Merge pull request #41192 from oxij/tree/hardening-unformat

pyrox.dev / nixpkgs

fork atom

lol

fork atom

remove some format hardenings

authored by

Peter Simons and committed by

GitHub 7 years ago 5418dfcd 89c20aa4

+23 -8

8 changed files

expand all

unified split

pkgs

development

compilers

ghc

8.0.2.nix

8.4.2.nix

libraries

a52dec

default.nix

enchant

default.nix

tinyxml

2.6.2.nix

os-specific

linux

kernel

perf.nix

top-level

all-packages.nix

perl-packages.nix

pkgs/development/compilers/ghc/8.0.2.nix

··· 162 # that in turn causes GHCi to abort 163 stripDebugFlags = [ "-S" ] ++ stdenv.lib.optional (!targetPlatform.isDarwin) "--keep-file-symbols"; 164 165 postInstall = '' 166 for bin in "$out"/lib/${name}/bin/*; do 167 isELF "$bin" || continue

··· 162 # that in turn causes GHCi to abort 163 stripDebugFlags = [ "-S" ] ++ stdenv.lib.optional (!targetPlatform.isDarwin) "--keep-file-symbols"; 164 165 + hardeningDisable = [ "format" ]; 166 + 167 postInstall = '' 168 for bin in "$out"/lib/${name}/bin/*; do 169 isELF "$bin" || continue

pkgs/development/compilers/ghc/8.4.2.nix

··· 172 173 checkTarget = "test"; 174 175 postInstall = '' 176 for bin in "$out"/lib/${name}/bin/*; do 177 isELF "$bin" || continue

··· 172 173 checkTarget = "test"; 174 175 + hardeningDisable = [ "format" ]; 176 + 177 postInstall = '' 178 for bin in "$out"/lib/${name}/bin/*; do 179 isELF "$bin" || continue

pkgs/development/libraries/a52dec/default.nix

··· 8 sha256 = "0czccp4fcpf2ykp16xcrzdfmnircz1ynhls334q374xknd5747d2"; 9 }; 10 11 meta = { 12 description = "ATSC A/52 stream decoder"; 13 homepage = http://liba52.sourceforge.net/;

··· 8 sha256 = "0czccp4fcpf2ykp16xcrzdfmnircz1ynhls334q374xknd5747d2"; 9 }; 10 11 + # fails 1 out of 1 tests with "BAD GLOBAL SYMBOLS" on i686 12 + # which can also be fixed with 13 + # hardeningDisable = stdenv.lib.optional stdenv.isi686 "pic"; 14 + # but it's better to disable tests than loose ASLR on i686 15 + doCheck = !stdenv.isi686; 16 + 17 meta = { 18 description = "ATSC A/52 stream decoder"; 19 homepage = http://liba52.sourceforge.net/;

+5 -4

pkgs/development/libraries/enchant/default.nix

··· 4 name = "${pname}-${version}"; 5 version = "1.6.0"; 6 pname = "enchant"; 7 - 8 src = fetchurl { 9 url = "http://www.abisource.com/downloads/${pname}/${version}/${name}.tar.gz"; 10 sha256 = "0zq9yw1xzk8k9s6x83n1f9srzcwdavzazn3haln4nhp9wxxrxb1g"; 11 }; 12 - 13 nativeBuildInputs = [ pkgconfig ]; 14 - buildInputs = [aspell glib hunspell hspell]; 15 - 16 meta = { 17 homepage = http://www.abisource.com/enchant; 18 platforms = stdenv.lib.platforms.unix; 19 };

··· 4 name = "${pname}-${version}"; 5 version = "1.6.0"; 6 pname = "enchant"; 7 + 8 src = fetchurl { 9 url = "http://www.abisource.com/downloads/${pname}/${version}/${name}.tar.gz"; 10 sha256 = "0zq9yw1xzk8k9s6x83n1f9srzcwdavzazn3haln4nhp9wxxrxb1g"; 11 }; 12 + 13 nativeBuildInputs = [ pkgconfig ]; 14 + buildInputs = [ aspell glib hunspell hspell ]; 15 + 16 meta = { 17 + description = "Generic spell checking library"; 18 homepage = http://www.abisource.com/enchant; 19 platforms = stdenv.lib.platforms.unix; 20 };

pkgs/development/libraries/tinyxml/2.6.2.nix

··· 21 # Use CC, CXX, and LD from environment 22 ./2.6.2-cxx.patch 23 ]; 24 preConfigure = "export LD=${if stdenv.isDarwin then "clang++" else "g++"}"; 25 26 NIX_CFLAGS_COMPILE = 27 stdenv.lib.optional stdenv.isDarwin "-mmacosx-version-min=10.9";

