program we run, because the gcc will have been placed at a new # store path than that determined when built (as a source for the diff --git a/pkgs/development/libraries/gmp/5.1.x.nix b/pkgs/development/libraries/gmp/5.1.x.nix index 1e9142444d11e..c6cbfdd89b418 100644 --- a/pkgs/development/libraries/gmp/5.1.x.nix +++ b/pkgs/development/libraries/gmp/5.1.x.nix @@ -14,6 +14,9 @@ stdenv.mkDerivation rec { nativeBuildInputs = [ m4 ]; + # FIXME needs gcc 4.9 in bootstrap tools + hardeningDisable = [ "format" "stackprotector" ]; + patches = if stdenv.isDarwin then [ ./need-size-t.patch ] else null; configureFlags = diff --git a/pkgs/development/libraries/gnu-efi/default.nix b/pkgs/development/libraries/gnu-efi/default.nix index e674aae2b58ab..e2861a880c877 100644 --- a/pkgs/development/libraries/gnu-efi/default.nix +++ b/pkgs/development/libraries/gnu-efi/default.nix @@ -11,6 +11,8 @@ stdenv.mkDerivation rec { buildInputs = [ pciutils ]; + hardeningDisable = [ "stackprotector" ]; + makeFlags = [ "PREFIX=\${out}" "CC=gcc" diff --git a/pkgs/development/libraries/gsm/default.nix b/pkgs/development/libraries/gsm/default.nix index fb9ff8eb0fbcc..42d36b8406e21 100644 --- a/pkgs/development/libraries/gsm/default.nix +++ b/pkgs/development/libraries/gsm/default.nix @@ -41,8 +41,6 @@ stdenv.mkDerivation rec { preInstall = "mkdir -p $out/{bin,lib,man/man1,man/man3,include/gsm}"; - NIX_CFLAGS_COMPILE = optional (!staticSupport) "-fPIC"; - parallelBuild = false; meta = with stdenv.lib; { diff --git a/pkgs/development/libraries/gstreamer/legacy/gst-python/default.nix b/pkgs/development/libraries/gstreamer/legacy/gst-python/default.nix index 889f55e500068..c8f928ec4523f 100644 --- a/pkgs/development/libraries/gstreamer/legacy/gst-python/default.nix +++ b/pkgs/development/libraries/gstreamer/legacy/gst-python/default.nix @@ -13,6 +13,8 @@ stdenv.mkDerivation rec { sha256 = "0y1i4n5m1diljqr9dsq12anwazrhbs70jziich47gkdwllcza9lg"; }; + hardeningDisable = [ "bindnow" ]; + # Need to disable the testFake test case due to bug in pygobject. # See https://bugzilla.gnome.org/show_bug.cgi?id=692479 patches = [ ./disable-testFake.patch ]; diff --git a/pkgs/development/libraries/hspell/default.nix b/pkgs/development/libraries/hspell/default.nix index 9b44d12c29347..eebd105a00db0 100644 --- a/pkgs/development/libraries/hspell/default.nix +++ b/pkgs/development/libraries/hspell/default.nix @@ -16,8 +16,6 @@ stdenv.mkDerivation rec { patchPhase = ''patchShebangs .''; buildInputs = [ perl zlib ]; - makeFlags = "CFLAGS=-fPIC"; - meta = { description = "Hebrew spell checker"; homepage = http://hspell.ivrix.org.il/; diff --git a/pkgs/development/libraries/hunspell/default.nix b/pkgs/development/libraries/hunspell/default.nix index 0d0ff38fb47f3..d48c598dd92d7 100644 --- a/pkgs/development/libraries/hunspell/default.nix +++ b/pkgs/development/libraries/hunspell/default.nix @@ -13,6 +13,8 @@ stdenv.mkDerivation rec { buildInputs = [ ncurses readline ]; configureFlags = [ "--with-ui" "--with-readline" ]; + hardeningDisable = [ "format" ]; + meta = with stdenv.lib; { homepage = http://hunspell.sourceforge.net; description = "Spell checker"; diff --git a/pkgs/development/libraries/isl/0.14.1.nix b/pkgs/development/libraries/isl/0.14.1.nix index 8196dec283ac4..77ba20cbb2003 100644 --- a/pkgs/development/libraries/isl/0.14.1.nix +++ b/pkgs/development/libraries/isl/0.14.1.nix @@ -12,6 +12,9 @@ stdenv.mkDerivation rec { enableParallelBuilding = true; + # FIXME needs gcc 4.9 in bootstrap tools + hardeningDisable = [ "stackprotector" ]; + meta = { homepage = http://www.kotnet.org/~skimo/isl/; license = stdenv.lib.licenses.lgpl21; diff --git a/pkgs/development/libraries/itk/default.nix b/pkgs/development/libraries/itk/default.nix index 7b4e3834af768..eda9434ab6572 100644 --- a/pkgs/development/libraries/itk/default.nix +++ b/pkgs/development/libraries/itk/default.nix @@ -12,7 +12,6 @@ stdenv.mkDerivation rec { "-DBUILD_TESTING=OFF" "-DBUILD_EXAMPLES=OFF" "-DBUILD_SHARED_LIBS=ON" - "-DCMAKE_CXX_FLAGS=-fPIC" ]; enableParallelBuilding = true; diff --git a/pkgs/development/libraries/java/swt/default.nix b/pkgs/development/libraries/java/swt/default.nix index e91c8bbca7b97..e45121032d58c 100644 --- a/pkgs/development/libraries/java/swt/default.nix +++ b/pkgs/development/libraries/java/swt/default.nix @@ -23,6 +23,8 @@ in stdenv.mkDerivation rec { fullVersion = "${version}-201202080800"; name = "swt-${version}"; + hardeningDisable = [ "format" ]; + # Alas, the Eclipse Project apparently doesn't produce source-only # releases of SWT. So we just grab a binary release and extract # "src.zip" from that. diff --git a/pkgs/development/libraries/libdnet/default.nix b/pkgs/development/libraries/libdnet/default.nix index 8911539d7b021..dbda4107c485c 100644 --- a/pkgs/development/libraries/libdnet/default.nix +++ b/pkgs/development/libraries/libdnet/default.nix @@ -12,8 +12,6 @@ stdenv.mkDerivation { buildInputs = [ automake autoconf libtool ]; - CFLAGS="-fPIC"; - # .so endings are missing (quick and dirty fix) postInstall = '' for i in $out/lib/*; do diff --git a/pkgs/development/libraries/libelf/default.nix b/pkgs/development/libraries/libelf/default.nix index 623256bb6b7b2..515e0c32ee1ca 100644 --- a/pkgs/development/libraries/libelf/default.nix +++ b/pkgs/development/libraries/libelf/default.nix @@ -9,7 +9,10 @@ stdenv.mkDerivation rec { }; doCheck = true; - + + # FIXME needs gcc 4.9 in bootstrap tools + hardeningDisable = [ "stackprotector" ]; + # For cross-compiling, native glibc is needed for the "gencat" program. crossAttrs = { nativeBuildInputs = [ glibc ]; diff --git a/pkgs/development/libraries/libf2c/default.nix b/pkgs/development/libraries/libf2c/default.nix index 3123bb33d45b4..0d9d89589ffb3 100644 --- a/pkgs/development/libraries/libf2c/default.nix +++ b/pkgs/development/libraries/libf2c/default.nix @@ -2,7 +2,7 @@ stdenv.mkDerivation rec { name = "libf2c-20100903"; - + src = fetchurl { url = http://www.netlib.org/f2c/libf2c.zip; sha256 = "1mcp1lh7gay7hm186dr0wvwd2bc05xydhnc1qy3dqs4n3r102g7i"; @@ -24,6 +24,8 @@ stdenv.mkDerivation rec { buildInputs = [ unzip ]; + hardeningDisable = [ "format" ]; + meta = { description = "F2c converts Fortran 77 source code to C"; homepage = http://www.netlib.org/f2c/; diff --git a/pkgs/development/libraries/libgeotiff/default.nix b/pkgs/development/libraries/libgeotiff/default.nix index d07aae3ab8074..d30ea6e5324b3 100644 --- a/pkgs/development/libraries/libgeotiff/default.nix +++ b/pkgs/development/libraries/libgeotiff/default.nix @@ -10,6 +10,8 @@ stdenv.mkDerivation { buildInputs = [ libtiff ]; + hardeningDisable = [ "format" ]; + meta = { description = "Library implementing attempt to create a tiff based interchange format for georeferenced raster imagery"; homepage = http://www.remotesensing.org/geotiff/geotiff.html; diff --git a/pkgs/development/libraries/libgphoto2/default.nix b/pkgs/development/libraries/libgphoto2/default.nix index 55129a94476aa..6912c02260dc1 100644 --- a/pkgs/development/libraries/libgphoto2/default.nix +++ b/pkgs/development/libraries/libgphoto2/default.nix @@ -14,6 +14,8 @@ stdenv.mkDerivation rec { # These are mentioned in the Requires line of libgphoto's pkg-config file. propagatedBuildInputs = [ libexif ]; + hardeningDisable = [ "format" ]; + meta = { homepage = http://www.gphoto.org/proj/libgphoto2/; description = "A library for accessing digital cameras"; diff --git a/pkgs/development/libraries/libidn/default.nix b/pkgs/development/libraries/libidn/default.nix index b16dc83574149..e49a85942d76c 100644 --- a/pkgs/development/libraries/libidn/default.nix +++ b/pkgs/development/libraries/libidn/default.nix @@ -12,6 +12,8 @@ stdenv.mkDerivation rec { doCheck = ! stdenv.isDarwin; + hardeningDisable = [ "format" ]; + buildInputs = stdenv.lib.optional stdenv.isDarwin libiconv; meta = { diff --git a/pkgs/development/libraries/libmpc/default.nix b/pkgs/development/libraries/libmpc/default.nix index 2a4600f52045c..0d3c9c0997c13 100644 --- a/pkgs/development/libraries/libmpc/default.nix +++ b/pkgs/development/libraries/libmpc/default.nix @@ -16,6 +16,9 @@ stdenv.mkDerivation rec { doCheck = true; + # FIXME needs gcc 4.9 in bootstrap tools + hardeningDisable = [ "stackprotector" ]; + meta = { description = "Library for multiprecision complex arithmetic with exact rounding"; diff --git a/pkgs/development/libraries/librsync/0.9.nix b/pkgs/development/libraries/librsync/0.9.nix index 76daf7d748bf2..5f249582610fb 100644 --- a/pkgs/development/libraries/librsync/0.9.nix +++ b/pkgs/development/libraries/librsync/0.9.nix @@ -1,13 +1,15 @@ -{stdenv, fetchurl}: +{ stdenv, fetchurl }: stdenv.mkDerivation { name = "librsync-0.9.7"; - + src = fetchurl { url = mirror://sourceforge/librsync/librsync-0.9.7.tar.gz; sha256 = "1mj1pj99mgf1a59q9f2mxjli2fzxpnf55233pc1klxk2arhf8cv6"; }; + hardeningDisable = [ "format" ]; + configureFlags = if stdenv.isCygwin then "--enable-static" else "--enable-shared"; crossAttrs = { diff --git a/pkgs/development/libraries/libunwind/default.nix b/pkgs/development/libraries/libunwind/default.nix