pyrox.dev / nixpkgs
lol
fork atom
nixpkgs / pkgs / development / libraries / avahi / default.nix
at master 247 lines 7.9 kB view raw
1{ 2 fetchurl, 3 fetchpatch, 4 lib, 5 config, 6 stdenv, 7 pkg-config, 8 libdaemon, 9 dbus, 10 libpcap, 11 expat, 12 gettext, 13 glib, 14 autoreconfHook, 15 libiconv, 16 libevent, 17 nixosTests, 18 gtk3Support ? false, 19 gtk3, 20 qt5, 21 qt5Support ? false, 22 withLibdnssdCompat ? false, 23 python ? null, 24 withPython ? false, 25}: 26 27stdenv.mkDerivation rec { 28 pname = "avahi${lib.optionalString withLibdnssdCompat "-compat"}"; 29 version = "0.8"; 30 31 src = fetchurl { 32 url = "https://github.com/lathiat/avahi/releases/download/v${version}/avahi-${version}.tar.gz"; 33 sha256 = "1npdixwxxn3s9q1f365x9n9rc5xgfz39hxf23faqvlrklgbhj0q6"; 34 }; 35 36 outputs = [ 37 "out" 38 "dev" 39 "man" 40 ]; 41 42 patches = [ 43 # CVE-2021-36217 / CVE-2021-3502 44 (fetchpatch { 45 name = "CVE-2021-3502.patch"; 46 url = "https://github.com/lathiat/avahi/commit/9d31939e55280a733d930b15ac9e4dda4497680c.patch"; 47 sha256 = "sha256-BXWmrLWUvDxKPoIPRFBpMS3T4gijRw0J+rndp6iDybU="; 48 }) 49 # CVE-2021-3468 50 (fetchpatch { 51 name = "CVE-2021-3468.patch"; 52 url = "https://github.com/lathiat/avahi/commit/447affe29991ee99c6b9732fc5f2c1048a611d3b.patch"; 53 sha256 = "sha256-qWaCU1ZkCg2PmijNto7t8E3pYRN/36/9FrG8okd6Gu8="; 54 }) 55 (fetchpatch { 56 name = "CVE-2023-1981.patch"; 57 url = "https://github.com/lathiat/avahi/commit/a2696da2f2c50ac43b6c4903f72290d5c3fa9f6f.patch"; 58 sha256 = "sha256-BEYFGCnQngp+OpiKIY/oaKygX7isAnxJpUPCUvg+efc="; 59 }) 60 # CVE-2023-38470 61 # https://github.com/lathiat/avahi/pull/457 merged Sep 19 62 (fetchpatch { 63 name = "CVE-2023-38470.patch"; 64 url = "https://github.com/lathiat/avahi/commit/94cb6489114636940ac683515417990b55b5d66c.patch"; 65 sha256 = "sha256-Fanh9bvz+uknr5pAmltqijuUAZIG39JR2Lyq5zGKJ58="; 66 }) 67 # https://github.com/avahi/avahi/pull/480 merged Sept 19 68 (fetchpatch { 69 name = "bail-out-unless-escaped-labels-fit.patch"; 70 url = "https://github.com/avahi/avahi/commit/20dec84b2480821704258bc908e7b2bd2e883b24.patch"; 71 sha256 = "sha256-p/dOuQ/GInIcUwuFhQR3mGc5YBL5J8ho+1gvzcqEN0c="; 72 }) 73 # CVE-2023-38473 74 # https://github.com/lathiat/avahi/pull/486 merged Oct 18 75 (fetchpatch { 76 name = "CVE-2023-38473.patch"; 77 url = "https://github.com/lathiat/avahi/commit/b448c9f771bada14ae8de175695a9729f8646797.patch"; 78 sha256 = "sha256-/ZVhsBkf70vjDWWG5KXxvGXIpLOZUXdRkn3413iSlnI="; 79 }) 80 # CVE-2023-38472 81 # https://github.com/lathiat/avahi/pull/490 merged Oct 19 82 (fetchpatch { 83 name = "CVE-2023-38472.patch"; 84 url = "https://github.com/lathiat/avahi/commit/b024ae5749f4aeba03478e6391687c3c9c8dee40.patch"; 85 sha256 = "sha256-FjR8fmhevgdxR9JQ5iBLFXK0ILp2OZQ8Oo9IKjefCqk="; 86 }) 87 # CVE-2023-38471 88 # https://github.com/lathiat/avahi/pull/494 merged Oct 24 89 (fetchpatch { 90 name = "CVE-2023-38471.patch"; 91 url = "https://github.com/lathiat/avahi/commit/894f085f402e023a98cbb6f5a3d117bd88d93b09.patch"; 92 sha256 = "sha256-4dG+5ZHDa+A4/CszYS8uXWlpmA89m7/jhbZ7rheMs7U="; 93 }) 94 # https://github.com/lathiat/avahi/pull/499 merged Oct 25 95 (fetchpatch { 96 name = "CVE-2023-38471-2.patch"; 97 url = "https://github.com/avahi/avahi/commit/b675f70739f404342f7f78635d6e2dcd85a13460.patch"; 98 sha256 = "sha256-uDtMPWuz1lsu7n0Co/Gpyh369miQ6GWGyC0UPQB/yI8="; 99 }) 100 # CVE-2023-38469 101 # https://github.com/lathiat/avahi/pull/500 merged Oct 25 102 (fetchpatch { 103 name = "CVE-2023-38469.patch"; 104 url = "https://github.com/avahi/avahi/commit/61b9874ff91dd20a12483db07df29fe7f35db77f.patch"; 105 sha256 = "sha256-qR7scfQqhRGxg2n4HQsxVxCLkXbwZi+PlYxrOSEPsL0="; 106 excludes = [ ".github/workflows/smoke-tests.sh" ]; 107 }) 108 # https://github.com/avahi/avahi/pull/515 merged Nov 3 109 (fetchpatch { 110 name = "fix-compare-rrs-with-zero-length-rdata.patch"; 111 url = "https://github.com/avahi/avahi/commit/177d75e8c43be45a8383d794ce4084dd5d600a9e.patch"; 112 sha256 = "sha256-uwIyruAWgiWt0yakRrvMdYjjhEhUk5cIGKt6twyXbHw="; 113 }) 114 # https://github.com/avahi/avahi/pull/519 merged Nov 8 115 (fetchpatch { 116 name = "reject-non-utf-8-service-names.patch"; 117 url = "https://github.com/avahi/avahi/commit/2b6d3e99579e3b6e9619708fad8ad8e07ada8218.patch"; 118 sha256 = "sha256-lwSA3eEQgH0g51r0i9/HJMJPRXrhQnTIEDxcYqUuLdI="; 119 excludes = [ "fuzz/fuzz-domain.c" ]; 120 }) 121 # https://github.com/avahi/avahi/pull/523 merged Nov 12 122 (fetchpatch { 123 name = "core-no-longer-supply-bogus-services-to-callbacks.patch"; 124 url = "https://github.com/avahi/avahi/commit/93b14365c1c1e04efd1a890e8caa01a2a514bfd8.patch"; 125 sha256 = "sha256-VBm8vsBZkTbbWAK8FI71SL89lZuYd1yFNoB5o+FvlEU="; 126 excludes = [ 127 ".github/workflows/smoke-tests.sh" 128 "fuzz/fuzz-packet.c" 129 ]; 130 }) 131 # https://github.com/avahi/avahi/pull/659 merged Nov 19 132 (fetchpatch { 133 name = "CVE-2024-52616.patch"; 134 url = "https://github.com/avahi/avahi/commit/f8710bdc8b29ee1176fe3bfaeabebbda1b7a79f7.patch"; 135 hash = "sha256-BUQOQ4evKLBzV5UV8xW8XL38qk1rg6MJ/vcT5NBckfA="; 136 }) 137 # https://github.com/avahi/avahi/pull/265 merged Mar 3, 2020 138 (fetchpatch { 139 name = "fix-requires-in-pc-file.patch"; 140 url = "https://github.com/avahi/avahi/commit/366e3798bdbd6b7bf24e59379f4a9a51af575ce9.patch"; 141 hash = "sha256-9AdhtzrimmcpMmeyiFcjmDfG5nqr/S8cxWTaM1mzCWA="; 142 }) 143 ]; 144 145 depsBuildBuild = [ 146 pkg-config 147 ]; 148 149 nativeBuildInputs = [ 150 pkg-config 151 gettext 152 glib 153 autoreconfHook 154 ]; 155 156 buildInputs = [ 157 libdaemon 158 dbus 159 glib 160 expat 161 libiconv 162 libevent 163 ] 164 ++ lib.optionals stdenv.hostPlatform.isFreeBSD [ 165 libpcap 166 ] 167 ++ lib.optionals gtk3Support [ 168 gtk3 169 ] 170 ++ lib.optionals qt5Support [ 171 qt5 172 ]; 173 174 propagatedBuildInputs = lib.optionals withPython ( 175 with python.pkgs; 176 [ 177 python 178 pygobject3 179 dbus-python 180 ] 181 ); 182 183 configureFlags = [ 184 "--disable-gdbm" 185 "--disable-mono" 186 # Use non-deprecated path https://github.com/lathiat/avahi/pull/376 187 "--with-dbus-sys=${placeholder "out"}/share/dbus-1/system.d" 188 (lib.enableFeature gtk3Support "gtk3") 189 (lib.enableFeature qt5Support "qt5") 190 (lib.enableFeature withPython "python") 191 "--localstatedir=/var" 192 "--runstatedir=/run" 193 "--sysconfdir=/etc" 194 "--with-distro=${with stdenv.hostPlatform; if isBSD then parsed.kernel.name else "none"}" 195 # A systemd unit is provided by the avahi-daemon NixOS module 196 "--with-systemdsystemunitdir=no" 197 ] 198 ++ lib.optionals withLibdnssdCompat [ 199 "--enable-compat-libdns_sd" 200 ] 201 ++ lib.optionals stdenv.hostPlatform.isDarwin [ 202 # autoipd won't build on darwin 203 "--disable-autoipd" 204 ]; 205 206 installFlags = [ 207 # Override directories to install into the package. 208 # Replace with runstatedir once is merged https://github.com/lathiat/avahi/pull/377 209 "avahi_runtime_dir=${placeholder "out"}/run" 210 "sysconfdir=${placeholder "out"}/etc" 211 ]; 212 213 preBuild = lib.optionalString stdenv.hostPlatform.isDarwin '' 214 sed -i '20 i\ 215 #define __APPLE_USE_RFC_2292' \ 216 avahi-core/socket.c 217 ''; 218 219 postInstall = 220 # Maintain compat for mdnsresponder 221 lib.optionalString withLibdnssdCompat '' 222 ln -s avahi-compat-libdns_sd/dns_sd.h "$dev/include/dns_sd.h" 223 ''; 224 225 passthru.tests = { 226 smoke-test = nixosTests.avahi; 227 smoke-test-resolved = nixosTests.avahi-with-resolved; 228 }; 229 230 meta = with lib; { 231 description = "mDNS/DNS-SD implementation"; 232 homepage = "http://avahi.org"; 233 license = licenses.lgpl2Plus; 234 platforms = platforms.unix; 235 maintainers = with maintainers; [ 236 lovek323 237 globin 238 ]; 239 240 longDescription = '' 241 Avahi is a system which facilitates service discovery on a local 242 network. It is an implementation of the mDNS (for "Multicast 243 DNS") and DNS-SD (for "DNS-Based Service Discovery") 244 protocols. 245 ''; 246 }; 247}