diff options
| author | Vladimír Čunát <vcunat@gmail.com> | 2017-11-01 08:37:31 +0100 |
|---|---|---|
| committer | Vladimír Čunát <vcunat@gmail.com> | 2017-11-01 08:37:31 +0100 |
| commit | 06d7e54d62cfa303057ad65d86311cdce6f8c9bf (patch) | |
| tree | c4ad5bc8a4c018299dd5a19105b3b6fb900d5d58 | |
| parent | 26e4f6f4f8a0466432e4eaa750076c96e7a65ca5 (diff) | |
| parent | c4be15a83b95b882357990488a7c8ccd47feb94b (diff) | |
| download | nixpkgs-06d7e54d62cfa303057ad65d86311cdce6f8c9bf.tar nixpkgs-06d7e54d62cfa303057ad65d86311cdce6f8c9bf.tar.gz nixpkgs-06d7e54d62cfa303057ad65d86311cdce6f8c9bf.tar.bz2 nixpkgs-06d7e54d62cfa303057ad65d86311cdce6f8c9bf.tar.lz nixpkgs-06d7e54d62cfa303057ad65d86311cdce6f8c9bf.tar.xz nixpkgs-06d7e54d62cfa303057ad65d86311cdce6f8c9bf.tar.zst nixpkgs-06d7e54d62cfa303057ad65d86311cdce6f8c9bf.zip | |
Merge branch 'staging'
- I can see some regressions, especially due to fetchzip rename c3255fe8ec. - Darwin is only half-rebuilt on Hydra ATM. - But there quite a few security fixes within.
38 files changed, 346 insertions, 204 deletions
diff --git a/pkgs/build-support/closure-info.nix b/pkgs/build-support/closure-info.nix index f1b0930cdcf..4d178ac96c5 100644 --- a/pkgs/build-support/closure-info.nix +++ b/pkgs/build-support/closure-info.nix @@ -8,7 +8,10 @@ { rootPaths }: -if builtins.langVersion >= 5 then +#if builtins.langVersion >= 5 then +# FIXME: it doesn't work on Hydra, failing to find mkdir; +# perhaps .attrs.sh clobbers PATH with new nix? +if false then # Nix >= 1.12: Include NAR hash / size info. diff --git a/pkgs/build-support/fetchgit/gitrepotoname.nix b/pkgs/build-support/fetchgit/gitrepotoname.nix deleted file mode 100644 index 90005b54569..00000000000 --- a/pkgs/build-support/fetchgit/gitrepotoname.nix +++ /dev/null @@ -1,19 +0,0 @@ -{ lib }: - -let - inherit (lib) removeSuffix hasPrefix removePrefix splitString stringToCharacters concatMapStrings last elem; - - allowedChars = stringToCharacters "abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789+-._?="; - sanitizeStoreName = s: - let - s' = concatMapStrings (c: if elem c allowedChars then c else "") (stringToCharacters s); - s'' = if hasPrefix "." s' then "_${removePrefix "." s'}" else s'; - in - s''; -in - urlOrRepo: rev: - let - repo' = last (splitString ":" (baseNameOf (removeSuffix ".git" (removeSuffix "/" urlOrRepo)))); - rev' = baseNameOf rev; - in - "${sanitizeStoreName repo'}-${sanitizeStoreName rev'}-src" diff --git a/pkgs/build-support/fetchzip/default.nix b/pkgs/build-support/fetchzip/default.nix index 751dba56930..4a5381d71f2 100644 --- a/pkgs/build-support/fetchzip/default.nix +++ b/pkgs/build-support/fetchzip/default.nix @@ -11,10 +11,11 @@ stripRoot ? true , url , extraPostFetch ? "" +, name ? "source" , ... } @ args: lib.overrideDerivation (fetchurl ({ - name = args.name or (baseNameOf url); + inherit name; recursiveHash = true; diff --git a/pkgs/desktops/gnome-3/default.nix b/pkgs/desktops/gnome-3/default.nix index 10e5f97c38f..585f79ddea6 100644 --- a/pkgs/desktops/gnome-3/default.nix +++ b/pkgs/desktops/gnome-3/default.nix @@ -45,7 +45,7 @@ let hitori gnome-taquin ]; - inherit (pkgs) glib gtk2 webkitgtk216x gtk3 gtkmm3 libcanberra_gtk2 + inherit (pkgs) glib gtk2 webkitgtk gtk3 gtkmm3 libcanberra_gtk2 clutter clutter-gst clutter_gtk cogl gtkvnc; inherit (pkgs.gnome2) ORBit2; libsoup = pkgs.libsoup.override { gnomeSupport = true; }; @@ -56,7 +56,6 @@ let gtkmm = gtkmm3; vala = pkgs.vala_0_32; gegl_0_3 = pkgs.gegl_0_3.override { inherit gtk; }; - webkitgtk = webkitgtk216x; # Simplify the nixos module and gnome packages defaultIconTheme = adwaita-icon-theme; diff --git a/pkgs/development/compilers/rust/rustc.nix b/pkgs/development/compilers/rust/rustc.nix index 6eb160add26..a113f5db480 100644 --- a/pkgs/development/compilers/rust/rustc.nix +++ b/pkgs/development/compilers/rust/rustc.nix @@ -85,6 +85,9 @@ stdenv.mkDerivation { # https://reviews.llvm.org/rL281650 rm -vr src/test/run-pass/issue-36474.rs || true + # On Hydra: `TcpListener::bind(&addr)`: Address already in use (os error 98)' + sed '/^ *fn fast_rebind()/i#[ignore]' -i src/libstd/net/tcp.rs + # Disable some failing gdb tests. Try re-enabling these when gdb # is updated past version 7.12. rm src/test/debuginfo/basic-types-globals.rs diff --git a/pkgs/development/interpreters/perl/default.nix b/pkgs/development/interpreters/perl/default.nix index 5246c5b0e59..97e395d2a6d 100644 --- a/pkgs/development/interpreters/perl/default.nix +++ b/pkgs/development/interpreters/perl/default.nix @@ -116,9 +116,7 @@ let platforms = platforms.all; }; }; - in rec { - perl = perl524; perl522 = common { @@ -127,8 +125,7 @@ in rec { }; perl524 = common { - version = "5.24.2"; - sha256 = "1x4yj814a79lcarwb3ab6bbcb36hvb5n4ph4zg3yb0nabsjfi6v0"; + version = "5.24.3"; + sha256 = "1m2px85kq2fyp2d4rx3bw9kg3car67qfqwrs5vlv96dx0x8rl06b"; }; - } diff --git a/pkgs/development/interpreters/python/cpython/3.6/default.nix b/pkgs/development/interpreters/python/cpython/3.6/default.nix index 127c093501c..1614159a7ef 100644 --- a/pkgs/development/interpreters/python/cpython/3.6/default.nix +++ b/pkgs/development/interpreters/python/cpython/3.6/default.nix @@ -27,7 +27,7 @@ with stdenv.lib; let majorVersion = "3.6"; - minorVersion = "2"; + minorVersion = "3"; minorVersionSuffix = ""; pythonVersion = majorVersion; version = "${majorVersion}.