index da09e2fcbe25d..7eea905f64af4 100644 --- a/pkgs/development/libraries/libunwind/default.nix +++ b/pkgs/development/libraries/libunwind/default.nix @@ -24,7 +24,6 @@ stdenv.mkDerivation rec { propagatedBuildInputs = [ xz ]; - NIX_CFLAGS_COMPILE = if stdenv.system == "x86_64-linux" then "-fPIC" else ""; preInstall = '' mkdir -p "$out/lib" touch "$out/lib/libunwind-generic.so" diff --git a/pkgs/development/libraries/libvisual/default.nix b/pkgs/development/libraries/libvisual/default.nix index dc2f0338b483c..50a1f5ac33776 100644 --- a/pkgs/development/libraries/libvisual/default.nix +++ b/pkgs/development/libraries/libvisual/default.nix @@ -10,6 +10,8 @@ stdenv.mkDerivation rec { buildInputs = [ pkgconfig glib ]; + hardeningDisable = [ "format" ]; + meta = { description = "An abstraction library for audio visualisations"; homepage = "http://sourceforge.net/projects/libvisual/"; diff --git a/pkgs/development/libraries/libyaml-cpp/default.nix b/pkgs/development/libraries/libyaml-cpp/default.nix index f56bf77abfeac..1ba31a7a6d521 100644 --- a/pkgs/development/libraries/libyaml-cpp/default.nix +++ b/pkgs/development/libraries/libyaml-cpp/default.nix @@ -1,4 +1,4 @@ -{ stdenv, fetchurl, cmake, boost, makePIC ? false }: +{ stdenv, fetchurl, cmake, boost }: stdenv.mkDerivation { name = "libyaml-cpp-0.5.1"; @@ -10,8 +10,6 @@ stdenv.mkDerivation { buildInputs = [ cmake boost ]; - cmakeFlags = stdenv.lib.optionals makePIC [ "-DCMAKE_C_FLAGS=-fPIC" "-DCMAKE_CXX_FLAGS=-fPIC" ]; - meta = with stdenv.lib; { homepage = http://code.google.com/p/yaml-cpp/; description = "A YAML parser and emitter for C++"; diff --git a/pkgs/development/libraries/mp4v2/default.nix b/pkgs/development/libraries/mp4v2/default.nix index 06e8c8e5ac35c..ab3c3ed8c5a7b 100644 --- a/pkgs/development/libraries/mp4v2/default.nix +++ b/pkgs/development/libraries/mp4v2/default.nix @@ -17,6 +17,8 @@ stdenv.mkDerivation rec { # `faac' expects `mp4.h'. postInstall = "ln -s mp4v2/mp4v2.h $out/include/mp4.h"; + hardeningDisable = [ "format" ]; + meta = { homepage = http://code.google.com/p/mp4v2; maintainers = [ stdenv.lib.maintainers.urkud ]; diff --git a/pkgs/development/libraries/mpfr/default.nix b/pkgs/development/libraries/mpfr/default.nix index 8a964af01c80a..882e0ec4faaf7 100644 --- a/pkgs/development/libraries/mpfr/default.nix +++ b/pkgs/development/libraries/mpfr/default.nix @@ -15,6 +15,9 @@ stdenv.mkDerivation rec { # mpfr.h requires gmp.h propagatedBuildInputs = [ gmp ]; + # FIXME needs gcc 4.9 in bootstrap tools + hardeningDisable = [ "stackprotector" ]; + configureFlags = stdenv.lib.optional stdenv.isSunOS "--disable-thread-safe" ++ stdenv.lib.optional stdenv.is64bit "--with-pic"; diff --git a/pkgs/development/libraries/nvidia-texture-tools/default.nix b/pkgs/development/libraries/nvidia-texture-tools/default.nix index 754ab4233e586..f35d363e57557 100644 --- a/pkgs/development/libraries/nvidia-texture-tools/default.nix +++ b/pkgs/development/libraries/nvidia-texture-tools/default.nix @@ -15,6 +15,8 @@ stdenv.mkDerivation rec { buildInputs = [ cmake libpng ilmbase libtiff zlib libjpeg mesa libX11 ]; + hardeningDisable = [ "format" ]; + patchPhase = '' # Fix build due to missing dependnecies. echo 'target_link_libraries(bc7 nvmath)' >> src/nvtt/bc7/CMakeLists.txt diff --git a/pkgs/development/libraries/opencascade/6.5.nix b/pkgs/development/libraries/opencascade/6.5.nix index 4228c285dfd5f..86ab85cbb9ae4 100644 --- a/pkgs/development/libraries/opencascade/6.5.nix +++ b/pkgs/development/libraries/opencascade/6.5.nix @@ -26,6 +26,8 @@ stdenv.mkDerivation rec { # https://bugs.freedesktop.org/show_bug.cgi?id=83631 + " -DGLX_GLXEXT_LEGACY"; + hardeningDisable = [ "format" ]; + configureFlags = [ "--with-tcl=${tcl}/lib" "--with-tk=${tk}/lib" "--with-qt=${qt4}" "--with-ftgl=${ftgl}" "--with-freetype=${freetype}" ]; postInstall = '' diff --git a/pkgs/development/libraries/opencascade/default.nix b/pkgs/development/libraries/opencascade/default.nix index ec15d9d631e68..79c24be75146b 100644 --- a/pkgs/development/libraries/opencascade/default.nix +++ b/pkgs/development/libraries/opencascade/default.nix @@ -17,6 +17,8 @@ stdenv.mkDerivation rec { # https://bugs.freedesktop.org/show_bug.cgi?id=83631 NIX_CFLAGS_COMPILE = "-DGLX_GLXEXT_LEGACY"; + hardeningDisable = [ "format" ]; + postInstall = '' mv $out/inc $out/include mkdir -p $out/share/doc/${name} diff --git a/pkgs/development/libraries/opencv/3.x.nix b/pkgs/development/libraries/opencv/3.x.nix index 4a58ae43bb7a0..4f0ed3cd0ea96 100644 --- a/pkgs/development/libraries/opencv/3.x.nix +++ b/pkgs/development/libraries/opencv/3.x.nix @@ -49,6 +49,8 @@ stdenv.mkDerivation rec { enableParallelBuilding = true; + hardeningDisable = [ "bindnow" "relro" ]; + meta = { description = "Open Computer Vision Library with more than 500 algorithms"; homepage = http://opencv.org/; diff --git a/pkgs/development/libraries/opencv/default.nix b/pkgs/development/libraries/opencv/default.nix index 4ce1787dbac6a..4259e9d4d69fc 100644 --- a/pkgs/development/libraries/opencv/default.nix +++ b/pkgs/development/libraries/opencv/default.nix @@ -20,6 +20,8 @@ stdenv.mkDerivation rec { enableParallelBuilding = true; + hardeningDisable = [ "bindnow" "relro" ]; + meta = { description = "Open Computer Vision Library with more than 500 algorithms"; homepage = http://opencv.org/; diff --git a/pkgs/development/libraries/pdf2xml/default.nix b/pkgs/development/libraries/pdf2xml/default.nix index 4ebb0cbcc2607..2431bfafa71d7 100644 --- a/pkgs/development/libraries/pdf2xml/default.nix +++ b/pkgs/development/libraries/pdf2xml/default.nix @@ -2,20 +2,22 @@ stdenv.mkDerivation { name = "pdf2xml"; - + src = fetchurl { url = http://tarballs.nixos.org/pdf2xml.tar.gz; sha256 = "04rl7ppxqgnvxvvws669cxp478lnrdmiqj0g3m4p69bawfjc4z3w"; }; sourceRoot = "pdf2xml/pdf2xml"; - + buildInputs = [libxml2 libxpdf]; patches = [./pdf2xml.patch]; + hardeningDisable = [ "format" ]; + preBuild = '' cp Makefile.linux Makefile - + sed -i 's|/usr/include/libxml2|${libxml2.dev}/include/libxml2|' Makefile sed -i 's|-lxml2|-lxml2 -L${libxml2.out}/lib|' Makefile sed -i 's|XPDF = xpdf_3.01|XPDF = ${libxpdf}/lib|' Makefile @@ -24,7 +26,7 @@ stdenv.mkDerivation { buildFlags+=" CXX=$CXX" ''; - + installPhase = '' mkdir -p $out/bin cp exe/* $out/bin diff --git a/pkgs/development/libraries/plib/default.nix b/pkgs/development/libraries/plib/default.nix index ff60e62cad3ff..dc75a407e92ac 100644 --- a/pkgs/development/libraries/plib/default.nix +++ b/pkgs/development/libraries/plib/default.nix @@ -1,6 +1,5 @@ { fetchurl, stdenv, mesa, freeglut, SDL -, libXi, libSM, libXmu, libXext, libX11, -enablePIC ? false }: +, libXi, libSM, libXmu, libXext, libX11 }: stdenv.mkDerivation rec { name = "plib-1.8.5"; @@ -13,8 +12,6 @@ stdenv.mkDerivation rec { patches = [ ./CVE-2012-4552.patch ]; - NIX_CFLAGS_COMPILE = if enablePIC then "-fPIC" else ""; - propagatedBuildInputs = [ mesa freeglut SDL diff --git a/pkgs/development/libraries/portmidi/default.nix b/pkgs/development/libraries/portmidi/default.nix index 518eeee925385..5c056762a39b4 100644 --- a/pkgs/development/libraries/portmidi/default.nix +++ b/pkgs/development/libraries/portmidi/default.nix @@ -46,6 +46,8 @@ stdenv.mkDerivation rec { buildInputs = [ unzip cmake /*jdk*/ alsaLib ]; + hardeningDisable = [ "format" ]; + meta = { homepage = "http://portmedia.sourceforge.net/portmidi/"; description = "Platform independent library for MIDI I/O"; diff --git a/pkgs/development/libraries/pupnp/default.nix b/pkgs/development/libraries/pupnp/default.nix index c5e26c1dfad56..ad864410b16be 100644 --- a/pkgs/development/libraries/pupnp/default.nix +++ b/pkgs/development/libraries/pupnp/default.nix @@ -8,6 +8,8 @@ stdenv.mkDerivation rec { sha256 = "0amjv4lypvclmi4vim2qdyw5xa6v4x50zjgf682vahqjc0wjn55k"; }; + hardeningDisable = [ "fortify" ]; + meta = { description = "libupnp, an open source UPnP development kit for Linux"; diff --git a/pkgs/development/libraries/qhull/default.nix b/pkgs/development/libraries/qhull/default.nix index f98c7bdb97e47..f2bac09f4bcb8 100644 --- a/pkgs/development/libraries/qhull/default.nix +++ b/pkgs/development/libraries/qhull/default.nix @@ -12,6 +12,8 @@ stdenv.mkDerivation rec { cmakeFlags = "-DMAN_INSTALL_DIR=share/man/man1 -DDOC_INSTALL_DIR=share/doc/qhull"; + hardeningDisable = [ "format" ]; + patchPhase = stdenv.lib.optionalString stdenv.isDarwin '' sed -i 's/namespace std { struct bidirectional_iterator_tag; struct random_access_iterator_tag; }/#include <iterator>/' ./src/libqhullcpp/QhullIterator.h sed -i 's/namespace std { struct bidirectional_iterator_tag; struct random_access_iterator_tag; }/#include <iterator>/' ./src/libqhullcpp/QhullLinkedList.h diff --git a/pkgs/development/libraries/qt-3/default.nix b/pkgs/development/libraries/qt-3/default.nix index 40fa63d75caf9..28271a7a0a081 100644 --- a/pkgs/development/libraries/qt-3/default.nix +++ b/pkgs/development/libraries/qt-3/default.nix @@ -32,6 +32,8 @@ stdenv.mkDerivation { nativeBuildInputs = [ which ]; propagatedBuildInputs = [libpng xlibsWrapper libXft libXrender