Artturin · October 25, 2023 23:52
diff --git a/gistfile1.txt b/gistfile1.txt
 98e2b90cf382 grsecurity doc: note that module autoload hardening is disabled
 89a5f7de8364 brogue: disable fortify hardening to fix runtime error
 67bec77c6825 brogue: fix crash by stackprotector hardening (#18888)
 6607b9916837 haskell: port existing hardening overrides to use the new combinator
 3ba99f83a7ac glibc: enable stackprotection hardening
 8b96b391db09 gnome2.at_spi: disable hardening to fix build
 9a0535248891 souffle: work around hardening bug on linux
 71021a825dbe gtk-gnutella: disable bindnow/fortify/pic/relro hardening (#18195)
 21282246208b linuxPackages.vhba: disable PIC hardening
 57bd89e44791 fsg: disable format hardening
 6541dfe5543b wxGTK: disable format hardening
 0e9d35539733 musl: disable stackprotector hardening
 f3c994ca11ec rhino: disable format/fortify hardening
 b0b2a947519d pdftk: disable format/fortify hardening
 56158004b5b0 lprof: add hardeningDisable to environment during build
 306cd03cdba8 indent: disable format hardening
 69b71d3eac11 liquidwar5: disable format hardening
 6f9d474db120 njam: disable format hardening
 9f80e554288e openmodelica: disable format hardening
 191896e63ab9 qfsm: disable format hardening
 a2a337c56278 gksu: disable format hardening
 113fbe910ebc spidermonkey_1_8_0rc1: disable pic hardening on i686
 1054399bef76 moltengamepad: disable format hardening
 4f46913bf7ee wraith: disable format hardening
 bd739d1fae0b pypy: disable pic hardening on i686
 0e1b611a5bf7 flannel: disable fortify hardening
 2b4438c294da maude: disable pic and fortify hardening on i686
 bfe1c24eac1c dico: disable format hardening
 647b2ce168bf lua5_0: disable stackprotector hardening on i686
 9e47acb89d2b otpw: disable stackprotector hardening
 bd0b68f59a02 go_1_7: disable all hardening
 3c06e5f6f792 cc-wrapper: check ld hardening capabilities in stdenv
 27b9f5d65ee4 xorg.*: disable relro/bindnow hardening
 fa3a35b241de linuxPackages.fusionio-vsl: disable pic hardening (still broken)
 b2c6d28a1de7 linuxPackages.ndiswrapper: disable pic hardening (still broken)
 9e7d118ea225 linuxPackages.nvidia-x11: disable pic & format hardening
 5103e70a3736 linuxPackages.nvidiabl: disable pic hardening
 62e6bc0bd962 linuxPackages.prl-tools: disable pic hardening
 f55fd87c8adf linuxPackages.ixgbevf: disable pic hardening
 5e085b7fea7b linuxPackages.e1000e: disable pic hardening
 d836b811cb53 linuxPackages.cryptodev: 1.6 -> 1.8, disable pic hardening
 f5c9f99877ce linuxPackages.ati_drivers_x11: disable pic & format hardening
 a8deb8d6470c linuxPackages.frandom: disable pic hardening
 7d9d2d687270 linuxPackages.broadcom_sta: disable pic hardening
 af04b6d5a56a hardening docs: fix typo
 55966c2189e2 doc: complete the hardening documentation
 d1b2c3475041 qrcode: enable fortify hardening, disable warning
 f7da99c7ff49 xorg.xorgserver: disable relro hardening
 bc025e83bd6c uclibc: disable stackprotector hardening
 19f5e2a1cfb8 x2vnc: disable format hardening
 1f1637f6a04c lprof: disable format hardening
 0c7f045a7a26 tex4ht: disable format hardening
 8b7dc1a3d6fa ploticus: disable format hardening
 56f03166e1d4 reiser4progs: disable format hardening
 f993dff52b22 trackballs: disable format hardening
 b898fdaceb72 xmlroff: disable format hardening
 1f06067b0102 x2x: disable format hardening
 05dbbae47cfc vlan: disable format hardening
 78fc5dde2888 mmv: disable fortify hardening
 3bff87331422 libgksu: disable fortify hardening
 e2844fcfc3d0 fontmatrix: disable fortify hardening
 56e69fcc0ee9 iptraf: disable fortify hardening
 a2ce15318bc8 fondu: disable fortify hardening
 a748f315db7e fakenes: disable format hardening
