Merge #2798: stdenv and a few other big updates

Stdenv-changing things: - gcc 4.8.2 -> 4.8.3 - long-running grsecurity branch Others: - pkgconfig update - CVE for libtasn1, dbus Conflicts (simple): pkgs/development/compilers/ghc/7.6.3.nix
2014-06-16 10:23:36 +02:00
parent 5e16c9428b 9757785295
commit 1b78ca58bc
52 changed files with 2216 additions and 368 deletions
--- a/pkgs/development/libraries/dbus/default.nix
+++ b/pkgs/development/libraries/dbus/default.nix
@@ -3,8 +3,8 @@
 , libX11, libICE, libSM, useX11 ? (stdenv.isLinux || stdenv.isDarwin) }:

 let
-  version = "1.8.2";
-  sha256 = "025f7dnhr4gy5vcqsvn78x2bk382ldvf4x3ryd9wkbb5250zg2an";
+  version = "1.8.4";
+  sha256 = "1y0zcmd4jsf2gq5yymz9gcnwxijh0vxbmxz73q3l440is343vxiy";

  inherit (stdenv) lib;

--- a/pkgs/development/libraries/gstreamer/legacy/gstreamer/default.nix
+++ b/pkgs/development/libraries/gstreamer/legacy/gstreamer/default.nix
@@ -22,8 +22,12 @@ stdenv.mkDerivation rec {
    --disable-examples --enable-failing-tests --localstatedir=/var --disable-gtk-doc --disable-docbook
  '';

-  # Hm, apparently --disable-gtk-doc is ignored...
-  postInstall = "rm -rf $out/share/gtk-doc";
+  postInstall = ''
+    # Hm, apparently --disable-gtk-doc is ignored...
+    rm -rf $out/share/gtk-doc
+
+    paxmark m $out/bin/gst-launch* $out/libexec/gstreamer-*/gst-plugin-scanner
+  '';

  setupHook = ./setup-hook.sh;

--- a/pkgs/development/libraries/libffi/default.nix
+++ b/pkgs/development/libraries/libffi/default.nix
@@ -8,9 +8,13 @@ stdenv.mkDerivation rec {
    sha256 = "077ibkf84bvcd6rw1m6jb107br63i2pp301rkmsbgg6300adxp8x";
  };

+  patches = stdenv.lib.optional (stdenv.needsPax) ./libffi-3.0.13-emutramp_pax_proc.patch;
+
  buildInputs = stdenv.lib.optional doCheck dejagnu;

-  configureFlags = [ "--with-gcc-arch=generic" ]; # no detection of -march= or -mtune=
+  configureFlags = [
+    "--with-gcc-arch=generic" # no detection of -march= or -mtune=
+  ] ++ stdenv.lib.optional (stdenv.needsPax) "--enable-pax_emutramp";

  doCheck = stdenv.isLinux; # until we solve dejagnu problems on darwin and expect on BSD

--- a/pkgs/development/libraries/libffi/libffi-3.0.13-emutramp_pax_proc.patch
+++ b/pkgs/development/libraries/libffi/libffi-3.0.13-emutramp_pax_proc.patch
@@ -0,0 +1,37 @@
+2013-05-22  Magnus Granberg  <zorry@gentoo.org>
+
+	#457194
+	* src/closuer.c (emutramp_enabled_check): Check with /proc.
+
+--- a/src/closures.c	2013-03-17 23:27:11.000000000 +0100
+++ b/src/closures.c	2013-04-29 23:26:02.279022022 +0200
+@@ -181,10 +181,26 @@ static int emutramp_enabled = -1;
+ static int
+ emutramp_enabled_check (void)
+ {
+-  if (getenv ("FFI_DISABLE_EMUTRAMP") == NULL)
+-    return 1;
+-  else
+  char *buf = NULL;
+  size_t len = 0;
+  FILE *f;
+  int ret;
+  f = fopen ("/proc/self/status", "r");
+  if (f == NULL)
+     return 0;
+  ret = 0;
+
+  while (getline (&buf, &len, f) != -1)
+    if (!strncmp (buf, "PaX:", 4))
+      {
+        char emutramp;
+        if (sscanf (buf, "%*s %*c%c", &emutramp) == 1)
+          ret = (emutramp == 'E');
+        break;
+      }
+  free (buf);
+  fclose (f);
+  return ret;
+ }
+ 
+ #define is_emutramp_enabled() (emutramp_enabled >= 0 ? emutramp_enabled \
--- a/pkgs/development/libraries/libshout/default.nix
+++ b/pkgs/development/libraries/libshout/default.nix
@@ -1,17 +1,18 @@
-{stdenv, fetchurl, pkgconfig 
-, libvorbis, libtheora, speex}:
+{ stdenv, fetchurl, pkgconfig
+, libvorbis, libtheora, speex }:

