commit 0e762cdc0e6ad200239b003ed38f26de1de35b5d · pyrox.dev/nixpkgs

+2 -2

pkgs/development/interpreters/python/cpython/3.6/default.nix

··· 27 27 28 28 let 29 29 majorVersion = "3.6"; 30 - minorVersion = "3"; 30 + minorVersion = "4"; 31 31 minorVersionSuffix = ""; 32 32 pythonVersion = majorVersion; 33 33 version = "${majorVersion}.${minorVersion}${minorVersionSuffix}"; ··· 48 48 49 49 src = fetchurl { 50 50 url = "https://www.python.org/ftp/python/${majorVersion}.${minorVersion}/Python-${version}.tar.xz"; 51 - sha256 = "1nl1raaagr4car787a2hmjv2dw6gqny53xfd6wisbgx4r5kxk9yd"; 51 + sha256 = "1fna7g8jxzl4kd2pqmmqhva5724c5m920x3fsrpsgskaylmr76qm"; 52 52 }; 53 53 54 54 NIX_LDFLAGS = optionalString stdenv.isLinux "-lgcc_s";

+21 -12

pkgs/development/libraries/kerberos/krb5.nix

··· 19 19 sha256 = "0zn8s7anb10hw3nzwjz7vg10fgmmgvwnibn2zrn3nppjxn9f6f8n"; 20 20 }; 21 21 22 + outputs = [ "out" "dev" ]; 23 + 22 24 configureFlags = [ "--with-tcl=no" "--localstatedir=/var/lib"] 23 25 ++ optional stdenv.isFreeBSD ''WARN_CFLAGS=""''; 24 26 25 - nativeBuildInputs = [ pkgconfig perl yacc ] 27 + nativeBuildInputs = [ pkgconfig perl ] 28 + ++ optional (!libOnly) yacc 26 29 # Provides the mig command used by the build scripts 27 30 ++ optional stdenv.isDarwin bootstrap_cmds; 28 31 buildInputs = [ openssl ] ··· 31 34 preConfigure = "cd ./src"; 32 35 33 36 buildPhase = optionalString libOnly '' 34 - (cd util; make -j $NIX_BUILD_CORES) 35 - (cd include; make -j $NIX_BUILD_CORES) 36 - (cd lib; make -j $NIX_BUILD_CORES) 37 - (cd build-tools; make -j $NIX_BUILD_CORES) 37 + MAKE="make -j $NIX_BUILD_CORES -l $NIX_BUILD_CORES" 38 + (cd util; $MAKE) 39 + (cd include; $MAKE) 40 + (cd lib; $MAKE) 41 + (cd build-tools; $MAKE) 38 42 ''; 39 43 40 44 installPhase = optionalString libOnly '' 41 - mkdir -p $out/{bin,include/{gssapi,gssrpc,kadm5,krb5},lib/pkgconfig,sbin,share/{et,man/man1}} 42 - (cd util; make -j $NIX_BUILD_CORES install) 43 - (cd include; make -j $NIX_BUILD_CORES install) 44 - (cd lib; make -j $NIX_BUILD_CORES install) 45 - (cd build-tools; make -j $NIX_BUILD_CORES install) 46 - rm -rf $out/{sbin,share} 47 - find $out/bin -type f | grep -v 'krb5-config' | xargs rm 45 + mkdir -p "$out"/{bin,sbin,lib/pkgconfig,share/{et,man/man1}} \ 46 + "$dev"/include/{gssapi,gssrpc,kadm5,krb5} 47 + (cd util; $MAKE install) 48 + (cd include; $MAKE install) 49 + (cd lib; $MAKE install) 50 + (cd build-tools; $MAKE install) 51 + ${postInstall} 52 + ''; 53 + 54 + # not via outputBin, due to reference from libkrb5.so 55 + postInstall = '' 56 + moveToOutput bin "$dev" 48 57 ''; 49 58 50 59 enableParallelBuilding = true;

+3 -1

pkgs/development/libraries/qt-5/modules/qttools.nix

··· 1 - { qtModule, lib, qtbase }: 1 + { qtModule, stdenv, lib, qtbase }: 2 2 3 3 with lib; 4 4 ··· 28 28 "bin/qhelpgenerator" 29 29 "bin/qtplugininfo" 30 30 "bin/qthelpconverter" 31 + ] ++ optionals stdenv.isDarwin [ 32 + "bin/macdeployqt" 31 33 ]; 32 34 33 35 setupHook = ../hooks/qttools-setup-hook.sh;

+1 -1

pkgs/development/libraries/serf/default.nix

··· 28 28 APU="$(echo "${aprutil.dev}"/bin/*-config)" CC="${ 29 29 if stdenv.cc.isClang then "clang" else "${stdenv.cc}/bin/gcc" 30 30 }" ${ 31 - if (stdenv.isDarwin || stdenv.isCygwin) then "" else "GSSAPI=\"${kerberos}\"" 31 + if (stdenv.isDarwin || stdenv.isCygwin) then "" else "GSSAPI=\"${kerberos.dev}\"" 32 32 } 33 33 ''; 34 34

