Merge branch 'staging'

http://hydra.nixos.org/eval/1234895
The mass errors on Hydra seem transient; I verified ghc on i686-linux.
Only darwin jobs are queued ATM. There's a libpng security update
included in this merge, so I don't want to wait too long.
This commit is contained in:
Vladimír Čunát 2015-12-29 17:14:35 +01:00
commit 08dd527cc7
32 changed files with 681 additions and 258 deletions

View file

@ -0,0 +1,11 @@
--- a/url.c 2014-07-14 12:31:30.476563116 +0200
+++ b/url.c 2014-07-14 12:32:16.364918248 +0200
@@ -268,7 +268,7 @@ init_PRNG()
if (RAND_status())
return;
if ((file = RAND_file_name(buffer, sizeof(buffer)))) {
-#ifdef USE_EGD
+#if defined(USE_EGD) && defined(HAVE_SSL_RAND_EGD)
if (RAND_egd(file) > 0)
return;
#endif

View file

@ -1,9 +1,10 @@
{ stdenv, fetchurl
{ stdenv, fetchurl, fetchpatch
, ncurses, boehmgc, gettext, zlib
, sslSupport ? true, openssl ? null
, graphicsSupport ? true, imlib2 ? null
, x11Support ? graphicsSupport, libX11 ? null
, mouseSupport ? !stdenv.isDarwin, gpm-ncurses ? null
, perl, man
}:
assert sslSupport -> openssl != null;
@ -21,15 +22,49 @@ stdenv.mkDerivation rec {
sha256 = "1qx9f0kprf92r1wxl3sacykla0g04qsi0idypzz24b7xy9ix5579";
};
NIX_LDFLAGS = stdenv.lib.optionalString stdenv.isSunOS "-lsocket -lnsl";
NIX_LDFLAGS = optionalString stdenv.isSunOS "-lsocket -lnsl";
patches = [ ./glibc214.patch ]
# Patch for the newer unstable boehm-gc 7.2alpha. Not all platforms use that
# alpha. At the time of writing this, boehm-gc-7.1 is the last stable.
++ optional (boehmgc.name != "boehm-gc-7.1") [ ./newgc.patch ]
++ optional stdenv.isCygwin ./cygwin.patch
# for frame buffer only version
++ optional (graphicsSupport && !x11Support) [ ./no-x11.patch ];
# we must set these so that the generated files (e.g. w3mhelp.cgi) contain
# the correct paths.
PERL = "${perl}/bin/perl";
MAN = "${man}/bin/man";
# the Arch patches were pulled from:
# https://aur.archlinux.org/cgit/aur.git/?h=w3m-mouse
patches = [
./RAND_egd.libressl.patch
(fetchpatch {
name = "file_handle.patch";
url = "https://aur.archlinux.org/cgit/aur.git/plain/file_handle.patch?h=w3m-mouse&id=5b5f0fbb59f674575e87dd368fed834641c35f03";
sha256 = "0kkqm68ig9d658kf1iwa1dwcf651f6dy2j98gplcks1mn3bdlak4";
})
(fetchpatch {
name = "form_unknown.patch";
url = "https://aur.archlinux.org/cgit/aur.git/plain/form_unknown.patch?h=w3m-mouse&id=5b5f0fbb59f674575e87dd368fed834641c35f03";
sha256 = "1mbfclid3bihb1xv7sxcahprn3slzd6ga8rjzlq4rbq80bl053fw";
})
(fetchpatch {
name = "gc72.patch";
url = "https://aur.archlinux.org/cgit/aur.git/plain/gc72.patch?h=w3m-mouse&id=5b5f0fbb59f674575e87dd368fed834641c35f03";
sha256 = "1n6anaw17by0s6rn25bwkgj2mck7ffspizpwbijvx1ynk451459a";
})
(fetchpatch {
name = "https.patch";
url = "https://aur.archlinux.org/cgit/aur.git/plain/https.patch?h=w3m-mouse&id=5b5f0fbb59f674575e87dd368fed834641c35f03";
sha256 = "08skvaha1hjyapsh8zw5dgfy433mw2hk7qy9yy9avn8rjqj7kjxk";
})
(fetchpatch {
name = "perl.patch";
url = "https://aur.archlinux.org/cgit/aur.git/plain/perl.patch?h=w3m-mouse&id=5b5f0fbb59f674575e87dd368fed834641c35f03";
sha256 = "15cq7cwh0d2v64i8by44rgxw48156sgh872921hxrqdakr95p3gy";
})
(fetchpatch {
name = "w3m_rgba.patch";
url = "https://aur.archlinux.org/cgit/aur.git/plain/w3m_rgba.patch?h=w3m-mouse&id=5b5f0fbb59f674575e87dd368fed834641c35f03";
sha256 = "1dhp1p6z621ayyl9zip9w35x2cxyhhj72jv5dvf0zp4rk6cjm781";
})
] ++ optional (graphicsSupport && !x11Support) [ ./no-x11.patch ]
++ optional stdenv.isCygwin ./cygwin.patch;
buildInputs = [ncurses boehmgc gettext zlib]
++ optional sslSupport openssl
@ -37,6 +72,10 @@ stdenv.mkDerivation rec {
++ optional graphicsSupport imlib2
++ optional x11Support libX11;
postInstall = optionalString graphicsSupport ''
ln -s $out/libexec/w3m/w3mimgdisplay $out/bin
'';
configureFlags = "--with-ssl=${openssl} --with-gc=${boehmgc}"
+ optionalString graphicsSupport " --enable-image=${optionalString x11Support "x11,"}fb";
@ -48,11 +87,12 @@ stdenv.mkDerivation rec {
enableParallelBuilding = false;
# for w3mimgdisplay
# see: https://bbs.archlinux.org/viewtopic.php?id=196093
LIBS = optionalString x11Support "-lX11";
meta = {
homepage = http://w3m.sourceforge.net/;
description = "A text-mode web browser";
maintainers = [ maintainers.mornfall ];
maintainers = [ maintainers.mornfall maintainers.cstrahan ];
};
}

View file

@ -1,60 +0,0 @@
http://sources.gentoo.org/cgi-bin/viewvc.cgi/gentoo-x86/www-client/w3m/files/w3m-0.5.3-glibc214.patch?revision=1.1
--- a/istream.c.~1.27.~ 2011-01-04 18:22:22.000000000 +0900
+++ b/istream.c 2011-06-24 08:15:23.522990618 +0900
@@ -22,8 +22,8 @@
static void basic_close(int *handle);
static int basic_read(int *handle, char *buf, int len);
-static void file_close(struct file_handle *handle);
-static int file_read(struct file_handle *handle, char *buf, int len);
+static void file_close(struct afile_handle *handle);
+static int file_read(struct afile_handle *handle, char *buf, int len);
static int str_read(Str handle, char *buf, int len);
@@ -114,7 +114,7 @@
stream = New(union input_stream);
init_base_stream(&stream->base, STREAM_BUF_SIZE);
stream->file.type = IST_FILE;
- stream->file.handle = New(struct file_handle);
+ stream->file.handle = New(struct afile_handle);
stream->file.handle->f = f;
if (closep)
stream->file.handle->close = closep;
@@ -658,13 +658,13 @@
}
static void
-file_close(struct file_handle *handle)
+file_close(struct afile_handle *handle)
{
handle->close(handle->f);
}
static int
-file_read(struct file_handle *handle, char *buf, int len)
+file_read(struct afile_handle *handle, char *buf, int len)
{
return fread(buf, 1, len, handle->f);
}
--- a/istream.h.~1.12.~ 2003-10-21 01:41:56.000000000 +0900
+++ b/istream.h 2011-06-24 08:15:54.392991144 +0900
@@ -20,7 +20,7 @@
typedef struct stream_buffer *StreamBuffer;
-struct file_handle {
+struct afile_handle {
FILE *f;
void (*close) ();
};
@@ -53,7 +53,7 @@
struct file_stream {
struct stream_buffer stream;
- struct file_handle *handle;
+ struct afile_handle *handle;
char type;
char iseos;
int (*read) ();