··· 21 # Use CC, CXX, and LD from environment 22 ./2.6.2-cxx.patch 23 ]; 24 + 25 preConfigure = "export LD=${if stdenv.isDarwin then "clang++" else "g++"}"; 26 + 27 + hardeningDisable = [ "format" ]; 28 29 NIX_CFLAGS_COMPILE = 30 stdenv.lib.optional stdenv.isDarwin "-mmacosx-version-min=10.9";

pkgs/os-specific/linux/kernel/perf.nix

··· 31 32 makeFlags = ["prefix=$(out)" "WERROR=0"] ++ kernel.makeFlags; 33 34 # perf refers both to newt and slang 35 nativeBuildInputs = [ 36 asciidoc xmlto docbook_xsl docbook_xml_dtd_45 libxslt

··· 31 32 makeFlags = ["prefix=$(out)" "WERROR=0"] ++ kernel.makeFlags; 33 34 + hardeningDisable = [ "format" ]; 35 + 36 # perf refers both to newt and slang 37 nativeBuildInputs = [ 38 asciidoc xmlto docbook_xsl docbook_xml_dtd_45 libxslt

+1 -1

pkgs/top-level/all-packages.nix

··· 9263 9264 qt-gstreamer = callPackage ../development/libraries/gstreamer/legacy/qt-gstreamer {}; 9265 9266 - qt-gstreamer1 = callPackage ../development/libraries/gstreamer/qt-gstreamer { boost = boost155;}; 9267 9268 qtstyleplugin-kvantum-qt4 = callPackage ../development/libraries/qtstyleplugin-kvantum-qt4 { }; 9269

··· 9263 9264 qt-gstreamer = callPackage ../development/libraries/gstreamer/legacy/qt-gstreamer {}; 9265 9266 + qt-gstreamer1 = callPackage ../development/libraries/gstreamer/qt-gstreamer { boost = boost155; }; 9267 9268 qtstyleplugin-kvantum-qt4 = callPackage ../development/libraries/qtstyleplugin-kvantum-qt4 { }; 9269

+2 -3

pkgs/top-level/perl-packages.nix

··· 6462 patches = [ ../development/perl-modules/gd-options-passthrough-and-fontconfig.patch ]; 6463 6464 # otherwise "cc1: error: -Wformat-security ignored without -Wformat [-Werror=format-security]" 6465 - NIX_CFLAGS_COMPILE = [ "-Wno-error=format-security" ]; 6466 6467 - # tests fail 6468 - doCheck = false; 6469 6470 makeMakerFlags = "--lib_png_path=${pkgs.libpng.out} --lib_jpeg_path=${pkgs.libjpeg.out} --lib_zlib_path=${pkgs.zlib.out} --lib_ft_path=${pkgs.freetype.out} --lib_fontconfig_path=${pkgs.fontconfig.lib} --lib_xpm_path=${pkgs.xorg.libXpm.out}"; 6471 };

··· 6462 patches = [ ../development/perl-modules/gd-options-passthrough-and-fontconfig.patch ]; 6463 6464 # otherwise "cc1: error: -Wformat-security ignored without -Wformat [-Werror=format-security]" 6465 + hardeningDisable = [ "format" ]; 6466 6467 + doCheck = false; # fails 1 out of 13 tests 6468 6469 makeMakerFlags = "--lib_png_path=${pkgs.libpng.out} --lib_jpeg_path=${pkgs.libjpeg.out} --lib_zlib_path=${pkgs.zlib.out} --lib_ft_path=${pkgs.freetype.out} --lib_fontconfig_path=${pkgs.fontconfig.lib} --lib_xpm_path=${pkgs.xorg.libXpm.out}"; 6470 };