diff --git a/pkgs/applications/audio/distrho/default.nix b/pkgs/applications/audio/distrho/default.nix index 53d5330fb74..36f7dcc5993 100644 --- a/pkgs/applications/audio/distrho/default.nix +++ b/pkgs/applications/audio/distrho/default.nix @@ -26,7 +26,7 @@ in stdenv.mkDerivation rec { runHook postConfigure ''; - patchPhase = '' + postPatch = '' sed -e "s#@./scripts#sh scripts#" -i Makefile ''; diff --git a/pkgs/applications/misc/gcal/default.nix b/pkgs/applications/misc/gcal/default.nix index f5eb6e188b7..713000d3f69 100644 --- a/pkgs/applications/misc/gcal/default.nix +++ b/pkgs/applications/misc/gcal/default.nix @@ -1,4 +1,4 @@ -{ stdenv, fetchurl, ncurses }: +{ stdenv, fetchurl, ncurses, fetchpatch }: stdenv.mkDerivation rec { pname = "gcal"; @@ -9,6 +9,13 @@ stdenv.mkDerivation rec { sha256 = "1av11zkfirbixn05hyq4xvilin0ncddfjqzc4zd9pviyp506rdci"; }; + patches = [ + (fetchpatch { + url = "https://src.fedoraproject.org/rpms/gcal/raw/master/f/gcal-glibc-no-libio.patch"; + sha256 = "0l4nw9kgzsay32rsdwvs75pbp4fhx6pfm85paynfbd20cdm2n2kv"; + }) + ]; + enableParallelBuilding = true; buildInputs = [ ncurses ]; diff --git a/pkgs/applications/misc/spacefm/default.nix b/pkgs/applications/misc/spacefm/default.nix index 9550a8d4fd7..47e13fa2508 100644 --- a/pkgs/applications/misc/spacefm/default.nix +++ b/pkgs/applications/misc/spacefm/default.nix @@ -13,6 +13,8 @@ stdenv.mkDerivation rec { sha256 = "089r6i40lxcwzp60553b18f130asspnzqldlpii53smz52kvpirx"; }; + patches = [ ./glibc-fix.patch ]; + configureFlags = [ "--with-bash-path=${pkgs.bash}/bin/bash" ]; diff --git a/pkgs/applications/misc/spacefm/glibc-fix.patch b/pkgs/applications/misc/spacefm/glibc-fix.patch new file mode 100644 index 00000000000..b8e9f1e9195 --- /dev/null +++ b/pkgs/applications/misc/spacefm/glibc-fix.patch @@ -0,0 +1,12 @@ +diff --git a/src/main.c b/src/main.c +index 27f5614..2b45708 100644 +--- a/src/main.c ++++ b/src/main.c +@@ -23,6 +23,7 @@ + #include + #include + #include ++#include + + #include + diff --git a/pkgs/applications/misc/ssw/default.nix b/pkgs/applications/misc/ssw/default.nix new file mode 100644 index 00000000000..24b7953fe3d --- /dev/null +++ b/pkgs/applications/misc/ssw/default.nix @@ -0,0 +1,21 @@ +{ stdenv, fetchurl, pkg-config, gtk3 }: + +stdenv.mkDerivation rec { + pname = "ssw"; + version = "0.3"; + + src = fetchurl { + url = "https://alpha.gnu.org/gnu/ssw/spread-sheet-widget-${version}.tar.gz"; + sha256 = "1h93yyh2by6yrmkwqg38nd5knids05k5nqzcihc1hdwgzg3c4b8y"; + }; + + nativeBuildInputs = [ pkg-config ]; + buildInputs = [ gtk3 ]; + + meta = with stdenv.lib; { + homepage = "https://www.gnu.org/software/ssw/"; + license = licenses.gpl3; + description = "GNU Spread Sheet Widget"; + platforms = platforms.linux; + }; +} diff --git a/pkgs/applications/misc/vit/default.nix b/pkgs/applications/misc/vit/default.nix index cb71ec1524b..506ab559919 100644 --- a/pkgs/applications/misc/vit/default.nix +++ b/pkgs/applications/misc/vit/default.nix @@ -1,7 +1,8 @@ { lib , python3Packages +, taskwarrior , glibcLocales -, taskwarrior }: +}: with python3Packages; @@ -21,6 +22,7 @@ buildPythonApplication rec { tzlocal urwid ]; + checkInputs = [ glibcLocales ]; makeWrapperArgs = [ "--suffix" "PATH" ":" "${taskwarrior}/bin" ]; diff --git a/pkgs/applications/science/math/pspp/default.nix b/pkgs/applications/science/math/pspp/default.nix index 3c263916a0e..af338c74fd4 100644 --- a/pkgs/applications/science/math/pspp/default.nix +++ b/pkgs/applications/science/math/pspp/default.nix @@ -1,20 +1,23 @@ { stdenv, fetchurl, libxml2, readline, zlib, perl, cairo, gtk3, gsl , pkgconfig, gtksourceview, pango, gettext, dconf , makeWrapper, gsettings-desktop-schemas, hicolor-icon-theme +, texinfo, ssw }: stdenv.mkDerivation rec { - name = "pspp-1.0.1"; + pname = "pspp"; + version = "1.2.0"; src = fetchurl { - url = "mirror://gnu/pspp/${name}.tar.gz"; - sha256 = "1r8smr5057993h90nx0mdnff8nxw9x546zzh6qpy4h3xblp1la5s"; + url = "mirror://gnu/pspp/${pname}-${version}.tar.gz"; + sha256 = "07pp27zycrb5x927jwaj9r3q7hy915jh51xs85zxby6gfiwl63m5"; }; - nativeBuildInputs = [ pkgconfig ]; + nativeBuildInputs = [ pkgconfig texinfo ]; buildInputs = [ libxml2 readline zlib perl cairo gtk3 gsl gtksourceview pango gettext - makeWrapper gsettings-desktop-schemas hicolor-icon-theme ]; + makeWrapper gsettings-desktop-schemas hicolor-icon-theme ssw + ]; doCheck = false; diff --git a/pkgs/applications/virtualization/xen/4.8.nix b/pkgs/applications/virtualization/xen/4.8.nix index 1d0e01fcb82..8cc9c23d2bf 100644 --- a/pkgs/applications/virtualization/xen/4.8.nix +++ b/pkgs/applications/virtualization/xen/4.8.nix @@ -185,7 +185,10 @@ callPackage (import ./generic.nix (rec { # Avoid a glibc >= 2.25 deprecation warnings that get fatal via -Werror. sed 1i'#include ' \ -i tools/blktap2/control/tap-ctl-allocate.c \ - -i tools/libxl/libxl_device.c + -i tools/libxl/libxl_device.c \ + ${optionalString withInternalQemu "-i tools/qemu-xen/hw/9pfs/9p.c"} + + sed -i -e '/sys\/sysctl\.h/d' tools/blktap2/drivers/block-remus.c ''; passthru.qemu-system-i386 = if withInternalQemu diff --git a/pkgs/development/compilers/mono/4.nix b/pkgs/development/compilers/mono/4.nix index cb6edb2a546..02c6177c9df 100644 --- a/pkgs/development/compilers/mono/4.nix +++ b/pkgs/development/compilers/mono/4.nix @@ -5,4 +5,5 @@ callPackage ./generic.nix ({ version = "4.8.1.0"; sha256 = "1vyvp2g28ihcgxgxr8nhzyzdmzicsh5djzk8dk1hj5p5f2k3ijqq"; enableParallelBuilding = false; # #32386, https://hydra.nixos.org/build/65600645 + extraPatches = [ ./mono4-glibc.patch ]; }) diff --git a/pkgs/development/compilers/mono/generic.nix b/pkgs/development/compilers/mono/generic.nix index e0cfe247b23..61d298543d0 100644 --- a/pkgs/development/compilers/mono/generic.nix +++ b/pkgs/development/compilers/mono/generic.nix @@ -1,6 +1,7 @@ { stdenv, fetchurl, bison, pkgconfig, glib, gettext, perl, libgdiplus, libX11, callPackage, ncurses, zlib, withLLVM ? false, cacert, Foundation, libobjc, python, version, sha256, autoconf, libtool, automake, cmake, which , enableParallelBuilding ? true , srcArchiveSuffix ? "tar.bz2" +, extraPatches ? [] }: let @@ -22,8 +23,6 @@ stdenv.mkDerivation rec { propagatedBuildInputs = [glib]; - NIX_LDFLAGS = if stdenv.isDarwin then "" else "-lgcc_s" ; - # To overcome the bug https://bugzilla.novell.com/show_bug.cgi?id=644723 dontDisableStatic = true; @@ -44,7 +43,7 @@ stdenv.mkDerivation rec { # We want pkg-config to take priority over the dlls in the Mono framework and the GAC # because we control pkg-config - patches = [ ./pkgconfig-before-gac.patch ]; + patches = [ ./pkgconfig-before-gac.patch ] ++ extraPatches; # Patch all the necessary scripts. Also, if we're using LLVM, we fix the default # LLVM path to point into the Mono LLVM build, since it's private anyway. diff --git a/pkgs/development/compilers/mono/mono4-glibc.patch b/pkgs/development/compilers/mono/mono4-glibc.patch new file mode 100644 index 00000000000..07d5f03f90b --- /dev/null +++ b/pkgs/development/compilers/mono/mono4-glibc.patch @@ -0,0 +1,12 @@ +diff --git a/mono/io-layer/processes.c b/mono/io-layer/processes.c +index 53c271a4..84bd3252 100644 +--- a/mono/io-layer/processes.c ++++ b/mono/io-layer/processes.c +@@ -19,6 +19,7 @@ + #include + #include + #include ++#include + #include + #ifdef HAVE_SIGNAL_H + #include diff --git a/pkgs/development/compilers/wcc/default.nix b/pkgs/development/compilers/wcc/default.nix index 5f812e2c463..d21d886367f 100644 --- a/pkgs/development/compilers/wcc/default.nix +++ b/pkgs/development/compilers/wcc/default.nix @@ -17,6 +17,8 @@ stdenv.mkDerivation { postPatch = '' sed -i src/wsh/include/libwitch/wsh.h src/wsh/scripts/INDEX \ -e "s#/usr/share/wcc#$out/share/wcc#" + + sed -i -e '/stropts.h>/d' src/wsh/include/libwitch/wsh.h ''; installFlags = [ "DESTDIR=$(out)" ]; diff --git a/pkgs/development/compilers/z88dk/default.nix b/pkgs/development/compilers/z88dk/default.nix index 2d62bfede09..a76e57a0807 100644 --- a/pkgs/development/compilers/z88dk/default.nix +++ b/pkgs/development/compilers/z88dk/default.nix @@ -1,14 +1,14 @@ { fetchFromGitHub, stdenv, makeWrapper, unzip, libxml2, m4, uthash, which }: stdenv.mkDerivation rec { - pname = "z88dk"; - version = "unstable-2019-05-09"; + pname = "z88dk-unstable"; + version = "2020-01-27"; src = fetchFromGitHub { owner = "z88dk"; repo = "z88dk"; - rev = "826d68632c3a7c17df88dd2ec54571a6041da69c"; - sha256 = "104qgb01sdb97mkcxnq1cdlqi5qvjm4rd9bg5r42pdfz81ss49xj"; + rev = "efdd07c2e2229cac7cfef97ec01f478004846e39"; + sha256 = "0jcks5ygp256lmzmllffp4yb38cxjgdyqnnimkj4s65095cfasyb"; fetchSubmodules = true; }; diff --git a/pkgs/development/interpreters/python/cpython/3.7/darwin-libutil.patch b/pkgs/development/interpreters/python/cpython/3.7/darwin-libutil.patch new file mode 100644 index 00000000000..51e3cb6d7f1 --- /dev/null +++ b/pkgs/development/interpreters/python/cpython/3.7/darwin-libutil.patch @@ -0,0 +1,23 @@ +diff --git a/Modules/posixmodule.c b/Modules/posixmodule.c +index c3682b4..16826c6 100644 +--- a/Modules/posixmodule.c ++++ b/Modules/posixmodule.c +@@ -5880,15 +5880,13 @@ error: + #if defined(HAVE_OPENPTY) || defined(HAVE_FORKPTY) || defined(HAVE_DEV_PTMX) + #ifdef HAVE_PTY_H + #include +-#else ++#endif + #ifdef HAVE_LIBUTIL_H + #include +-#else ++#endif + #ifdef HAVE_UTIL_H + #include +-#endif /* HAVE_UTIL_H */ +-#endif /* HAVE_LIBUTIL_H */ +-#endif /* HAVE_PTY_H */ ++#endif + #ifdef HAVE_STROPTS_H + #include + #endif diff --git a/pkgs/development/interpreters/python/cpython/default.nix b/pkgs/development/interpreters/python/cpython/default.nix index 70eff43daf5..b778b62f908 100644 --- a/pkgs/development/interpreters/python/cpython/default.nix +++ b/pkgs/development/interpreters/python/cpython/default.nix @@ -103,10 +103,7 @@ in with passthru; stdenv.mkDerivation { ./3.5/ld_library_path.patch ] ++ optionals (isPy37 || isPy38) [ # Fix darwin build https://bugs.python.org/issue34027 - (fetchpatch { - url = https://bugs.python.org/file47666/darwin-libutil.patch; - sha256 = "0242gihnw3wfskl4fydp2xanpl8k5q7fj4dp7dbbqf46a4iwdzpa"; - }) + ./3.7/darwin-libutil.patch ] ++ optionals (isPy3k && hasDistutilsCxxPatch) [ # Fix for http://bugs.python.org/issue1222585 # Upstream distutils is calling C compiler to compile C++ code, which diff --git a/pkgs/development/libraries/glibc/CVE-2018-11236.patch b/pkgs/development/libraries/glibc/CVE-2018-11236.patch deleted file mode 100644 index db86e7146f2..00000000000 --- a/pkgs/development/libraries/glibc/CVE-2018-11236.patch +++ /dev/null @@ -1,146 +0,0 @@ -From 5460617d1567657621107d895ee2dd83bc1f88f2 Mon Sep 17 00:00:00 2001 -From: Paul Pluzhnikov -Date: Tue, 8 May 2018 18:12:41 -0700 -Subject: [PATCH] Fix BZ 22786: integer addition overflow may cause stack - buffer overflow when realpath() input length is close to SSIZE_MAX. - -2018-05-09 Paul Pluzhnikov - - [BZ #22786] - * stdlib/canonicalize.c (__realpath): Fix overflow in path length - computation. - * stdlib/Makefile (test-bz22786): New test. - * stdlib/test-bz22786.c: New test. ---- - ChangeLog | 8 +++++ - stdlib/Makefile | 2 +- - stdlib/canonicalize.c | 2 +- - stdlib/test-bz22786.c | 90 +++++++++++++++++++++++++++++++++++++++++++++++++++ - 4 files changed, 100 insertions(+), 2 deletions(-) - create mode 100644 stdlib/test-bz22786.c - -diff --git a/stdlib/Makefile b/stdlib/Makefile -index af1643c..1ddb1f9 100644 ---- a/stdlib/Makefile -+++ b/stdlib/Makefile -@@ -84,7 +84,7 @@ tests := tst-strtol tst-strtod testmb testrand testsort testdiv \ - tst-cxa_atexit tst-on_exit test-atexit-race \ - test-at_quick_exit-race test-cxa_atexit-race \ - test-on_exit-race test-dlclose-exit-race \ -- tst-makecontext-align -+ tst-makecontext-align test-bz22786 - - tests-internal := tst-strtod1i tst-strtod3 tst-strtod4 tst-strtod5i \ - tst-tls-atexit tst-tls-atexit-nodelete -diff --git a/stdlib/canonicalize.c b/stdlib/canonicalize.c -index 4135f3f..390fb43 100644 ---- a/stdlib/canonicalize.c -+++ b/stdlib/canonicalize.c -@@ -181,7 +181,7 @@ __realpath (const char *name, char *resolved) - extra_buf = __alloca (path_max); - - len = strlen (end); -- if ((long int) (n + len) >= path_max) -+ if (path_max - n <= len) - { - __set_errno (ENAMETOOLONG); - goto error; -diff --git a/stdlib/test-bz22786.c b/stdlib/test-bz22786.c -new file mode 100644 -index 0000000..e7837f9 ---- /dev/null -+++ b/stdlib/test-bz22786.c -@@ -0,0 +1,90 @@ -+/* Bug 22786: test for buffer overflow in realpath. -+ Copyright (C) 2018 Free Software Foundation, Inc. -+ This file is part of the GNU C Library. -+ -+ The GNU C Library is free software; you can redistribute it and/or -+ modify it under the terms of the GNU Lesser General Public -+ License as published by the Free Software Foundation; either -+ version 2.1 of the License, or (at your option) any later version. -+ -+ The GNU C Library is distributed in the hope that it will be useful, -+ but WITHOUT ANY WARRANTY; without even the implied warranty of -+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU -+ Lesser General Public License for more details. -+ -+ You should have received a copy of the GNU Lesser General Public -+ License along with the GNU C Library; if not, see -+ . */ -+ -+/* This file must be run from within a directory called "stdlib". */ -+ -+#include -+#include -+#include -+#include -+#include -+#include -+#include -+#include -+#include -+#include -+ -+static int -+do_test (void) -+{ -+ const char dir[] = "bz22786"; -+ const char lnk[] = "bz22786/symlink"; -+ -+ rmdir (dir); -+ if (mkdir (dir, 0755) != 0 && errno != EEXIST) -+ { -+ printf ("mkdir %s: %m\n", dir); -+ return EXIT_FAILURE; -+ } -+ if (symlink (".", lnk) != 0 && errno != EEXIST) -+ { -+ printf ("symlink (%s, %s): %m\n", dir, lnk); -+ return EXIT_FAILURE; -+ } -+ -+ const size_t path_len = (size_t) INT_MAX + 1; -+ -+ DIAG_PUSH_NEEDS_COMMENT; -+#if __GNUC_PREREQ (7, 0) -+ /* GCC 7 warns about too-large allocations; here we need such -+ allocation to succeed for the test to work. */ -+ DIAG_IGNORE_NEEDS_COMMENT (7, "-Walloc-size-larger-than="); -+#endif -+ char *path = malloc (path_len); -+ DIAG_POP_NEEDS_COMMENT; -+ -+ if (path == NULL) -+ { -+ printf ("malloc (%zu): %m\n", path_len); -+ return EXIT_UNSUPPORTED; -+ } -+ -+ /* Construct very long path = "bz22786/symlink/aaaa....." */ -+ char *p = mempcpy (path, lnk, sizeof (lnk) - 1); -+ *(p++) = '/'; -+ memset (p, 'a', path_len - (path - p) - 2); -+ p[path_len - (path - p) - 1] = '\0'; -+ -+ /* This call crashes before the fix for bz22786 on 32-bit platforms. */ -+ p = realpath (path, NULL); -+ -+ if (p != NULL || errno != ENAMETOOLONG) -+ { -+ printf ("realpath: %s (%m)", p); -+ return EXIT_FAILURE; -+ } -+ -+ /* Cleanup. */ -+ unlink (lnk); -+ rmdir (dir); -+ -+ return 0; -+} -+ -+#define TEST_FUNCTION do_test -+#include --- -2.9.3 - diff --git a/pkgs/development/libraries/glibc/CVE-2018-11237.patch b/pkgs/development/libraries/glibc/CVE-2018-11237.patch deleted file mode 100644 index ffc2cec1d57..00000000000 --- a/pkgs/development/libraries/glibc/CVE-2018-11237.patch +++ /dev/null @@ -1,55 +0,0 @@ -From f51c8367685dc888a02f7304c729ed5277904aff Mon Sep 17 00:00:00 2001 -From: Andreas Schwab -Date: Thu, 24 May 2018 14:39:18 +0200 -Subject: [PATCH] Don't write beyond destination in - __mempcpy_avx512_no_vzeroupper (bug 23196) - -When compiled as mempcpy, the return value is the end of the destination -buffer, thus it cannot be used to refer to the start of it. - -(cherry picked from commit 9aaaab7c6e4176e61c59b0a63c6ba906d875dc0e) ---- - ChangeLog | 9 +++++++++ - NEWS | 7 +++++++ - string/test-mempcpy.c | 1 + - sysdeps/x86_64/multiarch/memmove-avx512-no-vzeroupper.S | 5 +++-- - 4 files changed, 20 insertions(+), 2 deletions(-) - -diff --git a/string/test-mempcpy.c b/string/test-mempcpy.c -index c08fba8..d98ecdd 100644 ---- a/string/test-mempcpy.c -+++ b/string/test-mempcpy.c -@@ -18,6 +18,7 @@ - . */ - - #define MEMCPY_RESULT(dst, len) (dst) + (len) -+#define MIN_PAGE_SIZE 131072 - #define TEST_MAIN - #define TEST_NAME "mempcpy" - #include "test-string.h" -diff --git a/sysdeps/x86_64/multiarch/memmove-avx512-no-vzeroupper.S b/sysdeps/x86_64/multiarch/memmove-avx512-no-vzeroupper.S -index 23c0f7a..effc3ac 100644 ---- a/sysdeps/x86_64/multiarch/memmove-avx512-no-vzeroupper.S -+++ b/sysdeps/x86_64/multiarch/memmove-avx512-no-vzeroupper.S -@@ -336,6 +336,7 @@ L(preloop_large): - vmovups (%rsi), %zmm4 - vmovups 0x40(%rsi), %zmm5 - -+ mov %rdi, %r11 - /* Align destination for access with non-temporal stores in the loop. */ - mov %rdi, %r8 - and $-0x80, %rdi -@@ -366,8 +367,8 @@ L(gobble_256bytes_nt_loop): - cmp $256, %rdx - ja L(gobble_256bytes_nt_loop) - sfence -- vmovups %zmm4, (%rax) -- vmovups %zmm5, 0x40(%rax) -+ vmovups %zmm4, (%r11) -+ vmovups %zmm5, 0x40(%r11) - jmp L(check) - - L(preloop_large_bkw): --- -2.9.3 - diff --git a/pkgs/development/libraries/glibc/common.nix b/pkgs/development/libraries/glibc/common.nix index 458745694bc..9ea94381659 100644 --- a/pkgs/development/libraries/glibc/common.nix +++ b/pkgs/development/libraries/glibc/common.nix @@ -19,10 +19,12 @@ { stdenv, lib , buildPackages -, fetchurl, fetchpatch +, fetchurl , linuxHeaders ? null , gd ? null, libpng ? null +, libidn2 , bison +, python3 }: { name @@ -34,9 +36,9 @@ } @ args: let - version = "2.27"; + version = "2.30"; patchSuffix = ""; - sha256 = "0wpwq7gsm7sd6ysidv0z575ckqdg13cr2njyfgrbgh4f65adwwji"; + sha256 = "1bxqpg91d02qnaz837a5kamm0f43pr1il4r9pknygywsar713i72"; in assert withLinuxHeaders -> linuxHeaders != null; @@ -92,35 +94,13 @@ stdenv.mkDerivation ({ url = "https://salsa.debian.org/glibc-team/glibc/raw/49767c9f7de4828220b691b29de0baf60d8a54ec/debian/patches/localedata/locale-C.diff"; sha256 = "0irj60hs2i91ilwg5w7sqrxb695c93xg0ik7yhhq9irprd7fidn4"; }) - - # https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=5460617d1567657621107d895ee2dd83bc1f88f2 - ./CVE-2018-11236.patch - # https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=f51c8367685dc888a02f7304c729ed5277904aff - ./CVE-2018-11237.patch - - # Remove after upgrading to glibc 2.28+ - # Change backported from upstream - # https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=9c79cec8cd2a6996a73aa83d79b360ffd4bebde6 - ./fix-out-of-bounds-access-in-findidxwc.patch - - # Remove after upgrading to glibc 2.28+ - # https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=21526a507df8f1b2e37492193a754534d8938c0b - ./fix-out-of-bounds-access-in-ibm-1390-converter.patch ] ++ lib.optionals stdenv.isx86_64 [ ./fix-x64-abi.patch ./2.27-CVE-2019-19126.patch ] ++ lib.optional stdenv.hostPlatform.isMusl ./fix-rpc-types-musl-conflicts.patch - ++ lib.optional stdenv.buildPlatform.isDarwin ./darwin-cross-build.patch - - # Remove after upgrading to glibc 2.28+ - ++ lib.optional (stdenv.hostPlatform != stdenv.buildPlatform || stdenv.hostPlatform.isMusl) (fetchpatch { - url = "https://sourceware.org/git/?p=glibc.git;a=patch;h=780684eb04298977bc411ebca1eadeeba4877833"; - name = "correct-pwent-parsing-issue-and-resulting-build.patch"; - sha256 = "08fja894vzaj8phwfhsfik6jj2pbji7kypy3q8pgxvsd508zdv1q"; - excludes = [ "ChangeLog" ]; - }); + ++ lib.optional stdenv.buildPlatform.isDarwin ./darwin-cross-build.patch; postPatch = '' @@ -131,6 +111,15 @@ stdenv.mkDerivation ({ # nscd needs libgcc, and we don't want it dynamically linked # because we don't want it to depend on bootstrap-tools libs. echo "LDFLAGS-nscd += -static-libgcc" >> nscd/Makefile + + # Ensure that libidn2 is found. + patch -p 1 < usrc[nhere -1]) -+ if (cp[nhere - 1] > usrc[nhere - 1]) - { - cp += 2 * nhere; - continue; - } - -- if (cp[2 * nhere - 1] < usrc[nhere -1]) -+ if (cp[2 * nhere - 1] < usrc[nhere - 1]) - { - cp += 2 * nhere; - continue; diff --git a/pkgs/development/libraries/glibc/fix-out-of-bounds-access-in-ibm-1390-converter.patch b/pkgs/development/libraries/glibc/fix-out-of-bounds-access-in-ibm-1390-converter.patch deleted file mode 100644 index 8b560566a49..00000000000 --- a/pkgs/development/libraries/glibc/fix-out-of-bounds-access-in-ibm-1390-converter.patch +++ /dev/null @@ -1,35 +0,0 @@ -From 21526a507df8f1b2e37492193a754534d8938c0b Mon Sep 17 00:00:00 2001 -From: Andreas Schwab -Date: Tue, 24 Jul 2018 14:08:34 +0200 -Subject: [PATCH] Fix out-of-bounds access in IBM-1390 converter (bug 23448) - -The IBM-1390 converter can consume/produce two UCS4 characters in each -loop. ---- - ChangeLog | 6 ++++++ - iconvdata/ibm1364.c | 2 ++ - 2 files changed, 8 insertions(+) - -diff --git a/iconvdata/ibm1364.c b/iconvdata/ibm1364.c -index b833273..517fe60 100644 ---- a/iconvdata/ibm1364.c -+++ b/iconvdata/ibm1364.c -@@ -150,6 +150,7 @@ enum - #define MIN_NEEDED_INPUT MIN_NEEDED_FROM - #define MAX_NEEDED_INPUT MAX_NEEDED_FROM - #define MIN_NEEDED_OUTPUT MIN_NEEDED_TO -+#define MAX_NEEDED_OUTPUT MAX_NEEDED_TO - #define LOOPFCT FROM_LOOP - #define BODY \ - { \ -@@ -296,6 +297,7 @@ enum - - /* Next, define the other direction. */ - #define MIN_NEEDED_INPUT MIN_NEEDED_TO -+#define MAX_NEEDED_INPUT