diff --git a/pkgs/build-support/setup-hooks/separate-debug-info.sh b/pkgs/build-support/setup-hooks/separate-debug-info.sh index 55e3236847df..37753d9ce406 100644 --- a/pkgs/build-support/setup-hooks/separate-debug-info.sh +++ b/pkgs/build-support/setup-hooks/separate-debug-info.sh @@ -11,14 +11,9 @@ _separateDebugInfo() { dst="$dst/lib/debug/.build-id" # Find executables and dynamic libraries. - local -a files=($(find "$prefix" -type f -a \( -perm /0100 -o -name "*.so" -o -name "*.so.*" \))) - local i magic - for i in "${files[@]}"; do - # Skip non-ELF files. - exec 10< "$i" - read -n 4 -u 10 magic - exec 10<&- + while IFS= read -r -d $'\0' i; do + if ! isELF "$i"; then continue; fi # Extract the Build ID. FIXME: there's probably a cleaner way. local id="$(readelf -n "$i" | sed 's/.*Build ID: \([0-9a-f]*\).*/\1/; t; d')" @@ -35,7 +30,7 @@ _separateDebugInfo() { # Also a create a symlink .debug. ln -sfn ".build-id/${id:0:2}/${id:2}.debug" "$dst/../$(basename "$i")" - done + done < <(find "$prefix" -type f -print0) } # - We might prefer to compress the debug info during link-time already, diff --git a/pkgs/desktops/e19/efl.nix b/pkgs/desktops/e19/efl.nix index 39bb3b26325a..dd9c837ed8b2 100644 --- a/pkgs/desktops/e19/efl.nix +++ b/pkgs/desktops/e19/efl.nix @@ -1,4 +1,4 @@ -{ stdenv, fetchurl, pkgconfig, openssl, libjpeg, zlib, freetype, fontconfig, fribidi, SDL2, SDL, mesa, giflib, libpng, libtiff, glib, gst_all_1, libpulseaudio, libsndfile, xorg, libdrm, libxkbcommon, udev, utillinuxCurses, dbus, bullet, luajit, python27Packages, openjpeg, doxygen, expat, harfbuzz, jbig2dec, librsvg, dbus_libs, alsaLib, poppler, libraw, libspectre, xineLib, libwebp, curl, libinput }: +{ stdenv, fetchurl, pkgconfig, openssl, libjpeg, zlib, freetype, fontconfig, fribidi, SDL2, SDL, mesa, giflib, libpng, libtiff, glib, gst_all_1, libpulseaudio, libsndfile, xorg, libdrm, libxkbcommon, udev, utillinux, dbus, bullet, luajit, python27Packages, openjpeg, doxygen, expat, harfbuzz, jbig2dec, librsvg, dbus_libs, alsaLib, poppler, libraw, libspectre, xineLib, libwebp, curl, libinput }: stdenv.mkDerivation rec { @@ -12,7 +12,7 @@ stdenv.mkDerivation rec { buildInputs = [ pkgconfig openssl zlib freetype fontconfig fribidi SDL2 SDL mesa giflib libpng libtiff glib gst_all_1.gstreamer gst_all_1.gst-plugins-base gst_all_1.gst-libav libpulseaudio libsndfile xorg.libXcursor xorg.printproto - xorg.libX11 udev utillinuxCurses ]; + xorg.libX11 udev utillinux ]; propagatedBuildInputs = [ libxkbcommon python27Packages.dbus dbus libjpeg xorg.libXcomposite xorg.libXdamage xorg.libXinerama xorg.libXp xorg.libXtst xorg.libXi xorg.libXext diff --git a/pkgs/development/libraries/gettext/absolute-paths.diff b/pkgs/development/libraries/gettext/absolute-paths.diff index 6d5cf1c1ba24..af37f61a9a41 100644 --- a/pkgs/development/libraries/gettext/absolute-paths.diff +++ b/pkgs/development/libraries/gettext/absolute-paths.diff @@ -7,7 +7,7 @@ index 1dfa3bb..d6ef8a8 100644 # result. eval_gettext () { - gettext "$1" | (export PATH `envsubst --variables "$1"`; envsubst "$1") -+ @out@/bin/gettext "$1" | (export PATH `envsubst --variables "$1"`; envsubst "$1") ++ @out@/bin/gettext "$1" | (export PATH `@out@/bin/envsubst --variables "$1"`; @out@/bin/envsubst "$1") } # eval_ngettext MSGID MSGID-PLURAL COUNT @@ -15,7 +15,7 @@ index 1dfa3bb..d6ef8a8 100644 # shell variables in the result. eval_ngettext () { - ngettext "$1" "$2" "$3" | (export PATH `envsubst --variables "$1 $2"`; envsubst "$1 $2") -+ @out@/bin/ngettext "$1" "$2" "$3" | (export PATH `envsubst --variables "$1 $2"`; envsubst "$1 $2") ++ @out@/bin/ngettext "$1" "$2" "$3" | (export PATH `@out@/bin/envsubst --variables "$1 $2"`; @out@/bin/envsubst "$1 $2") } # Note: This use of envsubst is much safer than using the shell built-in 'eval' diff --git a/pkgs/development/libraries/gettext/default.nix b/pkgs/development/libraries/gettext/default.nix index 1443626124e1..c96d241ee903 100644 --- a/pkgs/development/libraries/gettext/default.nix +++ b/pkgs/development/libraries/gettext/default.nix @@ -1,11 +1,12 @@ -{ stdenv, fetchurl, libiconv, xz }: +{ stdenv, lib, fetchurl, libiconv, xz }: -stdenv.mkDerivation (rec { - name = "gettext-0.19.6"; +stdenv.mkDerivation rec { + name = "gettext-${version}"; + version = "0.19.7"; src = fetchurl { url = "mirror://gnu/gettext/${name}.tar.gz"; - sha256 = "0pb9vp4ifymvdmc31ks3xxcnfqgzj8shll39czmk8c1splclqjzd"; + sha256 = "0gy2b2aydj8r0sapadnjw8cmb8j2rynj28d5qs1mfa800njd51jk"; }; patches = [ ./absolute-paths.diff ]; @@ -14,20 +15,20 @@ stdenv.mkDerivation (rec { LDFLAGS = if stdenv.isSunOS then "-lm -lmd -lmp -luutil -lnvpair -lnsl -lidmap -lavl -lsec" else ""; configureFlags = [ "--disable-csharp" "--with-xz" ] - ++ (stdenv.lib.optionals stdenv.isCygwin - [ "--disable-java" + ++ lib.optionals stdenv.isCygwin [ + "--disable-java" "--disable-native-java" # Share the cache among the various `configure' runs. "--config-cache" "--with-included-gettext" "--with-included-glib" "--with-included-libcroco" - ]) + ] # avoid retaining reference to CF during stdenv bootstrap - ++ (stdenv.lib.optionals stdenv.isDarwin [ - "gt_cv_func_CFPreferencesCopyAppValue=no" - "gt_cv_func_CFLocaleCopyCurrent=no" - ]); + ++ lib.optionals stdenv.isDarwin [ + "gt_cv_func_CFPreferencesCopyAppValue=no" + "gt_cv_func_CFLocaleCopyCurrent=no" + ]; postPatch = '' substituteAllInPlace gettext-runtime/src/gettext.sh.in @@ -45,16 +46,16 @@ stdenv.mkDerivation (rec { echo gl_cv_func_wcwidth_works=yes > cachefile configureFlags="$configureFlags --cache-file=`pwd`/cachefile" fi - '' + stdenv.lib.optionalString stdenv.isCygwin '' + '' + lib.optionalString stdenv.isCygwin '' sed -i -e "s/\(am_libgettextlib_la_OBJECTS = \)error.lo/\\1/" gettext-tools/gnulib-lib/Makefile.in ''; - buildInputs = [ xz ] ++ stdenv.lib.optional (!stdenv.isLinux) libiconv; + buildInputs = [ xz ] ++ lib.optional (!stdenv.isLinux) libiconv; enableParallelBuilding = true; crossAttrs = { - buildInputs = stdenv.lib.optional (stdenv ? ccCross && stdenv.ccCross.libc ? libiconv) + buildInputs = lib.optional (stdenv ? ccCross && stdenv.ccCross.libc ? libiconv) stdenv.ccCross.libc.libiconv.crossDrv; # Gettext fails to guess the cross compiler configureFlags = "CXX=${stdenv.cross.config}-g++"; @@ -84,8 +85,8 @@ stdenv.mkDerivation (rec { homepage = http://www.gnu.org/software/gettext/; - maintainers = [ ]; - platforms = stdenv.lib.platforms.all; + maintainers = with lib.maintainers; [ zimbatm ]; + platforms = lib.platforms.all; }; } @@ -102,4 +103,4 @@ stdenv.mkDerivation (rec { sed -i gettext-tools/gnulib-lib/Makefile.in \ -e 's/am_libgettextlib_la_OBJECTS =/am_libgettextlib_la_OBJECTS = error.lo/g' ''; -}) +} diff --git a/pkgs/development/libraries/gettext/expat.nix b/pkgs/development/libraries/gettext/expat.nix deleted file mode 100644 index fc6116b39160..000000000000 --- a/pkgs/development/libraries/gettext/expat.nix +++ /dev/null @@ -1,10 +0,0 @@ -{ runCommand, gettext, expat, makeWrapper }: - -runCommand "gettext-expat-${gettext.name}" { buildInputs = [ makeWrapper ]; } '' - mkdir $out - cp -rf ${gettext}/* $out/ - chmod a+w $out/bin - for p in $out/bin/*; do - wrapProgram $p --prefix LD_LIBRARY_PATH : ${expat}/lib - done -'' diff --git a/pkgs/development/libraries/glibc/builder.sh b/pkgs/development/libraries/glibc/builder.sh index 2836063e3bf4..d0684d6194d0 100644 --- a/pkgs/development/libraries/glibc/builder.sh +++ b/pkgs/development/libraries/glibc/builder.sh @@ -22,22 +22,11 @@ postInstall() { test -f $out/etc/ld.so.cache && rm $out/etc/ld.so.cache - # FIXME: Use `test -n $linuxHeaders' when `kernelHeaders' has been - # renamed. - if test -z "$hurdHeaders"; then + if test -n "$linuxHeaders"; then # Include the Linux kernel headers in Glibc, except the `scsi' # subdirectory, which Glibc provides itself. (cd $out/include && \ - ln -sv $(ls -d $kernelHeaders/include/* | grep -v 'scsi$') .) - fi - - if test -f "$out/lib/libhurduser.so"; then - # libc.so, libhurduser.so, and libmachuser.so depend on each - # other, so add them to libc.so (a RUNPATH on libc.so.0.3 - # would be ignored by the cross-linker.) - echo "adding \`libhurduser.so' and \`libmachuser.so' to the \`libc.so' linker script..." - sed -i "$out/lib/libc.so" \ - -e"s|\(libc\.so\.