From fbc147494c7575cd1bcfb17d604adc7b61615bfd Mon Sep 17 00:00:00 2001 From: Herwig Hochleitner Date: Thu, 28 Jan 2016 19:57:39 +0100 Subject: [PATCH 01/30] inkscape: add numpy to runtime path This is nessecary for some plugins --- pkgs/applications/graphics/inkscape/default.nix | 6 +++--- pkgs/top-level/all-packages.nix | 2 +- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/pkgs/applications/graphics/inkscape/default.nix b/pkgs/applications/graphics/inkscape/default.nix index 409fd0a767c..3704ea2f9c4 100644 --- a/pkgs/applications/graphics/inkscape/default.nix +++ b/pkgs/applications/graphics/inkscape/default.nix @@ -1,7 +1,7 @@ { stdenv, fetchurl, pkgconfig, perl, perlXMLParser, gtk, libXft , libpng, zlib, popt, boehmgc, libxml2, libxslt, glib, gtkmm , glibmm, libsigcxx, lcms, boost, gettext, makeWrapper, intltool -, gsl, python, pyxml, lxml, poppler, imagemagick, libwpg, librevenge +, gsl, python, numpy, pyxml, lxml, poppler, imagemagick, libwpg, librevenge , libvisio, libcdr, libexif, unzip , boxMakerPlugin ? false # boxmaker plugin }: @@ -37,7 +37,7 @@ stdenv.mkDerivation rec { propagatedBuildInputs = [ # Python is used at run-time to execute scripts, e.g., those from # the "Effects" menu. - python pyxml lxml + python pyxml numpy lxml ]; buildInputs = [ @@ -66,7 +66,7 @@ stdenv.mkDerivation rec { for i in "$out/bin/"* do wrapProgram "$i" --prefix PYTHONPATH : \ - "$(toPythonPath ${pyxml}):$(toPythonPath ${lxml})" \ + "$(toPythonPath ${pyxml}):$(toPythonPath ${lxml}):$(toPythonPath ${numpy})" \ --prefix PATH : ${python}/bin || \ exit 2 done diff --git a/pkgs/top-level/all-packages.nix b/pkgs/top-level/all-packages.nix index 6fbaec541ed..9af966c073b 100644 --- a/pkgs/top-level/all-packages.nix +++ b/pkgs/top-level/all-packages.nix @@ -12420,7 +12420,7 @@ let inferno = callPackage_i686 ../applications/inferno { }; inkscape = callPackage ../applications/graphics/inkscape { - inherit (pythonPackages) lxml; + inherit (pythonPackages) python pyxml lxml numpy; lcms = lcms2; }; From 3f3aa755a36ce11d71ada70040a6b1c3f934fe36 Mon Sep 17 00:00:00 2001 From: Damien Cassou Date: Wed, 17 Feb 2016 13:33:18 +0100 Subject: [PATCH 02/30] pythonPackages.keyring: 3.3 -> 8.4.1 --- pkgs/top-level/python-packages.nix | 12 ++++++++---- 1 file changed, 8 insertions(+), 4 deletions(-) diff --git a/pkgs/top-level/python-packages.nix b/pkgs/top-level/python-packages.nix index 42eac4716b2..baa4c410507 100644 --- a/pkgs/top-level/python-packages.nix +++ b/pkgs/top-level/python-packages.nix @@ -10431,15 +10431,19 @@ in modules // { keyring = buildPythonPackage rec { - name = "keyring-3.3"; + name = "keyring-8.4.1"; src = pkgs.fetchurl { - url = "https://pypi.python.org/packages/source/k/keyring/${name}.zip"; - md5 = "81291e0c7337affb71442e6c7671e77f"; + url = "https://pypi.python.org/packages/source/k/keyring/${name}.tar.gz"; + sha256 = "1286sh5g53168qxbl4g5bmns9ci0ld0jl3h44b7h8is5nw1421ar"; }; buildInputs = with self; - [ fs gdata python_keyczar mock pyasn1 pycrypto pytest six ]; + [ fs gdata python_keyczar mock pyasn1 pycrypto pytest_28 six setuptools_scm pytestrunner ]; + + checkPhase = '' + py.test $out + ''; meta = { description = "Store and access your passwords safely"; From c44176237af93f4497aaec8e4588ff2e896b0df4 Mon Sep 17 00:00:00 2001 From: Frederik Rietdijk Date: Wed, 17 Feb 2016 19:42:43 +0100 Subject: [PATCH 03/30] pythonPackages.fs: build with all Python versions and add updated explanation of why tests are disabled. See also https://github.com/NixOS/nixpkgs/pull/13066 --- pkgs/top-level/python-packages.nix | 9 +++++---- 1 file changed, 5 insertions(+), 4 deletions(-) diff --git a/pkgs/top-level/python-packages.nix b/pkgs/top-level/python-packages.nix index 12a74cf9441..56572ab7430 100644 --- a/pkgs/top-level/python-packages.nix +++ b/pkgs/top-level/python-packages.nix @@ -8960,10 +8960,11 @@ in modules // { ${python.interpreter} -m unittest discover ''; - # Judging from SyntaxError - disabled = isPy3k; - - # Lots of errors. Likely due to being in a chroot + # Because 2to3 is used the tests in $out need to be run. + # Both when using unittest and pytest this resulted in many errors, + # some Python byte/str errors, and others specific to resources tested. + # Failing tests due to the latter is to be expected with this type of package. + # Tests are therefore disabled. doCheck = false; meta = { From 60c7bd1237696bfb1db3e191be427a51aaf7909f Mon Sep 17 00:00:00 2001 From: Allan Espinosa Date: Wed, 17 Feb 2016 00:37:55 -0600 Subject: [PATCH 04/30] jenkins: 1.643 -> 1.647 --- .../tools/continuous-integration/jenkins/default.nix | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/pkgs/development/tools/continuous-integration/jenkins/default.nix b/pkgs/development/tools/continuous-integration/jenkins/default.nix index e18d2dd4b47..1427e25fb93 100644 --- a/pkgs/development/tools/continuous-integration/jenkins/default.nix +++ b/pkgs/development/tools/continuous-integration/jenkins/default.nix @@ -2,11 +2,11 @@ stdenv.mkDerivation rec { name = "jenkins-${version}"; - version = "1.643"; + version = "1.647"; src = fetchurl { url = "http://mirrors.jenkins-ci.org/war/${version}/jenkins.war"; - sha256 = "b8c6387e56d04a0a4a7ec8d9dacd379fbd5d4001d01fdfcd443f9864809f9293"; + sha256 = "03r0wic5y8yhpa353s5px7l6m63p7jkb56sh6k4k5dacsc4qcxsj"; }; meta = with stdenv.lib; { description = "An extendable open source continuous integration server"; From 61f0527694ce4c3395e82ed06c603456ce1fac3f Mon Sep 17 00:00:00 2001 From: Frederik Rietdijk Date: Wed, 17 Feb 2016 21:02:03 +0100 Subject: [PATCH 05/30] pythonPackages.cycler: 0.9.0 -> 0.10.0 --- pkgs/top-level/python-packages.nix | 13 +++++++++++-- 1 file changed, 11 insertions(+), 2 deletions(-) diff --git a/pkgs/top-level/python-packages.nix b/pkgs/top-level/python-packages.nix index 42eac4716b2..a8535c8a1f0 100644 --- a/pkgs/top-level/python-packages.nix +++ b/pkgs/top-level/python-packages.nix @@ -1802,15 +1802,24 @@ in modules // { cycler = buildPythonPackage rec { name = "cycler-${version}"; - version = "0.9.0"; + version = "0.10.0"; src = pkgs.fetchurl { url = "https://pypi.python.org/packages/source/C/Cycler/${name}.tar.gz"; - sha256 = "96dc4ddf27ef62c09990c6196ac1167685e89168042ec0ae4db586de023355bc"; + sha256 = "cd7b2d1018258d7247a71425e9f26463dfb444d411c39569972f4ce586b0c9d8"; }; + buildInputs = with self; [ coverage nose ]; propagatedBuildInputs = with self; [ six ]; + checkPhase = '' + ${python.interpreter} run_tests.py + ''; + + # Tests were not included in release. + # https://github.com/matplotlib/cycler/issues/31 + doCheck = false; + meta = { description = "Composable style cycles"; homepage = http://github.com/matplotlib/cycler; From ddec19c82301e86f94ee2c33dd066e4a1e44b254 Mon Sep 17 00:00:00 2001 From: Frederik Rietdijk Date: Wed, 17 Feb 2016 21:02:15 +0100 Subject: [PATCH 06/30] pythonPackages.matplotlib: 1.5.0 -> 1.5.1 --- .../python-modules/matplotlib/default.nix | 13 +++++++++++-- 1 file changed, 11 insertions(+), 2 deletions(-) diff --git a/pkgs/development/python-modules/matplotlib/default.nix b/pkgs/development/python-modules/matplotlib/default.nix index 152330beac5..1ebba52ff6f 100644 --- a/pkgs/development/python-modules/matplotlib/default.nix +++ b/pkgs/development/python-modules/matplotlib/default.nix @@ -12,11 +12,11 @@ assert enableGtk2 -> pygtk != null; buildPythonPackage rec { name = "matplotlib-${version}"; - version = "1.5.0"; + version = "1.5.1"; src = fetchurl { url = "https://pypi.python.org/packages/source/m/matplotlib/${name}.tar.gz"; - sha256 = "67b08b1650a00a6317d94b76a30a47320087e5244920604c5462188cba0c2646"; + sha256 = "3ab8d968eac602145642d0db63dd8d67c85e9a5444ce0e2ecb2a8fedc7224d40"; }; NIX_CFLAGS_COMPILE = stdenv.lib.optionalString stdenv.isDarwin "-I${libcxx}/include/c++/v1"; @@ -37,6 +37,14 @@ buildPythonPackage rec { patches = stdenv.lib.optionals stdenv.isDarwin [ ./darwin-stdenv.patch ]; + checkPhase = '' + ${python.interpreter} tests.py + ''; + + # The entry point for running tests, tests.py, is not included in the release. + # https://github.com/matplotlib/matplotlib/issues/6017 + doCheck = false; + prePatch = '' # Failing test: ERROR: matplotlib.tests.test_style.test_use_url sed -i 's/test_use_url/fails/' lib/matplotlib/tests/test_style.py @@ -52,4 +60,5 @@ buildPythonPackage rec { maintainers = with maintainers; [ lovek323 ]; platforms = platforms.unix; }; + } From 7bdcfb33f4cb21021833d5a0adbf02b3099bc37c Mon Sep 17 00:00:00 2001 From: aszlig Date: Wed, 17 Feb 2016 20:22:56 +0100 Subject: [PATCH 07/30] nixos: Provide a defaultText for type = package We don't want to build all those things along with the manual, so that's what the defaultText attribute is for. Unfortunately a few of them were missing, so let's add them. Signed-off-by: aszlig --- nixos/modules/services/computing/slurm/slurm.nix | 1 + nixos/modules/services/misc/matrix-synapse.nix | 1 + nixos/modules/services/misc/plex.nix | 1 + nixos/modules/services/networking/consul.nix | 1 + nixos/modules/services/networking/ejabberd.nix | 1 + nixos/modules/services/security/haka.nix | 1 + nixos/modules/services/web-servers/apache-httpd/owncloud.nix | 1 + 7 files changed, 7 insertions(+) diff --git a/nixos/modules/services/computing/slurm/slurm.nix b/nixos/modules/services/computing/slurm/slurm.nix index cf00d894655..ad8836f4009 100644 --- a/nixos/modules/services/computing/slurm/slurm.nix +++ b/nixos/modules/services/computing/slurm/slurm.nix @@ -37,6 +37,7 @@ in package = mkOption { type = types.package; default = pkgs.slurm-llnl; + defaultText = "pkgs.slurm-llnl"; example = literalExample "pkgs.slurm-llnl-full"; description = '' The packge to use for slurm binaries. diff --git a/nixos/modules/services/misc/matrix-synapse.nix b/nixos/modules/services/misc/matrix-synapse.nix index 27c5a38e6b8..0ae0516769c 100644 --- a/nixos/modules/services/misc/matrix-synapse.nix +++ b/nixos/modules/services/misc/matrix-synapse.nix @@ -61,6 +61,7 @@ in { package = mkOption { type = types.package; default = pkgs.matrix-synapse; + defaultText = "pkgs.matrix-synapse"; description = '' Overridable attribute of the matrix synapse server package to use. ''; diff --git a/nixos/modules/services/misc/plex.nix b/nixos/modules/services/misc/plex.nix index fb62351365e..875771dfa37 100644 --- a/nixos/modules/services/misc/plex.nix +++ b/nixos/modules/services/misc/plex.nix @@ -58,6 +58,7 @@ in package = mkOption { type = types.package; default = pkgs.plex; + defaultText = "pkgs.plex"; description = '' The Plex package to use. Plex subscribers may wish to use their own package here, pointing to subscriber-only server versions. diff --git a/nixos/modules/services/networking/consul.nix b/nixos/modules/services/networking/consul.nix index 58dad56014b..2aa101f980d 100644 --- a/nixos/modules/services/networking/consul.nix +++ b/nixos/modules/services/networking/consul.nix @@ -33,6 +33,7 @@ in package = mkOption { type = types.package; default = pkgs.consul; + defaultText = "pkgs.consul"; description = '' The package used for the Consul agent and CLI. ''; diff --git a/nixos/modules/services/networking/ejabberd.nix b/nixos/modules/services/networking/ejabberd.nix index 7af11f37a43..8ffce23a4b1 100644 --- a/nixos/modules/services/networking/ejabberd.nix +++ b/nixos/modules/services/networking/ejabberd.nix @@ -32,6 +32,7 @@ in { package = mkOption { type = types.package; default = pkgs.ejabberd; + defaultText = "pkgs.ejabberd"; description = "ejabberd server package to use"; }; diff --git a/nixos/modules/services/security/haka.nix b/nixos/modules/services/security/haka.nix index 4f2bdd29cc4..f48a79b1f7f 100644 --- a/nixos/modules/services/security/haka.nix +++ b/nixos/modules/services/security/haka.nix @@ -59,6 +59,7 @@ in package = mkOption { default = pkgs.haka; + defaultText = "pkgs.haka"; type = types.package; description = " Which Haka derivation to use. diff --git a/nixos/modules/services/web-servers/apache-httpd/owncloud.nix b/nixos/modules/services/web-servers/apache-httpd/owncloud.nix index 9994de0f9b4..a9ec20ae847 100644 --- a/nixos/modules/services/web-servers/apache-httpd/owncloud.nix +++ b/nixos/modules/services/web-servers/apache-httpd/owncloud.nix @@ -370,6 +370,7 @@ rec { package = mkOption { type = types.package; default = pkgs.owncloud70; + defaultText = "pkgs.owncloud70"; example = literalExample "pkgs.owncloud70"; description = '' PostgreSQL package to use. From 98faa0c8f3d22ad168b979edb7f92212ab710369 Mon Sep 17 00:00:00 2001 From: aszlig Date: Wed, 17 Feb 2016 20:24:22 +0100 Subject: [PATCH 08/30] lib/types: Set name of types.package to "package" Nobody seems to have noticed this (except @Profpatsch) that options with a "package" type do not get included in the manual. So debugging this was a bit more involving because while generating the manual there is an optionList' attribute built from the collected attributes of all the option declarations. Up to that point everything is fine except if it comes to builtins.toXML, where attributes with { type = "derivation" } won't get included, for example see here: nix-repl> builtins.toXML { type = "derivation"; foo = "bar"; } "\n\n \n \n\n" nix-repl> builtins.toXML { type = "somethingelse"; foo = "bar"; } "\n\n \n \n \n \n \n\n" The following function in libexpr/eval.cc (Nix) is responsible for toXML dropping the attributes: bool EvalState::isDerivation(Value & v) { if (v.type != tAttrs) return false; Bindings::iterator i = v.attrs->find(sType); if (i == v.attrs->end()) return false; forceValue(*i->value); if (i->value->type != tString) return false; return strcmp(i->value->string.s, "derivation") == 0; } So I've renamed this now to "package" which is not only more consistent with the option type but also shouldn't cause similar issues anymore. Tested this on base of b60ceea, because building the dependencies on recent libc/staging changes on master took too long. Signed-off-by: aszlig Reported-by: Profpatsch --- lib/types.