View file

@ -1,15 +0,0 @@
https://bugzilla.redhat.com/show_bug.cgi?id=555467
--- a/main.c.old 2007-05-31 06:49:50.000000000 +0530
+++ b/main.c 2010-02-16 16:16:24.000000000 +0530
@@ -842,7 +842,9 @@
mySignal(SIGPIPE, SigPipe);
#endif
- orig_GC_warn_proc = GC_set_warn_proc(wrap_GC_warn_proc);
+ orig_GC_warn_proc = GC_get_warn_proc();
+ GC_set_warn_proc(wrap_GC_warn_proc);
+
err_msg = Strnew();
if (load_argc == 0) {
/* no URL specified */

View file

@ -21,11 +21,11 @@ in
with stdenv.lib;
stdenv.mkDerivation rec {
name = "perl-5.20.2";
name = "perl-5.20.3";
src = fetchurl {
url = "mirror://cpan/authors/id/S/SH/SHAY/${name}.tar.gz";
sha256 = "17cvplgpxbm1hshxlkra2fldn4da1iap1lsnb04hdm8ply93k95i";
sha256 = "0jlvpd5l5nk7lzfd4akdg1sw6vinbkj6izclyyr0lrbidfky691m";
};
outputs = [ "out" "man" ];
@ -33,8 +33,6 @@ stdenv.mkDerivation rec {
patches =
[ # Do not look in /usr etc. for dependencies.
./no-sys-dirs.patch
# Remove in 5.20.3
./perl-5.20.2-gcc5_fixes-1.patch
]
++ optional stdenv.isSunOS ./ld-shared.patch
++ stdenv.lib.optional stdenv.isDarwin [ ./cpp-precomp.patch ./no-libutil.patch ] ;
@ -84,6 +82,9 @@ stdenv.mkDerivation rec {
''}
'' + optionalString stdenv.isDarwin ''
substituteInPlace hints/darwin.sh --replace "env MACOSX_DEPLOYMENT_TARGET=10.3" ""
'' + optionalString (!enableThreading) ''
# We need to do this because the bootstrap doesn't have a static libpthread
sed -i 's,\(libswanted.*\)pthread,\1,g' Configure
'';
preBuild = optionalString (!(stdenv ? cc && stdenv.cc.nativeTools))

View file

@ -1,127 +0,0 @@
Submitted By: Ken Moffat <ken at linuxfromscratch dot org>
Date: 2015-04-17
Initial Package Version: 5.20.2
Upstream Status: Committed
Origin: Petr Pisař and Tony Cook
Description: Fixes Errno.pm and h2ph with gcc-5.
1. cherry-picked because the change to $version will not apply, from
commit 816b056ffb99ae54642320e20dc30a59fd1effef
Author: Petr Písař <ppisar@redhat.com>
Date: Wed Feb 11 15:46:37 2015 +0100
Fix Errno.pm generation for gcc-5.0
gcc-5.0 -E interleaves now line numbers with expended macros, so that
the generated errno.c will be preprocessed to
EBFONT => [[
59
]]
which is hard to parse in in line-based reader.
So use -P option with gcc >= 5.0. Global -P usage would break makedepend,
global -ftrack-macro-expansion=0 would break lib/h2ph.t.
RT#123784
diff --git a/ext/Errno/Errno_pm.PL b/ext/Errno/Errno_pm.PL
index 3dadfce..c6bfa06 100644
--- a/ext/Errno/Errno_pm.PL
+++ b/ext/Errno/Errno_pm.PL
@@ -215,20 +215,31 @@ sub write_errno_pm {
{ # BeOS (support now removed) did not enter this block
# invoke CPP and read the output
+ my $inhibit_linemarkers = '';
+ if ($Config{gccversion} =~ /\A(\d+)\./ and $1 >= 5) {
+ # GCC 5.0 interleaves expanded macros with line numbers breaking
+ # each line into multiple lines. RT#123784
+ $inhibit_linemarkers = ' -P';
+ }
+
if ($^O eq 'VMS') {
- my $cpp = "$Config{cppstdin} $Config{cppflags} $Config{cppminus}";
+ my $cpp = "$Config{cppstdin} $Config{cppflags}" .
+ $inhibit_linemarkers . " $Config{cppminus}";
$cpp =~ s/sys\$input//i;
open(CPPO,"$cpp errno.c |") or
die "Cannot exec $Config{cppstdin}";
} elsif ($IsMSWin32 || $^O eq 'NetWare') {
- open(CPPO,"$Config{cpprun} $Config{cppflags} errno.c |") or
- die "Cannot run '$Config{cpprun} $Config{cppflags} errno.c'";
+ my $cpp = "$Config{cpprun} $Config{cppflags}" .
+ $inhibit_linemarkers;
+ open(CPPO,"$cpp errno.c |") or
+ die "Cannot run '$cpp errno.c'";
} elsif ($IsSymbian) {
- my $cpp = "gcc -E -I$ENV{SDK}\\epoc32\\include\\libc -";
+ my $cpp = "gcc -E -I$ENV{SDK}\\epoc32\\include\\libc" .
+ $inhibit_linemarkers ." -";
open(CPPO,"$cpp < errno.c |")
or die "Cannot exec $cpp";
} else {
- my $cpp = default_cpp();
+ my $cpp = default_cpp() . $inhibit_linemarkers;
open(CPPO,"$cpp < errno.c |")
or die "Cannot exec $cpp";
}
commit 3bea78d24634e630b610f59957e7a019205a67b2
Author: Tony Cook <tony@develop-help.com>
Date: Mon Feb 16 15:57:00 2015 +1100
h2ph: correct handling of hex constants for the preamble
Previously they were treated as identifiers resulting in code
generated like C< &0xFFF >.
We also try to prevent compile-time warnings from large hex integers,
the user isn't responsible for the generated code, so we delay those
warnings to run-time.
diff --git a/utils/h2ph.PL b/utils/h2ph.PL
index 9a8b14d..d082f22 100644
--- a/utils/h2ph.PL
+++ b/utils/h2ph.PL
@@ -769,7 +769,7 @@ sub inc_dirs
sub build_preamble_if_necessary
{
# Increment $VERSION every time this function is modified:
- my $VERSION = 3;
+ my $VERSION = 4;
my $preamble = "$Dest_dir/_h2ph_pre.ph";
# Can we skip building the preamble file?
@@ -788,6 +788,11 @@ sub build_preamble_if_necessary
open PREAMBLE, ">$preamble" or die "Cannot open $preamble: $!";
print PREAMBLE "# This file was created by h2ph version $VERSION\n";
+ # Prevent non-portable hex constants from warning.
+ #
+ # We still produce an overflow warning if we can't represent
+ # a hex constant as an integer.
+ print PREAMBLE "no warnings qw(portable);\n";
foreach (sort keys %define) {
if ($opt_D) {
@@ -814,6 +819,18 @@ DEFINE
# integer:
print PREAMBLE
"unless (defined &$_) { sub $_() { $1 } }\n\n";
+ } elsif ($define{$_} =~ /^([+-]?0x[\da-f]+)U?L{0,2}$/i) {
+ # hex integer
+ # Special cased, since perl warns on hex integers
+ # that can't be represented in a UV.
+ #
+ # This way we get the warning at time of use, so the user
+ # only gets the warning if they happen to use this
+ # platform-specific definition.
+ my $code = $1;
+ $code = "hex('$code')" if length $code > 10;
+ print PREAMBLE
+ "unless (defined &$_) { sub $_() { $code } }\n\n";
} elsif ($define{$_} =~ /^\w+$/) {
my $def = $define{$_};
if ($isatype{$def}) {

