diff options
44 files changed, 330 insertions, 392 deletions
diff --git a/pkgs/applications/audio/distrho/default.nix b/pkgs/applications/audio/distrho/default.nix index 0d2858713eba..646e2ccca15c 100644 --- a/pkgs/applications/audio/distrho/default.nix +++ b/pkgs/applications/audio/distrho/default.nix @@ -1,6 +1,7 @@ { stdenv, fetchFromGitHub, alsaLib, fftwSinglePrec, freetype, libjack2 , pkgconfig, ladspa-sdk, premake3 , libX11, libXcomposite, libXcursor, libXext, libXinerama, libXrender +, fetchpatch }: let @@ -26,7 +27,14 @@ in stdenv.mkDerivation rec { runHook postConfigure ''; - patchPhase = '' + patches = [ + (fetchpatch { + url = "https://github.com/DISTRHO/DISTRHO-Ports/commit/00ad25fd574c1724bbc974308aa5e88306969009.patch"; + sha256 = "0hdnnvn35g76q7133azwalbm1dxs8dm2yg3zjjb1kzq0x6qrazx5"; + }) + ]; + + postPatch = '' sed -e "s#@./scripts#sh scripts#" -i Makefile ''; diff --git a/pkgs/applications/misc/gcal/default.nix b/pkgs/applications/misc/gcal/default.nix index f5eb6e188b7a..713000d3f69a 100644 --- a/pkgs/applications/misc/gcal/default.nix +++ b/pkgs/applications/misc/gcal/default.nix @@ -1,4 +1,4 @@ -{ stdenv, fetchurl, ncurses }: +{ stdenv, fetchurl, ncurses, fetchpatch }: stdenv.mkDerivation rec { pname = "gcal"; @@ -9,6 +9,13 @@ stdenv.mkDerivation rec { sha256 = "1av11zkfirbixn05hyq4xvilin0ncddfjqzc4zd9pviyp506rdci"; }; + patches = [ + (fetchpatch { + url = "https://src.fedoraproject.org/rpms/gcal/raw/master/f/gcal-glibc-no-libio.patch"; + sha256 = "0l4nw9kgzsay32rsdwvs75pbp4fhx6pfm85paynfbd20cdm2n2kv"; + }) + ]; + enableParallelBuilding = true; buildInputs = [ ncurses ]; diff --git a/pkgs/applications/misc/spacefm/default.nix b/pkgs/applications/misc/spacefm/default.nix index 9550a8d4fd7b..47e13fa25085 100644 --- a/pkgs/applications/misc/spacefm/default.nix +++ b/pkgs/applications/misc/spacefm/default.nix @@ -13,6 +13,8 @@ stdenv.mkDerivation rec { sha256 = "089r6i40lxcwzp60553b18f130asspnzqldlpii53smz52kvpirx"; }; + patches = [ ./glibc-fix.patch ]; + configureFlags = [ "--with-bash-path=${pkgs.bash}/bin/bash" ]; diff --git a/pkgs/applications/misc/spacefm/glibc-fix.patch b/pkgs/applications/misc/spacefm/glibc-fix.patch new file mode 100644 index 000000000000..b8e9f1e9195e --- /dev/null +++ b/pkgs/applications/misc/spacefm/glibc-fix.patch @@ -0,0 +1,12 @@ +diff --git a/src/main.c b/src/main.c +index 27f5614..2b45708 100644 +--- a/src/main.c ++++ b/src/main.c +@@ -23,6 +23,7 @@ + #include <sys/types.h> + #include <sys/socket.h> + #include <sys/un.h> ++#include <sys/sysmacros.h> + + #include <signal.h> + diff --git a/pkgs/applications/virtualization/xen/4.8.nix b/pkgs/applications/virtualization/xen/4.8.nix index 1d0e01fcb822..8cc9c23d2bfd 100644 --- a/pkgs/applications/virtualization/xen/4.8.nix +++ b/pkgs/applications/virtualization/xen/4.8.nix @@ -185,7 +185,10 @@ callPackage (import ./generic.nix (rec { # Avoid a glibc >= 2.25 deprecation warnings that get fatal via -Werror. sed 1i'#include <sys/sysmacros.h>' \ -i tools/blktap2/control/tap-ctl-allocate.c \ - -i tools/libxl/libxl_device.c + -i tools/libxl/libxl_device.c \ + ${optionalString withInternalQemu "-i tools/qemu-xen/hw/9pfs/9p.c"} + + sed -i -e '/sys\/sysctl\.h/d' tools/blktap2/drivers/block-remus.c ''; passthru.qemu-system-i386 = if withInternalQemu diff --git a/pkgs/development/compilers/mono/generic.nix b/pkgs/development/compilers/mono/generic.nix index e0cfe247b23a..e40d07772dd3 100644 --- a/pkgs/development/compilers/mono/generic.nix +++ b/pkgs/development/compilers/mono/generic.nix @@ -22,8 +22,6 @@ stdenv.mkDerivation rec { propagatedBuildInputs = [glib]; - NIX_LDFLAGS = if stdenv.isDarwin then "" else "-lgcc_s" ; - # To overcome the bug https://bugzilla.novell.com/show_bug.cgi?id=644723 dontDisableStatic = true; diff --git a/pkgs/development/interpreters/python/cpython/3.7/darwin-libutil.patch b/pkgs/development/interpreters/python/cpython/3.7/darwin-libutil.patch new file mode 100644 index 000000000000..51e3cb6d7f11 --- /dev/null +++ b/pkgs/development/interpreters/python/cpython/3.7/darwin-libutil.patch @@ -0,0 +1,23 @@ +diff --git a/Modules/posixmodule.c b/Modules/posixmodule.c +index c3682b4..16826c6 100644 +--- a/Modules/posixmodule.c ++++ b/Modules/posixmodule.c +@@ -5880,15 +5880,13 @@ error: + #if defined(HAVE_OPENPTY) || defined(HAVE_FORKPTY) || defined(HAVE_DEV_PTMX) + #ifdef HAVE_PTY_H + #include <pty.h> +-#else ++#endif + #ifdef HAVE_LIBUTIL_H + #include <libutil.h> +-#else ++#endif + #ifdef HAVE_UTIL_H + #include <util.h> +-#endif /* HAVE_UTIL_H */ +-#endif /* HAVE_LIBUTIL_H */ +-#endif /* HAVE_PTY_H */ ++#endif + #ifdef HAVE_STROPTS_H + #include <stropts.h> + #endif diff --git a/pkgs/development/interpreters/python/cpython/default.nix b/pkgs/development/interpreters/python/cpython/default.nix index 70eff43daf5c..b778b62f908d 100644 --- a/pkgs/development/interpreters/python/cpython/default.nix +++ b/pkgs/development/interpreters/python/cpython/default.nix @@ -103,10 +103,7 @@ in with passthru; stdenv.mkDerivation { ./3.5/ld_library_path.patch ] ++ optionals (isPy37 || isPy38) [ # Fix darwin build https://bugs.python.org/issue34027 - (fetchpatch { - url = https://bugs.python.org/file47666/darwin-libutil.patch; - sha256 = "0242gihnw3wfskl4fydp2xanpl8k5q7fj4dp7dbbqf46a4iwdzpa"; - }) + ./3.7/darwin-libutil.patch ] ++ optionals (isPy3k && hasDistutilsCxxPatch) [ # Fix for http://bugs.python.org/issue1222585 # Upstream distutils is calling C compiler to compile C++ code, which diff --git a/pkgs/development/libraries/glibc/CVE-2018-11236.patch b/pkgs/development/libraries/glibc/CVE-2018-11236.patch deleted file mode 100644 index db86e7146f28..000000000000 --- a/pkgs/development/libraries/glibc/CVE-2018-11236.patch +++ /dev/null @@ -1,146 +0,0 @@ -From 5460617d1567657621107d895ee2dd83bc1f88f2 Mon Sep 17 00:00:00 2001 -From: Paul Pluzhnikov <ppluzhnikov@google.com> -Date: Tue, 8 May 2018 18:12:41 -0700 -Subject: [PATCH] Fix BZ 22786: integer addition overflow may cause stack - buffer overflow when realpath() input length is close to SSIZE_MAX. - -2018-05-09 Paul Pluzhnikov <ppluzhnikov@google.com> - - [BZ #22786] - * stdlib/canonicalize.c (__realpath): Fix overflow in path length - computation. - * stdlib/Makefile (test-bz22786): New test. - * stdlib/test-bz22786.c: New test. ---- - ChangeLog | 8 +++++ - stdlib/Makefile | 2 +- - stdlib/canonicalize.c | 2 +- - stdlib/test-bz22786.c | 90 +++++++++++++++++++++++++++++++++++++++++++++++++++ - 4 files changed, 100 insertions(+), 2 deletions(-) - create mode 100644 stdlib/test-bz22786.c - -diff --git a/stdlib/Makefile b/stdlib/Makefile -index af1643c..1ddb1f9 100644 ---- a/stdlib/Makefile -+++ b/stdlib/Makefile -@@ -84,7 +84,7 @@ tests := tst-strtol tst-strtod testmb testrand testsort testdiv \ - tst-cxa_atexit tst-on_exit test-atexit-race \ - test-at_quick_exit-race test-cxa_atexit-race \ - test-on_exit-race test-dlclose-exit-race \ -- tst-makecontext-align -+ tst-makecontext-align test-bz22786 - - tests-internal := tst-strtod1i tst-strtod3 tst-strtod4 tst-strtod5i \ - tst-tls-atexit tst-tls-atexit-nodelete -diff --git a/stdlib/canonicalize.c b/stdlib/canonicalize.c -index 4135f3f..390fb43 100644 ---- a/stdlib/canonicalize.c -+++ b/stdlib/canonicalize.c -@@ -181,7 +181,7 @@ __realpath (const char *name, char *resolved) - extra_buf = __alloca (path_max); - - len = strlen (end); -- if ((long int) (n + len) >= path_max) -+ if (path_max - n <= len) - { - __set_errno (ENAMETOOLONG); - goto error; -diff --git a/stdlib/test-bz22786.c b/stdlib/test-bz22786.c -new file mode 100644 -index 0000000..e7837f9 ---- /dev/null -+++ b/stdlib/test-bz22786.c -@@ -0,0 +1,90 @@ -+/* Bug 22786: test for buffer overflow in realpath. -+ Copyright (C) 2018 Free Software Foundation, Inc. -+ This file is part of the GNU C Library. -+ -+ The GNU C Library is free software; you can redistribute it and/or -+ modify it under the terms of the GNU Lesser General Public -+ License as published by the Free Software Foundation; either -+ version 2.1 of the License, or (at your option) any later version. -+ -+ The GNU C Library is distributed in the hope that it will be useful, -+ but WITHOUT ANY WARRANTY; without even the implied warranty of -+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU -+ Lesser General Public License for more details. -+ -+ You should have received a copy of the GNU Lesser General Public -+ License along with the GNU C Library; if not, see -+ <http://www.gnu.org/licenses/>. */ -+ -+/* This file must be run from within a directory called "stdlib". */ -+ -+#include <errno.h> -+#include <limits.h> -+#include <stdio.h> -+#include <stdlib.h> -+#include <string.h> -+#include <unistd.h> -+#include <sys/stat.h> -+#include <sys/types.h> -+#include <support/test-driver.h> -+#include <libc-diag.h> -+ -+static int -+do_test (void) -+{ -+ const char dir[] = "bz22786"; -+ const char lnk[] = "bz22786/symlink"; -+ -+ rmdir (dir); -+ if (mkdir (dir, 0755) != 0 && errno != EEXIST) -+ { -+ printf ("mkdir %s: %m\n", dir); -+ return EXIT_FAILURE; -+ } -+ if (symlink (".", lnk) != 0 && errno != EEXIST) -+ { -+ printf ("symlink (%s, %s): %m\n", dir, lnk); -+ return EXIT_FAILURE; -+ } -+ -+ const size_t path_len = (size_t) INT_MAX + 1; -+ -+ DIAG_PUSH_NEEDS_COMMENT; -+#if __GNUC_PREREQ (7, 0) -+ /* GCC 7 warns about too-large allocations; here we need such -+ allocation to succeed for the test to work. */ -+ DIAG_IGNORE_NEEDS_COMMENT (7, "-Walloc-size-larger-than="); -+#endif -+ char *path = malloc (path_len); -+ DIAG_POP_NEEDS_COMMENT; -+ -+ if (path == NULL) -+ { -+ printf ("malloc (%zu): %m\n", path_len); -+ return EXIT_UNSUPPORTED; -+ } -+ -+ /* Construct very long path = "bz22786/symlink/aaaa....." */ -+ char *p = mempcpy (path, lnk, sizeof (lnk) - 1); -+ *(p++) = '/'; -+ memset (p, 'a', path_len - (path - p) - 2); -+ p[path_len - (path - p) - 1] = '\0'; -+ -+ /* This call crashes before the fix for bz22786 on 32-bit platforms. */ -+ p = realpath (path, NULL); -+ -+ if (p != NULL || errno != ENAMETOOLONG) -+ { -+ printf ("realpath: %s (%m)", p); -+ return EXIT_FAILURE; -+ } -+ -+ /* Cleanup. */ -+ unlink (lnk); -+ rmdir (dir); -+ -+ return 0; -+} -+ -+#define TEST_FUNCTION do_test -+#include <support/test-driver.c> --- -2.9.3 - diff --git a/pkgs/development/libraries/glibc/CVE-2018-11237.patch b/pkgs/development/libraries/glibc/CVE-2018-11237.patch deleted file mode 100644 index ffc2cec1d577..000000000000 --- a/pkgs/development/libraries/glibc/CVE-2018-11237.patch +++ /dev/null @@ -1,55 +0,0 @@ -From f51c8367685dc888a02f7304c729ed5277904aff Mon Sep 17 00:00:00 2001 -From: Andreas Schwab <schwab@suse.de> -Date: Thu, 24 May 2018 14:39:18 +0200 -Subject: [PATCH] Don't write beyond destination in - __mempcpy_avx512_no_vzeroupper (bug 23196) - -When compiled as mempcpy, the return value is the end of the destination -buffer, thus it cannot be used to refer to the start of it. - -(cherry picked from commit 9aaaab7c6e4176e61c59b0a63c6ba906d875dc0e) ---- - ChangeLog | 9 +++++++++ - NEWS | 7 +++++++ - string/test-mempcpy.c | 1 + - sysdeps/x86_64/multiarch/memmove-avx512-no-vzeroupper.S | 5 +++-- - 4 files changed, 20 insertions(+), 2 deletions(-) - -diff --git a/string/test-mempcpy.c b/string/test-mempcpy.c -index c08fba8..d98ecdd 100644 ---- a/string/test-mempcpy.c -+++ b/string/test-mempcpy.c -@@ -18,6 +18,7 @@ - <http://www.gnu.org/licenses/>. */ - - #define MEMCPY_RESULT(dst, len) (dst) + (len) -+#define MIN_PAGE_SIZE 131072 - #define TEST_MAIN - #define TEST_NAME "mempcpy" - #include "test-string.h" -diff --git a/sysdeps/x86_64/multiarch/memmove-avx512-no-vzeroupper.S b/sysdeps/x86_64/multiarch/memmove-avx512-no-vzeroupper.S -index 23c0f7a..effc3ac 100644 ---- a/sysdeps/x86_64/multiarch/memmove-avx512-no-vzeroupper.S -+++ b/sysdeps/x86_64/multiarch/memmove-avx512-no-vzeroupper.S -@@ -336,6 +336,7 @@ L(preloop_large): - vmovups (%rsi), %zmm4 - vmovups 0x40(%rsi), %zmm5 - -+ mov %rdi, %r11 - /* Align destination for access with non-temporal stores in the loop. */ - mov %rdi, %r8 - and $-0x80, %rdi -@@ -366,8 +367,8 @@ L(gobble_256bytes_nt_loop): - cmp $256, %rdx - ja L(gobble_256bytes_nt_loop) - sfence -- vmovups %zmm4, (%rax) -- vmovups %zmm5, 0x40(%rax) -+ vmovups %zmm4, (%r11) -+ vmovups %zmm5, 0x40(%r11) - jmp L(check) - - L(preloop_large_bkw): --- -2.9.3 - diff --git a/pkgs/development/libraries/glibc/common.nix b/pkgs/development/libraries/glibc/common.nix index 458745694bcc..9ea943816596 100644 --- a/pkgs/development/libraries/glibc/common.nix +++ b/pkgs/development/libraries/glibc/common.nix @@ -19,10 +19,12 @@ { stdenv, lib , buildPackages -, fetchurl, fetchpatch +, fetchurl , linuxHeaders ? null , gd ? null, libpng ? null +, libidn2 , bison +, python3 }: { name @@ -34,9 +36,9 @@ } @ args: let - version = "2.27"; + version = "2.30"; patchSuffix = ""; - sha256 = "0wpwq7gsm7sd6ysidv0z575ckqdg13cr2njyfgrbgh4f65adwwji"; + sha256 = "1bxqpg91d02qnaz837a5kamm0f43pr1il4r9pknygywsar713i72"; in assert withLinuxHeaders -> linuxHeaders != null; @@ -92,35 +94,13 @@ stdenv.mkDerivation ({ url = "https://salsa.debian.org/glibc-team/glibc/raw/49767c9f7de4828220b691b29de0baf60d8a54ec/debian/patches/localedata/locale-C.diff"; sha256 = "0irj60hs2i91ilwg5w7sqrxb695c93xg0ik7yhhq9irprd7fidn4"; }) - - # https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=5460617d1567657621107d895ee2dd83bc1f88f2 - ./CVE-2018-11236.patch - # https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=f51c8367685dc888a02f7304c729ed5277904aff - ./CVE-2018-11237.patch - - # Remove after upgrading to glibc 2.28+ - # Change backported from upstream - # https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=9c79cec8cd2a6996a73aa83d79b360ffd4bebde6 - ./fix-out-of-bounds-access-in-findidxwc.patch - - # Remove after upgrading to glibc 2.28+ - # https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=21526a507df8f1b2e37492193a754534d8938c0b - ./fix-out-of-bounds-access-in-ibm-1390-converter.patch ] ++ lib.optionals stdenv.isx86_64 [ ./fix-x64-abi.patch ./2.27-CVE-2019-19126.patch ] ++ lib.optional stdenv.hostPlatform.isMusl ./fix-rpc-types-musl-conflicts.patch - ++ lib.optional stdenv.buildPlatform.isDarwin ./darwin-cross-build.patch - - # Remove after upgrading to glibc 2.28+ - ++ lib.optional (stdenv.hostPlatform != stdenv.buildPlatform || stdenv.hostPlatform.isMusl) (fetchpatch { - url = "https://sourceware.org/git/?p=glibc.git;a=patch;h=780684eb04298977bc411ebca1eadeeba4877833"; - name = "correct-pwent-parsing-issue-and-resulting-build.patch"; - sha256 = "08fja894vzaj8phwfhsfik6jj2pbji7kypy3q8pgxvsd508zdv1q"; - excludes = [ "ChangeLog" ]; - }); + ++ lib.optional stdenv.buildPlatform.isDarwin ./darwin-cross-build.patch; postPatch = '' @@ -131,6 +111,15 @@ stdenv.mkDerivation ({ # nscd needs libgcc, and we don't want it dynamically linked # because we don't want it to depend on bootstrap-tools libs. echo "LDFLAGS-nscd += -static-libgcc" >> nscd/Makefile + + # Ensure that libidn2 is found. + patch -p 1 <<EOF + --- a/inet/idna.c + +++ b/inet/idna.c + @@ -25,1 +25,1 @@ + -#define LIBIDN2_SONAME "libidn2.so.0" + +#define LIBIDN2_SONAME "${lib.getLib libidn2}/lib/libidn2.so.0" + EOF ''; configureFlags = @@ -162,7 +151,7 @@ stdenv.mkDerivation ({ outputs = [ "out" "bin" "dev" "static" ]; depsBuildBuild = [ buildPackages.stdenv.cc ]; - nativeBuildInputs = [ bison ]; + nativeBuildInputs = [ bison python3 ]; buildInputs = [ linuxHeaders ] ++ lib.optionals withGd [ gd libpng ]; # Needed to install share/zoneinfo/zone.tab. Set to impure /bin/sh to diff --git a/pkgs/development/libraries/glibc/dont-use-system-ld-so-cache.patch b/pkgs/development/libraries/glibc/dont-use-system-ld-so-cache.patch index f84b1049adf8..f45e39525f55 100644 --- a/pkgs/development/libraries/glibc/dont-use-system-ld-so-cache.patch +++ b/pkgs/development/libraries/glibc/dont-use-system-ld-so-cache.patch @@ -1,19 +1,6 @@ -diff -Naur glibc-2.27-orig/elf/ldconfig.c glibc-2.27/elf/ldconfig.c ---- glibc-2.27-orig/elf/ldconfig.c 2018-02-01 11:17:18.000000000 -0500 -+++ glibc-2.27/elf/ldconfig.c 2018-02-17 22:43:17.232175182 -0500 -@@ -51,7 +51,7 @@ - #endif - - #ifndef LD_SO_CONF --# define LD_SO_CONF SYSCONFDIR "/ld.so.conf" -+# define LD_SO_CONF PREFIX "/etc/ld.so.conf" - #endif - - /* Get libc version number. */ -diff -Naur glibc-2.27-orig/elf/Makefile glibc-2.27/elf/Makefile ---- glibc-2.27-orig/elf/Makefile 2018-02-01 11:17:18.000000000 -0500 -+++ glibc-2.27/elf/Makefile 2018-02-17 22:44:50.334006750 -0500 -@@ -559,13 +559,13 @@ +--- a/elf/Makefile ++++ b/elf/Makefile +@@ -589,13 +589,13 @@ $(objpfx)sln: $(sln-modules:%=$(objpfx)%.o) $(objpfx)ldconfig: $(ldconfig-modules:%=$(objpfx)%.o) @@ -32,9 +19,19 @@ diff -Naur glibc-2.27-orig/elf/Makefile glibc-2.27/elf/Makefile cpp-srcs-left := $(all-rtld-routines:=.os) lib := rtld -diff -Naur glibc-2.27-orig/sysdeps/generic/dl-cache.h glibc-2.27/sysdeps/generic/dl-cache.h ---- glibc-2.27-orig/sysdeps/generic/dl-cache.h 2018-02-01 11:17:18.000000000 -0500 -+++ glibc-2.27/sysdeps/generic/dl-cache.h 2018-02-17 22:45:20.471598816 -0500 +--- a/elf/ldconfig.c ++++ b/elf/ldconfig.c +@@ -51,7 +51,7 @@ + #endif + + #ifndef LD_SO_CONF +-# define LD_SO_CONF SYSCONFDIR "/ld.so.conf" ++# define LD_SO_CONF PREFIX "/etc/ld.so.conf" + #endif + + /* Get libc version number. */ +--- a/sysdeps/generic/dl-cache.h ++++ b/sysdeps/generic/dl-cache.h @@ -28,7 +28,7 @@ #endif diff --git a/pkgs/development/libraries/glibc/dont-use-system-ld-so-preload.patch b/pkgs/development/libraries/glibc/dont-use-system-ld-so-preload.patch index 894e2a11cf87..69b63a5bcfee 100644 --- a/pkgs/development/libraries/glibc/dont-use-system-ld-so-preload.patch +++ b/pkgs/development/libraries/glibc/dont-use-system-ld-so-preload.patch @@ -1,7 +1,6 @@ -diff -ru glibc-2.20-orig/elf/rtld.c glibc-2.20/elf/rtld.c ---- glibc-2.20-orig/elf/rtld.c 2014-09-07 10:09:09.000000000 +0200 -+++ glibc-2.20/elf/rtld.c 2014-10-27 11:32:25.203043157 +0100 -@@ -1513,7 +1513,7 @@ +--- a/elf/rtld.c ++++ b/elf/rtld.c +@@ -1697,7 +1697,7 @@ ERROR: '%s': cannot process note segment.