[^ ]\+\>\)|\1 $out/lib/libhurduser.so $out/lib/libmachuser.so|g" + ln -sv $(ls -d $linuxHeaders/include/* | grep -v 'scsi$') .) fi # Fix for NIXOS-54 (ldd not working on x86_64). Make a symlink diff --git a/pkgs/development/libraries/glibc/common.nix b/pkgs/development/libraries/glibc/common.nix index 45f5c24e959b..13d5adcd9b13 100644 --- a/pkgs/development/libraries/glibc/common.nix +++ b/pkgs/development/libraries/glibc/common.nix @@ -3,27 +3,22 @@ cross: -{ name, fetchurl, fetchgit ? null, stdenv, installLocales ? false -, gccCross ? null, kernelHeaders ? null -, machHeaders ? null, hurdHeaders ? null, libpthreadHeaders ? null -, mig ? null +{ name, fetchurl, lib, stdenv, installLocales ? false +, gccCross ? null, linuxHeaders ? null , profilingLibraries ? false, meta , withGd ? false, gd ? null, libpng ? null , preConfigure ? "", ... }@args: let - version = "2.21"; - + version = "2.23"; + sha256 = "1lk9a8jv5kyx8hp0wmfzjyk047q95ybyjqbyw5idl7414jxqml1b"; in assert cross != null -> gccCross != null; -assert mig != null -> machHeaders != null; -assert machHeaders != null -> hurdHeaders != null; -assert hurdHeaders != null -> libpthreadHeaders != null; stdenv.mkDerivation ({ - inherit kernelHeaders installLocales; + inherit linuxHeaders installLocales; # The host/target system. crossConfig = if cross != null then cross.config else null; @@ -32,9 +27,7 @@ stdenv.mkDerivation ({ enableParallelBuilding = true; - /* Don't try to apply these patches to the Hurd's snapshot, which is - older. */ - patches = stdenv.lib.optionals (hurdHeaders == null) + patches = [ /* Have rpcgen(1) look for cpp(1) in $PATH. */ ./rpcgen-path.patch @@ -56,14 +49,6 @@ stdenv.mkDerivation ({ "/bin:/usr/bin", which is inappropriate on NixOS machines. This patch extends the search path by "/run/current-system/sw/bin". */ ./fix_path_attribute_in_getconf.patch - - ./security-4a28f4d5.patch - ./security-bdf1ff05.patch - ./cve-2014-8121.patch - ./cve-2015-1781.patch - ./cve-2015-7547.patch - - ./glibc-locale-incompatibility.patch ]; postPatch = @@ -100,36 +85,35 @@ stdenv.mkDerivation ({ "--sysconfdir=/etc" "--localedir=/var/run/current-system/sw/lib/locale" "libc_cv_ssp=no" - (if kernelHeaders != null - then "--with-headers=${kernelHeaders}/include" + (if linuxHeaders != null + then "--with-headers=${linuxHeaders}/include" else "--without-headers") (if profilingLibraries then "--enable-profile" else "--disable-profile") - ] ++ stdenv.lib.optionals (cross == null && kernelHeaders != null) [ + ] ++ lib.optionals (cross == null && linuxHeaders != null) [ "--enable-kernel=2.6.32" - ] ++ stdenv.lib.optionals (cross != null) [ + ] ++ lib.optionals (cross != null) [ (if cross.withTLS then "--with-tls" else "--without-tls") (if cross.float == "soft" then "--without-fp" else "--with-fp") - ] ++ stdenv.lib.optionals (cross != null + ] ++ lib.optionals (cross != null && cross.platform ? kernelMajor && cross.platform.kernelMajor == "2.6") [ "--enable-kernel=2.6.0" "--with-__thread" - ] ++ stdenv.lib.optionals (cross == null && stdenv.isArm) [ + ] ++ lib.optionals (cross == null && stdenv.isArm) [ "--host=arm-linux-gnueabi" "--build=arm-linux-gnueabi" # To avoid linking with -lgcc_s (dynamic link) # so the glibc does not depend on its compiler store path "libc_cv_as_needed=no" - ] ++ stdenv.lib.optional withGd "--with-gd"; + ] ++ lib.optional withGd "--with-gd"; installFlags = [ "sysconfdir=$(out)/etc" ]; - buildInputs = stdenv.lib.optionals (cross != null) [ gccCross ] - ++ stdenv.lib.optional (mig != null) mig - ++ stdenv.lib.optionals withGd [ gd libpng ]; + buildInputs = lib.optionals (cross != null) [ gccCross ] + ++ lib.optionals withGd [ gd libpng ]; # Needed to install share/zoneinfo/zone.tab. Set to impure /bin/sh to # prevent a retained dependency on the bootstrap tools in the stdenv-linux @@ -141,32 +125,22 @@ stdenv.mkDerivation ({ # I.e. when gcc is compiled with --with-arch=i686, then the # preprocessor symbol `__i686' will be defined to `1'. This causes # the symbol __i686.get_pc_thunk.dx to be mangled. - NIX_CFLAGS_COMPILE = stdenv.lib.optionalString (stdenv.system == "i686-linux") "-U__i686" + NIX_CFLAGS_COMPILE = lib.optionalString (stdenv.system == "i686-linux") "-U__i686" + " -Wno-error=strict-prototypes"; } # Remove the `gccCross' attribute so that the *native* glibc store path # doesn't depend on whether `gccCross' is null or not. -// (removeAttrs args [ "gccCross" "fetchurl" "fetchgit" "withGd" "gd" "libpng" ]) // +// (removeAttrs args [ "lib" "gccCross" "fetchurl" "withGd" "gd" "libpng" ]) // { name = name + "-${version}" + - stdenv.lib.optionalString (cross != null) "-${cross.config}"; + lib.optionalString (cross != null) "-${cross.config}"; - src = - if hurdHeaders != null - then fetchgit { - # Shamefully the "official" glibc won't build on GNU, so use the one - # maintained by the Hurd folks, `tschwinge/Roger_Whittaker' branch. - # See . - url = "git://git.sv.gnu.org/hurd/glibc.git"; - sha256 = "cecec9dd5a2bafc875c56b058b6d7628a22b250b53747513dec304f31ffdb82d"; - rev = "d3cdecf18e6550b0984a42b43ed48c5fb26501e1"; - } - else fetchurl { - url = "mirror://gnu/glibc/glibc-${version}.tar.gz"; - sha256 = "0f4prv4c0fcpi85wv4028wqxn075197gwxhgf0vp571fiw2pi3wd"; - }; + src = fetchurl { + url = "mirror://gnu/glibc/glibc-${version}.tar.gz"; + inherit sha256; + }; # Remove absolute paths from `configure' & co.; build out-of-tree. preConfigure = '' @@ -182,17 +156,18 @@ stdenv.mkDerivation ({ configureScript="`pwd`/../$sourceRoot/configure" - ${stdenv.lib.optionalString (stdenv.cc.libc != null) + ${lib.optionalString (stdenv.cc.libc != null) ''makeFlags="$makeFlags BUILD_LDFLAGS=-Wl,-rpath,${stdenv.cc.libc}/lib"'' } ${preConfigure} ''; + preBuild = lib.optionalString withGd "unset NIX_DONT_SET_RPATH"; + meta = { homepage = http://www.gnu.org/software/libc/; - description = "The GNU C Library" - + stdenv.lib.optionalString (hurdHeaders != null) ", for GNU/Hurd"; + description = "The GNU C Library"; longDescription = '' Any Unix-like operating system needs a C library: the library which @@ -203,24 +178,9 @@ stdenv.mkDerivation ({ most systems with the Linux kernel. ''; - license = stdenv.lib.licenses.lgpl2Plus; + license = lib.licenses.lgpl2Plus; - maintainers = [ ]; - #platforms = stdenv.lib.platforms.linux; + maintainers = [ lib.maintainers.eelco ]; + #platforms = lib.platforms.linux; } // meta; -} - -// stdenv.lib.optionalAttrs withGd { - preBuild = "unset NIX_DONT_SET_RPATH"; -} - -// stdenv.lib.optionalAttrs (hurdHeaders != null) { - # Work around the fact that the configure snippet that looks for - # does not honor `--with-headers=$sysheaders' and that - # glibc expects Mach, Hurd, and pthread headers to be in the same place. - CPATH = "${hurdHeaders}/include:${machHeaders}/include:${libpthreadHeaders}/include"; - - # Install NSS stuff in the right place. - # XXX: This will be needed for all new glibcs and isn't Hurd-specific. - makeFlags = ''vardbdir="$out/var/db"''; }) diff --git a/pkgs/development/libraries/glibc/cve-2014-8121.patch b/pkgs/development/libraries/glibc/cve-2014-8121.patch deleted file mode 100644 index 95a86259dba8..000000000000 --- a/pkgs/development/libraries/glibc/cve-2014-8121.patch +++ /dev/null @@ -1,230 +0,0 @@ -From 03d2730b44cc2236318fd978afa2651753666c55 Mon Sep 17 00:00:00 2001 -From: Florian Weimer -Date: Wed, 29 Apr 2015 14:41:25 +0200 -Subject: [PATCH] CVE-2014-8121: Do not close NSS files database during - iteration [BZ #18007] -MIME-Version: 1.0 -Content-Type: text/plain; charset=utf8 -Content-Transfer-Encoding: 8bit - -Robin Hack discovered Samba would enter an infinite loop processing -certain quota-related requests. We eventually tracked this down to a -glibc issue. - -Running a (simplified) test