diff options
Diffstat (limited to 'pkgs/development/libraries')
62 files changed, 150 insertions, 235 deletions
diff --git a/pkgs/development/libraries/CoinMP/default.nix b/pkgs/development/libraries/CoinMP/default.nix index e819078f786..be44ef62885 100644 --- a/pkgs/development/libraries/CoinMP/default.nix +++ b/pkgs/development/libraries/CoinMP/default.nix @@ -9,6 +9,8 @@ stdenv.mkDerivation rec { sha256 = "0gqi2vqkg35gazzzv8asnhihchnbjcd6bzjfzqhmj7wy1dw9iiw6"; }; + hardening_format = false; + meta = with stdenv.lib; { homepage = https://projects.coin-or.org/CoinMP/; description = "COIN-OR lightweight API for COIN-OR libraries CLP, CBC, and CGL"; diff --git a/pkgs/development/libraries/a52dec/default.nix b/pkgs/development/libraries/a52dec/default.nix index 7d5c5fab393..5a47d50284f 100644 --- a/pkgs/development/libraries/a52dec/default.nix +++ b/pkgs/development/libraries/a52dec/default.nix @@ -8,8 +8,6 @@ stdenv.mkDerivation rec { sha256 = "0czccp4fcpf2ykp16xcrzdfmnircz1ynhls334q374xknd5747d2"; }; - NIX_CFLAGS_COMPILE = "-fpic"; - # From Handbrake patches = [ ./A00-a52-state-t-public.patch diff --git a/pkgs/development/libraries/accelio/default.nix b/pkgs/development/libraries/accelio/default.nix index 637976977b1..9ca9db1e451 100644 --- a/pkgs/development/libraries/accelio/default.nix +++ b/pkgs/development/libraries/accelio/default.nix @@ -15,6 +15,9 @@ stdenv.mkDerivation rec { sha256 = "172frqk2n43g0arhazgcwfvj0syf861vdzdpxl7idr142bb0ykf7"; }; + hardening_pic = false; + hardening_format = false; + patches = [ ./fix-printfs.patch ]; postPatch = '' diff --git a/pkgs/development/libraries/allegro/default.nix b/pkgs/development/libraries/allegro/default.nix index deb3a6877e8..50d3eec4f3f 100644 --- a/pkgs/development/libraries/allegro/default.nix +++ b/pkgs/development/libraries/allegro/default.nix @@ -18,6 +18,8 @@ stdenv.mkDerivation rec { xf86dgaproto xf86miscproto xf86vidmodeproto libXxf86vm openal mesa ]; + hardening_format = false; + cmakeFlags = [ "-DCMAKE_SKIP_RPATH=ON" ]; meta = with stdenv.lib; { diff --git a/pkgs/development/libraries/aterm/2.5.nix b/pkgs/development/libraries/aterm/2.5.nix deleted file mode 100644 index ef53a76d20b..00000000000 --- a/pkgs/development/libraries/aterm/2.5.nix +++ /dev/null @@ -1,33 +0,0 @@ -{stdenv, fetchurl}: - -stdenv.mkDerivation { - name = "aterm-2.5-r21238"; - - src = fetchurl { - url = http://buildfarm.st.ewi.tudelft.nl/releases/meta-environment/aterm-2.5pre21238-l2q7rg38/aterm-2.5.tar.gz; - md5 = "33ddcb1a229baf406ad1f603eb1d5995"; - }; - - patches = [ - # Fix for http://bugzilla.sen.cwi.nl:8080/show_bug.cgi?id=841 - ./max-long.patch - - # Patch the ATerm header files so that they don't rely on - # SIZEOF_LONG, SIZEOF_INT and SIZEOF_VOID_P being set. - ./sizeof.patch - ]; - - doCheck = true; - - dontDisableStatic = true; - - NIX_CFLAGS_COMPILE = "-D__USE_BSD"; - - meta = { - homepage = http://www.cwi.nl/htbin/sen1/twiki/bin/view/SEN1/ATerm; - license = "LGPL"; - description = "Library for manipulation of term data structures in C"; - platforms = stdenv.lib.platforms.linux ++ stdenv.lib.platforms.darwin; - maintainers = [ stdenv.lib.maintainers.eelco ]; - }; -} diff --git a/pkgs/development/libraries/aterm/max-long.patch b/pkgs/development/libraries/aterm/max-long.patch deleted file mode 100644 index a2f260b970b..00000000000 --- a/pkgs/development/libraries/aterm/max-long.patch +++ /dev/null @@ -1,77 +0,0 @@ -diff -rc aterm-2.8-orig/aterm/hash.c aterm-2.8/aterm/hash.c -*** aterm-2.8-orig/aterm/hash.c 2008-11-10 13:54:22.000000000 +0100 ---- aterm-2.8/aterm/hash.c 2009-01-27 18:14:14.000000000 +0100 -*************** -*** 93,146 **** - } - - /*}}} */ -- /*{{{ static long calc_long_max() */ -- static long calc_long_max() -- { -- long try_long_max; -- long long_max; -- long delta; -- -- try_long_max = 1; -- do { -- long_max = try_long_max; -- try_long_max = long_max * 2; -- } while (try_long_max > 0); -- -- delta = long_max; -- while (delta > 1) { -- while (long_max + delta < 0) { -- delta /= 2; -- } -- long_max += delta; -- } -- -- return long_max; -- -- } -- /*}}} */ - /*{{{ static long calculateNewSize(sizeMinus1, nrdel, nrentries) */ - - static long calculateNewSize - (long sizeMinus1, long nr_deletions, long nr_entries) - { -- -- /* Hack: LONG_MAX (limits.h) is often unreliable, we need to find -- * out the maximum possible value of a signed long dynamically. -- */ -- static long st_long_max = 0; -- -- /* the resulting length has the form 2^k-1 */ -- - if (nr_deletions >= nr_entries/2) { - return sizeMinus1; - } - -! if (st_long_max == 0) { -! st_long_max = calc_long_max(); -! } -! -! if (sizeMinus1 > st_long_max / 2) { -! return st_long_max-1; - } - - return (2*sizeMinus1)+1; ---- 93,109 ---- - } - - /*}}} */ - /*{{{ static long calculateNewSize(sizeMinus1, nrdel, nrentries) */ - - static long calculateNewSize - (long sizeMinus1, long nr_deletions, long nr_entries) - { - if (nr_deletions >= nr_entries/2) { - return sizeMinus1; - } - -! if (sizeMinus1 > LONG_MAX / 2) { -! return LONG_MAX-1; - } - - return (2*sizeMinus1)+1; diff --git a/pkgs/development/libraries/aterm/sizeof.patch b/pkgs/development/libraries/aterm/sizeof.patch deleted file mode 100644 index 2649cc56491..00000000000 --- a/pkgs/development/libraries/aterm/sizeof.patch +++ /dev/null @@ -1,56 +0,0 @@ -diff -rc -x '*~' aterm-2.5-orig/aterm/aterm.c aterm-2.5/aterm/aterm.c -*** aterm-2.5-orig/aterm/aterm.c 2007-02-27 23:41:31.000000000 +0100 ---- aterm-2.5/aterm/aterm.c 2010-02-23 15:10:38.000000000 +0100 -*************** -*** 150,155 **** ---- 150,157 ---- - if (initialized) - return; - -+ assert(sizeof(long) == sizeof(void *)); -+ - /*{{{ Handle arguments */ - - for (lcv=1; lcv < argc; lcv++) { -diff -rc -x '*~' aterm-2.5-orig/aterm/encoding.h aterm-2.5/aterm/encoding.h -*** aterm-2.5-orig/aterm/encoding.h 2007-02-27 23:41:31.000000000 +0100 ---- aterm-2.5/aterm/encoding.h 2010-02-23 15:36:05.000000000 +0100 -*************** -*** 10,24 **** - { - #endif/* __cplusplus */ - -! #if SIZEOF_LONG > 4 -! #define AT_64BIT - #endif - -! #if SIZEOF_LONG != SIZEOF_VOID_P -! #error Size of long is not the same as the size of a pointer - #endif - -! #if SIZEOF_INT > 4 - #error Size of int is not 32 bits - #endif - ---- 10,30 ---- - { - #endif/* __cplusplus */ - -! #include <limits.h> -! -! #ifndef SIZEOF_LONG -! #if ULONG_MAX > 4294967295 -! #define SIZEOF_LONG 8 -! #else -! #define SIZEOF_LONG 4 -! #endif - #endif - -! #if SIZEOF_LONG > 4 -! #define AT_64BIT - #endif - -! #if UINT_MAX > 4294967295 - #error Size of int is not 32 bits - #endif - diff --git a/pkgs/development/libraries/audio/libbs2b/default.nix b/pkgs/development/libraries/audio/libbs2b/default.nix index e43a5acb6bd..4a64bc260bd 100644 --- a/pkgs/development/libraries/audio/libbs2b/default.nix +++ b/pkgs/development/libraries/audio/libbs2b/default.nix @@ -11,6 +11,8 @@ stdenv.mkDerivation rec { buildInputs = [ pkgconfig libsndfile ]; + hardening_format = false; + meta = { homepage = "http://bs2b.sourceforge.net/"; description = "Bauer stereophonic-to-binaural DSP library"; diff --git a/pkgs/development/libraries/cgui/default.nix b/pkgs/development/libraries/cgui/default.nix index 0f117862236..3e5076d2509 100644 --- a/pkgs/development/libraries/cgui/default.nix +++ b/pkgs/development/libraries/cgui/default.nix @@ -12,10 +12,11 @@ stdenv.mkDerivation rec { buildInputs = [ texinfo allegro perl ]; configurePhase = '' - export NIX_CFLAGS_COMPILE="$NIX_CFLAGS_COMPILE -fPIC" sh fix.sh unix ''; + hardening_format = false; + makeFlags = [ "SYSTEM_DIR=$(out)" ]; meta = with stdenv.lib; { diff --git a/pkgs/development/libraries/cwiid/default.nix b/pkgs/development/libraries/cwiid/default.nix index a86bdc8e035..0b7d96b5cc1 100644 --- a/pkgs/development/libraries/cwiid/default.nix +++ b/pkgs/development/libraries/cwiid/default.nix @@ -1,26 +1,34 @@ { stdenv, autoreconfHook, fetchgit, bison, flex, bluez, pkgconfig, gtk }: stdenv.mkDerivation rec { - name = "cwiid-2010-02-21-git"; - src = fetchgit { - url = https://github.com/abstrakraft/cwiid; - sha256 = "6f5355d036dab017da713c49d3042011fa24fb732ed0d5ee338ab6f5ff400f06"; - rev = "fadf11e89b579bcc0336a0692ac15c93785f3f82"; - }; - configureFlags = "--without-python"; - prePatch = '' - sed -i -e '/$(LDCONFIG)/d' common/include/lib.mak.in - ''; - buildInputs = [ autoreconfHook bison flex bluez pkgconfig gtk ]; - postInstall = '' - # Some programs (for example, cabal-install) have problems with the double 0 - sed -i -e "s/0.6.00/0.6.0/" $out/lib/pkgconfig/cwiid.pc - ''; - meta = { - description = "Linux Nintendo Wiimote interface"; - homepage = http://cwiid.org; - license = stdenv.lib.licenses.gpl2Plus; - maintainers = [ stdenv.lib.maintainers.bennofs ]; - platforms = stdenv.lib.platforms.linux; - }; + name = "cwiid-2010-02-21-git"; + + src = fetchgit { + url = https://github.com/abstrakraft/cwiid; + sha256 = "6f5355d036dab017da713c49d3042011fa24fb732ed0d5ee338ab6f5ff400f06"; + rev = "fadf11e89b579bcc0336a0692ac15c93785f3f82"; + }; + + hardening_format = false; + + configureFlags = "--without-python"; + + prePatch = '' + sed -i -e '/$(LDCONFIG)/d' common/include/lib.mak.in + ''; + + buildInputs = [ autoreconfHook bison flex bluez pkgconfig gtk ]; + + postInstall = '' + # Some programs (for example, cabal-install) have problems with the double 0 + sed -i -e "s/0.6.00/0.6.0/" $out/lib/pkgconfig/cwiid.pc + ''; + + meta = { + description = "Linux Nintendo Wiimote interface"; + homepage = http://cwiid.org; + license = stdenv.lib.licenses.gpl2Plus; + maintainers = [ stdenv.lib.maintainers.bennofs ]; + platforms = stdenv.lib.platforms.linux; + }; } diff --git a/pkgs/development/libraries/db/db-4.4.nix b/pkgs/development/libraries/db/db-4.4.nix index 757b1f71405..327da38e986 100644 --- a/pkgs/development/libraries/db/db-4.4.nix +++ b/pkgs/development/libraries/db/db-4.4.nix @@ -5,4 +5,5 @@ import ./generic.nix (args // rec { extraPatches = [ ./cygwin-4.4.patch ]; sha256 = "0y9vsq8dkarx1mhhip1vaciz6imbbyv37c1dm8b20l7p064bg2i9"; branch = "4.4"; + drvArgs = { hardening_format = false; }; }) diff --git a/pkgs/development/libraries/db/db-4.5.nix b/pkgs/development/libraries/db/db-4.5.nix index b1e4b2c4708..6d3b15d256e 100644 --- a/pkgs/development/libraries/db/db-4.5.nix +++ b/pkgs/development/libraries/db/db-4.5.nix @@ -5,4 +5,5 @@ import ./generic.nix (args // rec { extraPatches = [ ./cygwin-4.5.patch ./register-race-fix.patch ]; sha256 = "0bd81k0qv5i8w5gbddrvld45xi9k1gvmcrfm0393v0lrm37dab7m"; branch = "4.5"; + drvArgs = { hardening_format = false; }; }) diff --git a/pkgs/development/libraries/db/db-4.7.nix b/pkgs/development/libraries/db/db-4.7.nix index 9a7d586cd04..0735099729a 100644 --- a/pkgs/development/libraries/db/db-4.7.nix +++ b/pkgs/development/libraries/db/db-4.7.nix @@ -4,4 +4,5 @@ import ./generic.nix (args // rec { version = "4.7.25"; sha256 = "0gi667v9cw22c03hddd6xd6374l0pczsd56b7pba25c9sdnxjkzi"; branch = "4.7"; + drvArgs = { hardening_format = false; }; }) diff --git a/pkgs/development/libraries/db/db-4.8.nix b/pkgs/development/libraries/db/db-4.8.nix index 6a161b0b72d..78c0a15c4e0 100644 --- a/pkgs/development/libraries/db/db-4.8.nix +++ b/pkgs/development/libraries/db/db-4.8.nix @@ -5,4 +5,5 @@ import ./generic.nix (args // rec { extraPatches = [ ./clang-4.8.patch ]; sha256 = "0ampbl2f0hb1nix195kz1syrqqxpmvnvnfvphambj7xjrl3iljg0"; branch = "4.8"; + drvArgs = { hardening_format = false; }; }) diff --git a/pkgs/development/libraries/db/generic.nix b/pkgs/development/libraries/db/generic.nix index f5ee4e440ff..fdc828effdf 100644 --- a/pkgs/development/libraries/db/generic.nix +++ b/pkgs/development/libraries/db/generic.nix @@ -7,9 +7,10 @@ , extraPatches ? [ ] , license ? stdenv.lib.licenses.sleepycat , branch ? null +, drvArgs ? {} }: -stdenv.mkDerivation rec { +stdenv.mkDerivation (rec { name = "db-${version}"; src = fetchurl { @@ -42,4 +43,4 @@ stdenv.mkDerivation rec { platforms = platforms.unix; branch = branch; }; -} +} // drvArgs) diff --git a/pkgs/development/libraries/fox/default.nix b/pkgs/development/libraries/fox/default.nix index 2d44444ab40..78b7e9a63fc 100644 --- a/pkgs/development/libraries/fox/default.nix +++ b/pkgs/development/libraries/fox/default.nix @@ -18,6 +18,8 @@ stdenv.mkDerivation rec { enableParallelBuilding = true; + hardening_format = false; + meta = { description = "C++ based class library for building Graphical User Interfaces"; longDescription = '' diff --git a/pkgs/development/libraries/fox/fox-1.6.nix b/pkgs/development/libraries/fox/fox-1.6.nix index 3c823adf91b..007609403e2 100644 --- a/pkgs/development/libraries/fox/fox-1.6.nix +++ b/pkgs/development/libraries/fox/fox-1.6.nix @@ -20,6 +20,8 @@ stdenv.mkDerivation rec { enableParallelBuilding = true; + hardening_format = false; + meta = { branch = "1.6"; description = "A C++ based class library for building Graphical User Interfaces"; diff --git a/pkgs/development/libraries/freetds/default.nix b/pkgs/development/libraries/freetds/default.nix index 695abcfbba2..bb4aeaeee27 100644 --- a/pkgs/development/libraries/freetds/default.nix +++ b/pkgs/development/libraries/freetds/default.nix @@ -11,6 +11,8 @@ stdenv.mkDerivation rec { sha256 = "0r946axzxs0czsmr7283w7vmk5jx3jnxxc32d2ncxsrsh2yli0ba"; }; + hardening_format = false; + buildInputs = stdenv.lib.optional odbcSupport [ unixODBC ]; configureFlags = stdenv.lib.optionalString odbcSupport "--with-odbc=${unixODBC}"; diff --git a/pkgs/development/libraries/fribidi/default.nix b/pkgs/development/libraries/fribidi/default.nix index 23795e9633e..09828665541 100644 --- a/pkgs/development/libraries/fribidi/default.nix +++ b/pkgs/development/libraries/fribidi/default.nix @@ -3,12 +3,14 @@ stdenv.mkDerivation rec { name = "fribidi-${version}"; version = "0.19.6"; - + src = fetchurl { url = "http://fribidi.org/download/${name}.tar.bz2"; sha256 = "0zg1hpaml34ny74fif97j7ngrshlkl3wk3nja3gmlzl17i1bga6b"; }; + hardening_format = false; + meta = with stdenv.lib; { homepage = http://fribidi.org/; description = "GNU implementation of the Unicode Bidirectional Algorithm (bidi)"; diff --git a/pkgs/development/libraries/gd/default.nix b/pkgs/development/libraries/gd/default.nix index 7c3c53626b5..a24a8416866 100644 --- a/pkgs/development/libraries/gd/default.nix +++ b/pkgs/development/libraries/gd/default.nix @@ -2,16 +2,18 @@ stdenv.mkDerivation { name = "gd-2.0.35"; - + src = fetchurl { url = http://www.libgd.org/releases/gd-2.0.35.tar.bz2; sha256 = "1y80lcmb8qbzf0a28841zxhq9ndfapmh2fsrqfd9lalxfj8288mz"; }; - + buildInputs = [zlib libpng freetype]; propagatedBuildInputs = [libjpeg fontconfig]; # urgh + hardening_format = false; + configureFlags = "--without-x"; meta = { diff --git a/pkgs/development/libraries/gdal/default.nix b/pkgs/development/libraries/gdal/default.nix index 8cf84eb08c3..582ab53800e 100644 --- a/pkgs/development/libraries/gdal/default.nix +++ b/pkgs/development/libraries/gdal/default.nix @@ -14,6 +14,8 @@ composableDerivation.composableDerivation {} (fixed: rec { buildInputs = [ unzip libjpeg libtiff libpng proj openssl ] ++ (with pythonPackages; [ python numpy wrapPython ]); + hardening_format = false; + patches = [ # This ensures that the python package is installed into gdal's prefix, # rather than trying to install into python's prefix. diff --git a/pkgs/development/libraries/gdal/gdal-1_11.nix b/pkgs/development/libraries/gdal/gdal-1_11.nix index 0e4b4d03541..4c6ec24a16c 100644 --- a/pkgs/development/libraries/gdal/gdal-1_11.nix +++ b/pkgs/development/libraries/gdal/gdal-1_11.nix @@ -19,6 +19,8 @@ composableDerivation.composableDerivation {} (fixed: rec { ./python.patch ]; + hardening_format = false; + # Don't use optimization for gcc >= 4.3. That's said to be causing segfaults. # Unset CC and CXX as they confuse libtool. preConfigure = "export CFLAGS=-O0 CXXFLAGS=-O0; unset CC CXX"; diff --git a/pkgs/development/libraries/gdome2/default.nix b/pkgs/development/libraries/gdome2/default.nix index cc8f76949ee..e9c32da2069 100644 --- a/pkgs/development/libraries/gdome2/default.nix +++ b/pkgs/development/libraries/gdome2/default.nix @@ -13,6 +13,8 @@ stdenv.mkDerivation { sha256 = "0hyms5s3hziajp3qbwdwqjc2xcyhb783damqg8wxjpwfxyi81fzl"; }; + hardening_format = false; + buildInputs = [pkgconfig glib libxml2 gtkdoc]; propagatedBuildInputs = [glib libxml2]; patches = [ ./xml-document.patch ]; diff --git a/pkgs/development/libraries/geoclue/default.nix b/pkgs/development/libraries/geoclue/default.nix index 1b703e2fdba..e8d43e6652f 100644 --- a/pkgs/development/libraries/geoclue/default.nix +++ b/pkgs/development/libraries/geoclue/default.nix @@ -11,6 +11,8 @@ stdenv.mkDerivation rec { propagatedBuildInputs = [dbus glib dbus_glib]; + hardening_format = false; + preConfigure = '' sed -e '/-Werror/d' -i configure ''; diff --git a/pkgs/development/libraries/gettext/default.nix b/pkgs/development/libraries/gettext/default.nix index 1443626124e..ff7e9bc5bfd 100644 --- a/pkgs/development/libraries/gettext/default.nix +++ b/pkgs/development/libraries/gettext/default.nix @@ -11,6 +11,8 @@ stdenv.mkDerivation (rec { outputs = [ "out" "doc" ]; + hardening_format = false; + LDFLAGS = if stdenv.isSunOS then "-lm -lmd -lmp -luutil -lnvpair -lnsl -lidmap -lavl -lsec" else ""; configureFlags = [ "--disable-csharp" "--with-xz" ] diff --git a/pkgs/development/libraries/giflib/4.1.nix b/pkgs/development/libraries/giflib/4.1.nix index 13cd1c79b6a..114e0e587b6 100644 --- a/pkgs/development/libraries/giflib/4.1.nix +++ b/pkgs/development/libraries/giflib/4.1.nix @@ -2,10 +2,14 @@ stdenv.mkDerivation { name = "giflib-4.1.6"; + src = fetchurl { url = mirror://sourceforge/giflib/giflib-4.1.6.tar.bz2; sha256 = "1v9b7ywz7qg8hli0s9vv1b8q9xxb2xvqq2mg1zpr73xwqpcwxhg1"; }; + + hardening_format = false; + meta = { branch = "4.1"; }; diff --git a/pkgs/development/libraries/giflib/libungif.nix b/pkgs/development/libraries/giflib/libungif.nix index f3302f8f333..1cc4ae0201b 100644 --- a/pkgs/development/libraries/giflib/libungif.nix +++ b/pkgs/development/libraries/giflib/libungif.nix @@ -6,5 +6,7 @@ stdenv.mkDerivation { url = mirror://sourceforge/giflib/libungif-4.1.4.tar.gz; md5 = "efdfcf8e32e35740288a8c5625a70ccb"; }; + + hardening_format = false; } diff --git a/pkgs/development/libraries/glibc/common.nix b/pkgs/development/libraries/glibc/common.nix index 45f5c24e959..7c7f8602bab 100644 --- a/pkgs/development/libraries/glibc/common.nix +++ b/pkgs/development/libraries/glibc/common.nix @@ -214,6 +214,10 @@ stdenv.mkDerivation ({ preBuild = "unset NIX_DONT_SET_RPATH"; } +// stdenv.lib.optionalAttrs (name == "glibc-locales") { + hardening_stackprotector = false; +} + // stdenv.lib.optionalAttrs (hurdHeaders != null) { # Work around the fact that the configure snippet that looks for # <hurd/version.h> does not honor `--with-headers=$sysheaders' and that diff --git a/pkgs/development/libraries/glibc/default.nix b/pkgs/development/libraries/glibc/default.nix index 08eaf555e02..f9096084bd2 100644 --- a/pkgs/development/libraries/glibc/default.nix +++ b/pkgs/development/libraries/glibc/default.nix @@ -25,6 +25,9 @@ in builder = ./builder.sh; + hardening_stackprotector = false; + hardening_fortify = false; + # When building glibc from bootstrap-tools, we need libgcc_s at RPATH for # any program we run, because the gcc will have been placed at a new # store path than that determined when built (as a source for the diff --git a/pkgs/development/libraries/gsm/default.nix b/pkgs/development/libraries/gsm/default.nix index fb9ff8eb0fb..42d36b8406e 100644 --- a/pkgs/development/libraries/gsm/default.nix +++ b/pkgs/development/libraries/gsm/default.nix @@ -41,8 +41,6 @@ stdenv.mkDerivation rec { preInstall = "mkdir -p $out/{bin,lib,man/man1,man/man3,include/gsm}"; - NIX_CFLAGS_COMPILE = optional (!staticSupport) "-fPIC"; - parallelBuild = false; meta = with stdenv.lib; { diff --git a/pkgs/development/libraries/hspell/default.nix b/pkgs/development/libraries/hspell/default.nix index 9b44d12c293..eebd105a00d 100644 --- a/pkgs/development/libraries/hspell/default.nix +++ b/pkgs/development/libraries/hspell/default.nix @@ -16,8 +16,6 @@ stdenv.mkDerivation rec { patchPhase = ''patchShebangs .''; buildInputs = [ perl zlib ]; - makeFlags = "CFLAGS=-fPIC"; - meta = { description = "Hebrew spell checker"; homepage = http://hspell.ivrix.org.il/; diff --git a/pkgs/development/libraries/itk/default.nix b/pkgs/development/libraries/itk/default.nix index 7b4e3834af7..eda9434ab65 100644 --- a/pkgs/development/libraries/itk/default.nix +++ b/pkgs/development/libraries/itk/default.nix @@ -12,7 +12,6 @@ stdenv.mkDerivation rec { "-DBUILD_TESTING=OFF" "-DBUILD_EXAMPLES=OFF" "-DBUILD_SHARED_LIBS=ON" - "-DCMAKE_CXX_FLAGS=-fPIC" ]; enableParallelBuilding = true; diff --git a/pkgs/development/libraries/libcli/default.nix b/pkgs/development/libraries/libcli/default.nix index 1c247f6faa8..cf1b21ceaa9 100644 --- a/pkgs/development/libraries/libcli/default.nix +++ b/pkgs/development/libraries/libcli/default.nix @@ -1,4 +1,4 @@ -{ stdenv, fetchFromGitHub }: +{ stdenv, fetchFromGitHub, fetchpatch }: stdenv.mkDerivation rec { name = "libcli-${version}"; @@ -11,6 +11,13 @@ stdenv.mkDerivation rec { owner = "dparrish"; }; + patches = [ + (fetchpatch { + url = https://patch-diff.githubusercontent.com/raw/dparrish/libcli/pull/21.diff; + sha256 = "150nm33xi3992zx8a9smjzd8zs7pavrwg1pijah6nyl22q9gxm21"; + }) + ]; + enableParallelBuilding = true; makeFlags = [ "PREFIX=$(out)" ]; diff --git a/pkgs/development/libraries/libdnet/default.nix b/pkgs/development/libraries/libdnet/default.nix index 8911539d7b0..dbda4107c48 100644 --- a/pkgs/development/libraries/libdnet/default.nix +++ b/pkgs/development/libraries/libdnet/default.nix @@ -12,8 +12,6 @@ stdenv.mkDerivation { buildInputs = [ automake autoconf libtool ]; - CFLAGS="-fPIC"; - # .so endings are missing (quick and dirty fix) postInstall = '' for i in $out/lib/*; do diff --git a/pkgs/development/libraries/libelf/default.nix b/pkgs/development/libraries/libelf/default.nix index 048902f4fc4..88bce7f8661 100644 --- a/pkgs/development/libraries/libelf/default.nix +++ b/pkgs/development/libraries/libelf/default.nix @@ -9,7 +9,7 @@ stdenv.mkDerivation (rec { }; doCheck = true; - + # For cross-compiling, native glibc is needed for the "gencat" program. crossAttrs = { nativeBuildInputs = [ glibc ]; diff --git a/pkgs/development/libraries/libf2c/default.nix b/pkgs/development/libraries/libf2c/default.nix index 3123bb33d45..8edc53cb7ee 100644 --- a/pkgs/development/libraries/libf2c/default.nix +++ b/pkgs/development/libraries/libf2c/default.nix @@ -2,7 +2,7 @@ stdenv.mkDerivation rec { name = "libf2c-20100903"; - + src = fetchurl { url = http://www.netlib.org/f2c/libf2c.zip; sha256 = "1mcp1lh7gay7hm186dr0wvwd2bc05xydhnc1qy3dqs4n3r102g7i"; @@ -24,6 +24,8 @@ stdenv.mkDerivation rec { buildInputs = [ unzip ]; + hardening_format = false; + meta = { description = "F2c converts Fortran 77 source code to C"; homepage = http://www.netlib.org/f2c/; diff --git a/pkgs/development/libraries/libgeotiff/default.nix b/pkgs/development/libraries/libgeotiff/default.nix index d07aae3ab80..4d9fa09ad75 100644 --- a/pkgs/development/libraries/libgeotiff/default.nix +++ b/pkgs/development/libraries/libgeotiff/default.nix @@ -10,6 +10,8 @@ stdenv.mkDerivation { buildInputs = [ libtiff ]; + hardening_format = false; + meta = { description = "Library implementing attempt to create a tiff based interchange format for georeferenced raster imagery"; homepage = http://www.remotesensing.org/geotiff/geotiff.html; diff --git a/pkgs/development/libraries/libgphoto2/default.nix b/pkgs/development/libraries/libgphoto2/default.nix index e25cdb61d86..682a42e2db9 100644 --- a/pkgs/development/libraries/libgphoto2/default.nix +++ b/pkgs/development/libraries/libgphoto2/default.nix @@ -14,6 +14,8 @@ stdenv.mkDerivation rec { # These are mentioned in the Requires line of libgphoto's pkg-config file. propagatedBuildInputs = [ libexif ]; + hardening_format = false; + meta = { homepage = http://www.gphoto.org/proj/libgphoto2/; description = "A library for accessing digital cameras"; diff --git a/pkgs/development/libraries/librsync/0.9.nix b/pkgs/development/libraries/librsync/0.9.nix index 76daf7d748b..d3dd293f975 100644 --- a/pkgs/development/libraries/librsync/0.9.nix +++ b/pkgs/development/libraries/librsync/0.9.nix @@ -1,13 +1,15 @@ -{stdenv, fetchurl}: +{ stdenv, fetchurl }: stdenv.mkDerivation { name = "librsync-0.9.7"; - + src = fetchurl { url = mirror://sourceforge/librsync/librsync-0.9.7.tar.gz; sha256 = "1mj1pj99mgf1a59q9f2mxjli2fzxpnf55233pc1klxk2arhf8cv6"; }; + hardening_format = false; + configureFlags = if stdenv.isCygwin then "--enable-static" else "--enable-shared"; crossAttrs = { diff --git a/pkgs/development/libraries/libunwind/default.nix b/pkgs/development/libraries/libunwind/default.nix index 3fc8b508559..86f0c50dd20 100644 --- a/pkgs/development/libraries/libunwind/default.nix +++ b/pkgs/development/libraries/libunwind/default.nix @@ -22,7 +22,6 @@ stdenv.mkDerivation rec { propagatedBuildInputs = [ xz ]; - NIX_CFLAGS_COMPILE = if stdenv.system == "x86_64-linux" then "-fPIC" else ""; preInstall = '' mkdir -p "$out/lib" touch "$out/lib/libunwind-generic.so" diff --git a/pkgs/development/libraries/libvisual/default.nix b/pkgs/development/libraries/libvisual/default.nix index dc2f0338b48..a9320f1af7b 100644 --- a/pkgs/development/libraries/libvisual/default.nix +++ b/pkgs/development/libraries/libvisual/default.nix @@ -10,6 +10,8 @@ stdenv.mkDerivation rec { buildInputs = [ pkgconfig glib ]; + hardening_format = false; + meta = { description = "An abstraction library for audio visualisations"; homepage = "http://sourceforge.net/projects/libvisual/"; diff --git a/pkgs/development/libraries/libyaml-cpp/default.nix b/pkgs/development/libraries/libyaml-cpp/default.nix index f56bf77abfe..1ba31a7a6d5 100644 --- a/pkgs/development/libraries/libyaml-cpp/default.nix +++ b/pkgs/development/libraries/libyaml-cpp/default.nix @@ -1,4 +1,4 @@ -{ stdenv, fetchurl, cmake, boost, makePIC ? false }: +{ stdenv, fetchurl, cmake, boost }: stdenv.mkDerivation { name = "libyaml-cpp-0.5.1"; @@ -10,8 +10,6 @@ stdenv.mkDerivation { buildInputs = [ cmake boost ]; - cmakeFlags = stdenv.lib.optionals makePIC [ "-DCMAKE_C_FLAGS=-fPIC" "-DCMAKE_CXX_FLAGS=-fPIC" ]; - meta = with stdenv.lib; { homepage = http://code.google.com/p/yaml-cpp/; description = "A YAML parser and emitter for C++"; diff --git a/pkgs/development/libraries/mp4v2/default.nix b/pkgs/development/libraries/mp4v2/default.nix index 06e8c8e5ac3..5281ab2c480 100644 --- a/pkgs/development/libraries/mp4v2/default.nix +++ b/pkgs/development/libraries/mp4v2/default.nix @@ -17,6 +17,8 @@ stdenv.mkDerivation rec { # `faac' expects `mp4.h'. postInstall = "ln -s mp4v2/mp4v2.h $out/include/mp4.h"; + hardening_format = false; + meta = { homepage = http://code.google.com/p/mp4v2; maintainers = [ stdenv.lib.maintainers.urkud ]; diff --git a/pkgs/development/libraries/nvidia-texture-tools/default.nix b/pkgs/development/libraries/nvidia-texture-tools/default.nix index 754ab4233e5..cd8268faa65 100644 --- a/pkgs/development/libraries/nvidia-texture-tools/default.nix +++ b/pkgs/development/libraries/nvidia-texture-tools/default.nix @@ -15,6 +15,8 @@ stdenv.mkDerivation rec { buildInputs = [ cmake libpng ilmbase libtiff zlib libjpeg mesa libX11 ]; + hardening_format = false; + patchPhase = '' # Fix build due to missing dependnecies. echo 'target_link_libraries(bc7 nvmath)' >> src/nvtt/bc7/CMakeLists.txt diff --git a/pkgs/development/libraries/opencascade/6.5.nix b/pkgs/development/libraries/opencascade/6.5.nix index 4228c285dfd..a1143757c77 100644 --- a/pkgs/development/libraries/opencascade/6.5.nix +++ b/pkgs/development/libraries/opencascade/6.5.nix @@ -26,6 +26,8 @@ stdenv.mkDerivation rec { # https://bugs.freedesktop.org/show_bug.cgi?id=83631 + " -DGLX_GLXEXT_LEGACY"; + hardening_format = false; + configureFlags = [ "--with-tcl=${tcl}/lib" "--with-tk=${tk}/lib" "--with-qt=${qt4}" "--with-ftgl=${ftgl}" "--with-freetype=${freetype}" ]; postInstall = '' diff --git a/pkgs/development/libraries/opencascade/default.nix b/pkgs/development/libraries/opencascade/default.nix index ec15d9d631e..bcf1b747180 100644 --- a/pkgs/development/libraries/opencascade/default.nix +++ b/pkgs/development/libraries/opencascade/default.nix @@ -17,6 +17,8 @@ stdenv.mkDerivation rec { # https://bugs.freedesktop.org/show_bug.cgi?id=83631 NIX_CFLAGS_COMPILE = "-DGLX_GLXEXT_LEGACY"; + hardening_format = false; + postInstall = '' mv $out/inc $out/include mkdir -p $out/share/doc/${name} diff --git a/pkgs/development/libraries/opencv/3.x.nix b/pkgs/development/libraries/opencv/3.x.nix index 4a58ae43bb7..16765083c55 100644 --- a/pkgs/development/libraries/opencv/3.x.nix +++ b/pkgs/development/libraries/opencv/3.x.nix @@ -49,6 +49,9 @@ stdenv.mkDerivation rec { enableParallelBuilding = true; + hardening_bindnow = false; + hardening_relro = false; + meta = { description = "Open Computer Vision Library with more than 500 algorithms"; homepage = http://opencv.org/; diff --git a/pkgs/development/libraries/opencv/default.nix b/pkgs/development/libraries/opencv/default.nix index 4ce1787dbac..d5904e742b6 100644 --- a/pkgs/development/libraries/opencv/default.nix +++ b/pkgs/development/libraries/opencv/default.nix @@ -20,6 +20,9 @@ stdenv.mkDerivation rec { enableParallelBuilding = true; + hardening_bindnow = false; + hardening_relro = false; + meta = { description = "Open Computer Vision Library with more than 500 algorithms"; homepage = http://opencv.org/; diff --git a/pkgs/development/libraries/phonon/qt5/default.nix b/pkgs/development/libraries/phonon/qt5/default.nix index fc07344d2d1..c7baeb2e340 100644 --- a/pkgs/development/libraries/phonon/qt5/default.nix +++ b/pkgs/development/libraries/phonon/qt5/default.nix @@ -20,8 +20,6 @@ stdenv.mkDerivation rec { nativeBuildInputs = [ cmake pkgconfig ]; - NIX_CFLAGS_COMPILE = "-fPIC"; - cmakeFlags = [ "-DCMAKE_BUILD_TYPE=${if debug then "Debug" else "Release"}" "-DPHONON_BUILD_PHONON4QT5=ON" diff --git a/pkgs/development/libraries/plib/default.nix b/pkgs/development/libraries/plib/default.nix index ff60e62cad3..dc75a407e92 100644 --- a/pkgs/development/libraries/plib/default.nix +++ b/pkgs/development/libraries/plib/default.nix @@ -1,6 +1,5 @@ { fetchurl, stdenv, mesa, freeglut, SDL -, libXi, libSM, libXmu, libXext, libX11, -enablePIC ? false }: +, libXi, libSM, libXmu, libXext, libX11 }: stdenv.mkDerivation rec { name = "plib-1.8.5"; @@ -13,8 +12,6 @@ stdenv.mkDerivation rec { patches = [ ./CVE-2012-4552.patch ]; - NIX_CFLAGS_COMPILE = if enablePIC then "-fPIC" else ""; - propagatedBuildInputs = [ mesa freeglut SDL diff --git a/pkgs/development/libraries/portmidi/default.nix b/pkgs/development/libraries/portmidi/default.nix index 518eeee9253..4b55cffe94f 100644 --- a/pkgs/development/libraries/portmidi/default.nix +++ b/pkgs/development/libraries/portmidi/default.nix @@ -46,6 +46,8 @@ stdenv.mkDerivation rec { buildInputs = [ unzip cmake /*jdk*/ alsaLib ]; + hardening_format = false; + meta = { homepage = "http://portmedia.sourceforge.net/portmidi/"; description = "Platform independent library for MIDI I/O"; diff --git a/pkgs/development/libraries/pupnp/default.nix b/pkgs/development/libraries/pupnp/default.nix index c5e26c1dfad..22dbef1bac2 100644 --- a/pkgs/development/libraries/pupnp/default.nix +++ b/pkgs/development/libraries/pupnp/default.nix @@ -8,6 +8,8 @@ stdenv.mkDerivation rec { sha256 = "0amjv4lypvclmi4vim2qdyw5xa6v4x50zjgf682vahqjc0wjn55k"; }; + hardening_fortify = false; + meta = { description = "libupnp, an open source UPnP development kit for Linux"; diff --git a/pkgs/development/libraries/qhull/default.nix b/pkgs/development/libraries/qhull/default.nix index 76ceb12b401..e8a67d3bc42 100644 --- a/pkgs/development/libraries/qhull/default.nix +++ b/pkgs/development/libraries/qhull/default.nix @@ -12,6 +12,8 @@ stdenv.mkDerivation rec { cmakeFlags = "-DMAN_INSTALL_DIR=share/man/man1 -DDOC_INSTALL_DIR=share/doc/qhull"; + hardening_format = false; + meta = { homepage = http://www.qhull.org/; description = "Computes the convex hull, Delaunay triangulation, Voronoi diagram and more"; diff --git a/pkgs/development/libraries/qt-3/default.nix b/pkgs/development/libraries/qt-3/default.nix index 08d8f141deb..8a11cc7087b 100644 --- a/pkgs/development/libraries/qt-3/default.nix +++ b/pkgs/development/libraries/qt-3/default.nix @@ -32,6 +32,8 @@ stdenv.mkDerivation { nativeBuildInputs = [ which ]; propagatedBuildInputs = [libpng xlibsWrapper libXft libXrender zlib libjpeg]; + hardening_format = false; + configureFlags = " -v -system-zlib -system-libpng -system-libjpeg diff --git a/pkgs/development/libraries/qtscriptgenerator/default.nix b/pkgs/development/libraries/qtscriptgenerator/default.nix index b8ed81de487..de87c6b73c6 100644 --- a/pkgs/development/libraries/qtscriptgenerator/default.nix +++ b/pkgs/development/libraries/qtscriptgenerator/default.nix @@ -9,13 +9,13 @@ stdenv.mkDerivation { buildInputs = [ qt4 ]; patches = [ ./qtscriptgenerator.gcc-4.4.patch ./qt-4.8.patch ]; - + # Why isn't the author providing proper Makefile or a CMakeLists.txt ? buildPhase = '' # remove phonon stuff which causes