Commit graph

15 commits

Author SHA1 Message Date
Robin Gloster
5185bc1773 Merge remote-tracking branch 'upstream/master' into hardened-stdenv 2016-07-15 14:41:01 +00:00
Vladimír Čunát
b1a07467d2 gd: security 2.2.1 -> 2.2.2
CVE-2015-8874, CVE-2016-5767
2016-07-09 17:17:38 +02:00
Robin Gloster
8031cba2ab Merge remote-tracking branch 'upstream/master' into hardened-stdenv 2016-06-10 09:27:04 +00:00
Joachim Fasting
8b2fc35987
gd: propagate image format dependencies
After f8bdd7969d it has become necessary for users
of gd to also add inputs for optional image format support, such as libjpeg and
libwebp.

This patch makes the following commits obsolete:
- 972c438c03
- 2113b7389a
- 94286527ac
- a371094f1f
- f345d01974
2016-06-03 15:43:12 +02:00
Joachim Fasting
3a7ec4c8f4
gd: enable parallel building 2016-06-03 15:43:12 +02:00
Robin Gloster
2d382f3d98 Merge remote-tracking branch 'upstream/master' into hardened-stdenv 2016-05-30 19:39:34 +00:00
Franz Pletz
7d580b8339 gd: 2.1.1 -> 2.2.1 2016-05-30 09:49:12 +02:00
Joachim Fasting
63a8c58185
gd: multiple outputs 2016-05-22 20:03:00 +02:00
Franz Pletz
f8d481754c
Merge remote-tracking branch 'origin/master' into hardened-stdenv 2016-05-18 17:10:02 +02:00
Joachim Fasting
220836d066
gd: apply patch for CVE-2016-3074 from upstream
Source:
2bb97f407c.patch

The original patch contains binary data, however, which is not supported
by `patch`; we could use `git apply` here, of course, but it was simpler
to just copy-paste only the fix into a separate file and include it in
the repo.
2016-05-14 07:15:41 +02:00
Joachim Fasting
f8bdd7969d
gd: 2.0.35 -> 2.1.1
Upstream claims 2.1 is fully API compatible with 2.0

https://libgd.github.io/release-2.1.0.html
https://libgd.github.io/release-2.1.1.html

Also includes meta updates, adds pkg-config to the build environment,
for proper detection of dependencies, and adds optional support for tiff
and xpm image formats.
2016-05-14 07:15:41 +02:00
Franz Pletz
aff1f4ab94 Use general hardening flag toggle lists
The following parameters are now available:

  * hardeningDisable
    To disable specific hardening flags
  * hardeningEnable
    To enable specific hardening flags

Only the cc-wrapper supports this right now, but these may be reused by
other wrappers, builders or setup hooks.

cc-wrapper supports the following flags:

  * fortify
  * stackprotector
  * pie (disabled by default)
  * pic
  * strictoverflow
  * format
  * relro
  * bindnow
2016-03-05 18:55:26 +01:00
Robin Gloster
f6d3b7a2ae switch hardening flags 2016-01-30 16:36:57 +00:00
Franz Pletz
954e9903ad Use a hardened stdenv by default 2016-01-30 16:36:57 +00:00
Eelco Dolstra
ebacd32b71 * Added libgd.
* gnuplot 4.2.2.

svn path=/nixpkgs/trunk/; revision=9354
2007-09-21 20:43:43 +00:00