case under strace shows that /etc/passwd -is continuously opened and closed: - -… -open("/etc/passwd", O_RDONLY|O_CLOEXEC) = 3 -lseek(3, 0, SEEK_CUR) = 0 -read(3, "root:x:0:0:root:/root:/bin/bash\n"..., 4096) = 2717 -lseek(3, 2717, SEEK_SET) = 2717 -close(3) = 0 -open("/etc/passwd", O_RDONLY|O_CLOEXEC) = 3 -lseek(3, 0, SEEK_CUR) = 0 -lseek(3, 0, SEEK_SET) = 0 -read(3, "root:x:0:0:root:/root:/bin/bash\n"..., 4096) = 2717 -lseek(3, 2717, SEEK_SET) = 2717 -close(3) = 0 -open("/etc/passwd", O_RDONLY|O_CLOEXEC) = 3 -lseek(3, 0, SEEK_CUR) = 0 -… - -The lookup function implementation in -nss/nss_files/files-XXX.c:DB_LOOKUP has code to prevent that. It is -supposed skip closing the input file if it was already open. - - /* Reset file pointer to beginning or open file. */ \ - status = internal_setent (keep_stream); \ - \ - if (status == NSS_STATUS_SUCCESS) \ - { \ - /* Tell getent function that we have repositioned the file pointer. */ \ - last_use = getby; \ - \ - while ((status = internal_getent (result, buffer, buflen, errnop \ - H_ERRNO_ARG EXTRA_ARGS_VALUE)) \ - == NSS_STATUS_SUCCESS) \ - { break_if_match } \ - \ - if (! keep_stream) \ - internal_endent (); \ - } \ - -keep_stream is initialized from the stayopen flag in internal_setent. -internal_setent is called from the set*ent implementation as: - - status = internal_setent (stayopen); - -However, for non-host database, this flag is always 0, per the -STAYOPEN magic in nss/getXXent_r.c. - -Thus, the fix is this: - -- status = internal_setent (stayopen); -+ status = internal_setent (1); - -This is not a behavioral change even for the hosts database (where the -application can specify the stayopen flag) because with a call to -sethostent(0), the file handle is still not closed in the -implementation of gethostent. ---- - ChangeLog | 8 ++++ - NEWS | 12 +++-- - nss/Makefile | 2 +- - nss/nss_files/files-XXX.c | 2 +- - nss/tst-nss-getpwent.c | 118 ++++++++++++++++++++++++++++++++++++++++++++++ - 5 files changed, 136 insertions(+), 6 deletions(-) - create mode 100644 nss/tst-nss-getpwent.c - -diff --git a/nss/Makefile b/nss/Makefile -index d75dad2..65ab7b5 100644 ---- a/nss/Makefile -+++ b/nss/Makefile -@@ -47,7 +47,7 @@ install-bin := getent makedb - makedb-modules = xmalloc hash-string - extra-objs += $(makedb-modules:=.o) - --tests = test-netdb tst-nss-test1 test-digits-dots -+tests = test-netdb tst-nss-test1 test-digits-dots tst-nss-getpwent - xtests = bug-erange - - # Specify rules for the nss_* modules. We have some services. -diff --git a/nss/nss_files/files-XXX.c b/nss/nss_files/files-XXX.c -index a7a45e5..a7ce5ea 100644 ---- a/nss/nss_files/files-XXX.c -+++ b/nss/nss_files/files-XXX.c -@@ -134,7 +134,7 @@ CONCAT(_nss_files_set,ENTNAME) (int stayopen) - - __libc_lock_lock (lock); - -- status = internal_setent (stayopen); -+ status = internal_setent (1); - - if (status == NSS_STATUS_SUCCESS && fgetpos (stream, &position) < 0) - { -diff --git a/nss/tst-nss-getpwent.c b/nss/tst-nss-getpwent.c -new file mode 100644 -index 0000000..f2e8abc ---- /dev/null -+++ b/nss/tst-nss-getpwent.c -@@ -0,0 +1,118 @@ -+/* Copyright (C) 2015 Free Software Foundation, Inc. -+ This file is part of the GNU C Library. -+ -+ The GNU C Library is free software; you can redistribute it and/or -+ modify it under the terms of the GNU Lesser General Public -+ License as published by the Free Software Foundation; either -+ version 2.1 of the License, or (at your option) any later version. -+ -+ The GNU C Library is distributed in the hope that it will be useful, -+ but WITHOUT ANY WARRANTY; without even the implied warranty of -+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU -+ Lesser General Public License for more details. -+ -+ You should have received a copy of the GNU Lesser General Public -+ License along with the GNU C Library; if not, see -+ . */ -+ -+#include -+#include -+#include -+#include -+#include -+ -+int -+do_test (void) -+{ -+ /* Count the number of entries in the password database, and fetch -+ data from the first and last entries. */ -+ size_t count = 0; -+ struct passwd * pw; -+ char *first_name = NULL; -+ uid_t first_uid = 0; -+ char *last_name = NULL; -+ uid_t last_uid = 0; -+ setpwent (); -+ while ((pw = getpwent ()) != NULL) -+ { -+ if (first_name == NULL) -+ { -+ first_name = strdup (pw->pw_name); -+ if (first_name == NULL) -+ { -+ printf ("strdup: %m\n"); -+ return 1; -+ } -+ first_uid = pw->pw_uid; -+ } -+ -+ free (last_name); -+ last_name = strdup (pw->pw_name); -+ if (last_name == NULL) -+ { -+ printf ("strdup: %m\n"); -+ return 1; -+ } -+ last_uid = pw->pw_uid; -+ ++count; -+ } -+ endpwent (); -+ -+ if (count == 0) -+ { -+ printf ("No entries in the password database.\n"); -+ return 0; -+ } -+ -+ /* Try again, this time interleaving with name-based and UID-based -+ lookup operations. The counts do not match if the interleaved -+ lookups affected the enumeration. */ -+ size_t new_count = 0; -+ setpwent (); -+ while ((pw = getpwent ()) != NULL) -+ { -+ if (new_count == count) -+ { -+ printf ("Additional entry in the password database.\n"); -+ return 1; -+ } -+ ++new_count; -+ struct passwd *pw2 = getpwnam (first_name); -+ if (pw2 == NULL) -+ { -+ printf ("getpwnam (%s) failed: %m\n", first_name); -+ return 1; -+ } -+ pw2 = getpwnam (last_name); -+ if (pw2 == NULL) -+ { -+ printf ("getpwnam (%s) failed: %m\n", last_name); -+ return 1; -+ } -+ pw2 = getpwuid (first_uid); -+ if (pw2 == NULL) -+ { -+ printf ("getpwuid (%llu) failed: %m\n", -+ (unsigned long long) first_uid); -+ return 1; -+ } -+ pw2 = getpwuid (last_uid); -+ if (pw2 == NULL) -+ { -+ printf ("getpwuid (%llu) failed: %m\n", -+ (unsigned long long) last_uid); -+ return 1; -+ } -+ } -+ endpwent (); -+ if (new_count < count) -+ { -+ printf ("Missing entry in the password database.\n"); -+ return 1; -+ } -+ -+ return 0; -+} -+ -+#define TEST_FUNCTION do_test () -+#include "../test-skeleton.c" - diff --git a/pkgs/development/libraries/glibc/cve-2015-1781.patch b/pkgs/development/libraries/glibc/cve-2015-1781.patch deleted file mode 100644 index 6831d5ac7426..000000000000 --- a/pkgs/development/libraries/glibc/cve-2015-1781.patch +++ /dev/null @@ -1,27 +0,0 @@ -From 2959eda9272a033863c271aff62095abd01bd4e3 Mon Sep 17 00:00:00 2001 -From: Arjun Shankar -Date: Tue, 21 Apr 2015 14:06:31 +0200 -Subject: [PATCH] CVE-2015-1781: resolv/nss_dns/dns-host.c buffer overflow - [BZ#18287] - ---- - ChangeLog | 6 ++++++ - NEWS | 9 ++++++++- - resolv/nss_dns/dns-host.c | 3 ++- - 3 files changed, 16 insertions(+), 2 deletions(-) - -diff --git a/resolv/nss_dns/dns-host.c b/resolv/nss_dns/dns-host.c -index b16b0dd..d8c5579 100644 ---- a/resolv/nss_dns/dns-host.c -+++ b/resolv/nss_dns/dns-host.c -@@ -615,7 +615,8 @@ getanswer_r (const querybuf *answer, int anslen, const char *qname, int qtype, - int have_to_map = 0; - uintptr_t pad = -(uintptr_t) buffer % __alignof__ (struct host_data); - buffer += pad; -- if (__glibc_unlikely (buflen < sizeof (struct host_data) + pad)) -+ buflen = buflen > pad ? buflen - pad : 0; -+ if (__glibc_unlikely (buflen < sizeof (struct host_data))) - { - /* The buffer is too small. */ - too_small: - diff --git a/pkgs/development/libraries/glibc/cve-2015-7547.patch b/pkgs/development/libraries/glibc/cve-2015-7547.patch deleted file mode 100644 index 9bf0bcc388cb..000000000000 --- a/pkgs/development/libraries/glibc/cve-2015-7547.patch +++ /dev/null @@ -1,573 +0,0 @@ - -CVE-2015-7547 - -2016-02-15 Carlos O'Donell - - [BZ #18665] - * resolv/nss_dns/dns-host.c (gaih_getanswer_slice): Always set - *herrno_p. - (gaih_getanswer): Document functional behviour. Return tryagain - if any result is tryagain. - * resolv/res_query.c (__libc_res_nsearch): Set buffer size to zero - when freed. - * resolv/res_send.c: Add copyright text. - (__libc_res_nsend): Document that MAXPACKET is expected. - (send_vc): Document. Remove buffer reuse. - (send_dg): Document. Remove buffer reuse. Set *thisanssizp to set the - size of the buffer. Add Dprint for