View file

@ -1,7 +1,8 @@
{ patchSet, useRailsExpress, ops, patchLevel }:
let self = rec {
rec {
"1.9.3" = [
./ssl_v3.patch
./ruby19-parallel-install.patch
./bitperfect-rdoc.patch
] ++ ops useRailsExpress [
@ -25,13 +26,17 @@ let self = rec {
"${patchSet}/patches/ruby/1.9.3/p${patchLevel}/railsexpress/18-fix-missing-c-return-event.patch"
"${patchSet}/patches/ruby/1.9.3/p${patchLevel}/railsexpress/19-fix-process-daemon-call.patch"
];
"2.0.0" = ops useRailsExpress [
"2.0.0" = [
./ssl_v3.patch
] ++ ops useRailsExpress [
"${patchSet}/patches/ruby/2.0.0/p${patchLevel}/railsexpress/01-zero-broken-tests.patch"
"${patchSet}/patches/ruby/2.0.0/p${patchLevel}/railsexpress/02-railsexpress-gc.patch"
"${patchSet}/patches/ruby/2.0.0/p${patchLevel}/railsexpress/03-display-more-detailed-stack-trace.patch"
"${patchSet}/patches/ruby/2.0.0/p${patchLevel}/railsexpress/04-show-full-backtrace-on-stack-overflow.patch"
];
"2.1.0" = ops useRailsExpress [
"2.1.0" = [
./ssl_v3.patch
] ++ ops useRailsExpress [
"${patchSet}/patches/ruby/2.1.0/railsexpress/01-current-2.1.1-fixes.patch"
"${patchSet}/patches/ruby/2.1.0/railsexpress/02-zero-broken-tests.patch"
"${patchSet}/patches/ruby/2.1.0/railsexpress/03-improve-gc-stats.patch"
@ -45,7 +50,9 @@ let self = rec {
"${patchSet}/patches/ruby/2.1.0/railsexpress/11-funny-falcon-method-cache.patch"
"${patchSet}/patches/ruby/2.1.0/railsexpress/12-backport-r44370.patch"
];
"2.1.1" = ops useRailsExpress [
"2.1.1" = [
./ssl_v3.patch
] ++ ops useRailsExpress [
"${patchSet}/patches/ruby/2.1.0/railsexpress/01-zero-broken-tests.patch"
"${patchSet}/patches/ruby/2.1.0/railsexpress/02-improve-gc-stats.patch"
"${patchSet}/patches/ruby/2.1.0/railsexpress/03-display-more-detailed-stack-trace.patch"
@ -58,7 +65,9 @@ let self = rec {
"${patchSet}/patches/ruby/2.1.0/railsexpress/11-funny-falcon-method-cache.patch"
"${patchSet}/patches/ruby/2.1.0/railsexpress/12-backport-r44370.patch"
];
"2.1.2" = ops useRailsExpress [
"2.1.2" = [
./ssl_v3.patch
] ++ ops useRailsExpress [
"${patchSet}/patches/ruby/2.1.2/railsexpress/01-zero-broken-tests.patch"
"${patchSet}/patches/ruby/2.1.2/railsexpress/02-improve-gc-stats.patch"
"${patchSet}/patches/ruby/2.1.2/railsexpress/03-display-more-detailed-stack-trace.patch"
@ -70,7 +79,9 @@ let self = rec {
"${patchSet}/patches/ruby/2.1.2/railsexpress/09-aman-opt-aset-aref-str.patch"
"${patchSet}/patches/ruby/2.1.2/railsexpress/10-funny-falcon-method-cache.patch"
];
"2.1.3" = ops useRailsExpress [
"2.1.3" = [
./ssl_v3.patch
] ++ ops useRailsExpress [
"${patchSet}/patches/ruby/2.1.3/railsexpress/01-zero-broken-tests.patch"
"${patchSet}/patches/ruby/2.1.3/railsexpress/02-improve-gc-stats.patch"
"${patchSet}/patches/ruby/2.1.3/railsexpress/03-display-more-detailed-stack-trace.patch"
@ -80,7 +91,9 @@ let self = rec {
"${patchSet}/patches/ruby/2.1.3/railsexpress/07-aman-opt-aset-aref-str.patch"
"${patchSet}/patches/ruby/2.1.3/railsexpress/08-funny-falcon-method-cache.patch"
];
"2.1.6" = ops useRailsExpress [
"2.1.6" = [
./ssl_v3.patch
] ++ ops useRailsExpress [
"${patchSet}/patches/ruby/2.1.6/railsexpress/01-zero-broken-tests.patch"
"${patchSet}/patches/ruby/2.1.6/railsexpress/02-improve-gc-stats.patch"
"${patchSet}/patches/ruby/2.1.6/railsexpress/03-display-more-detailed-stack-trace.patch"
@ -91,7 +104,9 @@ let self = rec {
"${patchSet}/patches/ruby/2.1.6/railsexpress/08-funny-falcon-method-cache.patch"
"${patchSet}/patches/ruby/2.1.6/railsexpress/09-heap-dump-support.patch"
];
"2.1.7" = ops useRailsExpress [
"2.1.7" = [
./ssl_v3.patch
] ++ ops useRailsExpress [
"${patchSet}/patches/ruby/2.1.7/railsexpress/01-zero-broken-tests.patch"
"${patchSet}/patches/ruby/2.1.7/railsexpress/02-improve-gc-stats.patch"
"${patchSet}/patches/ruby/2.1.7/railsexpress/03-display-more-detailed-stack-trace.patch"
@ -102,22 +117,28 @@ let self = rec {
"${patchSet}/patches/ruby/2.1.7/railsexpress/08-funny-falcon-method-cache.patch"
"${patchSet}/patches/ruby/2.1.7/railsexpress/09-heap-dump-support.patch"
];
"2.2.0" = ops useRailsExpress [
"2.2.0" = [
./ssl_v3.patch
] ++ ops useRailsExpress [
"${patchSet}/patches/ruby/2.2.0/railsexpress/01-zero-broken-tests.patch"
"${patchSet}/patches/ruby/2.2.0/railsexpress/02-improve-gc-stats.patch"
"${patchSet}/patches/ruby/2.2.0/railsexpress/03-display-more-detailed-stack-trace.patch"
"${patchSet}/patches/ruby/2.2.0/railsexpress/04-backport-401c8bb.patch"
"${patchSet}/patches/ruby/2.2.0/railsexpress/05-fix-packed-bitfield-compat-warning-for-older-gccs.patch"
];
"2.2.2" = ops useRailsExpress [
"2.2.2" = [
./ssl_v3.patch
] ++ ops useRailsExpress [
"${patchSet}/patches/ruby/2.2.2/railsexpress/01-zero-broken-tests.patch"
"${patchSet}/patches/ruby/2.2.2/railsexpress/02-improve-gc-stats.patch"
"${patchSet}/patches/ruby/2.2.2/railsexpress/03-display-more-detailed-stack-trace.patch"
"${patchSet}/patches/ruby/2.2.2/railsexpress/04-backported-bugfixes-222.patch"
];
"2.2.3" = ops useRailsExpress [
"2.2.3" = [
./ssl_v3.patch
] ++ ops useRailsExpress [
"${patchSet}/patches/ruby/2.2.3/railsexpress/01-zero-broken-tests.patch"
"${patchSet}/patches/ruby/2.2.3/railsexpress/02-improve-gc-stats.patch"
"${patchSet}/patches/ruby/2.2.3/railsexpress/03-display-more-detailed-stack-trace.patch"
];
}; in self
}

