macvim: add vim common hardeningDisable flags (e954eff5) · Commits · nix / nixpkgs

The other vim derivations all use a common definition of `hardeningDisable` which disables `fortify`. The vim source already sets `-D_FORTIFY_SOURCE=1` so it's not fully disabled, though it's certainly weaker than what we get if we don't disable it. Disabling `fortify` like this fixes a crash that occurs as a consequence of `strictflexarrays1` now being enabled by default. Arguably we should just disable that instead of disabling `fortify` but this keeps us consistent with the other vim derivations.

pkgs/applications/editors/vim/macvim.nix

+5 −1

Original line number	Diff line number	Diff line
		{
		lib,
		stdenv,
		callPackage,
		fetchFromGitHub,
		apple-sdk_14,
		ncurses,
		@@ -24,6 +25,9 @@ let
		ruby = ruby_3_4;
		in

		let
		common = callPackage ./common.nix { inherit stdenv; };
		in
		stdenv.mkDerivation (finalAttrs: {
		pname = "macvim";

		@@ -182,7 +186,7 @@ stdenv.mkDerivation (finalAttrs: {
		'';

		# macvim obj-c log macro triggers -Wformat-security (seems like a bug? it's a string literal!)
		hardeningDisable = [ "format" ];
		hardeningDisable = common.hardeningDisable ++ [ "format" ];
		# os_log also enables -Werror,-Wformat by default
		env.NIX_CFLAGS_COMPILE = "-DOS_LOG_FORMAT_WARNINGS";

Admin message