 7e81a4294d0a dlx: disable format hardening
 7ab971a25200 scummvm: disable format hardening
 552a8c421943 talkfilters: disable format hardening
 4f6bd094fbee spidermonkey_1_8_0rc1: disable format hardening
 a3a2d52595b4 rman: disable format hardening
 708653a6342d kino: disable format hardening
 7423e029a22b convertlit: disable format hardening
 847f9994e46f gnugo: disable format hardening
 e266c6a2c156 eboard: disable format hardening
 08928dc57a73 kconfig-frontends: disable format hardening
 c95ab0a2d192 gnumake380: disable format hardening
 a132aa46d6e8 gjay: disable format hardening
 c1f1fd68cc03 gegl_0_3: disable format hardening, add autoreconfHook
 f0d0164a3811 tracefilesim: disable fortify hardening
 fbbd50dbab79 unicon-lang: disable fortify hardening
 c22c137c6cf3 ruby_2_0: disable format hardening
 0751027b3155 wxPython: Disable format hardening
 b0d748e244df bitkeeper: disable fortify hardening
 0eb6023d9c0d libjson_rpc_cpp: disable format hardening
 c0830c1764de wasm: disable format hardening
 b9152cf5a09a yabar: disable format hardening
 cbc8fc239a79 zgv: disable format hardening
 15b8491af31c seabios: disable fortify hardening
 44b24cc6510f motif: disable format hardening
 1005f464dd37 xpdf: disable format hardening
 68a953cdc3f6 nedit: disable format hardening
 43ba8d295f41 nvidia-x11: disable pic/format hardening
 f597e97236c9 atlas: Fix hardening
 07615735077d gnome3_20.libgda: disable format hardening flag
 d9e5fd3b07ec gnome3_20.nautilus: disable format hardening flag
 2fa03127c8cf libdwg: disable format hardening flag
 06ed23534790 gcc6: disable format hardening flag
 99cc3fa6cad8 systemd: Disable stackprotector hardening flag
 2a5e64b69c83 maude: disable stackprotector hardening
 8f1e9d91bebe subtitleeditor: disable format hardening
 e7be1168ba12 picat: disable format hardening
 878e24b35a40 linuxPackages.dpdk: disable pic hardening
 a78316ce4785 milu: disable format hardening
 2382084e3b52 haskellPackages.gtk{,3}: disable fortify hardening
 365379857fb5 gcl: disable bindnow hardening
 eb6809eafd11 emacs25pre: disable format hardening
 527a605ad731 dar: disable format hardening
 9a8a9c43b48a haskellPackages.pango: turn off fortify hardening
 fd77c5c5a0da haskellPackages.gio: turn off fortify hardening
 b59a6aa93a64 kernel: turn off bindnow hardening
 a36f51f77327 neovim: disable fortify hardening
 5ca99ae7a7d6 kernel.i686-linux: disable bindnow hardening
 8d4443a89a7b recutils: disable format hardening
 88b49cc74815 tinycc: disable fortify hardening
 7a347f608207 wml: disable format hardening
 812e25c86b1a mksh: disable format hardening
 8bdd73291d35 wla-dx: disable format hardening
 0086c6d40148 lrzsz: disable format hardening
 58a73d3f4be7 haskellPackages.lvmrun: disable format hardening
 057a899791d6 haskellPackages.glib: disable fortify hardening
 ad9376dc74e1 hunspell: disable format hardening
 f791c1074dc5 lua.i686-linux: disable stackprotector hardening
 4d4610ac0fb9 gprolog.i686-linux: disable pic hardening
 9893a43dc370 gfortran-darwin: disable format hardening
 d8d6f0bfcb82 grub4dos: disable stackprotector hardening
 d00784602d81 ccrypt: disable format hardening
 f519a255a56e xorg: switch off bindnow hardening for all packages
 db6c023df0f2 Revert "libxml2: Disable bindnow hardening"
 df72d621f153 Revert "php: enable PIE hardening"
 59781091940f syslinux: disable fortify hardening
 4ee2b2ab7b6d rr: set Wno-error and turn off fortify hardening
 025cedc6067e singular.i686-linux: turn off stackprotector hardening
 f3f9145d2309 spidermonkey.i686-linux: turn off stackprotector hardening
 3437b52e6bd5 qboot: turn off stackprotector and pic hardening
 5df521abdabe gst-python: Disable bindnow hardening flag