View file

@ -0,0 +1,16 @@
--- a/ext/openssl/ossl_ssl.c 2015-11-26 16:41:03.775058140 +0000
+++ b/ext/openssl/ossl_ssl.c 2015-11-26 16:40:56.191907346 +0000
@@ -138,9 +138,12 @@
OSSL_SSL_METHOD_ENTRY(SSLv2_server),
OSSL_SSL_METHOD_ENTRY(SSLv2_client),
#endif
+#if defined(HAVE_SSLV3_METHOD) && defined(HAVE_SSLV3_SERVER_METHOD) && \
+ defined(HAVE_SSLV3_CLIENT_METHOD)
OSSL_SSL_METHOD_ENTRY(SSLv3),
OSSL_SSL_METHOD_ENTRY(SSLv3_server),
OSSL_SSL_METHOD_ENTRY(SSLv3_client),
+#endif
OSSL_SSL_METHOD_ENTRY(SSLv23),
OSSL_SSL_METHOD_ENTRY(SSLv23_server),
OSSL_SSL_METHOD_ENTRY(SSLv23_client),

View file

@ -28,6 +28,12 @@ stdenv.mkDerivation (rec {
"gt_cv_func_CFLocaleCopyCurrent=no"
]);
patchPhase = ''
substituteInPlace gettext-tools/projects/KDE/trigger --replace "/bin/pwd" pwd
substituteInPlace gettext-tools/projects/GNOME/trigger --replace "/bin/pwd" pwd
substituteInPlace gettext-tools/src/project-id --replace "/bin/pwd" pwd
'';
# On cross building, gettext supposes that the wchar.h from libc
# does not fulfill gettext needs, so it tries to work with its
# own wchar.h file, which does not cope well with the system's
@ -90,8 +96,8 @@ stdenv.mkDerivation (rec {
# Make sure `error.c' gets compiled and is part of `libgettextlib.la'.
# This fixes:
# gettext-0.18.1.1/gettext-tools/src/msgcmp.c:371: undefined reference to `_error_message_count'
'' sed -i gettext-tools/gnulib-lib/Makefile.in \
''
sed -i gettext-tools/gnulib-lib/Makefile.in \
-e 's/am_libgettextlib_la_OBJECTS =/am_libgettextlib_la_OBJECTS = error.lo/g'
'';
})

View file

@ -61,6 +61,8 @@ stdenv.mkDerivation ({
./security-bdf1ff05.patch
./cve-2014-8121.patch
./cve-2015-1781.patch
./glibc-locale-incompatibility.patch
];
postPatch =

View file

@ -0,0 +1,25 @@
http://git.savannah.gnu.org/cgit/guix.git/plain/gnu/packages/patches/glibc-locale-incompatibility.patch
This patch avoids an assertion failure when incompatible locale data
is encountered:
https://sourceware.org/ml/libc-alpha/2015-09/msg00575.html
--- glibc-2.22/locale/loadlocale.c 2015-09-22 17:16:02.321981548 +0200
+++ glibc-2.22/locale/loadlocale.c 2015-09-22 17:17:34.814659064 +0200
@@ -120,10 +120,11 @@
_nl_value_type_LC_XYZ array. There are all pointers. */
switch (category)
{
-#define CATTEST(cat) \
- case LC_##cat: \
- assert (cnt < (sizeof (_nl_value_type_LC_##cat) \
- / sizeof (_nl_value_type_LC_##cat[0]))); \
+#define CATTEST(cat) \
+ case LC_##cat: \
+ if (cnt >= (sizeof (_nl_value_type_LC_##cat) \
+ / sizeof (_nl_value_type_LC_##cat[0]))) \
+ goto puntdata; \
break
CATTEST (NUMERIC);
CATTEST (TIME);

View file

@ -1,4 +1,4 @@
{ fetchurl, stdenv }:
{ fetchurl, stdenv, dejagnu, doCheck ? false }:
stdenv.mkDerivation rec {
name = "libffi-3.2.1";
@ -10,11 +10,15 @@ stdenv.mkDerivation rec {
patches = if stdenv.isCygwin then [ ./3.2.1-cygwin.patch ] else null;
buildInputs = stdenv.lib.optional doCheck dejagnu;
configureFlags = [
"--with-gcc-arch=generic" # no detection of -march= or -mtune=
"--enable-pax_emutramp"
];
inherit doCheck;
dontStrip = stdenv ? cross; # Don't run the native `strip' when cross-compiling.
# Install headers in the right place.
@ -22,7 +26,7 @@ stdenv.mkDerivation rec {
ln -s${if (stdenv.isFreeBSD || stdenv.isOpenBSD || stdenv.isDarwin) then "" else "r"}v "$out/lib/"libffi*/include "$out/include"
'';
meta = {
meta = with stdenv.lib; {
description = "A foreign function call interface library";
longDescription = ''
The libffi library provides a portable, high level programming
@ -40,8 +44,8 @@ stdenv.mkDerivation rec {
'';
homepage = http://sourceware.org/libffi/;
# See http://github.com/atgreen/libffi/blob/master/LICENSE .
license = stdenv.lib.licenses.free;
license = licenses.free;
maintainers = [ ];
platforms = stdenv.lib.platforms.all;
platforms = platforms.all;
};
}

View file

@ -3,11 +3,11 @@
assert zlib != null;
let
version = "1.6.19";
sha256 = "1s1mmkl79ghiczi2x2rbnp6y70v4c5pr8g3icxn9h5imymbmc71i";
version = "1.6.20";
sha256 = "12wis4rlisfnw79pj2778m42m94xpi9nq8m385hxk11lkyg9biam";
patch_src = fetchurl {
url = "mirror://sourceforge/libpng-apng/libpng-${version}-apng.patch.gz";
sha256 = "0bgqkac16yhl0zwjzq2zwkixg2l2x3a6blbk3k0wqz0lza2a6jrh";
sha256 = "11xgal9qk6fmqdgcb37xg55f2y58wizszw54p1pyq855d2xpwfz6";
};
whenPatched = stdenv.lib.optionalString apngSupport;

View file

@ -22,7 +22,7 @@ else
*/
let
version = "11.0.5";
version = "11.0.8";
# this is the default search path for DRI drivers
driverLink = "/run/opengl-driver" + stdenv.lib.optionalString stdenv.isi686 "-32";
in
@ -38,7 +38,7 @@ stdenv.mkDerivation {
+ head (splitString "." version) + ''.x/${version}/mesa-${version}.tar.xz'')
"https://launchpad.net/mesa/trunk/${version}/+download/mesa-${version}.tar.xz"
];
sha256 = "9c255a2a6695fcc6ef4a279e1df0aeaf417dc142f39ee59dfb533d80494bb67a";
sha256 = "5696e4730518b6805d2ed5def393c4293f425a2c2c01bd5ed4bdd7ad62f7ad75";
};
prePatch = "patchShebangs .";

View file

@ -13,6 +13,8 @@ stdenv.mkDerivation rec {
enableParallelBuilding = true;
patches = [ ./libressl.patch ];
meta = with stdenv.lib; {
description = "Qt Cryptographic Architecture";
license = "LGPL";

View file

@ -0,0 +1,28 @@
--- a/plugins/qca-ossl/qca-ossl.cpp 2015-12-02 09:34:25.810682094 +0000
+++ b/plugins/qca-ossl/qca-ossl.cpp 2015-12-02 09:29:51.720392423 +0000
@@ -5403,11 +5403,13 @@
ctx = SSL_CTX_new(SSLv2_client_method());
break;
#endif
+#ifndef OPENSSL_NO_SSL3
case TLS::SSL_v3:
ctx = SSL_CTX_new(SSLv3_client_method());
break;
+#endif
case TLS::TLS_v1:
+ ctx = SSL_CTX_new(SSLv23_client_method());
- ctx = SSL_CTX_new(TLSv1_client_method());
break;
case TLS::DTLS_v1:
default:
@@ -7133,8 +7135,10 @@
return new opensslInfoContext(this);
else if ( type == "sha1" )
return new opensslHashContext( EVP_sha1(), this, type);
+#ifndef OPENSSL_NO_SHA0
else if ( type == "sha0" )
return new opensslHashContext( EVP_sha(), this, type);
+#endif
else if ( type == "ripemd160" )
return new opensslHashContext( EVP_ripemd160(), this, type);
#ifdef HAVE_OPENSSL_MD2