MAX_NEEDED_TO - #define MIN_NEEDED_OUTPUT MIN_NEEDED_FROM - #define MAX_NEEDED_OUTPUT MAX_NEEDED_FROM - #define LOOPFCT TO_LOOP --- -2.9.3 - diff --git a/pkgs/development/libraries/libffi/default.nix b/pkgs/development/libraries/libffi/default.nix index cc080e7c638..86e790bb965 100644 --- a/pkgs/development/libraries/libffi/default.nix +++ b/pkgs/development/libraries/libffi/default.nix @@ -1,9 +1,9 @@ { stdenv, fetchurl, fetchpatch , autoreconfHook -# libffi is used in darwin stdenv +# libffi is used in darwin and linux with glibc stdenv # we cannot run checks within it -, doCheck ? !stdenv.isDarwin, dejagnu +, doCheck ? stdenv.hostPlatform.isMusl, dejagnu }: stdenv.mkDerivation rec { diff --git a/pkgs/development/libraries/libmilter/default.nix b/pkgs/development/libraries/libmilter/default.nix index 3eb688f9572..8d677d858de 100644 --- a/pkgs/development/libraries/libmilter/default.nix +++ b/pkgs/development/libraries/libmilter/default.nix @@ -31,7 +31,7 @@ stdenv.mkDerivation rec { sh Build -f ./a.m4 ''; - patches = [ ./install.patch ./sharedlib.patch ]; + patches = [ ./install.patch ./sharedlib.patch ./glibc-2.30.patch ]; nativeBuildInputs = [ m4 ]; diff --git a/pkgs/development/libraries/libmilter/glibc-2.30.patch b/pkgs/development/libraries/libmilter/glibc-2.30.patch new file mode 100644 index 00000000000..e72ec9911e3 --- /dev/null +++ b/pkgs/development/libraries/libmilter/glibc-2.30.patch @@ -0,0 +1,44 @@ +diff --git a/libmilter/sm_gethost.c b/libmilter/sm_gethost.c +index 2423c34..f00468c 100644 +--- a/libmilter/sm_gethost.c ++++ b/libmilter/sm_gethost.c +@@ -52,16 +52,8 @@ sm_getipnodebyname(name, family, flags, err) + bool resv6 = true; + struct hostent *h; + +- if (family == AF_INET6) +- { +- /* From RFC2133, section 6.1 */ +- resv6 = bitset(RES_USE_INET6, _res.options); +- _res.options |= RES_USE_INET6; +- } + SM_SET_H_ERRNO(0); +- h = gethostbyname(name); +- if (family == AF_INET6 && !resv6) +- _res.options &= ~RES_USE_INET6; ++ h = gethostbyname2(name, family); + + /* the function is supposed to return only the requested family */ + if (h != NULL && h->h_addrtype != family) +diff --git a/sendmail/conf.c b/sendmail/conf.c +index c73334e..500dafb 100644 +--- a/sendmail/conf.c ++++ b/sendmail/conf.c +@@ -4243,16 +4243,8 @@ sm_getipnodebyname(name, family, flags, err) + # else /* HAS_GETHOSTBYNAME2 */ + bool resv6 = true; + +- if (family == AF_INET6) +- { +- /* From RFC2133, section 6.1 */ +- resv6 = bitset(RES_USE_INET6, _res.options); +- _res.options |= RES_USE_INET6; +- } + SM_SET_H_ERRNO(0); +- h = gethostbyname(name); +- if (!resv6) +- _res.options &= ~RES_USE_INET6; ++ h = gethostbyname2(name, family); + + /* the function is supposed to return only the requested family */ + if (h != NULL && h->h_addrtype != family) diff --git a/pkgs/development/libraries/libunistring/default.nix b/pkgs/development/libraries/libunistring/default.nix index e02e5228aa4..2c9a13788c5 100644 --- a/pkgs/development/libraries/libunistring/default.nix +++ b/pkgs/development/libraries/libunistring/default.nix @@ -17,7 +17,7 @@ stdenv.mkDerivation rec { "--with-libiconv-prefix=${libiconv}" ]; - doCheck = true; + doCheck = false; /* This seems to cause several random failures like these, which I assume is because of bad or missing target dependencies in their build system: diff --git a/pkgs/development/libraries/seasocks/default.nix b/pkgs/development/libraries/seasocks/default.nix index 9825c0c4035..8efcd0de2f1 100644 --- a/pkgs/development/libraries/seasocks/default.nix +++ b/pkgs/development/libraries/seasocks/default.nix @@ -1,4 +1,4 @@ -{ stdenv, fetchFromGitHub, cmake, python, zlib }: +{ stdenv, fetchFromGitHub, cmake, python, zlib, fetchpatch }: stdenv.mkDerivation rec { pname = "seasocks"; @@ -11,6 +11,13 @@ stdenv.mkDerivation rec { sha256 = "1c2gc0k9wgbgn7y7wmq2ylp0gvdbmagc1x8c4jwbsncl1gy6x4g2"; }; + patches = [ + (fetchpatch { + url = "https://github.com/mattgodbolt/seasocks/commit/5753b50ce3b2232d166843450043f88a4a362422.patch"; + sha256 = "1c20xjma8jdgcr5m321srpmys6b4jvqkazfqr668km3r2ck5xncl"; + }) + ]; + nativeBuildInputs = [ cmake ]; buildInputs = [ zlib python ]; diff --git a/pkgs/development/tools/analysis/coz/default.nix b/pkgs/development/tools/analysis/coz/default.nix index 3775d09b27d..e745f7fe6e5 100644 --- a/pkgs/development/tools/analysis/coz/default.nix +++ b/pkgs/development/tools/analysis/coz/default.nix @@ -16,6 +16,10 @@ stdenv.mkDerivation rec { sha256 = "0val36yw987b1558iiyk3nqg0yy5k9y5wh49v91zj3cs58mmfyhc"; }; + postPatch = '' + sed -i -e '/pid_t gettid/,+2d' libcoz/ccutil/thread.h + ''; + postConfigure = '' # This is currently hard-coded. Will be fixed in the next release. sed -e "s|/usr/lib/|$out/lib/|" -i ./coz diff --git a/pkgs/development/tools/analysis/eresi/default.nix b/pkgs/development/tools/analysis/eresi/default.nix index ed338a6e0d9..b84eeae15dc 100644 --- a/pkgs/development/tools/analysis/eresi/default.nix +++ b/pkgs/development/tools/analysis/eresi/default.nix @@ -1,4 +1,4 @@ -{ stdenv, lib, fetchFromGitHub, which, openssl, readline }: +{ stdenv, lib, fetchFromGitHub, which, openssl, readline, fetchpatch }: stdenv.mkDerivation rec { pname = "eresi"; @@ -11,6 +11,13 @@ stdenv.mkDerivation rec { sha256 = "0a5a7mh2zw9lcdrl8n1mqccrc0xcgj7743l7l4kslkh722fxv625"; }; + patches = [ + (fetchpatch { + url = "https://github.com/thorkill/eresi/commit/a79406344cc21d594d27fa5ec5922abe9f7475e7.patch"; + sha256 = "1mjjc6hj7r06iarvai7prcdvjk9g0k5vwrmkwcm7b8ivd5xzxp2z"; + }) + ]; + postPatch = '' # Two occurences of fprintf() with only two arguments, which should really # be fputs(). diff --git a/pkgs/development/tools/analysis/rr/default.nix b/pkgs/development/tools/analysis/rr/default.nix index a8d95eb05de..8ca6dff9f5d 100644 --- a/pkgs/development/tools/analysis/rr/default.nix +++ b/pkgs/development/tools/analysis/rr/default.nix @@ -1,14 +1,14 @@ -{ stdenv, fetchFromGitHub, cmake, libpfm, zlib, pkgconfig, python2Packages, which, procps, gdb, capnproto }: +{ stdenv, fetchFromGitHub, cmake, libpfm, zlib, pkgconfig, python3Packages, which, procps, gdb, capnproto }: stdenv.mkDerivation rec { - version = "5.2.0"; + version = "5.3.0"; pname = "rr"; src = fetchFromGitHub { owner = "mozilla"; repo = "rr"; rev = version; - sha256 = "19jsnm8n2smalx2z60x9d8f6g4kdm7zghwyjfvwcxnslk1vn9dkc"; + sha256 = "1x6l1xsdksnhz9v50p4r7hhmr077cq20kaywqy1jzdklvkjqzf64"; }; postPatch = '' @@ -23,7 +23,7 @@ stdenv.mkDerivation rec { nativeBuildInputs = [ pkgconfig ]; buildInputs = [ - cmake libpfm zlib python2Packages.python python2Packages.pexpect which procps gdb capnproto + cmake libpfm zlib python3Packages.python python3Packages.pexpect which procps gdb capnproto ]; propagatedBuildInputs = [ gdb ]; # needs GDB to replay programs at runtime cmakeFlags = [ diff --git a/pkgs/development/tools/gnulib/default.nix b/pkgs/development/tools/gnulib/default.nix index 15042353b1d..316c38706d3 100644 --- a/pkgs/development/tools/gnulib/default.nix +++ b/pkgs/development/tools/gnulib/default.nix @@ -2,12 +2,12 @@ stdenv.mkDerivation { pname = "gnulib"; - version = "20190326"; + version = "20190811"; src = fetchgit { url = https://git.savannah.gnu.org/r/gnulib.git; - rev = "a18f7ce3c0aa760c33d46bbeb8e5b3a14cf24984"; - sha256 = "04py5n3j17wyqv9wfsslcrxzapni9vmw6p5g0adzy2md3ygjw4x4"; + rev = "6430babe47ece6953cf18ef07c1d8642c8588e89"; + sha256 = "14kgykbjly03dlb25sllcfcrpk7zkypa449gr3zbqv4rhpmnzizg"; }; dontFixup = true; diff --git a/pkgs/development/tools/misc/gnum4/default.nix b/pkgs/development/tools/misc/gnum4/default.nix index ab2ab0de9cf..b01f85bb4a7 100644 --- a/pkgs/development/tools/misc/gnum4/default.nix +++ b/pkgs/development/tools/misc/gnum4/default.nix @@ -13,7 +13,14 @@ stdenv.mkDerivation { configureFlags = [ "--with-syscmd-shell=${stdenv.shell}" ]; # Upstream is aware of it; it may be in the next release. - patches = [ ./s_isdir.patch ] + patches = + [ + ./s_isdir.patch + (fetchurl { + url = "https://sources.debian.org/data/main/m/m4/1.4.18-2/debian/patches/01-fix-ftbfs-with-glibc-2.28.patch"; + sha256 = "12lmdnbml9lfvy0khpjc42riicddaz7li8wmbnsam7zsw6al11qk"; + }) + ] ++ stdenv.lib.optional stdenv.isDarwin ./darwin-secure-format.patch; meta = { diff --git a/pkgs/development/tools/misc/intel-gpu-tools/default.nix b/pkgs/development/tools/misc/intel-gpu-tools/default.nix index a56ab127235..5bf7e22bfbd 100644 --- a/pkgs/development/tools/misc/intel-gpu-tools/default.nix +++ b/pkgs/development/tools/misc/intel-gpu-tools/default.nix @@ -1,20 +1,21 @@ { stdenv, fetchurl, pkgconfig, libdrm, libpciaccess, cairo, xorgproto, udev , libX11, libXext, libXv, libXrandr, glib, bison, libunwind, python3, kmod -, procps, utilmacros, gtk-doc, openssl, peg }: +, procps, utilmacros, gtk-doc, openssl, peg, elfutils +}: stdenv.mkDerivation rec { pname = "intel-gpu-tools"; - version = "1.23"; + version = "1.24"; src = fetchurl { url = "https://xorg.freedesktop.org/archive/individual/app/igt-gpu-tools-${version}.tar.xz"; - sha256 = "1l4s95m013p2wvddwr4cjqyvsgmc88zxx2887p1fbb1va5n0hjsd"; + sha256 = "1gr1m18w73hmh6n9w2f6gky21qc0pls14bgxkhy95z7azrr7qdap"; }; nativeBuildInputs = [ pkgconfig utilmacros ]; buildInputs = [ libdrm libpciaccess cairo xorgproto udev libX11 kmod libXext libXv libXrandr glib bison libunwind python3 procps - gtk-doc openssl peg ]; + gtk-doc openssl peg elfutils ]; NIX_CFLAGS_COMPILE = [ "-Wno-error=array-bounds" ]; diff --git a/pkgs/os-specific/linux/drbd/default.nix b/pkgs/os-specific/linux/drbd/default.nix index 74f3430c2d8..02b8afa721f 100644 --- a/pkgs/os-specific/linux/drbd/default.nix +++ b/pkgs/os-specific/linux/drbd/default.nix @@ -8,7 +8,7 @@ stdenv.mkDerivation rec { sha256 = "1w4889h1ak7gy9w33kd4fgjlfpgmp6hzfya16p1pkc13bjf22mm0"; }; - patches = [ ./pass-force.patch ]; + patches = [ ./pass-force.patch ./fix-glibc-compilation.patch ]; nativeBuildInputs = [ flex ]; buildInputs = [ perl ]; diff --git a/pkgs/os-specific/linux/drbd/fix-glibc-compilation.patch b/pkgs/os-specific/linux/drbd/fix-glibc-compilation.patch new file mode 100644 index 00000000000..621a2dd995d --- /dev/null +++ b/pkgs/os-specific/linux/drbd/fix-glibc-compilation.patch @@ -0,0 +1,24 @@ +diff --git a/user/drbdadm_adjust.c b/user/drbdadm_adjust.c +index cb23270..3a751ca 100644 +--- a/user/drbdadm_adjust.c ++++ b/user/drbdadm_adjust.c +@@ -29,6 +29,7 @@ + #include + #include + #include ++#include + #include + #include + +diff --git a/user/legacy/drbdadm_adjust.c b/user/legacy/drbdadm_adjust.c +index c79163c..6990ffb 100644 +--- a/user/legacy/drbdadm_adjust.c ++++ b/user/legacy/drbdadm_adjust.c +@@ -27,6 +27,7 @@ + #include + #include + #include ++#include + #include + #include + diff --git a/pkgs/os-specific/linux/jfbview/default.nix b/pkgs/os-specific/linux/jfbview/default.nix index e037ad98226..84f2edc05fd 100644 --- a/pkgs/os-specific/linux/jfbview/default.nix +++ b/pkgs/os-specific/linux/jfbview/default.nix @@ -24,6 +24,11 @@ stdenv.mkDerivation rec { sha256 = "09rcmlf04aka0yzr25imadi0fl4nlbsxcahs7fhvzx4nql4halqw"; }; + postPatch = '' + substituteInPlace main.cpp \ + --replace "" "" + ''; + hardeningDisable = [ "format" ]; buildInputs = [ diff --git a/pkgs/os-specific/linux/policycoreutils/default.nix b/pkgs/os-specific/linux/policycoreutils/default.nix index 9d229c50000..f9e3a7fb5d4 100644 --- a/pkgs/os-specific/linux/policycoreutils/default.nix +++ b/pkgs/os-specific/linux/policycoreutils/default.nix @@ -15,6 +15,8 @@ stdenv.mkDerivation rec { substituteInPlace po/Makefile \ --replace /usr/bin/install install --replace /usr/share /share substituteInPlace newrole/Makefile --replace /usr/share /share + + sed -i -e '39i#include ' run_init/run_init.c ''; nativeBuildInputs = [ gettext ]; diff --git a/pkgs/os-specific/linux/tiscamera/allow-pipeline-stop-in-trigger-mode.patch b/pkgs/os-specific/linux/tiscamera/allow-pipeline-stop-in-trigger-mode.patch deleted file mode 100644 index 48a520f6ec3..00000000000 --- a/pkgs/os-specific/linux/tiscamera/allow-pipeline-stop-in-trigger-mode.patch +++ /dev/null @@ -1,48 +0,0 @@ -diff --git a/src/gstreamer-1.0/gsttcamsrc.cpp b/src/gstreamer-1.0/gsttcamsrc.cpp -index d482e1e..e36afd8 100644 ---- a/src/gstreamer-1.0/gsttcamsrc.cpp -+++ b/src/gstreamer-1.0/gsttcamsrc.cpp -@@ -1112,6 +1112,7 @@ bool gst_tcam_src_init_camera (GstTcamSrc* self) - - static void gst_tcam_src_close_camera (GstTcamSrc* self) - { -+ GST_INFO("Closing device"); - if (self->device != NULL) - { - self->device->dev->stop_stream(); -@@ -1156,7 +1157,7 @@ static gboolean gst_tcam_src_stop (GstBaseSrc* src) - - self->device->dev->stop_stream(); - gst_element_send_event(GST_ELEMENT(self), gst_event_new_eos()); -- GST_DEBUG_OBJECT (self, "Stopped acquisition"); -+ GST_DEBUG("Stopped acquisition"); - - return TRUE; - } -@@ -1556,6 +1557,18 @@ static void gst_tcam_src_get_property (GObject* object, - } - - -+static gboolean gst_tcam_src_unlock (GstBaseSrc* src) -+{ -+ GstTcamSrc* self = GST_TCAM_SRC(src); -+ -+ self->is_running = FALSE; -+ -+ self->cv.notify_all(); -+ -+ return TRUE; -+} -+ -+ - static void gst_tcam_src_class_init (GstTcamSrcClass* klass) - { - GObjectClass *gobject_class = G_OBJECT_CLASS (klass); -@@ -1616,6 +1629,7 @@ static void gst_tcam_src_class_init (GstTcamSrcClass* klass) - gstbasesrc_class->fixate = gst_tcam_src_fixate_caps; - gstbasesrc_class->start = gst_tcam_src_start; - gstbasesrc_class->stop = gst_tcam_src_stop; -+ gstbasesrc_class->unlock = gst_tcam_src_unlock; - gstbasesrc_class->negotiate = gst_tcam_src_negotiate; - gstbasesrc_class->get_times = gst_tcam_src_get_times; - diff --git a/pkgs/os-specific/linux/tiscamera/default.nix b/pkgs/os-specific/linux/tiscamera/default.nix index 387a3bcf2c6..ebd17de892a 100644 --- a/pkgs/os-specific/linux/tiscamera/default.nix +++ b/pkgs/os-specific/linux/tiscamera/default.nix @@ -11,17 +11,23 @@ , gobject-introspection , gst_all_1 , libwebcam +, libunwind +, gstreamer +, elfutils +, orc +, python3 +, libuuid }: stdenv.mkDerivation rec { pname = "tiscamera"; - version = "0.9.1"; + version = "0.11.1"; src = fetchFromGitHub { owner = "TheImagingSource"; repo = pname; rev = "v-${pname}-${version}"; - sha256 = "143yp6bpzj3rqfnrcnlrcwggay37fg6rkphh4w9y9v7v4wllzf87"; + sha256 = "07vp6khgl6qd3a4519dmx1s5bfw7pld793p50pjn29fqh91fm93g"; }; nativeBuildInputs = [ @@ -39,6 +45,12 @@ stdenv.mkDerivation rec { gst_all_1.gstreamer gst_all_1.gst-plugins-base libwebcam + libunwind + gstreamer + elfutils + orc + python3 + libuuid ]; @@ -50,13 +62,8 @@ stdenv.mkDerivation rec { "-DBUILD_LIBUSB=ON" ]; - - patches = [ - ./allow-pipeline-stop-in-trigger-mode.patch # To be removed next release. - ]; - postPatch = '' - substituteInPlace ./data/udev/80-theimagingsource-cameras.rules \ + substituteInPlace ./data/udev/80-theimagingsource-cameras.rules.in \ --replace "/usr/bin/uvcdynctrl" "${libwebcam}/bin/uvcdynctrl" \ --replace "/path/to/tiscamera/uvc-extensions" "$out/share/uvcdynctrl/data/199e" @@ -94,4 +101,4 @@ stdenv.mkDerivation rec { platforms = platforms.linux; maintainers = with maintainers; [ jraygauthier ]; }; -} \ No newline at end of file +} diff --git a/pkgs/servers/diod/default.nix b/pkgs/servers/diod/default.nix index cf81d9b4b9a..9e33a8c7910 100644 --- a/pkgs/servers/diod/default.nix +++ b/pkgs/servers/diod/default.nix @@ -13,6 +13,7 @@ stdenv.mkDerivation rec { postPatch = '' substituteInPlace diod/xattr.c --replace attr/xattr.h sys/xattr.h + sed -i -e '/sys\/types\.h>/a #include ' diod/ops.c ''; buildInputs = [ munge lua libcap perl ncurses ]; diff --git a/pkgs/servers/foundationdb/default.nix b/pkgs/servers/foundationdb/default.nix index 98247e35e19..0e608051a9e 100644 --- a/pkgs/servers/foundationdb/default.nix +++ b/pkgs/servers/foundationdb/default.nix @@ -24,6 +24,11 @@ let sha256 = "11y434w68cpk7shs2r22hyrpcrqi8vx02cw7v5x79qxvnmdxv2an"; }; + glibc230-fix = fetchpatch { + url = "https://github.com/Ma27/foundationdb/commit/e133cb974b9a9e4e1dc2d4ac15881d31225c0197.patch"; + sha256 = "1v9q2fyc73msigcykjnbmfig45zcrkrzcg87b0r6mxpnby8iryl1"; + }; + in with builtins; { # Older versions use the bespoke 'vsmake' build system @@ -78,6 +83,7 @@ in with builtins; { patches = [ ./patches/clang-libcxx.patch ./patches/suppress-clang-warnings.patch + glibc230-fix ]; }; diff --git a/pkgs/servers/gpsd/default.nix b/pkgs/servers/gpsd/default.nix index a05b37e9d2c..8ea060a8255 100644 --- a/pkgs/servers/gpsd/default.nix +++ b/pkgs/servers/gpsd/default.nix @@ -42,6 +42,10 @@ stdenv.mkDerivation rec { ./0002-scons-envs-patch.patch ]; + postPatch = '' + sed -i -e '17i#include ' serial.c + ''; + # - leapfetch=no disables going online at build time to fetch leap-seconds # info. See /build.txt for more info. preBuild = '' diff --git a/pkgs/servers/http/lwan/default.nix b/pkgs/servers/http/lwan/default.nix index 9cd9a6b7fec..fb8bc03a1d5 100644 --- a/pkgs/servers/http/lwan/default.nix +++ b/pkgs/servers/http/lwan/default.nix @@ -2,13 +2,13 @@ stdenv.mkDerivation rec { pname = "lwan"; - version = "0.2"; + version = "0.3"; src = fetchFromGitHub { owner = "lpereira"; repo = pname; rev = "v${version}"; - sha256 = "1z1g6bmdsf7zj809sq6jqkpzkdnx1jch84kk67h0v2x6lxhdpv5r"; + sha256 = "1znkcsbxw3r10prqvf2x27w1wmm9kd485pj59c364wlvqdhidwqr"; }; nativeBuildInputs = [ cmake pkgconfig ]; diff --git a/pkgs/servers/mail/postfix/0001-Fix-build-with-glibc-2.30.patch b/pkgs/servers/mail/postfix/0001-Fix-build-with-glibc-2.30.patch new file mode 100644 index 00000000000..9613b8906a0 --- /dev/null +++ b/pkgs/servers/mail/postfix/0001-Fix-build-with-glibc-2.30.patch @@ -0,0 +1,34 @@ +From a6a61d0dc018101a9a8d0a664f31140d7e38db0e Mon Sep 17 00:00:00 2001 +From: Maximilian Bosch +Date: Fri, 17 Jan 2020 01:42:40 +0100 +Subject: [PATCH] Fix build with glibc 2.30 + +https://bugs.launchpad.net/ubuntu/+source/postfix/+bug/1842923 +--- + src/dns/dns_str_resflags.c | 6 ++++++ + 1 file changed, 6 insertions(+) + +diff --git a/src/dns/dns_str_resflags.c b/src/dns/dns_str_resflags.c +index 5f2cce5..df32345 100644 +--- a/src/dns/dns_str_resflags.c ++++ b/src/dns/dns_str_resflags.c +@@ -60,10 +60,16 @@ static const LONG_NAME_MASK resflag_table[] = { + "RES_DEFNAMES", RES_DEFNAMES, + "RES_STAYOPEN", RES_STAYOPEN, + "RES_DNSRCH", RES_DNSRCH, ++#ifdef RES_INSECURE1 + "RES_INSECURE1", RES_INSECURE1, ++#endif ++#ifdef RES_INSECURE2 + "RES_INSECURE2", RES_INSECURE2, ++#endif + "RES_NOALIASES", RES_NOALIASES, ++#ifdef RES_USE_INET6 + "RES_USE_INET6", RES_USE_INET6, ++#endif + #ifdef RES_ROTATE + "RES_ROTATE", RES_ROTATE, + #endif +-- +2.23.1 + diff --git a/pkgs/servers/mail/postfix/default.nix b/pkgs/servers/mail/postfix/default.nix index c0e6252a551..d797a9ec9a3 100644 --- a/pkgs/servers/mail/postfix/default.nix +++ b/pkgs/servers/mail/postfix/default.nix @@ -48,6 +48,7 @@ in stdenv.mkDerivation rec { ./postfix-3.0-no-warnings.patch ./post-install-script.patch ./relative-symlinks.patch + ./0001-Fix-build-with-glibc-2.30.patch ]; postPatch = stdenv.lib.optionalString (stdenv.hostPlatform != stdenv.buildPlatform) '' diff --git a/pkgs/servers/prayer/default.nix b/pkgs/servers/prayer/default.nix index d1351afa0b3..95fbe446bb2 100644 --- a/pkgs/servers/prayer/default.nix +++ b/pkgs/servers/prayer/default.nix @@ -35,6 +35,7 @@ stdenv.mkDerivation rec { Config sed -i -e s,/usr/bin/perl,${perl}/bin/perl, \ templates/src/*.pl + sed -i -e '//d' lib/os_linux.h '' + /* html-tidy updates */ '' substituteInPlace ./session/html_secure_tidy.c \ --replace buffio.h tidybuffio.h diff --git a/pkgs/stdenv/linux/bootstrap-files/aarch64.nix b/pkgs/stdenv/linux/bootstrap-files/aarch64.nix index ca7e84502ab..72ded1be11a 100644 --- a/pkgs/stdenv/linux/bootstrap-files/aarch64.nix +++ b/pkgs/stdenv/linux/bootstrap-files/aarch64.nix @@ -5,7 +5,7 @@ executable = true; }; bootstrapTools = import { - url = http://nixos-arm.dezgeg.me/bootstrap-aarch64-2017-03-11-bb3ef8/bootstrap-tools.tar.xz; - sha256 = "1075d5n4yclbhgisi6ba50601mw3fhivlkjs462qlnq8hh0xc7nq"; + url = http://tarballs.nixos.org/stdenv-linux/aarch64/c5aabb0d603e2c1ea05f5a93b3be82437f5ebf31/bootstrap-tools.tar.xz; + sha256 = "d3f1bf2a1495b97f45359d5623bdb1f8eb75db43d3bf2059fc127b210f059358"; }; } diff --git a/pkgs/stdenv/linux/bootstrap-files/i686.nix b/pkgs/stdenv/linux/bootstrap-files/i686.nix index cf484fd9253..81dede2c80e 100644 --- a/pkgs/stdenv/linux/bootstrap-files/i686.nix +++ b/pkgs/stdenv/linux/bootstrap-files/i686.nix @@ -6,7 +6,7 @@ }; bootstrapTools = import { - url = http://tarballs.nixos.org/stdenv-linux/i686/4907fc9e8d0d82b28b3c56e3a478a2882f1d700f/bootstrap-tools.tar.xz; - sha256 = "cf920d26d94335f5cb46e247455d0e5389765d16a2b8fc233b792a655b5b58aa"; + url = http://tarballs.nixos.org/stdenv-linux/i686/c5aabb0d603e2c1ea05f5a93b3be82437f5ebf31/bootstrap-tools.tar.xz; + sha256 = "b9bf20315f8c5c0411679c5326084420b522046057a0850367c67d9514794f1c"; }; } diff --git a/pkgs/stdenv/linux/bootstrap-files/x86_64.nix b/pkgs/stdenv/linux/bootstrap-files/x86_64.nix index 69d08c5e981..2800d571c40 100644 --- a/pkgs/stdenv/linux/bootstrap-files/x86_64.nix +++ b/pkgs/stdenv/linux/bootstrap-files/x86_64.nix @@ -3,7 +3,7 @@ { bootstrapTools = import { - url = http://tarballs.nixos.org/stdenv-linux/x86_64/4907fc9e8d0d82b28b3c56e3a478a2882f1d700f/bootstrap-tools.tar.xz; - sha256 = "abe3f0727dd771a60b7922892d308da1bc7b082afc13440880862f0c8823c09f"; + url = http://tarballs.nixos.org/stdenv-linux/x86_64/c5aabb0d603e2c1ea05f5a93b3be82437f5ebf31/bootstrap-tools.tar.xz; + sha256 = "a5ce9c155ed09397614646c9717fc7cd94b1023d7b76b618d409e4fefd6e9d39"; }; } diff --git a/pkgs/stdenv/linux/default.nix b/pkgs/stdenv/linux/default.nix index 8344c9dfb2b..60c0730dce1 100644 --- a/pkgs/stdenv/linux/default.nix +++ b/pkgs/stdenv/linux/default.nix @@ -226,6 +226,28 @@ in ccWrapperStdenv gcc-unwrapped coreutils gnugrep perl gnum4 bison; + dejagnu = super.dejagnu.overrideAttrs (a: { doCheck = false; } ); + + # We need libidn2 and its dependency libunistring as glibc dependency. + # To avoid the cycle, we build against bootstrap libc, nuke references, + # and use the result as input for our final glibc. We also pass this pair + # through, so the final package-set uses exactly the same builds. + libunistring = super.libunistring.overrideAttrs (attrs: { + postFixup = attrs.postFixup or "" + '' + ${self.nukeReferences}/bin/nuke-refs "$out"/lib/lib*.so.*.* + ''; + # Apparently iconv won't work with bootstrap glibc, but it will be used + # with glibc built later where we keep *this* build of libunistring, + # so we need to trick it into supporting libiconv. + am_cv_func_iconv_works = "yes"; + }); + libidn2 = super.libidn2.overrideAttrs (attrs: { + postFixup = attrs.postFixup or "" + '' + ${self.nukeReferences}/bin/nuke-refs -e '${lib.getLib self.libunistring}' \ + "$out"/lib/lib*.so.*.* + ''; + }); + # This also contains the full, dynamically linked, final Glibc. binutils = prevStage.binutils.override { # Rewrap the binutils with the new glibc, so both the next @@ -246,7 +268,7 @@ in inherit (prevStage) ccWrapperStdenv binutils coreutils gnugrep - perl patchelf linuxHeaders gnum4 bison; + perl patchelf linuxHeaders gnum4 bison libidn2 libunistring; ${localSystem.libc} = getLibc prevStage; # Link GCC statically against GMP etc. This makes sense because # these builds of the libraries are only used by GCC, so it @@ -276,7 +298,7 @@ in # because gcc (since JAR support) already depends on zlib, and # then if we already have a zlib we want to use that for the # other purposes (binutils and top-level pkgs) too. - inherit (prevStage) gettext gnum4 bison gmp perl texinfo zlib linuxHeaders; + inherit (prevStage) gettext gnum4 bison gmp perl texinfo zlib linuxHeaders libidn2 libunistring; ${localSystem.libc} = getLibc prevStage; binutils = super.binutils.override { # Don't use stdenv's shell but our own @@ -362,7 +384,7 @@ in ] # Library dependencies ++ map getLib ( - [ attr acl zlib pcre ] + [ attr acl zlib pcre libidn2 libunistring ] ++ lib.optional (gawk.libsigsegv != null) gawk.libsigsegv ) # More complicated cases @@ -377,7 +399,7 @@ in inherit (prevStage) gzip bzip2 xz bash coreutils diffutils findutils gawk gnumake gnused gnutar gnugrep gnupatch patchelf - attr acl zlib pcre; + attr acl zlib pcre libunistring libidn2; ${localSystem.libc} = getLibc prevStage; } // lib.optionalAttrs (super.stdenv.targetPlatform == localSystem) { # Need to get rid of these when cross-compiling. diff --git a/pkgs/tools/archivers/sharutils/default.nix b/pkgs/tools/archivers/sharutils/default.nix index 0dfd234bc75..b4fc2377f0e 100644 --- a/pkgs/tools/archivers/sharutils/default.nix +++ b/pkgs/tools/archivers/sharutils/default.nix @@ -25,6 +25,10 @@ stdenv.mkDerivation rec { url = "https://sources.debian.org/data/main/s/sharutils/1:4.15.2-2+deb9u1/debian/patches/01-fix-heap-buffer-overflow-cve-2018-1000097.patch"; sha256 = "19g0sxc8g79aj5gd5idz5409311253jf2q8wqkasf0handdvsbxx"; }) + (fetchurl { + url = "https://sources.debian.org/data/main/s/sharutils/1:4.15.2-4/debian/patches/02-fix-ftbfs-with-glibc-2.28.patch"; + sha256 = "15kpjqnfs98n6irmkh8pw7masr08xala7gx024agv7zv14722vkc"; + }) ]; postPatch = let diff --git a/pkgs/tools/compression/bzip2/default.nix b/pkgs/tools/compression/bzip2/default.nix index a440c08bd1b..41dcd54ecdb 100644 --- a/pkgs/tools/compression/bzip2/default.nix +++ b/pkgs/tools/compression/bzip2/default.nix @@ -1,5 +1,6 @@ { stdenv, fetchurl , linkStatic ? (stdenv.hostPlatform.system == "i686-cygwin") +, autoreconfHook }: stdenv.mkDerivation rec { @@ -20,6 +21,8 @@ stdenv.mkDerivation rec { sha256 = "0b5b5p8c7bslc6fslcr1nj9136412v3qcvbg6yxi9argq9g72v8c"; }; + nativeBuildInputs = [ autoreconfHook ]; + patches = [ ./CVE-2016-3189.patch ./cve-2019-12900.patch diff --git a/pkgs/tools/filesystems/ext4magic/default.nix b/pkgs/tools/filesystems/ext4magic/default.nix index 40159b5fb6e..1e1edfab8dd 100644 --- a/pkgs/tools/filesystems/ext4magic/default.nix +++ b/pkgs/tools/filesystems/ext4magic/default.nix @@ -14,6 +14,7 @@ stdenv.mkDerivation rec { url = https://sourceforge.net/p/ext4magic/tickets/10/attachment/ext4magic-0.3.2-i_dir_acl.patch; sha256 = "1accydd8kigid68yir2fbihm3r3x8ws3iyznp25snkx41w6y6x8c"; }) + ./glibc-fix.patch ]; buildInputs = [ file libuuid e2fsprogs zlib bzip2 ]; diff --git a/pkgs/tools/filesystems/ext4magic/glibc-fix.patch b/pkgs/tools/filesystems/ext4magic/glibc-fix.patch new file mode 100644 index 00000000000..90660978893 --- /dev/null +++ b/pkgs/tools/filesystems/ext4magic/glibc-fix.patch @@ -0,0 +1,12 @@ +diff --git a/src/recover.c b/src/recover.c +index 41b4aee..30b5d8f 100644 +--- a/src/recover.c ++++ b/src/recover.c +@@ -24,6 +24,7 @@ + #include + #include + #include ++#include + + #ifndef O_LARGEFILE + #define O_LARGEFILE 0 diff --git a/pkgs/tools/filesystems/jfsutils/default.nix b/pkgs/tools/filesystems/jfsutils/default.nix index 92dfe00c951..8b899da32c1 100644 --- a/pkgs/tools/filesystems/jfsutils/default.nix +++ b/pkgs/tools/filesystems/jfsutils/default.nix @@ -1,4 +1,4 @@ -{ stdenv, fetchurl, libuuid, autoreconfHook }: +{ stdenv, fetchurl, fetchpatch, libuuid, autoreconfHook }: stdenv.mkDerivation rec { name = "jfsutils-1.1.15"; @@ -13,6 +13,12 @@ stdenv.mkDerivation rec { ./hardening-format.patch # required for cross-compilation ./ar-fix.patch + # fix for glibc>=2.28 + (fetchpatch { + name = "add_sysmacros.patch"; + url = "https://sources.debian.org/data/main/j/jfsutils/1.1.15-4/debian/patches/add_sysmacros.patch"; + sha256 = "1qcwvxs4d0d24w5x98z59arqfx2n7f0d9xaqhjcg6w8n34vkhnyc"; + }) ]; nativeBuildInputs = [ autoreconfHook ]; diff --git a/pkgs/tools/filesystems/udftools/default.nix b/pkgs/tools/filesystems/udftools/default.nix index 9efaf96182d..0f52635efc6 100644 --- a/pkgs/tools/filesystems/udftools/default.nix +++ b/pkgs/tools/filesystems/udftools/default.nix @@ -24,6 +24,7 @@ stdenv.mkDerivation rec { sed -e '38i#include ' -i wrudf/wrudf-cdrw.c sed -e '12i#include ' -i wrudf/wrudf-cdr.c sed -e '37i#include ' -i wrudf/ide-pc.c + sed -e '46i#include ' -i mkudffs/main.c sed -e "s@\$(DESTDIR)/lib/udev/rules.d@$out/lib/udev/rules.d@" -i pktsetup/Makefile.am ''; diff --git a/pkgs/tools/misc/expect/default.nix b/pkgs/tools/misc/expect/default.nix index fe18a506560..4a6f62f995b 100644 --- a/pkgs/tools/misc/expect/default.nix +++ b/pkgs/tools/misc/expect/default.nix @@ -1,4 +1,4 @@ -{ stdenv, fetchurl, tcl, makeWrapper }: +{ stdenv, fetchurl, tcl, makeWrapper, autoreconfHook }: stdenv.mkDerivation rec { version = "5.45.4"; @@ -10,11 +10,11 @@ stdenv.mkDerivation rec { }; buildInputs = [ tcl ]; - nativeBuildInputs = [ makeWrapper ]; + nativeBuildInputs = [ makeWrapper autoreconfHook ]; hardeningDisable = [ "format" ]; - patchPhase = '' + postPatch = '' sed -i "s,/bin/stty,$(type -p stty),g" configure ''; diff --git a/pkgs/tools/misc/idutils/default.nix b/pkgs/tools/misc/idutils/default.nix index 959be2a4eb1..01995c4939a 100644 --- a/pkgs/tools/misc/idutils/default.nix +++ b/pkgs/tools/misc/idutils/default.nix @@ -50,5 +50,6 @@ stdenv.mkDerivation rec { maintainers = [ ]; platforms = stdenv.lib.platforms.all; + broken = true; }; } diff --git a/pkgs/tools/misc/kermit/default.nix b/pkgs/tools/misc/kermit/default.nix index 9f739da0afa..d320491756c 100644 --- a/pkgs/tools/misc/kermit/default.nix +++ b/pkgs/tools/misc/kermit/default.nix @@ -35,5 +35,6 @@ stdenv.mkDerivation { license = licenses.bsd3; maintainers = with maintainers; [ pSub ]; platforms = with platforms; linux; + broken = true; }; } diff --git a/pkgs/tools/misc/ttyrec/default.nix b/pkgs/tools/misc/ttyrec/default.nix index 56ec9afea43..799e397dace 100644 --- a/pkgs/tools/misc/ttyrec/default.nix +++ b/pkgs/tools/misc/ttyrec/default.nix @@ -26,5 +26,6 @@ stdenv.mkDerivation rec { license = licenses.bsd3; platforms = platforms.all; maintainers = with maintainers; [ zimbatm ]; + broken = true; # 2020-01-28 }; } diff --git a/pkgs/tools/networking/gftp/default.nix b/pkgs/tools/networking/gftp/default.nix index 9431216e251..fb63ee46c9d 100644 --- a/pkgs/tools/networking/gftp/default.nix +++ b/pkgs/tools/networking/gftp/default.nix @@ -8,6 +8,10 @@ stdenv.mkDerivation { sha256 = "1z8b26n23k0sjbxgrix646b06cnpndpq7cbcj0ilsvvdx5ms81jk"; }; + postPatch = '' + sed -i -e '//d' lib/pty.c + ''; + nativeBuildInputs = [ pkgconfig ]; buildInputs = [ gtk2 readline ncurses gettext openssl ]; diff --git a/pkgs/tools/networking/ppp/default.nix b/pkgs/tools/networking/ppp/default.nix index 0efef74f6c3..3446157df7a 100644 --- a/pkgs/tools/networking/ppp/default.nix +++ b/pkgs/tools/networking/ppp/default.nix @@ -10,10 +10,17 @@ stdenv.mkDerivation rec { }; patches = - [ ( substituteAll { + [ + # fix for glibc>=2.28 + (fetchurl { + url = "https://github.com/paulusmack/ppp/commit/3c7b86229f7bd2600d74db14b1fe5b3896be3875.patch"; + sha256 = "0qlbi247lx3injpy8a1gcij9yilik0vfaibkpvdp88k3sa1rs69z"; + }) + ( substituteAll { src = ./nix-purity.patch; inherit libpcap; glibc = stdenv.cc.libc.dev or stdenv.cc.libc; + openssl = openssl.dev; }) # Without nonpriv.patch, pppd --version doesn't work when not run as # root. diff --git a/pkgs/tools/networking/ppp/nix-purity.patch b/pkgs/tools/networking/ppp/nix-purity.patch index c74935c0ec8..5321a472e73 100644 --- a/pkgs/tools/networking/ppp/nix-purity.patch +++ b/pkgs/tools/networking/ppp/nix-purity.patch @@ -1,8 +1,8 @@ diff --git a/pppd/Makefile.linux b/pppd/Makefile.linux -index 060db6a..c151c62 100644 +index 1ebebec..bf90c62 100644 --- a/pppd/Makefile.linux +++ b/pppd/Makefile.linux -@@ -117,7 +117,7 @@ CFLAGS += -DHAS_SHADOW +@@ -120,7 +120,7 @@ CFLAGS += -DHAS_SHADOW #LIBS += -lshadow $(LIBS) endif @@ -11,7 +11,16 @@ index 060db6a..c151c62 100644 CFLAGS += -DHAVE_CRYPT_H=1 LIBS += -lcrypt endif -@@ -169,7 +169,7 @@ LIBS += -ldl +@@ -132,7 +132,7 @@ endif + + ifdef NEEDDES + ifndef USE_CRYPT +-CFLAGS += -I/usr/include/openssl ++CFLAGS += -I@openssl@/include/openssl + LIBS += -lcrypto + else + CFLAGS += -DUSE_CRYPT=1 +@@ -178,7 +178,7 @@ LIBS += -ldl endif ifdef FILTER diff --git a/pkgs/tools/networking/xnbd/0001-Fix-build-for-glibc-2.28.patch b/pkgs/tools/networking/xnbd/0001-Fix-build-for-glibc-2.28.patch new file mode 100644 index 00000000000..712183e56c7 --- /dev/null +++ b/pkgs/tools/networking/xnbd/0001-Fix-build-for-glibc-2.28.patch @@ -0,0 +1,25 @@ +From e799a7e0a64696e4ef6c088d36e4db09f8323581 Mon Sep 17 00:00:00 2001 +From: Maximilian Bosch +Date: Sun, 19 Jan 2020 22:37:04 +0100 +Subject: [PATCH] Fix build for glibc>=2.28 + +The major/minor macros are defined in now. +--- + lib/io.h | 1 + + 1 file changed, 1 insertion(+) + +diff --git a/lib/io.h b/lib/io.h +index 8703cc8..e3d0d10 100644 +--- a/lib/io.h ++++ b/lib/io.h +@@ -33,6 +33,7 @@ + #include + #include + #include ++#include + + + void read_all(int fd, void *buf, size_t len); +-- +2.23.1 + diff --git a/pkgs/tools/networking/xnbd/default.nix b/pkgs/tools/networking/xnbd/default.nix index e898904c6d4..a874565684f 100644 --- a/pkgs/tools/networking/xnbd/default.nix +++ b/pkgs/tools/networking/xnbd/default.nix @@ -10,6 +10,8 @@ stdenv.mkDerivation rec { sourceRoot = "${name}/trunk"; + patches = [ ./0001-Fix-build-for-glibc-2.28.patch ]; + nativeBuildInputs = [ autoreconfHook pkgconfig ]; buildInputs = [ glib jansson ]; diff --git a/pkgs/tools/security/oath-toolkit/default.nix b/pkgs/tools/security/oath-toolkit/default.nix index e31d62dc8b7..d462101e92e 100644 --- a/pkgs/tools/security/oath-toolkit/default.nix +++ b/pkgs/tools/security/oath-toolkit/default.nix @@ -1,4 +1,4 @@ -{ stdenv, fetchFromGitLab, pam, xmlsec, autoreconfHook, pkgconfig, libxml2, gtk-doc, perl, gengetopt, bison, help2man }: +{ stdenv, fetchFromGitLab, fetchpatch, pam, xmlsec, autoreconfHook, pkgconfig, libxml2, gtk-doc, perl, gengetopt, bison, help2man }: let securityDependency = @@ -15,6 +15,15 @@ in stdenv.mkDerivation { sha256 = "0n2sl444723f1k0sjmc0mzdwslx51yxac39c2cx2bl3ykacgfv74"; }; + patches = [ + # fix for glibc>=2.28 + (fetchpatch { + name = "new_glibc_check.patch"; + url = "https://sources.debian.org/data/main/o/oath-toolkit/2.6.1-1.3/debian/patches/new-glibc-check.patch"; + sha256 = "0h75xyy3xsl485v7w27yqkks6z9sgsjmrv6wiswy15fdj5wyciv3"; + }) + ]; + buildInputs = [ securityDependency libxml2 perl gengetopt bison ]; nativeBuildInputs = [ autoreconfHook gtk-doc help2man pkgconfig ]; diff --git a/pkgs/top-level/all-packages.nix b/pkgs/top-level/all-packages.nix index f90ba38fa89..88c6d690a25 100644 --- a/pkgs/top-level/all-packages.nix +++ b/pkgs/top-level/all-packages.nix @@ -8113,6 +8113,8 @@ in # PGO seems to speed up compilation by gcc by ~10%, see #445 discussion profiledCompiler = with stdenv; (!isDarwin && (isi686 || isx86_64)); + enableLTO = !stdenv.isi686; + libcCross = if stdenv.targetPlatform != stdenv.buildPlatform then libcCross else null; threadsCross = if stdenv.targetPlatform != stdenv.buildPlatform then threadsCross else null; @@ -24479,6 +24481,8 @@ in pspp = callPackage ../applications/science/math/pspp { }; + ssw = callPackage ../applications/misc/ssw { }; + pynac = callPackage ../applications/science/math/pynac { }; singular = callPackage ../applications/science/math/singular { };