\n", _dl_argv[0]); open(). So we do this first. If it succeeds we do almost twice the work but this does not matter, since it is not for production use. */ diff --git a/pkgs/development/libraries/glibc/fix-out-of-bounds-access-in-findidxwc.patch b/pkgs/development/libraries/glibc/fix-out-of-bounds-access-in-findidxwc.patch deleted file mode 100644 index 2d1ac0bc3afb..000000000000 --- a/pkgs/development/libraries/glibc/fix-out-of-bounds-access-in-findidxwc.patch +++ /dev/null @@ -1,26 +0,0 @@ -diff -ur glibc-2.27/locale/weightwc.h glibc-2.27-patched/locale/weightwc.h ---- glibc-2.27/locale/weightwc.h 2018-02-02 01:17:18.000000000 +0900 -+++ glibc-2.27-patched/locale/weightwc.h 2020-01-12 04:54:16.044440602 +0900 -@@ -94,19 +94,19 @@ - if (cp[cnt] != usrc[cnt]) - break; - -- if (cnt < nhere - 1) -+ if (cnt < nhere - 1 || cnt == len) - { - cp += 2 * nhere; - continue; - } - -- if (cp[nhere - 1] > usrc[nhere -1]) -+ if (cp[nhere - 1] > usrc[nhere - 1]) - { - cp += 2 * nhere; - continue; - } - -- if (cp[2 * nhere - 1] < usrc[nhere -1]) -+ if (cp[2 * nhere - 1] < usrc[nhere - 1]) - { - cp += 2 * nhere; - continue; diff --git a/pkgs/development/libraries/glibc/fix-out-of-bounds-access-in-ibm-1390-converter.patch b/pkgs/development/libraries/glibc/fix-out-of-bounds-access-in-ibm-1390-converter.patch deleted file mode 100644 index 8b560566a491..000000000000 --- a/pkgs/development/libraries/glibc/fix-out-of-bounds-access-in-ibm-1390-converter.patch +++ /dev/null @@ -1,35 +0,0 @@ -From 21526a507df8f1b2e37492193a754534d8938c0b Mon Sep 17 00:00:00 2001 -From: Andreas Schwab <schwab@suse.de> -Date: Tue, 24 Jul 2018 14:08:34 +0200 -Subject: [PATCH] Fix out-of-bounds access in IBM-1390 converter (bug 23448) - -The IBM-1390 converter can consume/produce two UCS4 characters in each -loop. ---- - ChangeLog | 6 ++++++ - iconvdata/ibm1364.c | 2 ++ - 2 files changed, 8 insertions(+) - -diff --git a/iconvdata/ibm1364.c b/iconvdata/ibm1364.c -index b833273..517fe60 100644 ---- a/iconvdata/ibm1364.c -+++ b/iconvdata/ibm1364.c -@@ -150,6 +150,7 @@ enum - #define MIN_NEEDED_INPUT MIN_NEEDED_FROM - #define MAX_NEEDED_INPUT MAX_NEEDED_FROM - #define MIN_NEEDED_OUTPUT MIN_NEEDED_TO -+#define MAX_NEEDED_OUTPUT MAX_NEEDED_TO - #define LOOPFCT FROM_LOOP - #define BODY \ - { \ -@@ -296,6 +297,7 @@ enum - - /* Next, define the other direction. */ - #define MIN_NEEDED_INPUT MIN_NEEDED_TO -+#define MAX_NEEDED_INPUT MAX_NEEDED_TO - #define MIN_NEEDED_OUTPUT MIN_NEEDED_FROM - #define MAX_NEEDED_OUTPUT MAX_NEEDED_FROM - #define LOOPFCT TO_LOOP --- -2.9.3 - diff --git a/pkgs/development/libraries/glibc/fix-x64-abi.patch b/pkgs/development/libraries/glibc/fix-x64-abi.patch index 1d60dcd7988b..f5a6d603bf85 100644 --- a/pkgs/development/libraries/glibc/fix-x64-abi.patch +++ b/pkgs/development/libraries/glibc/fix-x64-abi.patch @@ -1,4 +1,4 @@ -From 3288c6da64add3b4561b8c10fff522027caea01c Mon Sep 17 00:00:00 2001 +From d9e6dd5631c8d97fd2d3128317c6352e34bf3ca7 Mon Sep 17 00:00:00 2001 From: Nicholas Miell <nmiell@gmail.com> Date: Sat, 17 Jun 2017 18:21:07 -0700 Subject: [PATCH] Align the stack on entry to __tls_get_addr() @@ -17,13 +17,13 @@ engine and available for purchase on Steam. 1 file changed, 4 insertions(+) diff --git a/elf/dl-tls.c b/elf/dl-tls.c -index 5aba33b3fa..3f3cb917de 100644 +index b425d661..b02c2afa 100644 --- a/elf/dl-tls.c +++ b/elf/dl-tls.c -@@ -827,6 +827,10 @@ rtld_hidden_proto (__tls_get_addr) +@@ -818,6 +818,10 @@ rtld_hidden_proto (__tls_get_addr) rtld_hidden_def (__tls_get_addr) #endif - + +#ifdef __x86_64__ +/* Old versions of gcc didn't align the stack. */ +__attribute__((force_align_arg_pointer)) @@ -31,5 +31,6 @@ index 5aba33b3fa..3f3cb917de 100644 /* The generic dynamic and local dynamic model cannot be used in statically linked applications. */ void * --- -2.13.0 +-- +2.17.1 + diff --git a/pkgs/development/libraries/glibc/fix_path_attribute_in_getconf.patch b/pkgs/development/libraries/glibc/fix_path_attribute_in_getconf.patch index 714e49db5607..b13cea4dcb33 100644 --- a/pkgs/development/libraries/glibc/fix_path_attribute_in_getconf.patch +++ b/pkgs/development/libraries/glibc/fix_path_attribute_in_getconf.patch @@ -1,6 +1,5 @@ -diff -ubr glibc-2.17-orig/sysdeps/unix/confstr.h glibc-2.17/sysdeps/unix/confstr.h ---- glibc-2.17-orig/sysdeps/unix/confstr.h 2013-06-03 22:01:44.829726968 +0200 -+++ glibc-2.17/sysdeps/unix/confstr.h 2013-06-03 22:04:39.469376740 +0200 +--- a/sysdeps/unix/confstr.h ++++ b/sysdeps/unix/confstr.h @@ -1 +1 @@ -#define CS_PATH "/bin:/usr/bin" +#define CS_PATH "/run/current-system/sw/bin:/bin:/usr/bin" diff --git a/pkgs/development/libraries/glibc/nix-locale-archive.patch b/pkgs/development/libraries/glibc/nix-locale-archive.patch index 39312951fcf9..f2feabc36ada 100644 --- a/pkgs/development/libraries/glibc/nix-locale-archive.patch +++ b/pkgs/development/libraries/glibc/nix-locale-archive.patch @@ -1,7 +1,6 @@ -diff -Naur glibc-2.27-orig/locale/loadarchive.c glibc-2.27/locale/loadarchive.c ---- glibc-2.27-orig/locale/loadarchive.c 2018-02-01 11:17:18.000000000 -0500 -+++ glibc-2.27/locale/loadarchive.c 2018-02-17 22:32:25.680169462 -0500 -@@ -123,6 +123,23 @@ +--- a/locale/loadarchive.c ++++ b/locale/loadarchive.c +@@ -123,6 +123,23 @@ calculate_head_size (const struct locarhead *h) return MAX (namehash_end, MAX (string_end, locrectab_end)); } @@ -25,7 +24,7 @@ diff -Naur glibc-2.27-orig/locale/loadarchive.c glibc-2.27/locale/loadarchive.c /* Find the locale *NAMEP in the locale archive, and return the internalized data structure for its CATEGORY data. If this locale has -@@ -202,7 +219,7 @@ +@@ -202,7 +219,7 @@ _nl_load_locale_from_archive (int category, const char **namep) archmapped = &headmap; /* The archive has never been opened. */ @@ -34,7 +33,7 @@ diff -Naur glibc-2.27-orig/locale/loadarchive.c glibc-2.27/locale/loadarchive.c if (fd < 0) /* Cannot open the archive, for whatever reason. */ return NULL; -@@ -397,8 +414,7 @@ +@@ -397,8 +414,7 @@ _nl_load_locale_from_archive (int category, const char **namep) if (fd == -1) { struct stat64 st; @@ -44,13 +43,13 @@ diff -Naur glibc-2.27-orig/locale/loadarchive.c glibc-2.27/locale/loadarchive.c if (fd == -1) /* Cannot open the archive, for whatever reason. */ return NULL; -diff -Naur glibc-2.27-orig/locale/programs/locale.c glibc-2.27/locale/programs/locale.c ---- glibc-2.27-orig/locale/programs/locale.c 2018-02-01 11:17:18.000000000 -0500 -+++ glibc-2.27/locale/programs/locale.c 2018-02-17 22:36:39.726293213 -0500 -@@ -633,6 +633,24 @@ +--- a/locale/programs/locale.c ++++ b/locale/programs/locale.c +@@ -633,6 +633,24 @@ nameentcmp (const void *a, const void *b) + } - static int ++static int +open_locale_archive (void) +{ + int fd = -1; @@ -68,11 +67,10 @@ diff -Naur glibc-2.27-orig/locale/programs/locale.c glibc-2.27/locale/programs/l +} + + -+static int + static int write_archive_locales (void **all_datap, char *linebuf) { - struct stat64 st; -@@ -644,7 +662,7 @@ +@@ -645,7 +663,7 @@ write_archive_locales (void **all_datap, char *linebuf) int fd, ret = 0; uint32_t cnt; @@ -81,10 +79,9 @@ diff -Naur glibc-2.27-orig/locale/programs/locale.c glibc-2.27/locale/programs/l if (fd < 0) return 0; -diff -Naur glibc-2.27-orig/locale/programs/locarchive.c glibc-2.27/locale/programs/locarchive.c ---- glibc-2.27-orig/locale/programs/locarchive.c 2018-02-01 11:17:18.000000000 -0500 -+++ glibc-2.27/locale/programs/locarchive.c 2018-02-17 22:40:51.245293975 -0500 -@@ -117,6 +117,22 @@ +--- a/locale/programs/locarchive.c ++++ b/locale/programs/locarchive.c +@@ -117,6 +117,22 @@ prepare_address_space (int fd, size_t total, size_t *reserved, int *xflags, } @@ -107,7 +104,7 @@ diff -Naur glibc-2.27-orig/locale/programs/locarchive.c glibc-2.27/locale/progra static void create_archive (const char *archivefname, struct locarhandle *ah) { -@@ -578,7 +594,7 @@ +@@ -578,7 +594,7 @@ open_archive (struct locarhandle *ah, bool readonly) while (1) { /* Open the archive. We must have exclusive write access. */ diff --git a/pkgs/development/libraries/glibc/rpcgen-path.patch b/pkgs/development/libraries/glibc/rpcgen-path.patch index 3349449d9163..4f427879f241 100644 --- a/pkgs/development/libraries/glibc/rpcgen-path.patch +++ b/pkgs/development/libraries/glibc/rpcgen-path.patch @@ -1,7 +1,6 @@ -diff -ru glibc-2.18-orig/sunrpc/rpc_main.c glibc-2.18/sunrpc/rpc_main.c ---- glibc-2.18-orig/sunrpc/rpc_main.c 2013-08-11 00:52:55.000000000 +0200 -+++ glibc-2.18/sunrpc/rpc_main.c 2013-11-15 12:04:48.041006977 +0100 -@@ -78,7 +78,7 @@ +--- a/sunrpc/rpc_main.c ++++ b/sunrpc/rpc_main.c +@@ -78,7 +78,7 @@ static const char *cmdname; static const char *svcclosetime = "120"; static int cppDefined; /* explicit path for C preprocessor */ @@ -10,7 +9,7 @@ diff -ru glibc-2.18-orig/sunrpc/rpc_main.c glibc-2.18/sunrpc/rpc_main.c static const char CPPFLAGS[] = "-C"; static char *pathbuf; static int cpp_pid; -@@ -107,7 +107,6 @@ +@@ -107,7 +107,6 @@ static char *extendfile (const char *file, const char *ext); static void open_output (const char *infile, const char *outfile); static void add_warning (void); static void clear_args (void); @@ -18,7 +17,7 @@ diff -ru glibc-2.18-orig/sunrpc/rpc_main.c glibc-2.18/sunrpc/rpc_main.c static void open_input (const char *infile, const char *define); static int check_nettype (const char *name, const char *list_to_check[]); static void c_output (const char *infile, const char *define, -@@ -322,25 +321,6 @@ +@@ -322,25 +321,6 @@ clear_args (void) argcount = FIXEDARGS; } @@ -44,7 +43,7 @@ diff -ru glibc-2.18-orig/sunrpc/rpc_main.c glibc-2.18/sunrpc/rpc_main.c /* * Open input file with given define for C-preprocessor */ -@@ -359,7 +339,6 @@ +@@ -359,7 +339,6 @@ open_input (const char *infile, const char *define) switch (cpp_pid) { case 0: diff --git a/pkgs/development/libraries/libffi/default.nix b/pkgs/development/libraries/libffi/default.nix index cc080e7c6388..86e790bb9659 100644 --- a/pkgs/development/libraries/libffi/default.nix +++ b/pkgs/development/libraries/libffi/default.nix @@ -1,9 +1,9 @@ { stdenv, fetchurl, fetchpatch , autoreconfHook -# libffi is used in darwin stdenv +# libffi is used in darwin and linux with glibc stdenv # we cannot run checks within it -, doCheck ? !stdenv.isDarwin, dejagnu +, doCheck ? stdenv.hostPlatform.isMusl, dejagnu }: stdenv.mkDerivation rec { diff --git a/pkgs/development/libraries/libunistring/default.nix b/pkgs/development/libraries/libunistring/default.nix index e02e5228aa49..2c9a13788c5b 100644 --- a/pkgs/development/libraries/libunistring/default.nix +++ b/pkgs/development/libraries/libunistring/default.nix @@ -17,7 +17,7 @@ stdenv.mkDerivation rec { "--with-libiconv-prefix=${libiconv}" ]; - doCheck = true; + doCheck = false; /* This seems to cause several random failures like these, which I assume is because of bad or missing target dependencies in their build system: diff --git a/pkgs/development/libraries/seasocks/default.nix b/pkgs/development/libraries/seasocks/default.nix index c6bb2afc2705..932bf48e2a18 100644 --- a/pkgs/development/libraries/seasocks/default.nix +++ b/pkgs/development/libraries/seasocks/default.nix @@ -1,4 +1,4 @@ -{ stdenv, fetchFromGitHub, cmake, python, zlib }: +{ stdenv, fetchFromGitHub, cmake, python, zlib, fetchpatch }: stdenv.mkDerivation rec { pname = "seasocks"; @@ -11,6 +11,13 @@ stdenv.mkDerivation rec { sha256 = "1vzdhp61bq2bddz7kkpygdq5adxdspjw1q6a03j6qyyimapblrg8"; }; + patches = [ + (fetchpatch { + url = "https://github.com/mattgodbolt/seasocks/commit/5753b50ce3b2232d166843450043f88a4a362422.patch"; + sha256 = "1c20xjma8jdgcr5m321srpmys6b4jvqkazfqr668km3r2ck5xncl"; + }) + ]; + nativeBuildInputs = [ cmake ]; buildInputs = [ zlib python ]; diff --git a/pkgs/development/tools/analysis/rr/default.nix b/pkgs/development/tools/analysis/rr/default.nix index a8d95eb05deb..8ca6dff9f5db 100644 --- a/pkgs/development/tools/analysis/rr/default.nix +++ b/pkgs/development/tools/analysis/rr/default.nix @@ -1,14 +1,14 @@ -{ stdenv, fetchFromGitHub, cmake, libpfm, zlib, pkgconfig, python2Packages, which, procps, gdb, capnproto }: +{ stdenv, fetchFromGitHub, cmake, libpfm, zlib, pkgconfig, python3Packages, which, procps, gdb, capnproto }: stdenv.mkDerivation rec { - version = "5.2.0"; + version = "5.3.0"; pname = "rr"; src = fetchFromGitHub { owner = "mozilla"; repo = "rr"; rev = version; - sha256 = "19jsnm8n2smalx2z60x9d8f6g4kdm7zghwyjfvwcxnslk1vn9dkc"; + sha256 = "1x6l1xsdksnhz9v50p4r7hhmr077cq20kaywqy1jzdklvkjqzf64"; }; postPatch = '' @@ -23,7 +23,7 @@ stdenv.mkDerivation rec { nativeBuildInputs = [ pkgconfig ]; buildInputs = [ - cmake libpfm zlib python2Packages.python python2Packages.pexpect which procps gdb capnproto + cmake libpfm zlib python3Packages.python