View file

@ -50,6 +50,7 @@ stdenv.mkDerivation rec {
patches =
[ ./glib-2.32.patch
./libressl.patch
(substituteAll {
src = ./dlopen-absolute-paths.diff;
inherit cups icu libXfixes;

View file

@ -0,0 +1,64 @@
$OpenBSD: patch-src_network_ssl_qsslsocket_openssl_symbols_cpp,v 1.3 2015/09/17 12:24:42 dcoppa Exp $
--- a/src/network/ssl/qsslsocket_openssl_symbols.cpp Wed Sep 16 13:27:39 2015
+++ b/src/network/ssl/qsslsocket_openssl_symbols.cpp Wed Sep 16 13:33:06 2015
@@ -228,13 +228,17 @@ DEFINEFUNC(int, SSL_shutdown, SSL *a, a, return -1, re
#ifndef OPENSSL_NO_SSL2
DEFINEFUNC(const SSL_METHOD *, SSLv2_client_method, DUMMYARG, DUMMYARG, return 0, return)
#endif
+#ifndef OPENSSL_NO_SSL3
DEFINEFUNC(const SSL_METHOD *, SSLv3_client_method, DUMMYARG, DUMMYARG, return 0, return)
+#endif
DEFINEFUNC(const SSL_METHOD *, SSLv23_client_method, DUMMYARG, DUMMYARG, return 0, return)
DEFINEFUNC(const SSL_METHOD *, TLSv1_client_method, DUMMYARG, DUMMYARG, return 0, return)
#ifndef OPENSSL_NO_SSL2
DEFINEFUNC(const SSL_METHOD *, SSLv2_server_method, DUMMYARG, DUMMYARG, return 0, return)
#endif
+#ifndef OPENSSL_NO_SSL3
DEFINEFUNC(const SSL_METHOD *, SSLv3_server_method, DUMMYARG, DUMMYARG, return 0, return)
+#endif
DEFINEFUNC(const SSL_METHOD *, SSLv23_server_method, DUMMYARG, DUMMYARG, return 0, return)
DEFINEFUNC(const SSL_METHOD *, TLSv1_server_method, DUMMYARG, DUMMYARG, return 0, return)
#else
@@ -822,13 +826,17 @@ bool q_resolveOpenSslSymbols()
#ifndef OPENSSL_NO_SSL2
RESOLVEFUNC(SSLv2_client_method)
#endif
+#ifndef OPENSSL_NO_SSL3
RESOLVEFUNC(SSLv3_client_method)
+#endif
RESOLVEFUNC(SSLv23_client_method)
RESOLVEFUNC(TLSv1_client_method)
#ifndef OPENSSL_NO_SSL2
RESOLVEFUNC(SSLv2_server_method)
#endif
+#ifndef OPENSSL_NO_SSL3
RESOLVEFUNC(SSLv3_server_method)
+#endif
RESOLVEFUNC(SSLv23_server_method)
RESOLVEFUNC(TLSv1_server_method)
RESOLVEFUNC(X509_NAME_entry_count)
--- a/src/network/ssl/qsslsocket_openssl.cpp Thu May 7 16:14:44 2015
+++ b/src/network/ssl/qsslsocket_openssl.cpp Wed Sep 16 13:30:03 2015
@@ -267,15 +267,19 @@ init_context:
#endif
break;
case QSsl::SslV3:
+#ifndef OPENSSL_NO_SSL3
ctx = q_SSL_CTX_new(client ? q_SSLv3_client_method() : q_SSLv3_server_method());
+#else
+ ctx = 0; // SSL 3 not supported by the system, but chosen deliberately -> error
+#endif
break;
- case QSsl::SecureProtocols: // SslV2 will be disabled below
- case QSsl::TlsV1SslV3: // SslV2 will be disabled below
case QSsl::AnyProtocol:
- default:
ctx = q_SSL_CTX_new(client ? q_SSLv23_client_method() : q_SSLv23_server_method());
break;
case QSsl::TlsV1:
+ case QSsl::SecureProtocols:
+ case QSsl::TlsV1SslV3:
+ default:
ctx = q_SSL_CTX_new(client ? q_TLSv1_client_method() : q_TLSv1_server_method());
break;
}

View file

@ -0,0 +1,36 @@
From 81494e67eccba04fc3fe554d76a9ca6fe7f2250e Mon Sep 17 00:00:00 2001
From: hasufell <hasufell@gentoo.org>
Date: Sat, 10 Oct 2015 01:15:01 +0200
Subject: [PATCH] Fix compilation with libressl
By additionally checking for defined(SSL_CTRL_SET_CURVES), which
is defined in openssl, but not in libressl.
---
src/network/ssl/qsslcontext_openssl.cpp | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/qtbase/src/network/ssl/qsslcontext_openssl.cpp b/qtbase/src/network/ssl/qsslcontext_openssl.cpp
index b88ab54..cfc4f6d 100644
--- a/qtbase/src/network/ssl/qsslcontext_openssl.cpp
+++ b/qtbase/src/network/ssl/qsslcontext_openssl.cpp
@@ -338,7 +338,7 @@ init_context:
const QVector<QSslEllipticCurve> qcurves = sslContext->sslConfiguration.ellipticCurves();
if (!qcurves.isEmpty()) {
-#if OPENSSL_VERSION_NUMBER >= 0x10002000L && !defined(OPENSSL_NO_EC)
+#if OPENSSL_VERSION_NUMBER >= 0x10002000L && defined(SSL_CTRL_SET_CURVES) && !defined(OPENSSL_NO_EC)
// Set the curves to be used
if (q_SSLeay() >= 0x10002000L) {
// SSL_CTX_ctrl wants a non-const pointer as last argument,
@@ -352,7 +352,7 @@ init_context:
return sslContext;
}
} else
-#endif // OPENSSL_VERSION_NUMBER >= 0x10002000L && !defined(OPENSSL_NO_EC)
+#endif // OPENSSL_VERSION_NUMBER >= 0x10002000L && defined(SSL_CTRL_SET_CURVES) && !defined(OPENSSL_NO_EC)
{
// specific curves requested, but not possible to set -> error
sslContext->errorStr = msgErrorSettingEllipticCurves(QSslSocket::tr("OpenSSL version too old, need at least v1.0.2"));
--
2.6.0

View file

@ -6,3 +6,4 @@ dlopen-dbus.patch
xdg-config-dirs.patch
nix-profiles-library-paths.patch
compose-search-path.patch
libressl.patch

View file

@ -1,4 +1,6 @@
{ stdenv, fetchurl, ncurses, perl, xz, interactive ? false }:
{ stdenv, fetchurl, ncurses, perl, xz, procps, interactive ? false }:
with stdenv.lib;
stdenv.mkDerivation rec {
name = "texinfo-5.2";
@ -9,7 +11,8 @@ stdenv.mkDerivation rec {
};
buildInputs = [ perl xz ]
++ stdenv.lib.optional interactive ncurses;
++ optional interactive ncurses
++ optional doCheck procps; # for tests
preInstall = ''
installFlags="TEXMF=$out/texmf-dist";
@ -21,8 +24,8 @@ stdenv.mkDerivation rec {
meta = {
homepage = "http://www.gnu.org/software/texinfo/";
description = "The GNU documentation system";
license = stdenv.lib.licenses.gpl3Plus;
platforms = stdenv.lib.platforms.all;
license = licenses.gpl3Plus;
platforms = platforms.all;
longDescription = ''
Texinfo is the official documentation format of the GNU project.

