pyrox.dev / nixpkgs
lol
fork atom

Merge pull request #41192 from oxij/tree/hardening-unformat

remove some format hardenings

authored by

Peter Simons and committed by
GitHub 5418dfcd 89c20aa4

+23 -8
unified split
+2
pkgs/development/compilers/ghc/8.0.2.nix
··· 162 162 # that in turn causes GHCi to abort 163 163 stripDebugFlags = [ "-S" ] ++ stdenv.lib.optional (!targetPlatform.isDarwin) "--keep-file-symbols"; 164 164 165 + hardeningDisable = [ "format" ]; 166 + 165 167 postInstall = '' 166 168 for bin in "$out"/lib/${name}/bin/*; do 167 169 isELF "$bin" || continue
+2
pkgs/development/compilers/ghc/8.4.2.nix
··· 172 172 173 173 checkTarget = "test"; 174 174 175 + hardeningDisable = [ "format" ]; 176 + 175 177 postInstall = '' 176 178 for bin in "$out"/lib/${name}/bin/*; do 177 179 isELF "$bin" || continue
+6
pkgs/development/libraries/a52dec/default.nix
··· 8 8 sha256 = "0czccp4fcpf2ykp16xcrzdfmnircz1ynhls334q374xknd5747d2"; 9 9 }; 10 10 11 + # fails 1 out of 1 tests with "BAD GLOBAL SYMBOLS" on i686 12 + # which can also be fixed with 13 + # hardeningDisable = stdenv.lib.optional stdenv.isi686 "pic"; 14 + # but it's better to disable tests than loose ASLR on i686 15 + doCheck = !stdenv.isi686; 16 + 11 17 meta = { 12 18 description = "ATSC A/52 stream decoder"; 13 19 homepage = http://liba52.sourceforge.net/;
+5 -4
pkgs/development/libraries/enchant/default.nix
··· 4 4 name = "${pname}-${version}"; 5 5 version = "1.6.0"; 6 6 pname = "enchant"; 7 - 7 + 8 8 src = fetchurl { 9 9 url = "http://www.abisource.com/downloads/${pname}/${version}/${name}.tar.gz"; 10 10 sha256 = "0zq9yw1xzk8k9s6x83n1f9srzcwdavzazn3haln4nhp9wxxrxb1g"; 11 11 }; 12 - 12 + 13 13 nativeBuildInputs = [ pkgconfig ]; 14 - buildInputs = [aspell glib hunspell hspell]; 15 - 14 + buildInputs = [ aspell glib hunspell hspell ]; 15 + 16 16 meta = { 17 + description = "Generic spell checking library"; 17 18 homepage = http://www.abisource.com/enchant; 18 19 platforms = stdenv.lib.platforms.unix; 19 20 };
+3
pkgs/development/libraries/tinyxml/2.6.2.nix
··· 21 21 # Use CC, CXX, and LD from environment 22 22 ./2.6.2-cxx.patch 23 23 ]; 24 + 24 25 preConfigure = "export LD=${if stdenv.isDarwin then "clang++" else "g++"}"; 26 + 27 + hardeningDisable = [ "format" ]; 25 28 26 29 NIX_CFLAGS_COMPILE = 27 30 stdenv.lib.optional stdenv.isDarwin "-mmacosx-version-min=10.9";
+2
pkgs/os-specific/linux/kernel/perf.nix
··· 31 31 32 32 makeFlags = ["prefix=$(out)" "WERROR=0"] ++ kernel.makeFlags; 33 33 34 + hardeningDisable = [ "format" ]; 35 + 34 36 # perf refers both to newt and slang 35 37 nativeBuildInputs = [ 36 38 asciidoc xmlto docbook_xsl docbook_xml_dtd_45 libxslt
+1 -1
pkgs/top-level/all-packages.nix
··· 9263 9263 9264 9264 qt-gstreamer = callPackage ../development/libraries/gstreamer/legacy/qt-gstreamer {}; 9265 9265 9266 - qt-gstreamer1 = callPackage ../development/libraries/gstreamer/qt-gstreamer { boost = boost155;}; 9266 + qt-gstreamer1 = callPackage ../development/libraries/gstreamer/qt-gstreamer { boost = boost155; }; 9267 9267 9268 9268 qtstyleplugin-kvantum-qt4 = callPackage ../development/libraries/qtstyleplugin-kvantum-qt4 { }; 9269 9269
+2 -3
pkgs/top-level/perl-packages.nix
··· 6462 6462 patches = [ ../development/perl-modules/gd-options-passthrough-and-fontconfig.patch ]; 6463 6463 6464 6464 # otherwise "cc1: error: -Wformat-security ignored without -Wformat [-Werror=format-security]" 6465 - NIX_CFLAGS_COMPILE = [ "-Wno-error=format-security" ]; 6465 + hardeningDisable = [ "format" ]; 6466 6466 6467 - # tests fail 6468 - doCheck = false; 6467 + doCheck = false; # fails 1 out of 13 tests 6469 6468 6470 6469 makeMakerFlags = "--lib_png_path=${pkgs.libpng.out} --lib_jpeg_path=${pkgs.libjpeg.out} --lib_zlib_path=${pkgs.zlib.out} --lib_ft_path=${pkgs.freetype.out} --lib_fontconfig_path=${pkgs.fontconfig.lib} --lib_xpm_path=${pkgs.xorg.libXpm.out}"; 6471 6470 };