truncated UDP buffer. - -diff --git a/resolv/nss_dns/dns-host.c b/resolv/nss_dns/dns-host.c -index a255d5e..47cfe27 100644 ---- a/resolv/nss_dns/dns-host.c -+++ b/resolv/nss_dns/dns-host.c -@@ -1031,7 +1031,10 @@ gaih_getanswer_slice (const querybuf *answer, int anslen, const char *qname, - int h_namelen = 0; - - if (ancount == 0) -- return NSS_STATUS_NOTFOUND; -+ { -+ *h_errnop = HOST_NOT_FOUND; -+ return NSS_STATUS_NOTFOUND; -+ } - - while (ancount-- > 0 && cp < end_of_message && had_error == 0) - { -@@ -1208,7 +1211,14 @@ gaih_getanswer_slice (const querybuf *answer, int anslen, const char *qname, - /* Special case here: if the resolver sent a result but it only - contains a CNAME while we are looking for a T_A or T_AAAA record, - we fail with NOTFOUND instead of TRYAGAIN. */ -- return canon == NULL ? NSS_STATUS_TRYAGAIN : NSS_STATUS_NOTFOUND; -+ if (canon != NULL) -+ { -+ *h_errnop = HOST_NOT_FOUND; -+ return NSS_STATUS_NOTFOUND; -+ } -+ -+ *h_errnop = NETDB_INTERNAL; -+ return NSS_STATUS_TRYAGAIN; - } - - -@@ -1222,11 +1232,101 @@ gaih_getanswer (const querybuf *answer1, int anslen1, const querybuf *answer2, - - enum nss_status status = NSS_STATUS_NOTFOUND; - -+ /* Combining the NSS status of two distinct queries requires some -+ compromise and attention to symmetry (A or AAAA queries can be -+ returned in any order). What follows is a breakdown of how this -+ code is expected to work and why. We discuss only SUCCESS, -+ TRYAGAIN, NOTFOUND and UNAVAIL, since they are the only returns -+ that apply (though RETURN and MERGE exist). We make a distinction -+ between TRYAGAIN (recoverable) and TRYAGAIN' (not-recoverable). -+ A recoverable TRYAGAIN is almost always due to buffer size issues -+ and returns ERANGE in errno and the caller is expected to retry -+ with a larger buffer. -+ -+ Lastly, you may be tempted to make significant changes to the -+ conditions in this code to bring about symmetry between responses. -+ Please don't change anything without due consideration for -+ expected application behaviour. Some of the synthesized responses -+ aren't very well thought out and sometimes appear to imply that -+ IPv4 responses are always answer 1, and IPv6 responses are always -+ answer 2, but that's not true (see the implemetnation of send_dg -+ and send_vc to see response can arrive in any order, particlarly -+ for UDP). However, we expect it holds roughly enough of the time -+ that this code works, but certainly needs to be fixed to make this -+ a more robust implementation. -+ -+ ---------------------------------------------- -+ | Answer 1 Status / | Synthesized | Reason | -+ | Answer 2 Status | Status | | -+ |--------------------------------------------| -+ | SUCCESS/SUCCESS | SUCCESS | [1] | -+ | SUCCESS/TRYAGAIN | TRYAGAIN | [5] | -+ | SUCCESS/TRYAGAIN' | SUCCESS | [1] | -+ | SUCCESS/NOTFOUND | SUCCESS | [1] | -+ | SUCCESS/UNAVAIL | SUCCESS | [1] | -+ | TRYAGAIN/SUCCESS | TRYAGAIN | [2] | -+ | TRYAGAIN/TRYAGAIN | TRYAGAIN | [2] | -+ | TRYAGAIN/TRYAGAIN' | TRYAGAIN | [2] | -+ | TRYAGAIN/NOTFOUND | TRYAGAIN | [2] | -+ | TRYAGAIN/UNAVAIL | TRYAGAIN | [2] | -+ | TRYAGAIN'/SUCCESS | SUCCESS | [3] | -+ | TRYAGAIN'/TRYAGAIN | TRYAGAIN | [3] | -+ | TRYAGAIN'/TRYAGAIN' | TRYAGAIN' | [3] | -+ | TRYAGAIN'/NOTFOUND | TRYAGAIN' | [3] | -+ | TRYAGAIN'/UNAVAIL | UNAVAIL | [3] | -+ | NOTFOUND/SUCCESS | SUCCESS | [3] | -+ | NOTFOUND/TRYAGAIN | TRYAGAIN | [3] | -+ | NOTFOUND/TRYAGAIN' | TRYAGAIN' | [3] | -+ | NOTFOUND/NOTFOUND | NOTFOUND | [3] | -+ | NOTFOUND/UNAVAIL | UNAVAIL | [3] | -+ | UNAVAIL/SUCCESS | UNAVAIL | [4] | -+ | UNAVAIL/TRYAGAIN | UNAVAIL | [4] | -+ | UNAVAIL/TRYAGAIN' | UNAVAIL | [4] | -+ | UNAVAIL/NOTFOUND | UNAVAIL | [4] | -+ | UNAVAIL/UNAVAIL | UNAVAIL | [4] | -+ ---------------------------------------------- -+ -+ [1] If the first response is a success we return success. -+ This ignores the state of the second answer and in fact -+ incorrectly sets errno and h_errno to that of the second -+ answer. However because the response is a success we ignore -+ *errnop and *h_errnop (though that means you touched errno on -+ success). We are being conservative here and returning the -+ likely IPv4 response in the first answer as a success. -+ -+ [2] If the first response is a recoverable TRYAGAIN we return -+ that instead of looking at the second response. The -+ expectation here is that we have failed to get an IPv4 response -+ and should retry both queries. -+ -+ [3] If the first response was not a SUCCESS and the second -+ response is not NOTFOUND (had a SUCCESS, need to TRYAGAIN, -+ or failed entirely e.g. TRYAGAIN' and UNAVAIL) then use the -+ result from the second response, otherwise the first responses -+ status is used. Again we have some odd side-effects when the -+ second response is NOTFOUND because we overwrite *errnop and -+ *h_errnop that means that a first answer of NOTFOUND might see -+ its *errnop and *h_errnop values altered. Whether it matters -+ in practice that a first response NOTFOUND has the wrong -+ *errnop and *h_errnop is undecided. -+ -+ [4] If the first response is UNAVAIL we return that instead of -+ looking at the second response. The expectation here is that -+ it will have failed similarly e.g. configuration failure. -+ -+ [5] Testing this code is complicated by the fact that truncated -+ second response buffers might be returned as SUCCESS if the -+ first answer is a SUCCESS. To fix this we add symmetry to -+ TRYAGAIN with the second response. If the second response -+ is a recoverable error we now return TRYAGIN even if the first -+ response was SUCCESS. */ -+ - if (anslen1 > 0) - status = gaih_getanswer_slice(answer1, anslen1, qname, - &pat, &buffer, &buflen, - errnop, h_errnop, ttlp, - &first); -+ - if ((status == NSS_STATUS_SUCCESS || status == NSS_STATUS_NOTFOUND - || (status == NSS_STATUS_TRYAGAIN - /* We want to look at the second answer in case of an -@@ -1242,8 +1342,15 @@ gaih_getanswer (const querybuf *answer1, int anslen1, const querybuf *answer2, - &pat, &buffer, &buflen, - errnop, h_errnop, ttlp, - &first); -+ /* Use the second response status in some cases. */ - if (status != NSS_STATUS_SUCCESS && status2 != NSS_STATUS_NOTFOUND) - status = status2; -+ /* Do not return a truncated second response (unless it was -+ unavoidable e.g. unrecoverable TRYAGAIN). */ -+ if (status == NSS_STATUS_SUCCESS -+ && (status2 == NSS_STATUS_TRYAGAIN -+ && *errnop == ERANGE && *h_errnop != NO_RECOVERY)) -+ status = NSS_STATUS_TRYAGAIN; - } - - return status; -diff --git a/resolv/res_query.c b/resolv/res_query.c -index 4a9b3b3..95470a9 100644 ---- a/resolv/res_query.c -+++ b/resolv/res_query.c -@@ -396,6 +396,7 @@ __libc_res_nsearch(res_state statp, - { - free (*answerp2); - *answerp2 = NULL; -+ *nanswerp2 = 0; - *answerp2_malloced = 0; - } - } -@@ -447,6 +448,7 @@ __libc_res_nsearch(res_state statp, - { - free (*answerp2); - *answerp2 = NULL; -+ *nanswerp2 = 0; - *answerp2_malloced = 0; - } - -@@ -521,6 +523,7 @@ __libc_res_nsearch(res_state statp, - { - free (*answerp2); - *answerp2 = NULL; -+ *nanswerp2 = 0; - *answerp2_malloced = 0; - } - if (saved_herrno != -1) -diff --git a/resolv/res_send.c b/resolv/res_send.c -index a968b95..21843f1 100644 ---- a/resolv/res_send.c -+++ b/resolv/res_send.c -@@ -1,3 +1,20 @@ -+/* Copyright (C) 2016 Free Software Foundation, Inc. -+ This file is part of the GNU C Library. -+ -+ The GNU C Library is free software; you can redistribute it and/or -+ modify it under the terms of the GNU Lesser General Public -+ License as published by the Free Software Foundation; either -+ version 2.1 of the License, or (at your option) any later version. -+ -+ The GNU C Library is distributed in the hope that it will be useful, -+ but WITHOUT ANY WARRANTY; without even the implied warranty of -+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU -+ Lesser General Public License for more details. -+ -+ You should have received a copy of the GNU Lesser General Public -+ License along with the GNU C