View file

@ -1,4 +1,6 @@
{ stdenv, fetchurl, ncurses, perl, xz, libiconv, gawk, interactive ? false }:
{ stdenv, fetchurl, ncurses, perl, xz, libiconv, gawk, procps, interactive ? false }:
with stdenv.lib;
stdenv.mkDerivation rec {
name = "texinfo-6.0";
@ -9,17 +11,19 @@ stdenv.mkDerivation rec {
};
buildInputs = [ perl xz ]
++ stdenv.lib.optionals stdenv.isSunOS [ libiconv gawk ]
++ stdenv.lib.optional interactive ncurses;
++ optionals stdenv.isSunOS [ libiconv gawk ]
++ optional interactive ncurses
++ optional doCheck procps; # for tests
configureFlags = stdenv.lib.optionalString stdenv.isSunOS "AWK=${gawk}/bin/awk";
configureFlags = stdenv.lib.optional stdenv.isSunOS "AWK=${gawk}/bin/awk";
preInstall = ''
installFlags="TEXMF=$out/texmf-dist";
installTargets="install install-tex";
'';
doCheck = !stdenv.isDarwin && !interactive && !stdenv.isSunOS/*flaky*/;
doCheck = interactive # simplify bootstrapping
&& !stdenv.isDarwin && !stdenv.isSunOS/*flaky*/;
meta = with stdenv.lib; {
homepage = "http://www.gnu.org/software/texinfo/";

View file

@ -79,6 +79,7 @@ stdenv.mkDerivation rec {
patches = [
./build-fix.patch
./libressl.patch
];
postInstall = ''

View file

@ -0,0 +1,69 @@
$OpenBSD: patch-src_crypto_tls_openssl_c,v 1.3 2015/09/29 11:57:54 dcoppa Exp $
Compatibility fixes for LibreSSL
--- a/src/crypto/tls_openssl.c Sun Sep 27 21:02:05 2015
+++ b/src/crypto/tls_openssl.c Mon Sep 28 13:43:46 2015
@@ -2229,7 +2229,7 @@ static int tls_parse_pkcs12(struct tls_data *data, SSL
}
if (certs) {
-#if OPENSSL_VERSION_NUMBER >= 0x10002000L
+#if OPENSSL_VERSION_NUMBER >= 0x10002000L && !defined(LIBRESSL_VERSION_NUMBER)
SSL_clear_chain_certs(ssl);
while ((cert = sk_X509_pop(certs)) != NULL) {
X509_NAME_oneline(X509_get_subject_name(cert), buf,
@@ -2247,7 +2247,7 @@ static int tls_parse_pkcs12(struct tls_data *data, SSL
/* Try to continue anyway */
}
sk_X509_free(certs);
-#ifndef OPENSSL_IS_BORINGSSL
+#if !defined(OPENSSL_IS_BORINGSSL) && !defined(LIBRESSL_VERSION_NUMBER)
res = SSL_build_cert_chain(ssl,
SSL_BUILD_CHAIN_FLAG_CHECK |
SSL_BUILD_CHAIN_FLAG_IGNORE_ERROR);
@@ -2812,7 +2812,7 @@ int tls_connection_get_random(void *ssl_ctx, struct tl
if (conn == NULL || keys == NULL)
return -1;
ssl = conn->ssl;
-#if OPENSSL_VERSION_NUMBER < 0x10100000L
+#if OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER)
if (ssl == NULL || ssl->s3 == NULL || ssl->session == NULL)
return -1;
@@ -2841,7 +2841,7 @@ int tls_connection_get_random(void *ssl_ctx, struct tl
#ifndef CONFIG_FIPS
static int openssl_get_keyblock_size(SSL *ssl)
{
-#if OPENSSL_VERSION_NUMBER < 0x10100000L
+#if OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER)
const EVP_CIPHER *c;
const EVP_MD *h;
int md_size;
@@ -2911,7 +2911,7 @@ static int openssl_tls_prf(struct tls_connection *conn
"mode");
return -1;
#else /* CONFIG_FIPS */
-#if OPENSSL_VERSION_NUMBER < 0x10100000L
+#if OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER)
SSL *ssl;
u8 *rnd;
int ret = -1;
@@ -3394,7 +3394,7 @@ int tls_connection_set_cipher_list(void *tls_ctx, stru
wpa_printf(MSG_DEBUG, "OpenSSL: cipher suites: %s", buf + 1);
-#if OPENSSL_VERSION_NUMBER >= 0x10100000L
+#if OPENSSL_VERSION_NUMBER >= 0x10100000L && !defined(LIBRESSL_VERSION_NUMBER)
#if defined(EAP_FAST) || defined(EAP_FAST_DYNAMIC) || defined(EAP_SERVER_FAST)
if (os_strstr(buf, ":ADH-")) {
/*
@@ -3977,7 +3977,7 @@ static int tls_sess_sec_cb(SSL *s, void *secret, int *
struct tls_connection *conn = arg;
int ret;
-#if OPENSSL_VERSION_NUMBER < 0x10100000L
+#if OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER)
if (conn == NULL || conn->session_ticket_cb == NULL)
return 0;

View file

@ -10,9 +10,7 @@ stdenv.mkDerivation rec {
sha256 = "1w4gp4hdkb452nmz91l413d1rx89isl2l6wv8kpbdd2afpc3phws";
};
patchPhase = ''
sed -i 's/^\t.*run/\t/' Makefile.in
'';
patches = [ ./libressl.patch ./remove-mkdir-var.patch ];
buildInputs = [ openssl libtool perl libxml2 ];

