diff options
| author | Vladimír Čunát <vcunat@gmail.com> | 2016-02-25 08:42:59 +0100 |
|---|---|---|
| committer | Vladimír Čunát <vcunat@gmail.com> | 2016-02-25 08:42:59 +0100 |
| commit | 30b7bd8d01afb566bf7b7f140b17a3a3d99303ed (patch) | |
| tree | fed37b8170a134198feea778d219ac062536cdf0 /pkgs | |
| parent | ef86e9506d5d6ed82ed8af5369b296aa2f3431a2 (diff) | |
| parent | 59617de6d7f8a05f12bbb652e1c68a6a7e6362b6 (diff) | |
| download | nixlib-30b7bd8d01afb566bf7b7f140b17a3a3d99303ed.tar nixlib-30b7bd8d01afb566bf7b7f140b17a3a3d99303ed.tar.gz nixlib-30b7bd8d01afb566bf7b7f140b17a3a3d99303ed.tar.bz2 nixlib-30b7bd8d01afb566bf7b7f140b17a3a3d99303ed.tar.lz nixlib-30b7bd8d01afb566bf7b7f140b17a3a3d99303ed.tar.xz nixlib-30b7bd8d01afb566bf7b7f140b17a3a3d99303ed.tar.zst nixlib-30b7bd8d01afb566bf7b7f140b17a3a3d99303ed.zip | |
Merge branch 'glibc-2.22' into staging
I'm running whole my working notebook on 2.22 without any problems. I don't expect any significant issues.
Diffstat (limited to 'pkgs')
34 files changed, 182 insertions, 1123 deletions
diff --git a/pkgs/applications/graphics/inkscape/default.nix b/pkgs/applications/graphics/inkscape/default.nix index 409fd0a767ce..3704ea2f9c41 100644 --- a/pkgs/applications/graphics/inkscape/default.nix +++ b/pkgs/applications/graphics/inkscape/default.nix @@ -1,7 +1,7 @@ { stdenv, fetchurl, pkgconfig, perl, perlXMLParser, gtk, libXft , libpng, zlib, popt, boehmgc, libxml2, libxslt, glib, gtkmm , glibmm, libsigcxx, lcms, boost, gettext, makeWrapper, intltool -, gsl, python, pyxml, lxml, poppler, imagemagick, libwpg, librevenge +, gsl, python, numpy, pyxml, lxml, poppler, imagemagick, libwpg, librevenge , libvisio, libcdr, libexif, unzip , boxMakerPlugin ? false # boxmaker plugin }: @@ -37,7 +37,7 @@ stdenv.mkDerivation rec { propagatedBuildInputs = [ # Python is used at run-time to execute scripts, e.g., those from # the "Effects" menu. - python pyxml lxml + python pyxml numpy lxml ]; buildInputs = [ @@ -66,7 +66,7 @@ stdenv.mkDerivation rec { for i in "$out/bin/"* do wrapProgram "$i" --prefix PYTHONPATH : \ - "$(toPythonPath ${pyxml}):$(toPythonPath ${lxml})" \ + "$(toPythonPath ${pyxml}):$(toPythonPath ${lxml}):$(toPythonPath ${numpy})" \ --prefix PATH : ${python}/bin || \ exit 2 done diff --git a/pkgs/applications/networking/cluster/spark/default.nix b/pkgs/applications/networking/cluster/spark/default.nix index 5e284d4387f5..a0abe4f31422 100644 --- a/pkgs/applications/networking/cluster/spark/default.nix +++ b/pkgs/applications/networking/cluster/spark/default.nix @@ -6,11 +6,11 @@ with stdenv.lib; stdenv.mkDerivation rec { name = "spark-${version}"; - version = "1.5.2"; + version = "1.6.0"; src = fetchzip { url = "mirror://apache/spark/${name}/${name}-bin-cdh4.tgz"; - sha256 = "0bgpz3bqj24flrbajzhbkz38fjsd53qmji1kls9izji8vprcjr5v"; + sha256 = "0waq8xx4bjj1yvfbadv1gdvz8s4kh5zasicv2n5623ld6lj7zgad"; }; buildInputs = [ makeWrapper jre pythonPackages.python pythonPackages.numpy ] diff --git a/pkgs/build-support/docker/default.nix b/pkgs/build-support/docker/default.nix index 55344aad566f..8e4a51071e33 100644 --- a/pkgs/build-support/docker/default.nix +++ b/pkgs/build-support/docker/default.nix @@ -267,7 +267,9 @@ EOF let - baseJson = writeText "${name}-config.json" (builtins.toJSON { + baseName = baseNameOf name; + + baseJson = writeText "${baseName}-config.json" (builtins.toJSON { created = "1970-01-01T00:00:01Z"; architecture = "amd64"; os = "linux"; @@ -277,11 +279,11 @@ EOF layer = (if runAsRoot == null then mkPureLayer { inherit baseJson contents extraCommands; } else mkRootLayer { inherit baseJson fromImage fromImageName fromImageTag contents runAsRoot diskSize extraCommands; }); - depsTarball = mkTarball { name = "${name}-deps"; + depsTarball = mkTarball { name = "${baseName}-deps"; drv = layer; onlyDeps = true; }; - result = runCommand "${name}.tar.gz" { + result = runCommand "${baseName}.tar.gz" { buildInputs = [ jshon ]; imageName = name; diff --git a/pkgs/development/libraries/aws-sdk-cpp/default.nix b/pkgs/development/libraries/aws-sdk-cpp/default.nix index 22fb9facfea9..6a881e4245aa 100644 --- a/pkgs/development/libraries/aws-sdk-cpp/default.nix +++ b/pkgs/development/libraries/aws-sdk-cpp/default.nix @@ -1,4 +1,9 @@ -{ lib, stdenv, fetchFromGitHub, cmake, curl }: +{ lib, stdenv, fetchFromGitHub, cmake, curl +, # Allow building a limited set of APIs, e.g. ["s3" "ec2"]. + apis ? ["*"] +, # Whether to enable AWS' custom memory management. + customMemoryManagement ? true +}: stdenv.mkDerivation rec { name = "aws-sdk-cpp-${version}"; @@ -13,9 +18,10 @@ stdenv.mkDerivation rec { buildInputs = [ cmake curl ]; - # FIXME: provide flags to build only part of the SDK, or put them in - # different outputs. - # cmakeFlags = "-DBUILD_ONLY=aws-cpp-sdk-s3"; + cmakeFlags = + lib.optional (!customMemoryManagement) "-DCUSTOM_MEMORY_MANAGEMENT=0" + ++ lib.optional (apis != ["*"]) + "-DBUILD_ONLY=${lib.concatMapStringsSep ";" (api: "aws-cpp-sdk-" + api) apis}"; enableParallelBuilding = true; diff --git a/pkgs/development/libraries/glibc/builder.sh b/pkgs/development/libraries/glibc/builder.sh index 2836063e3bf4..d0684d6194d0 100644 --- a/pkgs/development/libraries/glibc/builder.sh +++ b/pkgs/development/libraries/glibc/builder.sh @@ -22,22 +22,11 @@ postInstall() { test -f $out/etc/ld.so.cache && rm $out/etc/ld.so.cache - # FIXME: Use `test -n $linuxHeaders' when `kernelHeaders' has been - # renamed. - if test -z "$hurdHeaders"; then + if test -n "$linuxHeaders"; then # Include the Linux kernel headers in Glibc, except the `scsi' # subdirectory, which Glibc provides itself. (cd $out/include && \ - ln -sv $(ls -d $kernelHeaders/include/* | grep -v 'scsi$') .) - fi - - if test -f "$out/lib/libhurduser.so"; then - # libc.so, libhurduser.so, and libmachuser.so depend on each - # other, so add them to libc.so (a RUNPATH on libc.so.0.3 - # would be ignored by the cross-linker.) - echo "adding \`libhurduser.so' and \`libmachuser.so' to the \`libc.so' linker script..." - sed -i "$out/lib/libc.so" \ - -e"s|\(libc\.so\.[^ ]\+\>\)|\1 $out/lib/libhurduser.so $out/lib/libmachuser.so|g" + ln -sv $(ls -d $linuxHeaders/include/* | grep -v 'scsi$') .) fi # Fix for NIXOS-54 (ldd not working on x86_64). Make a symlink diff --git a/pkgs/development/libraries/glibc/common.nix b/pkgs/development/libraries/glibc/common.nix index 45f5c24e959b..13d5adcd9b13 100644 --- a/pkgs/development/libraries/glibc/common.nix +++ b/pkgs/development/libraries/glibc/common.nix @@ -3,27 +3,22 @@ cross: -{ name, fetchurl, fetchgit ? null, stdenv, installLocales ? false -, gccCross ? null, kernelHeaders ? null -, machHeaders ? null, hurdHeaders ? null, libpthreadHeaders ? null -, mig ? null +{ name, fetchurl, lib, stdenv, installLocales ? false +, gccCross ? null, linuxHeaders ? null , profilingLibraries ? false, meta , withGd ? false, gd ? null, libpng ? null , preConfigure ? "", ... }@args: let - version = "2.21"; - + version = "2.23"; + sha256 = "1lk9a8jv5kyx8hp0wmfzjyk047q95ybyjqbyw5idl7414jxqml1b"; in assert cross != null -> gccCross != null; -assert mig != null -> machHeaders != null; -assert machHeaders != null -> hurdHeaders != null; -assert hurdHeaders != null -> libpthreadHeaders != null; stdenv.mkDerivation ({ - inherit kernelHeaders installLocales; + inherit linuxHeaders installLocales; # The host/target system. crossConfig = if cross != null then cross.config else null; @@ -32,9 +27,7 @@ stdenv.mkDerivation ({ enableParallelBuilding = true; - /* Don't try to apply these patches to the Hurd's snapshot, which is - older. */ - patches = stdenv.lib.optionals (hurdHeaders == null) + patches = [ /* Have rpcgen(1) look for cpp(1) in $PATH. */ ./rpcgen-path.patch @@ -56,14 +49,6 @@ stdenv.mkDerivation ({ "/bin:/usr/bin", which is inappropriate on NixOS machines. This patch extends the search path by "/run/current-system/sw/bin". */ ./fix_path_attribute_in_getconf.patch - - ./security-4a28f4d5.patch - ./security-bdf1ff05.patch - ./cve-2014-8121.patch - ./cve-2015-1781.patch - ./cve-2015-7547.patch - - ./glibc-locale-incompatibility.patch ]; postPatch = @@ -100,36 +85,35 @@ stdenv.mkDerivation ({ "--sysconfdir=/etc" "--localedir=/var/run/current-system/sw/lib/locale" "libc_cv_ssp=no" - (if kernelHeaders != null - then "--with-headers=${kernelHeaders}/include" + (if linuxHeaders != null + then "--with-headers=${linuxHeaders}/include" else "--without-headers") (if profilingLibraries then "--enable-profile" else "--disable-profile") - ] ++ stdenv.lib.optionals (cross == null && kernelHeaders != null) [ + ] ++ lib.optionals (cross == null && linuxHeaders != null) [ "--enable-kernel=2.6.32" - ] ++ stdenv.lib.optionals (cross != null) [ + ] ++ lib.optionals (cross != null) [ (if cross.withTLS