From 725de314efc0f0fa118e69d1c05295b107a31353 Mon Sep 17 00:00:00 2001 From: Jan Malakhovski Date: Tue, 17 Apr 2018 08:26:39 +0000 Subject: [PATCH 1/7] tree-wide: random cleanups --- pkgs/development/libraries/enchant/default.nix | 9 +++++---- pkgs/top-level/all-packages.nix | 2 +- 2 files changed, 6 insertions(+), 5 deletions(-) diff --git a/pkgs/development/libraries/enchant/default.nix b/pkgs/development/libraries/enchant/default.nix index 7363a023935..c51475ecc2a 100644 --- a/pkgs/development/libraries/enchant/default.nix +++ b/pkgs/development/libraries/enchant/default.nix @@ -4,16 +4,17 @@ stdenv.mkDerivation rec { name = "${pname}-${version}"; version = "1.6.0"; pname = "enchant"; - + src = fetchurl { url = "http://www.abisource.com/downloads/${pname}/${version}/${name}.tar.gz"; sha256 = "0zq9yw1xzk8k9s6x83n1f9srzcwdavzazn3haln4nhp9wxxrxb1g"; }; - + nativeBuildInputs = [ pkgconfig ]; - buildInputs = [aspell glib hunspell hspell]; - + buildInputs = [ aspell glib hunspell hspell ]; + meta = { + description = "Generic spell checking library"; homepage = http://www.abisource.com/enchant; platforms = stdenv.lib.platforms.unix; }; diff --git a/pkgs/top-level/all-packages.nix b/pkgs/top-level/all-packages.nix index 34ecad0c1d1..bc3dde1d1d6 100644 --- a/pkgs/top-level/all-packages.nix +++ b/pkgs/top-level/all-packages.nix @@ -9263,7 +9263,7 @@ with pkgs; qt-gstreamer = callPackage ../development/libraries/gstreamer/legacy/qt-gstreamer {}; - qt-gstreamer1 = callPackage ../development/libraries/gstreamer/qt-gstreamer { boost = boost155;}; + qt-gstreamer1 = callPackage ../development/libraries/gstreamer/qt-gstreamer { boost = boost155; }; qtstyleplugin-kvantum-qt4 = callPackage ../development/libraries/qtstyleplugin-kvantum-qt4 { }; From 3d53d140703c1b4f65be9b69a93f90affc9d2279 Mon Sep 17 00:00:00 2001 From: Jan Malakhovski Date: Sun, 13 May 2018 01:08:06 +0000 Subject: [PATCH 2/7] tinyxml: disable format hardening, else tests will fail --- pkgs/development/libraries/tinyxml/2.6.2.nix | 3 +++ 1 file changed, 3 insertions(+) diff --git a/pkgs/development/libraries/tinyxml/2.6.2.nix b/pkgs/development/libraries/tinyxml/2.6.2.nix index cc374345c2e..2ec9c57e241 100644 --- a/pkgs/development/libraries/tinyxml/2.6.2.nix +++ b/pkgs/development/libraries/tinyxml/2.6.2.nix @@ -21,8 +21,11 @@ in stdenv.mkDerivation { # Use CC, CXX, and LD from environment ./2.6.2-cxx.patch ]; + preConfigure = "export LD=${if stdenv.isDarwin then "clang++" else "g++"}"; + hardeningDisable = [ "format" ]; + NIX_CFLAGS_COMPILE = stdenv.lib.optional stdenv.isDarwin "-mmacosx-version-min=10.9"; From edc59b47150bcf61fffe21ee16791ff34e6cb734 Mon Sep 17 00:00:00 2001 From: Jan Malakhovski Date: Sun, 13 May 2018 01:08:35 +0000 Subject: [PATCH 3/7] linuxPackages.perf: disable format hardening, else tests will fail --- pkgs/os-specific/linux/kernel/perf.nix | 2 ++ 1 file changed, 2 insertions(+) diff --git a/pkgs/os-specific/linux/kernel/perf.nix b/pkgs/os-specific/linux/kernel/perf.nix index bbef2bd19ae..c58851bb03e 100644 --- a/pkgs/os-specific/linux/kernel/perf.nix +++ b/pkgs/os-specific/linux/kernel/perf.nix @@ -31,6 +31,8 @@ stdenv.mkDerivation { makeFlags = ["prefix=$(out)" "WERROR=0"] ++ kernel.makeFlags; + hardeningDisable = [ "format" ]; + # perf refers both to newt and slang nativeBuildInputs = [ asciidoc xmlto docbook_xsl docbook_xml_dtd_45 libxslt From 430da809af2e3d5f5cc59f202f4b6e5c66d571f1 Mon Sep 17 00:00:00 2001 From: Jan Malakhovski Date: Sun, 13 May 2018 01:10:57 +0000 Subject: [PATCH 4/7] perlPackages.GD: disable format hardening to fix