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/lib/types.nix b/lib/types.nix index b833417e73d..b4d29ac84d2 100644 --- a/lib/types.nix +++ b/lib/types.nix @@ -93,7 +93,7 @@ rec { # derivation is a reserved keyword. package = mkOptionType { - name = "derivation"; + name = "package"; check = x: isDerivation x || isStorePath x; merge = loc: defs: let res = mergeOneOption loc defs; From a6c09bf4b4605d765841bc2fe2d46bf90646f28f Mon Sep 17 00:00:00 2001 From: Tomas Hlavaty Date: Wed, 17 Feb 2016 22:02:17 +0100 Subject: [PATCH 09/30] msitools: init at 0.94 I'm leaving authorship to the one who created most of the expression. --- .../tools/misc/msitools/default.nix | 21 +++++++++++++++++++ pkgs/top-level/all-packages.nix | 2 ++ 2 files changed, 23 insertions(+) create mode 100644 pkgs/development/tools/misc/msitools/default.nix diff --git a/pkgs/development/tools/misc/msitools/default.nix b/pkgs/development/tools/misc/msitools/default.nix new file mode 100644 index 00000000000..bdc7f4f0414 --- /dev/null +++ b/pkgs/development/tools/misc/msitools/default.nix @@ -0,0 +1,21 @@ +{stdenv, fetchurl, intltool, glib, pkgconfig, libgsf, libuuid, gcab, bzip2}: + +stdenv.mkDerivation rec { + version = "0.94"; + name = "msitools-${version}"; + + src = fetchurl { + url = "http://ftp.gnome.org/pub/GNOME/sources/msitools/0.94/${name}.tar.xz"; + sha256 = "0bndnm3mgcqkw5dhwy5l1zri4lqvjbhbn5rxz651fkxlkhab8bhm"; + }; + + buildInputs = [intltool glib pkgconfig libgsf libuuid gcab bzip2]; + + meta = with stdenv.lib; { + description = "Set of programs to inspect and build Windows Installer (.MSI) files"; + homepage = https://wiki.gnome.org/msitools; + license = [licenses.gpl2 licenses.lgpl21]; + maintainer = [maintainers.vcunat]; + platforms = platforms.unix; + }; +} diff --git a/pkgs/top-level/all-packages.nix b/pkgs/top-level/all-packages.nix index 605d39b6ac9..c8bbccaf53c 100644 --- a/pkgs/top-level/all-packages.nix +++ b/pkgs/top-level/all-packages.nix @@ -5988,6 +5988,8 @@ let mk = callPackage ../development/tools/build-managers/mk { }; + msitools = callPackage ../development/tools/misc/msitools { }; + multi-ghc-travis = callPackage ../development/tools/haskell/multi-ghc-travis { }; neoload = callPackage ../development/tools/neoload { From 81fe3eb13f3457d1db41ef5ff6adfb0e7ff648af Mon Sep 17 00:00:00 2001 From: Frederik Rietdijk Date: Wed, 17 Feb 2016 22:16:19 +0100 Subject: [PATCH 10/30] pythonPackages.numexpr: 2.4.6 -> 2.5 --- pkgs/top-level/python-packages.nix | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/pkgs/top-level/python-packages.nix b/pkgs/top-level/python-packages.nix index 7ece0b5ca43..de994801b87 100644 --- a/pkgs/top-level/python-packages.nix +++ b/pkgs/top-level/python-packages.nix @@ -12538,16 +12538,16 @@ in modules // { }; numexpr = buildPythonPackage rec { - version = "2.4.6"; + version = "2.5"; name = "numexpr-${version}"; src = pkgs.fetchurl { url = "https://pypi.python.org/packages/source/n/numexpr/${name}.tar.gz"; - sha256 = "052397670dc56d7845ff894cd7d858e4f115491ecd93bcc0eda5cb83990c5da3"; + sha256 = "319cdf4e402177a1c8ed4972cffd09f523446f186d347b7c1974787cdabf0294"; }; # Tests fail with python 3. https://github.com/pydata/numexpr/issues/177 - doCheck = !isPy3k; + # doCheck = !isPy3k; propagatedBuildInputs = with self; [ numpy ]; From d756ff93544b2221c3b52199092421cba4bd396d Mon Sep 17 00:00:00 2001 From: Franz Pletz Date: Wed, 17 Feb 2016 16:29:42 +0100 Subject: [PATCH 11/30] linux: 3.18.26 -> 3.18.27 --- pkgs/os-specific/linux/kernel/linux-3.18.nix | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/pkgs/os-specific/linux/kernel/linux-3.18.nix b/pkgs/os-specific/linux/kernel/linux-3.18.nix index 9b90ea3556b..a8c86d0e618 100644 --- a/pkgs/os-specific/linux/kernel/linux-3.18.nix +++ b/pkgs/os-specific/linux/kernel/linux-3.18.nix @@ -1,12 +1,12 @@ { stdenv, fetchurl, perl, buildLinux, ... } @ args: import ./generic.nix (args // rec { - version = "3.18.26"; + version = "3.18.27"; extraMeta.branch = "3.18"; src = fetchurl { url = "mirror://kernel/linux/kernel/v3.x/linux-${version}.tar.xz"; - sha256 = "0bhf8x1h5crc9kimprjs7q74p86gsqsdr8nz54nv33c6zmryqsic"; + sha256 = "01lz0c3ns0yp5vnjch1pn10h43g6fr4xw7w3b6kb477083cjr7dc"; }; kernelPatches = args.kernelPatches; From 6cdf5fe85fc0e6dd1dc9789993fc59962270374a Mon Sep 17 00:00:00 2001 From: Franz Pletz Date: Wed, 17 Feb 2016 16:30:13 +0100 Subject: [PATCH 12/30] linux: 4.1.17 -> 4.1.18 --- pkgs/os-specific/linux/kernel/linux-4.1.nix | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/pkgs/os-specific/linux/kernel/linux-4.1.nix b/pkgs/os-specific/linux/kernel/linux-4.1.nix index fbcfa17a8bc..f2286895f07 100644 --- a/pkgs/os-specific/linux/kernel/linux-4.1.nix +++ b/pkgs/os-specific/linux/kernel/linux-4.1.nix @@ -1,12 +1,12 @@ { stdenv, fetchurl, perl, buildLinux, ... } @ args: import ./generic.nix (args // rec { - version = "4.1.17"; + version = "4.1.18"; extraMeta.branch = "4.1"; src = fetchurl { url = "mirror://kernel/linux/kernel/v4.x/linux-${version}.tar.xz"; - sha256 = "084ij19vgm27ljrjabqqmlqn27p168nsm9grhr6rajid4n79h6ab"; + sha256 = "1n838dg058knmx4n5mfqxh2ai9d3x6w9zs1apkwzm89rpisc1ijb"; }; kernelPatches = args.kernelPatches; From eff9726d54ee42b4a58d5c076fe4a5845844ecef Mon Sep 17 00:00:00 2001 From: Franz Pletz Date: Wed, 17 Feb 2016 16:30:29 +0100 Subject: [PATCH 13/30] linux: 4.3.4 -> 4.3.5 --- pkgs/os-specific/linux/kernel/linux-4.3.nix | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/pkgs/os-specific/linux/kernel/linux-4.3.nix b/pkgs/os-specific/linux/kernel/linux-4.3.nix index c8a994ba0b3..20573ee5ceb 100644 --- a/pkgs/os-specific/linux/kernel/linux-4.3.nix +++ b/pkgs/os-specific/linux/kernel/linux-4.3.nix @@ -1,13 +1,13 @@ { stdenv, fetchurl, perl, buildLinux, ... } @ args: import ./generic.nix (args // rec { - version = "4.3.4"; + version = "4.3.5"; extraMeta.branch = "4.3"; src = fetchurl { url = "mirror://kernel/linux/kernel/v4.x/linux-${version}.tar.xz"; - sha256 = "0vcsvnpxkpxiidlbw3cy1kl02hfml2jy3cbrvwj2nc4a9y5fb3hj"; + sha256 = "0g656q51nzb61n0kb2k8br9shvz51yh8kyrsblbjmhi4dbcpizr8"; }; features.iwlwifi = true; From ed979124cad7596de539188e86664b3784c363ca Mon Sep 17 00:00:00 2001 From: Franz Pletz Date: Mon, 15 Feb 2016 03:34:49 +0100 Subject: [PATCH 14/30] collectd service: Add option package --- nixos/modules/services/monitoring/collectd.nix | 8 ++++++++ 1 file changed, 8 insertions(+) diff --git a/nixos/modules/services/monitoring/collectd.nix b/nixos/modules/services/monitoring/collectd.nix index 717c2c48168..414831ae9d4 100644 --- a/nixos/modules/services/monitoring/collectd.nix +++ b/nixos/modules/services/monitoring/collectd.nix @@ -34,6 +34,14 @@ in { type = bool; }; + package = mkOption { + default = pkgs.collectd; + description = '' + Which collectd package to use. + ''; + type = package; + }; + user = mkOption { default = "collectd"; description = '' From de5a233a71213101ccb3e06bad6a33d088f9e7f9 Mon Sep 17 00:00:00 2001 From: Franz Pletz Date: Sun, 31 Jan 2016 14:31:58 +0100 Subject: [PATCH 15/30] firmware-linux-nonfree: 2015-12-04 -> 2016-01-26 --- .../linux/firmware/firmware-linux-nonfree/default.nix | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/pkgs/os-specific/linux/firmware/firmware-linux-nonfree/default.nix b/pkgs/os-specific/linux/firmware/firmware-linux-nonfree/default.nix index 61ea6c0c18c..98bf27d3c4a 100644 --- a/pkgs/os-specific/linux/firmware/firmware-linux-nonfree/default.nix +++ b/pkgs/os-specific/linux/firmware/firmware-linux-nonfree/default.nix @@ -2,7 +2,7 @@ stdenv.mkDerivation rec { name = "firmware-linux-nonfree-${version}"; - version = "2015-12-04"; + version = "2016-01-26"; # This repo is built by merging the latest versions of # http://git.kernel.org/cgit/linux/kernel/git/firmware/linux-firmware.git/ @@ -14,8 +14,8 @@ stdenv.mkDerivation rec { src = fetchFromGitHub { owner = "wkennington"; repo = "linux-firmware"; - rev = "bbe4917c054eb0a73e250c6363341e3bf6725839"; - sha256 = "1p9c74p8j8zmddljaan5i29h8wsbz8911dv2sykpnahg9r939ykd"; + rev = "0922e78fc8431c2cc6585eb66e5b75f566644ac8"; + sha256 = "07hv4kgbsxndhm1va6k6scy083886aap3naq1l4jdz7dnph4ir02"; }; preInstall = '' From de787adb90ce7dacab74c8f25cd8babe8f85149f Mon Sep 17 00:00:00 2001 From: "tg(x)" <*@tg-x.net> Date: Thu, 18 Feb 2016 05:29:12 +0100 Subject: [PATCH 16/30] tlsdated: add missing default value for extraOptions --- nixos/modules/services/networking/tlsdated.nix | 1 + 1 file changed, 1 insertion(+) diff --git a/nixos/modules/services/networking/tlsdated.nix b/nixos/modules/services/networking/tlsdated.nix index ff7d0178a81..757cce28760 100644 --- a/nixos/modules/services/networking/tlsdated.nix +++ b/nixos/modules/services/networking/tlsdated.nix @@ -26,6 +26,7 @@ in extraOptions = mkOption { type = types.string; + default = ""; description = '' Additional command line arguments to pass to tlsdated. ''; From bdf89087d9aa0fb318ecaa25b76a36cda5d98584 Mon Sep 17 00:00:00 2001 From: Alexey Shmalko Date: Thu, 18 Feb 2016 07:21:04 +0200 Subject: [PATCH 17/30] gdb: add multitarget option Multitarget option builds gdb with support for all targets. That's similar to gdb-multiarch package in Ubuntu or gdb with multitarget USE-flag in Gentoo. --- pkgs/development/tools/misc/gdb/default.nix | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) diff --git a/pkgs/development/tools/misc/gdb/default.nix b/pkgs/development/tools/misc/gdb/default.nix index 547f7a81ab6..cdef2ee58ca 100644 --- a/pkgs/development/tools/misc/gdb/default.nix +++ b/pkgs/development/tools/misc/gdb/default.nix @@ -3,6 +3,8 @@ , python ? null , guile ? null , target ? null +# Support all known targets in one gdb binary. +, multitarget ? false # Additional dependencies for GNU/Hurd. , mig ? null, hurd ? null @@ -47,6 +49,7 @@ stdenv.mkDerivation rec { "--with-separate-debug-dir=/run/current-system/sw/lib/debug" ] ++ optional (target != null) "--target=${target.config}" + ++ optional multitarget "--enable-targets=all" ++ optional (elem stdenv.system platforms.cygwin) "--without-python"; crossAttrs = { @@ -54,7 +57,9 @@ stdenv.mkDerivation rec { configureFlags = with stdenv.lib; [ "--with-gmp=${gmp.crossDrv}" "--with-mpfr=${mpfr.crossDrv}" "--with-system-readline" "--with-system-zlib" "--with-expat" "--with-libexpat-prefix=${expat.crossDrv}" "--without-python" - ] ++ optional (target != null) "--target=${target.config}"; + ] + ++ optional (target != null) "--target=${target.config}" + ++ optional multitarget "--enable-targets=all"; }; postInstall = From 1318ab1246c68a9448ea7dbf00a7f3587f3f557d Mon Sep 17 00:00:00 2001 From: Michael Alan Dorman Date: Thu, 18 Feb 2016 06:41:40 -0500 Subject: [PATCH 18/30] Fix sha256 for alsa-tools. --- pkgs/os-specific/linux/alsa-tools/default.