public/nixpkgs
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Merge commit '2d464f75ed46869b5942c4b479772a0367b30608' into master.upstream

Browse Source 
This is a partial commit from staging in an attempt to make merges
smaller.
This commit is contained in:
William A. Kennington III
2015-09-23 14:35:23 -07:00
parent 0d0be13878 2d464f75ed
commit 5cfe893cc4
32 changed files with 3689 additions and 257 deletions
Download Patch File Download Diff File Expand all files Collapse all files

15
pkgs/tools/archivers/cpio/darwin-fix.patch
View File

@@ -1,15 +0,0 @@
Fix Darwin builds.
From <http://git.savannah.gnu.org/cgit/cpio.git/commit/?id=3a7a1820d4cecbd77c7b74c785af5942510bf080>.
See also <http://lists.gnu.org/archive/html/bug-cpio/2010-07/msg00001.html>.
diff --git a/src/filetypes.h b/src/filetypes.h
index f80faab..81f0c32 100644
--- a/src/filetypes.h
+++ b/src/filetypes.h
@@ -81,5 +81,3 @@
#ifndef S_ISLNK
#define lstat stat
#endif
-int lstat ();
-int stat ();

34
pkgs/tools/archivers/cpio/default.nix
View File

@@ -1,36 +1,32 @@
{ stdenv, fetchurl, fetchpatch }:
stdenv.mkDerivation {
name = "cpio-2.11";
let
version = "2.12";
name = "cpio-${version}";
in stdenv.mkDerivation {
inherit name;
src = fetchurl {
url = mirror://gnu/cpio/cpio-2.11.tar.bz2;
sha256 = "bb820bfd96e74fc6ce43104f06fe733178517e7f5d1cdee553773e8eff7d5bbd";
url = "mirror://gnu/cpio/${name}.tar.bz2";
sha256 = "0vi9q475h1rki53100zml75vxsykzyhrn70hidy41s5c2rc8r6bh";
};
patches = [
./no-gets.patch
(fetchpatch {
name = "CVE-2014-9112.diff";
url = "http://pkgs.fedoraproject.org/cgit/cpio.git/plain/cpio-2.11"
+ "-CVE-2014-9112.patch?h=f21&id=b475b4d6f31c95e073edc95c742a33a39ef4ec95";
sha256 = "0c9yrysvpwbmiq7ph84dk6mv46hddiyvkgya1zsmj76n9ypb1b4i";
name = "CVE-2015-1197-cpio-2.12.patch";
url = "https://gist.github.com/nckx/70b0bfa80ddfb86c2967/"
+ "raw/e9b40d4d4b701f584f826775b75beb10751dc884/"
+ "CVE-2015-1197-cpio-2.12.patch";
sha256 = "0ph43m4lavwkc4gnl5h9p3da4kb1pnhwk5l2qsky70dqri8pcr8v";
})
] ++ stdenv.lib.optional stdenv.isDarwin ./darwin-fix.patch;
postPatch = let pp =
fetchpatch {
name = "CVE-2015-1197.diff";
url = "https://marc.info/?l=oss-security&m=142289947619786&w=2";
sha256 = "0fr95bj416zfljv40fl1sh50059d18wdmfgaq8ad2fqi5cnbk859";
};
# one "<" and one "&" sign get mangled in the patch
in "cat ${pp} | sed 's/&lt;/</;s/&amp;/\\&/' | patch -p1";
];
preConfigure = if stdenv.isCygwin then ''
sed -i gnu/fpending.h -e 's,include <stdio_ext.h>,,'
'' else null;
enableParallelBuilding = true;
meta = {
homepage = http://www.gnu.org/software/cpio/;
description = "A program to create or extract from cpio archives";

24
pkgs/tools/archivers/cpio/no-gets.patch
View File

@@ -1,24 +0,0 @@
https://bugs.gentoo.org/424974
hack until gzip pulls a newer gnulib version
From 66712c23388e93e5c518ebc8515140fa0c807348 Mon Sep 17 00:00:00 2001
From: Eric Blake <eblake@redhat.com>
Date: Thu, 29 Mar 2012 13:30:41 -0600
Subject: [PATCH] stdio: don't assume gets any more
Gnulib intentionally does not have a gets module, and now that C11
and glibc have dropped it, we should be more proactive about warning
any user on a platform that still has a declaration of this dangerous
interface.
--- a/gnu/stdio.in.h
+++ b/gnu/stdio.in.h
@@ -125,7 +125,6 @@
so any use of gets warrants an unconditional warning. Assume it is
always declared, since it is required by C89. */
#undef gets
-_GL_WARN_ON_USE (gets, "gets is a security hole - use fgets instead");
#if @GNULIB_FOPEN@
# if @REPLACE_FOPEN@