public
/
nixpkgs
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Merge pull request #41192 from oxij/tree/hardening-unformat 

remove some format hardenings
This commit is contained in:
Peter Simons 2018-05-29 11:42:15 +02:00 committed by GitHub
parent 89c20aa46c 29757f3790
commit 5418dfcd5c
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
8 changed files with 23 additions and 8 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
pkgs/development/compilers/ghc/8.0.2.nix
View File

@ -162,6 +162,8 @@ stdenv.mkDerivation rec {
# that in turn causes GHCi to abort # that in turn causes GHCi to abort
stripDebugFlags = [ "-S" ] ++ stdenv.lib.optional (!targetPlatform.isDarwin) "--keep-file-symbols"; stripDebugFlags = [ "-S" ] ++ stdenv.lib.optional (!targetPlatform.isDarwin) "--keep-file-symbols";
hardeningDisable = [ "format" ];
postInstall = '' postInstall = ''
for bin in "$out"/lib/${name}/bin/*; do for bin in "$out"/lib/${name}/bin/*; do
isELF "$bin" || continue isELF "$bin" || continue

2
pkgs/development/compilers/ghc/8.4.2.nix
View File

@ -172,6 +172,8 @@ stdenv.mkDerivation rec {
checkTarget = "test"; checkTarget = "test";
hardeningDisable = [ "format" ];
postInstall = '' postInstall = ''
for bin in "$out"/lib/${name}/bin/*; do for bin in "$out"/lib/${name}/bin/*; do
isELF "$bin" || continue isELF "$bin" || continue

6
pkgs/development/libraries/a52dec/default.nix
View File

@ -8,6 +8,12 @@ stdenv.mkDerivation rec {
sha256 = "0czccp4fcpf2ykp16xcrzdfmnircz1ynhls334q374xknd5747d2"; sha256 = "0czccp4fcpf2ykp16xcrzdfmnircz1ynhls334q374xknd5747d2";
}; };
# fails 1 out of 1 tests with "BAD GLOBAL SYMBOLS" on i686
# which can also be fixed with
# hardeningDisable = stdenv.lib.optional stdenv.isi686 "pic";
# but it's better to disable tests than loose ASLR on i686
doCheck = !stdenv.isi686;
meta = { meta = {
description = "ATSC A/52 stream decoder"; description = "ATSC A/52 stream decoder";
homepage = http://liba52.sourceforge.net/; homepage = http://liba52.sourceforge.net/;

9
pkgs/development/libraries/enchant/default.nix
View File

@ -4,16 +4,17 @@ stdenv.mkDerivation rec {
name = "${pname}-${version}"; name = "${pname}-${version}";
version = "1.6.0"; version = "1.6.0";
pname = "enchant"; pname = "enchant";
src = fetchurl { src = fetchurl {
url = "http://www.abisource.com/downloads/${pname}/${version}/${name}.tar.gz"; url = "http://www.abisource.com/downloads/${pname}/${version}/${name}.tar.gz";
sha256 = "0zq9yw1xzk8k9s6x83n1f9srzcwdavzazn3haln4nhp9wxxrxb1g"; sha256 = "0zq9yw1xzk8k9s6x83n1f9srzcwdavzazn3haln4nhp9wxxrxb1g";
}; };
nativeBuildInputs = [ pkgconfig ]; nativeBuildInputs = [ pkgconfig ];
buildInputs = [aspell glib hunspell hspell]; buildInputs = [ aspell glib hunspell hspell ];
meta = { meta = {
description = "Generic spell checking library";
homepage = http://www.abisource.com/enchant; homepage = http://www.abisource.com/enchant;
platforms = stdenv.lib.platforms.unix; platforms = stdenv.lib.platforms.unix;
}; };

3
pkgs/development/libraries/tinyxml/2.6.2.nix
View File

@ -21,8 +21,11 @@ in stdenv.mkDerivation {
# Use CC, CXX, and LD from environment # Use CC, CXX, and LD from environment
./2.6.2-cxx.patch ./2.6.2-cxx.patch
]; ];
preConfigure = "export LD=${if stdenv.isDarwin then "clang++" else "g++"}"; preConfigure = "export LD=${if stdenv.isDarwin then "clang++" else "g++"}";
hardeningDisable = [ "format" ];
NIX_CFLAGS_COMPILE = NIX_CFLAGS_COMPILE =
stdenv.lib.optional stdenv.isDarwin "-mmacosx-version-min=10.9"; stdenv.lib.optional stdenv.isDarwin "-mmacosx-version-min=10.9";

2
pkgs/os-specific/linux/kernel/perf.nix
View File

@ -31,6 +31,8 @@ stdenv.mkDerivation {
makeFlags = ["prefix=$(out)" "WERROR=0"] ++ kernel.makeFlags; makeFlags = ["prefix=$(out)" "WERROR=0"] ++ kernel.makeFlags;
hardeningDisable = [ "format" ];
# perf refers both to newt and slang # perf refers both to newt and slang
nativeBuildInputs = [ nativeBuildInputs = [
asciidoc xmlto docbook_xsl docbook_xml_dtd_45 libxslt asciidoc xmlto docbook_xsl docbook_xml_dtd_45 libxslt

2
pkgs/top-level/all-packages.nix
View File

@ -9263,7 +9263,7 @@ with pkgs;
qt-gstreamer = callPackage ../development/libraries/gstreamer/legacy/qt-gstreamer {}; qt-gstreamer = callPackage ../development/libraries/gstreamer/legacy/qt-gstreamer {};
qt-gstreamer1 = callPackage ../development/libraries/gstreamer/qt-gstreamer { boost = boost155;}; qt-gstreamer1 = callPackage ../development/libraries/gstreamer/qt-gstreamer { boost = boost155; };
qtstyleplugin-kvantum-qt4 = callPackage ../development/libraries/qtstyleplugin-kvantum-qt4 { }; qtstyleplugin-kvantum-qt4 = callPackage ../development/libraries/qtstyleplugin-kvantum-qt4 { };

5
pkgs/top-level/perl-packages.nix
View File

@ -6462,10 +6462,9 @@ let self = _self // overrides; _self = with self; {
patches = [ ../development/perl-modules/gd-options-passthrough-and-fontconfig.patch ]; patches = [ ../development/perl-modules/gd-options-passthrough-and-fontconfig.patch ];
# otherwise "cc1: error: -Wformat-security ignored without -Wformat [-Werror=format-security]" # otherwise "cc1: error: -Wformat-security ignored without -Wformat [-Werror=format-security]"
NIX_CFLAGS_COMPILE = [ "-Wno-error=format-security" ]; hardeningDisable = [ "format" ];
# tests fail doCheck = false; # fails 1 out of 13 tests
doCheck = false;
makeMakerFlags = "--lib_png_path=${pkgs.libpng.out} --lib_jpeg_path=${pkgs.libjpeg.out} --lib_zlib_path=${pkgs.zlib.out} --lib_ft_path=${pkgs.freetype.out} --lib_fontconfig_path=${pkgs.fontconfig.lib} --lib_xpm_path=${pkgs.xorg.libXpm.out}"; makeMakerFlags = "--lib_png_path=${pkgs.libpng.out} --lib_jpeg_path=${pkgs.libjpeg.out} --lib_zlib_path=${pkgs.zlib.out} --lib_ft_path=${pkgs.freetype.out} --lib_fontconfig_path=${pkgs.fontconfig.lib} --lib_xpm_path=${pkgs.xorg.libXpm.out}";
}; };