then "--with-tls" else "--without-tls") (if cross.float == "soft" then "--without-fp" else "--with-fp") - ] ++ stdenv.lib.optionals (cross != null + ] ++ lib.optionals (cross != null && cross.platform ? kernelMajor && cross.platform.kernelMajor == "2.6") [ "--enable-kernel=2.6.0" "--with-__thread" - ] ++ stdenv.lib.optionals (cross == null && stdenv.isArm) [ + ] ++ lib.optionals (cross == null && stdenv.isArm) [ "--host=arm-linux-gnueabi" "--build=arm-linux-gnueabi" # To avoid linking with -lgcc_s (dynamic link) # so the glibc does not depend on its compiler store path "libc_cv_as_needed=no" - ] ++ stdenv.lib.optional withGd "--with-gd"; + ] ++ lib.optional withGd "--with-gd"; installFlags = [ "sysconfdir=$(out)/etc" ]; - buildInputs = stdenv.lib.optionals (cross != null) [ gccCross ] - ++ stdenv.lib.optional (mig != null) mig - ++ stdenv.lib.optionals withGd [ gd libpng ]; + buildInputs = lib.optionals (cross != null) [ gccCross ] + ++ lib.optionals withGd [ gd libpng ]; # Needed to install share/zoneinfo/zone.tab. Set to impure /bin/sh to # prevent a retained dependency on the bootstrap tools in the stdenv-linux @@ -141,32 +125,22 @@ stdenv.mkDerivation ({ # I.e. when gcc is compiled with --with-arch=i686, then the # preprocessor symbol `__i686' will be defined to `1'. This causes # the symbol __i686.get_pc_thunk.dx to be mangled. - NIX_CFLAGS_COMPILE = stdenv.lib.optionalString (stdenv.system == "i686-linux") "-U__i686" + NIX_CFLAGS_COMPILE = lib.optionalString (stdenv.system == "i686-linux") "-U__i686" + " -Wno-error=strict-prototypes"; } # Remove the `gccCross' attribute so that the *native* glibc store path # doesn't depend on whether `gccCross' is null or not. -// (removeAttrs args [ "gccCross" "fetchurl" "fetchgit" "withGd" "gd" "libpng" ]) // +// (removeAttrs args [ "lib" "gccCross" "fetchurl" "withGd" "gd" "libpng" ]) // { name = name + "-${version}" + - stdenv.lib.optionalString (cross != null) "-${cross.config}"; - - src = - if hurdHeaders != null - then fetchgit { - # Shamefully the "official" glibc won't build on GNU, so use the one - # maintained by the Hurd folks, `tschwinge/Roger_Whittaker' branch. - # See <http://www.gnu.org/software/hurd/source_repositories/glibc.html>. - url = "git://git.sv.gnu.org/hurd/glibc.git"; - sha256 = "cecec9dd5a2bafc875c56b058b6d7628a22b250b53747513dec304f31ffdb82d"; - rev = "d3cdecf18e6550b0984a42b43ed48c5fb26501e1"; - } - else fetchurl { - url = "mirror://gnu/glibc/glibc-${version}.tar.gz"; - sha256 = "0f4prv4c0fcpi85wv4028wqxn075197gwxhgf0vp571fiw2pi3wd"; - }; + lib.optionalString (cross != null) "-${cross.config}"; + + src = fetchurl { + url = "mirror://gnu/glibc/glibc-${version}.tar.gz"; + inherit sha256; + }; # Remove absolute paths from `configure' & co.; build out-of-tree. preConfigure = '' @@ -182,17 +156,18 @@ stdenv.mkDerivation ({ configureScript="`pwd`/../$sourceRoot/configure" - ${stdenv.lib.optionalString (stdenv.cc.libc != null) + ${lib.optionalString (stdenv.cc.libc != null) ''makeFlags="$makeFlags BUILD_LDFLAGS=-Wl,-rpath,${stdenv.cc.libc}/lib"'' } ${preConfigure} ''; + preBuild = lib.optionalString withGd "unset NIX_DONT_SET_RPATH"; + meta = { homepage = http://www.gnu.org/software/libc/; - description = "The GNU C Library" - + stdenv.lib.optionalString (hurdHeaders != null) ", for GNU/Hurd"; + description = "The GNU C Library"; longDescription = '' Any Unix-like operating system needs a C library: the library which @@ -203,24 +178,9 @@ stdenv.mkDerivation ({ most systems with the Linux kernel. ''; - license = stdenv.lib.licenses.lgpl2Plus; + license = lib.licenses.lgpl2Plus; - maintainers = [ ]; - #platforms = stdenv.lib.platforms.linux; + maintainers = [ lib.maintainers.eelco ]; + #platforms = lib.platforms.linux; } // meta; -} - -// stdenv.lib.optionalAttrs withGd { - preBuild = "unset NIX_DONT_SET_RPATH"; -} - -// stdenv.lib.optionalAttrs (hurdHeaders != null) { - # Work around the fact that the configure snippet that looks for - # <hurd/version.h> does not honor `--with-headers=$sysheaders' and that - # glibc expects Mach, Hurd, and pthread headers to be in the same place. - CPATH = "${hurdHeaders}/include:${machHeaders}/include:${libpthreadHeaders}/include"; - - # Install NSS stuff in the right place. - # XXX: This will be needed for all new glibcs and isn't Hurd-specific. - makeFlags = ''vardbdir="$out/var/db"''; }) diff --git a/pkgs/development/libraries/glibc/cve-2014-8121.patch b/pkgs/development/libraries/glibc/cve-2014-8121.patch deleted file mode 100644 index 95a86259dba8..000000000000 --- a/pkgs/development/libraries/glibc/cve-2014-8121.patch +++ /dev/null @@ -1,230 +0,0 @@ -From 03d2730b44cc2236318fd978afa2651753666c55 Mon Sep 17 00:00:00 2001 -From: Florian Weimer <fweimer@redhat.com> -Date: Wed, 29 Apr 2015 14:41:25 +0200 -Subject: [PATCH] CVE-2014-8121: Do not close NSS files database during - iteration [BZ #18007] -MIME-Version: 1.0 -Content-Type: text/plain; charset=utf8 -Content-Transfer-Encoding: 8bit - -Robin Hack discovered Samba would enter an infinite loop processing -certain quota-related requests. We eventually tracked this down to a -glibc issue. - -Running a (simplified) test case under strace shows that /etc/passwd -is continuously opened and closed: - -⦠-open("/etc/passwd", O_RDONLY|O_CLOEXEC) = 3 -lseek(3, 0, SEEK_CUR) = 0 -read(3, "root:x:0:0:root:/root:/bin/bash\n"..., 4096) = 2717 -lseek(3, 2717, SEEK_SET) = 2717 -close(3) = 0 -open("/etc/passwd", O_RDONLY|O_CLOEXEC) = 3 -lseek(3, 0, SEEK_CUR) = 0 -lseek(3, 0, SEEK_SET) = 0 -read(3, "root:x:0:0:root:/root:/bin/bash\n"..., 4096) = 2717 -lseek(3, 2717, SEEK_SET) = 2717 -close(3) = 0 -open("/etc/passwd", O_RDONLY|O_CLOEXEC) = 3 -lseek(3, 0, SEEK_CUR) = 0 -⦠- -The lookup function implementation in -nss/nss_files/files-XXX.c:DB_LOOKUP has code to prevent that. It is -supposed skip closing the input file if it was already open. - - /* Reset file pointer to beginning or open file. */ \ - status = internal_setent (keep_stream); \ - \ - if (status == NSS_STATUS_SUCCESS) \ - { \ - /* Tell getent function that we have repositioned the file pointer. */ \ - last_use = getby; \ - \ - while ((status = internal_getent (result, buffer, buflen, errnop \ - H_ERRNO_ARG EXTRA_ARGS_VALUE)) \ - == NSS_STATUS_SUCCESS) \ - { break_if_match } \ - \ - if (! keep_stream) \ - internal_endent (); \ - } \ - -keep_stream is initialized from the stayopen flag in internal_setent. -internal_setent is called from the set*ent implementation as: - - status = internal_setent (stayopen); - -However, for non-host database, this flag is always 0, per the -STAYOPEN magic in nss/getXXent_r.c. - -Thus, the fix is this: - -- status = internal_setent (stayopen); -+ status = internal_setent (1); - -This is not a behavioral change even for the hosts database (where the -application can specify the stayopen flag) because with a call to -sethostent(0), the file handle is still not closed in the -implementation of gethostent. ---- - ChangeLog | 8 ++++ - NEWS | 12 +++-- - nss/Makefile | 2 +- - nss/nss_files/files-XXX.c | 2 +- - nss/tst-nss-getpwent.c | 118 ++++++++++++++++++++++++++++++++++++++++++++++ - 5 files changed, 136 insertions(+), 6 deletions(-) - create mode 100644 nss/tst-nss-getpwent.c - -diff --git a/nss/Makefile b/nss/Makefile -index d75dad2..65ab7b5 100644 ---- a/nss/Makefile -+++ b/nss/Makefile -@@ -47,7 +47,7 @@ install-bin := getent makedb - makedb-modules = xmalloc hash-string - extra-objs += $(makedb-modules:=.o) - --tests = test-netdb tst-nss-test1 test-digits-dots -+tests = test-netdb tst-nss-test1 test-digits-dots tst-nss-getpwent - xtests = bug-erange - - # Specify rules for the nss_* modules. We have some services. -diff --git a/nss/nss_files/files-XXX.c b/nss/nss_files/files-XXX.c -index a7a45e5..a7ce5ea 100644 ---- a/nss/nss_files/files-XXX.c -+++ b/nss/nss_files/files-XXX.c -@@ -134,7 +134,7 @@ CONCAT(_nss_files_set,ENTNAME) (int stayopen) - - __libc_lock_lock (lock); - -- status = internal_setent (stayopen); -+ status = internal_setent (1); - - if (status == NSS_STATUS_SUCCESS && fgetpos (stream, &position) < 0) - { -diff --git a/nss/tst-nss-getpwent.c b/nss/tst-nss-getpwent.c -new file mode 100644 -index 0000000..f2e8abc ---- /dev/null -+++ b/nss/tst-nss-getpwent.c -@@ -0,0 +1,118 @@ -+/* Copyright (C) 2015 Free Software Foundation, Inc. -+ This file is part of the GNU C Library. -+ -+ The GNU C Library is free software; you can redistribute it and/or -+ modify it under the terms of the GNU Lesser General Public -+ License as published by the Free Software Foundation; either -+ version 2.1 of the License, or (at your option) any later version. -+ -+ The GNU C Library is distributed in the hope that it will be useful, -+ but WITHOUT ANY WARRANTY; without even the implied warranty of -+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU -+ Lesser General Public License for more details. -+ -+ You should have received a copy of the GNU Lesser General Public -+ License along with the GNU C Library; if not, see -+ <http://www.gnu.org/licenses/>. */ -+ -+#include <pwd.h> -+#include <stdbool.h> -+#include <stdio.h> -+#include <stdlib.h> -+#include <string.h> -+ -+int -+do_test (void) -+{ -+ /* Count the number of entries in the password database, and fetch -+ data from the first and last entries. */ -+ size_t count = 0; -+ struct passwd * pw; -+ char *first_name = NULL; -+ uid_t first_uid = 0; -+ char *last_name = NULL; -+ uid_t last_uid = 0; -+ setpwent (); -+ while ((pw = getpwent ()) != NULL) -+ { -+ if (first_name == NULL) -+ { -+ first_name = strdup (pw->pw_name); -+ if (first_name == NULL) -+ { -+ printf ("strdup: %m\n"); -+ return 1; -+ } -+ first_uid = pw->pw_uid; -+ } -+ -+ free (last_name); -+ last_name = strdup (pw->pw_name); -+ if (last_name == NULL) -+ { -+ printf ("strdup: %m\n"); -+ return 1; -+ } -+ last_uid = pw->pw_uid; -+ ++count; -+ } -+ endpwent (); -+ -+ if (count == 0) -+ { -+ printf ("No entries in the password database.