 a56d90efda33 php: Disable bindnow hardening flag
 4666eca4877f linuxPackages.mba6x_bl: disable pic hardening
 ba3399b92fb7 linuxPackages.rtl8723bs: disable pic hardening
 8f94246e07bd linuxPackages.mxu11x0: disable pic hardening
 c9ebdd4cac5d libaio.i686: disable stackprotector hardening
 0fc7905db32e dhcpcd: do not enable pie hardening
 97782aa79e2d opendkim: don't enable pie hardening
 247bc1ac9e92 libidn: disable format hardening
 7dea0e91acb1 gcc/isl: move bootstrap hardening flags to new bootstrap env
 03bdf8f03cbc dnscrypt-proxy service: additional hardening
 a9b942c0617b cc-wrapper: treat hardeningDisable as string
 9a5b070b4591 hardening: debug with NIX_DEBUG
 965abb6d54b5 libxml2: Disable bindnow hardening
 ac73835b54b3 quicktun: Remove custom hardening, now enabled by default
 fedf31660dd6 nginx: Rmove custom hardening, now enabled by default
 2013614e1d74 vim-configurable: Disable hardening flag fortify
 1fb09c1e7d8a dhcpcd: enable PIE hardening
 6473000edd8c opendkim: enable PIE hardening
 fb57bfbd4f66 php: enable PIE hardening
 0cad2e7af170 vim: Disable hardening flag fortify
 aff1f4ab948b Use general hardening flag toggle lists
 d4ece75fd6df haskellPackages.epanet-haskell: Turn format hardening off
 708c6094c55e nginx, nginxUnstable: hardening: only use when the compiler is gcc
 7b9684a5b578 nginx, nginxUnstable: enable hardening. Flags as recommended by @arno01 (Andrey Arapov) in #7190
 e43a3841b021 faac: disable format hardening
 c3096a4160b6 memtest86+: disable pic/stackprotector hardening
 745fa2fbc8c9 pharo-vm5: disable format hardening
 4c9c4c4dcdf4 redmine: disable format hardening
 2f7e9f26d84b gummiboot: disable stackprotector hardening
 a12ecfc4054d refind: disable stackprotector hardening
 a6dae3b5adff gnu-efi: disable stackprotector hardening
 9ba6bd4dea6d caneda: disable format hardening
 1bbb2f0cf3f1 pdf2xml: disable format hardening
	98e2b90cf382 grsecurity doc: note that module autoload hardening is disabled
	89a5f7de8364 brogue: disable fortify hardening to fix runtime error
	67bec77c6825 brogue: fix crash by stackprotector hardening (#18888)
	6607b9916837 haskell: port existing hardening overrides to use the new combinator
	3ba99f83a7ac glibc: enable stackprotection hardening
	8b96b391db09 gnome2.at_spi: disable hardening to fix build
	9a0535248891 souffle: work around hardening bug on linux
	71021a825dbe gtk-gnutella: disable bindnow/fortify/pic/relro hardening (#18195)
	21282246208b linuxPackages.vhba: disable PIC hardening
	57bd89e44791 fsg: disable format hardening
	6541dfe5543b wxGTK: disable format hardening
	0e9d35539733 musl: disable stackprotector hardening
	f3c994ca11ec rhino: disable format/fortify hardening
	b0b2a947519d pdftk: disable format/fortify hardening
	56158004b5b0 lprof: add hardeningDisable to environment during build
	306cd03cdba8 indent: disable format hardening
	69b71d3eac11 liquidwar5: disable format hardening
	6f9d474db120 njam: disable format hardening
	9f80e554288e openmodelica: disable format hardening
	191896e63ab9 qfsm: disable format hardening
	a2a337c56278 gksu: disable format hardening
	113fbe910ebc spidermonkey_1_8_0rc1: disable pic hardening on i686
	1054399bef76 moltengamepad: disable format hardening
	4f46913bf7ee wraith: disable format hardening
	bd739d1fae0b pypy: disable pic hardening on i686
	0e1b611a5bf7 flannel: disable fortify hardening
	2b4438c294da maude: disable pic and fortify hardening on i686
	bfe1c24eac1c dico: disable format hardening
	647b2ce168bf lua5_0: disable stackprotector hardening on i686
	9e47acb89d2b otpw: disable stackprotector hardening
	bd0b68f59a02 go_1_7: disable all hardening
	3c06e5f6f792 cc-wrapper: check ld hardening capabilities in stdenv