zlib libjpeg]; + hardeningDisable = [ "format" ]; + configureFlags = " -v -system-zlib -system-libpng -system-libjpeg diff --git a/pkgs/development/libraries/qtscriptgenerator/default.nix b/pkgs/development/libraries/qtscriptgenerator/default.nix index 5b93fbfaade99..3221fec4b4bc6 100644 --- a/pkgs/development/libraries/qtscriptgenerator/default.nix +++ b/pkgs/development/libraries/qtscriptgenerator/default.nix @@ -9,13 +9,13 @@ stdenv.mkDerivation { buildInputs = [ qt4 ]; patches = [ ./qtscriptgenerator.gcc-4.4.patch ./qt-4.8.patch ]; - + # Why isn't the author providing proper Makefile or a CMakeLists.txt ? buildPhase = '' # remove phonon stuff which causes errors (thanks to Gentoo bug reports) sed -i "/typesystem_phonon.xml/d" generator/generator.qrc - sed -i "/qtscript_phonon/d" qtbindings/qtbindings.pro - + sed -i "/qtscript_phonon/d" qtbindings/qtbindings.pro + cd generator qmake make @@ -25,13 +25,15 @@ stdenv.mkDerivation { qmake make ''; - + installPhase = '' cd .. mkdir -p $out/lib/qt4/plugins/script cp -av plugins/script/* $out/lib/qt4/plugins/script ''; + hardeningDisable = [ "format" ]; + meta = { description = "QtScript bindings generator"; homepage = http://code.google.com/p/qtscriptgenerator/; diff --git a/pkgs/development/libraries/science/math/atlas/default.nix b/pkgs/development/libraries/science/math/atlas/default.nix index 23f12e7cf7628..db8aff49c002c 100644 --- a/pkgs/development/libraries/science/math/atlas/default.nix +++ b/pkgs/development/libraries/science/math/atlas/default.nix @@ -73,14 +73,10 @@ stdenv.mkDerivation { configureScript=../configure ''; - # * -fPIC is passed even in non-shared builds so that the ATLAS code can be - # used to inside of shared libraries, like Octave does. - # # * -t 0 disables use of multi-threading. It's not quite clear what the # consequences of that setting are and whether it's necessary or not. configureFlags = [ "-Fa alg" - "-fPIC" "-t ${threads}" cpuConfig ] ++ optional shared "--shared" diff --git a/pkgs/development/libraries/science/math/suitesparse/default.nix b/pkgs/development/libraries/science/math/suitesparse/default.nix index 7dc6c32a8dbe9..b1cf9c83c7b22 100644 --- a/pkgs/development/libraries/science/math/suitesparse/default.nix +++ b/pkgs/development/libraries/science/math/suitesparse/default.nix @@ -38,7 +38,7 @@ stdenv.mkDerivation { "LAPACK=" ]; - NIX_CFLAGS = "-fPIC" + stdenv.lib.optionalString stdenv.isDarwin " -DNTIMER"; + NIX_CFLAGS = stdenv.lib.optionalString stdenv.isDarwin " -DNTIMER"; postInstall = '' # Build and install shared library diff --git a/pkgs/development/libraries/smpeg/default.nix b/pkgs/development/libraries/smpeg/default.nix index 2f300abebbf16..76788aa791bc9 100644 --- a/pkgs/development/libraries/smpeg/default.nix +++ b/pkgs/development/libraries/smpeg/default.nix @@ -12,6 +12,8 @@ stdenv.mkDerivation rec { enableParallelBuilding = true; + hardeningDisable = [ "format" ]; + buildInputs = [ SDL gtk mesa ]; nativeBuildInputs = [ autoconf automake libtool m4 pkgconfig makeWrapper ]; diff --git a/pkgs/development/libraries/speechd/default.nix b/pkgs/development/libraries/speechd/default.nix index 613fee3c6d638..1a943be0fc208 100644 --- a/pkgs/development/libraries/speechd/default.nix +++ b/pkgs/development/libraries/speechd/default.nix @@ -18,6 +18,8 @@ stdenv.mkDerivation rec { ++ lib.optional withPico svox; nativeBuildInputs = [ pkgconfig python3Packages.wrapPython ]; + hardeningDisable = [ "format" ]; + pythonPath = with python3Packages; [ pyxdg ]; postPatch = lib.optionalString withPico '' diff --git a/pkgs/development/libraries/tidyp/default.nix b/pkgs/development/libraries/tidyp/default.nix index fee74f3d6f9e4..ba95da77b72ce 100644 --- a/pkgs/development/libraries/tidyp/default.nix +++ b/pkgs/development/libraries/tidyp/default.nix @@ -8,6 +8,8 @@ stdenv.mkDerivation rec { sha256 = "0f5ky0ih4vap9c6j312jn73vn8m2bj69pl2yd3a5nmv35k9zmc10"; }; + hardeningDisable = [ "format" ]; + meta = with stdenv.lib; { description = "A program that can validate your HTML, as well as modify it to be more clean and standard"; homepage = http://tidyp.com/; diff --git a/pkgs/development/libraries/vxl/default.nix b/pkgs/development/libraries/vxl/default.nix index 725a0bdfceaff..faed2052fa5f5 100644 --- a/pkgs/development/libraries/vxl/default.nix +++ b/pkgs/development/libraries/vxl/default.nix @@ -1,10 +1,12 @@ -{ stdenv, fetchurl, unzip, cmake, libtiff, expat, zlib, libpng, libjpeg }: +{ stdenv, fetchFromGitHub, unzip, cmake, libtiff, expat, zlib, libpng, libjpeg }: stdenv.mkDerivation { - name = "vxl-1.17.0"; + name = "vxl-1.17.0-nix1"; - src = fetchurl { - url = mirror://sourceforge/vxl/vxl-1.17.0.zip; - sha256 = "1qg7i8h201pa8jljg7vph4rlxk6n5cj9f9gd1hkkmbw6fh44lsxh"; + src = fetchFromGitHub { + owner = "vxl"; + repo = "vxl"; + rev = "777c0beb7c8b30117400f6fc9a6d63bf8cb7c67a"; + sha256 = "0xpkwwb93ka6c3da8zjhfg9jk5ssmh9ifdh1by54sz6c7mbp55m8"; }; buildInputs = [ cmake unzip libtiff expat zlib libpng libjpeg ]; diff --git a/pkgs/development/libraries/wvstreams/default.nix b/pkgs/development/libraries/wvstreams/default.nix index b879cf37a3157..ecfc9b88a0e45 100644 --- a/pkgs/development/libraries/wvstreams/default.nix +++ b/pkgs/development/libraries/wvstreams/default.nix @@ -1,4 +1,4 @@ -{ stdenv, gcc46, fetchurl, qt4, dbus, zlib, openssl, readline, perl }: +{ stdenv, fetchurl, qt4, dbus, zlib, openssl, readline, perl }: stdenv.mkDerivation { name = "wvstreams-4.6.1"; @@ -16,7 +16,7 @@ stdenv.mkDerivation { sed -e '1i#include <unistd.h>' -i $(find . -name '*.c' -o -name '*.cc') ''; - buildInputs = [ gcc46 qt4 dbus zlib openssl readline perl ]; + buildInputs = [ qt4 dbus zlib openssl readline perl ]; meta = { description = "Network programming library in C++"; diff --git a/pkgs/development/libraries/xmlrpc-c/default.nix b/pkgs/development/libraries/xmlrpc-c/default.nix index 56bcba8297de0..0b5f08bdf9b34 100644 --- a/pkgs/development/libraries/xmlrpc-c/default.nix +++ b/pkgs/development/libraries/xmlrpc-c/default.nix @@ -19,6 +19,8 @@ stdenv.mkDerivation rec { (cd tools/xmlrpc && make && make install) ''; + hardeningDisable = [ "format" ]; + meta = with stdenv.lib; { description = "A lightweight RPC library based on XML and HTTP"; homepage = http://xmlrpc-c.sourceforge.net/; diff --git a/pkgs/development/libraries/zlib/default.nix b/pkgs/development/libraries/zlib/default.nix index 2176fa6f31ced..77f576239a976 100644 --- a/pkgs/development/libraries/zlib/default.nix +++ b/pkgs/development/libraries/zlib/default.nix @@ -31,6 +31,9 @@ stdenv.mkDerivation rec { fi ''; + # FIXME needs gcc 4.9 in bootstrap tools + hardeningDisable = [ "stackprotector" ]; + configureFlags = stdenv.lib.optional (!static) "--shared"; postInstall = '' @@ -47,8 +50,7 @@ stdenv.mkDerivation rec { # As zlib takes part in the stdenv building, we don't want references # to the bootstrap-tools libgcc (as uses to happen on arm/mips) - NIX_CFLAGS_COMPILE = stdenv.lib.optionalString (!stdenv.isDarwin) "-static-libgcc " - + stdenv.lib.optionalString (stdenv.isFreeBSD) "-fPIC"; + NIX_CFLAGS_COMPILE = stdenv.lib.optionalString (!stdenv.isDarwin) "-static-libgcc"; crossAttrs = { dontStrip = static; diff --git a/pkgs/development/misc/avr-gcc-with-avr-libc/default.nix b/pkgs/development/misc/avr-gcc-with-avr-libc/default.nix index cbd38903aac84..108f3616e64e7 100644 --- a/pkgs/development/misc/avr-gcc-with-avr-libc/default.nix +++ b/pkgs/development/misc/avr-gcc-with-avr-libc/default.nix @@ -19,20 +19,22 @@ stdenv.mkDerivation { sha256 = "0sd9qkvhmk9av4g1f8dsjwc309hf1g0731bhvicnjb3b3d42l1n3"; }) ]; - + sourceRoot = "."; nativeBuildInputs = [ texinfo ]; - + buildInputs = [ gmp mpfr libmpc zlib ]; - + + hardeningDisable = [ "format" ]; + # Make sure we don't strip the libraries in lib/gcc/avr. stripDebugList= [ "bin" "avr/bin" "libexec" ]; - + installPhase = '' # important, without this gcc won't find the binutils executables export PATH=$PATH:$out/bin - + # Binutils. pushd binutils-*/ mkdir obj-avr @@ -64,7 +66,7 @@ stdenv.mkDerivation { make install popd ''; - + meta = with stdenv.lib; { description = "AVR development environment including binutils, avr-gcc and avr-libc"; # I've tried compiling the packages separately.. too much hassle. This just works. Fine. diff --git a/pkgs/development/pharo/vm/build-vm.nix b/pkgs/development/pharo/vm/build-vm.nix index 3dfe913145cec..8265e1dc776ff 100644 --- a/pkgs/development/pharo/vm/build-vm.nix +++ b/pkgs/development/pharo/vm/build-vm.nix @@ -21,6 +21,8 @@ stdenv.mkDerivation rec { mimeType = "application/x-pharo-image"; }; + hardeningDisable = [ "format" ]; + # Building preConfigure = '' cd build/ diff --git a/pkgs/development/python-modules/wxPython/generic.nix b/pkgs/development/python-modules/wxPython/generic.nix index 16c7c1263187c..a5e0552a8c188 100644 --- a/pkgs/development/python-modules/wxPython/generic.nix +++ b/pkgs/development/python-modules/wxPython/generic.nix @@ -11,6 +11,10 @@ stdenv.mkDerivation rec { disabled = isPy3k || isPyPy; doCheck = false; + sourceRoot = "wxPython-src-${version}/wxPython"; + + hardeningDisable = [ "format" ]; + src = fetchurl { url = "mirror://sourceforge/wxpython/wxPython-src-${version}.tar.bz2"; inherit sha256; @@ -18,7 +22,6 @@ stdenv.mkDerivation rec { pythonPath = [ python setuptools ]; buildInputs = [ python setuptools pkgconfig wxGTK (wxGTK.gtk) wrapPython libX11 ] ++ stdenv.lib.optional openglSupport pyopengl; - preConfigure = "cd wxPython"; NIX_LDFLAGS = "-lX11 -lgdk-x11-2.0"; diff --git a/pkgs/development/tools/analysis/cccc/default.nix b/pkgs/development/tools/analysis/cccc/default.nix index c672c7964e75d..b63bc66fabd25 100644 --- a/pkgs/development/tools/analysis/cccc/default.nix +++ b/pkgs/development/tools/analysis/cccc/default.nix @@ -11,7 +11,11 @@ stdenv.mkDerivation { url = "mirror://sourceforge/${name}/${version}/${name}-${version}.tar.gz"; sha256 = "1gsdzzisrk95kajs3gfxks3bjvfd9g680fin6a9pjrism2lyrcr7"; }; + + hardeningDisable = [ "format" ]; + patches = [ ./cccc.patch ]; + preConfigure = '' substituteInPlace install/install.mak --replace /usr/local/bin $out/bin substituteInPlace install/install.mak --replace MKDIR=mkdir "MKDIR=mkdir -p" diff --git a/pkgs/development/tools/analysis/flow/default.nix b/pkgs/development/tools/analysis/flow/default.nix index e0802f9850bfe..d08922458a5fd 100644 --- a/pkgs/development/tools/analysis/flow/default.nix +++ b/pkgs/development/tools/analysis/flow/default.nix @@ -3,13 +3,14 @@ with lib; stdenv.mkDerivation rec { - version = "0.22.1"; + version = "0.22.0"; name = "flow-${version}"; + src = fetchFromGitHub { owner = "facebook"; repo = "flow"; rev = "v${version}"; - sha256 = "11d04g8rvjv2q79pmrjjx8lmmm1ix8kih7wc0adln0ap5123ph46"; + sha256 = "1p8a5cf85ydz6g04zsvsa6sh2b4p94mj9cqj7k6llf0dsiihrv54"; }; installPhase = '' diff --git a/pkgs/development/tools/analysis/radare/default.nix b/pkgs/development/tools/analysis/radare/default.nix index 3c83f0e9d4951..d42227198ce3d 100644 --- a/pkgs/development/tools/analysis/radare/default.nix +++ b/pkgs/development/tools/analysis/radare/default.nix @@ -8,8 +8,8 @@ assert useX11 -> (gtk != null && vte != null && gtkdialog != null); assert rubyBindings -> ruby != null; assert pythonBindings -> python != null; -let - optional = stdenv.lib.optional; +let + inherit (stdenv.lib) optional; in stdenv.mkDerivation rec { name = "radare-1.5.2"; @@ -19,6 +19,7 @@ stdenv.mkDerivation rec { sha256 = "1qdrmcnzfvfvqb27c7pknwm8jl2hqa6c4l66wzyddwlb8yjm46hd"; }; + hardeningDisable = [ "format" ]; buildInputs = [pkgconfig readline libusb perl] ++ optional useX11 [gtkdialog vte gtk] diff --git a/pkgs/development/tools/analysis/rr/default.nix b/pkgs/development/tools/analysis/rr/default.nix index 926aaeb94ccce..4ad19b615f9a6 100644 --- a/pkgs/development/tools/analysis/rr/default.nix +++ b/pkgs/development/tools/analysis/rr/default.nix @@ -23,6 +23,11 @@ stdenv.mkDerivation rec { "-Ddisable32bit=ON" ]; + # we turn on additional warnings due to hardening + NIX_CFLAGS_COMPILE = "-Wno-error"; + + hardeningDisable = [ "fortify" ]; + enableParallelBuilding = true; # FIXME diff --git a/pkgs/development/tools/analysis/valgrind/default.nix b/pkgs/development/tools/analysis/valgrind/default.nix index b4b56be9c6d98..0e0e44183f6bd 100644 --- a/pkgs/development/tools/analysis/valgrind/default.nix +++ b/pkgs/development/tools/analysis/valgrind/default.nix @@ -19,6 +19,8 @@ stdenv.mkDerivation rec { outputs = [ "out" "doc" ]; + hardeningDisable = [ "stackprotector" ]; + # Perl is needed for `cg_annotate'. # GDB is needed to provide a sane default for `--db-command'. nativeBuildInputs = [ perl ]; diff --git a/pkgs/development/tools/boost-build/default.nix b/pkgs/development/tools/boost-build/default.nix index 723219336bb90..240d24961e001 100644 --- a/pkgs/development/tools/boost-build/default.nix +++ b/pkgs/development/tools/boost-build/default.nix @@ -8,6 +8,8 @@ stdenv.mkDerivation rec { sha256 = "10sbbkx2752r4i1yshyp47nw29lyi1p34sy6hj7ivvnddiliayca"; }; + hardeningDisable = [ "format" ]; + patchPhase = '' grep -r '/usr/share/boost-build' \ | awk '{split($0,a,":"); print a[1];}' \ diff --git a/pkgs/development/tools/misc/binutils/default.nix b/pkgs/development/tools/misc/binutils/default.nix index 80b5643aad141..0d13e7c978cf9 100644 --- a/pkgs/development/tools/misc/binutils/default.nix +++ b/pkgs/development/tools/misc/binutils/default.nix @@ -47,6 +47,9 @@ stdenv.mkDerivation rec { inherit noSysDirs; + # FIXME needs gcc 4.9 in bootstrap tools + hardeningDisable = [ "stackprotector" ]; + preConfigure = '' # Clear the default library search path. if test "$noSysDirs" = "1"; then diff --git