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/pkgs/os-specific/linux/alsa-tools/default.nix b/pkgs/os-specific/linux/alsa-tools/default.nix index 193c919e3b2..f0352530480 100644 --- a/pkgs/os-specific/linux/alsa-tools/default.nix +++ b/pkgs/os-specific/linux/alsa-tools/default.nix @@ -9,7 +9,7 @@ stdenv.mkDerivation rec { "ftp://ftp.alsa-project.org/pub/tools/${name}.tar.bz2" "http://alsa.cybermirror.org/tools/${name}.tar.bz2" ]; - sha256 = "3b1c3135b76e14532d3dd23fb15759ddd7daf9ffbc183f7a9a0a3a86374748f1"; + sha256 = "0ldbaz3qr7z0639xg37ba7cmrb512rrjavap6r5jjl0ab665ad3x"; }; buildInputs = [ alsaLib pkgconfig gtk gtk3 fltk13 ]; From 799a3f81478b94f11ba25e3ab7666f5599cd4faf Mon Sep 17 00:00:00 2001 From: Franz Pletz Date: Thu, 18 Feb 2016 04:41:06 +0100 Subject: [PATCH 19/30] rmilter: 1.6.7 -> 1.7.3 Fixes #13080. --- pkgs/servers/mail/rmilter/default.nix | 16 ++++++++++------ 1 file changed, 10 insertions(+), 6 deletions(-) diff --git a/pkgs/servers/mail/rmilter/default.nix b/pkgs/servers/mail/rmilter/default.nix index ad40b57f8a6..c12ca525294 100644 --- a/pkgs/servers/mail/rmilter/default.nix +++ b/pkgs/servers/mail/rmilter/default.nix @@ -2,21 +2,25 @@ stdenv.mkDerivation rec { name = "rmilter-${version}"; - version = "1.6.7"; + version = "1.7.3"; + src = fetchFromGitHub { owner = "vstakhov"; repo = "rmilter"; rev = version; - sha256 = "1syviydlv4m1isl0r52sk4s0a75fyk788j1z3yvfzzf1hga333gn"; + sha256 = "04xalaxq5xgg5ls0f4ayp8yhzdfq5gqjb8qwfyha3mrx4dqrgh7s"; }; nativeBuildInputs = [ bison cmake flex ]; - buildInputs = [ libmilter openssl pcre opendkim]; + buildInputs = [ libmilter openssl pcre opendkim ]; meta = with stdenv.lib; { homepage = "https://github.com/vstakhov/rmilter"; - license = licenses.bsd2; - description = "server, used to integrate rspamd and milter compatible MTA, for example postfix or sendmail"; - maintainers = maintainers.avnik; + license = licenses.bsd2; + description = '' + Daemon to integrate rspamd and milter compatible MTA, for example + postfix or sendmail + ''; + maintainers = with maintainers; [ avnik fpletz ]; }; } From 30213ffa3bb01b2847077d19930ccea093be0384 Mon Sep 17 00:00:00 2001 From: Franz Pletz Date: Thu, 18 Feb 2016 04:41:24 +0100 Subject: [PATCH 20/30] rspamd: git-2016-01-16 -> 1.1.3 --- pkgs/servers/mail/rspamd/default.nix | 13 +++++++------ 1 file changed, 7 insertions(+), 6 deletions(-) diff --git a/pkgs/servers/mail/rspamd/default.nix b/pkgs/servers/mail/rspamd/default.nix index 1f9c36b7377..bd4f3db3ab5 100644 --- a/pkgs/servers/mail/rspamd/default.nix +++ b/pkgs/servers/mail/rspamd/default.nix @@ -1,17 +1,18 @@ { stdenv, fetchFromGitHub, cmake, perl - ,file , glib, gmime, libevent, luajit, openssl, pcre, pkgconfig, sqlite }: +, file, glib, gmime, libevent, luajit, openssl, pcre, pkgconfig, sqlite }: let libmagic = file; # libmagic provided buy file package ATM in stdenv.mkDerivation rec { name = "rspamd-${version}"; - version = "git-2016-01-16"; + version = "1.1.3"; + src = fetchFromGitHub { owner = "vstakhov"; repo = "rspamd"; - rev = "04bfc92c1357c0f908ce9371ab303f8bf57657df"; - sha256 = "1zip1msjjy5q7jcsn4l0yyg92c3wdsf1v5jv1acglrih8dbfl7zj"; + rev = version; + sha256 = "0mvh812a91yqynmcpv159dmkipx72fwg7rgscq7virzphchkbzvj"; }; nativeBuildInputs = [ cmake pkgconfig perl ]; @@ -31,8 +32,8 @@ stdenv.mkDerivation rec { meta = with stdenv.lib; { homepage = "https://github.com/vstakhov/rspamd"; - license = licenses.bsd2; + license = licenses.bsd2; description = "advanced spam filtering system"; - maintainers = maintainers.avnik; + maintainers = with maintainers; [ avnik fpletz ]; }; } From aa2e03e6ff1138e168b47a2f155d5d099b050d95 Mon Sep 17 00:00:00 2001 From: Thomas Tuegel Date: Mon, 25 Jan 2016 06:31:06 -0600 Subject: [PATCH 21/30] qt55.qtbase: upstream patch for backing store issue The included patch from upstream fixes the issue described here: https://bugreports.qt.io/browse/QTBUG-48321 The backing store of certain widgets was being improperly invalidated, leading to display bugs in, e.g. VLC. This patch is included in Qt 5.6, so we should remove it when we upgrade. --- pkgs/development/libraries/qt-5/5.5/qtbase/default.nix | 10 ++++++++++ 1 file changed, 10 insertions(+) diff --git a/pkgs/development/libraries/qt-5/5.5/qtbase/default.nix b/pkgs/development/libraries/qt-5/5.5/qtbase/default.nix index 24e5ccb36f3..e6927ffb9ca 100644 --- a/pkgs/development/libraries/qt-5/5.5/qtbase/default.nix +++ b/pkgs/development/libraries/qt-5/5.5/qtbase/default.nix @@ -26,6 +26,12 @@ let inherit (srcs.qt5) version; system-x86_64 = lib.elem stdenv.system lib.platforms.x86_64; + + dontInvalidateBacking = fetchurl { + url = "https://codereview.qt-project.org/gitweb?p=qt/qtbase.git;a=patch;h=0f68f8920573cdce1729a285a92ac8582df32841;hp=24c50f8dcf7fa61ac3c3d4d6295c259a104a2b8c"; + name = "qtbug-48321-dont-invalidate-backing-store.patch"; + sha256 = "07vnndmvri73psz0nrs2hg0zw2i4b1k1igy2al6kwjbp7d5xpglr"; + }; in stdenv.mkDerivation { @@ -49,6 +55,10 @@ stdenv.mkDerivation { postPatch = '' + cd qtbase + patch -p1 <${dontInvalidateBacking} + cd .. + substituteInPlace configure --replace /bin/pwd pwd substituteInPlace qtbase/configure --replace /bin/pwd pwd substituteInPlace qtbase/src/corelib/global/global.pri --replace /bin/ls ${coreutils}/bin/ls From e5e633ca11b4145e7610231056f0cfe1157cb18d Mon Sep 17 00:00:00 2001 From: Matt McHenry Date: Thu, 18 Feb 2016 09:57:15 -0500 Subject: [PATCH 22/30] ant: preserve antRun script --- .../tools/build-managers/apache-ant/default.nix | 9 +++++++-- 1 file changed, 7 insertions(+), 2 deletions(-) diff --git a/pkgs/development/tools/build-managers/apache-ant/default.nix b/pkgs/development/tools/build-managers/apache-ant/default.nix index b15c9065e0e..8816a005ca0 100644 --- a/pkgs/development/tools/build-managers/apache-ant/default.nix +++ b/pkgs/development/tools/build-managers/apache-ant/default.nix @@ -23,9 +23,14 @@ stdenv.mkDerivation { mv * $out/lib/ant/ # Get rid of the manual (35 MiB). Maybe we should put this in a - # separate output. Also get rid of the Ant scripts since we - # provide our own. + # separate output. Keep the antRun script since it's vanilla sh + # and needed for the task (but since we set ANT_HOME to + # a weird value, we have to move antRun to a weird location). + # Get rid of the other Ant scripts since we provide our own. + mv $out/lib/ant/bin/antRun $out/bin/ rm -rf $out/lib/ant/{manual,bin,WHATSNEW} + mkdir $out/lib/ant/bin + mv $out/bin/antRun $out/lib/ant/bin/ # Install ant-contrib. unpackFile $contrib From 584427c69430268a0c2806805dc8f8392299a4e4 Mon Sep 17 00:00:00 2001 From: Asko Soukka Date: Thu, 18 Feb 2016 18:16:15 +0200 Subject: [PATCH 23/30] dockerTools: Fix issue where image name with repository prefix was not supported --- pkgs/build-support/docker/default.nix | 8 +++++--- 1 file changed, 5 insertions(+), 3 deletions(-) diff --git a/pkgs/build-support/docker/default.nix b/pkgs/build-support/docker/default.nix index 55344aad566..8e4a51071e3 100644 --- a/pkgs/build-support/docker/default.nix +++ b/pkgs/build-support/docker/default.nix @@ -267,7 +267,9 @@ EOF let - baseJson = writeText "${name}-config.json" (builtins.toJSON { + baseName = baseNameOf name; + + baseJson = writeText "${baseName}-config.json" (builtins.toJSON { created = "1970-01-01T00:00:01Z"; architecture = "amd64"; os = "linux"; @@ -277,11 +279,11 @@ EOF layer = (if runAsRoot == null then mkPureLayer { inherit baseJson contents extraCommands; } else mkRootLayer { inherit baseJson fromImage fromImageName fromImageTag contents runAsRoot diskSize extraCommands; }); - depsTarball = mkTarball { name = "${name}-deps"; + depsTarball = mkTarball { name = "${baseName}-deps"; drv = layer; onlyDeps = true; }; - result = runCommand "${name}.tar.gz" { + result = runCommand "${baseName}.tar.gz" { buildInputs = [ jshon ]; imageName = name; From 936312879c8a22250947598904f606e6448713a0 Mon Sep 17 00:00:00 2001 From: Mathieu Boespflug Date: Wed, 10 Feb 2016 21:39:44 +0100 Subject: [PATCH 24/30] spark: 1.4 -> 1.6. --- pkgs/applications/networking/cluster/spark/default.nix | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/pkgs/applications/networking/cluster/spark/default.nix b/pkgs/applications/networking/cluster/spark/default.nix index 5e284d4387f..a0abe4f3142 100644 --- a/pkgs/applications/networking/cluster/spark/default.nix +++ b/pkgs/applications/networking/cluster/spark/default.nix @@ -6,11 +6,11 @@ with stdenv.lib; stdenv.mkDerivation rec { name = "spark-${version}"; - version = "1.5.2"; + version = "1.6.0"; src = fetchzip { url = "mirror://apache/spark/${name}/${name}-bin-cdh4.tgz"; - sha256 = "0bgpz3bqj24flrbajzhbkz38fjsd53qmji1kls9izji8vprcjr5v"; + sha256 = "0waq8xx4bjj1yvfbadv1gdvz8s4kh5zasicv2n5623ld6lj7zgad"; }; buildInputs = [ makeWrapper jre pythonPackages.python pythonPackages.numpy ] From 6326172fed599be1125222ffda1abf5ec271ce34 Mon Sep 17 00:00:00 2001 From: Louis Taylor Date: Thu, 18 Feb 2016 17:36:36 +0000 Subject: [PATCH 25/30] redis: 3.0.6 -> 3.0.7 --- pkgs/servers/nosql/redis/default.nix | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/pkgs/servers/nosql/redis/default.nix b/pkgs/servers/nosql/redis/default.nix index dacbaff1835..04bb9fc2bbd 100644 --- a/pkgs/servers/nosql/redis/default.nix +++ b/pkgs/servers/nosql/redis/default.nix @@ -1,12 +1,12 @@ { stdenv, fetchurl }: stdenv.mkDerivation rec { - version = "3.0.6"; + version = "3.0.7"; name = "redis-${version}"; src = fetchurl { url = "http://download.redis.io/releases/${name}.tar.gz"; - sha256 = "092nnxjyaf7h9mnwac5rwjl0ikyyqa44vn426w64hn2534iia7kg"; + sha256 = "08vzfdr67gp3lvk770qpax2c5g2sx8hn6p64jn3jddrvxb2939xj"; }; makeFlags = "PREFIX=$(out)"; From 7b2ac69adae1927602e336981aa96cdbb53f77e3 Mon Sep 17 00:00:00 2001 From: Eelco Dolstra Date: Thu, 18 Feb 2016 19:04:02 +0100 Subject: [PATCH 26/30] aws-sdk-cpp: Allow building some APIS and disabling custom memory management --- pkgs/development/libraries/aws-sdk-cpp/default.nix | 14 ++++++++++---- 1 file changed, 10 insertions(+), 4 deletions(-) diff --git a/pkgs/development/libraries/aws-sdk-cpp/default.nix b/pkgs/development/libraries/aws-sdk-cpp/default.nix index 22fb9facfea..6a881e4245a 100644 --- a/pkgs/development/libraries/aws-sdk-cpp/default.nix +++ b/pkgs/development/libraries/aws-sdk-cpp/default.nix @@ -1,4 +1,9 @@ -{ lib, stdenv, fetchFromGitHub, cmake, curl }: +{ lib, stdenv, fetchFromGitHub, cmake, curl +, # Allow building a limited set of APIs, e.g. ["s3" "ec2"]. + apis ? ["*"] +, # Whether to enable AWS' custom memory management. + customMemoryManagement ? true +}: stdenv.mkDerivation rec { name = "aws-sdk-cpp-${version}"; @@ -13,9 +18,10 @@ stdenv.mkDerivation rec { buildInputs = [ cmake curl ]; - # FIXME: provide flags to build only part of the SDK, or put them in - # different outputs. - # cmakeFlags = "-DBUILD_ONLY=aws-cpp-sdk-s3"; + cmakeFlags = + lib.optional (!customMemoryManagement) "-DCUSTOM_MEMORY_MANAGEMENT=0" + ++ lib.optional (apis != ["*"]) + "-DBUILD_ONLY=${lib.concatMapStringsSep ";" (api: "aws-cpp-sdk-" + api) apis}"; enableParallelBuilding = true; From b2b15113530964fc3c8bef23b41bfb8eabf3a112 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Bj=C3=B8rn=20Forsman?