	27b9f5d65ee4 xorg.*: disable relro/bindnow hardening
	fa3a35b241de linuxPackages.fusionio-vsl: disable pic hardening (still broken)
	b2c6d28a1de7 linuxPackages.ndiswrapper: disable pic hardening (still broken)
	9e7d118ea225 linuxPackages.nvidia-x11: disable pic & format hardening
	5103e70a3736 linuxPackages.nvidiabl: disable pic hardening
	62e6bc0bd962 linuxPackages.prl-tools: disable pic hardening
	f55fd87c8adf linuxPackages.ixgbevf: disable pic hardening
	5e085b7fea7b linuxPackages.e1000e: disable pic hardening
	d836b811cb53 linuxPackages.cryptodev: 1.6 -> 1.8, disable pic hardening
	f5c9f99877ce linuxPackages.ati_drivers_x11: disable pic & format hardening
	a8deb8d6470c linuxPackages.frandom: disable pic hardening
	7d9d2d687270 linuxPackages.broadcom_sta: disable pic hardening
	af04b6d5a56a hardening docs: fix typo
	55966c2189e2 doc: complete the hardening documentation
	d1b2c3475041 qrcode: enable fortify hardening, disable warning
	f7da99c7ff49 xorg.xorgserver: disable relro hardening
	bc025e83bd6c uclibc: disable stackprotector hardening
	19f5e2a1cfb8 x2vnc: disable format hardening
	1f1637f6a04c lprof: disable format hardening
	0c7f045a7a26 tex4ht: disable format hardening
	8b7dc1a3d6fa ploticus: disable format hardening
	56f03166e1d4 reiser4progs: disable format hardening
	f993dff52b22 trackballs: disable format hardening
	b898fdaceb72 xmlroff: disable format hardening
	1f06067b0102 x2x: disable format hardening
	05dbbae47cfc vlan: disable format hardening
	78fc5dde2888 mmv: disable fortify hardening
	3bff87331422 libgksu: disable fortify hardening
	e2844fcfc3d0 fontmatrix: disable fortify hardening
	56e69fcc0ee9 iptraf: disable fortify hardening
	a2ce15318bc8 fondu: disable fortify hardening
	a748f315db7e fakenes: disable format hardening
	7e81a4294d0a dlx: disable format hardening
	7ab971a25200 scummvm: disable format hardening
	552a8c421943 talkfilters: disable format hardening
	4f6bd094fbee spidermonkey_1_8_0rc1: disable format hardening
	a3a2d52595b4 rman: disable format hardening
	708653a6342d kino: disable format hardening
	7423e029a22b convertlit: disable format hardening
	847f9994e46f gnugo: disable format hardening
	e266c6a2c156 eboard: disable format hardening
	08928dc57a73 kconfig-frontends: disable format hardening
	c95ab0a2d192 gnumake380: disable format hardening
	a132aa46d6e8 gjay: disable format hardening
	c1f1fd68cc03 gegl_0_3: disable format hardening, add autoreconfHook
	f0d0164a3811 tracefilesim: disable fortify hardening
	fbbd50dbab79 unicon-lang: disable fortify hardening
	c22c137c6cf3 ruby_2_0: disable format hardening
	0751027b3155 wxPython: Disable format hardening
	b0d748e244df bitkeeper: disable fortify hardening
	0eb6023d9c0d libjson_rpc_cpp: disable format hardening
	c0830c1764de wasm: disable format hardening
	b9152cf5a09a yabar: disable format hardening
	cbc8fc239a79 zgv: disable format hardening
	15b8491af31c seabios: disable fortify hardening
	44b24cc6510f motif: disable format hardening
	1005f464dd37 xpdf: disable format hardening
	68a953cdc3f6 nedit: disable format hardening
	43ba8d295f41 nvidia-x11: disable pic/format hardening
	f597e97236c9 atlas: Fix hardening
	07615735077d gnome3_20.libgda: disable format hardening flag
	d9e5fd3b07ec gnome3_20.nautilus: disable format hardening flag
	2fa03127c8cf libdwg: disable format hardening flag
	06ed23534790 gcc6: disable format hardening flag
	99cc3fa6cad8 systemd: Disable stackprotector hardening flag
	2a5e64b69c83 maude: disable stackprotector hardening
	8f1e9d91bebe subtitleeditor: disable format hardening
	e7be1168ba12 picat: disable format hardening
	878e24b35a40 linuxPackages.dpdk: disable pic hardening
