Merge branch 'staging'

It's only half-rebuilt on Hydra, but it brings a security fix.
2018-06-03 13:52:13 +02:00
parent 318920725a 52fdec3c1d
commit 448d7d648d
19 changed files with 151 additions and 31 deletions
--- a/pkgs/development/libraries/cairo/default.nix
+++ b/pkgs/development/libraries/cairo/default.nix
@@ -10,14 +10,14 @@
 assert glSupport -> libGL != null;

 let
-  version = "1.15.10";
+  version = "1.15.12";
  inherit (stdenv.lib) optional optionals;
 in stdenv.mkDerivation rec {
  name = "cairo-${version}";

  src = fetchurl {
    url = "http://cairographics.org/${if stdenv.lib.mod (builtins.fromJSON (stdenv.lib.versions.minor version)) 2 == 0 then "releases" else "snapshots"}/${name}.tar.xz";
-    sha256 = "14l3jll98pjdlpm8f972v0spzcsf6y5nz85y2k8iybyg6ihj5jk2";
+    sha256 = "1jcl0mnqq6j2xip8p506g2cj54sfycm339rrd3p4g2jljhdhh8vn";
  };

  outputs = [ "out" "dev" "devdoc" ];
--- a/pkgs/development/libraries/fftw/default.nix
+++ b/pkgs/development/libraries/fftw/default.nix
@@ -5,7 +5,7 @@ with lib;
 assert elem precision [ "single" "double" "long-double" "quad-precision" ];

 let
-  version = "3.3.7";
+  version = "3.3.8";
  withDoc = stdenv.cc.isGNU;
 in

@@ -14,7 +14,7 @@ stdenv.mkDerivation rec {

  src = fetchurl {
    url = "ftp://ftp.fftw.org/pub/fftw/fftw-${version}.tar.gz";
-    sha256 = "0wsms8narnbhfsa8chdflv2j9hzspvflblnqdn7hw8x5xdzrnq1v";
+    sha256 = "00z3k8fq561wq2khssqg0kallk0504dzlx989x3vvicjdqpjc4v1";
  };

  outputs = [ "out" "dev" "man" ]
--- a/pkgs/development/libraries/json-glib/default.nix
+++ b/pkgs/development/libraries/json-glib/default.nix
@@ -1,14 +1,15 @@
 { stdenv, fetchurl, fetchpatch, glib, meson, ninja, pkgconfig, gettext
-, gobjectIntrospection, dbus
-, fixDarwinDylibNames
+, gobjectIntrospection, dbus, fixDarwinDylibNames, gnome3
 }:

-stdenv.mkDerivation rec {
-  name = "json-glib-${minVer}.2";
-  minVer = "1.4";
+let
+  pname = "json-glib";
+  version = "1.4.2";
+in stdenv.mkDerivation rec {
+  name = "${pname}-${version}";

  src = fetchurl {
-    url = "mirror://gnome/sources/json-glib/${minVer}/${name}.tar.xz";
+    url = "mirror://gnome/sources/${pname}/${stdenv.lib.versions.majorMinor version}/${name}.tar.xz";
    sha256 = "2d7709a44749c7318599a6829322e081915bdc73f5be5045882ed120bb686dc8";
  };

@@ -28,9 +29,15 @@ stdenv.mkDerivation rec {

  doCheck = true;

+  passthru = {
+    updateScript = gnome3.updateScript {
+      packageName = pname;
+    };
+  };
+
  meta = with stdenv.lib; {
-    homepage = http://live.gnome.org/JsonGlib;
    description = "A library providing (de)serialization support for the JavaScript Object Notation (JSON) format";
+    homepage = https://wiki.gnome.org/Projects/JsonGlib;
    license = licenses.lgpl2;
    maintainers = with maintainers; [ lethalman ];
    platforms = with platforms; unix;
--- a/pkgs/development/libraries/libffi/default.nix
+++ b/pkgs/development/libraries/libffi/default.nix
@@ -49,6 +49,11 @@ stdenv.mkDerivation rec {
    "--enable-pax_emutramp"
  ];

+  preCheck = ''
+    # The tests use -O0 which is not compatible with -D_FORTIFY_SOURCE.
+    NIX_HARDENING_ENABLE=''${NIX_HARDENING_ENABLE/fortify/}
+  '';
+
  inherit doCheck;

  dontStrip = hostPlatform != buildPlatform; # Don't run the native `strip' when cross-compiling.
--- a/pkgs/development/libraries/p11-kit/default.nix
+++ b/pkgs/development/libraries/p11-kit/default.nix
@@ -3,13 +3,13 @@

 stdenv.mkDerivation rec {
  name = "p11-kit-${version}";
-  version = "0.23.10";
+  version = "0.23.12";

  src = fetchFromGitHub {
    owner = "p11-glue";
    repo = "p11-kit";
    rev = version;
-    sha256 = "0n0wqv028flzvnxllqv8i6x9nv705csl7ddzi0fzvppc9fp2yinp";
+    sha256 = "0pb3qlddzbw7dglwnrl7fs9g71vhqk7qzxnb1i4nw633qgy21ga1";
  };