errors (thanks to Gentoo bug reports) sed -i "/typesystem_phonon.xml/d" generator/generator.qrc - sed -i "/qtscript_phonon/d" qtbindings/qtbindings.pro - + sed -i "/qtscript_phonon/d" qtbindings/qtbindings.pro + cd generator qmake make @@ -25,13 +25,15 @@ stdenv.mkDerivation { qmake make ''; - + installPhase = '' cd .. mkdir -p $out/lib/qt4/plugins/script cp -av plugins/script/* $out/lib/qt4/plugins/script ''; + hardening_format = false; + meta = { description = "QtScript bindings generator"; homepage = http://code.google.com/p/qtscriptgenerator/; diff --git a/pkgs/development/libraries/science/math/atlas/default.nix b/pkgs/development/libraries/science/math/atlas/default.nix index 1fa48ffea91..9779af6addc 100644 --- a/pkgs/development/libraries/science/math/atlas/default.nix +++ b/pkgs/development/libraries/science/math/atlas/default.nix @@ -73,14 +73,10 @@ stdenv.mkDerivation { configureScript=../configure ''; - # * -fPIC is passed even in non-shared builds so that the ATLAS code can be - # used to inside of shared libraries, like Octave does. - # # * -t 0 disables use of multi-threading. It's not quite clear what the # consequences of that setting are and whether it's necessary or not. configureFlags = [ "-Fa alg" - "-fPIC" "-t ${threads}" cpuConfig ] ++ optional shared "--shared" diff --git a/pkgs/development/libraries/science/math/suitesparse/default.nix b/pkgs/development/libraries/science/math/suitesparse/default.nix index e32b8b34426..b4b9a6970ff 100644 --- a/pkgs/development/libraries/science/math/suitesparse/default.nix +++ b/pkgs/development/libraries/science/math/suitesparse/default.nix @@ -33,8 +33,6 @@ stdenv.mkDerivation { "LAPACK=" ]; - NIX_CFLAGS = "-fPIC"; - postInstall = '' # Build and install shared library ( diff --git a/pkgs/development/libraries/smpeg/default.nix b/pkgs/development/libraries/smpeg/default.nix index c2473ae2c5d..49d889f8b6a 100644 --- a/pkgs/development/libraries/smpeg/default.nix +++ b/pkgs/development/libraries/smpeg/default.nix @@ -12,6 +12,8 @@ stdenv.mkDerivation rec { enableParallelBuilding = true; + hardening_format = false; + buildInputs = [ SDL gtk mesa ]; nativeBuildInputs = [ autoconf automake libtool m4 pkgconfig makeWrapper ]; diff --git a/pkgs/development/libraries/speechd/default.nix b/pkgs/development/libraries/speechd/default.nix index 5104532ea91..d94b4159e93 100644 --- a/pkgs/development/libraries/speechd/default.nix +++ b/pkgs/development/libraries/speechd/default.nix @@ -11,6 +11,8 @@ stdenv.mkDerivation rec { buildInputs = [ dotconf glib pkgconfig ]; + hardening_format = false; + meta = { description = "Common interface to speech synthesis"; diff --git a/pkgs/development/libraries/tidyp/default.nix b/pkgs/development/libraries/tidyp/default.nix index fee74f3d6f9..818029dbb24 100644 --- a/pkgs/development/libraries/tidyp/default.nix +++ b/pkgs/development/libraries/tidyp/default.nix @@ -8,6 +8,8 @@ stdenv.mkDerivation rec { sha256 = "0f5ky0ih4vap9c6j312jn73vn8m2bj69pl2yd3a5nmv35k9zmc10"; }; + hardening_format = false; + meta = with stdenv.lib; { description = "A program that can validate your HTML, as well as modify it to be more clean and standard"; homepage = http://tidyp.com/; diff --git a/pkgs/development/libraries/vxl/default.nix b/pkgs/development/libraries/vxl/default.nix index e181ade4d6c..b9f3c0e64d6 100644 --- a/pkgs/development/libraries/vxl/default.nix +++ b/pkgs/development/libraries/vxl/default.nix @@ -1,10 +1,12 @@ -{ stdenv, fetchurl, unzip, cmake, libtiff, expat, zlib, libpng, libjpeg }: +{ stdenv, fetchFromGitHub, unzip, cmake, libtiff, expat, zlib, libpng, libjpeg }: stdenv.mkDerivation { - name = "vxl-1.17.0"; + name = "vxl-1.17.0-nix1"; - src = fetchurl { - url = mirror://sourceforge/vxl/vxl-1.17.0.zip; - sha256 = "1qg7i8h201pa8jljg7vph4rlxk6n5cj9f9gd1hkkmbw6fh44lsxh"; + src = fetchFromGitHub { + owner = "vxl"; + repo = "vxl"; + rev = "777c0beb7c8b30117400f6fc9a6d63bf8cb7c67a"; + sha256 = "0xpkwwb93ka6c3da8zjhfg9jk5ssmh9ifdh1by54sz6c7mbp55m8"; }; buildInputs = [ cmake unzip libtiff expat zlib libpng libjpeg ]; diff --git a/pkgs/development/libraries/zlib/default.nix b/pkgs/development/libraries/zlib/default.nix index 7a6f480215c..93474d14344 100644 --- a/pkgs/development/libraries/zlib/default.nix +++ b/pkgs/development/libraries/zlib/default.nix @@ -31,8 +31,7 @@ stdenv.mkDerivation (rec { # As zlib takes part in the stdenv building, we don't want references # to the bootstrap-tools libgcc (as uses to happen on arm/mips) - NIX_CFLAGS_COMPILE = stdenv.lib.optionalString (!stdenv.isDarwin) "-static-libgcc " - + stdenv.lib.optionalString (stdenv.isFreeBSD) "-fPIC"; + NIX_CFLAGS_COMPILE = stdenv.lib.optionalString (!stdenv.isDarwin) "-static-libgcc"; crossAttrs = { dontStrip = static; |