 # need pkgconfig so that libshout installs ${out}/lib/pkgconfig/shout.pc

 stdenv.mkDerivation rec {
-	name = "libshout-2.3.1";
+  name = "libshout-2.3.1";

-	src = fetchurl {
-		url = "http://downloads.xiph.org/releases/libshout/${name}.tar.gz";
-		sha256 = "cf3c5f6b4a5e3fcfbe09fb7024aa88ad4099a9945f7cb037ec06bcee7a23926e";
-	};
+  src = fetchurl {
+    url = "http://downloads.xiph.org/releases/libshout/${name}.tar.gz";
+    sha256 = "cf3c5f6b4a5e3fcfbe09fb7024aa88ad4099a9945f7cb037ec06bcee7a23926e";
+  };

-  buildInputs = [ libvorbis libtheora speex pkgconfig ];
+  nativeBuildInputs = [ pkgconfig ];
+  propagatedBuildInputs = [ libvorbis libtheora speex ];

  meta = {
    description = "icecast 'c' language bindings";
--- a/pkgs/development/libraries/libtasn1/default.nix
+++ b/pkgs/development/libraries/libtasn1/default.nix
@@ -1,11 +1,11 @@
 { stdenv, fetchurl, perl, texinfo }:

 stdenv.mkDerivation rec {
-  name = "libtasn1-3.4";
+  name = "libtasn1-3.6";

  src = fetchurl {
    url = "mirror://gnu/libtasn1/${name}.tar.gz";
-    sha256 = "1j5cwsjk9wai700ljsr5qyzywijrr5ba05hhg4mkgqlg8mx50lzk";
+    sha256 = "0c547qa1vfk1x2jzgjhf65izf4sfi86c6g46q7779g4aldk4gqqr";
  };

  buildInputs = [ perl texinfo ];
--- a/pkgs/development/libraries/mesa/default.nix
+++ b/pkgs/development/libraries/mesa/default.nix
@@ -1,7 +1,8 @@
-{ stdenv, fetchurl, pkgconfig, intltool, flex, bison, autoreconfHook
+{ stdenv, fetchurl, pkgconfig, intltool, flex, bison, autoreconfHook, substituteAll
 , python, libxml2Python, file, expat, makedepend
 , libdrm, xorg, wayland, udev, llvm, libffi
 , libvdpau, libelf
+, grsecEnabled
 , enableTextureFloats ? false # Texture floats are patented, see docs/patents.txt
 , enableExtraFeatures ? false # not maintained
 }:
@@ -23,7 +24,7 @@ else
 */

 let
-  version = "10.1.4";
+  version = "10.1.5";
  # this is the default search path for DRI drivers
  driverLink = "/run/opengl-driver" + stdenv.lib.optionalString stdenv.isi686 "-32";
 in
@@ -34,16 +35,21 @@ stdenv.mkDerivation {

  src =  fetchurl {
    url = "ftp://ftp.freedesktop.org/pub/mesa/${version}/MesaLib-${version}.tar.bz2";
-    sha256 = "0g2j2zz7yq3i8k8dkji8h7iqfbcm8afb5lrb4dxrcyjl1bh6gibg";
+    sha256 = "1g2vy7zaamzs00xasiwg0d6cb5sclfd9v8jms14ll9bghg3mwv5w";
  };

  prePatch = "patchShebangs .";

  patches = [
    ./static-gallium.patch
+    ./glx_ro_text_segm.patch # fix for grsecurity/PaX
   # TODO: revive ./dricore-gallium.patch when it gets ported (from Ubuntu),
   #  as it saved ~35 MB in $drivers; watch https://launchpad.net/ubuntu/+source/mesa/+changelog
-  ];
+  ] ++ optional stdenv.isLinux
+      (substituteAll {
+        src = ./dlopen-absolute-paths.diff;
+        inherit udev;
+      });

  # Change the search path for EGL drivers from $drivers/* to driverLink
  postPatch = ''
@@ -79,7 +85,8 @@ stdenv.mkDerivation {
      "--enable-openvg" "--enable-gallium-egl" # not needed for EGL in Gallium, but OpenVG might be useful
      #"--enable-xvmc" # tests segfault with 9.1.{1,2,3}
      #"--enable-opencl" # ToDo: opencl seems to need libclc for clover
-    ];
+    ]
+    ++ optional grsecEnabled "--enable-glx-rts"; # slight performance degradation, enable only for grsec

  nativeBuildInputs = [ pkgconfig python makedepend file flex bison ];

