Merge branch 'staging'

Main change: glibc: 2.25-x -> 2.26-y, containing security fixes,
and various features and deprecations.  Unfortunately, some of the
latter still cause (transitively) a couple hundred newly failing jobs.
I'm not delaying anymore, so that we have the security fix on master.
I mainly patched gcc, llvm and icu, but I can't fix everything...

pkgs/development/libraries/SDL2/default.nix

@@ -2,6 +2,7 @@
 , openglSupport ? false, mesa_noglu
 , alsaSupport ? true, alsaLib
 , x11Support ? true, libICE, libXi, libXScrnSaver, libXcursor, libXinerama, libXext, libXxf86vm, libXrandr
+, waylandSupport ? true, wayland, wayland-protocols, libxkbcommon
 , dbusSupport ? false, dbus
 , udevSupport ? false, udev
 , ibusSupport ? false, ibus
@@ -17,7 +18,7 @@ assert openglSupport -> (stdenv.isDarwin || mesa_noglu != null && x11Support);
 
 let
   configureFlagsFun = attrs: [
-      "--disable-oss" "--disable-x11-shared"
+      "--disable-oss" "--disable-x11-shared" "--disable-wayland-shared"
       "--disable-pulseaudio-shared" "--disable-alsa-shared"
     ] ++ lib.optional alsaSupport "--with-alsa-prefix=${attrs.alsaLib.out}/lib"
       ++ lib.optional (!x11Support) "--without-x";
@@ -39,6 +40,7 @@ stdenv.mkDerivation rec {
 
   # Since `libpulse*.la' contain `-lgdbm', PulseAudio must be propagated.
   propagatedBuildInputs = lib.optionals x11Support [ libICE libXi libXScrnSaver libXcursor libXinerama libXext libXrandr libXxf86vm ] ++
+    lib.optionals waylandSupport [ wayland wayland-protocols libxkbcommon ] ++
     lib.optional pulseaudioSupport libpulseaudio;
 
   buildInputs = [ audiofile ] ++

pkgs/development/libraries/expat/default.nix

@@ -1,11 +1,11 @@
 { stdenv, fetchpatch, fetchurl }:
 
 stdenv.mkDerivation rec {
-  name = "expat-2.2.4";
+  name = "expat-2.2.5";
 
   src = fetchurl {
     url = "mirror://sourceforge/expat/${name}.tar.bz2";
-    sha256 = "17h1fb9zvqvf0sr78j211bngc6jpql5wzar8fg9b52jzjvdqbb83";
+    sha256 = "1xpd78sp7m34jqrw5x13bz7kgz0n6aj15wn4zj4gfx3ypbpk5p6r";
   };
 
   outputs = [ "out" "dev" ]; # TODO: fix referrers

pkgs/development/libraries/git2/0.25.nix

@@ -0,0 +1,33 @@
+{ stdenv, fetchFromGitHub, cmake, pkgconfig, python
+, zlib, libssh2, openssl, http-parser, curl, libiconv
+}:
+
+stdenv.mkDerivation (rec {
+  version = "0.25.1";
+  name = "libgit2-${version}";
+
+  src = fetchFromGitHub {
+    owner = "libgit2";
+    repo = "libgit2";
+    rev = "v${version}";
+    sha256 = "1jhikg0gqpdzfzhgv44ybdpm24lvgkc7ki4306lc5lvmj1s2nylj";
+  };
+
+  cmakeFlags = "-DTHREADSAFE=ON";
+
+  nativeBuildInputs = [ cmake python pkgconfig ];
+
+  buildInputs = [ zlib libssh2 openssl http-parser curl ];
+
+  enableParallelBuilding = true;
+
+  meta = {
+    description = "The Git linkable library";
+    homepage = https://libgit2.github.com/;
+    license = stdenv.lib.licenses.gpl2;
+    platforms = with stdenv.lib.platforms; all;
+  };
+} // stdenv.lib.optionalAttrs (!stdenv.isLinux) {
+  NIX_LDFLAGS = "-liconv";
+  propagatedBuildInputs = [ libiconv ];
+})

pkgs/development/libraries/git2/default.nix

@@ -1,35 +1,30 @@
-{ stdenv, fetchurl, pkgconfig, cmake, zlib, python, libssh2, openssl, curl, http-parser, libiconv }:
+{ stdenv, fetchFromGitHub, pkgconfig, cmake, zlib, python, libssh2, openssl, curl, http-parser, libiconv }:
 
 stdenv.mkDerivation (rec {
-  version = "0.25.1";
   name = "libgit2-${version}";
+  version = "0.26.0";
+  # keep the version in sync with pythonPackages.pygit2 and gnome3.libgit2-glib
 