+7 -1

pkgs/development/python-modules/gssapi/default.nix

··· 11 11 sha256 = "1q6ccpz6anl9vggwxdq32wp6xjh2lyfbf7av6jqnmvmyqdfwh3b9"; 12 12 }; 13 13 14 - LD_LIBRARY_PATH="${pkgs.krb5Full}/lib"; 14 + # It's used to locate headers 15 + postPatch = '' 16 + substituteInPlace setup.py \ 17 + --replace "get_output('krb5-config gssapi --prefix')" "'${lib.getDev krb5Full}'" 18 + ''; 19 + 20 + LD_LIBRARY_PATH = "${pkgs.krb5Full}/lib"; 15 21 16 22 buildInputs = [ krb5Full which nose shouldbe ] 17 23 ++ ( if stdenv.isDarwin then [ darwin.apple_sdk.frameworks.GSS ] else [ gss ] );

+8 -1

pkgs/os-specific/linux/nfs-utils/default.nix

··· 1 1 { stdenv, fetchurl, lib, pkgconfig, utillinux, libcap, libtirpc, libevent, libnfsidmap 2 2 , sqlite, kerberos, kmod, libuuid, keyutils, lvm2, systemd, coreutils, tcp_wrappers 3 + , buildEnv 3 4 }: 4 5 5 6 let 6 7 statdPath = lib.makeBinPath [ systemd utillinux coreutils ]; 8 + 9 + # Not nice; feel free to find a nicer solution. 10 + kerberosEnv = buildEnv { 11 + name = "kerberos-env-${kerberos.version}"; 12 + paths = with lib; [ (getDev kerberos) (getLib kerberos) ]; 13 + }; 7 14 8 15 in stdenv.mkDerivation rec { 9 16 name = "nfs-utils-${version}"; ··· 26 33 configureFlags = 27 34 [ "--enable-gss" 28 35 "--with-statedir=/var/lib/nfs" 29 - "--with-krb5=${kerberos}" 36 + "--with-krb5=${kerberosEnv}" 30 37 "--with-systemd=$(out)/etc/systemd/system" 31 38 "--enable-libmount-mount" 32 39 ]

+1 -1

pkgs/servers/openafs-client/default.nix

··· 50 50 ./regen.sh 51 51 52 52 ${stdenv.lib.optionalString (kerberos != null) 53 - "export KRB5_CONFIG=${kerberos}/bin/krb5-config"} 53 + "export KRB5_CONFIG=${kerberos.dev}/bin/krb5-config"} 54 54 55 55 configureFlagsArray=( 56 56 "--with-linux-kernel-build=$TMP/linux"

+5 -2

pkgs/stdenv/darwin/make-bootstrap-tools.nix

··· 15 15 # Avoid debugging larger changes for now. 16 16 bzip2_ = bzip2.override (args: { linkStatic = true; }); 17 17 18 + # Avoid messing with libkrb5. 19 + curl_ = curl.override (args: { gssSupport = false; }); 20 + 18 21 build = stdenv.mkDerivation { 19 22 name = "stdenv-bootstrap-tools"; 20 23 ··· 60 63 61 64 # This used to be in-nixpkgs, but now is in the bundle 62 65 # because I can't be bothered to make it partially static 63 - cp ${curl.bin}/bin/curl $out/bin 64 - cp -d ${curl.out}/lib/libcurl*.dylib $out/lib 66 + cp ${curl_.bin}/bin/curl $out/bin 67 + cp -d ${curl_.out}/lib/libcurl*.dylib $out/lib 65 68 cp -d ${libssh2.out}/lib/libssh*.dylib $out/lib 66 69 cp -d ${openssl.out}/lib/*.dylib $out/lib 67 70

-35

pkgs/tools/archivers/gnutar/CVE-2016-6321.patch

··· 1 - commit 7340f67b9860ea0531c1450e5aa261c50f67165d 2 - Author: Paul Eggert <eggert@Penguin.CS.UCLA.EDU> 3 - Date: Sat Oct 29 21:04:40 2016 -0700 4 - 5 - When extracting, skip ".." members 6 - 7 - * NEWS: Document this. 8 - * src/extract.c (extract_archive): Skip members whose names 9 - contain "..". 10 - 11 - diff --git a/src/extract.c b/src/extract.c 12 - index f982433..7904148 100644 13 - --- a/src/extract.c 14 - +++ b/src/extract.c 15 - @@ -1629,12 +1629,20 @@ extract_archive (void) 16 - { 17 - char typeflag; 18 - tar_extractor_t fun; 19 - + bool skip_dotdot_name; 20 - 21 - fatal_exit_hook = extract_finish; 22 - 23 - set_next_block_after (current_header); 24 - 25 - + skip_dotdot_name = (!absolute_names_option 26 - + && contains_dot_dot (current_stat_info.orig_file_name)); 27 - + if (skip_dotdot_name) 28 - + ERROR ((0, 0, _("%s: Member name contains '..'"), 29 - + quotearg_colon (current_stat_info.orig_file_name))); 30 - + 31 - if (!current_stat_info.file_name[0] 32 - + || skip_dotdot_name 33 - || (interactive_option 34 - && !confirm ("extract", current_stat_info.file_name))) 35 - {