View file

@ -0,0 +1,102 @@
$OpenBSD: patch-lib_dns_openssl_link_c,v 1.1 2015/09/16 15:28:16 sthen Exp $
--- a/lib/dns/openssl_link.c Wed Sep 16 14:01:23 2015
+++ b/lib/dns/openssl_link.c Wed Sep 16 14:01:46 2015
@@ -88,7 +88,7 @@ entropy_getpseudo(unsigned char *buf, int num) {
return (result == ISC_R_SUCCESS ? 1 : -1);
}
-#if OPENSSL_VERSION_NUMBER < 0x10100000L
+#if OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER)
static void
entropy_add(const void *buf, int num, double entropy) {
/*
@@ -121,7 +121,7 @@ lock_callback(int mode, int type, const char *file, in
UNLOCK(&locks[type]);
}
-#if OPENSSL_VERSION_NUMBER < 0x10100000L
+#if OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER)
static unsigned long
id_callback(void) {
return ((unsigned long)isc_thread_self());
@@ -187,7 +187,7 @@ dst__openssl_init(const char *engine) {
if (result != ISC_R_SUCCESS)
goto cleanup_mutexalloc;
CRYPTO_set_locking_callback(lock_callback);
-#if OPENSSL_VERSION_NUMBER < 0x10100000L
+#if OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER)
CRYPTO_set_id_callback(id_callback);
#endif
@@ -287,7 +287,7 @@ dst__openssl_destroy(void) {
CRYPTO_cleanup_all_ex_data();
#endif
ERR_clear_error();
-#if OPENSSL_VERSION_NUMBER < 0x10100000L
+#if OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER)
ERR_remove_state(0);
#endif
ERR_free_strings();
--- a/lib/dns/dst_openssl.h Wed Sep 16 14:00:47 2015
+++ b/lib/dns/dst_openssl.h Wed Sep 16 14:02:42 2015
@@ -36,7 +36,7 @@
#define USE_ENGINE 1
#endif
-#if OPENSSL_VERSION_NUMBER < 0x10100000L
+#if OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER)
/*
* These are new in OpenSSL 1.1.0. BN_GENCB _cb needs to be declared in
* the function like this before the BN_GENCB_new call:
--- a/lib/dns/openssldh_link.c Wed Sep 16 14:01:23 2015
+++ b/lib/dns/openssldh_link.c Wed Sep 16 14:02:06 2015
@@ -173,7 +173,7 @@ openssldh_generate(dst_key_t *key, int generator, void
DH *dh = NULL;
#if OPENSSL_VERSION_NUMBER > 0x00908000L
BN_GENCB *cb;
-#if OPENSSL_VERSION_NUMBER < 0x10100000L
+#if OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER)
BN_GENCB _cb;
#endif
union {
@@ -210,7 +210,7 @@ openssldh_generate(dst_key_t *key, int generator, void
if (dh == NULL)
return (dst__openssl_toresult(ISC_R_NOMEMORY));
cb = BN_GENCB_new();
-#if OPENSSL_VERSION_NUMBER >= 0x10100000L
+#if OPENSSL_VERSION_NUMBER >= 0x10100000L && !defined(LIBRESSL_VERSION_NUMBER)
if (cb == NULL) {
DH_free(dh);
return (dst__openssl_toresult(ISC_R_NOMEMORY));
--- a/lib/dns/openssldsa_link.c Wed Sep 16 14:01:23 2015
+++ b/lib/dns/openssldsa_link.c Wed Sep 16 14:02:22 2015
@@ -359,7 +359,7 @@ openssldsa_generate(dst_key_t *key, int unused, void (
isc_result_t result;
#if OPENSSL_VERSION_NUMBER > 0x00908000L
BN_GENCB *cb;
-#if OPENSSL_VERSION_NUMBER < 0x10100000L
+#if OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER)
BN_GENCB _cb;
#endif
union {
@@ -383,7 +383,7 @@ openssldsa_generate(dst_key_t *key, int unused, void (
if (dsa == NULL)
return (dst__openssl_toresult(DST_R_OPENSSLFAILURE));
cb = BN_GENCB_new();
-#if OPENSSL_VERSION_NUMBER >= 0x10100000L
+#if OPENSSL_VERSION_NUMBER >= 0x10100000L && !defined(LIBRESSL_VERSION_NUMBER)
if (cb == NULL) {
DSA_free(dsa);
return (dst__openssl_toresult(DST_R_OPENSSLFAILURE));
$OpenBSD: patch-lib_dns_opensslrsa_link_c,v 1.1 2015/09/16 15:28:16 sthen Exp $
--- a/lib/dns/opensslrsa_link.c Wed Sep 16 14:01:23 2015
+++ b/lib/dns/opensslrsa_link.c Wed Sep 16 14:02:31 2015
@@ -771,7 +771,7 @@ opensslrsa_generate(dst_key_t *key, int exp, void (*ca
} u;
RSA *rsa = RSA_new();
BIGNUM *e = BN_new();
-#if OPENSSL_VERSION_NUMBER < 0x10100000L
+#if OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER)
BN_GENCB _cb;
#endif
BN_GENCB *cb = BN_GENCB_new();

View file

@ -0,0 +1,12 @@
--- a/Makefile.in
+++ b/Makefile.in
@@ -53,8 +53,7 @@ docclean manclean maintainer-clean::
doc man:: ${MANOBJS}
installdirs:
- $(SHELL) ${top_srcdir}/mkinstalldirs ${DESTDIR}${bindir} \
- ${DESTDIR}${localstatedir}/run ${DESTDIR}${sysconfdir}
+ $(SHELL) ${top_srcdir}/mkinstalldirs ${DESTDIR}${bindir} ${DESTDIR}${sysconfdir}
$(SHELL) ${top_srcdir}/mkinstalldirs ${DESTDIR}${mandir}/man1
install:: isc-config.sh installdirs

View file

@ -42,5 +42,5 @@ patch: [
(patch "039" "1v3l3vkc3g2b6fjycqwlakr8xhiw6bmw6q0zd6bi0m0m4bnxr55b")
(patch "040" "0sypv66vsldmc95gwvf7ylz1k7y37vnvdsjg8ajjr6b2j9mkkfw4")
(patch "041" "06ic2gdpbi1afik3wqf9d4vh95if4bz8bmhcgr555621dsb35i2f")
(patch "042" "1bwhssay66n75fy0pxcrwbm032s6fvfg7dblzbrzzn5k38a56nmp")
(patch "042" "06a90k0p6bqc4wk2dsmapna69124an76xvlnlj3xm497vci968dc")
]

View file

@ -12,12 +12,14 @@ stdenv.mkDerivation rec {
configureFlags = stdenv.lib.optionalString stdenv.isDarwin "--disable-ip6";
meta = {
patches = stdenv.lib.singleton ./libressl-fixes.patch ;
meta = with stdenv.lib; {
description = "A utility for bidirectional data transfer between two independent data channels";
homepage = http://www.dest-unreach.org/socat/;
repositories.git = git://repo.or.cz/socat.git;
platforms = stdenv.lib.platforms.unix;
license = stdenv.lib.licenses.gpl2;
maintainers = [ stdenv.lib.maintainers.eelco ];
platforms = platforms.unix;
license = licenses.gpl2;
maintainers = [ maintainers.eelco ];
};
}

View file

@ -10,7 +10,7 @@ stdenv.mkDerivation rec {
buildInputs = [ openssl ];
patches = [ ./enable-ecdhe.patch ];
patches = [ ./enable-ecdhe.patch ./libressl-fixes.patch ];
meta = {
description = "A utility for bidirectional data transfer between two independent data channels";