-  src = fetchurl {
-    name = "${name}.tar.gz";
-    url = "https://github.com/libgit2/libgit2/tarball/v${version}";
-    sha256 = "100bah8picqjzyhpw4wd7z5vyidcb8aggin50bhbpn607h8n8bml";
+  src = fetchFromGitHub {
+    owner = "libgit2";
+    repo = "libgit2";
+    rev = "v${version}";
+    sha256 = "0zrrmfkfhd2xb4879z5khjb6xsdklrm01f1lscrs2ks68v25fk78";
   };
 
-  # TODO: `cargo` (rust's package manager) surfaced a serious bug in
-  # libgit2 when the `Security.framework` transport is used on Darwin.
-  # The upstream issue is tracked at
-  # https://github.com/libgit2/libgit2/issues/3885 - feel free to
-  # remove this patch as soon as it's resolved (i.E. when cargo is
-  # working fine without this patch)
-  patches = stdenv.lib.optionals stdenv.isDarwin [
-    ./disable-security.framework.patch
-  ];
-
   cmakeFlags = "-DTHREADSAFE=ON";
 
   nativeBuildInputs = [ cmake python pkgconfig ];
+
   buildInputs = [ zlib libssh2 openssl http-parser curl ];
 
-  meta = {
+  enableParallelBuilding = true;
+
+  meta = with stdenv.lib; {
     description = "The Git linkable library";
     homepage = https://libgit2.github.com/;
-    license = stdenv.lib.licenses.gpl2;
-    platforms = with stdenv.lib.platforms; all;
+    license = licenses.gpl2;
+    platforms = with platforms; all;
   };
 } // stdenv.lib.optionalAttrs (!stdenv.isLinux) {
   NIX_LDFLAGS = "-liconv";

pkgs/development/libraries/git2/disable-security.framework.patch

@@ -1,58 +0,0 @@
-From fbc2ea65406236a740b8734dd41dc5ddbc24f8c9 Mon Sep 17 00:00:00 2001
-From: mulrich <mulrich@entwicklerheld.local>
-Date: Mon, 8 Aug 2016 15:36:07 +0200
-Subject: [PATCH] disable security.framework
-
----
- CMakeLists.txt    | 7 +++----
- src/curl_stream.c | 9 ++++++++-
- 2 files changed, 11 insertions(+), 5 deletions(-)
-
-diff --git a/CMakeLists.txt b/CMakeLists.txt
-index 93a9e47..331e148 100644
---- a/CMakeLists.txt
-+++ b/CMakeLists.txt
-@@ -49,7 +49,8 @@ ENDIF()
- 
- IF(${CMAKE_SYSTEM_NAME} MATCHES "Darwin")
- 	SET( USE_ICONV ON )
--	FIND_PACKAGE(Security)
-+	# FIND_PACKAGE(Security)
-+  SET(SECURITY_FOUND "NO")
- 	FIND_PACKAGE(CoreFoundation REQUIRED)
- ENDIF()
- 
-@@ -87,9 +88,7 @@ IF(MSVC)
- 	OPTION(MSVC_CRTDBG "Enable CRTDBG memory leak reporting" OFF)
- ENDIF()
- 
--IF (NOT ${CMAKE_SYSTEM_NAME} MATCHES "Darwin")
--	OPTION( USE_OPENSSL                     "Link with and use openssl library"             ON )
--ENDIF()
-+OPTION( USE_OPENSSL                     "Link with and use openssl library"             ON )
- 
- CHECK_STRUCT_HAS_MEMBER ("struct stat" st_mtim "sys/types.h;sys/stat.h"
- 	HAVE_STRUCT_STAT_ST_MTIM LANGUAGE C)
-diff --git a/src/curl_stream.c b/src/curl_stream.c
-index 98de187..a8a9f4c 100644
---- a/src/curl_stream.c
-+++ b/src/curl_stream.c
-@@ -309,7 +309,14 @@ int git_curl_stream_new(git_stream **out, const char *host, const char *port)
- 	curl_easy_setopt(handle, CURLOPT_HTTPPROXYTUNNEL, 1);
- 	curl_easy_setopt(handle, CURLOPT_PROXYAUTH, CURLAUTH_ANY);
- 
--	/* curl_easy_setopt(handle, CURLOPT_VERBOSE, 1); */
-+  const char* cainfo = getenv("SSL_CERT_FILE");
-+  if(cainfo != NULL) {
-+    curl_easy_setopt(handle, CURLOPT_CAINFO, cainfo);
-+  }
-+
-+  /*
-+	curl_easy_setopt(handle, CURLOPT_VERBOSE, 1);
-+  */
- 
- 	st->parent.version = GIT_STREAM_VERSION;
- 	st->parent.encrypted = 0; /* we don't encrypt ourselves */
--- 
-2.3.8 (Apple Git-58)
-

