diff options
Diffstat (limited to 'pkgs')
18 files changed, 137 insertions, 53 deletions
diff --git a/pkgs/applications/display-managers/lightdm-gtk-greeter/default.nix b/pkgs/applications/display-managers/lightdm-gtk-greeter/default.nix index 0e75005d13b4f..69f1eef9cecbc 100644 --- a/pkgs/applications/display-managers/lightdm-gtk-greeter/default.nix +++ b/pkgs/applications/display-managers/lightdm-gtk-greeter/default.nix @@ -20,7 +20,13 @@ stdenv.mkDerivation rec { sha256 = "1nb8ljrbrp1zga083g3b633xi3izxxm4jipw1qgial1x16mqc0hz"; }; - patches = [ ./lightdm-gtk-greeter.patch ]; + patches = [ + ./lightdm-gtk-greeter.patch + (fetchurl { # CVE-2014-0979, https://bugs.launchpad.net/lightdm-gtk-greeter/+bug/1266449 + url = "https://launchpadlibrarian.net/161796033/07_fix-NULL-username.patch"; + sha256 = "1sqkhsz1z10k6vlmlrqrfx452lznv30885fmnzc73p2zxdlw9q1a"; + }) + ]; patchFlags = "-p1"; buildInputs = [ pkgconfig lightdm intltool ] diff --git a/pkgs/applications/graphics/gimp/2.8.nix b/pkgs/applications/graphics/gimp/2.8.nix index 423b9f3ce22f8..0f8d6d45f1286 100644 --- a/pkgs/applications/graphics/gimp/2.8.nix +++ b/pkgs/applications/graphics/gimp/2.8.nix @@ -34,5 +34,6 @@ stdenv.mkDerivation rec { description = "The GNU Image Manipulation Program"; homepage = http://www.gimp.org/; license = "GPL"; + platforms = stdenv.lib.platforms.linux; }; } diff --git a/pkgs/applications/graphics/gimp/default.nix b/pkgs/applications/graphics/gimp/default.nix deleted file mode 100644 index 33d52c6645bed..0000000000000 --- a/pkgs/applications/graphics/gimp/default.nix +++ /dev/null @@ -1,32 +0,0 @@ -{ stdenv, fetchurl, pkgconfig, gtk, freetype -, fontconfig, libart_lgpl, libtiff, libjpeg, libpng, libexif, zlib, perl -, perlXMLParser, python, pygtk, gettext, xlibs, intltool, babl_0_0_22, gegl_0_0_22 -}: - -stdenv.mkDerivation rec { - name = "gimp-2.6.12"; - - src = fetchurl { - url = "ftp://ftp.gtk.org/pub/gimp/v2.6/${name}.tar.bz2"; - sha256 = "0qpcgaa4pdqqhyyy8vjvzfflxgsrrs25zk79gixzlnbzq3qwjlym"; - }; - - buildInputs = [ - pkgconfig gtk freetype fontconfig - libart_lgpl libtiff libjpeg libpng libexif zlib perl - perlXMLParser python pygtk gettext intltool babl_0_0_22 gegl_0_0_22 - ]; - - passthru = { inherit gtk; }; # probably its a good idea to use the same gtk in plugins ? - - configureFlags = [ "--disable-print" ]; - - # "screenshot" needs this. - NIX_LDFLAGS = "-rpath ${xlibs.libX11}/lib"; - - meta = { - description = "The GNU Image Manipulation Program"; - homepage = http://www.gimp.org/; - license = "GPL"; - }; -} diff --git a/pkgs/applications/networking/cluster/hadoop/default.nix b/pkgs/applications/networking/cluster/hadoop/default.nix index ef2f16e319361..f6e86c6289cf0 100644 --- a/pkgs/applications/networking/cluster/hadoop/default.nix +++ b/pkgs/applications/networking/cluster/hadoop/default.nix @@ -2,11 +2,11 @@ stdenv.mkDerivation rec { - name = "hadoop-2.0.2-alpha"; + name = "hadoop-2.2.0"; src = fetchurl { url = "mirror://apache/hadoop/common/${name}/${name}.tar.gz"; - sha256 = "1r7ailmqhny3pl5nb8bcblnhckszy6hb9n58kwa3s4b8qfk87gkb"; + sha256 = "0r0kx8arsrvmcfy0693hpv4cz3i0razvk1xa3yhlf3ybb80a8106"; }; buildInputs = [ makeWrapper ]; diff --git a/pkgs/applications/video/gnash/default.nix b/pkgs/applications/video/gnash/default.nix index 4f2addcc99b0c..0291e7593ea72 100644 --- a/pkgs/applications/video/gnash/default.nix +++ b/pkgs/applications/video/gnash/default.nix @@ -10,7 +10,13 @@ assert stdenv ? glibc; -let version = "0.8.10"; in +let version = "0.8.10"; + patch_CVE = fetchurl { + url = "http://git.savannah.gnu.org/cgit/gnash.git/patch/?id=bb4dc77eecb6ed1b967e3ecbce3dac6c5e6f1527"; + sha256 = "1g7ymbq9vxi0mwcgs2dpyd2sf30gaam7blza0ywiwj32f5wk62v1"; + name = "CVE-2012-1175.patch"; + }; +in stdenv.mkDerivation rec { name = "gnash-${version}"; @@ -21,6 +27,8 @@ stdenv.mkDerivation rec { }; patchPhase = '' + patch -p1 < ${patch_CVE} + # Add all libs to `macros/libslist', a list of library search paths. for lib in ${lib.concatStringsSep " " (map (lib: "\"${lib}\"/lib") diff --git a/pkgs/build-support/release/debian-build.nix b/pkgs/build-support/release/debian-build.nix index ba7be86a6c1e7..168b44ad74c75 100644 --- a/pkgs/build-support/release/debian-build.nix +++ b/pkgs/build-support/release/debian-build.nix @@ -51,7 +51,7 @@ vmTools.runInLinuxImage (stdenv.mkDerivation ( ''; installPhase = '' - eval "$preInstall" + eval "$preInstall" export LOGNAME=root ${checkinstall}/sbin/checkinstall --nodoc -y -D \ @@ -59,6 +59,8 @@ vmTools.runInLinuxImage (stdenv.mkDerivation ( --requires="${concatStringsSep "," debRequires}" \ --provides="${concatStringsSep "," debProvides}" \ ${optionalString (src ? version) "--pkgversion=$(echo ${src.version} | tr _ -)"} \ + ''${debMaintainer:+--maintainer="'$debMaintainer'"} \ + $checkInstallFlags \ make install mkdir -p $out/debs @@ -79,7 +81,7 @@ vmTools.runInLinuxImage (stdenv.mkDerivation ( echo "file deb-extra $(ls $i/debs/*.deb | sort | head -1)" >> $out/nix-support/hydra-build-products done - eval "$postInstall" + eval "$postInstall" ''; # */ meta = (if args ? meta then args.meta else {}) // { diff --git a/pkgs/build-support/release/nix-build.nix b/pkgs/build-support/release/nix-build.nix index 42533b0094aab..993f12bc30023 100644 --- a/pkgs/build-support/release/nix-build.nix +++ b/pkgs/build-support/release/nix-build.nix @@ -79,7 +79,7 @@ stdenv.mkDerivation ( prePhases = ["initPhase"] ++ prePhases; - buildInputs = buildInputs ++ [ args.makeCoverageAnalysisReport ]; + buildInputs = buildInputs ++ stdenv.lib.optional doCoverageAnalysis args.makeCoverageAnalysisReport; lcovFilter = ["/nix/store/*"] ++ lcovFilter; diff --git a/pkgs/development/libraries/boost/1.49.nix b/pkgs/development/libraries/boost/1.49.nix index f502df4e19c31..fca4249e963da 100644 --- a/pkgs/development/libraries/boost/1.49.nix +++ b/pkgs/development/libraries/boost/1.49.nix @@ -57,7 +57,12 @@ stdenv.mkDerivation { }; # See <http://svn.boost.org/trac/boost/ticket/4688>. - patches = [ ./boost_filesystem_post_1_49_0.patch ./time_utc.patch ./boost-149-cstdint.patch ] ++ (stdenv.lib.optional stdenv.isDarwin ./boost-149-darwin.patch ); + patches = [ + ./CVE-2013-0252.patch # https://svn.boost.org/trac/boost/ticket/7743 + ./boost_filesystem_post_1_49_0.patch + ./time_utc.patch + ./boost-149-cstdint.patch + ] ++ (stdenv.lib.optional stdenv.isDarwin ./boost-149-darwin.patch ); enableParallelBuilding = true; diff --git a/pkgs/development/libraries/boost/CVE-2013-0252.patch b/pkgs/development/libraries/boost/CVE-2013-0252.patch new file mode 100644 index 0000000000000..fce52d479692a --- /dev/null +++ b/pkgs/development/libraries/boost/CVE-2013-0252.patch @@ -0,0 +1,48 @@ +Index: /boost/locale/utf.hpp +=================================================================== +--- /boost/locale/utf.hpp (revision 78304) ++++ /boost/locale/utf.hpp (revision 81590) +@@ -220,4 +220,6 @@ + return incomplete; + tmp = *p++; ++ if (!is_trail(tmp)) ++ return illegal; + c = (c << 6) | ( tmp & 0x3F); + case 2: +@@ -225,4 +227,6 @@ + return incomplete; + tmp = *p++; ++ if (!is_trail(tmp)) ++ return illegal; + c = (c << 6) | ( tmp & 0x3F); + case 1: +@@ -230,4 +234,6 @@ + return incomplete; + tmp = *p++; ++ if (!is_trail(tmp)) ++ return illegal; + c = (c << 6) | ( tmp & 0x3F); + } +Index: /libs/locale/test/test_codepage_converter.cpp +=================================================================== +--- /libs/locale/test/test_codepage_converter.cpp (revision 73786) ++++ /libs/locale/test/test_codepage_converter.cpp (revision 81590) +@@ -140,4 +140,18 @@ + TEST_TO("\xf8\x90\x80\x80\x80",illegal); // 400 0000 + TEST_TO("\xfd\xbf\xbf\xbf\xbf\xbf",illegal); // 7fff ffff ++ ++ std::cout << "-- Invalid trail" << std::endl; ++ TEST_TO("\xC2\x7F",illegal); ++ TEST_TO("\xdf\x7F",illegal); ++ TEST_TO("\xe0\x7F\x80",illegal); ++ TEST_TO("\xef\xbf\x7F",illegal); ++ TEST_TO("\xe0\x7F\x80",illegal); ++ TEST_TO("\xef\xbf\x7F",illegal); ++ TEST_TO("\xf0\x7F\x80\x80",illegal); ++ TEST_TO("\xf4\x7f\xbf\xbf",illegal); ++ TEST_TO("\xf0\x90\x7F\x80",illegal); ++ TEST_TO("\xf4\x8f\x7F\xbf",illegal); ++ TEST_TO("\xf0\x90\x80\x7F",illegal); ++ TEST_TO("\xf4\x8f\xbf\x7F",illegal); + + std::cout << "-- Invalid length" << std::endl; diff --git a/pkgs/development/libraries/gnutls/2.12.nix b/pkgs/development/libraries/gnutls/2.12.nix index 86829a3a44b7f..fa9e5c69b796c 100644 --- a/pkgs/development/libraries/gnutls/2.12.nix +++ b/pkgs/development/libraries/gnutls/2.12.nix @@ -12,6 +12,13 @@ stdenv.mkDerivation rec { sha256 = "1lkys703z4yxfgzarmgas5ccvn6m254w9wvm7s8v0zkj81z7m9nz"; }; + patches = [(fetchurl { + url = "http://anonscm.debian.org/viewvc/pkg-gnutls/packages/gnutls26/trunk/" + + "debian/patches/21_sanitycheck.diff?revision=1777&view=co"; + sha256 = "0k18a7q6irmgjzp647bd18zccjpsr82n2s9arpamnkakgnny4ks9"; + name = "CVE-2013-2116.patch"; + })]; + configurePhase = '' ./configure --prefix="$out" \ --disable-dependency-tracking --enable-fast-install \ diff --git a/pkgs/development/libraries/gnutls/3.2.nix b/pkgs/development/libraries/gnutls/3.2.nix index 5a5b6aa94e2b4..03a0c0019790a 100644 --- a/pkgs/development/libraries/gnutls/3.2.nix +++ b/pkgs/development/libraries/gnutls/3.2.nix @@ -5,11 +5,11 @@ assert guileBindings -> guile != null; stdenv.mkDerivation (rec { - name = "gnutls-3.2.4"; + name = "gnutls-3.2.10"; src = fetchurl { url = "ftp://ftp.gnutls.org/gcrypt/gnutls/v3.2/${name}.tar.lz"; - sha256 = "0zl4h37g51xyaalv3qp2hvn1m6z7xzfw4yvpvi6mby4x5sqrrp8i"; + sha256 = "1g1w93d66sz51977zbqd56641r501a1djcwhykbjm8alhyz1564h"; }; # Note: GMP is a dependency of Nettle, whose public headers include diff --git a/pkgs/development/libraries/gnutls/default.nix b/pkgs/development/libraries/gnutls/default.nix index 0a98a2698fd96..8750dd568f750 100644 --- a/pkgs/development/libraries/gnutls/default.nix +++ b/pkgs/development/libraries/gnutls/default.nix @@ -5,11 +5,11 @@ assert guileBindings -> guile != null; stdenv.mkDerivation (rec { - name = "gnutls-3.1.12"; + name = "gnutls-3.1.20"; src = fetchurl { url = "ftp://ftp.gnutls.org/gcrypt/gnutls/v3.1/${name}.tar.lz"; - sha256 = "1h8j3xi2jad2dclybgqffb5264hdqrxpsx99irs03yy9np6iw5l8"; + sha256 = "1a8pzc29sn1kmbqvldljf4kmbz60pdk931dirk5jdd0qpf8fzd5x"; }; # Note: GMP is a dependency of Nettle, whose public headers include diff --git a/pkgs/development/libraries/haskell/scotty-hastache/default.nix b/pkgs/development/libraries/haskell/scotty-hastache/default.nix new file mode 100644 index 0000000000000..76e6fe45ad12c --- /dev/null +++ b/pkgs/development/libraries/haskell/scotty-hastache/default.nix @@ -0,0 +1,19 @@ +{ cabal, blazeHtml, blazeMarkup, filepath, hastache, httpTypes, mtl +, scotty, text, wai, warp +}: + +cabal.mkDerivation (self: { + pname = "scotty-hastache"; + version = "0.2.0"; + sha256 = "105cxlasj4sl4ddzg8ms6k95078q10zcm2c86jcn76s0jmv95669"; + buildDepends = [ + blazeHtml blazeMarkup filepath hastache httpTypes mtl scotty text + wai warp + ]; + meta = { + homepage = "https://github.com/scotty-web/scotty-hastache"; + description = "Easy Mustache templating support for Scotty"; + license = self.stdenv.lib.licenses.bsd3; + platforms = self.ghc.meta.platforms; + }; +}) diff --git a/pkgs/development/libraries/haskell/wai-middleware-static/default.nix b/pkgs/development/libraries/haskell/wai-middleware-static/default.nix new file mode 100644 index 0000000000000..859c75c39c3d1 --- /dev/null +++ b/pkgs/development/libraries/haskell/wai-middleware-static/default.nix @@ -0,0 +1,14 @@ +{ cabal, filepath, httpTypes, mtl, text, wai }: + +cabal.mkDerivation (self: { + pname = "wai-middleware-static"; + version = "0.4.0.2"; + sha256 = "0nw54h8baphjdwsd118g9j5w4g2mnb2hrny0n4ih4jlqlcqam3lf"; + buildDepends = [ filepath httpTypes mtl text wai ]; + meta = { + homepage = "https://github.com/scotty-web/scotty"; + description = "WAI middleware that intercepts requests to static files"; + license = self.stdenv.lib.licenses.bsd3; + platforms = self.ghc.meta.platforms; + }; +}) diff --git a/pkgs/development/libraries/libarchive/default.nix b/pkgs/development/libraries/libarchive/default.nix index 7abad2f2d089e..b7b001e44eb2c 100644 --- a/pkgs/development/libraries/libarchive/default.nix +++ b/pkgs/development/libraries/libarchive/default.nix @@ -12,6 +12,12 @@ stdenv.mkDerivation rec { sha256 = "0pixqnrcf35dnqgv0lp7qlcw7k13620qkhgxr288v7p4iz6ym1zb"; }; + patches = [(fetchurl { + url = "https://github.com/libarchive/libarchive/commit/22531545514043e04633e1c015c7540b9de9dbe4.patch"; + sha256 = "0c1a0prlpq5nn7zgs7cqvw9xnmhkkc8l0mpsip86k1lafircqhzh"; + name = "CVE-2013-0211.patch"; + })]; + buildInputs = [ sharutils libxml2 zlib bzip2 openssl xz ] ++ stdenv.lib.optionals stdenv.isLinux [ e2fsprogs attr acl ]; diff --git a/pkgs/tools/networking/socat/2.x.nix b/pkgs/tools/networking/socat/2.x.nix index 6218031344266..885f2d005d8a6 100644 --- a/pkgs/tools/networking/socat/2.x.nix +++ b/pkgs/tools/networking/socat/2.x.nix @@ -1,11 +1,11 @@ { stdenv, fetchurl, openssl }: stdenv.mkDerivation rec { - name = "socat-2.0.0-b6"; + name = "socat-2.0.0-b7"; src = fetchurl { url = "http://www.dest-unreach.org/socat/download/${name}.tar.bz2"; - sha256 = "03n70v7ygsl4ji7rwvyv8f70d3q32jnas26j29amkf3fm4agnhvz"; + sha256 = "0h6k9ccrnziw03j0if7myrd28vcc97nwz1bifmbrkp5jkpk69ygk"; }; buildInputs = [ openssl ]; diff --git a/pkgs/top-level/all-packages.nix b/pkgs/top-level/all-packages.nix index 3b7ca278dbc07..f027cbe2e16a4 100644 --- a/pkgs/top-level/all-packages.nix +++ b/pkgs/top-level/all-packages.nix @@ -4323,7 +4323,8 @@ let gnu-efi = callPackage ../development/libraries/gnu-efi { }; - gnutls = callPackage ../development/libraries/gnutls { + gnutls = gnutls32; + gnutls31 = callPackage ../development/libraries/gnutls { guileBindings = config.gnutls.guile or true; }; @@ -7930,11 +7931,6 @@ let get_iplayer = callPackage ../applications/misc/get_iplayer {}; - gimp_2_6 = callPackage ../applications/graphics/gimp { - inherit (gnome) libart_lgpl; - libpng = libpng12; - }; - gimp_2_8 = callPackage ../applications/graphics/gimp/2.8.nix { inherit (gnome) libart_lgpl; webkit = null; diff --git a/pkgs/top-level/haskell-packages.nix b/pkgs/top-level/haskell-packages.nix index d9e8fbc958b44..f14e7150ba812 100644 --- a/pkgs/top-level/haskell-packages.nix +++ b/pkgs/top-level/haskell-packages.nix @@ -2080,6 +2080,8 @@ let result = let callPackage = x : y : modifyPrio (newScope result.finalReturn x scotty = callPackage ../development/libraries/haskell/scotty {}; + scottyHastache = callPackage ../development/libraries/haskell/scotty-hastache {}; + securemem = callPackage ../development/libraries/haskell/securemem {}; sendfile = callPackage ../development/libraries/haskell/sendfile {}; @@ -2349,7 +2351,7 @@ let result = let callPackage = x : y : modifyPrio (newScope result.finalReturn x timeCompat = callPackage ../development/libraries/haskell/time-compat {}; tls_1_1_5 = callPackage ../development/libraries/haskell/tls/1.1.5.nix {}; - tls_1_2_2 = callPackage ../development/libraries/haskell/tls/1.1.5.nix {}; + tls_1_2_2 = callPackage ../development/libraries/haskell/tls/1.2.2.nix {}; tls = self.tls_1_2_2; tlsExtra = callPackage ../development/libraries/haskell/tls-extra { @@ -2478,6 +2480,8 @@ let result = let callPackage = x : y : modifyPrio (newScope result.finalReturn x waiLogger = callPackage ../development/libraries/haskell/wai-logger {}; + waiMiddlewareStatic = callPackage ../development/libraries/haskell/wai-middleware-static {}; + waiTest = callPackage ../development/libraries/haskell/wai-test {}; warp = callPackage ../development/libraries/haskell/warp {}; |