	a78316ce4785 milu: disable format hardening
	2382084e3b52 haskellPackages.gtk{,3}: disable fortify hardening
	365379857fb5 gcl: disable bindnow hardening
	eb6809eafd11 emacs25pre: disable format hardening
	527a605ad731 dar: disable format hardening
	9a8a9c43b48a haskellPackages.pango: turn off fortify hardening
	fd77c5c5a0da haskellPackages.gio: turn off fortify hardening
	b59a6aa93a64 kernel: turn off bindnow hardening
	a36f51f77327 neovim: disable fortify hardening
	5ca99ae7a7d6 kernel.i686-linux: disable bindnow hardening
	8d4443a89a7b recutils: disable format hardening
	88b49cc74815 tinycc: disable fortify hardening
	7a347f608207 wml: disable format hardening
	812e25c86b1a mksh: disable format hardening
	8bdd73291d35 wla-dx: disable format hardening
	0086c6d40148 lrzsz: disable format hardening
	58a73d3f4be7 haskellPackages.lvmrun: disable format hardening
	057a899791d6 haskellPackages.glib: disable fortify hardening
	ad9376dc74e1 hunspell: disable format hardening
	f791c1074dc5 lua.i686-linux: disable stackprotector hardening
	4d4610ac0fb9 gprolog.i686-linux: disable pic hardening
	9893a43dc370 gfortran-darwin: disable format hardening
	d8d6f0bfcb82 grub4dos: disable stackprotector hardening
	d00784602d81 ccrypt: disable format hardening
	f519a255a56e xorg: switch off bindnow hardening for all packages
	db6c023df0f2 Revert "libxml2: Disable bindnow hardening"
	df72d621f153 Revert "php: enable PIE hardening"
	59781091940f syslinux: disable fortify hardening
	4ee2b2ab7b6d rr: set Wno-error and turn off fortify hardening
	025cedc6067e singular.i686-linux: turn off stackprotector hardening
	f3f9145d2309 spidermonkey.i686-linux: turn off stackprotector hardening
	3437b52e6bd5 qboot: turn off stackprotector and pic hardening
	5df521abdabe gst-python: Disable bindnow hardening flag
	a56d90efda33 php: Disable bindnow hardening flag
	4666eca4877f linuxPackages.mba6x_bl: disable pic hardening
	ba3399b92fb7 linuxPackages.rtl8723bs: disable pic hardening
	8f94246e07bd linuxPackages.mxu11x0: disable pic hardening
	c9ebdd4cac5d libaio.i686: disable stackprotector hardening
	0fc7905db32e dhcpcd: do not enable pie hardening
	97782aa79e2d opendkim: don't enable pie hardening
	247bc1ac9e92 libidn: disable format hardening
	7dea0e91acb1 gcc/isl: move bootstrap hardening flags to new bootstrap env
	03bdf8f03cbc dnscrypt-proxy service: additional hardening
	a9b942c0617b cc-wrapper: treat hardeningDisable as string
	9a5b070b4591 hardening: debug with NIX_DEBUG
	965abb6d54b5 libxml2: Disable bindnow hardening
	ac73835b54b3 quicktun: Remove custom hardening, now enabled by default
	fedf31660dd6 nginx: Rmove custom hardening, now enabled by default
	2013614e1d74 vim-configurable: Disable hardening flag fortify
	1fb09c1e7d8a dhcpcd: enable PIE hardening
	6473000edd8c opendkim: enable PIE hardening
	fb57bfbd4f66 php: enable PIE hardening
	0cad2e7af170 vim: Disable hardening flag fortify
	aff1f4ab948b Use general hardening flag toggle lists
	d4ece75fd6df haskellPackages.epanet-haskell: Turn format hardening off
	708c6094c55e nginx, nginxUnstable: hardening: only use when the compiler is gcc
	7b9684a5b578 nginx, nginxUnstable: enable hardening. Flags as recommended by @arno01 (Andrey Arapov) in #7190
	e43a3841b021 faac: disable format hardening
	c3096a4160b6 memtest86+: disable pic/stackprotector hardening
	745fa2fbc8c9 pharo-vm5: disable format hardening
	4c9c4c4dcdf4 redmine: disable format hardening
	2f7e9f26d84b gummiboot: disable stackprotector hardening
	a12ecfc4054d refind: disable stackprotector hardening
	a6dae3b5adff gnu-efi: disable stackprotector hardening
	9ba6bd4dea6d caneda: disable format hardening
	1bbb2f0cf3f1 pdf2xml: disable format hardening