= Date: Thu, 18 Feb 2016 20:28:08 +0100 Subject: [PATCH 27/30] nixos/collectd: add defaultText to package option CC @fpletz --- nixos/modules/services/monitoring/collectd.nix | 1 + 1 file changed, 1 insertion(+) diff --git a/nixos/modules/services/monitoring/collectd.nix b/nixos/modules/services/monitoring/collectd.nix index 414831ae9d4..a3280b08bd0 100644 --- a/nixos/modules/services/monitoring/collectd.nix +++ b/nixos/modules/services/monitoring/collectd.nix @@ -36,6 +36,7 @@ in { package = mkOption { default = pkgs.collectd; + defaultText = "pkgs.collectd"; description = '' Which collectd package to use. ''; From f98a5946b7607ac7541b0122e73c9b9fec69a981 Mon Sep 17 00:00:00 2001 From: Eelco Dolstra Date: Thu, 18 Feb 2016 20:54:52 +0100 Subject: [PATCH 28/30] glibc: 2.21 -> 2.22 --- pkgs/development/libraries/glibc/common.nix | 8 +- .../libraries/glibc/cve-2014-8121.patch | 230 ------------------ .../libraries/glibc/cve-2015-1781.patch | 27 -- .../libraries/glibc/cve-2015-7547.patch | 91 +++---- .../libraries/glibc/security-4a28f4d5.patch | 53 ---- .../libraries/glibc/security-bdf1ff05.patch | 39 --- 6 files changed, 51 insertions(+), 397 deletions(-) delete mode 100644 pkgs/development/libraries/glibc/cve-2014-8121.patch delete mode 100644 pkgs/development/libraries/glibc/cve-2015-1781.patch delete mode 100644 pkgs/development/libraries/glibc/security-4a28f4d5.patch delete mode 100644 pkgs/development/libraries/glibc/security-bdf1ff05.patch diff --git a/pkgs/development/libraries/glibc/common.nix b/pkgs/development/libraries/glibc/common.nix index 45f5c24e959..496440b1039 100644 --- a/pkgs/development/libraries/glibc/common.nix +++ b/pkgs/development/libraries/glibc/common.nix @@ -13,7 +13,7 @@ cross: let - version = "2.21"; + version = "2.22"; in @@ -57,10 +57,6 @@ stdenv.mkDerivation ({ patch extends the search path by "/run/current-system/sw/bin". */ ./fix_path_attribute_in_getconf.patch - ./security-4a28f4d5.patch - ./security-bdf1ff05.patch - ./cve-2014-8121.patch - ./cve-2015-1781.patch ./cve-2015-7547.patch ./glibc-locale-incompatibility.patch @@ -165,7 +161,7 @@ stdenv.mkDerivation ({ } else fetchurl { url = "mirror://gnu/glibc/glibc-${version}.tar.gz"; - sha256 = "0f4prv4c0fcpi85wv4028wqxn075197gwxhgf0vp571fiw2pi3wd"; + sha256 = "1rcby0cqgswgqaxyqz0yqc4zizb1kvpi5vlfqp7dh3sa132109m6"; }; # Remove absolute paths from `configure' & co.; build out-of-tree. diff --git a/pkgs/development/libraries/glibc/cve-2014-8121.patch b/pkgs/development/libraries/glibc/cve-2014-8121.patch deleted file mode 100644 index 95a86259dba..00000000000 --- a/pkgs/development/libraries/glibc/cve-2014-8121.patch +++ /dev/null @@ -1,230 +0,0 @@ -From 03d2730b44cc2236318fd978afa2651753666c55 Mon Sep 17 00:00:00 2001 -From: Florian Weimer -Date: Wed, 29 Apr 2015 14:41:25 +0200 -Subject: [PATCH] CVE-2014-8121: Do not close NSS files database during - iteration [BZ #18007] -MIME-Version: 1.0 -Content-Type: text/plain; charset=utf8 -Content-Transfer-Encoding: 8bit - -Robin Hack discovered Samba would enter an infinite loop processing -certain quota-related requests. We eventually tracked this down to a -glibc issue. - -Running a (simplified) test case under strace shows that /etc/passwd -is continuously opened and closed: - -… -open("/etc/passwd", O_RDONLY|O_CLOEXEC) = 3 -lseek(3, 0, SEEK_CUR) = 0 -read(3, "root:x:0:0:root:/root:/bin/bash\n"..., 4096) = 2717 -lseek(3, 2717, SEEK_SET) = 2717 -close(3) = 0 -open("/etc/passwd", O_RDONLY|O_CLOEXEC) = 3 -lseek(3, 0, SEEK_CUR) = 0 -lseek(3, 0, SEEK_SET) = 0 -read(3, "root:x:0:0:root:/root:/bin/bash\n"..., 4096) = 2717 -lseek(3, 2717, SEEK_SET) = 2717 -close(3) = 0 -open("/etc/passwd", O_RDONLY|O_CLOEXEC) = 3 -lseek(3, 0, SEEK_CUR) = 0 -… - -The lookup function implementation in -nss/nss_files/files-XXX.c:DB_LOOKUP has code to prevent that. It is -supposed skip closing the input file if it was already open. - - /* Reset file pointer to beginning or open file. */ \ - status = internal_setent (keep_stream); \ - \ - if (status == NSS_STATUS_SUCCESS) \ - { \ - /* Tell getent function that we have repositioned the file pointer. */ \ - last_use = getby; \ - \ - while ((status = internal_getent (result, buffer, buflen, errnop \ - H_ERRNO_ARG EXTRA_ARGS_VALUE)) \ - == NSS_STATUS_SUCCESS) \ - { break_if_match } \ - \ - if (! keep_stream) \ - internal_endent (); \ - } \ - -keep_stream is initialized from the stayopen flag in internal_setent. -internal_setent is called from the set*ent implementation as: - - status = internal_setent (stayopen); - -However, for non-host database, this flag is always 0, per the -STAYOPEN magic in nss/getXXent_r.c. - -Thus, the fix is this: - -- status = internal_setent (stayopen); -+ status = internal_setent (1); - -This is not a behavioral change even for the hosts database (where the -application can specify the stayopen flag) because with a call to -sethostent(0), the file handle is still not closed in the -implementation of gethostent. ---- - ChangeLog | 8 ++++ - NEWS | 12 +++-- - nss/Makefile | 2 +- - nss/nss_files/files-XXX.c | 2 +- - nss/tst-nss-getpwent.c | 118 ++++++++++++++++++++++++++++++++++++++++++++++ - 5 files changed, 136 insertions(+), 6 deletions(-) - create mode 100644 nss/tst-nss-getpwent.c - -diff --git a/nss/Makefile b/nss/Makefile -index d75dad2..65ab7b5 100644 ---- a/nss/Makefile -+++ b/nss/Makefile -@@ -47,7 +47,7 @@ install-bin := getent makedb - makedb-modules = xmalloc hash-string - extra-objs += $(makedb-modules:=.o) - --tests = test-netdb tst-nss-test1 test-digits-dots -+tests = test-netdb tst-nss-test1 test-digits-dots tst-nss-getpwent - xtests = bug-erange - - # Specify rules for the nss_* modules. We have some services. -diff --git a/nss/nss_files/files-XXX.c b/nss/nss_files/files-XXX.c -index a7a45e5..a7ce5ea 100644 ---- a/nss/nss_files/files-XXX.c -+++ b/nss/nss_files/files-XXX.c -@@ -134,7 +134,7 @@ CONCAT(_nss_files_set,ENTNAME) (int stayopen) - - __libc_lock_lock (lock); - -- status = internal_setent (stayopen); -+ status = internal_setent (1); - - if (status == NSS_STATUS_SUCCESS && fgetpos (stream, &position) < 0) - { -diff --git a/nss/tst-nss-getpwent.c b/nss/tst-nss-getpwent.c -new file mode 100644 -index 0000000..f2e8abc ---- /dev/null -+++ b/nss/tst-nss-getpwent.c -@@ -0,0 +1,118 @@ -+/* Copyright (C) 2015 Free Software Foundation, Inc. -+ This file is part of the GNU C Library. -+ -+ The GNU C Library is free software; you can redistribute it and/or -+ modify it under the terms of the GNU Lesser General Public -+ License as published by the Free Software Foundation; either -+ version 2.1 of the License, or (at your option) any later version. -+ -+ The GNU C Library is distributed in the hope that it will be useful, -+ but WITHOUT ANY WARRANTY; without even the implied warranty of -+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU -+ Lesser General Public License for more details. -+ -+ You should have received a copy of the GNU Lesser General Public -+ License along with the GNU C Library; if not, see -+ . */ -+ -+#include -+#include -+#include -+#include -+#include -+ -+int -+do_test (void) -+{ -+ /* Count the number of entries in the password database, and fetch -+ data from the first and last entries. */ -+ size_t count = 0; -+ struct passwd * pw; -+ char *first_name = NULL; -+ uid_t first_uid = 0; -+ char *last_name = NULL; -+ uid_t last_uid = 0; -+ setpwent (); -+ while ((pw = getpwent ()) != NULL) -+ { -+ if (first_name == NULL) -+ { -+ first_name = strdup (pw->pw_name); -+ if (first_name == NULL) -+ { -+ printf ("strdup: %m\n"); -+ return 1; -+ } -+ first_uid = pw->pw_uid; -+ } -+ -+ free (last_name); -+ last_name = strdup (pw->pw_name); -+ if (last_name == NULL) -+ { -+ printf ("strdup: %m\n"); -+ return 1; -+ } -+ last_uid = pw->pw_uid; -+ ++count; -+ } -+ endpwent (); -+ -+ if (count == 0) -+ { -+ printf ("No entries in the password database.\n"); -+ return 0; -+ } -+ -+ /* Try again, this time interleaving with name-based and UID-based -+ lookup operations. The counts do not match if the interleaved -+ lookups affected the enumeration. */ -+ size_t new_count = 0; -+ setpwent (); -+ while ((pw = getpwent ()) != NULL) -+ { -+ if (new_count == count) -+ { -+ printf ("Additional entry in the password database.\n"); -+ return 1; -+ } -+ ++new_count; -+ struct passwd *pw2 = getpwnam (first_name); -+ if (pw2 == NULL) -+ { -+ printf ("getpwnam (%s) failed: %m\n", first_name); -+ return 1; -+ } -+ pw2 = getpwnam (last_name); -+ if (pw2 == NULL) -+ { -+ printf ("getpwnam (%s) failed: %m\n", last_name); -+ return 1; -+ } -+ pw2 = getpwuid (first_uid); -+ if (pw2 == NULL) -+ { -+ printf ("getpwuid (%llu) failed: %m\n", -+ (unsigned long long) first_uid); -+ return 1; -+ } -+ pw2 = getpwuid (last_uid); -+ if (pw2 == NULL) -+ { -+ printf ("getpwuid (%llu) failed: %m\n", -+ (unsigned long long) last_uid); -+ return 1; -+ } -+ } -+ endpwent (); -+ if (new_count < count) -+ { -+ printf ("Missing entry in the password database.\n"); -+ return 1; -+ } -+ -+ return 0; -+} -+ -+#define TEST_FUNCTION do_test () -+#include "../test-skeleton.c" - diff --git a/pkgs/development/libraries/glibc/cve-2015-1781.patch b/pkgs/development/libraries/glibc/cve-2015-1781.patch deleted file mode 100644 index 6831d5ac742..00000000000 --- a/pkgs/development/libraries/glibc/cve-2015-1781.patch +++ /dev/null @@ -1,27 +0,0 @@ -From 2959eda9272a033863c271aff62095abd01bd4e3 Mon Sep 17 00:00:00 2001 -From: Arjun Shankar -Date: Tue, 21 Apr 2015 14:06:31 +0200 -Subject: [PATCH] CVE-2015-1781: resolv/nss_dns/dns-host.c buffer overflow - [BZ#18287] - ---- - ChangeLog | 6 ++++++ - NEWS | 9 ++++++++- - resolv/nss_dns/dns-host.c | 3 ++- - 3 files changed, 16 insertions(+), 2 deletions(-) - -diff --git a/resolv/nss_dns/dns-host.c b/resolv/nss_dns/dns-host.c -index b16b0dd..d8c5579 100644 ---- a/resolv/nss_dns/dns-host.c -+++ b/resolv/nss_dns/dns-host.c -@@ -615,7 +615,8 @@ getanswer_r (const querybuf *answer, int anslen, const char *qname, int qtype, - int have_to_map = 0; - uintptr_t pad = -(uintptr_t) buffer % __alignof__ (struct host_data); - buffer += pad; -- if (__glibc_unlikely (buflen < sizeof (struct host_data) + pad)) -+ buflen = buflen > pad ? buflen - pad : 0; -+ if (__glibc_unlikely (buflen < sizeof (struct host_data))) - { - /* The buffer is too small. */ - too_small: - diff --git a/pkgs/development/libraries/glibc/cve-2015-7547.patch b/pkgs/development/libraries/glibc/cve-2015-7547.patch index 9bf0bcc388c..55d58c16698 100644 --- a/pkgs/development/libraries/glibc/cve-2015-7547.patch +++ b/pkgs/development/libraries/glibc/cve-2015-7547.patch @@ -1,23 +1,31 @@ +commit b995d95a5943785be3ab862b2d3276f3b4a22481 +Author: Carlos O'Donell +Date: Tue Feb 16 21:26:37 2016 -0500 -CVE-2015-7547 - -2016-02-15 Carlos O'Donell - - [BZ #18665] - * resolv/nss_dns/dns-host.c (gaih_getanswer_slice): Always set - *herrno_p. - (gaih_getanswer): Document functional behviour. Return tryagain - if any result is tryagain. - * resolv/res_query.c (__libc_res_nsearch): Set buffer size to zero - when freed. - * resolv/res_send.c: Add copyright text. - (__libc_res_nsend): Document that MAXPACKET is expected. - (send_vc): Document. Remove buffer reuse. - (send_dg): Document. Remove buffer reuse. Set *thisanssizp to set the - size of the buffer. Add Dprint for truncated UDP buffer. + CVE-2015-7547: getaddrinfo() stack-based buffer overflow (Bug 18665). + + * A stack-based buffer overflow was found in libresolv when invoked from + libnss_dns, allowing specially crafted DNS responses to seize control + of execution flow in the DNS client. The buffer overflow occurs in + the functions send_dg (send datagram) and send_vc (send TCP) for the + NSS module libnss_dns.so.2 when calling getaddrinfo with AF_UNSPEC + family. The use of AF_UNSPEC triggers the low-level resolver code to + send out two parallel queries for A and AAAA. A mismanagement of the + buffers used for those queries could result in the response of a query + writing beyond the alloca allocated buffer created by + _nss_dns_gethostbyname4_r. Buffer management is simplified to remove + the overflow. Thanks to the Google Security Team and Red Hat for + reporting the security impact of this issue, and Robert Holiday of + Ciena for reporting the related bug 18665. (CVE-2015-7547) + + See also: + https://sourceware.org/ml/libc-alpha/2016-02/msg00416.html + https://sourceware.org/ml/libc-alpha/2016-02/msg00418.html + + (cherry picked from commit e9db92d3acfe1822d56d11abcea5bfc4c41cf6ca) diff --git a/resolv/nss_dns/dns-host.c b/resolv/nss_dns/dns-host.c -index a255d5e..47cfe27 100644 +index 357ac04..a0fe9a8 100644 --- a/resolv/nss_dns/dns-host.c +++ b/resolv/nss_dns/dns-host.c @@ -1031,7 +1031,10 @@ gaih_getanswer_slice (const querybuf *answer, int anslen, const char *qname, @@ -69,8 +77,8 @@ index a255d5e..47cfe27 100644 + expected application behaviour. Some of the synthesized responses + aren't very well thought out and sometimes appear to imply that + IPv4 responses are always answer 1, and IPv6 responses are always -+ answer 2, but that's not true (see the implemetnation of send_dg -+ and send_vc to see response can arrive in any order, particlarly ++ answer 2, but that's not true (see the implementation of send_dg ++ and send_vc to see response can arrive in any order, particularly + for UDP). However, we expect it holds roughly enough of the time + that this code works, but certainly needs to be fixed to make this + a more robust implementation. @@ -107,12 +115,12 @@ index a255d5e..47cfe27 100644 + ---------------------------------------------- + + [1] If the first response is a success we return success. -+ This