From 17753fa005feafbcc798996989909ba563153034 Mon Sep 17 00:00:00 2001 From: Linus Heckemann Date: Wed, 9 Aug 2017 17:33:02 +0100 Subject: [PATCH 01/13] stdenv: fix typo in setup.sh --- pkgs/stdenv/generic/setup.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/pkgs/stdenv/generic/setup.sh b/pkgs/stdenv/generic/setup.sh index 81ed1c635e1..b6bca3e1f56 100644 --- a/pkgs/stdenv/generic/setup.sh +++ b/pkgs/stdenv/generic/setup.sh @@ -750,7 +750,7 @@ configurePhase() { buildPhase() { runHook preBuild - if [[ -z "$makeFlags" && ! ( -n "$makefile" || -e Makefile || -e makefile || -e GNUmakefile[[ ) ]]; then + if [[ -z "$makeFlags" && ! ( -n "$makefile" || -e Makefile || -e makefile || -e GNUmakefile ) ]]; then echo "no Makefile, doing nothing" else # See https://github.com/NixOS/nixpkgs/pull/1354#issuecomment-31260409 From bf8c1251708f013ecbcf3a1c6770a175e9161170 Mon Sep 17 00:00:00 2001 From: Daiderd Jordan Date: Wed, 9 Aug 2017 23:00:56 +0200 Subject: [PATCH 02/13] cc-wrapper: fix LD_DYLD_PATH on darwin Having multiple compilers in the build environment would result in an invalid LD_DYLD_PATH like /usr/lib/dyld/usr/lib/dyld. Since the path is hardcoded in XNU it can't be anything but /usr/lib/dyld anyway. --- pkgs/build-support/cc-wrapper/default.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/pkgs/build-support/cc-wrapper/default.nix b/pkgs/build-support/cc-wrapper/default.nix index 01d1bbd7a5d..905135e7adc 100644 --- a/pkgs/build-support/cc-wrapper/default.nix +++ b/pkgs/build-support/cc-wrapper/default.nix @@ -150,7 +150,7 @@ stdenv.mkDerivation { echo $dynamicLinker > $out/nix-support/dynamic-linker '' + (if targetPlatform.isDarwin then '' - printf "export LD_DYLD_PATH+=%q\n" "$dynamicLinker" >> $out/nix-support/setup-hook + printf "export LD_DYLD_PATH=%q\n" "$dynamicLinker" >> $out/nix-support/setup-hook '' else '' if [ -e ${libc_lib}/lib/32/ld-linux.so.2 ]; then echo ${libc_lib}/lib/32/ld-linux.so.2 > $out/nix-support/dynamic-linker-m32 From cc5480cb0025d8552b5ddb0bf6297d459f5a84d7 Mon Sep 17 00:00:00 2001 From: Robin Gloster Date: Thu, 10 Aug 2017 00:43:26 +0200 Subject: [PATCH 03/13] csmith: fix wrapProgram call --- pkgs/development/tools/misc/csmith/default.nix | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/pkgs/development/tools/misc/csmith/default.nix b/pkgs/development/tools/misc/csmith/default.nix index 38772a4dd89..9a8c24fa168 100644 --- a/pkgs/development/tools/misc/csmith/default.nix +++ b/pkgs/development/tools/misc/csmith/default.nix @@ -22,7 +22,8 @@ stdenv.mkDerivation rec { --replace '../compiler_test.pl' $out/bin/compiler_test.pl \ --replace '../$CONFIG_FILE' '$CONFIG_FILE' - wrapProgram $out/bin/launchn.pl --prefix PERL5LIB : "$PERL5LIB" $out/bin/launchn.pl + wrapProgram $out/bin/launchn.pl \ + --prefix PERL5LIB : "$PERL5LIB" mkdir -p $out/share/csmith mv $out/bin/compiler_test.in $out/share/csmith/ From b4d2b841d984a3e692d9a911870f00fa167900d9 Mon Sep 17 00:00:00 2001 From: Robin Gloster Date: Thu, 10 Aug 2017 01:26:30 +0200 Subject: [PATCH 04/13] libreoffice: remove obsolete file from wrapping --- pkgs/applications/office/libreoffice/still.