  outputs = [ "out" "dev"];
@@ -31,6 +31,7 @@ stdenv.mkDerivation rec {
  installFlags = [ "exampledir=\${out}/etc/pkcs11" ];

  doInstallCheck = false; # probably a bug in this derivation
+  enableParallelBuilding = true;

  meta = with stdenv.lib; {
    homepage = https://p11-glue.freedesktop.org/;
--- a/pkgs/development/libraries/spice-gtk/default.nix
+++ b/pkgs/development/libraries/spice-gtk/default.nix
@@ -2,7 +2,7 @@
 , openssl, libpulseaudio, pixman, gobjectIntrospection, libjpeg_turbo, zlib
 , cyrus_sasl, python2Packages, autoreconfHook, usbredir, libsoup
 , withPolkit ? true, polkit, acl, usbutils
-, vala, gtk3, epoxy, libdrm }:
+, vala, gtk3, epoxy, libdrm, gst_all_1, phodav }:

 # If this package is built with polkit support (withPolkit=true),
 # usb redirection reqires spice-client-glib-usb-acl-helper to run setuid root.
@@ -46,8 +46,8 @@ in stdenv.mkDerivation rec {
  '';

  buildInputs = [
-    spice-protocol celt_0_5_1 openssl libpulseaudio pixman
-    libjpeg_turbo zlib cyrus_sasl python pygtk usbredir gtk3 epoxy libdrm
+    spice-protocol celt_0_5_1 openssl libpulseaudio gst_all_1.gst-plugins-base pixman
+    libjpeg_turbo zlib cyrus_sasl python pygtk usbredir gtk3 epoxy libdrm phodav
  ] ++ optionals withPolkit [ polkit acl usbutils ] ;

  nativeBuildInputs = [ pkgconfig gettext libsoup autoreconfHook vala gobjectIntrospection ];
--- a/pkgs/development/libraries/sqlite/default.nix
+++ b/pkgs/development/libraries/sqlite/default.nix
@@ -66,6 +66,11 @@ stdenv.mkDerivation rec {
    echo ""
  '';

+  postInstall = ''
+    # Do not contaminate dependent libtool-based projects with sqlite dependencies.
+    sed -i $out/lib/libsqlite3.la -e "s/dependency_libs=.*/dependency_libs='''/"
+  '';
+
  meta = {
    description = "A self-contained, serverless, zero-configuration, transactional SQL database engine";
    downloadPage = http://sqlite.org/download.html;
--- a/pkgs/development/libraries/vsqlite/default.nix
+++ b/pkgs/development/libraries/vsqlite/default.nix
@@ -1,4 +1,4 @@
-{ stdenv, fetchurl, boost, sqlite, zlib }:
+{ stdenv, fetchurl, boost, sqlite }:

 stdenv.mkDerivation rec {
  name = "vsqlite-${version}";
@@ -9,7 +9,7 @@ stdenv.mkDerivation rec {
    sha256 = "17fkj0d2jh0xkjpcayhs1xvbnh1d69f026i7vs1zqnbiwbkpz237";
  };

-  buildInputs = [ boost sqlite zlib ];
+  buildInputs = [ boost sqlite ];

  prePatch = stdenv.lib.optionalString stdenv.isDarwin ''
    substituteInPlace Makefile.in \
--- a/pkgs/development/tools/misc/itstool/default.nix
+++ b/pkgs/development/tools/misc/itstool/default.nix
@@ -2,11 +2,13 @@
 # We need the same Python as is used to build libxml2Python

 stdenv.mkDerivation rec {
-  name = "itstool-2.0.4";
+  # 2.0.3+ breaks the build of gnome3.gnome-desktop
+  # https://github.com/itstool/itstool/issues/17
+  name = "itstool-2.0.2";

  src = fetchurl {
    url = "http://files.itstool.org/itstool/${name}.tar.bz2";
-    sha256 = "0q7b4qrc758zfx3adsgvz0r93swdbxjr42w37rahngm33nshihlp";
+    sha256 = "bf909fb59b11a646681a8534d5700fec99be83bb2c57badf8c1844512227033a";
  };

  buildInputs = [ python2 libxml2Python ];
--- a/pkgs/development/tools/parsing/bison/3.x.nix
+++ b/pkgs/development/tools/parsing/bison/3.x.nix
@@ -1,14 +1,14 @@
 { stdenv, hostPlatform, fetchurl, m4, perl, help2man }:

 stdenv.mkDerivation rec {
-  name = "bison-3.0.4";
+  name = "bison-3.0.5";

  src = fetchurl {
    url = "mirror://gnu/bison/${name}.tar.gz";
-    sha256 = "b67fd2daae7a64b5ba862c66c07c1addb9e6b1b05c5f2049392cfd8a2172952e";
+    sha256 = "0rnml9spd6p0i5qy9g4r82drwdr09r1z9cf4p89agbrkxqmrsffd";
  };

-  patches = stdenv.lib.optional hostPlatform.isDarwin stdenv.secure-format-patch;
+  patches = []; # remove on another rebuild

  nativeBuildInputs = [ m4 perl ] ++ stdenv.lib.optional stdenv.isSunOS help2man;
  propagatedBuildInputs = [ m4 ];