ignores the state of the second answer and in fact -+ incorrectly sets errno and h_errno to that of the second ++ This ignores the state of the second answer and in fact ++ incorrectly sets errno and h_errno to that of the second + answer. However because the response is a success we ignore + *errnop and *h_errnop (though that means you touched errno on -+ success). We are being conservative here and returning the -+ likely IPv4 response in the first answer as a success. ++ success). We are being conservative here and returning the ++ likely IPv4 response in the first answer as a success. + + [2] If the first response is a recoverable TRYAGAIN we return + that instead of looking at the second response. The @@ -158,7 +166,7 @@ index a255d5e..47cfe27 100644 if (status != NSS_STATUS_SUCCESS && status2 != NSS_STATUS_NOTFOUND) status = status2; + /* Do not return a truncated second response (unless it was -+ unavoidable e.g. unrecoverable TRYAGAIN). */ ++ unavoidable e.g. unrecoverable TRYAGAIN). */ + if (status == NSS_STATUS_SUCCESS + && (status2 == NSS_STATUS_TRYAGAIN + && *errnop == ERANGE && *h_errnop != NO_RECOVERY)) @@ -195,7 +203,7 @@ index 4a9b3b3..95470a9 100644 } if (saved_herrno != -1) diff --git a/resolv/res_send.c b/resolv/res_send.c -index a968b95..21843f1 100644 +index 5e53cc2..6511bb1 100644 --- a/resolv/res_send.c +++ b/resolv/res_send.c @@ -1,3 +1,20 @@ @@ -219,7 +227,7 @@ index a968b95..21843f1 100644 /* * Copyright (c) 1985, 1989, 1993 * The Regents of the University of California. All rights reserved. -@@ -355,6 +372,8 @@ __libc_res_nsend(res_state statp, const u_char *buf, int buflen, +@@ -363,6 +380,8 @@ __libc_res_nsend(res_state statp, const u_char *buf, int buflen, #ifdef USE_HOOKS if (__glibc_unlikely (statp->qhook || statp->rhook)) { if (anssiz < MAXPACKET && ansp) { @@ -228,7 +236,7 @@ index a968b95..21843f1 100644 u_char *buf = malloc (MAXPACKET); if (buf == NULL) return (-1); -@@ -630,6 +649,77 @@ get_nsaddr (res_state statp, int n) +@@ -638,6 +657,77 @@ get_nsaddr (res_state statp, int n) return (struct sockaddr *) (void *) &statp->nsaddr_list[n]; } @@ -270,7 +278,7 @@ index a968b95..21843f1 100644 + are needed but ANSCP is NULL, then as much of the response as + possible is read into the buffer, but the results will be truncated. + When truncation happens because of a small answer buffer the DNS -+ packets header feild TC will bet set to 1, indicating a truncated ++ packets header field TC will bet set to 1, indicating a truncated + message and the rest of the socket data will be read and discarded. + + Answers to the query are stored secondly in *ANSP2 up to a max of @@ -306,7 +314,7 @@ index a968b95..21843f1 100644 static int send_vc(res_state statp, const u_char *buf, int buflen, const u_char *buf2, int buflen2, -@@ -639,11 +729,7 @@ send_vc(res_state statp, +@@ -647,11 +737,7 @@ send_vc(res_state statp, { const HEADER *hp = (HEADER *) buf; const HEADER *hp2 = (HEADER *) buf2; @@ -316,19 +324,19 @@ index a968b95..21843f1 100644 - // int anssiz = *anssizp; - HEADER *anhp = (HEADER *) ans; + HEADER *anhp = (HEADER *) *ansp; - struct sockaddr_in6 *nsap = EXT(statp).nsaddrs[ns]; + struct sockaddr *nsap = get_nsaddr (statp, ns); int truncating, connreset, n; /* On some architectures compiler might emit a warning indicating -@@ -731,6 +817,8 @@ send_vc(res_state statp, +@@ -743,6 +829,8 @@ send_vc(res_state statp, * Receive length & response */ int recvresp1 = 0; + /* Skip the second response if there is no second query. -+ To do that we mark the second response as received. */ ++ To do that we mark the second response as received. */ int recvresp2 = buf2 == NULL; uint16_t rlen16; read_len: -@@ -767,40 +855,14 @@ send_vc(res_state statp, +@@ -779,40 +867,14 @@ send_vc(res_state statp, u_char **thisansp; int *thisresplenp; if ((recvresp1 | recvresp2) == 0 || buf2 == NULL) { @@ -372,7 +380,7 @@ index a968b95..21843f1 100644 thisanssizp = anssizp2; thisansp = ansp2; thisresplenp = resplen2; -@@ -804,10 +870,14 @@ send_vc(res_state statp, +@@ -820,10 +882,14 @@ send_vc(res_state statp, anhp = (HEADER *) *thisansp; *thisresplenp = rlen; @@ -391,7 +399,7 @@ index a968b95..21843f1 100644 u_char *newp = malloc (MAXPACKET); if (newp == NULL) { *terrno = ENOMEM; -@@ -819,6 +889,9 @@ send_vc(res_state statp, +@@ -835,6 +901,9 @@ send_vc(res_state statp, if (thisansp == ansp2) *ansp2_malloced = 1; anhp = (HEADER *) newp; @@ -401,7 +409,7 @@ index a968b95..21843f1 100644 len = rlen; } else { Dprint(statp->options & RES_DEBUG, -@@ -948,6 +1021,66 @@ reopen (res_state statp, int *terrno, int ns) +@@ -997,6 +1066,66 @@ reopen (res_state statp, int *terrno, int ns) return 1; } @@ -425,7 +433,7 @@ index a968b95..21843f1 100644 + are needed but ANSCP is NULL, then as much of the response as + possible is read into the buffer, but the results will be truncated. + When truncation happens because of a small answer buffer the DNS -+ packets header feild TC will bet set to 1, indicating a truncated ++ packets header field TC will bet set to 1, indicating a truncated + message, while the rest of the UDP packet is discarded. + + Answers to the query are stored secondly in *ANSP2 up to a max of @@ -468,7 +476,7 @@ index a968b95..21843f1 100644 static int send_dg(res_state statp, const u_char *buf, int buflen, const u_char *buf2, int buflen2, -@@ -957,8 +1090,6 @@ send_dg(res_state statp, +@@ -1006,8 +1135,6 @@ send_dg(res_state statp, { const HEADER *hp = (HEADER *) buf; const HEADER *hp2 = (HEADER *) buf2; @@ -477,16 +485,16 @@ index a968b95..21843f1 100644 struct timespec now, timeout, finish; struct pollfd pfd[1]; int ptimeout; -@@ -991,6 +1122,8 @@ send_dg(res_state statp, +@@ -1040,6 +1167,8 @@ send_dg(res_state statp, int need_recompute = 0; int nwritten = 0; int recvresp1 = 0; + /* Skip the second response if there is no second query. -+ To do that we mark the second response as received. */ ++ To do that we mark the second response as received. */ int recvresp2 = buf2 == NULL; pfd[0].fd = EXT(statp).nssocks[ns]; pfd[0].events = POLLOUT; -@@ -1154,55 +1287,56 @@ send_dg(res_state statp, +@@ -1203,55 +1332,56 @@ send_dg(res_state statp, int *thisresplenp; if ((recvresp1 | recvresp2) == 0 || buf2 == NULL) { @@ -570,4 +578,3 @@ index a968b95..21843f1 100644 HEADER *anhp = (HEADER *) *thisansp; socklen_t fromlen = sizeof(struct sockaddr_in6); assert (sizeof(from) <= fromlen); - diff --git a/pkgs/development/libraries/glibc/security-4a28f4d5.patch b/pkgs/development/libraries/glibc/security-4a28f4d5.patch deleted file mode 100644 index 25f994d859c..00000000000 --- a/pkgs/development/libraries/glibc/security-4a28f4d5.patch +++ /dev/null @@ -1,53 +0,0 @@ -From 4a28f4d55a6cc33474c0792fe93b5942d81bf185 Mon Sep 17 00:00:00 2001 -From: Andreas Schwab -Date: Thu, 26 Feb 2015 14:55:24 +0100 -Subject: [PATCH] Fix read past end of pattern in fnmatch (bug 18032) - ---- - ChangeLog | 7 +++++++ - NEWS | 2 +- - posix/fnmatch_loop.c | 5 ++--- - posix/tst-fnmatch3.c | 8 +++++--- - 4 files changed, 15 insertions(+), 7 deletions(-) - -diff --git a/posix/fnmatch_loop.c b/posix/fnmatch_loop.c -index c0cb2fc..72c5d8f 100644 ---- a/posix/fnmatch_loop.c -+++ b/posix/fnmatch_loop.c -@@ -945,14 +945,13 @@ FCT (pattern, string, string_end, no_leading_period, flags, ends, alloca_used) - } - else if (c == L('[') && *p == L('.')) - { -- ++p; - while (1) - { - c = *++p; -- if (c == '\0') -+ if (c == L('\0')) - return FNM_NOMATCH; - -- if (*p == L('.') && p[1] == L(']')) -+ if (c == L('.') && p[1] == L(']')) - break; - } - p += 2; -diff --git a/posix/tst-fnmatch3.c b/posix/tst-fnmatch3.c -index d27a557..75bc00a 100644 ---- a/posix/tst-fnmatch3.c -+++ b/posix/tst-fnmatch3.c -@@ -21,9 +21,11 @@ - int - do_test (void) - { -- const char *pattern = "[[:alpha:]'[:alpha:]\0]"; -- -- return fnmatch (pattern, "a", 0) != FNM_NOMATCH; -+ if (fnmatch ("[[:alpha:]'[:alpha:]\0]", "a", 0) != FNM_NOMATCH) -+ return 1; -+ if (fnmatch ("[a[.\0.]]", "a", 0) != FNM_NOMATCH) -+ return 1; -+ return 0; - } - - #define TEST_FUNCTION do_test () - diff --git a/pkgs/development/libraries/glibc/security-bdf1ff05.patch b/pkgs/development/libraries/glibc/security-bdf1ff05.patch deleted file mode 100644 index b4175694f91..00000000000 --- a/pkgs/development/libraries/glibc/security-bdf1ff05.patch +++ /dev/null @@ -1,39 +0,0 @@ -From bdf1ff052a8e23d637f2c838fa5642d78fcedc33 Mon Sep 17 00:00:00 2001 -From: Paul Pluzhnikov -Date: Sun, 22 Feb 2015 12:01:47 -0800 -Subject: [PATCH] Fix BZ #17269 -- _IO_wstr_overflow integer overflow - ---- - ChangeLog | 6 ++++++ - NEWS | 6 +++--- - libio/wstrops.c | 8 +++++++- - 3 files changed, 16 insertions(+), 4 deletions(-) - -diff --git a/libio/wstrops.c b/libio/wstrops.c -index 43d847d..3993579 100644 ---- a/libio/wstrops.c -+++ b/libio/wstrops.c -@@ -95,8 +95,11 @@ _IO_wstr_overflow (fp, c) - wchar_t *old_buf = fp->_wide_data->_IO_buf_base; - size_t old_wblen = _IO_wblen (fp); - _IO_size_t new_size = 2 * old_wblen + 100; -- if (new_size < old_wblen) -+ -+ if (__glibc_unlikely (new_size < old_wblen) -+ || __glibc_unlikely (new_size > SIZE_MAX / sizeof (wchar_t))) - return EOF; -+ - new_buf - = (wchar_t *) (*((_IO_strfile *) fp)->_s._allocate_buffer) (new_size - * sizeof (wchar_t)); -@@ -186,6 +189,9 @@ enlarge_userbuf (_IO_FILE *fp, _IO_off64_t offset, int reading) - return 1; - - _IO_size_t newsize = offset + 100; -+ if (__glibc_unlikely (newsize > SIZE_MAX / sizeof (wchar_t))) -+ return 1; -+ - wchar_t *oldbuf = wd->_IO_buf_base; - wchar_t *newbuf - = (wchar_t *) (*((_IO_strfile *) fp)->_s._allocate_buffer) (newsize - From 1ab14aad7ad61fead6bc93145d1169eca91d7b91 Mon Sep 17 00:00:00 2001 From: Eelco Dolstra Date: Thu, 18 Feb 2016 21:11:15 +0100 Subject: [PATCH 29/30] glibc: Drop hurd support This hasn't been maintained since 2012. Also, renamed glibc's kernelHeaders argument to linuxHeaders. --- pkgs/development/libraries/glibc/builder.sh | 15 +--- pkgs/development/libraries/glibc/common.nix | 86 ++++++------------- pkgs/development/libraries/glibc/default.nix | 28 +----- pkgs/development/libraries/glibc/info.nix | 4 +- pkgs/development/libraries/glibc/locales.nix | 4 +- .../linux/cpufrequtils/default.nix | 2 +- pkgs/os-specific/linux/dietlibc/default.nix | 2 +- pkgs/tools/networking/nbd/default.nix | 4 +- pkgs/top-level/all-packages.nix | 6 +- 9 files changed, 43 insertions(+), 108 deletions(-) diff --git a/pkgs/development/libraries/glibc/builder.sh b/pkgs/development/libraries/glibc/builder.sh index 2836063e3bf..d0684d6194d 100644 --- a/pkgs/development/libraries/glibc/builder.sh +++ b/pkgs/development/libraries/glibc/builder.sh @@ -22,22 +22,11 @@ postInstall() { test -f $out/etc/ld.so.cache && rm $out/etc/ld.so.cache - # FIXME: Use `test -n $linuxHeaders' when `kernelHeaders' has been - # renamed. - if test -z "$hurdHeaders"; then + if test -n "$linuxHeaders"; then # Include the Linux kernel headers in Glibc, except the `scsi' # subdirectory, which Glibc provides itself. (cd $out/include && \ - ln -sv $(ls -d $kernelHeaders/include/* | grep -v 'scsi$') .) - fi - - if test -f "$out/lib/libhurduser.so"; then - # libc.so, libhurduser.so, and libmachuser.so depend on each - # other, so add them to libc.so (a RUNPATH on libc.so.0.3 - # would be ignored by the cross-linker.) - echo "adding \`libhurduser.so' and \`libmachuser.so' to the \`libc.so' linker script..." - sed -i "$out/lib/libc.so" \ - -e"s|\(libc\.so\.