${minorVersion}${minorVersionSuffix}"; @@ -48,7 +48,7 @@ in stdenv.mkDerivation { src = fetchurl { url = "https://www.python.org/ftp/python/${majorVersion}.${minorVersion}/Python-${version}.tar.xz"; - sha256 = "1ab4vlpdax1ihpiyiwchlgsk36apl4kgdw271wvl9l8ywhxpfacj"; + sha256 = "1nl1raaagr4car787a2hmjv2dw6gqny53xfd6wisbgx4r5kxk9yd"; }; NIX_LDFLAGS = optionalString stdenv.isLinux "-lgcc_s"; diff --git a/pkgs/development/libraries/cyrus-sasl/default.nix b/pkgs/development/libraries/cyrus-sasl/default.nix index 5dbf134cf45..68398e93764 100644 --- a/pkgs/development/libraries/cyrus-sasl/default.nix +++ b/pkgs/development/libraries/cyrus-sasl/default.nix @@ -1,4 +1,5 @@ -{ lib, stdenv, fetchurl, openssl, openldap, kerberos, db, gettext, pam, fixDarwinDylibNames, autoreconfHook, enableLdap ? false }: +{ lib, stdenv, fetchurl, openssl, openldap, kerberos, db, gettext, + pam, fixDarwinDylibNames, autoreconfHook, fetchpatch, enableLdap ? false }: with stdenv.lib; stdenv.mkDerivation rec { @@ -21,6 +22,10 @@ stdenv.mkDerivation rec { patches = [ ./missing-size_t.patch # https://bugzilla.redhat.com/show_bug.cgi?id=906519 + (fetchpatch { # CVE-2013-4122 + url = "http://sourceforge.net/projects/miscellaneouspa/files/glibc217/cyrus-sasl-2.1.26-glibc217-crypt.diff"; + sha256 = "05l7dh1w9d5fvzg0pjwzqh0fy4ah8y5cv6v67s4ssbq8xwd4pkf2"; + }) ] ++ lib.optional stdenv.isFreeBSD ( fetchurl { url = "http://www.linuxfromscratch.org/patches/blfs/svn/cyrus-sasl-2.1.26-fixes-3.patch"; diff --git a/pkgs/development/libraries/db/CVE-2017-10140-4.8-cwd-db_config.patch b/pkgs/development/libraries/db/CVE-2017-10140-4.8-cwd-db_config.patch new file mode 100644 index 00000000000..ed916fcf4d1 --- /dev/null +++ b/pkgs/development/libraries/db/CVE-2017-10140-4.8-cwd-db_config.patch @@ -0,0 +1,11 @@ +--- a/env/env_open.c.old 2017-06-26 10:32:11.011419981 +0200 ++++ b/env/env_open.c 2017-06-26 10:32:46.893721233 +0200 +@@ -473,7 +473,7 @@ + env->db_mode = mode == 0 ? DB_MODE_660 : mode; + + /* Read the DB_CONFIG file. */ +- if ((ret = __env_read_db_config(env)) != 0) ++ if (env->db_home != NULL && (ret = __env_read_db_config(env)) != 0) + return (ret); + + /* diff --git a/pkgs/development/libraries/db/CVE-2017-10140-cwd-db_config.patch b/pkgs/development/libraries/db/CVE-2017-10140-cwd-db_config.patch new file mode 100644 index 00000000000..652e962bbe1 --- /dev/null +++ b/pkgs/development/libraries/db/CVE-2017-10140-cwd-db_config.patch @@ -0,0 +1,11 @@ +--- db-5.3.28/src/env/env_open.c.old 2017-06-26 10:32:11.011419981 +0200 ++++ db-5.3.28/src/env/env_open.c 2017-06-26 10:32:46.893721233 +0200 +@@ -473,7 +473,7 @@ + env->db_mode = mode == 0 ? DB_MODE_660 : mode; + + /* Read the DB_CONFIG file. */ +- if ((ret = __env_read_db_config(env)) != 0) ++ if (env->db_home != NULL && (ret = __env_read_db_config(env)) != 0) + return (ret); + + /* diff --git a/pkgs/development/libraries/db/db-4.8.nix b/pkgs/development/libraries/db/db-4.8.nix index bce91e5a940..76e30e921ba 100644 --- a/pkgs/development/libraries/db/db-4.8.nix +++ b/pkgs/development/libraries/db/db-4.8.nix @@ -3,7 +3,7 @@ import ./generic.nix (args // rec { version = "4.8.30"; sha256 = "0ampbl2f0hb1nix195kz1syrqqxpmvnvnfvphambj7xjrl3iljg0"; - extraPatches = [ ./clang-4.8.patch ]; + extraPatches = [ ./clang-4.8.patch ./CVE-2017-10140-4.8-cwd-db_config.patch ]; drvArgs.hardeningDisable = [ "format" ]; drvArgs.doCheck = false; diff --git a/pkgs/development/libraries/db/db-5.3.nix b/pkgs/development/libraries/db/db-5.3.nix index 066eca4e63d..7894e4c7326 100644 --- a/pkgs/development/libraries/db/db-5.3.nix +++ b/pkgs/development/libraries/db/db-5.3.nix @@ -3,5 +3,5 @@ import ./generic.nix (args // rec { version = "5.3.28"; sha256 = "0a1n5hbl7027fbz5lm0vp0zzfp1hmxnz14wx3zl9563h83br5ag0"; - extraPatches = [ ./clang-5.3.patch ]; + extraPatches = [ ./clang-5.3.patch ./CVE-2017-10140-cwd-db_config.patch ]; }) diff --git a/pkgs/development/libraries/db/db-6.0.nix b/pkgs/development/libraries/db/db-6.0.nix index b7c5667b883..bafca3bd52d 100644 --- a/pkgs/development/libraries/db/db-6.0.nix +++ b/pkgs/development/libraries/db/db-6.0.nix @@ -4,5 +4,5 @@ import ./generic.nix (args // rec { version = "6.0.20"; sha256 = "00r2aaglq625y8r9xd5vw2y070plp88f1mb2gbq3kqsl7128lsl0"; license = stdenv.lib.licenses.agpl3; - extraPatches = [ ./clang-6.0.patch ]; + extraPatches = [ ./clang-6.0.patch ./CVE-2017-10140-cwd-db_config.patch ]; }) diff --git a/pkgs/development/libraries/db/db-6.2.nix