a/pkgs/development/tools/misc/elfutils/default.nix b/pkgs/development/tools/misc/elfutils/default.nix index 0a62859d20755..d4a2f80599f78 100644 --- a/pkgs/development/tools/misc/elfutils/default.nix +++ b/pkgs/development/tools/misc/elfutils/default.nix @@ -12,6 +12,8 @@ stdenv.mkDerivation rec { patches = [ ./glibc-2.21.patch ]; + hardeningDisable = [ "format" ]; + # We need bzip2 in NativeInputs because otherwise we can't unpack the src, # as the host-bzip2 will be in the path. nativeBuildInputs = [ m4 bison flex gettext bzip2 ]; diff --git a/pkgs/development/tools/misc/gnum4/default.nix b/pkgs/development/tools/misc/gnum4/default.nix index eda98091fc64c..20aa8b1aa1bc0 100644 --- a/pkgs/development/tools/misc/gnum4/default.nix +++ b/pkgs/development/tools/misc/gnum4/default.nix @@ -15,6 +15,9 @@ stdenv.mkDerivation rec { # Upstream is aware of it; it may be in the next release. patches = [ ./s_isdir.patch ]; + # FIXME needs gcc 4.9 in bootstrap tools + hardeningDisable = [ "stackprotector" ]; + meta = { homepage = http://www.gnu.org/software/m4/; description = "GNU M4, a macro processor"; diff --git a/pkgs/development/tools/misc/patchelf/default.nix b/pkgs/development/tools/misc/patchelf/default.nix index 77a1f26616822..807b2a9a49dbd 100644 --- a/pkgs/development/tools/misc/patchelf/default.nix +++ b/pkgs/development/tools/misc/patchelf/default.nix @@ -10,6 +10,9 @@ stdenv.mkDerivation rec { setupHook = [ ./setup-hook.sh ]; + # FIXME needs gcc 4.9 in bootstrap tools + hardeningDisable = [ "stackprotector" ]; + #doCheck = true; # problems when loading libc.so.6 meta = { diff --git a/pkgs/development/tools/misc/texinfo/6.0.nix b/pkgs/development/tools/misc/texinfo/6.0.nix index 507ca22cd1ae2..cf62d906f3c77 100644 --- a/pkgs/development/tools/misc/texinfo/6.0.nix +++ b/pkgs/development/tools/misc/texinfo/6.0.nix @@ -17,6 +17,9 @@ stdenv.mkDerivation rec { configureFlags = stdenv.lib.optional stdenv.isSunOS "AWK=${gawk}/bin/awk"; + # FIXME needs gcc 4.9 in bootstrap tools + hardeningDisable = [ "stackprotector" ]; + preInstall = '' installFlags="TEXMF=$out/texmf-dist"; installTargets="install install-tex"; diff --git a/pkgs/development/tools/omniorb/default.nix b/pkgs/development/tools/omniorb/default.nix index 0fe4b191e5038..da6760897ad74 100644 --- a/pkgs/development/tools/omniorb/default.nix +++ b/pkgs/development/tools/omniorb/default.nix @@ -12,6 +12,8 @@ stdenv.mkDerivation rec { buildInputs = [ python ]; + hardeningDisable = [ "format" ]; + meta = with stdenv.lib; { description = "omniORB is a robust high performance CORBA ORB for C++ and Python. It is freely available under the terms of the GNU Lesser General Public License (for the libraries), and GNU General Public License (for the tools). omniORB is largely CORBA 2.6 compliant"; homepage = "http://omniorb.sourceforge.net/"; diff --git a/pkgs/development/tools/parsing/bison/3.x.nix b/pkgs/development/tools/parsing/bison/3.x.nix index 6aa717c53cdef..ebbee4e693dc9 100644 --- a/pkgs/development/tools/parsing/bison/3.x.nix +++ b/pkgs/development/tools/parsing/bison/3.x.nix @@ -11,6 +11,9 @@ stdenv.mkDerivation rec { nativeBuildInputs = [ m4 perl ] ++ stdenv.lib.optional stdenv.isSunOS help2man; propagatedBuildInputs = [ m4 ]; + # FIXME needs gcc 4.9 in bootstrap tools + hardeningDisable = [ "stackprotector" ]; + meta = { homepage = "http://www.gnu.org/software/bison/"; description = "Yacc-compatible parser generator"; diff --git a/pkgs/development/tools/toluapp/default.nix b/pkgs/development/tools/toluapp/default.nix index 73a8b64ed22aa..69dfa0280e508 100644 --- a/pkgs/development/tools/toluapp/default.nix +++ b/pkgs/development/tools/toluapp/default.nix @@ -20,8 +20,6 @@ stdenv.mkDerivation rec { --replace /usr/local $out ''; - NIX_CFLAGS_COMPILE = "-fPIC"; - buildPhase = ''scons''; installPhase = ''scons install''; diff --git a/pkgs/development/web/wml/default.nix b/pkgs/development/web/wml/default.nix index 3d47d32f1c836..58336c80e04f9 100644 --- a/pkgs/development/web/wml/default.nix +++ b/pkgs/development/web/wml/default.nix @@ -21,12 +21,14 @@ perlPackages.buildPerlPackage rec { sed -i 's/ doc / /g' wml_backend/p2_mp4h/Makefile.in sed -i '/p2_mp4h\/doc/d' Makefile.in ''; - + buildInputs = with perlPackages; [ perl TermReadKey GD BitVector ncurses lynx makeWrapper ImageSize ]; patches = [ ./redhat-with-thr.patch ./dynaloader.patch ./no_bitvector.patch ]; - + + hardeningDisable = [ "format" ]; + postPatch = '' substituteInPlace wml_frontend/wml.src \ --replace "File::PathConvert::realpath" "Cwd::realpath" \ |