\n"); -+ return 0; -+ } -+ -+ /* Try again, this time interleaving with name-based and UID-based -+ lookup operations. The counts do not match if the interleaved -+ lookups affected the enumeration. */ -+ size_t new_count = 0; -+ setpwent (); -+ while ((pw = getpwent ()) != NULL) -+ { -+ if (new_count == count) -+ { -+ printf ("Additional entry in the password database.\n"); -+ return 1; -+ } -+ ++new_count; -+ struct passwd *pw2 = getpwnam (first_name); -+ if (pw2 == NULL) -+ { -+ printf ("getpwnam (%s) failed: %m\n", first_name); -+ return 1; -+ } -+ pw2 = getpwnam (last_name); -+ if (pw2 == NULL) -+ { -+ printf ("getpwnam (%s) failed: %m\n", last_name); -+ return 1; -+ } -+ pw2 = getpwuid (first_uid); -+ if (pw2 == NULL) -+ { -+ printf ("getpwuid (%llu) failed: %m\n", -+ (unsigned long long) first_uid); -+ return 1; -+ } -+ pw2 = getpwuid (last_uid); -+ if (pw2 == NULL) -+ { -+ printf ("getpwuid (%llu) failed: %m\n", -+ (unsigned long long) last_uid); -+ return 1; -+ } -+ } -+ endpwent (); -+ if (new_count < count) -+ { -+ printf ("Missing entry in the password database.\n"); -+ return 1; -+ } -+ -+ return 0; -+} -+ -+#define TEST_FUNCTION do_test () -+#include "../test-skeleton.c" - diff --git a/pkgs/development/libraries/glibc/cve-2015-1781.patch b/pkgs/development/libraries/glibc/cve-2015-1781.patch deleted file mode 100644 index 6831d5ac7426..000000000000 --- a/pkgs/development/libraries/glibc/cve-2015-1781.patch +++ /dev/null @@ -1,27 +0,0 @@ -From 2959eda9272a033863c271aff62095abd01bd4e3 Mon Sep 17 00:00:00 2001 -From: Arjun Shankar <arjun.is@lostca.se> -Date: Tue, 21 Apr 2015 14:06:31 +0200 -Subject: [PATCH] CVE-2015-1781: resolv/nss_dns/dns-host.c buffer overflow - [BZ#18287] - ---- - ChangeLog | 6 ++++++ - NEWS | 9 ++++++++- - resolv/nss_dns/dns-host.c | 3 ++- - 3 files changed, 16 insertions(+), 2 deletions(-) - -diff --git a/resolv/nss_dns/dns-host.c b/resolv/nss_dns/dns-host.c -index b16b0dd..d8c5579 100644 ---- a/resolv/nss_dns/dns-host.c -+++ b/resolv/nss_dns/dns-host.c -@@ -615,7 +615,8 @@ getanswer_r (const querybuf *answer, int anslen, const char *qname, int qtype, - int have_to_map = 0; - uintptr_t pad = -(uintptr_t) buffer % __alignof__ (struct host_data); - buffer += pad; -- if (__glibc_unlikely (buflen < sizeof (struct host_data) + pad)) -+ buflen = buflen > pad ? buflen - pad : 0; -+ if (__glibc_unlikely (buflen < sizeof (struct host_data))) - { - /* The buffer is too small. */ - too_small: - diff --git a/pkgs/development/libraries/glibc/cve-2015-7547.patch b/pkgs/development/libraries/glibc/cve-2015-7547.patch deleted file mode 100644 index 9bf0bcc388cb..000000000000 --- a/pkgs/development/libraries/glibc/cve-2015-7547.patch +++ /dev/null @@ -1,573 +0,0 @@ - -CVE-2015-7547 - -2016-02-15 Carlos O'Donell <carlos@redhat.com> - - [BZ #18665] - * resolv/nss_dns/dns-host.c (gaih_getanswer_slice): Always set - *herrno_p. - (gaih_getanswer): Document functional behviour. Return tryagain - if any result is tryagain. - * resolv/res_query.c (__libc_res_nsearch): Set buffer size to zero - when freed. - * resolv/res_send.c: Add copyright text. - (__libc_res_nsend): Document that MAXPACKET is expected. - (send_vc): Document. Remove buffer reuse. - (send_dg): Document. Remove buffer reuse. Set *thisanssizp to set the - size of the buffer. Add Dprint for truncated UDP buffer. - -diff --git a/resolv/nss_dns/dns-host.c b/resolv/nss_dns/dns-host.c -index a255d5e..47cfe27 100644 ---- a/resolv/nss_dns/dns-host.c -+++ b/resolv/nss_dns/dns-host.c -@@ -1031,7 +1031,10 @@ gaih_getanswer_slice (const querybuf *answer, int anslen, const char *qname, - int h_namelen = 0; - - if (ancount == 0) -- return NSS_STATUS_NOTFOUND; -+ { -+ *h_errnop = HOST_NOT_FOUND; -+ return NSS_STATUS_NOTFOUND; -+ } - - while (ancount-- > 0 && cp < end_of_message && had_error == 0) - { -@@ -1208,7 +1211,14 @@ gaih_getanswer_slice (const querybuf *answer, int anslen, const char *qname, - /* Special case here: if the resolver sent a result but it only - contains a CNAME while we are looking for a T_A or T_AAAA record, - we fail with NOTFOUND instead of TRYAGAIN. */ -- return canon == NULL ? NSS_STATUS_TRYAGAIN : NSS_STATUS_NOTFOUND; -+ if (canon != NULL) -+ { -+ *h_errnop = HOST_NOT_FOUND; -+ return NSS_STATUS_NOTFOUND; -+ } -+ -+ *h_errnop = NETDB_INTERNAL; -+ return NSS_STATUS_TRYAGAIN; - } - - -@@ -1222,11 +1232,101 @@ gaih_getanswer (const querybuf *answer1, int anslen1, const querybuf *answer2, - - enum nss_status status = NSS_STATUS_NOTFOUND; - -+ /* Combining the NSS status of two distinct queries requires some -+ compromise and attention to symmetry (A or AAAA queries can be -+ returned in any order). What follows is a breakdown of how this -+ code is expected to work and why. We discuss only SUCCESS, -+ TRYAGAIN, NOTFOUND and UNAVAIL, since they are the only returns -+ that apply (though RETURN and MERGE exist). We make a distinction -+ between TRYAGAIN (recoverable) and TRYAGAIN' (not-recoverable). -+ A recoverable TRYAGAIN is almost always due to buffer size issues -+ and returns ERANGE in errno and the caller is expected to retry -+ with a larger buffer. -+ -+ Lastly, you may be tempted to make significant changes to the -+ conditions in this code to bring about symmetry between responses. -+ Please don't change anything without due consideration for -+ expected application behaviour. Some of the synthesized responses -+ aren't very well thought out and sometimes appear to imply that -+ IPv4 responses are always answer 1, and IPv6 responses are always -+ answer 2, but that's not true (see the implemetnation of send_dg -+ and send_vc to see response can arrive in any order, particlarly -+ for UDP). However, we expect it holds roughly enough of the time -+ that this code works, but certainly needs to be fixed to make this -+ a more robust implementation. -+ -+ ---------------------------------------------- -+ | Answer 1 Status / | Synthesized | Reason | -+ | Answer 2 Status | Status | | -+ |--------------------------------------------| -+ | SUCCESS/SUCCESS | SUCCESS | [1] | -+ | SUCCESS/TRYAGAIN | TRYAGAIN | [5] | -+ | SUCCESS/TRYAGAIN' | SUCCESS | [1] | -+ | SUCCESS/NOTFOUND | SUCCESS | [1] | -+ | SUCCESS/UNAVAIL | SUCCESS | [1] | -+ | TRYAGAIN/SUCCESS | TRYAGAIN | [2] | -+ | TRYAGAIN/TRYAGAIN | TRYAGAIN | [2] | -+ | TRYAGAIN/TRYAGAIN' | TRYAGAIN | [2] | -+ | TRYAGAIN/NOTFOUND | TRYAGAIN | [2] | -+ | TRYAGAIN/UNAVAIL | TRYAGAIN | [2] | -+ | TRYAGAIN'/SUCCESS | SUCCESS | [3] | -+ | TRYAGAIN'/TRYAGAIN | TRYAGAIN | [3] | -+ | TRYAGAIN'/TRYAGAIN' | TRYAGAIN' | [3] | -+ | TRYAGAIN'/NOTFOUND | TRYAGAIN' | [3] | -+ | TRYAGAIN'/UNAVAIL | UNAVAIL | [3] | -+ | NOTFOUND/SUCCESS | SUCCESS | [3] | -+ | NOTFOUND/TRYAGAIN | TRYAGAIN | [3] | -+ | NOTFOUND/TRYAGAIN' | TRYAGAIN' | [3] | -+ | NOTFOUND/NOTFOUND | NOTFOUND | [3] | -+ | NOTFOUND/UNAVAIL | UNAVAIL | [3] | -+ | UNAVAIL/SUCCESS | UNAVAIL | [4] | -+ | UNAVAIL/TRYAGAIN | UNAVAIL | [4] | -+ | UNAVAIL/TRYAGAIN' | UNAVAIL | [4] | -+ | UNAVAIL/NOTFOUND | UNAVAIL | [4] | -+ | UNAVAIL/UNAVAIL | UNAVAIL | [4] | -+ ---------------------------------------------- -+ -+ [1] If the first response is a success we return success. -+ This ignores the state of the second answer and in fact -+ incorrectly sets errno and h_errno to that of the second -+ answer. However because the response is a success we ignore -+ *errnop and *h_errnop (though that means you touched errno on -+ success). We are being conservative here and returning the -+ likely IPv4 response