From db90ac6fff17ca83dccbb45d7f7818f07e3fa731 Mon Sep 17 00:00:00 2001 From: Alexander Kahl Date: Tue, 10 Jan 2017 17:41:09 +0100 Subject: [PATCH 1/5] openldap: load configuration files from global sysconfdir /etc (#21648) --- pkgs/development/libraries/openldap/default.nix | 3 +++ 1 file changed, 3 insertions(+) diff --git a/pkgs/development/libraries/openldap/default.nix b/pkgs/development/libraries/openldap/default.nix index cdef4d9a49f446..05c03dcd8424a8 100644 --- a/pkgs/development/libraries/openldap/default.nix +++ b/pkgs/development/libraries/openldap/default.nix @@ -19,10 +19,13 @@ stdenv.mkDerivation rec { [ "--enable-overlays" "--disable-dependency-tracking" # speeds up one-time build "--enable-modules" + "--sysconfdir=/etc" ] ++ stdenv.lib.optional (openssl == null) "--without-tls" ++ stdenv.lib.optional (cyrus_sasl == null) "--without-cyrus-sasl" ++ stdenv.lib.optional stdenv.isFreeBSD "--with-pic"; + installFlags = [ "sysconfdir=$(out)/etc" ]; + # 1. Fixup broken libtool # 2. Libraries left in the build location confuse `patchelf --shrink-rpath` # Delete these to let patchelf discover the right path instead. From cc40fadf62e8843dabb330659941d0d4d522f863 Mon Sep 17 00:00:00 2001 From: Franz Pletz Date: Wed, 11 Jan 2017 06:18:29 +0100 Subject: [PATCH 2/5] gnutls: 3.4.16 -> 3.4.17 --- pkgs/development/libraries/gnutls/3.4.nix | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/pkgs/development/libraries/gnutls/3.4.nix b/pkgs/development/libraries/gnutls/3.4.nix index fc3ac0ec421aab..0cb2c67c501b83 100644 --- a/pkgs/development/libraries/gnutls/3.4.nix +++ b/pkgs/development/libraries/gnutls/3.4.nix @@ -1,10 +1,10 @@ -{ callPackage, fetchurl, autoreconfHook, ... } @ args: +{ callPackage, fetchurl, ... } @ args: callPackage ./generic.nix (args // rec { - version = "3.4.16"; + version = "3.4.17"; src = fetchurl { url = "ftp://ftp.gnutls.org/gcrypt/gnutls/v3.4/gnutls-${version}.tar.xz"; - sha256 = "09rrjaflgp5p0hi5gqljklz1xpalnvj8bawvjj6baw8768dvp6nr"; + sha256 = "0bhp8cqrmw15yins65cn0zwbcpj1vmymr4wnbm151sfmf2kfhl4v"; }; }) From 0e963d2563de6311a829de63762bb8a9c4378050 Mon Sep 17 00:00:00 2001 From: Franz Pletz Date: Wed, 11 Jan 2017 06:18:41 +0100 Subject: [PATCH 3/5] gnutls33: 3.3.25 -> 3.3.26 Fixes the following security issues: * CVE-2017-5334 * CVE-2017-5335 * CVE-2017-5336 * CVE-2017-5337 See https://www.gnutls.org/news.html#2017-01-09 for more information. --- pkgs/development/libraries/gnutls/3.3.nix | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/pkgs/development/libraries/gnutls/3.3.nix b/pkgs/development/libraries/gnutls/3.3.nix index 87b46dc26a0758..56829193060513 100644 --- a/pkgs/development/libraries/gnutls/3.3.nix +++ b/pkgs/development/libraries/gnutls/3.3.nix @@ -1,10 +1,10 @@ { callPackage, fetchurl, ... } @ args: callPackage ./generic.nix (args // rec { - version = "3.3.25"; + version = "3.3.26"; src = fetchurl { url = "ftp://ftp.gnutls.org/gcrypt/gnutls/v3.3/gnutls-${version}.tar.xz"; - sha256 = "0bhzkzpzwg3lhbhpas7m4rcj4mrnyq76zmic9z42wpa68d76r78q"; + sha256 = "1n90qyz54hhnmf4fmap6zdyv7nihz6mrbqgxhd46h7aqdcmqhzba"; }; }) From 