Library; if not, see -+ . */ -+ - /* - * Copyright (c) 1985, 1989, 1993 - * The Regents of the University of California. All rights reserved. -@@ -355,6 +372,8 @@ __libc_res_nsend(res_state statp, const u_char *buf, int buflen, - #ifdef USE_HOOKS - if (__glibc_unlikely (statp->qhook || statp->rhook)) { - if (anssiz < MAXPACKET && ansp) { -+ /* Always allocate MAXPACKET, callers expect -+ this specific size. */ - u_char *buf = malloc (MAXPACKET); - if (buf == NULL) - return (-1); -@@ -630,6 +649,77 @@ get_nsaddr (res_state statp, int n) - return (struct sockaddr *) (void *) &statp->nsaddr_list[n]; - } - -+/* The send_vc function is responsible for sending a DNS query over TCP -+ to the nameserver numbered NS from the res_state STATP i.e. -+ EXT(statp).nssocks[ns]. The function supports sending both IPv4 and -+ IPv6 queries at the same serially on the same socket. -+ -+ Please note that for TCP there is no way to disable sending both -+ queries, unlike UDP, which honours RES_SNGLKUP and RES_SNGLKUPREOP -+ and sends the queries serially and waits for the result after each -+ sent query. This implemetnation should be corrected to honour these -+ options. -+ -+ Please also note that for TCP we send both queries over the same -+ socket one after another. This technically violates best practice -+ since the server is allowed to read the first query, respond, and -+ then close the socket (to service another client). If the server -+ does this, then the remaining second query in the socket data buffer -+ will cause the server to send the client an RST which will arrive -+ asynchronously and the client's OS will likely tear down the socket -+ receive buffer resulting in a potentially short read and lost -+ response data. This will force the client to retry the query again, -+ and this process may repeat until all servers and connection resets -+ are exhausted and then the query will fail. It's not known if this -+ happens with any frequency in real DNS server implementations. This -+ implementation should be corrected to use two sockets by default for -+ parallel queries. -+ -+ The query stored in BUF of BUFLEN length is sent first followed by -+ the query stored in BUF2 of BUFLEN2 length. Queries are sent -+ serially on the same socket. -+ -+ Answers to the query are stored firstly in *ANSP up to a max of -+ *ANSSIZP bytes. If more than *ANSSIZP bytes are needed and ANSCP -+ is non-NULL (to indicate that modifying the answer buffer is allowed) -+ then malloc is used to allocate a new response buffer and ANSCP and -+ ANSP will both point to the new buffer. If more than *ANSSIZP bytes -+ are needed but ANSCP is NULL, then as much of the response as -+ possible is read into the buffer, but the results will be truncated. -+ When truncation happens because of a small answer buffer the DNS -+ packets header feild TC will bet set to 1, indicating a truncated -+ message and the rest of the socket data will be read and discarded. -+ -+ Answers to the query are stored secondly in *ANSP2 up to a max of -+ *ANSSIZP2 bytes, with the actual response length stored in -+ *RESPLEN2. If more than *ANSSIZP bytes are needed and ANSP2 -+ is non-NULL (required for a second query) then malloc is used to -+ allocate a new response buffer, *ANSSIZP2 is set to the new buffer -+ size and *ANSP2_MALLOCED is set to 1. -+ -+ The ANSP2_MALLOCED argument will eventually be removed as the -+ change in buffer pointer can be used to detect the buffer has -+ changed and that the caller should use free on the new buffer. -+ -+ Note that the answers may arrive in any order from the server and -+ therefore the first and second answer buffers may not correspond to -+ the first and second queries. -+ -+ It is not supported to call this function with a non-NULL ANSP2 -+ but a NULL ANSCP. Put another way, you can call send_vc with a -+ single unmodifiable buffer or two modifiable buffers, but no other -+ combination is supported. -+ -+ It is the caller's responsibility to free the malloc allocated -+ buffers by detecting that the pointers have changed from their -+ original values i.e. *ANSCP or *ANSP2 has changed. -+ -+ If errors are encountered then *TERRNO is set to an appropriate -+ errno value and a zero result is returned for a recoverable error, -+ and a less-than zero result is returned for a non-recoverable error. -+ -+ If no errors are encountered then *TERRNO is left unmodified and -+ a the length of the first response in bytes is returned. */ - static int - send_vc(res_state statp, - const u_char *buf, int buflen, const u_char *buf2, int buflen2, -@@ -639,11 +729,7 @@ send_vc(res_state statp, - { - const HEADER *hp = (HEADER *) buf; - const HEADER *hp2 = (HEADER *) buf2; -- u_char *ans = *ansp; -- int orig_anssizp = *anssizp; -- // XXX REMOVE -- // int anssiz = *anssizp; -- HEADER *anhp = (HEADER *) ans; -+ HEADER *anhp = (HEADER *) *ansp; - struct sockaddr_in6 *nsap = EXT(statp).nsaddrs[ns]; - int truncating, connreset, n; - /* On some architectures compiler might emit a warning indicating -@@ -731,6 +817,8 @@ send_vc(res_state statp, - * Receive length & response - */ - int recvresp1 = 0; -+ /* Skip the second response if there is no second query. -+ To do that we mark the second response as received. */ - int recvresp2 = buf2 == NULL; - uint16_t rlen16; - read_len: -@@ -767,40 +855,14 @@ send_vc(res_state statp, - u_char **thisansp; - int *thisresplenp; - if ((recvresp1 | recvresp2) == 0 || buf2 == NULL) { -+ /* We have not received any responses -+ yet or we only have one response to -+ receive. */ - thisanssizp = anssizp; - thisansp = anscp ?: ansp; - assert (anscp != NULL || ansp2 == NULL); - thisresplenp = &resplen; - } else { -- if (*anssizp != MAXPACKET) { -- /* No buffer allocated for the first -- reply. We can try to use the rest -- of the user-provided buffer. */ --#if __GNUC_PREREQ (4, 7) -- DIAG_PUSH_NEEDS_COMMENT; -- DIAG_IGNORE_NEEDS_COMMENT (5, "-Wmaybe-uninitialized"); --#endif --#if _STRING_ARCH_unaligned -- *anssizp2 = orig_anssizp - resplen; -- *ansp2 = *ansp + resplen; --#else -- int aligned_resplen -- = ((resplen + __alignof__ (HEADER) - 1) -- & ~(__alignof__ (HEADER) - 1)); -- *anssizp2 = orig_anssizp - aligned_resplen; -- *ansp2 = *ansp + aligned_resplen; --#endif --#if __GNUC_PREREQ (4, 7) -- DIAG_POP_NEEDS_COMMENT; --#endif -- } else { -- /* The first reply did not fit into the -- user-provided buffer. Maybe the second -- answer will. */ -- *anssizp2 = orig_anssizp; -- *ansp2 = *ansp; -- } -- - thisanssizp = anssizp2; - thisansp = ansp2; - thisresplenp = resplen2; -@@ -804,10 +870,14 @@ send_vc(res_state statp, - anhp = (HEADER *) *thisansp; - - *thisresplenp = rlen; -- if (rlen > *thisanssizp) { -- /* Yes, we test ANSCP here. If we have two buffers -- both will be allocatable. */ -- if (__glibc_likely (anscp != NULL)) { -+ /* Is the answer buffer too small? */ -+ if (*thisanssizp < rlen) { -+ /* If the current buffer is not the the static -+ user-supplied buffer then we can reallocate -+ it. */ -+ if (thisansp != NULL && thisansp != ansp) { -+ /* Always allocate MAXPACKET, callers expect -+ this specific size. */ - u_char *newp = malloc (MAXPACKET); - if (newp == NULL) { - *terrno = ENOMEM; -@@ -819,6 +889,9 @@ send_vc(res_state statp, - if (thisansp == ansp2) - *ansp2_malloced = 1; - anhp = (HEADER *) newp; -+ /* A uint16_t can't be larger than MAXPACKET -+ thus it's safe to allocate MAXPACKET but -+ read RLEN bytes instead. */ - len = rlen; - } else { - Dprint(statp->options & RES_DEBUG, -@@ -948,6 +1021,66 @@ reopen (res_state statp, int *terrno, int ns) - return 1; - } - -+/* The send_dg function is responsible for sending a DNS query over UDP -+ to the nameserver numbered NS from the res_state STATP i.e. -+ EXT(statp).nssocks[ns]. The function supports IPv4 and IPv6 queries -+ along with the ability to send the query in parallel for both stacks -+ (default) or serially (RES_SINGLKUP). It also supports serial lookup -+ with a close and reopen of the socket