in the first answer as a success. -+ -+ [2] If the first response is a recoverable TRYAGAIN we return -+ that instead of looking at the second response. The -+ expectation here is that we have failed to get an IPv4 response -+ and should retry both queries. -+ -+ [3] If the first response was not a SUCCESS and the second -+ response is not NOTFOUND (had a SUCCESS, need to TRYAGAIN, -+ or failed entirely e.g. TRYAGAIN' and UNAVAIL) then use the -+ result from the second response, otherwise the first responses -+ status is used. Again we have some odd side-effects when the -+ second response is NOTFOUND because we overwrite *errnop and -+ *h_errnop that means that a first answer of NOTFOUND might see -+ its *errnop and *h_errnop values altered. Whether it matters -+ in practice that a first response NOTFOUND has the wrong -+ *errnop and *h_errnop is undecided. -+ -+ [4] If the first response is UNAVAIL we return that instead of -+ looking at the second response. The expectation here is that -+ it will have failed similarly e.g. configuration failure. -+ -+ [5] Testing this code is complicated by the fact that truncated -+ second response buffers might be returned as SUCCESS if the -+ first answer is a SUCCESS. To fix this we add symmetry to -+ TRYAGAIN with the second response. If the second response -+ is a recoverable error we now return TRYAGIN even if the first -+ response was SUCCESS. */ -+ - if (anslen1 > 0) - status = gaih_getanswer_slice(answer1, anslen1, qname, - &pat, &buffer, &buflen, - errnop, h_errnop, ttlp, - &first); -+ - if ((status == NSS_STATUS_SUCCESS || status == NSS_STATUS_NOTFOUND - || (status == NSS_STATUS_TRYAGAIN - /* We want to look at the second answer in case of an -@@ -1242,8 +1342,15 @@ gaih_getanswer (const querybuf *answer1, int anslen1, const querybuf *answer2, - &pat, &buffer, &buflen, - errnop, h_errnop, ttlp, - &first); -+ /* Use the second response status in some cases. */ - if (status != NSS_STATUS_SUCCESS && status2 != NSS_STATUS_NOTFOUND) - status = status2; -+ /* Do not return a truncated second response (unless it was -+ unavoidable e.g. unrecoverable TRYAGAIN). */ -+ if (status == NSS_STATUS_SUCCESS -+ && (status2 == NSS_STATUS_TRYAGAIN -+ && *errnop == ERANGE && *h_errnop != NO_RECOVERY)) -+ status = NSS_STATUS_TRYAGAIN; - } - - return status; -diff --git a/resolv/res_query.c b/resolv/res_query.c -index 4a9b3b3..95470a9 100644 ---- a/resolv/res_query.c -+++ b/resolv/res_query.c -@@ -396,6 +396,7 @@ __libc_res_nsearch(res_state statp, - { - free (*answerp2); - *answerp2 = NULL; -+ *nanswerp2 = 0; - *answerp2_malloced = 0; - } - } -@@ -447,6 +448,7 @@ __libc_res_nsearch(res_state statp, - { - free (*answerp2); - *answerp2 = NULL; -+ *nanswerp2 = 0; - *answerp2_malloced = 0; - } - -@@ -521,6 +523,7 @@ __libc_res_nsearch(res_state statp, - { - free (*answerp2); - *answerp2 = NULL; -+ *nanswerp2 = 0; - *answerp2_malloced = 0; - } - if (saved_herrno != -1) -diff --git a/resolv/res_send.c b/resolv/res_send.c -index a968b95..21843f1 100644 ---- a/resolv/res_send.c -+++ b/resolv/res_send.c -@@ -1,3 +1,20 @@ -+/* Copyright (C) 2016 Free Software Foundation, Inc. -+ This file is part of the GNU C Library. -+ -+ The GNU C Library is free software; you can redistribute it and/or -+ modify it under the terms of the GNU Lesser General Public -+ License as published by the Free Software Foundation; either -+ version 2.1 of the License, or (at your option) any later version. -+ -+ The GNU C Library is distributed in the hope that it will be useful, -+ but WITHOUT ANY WARRANTY; without even the implied warranty of -+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU -+ Lesser General Public License for more details. -+ -+ You should have received a copy of the GNU Lesser General Public -+ License along with the GNU C Library; if not, see -+ <http://www.gnu.org/licenses/>. */ -+ - /* - * Copyright (c) 1985, 1989, 1993 - * The Regents of the University of California. All rights reserved. -@@ -355,6 +372,8 @@ __libc_res_nsend(res_state statp, const u_char *buf, int buflen, - #ifdef USE_HOOKS - if (__glibc_unlikely (statp->qhook || statp->rhook)) { - if (anssiz < MAXPACKET && ansp) { -+ /* Always allocate MAXPACKET, callers expect -+ this specific size. */ - u_char *buf = malloc (MAXPACKET); - if (buf == NULL) - return (-1); -@@ -630,6 +649,77 @@ get_nsaddr (res_state statp, int n) - return (struct sockaddr *) (void *) &statp->nsaddr_list[n]; - } - -+/* The send_vc function is responsible for sending a DNS query over TCP -+ to the nameserver numbered NS from the res_state STATP i.e. -+ EXT(statp).nssocks[ns]. The function supports sending both IPv4 and -+ IPv6 queries at the same serially on the same socket. -+ -+ Please note that for TCP there is no way to disable sending both -+ queries, unlike UDP, which honours RES_SNGLKUP and RES_SNGLKUPREOP -+ and sends the queries serially and waits for the result after each -+ sent query. This implemetnation should be corrected to honour these -+ options. -+ -+ Please also note that for TCP we send both queries over the same -+ socket one after another. This technically violates best practice -+ since the server is allowed to read the first query, respond, and -+ then close the socket (to service another client). If the server -+ does this, then the remaining second query in the socket data buffer -+ will cause the server to send the client an RST which will arrive -+ asynchronously and the client's OS will likely tear down the socket -+ receive buffer resulting in a potentially short read and lost -+ response data. This will force the client to retry the query again, -+ and this process may repeat until all servers and connection resets -+ are exhausted and then the query will fail. It's not known if this -+ happens with any frequency in real DNS server implementations. This -+ implementation should be corrected to use two sockets by default for -+ parallel queries. -+ -+ The query stored in BUF of BUFLEN length is sent first followed by -+ the query stored in BUF2 of BUFLEN2 length. Queries are sent -+ serially on the same socket. -+ -+ Answers to the query are stored firstly in *ANSP up to a max of -+ *ANSSIZP bytes. If more than *ANSSIZP bytes are needed and ANSCP -+ is non-NULL (to indicate that modifying the answer buffer is allowed) -+ then malloc is used to allocate a new response buffer and ANSCP and -+ ANSP will both point to the new buffer. If more than *ANSSIZP bytes -+ are needed but ANSCP is NULL, then as much of the response as -+ possible is read into the buffer, but the results will be truncated. -+ When truncation happens because of a small answer buffer the DNS -+ packets header feild TC will bet set to 1, indicating a truncated -+ message and the rest of the socket data will be read and discarded. -+ -+ Answers to the query are stored secondly in *ANSP2 up to a max of -+ *ANSSIZP2 bytes, with the actual response length stored in -+ *RESPLEN2. If more than *ANSSIZP bytes are needed and ANSP2 -+ is non-NULL (required for a second query) then malloc is used to -+ allocate a new response buffer, *ANSSIZP2 is set to the new buffer -+ size and *ANSP2_MALLOCED is set to 1. -+ -+ The ANSP2_MALLOCED argument will eventually be removed as the -+ change in buffer pointer can be used to detect the buffer has -+ changed and that the caller should use free on the new buffer. -+ -+ Note that the answers may arrive in any order from the server and -+ therefore the first and second answer buffers may not correspond to -+ the first and second queries. -+ -+ It is not supported to call this function with a non-NULL ANSP2 -+ but a NULL ANSCP. Put another way, you can call send_vc with a -+ single unmodifiable buffer or two modifiable buffers, but no other -+ combination is supported. -+ -+ It is the caller's responsibility to free the malloc allocated -+ buffers by detecting that the pointers have changed from their -+ original values i.e. *ANSCP or *ANSP2 has changed. -+ -+ If errors are encountered then *TERRNO is set to an appropriate -+ errno value and a zero result is returned for a recoverable error, -+ and a less-than zero result is returned for a non-recoverable error. -+ -+ If no errors are encountered then *TERRNO is left unmodified and -+ a the length of the first response in bytes is returned. */ - static int - send_vc(res_state statp, - const u_char *buf, int buflen, const u_char *buf2, int buflen2, -@@ -639,11 +729,7 @@ send_vc(res_state statp, - { - const HEADER *hp = (HEADER *) buf; - const HEADER *hp2 = (HEADER *) buf2; -- u_char *ans = *ansp; -- int orig_anssizp = *anssizp; -- // XXX REMOVE -- // int anssiz = *anssizp; -- HEADER *anhp = (HEADER *) ans; -+ HEADER *anhp = (HEADER *) *ansp; - struct sockaddr_in6 *nsap = EXT(statp).nsaddrs[ns]; - int truncating, connreset, n; - /* On some architectures compiler might emit a warning indicating -@@ -731,6 +817,8 @@ send_vc(res_state statp, - * Receive length & response - */ - int recvresp1 = 0; -+ /* Skip the second response if there is no second query. -+ To do that we mark the second response as received. */ - int recvresp2 = buf2 == NULL; - uint16_t rlen16; - read_len: -@@ -767,40 +855,14 @@ send_vc(res_state statp, - u_char **thisansp; - int *thisresplenp; - if ((recvresp1 | recvresp2) == 0 || buf2 == NULL) { -+ /* We have not received any responses -+ yet or we only have one response to -+ receive. */ - thisanssizp = anssizp; - thisansp = anscp ?: ansp; - assert (anscp != NULL || ansp2 == NULL); - thisresplenp = &resplen; - } else { -- if (*anssizp != MAXPACKET) { -- /* No buffer allocated for the first -- reply. We can try to use the rest -- of the user-provided buffer. */ --#if __GNUC_PREREQ (4, 7) -- DIAG_PUSH_NEEDS_COMMENT; -- DIAG_IGNORE_NEEDS_COMMENT (5, "-Wmaybe-uninitialized"); --#endif --#if _STRING_ARCH_unaligned -- *anssizp2 = orig_anssizp - resplen; -- *ansp2 = *ansp + resplen; --#else -- int aligned_resplen -- = ((resplen + __alignof__ (HEADER) - 1) -- & ~(__alignof__ (HEADER) - 1)); -- *anssizp2 = orig_anssizp - aligned_resplen; -- *ansp2 = *ansp + aligned_resplen; --#endif --#if __GNUC_PREREQ (4, 7) -- DIAG_POP_NEEDS_COMMENT; --#endif -- } else { -- /* The first reply did not fit into the -- user-provided buffer. Maybe the second -- answer will. */ -- *anssizp2 = orig_anssizp; -- *ansp2 = *ansp; -- } -- - thisanssizp = anssizp2; - thisansp = ansp2; - thisresplenp = resplen2; -@@ -804,10 +870,14 @@ send_vc(res_state statp, - anhp = (HEADER *) *thisansp; - - *thisresplenp = rlen; -- if (rlen > *thisanssizp) { -- /* Yes, we test ANSCP here. If we have two buffers -- both will be allocatable. */ -- if (__glibc_likely (anscp != NULL)) { -+ /* Is the answer buffer too small? */ -+ if (*thisanssizp < rlen) { -+ /* If the current buffer is not the the static -+ user-supplied buffer then we can reallocate -+ it. */ -+ if (thisansp != NULL && thisansp != ansp) { -+ /* Always allocate MAXPACKET, callers expect -+ this specific size. */ - u_char *newp = malloc (MAXPACKET); - if (newp == NULL) { - *terrno = ENOMEM; -@@ -819,6 +889,9 @@ send_vc(res_state statp, - if (thisansp == ansp2) - *ansp2_malloced = 1; - anhp = (HEADER *) newp; -+ /* A uint16_t can't be larger than MAXPACKET -+ thus it's safe to allocate MAXPACKET but -+ read RLEN bytes instead. */ - len = rlen; - } else { - Dprint(statp->options & RES_DEBUG, -@@ -948,6 +1021,66 @@ reopen (res_state statp, int *terrno, int ns) - return 1; - } - -+/* The send_dg function is responsible for sending a DNS query over UDP -+ to the nameserver numbered NS from the res_state STATP i.e. -+ EXT(statp).nssocks[ns]. The function supports IPv4 and IPv6 queries -+ along with the ability to send the query in parallel for both stacks -+ (default) or serially (RES_SINGLKUP). It also supports serial lookup -+ with a close and reopen of the socket used to talk to the server -+ (RES_SNGLKUPREOP) to work around broken name servers. -+ -+ The query stored in BUF of BUFLEN length is sent first followed by -+ the query stored in BUF2 of BUFLEN2 length. Queries are sent -+ in parallel (default) or serially (RES_SINGLKUP or RES_SNGLKUPREOP). -+ -+ Answers to the query are stored firstly in *ANSP up to a max of -+ *ANSSIZP bytes. If more than *ANSSIZP bytes are needed and ANSCP -+ is non-NULL (to indicate that modifying the answer buffer is allowed) -+ then malloc is used to allocate a new response buffer and ANSCP and -+ ANSP will both point to the new buffer. If more than *ANSSIZP bytes -+ are needed but ANSCP is NULL, then as much of the response as -+ possible is read into the buffer, but the results will be truncated. -+ When truncation happens because of a small answer buffer the DNS -+ packets header feild TC will bet set to 1, indicating a truncated -+ message, while the rest of the UDP packet is discarded. -+ -+ Answers to the query are stored secondly in *ANSP2 up to a max of -+ *ANSSIZP2 bytes, with the actual response length stored in -+ *RESPLEN2. If more than *ANSSIZP bytes are needed and ANSP2 -+ is non-NULL (required for a second query) then malloc is used to -+ allocate a new response buffer, *ANSSIZP2 is set to the new buffer -+ size and *ANSP2_MALLOCED is set to 1. -+ -+ The ANSP2_MALLOCED argument will eventually be removed as the -+ change in buffer pointer can be used to detect the buffer has -+ changed and that the caller should use free on the new buffer. -+ -+ Note that the answers may arrive in any order from the server and -+ therefore the first and second answer buffers may not correspond to -+ the first and second queries. -+ -+ It is not supported to call this function with a non-NULL ANSP2 -+ but a NULL ANSCP. Put another way, you can call send_vc with a -+ single unmodifiable buffer or two modifiable buffers, but no other -+ combination is supported. -+ -+ It is the caller's responsibility to free the malloc allocated -+ buffers by detecting that the pointers have changed from their -+ original values i.e. *ANSCP or *ANSP2 has changed. -+ -+ If an answer is truncated because of UDP datagram DNS limits then -+ *V_CIRCUIT is set to 1 and the return value non-zero to indicate to -+ the caller to retry with TCP. The value *GOTSOMEWHERE is set to 1 -+ if any progress was made reading a response from the nameserver and -+ is used by the caller to distinguish between ECONNREFUSED and -+ ETIMEDOUT (the latter if *GOTSOMEWHERE is 1). -+ -+ If errors are encountered then *TERRNO is set to an appropriate -+ errno value and a zero result is returned for a recoverable error, -+ and a less-than zero result is returned for a non-recoverable error. -+ -+ If no errors are encountered then *TERRNO is left unmodified and -+ a the length of the first response in bytes is returned. */ - static int - send_dg(res_state statp, - const u_char *buf, int buflen, const u_char *buf2, int buflen2, -@@ -957,8 +1090,6 @@ send_dg(res_state statp, - { - const HEADER *hp = (HEADER *) buf; - const HEADER *hp2 = (HEADER *) buf2; -- u_char *ans = *ansp; -- int orig_anssizp = *anssizp; - struct timespec now, timeout, finish; - struct pollfd pfd[1]; - int ptimeout; -@@ -991,6 +1122,8 @@ send_dg(res_state statp, - int need_recompute = 0; - int nwritten = 0; - int recvresp1 = 0; -+ /* Skip the second response if there is no second query. -+ To do that we mark the second response as received. */ - int recvresp2 = buf2 == NULL; - pfd[0].fd = EXT(statp).nssocks[ns]; - pfd[0].events = POLLOUT; -@@ -1154,55 +1287,56 @@ send_dg(res_state statp, - int *thisresplenp; - - if ((recvresp1 | recvresp2) == 0 || buf2 == NULL) { -+ /* We have not received any responses -+ yet or we only have one response to -+ receive. */ - thisanssizp = anssizp; - thisansp = anscp ?: ansp; - assert (anscp != NULL || ansp2 == NULL); - thisresplenp = &resplen; - } else { -- if (*anssizp != MAXPACKET) { -- /* No buffer allocated for the first -- reply. We can try to use the rest -- of the user-provided buffer. */ --#if _STRING_ARCH_unaligned -- *anssizp2 = orig_anssizp - resplen; -- *ansp2 = *ansp + resplen; --#else -- int aligned_resplen -- = ((resplen + __alignof__ (HEADER) - 1) -- & ~(__alignof__ (HEADER) - 1)); -- *anssizp2 = orig_anssizp - aligned_resplen; -- *ansp2 = *ansp + aligned_resplen; --#endif -- } else { -- /* The first reply did not fit into the -- user-provided buffer. Maybe the second -- answer will. */ -- *anssizp2 = orig_anssizp; -- *ansp2 = *ansp; -- } -- - thisanssizp = anssizp2; - thisansp = ansp2; - thisresplenp = resplen2; - } - - if (*thisanssizp < MAXPACKET -- /* Yes, we test ANSCP here. If we have two buffers -- both will be allocatable. */ -- && anscp -+ /* If the current buffer is not the the static -+ user-supplied buffer then we can reallocate -+ it. */ -+ && (thisansp != NULL && thisansp != ansp) - #ifdef FIONREAD -+ /* Is the size too small? */ - && (ioctl (pfd[0].fd, FIONREAD, thisresplenp) < 0 - || *thisanssizp < *thisresplenp) - #endif - ) { -+ /* Always allocate MAXPACKET, callers expect -+ this specific size. */ - u_char *newp = malloc (MAXPACKET); - if (newp != NULL) { -- *anssizp = MAXPACKET; -- *thisansp = ans = newp; -+ *thisanssizp = MAXPACKET; -+ *thisansp = newp; - if (thisansp == ansp2) - *ansp2_malloced = 1; - } - } -+ /* We could end up with truncation if anscp was NULL -+ (not allowed to change caller's buffer) and the -+ response buffer size is too small. This isn't a -+ reliable way to detect truncation because the ioctl -+ may be an inaccurate report of the UDP