b/pkgs/development/libraries/db/db-6.2.nix index f897e3744af..96f7668aa90 100644 --- a/pkgs/development/libraries/db/db-6.2.nix +++ b/pkgs/development/libraries/db/db-6.2.nix @@ -4,5 +4,5 @@ import ./generic.nix (args // rec { version = "6.2.23"; sha256 = "1isxx4jfmnh913jzhp8hhfngbk6dsg46f4kjpvvc56maj64jqqa7"; license = stdenv.lib.licenses.agpl3; - extraPatches = [ ./clang-6.0.patch ]; + extraPatches = [ ./clang-6.0.patch ./CVE-2017-10140-cwd-db_config.patch ]; }) diff --git a/pkgs/development/libraries/lame/default.nix b/pkgs/development/libraries/lame/default.nix index cc077a78a65..8ad7cb95a5d 100644 --- a/pkgs/development/libraries/lame/default.nix +++ b/pkgs/development/libraries/lame/default.nix @@ -59,7 +59,7 @@ stdenv.mkDerivation rec { description = "A high quality MPEG Audio Layer III (MP3) encoder"; homepage = http://lame.sourceforge.net; license = licenses.lgpl2; - maintainers = with maintainers; [ codyopel ]; + maintainers = with maintainers; [ codyopel fpletz ]; platforms = platforms.all; }; } diff --git a/pkgs/development/libraries/lame/gcc-4.9.patch b/pkgs/development/libraries/lame/gcc-4.9.patch deleted file mode 100644 index 59f8e00e4a8..00000000000 --- a/pkgs/development/libraries/lame/gcc-4.9.patch +++ /dev/null @@ -1,33 +0,0 @@ -fix sse optimizations build on 32-bit with gcc 4.9 -http://git.videolan.org/gitweb.cgi/vlc.git/?a=commit;h=351af417bae0d09bd5a3753d1237f03adf591933 - -xmm_quantize_sub.c: In function 'init_xrpow_core_sse': -xmm_quantize_sub.c:65:18: warning: SSE vector return without SSE enabled changes the ABI [-W -psabi] - const __m128 vec_fabs_mask = _mm_loadu_ps(&fabs_mask._float[0]); - ^ -In file included from xmm_quantize_sub.c:37:0: -/usr/lib/gcc/i686-w64-mingw32/4.9.0/include/xmmintrin.h:933:1: error: inlining failed in call to always_inline '_mm_loadu_ps': target specific option mismatch - _mm_loadu_ps (float const *__P) - ^ -xmm_quantize_sub.c:65:18: error: called from here - const __m128 vec_fabs_mask = _mm_loadu_ps(&fabs_mask._float[0]); - ^ ---- lame/libmp3lame/vector/xmm_quantize_sub.c.orig 2014-06-08 12:16:19.455468042 -0700 -+++ lame/libmp3lame/vector/xmm_quantize_sub.c 2014-06-08 12:16:09.592356980 -0700 -@@ -35,6 +35,7 @@ - #ifdef HAVE_XMMINTRIN_H - - #include <xmmintrin.h> -+#pragma GCC target("sse") - - typedef union { - int32_t _i_32[4]; /* unions are initialized by its first member */ -@@ -124,6 +125,7 @@ - } - - -+#pragma GCC target("sse2") - void - fht_SSE2(FLOAT * fz, int n) - { diff --git a/pkgs/development/libraries/libarchive/CVE-2017-14166.patch b/pkgs/development/libraries/libarchive/CVE-2017-14166.patch new file mode 100644 index 00000000000..b729ae41e0a --- /dev/null +++ b/pkgs/development/libraries/libarchive/CVE-2017-14166.patch @@ -0,0 +1,36 @@ +From fa7438a0ff4033e4741c807394a9af6207940d71 Mon Sep 17 00:00:00 2001 +From: Joerg Sonnenberger <joerg@bec.de> +Date: Tue, 5 Sep 2017 18:12:19 +0200 +Subject: [PATCH] Do something sensible for empty strings to make fuzzers + happy. + +--- + libarchive/archive_read_support_format_xar.c | 8 +++++++- + 1 file changed, 7 insertions(+), 1 deletion(-) + +diff --git a/libarchive/archive_read_support_format_xar.c b/libarchive/archive_read_support_format_xar.c +index 7a22beb9d..93eeacc5e 100644 +--- a/libarchive/archive_read_support_format_xar.c ++++ b/libarchive/archive_read_support_format_xar.c +@@ -1040,6 +1040,9 @@ atol10(const char *p, size_t char_cnt) + uint64_t l; + int digit; + ++ if (char_cnt == 0) ++ return (0); ++ + l = 0; + digit = *p - '0'; + while (digit >= 0 && digit < 10 && char_cnt-- > 0) { +@@ -1054,7 +1057,10 @@ atol8(const char *p, size_t char_cnt) + { + int64_t l; + int digit; +- ++ ++ if (char_cnt == 0) ++ return (0); ++ + l = 0; + while (char_cnt-- > 0) { + if (*p >= '0' && *p <= '7') diff --git a/pkgs/development/libraries/libarchive/CVE-2017-14502.patch b/pkgs/development/libraries/libarchive/CVE-2017-14502.patch new file mode 100644 index 00000000000..dad8a93a8a8 --- /dev/null +++ b/pkgs/development/libraries/libarchive/CVE-2017-14502.patch @@ -0,0 +1,28 @@ +From 5562545b5562f6d12a4ef991fae158bf4ccf92b6 Mon Sep 17 00:00:00 2001 +From: Joerg Sonnenberger <joerg@bec.de> +Date: Sat, 9 Sep 2017 17:47:32 +0200 +Subject: [PATCH] Avoid a read off-by-one error for UTF16 names in RAR + archives. + +Reported-By: OSS-Fuzz issue 573 +--- + libarchive/archive_read_support_format_rar.c | 6 +++++- + 1 file changed, 5 insertions(+), 1 deletion(-) + +diff --git a/libarchive/archive_read_support_format_rar.c b/libarchive/archive_read_support_format_rar.c +index cbb14c32d..751de6979 100644 +--- a/libarchive/archive_read_support_format_rar.c ++++ b/libarchive/archive_read_support_format_rar.c +@@ -1496,7 +1496,11 @@ read_header(struct archive_read *a, struct archive_entry *entry, + return (ARCHIVE_FATAL); + } + filename[filename_size++] = '\0'; +- filename[filename_size++] = '\0'; ++ /* ++ * Do