some tests One test still fails :( --- pkgs/top-level/perl-packages.nix | 5 ++--- 1 file changed, 2 insertions(+), 3 deletions(-) diff --git a/pkgs/top-level/perl-packages.nix b/pkgs/top-level/perl-packages.nix index 41a3e709862..b89b8403dd2 100644 --- a/pkgs/top-level/perl-packages.nix +++ b/pkgs/top-level/perl-packages.nix @@ -6462,10 +6462,9 @@ let self = _self // overrides; _self = with self; { patches = [ ../development/perl-modules/gd-options-passthrough-and-fontconfig.patch ]; # otherwise "cc1: error: -Wformat-security ignored without -Wformat [-Werror=format-security]" - NIX_CFLAGS_COMPILE = [ "-Wno-error=format-security" ]; + hardeningDisable = [ "format" ]; - # tests fail - doCheck = false; + doCheck = false; # fails 1 out of 13 tests makeMakerFlags = "--lib_png_path=${pkgs.libpng.out} --lib_jpeg_path=${pkgs.libjpeg.out} --lib_zlib_path=${pkgs.zlib.out} --lib_ft_path=${pkgs.freetype.out} --lib_fontconfig_path=${pkgs.fontconfig.lib} --lib_xpm_path=${pkgs.xorg.libXpm.out}"; }; From e102dc716d6b6a08779a2aac4d1137152b0d4a25 Mon Sep 17 00:00:00 2001 From: SLNOS Date: Tue, 15 May 2018 00:00:00 +0000 Subject: [PATCH 5/7] a52dec: disable tests on i686 before squashing was: "disable pic hardening on i686, else tests will fail" --- pkgs/development/libraries/a52dec/default.nix | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/pkgs/development/libraries/a52dec/default.nix b/pkgs/development/libraries/a52dec/default.nix index 0bfe3a88e9f..183400c7786 100644 --- a/pkgs/development/libraries/a52dec/default.nix +++ b/pkgs/development/libraries/a52dec/default.nix @@ -8,6 +8,12 @@ stdenv.mkDerivation rec { sha256 = "0czccp4fcpf2ykp16xcrzdfmnircz1ynhls334q374xknd5747d2"; }; + # fails 1 out of 1 tests with "BAD GLOBAL SYMBOLS" on i686 + # which can also be fixed with + # hardeningDisable = stdenv.lib.optional stdenv.isi686 "pic"; + # but it's better to disable tests than loose ASLR on i686 + doCheck = !stdenv.isi686; + meta = { description = "ATSC A/52 stream decoder"; homepage = http://liba52.sourceforge.net/; From ee5660e7f61338462e1f8a8684a6df77431a54d1 Mon Sep 17 00:00:00 2001 From: Jan Malakhovski Date: Sun, 13 May 2018 01:02:23 +0000 Subject: [PATCH 6/7] haskell.compiler.ghc802: disable format hardening, else tests will fail --- pkgs/development/compilers/ghc/8.0.2.nix | 2 ++ 1 file changed, 2 insertions(+) diff --git a/pkgs/development/compilers/ghc/8.0.2.nix b/pkgs/development/compilers/ghc/8.0.2.nix index 63e3899671d..4aa9f3fc81c 100644 --- a/pkgs/development/compilers/ghc/8.0.2.nix +++ b/pkgs/development/compilers/ghc/8.0.2.nix @@ -162,6 +162,8 @@ stdenv.mkDerivation rec { # that in turn causes GHCi to abort stripDebugFlags = [ "-S" ] ++ stdenv.lib.optional (!targetPlatform.isDarwin) "--keep-file-symbols"; + hardeningDisable = [ "format" ]; + postInstall = '' for bin in "$out"/lib/${name}/bin/*; do isELF "$bin" || continue From 29757f379025a507f45a4cda12fc882b730d8053 Mon Sep 17 00:00:00 2001 From: Jan Malakhovski Date: Tue, 29 May 2018 07:34:59 +0000 Subject: [PATCH 7/7] haskell.compiler.ghc842: disable format hardening --- pkgs/development/compilers/ghc/8.4.2.nix | 2 ++ 1 file changed, 2 insertions(+) diff --git a/pkgs/development/compilers/ghc/8.4.2.nix b/pkgs/development/compilers/ghc/8.4.2.nix index aa78480e332..a2c1a751bc3 100644 --- a/pkgs/development/compilers/ghc/8.4.2.nix +++ b/pkgs/development/compilers/ghc/8.4.2.nix @@ -172,6 +172,8 @@ stdenv.mkDerivation rec { checkTarget = "test"; + hardeningDisable = [ "format" ]; + postInstall = '' for bin in "$out"/lib/${name}/bin/*; do isELF "$bin" || continue