[^ ]\+\>\)|\1 $out/lib/libhurduser.so $out/lib/libmachuser.so|g" + ln -sv $(ls -d $linuxHeaders/include/* | grep -v 'scsi$') .) fi # Fix for NIXOS-54 (ldd not working on x86_64). Make a symlink diff --git a/pkgs/development/libraries/glibc/common.nix b/pkgs/development/libraries/glibc/common.nix index 496440b1039..6a468657716 100644 --- a/pkgs/development/libraries/glibc/common.nix +++ b/pkgs/development/libraries/glibc/common.nix @@ -3,10 +3,8 @@ cross: -{ name, fetchurl, fetchgit ? null, stdenv, installLocales ? false -, gccCross ? null, kernelHeaders ? null -, machHeaders ? null, hurdHeaders ? null, libpthreadHeaders ? null -, mig ? null +{ name, fetchurl, lib, stdenv, installLocales ? false +, gccCross ? null, linuxHeaders ? null , profilingLibraries ? false, meta , withGd ? false, gd ? null, libpng ? null , preConfigure ? "", ... }@args: @@ -18,12 +16,9 @@ let in assert cross != null -> gccCross != null; -assert mig != null -> machHeaders != null; -assert machHeaders != null -> hurdHeaders != null; -assert hurdHeaders != null -> libpthreadHeaders != null; stdenv.mkDerivation ({ - inherit kernelHeaders installLocales; + inherit linuxHeaders installLocales; # The host/target system. crossConfig = if cross != null then cross.config else null; @@ -32,9 +27,7 @@ stdenv.mkDerivation ({ enableParallelBuilding = true; - /* Don't try to apply these patches to the Hurd's snapshot, which is - older. */ - patches = stdenv.lib.optionals (hurdHeaders == null) + patches = [ /* Have rpcgen(1) look for cpp(1) in $PATH. */ ./rpcgen-path.patch @@ -96,36 +89,35 @@ stdenv.mkDerivation ({ "--sysconfdir=/etc" "--localedir=/var/run/current-system/sw/lib/locale" "libc_cv_ssp=no" - (if kernelHeaders != null - then "--with-headers=${kernelHeaders}/include" + (if linuxHeaders != null + then "--with-headers=${linuxHeaders}/include" else "--without-headers") (if profilingLibraries then "--enable-profile" else "--disable-profile") - ] ++ stdenv.lib.optionals (cross == null && kernelHeaders != null) [ + ] ++ lib.optionals (cross == null && linuxHeaders != null) [ "--enable-kernel=2.6.32" - ] ++ stdenv.lib.optionals (cross != null) [ + ] ++ lib.optionals (cross != null) [ (if cross.withTLS then "--with-tls" else "--without-tls") (if cross.float == "soft" then "--without-fp" else "--with-fp") - ] ++ stdenv.lib.optionals (cross != null + ] ++ lib.optionals (cross != null && cross.platform ? kernelMajor && cross.platform.kernelMajor == "2.6") [ "--enable-kernel=2.6.0" "--with-__thread" - ] ++ stdenv.lib.optionals (cross == null && stdenv.isArm) [ + ] ++ lib.optionals (cross == null && stdenv.isArm) [ "--host=arm-linux-gnueabi" "--build=arm-linux-gnueabi" # To avoid linking with -lgcc_s (dynamic link) # so the glibc does not depend on its compiler store path "libc_cv_as_needed=no" - ] ++ stdenv.lib.optional withGd "--with-gd"; + ] ++ lib.optional withGd "--with-gd"; installFlags = [ "sysconfdir=$(out)/etc" ]; - buildInputs = stdenv.lib.optionals (cross != null) [ gccCross ] - ++ stdenv.lib.optional (mig != null) mig - ++ stdenv.lib.optionals withGd [ gd libpng ]; + buildInputs = lib.optionals (cross != null) [ gccCross ] + ++ lib.optionals withGd [ gd libpng ]; # Needed to install share/zoneinfo/zone.tab. Set to impure /bin/sh to # prevent a retained dependency on the bootstrap tools in the stdenv-linux @@ -137,32 +129,22 @@ stdenv.mkDerivation ({ # I.e. when gcc is compiled with --with-arch=i686, then the # preprocessor symbol `__i686' will be defined to `1'. This causes # the symbol __i686.get_pc_thunk.dx to be mangled. - NIX_CFLAGS_COMPILE = stdenv.lib.optionalString (stdenv.system == "i686-linux") "-U__i686" + NIX_CFLAGS_COMPILE = lib.optionalString (stdenv.system == "i686-linux") "-U__i686" + " -Wno-error=strict-prototypes"; } # Remove the `gccCross' attribute so that the *native* glibc store path # doesn't depend on whether `gccCross' is null or not. -// (removeAttrs args [ "gccCross" "fetchurl" "fetchgit" "withGd" "gd" "libpng" ]) // +// (removeAttrs args [ "lib" "gccCross" "fetchurl" "withGd" "gd" "libpng" ]) // { name = name + "-${version}" + - stdenv.lib.optionalString (cross != null) "-${cross.config}"; + lib.optionalString (cross != null) "-${cross.config}"; - src = - if hurdHeaders != null - then fetchgit { - # Shamefully the "official" glibc won't build on GNU, so use the one - # maintained by the Hurd folks, `tschwinge/Roger_Whittaker' branch. - # See . - url = "git://git.sv.gnu.org/hurd/glibc.git"; - sha256 = "cecec9dd5a2bafc875c56b058b6d7628a22b250b53747513dec304f31ffdb82d"; - rev = "d3cdecf18e6550b0984a42b43ed48c5fb26501e1"; - } - else fetchurl { - url = "mirror://gnu/glibc/glibc-${version}.tar.gz"; - sha256 = "1rcby0cqgswgqaxyqz0yqc4zizb1kvpi5vlfqp7dh3sa132109m6"; - }; + src = fetchurl { + url = "mirror://gnu/glibc/glibc-${version}.tar.gz"; + sha256 = "1rcby0cqgswgqaxyqz0yqc4zizb1kvpi5vlfqp7dh3sa132109m6"; + }; # Remove absolute paths from `configure' & co.; build out-of-tree. preConfigure = '' @@ -178,17 +160,18 @@ stdenv.mkDerivation ({ configureScript="`pwd`/../$sourceRoot/configure" - ${stdenv.lib.optionalString (stdenv.cc.libc != null) + ${lib.optionalString (stdenv.cc.libc != null) ''makeFlags="$makeFlags BUILD_LDFLAGS=-Wl,-rpath,${stdenv.cc.libc}/lib"'' } ${preConfigure} ''; + preBuild = lib.optionalString withGd "unset NIX_DONT_SET_RPATH"; + meta = { homepage = http://www.gnu.org/software/libc/; - description = "The GNU C Library" - + stdenv.lib.optionalString (hurdHeaders != null) ", for GNU/Hurd"; + description = "The GNU C Library"; longDescription = '' Any Unix-like operating system needs a C library: the library which @@ -199,24 +182,9 @@ stdenv.mkDerivation ({ most systems with the Linux kernel. ''; - license = stdenv.lib.licenses.lgpl2Plus; + license = lib.licenses.lgpl2Plus; - maintainers = [ ]; - #platforms = stdenv.lib.platforms.linux; + maintainers = [ lib.maintainers.eelco ]; + #platforms = lib.platforms.linux; } // meta; -} - -// stdenv.lib.optionalAttrs withGd { - preBuild = "unset NIX_DONT_SET_RPATH"; -} - -// stdenv.lib.optionalAttrs (hurdHeaders != null) { - # Work around the fact that the configure snippet that looks for - # does not honor `--with-headers=$sysheaders' and that - # glibc expects Mach, Hurd, and pthread headers to be in the same place. - CPATH = "${hurdHeaders}/include:${machHeaders}/include:${libpthreadHeaders}/include"; - - # Install NSS stuff in the right place. - # XXX: This will be needed for all new glibcs and isn't Hurd-specific. - makeFlags = ''vardbdir="$out/var/db"''; }) diff --git a/pkgs/development/libraries/glibc/default.nix b/pkgs/development/libraries/glibc/default.nix index 08eaf555e02..5e25c2dc8bc 100644 --- a/pkgs/development/libraries/glibc/default.nix +++ b/pkgs/development/libraries/glibc/default.nix @@ -1,6 +1,4 @@ -{ stdenv, fetchurl, fetchgit ? null, kernelHeaders -, machHeaders ? null, hurdHeaders ? null, libpthreadHeaders ? null -, mig ? null +{ lib, stdenv, fetchurl, linuxHeaders , installLocales ? true , profilingLibraries ? false , gccCross ? null @@ -16,11 +14,10 @@ let in build cross ({ name = "glibc" - + stdenv.lib.optionalString (hurdHeaders != null) "-hurd" - + stdenv.lib.optionalString debugSymbols "-debug" - + stdenv.lib.optionalString withGd "-gd"; + + lib.optionalString debugSymbols "-debug" + + lib.optionalString withGd "-gd"; - inherit fetchurl fetchgit stdenv kernelHeaders installLocales + inherit lib stdenv fetchurl linuxHeaders installLocales profilingLibraries gccCross withGd gd libpng; builder = ./builder.sh; @@ -58,23 +55,6 @@ in // - (if hurdHeaders != null - then rec { - inherit machHeaders hurdHeaders libpthreadHeaders mig fetchgit; - - propagatedBuildInputs = [ machHeaders hurdHeaders libpthreadHeaders ]; - - passthru = { - # When building GCC itself `propagatedBuildInputs' above is not - # honored, so we pass it here so that the GCC builder can do the right - # thing. - inherit propagatedBuildInputs; - }; - } - else { }) - - // - (if cross != null then { preConfigure = '' diff --git a/pkgs/development/libraries/glibc/info.nix b/pkgs/development/libraries/glibc/info.nix index e4cdb42dd68..1e60856430d 100644 --- a/pkgs/development/libraries/glibc/info.nix +++ b/pkgs/development/libraries/glibc/info.nix @@ -1,4 +1,4 @@ -{ stdenv, fetchurl, texinfo, perl }: +{ lib, stdenv, fetchurl, texinfo, perl }: let build = import ./common.nix; in @@ -6,7 +6,7 @@ let build = import ./common.nix; in build null { name = "glibc-info"; - inherit fetchurl stdenv; + inherit fetchurl stdenv lib; configureFlags = [ "--enable-add-ons" ]; diff --git a/pkgs/development/libraries/glibc/locales.nix b/pkgs/development/libraries/glibc/locales.nix index cbf7af22cac..9607d7ecb22 100644 --- a/pkgs/development/libraries/glibc/locales.nix +++ b/pkgs/development/libraries/glibc/locales.nix @@ -6,14 +6,14 @@ http://sourceware.org/cgi-bin/cvsweb.cgi/libc/localedata/SUPPORTED?cvsroot=glibc */ -{ stdenv, fetchurl, writeText, allLocales ? true, locales ? ["en_US.UTF-8/UTF-8"] }: +{ lib, stdenv, fetchurl, writeText, allLocales ? true, locales ? ["en_US.UTF-8/UTF-8"] }: let build = import ./common.nix; in build null { name = "glibc-locales"; - inherit fetchurl stdenv; + inherit fetchurl stdenv lib; installLocales = true; builder = ./locales-builder.sh; diff --git a/pkgs/os-specific/linux/cpufrequtils/default.nix b/pkgs/os-specific/linux/cpufrequtils/default.nix index b7822035c20..65be409a75e 100644 --- a/pkgs/os-specific/linux/cpufrequtils/default.nix +++ b/pkgs/os-specific/linux/cpufrequtils/default.nix @@ -21,7 +21,7 @@ stdenv.mkDerivation rec { -i Makefile ''; - buildInputs = [ stdenv.cc.libc.kernelHeaders libtool gettext ]; + buildInputs = [ stdenv.cc.libc.linuxHeaders libtool gettext ]; meta = { description = "Tools to display or change the CPU governor settings"; diff --git a/pkgs/os-specific/linux/dietlibc/default.nix b/pkgs/os-specific/linux/dietlibc/default.nix index b795cb60da6..d98bfb96735 100644 --- a/pkgs/os-specific/linux/dietlibc/default.nix +++ b/pkgs/os-specific/linux/dietlibc/default.nix @@ -11,7 +11,7 @@ stdenv.mkDerivation { builder = ./builder.sh; inherit glibc; - kernelHeaders = glibc.kernelHeaders; + kernelHeaders = glibc.linuxHeaders; patches = [ diff --git a/pkgs/tools/networking/nbd/default.nix b/pkgs/tools/networking/nbd/default.nix index 6cb75152af0..967b3863f20 100644 --- a/pkgs/tools/networking/nbd/default.nix +++ b/pkgs/tools/networking/nbd/default.nix @@ -8,7 +8,9 @@ stdenv.mkDerivation rec { sha256 = "1pkkid657zgjymwxv3fm32cxnq9llfz29rl15vp6mn42vnzbj1di"; }; - buildInputs = [ pkgconfig glib ] ++ stdenv.lib.optional (stdenv ? glibc) stdenv.glibc.kernelHeaders; + buildInputs = + [ pkgconfig glib ] + ++ stdenv.lib.optional (stdenv ? glibc) stdenv.glibc.linuxHeaders; postInstall = '' mkdir -p "$out/share/doc/${name}" diff --git a/pkgs/top-level/all-packages.nix b/pkgs/top-level/all-packages.nix index 38d8bf29642..4cce2e15913 100644 --- a/pkgs/top-level/all-packages.nix +++ b/pkgs/top-level/all-packages.nix @@ -6707,22 +6707,18 @@ let glfw3 = callPackage ../development/libraries/glfw/3.x.nix { }; glibc = callPackage ../development/libraries/glibc { - kernelHeaders = linuxHeaders; installLocales = config.glibc.locales or false; - machHeaders = null; - hurdHeaders = null; gccCross = null; }; glibc_memusage = callPackage ../development/libraries/glibc { - kernelHeaders = linuxHeaders; installLocales = false; withGd = true; }; glibcCross = forceNativeDrv (glibc.override { gccCross = gccCrossStageStatic; - kernelHeaders = linuxHeadersCross; + linuxHeaders = linuxHeadersCross; }); # We can choose: From 59617de6d7f8a05f12bbb652e1c68a6a7e6362b6 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Vladim=C3=ADr=20=C4=8Cun=C3=A1t?