not increment filename_size here as the computations below ++ * add the space for the terminating NUL explicitly. ++ */ ++ filename[filename_size] = '\0'; + + /* Decoded unicode form is UTF-16BE, so we have to update a string + * conversion object for it. */ diff --git a/pkgs/development/libraries/libarchive/default.nix b/pkgs/development/libraries/libarchive/default.nix index fb1faf8d1b1..e0242802fd3 100644 --- a/pkgs/development/libraries/libarchive/default.nix +++ b/pkgs/development/libraries/libarchive/default.nix @@ -17,6 +17,11 @@ stdenv.mkDerivation rec { sha256 = "1km0mzfl6in7l5vz9kl09a88ajx562rw93ng9h2jqavrailvsbgd"; }; + patches = [ + ./CVE-2017-14166.patch + ./CVE-2017-14502.patch + ]; + outputs = [ "out" "lib" "dev" ]; nativeBuildInputs = [ pkgconfig ]; diff --git a/pkgs/development/libraries/mesa/default.nix b/pkgs/development/libraries/mesa/default.nix index 0fde0192726..fe34a8bb88f 100644 --- a/pkgs/development/libraries/mesa/default.nix +++ b/pkgs/development/libraries/mesa/default.nix @@ -66,7 +66,7 @@ let in let - version = "17.2.2"; + version = "17.2.4"; branch = head (splitString "." version); driverLink = "/run/opengl-driver" + optionalString stdenv.isi686 "-32"; in @@ -81,7 +81,7 @@ stdenv.mkDerivation { "ftp://ftp.freedesktop.org/pub/mesa/older-versions/${branch}.x/${version}/mesa-${version}.tar.xz" "https://launchpad.net/mesa/trunk/${version}/+download/mesa-${version}.tar.xz" ]; - sha256 = "10jplvxg7rlbp7569w08z0igwlsjjfb7q3n07zgfr8d5sr224lng"; + sha256 = "0l75q9l4g15y66rqk2swqvj18qj60hpimv0f97jk44bfrpz0i92v"; }; prePatch = "patchShebangs ."; diff --git a/pkgs/development/libraries/pcre/CVE-2017-7186.patch b/pkgs/development/libraries/pcre/CVE-2017-7186.patch deleted file mode 100644 index e9e1997e47c..00000000000 --- a/pkgs/development/libraries/pcre/CVE-2017-7186.patch +++ /dev/null @@ -1,52 +0,0 @@ ---- a/pcre_internal.h 2016/05/21 13:34:44 1649 -+++ b/pcre_internal.h 2017/02/24 17:30:30 1688 -@@ -2772,6 +2772,9 @@ - extern const pcre_uint16 PRIV(ucd_stage2)[]; - extern const pcre_uint32 PRIV(ucp_gentype)[]; - extern const pcre_uint32 PRIV(ucp_gbtable)[]; -+#ifdef COMPILE_PCRE32 -+extern const ucd_record PRIV(dummy_ucd_record)[]; -+#endif - #ifdef SUPPORT_JIT - extern const int PRIV(ucp_typerange)[]; - #endif -@@ -2780,9 +2783,15 @@ - /* UCD access macros */ - - #define UCD_BLOCK_SIZE 128 --#define GET_UCD(ch) (PRIV(ucd_records) + \ -+#define REAL_GET_UCD(ch) (PRIV(ucd_records) + \ - PRIV(ucd_stage2)[PRIV(ucd_stage1)[(int)(ch) / UCD_BLOCK_SIZE] * \ - UCD_BLOCK_SIZE + (int)(ch) % UCD_BLOCK_SIZE]) -+ -+#ifdef COMPILE_PCRE32 -+#define GET_UCD(ch) ((ch > 0x10ffff)? PRIV(dummy_ucd_record) : REAL_GET_UCD(ch)) -+#else -+#define GET_UCD(ch) REAL_GET_UCD(ch) -+#endif - - #define UCD_CHARTYPE(ch) GET_UCD(ch)->chartype - #define UCD_SCRIPT(ch) GET_UCD(ch)->script ---- a/pcre_ucd.c 2014/06/19 07:51:39 1490 -+++ b/pcre_ucd.c 2017/02/24 17:30:30 1688 -@@ -38,6 +38,20 @@ - const pcre_uint32 PRIV(ucd_caseless_sets)[] = {0}; - #else - -+/* If the 32-bit library is run in non-32-bit mode, character values -+greater than 0x10ffff may be encountered. For these we set up a -+special record. */ -+ -+#ifdef COMPILE_PCRE32 -+const ucd_record PRIV(dummy_ucd_record)[] = {{ -+ ucp_Common, /* script */ -+ ucp_Cn, /* type unassigned */ -+ ucp_gbOther, /* grapheme break property */ -+ 0, /* case set */ -+ 0, /* other case */ -+ }}; -+#endif -+ - /* When recompiling tables with a new Unicode version, please check the - types in this structure definition from pcre_internal.h (the actual - field names will be different): diff --git a/pkgs/development/libraries/pcre/default.nix b/pkgs/development/libraries/pcre/default.nix index d19410f735f..e6055151301 100644 --- a/pkgs/development/libraries/pcre/default.nix +++ b/pkgs/development/libraries/pcre/default.nix @@ -9,7 +9,7 @@ with stdenv.lib; assert elem variant [ null "cpp" "pcre16" "pcre32" ]; let - version = "8.40"; + version = "8.41"; pname = if (variant == null) then "pcre" else if (variant == "cpp") then "pcre-cpp" else variant; @@ -19,7 +19,7 @@ in stdenv.mkDerivation rec { src = fetchurl { url = "ftp://ftp.csx.cam.ac.uk/pub/software/programming/pcre/pcre-${version}.tar.bz2"; - sha256 = "1x7lpjn7jhk0n3sdvggxrlrhab8kkfjwl7qix0ypw9nlx8lpmqh0"; + sha256 = "0c5m469p5pd7jip621ipq6hbgh7128lzh7xndllfgh77ban7wb76"; }; outputs = [ "bin" "dev" "out" "doc" "man" ]; @@ -31,8 +31,6 @@ in stdenv.mkDerivation rec { ] ++ optional (variant != null) "--enable-${variant}"; - patches = [ ./CVE-2017-7186.patch ]; - buildInputs = optional (hostPlatform.libc == "msvcrt") windows.mingw_w64_pthreads; doCheck = !