From 88033a4862c1eb55929b8a4163da2137f377e6af Mon Sep 17 00:00:00 2001 From: Thomas Gerbet Date: Mon, 25 Jan 2021 17:06:31 +0100 Subject: [PATCH 1/2] scylladb: mark as broken The package does not build due to changes in Boost. --- pkgs/servers/scylladb/default.nix | 1 + 1 file changed, 1 insertion(+) diff --git a/pkgs/servers/scylladb/default.nix b/pkgs/servers/scylladb/default.nix index b0793d5e42a8..ecc79acfbe73 100644 --- a/pkgs/servers/scylladb/default.nix +++ b/pkgs/servers/scylladb/default.nix @@ -98,5 +98,6 @@ gcc8Stdenv.mkDerivation { platforms = lib.platforms.linux; hydraPlatforms = []; # It's huge ATM, about 18 GB. maintainers = [ lib.maintainers.farlion ]; + broken = true; }; } From eefdd0983997458528f78445d04066b6d3fc147d Mon Sep 17 00:00:00 2001 From: Thomas Gerbet Date: Sat, 23 Jan 2021 01:07:16 +0100 Subject: [PATCH 2/2] cryptopp: 8.2.0 -> 8.4.0 Fixes CVE-2019-14318. --- .../libraries/crypto++/default.nix | 24 ++++++++----------- 1 file changed, 10 insertions(+), 14 deletions(-) diff --git a/pkgs/development/libraries/crypto++/default.nix b/pkgs/development/libraries/crypto++/default.nix index 041e7d49d500..b2232907db7f 100644 --- a/pkgs/development/libraries/crypto++/default.nix +++ b/pkgs/development/libraries/crypto++/default.nix @@ -1,16 +1,15 @@ -{ lib, stdenv, fetchFromGitHub, nasm, which }: +{ lib, stdenv, fetchFromGitHub, }: -with lib; stdenv.mkDerivation rec { pname = "crypto++"; - version = "8.2.0"; - underscoredVersion = strings.replaceStrings ["."] ["_"] version; + version = "8.4.0"; + underscoredVersion = lib.strings.replaceStrings ["."] ["_"] version; src = fetchFromGitHub { owner = "weidai11"; repo = "cryptopp"; rev = "CRYPTOPP_${underscoredVersion}"; - sha256 = "01zrrzjn14yhkb9fzzl57vmh7ig9a6n6fka45f8za0gf7jpcq3mj"; + sha256 = "1gwn8yh1mh41hkh6sgnhb9c3ygrdazd7645msl20i0zdvcp7f5w3"; }; postPatch = '' @@ -19,9 +18,6 @@ stdenv.mkDerivation rec { --replace "ARFLAGS = -static -o" "ARFLAGS = -cru" ''; - nativeBuildInputs = optionals stdenv.hostPlatform.isx86 [ nasm which ]; - - preBuild = optionalString stdenv.hostPlatform.isx86 "${stdenv.shell} rdrand-nasm.sh"; makeFlags = [ "PREFIX=${placeholder "out"}" ]; buildFlags = [ "shared" "libcryptopp.pc" ]; enableParallelBuilding = true; @@ -31,17 +27,17 @@ stdenv.mkDerivation rec { preInstall = "rm libcryptopp.a"; # built for checks but we don't install static lib into the nix store installTargets = [ "install-lib" ]; installFlags = [ "LDCONF=true" ]; - postInstall = optionalString (!stdenv.hostPlatform.isDarwin) '' - ln -sr $out/lib/libcryptopp.so.${version} $out/lib/libcryptopp.so.${versions.majorMinor version} - ln -sr $out/lib/libcryptopp.so.${version} $out/lib/libcryptopp.so.${versions.major version} + postInstall = lib.optionalString (!stdenv.hostPlatform.isDarwin) '' + ln -sr $out/lib/libcryptopp.so.${version} $out/lib/libcryptopp.so.${lib.versions.majorMinor version} + ln -sr $out/lib/libcryptopp.so.${version} $out/lib/libcryptopp.so.${lib.versions.major version} ''; meta = { description = "Crypto++, a free C++ class library of cryptographic schemes"; homepage = "https://cryptopp.com/"; changelog = "https://raw.githubusercontent.com/weidai11/cryptopp/CRYPTOPP_${underscoredVersion}/History.txt"; - license = with licenses; [ boost publicDomain ]; - platforms = platforms.all; - maintainers = with maintainers; [ c0bw3b ]; + license = with lib.licenses; [ boost publicDomain ]; + platforms = lib.platforms.all; + maintainers = with lib.maintainers; [ c0bw3b ]; }; }