diff --git a/pkgs/development/libraries/libtasn1/default.nix b/pkgs/development/libraries/libtasn1/default.nix index ccdc3aba611..cc5b19f7a59 100644 --- a/pkgs/development/libraries/libtasn1/default.nix +++ b/pkgs/development/libraries/libtasn1/default.nix @@ -1,21 +1,13 @@ { stdenv, fetchurl, perl, texinfo }: stdenv.mkDerivation rec { - name = "libtasn1-4.12"; + name = "libtasn1-4.13"; src = fetchurl { url = "mirror://gnu/libtasn1/${name}.tar.gz"; - sha256 = "0ls7jdq3y5fnrwg0pzhq11m21r8pshac2705bczz6mqjc8pdllv7"; + sha256 = "1jlc1iahj8k3haz28j55nzg7sgni5h41vqy461i1bpbx6668wlky"; }; - patches = [ - (fetchurl { - name = "CVE-2017-10790.patch"; - url = "https://git.savannah.gnu.org/gitweb/?p=libtasn1.git;a=patch;h=d8d805e1f2e6799bb2dff4871a8598dc83088a39"; - sha256 = "1v5w0dazp9qc2v7pc8b6g7s4dz5ak10hzrn35hx66q76yzrrzp7i"; - }) - ]; - outputs = [ "out" "dev" "devdoc" ]; outputBin = "dev"; diff --git a/pkgs/development/python-modules/pytz/default.nix b/pkgs/development/python-modules/pytz/default.nix index 96f0ad136a0..65f3d80bdaa 100644 --- a/pkgs/development/python-modules/pytz/default.nix +++ b/pkgs/development/python-modules/pytz/default.nix @@ -2,12 +2,11 @@ buildPythonPackage rec { pname = "pytz"; - version = "2017.3"; + version = "2018.3"; src = fetchPypi { inherit pname version; - extension = "zip"; - sha256 = "fae4cffc040921b8a2d60c6cf0b5d662c1190fe54d718271db4eb17d44a185b7"; + sha256 = "410bcd1d6409026fbaa65d9ed33bf6dd8b1e94a499e32168acfc7b332e4095c0"; }; checkPhase = '' diff --git a/pkgs/os-specific/linux/busybox/sandbox-shell.nix b/pkgs/os-specific/linux/busybox/sandbox-shell.nix new file mode 100644 index 00000000000..1755bd4f3f7 --- /dev/null +++ b/pkgs/os-specific/linux/busybox/sandbox-shell.nix @@ -0,0 +1,26 @@ +{ busybox }: + +# Minimal shell for use as basic /bin/sh in sandbox builds +busybox.override { + useMusl = true; + enableStatic = true; + enableMinimal = true; + extraConfig = '' + CONFIG_FEATURE_FANCY_ECHO y + CONFIG_FEATURE_SH_MATH y + CONFIG_FEATURE_SH_MATH_64 y + + CONFIG_ASH y + CONFIG_ASH_OPTIMIZE_FOR_SIZE y + + CONFIG_ASH_ALIAS y + CONFIG_ASH_BASH_COMPAT y + CONFIG_ASH_CMDCMD y + CONFIG_ASH_ECHO y + CONFIG_ASH_GETOPTS y + CONFIG_ASH_INTERNAL_GLOB y + CONFIG_ASH_JOB_CONTROL y + CONFIG_ASH_PRINTF y + CONFIG_ASH_TEST y + ''; +} diff --git a/pkgs/tools/graphics/graphviz/base.nix b/pkgs/tools/graphics/graphviz/base.nix index 8a46b302dcd..f61c7923d79 100644 --- a/pkgs/tools/graphics/graphviz/base.nix +++ b/pkgs/tools/graphics/graphviz/base.nix @@ -31,7 +31,10 @@ stdenv.mkDerivation rec { CPPFLAGS = stdenv.lib.optionalString (xorg != null && stdenv.isDarwin) "-I${cairo.dev}/include/cairo"; - configureFlags = optional (xorg == null) "--without-x"; + configureFlags = [ + "--with-ltdl-lib=${libtool.lib}/lib" + "--with-ltdl-include=${libtool}/include" + ] ++ stdenv.lib.optional (xorg == null) [ "--without-x" ]; postPatch = '' for f in $(find . -name Makefile.in); do diff --git a/pkgs/tools/package-management/nix/default.nix b/pkgs/tools/package-management/nix/default.nix index 1e53f450964..3f77e47868b 100644 --- a/pkgs/tools/package-management/nix/default.nix +++ b/pkgs/tools/package-management/nix/default.nix @@ -1,7 +1,7 @@ { lib, stdenv, fetchurl, fetchFromGitHub, perl, curl, bzip2, sqlite, openssl ? null, xz , pkgconfig, boehmgc, perlPackages, libsodium, aws-sdk-cpp, brotli , autoreconfHook, autoconf-archive, bison, flex, libxml2, libxslt, docbook5, docbook5_xsl -, libseccomp, busybox +, libseccomp, busybox-sandbox-shell , hostPlatform , storeDir ? "/nix/store" , stateDir ? "/nix/var" @@ -10,29 +10,7 @@ let - sh = busybox.override { - useMusl = true; - enableStatic = true; - enableMinimal = true; - extraConfig = '' - CONFIG_FEATURE_FANCY_ECHO y - CONFIG_FEATURE_SH_MATH y - CONFIG_FEATURE_SH_MATH_64 y - - CONFIG_ASH y - CONFIG_ASH_OPTIMIZE_FOR_SIZE y - - CONFIG_ASH_ALIAS y - CONFIG_ASH_BASH_COMPAT y - CONFIG_ASH_CMDCMD y - CONFIG_ASH_ECHO y - CONFIG_ASH_GETOPTS y - CONFIG_ASH_INTERNAL_GLOB y - CONFIG_ASH_JOB_CONTROL y - CONFIG_ASH_PRINTF y - CONFIG_ASH_TEST y - ''; - }; + sh = busybox-sandbox-shell; common = { name, suffix ? "", src, fromGit ? false }: stdenv.mkDerivation rec { inherit name src; diff --git a/pkgs/tools/security/rhash/darwin.patch b/pkgs/tools/security/rhash/darwin.patch deleted file mode 100644 index 76ad8fe9abd..00000000000 --- a/pkgs/tools/security/rhash/darwin.patch +++ /dev/null @@ -1,38 +0,0 @@ -diff --git a/Makefile b/Makefile -index e40dbc3..e198b93 100644 ---- a/Makefile -+++ b/Makefile -@@ -17,7 +17,7 @@ ALLCFLAGS = -pipe $(CFLAGS) $(ADDCFLAGS) \ - -Wbad-function-cast -Wmissing-prototypes -Wmissing-declarations - LDLIBRHASH = -Llibrhash -lrhash - ALLLDFLAGS = $(LDLIBRHASH) $(LDFLAGS) $(ADDLDFLAGS) --SHAREDLIB = librhash/librhash.so.0 -+SHAREDLIB = librhash/librhash.0.dylib - SHRDLFLAGS = $(LDFLAGS) $(ADDLDFLAGS) - HEADERS = calc_sums.h hash_print.h common_func.h hash_update.h file_mask.h file_set.h find_file.h hash_check.h output.h parse_cmdline.h rhash_main.h win_utils.h version.h - SOURCES = calc_sums.c hash_print.c common_func.c hash_update.c file_mask.c file_set.c find_file.c hash_check.c output.c parse_cmdline.c rhash_main.c win_utils.c -diff --git a/librhash/Makefile b/librhash/Makefile -index 2f9bcc9..0c5aaad 100644 ---- a/librhash/Makefile -+++ b/librhash/Makefile -@@ -28,8 +28,8 @@ PREFIX = /usr/local - INCDIR = $(PREFIX)/include - LIBDIR = $(PREFIX)/lib - LIBRARY = librhash.a --SONAME = librhash.so.0 --SOLINK = librhash.so -+SONAME = librhash.0.dylib -+SOLINK = librhash.dylib - TEST_TARGET = test_hashes - TEST_SHARED = test_shared - # Set variables according to GNU coding standard -@@ -182,8 +182,7 @@ test-dll: $(DLLNAME) test_hashes.o - - # shared and static libraries - $(SONAME): $(SOURCES) -- sed -n '1s/.