(with hostPlatform; isCygwin || isFreeBSD) && hostPlatform == buildPlatform; diff --git a/pkgs/development/libraries/sqlite/default.nix b/pkgs/development/libraries/sqlite/default.nix index 6dc09ddd39f..0625183fb7d 100644 --- a/pkgs/development/libraries/sqlite/default.nix +++ b/pkgs/development/libraries/sqlite/default.nix @@ -3,11 +3,11 @@ assert interactive -> readline != null && ncurses != null; stdenv.mkDerivation { - name = "sqlite-3.20.0"; + name = "sqlite-3.21.0"; src = fetchurl { - url = "http://sqlite.org/2017/sqlite-autoconf-3200000.tar.gz"; - sha256 = "1876dapm1xx5aqd2d8l7ymmkd2z9rybh99rp5f5rd4zz57vcc51q"; + url = "http://sqlite.org/2017/sqlite-autoconf-3210000.tar.gz"; + sha256 = "1qxvzdjwzw6k0kqjfabj86rnq87xdbwbca7laxxdhnh0fmkm3pfp"; }; outputs = [ "bin" "dev" "out" ]; diff --git a/pkgs/development/libraries/webkitgtk/2.16.nix b/pkgs/development/libraries/webkitgtk/2.18.nix index d6999353414..e1b520eb10b 100644 --- a/pkgs/development/libraries/webkitgtk/2.16.nix +++ b/pkgs/development/libraries/webkitgtk/2.18.nix @@ -4,7 +4,7 @@ , libxml2, libsoup, libsecret, libxslt, harfbuzz, libpthreadstubs, pcre, nettle, libtasn1, p11_kit , libidn, libedit, readline, mesa, libintlOrEmpty , enableGeoLocation ? true, geoclue2, sqlite -, gst-plugins-base +, gst-plugins-base, gst-plugins-bad }: assert enableGeoLocation -> geoclue2 != null; @@ -12,7 +12,7 @@ assert enableGeoLocation -> geoclue2 != null; with stdenv.lib; stdenv.mkDerivation rec { name = "webkitgtk-${version}"; - version = "2.16.6"; + version = "2.18.1"; meta = { description = "Web content rendering engine, GTK+ port"; @@ -42,7 +42,7 @@ stdenv.mkDerivation rec { src = fetchurl { url = "http://webkitgtk.org/releases/${name}.tar.xz"; - sha256 = "08abxbhi2n1pfby9f2c20z8mpmbvbs2z7vf0p5ckq4jkz46na8zw"; + sha256 = "15fp7szmkpannx7avsynf0nv3y343qwq0fvq3rz2m2mw5wq7pnww"; }; # see if we can clean this up.... @@ -77,10 +77,7 @@ stdenv.mkDerivation rec { "-DENABLE_GTKDOC=OFF" ]; - # XXX: WebKit2 missing include path for gst-plugins-base. - # Filled: https://bugs.webkit.org/show_bug.cgi?id=148894 - NIX_CFLAGS_COMPILE = "-I${gst-plugins-base.dev}/include/gstreamer-1.0" - + (optionalString stdenv.isDarwin " -lintl"); + NIX_CFLAGS_COMPILE = optionalString stdenv.isDarwin " -lintl"; nativeBuildInputs = [ cmake perl python2 ruby bison gperf @@ -90,7 +87,7 @@ stdenv.mkDerivation rec { buildInputs = libintlOrEmpty ++ [ gtk2 libwebp enchant libnotify gnutls pcre nettle libidn libxml2 libsecret libxslt harfbuzz libpthreadstubs libtasn1 p11_kit - sqlite gst-plugins-base libxkbcommon epoxy at_spi2_core + sqlite gst-plugins-base gst-plugins-bad libxkbcommon epoxy at_spi2_core ] ++ optional enableGeoLocation geoclue2 ++ (with xlibs; [ libXdmcp libXt libXtst ]) ++ optionals stdenv.isDarwin [ libedit readline mesa ] diff --git a/pkgs/development/libraries/wxwidgets/3.0/default.nix b/pkgs/development/libraries/wxwidgets/3.0/default.nix index 35300ed9419..2375de4b1bf 100644 --- a/pkgs/development/libraries/wxwidgets/3.0/default.nix +++ b/pkgs/development/libraries/wxwidgets/3.0/default.nix @@ -3,13 +3,13 @@ , withMesa ? true, mesa_glu ? null, mesa_noglu ? null , compat24 ? false, compat26 ? true, unicode ? true , withGtk2 ? true -, withWebKit ? false, webkitgtk24x-gtk2 ? null, webkitgtk216x ? null +, withWebKit ? false, webkitgtk24x-gtk2 ? null, webkitgtk218x ? null , AGL ? null, Carbon ? null, Cocoa ? null, Kernel ? null, QTKit ? null }: assert withMesa -> mesa_glu != null && mesa_noglu != null; -assert withWebKit -> (if withGtk2 then webkitgtk24x-gtk2 else webkitgtk216x) != null; +assert withWebKit -> (if withGtk2 then webkitgtk24x-gtk2 else webkitgtk218x) != null; with stdenv.lib; @@ -30,7 +30,7 @@ stdenv.mkDerivation { [ (if withGtk2 then gtk2 else gtk3) libXinerama libSM libXxf86vm xf86vidmodeproto gstreamer gst-plugins-base GConf ] ++ optional withMesa mesa_glu - ++ optional withWebKit (if withGtk2 then webkitgtk24x-gtk2 else webkitgtk216x) + ++ optional withWebKit (if withGtk2 then webkitgtk24x-gtk2 else webkitgtk218x) ++ optionals stdenv.isDarwin [ setfile Carbon Cocoa Kernel QTKit ]; nativeBuildInputs = [ pkgconfig ]; diff --git a/pkgs/development/perl-modules/DBD-SQLite/default.nix b/pkgs/development/perl-modules/DBD-SQLite/default.nix index bf3089ebfb9..a2a439b295b 100644 --- a/pkgs/development/perl-modules/DBD-SQLite/default.nix +++ b/pkgs/development/perl-modules/DBD-SQLite/default.nix @@ -1,25 +1,24 @@ { stdenv, fetchurl, buildPerlPackage, DBI, sqlite }: buildPerlPackage rec { - name = "DBD-SQLite-1.50"; + name = "DBD-SQLite-${version}"; + version = "1.54"; src = fetchurl { url = "mirror://cpan/authors/id/I/IS/ISHIGAKI/${name}.tar.gz"; - sha256 = "1qcw2nzla03ywrl6mx1qklvbc8n5bn4gxqbjnvadfkwlffmi7i9s"; + sha256 = "3929a6dbd8d71630f0cb57f85dcef9588cd7ac4c9fa12db79df77b9d3a4d7269"; }; propagatedBuildInputs = [ DBI ]; - - makeMakerFlags = "SQLITE_LOCATION=${sqlite.dev}"; + buildInputs = [ sqlite ]; patches = [ # Support building against our own sqlite. ./external-sqlite.patch ]; - sqlite_dev = sqlite.dev; - sqlite_out = sqlite.out; - postPatch = "substituteAllInPlace Makefile.PL; cat Makefile.PL"; + SQLITE_INC = sqlite.dev + "/include"; + SQLITE_LIB = sqlite.out + "/lib"; preBuild = '' @@ -39,5 +38,9 @@ buildPerlPackage rec { # (e.g. "database is locked(5) at dbdimp.c line 402 at t/07busy.t"). #doCheck = false; - meta.platforms = stdenv.lib.platforms.unix; + meta = with stdenv.lib; { + description = "Self Contained SQLite RDBMS in a DBI Driver"; + license = with licenses; [ artistic1 gpl1Plus ]; + platforms = platforms.unix; + }; } diff --git a/pkgs/development/perl-modules/DBD-SQLite/external-sqlite.patch b/pkgs/development/perl-modules/DBD-SQLite/external-sqlite.patch index 1f90546b252..5aafa461d94 100644 --- a/pkgs/development/perl-modules/DBD-SQLite/external-sqlite.patch +++ b/pkgs/development/perl-modules/DBD-SQLite/external-sqlite.patch @@ -1,33 +1,11 @@ -diff --git a/Makefile.PL b/Makefile.PL -index 606b28d..0cea060 100644 ---- a/Makefile.PL -+++ b/Makefile.PL -@@ -128,24 +128,10 @@ SCOPE: { - # the system SQLite. We expect that anyone sophisticated enough to use +--- a/Makefile.PL 2016-04-21 15:44:34.000000000 +0200 ++++ b/Makefile.PL 2017-10-31 11:04:28.389959946 +0100 +@@ -129,7 +129,7 @@ # a system sqlite is also sophisticated enough to have a patching system # that can change the if ( 0 ) to if ( 1 ) --my ($sqlite_local, $sqlite_base, $sqlite_lib, $sqlite_inc); + my ($sqlite_local, $sqlite_base, $sqlite_lib, $sqlite_inc); -if ( 0 ) { -- require File::Spec; -- if ( $sqlite_base = (grep(/SQLITE_LOCATION=.*/, @ARGV))[0] ) { -- $sqlite_base =~ /=(.*)/; -- $sqlite_base = $1; -- $sqlite_lib = File::Spec->catdir( $sqlite_base, 'lib' ); -- $sqlite_inc = File::Spec->catdir( $sqlite_base, 'include' ); -- } -- if ( $sqlite_local = (grep(/USE_LOCAL_SQLITE=.*/, @ARGV))[0] ) { -- $sqlite_local =~ /=(.*)/; -- $sqlite_local = "$1" ? 1 : 0; -- if ( $sqlite_local ) { -- # Keep these from making into CFLAGS/LDFLAGS -- undef $sqlite_lib; -- undef $sqlite_inc; -- } -- } -+my ($sqlite_local, $sqlite_lib, $sqlite_inc); +if ( 1 ) { -+ $sqlite_lib = '@sqlite_out@/lib'; -+ $sqlite_inc = '@sqlite_dev@/include'; - - # Now check for a compatible sqlite3 - unless ( $sqlite_local ) { + require File::Spec; + if ( $sqlite_base = (grep(/SQLITE_LOCATION=.*/, @ARGV))[0] ) { + $sqlite_base =~ /=(.*)/; diff --git a/pkgs/development/tools/build-managers/cmake/setup-hook.sh b/pkgs/development/tools/build-managers/cmake/setup-hook.sh index bf876e81cda..331f907ae61 100755 --- a/pkgs/development/tools/build-managers/cmake/setup-hook.sh +++ b/pkgs/development/tools/build-managers/cmake/setup-hook.sh @@ -84,6 +84,9 @@ makeCmakeFindLibs(){ -L*) export CMAKE_LIBRARY_PATH="$CMAKE_LIBRARY_PATH${CMAKE_LIBRARY_PATH:+:}${flag:2}" ;; + -F*) + export CMAKE_FRAMEWORK_PATH="$CMAKE_FRAMEWORK_PATH${CMAKE_FRAMEWORK_PATH:+:}${flag:2}" + ;; -isystem) isystem_seen=1 ;; diff --git a/pkgs/development/tools/build-managers/gnumake/4.2/default.nix b/pkgs/development/tools/build-managers/gnumake/4.2/default.nix index 253aadb86d7..7914d8ebb4f 100644 --- a/pkgs/development/tools/build-managers/gnumake/4.2/default.nix +++ b/pkgs/development/tools/build-managers/gnumake/4.2/default.nix @@ -19,6 +19,7 @@ stdenv.mkDerivation { # and /usr/lib. It's a stupid feature anyway. Likewise, when searching for # included Makefiles, don't look in /usr/include and friends. ./impure-dirs.patch + ./pselect.patch ]; nativeBuildInputs = [ pkgconfig ]; diff --git a/pkgs/development/tools/build-managers/gnumake/4.2/pselect.patch b/pkgs/development/tools/build-managers/gnumake/4.2/pselect.patch new file mode 100644 index 00000000000..5a03acb2f7c --- /dev/null +++ b/pkgs/development/tools/build-managers/gnumake/4.2/pselect.patch @@ -0,0 +1,170 @@ +From b552b05251980f693c729e251f93f5225b400714 Mon Sep 17 00:00:00 2001 +From: Paul Smith <psmith@gnu.org> +Date: Sat, 3 Jun 2017 16:20:51 -0400 +Subject: [SV 51159] Use a non-blocking read with pselect to avoid hangs. + +* posixos.c (set_blocking): Set blocking on a file descriptor. +(jobserver_setup): Set non-blocking on the jobserver read side. +(jobserver_parse_auth): Ditto. +(jobserver_acquire_all): Set blocking to avoid a busy-wait loop. +(jobserver_acquire): If the non-blocking read() returns without +taking a token then try again. +--- + posixos.c | 97 ++++++++++++++++++++++++++++++++++++++++++++++----------------- + 1 file changed, 71 insertions(+), 26 deletions(-) + +diff --git posixos.c posixos.c +index e642d7f..dbafa51 100644 +--- posixos.c ++++ posixos.c +@@ -62,6 +62,24 @@ make_job_rfd (void) + #endif + } + ++static void ++set_blocking (int fd, int blocking) ++{ ++ // If we're not using pselect() don't change the blocking ++#ifdef HAVE_PSELECT ++ int flags; ++ EINTRLOOP (flags, fcntl (fd, F_GETFL)); ++ if (flags >= 0) ++ { ++ int r; ++ flags = blocking ? (flags & ~O_NONBLOCK) : (flags | O_NONBLOCK); ++ EINTRLOOP (r, fcntl (fd, F_SETFL, flags)); ++ if (r < 0) ++ pfatal_with_name ("fcntl(O_NONBLOCK)"); ++ } ++#endif ++} ++ + unsigned int + jobserver_setup (int slots) + { +@@ -86,6 +104,9 @@ jobserver_setup (int slots) + pfatal_with_name (_("init jobserver pipe")); + } + ++ /* When using pselect() we want the read to be non-blocking. */ ++ set_blocking (job_fds[0], 0); ++ + return 1; + } + +@@ -121,6 +142,9 @@ jobserver_parse_auth (const char *auth) + return 0; + } + ++ /* When using pselect() we want the read to be non-blocking. */ ++ set_blocking (job_fds[0], 0); ++ + return 1; + } + +@@ -169,7 +193,10 @@ jobserver_acquire_all (void) + { + unsigned int tokens = 0; + +- /* Close the write side, so the read() won't hang. */ ++ /* Use blocking reads to wait for all outstanding jobs. */ ++ set_blocking (job_fds[0], 1); ++ ++ /* Close the write side, so the read() won't hang forever. */ + close (job_fds[1]); + job_fds[1] = -1; + +@@ -236,18 +263,12 @@ jobserver_pre_acquire (void) + unsigned int + jobserver_acquire (int timeout) + { +- sigset_t empty; +- fd_set readfds; + struct timespec spec; + struct timespec *specp = NULL; +- int r; +- char intake; ++ sigset_t empty; + + sigemptyset (&empty); + +- FD_ZERO (&readfds); +- FD_SET (job_fds[0], &readfds); +- + if (timeout) + { + /* Alarm after one second (is this too granular?) */ +@@ -256,28 +277,52 @@ jobserver_acquire (int timeout) + specp = &spec; + } + +- r = pselect (job_fds[0]+1, &readfds, NULL, NULL, specp, &empty); +- +- if (r == -1) ++ while (1) + { +- /* Better be SIGCHLD. */ +- if (errno != EINTR) +- pfatal_with_name (_("pselect jobs pipe")); +- return 0; +- } ++ fd_set readfds; ++ int r; ++ char intake; + +- if (r == 0) +- /* Timeout. */ +- return 0; ++ FD_ZERO (&readfds); ++ FD_SET (job_fds[0], &readfds); + +- /* The read FD is ready: read it! */ +- EINTRLOOP (r, read (job_fds[0], &intake, 1)); +- if (r < 0) +- pfatal_with_name (_("read jobs pipe")); ++ r = pselect (job_fds[0]+1, &readfds, NULL, NULL, specp, &empty); ++ if (r < 0) ++ switch (errno) ++ { ++ case EINTR: ++ /* SIGCHLD will show up as an EINTR. */ ++ return 0; ++ ++ case EBADF: ++ /* Someone closed the jobs pipe. ++ That shouldn't happen but if it does we're done. */ ++ O (fatal, NILF, _("job server shut down")); + +- /* What does it mean if read() returns 0? It shouldn't happen because only +- the master make can reap all the tokens and close the write side...?? */ +- return r > 0; ++ default: ++ pfatal_with_name (_("pselect jobs pipe")); ++ } ++ ++ if (r == 0) ++ /* Timeout. */ ++ return 0; ++ ++ /* The read FD is ready: read it! This is non-blocking. */ ++ EINTRLOOP (r, read (job_fds[0], &intake, 1)); ++ ++ if (r < 0) ++ { ++ /* Someone sniped our token! Try again. */ ++ if (errno == EAGAIN) ++ continue; ++ ++ pfatal_with_name (_("read jobs pipe")); ++ } ++ ++ /* read() should never return 0: only the master make can reap all the ++ tokens and close the write side...?? */ ++ return r > 0; ++ } + } + + #else +-- +cgit v1.0-41-gc330 + diff --git a/pkgs/os-specific/darwin/apple-source-releases/default.nix b/pkgs/os-specific/darwin/apple-source-releases/default.nix index 0e838994887..965632b5788 100644 --- a/pkgs/os-specific/darwin/apple-source-releases/default.nix +++ b/pkgs/os-specific/darwin/apple-source-releases/default.nix @@ -144,6 +144,10 @@ let appleDerivation_ = name: version: sha256: attrs: stdenv.mkDerivation ({ inherit version; name = "${name}-${version}"; + enableParallelBuilding = true; + meta = { + platforms = stdenv.lib.platforms.darwin; + }; } // (if attrs ? srcs then {} else { src = fetchApple version sha256 name; }) // attrs); @@ -153,7 +157,7 @@ let name = builtins.elemAt (stdenv.lib.splitString "/" namePath) 0; appleDerivation = appleDerivation_ name version sha256; callPackage = pkgs.newScope (packages // pkgs.darwin // { inherit appleDerivation name version; }); - in callPackage (./. + builtins.toPath "/${namePath}"); + in callPackage (./. + "/${namePath}"); libsecPackage = pkgs.callPackage ./libsecurity_generic { inherit applePackage appleDerivation_; diff --git a/pkgs/os-specific/darwin/apple-source-releases/xnu/default.nix b/pkgs/os-specific/darwin/apple-source-releases/xnu/default.nix index fd0d00d81cf..0ce9c54e48c 100644 --- a/pkgs/os-specific/darwin/apple-source-releases/xnu/default.nix +++ b/pkgs/os-specific/darwin/apple-source-releases/xnu/default.nix @@ -127,8 +127,4 @@ appleDerivation { mkdir $out/Library/PrivateFrameworks mv $out/Library/Frameworks/IOKit.framework $out/Library/PrivateFrameworks ''; - - meta = { - platforms = stdenv.lib.platforms.darwin; - }; } diff --git a/pkgs/os-specific/linux/libcap/default.nix b/pkgs/os-specific/linux/libcap/default.nix index 1cc8ab60d75..17cd40e427b 100644 --- a/pkgs/os-specific/linux/libcap/default.nix +++ b/pkgs/os-specific/linux/libcap/default.nix @@ -30,9 +30,8 @@ stdenv.mkDerivation rec { # ensure capsh can find bash in $PATH substituteInPlace progs/capsh.c --replace execve execvpe - ''; - preInstall = '' + # set prefixes substituteInPlace Make.Rules \ --replace 'prefix=/usr' "prefix=$lib" \ --replace 