= Date: Sun, 21 Feb 2016 10:30:09 +0100 Subject: [PATCH 30/30] glibc: 2.22 -> 2.23 The two patches were included upstream. (Even the one from guix, except for a whitespace difference.) --- pkgs/development/libraries/glibc/common.nix | 10 +- .../libraries/glibc/cve-2015-7547.patch | 580 ------------------ .../glibc/glibc-locale-incompatibility.patch | 25 - 3 files changed, 3 insertions(+), 612 deletions(-) delete mode 100644 pkgs/development/libraries/glibc/cve-2015-7547.patch delete mode 100644 pkgs/development/libraries/glibc/glibc-locale-incompatibility.patch diff --git a/pkgs/development/libraries/glibc/common.nix b/pkgs/development/libraries/glibc/common.nix index 6a468657716..13d5adcd9b1 100644 --- a/pkgs/development/libraries/glibc/common.nix +++ b/pkgs/development/libraries/glibc/common.nix @@ -11,8 +11,8 @@ cross: let - version = "2.22"; - + version = "2.23"; + sha256 = "1lk9a8jv5kyx8hp0wmfzjyk047q95ybyjqbyw5idl7414jxqml1b"; in assert cross != null -> gccCross != null; @@ -49,10 +49,6 @@ stdenv.mkDerivation ({ "/bin:/usr/bin", which is inappropriate on NixOS machines. This patch extends the search path by "/run/current-system/sw/bin". */ ./fix_path_attribute_in_getconf.patch - - ./cve-2015-7547.patch - - ./glibc-locale-incompatibility.patch ]; postPatch = @@ -143,7 +139,7 @@ stdenv.mkDerivation ({ src = fetchurl { url = "mirror://gnu/glibc/glibc-${version}.tar.gz"; - sha256 = "1rcby0cqgswgqaxyqz0yqc4zizb1kvpi5vlfqp7dh3sa132109m6"; + inherit sha256; }; # Remove absolute paths from `configure' & co.; build out-of-tree. diff --git a/pkgs/development/libraries/glibc/cve-2015-7547.patch b/pkgs/development/libraries/glibc/cve-2015-7547.patch deleted file mode 100644 index 55d58c16698..00000000000 --- a/pkgs/development/libraries/glibc/cve-2015-7547.patch +++ /dev/null @@ -1,580 +0,0 @@ -commit b995d95a5943785be3ab862b2d3276f3b4a22481 -Author: Carlos O'Donell -Date: Tue Feb 16 21:26:37 2016 -0500 - - CVE-2015-7547: getaddrinfo() stack-based buffer overflow (Bug 18665). - - * A stack-based buffer overflow was found in libresolv when invoked from - libnss_dns, allowing specially crafted DNS responses to seize control - of execution flow in the DNS client. The buffer overflow occurs in - the functions send_dg (send datagram) and send_vc (send TCP) for the - NSS module libnss_dns.so.2 when calling getaddrinfo with AF_UNSPEC - family. The use of AF_UNSPEC triggers the low-level resolver code to - send out two parallel queries for A and AAAA. A mismanagement of the - buffers used for those queries could result in the response of a query - writing beyond the alloca allocated buffer created by - _nss_dns_gethostbyname4_r. Buffer management is simplified to remove - the overflow. Thanks to the Google Security Team and Red Hat for - reporting the security impact of this issue, and Robert Holiday of - Ciena for reporting the related bug 18665. (CVE-2015-7547) - - See also: - https://sourceware.org/ml/libc-alpha/2016-02/msg00416.html - https://sourceware.org/ml/libc-alpha/2016-02/msg00418.html - - (cherry picked from commit e9db92d3acfe1822d56d11abcea5bfc4c41cf6ca) - -diff --git a/resolv/nss_dns/dns-host.c b/resolv/nss_dns/dns-host.c -index 357ac04..a0fe9a8 100644 ---- a/resolv/nss_dns/dns-host.c -+++ b/resolv/nss_dns/dns-host.c -@@ -1031,7 +1031,10 @@ gaih_getanswer_slice (const querybuf *answer, int anslen, const char *qname, - int h_namelen = 0; - - if (ancount == 0) -- return NSS_STATUS_NOTFOUND; -+ { -+ *h_errnop = HOST_NOT_FOUND; -+ return NSS_STATUS_NOTFOUND; -+ } - - while (ancount-- > 0 && cp < end_of_message && had_error == 0) - { -@@ -1208,7 +1211,14 @@ gaih_getanswer_slice (const querybuf *answer, int anslen, const char *qname, - /* Special case here: if the resolver sent a result but it only - contains a CNAME while we are looking for a T_A or T_AAAA record, - we fail with NOTFOUND instead of TRYAGAIN. */ -- return canon == NULL ? NSS_STATUS_TRYAGAIN : NSS_STATUS_NOTFOUND; -+ if (canon != NULL) -+ { -+ *h_errnop = HOST_NOT_FOUND; -+ return NSS_STATUS_NOTFOUND; -+ } -+ -+ *h_errnop = NETDB_INTERNAL; -+ return NSS_STATUS_TRYAGAIN; - } - - -@@ -1222,11 +1232,101 @@ gaih_getanswer (const querybuf *answer1, int anslen1, const querybuf *answer2, - - enum nss_status status = NSS_STATUS_NOTFOUND; - -+ /* Combining the NSS status of two distinct queries requires some -+ compromise and attention to symmetry (A or AAAA queries can be -+ returned in any order). What follows is a breakdown of how this -+ code is expected to work and why. We discuss only SUCCESS, -+ TRYAGAIN, NOTFOUND and UNAVAIL, since they are the only returns -+ that apply (though RETURN and MERGE exist). We make a distinction -+ between TRYAGAIN (recoverable) and TRYAGAIN' (not-recoverable). -+ A recoverable TRYAGAIN is almost always due to buffer size issues -+ and returns ERANGE in errno and the caller is expected to retry -+ with a larger buffer. -+ -+ Lastly, you may be tempted to make significant changes to the -+ conditions in this code to bring about symmetry between responses. -+ Please don't change anything without due consideration for -+ expected application behaviour. Some of the synthesized responses -+ aren't very well thought out and sometimes appear to imply that -+ IPv4 responses are always answer 1, and IPv6 responses are always -+ answer 2, but that's not true (see the implementation of send_dg -+ and send_vc to see response can arrive in any order, particularly -+ for UDP). However, we expect it holds roughly enough of the time -+ that this code works, but certainly needs to be fixed to make this -+ a more robust implementation. -+ -+ ---------------------------------------------- -+ | Answer 1 Status / | Synthesized | Reason | -+ | Answer 2 Status | Status | | -+ |--------------------------------------------| -+ | SUCCESS/SUCCESS | SUCCESS | [1] | -+ | SUCCESS/TRYAGAIN | TRYAGAIN | [5] | -+ | SUCCESS/TRYAGAIN' | SUCCESS | [1] | -+ | SUCCESS/NOTFOUND | SUCCESS | [1] | -+ | SUCCESS/UNAVAIL | SUCCESS | [1] | -+ | TRYAGAIN/SUCCESS | TRYAGAIN | [2] | -+ | TRYAGAIN/TRYAGAIN | TRYAGAIN | [2] | -+ | TRYAGAIN/TRYAGAIN' | TRYAGAIN | [2] | -+ | TRYAGAIN/NOTFOUND | TRYAGAIN | [2] | -+ | TRYAGAIN/UNAVAIL | TRYAGAIN | [2] | -+ | TRYAGAIN'/SUCCESS | SUCCESS | [3] | -+ | TRYAGAIN'/TRYAGAIN | TRYAGAIN | [3] | -+ | TRYAGAIN'/TRYAGAIN' | TRYAGAIN' | [3] | -+ | TRYAGAIN'/NOTFOUND | TRYAGAIN' | [3] | -+ | TRYAGAIN'/UNAVAIL | UNAVAIL | [3] | -+ | NOTFOUND/SUCCESS | SUCCESS | [3] | -+ | NOTFOUND/TRYAGAIN | TRYAGAIN | [3] | -+ | NOTFOUND/TRYAGAIN' | TRYAGAIN' | [3] | -+ | NOTFOUND/NOTFOUND | NOTFOUND | [3] | -+ | NOTFOUND/UNAVAIL | UNAVAIL | [3] | -+ | UNAVAIL/SUCCESS | UNAVAIL | [4] | -+ | UNAVAIL/TRYAGAIN | UNAVAIL | [4] | -+ | UNAVAIL/TRYAGAIN' | UNAVAIL | [4] | -+ | UNAVAIL/NOTFOUND | UNAVAIL | [4] | -+ | UNAVAIL/UNAVAIL | UNAVAIL | [4] | -+ ---------------------------------------------- -+ -+ [1] If the first response is a success we return success. -+ This ignores the state of the second answer and in fact -+ incorrectly sets errno and h_errno to that of the second -+ answer. However because the response is a success we ignore -+ *errnop and *h_errnop (though that means you touched errno on -+ success). We are being conservative here and returning the -+ likely IPv4 response in the first answer as a success. -+ -+ [2] If the first response is a recoverable TRYAGAIN we return -+ that instead of looking at the second response. The -+ expectation here is that we have failed to get an IPv4 response -+ and should retry both queries. -+ -+ [3] If the first response was not a SUCCESS and the second -+ response is not NOTFOUND (had a SUCCESS, need to TRYAGAIN, -+ or failed entirely e.g. TRYAGAIN' and UNAVAIL) then use the -+ result from the second response, otherwise the first responses -+ status is used. Again we have some odd side-effects when the -+ second response is NOTFOUND because we overwrite *errnop and -+ *h_errnop that means that a first answer of NOTFOUND might see -+ its *errnop and *h_errnop values altered. Whether it matters -+ in practice that a first response NOTFOUND has the wrong -+ *errnop and *h_errnop is undecided. -+ -+ [4] If the first response is UNAVAIL we return that instead of -+ looking at the second response. The expectation here is that -+ it will have failed similarly e.g. configuration failure. -+ -+ [5] Testing this code is complicated by the fact that truncated -+ second response buffers might be returned as SUCCESS if the -+ first answer is a SUCCESS. To fix this we add symmetry to -+ TRYAGAIN with the second response. If the second response -+ is a recoverable error we now return TRYAGIN even if the first -+ response was SUCCESS. */ -+ - if (anslen1 > 0) - status = gaih_getanswer_slice(answer1, anslen1, qname, - &pat, &buffer, &buflen, - errnop, h_errnop, ttlp, - &first); -+ - if ((status == NSS_STATUS_SUCCESS || status == NSS_STATUS_NOTFOUND - || (status == NSS_STATUS_TRYAGAIN - /* We want to look at the second answer in case of an -@@ -1242,8 +1342,15 @@ gaih_getanswer (const querybuf *answer1, int anslen1, const querybuf *answer2, - &pat, &buffer, &buflen, - errnop, h_errnop, ttlp, - &first); -+ /* Use the second response status in some cases. */ - if (status != NSS_STATUS_SUCCESS && status2 != NSS_STATUS_NOTFOUND) - status = status2; -+ /* Do not return a truncated second response (unless it was -+ unavoidable e.g. unrecoverable TRYAGAIN). */ -+ if (status == NSS_STATUS_SUCCESS -+ && (status2 == NSS_STATUS_TRYAGAIN -+ && *errnop == ERANGE && *h_errnop != NO_RECOVERY)) -+ status = NSS_STATUS_TRYAGAIN; - } - - return status; -diff --git a/resolv/res_query.c b/resolv/res_query.c -index 4a9b3b3..95470a9 100644 ---- a/resolv/res_query.c -+++ b/resolv/res_query.c -@@ -396,6 +396,7 @@ __libc_res_nsearch(res_state statp, - { - free (*answerp2); - *answerp2 = NULL; -+ *nanswerp2 = 0; - *answerp2_malloced = 0; - } - } -@@ -447,6 +448,7 @@ __libc_res_nsearch(res_state statp, - { - free (*answerp2); - *answerp2 = NULL; -+ *nanswerp2 = 0; - *answerp2_malloced = 0; - } - -@@ -521,6 +523,7 @@ __libc_res_nsearch(res_state statp, - { - free (*answerp2); - *answerp2 = NULL; -+ *nanswerp2 = 0; - *answerp2_malloced = 0; - } - if (saved_herrno != -1) -diff --git a/resolv/res_send.c b/resolv/res_send.c -index 5e53cc2..6511bb1 100644 ---- a/resolv/res_send.c -+++ b/resolv/res_send.c -@@ -1,3 +1,20 @@ -+/* Copyright (C) 2016 Free Software Foundation, Inc. -+ This file is part of the GNU C Library. -+ -+ The GNU C Library is free software; you can redistribute it and/or -+ modify it under the terms of the GNU Lesser General Public -+ License as published by the Free Software Foundation; either -+ version 2.1 of the License, or (at your option) any later version. -+ -+ The GNU C Library is distributed in the hope that it will be useful, -+ but WITHOUT ANY WARRANTY; without even the implied warranty of -+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU -+ Lesser General Public License for more details. -+ -+ You should have received a copy of the GNU Lesser General Public -+ License along with the GNU C Library; if not, see -+ . */ -+ - /* - * Copyright (c) 1985, 1989, 1993 - * The Regents of the University of California. All rights reserved. -@@ -363,6 +380,8 @@ __libc_res_nsend(res_state statp, const u_char *buf, int buflen, - #ifdef USE_HOOKS - if (__glibc_unlikely (statp->qhook || statp->rhook)) { - if (anssiz < MAXPACKET && ansp) { -+ /* Always allocate MAXPACKET, callers expect -+ this specific size. */ - u_char *buf = malloc (MAXPACKET); - if (buf == NULL) - return (-1); -@@ -638,6 +657,77 @@ get_nsaddr (res_state statp, int n) - return (struct sockaddr *) (void *) &statp->nsaddr_list[n]; - } - -+/* The send_vc function is responsible for sending a DNS query over TCP -+ to the nameserver numbered NS from the res_state STATP i.e. -+ EXT(statp).nssocks[ns]. The function supports sending both IPv4 and -+ IPv6 queries at the same serially on the same socket. -+ -+ Please note that for TCP there is no way to disable sending both -+ queries, unlike UDP, which honours RES_SNGLKUP and RES_SNGLKUPREOP -+ and sends the queries serially and waits for the result after each -+ sent query. This implemetnation should be corrected to honour these -+ options. -+ -+ Please also note that for TCP we send both queries over the same -+ socket one after another. This technically violates best practice -+ since the server is allowed to read the first query, respond, and -+ then close the socket (to service another client). If the server -+ does this, then the remaining second query in the socket data buffer -+ will cause the server to send the client an RST which will arrive -+ asynchronously and the client's OS will likely tear down the socket -+ receive buffer resulting in a potentially short read and lost -+ response data. This will force the client to retry the query again, -+ and this process may repeat until all servers and connection resets -+ are exhausted and then the query will fail. It's not known if this -+ happens with any frequency in real DNS server implementations. This -+ implementation should be corrected to use two sockets by default for -+ parallel queries. -+ -+ The query stored in BUF of BUFLEN length is sent first followed by -+ the query stored in BUF2 of BUFLEN2 length. Queries are sent -+ serially on the same socket. -+ -+ Answers to the query are stored firstly in *ANSP up to a max of -+ *ANSSIZP bytes. If more than *ANSSIZP bytes are needed and ANSCP -+ is non-NULL (to indicate that modifying the answer buffer is allowed) -+ then malloc is used to allocate a new response buffer and ANSCP and -+ ANSP will both point to the new buffer. If more than *ANSSIZP bytes -+ are needed but ANSCP is NULL, then as much of the response as -+ possible is read into the buffer, but the results will be truncated. -+ When truncation happens because of a small answer buffer the DNS -+ packets header field TC will bet set to 1, indicating a truncated -+ message and the rest of the socket data will be read