python3Packages.pexpect which procps gdb capnproto ]; propagatedBuildInputs = [ gdb ]; # needs GDB to replay programs at runtime cmakeFlags = [ diff --git a/pkgs/development/tools/gnulib/default.nix b/pkgs/development/tools/gnulib/default.nix index 15042353b1d5..316c38706d3d 100644 --- a/pkgs/development/tools/gnulib/default.nix +++ b/pkgs/development/tools/gnulib/default.nix @@ -2,12 +2,12 @@ stdenv.mkDerivation { pname = "gnulib"; - version = "20190326"; + version = "20190811"; src = fetchgit { url = https://git.savannah.gnu.org/r/gnulib.git; - rev = "a18f7ce3c0aa760c33d46bbeb8e5b3a14cf24984"; - sha256 = "04py5n3j17wyqv9wfsslcrxzapni9vmw6p5g0adzy2md3ygjw4x4"; + rev = "6430babe47ece6953cf18ef07c1d8642c8588e89"; + sha256 = "14kgykbjly03dlb25sllcfcrpk7zkypa449gr3zbqv4rhpmnzizg"; }; dontFixup = true; diff --git a/pkgs/development/tools/misc/gnum4/default.nix b/pkgs/development/tools/misc/gnum4/default.nix index ab2ab0de9cf9..b01f85bb4a7a 100644 --- a/pkgs/development/tools/misc/gnum4/default.nix +++ b/pkgs/development/tools/misc/gnum4/default.nix @@ -13,7 +13,14 @@ stdenv.mkDerivation { configureFlags = [ "--with-syscmd-shell=${stdenv.shell}" ]; # Upstream is aware of it; it may be in the next release. - patches = [ ./s_isdir.patch ] + patches = + [ + ./s_isdir.patch + (fetchurl { + url = "https://sources.debian.org/data/main/m/m4/1.4.18-2/debian/patches/01-fix-ftbfs-with-glibc-2.28.patch"; + sha256 = "12lmdnbml9lfvy0khpjc42riicddaz7li8wmbnsam7zsw6al11qk"; + }) + ] ++ stdenv.lib.optional stdenv.isDarwin ./darwin-secure-format.patch; meta = { diff --git a/pkgs/os-specific/linux/drbd/default.nix b/pkgs/os-specific/linux/drbd/default.nix index 74f3430c2d89..02b8afa721f6 100644 --- a/pkgs/os-specific/linux/drbd/default.nix +++ b/pkgs/os-specific/linux/drbd/default.nix @@ -8,7 +8,7 @@ stdenv.mkDerivation rec { sha256 = "1w4889h1ak7gy9w33kd4fgjlfpgmp6hzfya16p1pkc13bjf22mm0"; }; - patches = [ ./pass-force.patch ]; + patches = [ ./pass-force.patch ./fix-glibc-compilation.patch ]; nativeBuildInputs = [ flex ]; buildInputs = [ perl ]; diff --git a/pkgs/os-specific/linux/drbd/fix-glibc-compilation.patch b/pkgs/os-specific/linux/drbd/fix-glibc-compilation.patch new file mode 100644 index 000000000000..621a2dd995db --- /dev/null +++ b/pkgs/os-specific/linux/drbd/fix-glibc-compilation.patch @@ -0,0 +1,24 @@ +diff --git a/user/drbdadm_adjust.c b/user/drbdadm_adjust.c +index cb23270..3a751ca 100644 +--- a/user/drbdadm_adjust.c ++++ b/user/drbdadm_adjust.c +@@ -29,6 +29,7 @@ + #include <sys/types.h> + #include <sys/stat.h> + #include <sys/wait.h> ++#include <sys/sysmacros.h> + #include <unistd.h> + #include <fcntl.h> + +diff --git a/user/legacy/drbdadm_adjust.c b/user/legacy/drbdadm_adjust.c +index c79163c..6990ffb 100644 +--- a/user/legacy/drbdadm_adjust.c ++++ b/user/legacy/drbdadm_adjust.c +@@ -27,6 +27,7 @@ + #include <sys/types.h> + #include <sys/stat.h> + #include <sys/wait.h> ++#include <sys/sysmacros.h> + #include <unistd.h> + #include <fcntl.h> + diff --git a/pkgs/servers/diod/default.nix b/pkgs/servers/diod/default.nix index cf81d9b4b9af..9e33a8c7910e 100644 --- a/pkgs/servers/diod/default.nix +++ b/pkgs/servers/diod/default.nix @@ -13,6 +13,7 @@ stdenv.mkDerivation rec { postPatch = '' substituteInPlace diod/xattr.c --replace attr/xattr.h sys/xattr.h + sed -i -e '/sys\/types\.h>/a #include <sys/sysmacros.h>' diod/ops.c ''; buildInputs = [ munge lua libcap perl ncurses ]; diff --git a/pkgs/servers/foundationdb/default.nix b/pkgs/servers/foundationdb/default.nix index ea762ed656d6..b7f52e4b836f 100644 --- a/pkgs/servers/foundationdb/default.nix +++ b/pkgs/servers/foundationdb/default.nix @@ -24,6 +24,11 @@ let sha256 = "11y434w68cpk7shs2r22hyrpcrqi8vx02cw7v5x79qxvnmdxv2an"; }; + glibc230-fix = fetchpatch { + url = "https://github.com/Ma27/foundationdb/commit/e133cb974b9a9e4e1dc2d4ac15881d31225c0197.patch"; + sha256 = "1v9q2fyc73msigcykjnbmfig45zcrkrzcg87b0r6mxpnby8iryl1"; + }; + in with builtins; { # Older versions use the bespoke 'vsmake' build system @@ -76,6 +81,7 @@ in with builtins; { patches = [ ./patches/clang-libcxx.patch ./patches/suppress-clang-warnings.patch + glibc230-fix ]; }; diff --git a/pkgs/servers/mail/postfix/0001-Fix-build-with-glibc-2.30.patch b/pkgs/servers/mail/postfix/0001-Fix-build-with-glibc-2.30.patch new file mode 100644 index 000000000000..9613b8906a00 --- /dev/null +++ b/pkgs/servers/mail/postfix/0001-Fix-build-with-glibc-2.30.patch @@ -0,0 +1,34 @@ +From a6a61d0dc018101a9a8d0a664f31140d7e38db0e Mon Sep 17 00:00:00 2001 +From: Maximilian Bosch <maximilian@mbosch.me> +Date: Fri, 17 Jan 2020 01:42:40 +0100 +Subject: [PATCH] Fix build with glibc 2.30 + +https://bugs.launchpad.net/ubuntu/+source/postfix/+bug/1842923 +--- + src/dns/dns_str_resflags.c | 6 ++++++ + 1 file changed, 6 insertions(+) + +diff --git a/src/dns/dns_str_resflags.c b/src/dns/dns_str_resflags.c +index 5f2cce5..df32345 100644 +--- a/src/dns/dns_str_resflags.c ++++ b/src/dns/dns_str_resflags.c +@@ -60,10 +60,16 @@ static const LONG_NAME_MASK resflag_table[] = { + "RES_DEFNAMES", RES_DEFNAMES, + "RES_STAYOPEN", RES_STAYOPEN, + "RES_DNSRCH", RES_DNSRCH, ++#ifdef RES_INSECURE1 + "RES_INSECURE1", RES_INSECURE1, ++#endif ++#ifdef RES_INSECURE2 + "RES_INSECURE2", RES_INSECURE2, ++#endif + "RES_NOALIASES", RES_NOALIASES, ++#ifdef RES_USE_INET6 + "RES_USE_INET6", RES_USE_INET6, ++#endif + #ifdef RES_ROTATE + "RES_ROTATE", RES_ROTATE, + #endif +-- +2.23.1 + diff --git a/pkgs/servers/mail/postfix/default.nix b/pkgs/servers/mail/postfix/default.nix index c0e6252a5518..d797a9ec9a39 100644 --- a/pkgs/servers/mail/postfix/default.nix +++ b/pkgs/servers/mail/postfix/default.nix @@ -48,6 +48,7 @@ in stdenv.mkDerivation rec { ./postfix-3.0-no-warnings.patch ./post-install-script.patch ./relative-symlinks.patch + ./0001-Fix-build-with-glibc-2.30.patch ]; postPatch = stdenv.lib.optionalString (stdenv.hostPlatform != stdenv.buildPlatform) '' diff --git a/pkgs/stdenv/linux/bootstrap-files/aarch64.nix b/pkgs/stdenv/linux/bootstrap-files/aarch64.nix index ca7e84502ab3..90c74bf1723f 100644 --- a/pkgs/stdenv/linux/bootstrap-files/aarch64.nix +++ b/pkgs/stdenv/linux/bootstrap-files/aarch64.nix @@ -1,11 +1,13 @@ +# FIXME(ma27): before merging this to master we *have* to replace those files +# as they're built for testing purposes with the aarch64 community builder. { busybox = import <nix/fetchurl.nix> { - url = http://nixos-arm.dezgeg.me/bootstrap-aarch64-2017-03-11-bb3ef8/busybox; - sha256 = "12qcml1l67skpjhfjwy7gr10nc86gqcwjmz9ggp7knss8gq8pv7f"; + url = "https://aarch64.mbosch.me/busybox"; + sha256 = "10z8aigcj0lyfwbc4wzl7s0ng9g37sx1vsqh9sijw3hi0gfhhn4v"; executable = true; }; bootstrapTools = import <nix/fetchurl.nix> { - url = http://nixos-arm.dezgeg.me/bootstrap-aarch64-2017-03-11-bb3ef8/bootstrap-tools.tar.xz; - sha256 = "1075d5n4yclbhgisi6ba50601mw3fhivlkjs462qlnq8hh0xc7nq"; + url = "https://aarch64.mbosch.me/bootstrap-tools.tar.xz"; + sha256 = "0n4k0l7j2yqjzicj1gyk8gdpbszqn6yj6mlx6m2pzfcm2hmbzwfk"; }; } diff --git a/pkgs/stdenv/linux/bootstrap-files/i686.nix b/pkgs/stdenv/linux/bootstrap-files/i686.nix index cf484fd92533..55cff0a636d7 100644 --- a/pkgs/stdenv/linux/bootstrap-files/i686.nix +++ b/pkgs/stdenv/linux/bootstrap-files/i686.nix @@ -1,12 +1,12 @@ { busybox = import <nix/fetchurl.nix> { - url = http://tarballs.nixos.org/stdenv-linux/i686/4907fc9e8d0d82b28b3c56e3a478a2882f1d700f/busybox; - sha256 = "ef4c1be6c7ae57e4f654efd90ae2d2e204d6769364c46469fa9ff3761195cba1"; + url = https://lblasc-nix-dev.s3-eu-west-1.amazonaws.com/bootstrap-tools-i686-gcc9/busybox; + sha256 = "03g3hz2ar6nz7chfwip72gvy4wd828ha9bdgg6mjs9llsc0d2izz"; executable = true; }; bootstrapTools = import <nix/fetchurl.nix> { - url = http://tarballs.nixos.org/stdenv-linux/i686/4907fc9e8d0d82b28b3c56e3a478a2882f1d700f/bootstrap-tools.tar.xz; - sha256 = "cf920d26d94335f5cb46e247455d0e5389765d16a2b8fc233b792a655b5b58aa"; + url = https://lblasc-nix-dev.s3-eu-west-1.amazonaws.com/bootstrap-tools-i686-gcc9/bootstrap-tools.tar.xz; + sha256 = "1m142s2z7v3v6k0m3d91prp7i71hhy394jgnkd7y3z5sh15c8j28"; }; } diff --git a/pkgs/stdenv/linux/bootstrap-files/x86_64.nix b/pkgs/stdenv/linux/bootstrap-files/x86_64.nix index 69d08c5e981a..4c4db07b3064 100644 --- a/pkgs/stdenv/linux/bootstrap-files/x86_64.nix +++ b/pkgs/stdenv/linux/bootstrap-files/x86_64.nix @@ -3,7 +3,7 @@ { bootstrapTools = import <nix/fetchurl.nix> { - url = http://tarballs.nixos.org/stdenv-linux/x86_64/4907fc9e8d0d82b28b3c56e3a478a2882f1d700f/bootstrap-tools.tar.xz; - sha256 = "abe3f0727dd771a60b7922892d308da1bc7b082afc13440880862f0c8823c09f"; + url = https://lblasc-nix-dev.s3-eu-west-1.amazonaws.com/bootstrap-tools-x86-64-gcc9/bootstrap-tools.tar.xz; + sha256 = "0dyvaqlaszd5i2vr36h4d3k47a5xc550n1y4mkiirm1gd4ynaz1g"; }; } diff --git a/pkgs/stdenv/linux/default.nix b/pkgs/stdenv/linux/default.nix index 8344c9dfb2b8..60c0730dce1f 100644 --- a/pkgs/stdenv/linux/default.nix +++ b/pkgs/stdenv/linux/default.nix @@ -226,6 +226,28 @@ in ccWrapperStdenv gcc-unwrapped coreutils gnugrep perl gnum4 bison; + dejagnu = super.dejagnu.overrideAttrs (a: { doCheck = false; } ); + + # We need libidn2 and its dependency libunistring as glibc dependency. + # To avoid the cycle, we build against bootstrap libc, nuke references, + # and use the result as input for our final glibc. We also pass this pair + # through, so the final package-set uses exactly the same builds. + libunistring = super.libunistring.overrideAttrs (attrs: { + postFixup = attrs.postFixup or "" + '' + ${self.nukeReferences}/bin/nuke-refs "$out"/lib/lib*.so.*.* + ''; + # Apparently iconv won't work with bootstrap glibc, but it will be used + # with glibc built later where we keep *this* build of libunistring, + # so we need to trick it into supporting libiconv. + am_cv_func_iconv_works = "yes"; + }); + libidn2 = super.libidn2.overrideAttrs (attrs: { + postFixup = attrs.postFixup or "" + '' + ${self.nukeReferences}/bin/nuke-refs -e '${lib.getLib self.libunistring}' \ + "$out"/lib/lib*.so.*.* + ''; + }); + # This also contains the full, dynamically linked, final Glibc. binutils = prevStage.binutils.override { # Rewrap the binutils with the new glibc, so both the next @@ -246,7 +268,7 @@ in inherit (prevStage) ccWrapperStdenv binutils coreutils gnugrep - perl patchelf linuxHeaders gnum4 bison; + perl patchelf linuxHeaders gnum4 bison libidn2 libunistring; ${localSystem.libc} = getLibc prevStage; # Link GCC statically against GMP etc. This makes sense because # these builds of the libraries are only used by GCC, so it @@ -276,7 +298,7 @@ in # because gcc (since JAR support) already depends on zlib, and # then if we already have a zlib we want to use that for the # other purposes (binutils and top-level pkgs) too. - inherit (prevStage) gettext gnum4 bison gmp perl texinfo zlib linuxHeaders; + inherit (prevStage) gettext gnum4 bison gmp perl texinfo zlib linuxHeaders libidn2 libunistring; ${localSystem.libc} = getLibc prevStage; binutils = super.binutils.override { # Don't use stdenv's shell but our own @@ -362,7 +384,7 @@ in ] # Library dependencies ++ map getLib ( - [ attr acl zlib pcre ] + [ attr acl zlib pcre libidn2 libunistring ] ++ lib.optional (gawk.libsigsegv != null) gawk.libsigsegv ) # More complicated cases @@ -377,7 +399,7 @@ in inherit (prevStage) gzip bzip2 xz bash coreutils diffutils findutils gawk gnumake gnused gnutar gnugrep gnupatch patchelf - attr acl zlib pcre; + attr acl zlib pcre libunistring libidn2; ${localSystem.libc} = getLibc prevStage; } // lib.optionalAttrs (super.stdenv.targetPlatform == localSystem) { # Need to get rid of these when cross-compiling. diff --git a/pkgs/tools/archivers/sharutils/default.nix b/pkgs/tools/archivers/sharutils/default.nix index 0dfd234bc758..b4fc2377f0e4 100644 --- a/pkgs/tools/archivers/sharutils/default.nix +++ b/pkgs/tools/archivers/sharutils/default.nix @@ -25,6 +25,10 @@ stdenv.mkDerivation rec { url = "https://sources.debian.org/data/main/s/sharutils/1:4.15.2-2+deb9u1/debian/patches/01-fix-heap-buffer-overflow-cve-2018-1000097.patch"; sha256 = "19g0sxc8g79aj5gd5idz5409311253jf2q8wqkasf0handdvsbxx"; }) + (fetchurl { + url = "https://sources.debian.org/data/main/s/sharutils/1:4.15.2-4/debian/patches/02-fix-ftbfs-with-glibc-2.28.patch"; + sha256 = "15kpjqnfs98n6irmkh8pw7masr08xala7gx024agv7zv14722vkc"; + }) ]; postPatch = let diff --git a/pkgs/tools/compression/bzip2/default.nix b/pkgs/tools/compression/bzip2/default.nix index a440c08bd1bb..41dcd54ecdb6 100644 --- a/pkgs/tools/compression/bzip2/default.nix +++ b/pkgs/tools/compression/bzip2/default.nix @@ -1,5 +1,6 @@ { stdenv, fetchurl , linkStatic ? (stdenv.hostPlatform.system == "i686-cygwin") +, autoreconfHook }: stdenv.mkDerivation rec { @@ -20,6 +21,8 @@ stdenv.mkDerivation rec { sha256 = "0b5b5p8c7bslc6fslcr1nj9136412v3qcvbg6yxi9argq9g72v8c"; }; + nativeBuildInputs = [ autoreconfHook ]; + patches = [ ./CVE-2016-3189.patch ./cve-2019-12900.patch diff --git a/pkgs/tools/filesystems/jfsutils/default.nix b/pkgs/tools/filesystems/jfsutils/default.nix index 92dfe00c9514..8b899da32c10 100644 --- a/pkgs/tools/filesystems/jfsutils/default.nix +++ b/pkgs/tools/filesystems/jfsutils/default.nix @@ -1,4 +1,4 @@ -{ stdenv, fetchurl, libuuid, autoreconfHook }: +{ stdenv, fetchurl, fetchpatch, libuuid, autoreconfHook }: stdenv.mkDerivation rec { name = "jfsutils-1.1.15"; @@ -13,6 +13,12 @@ stdenv.mkDerivation rec { ./hardening-format.patch # required for cross-compilation ./ar-fix.patch + # fix for glibc>=2.28 + (fetchpatch { + name = "add_sysmacros.patch"; + url = "https://sources.debian.org/data/main/j/jfsutils/1.1.15-4/debian/patches/add_sysmacros.patch"; + sha256 = "1qcwvxs4d0d24w5x98z59arqfx2n7f0d9xaqhjcg6w8n34vkhnyc"; + }) ]; nativeBuildInputs = [ autoreconfHook ]; diff --git a/pkgs/tools/misc/expect/default.nix b/pkgs/tools/misc/expect/default.nix index fe18a5065608..4a6f62f995ba 100644 --- a/pkgs/tools/misc/expect/default.nix +++ b/pkgs/tools/misc/expect/default.nix @@ -1,4 +1,4 @@ -{ stdenv, fetchurl, tcl, makeWrapper }: +{ stdenv, fetchurl, tcl, makeWrapper, autoreconfHook }: stdenv.mkDerivation rec { version = "5.45.4"; @@ -10,11 +10,11 @@ stdenv.mkDerivation rec { }; buildInputs = [ tcl ]; - nativeBuildInputs = [ makeWrapper ]; + nativeBuildInputs = [ makeWrapper autoreconfHook ]; hardeningDisable = [ "format" ]; - patchPhase = '' + postPatch = '' sed -i "s,/bin/stty,$(type -p stty),g" configure ''; diff --git a/pkgs/tools/networking/ppp/default.nix b/pkgs/tools/networking/ppp/default.nix index 0efef74f6c35..3446157df7a8 100644 --- a/pkgs/tools/networking/ppp/default.nix +++ b/pkgs/tools/networking/ppp/default.nix @@ -10,10 +10,17 @@ stdenv.mkDerivation rec { }; patches = - [ ( substituteAll { + [ + # fix for glibc>=2.28 + (fetchurl { + url = "https://github.com/paulusmack/ppp/commit/3c7b86229f7bd2600d74db14b1fe5b3896be3875.patch"; + sha256 = "0qlbi247lx3injpy8a1gcij9yilik0vfaibkpvdp88k3sa1rs69z"; + }) + ( substituteAll { src = ./nix-purity.patch; inherit libpcap; glibc = stdenv.cc.libc.dev or stdenv.cc.libc; + openssl = openssl.dev; }) # Without nonpriv.patch, pppd --version doesn't work when not run as # root. diff --git a/pkgs/tools/networking/ppp/nix-purity.patch b/pkgs/tools/networking/ppp/nix-purity.patch index c74935c0ec8b..5321a472e734 100644 --- a/pkgs/tools/networking/ppp/nix-purity.patch +++ b/pkgs/tools/networking/ppp/nix-purity.patch @@ -1,8 +1,8 @@ diff --git a/pppd/Makefile.linux b/pppd/Makefile.linux -index 060db6a..c151c62 100644 +index 1ebebec..bf90c62 100644 --- a/pppd/Makefile.linux +++ b/pppd/Makefile.linux -@@ -117,7 +117,7 @@ CFLAGS += -DHAS_SHADOW +@@ -120,7 +120,7 @@ CFLAGS += -DHAS_SHADOW #LIBS += -lshadow $(LIBS) endif @@ -11,7 +11,16 @@ index 060db6a..c151c62 100644 CFLAGS += -DHAVE_CRYPT_H=1 LIBS += -lcrypt endif -@@ -169,7 +169,7 @@ LIBS += -ldl +@@ -132,7 +132,7 @@ endif + + ifdef NEEDDES + ifndef USE_CRYPT +-CFLAGS += -I/usr/include/openssl ++CFLAGS += -I@openssl@/include/openssl + LIBS += -lcrypto + else + CFLAGS += -DUSE_CRYPT=1 +@@ -178,7 +178,7 @@ LIBS += -ldl endif ifdef FILTER diff --git a/pkgs/tools/networking/xnbd/0001-Fix-build-for-glibc-2.28.patch b/pkgs/tools/networking/xnbd/0001-Fix-build-for-glibc-2.28.patch new file mode 100644 index 000000000000..712183e56c74 --- /dev/null +++ b/pkgs/tools/networking/xnbd/0001-Fix-build-for-glibc-2.28.patch @@ -0,0 +1,25 @@ +From e799a7e0a64696e4ef6c088d36e4db09f8323581 Mon Sep 17 00:00:00 2001 +From: Maximilian Bosch <maximilian@mbosch.me> +Date: Sun, 19 Jan 2020 22:37:04 +0100 +Subject: [PATCH] Fix build for glibc>=2.28 + +The major/minor macros are defined in <sys/sysmacros.h> now. +--- + lib/io.h | 1 + + 1 file changed, 1 insertion(+) + +diff --git a/lib/io.h b/lib/io.h +index 8703cc8..e3d0d10 100644 +--- a/lib/io.h ++++ b/lib/io.h +@@ -33,6 +33,7 @@ + #include <sys/types.h> + #include <sys/stat.h> + #include <sys/mman.h> ++#include <sys/sysmacros.h> + + + void read_all(int fd, void *buf, size_t len); +-- +2.23.1 + diff --git a/pkgs/tools/networking/xnbd/default.nix b/pkgs/tools/networking/xnbd/default.nix index e898904c6d4b..a874565684ff 100644 --- a/pkgs/tools/networking/xnbd/default.nix +++ b/pkgs/tools/networking/xnbd/default.nix @@ -10,6 +10,8 @@ stdenv.mkDerivation rec { sourceRoot = "${name}/trunk"; + patches = [ ./0001-Fix-build-for-glibc-2.28.patch ]; + nativeBuildInputs = [ autoreconfHook pkgconfig ]; buildInputs = [ glib jansson ]; diff --git a/pkgs/tools/security/oath-toolkit/default.nix b/pkgs/tools/security/oath-toolkit/default.nix index e31d62dc8b7a..d462101e92ea 100644 --- a/pkgs/tools/security/oath-toolkit/default.nix +++ b/pkgs/tools/security/oath-toolkit/default.nix @@ -1,4 +1,4 @@ -{ stdenv, fetchFromGitLab, pam, xmlsec, autoreconfHook, pkgconfig, libxml2, gtk-doc, perl, gengetopt, bison, help2man }: +{ stdenv, fetchFromGitLab, fetchpatch, pam, xmlsec, autoreconfHook, pkgconfig, libxml2, gtk-doc, perl, gengetopt, bison, help2man }: let securityDependency = @@ -15,6 +15,15 @@ in stdenv.mkDerivation { sha256 = "0n2sl444723f1k0sjmc0mzdwslx51yxac39c2cx2bl3ykacgfv74"; }; + patches = [ + # fix for glibc>=2.28 + (fetchpatch { + name = "new_glibc_check.patch"; + url = "https://sources.debian.org/data/main/o/oath-toolkit/2.6.1-1.3/debian/patches/new-glibc-check.patch"; + sha256 = "0h75xyy3xsl485v7w27yqkks6z9sgsjmrv6wiswy15fdj5wyciv3"; + }) + ]; + buildInputs = [ securityDependency libxml2 perl gengetopt bison ]; nativeBuildInputs = [ autoreconfHook gtk-doc help2man pkgconfig ]; |