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/pkgs/applications/office/libreoffice/still.nix b/pkgs/applications/office/libreoffice/still.nix index 7c122c0725a..7f564379c66 100644 --- a/pkgs/applications/office/libreoffice/still.nix +++ b/pkgs/applications/office/libreoffice/still.nix @@ -163,7 +163,7 @@ in stdenv.mkDerivation rec { mkdir -p "$out/share/gsettings-schemas/collected-for-libreoffice/glib-2.0/schemas/" - for a in sbase scalc sdraw smath swriter spadmin simpress soffice; do + for a in sbase scalc sdraw smath swriter simpress soffice; do ln -s $out/lib/libreoffice/program/$a $out/bin/$a wrapProgram "$out/bin/$a" \ --prefix XDG_DATA_DIRS : \ From 5f6fe648230d0e2997ec7ec627b76349ca1d0788 Mon Sep 17 00:00:00 2001 From: Robin Gloster Date: Thu, 10 Aug 2017 03:35:55 +0200 Subject: [PATCH 05/13] audio-recorder: fix makeWrapper call --- pkgs/applications/audio/audio-recorder/default.nix | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/pkgs/applications/audio/audio-recorder/default.nix b/pkgs/applications/audio/audio-recorder/default.nix index 283d4c7d493..c482e44e7aa 100644 --- a/pkgs/applications/audio/audio-recorder/default.nix +++ b/pkgs/applications/audio/audio-recorder/default.nix @@ -34,9 +34,9 @@ stdenv.mkDerivation rec { ''; preFixup = '' - gappsWrapperArgs+=('--prefix XDG_DATA_DIRS : "$out/share:$XDG_ICON_DIRS:$GSETTINGS_SCHEMAS_PATH"' - '--prefix GST_PLUGIN_SYSTEM_PATH_1_0 : "$GST_PLUGIN_SYSTEM_PATH_1_0"' - '--prefix GIO_EXTRA_MODULES : "${stdenv.lib.getLib gnome3.dconf}/lib/gio/modules"') + gappsWrapperArgs+=(--prefix XDG_DATA_DIRS : $out/share:$XDG_ICON_DIRS:$GSETTINGS_SCHEMAS_PATH + --prefix GST_PLUGIN_SYSTEM_PATH_1_0 : $GST_PLUGIN_SYSTEM_PATH_1_0 + --prefix GIO_EXTRA_MODULES : ${stdenv.lib.getLib gnome3.dconf}/lib/gio/modules) ''; meta = with stdenv.lib; { From ffd46e9bce2d4e10ddfa57ec5f517e8bee99efdc Mon Sep 17 00:00:00 2001 From: Robin Gloster Date: Thu, 10 Aug 2017 03:36:10 +0200 Subject: [PATCH 06/13] gnuradio: fix makeWrapper calls --- pkgs/applications/misc/gnuradio/default.nix | 2 +- pkgs/applications/misc/gnuradio/wrapper.nix | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/pkgs/applications/misc/gnuradio/default.nix b/pkgs/applications/misc/gnuradio/default.nix index 8218285c5fb..e10cb30d187 100644 --- a/pkgs/applications/misc/gnuradio/default.nix +++ b/pkgs/applications/misc/gnuradio/default.nix @@ -53,7 +53,7 @@ stdenv.mkDerivation rec { postInstall = '' printf "backend : Qt4Agg\n" > "$out/share/gnuradio/matplotlibrc" - for file in "$out"/bin/* "$out"/share/gnuradio/examples/*/*.py; do + for file in $(find $out/bin $out/share/gnuradio/examples -type f -executable); do wrapProgram "$file" \ --prefix PYTHONPATH : $PYTHONPATH:$(toPythonPath "$out") \ --set MATPLOTLIBRC "$out/share/gnuradio" diff --git a/pkgs/applications/misc/gnuradio/wrapper.nix b/pkgs/applications/misc/gnuradio/wrapper.nix index cc8dbde273b..db2b453913f 100644 --- a/pkgs/applications/misc/gnuradio/wrapper.nix +++ b/pkgs/applications/misc/gnuradio/wrapper.nix @@ -11,10 +11,10 @@ stdenv.mkDerivation { mkdir -p $out/bin ln -s "${gnuradio}"/bin/* $out/bin/ - for file in "$out"/bin/*; do + for file in $(find $out/bin -type f -executable); do wrapProgram "$file" \ --prefix PYTHONPATH : ${stdenv.lib.concatStringsSep ":" - (map (path: "$(toPythonPath ${path})") extraPackages)} \ + (map (path: "$(toPythonPath ${path})") extraPackages)} \ --prefix GRC_BLOCKS_PATH : ${makeSearchPath "share/gnuradio/grc/blocks" extraPackages} done From 60418e9196e7b8941cc2234db00194d614d38aae Mon Sep 17 00:00:00 2001 From: Robin Gloster Date: Thu, 10 Aug 2017 03:43:04 +0200 Subject: [PATCH 07/13] edac-utils: fix makeWrapper call --- pkgs/os-specific/linux/edac-utils/default.nix | 4 +--- 1 file changed, 1 insertion(+), 3 deletions(-) diff --git a/pkgs/os-specific/linux/edac-utils/default.nix b/pkgs/os-specific/linux/edac-utils/default.nix index b24099f9599..13c1218e90c 100644 --- a/pkgs/os-specific/linux/edac-utils/default.nix +++ b/pkgs/os-specific/linux/edac-utils/default.nix @@ -25,9 +25,7 @@ stdenv.mkDerivation { postInstall = '' wrapProgram "$out/sbin/edac-ctl" \ - --set PATH : "" \ - --prefix PATH : "${dmidecode}/bin" \ - --prefix PATH : "${kmod}/bin" + --set PATH ${stdenv.lib.makeBinPath [ dmidecode kmod ]} ''; meta = with stdenv.lib; { From 206a4c9aba6772f01d175e72636d1283dc038cc0 Mon Sep 17 00:00:00 2001 From: Robin Gloster Date: Thu, 10 Aug 2017 12:55:46 +0200 Subject: [PATCH 08/13] Partly revert "python.buildEnv: only wrap executables" This partly reverts commit 4495bfe1382ea779f02996d0e18d25d892678e8c. The xen changes should not have been commited. --- pkgs/applications/virtualization/xen/packages.nix | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/pkgs/applications/virtualization/xen/packages.nix b/pkgs/applications/virtualization/xen/packages.nix index f4bde18f3df..8f5262acb02 100644 --- a/pkgs/applications/virtualization/xen/packages.nix +++ b/pkgs/applications/virtualization/xen/packages.nix @@ -10,6 +10,8 @@ rec { xen_4_5-vanilla = callPackage ./4.5.nix { # At the very least included seabios and etherboot need gcc49, # so we have to build all of it with gcc49. + stdenv = overrideCC stdenv gcc49; + meta = { description = "vanilla"; longDescription = '' @@ -58,6 +60,8 @@ rec { xen_4_8-vanilla = callPackage ./4.8.nix { # At the very least included seabios and etherboot need gcc49, # so we have to build all of it with gcc49. + stdenv = overrideCC stdenv gcc49; + meta = { description = "vanilla"; longDescription = '' From f60fffe6976e1eb4bf55076808d6825a2bdca541 Mon Sep 17 00:00:00 2001 From: Robin Gloster Date: Thu, 10 Aug 2017 15:15:22 +0200 Subject: [PATCH 09/13] sawfish: fix wrapProgram call --- pkgs/applications/window-managers/sawfish/default.nix | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/pkgs/applications/window-managers/sawfish/default.nix b/pkgs/applications/window-managers/sawfish/default.nix index 0f362e02ebf..37596f5f212 100644 --- a/pkgs/applications/window-managers/sawfish/default.nix +++ b/pkgs/applications/window-managers/sawfish/default.nix @@ -32,8 +32,8 @@ stdenv.mkDerivation rec { postInstall = '' for i in $out/lib/sawfish/sawfish-menu $out/bin/sawfish-about $out/bin/sawfish-client $out/bin/sawfish-config $out/bin/sawfish; do wrapProgram $i \ - --prefix REP_DL_LOAD_PATH "$out/lib/rep" \ - --set REP_LOAD_PATH "$out/share/sawfish/lisp" + --prefix REP_DL_LOAD_PATH : "$out/lib/rep" \ + --set REP_LOAD_PATH "$out/share/sawfish/lisp" done ''; From c438fe5a16a16cd8068077df605b377beab786f5 Mon Sep 17 00:00:00 2001 From: Robin Gloster Date: Thu, 10 Aug 2017 15:15:44 +0200 Subject: [PATCH 10/13] system-config-printer: fix wrapProgram call --- pkgs/tools/misc/system-config-printer/default.