and discarded. -+ -+ Answers to the query are stored secondly in *ANSP2 up to a max of -+ *ANSSIZP2 bytes, with the actual response length stored in -+ *RESPLEN2. If more than *ANSSIZP bytes are needed and ANSP2 -+ is non-NULL (required for a second query) then malloc is used to -+ allocate a new response buffer, *ANSSIZP2 is set to the new buffer -+ size and *ANSP2_MALLOCED is set to 1. -+ -+ The ANSP2_MALLOCED argument will eventually be removed as the -+ change in buffer pointer can be used to detect the buffer has -+ changed and that the caller should use free on the new buffer. -+ -+ Note that the answers may arrive in any order from the server and -+ therefore the first and second answer buffers may not correspond to -+ the first and second queries. -+ -+ It is not supported to call this function with a non-NULL ANSP2 -+ but a NULL ANSCP. Put another way, you can call send_vc with a -+ single unmodifiable buffer or two modifiable buffers, but no other -+ combination is supported. -+ -+ It is the caller's responsibility to free the malloc allocated -+ buffers by detecting that the pointers have changed from their -+ original values i.e. *ANSCP or *ANSP2 has changed. -+ -+ If errors are encountered then *TERRNO is set to an appropriate -+ errno value and a zero result is returned for a recoverable error, -+ and a less-than zero result is returned for a non-recoverable error. -+ -+ If no errors are encountered then *TERRNO is left unmodified and -+ a the length of the first response in bytes is returned. */ - static int - send_vc(res_state statp, - const u_char *buf, int buflen, const u_char *buf2, int buflen2, -@@ -647,11 +737,7 @@ send_vc(res_state statp, - { - const HEADER *hp = (HEADER *) buf; - const HEADER *hp2 = (HEADER *) buf2; -- u_char *ans = *ansp; -- int orig_anssizp = *anssizp; -- // XXX REMOVE -- // int anssiz = *anssizp; -- HEADER *anhp = (HEADER *) ans; -+ HEADER *anhp = (HEADER *) *ansp; - struct sockaddr *nsap = get_nsaddr (statp, ns); - int truncating, connreset, n; - /* On some architectures compiler might emit a warning indicating -@@ -743,6 +829,8 @@ send_vc(res_state statp, - * Receive length & response - */ - int recvresp1 = 0; -+ /* Skip the second response if there is no second query. -+ To do that we mark the second response as received. */ - int recvresp2 = buf2 == NULL; - uint16_t rlen16; - read_len: -@@ -779,40 +867,14 @@ send_vc(res_state statp, - u_char **thisansp; - int *thisresplenp; - if ((recvresp1 | recvresp2) == 0 || buf2 == NULL) { -+ /* We have not received any responses -+ yet or we only have one response to -+ receive. */ - thisanssizp = anssizp; - thisansp = anscp ?: ansp; - assert (anscp != NULL || ansp2 == NULL); - thisresplenp = &resplen; - } else { -- if (*anssizp != MAXPACKET) { -- /* No buffer allocated for the first -- reply. We can try to use the rest -- of the user-provided buffer. */ --#if __GNUC_PREREQ (4, 7) -- DIAG_PUSH_NEEDS_COMMENT; -- DIAG_IGNORE_NEEDS_COMMENT (5, "-Wmaybe-uninitialized"); --#endif --#if _STRING_ARCH_unaligned -- *anssizp2 = orig_anssizp - resplen; -- *ansp2 = *ansp + resplen; --#else -- int aligned_resplen -- = ((resplen + __alignof__ (HEADER) - 1) -- & ~(__alignof__ (HEADER) - 1)); -- *anssizp2 = orig_anssizp - aligned_resplen; -- *ansp2 = *ansp + aligned_resplen; --#endif --#if __GNUC_PREREQ (4, 7) -- DIAG_POP_NEEDS_COMMENT; --#endif -- } else { -- /* The first reply did not fit into the -- user-provided buffer. Maybe the second -- answer will. */ -- *anssizp2 = orig_anssizp; -- *ansp2 = *ansp; -- } -- - thisanssizp = anssizp2; - thisansp = ansp2; - thisresplenp = resplen2; -@@ -820,10 +882,14 @@ send_vc(res_state statp, - anhp = (HEADER *) *thisansp; - - *thisresplenp = rlen; -- if (rlen > *thisanssizp) { -- /* Yes, we test ANSCP here. If we have two buffers -- both will be allocatable. */ -- if (__glibc_likely (anscp != NULL)) { -+ /* Is the answer buffer too small? */ -+ if (*thisanssizp < rlen) { -+ /* If the current buffer is not the the static -+ user-supplied buffer then we can reallocate -+ it. */ -+ if (thisansp != NULL && thisansp != ansp) { -+ /* Always allocate MAXPACKET, callers expect -+ this specific size. */ - u_char *newp = malloc (MAXPACKET); - if (newp == NULL) { - *terrno = ENOMEM; -@@ -835,6 +901,9 @@ send_vc(res_state statp, - if (thisansp == ansp2) - *ansp2_malloced = 1; - anhp = (HEADER *) newp; -+ /* A uint16_t can't be larger than MAXPACKET -+ thus it's safe to allocate MAXPACKET but -+ read RLEN bytes instead. */ - len = rlen; - } else { - Dprint(statp->options & RES_DEBUG, -@@ -997,6 +1066,66 @@ reopen (res_state statp, int *terrno, int ns) - return 1; - } - -+/* The send_dg function is responsible for sending a DNS query over UDP -+ to the nameserver numbered NS from the res_state STATP i.e. -+ EXT(statp).nssocks[ns]. The function supports IPv4 and IPv6 queries -+ along with the ability to send the query in parallel for both stacks -+ (default) or serially (RES_SINGLKUP). It also supports serial lookup -+ with a close and reopen of the socket used to talk to the server -+ (RES_SNGLKUPREOP) to work around broken name servers. -+ -+ The query stored in BUF of BUFLEN length is sent first followed by -+ the query stored in BUF2 of BUFLEN2 length. Queries are sent -+ in parallel (default) or serially (RES_SINGLKUP or RES_SNGLKUPREOP). -+ -+ Answers to the query are stored firstly in *ANSP up to a max of -+ *ANSSIZP bytes. If more than *ANSSIZP bytes are needed and ANSCP -+ is non-NULL (to indicate that modifying the answer buffer is allowed) -+ then malloc is used to allocate a new response buffer and ANSCP and -+ ANSP will both point to the new buffer. If more than *ANSSIZP bytes -+ are needed but ANSCP is NULL, then as much of the response as -+ possible is read into the buffer, but the results will be truncated. -+ When truncation happens because of a small answer buffer the DNS -+ packets header field TC will bet set to 1, indicating a truncated -+ message, while the rest of the UDP packet is discarded. -+ -+ Answers to the query are stored secondly in *ANSP2 up to a max of -+ *ANSSIZP2 bytes, with the actual response length stored in -+ *RESPLEN2. If more than *ANSSIZP bytes are needed and ANSP2 -+ is non-NULL (required for a second query) then malloc is used to -+ allocate a new response buffer, *ANSSIZP2 is set to the new buffer -+ size and *ANSP2_MALLOCED is set to 1. -+ -+ The ANSP2_MALLOCED argument will eventually be removed as the -+ change in buffer pointer can be used to detect the buffer has -+ changed and that the caller should use free on the new buffer. -+ -+ Note that the answers may arrive in any order from the server and -+ therefore the first and second answer buffers may not correspond to -+ the first and second queries. -+ -+ It is not supported to call this function with a non-NULL ANSP2 -+ but a NULL ANSCP. Put another way, you can call send_vc with a -+ single unmodifiable buffer or two modifiable buffers, but no other -+ combination is supported. -+ -+ It is the caller's responsibility to free the malloc allocated -+ buffers by detecting that the pointers have changed from their -+ original values i.e. *ANSCP or *ANSP2 has changed. -+ -+ If an answer is truncated because of UDP datagram DNS limits then -+ *V_CIRCUIT is set to 1 and the return value non-zero to indicate to -+ the caller to retry with TCP. The value *GOTSOMEWHERE is set to 1 -+ if any progress was made reading a response from the nameserver and -+ is used by the caller to distinguish between ECONNREFUSED and -+ ETIMEDOUT (the latter if *GOTSOMEWHERE is 1). -+ -+ If errors are encountered then *TERRNO is set to an appropriate -+ errno value and a zero result is returned for a recoverable error, -+ and a less-than zero result is returned for a non-recoverable error. -+ -+ If no errors are encountered then *TERRNO is left unmodified and -+ a the length of the first response in bytes is returned. */ - static int - send_dg(res_state statp, - const u_char *buf, int buflen, const u_char *buf2, int buflen2, -@@ -1006,8 +1135,6 @@ send_dg(res_state statp, - { - const HEADER *hp = (HEADER *) buf; - const HEADER *hp2 = (HEADER *) buf2; -- u_char *ans = *ansp; -- int orig_anssizp = *anssizp; - struct timespec now, timeout, finish; - struct pollfd pfd[1]; - int ptimeout; -@@ -1040,6 +1167,8 @@ send_dg(res_state statp, - int need_recompute = 0; - int nwritten = 0; - int recvresp1 = 0; -+ /* Skip the second response if there is no second query. -+ To do that we mark the second response as received. */ - int recvresp2 = buf2 == NULL; - pfd[0].fd = EXT(statp).nssocks[ns]; - pfd[0].events = POLLOUT; -@@ -1203,55 +1332,56 @@ send_dg(res_state statp, - int *thisresplenp; - - if ((recvresp1 | recvresp2) == 0 || buf2 == NULL) { -+ /* We have not received any responses -+ yet or we only have one response to -+ receive. */ - thisanssizp = anssizp; - thisansp = anscp ?: ansp; - assert (anscp != NULL || ansp2 == NULL); - thisresplenp = &resplen; - } else { -- if (*anssizp != MAXPACKET) { -- /* No buffer allocated for the first -- reply. We can try to use the rest -- of the user-provided buffer. */ --#if _STRING_ARCH_unaligned -- *anssizp2 = orig_anssizp - resplen; -- *ansp2 = *ansp + resplen; --#else -- int aligned_resplen -- = ((resplen + __alignof__ (HEADER) - 1) -- & ~(__alignof__ (HEADER) - 1)); -- *anssizp2 = orig_anssizp - aligned_resplen; -- *ansp2 = *ansp + aligned_resplen; --#endif -- } else { -- /* The first reply did not fit into the -- user-provided buffer. Maybe the second -- answer will. */ -- *anssizp2 = orig_anssizp; -- *ansp2 = *ansp; -- } -- - thisanssizp = anssizp2; - thisansp = ansp2; - thisresplenp = resplen2; - } - - if (*thisanssizp < MAXPACKET -- /* Yes, we test ANSCP here. If we have two buffers -- both will be allocatable. */ -- && anscp -+ /* If the current buffer is not the the static -+ user-supplied buffer then we can reallocate -+ it. */ -+ && (thisansp != NULL && thisansp != ansp) - #ifdef FIONREAD -+ /* Is the size too small? */ - && (ioctl (pfd[0].fd, FIONREAD, thisresplenp) < 0 - || *thisanssizp < *thisresplenp) - #endif - ) { -+ /* Always allocate MAXPACKET, callers expect -+ this specific size. */ - u_char *newp = malloc (MAXPACKET); - if (newp != NULL) { -- *anssizp = MAXPACKET; -- *thisansp = ans = newp; -+ *thisanssizp = MAXPACKET; -+ *thisansp = newp; - if (thisansp == ansp2) - *ansp2_malloced = 1; - } - } -+ /* We could end up with truncation if anscp was NULL -+ (not allowed to change caller's buffer) and the -+ response buffer size is too small. This isn't a -+ reliable way to detect truncation because the ioctl -+ may be an inaccurate report of the UDP message size. -+ Therefore we use this only to issue debug output. -+ To do truncation accurately with UDP we need -+ MSG_TRUNC which is only available on Linux. We -+ can abstract out the Linux-specific feature in the -+ future to detect truncation. */ -+ if (__glibc_unlikely (*thisanssizp < *thisresplenp)) { -+ Dprint(statp->options & RES_DEBUG, -+ (stdout, ";; response may be truncated (UDP)\n") -+ ); -+ } -+ - HEADER *anhp = (HEADER *) *thisansp; - socklen_t fromlen = sizeof(struct sockaddr_in6); - assert (sizeof(from) <= fromlen); diff --git a/pkgs/development/libraries/glibc/glibc-locale-incompatibility.patch b/pkgs/development/libraries/glibc/glibc-locale-incompatibility.patch deleted file mode 100644 index 8ca2ce4cd88..00000000000 --- a/pkgs/development/libraries/glibc/glibc-locale-incompatibility.patch +++ /dev/null @@ -1,25 +0,0 @@ -http://git.savannah.gnu.org/cgit/guix.git/plain/gnu/packages/patches/glibc-locale-incompatibility.patch - -This patch avoids an assertion failure when incompatible locale data -is encountered: - - https://sourceware.org/ml/libc-alpha/2015-09/msg00575.html - ---- glibc-2.22/locale/loadlocale.c 2015-09-22 17:16:02.321981548 +0200 -+++ glibc-2.22/locale/loadlocale.c 2015-09-22 17:17:34.814659064 +0200 -@@ -120,10 +120,11 @@ - _nl_value_type_LC_XYZ array. There are all pointers. */ - switch (category) - { --#define CATTEST(cat) \ -- case LC_##cat: \ -- assert (cnt < (sizeof (_nl_value_type_LC_##cat) \ -- / sizeof (_nl_value_type_LC_##cat[0]))); \ -+#define CATTEST(cat) \ -+ case LC_##cat: \ -+ if (cnt >= (sizeof (_nl_value_type_LC_##cat) \ -+ / sizeof (_nl_value_type_LC_##cat[0]))) \ -+ goto puntdata; \ - break - CATTEST (NUMERIC); - CATTEST (TIME);