View file

@ -0,0 +1,173 @@
Patch from OpenBSD
--- a/sslcls.c Sat Jan 24 03:15:22 2015
+++ b/sslcls.c Sat Jul 18 20:01:59 2015
@@ -55,6 +55,7 @@ const SSL_METHOD *sycSSLv2_server_method(void) {
}
#endif
+#ifdef HAVE_SSLv3_client_method
const SSL_METHOD *sycSSLv3_client_method(void) {
const SSL_METHOD *result;
Debug("SSLv3_client_method()");
@@ -62,7 +63,9 @@ const SSL_METHOD *sycSSLv3_client_method(void) {
Debug1("SSLv3_client_method() -> %p", result);
return result;
}
+#endif
+#ifdef HAVE_SSLv3_server_method
const SSL_METHOD *sycSSLv3_server_method(void) {
const SSL_METHOD *result;
Debug("SSLv3_server_method()");
@@ -70,6 +73,7 @@ const SSL_METHOD *sycSSLv3_server_method(void) {
Debug1("SSLv3_server_method() -> %p", result);
return result;
}
+#endif
const SSL_METHOD *sycSSLv23_client_method(void) {
const SSL_METHOD *result;
@@ -331,14 +335,6 @@ void sycSSL_free(SSL *ssl) {
return;
}
-int sycRAND_egd(const char *path) {
- int result;
- Debug1("RAND_egd(\"%s\")", path);
- result = RAND_egd(path);
- Debug1("RAND_egd() -> %d", result);
- return result;
-}
-
DH *sycPEM_read_bio_DHparams(BIO *bp, DH **x, pem_password_cb *cb, void *u) {
DH *result;
Debug4("PEM_read_bio_DHparams(%p, %p, %p, %p)",
@@ -375,7 +371,7 @@ int sycFIPS_mode_set(int onoff) {
}
#endif /* WITH_FIPS */
-#if OPENSSL_VERSION_NUMBER >= 0x00908000L
+#if (OPENSSL_VERSION_NUMBER >= 0x00908000L) && !defined(OPENSSL_NO_COMP)
const COMP_METHOD *sycSSL_get_current_compression(SSL *ssl) {
const COMP_METHOD *result;
Debug1("SSL_get_current_compression(%p)", ssl);
--- a/sslcls.h Sat Jan 24 11:15:22 2015
+++ b/sslcls.h Mon Apr 13 15:06:25 2015
@@ -47,7 +47,6 @@ X509 *sycSSL_get_peer_certificate(SSL *ssl);
int sycSSL_shutdown(SSL *ssl);
void sycSSL_CTX_free(SSL_CTX *ctx);
void sycSSL_free(SSL *ssl);
-int sycRAND_egd(const char *path);
DH *sycPEM_read_bio_DHparams(BIO *bp, DH **x, pem_password_cb *cb, void *u);
@@ -55,7 +54,7 @@ BIO *sycBIO_new_file(const char *filename, const char
int sycFIPS_mode_set(int onoff);
-#if OPENSSL_VERSION_NUMBER >= 0x00908000L
+#if (OPENSSL_VERSION_NUMBER >= 0x00908000L) && !defined(OPENSSL_NO_COMP)
const COMP_METHOD *sycSSL_get_current_compression(SSL *ssl);
const COMP_METHOD *sycSSL_get_current_expansion(SSL *ssl);
const char *sycSSL_COMP_get_name(const COMP_METHOD *comp);
@@ -98,7 +97,6 @@ const char *sycSSL_COMP_get_name(const COMP_METHOD *co
#define sycSSL_shutdown(s) SSL_shutdown(s)
#define sycSSL_CTX_free(c) SSL_CTX_free(c)
#define sycSSL_free(s) SSL_free(s)
-#define sycRAND_egd(p) RAND_egd(p)
#define sycPEM_read_bio_DHparams(b,x,p,u) PEM_read_bio_DHparams(b,x,p,u)
--- a/xio-openssl.c Sat Jan 24 15:33:42 2015
+++ b/xio-openssl.c Mon Apr 13 14:59:12 2015
@@ -108,7 +108,6 @@ const struct optdesc opt_openssl_key = { "open
const struct optdesc opt_openssl_dhparam = { "openssl-dhparam", "dh", OPT_OPENSSL_DHPARAM, GROUP_OPENSSL, PH_SPEC, TYPE_FILENAME, OFUNC_SPEC };
const struct optdesc opt_openssl_cafile = { "openssl-cafile", "cafile", OPT_OPENSSL_CAFILE, GROUP_OPENSSL, PH_SPEC, TYPE_FILENAME, OFUNC_SPEC };
const struct optdesc opt_openssl_capath = { "openssl-capath", "capath", OPT_OPENSSL_CAPATH, GROUP_OPENSSL, PH_SPEC, TYPE_FILENAME, OFUNC_SPEC };
-const struct optdesc opt_openssl_egd = { "openssl-egd", "egd", OPT_OPENSSL_EGD, GROUP_OPENSSL, PH_SPEC, TYPE_FILENAME, OFUNC_SPEC };
const struct optdesc opt_openssl_pseudo = { "openssl-pseudo", "pseudo", OPT_OPENSSL_PSEUDO, GROUP_OPENSSL, PH_SPEC, TYPE_BOOL, OFUNC_SPEC };
#if OPENSSL_VERSION_NUMBER >= 0x00908000L
const struct optdesc opt_openssl_compress = { "openssl-compress", "compress", OPT_OPENSSL_COMPRESS, GROUP_OPENSSL, PH_SPEC, TYPE_STRING, OFUNC_SPEC };
@@ -147,7 +146,7 @@ int xio_reset_fips_mode(void) {
static void openssl_conn_loginfo(SSL *ssl) {
Notice1("SSL connection using %s", SSL_get_cipher(ssl));
-#if OPENSSL_VERSION_NUMBER >= 0x00908000L
+#if (OPENSSL_VERSION_NUMBER >= 0x00908000L) && !defined(OPENSSL_NO_COMP)
{
const COMP_METHOD *comp, *expansion;
@@ -722,7 +721,6 @@ int
char *opt_dhparam = NULL; /* file name of DH params */
char *opt_cafile = NULL; /* certificate authority file */
char *opt_capath = NULL; /* certificate authority directory */
- char *opt_egd = NULL; /* entropy gathering daemon socket path */
#if OPENSSL_VERSION_NUMBER >= 0x00908000L
char *opt_compress = NULL; /* compression method */
#endif
@@ -741,7 +739,6 @@ int
retropt_string(opts, OPT_OPENSSL_CAPATH, &opt_capath);
retropt_string(opts, OPT_OPENSSL_KEY, &opt_key);
retropt_string(opts, OPT_OPENSSL_DHPARAM, &opt_dhparam);
- retropt_string(opts, OPT_OPENSSL_EGD, &opt_egd);
retropt_bool(opts,OPT_OPENSSL_PSEUDO, &opt_pseudo);
#if OPENSSL_VERSION_NUMBER >= 0x00908000L
retropt_string(opts, OPT_OPENSSL_COMPRESS, &opt_compress);
@@ -877,10 +874,6 @@ int
}
}
- if (opt_egd) {
- sycRAND_egd(opt_egd);
- }
-
if (opt_pseudo) {
long int randdata;
/* initialize libc random from actual microseconds */
@@ -1098,7 +1091,7 @@ static int openssl_SSL_ERROR_SSL(int level, const char
if (e == ((ERR_LIB_RAND<<24)|
(RAND_F_SSLEAY_RAND_BYTES<<12)|
(RAND_R_PRNG_NOT_SEEDED)) /*0x24064064*/) {
- Error("too few entropy; use options \"egd\" or \"pseudo\"");
+ Error("too few entropy; use option \"pseudo\"");
stat = STAT_NORETRY;
} else {
Msg2(level, "%s(): %s", funcname, ERR_error_string(e, buf));
--- a/xio-openssl.h Sun Jun 23 07:16:48 2013
+++ b/xio-openssl.h Sat Apr 19 15:58:21 2014
@@ -21,7 +21,6 @@ extern const struct optdesc opt_openssl_key;
extern const struct optdesc opt_openssl_dhparam;
extern const struct optdesc opt_openssl_cafile;
extern const struct optdesc opt_openssl_capath;
-extern const struct optdesc opt_openssl_egd;
extern const struct optdesc opt_openssl_pseudo;
#if OPENSSL_VERSION_NUMBER >= 0x00908000L
extern const struct optdesc opt_openssl_compress;
--- a/xioopts.c Sat Jan 24 11:15:22 2015
+++ b/xioopts.c Mon Apr 13 15:06:25 2015
@@ -412,7 +412,6 @@ const struct optname optionnames[] = {
#ifdef ECHOPRT
IF_TERMIOS("echoprt", &opt_echoprt)
#endif
- IF_OPENSSL("egd", &opt_openssl_egd)
IF_ANY ("end-close", &opt_end_close)
IF_TERMIOS("eof", &opt_veof)
IF_TERMIOS("eol", &opt_veol)
@@ -1102,7 +1101,6 @@ const struct optname optionnames[] = {
IF_OPENSSL("openssl-compress", &opt_openssl_compress)
#endif
IF_OPENSSL("openssl-dhparam", &opt_openssl_dhparam)
- IF_OPENSSL("openssl-egd", &opt_openssl_egd)
#if WITH_FIPS
IF_OPENSSL("openssl-fips", &opt_openssl_fips)
#endif
--- a/xioopts.h Sat Jan 24 11:15:22 2015
+++ b/xioopts.h Mon Apr 13 15:06:25 2015
@@ -478,7 +478,6 @@ enum e_optcode {
OPT_OPENSSL_COMPRESS,
#endif
OPT_OPENSSL_DHPARAM,
- OPT_OPENSSL_EGD,
OPT_OPENSSL_FIPS,
OPT_OPENSSL_KEY,
OPT_OPENSSL_METHOD,

View file

@ -6672,7 +6672,10 @@ let
};
glib = callPackage ../development/libraries/glib { };
glib-tested = glib.override { doCheck = true; }; # checked version separate to break cycles
glib-tested = glib.override { # checked version separate to break cycles
doCheck = true;
libffi = libffi.override { doCheck = true; };
};
glibmm = callPackage ../development/libraries/glibmm { };
glib_networking = callPackage ../development/libraries/glib-networking {};