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/pkgs/tools/misc/system-config-printer/default.nix b/pkgs/tools/misc/system-config-printer/default.nix index 04aa838270c..fbef31fb546 100644 --- a/pkgs/tools/misc/system-config-printer/default.nix +++ b/pkgs/tools/misc/system-config-printer/default.nix @@ -43,7 +43,7 @@ stdenv.mkDerivation rec { '' buildPythonPath "$out $pythonPath" gappsWrapperArgs+=( - --prefix PATH "$program_PATH" + --prefix PATH : "$program_PATH" --set CUPS_DATADIR "${cups-filters}/share/cups" ) From c3e8d491ff3dc966c40a7f56485dd589bef71c30 Mon Sep 17 00:00:00 2001 From: Robin Gloster Date: Thu, 10 Aug 2017 15:49:56 +0200 Subject: [PATCH 11/13] clerk: fix wrapProgram call --- pkgs/applications/audio/clerk/default.nix | 6 ++---- 1 file changed, 2 insertions(+), 4 deletions(-) diff --git a/pkgs/applications/audio/clerk/default.nix b/pkgs/applications/audio/clerk/default.nix index babbcc51e40..4da2228c6c1 100644 --- a/pkgs/applications/audio/clerk/default.nix +++ b/pkgs/applications/audio/clerk/default.nix @@ -13,13 +13,11 @@ stdenv.mkDerivation { buildInputs = [ makeWrapper pythonPackages.mpd2 ]; - buildPhase = '' - echo skipping build phase... - ''; + dontBuild = true; installPhase = '' DESTDIR=$out PREFIX=/ make install - wrapProgram $out/bin/clerk $out/bin/clerk \ + wrapProgram $out/bin/clerk \ --prefix PATH : "${stdenv.lib.makeBinPath [ rofi mpc_cli perl utillinux libnotify ]}" ''; From b44bed5568c7980276f4faaec5367d65aeb0a5e1 Mon Sep 17 00:00:00 2001 From: Franz Pletz Date: Thu, 10 Aug 2017 02:04:02 +0200 Subject: [PATCH 12/13] curl: 7.54.1 -> 7.55.0 Fixes #28073. Fixes CVE-2017-1000101, CVE-2017-1000100, CVE-2017-1000099. --- pkgs/tools/networking/curl/default.nix | 8 ++++++-- 1 file changed, 6 insertions(+), 2 deletions(-) diff --git a/pkgs/tools/networking/curl/default.nix b/pkgs/tools/networking/curl/default.nix index daf5a19b01c..c9b70ee0e64 100644 --- a/pkgs/tools/networking/curl/default.nix +++ b/pkgs/tools/networking/curl/default.nix @@ -21,11 +21,11 @@ assert scpSupport -> libssh2 != null; assert c-aresSupport -> c-ares != null; stdenv.mkDerivation rec { - name = "curl-7.54.1"; + name = "curl-7.55.0"; src = fetchurl { url = "http://curl.haxx.se/download/${name}.tar.bz2"; - sha256 = "1815iz5a7qghipjcl7s97hk4jqh4f3kqc487xi20rvh1s3r4vz7x"; + sha256 = "1cg5h0klsx887qd4wpkk5bpkbw1bfc4q7adsrai71zhmdzn6j7dg"; }; outputs = [ "bin" "dev" "out" "man" "devdoc" ]; @@ -72,6 +72,10 @@ stdenv.mkDerivation rec { CXXCPP = "g++ -E"; postInstall = '' + pushd docs/libcurl + make install + popd + moveToOutput bin/curl-config "$dev" sed '/^dependency_libs/s|${libssh2.dev}|${libssh2.out}|' -i "$out"/lib/*.la '' + stdenv.lib.optionalString gnutlsSupport '' From 3be89a675814c3c2dd21fc3102c71960e896b97c Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Vladim=C3=ADr=20=C4=8Cun=C3=A1t?= Date: Thu, 10 Aug 2017 20:58:43 +0200 Subject: [PATCH 13/13] libsoup: security 2.56.0 -> 2.56.1 Fixes CVE-2017-2885 --- pkgs/development/libraries/libsoup/default.nix | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/pkgs/development/libraries/libsoup/default.nix b/pkgs/development/libraries/libsoup/default.nix index 030d800f4a5..914c99d259e 100644 --- a/pkgs/development/libraries/libsoup/default.nix +++ b/pkgs/development/libraries/libsoup/default.nix @@ -5,14 +5,14 @@ , intltool, python }: let majorVersion = "2.56"; - version = "${majorVersion}.0"; + version = "${majorVersion}.1"; in stdenv.mkDerivation { name = "libsoup-${version}"; src = fetchurl { url = "mirror://gnome/sources/libsoup/${majorVersion}/libsoup-${version}.tar.xz"; - sha256 = "d8216b71de8247bc6f274ec054c08547b2e04369c1f8add713e9350c8ef81fe5"; + sha256 = "c32a46d77b4da433b51d8fd09a57a44b198e03bdc93e5219afcc687c7948eac3"; }; prePatch = ''