tjh.dev
1{
2 lib,
3 stdenv,
4 fetchurl,
5 fetchpatch,
6 texinfo,
7 nano,
8 autoreconfHook,
9}:
10
11let
12 version = "1.12.13";
13 debianRevision = "real-30";
14in
15
16stdenv.mkDerivation {
17 pname = "cvs";
18 version = "${version}+${debianRevision}";
19
20 src = fetchurl {
21 url = "mirror://savannah/cvs/source/feature/${version}/cvs-${version}.tar.bz2";
22 sha256 = "0pjir8cwn0087mxszzbsi1gyfc6373vif96cw4q3m1x6p49kd1bq";
23 };
24
25 patches = [
26 ./getcwd-chroot.patch
27 (fetchpatch {
28 url = "https://raw.githubusercontent.com/Homebrew/formula-patches/24118ec737c7/cvs/vasnprintf-high-sierra-fix.diff";
29 sha256 = "1ql6aaia7xkfq3vqhlw5bd2z2ywka82zk01njs1b2szn699liymg";
30 })
31 # Debian Patchset,
32 # contains patches for CVE-2017-12836 and CVE-2012-0804 among other things
33 (fetchurl {
34 url = "http://deb.debian.org/debian/pool/main/c/cvs/cvs_1.12.13+${debianRevision}.diff.gz";
35 sha256 = "085124619dfdcd3e53c726e049235791b67dcb9f71619f1e27c5f1cbdef0063e";
36 })
37 ];
38
39 hardeningDisable = [
40 "fortify"
41 "format"
42 ];
43
44 nativeBuildInputs = [
45 autoreconfHook
46 texinfo
47 ];
48
49 configureFlags = [
50 "--with-editor=${nano}/bin/nano"
51
52 # Required for cross-compilation.
53 "cvs_cv_func_printf_ptr=yes"
54 ]
55 ++ lib.optionals (stdenv.hostPlatform.libc == "glibc") [
56 # So that fputs_unlocked is defined
57 "CFLAGS=-D_GNU_SOURCE"
58 ];
59
60 makeFlags = [
61 "AR=${stdenv.cc.targetPrefix}ar"
62 ]
63 ++ lib.optionals (!stdenv.cc.bintools.isGNU) [
64 # Don't pass --as-needed to linkers that don't support it
65 # (introduced in debian patchset)
66 "cvs_LDFLAGS="
67 ];
68
69 doCheck = false; # fails 1 of 1 tests
70
71 meta = with lib; {
72 homepage = "http://cvs.nongnu.org";
73 description = "Concurrent Versions System - a source control system";
74 license = licenses.gpl2Plus; # library is GPLv2, main is GPLv1
75 platforms = platforms.all;
76 };
77}