+2 -4

pkgs/tools/archivers/gnutar/default.nix

··· 2 2 3 3 stdenv.mkDerivation rec { 4 4 name = "gnutar-${version}"; 5 - version = "1.29"; 5 + version = "1.30"; 6 6 7 7 src = fetchurl { 8 8 url = "mirror://gnu/tar/tar-${version}.tar.xz"; 9 - sha256 = "097hx7sbzp8qirl4m930lw84kn0wmxhmq7v1qpra3mrg0b8cyba0"; 9 + sha256 = "1lyjyk8z8hdddsxw0ikchrsfg3i0x3fsh7l63a8jgaz1n7dr5gzi"; 10 10 }; 11 - 12 - patches = [ ./CVE-2016-6321.patch ]; 13 11 14 12 # avoid retaining reference to CF during stdenv bootstrap 15 13 configureFlags = stdenv.lib.optionals stdenv.isDarwin [

+4 -3

pkgs/tools/networking/curl/default.nix

··· 6 6 , sslSupport ? false, openssl ? null 7 7 , gnutlsSupport ? false, gnutls ? null 8 8 , scpSupport ? false, libssh2 ? null 9 - , gssSupport ? false, gss ? null 9 + , gssSupport ? false, kerberos ? null 10 10 , c-aresSupport ? false, c-ares ? null 11 11 , brotliSupport ? false, brotli ? null 12 12 }: ··· 21 21 assert scpSupport -> libssh2 != null; 22 22 assert c-aresSupport -> c-ares != null; 23 23 assert brotliSupport -> brotli != null; 24 + assert gssSupport -> kerberos != null; 24 25 25 26 stdenv.mkDerivation rec { 26 27 name = "curl-7.57.0"; ··· 45 46 optional idnSupport libidn ++ 46 47 optional ldapSupport openldap ++ 47 48 optional zlibSupport zlib ++ 48 - optional gssSupport gss ++ 49 + optional gssSupport kerberos ++ 49 50 optional c-aresSupport c-ares ++ 50 51 optional sslSupport openssl ++ 51 52 optional gnutlsSupport gnutls ++ ··· 70 71 ( if brotliSupport then "--with-brotli" else "--without-brotli" ) 71 72 ] 72 73 ++ stdenv.lib.optional c-aresSupport "--enable-ares=${c-ares}" 73 - ++ stdenv.lib.optional gssSupport "--with-gssapi=${gss}"; 74 + ++ stdenv.lib.optional gssSupport "--with-gssapi=${kerberos.dev}"; 74 75 75 76 CXX = "c++"; 76 77 CXXCPP = "c++ -E";

+9 -2

pkgs/top-level/all-packages.nix

··· 184 184 185 185 # `fetchurl' downloads a file from the network. 186 186 fetchurl = import ../build-support/fetchurl { 187 - inherit curl stdenv; 187 + inherit stdenv; 188 + # On darwin, libkrb5 needs bootstrap_cmds which would require 189 + # converting many packages to fetchurl_boot to avoid evaluation cycles. 190 + curl = curl.override (lib.optionalAttrs stdenv.isDarwin { gssSupport = false; }); 188 191 }; 189 192 190 193 fetchRepoProject = callPackage ../build-support/fetchrepoproject { }; ··· 1685 1688 zlibSupport = true; 1686 1689 sslSupport = zlibSupport; 1687 1690 scpSupport = zlibSupport && !stdenv.isSunOS && !stdenv.isCygwin; 1691 + gssSupport = true; 1688 1692 }; 1689 1693 1690 1694 curl_unix_socket = callPackage ../tools/networking/curl-unix-socket rec { }; ··· 8989 8993 krb5Full = callPackage ../development/libraries/kerberos/krb5.nix { 8990 8994 inherit (darwin) bootstrap_cmds; 8991 8995 }; 8992 - libkrb5 = krb5Full.override { type = "lib"; }; 8996 + libkrb5 = krb5Full.override { 8997 + fetchurl = fetchurlBoot; 8998 + type = "lib"; 8999 + }; 8993 9000 8994 9001 languageMachines = recurseIntoAttrs (import ../development/libraries/languagemachines/packages.nix { inherit callPackage; }); 8995 9002