*/{ global:/p; s/^RHASH_API.* \([a-z0-9_]\+\)(.*/ \1;/p; $$s/.*/local: *; };/p' $(SO_HEADERS) > exports.sym -- $(CC) -fpic $(ALLCFLAGS) -shared $(SOURCES) -Wl,--version-script,exports.sym,-soname,$(SONAME) $(LIBLDFLAGS) -o $@ -+ $(CC) -fpic $(ALLCFLAGS) -dynamiclib $(SOURCES) $(LIBLDFLAGS) -Wl,-install_name,$(PREFIX)/lib/$@ -o $@ - ln -s $(SONAME) $(SOLINK) - # use 'nm -Cg --defined-only $@' to view exported symbols - diff --git a/pkgs/tools/security/rhash/default.nix b/pkgs/tools/security/rhash/default.nix index 68c3edc4cd2..485b34cff88 100644 --- a/pkgs/tools/security/rhash/default.nix +++ b/pkgs/tools/security/rhash/default.nix @@ -1,32 +1,23 @@ -{ stdenv, fetchurl }: +{ stdenv, fetchFromGitHub, which }: stdenv.mkDerivation rec { - version = "1.3.3"; + version = "2018-02-05"; name = "rhash-${version}"; - src = fetchurl { - url = "mirror://sourceforge/rhash/${name}-src.tar.gz"; - sha1 = "0981bdc98ba7ef923b1a6cd7fd8bb0374cff632e"; - sha256 = "0nii6p4m2x8rkaf8r6smgfwb1q4hpf117kkg64yr6gyqgdchnljv"; + src = fetchFromGitHub { + owner = "rhash"; + repo = "RHash"; + rev = "cc26d54ff5df0f692907a5e3132a5eeca559ed61"; + sha256 = "1ldagp931lmxxpyvsb9rrar4iqwmv94m6lfjzkbkshpmk3p5ng7h"; }; - patches = stdenv.lib.optional stdenv.isDarwin ./darwin.patch; + nativeBuildInputs = [ which ]; - installFlags = [ "DESTDIR=$(out)" "PREFIX=/" ]; + # configure script is not autotools-based, doesn't support these options + configurePlatforms = [ ]; - # we build the static library because of two makefile bugs - # * .h files installed for static library target only - # * .so.0 -> .so link only created in the static library install target - buildPhase = '' - make lib-shared lib-static build-shared CC=$CC AR=$AR PREFIX=$out - ''; - - # we don't actually want the static library, so we remove it after it - # gets installed - installPhase = '' - make DESTDIR="$out" PREFIX="/" install-shared install-lib-shared install-lib-static - rm $out/lib/librhash.a - ''; + installTargets = [ "install" "install-lib-shared" "install-lib-so-link" ]; + postInstall = "make -C librhash install-headers"; meta = with stdenv.lib; { homepage = http://rhash.anz.ru; diff --git a/pkgs/top-level/all-packages.nix b/pkgs/top-level/all-packages.nix index 6eea7d6d0db..b60cb970e64 100644 --- a/pkgs/top-level/all-packages.nix +++ b/pkgs/top-level/all-packages.nix @@ -12638,6 +12638,7 @@ with pkgs; bridge-utils = callPackage ../os-specific/linux/bridge-utils { }; busybox = callPackage ../os-specific/linux/busybox { }; + busybox-sandbox-shell = callPackage ../os-specific/linux/busybox/sandbox-shell.nix { }; cachefilesd = callPackage ../os-specific/linux/cachefilesd { };