message size. -+ Therefore we use this only to issue debug output. -+ To do truncation accurately with UDP we need -+ MSG_TRUNC which is only available on Linux. We -+ can abstract out the Linux-specific feature in the -+ future to detect truncation. */ -+ if (__glibc_unlikely (*thisanssizp < *thisresplenp)) { -+ Dprint(statp->options & RES_DEBUG, -+ (stdout, ";; response may be truncated (UDP)\n") -+ ); -+ } -+ - HEADER *anhp = (HEADER *) *thisansp; - socklen_t fromlen = sizeof(struct sockaddr_in6); - assert (sizeof(from) <= fromlen); - diff --git a/pkgs/development/libraries/glibc/default.nix b/pkgs/development/libraries/glibc/default.nix index 08eaf555e02d..5e25c2dc8bc8 100644 --- a/pkgs/development/libraries/glibc/default.nix +++ b/pkgs/development/libraries/glibc/default.nix @@ -1,6 +1,4 @@ -{ stdenv, fetchurl, fetchgit ? null, kernelHeaders -, machHeaders ? null, hurdHeaders ? null, libpthreadHeaders ? null -, mig ? null +{ lib, stdenv, fetchurl, linuxHeaders , installLocales ? true , profilingLibraries ? false , gccCross ? null @@ -16,11 +14,10 @@ let in build cross ({ name = "glibc" - + stdenv.lib.optionalString (hurdHeaders != null) "-hurd" - + stdenv.lib.optionalString debugSymbols "-debug" - + stdenv.lib.optionalString withGd "-gd"; + + lib.optionalString debugSymbols "-debug" + + lib.optionalString withGd "-gd"; - inherit fetchurl fetchgit stdenv kernelHeaders installLocales + inherit lib stdenv fetchurl linuxHeaders installLocales profilingLibraries gccCross withGd gd libpng; builder = ./builder.sh; @@ -58,23 +55,6 @@ in // - (if hurdHeaders != null - then rec { - inherit machHeaders hurdHeaders libpthreadHeaders mig fetchgit; - - propagatedBuildInputs = [ machHeaders hurdHeaders libpthreadHeaders ]; - - passthru = { - # When building GCC itself `propagatedBuildInputs' above is not - # honored, so we pass it here so that the GCC builder can do the right - # thing. - inherit propagatedBuildInputs; - }; - } - else { }) - - // - (if cross != null then { preConfigure = '' diff --git a/pkgs/development/libraries/glibc/glibc-locale-incompatibility.patch b/pkgs/development/libraries/glibc/glibc-locale-incompatibility.patch deleted file mode 100644 index 8ca2ce4cd88a..000000000000 --- a/pkgs/development/libraries/glibc/glibc-locale-incompatibility.patch +++ /dev/null @@ -1,25 +0,0 @@ -http://git.savannah.gnu.org/cgit/guix.git/plain/gnu/packages/patches/glibc-locale-incompatibility.patch - -This patch avoids an assertion failure when incompatible locale data -is encountered: - - https://sourceware.org/ml/libc-alpha/2015-09/msg00575.html - ---- glibc-2.22/locale/loadlocale.c 2015-09-22 17:16:02.321981548 +0200 -+++ glibc-2.22/locale/loadlocale.c 2015-09-22 17:17:34.814659064 +0200 -@@ -120,10 +120,11 @@ - _nl_value_type_LC_XYZ array. There are all pointers. */ - switch (category) - { --#define CATTEST(cat) \ -- case LC_##cat: \ -- assert (cnt < (sizeof (_nl_value_type_LC_##cat) \ -- / sizeof (_nl_value_type_LC_##cat[0]))); \ -+#define CATTEST(cat) \ -+ case LC_##cat: \ -+ if (cnt >= (sizeof (_nl_value_type_LC_##cat) \ -+ / sizeof (_nl_value_type_LC_##cat[0]))) \ -+ goto puntdata; \ - break - CATTEST (NUMERIC); - CATTEST (TIME); diff --git a/pkgs/development/libraries/glibc/info.nix b/pkgs/development/libraries/glibc/info.nix index e4cdb42dd689..1e60856430db 100644 --- a/pkgs/development/libraries/glibc/info.nix +++ b/pkgs/development/libraries/glibc/info.nix @@ -1,4 +1,4 @@ -{ stdenv, fetchurl, texinfo, perl }: +{ lib, stdenv, fetchurl, texinfo, perl }: let build = import ./common.nix; in @@ -6,7 +6,7 @@ let build = import ./common.nix; in build null { name = "glibc-info"; - inherit fetchurl stdenv; + inherit fetchurl stdenv lib; configureFlags = [ "--enable-add-ons" ]; diff --git a/pkgs/development/libraries/glibc/locales.nix b/pkgs/development/libraries/glibc/locales.nix index cbf7af22cac1..9607d7ecb223 100644 --- a/pkgs/development/libraries/glibc/locales.nix +++ b/pkgs/development/libraries/glibc/locales.nix @@ -6,14 +6,14 @@ http://sourceware.org/cgi-bin/cvsweb.cgi/libc/localedata/SUPPORTED?cvsroot=glibc */ -{ stdenv, fetchurl, writeText, allLocales ? true, locales ? ["en_US.UTF-8/UTF-8"] }: +{ lib, stdenv, fetchurl, writeText, allLocales ? true, locales ? ["en_US.UTF-8/UTF-8"] }: let build = import ./common.nix; in build null { name = "glibc-locales"; - inherit fetchurl stdenv; + inherit fetchurl stdenv lib; installLocales = true; builder = ./locales-builder.sh; diff --git a/pkgs/development/libraries/glibc/security-4a28f4d5.patch b/pkgs/development/libraries/glibc/security-4a28f4d5.patch deleted file mode 100644 index 25f994d859c1..000000000000 --- a/pkgs/development/libraries/glibc/security-4a28f4d5.patch +++ /dev/null @@ -1,53 +0,0 @@ -From 4a28f4d55a6cc33474c0792fe93b5942d81bf185 Mon Sep 17 00:00:00 2001 -From: Andreas Schwab <schwab@suse.de> -Date: Thu, 26 Feb 2015 14:55:24 +0100 -Subject: [PATCH] Fix read past end of pattern in fnmatch (bug 18032) - ---- - ChangeLog | 7 +++++++ - NEWS | 2 +- - posix/fnmatch_loop.c | 5 ++--- - posix/tst-fnmatch3.c | 8 +++++--- - 4 files changed, 15 insertions(+), 7 deletions(-) - -diff --git a/posix/fnmatch_loop.c b/posix/fnmatch_loop.c -index c0cb2fc..72c5d8f 100644 ---- a/posix/fnmatch_loop.c -+++ b/posix/fnmatch_loop.c -@@ -945,14 +945,13 @@ FCT (pattern, string, string_end, no_leading_period, flags, ends, alloca_used) - } - else if (c == L('[') && *p == L('.')) - { -- ++p; - while (1) - { - c = *++p; -- if (c == '\0') -+ if (c == L('\0')) - return FNM_NOMATCH; - -- if (*p == L('.') && p[1] == L(']')) -+ if (c == L('.') && p[1] == L(']')) - break; - } - p += 2; -diff --git a/posix/tst-fnmatch3.c b/posix/tst-fnmatch3.c -index d27a557..75bc00a 100644 ---- a/posix/tst-fnmatch3.c -+++ b/posix/tst-fnmatch3.c -@@ -21,9 +21,11 @@ - int - do_test (void) - { -- const char *pattern = "[[:alpha:]'[:alpha:]\0]"; -- -- return fnmatch (pattern, "a", 0) != FNM_NOMATCH; -+ if (fnmatch ("[[:alpha:]'[:alpha:]\0]", "a", 0) != FNM_NOMATCH) -+ return 1; -+ if (fnmatch ("[a[.\0.]]", "a", 0) != FNM_NOMATCH) -+ return 1; -+ return 0; - } - - #define TEST_FUNCTION do_test () - diff --git a/pkgs/development/libraries/glibc/security-bdf1ff05.patch b/pkgs/development/libraries/glibc/security-bdf1ff05.patch deleted file mode 100644 index b4175694f912..000000000000 --- a/pkgs/development/libraries/glibc/security-bdf1ff05.patch +++ /dev/null @@ -1,39 +0,0 @@ -From bdf1ff052a8e23d637f2c838fa5642d78fcedc33 Mon Sep 17 00:00:00 2001 -From: Paul Pluzhnikov <ppluzhnikov@google.com> -Date: Sun, 22 Feb 2015 12:01:47 -0800 -Subject: [PATCH] Fix BZ #17269 -- _IO_wstr_overflow integer overflow - ---- - ChangeLog | 6 ++++++ - NEWS | 6 +++--- - libio/wstrops.c | 8 +++++++- - 3 files changed, 16 insertions(+), 4 deletions(-) - -diff --git a/libio/wstrops.c b/libio/wstrops.c -index 43d847d..3993579 100644 ---- a/libio/wstrops.c -+++ b/libio/wstrops.c -@@ -95,8 +95,11 @@ _IO_wstr_overflow (fp, c) - wchar_t *old_buf = fp->_wide_data->_IO_buf_base; - size_t old_wblen = _IO_wblen (fp); - _IO_size_t new_size = 2 * old_wblen + 100; -- if (new_size < old_wblen) -+ -+ if (__glibc_unlikely (new_size < old_wblen) -+ || __glibc_unlikely (new_size > SIZE_MAX / sizeof (wchar_t))) - return EOF; -+ - new_buf - = (wchar_t *) (*((_IO_strfile *) fp)->_s._allocate_buffer) (new_size - * sizeof (wchar_t)); -@@ -186,6 +189,9 @@ enlarge_userbuf (_IO_FILE *fp, _IO_off64_t offset, int reading) - return 1; - - _IO_size_t newsize = offset + 100; -+ if (__glibc_unlikely (newsize > SIZE_MAX / sizeof (wchar_t))) -+ return 1; -+ - wchar_t *oldbuf = wd->_IO_buf_base; - wchar_t *newbuf - = (wchar_t *) (*((_IO_strfile *) fp)->_s._allocate_buffer) (newsize - diff --git a/pkgs/development/libraries/qt-5/5.5/qtbase/default.nix b/pkgs/development/libraries/qt-5/5.5/qtbase/default.nix index 24e5ccb36f37..e6927ffb9ca4 100644 --- a/pkgs/development/libraries/qt-5/5.5/qtbase/default.nix +++ b/pkgs/development/libraries/qt-5/5.5/qtbase/default.nix @@ -26,6 +26,12 @@ let inherit (srcs.qt5) version; system-x86_64 = lib.elem stdenv.system lib.platforms.x86_64; + + dontInvalidateBacking = fetchurl { + url = "https://codereview.qt-project.org/gitweb?p=qt/qtbase.git;a=patch;h=0f68f8920573cdce1729a285a92ac8582df32841;hp=24c50f8dcf7fa61ac3c3d4d6295c259a104a2b8c"; + name = "qtbug-48321-dont-invalidate-backing-store.patch"; + sha256 = "07vnndmvri73psz0nrs2hg0zw2i4b1k1igy2al6kwjbp7d5xpglr"; + }; in stdenv.mkDerivation { @@ -49,6 +55,10 @@ stdenv.mkDerivation { postPatch = '' + cd qtbase + patch -p1 <${dontInvalidateBacking} + cd .. + substituteInPlace configure --replace /bin/pwd pwd substituteInPlace qtbase/configure --replace /bin/pwd pwd substituteInPlace qtbase/src/corelib/global/global.pri --replace /bin/ls ${coreutils}/bin/ls diff --git a/pkgs/development/python-modules/matplotlib/default.nix b/pkgs/development/python-modules/matplotlib/default.nix index 152330beac5a..1ebba52ff6f4 100644 --- a/pkgs/development/python-modules/matplotlib/default.nix +++ b/pkgs/development/python-modules/matplotlib/default.nix @@ -12,11 +12,11 @@ assert enableGtk2 -> pygtk != null; buildPythonPackage rec { name = "matplotlib-${version}"; - version = "1.5.0"; + version = "1.5.1"; src = fetchurl { url = "https://pypi.python.org/packages/source/m/matplotlib/${name}.tar.gz"; - sha256 = "67b08b1650a00a6317d94b76a30a47320087e5244920604c5462188cba0c2646"; + sha256 = "3ab8d968eac602145642d0db63dd8d67c85e9a5444ce0e2ecb2a8fedc7224d40"; }; NIX_CFLAGS_COMPILE = stdenv.lib.optionalString stdenv.isDarwin "-I${libcxx}/include/c++/v1"; @@ -37,6 +37,14 @@ buildPythonPackage rec { patches = stdenv.lib.optionals stdenv.isDarwin [ ./darwin-stdenv.patch ]; + checkPhase = '' + ${python.interpreter} tests.py + ''; + + # The entry point for running tests, tests.py, is not included in the release. + # https://github.com/matplotlib/matplotlib/issues/6017 + doCheck = false; + prePatch = '' # Failing test: ERROR: matplotlib.tests.test_style.test_use_url sed -i 's/test_use_url/fails/' lib/matplotlib/tests/test_style.py @@ -52,4 +60,5 @@ buildPythonPackage rec { maintainers = with maintainers; [ lovek323 ]; platforms = platforms.unix; }; + } diff --git a/pkgs/development/tools/build-managers/apache-ant/default.nix b/pkgs/development/tools/build-managers/apache-ant/default.nix index b15c9065e0ec..8816a005ca0f 100644 --- a/pkgs/development/tools/build-managers/apache-ant/default.nix +++ b/pkgs/development/tools/build-managers/apache-ant/default.nix @@ -23,9 +23,14 @@ stdenv.mkDerivation { mv * $out/lib/ant/ # Get rid of the manual (35 MiB). Maybe we should put this in a - # separate output. Also get rid of the Ant scripts since we - # provide our own. + # separate output. Keep the antRun script since it's vanilla sh + # and needed for the <exec/> task (but since we set ANT_HOME to + # a weird value, we have to move antRun to a weird location). + # Get rid of the other Ant scripts since we provide our own. + mv $out/lib/ant/bin/antRun $out/bin/ rm -rf $out/lib/ant/{manual,bin,WHATSNEW} + mkdir $out/lib/ant/bin + mv $out/bin/antRun $out/lib/ant/bin/ # Install ant-contrib. unpackFile $contrib diff --git a/pkgs/development/tools/continuous-integration/jenkins/default.nix b/pkgs/development/tools/continuous-integration/jenkins/default.nix index e18d2dd4b475..1427e25fb939 100644 --- a/pkgs/development/tools/continuous-integration/jenkins/default.nix +++ b/pkgs/development/tools/continuous-integration/jenkins/default.nix @@ -2,11 +2,11 @@ stdenv.mkDerivation rec { name = "jenkins-${version}"; - version = "1.643"; + version = "1.647"; src = fetchurl { url = "http://mirrors.jenkins-ci.org/war/${version}/jenkins.war"; - sha256 = "b8c6387e56d04a0a4a7ec8d9dacd379fbd5d4001d01fdfcd443f9864809f9293"; + sha256 = "03r0wic5y8yhpa353s5px7l6m63p7jkb56sh6k4k5dacsc4qcxsj"; }; meta = with stdenv.lib; { description = "An extendable open source continuous integration server"; diff --git a/pkgs/development/tools/misc/gdb/default.nix b/pkgs/development/tools/misc/gdb/default.nix index 547f7a81ab6c..cdef2ee58ca9 100644 --- a/pkgs/development/tools/misc/gdb/default.nix +++ b/pkgs/development/tools/misc/gdb/default.nix @@ -3,6 +3,8 @@ , python ? null , guile ? null , target ? null +# Support all known targets in one gdb binary. +, multitarget ? false # Additional dependencies for GNU/Hurd. , mig ? null, hurd ? null @@ -47,6 +49,7 @@ stdenv.mkDerivation rec { "--with-separate-debug-dir=/run/current-system/sw/lib/debug" ] ++ optional (target != null) "--target=${target.config}" + ++ optional multitarget "--enable-targets=all" ++ optional (elem stdenv.system platforms.cygwin) "--without-python"; crossAttrs = { @@ -54,7 +57,9 @@ stdenv.mkDerivation rec { configureFlags = with stdenv.lib; [ "--with-gmp=${gmp.crossDrv}" "--with-mpfr=${mpfr.crossDrv}" "--with-system-readline" "--with-system-zlib" "--with-expat" "--with-libexpat-prefix=${expat.crossDrv}" "--without-python" - ] ++ optional (target != null) "--target=${target.config}"; + ] + ++ optional (target != null) "--target=${target.config}" + ++ optional multitarget "--enable-targets=all"; }; postInstall = diff --git a/pkgs/development/tools/misc/msitools/default.nix b/pkgs/development/tools/misc/msitools/default.nix new file mode 100644 index 000000000000..bdc7f4f04148 --- /dev/null +++ b/pkgs/development/tools/misc/msitools/default.nix @@ -0,0 +1,21 @@ +{stdenv, fetchurl, intltool, glib, pkgconfig, libgsf, libuuid, gcab, bzip2}: + +stdenv.mkDerivation rec { + version = "0.94"; + name = "msitools-${version}"; + + src = fetchurl { + url = "http://ftp.gnome.org/pub/GNOME/sources/msitools/0.94/${name}.tar.xz"; + sha256 = "0bndnm3mgcqkw5dhwy5l1zri4lqvjbhbn5rxz651fkxlkhab8bhm"; + }; + + buildInputs = [intltool glib pkgconfig libgsf libuuid gcab bzip2]; + + meta = with stdenv.lib; { + description = "Set of programs to inspect and build Windows Installer (.MSI) files"; + homepage = https://wiki.gnome.org/msitools; + license = [licenses.gpl2 licenses.lgpl21]; + maintainer = [maintainers.vcunat]; + platforms = platforms.unix; + }; +} diff --git a/pkgs/os-specific/linux/alsa-tools/default.nix b/pkgs/os-specific/linux/alsa-tools/default.nix index 193c919e3b20..f03525304804 100644 --- a/pkgs/os-specific/linux/alsa-tools/default.nix +++ b/pkgs/os-specific/linux/alsa-tools/default.nix @@ -9,7 +9,7 @@ stdenv.mkDerivation rec { "ftp://ftp.alsa-project.org/pub/tools/${name}.tar.bz2" "http://alsa.cybermirror.org/tools/${name}.tar.bz2" ]; - sha256 = "3b1c3135b76e14532d3dd23fb15759ddd7daf9ffbc183f7a9a0a3a86374748f1"; + sha256 = "0ldbaz3qr7z0639xg37ba7cmrb512rrjavap6r5jjl0ab665ad3x"; }; buildInputs = [ alsaLib pkgconfig gtk gtk3 fltk13 ]; diff --git a/pkgs/os-specific/linux/cpufrequtils/default.nix b/pkgs/os-specific/linux/cpufrequtils/default.nix index b7822035c20c..65be409a75e3 100644 --- a/pkgs/os-specific/linux/cpufrequtils/default.nix +++ b/pkgs/os-specific/linux/cpufrequtils/default.nix @@ -21,7 +21,7 @@ stdenv.mkDerivation rec { -i Makefile ''; - buildInputs = [ stdenv.cc.libc.kernelHeaders libtool gettext ]; + buildInputs = [ stdenv.cc.libc.linuxHeaders libtool gettext ]; meta = { description = "Tools to display or change the CPU governor settings"; diff --git a/pkgs/os-specific/linux/dietlibc/default.nix b/pkgs/os-specific/linux/dietlibc/default.nix index b795cb60da6e..d98bfb967356 100644 --- a/pkgs/os-specific/linux/dietlibc/default.nix +++ b/pkgs/os-specific/linux/dietlibc/default.nix @@ -11,7 +11,7 @@ stdenv.mkDerivation { builder = ./builder.sh; inherit glibc; - kernelHeaders = glibc.kernelHeaders; + kernelHeaders = glibc.linuxHeaders; patches = [ diff --git a/pkgs/os-specific/linux/firmware/firmware-linux-nonfree/default.nix b/pkgs/os-specific/linux/firmware/firmware-linux-nonfree/default.nix index 61ea6c0c18cd..98bf27d3c4a2 100644 --- a/pkgs/os-specific/linux/firmware/firmware-linux-nonfree/default.nix +++ b/pkgs/os-specific/linux/firmware/firmware-linux-nonfree/default.nix @@ -2,7 +2,7 @@ stdenv.mkDerivation rec { name = "firmware-linux-nonfree-${version}"; - version = "2015-12-04"; + version = "2016-01-26"; # This repo is built by merging the latest versions of # http://git.kernel.org/cgit/linux/kernel/git/firmware/linux-firmware.git/ @@ -14,8 +14,8 @@ stdenv.mkDerivation rec { src = fetchFromGitHub { owner = "wkennington"; repo = "linux-firmware"; - rev = "bbe4917c054eb0a73e250c6363341e3bf6725839"; - sha256 = "1p9c74p8j8zmddljaan5i29h8wsbz8911dv2sykpnahg9r939ykd"; + rev = "0922e78fc8431c2cc6585eb66e5b75f566644ac8"; + sha256 = "07hv4kgbsxndhm1va6k6scy083886aap3naq1l4jdz7dnph4ir02"; }; preInstall = '' diff --git a/pkgs/os-specific/linux/kernel/linux-3.18.nix b/pkgs/os-specific/linux/kernel/linux-3.18.nix index 9b90ea3556b1..a8c86d0e6188 100644 --- a/pkgs/os-specific/linux/kernel/linux-3.18.nix +++ b/pkgs/os-specific/linux/kernel/linux-3.18.nix @@ -1,12 +1,12 @@ { stdenv, fetchurl, perl, buildLinux, ... } @ args: import ./generic.nix (args // rec { - version = "3.18.26"; + version = "3.18.27"; extraMeta.branch = "3.18"; src = fetchurl { url = "mirror://kernel/linux/kernel/v3.x/linux-${version}.tar.xz"; - sha256 = "0bhf8x1h5crc9kimprjs7q74p86gsqsdr8nz54nv33c6zmryqsic"; + sha256 = "01lz0c3ns0yp5vnjch1pn10h43g6fr4xw7w3b6kb477083cjr7dc"; }; kernelPatches = args.kernelPatches; diff --git a/pkgs/os-specific/linux/kernel/linux-4.1.nix b/pkgs/os-specific/linux/kernel/linux-4.1.nix index fbcfa17a8bc7..f2286895f079 100644 --- a/pkgs/os-specific/linux/kernel/linux-4.1.nix +++ b/pkgs/os-specific/linux/kernel/linux-4.1.nix @@ -1,12 +1,12 @@ { stdenv, fetchurl, perl, buildLinux, ... } @ args: import ./generic.nix (args // rec { - version = "4.1.17"; + version = "4.1.18"; extraMeta.branch = "4.1"; src = fetchurl { url = "mirror://kernel/linux/kernel/v4.x/linux-${version}.tar.xz"; - sha256 = "084ij19vgm27ljrjabqqmlqn27p168nsm9grhr6rajid4n79h6ab"; + sha256 = "1n838dg058knmx4n5mfqxh2ai9d3x6w9zs1apkwzm89rpisc1ijb"; }; kernelPatches = args.kernelPatches; diff --git a/pkgs/os-specific/linux/kernel/linux-4.3.nix b/pkgs/os-specific/linux/kernel/linux-4.3.nix index c8a994ba0b30..20573ee5cebe 100644 --- a/pkgs/os-specific/linux/kernel/linux-4.3.nix +++ b/pkgs/os-specific/linux/kernel/linux-4.3.nix @@ -1,13 +1,13 @@ { stdenv, fetchurl, perl, buildLinux, ... } @ args: import ./generic.nix (args // rec { - version = "4.3.4"; + version = "4.3.5"; extraMeta.branch = "4.3"; src = fetchurl { url = "mirror://kernel/linux/kernel/v4.x/linux-${version}.tar.xz"; - sha256 = "0vcsvnpxkpxiidlbw3cy1kl02hfml2jy3cbrvwj2nc4a9y5fb3hj"; + sha256 = "0g656q51nzb61n0kb2k8br9shvz51yh8kyrsblbjmhi4dbcpizr8"; }; features.iwlwifi = true; diff --git a/pkgs/servers/mail/rmilter/default.nix b/pkgs/servers/mail/rmilter/default.nix index ad40b57f8a60..c12ca525294c 100644 --- a/pkgs/servers/mail/rmilter/default.nix +++ b/pkgs/servers/mail/rmilter/default.nix @@ -2,21 +2,25 @@ stdenv.mkDerivation rec { name = "rmilter-${version}"; - version = "1.6.7"; + version = "1.7.3"; + src = fetchFromGitHub { owner = "vstakhov"; repo = "rmilter"; rev = version; - sha256 = "1syviydlv4m1isl0r52sk4s0a75fyk788j1z3yvfzzf1hga333gn"; + sha256 = "04xalaxq5xgg5ls0f4ayp8yhzdfq5gqjb8qwfyha3mrx4dqrgh7s"; }; nativeBuildInputs = [ bison cmake flex ]; - buildInputs = [ libmilter openssl pcre opendkim]; + buildInputs = [ libmilter openssl pcre opendkim ]; meta = with stdenv.lib; { homepage = "https://github.com/vstakhov/rmilter"; - license = licenses.bsd2; - description = "server, used to integrate rspamd and milter compatible MTA, for example postfix or sendmail"; - maintainers = maintainers.avnik; + license = licenses.bsd2; + description = '' + Daemon to integrate rspamd and milter compatible MTA, for example + postfix or sendmail + ''; + maintainers = with maintainers; [ avnik fpletz ]; }; } diff --git a/pkgs/servers/mail/rspamd/default.nix b/pkgs/servers/mail/rspamd/default.nix index 1f9c36b73777..bd4f3db3ab5d 100644 --- a/pkgs/servers/mail/rspamd/default.nix +++ b/pkgs/servers/mail/rspamd/default.nix @@ -1,17 +1,18 @@ { stdenv, fetchFromGitHub, cmake, perl - ,file , glib, gmime, libevent, luajit, openssl, pcre, pkgconfig, sqlite }: +, file, glib, gmime, libevent, luajit, openssl, pcre, pkgconfig, sqlite }: let libmagic = file; # libmagic provided buy file package ATM in stdenv.mkDerivation rec { name = "rspamd-${version}"; - version = "git-2016-01-16"; + version = "1.1.3"; + src = fetchFromGitHub { owner = "vstakhov"; repo = "rspamd"; - rev = "04bfc92c1357c0f908ce9371ab303f8bf57657df"; - sha256 = "1zip1msjjy5q7jcsn4l0yyg92c3wdsf1v5jv1acglrih8dbfl7zj"; + rev = version; + sha256 = "0mvh812a91yqynmcpv159dmkipx72fwg7rgscq7virzphchkbzvj"; }; nativeBuildInputs = [ cmake pkgconfig perl ]; @@ -31,8 +32,8 @@ stdenv.mkDerivation rec { meta = with stdenv.lib; { homepage = "https://github.com/vstakhov/rspamd"; - license = licenses.bsd2; + license = licenses.bsd2; description = "advanced spam filtering system"; - maintainers = maintainers.avnik; + maintainers = with maintainers; [ avnik fpletz ]; }; } diff --git a/pkgs/servers/nosql/redis/default.nix b/pkgs/servers/nosql/redis/default.nix index dacbaff1835e..04bb9fc2bbde 100644 --- a/pkgs/servers/nosql/redis/default.nix +++ b/pkgs/servers/nosql/redis/default.nix @@ -1,12 +1,12 @@ { stdenv, fetchurl }: stdenv.mkDerivation rec { - version = "3.0.6"; + version = "3.0.7"; name = "redis-${version}"; src = fetchurl { url = "http://download.redis.io/releases/${name}.tar.gz"; - sha256 = "092nnxjyaf7h9mnwac5rwjl0ikyyqa44vn426w64hn2534iia7kg"; + sha256 = "08vzfdr67gp3lvk770qpax2c5g2sx8hn6p64jn3jddrvxb2939xj"; }; makeFlags = "PREFIX=$(out)"; diff --git a/pkgs/tools/networking/nbd/default.nix b/pkgs/tools/networking/nbd/default.nix index 6cb75152af06..967b3863f205 100644 --- a/pkgs/tools/networking/nbd/default.nix +++ b/pkgs/tools/networking/nbd/default.nix @@ -8,7 +8,9 @@ stdenv.mkDerivation rec { sha256 = "1pkkid657zgjymwxv3fm32cxnq9llfz29rl15vp6mn42vnzbj1di"; }; - buildInputs = [ pkgconfig glib ] ++ stdenv.lib.optional (stdenv ? glibc) stdenv.glibc.kernelHeaders; + buildInputs = + [ pkgconfig glib ] + ++ stdenv.lib.optional (stdenv ? glibc) stdenv.glibc.linuxHeaders; postInstall = '' mkdir -p "$out/share/doc/${name}" diff --git a/pkgs/top-level/all-packages.nix b/pkgs/top-level/all-packages.nix index 2b1c5a781b50..f6125fbdfd86 100644 --- a/pkgs/top-level/all-packages.nix +++ b/pkgs/top-level/all-packages.nix @@ -5988,6 +5988,8 @@ let mk = callPackage ../development/tools/build-managers/mk { }; + msitools = callPackage ../development/tools/misc/msitools { }; + multi-ghc-travis = callPackage ../development/tools/haskell/multi-ghc-travis { }; neoload = callPackage ../development/tools/neoload { @@ -6699,22 +6701,18 @@ let glfw3 = callPackage ../development/libraries/glfw/3.x.nix { }; glibc = callPackage ../development/libraries/glibc { - kernelHeaders = linuxHeaders; installLocales = config.glibc.locales or false; - machHeaders = null; - hurdHeaders = null; gccCross = null; }; glibc_memusage = callPackage ../development/libraries/glibc { - kernelHeaders = linuxHeaders; installLocales = false; withGd = true; }; glibcCross = forceNativeDrv (glibc.override { gccCross = gccCrossStageStatic; - kernelHeaders = linuxHeadersCross; + linuxHeaders = linuxHeadersCross; }); # We can choose: @@ -12427,7 +12425,7 @@ let inferno = callPackage_i686 ../applications/inferno { }; inkscape = callPackage ../applications/graphics/inkscape { - inherit (pythonPackages) lxml; + inherit (pythonPackages) python pyxml lxml numpy; lcms = lcms2; }; diff --git a/pkgs/top-level/python-packages.nix b/pkgs/top-level/python-packages.nix index 12a74cf94417..abdf7b424fb9 100644 --- a/pkgs/top-level/python-packages.nix +++ b/pkgs/top-level/python-packages.nix @@ -1804,15 +1804,24 @@ in modules // { cycler = buildPythonPackage rec { name = "cycler-${version}"; - version = "0.9.0"; + version = "0.10.0"; src = pkgs.fetchurl { url = "https://pypi.python.org/packages/source/C/Cycler/${name}.tar.gz"; - sha256 = "96dc4ddf27ef62c09990c6196ac1167685e89168042ec0ae4db586de023355bc"; + sha256 = "cd7b2d1018258d7247a71425e9f26463dfb444d411c39569972f4ce586b0c9d8"; }; + buildInputs = with self; [ coverage nose ]; propagatedBuildInputs = with self; [ six ]; + checkPhase = '' + ${python.interpreter} run_tests.py + ''; + + # Tests were not included in release. + # https://github.com/matplotlib/cycler/issues/31 + doCheck = false; + meta = { description = "Composable style cycles"; homepage = http://github.com/matplotlib/cycler; @@ -8960,10 +8969,11 @@ in modules // { ${python.interpreter} -m unittest discover ''; - # Judging from SyntaxError - disabled = isPy3k; - - # Lots of errors. Likely due to being in a chroot + # Because 2to3 is used the tests in $out need to be run. + # Both when using unittest and pytest this resulted in many errors, + # some Python byte/str errors, and others specific to resources tested. + # Failing tests due to the latter is to be expected with this type of package. + # Tests are therefore disabled. doCheck = false; meta = { @@ -10433,15 +10443,19 @@ in modules // { keyring = buildPythonPackage rec { - name = "keyring-3.3"; + name = "keyring-8.4.1"; src = pkgs.fetchurl { - url = "https://pypi.python.org/packages/source/k/keyring/${name}.zip"; - md5 = "81291e0c7337affb71442e6c7671e77f"; + url = "https://pypi.python.org/packages/source/k/keyring/${name}.tar.gz"; + sha256 = "1286sh5g53168qxbl4g5bmns9ci0ld0jl3h44b7h8is5nw1421ar"; }; buildInputs = with self; - [ fs gdata python_keyczar mock pyasn1 pycrypto pytest six ]; + [ fs gdata python_keyczar mock pyasn1 pycrypto pytest_28 six setuptools_scm pytestrunner ]; + + checkPhase = '' + py.test $out + ''; meta = { description = "Store and access your passwords safely"; @@ -12528,16 +12542,16 @@ in modules // { }; numexpr = buildPythonPackage rec { - version = "2.4.6"; + version = "2.5"; name = "numexpr-${version}"; src = pkgs.fetchurl { url = "https://pypi.python.org/packages/source/n/numexpr/${name}.tar.gz"; - sha256 = "052397670dc56d7845ff894cd7d858e4f115491ecd93bcc0eda5cb83990c5da3"; + sha256 = "319cdf4e402177a1c8ed4972cffd09f523446f186d347b7c1974787cdabf0294"; }; # Tests fail with python 3. https://github.com/pydata/numexpr/issues/177 - doCheck = !isPy3k; + # doCheck = !isPy3k; propagatedBuildInputs = with self; [ numpy ]; |