pkgs/development/libraries/glibc/common.nix

@@ -19,9 +19,9 @@
 } @ args:
 
 let
-  version = "2.25";
-  patchSuffix = "-49";
-  sha256 = "067bd9bb3390e79aa45911537d13c3721f1d9d3769931a30c2681bfee66f23a0";
+  version = "2.26";
+  patchSuffix = "-75";
+  sha256 = "1ggnj1hzjym7sn93rbwydcqd562q73lsb7g7kd199g6j9j9hlkp5";
   cross = if buildPlatform != hostPlatform then hostPlatform else null;
 in
 
@@ -46,7 +46,7 @@ stdenv.mkDerivation ({
           glibc-2.25-49-gbc5ace67fe
           $ git show --reverse glibc-2.25..release/2.25/master | gzip -n -9 --rsyncable - > 2.25-49.patch.gz
       */
-      ./2.25-49.patch.gz
+      ./2.26-75.patch.gz
 
       /* Have rpcgen(1) look for cpp(1) in $PATH.  */
       ./rpcgen-path.patch
@@ -100,15 +100,12 @@ stdenv.mkDerivation ({
       (if profilingLibraries
        then "--enable-profile"
        else "--disable-profile")
-    ] ++ lib.optionals (cross == null && withLinuxHeaders) [
-      "--enable-kernel=2.6.32"
+    ] ++ lib.optionals withLinuxHeaders [
+      "--enable-kernel=3.2.0" # can't get below with glibc >= 2.26
     ] ++ lib.optionals (cross != null) [
       (if cross.withTLS then "--with-tls" else "--without-tls")
       (if cross ? float && cross.float == "soft" then "--without-fp" else "--with-fp")
-    ] ++ lib.optionals (cross != null
-          && cross.platform ? kernelMajor
-          && cross.platform.kernelMajor == "2.6") [
-      "--enable-kernel=2.6.0"
+    ] ++ lib.optionals (cross != null) [
       "--with-__thread"
     ] ++ lib.optionals (cross == null && stdenv.isArm) [
       "--host=arm-linux-gnueabi"

pkgs/development/libraries/icu/base.nix

@@ -25,6 +25,11 @@ stdenv.mkDerivation {
     echo Source root reset to ''${sourceRoot}
   '';
 
+  # https://sourceware.org/glibc/wiki/Release/2.26#Removal_of_.27xlocale.h.27
+  postPatch = if stdenv ? glibc
+    then "substituteInPlace i18n/digitlst.cpp --replace '<xlocale.h>' '<locale.h>'"
+    else null; # won't find locale_t on darwin
+
   inherit patchFlags patches;
 
   preConfigure = ''

pkgs/development/libraries/live555/default.nix

@@ -12,7 +12,12 @@ stdenv.mkDerivation {
     sha256 = "02z2f8z5cy0ajnh9pgar40lsxdknfw5cbyw52138hxnpr6adrvak";
   };
 
-  postPatch = "sed 's,/bin/rm,rm,g' -i genMakefiles";
+  postPatch = "sed 's,/bin/rm,rm,g' -i genMakefiles"
+  + stdenv.lib.optionalString (stdenv ? glibc) ''
+
+    substituteInPlace liveMedia/include/Locale.hh \
+      --replace '<xlocale.h>' '<locale.h>'
+  '';
 
   configurePhase = ''
     sed \

pkgs/development/libraries/ti-rpc/default.nix

@@ -8,6 +8,10 @@ stdenv.mkDerivation rec {
     sha256 = "1xchbxy0xql7yl7z4n1icj8r7dmly46i22fvm00vdjq64zlmqg3j";
   };
 
+  postPatch = ''
+    sed '1i#include <stdint.h>' -i src/xdr_sizeof.c
+  '';
+
   nativeBuildInputs = [ autoreconfHook ];
   propagatedBuildInputs = [ libkrb5 ];
 

pkgs/development/libraries/vigra/default.nix

@@ -24,6 +24,8 @@ in stdenv.mkDerivation rec {
             ++ stdenv.lib.optionals (stdenv.system == "x86_64-linux")
                   [ "-DCMAKE_CXX_FLAGS=-fPIC" "-DCMAKE_C_FLAGS=-fPIC" ];
 
+  enableParallelBuilding = true;
+
   meta = with stdenv.lib; {
     description = "Novel computer vision C++ library with customizable algorithms and data structures";
     homepage = http://hci.iwr.uni-heidelberg.de/vigra;