7165b389084966b7a5c96e9b512b7312ae9c676d Mon Sep 17 00:00:00 2001 From: Franz Pletz Date: Wed, 11 Jan 2017 06:18:14 +0100 Subject: [PATCH 4/5] libtasn1: 4.8 -> 4.9 --- pkgs/development/libraries/libtasn1/default.nix | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/pkgs/development/libraries/libtasn1/default.nix b/pkgs/development/libraries/libtasn1/default.nix index 1e45f07a22f262..5ecbcc63a9570d 100644 --- a/pkgs/development/libraries/libtasn1/default.nix +++ b/pkgs/development/libraries/libtasn1/default.nix @@ -1,11 +1,11 @@ { stdenv, fetchurl, perl, texinfo }: stdenv.mkDerivation rec { - name = "libtasn1-4.8"; + name = "libtasn1-4.9"; src = fetchurl { url = "mirror://gnu/libtasn1/${name}.tar.gz"; - sha256 = "04y5m29pqmvkfdbppmsdifyx89v8xclxzklpfc7a1fkr9p4jz07s"; + sha256 = "0869cp6jx7cajgv6cnddsh3vc7bimmdkdjn80y1jpb4iss7plvsg"; }; outputs = [ "out" "dev" "devdoc" ]; From 85ac7906661e42fb89e186f77fcf01a5c96586bd Mon Sep 17 00:00:00 2001 From: Franz Pletz Date: Wed, 11 Jan 2017 06:19:04 +0100 Subject: [PATCH 5/5] gnutls35: 3.5.5 -> 3.5.8 Fixes the following security issues: * CVE-2017-5334 * CVE-2017-5335 * CVE-2017-5336 * CVE-2017-5337 See https://www.gnutls.org/news.html#2017-01-09 for more information. --- pkgs/development/libraries/gnutls/3.5.nix | 8 +++++--- pkgs/development/libraries/gnutls/generic.nix | 6 ++++-- 2 files changed, 9 insertions(+), 5 deletions(-) diff --git a/pkgs/development/libraries/gnutls/3.5.nix b/pkgs/development/libraries/gnutls/3.5.nix index 602df9f44a350c..7d58bfcd67ff94 100644 --- a/pkgs/development/libraries/gnutls/3.5.nix +++ b/pkgs/development/libraries/gnutls/3.5.nix @@ -1,10 +1,12 @@ -{ callPackage, fetchurl, autoreconfHook, ... } @ args: +{ callPackage, fetchurl, libunistring, ... } @ args: callPackage ./generic.nix (args // rec { - version = "3.5.5"; + version = "3.5.8"; src = fetchurl { url = "ftp://ftp.gnutls.org/gcrypt/gnutls/v3.5/gnutls-${version}.tar.xz"; - sha256 = "0ag5q3dfxzv0dmqy7q0a8y74yc3m5yzvjrp324l6vqafh3klz6c6"; + sha256 = "1zyl2z63s68hx1dpxqx0lykmlf3rwrzlrf44sq3h7dvjmr1z55qf"; }; + + buildInputs = [ libunistring ]; }) diff --git a/pkgs/development/libraries/gnutls/generic.nix b/pkgs/development/libraries/gnutls/generic.nix index 9425bd7c6a6987..67a969b1178edb 100644 --- a/pkgs/development/libraries/gnutls/generic.nix +++ b/pkgs/development/libraries/gnutls/generic.nix @@ -4,6 +4,7 @@ # Version dependent args , version, src, patches ? [], postPatch ? "", nativeBuildInputs ? [] +, buildInputs ? [] , ...}: assert guileBindings -> guile != null; @@ -41,7 +42,8 @@ stdenv.mkDerivation { ++ lib.optional (stdenv.isFreeBSD || stdenv.isDarwin) libiconv ++ lib.optional (tpmSupport && stdenv.isLinux) trousers ++ [ unbound ] - ++ lib.optional guileBindings guile; + ++ lib.optional guileBindings guile + ++ buildInputs; nativeBuildInputs = [ perl pkgconfig ] ++ nativeBuildInputs; @@ -75,7 +77,7 @@ stdenv.mkDerivation { homepage = http://www.gnu.org/software/gnutls/; license = licenses.lgpl21Plus; - maintainers = with maintainers; [ eelco wkennington ]; + maintainers = with maintainers; [ eelco wkennington fpletz ]; platforms = platforms.all; }; }