--- a/pkgs/development/libraries/mesa/dlopen-absolute-paths.diff
+++ b/pkgs/development/libraries/mesa/dlopen-absolute-paths.diff
@@ -0,0 +1,13 @@
+diff --git a/src/loader/loader.c b/src/loader/loader.c
+index 666d015..4d7a9be 100644
+--- a/src/loader/loader.c
+++ b/src/loader/loader.c
+@@ -101,7 +101,7 @@ static void *
+ udev_dlopen_handle(void)
+ {
+    if (!udev_handle) {
+-      udev_handle = dlopen("libudev.so.1", RTLD_LOCAL | RTLD_LAZY);
+      udev_handle = dlopen("@udev@/lib/libudev.so.1", RTLD_LOCAL | RTLD_LAZY);
+ 
+       if (!udev_handle) {
+          /* libudev.so.1 changed the return types of the two unref functions
--- a/pkgs/development/libraries/mesa/glx_ro_text_segm.patch
+++ b/pkgs/development/libraries/mesa/glx_ro_text_segm.patch
@@ -0,0 +1,25 @@
+diff --git a/configure.ac b/configure.ac
+index 5068913..3d4271e 100644
+--- a/configure.ac
+++ b/configure.ac
+@@ -429,6 +429,20 @@ AC_SUBST([GLESv2_LIB_GLOB])
+ AC_SUBST([VG_LIB_GLOB])
+ AC_SUBST([GLAPI_LIB_GLOB])
+ 
+
+dnl readonly text segment on x86 hardened platforms
+AC_ARG_ENABLE([glx_rts],
+    [AS_HELP_STRING([--enable-glx-rts],
+        [on x86, use a readonly text segment for libGL @<:@default=disabled@:>@])],
+    [enable_glx_rts="$enableval"],
+    [enable_glx_rts=no])
+if test "x$enable_glx_rts" = xyes; then
+    DEFINES="$DEFINES -DGLX_X86_READONLY_TEXT"
+else
+    enable_glx_rts=no
+fi
+
+
+ dnl
+ dnl Arch/platform-specific settings
+ dnl
--- a/pkgs/development/libraries/polkit/default.nix
+++ b/pkgs/development/libraries/polkit/default.nix
@@ -58,6 +58,12 @@ stdenv.mkDerivation rec {

  makeFlags = "INTROSPECTION_GIRDIR=$(out)/share/gir-1.0 INTROSPECTION_TYPELIBDIR=$(out)/lib/girepository-1.0";

+  # The following is required on grsecurity/PaX due to spidermonkey's JIT
+  postBuild = ''
+    paxmark mr src/polkitbackend/.libs/polkitd
+    paxmark mr test/polkitbackend/.libs/polkitbackendjsauthoritytest
+  '';
+
  #doCheck = true; # some /bin/bash problem that isn't auto-solved by patchShebangs

  meta = with stdenv.lib; {
--- a/pkgs/development/libraries/qimageblitz/default.nix
+++ b/pkgs/development/libraries/qimageblitz/default.nix
@@ -7,14 +7,16 @@ in

 stdenv.mkDerivation {
  name = "${pn}-${v}";
-  
+
  src = fetchurl {
    url = "mirror://sourceforge/${pn}/${pn}-${v}.tar.bz2";
    sha256 = "0pnaf3qi7rgkxzs2mssmslb3f9ya4cyx09wzwlis3ppyvf72j0p9";
  };
-  
+
  buildInputs = [ cmake qt4 ];

+  patches = [ ./qimageblitz-9999-exec-stack.patch ];
+
  meta = {
    description = "Graphical effect and filter library for KDE4";
    license = "BSD";
--- a/pkgs/development/libraries/qimageblitz/qimageblitz-9999-exec-stack.patch
+++ b/pkgs/development/libraries/qimageblitz/qimageblitz-9999-exec-stack.patch
@@ -0,0 +1,11 @@
+diff -uar qimageblitz/blitz/asm_scale.S qimageblitz~/blitz/asm_scale.S
+--- qimageblitz-orig/blitz/asm_scale.S	2007-10-17 01:17:57.000000000 +0200
+++ qimageblitz/blitz/asm_scale.S	2007-10-17 01:19:12.000000000 +0200
+@@ -814,3 +814,7 @@
+ SIZE(qimageScale_mmx_AARGBA)
+ 
+ #endif
+#if defined(__linux__) && defined(__ELF__)
+.section .note.GNU-stack,"",%progbits
+#endif
+