'exec_prefix=' "exec_prefix=$out" \ diff --git a/pkgs/os-specific/linux/util-linux/default.nix b/pkgs/os-specific/linux/util-linux/default.nix index 3d4309b7177..f54f3ab311a 100644 --- a/pkgs/os-specific/linux/util-linux/default.nix +++ b/pkgs/os-specific/linux/util-linux/default.nix @@ -4,15 +4,15 @@ let version = lib.concatStringsSep "." ([ majorVersion ] ++ lib.optional (patchVersion != "") patchVersion); - majorVersion = "2.30"; - patchVersion = "2"; + majorVersion = "2.31"; + patchVersion = ""; in stdenv.mkDerivation rec { name = "util-linux-${version}"; src = fetchurl { url = "mirror://kernel/linux/utils/util-linux/v${majorVersion}/${name}.tar.xz"; - sha256 = "1p494mwd8v6p6mpmmjybkc7bz1qwp9x4cdi8hdvp2nwvkr4fanvv"; + sha256 = "12nw108xjhm63sh2n5a0qs33vpvbvb6rln96l9j50p7wykf7rgpr"; }; patches = [ diff --git a/pkgs/tools/cd-dvd/cdrdao/default.nix b/pkgs/tools/cd-dvd/cdrdao/default.nix index 3b8040e2b91..25d94593f5e 100644 --- a/pkgs/tools/cd-dvd/cdrdao/default.nix +++ b/pkgs/tools/cd-dvd/cdrdao/default.nix @@ -1,4 +1,4 @@ -{stdenv, fetchurl, lame, libvorbis, libmad, pkgconfig, libao}: +{stdenv, fetchurl, libvorbis, libmad, pkgconfig, libao}: stdenv.mkDerivation { name = "cdrdao-1.2.3"; @@ -11,7 +11,7 @@ stdenv.mkDerivation { makeFlags = "RM=rm LN=ln MV=mv"; nativeBuildInputs = [ pkgconfig ]; - buildInputs = [ lame libvorbis libmad libao ]; + buildInputs = [ libvorbis libmad libao ]; hardeningDisable = [ "format" ]; diff --git a/pkgs/tools/networking/curl/default.nix b/pkgs/tools/networking/curl/default.nix index c01dbbaa3a7..d67b34371fe 100644 --- a/pkgs/tools/networking/curl/default.nix +++ b/pkgs/tools/networking/curl/default.nix @@ -21,11 +21,11 @@ assert scpSupport -> libssh2 != null; assert c-aresSupport -> c-ares != null; stdenv.mkDerivation rec { - name = "curl-7.56.0"; + name = "curl-7.56.1"; src = fetchurl { url = "http://curl.haxx.se/download/${name}.tar.bz2"; - sha256 = "1pvr2bqfhk46bzq2x2hskmnq3wc8qxlps7apm9q1qiixb9ra8q6y"; + sha256 = "142zidvlmrz31yx480nrhh47hl01d7jbaagin23pspl7cw1ng515"; }; outputs = [ "bin" "dev" "out" "man" "devdoc" ]; diff --git a/pkgs/tools/networking/unbound/default.nix b/pkgs/tools/networking/unbound/default.nix index cb462a2cedd..b124352fd7b 100644 --- a/pkgs/tools/networking/unbound/default.nix +++ b/pkgs/tools/networking/unbound/default.nix @@ -2,11 +2,11 @@ stdenv.mkDerivation rec { name = "unbound-${version}"; - version = "1.6.6"; + version = "1.6.7"; src = fetchurl { url = "http://unbound.net/downloads/${name}.tar.gz"; - sha256 = "145kska9a63yf32y3jg91y5ikcmsb7qvbcm7a8k6fgh96gf18awp"; + sha256 = "17qwfmlls0w9kpkya3dlpn44b3kr87wsswzg3gawc13hh8yx8ysf"; }; outputs = [ "out" "lib" "man" ]; # "dev" would only split ~20 kB diff --git a/pkgs/top-level/all-packages.nix b/pkgs/top-level/all-packages.nix index 60fad0499da..fa4488b9317 100644 --- a/pkgs/top-level/all-packages.nix +++ b/pkgs/top-level/all-packages.nix @@ -186,10 +186,8 @@ with pkgs; fetchzip = callPackage ../build-support/fetchzip { }; - gitRepoToName = callPackage ../build-support/fetchgit/gitrepotoname.nix { }; - fetchFromGitHub = { - owner, repo, rev, name ? gitRepoToName repo rev, + owner, repo, rev, name ? "source", fetchSubmodules ? false, private ? false, githubBase ? "github.com", varPrefix ? null, ... # For hash agility @@ -222,7 +220,7 @@ with pkgs; in fetcher fetcherArgs // { meta.homepage = baseUrl; inherit rev; }; fetchFromBitbucket = { - owner, repo, rev, name ? gitRepoToName repo rev, + owner, repo, rev, name ? "source", ... # For hash agility }@args: fetchzip ({ inherit name; @@ -233,7 +231,7 @@ with pkgs; # cgit example, snapshot support is optional in cgit fetchFromSavannah = { - repo, rev, name ? gitRepoToName repo rev, + repo, rev, name ? "source", ... # For hash agility }@args: fetchzip ({ inherit name; @@ -243,7 +241,7 @@ with pkgs; # gitlab example fetchFromGitLab = { - owner, repo, rev, name ? gitRepoToName repo rev, + owner, repo, rev, name ? "source", ... # For hash agility }@args: fetchzip ({ inherit name; @@ -253,7 +251,7 @@ with pkgs; # gitweb example, snapshot support is optional in gitweb fetchFromRepoOrCz = { - repo, rev, name ? gitRepoToName repo rev, + repo, rev, name ? "source", ... # For hash agility }@args: fetchzip ({ inherit name; @@ -10974,7 +10972,7 @@ with pkgs; wcslib = callPackage ../development/libraries/wcslib { }; - webkitgtk = webkitgtk216x; + webkitgtk = webkitgtk218x; webkitgtk24x-gtk3 = callPackage ../development/libraries/webkitgtk/2.4.nix { harfbuzz = harfbuzz-icu-58; @@ -10982,9 +10980,9 @@ with pkgs; inherit (darwin) libobjc; }; - webkitgtk216x = callPackage ../development/libraries/webkitgtk/2.16.nix { + webkitgtk218x = callPackage ../development/libraries/webkitgtk/2.18.nix { harfbuzz = harfbuzz-icu; - gst-plugins-base = gst_all_1.gst-plugins-base; + inherit (gst_all_1) gst-plugins-base gst-plugins-bad; }; webkitgtk24x-gtk2 = webkitgtk24x-gtk3.override { |