used to talk to the server -+ (RES_SNGLKUPREOP) to work around broken name servers. -+ -+ The query stored in BUF of BUFLEN length is sent first followed by -+ the query stored in BUF2 of BUFLEN2 length. Queries are sent -+ in parallel (default) or serially (RES_SINGLKUP or RES_SNGLKUPREOP). -+ -+ Answers to the query are stored firstly in *ANSP up to a max of -+ *ANSSIZP bytes. If more than *ANSSIZP bytes are needed and ANSCP -+ is non-NULL (to indicate that modifying the answer buffer is allowed) -+ then malloc is used to allocate a new response buffer and ANSCP and -+ ANSP will both point to the new buffer. If more than *ANSSIZP bytes -+ are needed but ANSCP is NULL, then as much of the response as -+ possible is read into the buffer, but the results will be truncated. -+ When truncation happens because of a small answer buffer the DNS -+ packets header feild TC will bet set to 1, indicating a truncated -+ message, while the rest of the UDP packet is discarded. -+ -+ Answers to the query are stored secondly in *ANSP2 up to a max of -+ *ANSSIZP2 bytes, with the actual response length stored in -+ *RESPLEN2. If more than *ANSSIZP bytes are needed and ANSP2 -+ is non-NULL (required for a second query) then malloc is used to -+ allocate a new response buffer, *ANSSIZP2 is set to the new buffer -+ size and *ANSP2_MALLOCED is set to 1. -+ -+ The ANSP2_MALLOCED argument will eventually be removed as the -+ change in buffer pointer can be used to detect the buffer has -+ changed and that the caller should use free on the new buffer. -+ -+ Note that the answers may arrive in any order from the server and -+ therefore the first and second answer buffers may not correspond to -+ the first and second queries. -+ -+ It is not supported to call this function with a non-NULL ANSP2 -+ but a NULL ANSCP. Put another way, you can call send_vc with a -+ single unmodifiable buffer or two modifiable buffers, but no other -+ combination is supported. -+ -+ It is the caller's responsibility to free the malloc allocated -+ buffers by detecting that the pointers have changed from their -+ original values i.e. *ANSCP or *ANSP2 has changed. -+ -+ If an answer is truncated because of UDP datagram DNS limits then -+ *V_CIRCUIT is set to 1 and the return value non-zero to indicate to -+ the caller to retry with TCP. The value *GOTSOMEWHERE is set to 1 -+ if any progress was made reading a response from the nameserver and -+ is used by the caller to distinguish between ECONNREFUSED and -+ ETIMEDOUT (the latter if *GOTSOMEWHERE is 1). -+ -+ If errors are encountered then *TERRNO is set to an appropriate -+ errno value and a zero result is returned for a recoverable error, -+ and a less-than zero result is returned for a non-recoverable error. -+ -+ If no errors are encountered then *TERRNO is left unmodified and -+ a the length of the first response in bytes is returned. */ - static int - send_dg(res_state statp, - const u_char *buf, int buflen, const u_char *buf2, int buflen2, -@@ -957,8 +1090,6 @@ send_dg(res_state statp, - { - const HEADER *hp = (HEADER *) buf; - const HEADER *hp2 = (HEADER *) buf2; -- u_char *ans = *ansp; -- int orig_anssizp = *anssizp; - struct timespec now, timeout, finish; - struct pollfd pfd[1]; - int ptimeout; -@@ -991,6 +1122,8 @@ send_dg(res_state statp, - int need_recompute = 0; - int nwritten = 0; - int recvresp1 = 0; -+ /* Skip the second response if there is no second query. -+ To do that we mark the second response as received. */ - int recvresp2 = buf2 == NULL; - pfd[0].fd = EXT(statp).nssocks[ns]; - pfd[0].events = POLLOUT; -@@ -1154,55 +1287,56 @@ send_dg(res_state statp, - int *thisresplenp; - - if ((recvresp1 | recvresp2) == 0 || buf2 == NULL) { -+ /* We have not received any responses -+ yet or we only have one response to -+ receive. */ - thisanssizp = anssizp; - thisansp = anscp ?: ansp; - assert (anscp != NULL || ansp2 == NULL); - thisresplenp = &resplen; - } else { -- if (*anssizp != MAXPACKET) { -- /* No buffer allocated for the first -- reply. We can try to use the rest -- of the user-provided buffer. */ --#if _STRING_ARCH_unaligned -- *anssizp2 = orig_anssizp - resplen; -- *ansp2 = *ansp + resplen; --#else -- int aligned_resplen -- = ((resplen + __alignof__ (HEADER) - 1) -- & ~(__alignof__ (HEADER) - 1)); -- *anssizp2 = orig_anssizp - aligned_resplen; -- *ansp2 = *ansp + aligned_resplen; --#endif -- } else { -- /* The first reply did not fit into the -- user-provided buffer. Maybe the second -- answer will. */ -- *anssizp2 = orig_anssizp; -- *ansp2 = *ansp; -- } -- - thisanssizp = anssizp2; - thisansp = ansp2; - thisresplenp = resplen2; - } - - if (*thisanssizp < MAXPACKET -- /* Yes, we test ANSCP here. If we have two buffers -- both will be allocatable. */ -- && anscp -+ /* If the current buffer is not the the static -+ user-supplied buffer then we can reallocate -+ it. */ -+ && (thisansp != NULL && thisansp != ansp) - #ifdef FIONREAD -+ /* Is the size too small? */ - && (ioctl (pfd[0].fd, FIONREAD, thisresplenp) < 0 - || *thisanssizp < *thisresplenp) - #endif - ) { -+ /* Always allocate MAXPACKET, callers expect -+ this specific size. */ - u_char *newp = malloc (MAXPACKET); - if (newp != NULL) { -- *anssizp = MAXPACKET; -- *thisansp = ans = newp; -+ *thisanssizp = MAXPACKET; -+ *thisansp = newp; - if (thisansp == ansp2) - *ansp2_malloced = 1; - } - } -+ /* We could end up with truncation if anscp was NULL -+ (not allowed to change caller's buffer) and the -+ response buffer size is too small. This isn't a -+ reliable way to detect truncation because the ioctl -+ may be an inaccurate report of the UDP message size. -+ Therefore we use this only to issue debug output. -+ To do truncation accurately with UDP we need -+ MSG_TRUNC which is only available on Linux. We -+ can abstract out the Linux-specific feature in the -+ future to detect truncation. */ -+ if (__glibc_unlikely (*thisanssizp < *thisresplenp)) { -+ Dprint(statp->options & RES_DEBUG, -+ (stdout, ";; response may be truncated (UDP)\n") -+ ); -+ } -+ - HEADER *anhp = (HEADER *) *thisansp; - socklen_t fromlen = sizeof(struct sockaddr_in6); - assert (sizeof(from) <= fromlen); - diff --git a/pkgs/development/libraries/glibc/default.nix b/pkgs/development/libraries/glibc/default.nix index 08eaf555e02d..5e25c2dc8bc8 100644 --- a/pkgs/development/libraries/glibc/default.nix +++ b/pkgs/development/libraries/glibc/default.nix @@ -1,6 +1,4 @@ -{ stdenv, fetchurl, fetchgit ? null, kernelHeaders -, machHeaders ? null, hurdHeaders ? null, libpthreadHeaders ? null -, mig ? null +{ lib, stdenv, fetchurl, linuxHeaders , installLocales ? true , profilingLibraries ? false , gccCross ? null @@ -16,11 +14,10 @@ let in build cross ({ name = "glibc" - + stdenv.lib.optionalString (hurdHeaders != null) "-hurd" - + stdenv.lib.optionalString debugSymbols "-debug" - + stdenv.lib.optionalString withGd "-gd"; + + lib.optionalString debugSymbols "-debug" + + lib.optionalString withGd "-gd"; - inherit fetchurl fetchgit stdenv kernelHeaders installLocales + inherit lib stdenv fetchurl linuxHeaders installLocales profilingLibraries gccCross withGd gd libpng; builder = ./builder.sh; @@ -58,23 +55,6 @@ in // - (if hurdHeaders != null - then rec { - inherit machHeaders hurdHeaders libpthreadHeaders mig fetchgit; - - propagatedBuildInputs = [ machHeaders hurdHeaders libpthreadHeaders ]; - - passthru = { - # When building GCC itself `propagatedBuildInputs' above is not - # honored, so we pass it here so that the GCC builder can do the right - # thing. - inherit propagatedBuildInputs; - }; - } - else { }) - - // - (if cross != null then { preConfigure = '' diff --git a/pkgs/development/libraries/glibc/glibc-locale-incompatibility.patch b/pkgs/development/libraries/glibc/glibc-locale-incompatibility.patch deleted file mode 100644 index 8ca2ce4cd88a..000000000000 --- a/pkgs/development/libraries/glibc/glibc-locale-incompatibility.patch +++ /dev/null @@ -1,25 +0,0 @@ -http://git.savannah.gnu.org/cgit/guix.git/plain/gnu/packages/patches/glibc-locale-incompatibility.patch - -This patch avoids an assertion failure when incompatible locale data -is encountered: - - https://sourceware.org/ml/libc-alpha/2015-09/msg00575.html - ---- glibc-2.22/locale/loadlocale.c 2015-09-22 17:16:02.321981548 +0200 -+++ glibc-2.22/locale/loadlocale.c 2015-09-22 17:17:34.814659064 +0200 -@@ -120,10 +120,11 @@ - _nl_value_type_LC_XYZ array. There are all pointers. */ - switch (category) - { --#define CATTEST(cat) \ -- case LC_##cat: \ -- assert (cnt < (sizeof (_nl_value_type_LC_##cat) \ -- / sizeof (_nl_value_type_LC_##cat[0]))); \ -+#define CATTEST(cat) \ -+ case LC_##cat: \ -+ if (cnt >= (sizeof (_nl_value_type_LC_##cat) \ -+ / sizeof (_nl_value_type_LC_##cat[0]))) \ -+ goto puntdata; \ - break - CATTEST (NUMERIC); - CATTEST (TIME); diff --git a/pkgs/development/libraries/glibc/info.nix b/pkgs/development/libraries/glibc/info.nix index e4cdb42dd689..1e60856430db 100644 --- a/pkgs/development/libraries/glibc/info.nix +++ b/pkgs/development/libraries/glibc/info.nix @@ -1,4 +1,4 @@ -{ stdenv, fetchurl, texinfo, perl }: +{ lib, stdenv, fetchurl, texinfo, perl }: let build = import ./common.nix; in @@ -6,7 +6,7 @@ let build = import ./common.nix; in build null { name = "glibc-info"; - inherit fetchurl stdenv; + inherit fetchurl stdenv lib; configureFlags = [ "--enable-add-ons" ]; diff --git a/pkgs/development/libraries/glibc/locales.nix b/pkgs/development/libraries/glibc/locales.nix index cbf7af22cac1..9607d7ecb223 100644 --- a/pkgs/development/libraries/glibc/locales.nix +++ b/pkgs/development/libraries/glibc/locales.nix @@ -6,14 +6,14 @@ http://sourceware.org/cgi-bin/cvsweb.cgi/libc/localedata/SUPPORTED?cvsroot=glibc */ -{ stdenv, fetchurl, writeText, allLocales ? true, locales ? ["en_US.UTF-8/UTF-8"] }: +{ lib, stdenv, fetchurl, writeText, allLocales ? true, locales ? ["en_US.UTF-8/UTF-8"] }: let build = import ./common.nix; in build null { name = "glibc-locales"; - inherit fetchurl stdenv; + inherit fetchurl stdenv lib; installLocales = true; builder = ./locales-builder.sh; diff --git a/pkgs/development/libraries/glibc/security-4a28f4d5.patch b/pkgs/development/libraries/glibc/security-4a28f4d5.patch deleted file mode 100644 index 25f994d859c1..000000000000 --- a/pkgs/development/libraries/glibc/security-4a28f4d5.patch +++ /dev/null @@ -1,53 +0,0 @@ -From 4a28f4d55a6cc33474c0792fe93b5942d81bf185 Mon Sep 17 00:00:00 2001 -From: Andreas Schwab -Date: Thu, 26 Feb 2015 14:55:24 +0100 -Subject: [PATCH] Fix read past end of pattern in fnmatch (bug 18032) - ---- - ChangeLog | 7 +++++++ - NEWS | 2 +- - posix/fnmatch_loop.c | 5 ++--- - posix/tst-fnmatch3.c | 8 +++++--- - 4 files changed, 15 insertions(+), 7 deletions(-) - -diff --git a/posix/fnmatch_loop.c b/posix/fnmatch_loop.c -index c0cb2fc..72c5d8f 100644 ---- a/posix/fnmatch_loop.c -+++ b/posix/fnmatch_loop.c -@@ -945,14 +945,13 @@ FCT (pattern, string, string_end, no_leading_period, flags, ends, alloca_used) - } - else if (c == L('[') && *p == L('.')) - { -- ++p; - while (1) - { - c = *++p; -- if (c == '\0') -+ if (c == L('\0')) - return FNM_NOMATCH; - -- if (*p == L('.') && p[1] == L(']')) -+ if (c == L('.') && p[1] == L(']')) - break; - } - p += 2; -diff --git a/posix/tst-fnmatch3.c b/posix/tst-fnmatch3.c -index d27a557..75bc00a 100644 ---- a/posix/tst-fnmatch3.c -+++ b/posix/tst-fnmatch3.c -@@ -21,9 +21,11 @@ - int - do_test (void) - { -- const char *pattern = "[[:alpha:]'[:alpha:]\0]"; -- -- return fnmatch (pattern, "a", 0) != FNM_NOMATCH; -+ if (fnmatch ("[[:alpha:]'[:alpha:]\0]", "a", 0) != FNM_NOMATCH) -+ return 1; -+ if (fnmatch ("[a[.\0.]]", "a", 0) != FNM_NOMATCH) -+ return 1; -+ return 0; - } - - #define TEST_FUNCTION do_test () - diff --git a/pkgs/development/libraries/glibc/security-bdf1ff05.patch b/pkgs/development/libraries/glibc/security-bdf1ff05.patch deleted file mode 100644 index b4175694f912..000000000000 --- a/pkgs/development/libraries/glibc/security-bdf1ff05.patch +++ /dev/null @@ -1,39 +0,0 @@ -From bdf1ff052a8e23d637f2c838fa5642d78fcedc33 Mon Sep 17 00:00:00 2001 -From: Paul Pluzhnikov -Date: Sun, 22 Feb 2015 12:01:47 -0800 -Subject: [PATCH] Fix BZ #17269 -- _IO_wstr_overflow integer overflow - ---- - ChangeLog | 6 ++++++ - NEWS | 6 +++--- - libio/wstrops.c | 8 +++++++- - 3 files changed, 16 insertions(+), 4 deletions(-) - -diff --git a/libio/wstrops.c b/libio/wstrops.c -index 43d847d..3993579 100644 ---- a/libio/wstrops.c -+++ b/libio/wstrops.c -@@ -95,8 +95,11 @@ _IO_wstr_overflow (fp, c) - wchar_t *old_buf = fp->_wide_data->_IO_buf_base; - size_t old_wblen = _IO_wblen (fp); - _IO_size_t new_size = 2 * old_wblen + 100; -- if (new_size < old_wblen) -+ -+ if (__glibc_unlikely (new_size < old_wblen) -+ || __glibc_unlikely (new_size > SIZE_MAX / sizeof (wchar_t))) - return EOF; -+ - new_buf - = (wchar_t *) (*((_IO_strfile *) fp)->_s._allocate_buffer) (new_size - * sizeof (wchar_t)); -@@ -186,6 +189,9 @@ enlarge_userbuf (_IO_FILE *fp, _IO_off64_t offset, int reading) - return 1; - - _IO_size_t newsize = offset + 100; -+ if (__glibc_unlikely (newsize > SIZE_MAX / sizeof (wchar_t))) -+ return 1; -+ - wchar_t *oldbuf = wd->_IO_buf_base; - wchar_t *newbuf - = (wchar_t *) (*((_IO_strfile *) fp)->_s._allocate_buffer) (newsize - diff --git a/pkgs/development/libraries/openssl/default.nix b/pkgs/development/libraries/openssl/default.nix index db17e0cd73ae..98e168f310d0 100644 --- a/pkgs/development/libraries/openssl/default.nix +++ b/pkgs/development/libraries/openssl/default.nix @@ -21,7 +21,9 @@ let patches = [ ./use-etc-ssl-certs.patch ] ++ optional stdenv.isCygwin ./1.0.1-cygwin64.patch - ++ optional (stdenv.lib.versionOlder version "1.0.2" && (stdenv.isDarwin || (stdenv ? cross && stdenv.cross.libc == "libSystem"))) ./darwin-arch.patch; + ++ optional + (versionOlder version "1.0.2" && (stdenv.isDarwin || (stdenv ? cross && stdenv.cross.libc == "libSystem"))) + ./darwin-arch.patch; nativeBuildInputs = [ perl ]; buildInputs = stdenv.lib.optional withCryptodev cryptodevHeaders; @@ -102,9 +104,9 @@ in { sha256 = "0iik7a3b0mrfrxzngdf7ywfscg9inbw77y0jp2ccw0gdap9xhjvq"; }; - openssl_1_0_2 = common { + openssl_1_0_2 = lowPrio (common { version = "1.0.2f"; sha256 = "932b4ee4def2b434f85435d9e3e19ca8ba99ce9a065a61524b429a9d5e9b2e9c"; - }; + }); } diff --git a/pkgs/development/tools/misc/patchelf/setup-hook.sh b/pkgs/development/tools/misc/patchelf/setup-hook.sh index a76fbfbd509c..563ef57fce11 100644 --- a/pkgs/development/tools/misc/patchelf/setup-hook.sh +++ b/pkgs/development/tools/misc/patchelf/setup-hook.sh @@ -5,12 +5,16 @@ fixupOutputHooks+=('if [ -z "$dontPatchELF" ]; then patchELF "$prefix"; fi') patchELF() { - header "patching ELF executables and libraries in $prefix" - if [ -e "$prefix" ]; then - find "$prefix" \( \ - \( -type f -a -name "*.so*" \) -o \ - \( -type f -a -perm -0100 \) \ - \) -print -exec patchelf --shrink-rpath '{}' \; - fi + local dir="$1" + header "shrinking RPATHs of ELF executables and libraries in $dir" + + local i + while IFS= read -r -d $'\0' i; do + if [[ "$i" =~ .build-id ]]; then continue; fi + if ! isELF "$i"; then continue; fi + echo "shrinking $i" + patchelf --shrink-rpath "$i" || true + done < <(find "$dir" -type f -print0) + stopNest } diff --git a/pkgs/os-specific/linux/cpufrequtils/default.nix b/pkgs/os-specific/linux/cpufrequtils/default.nix index b7822035c20c..65be409a75e3 100644 --- a/pkgs/os-specific/linux/cpufrequtils/default.nix +++ b/pkgs/os-specific/linux/cpufrequtils/default.nix @@ -21,7 +21,7 @@ stdenv.mkDerivation rec { -i Makefile ''; - buildInputs = [ stdenv.cc.libc.kernelHeaders libtool gettext ]; + buildInputs = [ stdenv.cc.libc.linuxHeaders libtool gettext ]; meta = { description = "Tools to display or change the CPU governor settings"; diff --git a/pkgs/os-specific/linux/dietlibc/default.nix b/pkgs/os-specific/linux/dietlibc/default.nix index b795cb60da6e..d98bfb967356 100644 --- a/pkgs/os-specific/linux/dietlibc/default.nix +++ b/pkgs/os-specific/linux/dietlibc/default.nix @@ -11,7 +11,7 @@ stdenv.mkDerivation { builder = ./builder.sh; inherit glibc; - kernelHeaders = glibc.kernelHeaders; + kernelHeaders = glibc.linuxHeaders; patches = [ diff --git a/pkgs/os-specific/linux/systemd/default.nix b/pkgs/os-specific/linux/systemd/default.nix index ec5a85ef4ada..cb1521a4005e 100644 --- a/pkgs/os-specific/linux/systemd/default.nix +++ b/pkgs/os-specific/linux/systemd/default.nix @@ -1,5 +1,5 @@ { stdenv, fetchFromGitHub, pkgconfig, intltool, gperf, libcap, dbus, kmod -, xz, pam, acl, cryptsetup, libuuid, m4, utillinux +, xz, pam, acl, cryptsetup, libuuid, m4, utillinuxMinimal , glib, kbd, libxslt, coreutils, libgcrypt, libgpgerror, libapparmor, audit, lz4 , kexectools, libmicrohttpd, linuxHeaders, libseccomp , autoreconfHook, gettext, docbook_xsl, docbook_xml_dtd_42, docbook_xml_dtd_45 @@ -75,13 +75,13 @@ stdenv.mkDerivation rec { test -e $i substituteInPlace $i \ --replace /usr/bin/getent ${stdenv.glibc}/bin/getent \ - --replace /bin/mount ${utillinux}/bin/mount \ - --replace /bin/umount ${utillinux}/bin/umount \ - --replace /sbin/swapon ${utillinux}/sbin/swapon \ - --replace /sbin/swapoff ${utillinux}/sbin/swapoff \ + --replace /bin/mount ${utillinuxMinimal}/bin/mount \ + --replace /bin/umount ${utillinuxMinimal}/bin/umount \ + --replace /sbin/swapon ${utillinuxMinimal}/sbin/swapon \ + --replace /sbin/swapoff ${utillinuxMinimal}/sbin/swapoff \ --replace /bin/echo ${coreutils}/bin/echo \ --replace /bin/cat ${coreutils}/bin/cat \ - --replace /sbin/sulogin ${utillinux}/sbin/sulogin \ + --replace /sbin/sulogin ${utillinuxMinimal}/sbin/sulogin \ --replace /usr/lib/systemd/systemd-fsck $out/lib/systemd/systemd-fsck done diff --git a/pkgs/os-specific/linux/util-linux/default.nix b/pkgs/os-specific/linux/util-linux/default.nix index bcd9aa58bccf..a84740b1a30b 100644 --- a/pkgs/os-specific/linux/util-linux/default.nix +++ b/pkgs/os-specific/linux/util-linux/default.nix @@ -1,4 +1,6 @@ -{ stdenv, fetchurl, zlib, ncurses ? null, perl ? null, pam }: +{ stdenv, fetchurl, zlib, ncurses ? null, perl ? null, pam, systemd ? null +, pkgconfig +}: stdenv.mkDerivation rec { name = "util-linux-2.27.1"; @@ -38,11 +40,16 @@ stdenv.mkDerivation rec { --disable-use-tty-group --enable-fs-paths-default=/var/setuid-wrappers:/var/run/current-system/sw/bin:/sbin ${if ncurses == null then "--without-ncurses" else ""} + ${if systemd == null then "" else '' + --with-systemd + --with-systemdsystemunitdir=$out/lib/systemd/system/ + ''} ''; buildInputs = [ zlib pam ] ++ stdenv.lib.optional (ncurses != null) ncurses + ++ stdenv.lib.optional (systemd != null) [ systemd pkgconfig ] ++ stdenv.lib.optional (perl != null) perl; postInstall = '' diff --git a/pkgs/stdenv/generic/setup.sh b/pkgs/stdenv/generic/setup.sh index 7d25472993c5..b49846fa050c 100644 --- a/pkgs/stdenv/generic/setup.sh +++ b/pkgs/stdenv/generic/setup.sh @@ -180,6 +180,17 @@ installBin() { } +# Return success if the specified file is an ELF object. +isELF() { + local fn="$1" + local magic + exec {fd}< "$fn" + read -n 4 -u $fd magic + exec {fd}<&- + if [[ "$magic" =~ ELF ]]; then return 0; else return 1; fi +} + + ###################################################################### # Initialisation. @@ -373,7 +384,9 @@ paxmark() { true; } # Prevent OpenSSL-based applications from using certificates in # /etc/ssl. -export SSL_CERT_FILE=/no-cert-file.crt +if [ -z "$SSL_CERT_FILE" ]; then + export SSL_CERT_FILE=/no-cert-file.crt +fi ###################################################################### diff --git a/pkgs/stdenv/linux/default.nix b/pkgs/stdenv/linux/default.nix index ac7d8f5c706c..cd49d4a5a742 100644 --- a/pkgs/stdenv/linux/default.nix +++ b/pkgs/stdenv/linux/default.nix @@ -78,7 +78,7 @@ rec { dontPatchShebangs=1 ${commonPreHook} ''; - shell = "${bootstrapTools}/bin/sh"; + shell = "${bootstrapTools}/bin/bash"; initialPath = [bootstrapTools]; fetchurlBoot = import ../../build-support/fetchurl { stdenv = stage0.stdenv; diff --git a/pkgs/tools/misc/coreutils/default.nix b/pkgs/tools/misc/coreutils/default.nix index baa3900ad97a..3bd5a9cbc589 100644 --- a/pkgs/tools/misc/coreutils/default.nix +++ b/pkgs/tools/misc/coreutils/default.nix @@ -1,4 +1,4 @@ -{ stdenv, fetchurl, perl, gmp ? null +{ lib, stdenv, fetchurl, perl, gmp ? null , aclSupport ? false, acl ? null , selinuxSupport? false, libselinux ? null, libsepol ? null , autoconf, automake114x, texinfo @@ -8,34 +8,24 @@ assert aclSupport -> acl != null; assert selinuxSupport -> libselinux != null && libsepol != null; - -with { inherit (stdenv.lib) optional optionals optionalString optionalAttrs; }; +with lib; let self = stdenv.mkDerivation rec { - name = "coreutils-8.24"; + name = "coreutils-8.25"; src = fetchurl { url = "mirror://gnu/coreutils/${name}.tar.xz"; - sha256 = "0w11jw3fb5sslf0f72kxy7llxgk1ia3a6bcw0c9kmvxrlj355mx2"; + sha256 = "11yfrnb94xzmvi4lhclkcmkqsbhww64wf234ya1aacjvg82prrii"; }; - patches = if stdenv.isCygwin then ./coreutils-8.23-4.cygwin.patch else - (if stdenv.isArm then (fetchurl { - url = "http://git.savannah.gnu.org/cgit/coreutils.git/patch/?id=3ba68f9e64fa2eb8af22d510437a0c6441feb5e0"; - sha256 = "1dnlszhc8lihhg801i9sz896mlrgfsjfcz62636prb27k5hmixqz"; - name = "coreutils-tail-inotify-race.patch"; - }) else null); + patches = optional stdenv.isCygwin ./coreutils-8.23-4.cygwin.patch; # The test tends to fail on btrfs and maybe other unusual filesystems. - postPatch = stdenv.lib.optionalString (!stdenv.isDarwin) '' + postPatch = optionalString (!stdenv.isDarwin) '' sed '2i echo Skipping dd sparse test && exit 0' -i ./tests/dd/sparse.sh sed '2i echo Skipping cp sparse test && exit 0' -i ./tests/cp/sparse.sh - '' + - # This is required by coreutils-tail-inotify-race.patch to avoid more deps - stdenv.lib.optionalString stdenv.isArm '' - touch -r src/stat.c src/tail.c - ''; + ''; configureFlags = optionalString stdenv.isSunOS "ac_cv_func_inotify_init=no"; @@ -83,20 +73,18 @@ let enableParallelBuilding = false; NIX_LDFLAGS = optionalString selinuxSupport "-lsepol"; - FORCE_UNSAFE_CONFIGURE = stdenv.lib.optionalString (stdenv.system == "armv7l-linux" || stdenv.isSunOS) "1"; + FORCE_UNSAFE_CONFIGURE = optionalString stdenv.isSunOS "1"; makeFlags = optionalString stdenv.isDarwin "CFLAGS=-D_FORTIFY_SOURCE=0"; # e.g. ls -> gls; grep -> ggrep - postFixup = # feel free to simplify on a mass rebuild - if withPrefix then + postFixup = optionalString withPrefix '' ( cd "$out/bin" find * -type f -executable -exec mv {} g{} \; ) - '' - else null; + ''; meta = { homepage = http://www.gnu.org/software/coreutils/; @@ -109,11 +97,11 @@ let operating system. ''; - license = stdenv.lib.licenses.gpl3Plus; + license = licenses.gpl3Plus; - platforms = stdenv.lib.platforms.all; + platforms = platforms.all; - maintainers = [ stdenv.lib.maintainers.eelco ]; + maintainers = [ maintainers.eelco ]; }; }; in diff --git a/pkgs/tools/networking/nbd/default.nix b/pkgs/tools/networking/nbd/default.nix index 6cb75152af06..967b3863f205 100644 --- a/pkgs/tools/networking/nbd/default.nix +++ b/pkgs/tools/networking/nbd/default.nix @@ -8,7 +8,9 @@ stdenv.mkDerivation rec { sha256 = "1pkkid657zgjymwxv3fm32cxnq9llfz29rl15vp6mn42vnzbj1di"; }; - buildInputs = [ pkgconfig glib ] ++ stdenv.lib.optional (stdenv ? glibc) stdenv.glibc.kernelHeaders; + buildInputs = + [ pkgconfig glib ] + ++ stdenv.lib.optional (stdenv ? glibc) stdenv.glibc.linuxHeaders; postInstall = '' mkdir -p "$out/share/doc/${name}" diff --git a/pkgs/top-level/all-packages.nix b/pkgs/top-level/all-packages.nix index 7fbb88c1c53c..bdc31b6b419c 100644 --- a/pkgs/top-level/all-packages.nix +++ b/pkgs/top-level/all-packages.nix @@ -6747,12 +6747,6 @@ let gettext = callPackage ../development/libraries/gettext { }; - gettextWithExpat = if stdenv.isDarwin - then gettext.overrideDerivation (drv: { - configureFlags = drv.configureFlags ++ [ "--with-libexpat-prefix=${expat}" ]; - }) - else callPackage ../development/libraries/gettext/expat.nix { }; - gd = callPackage ../development/libraries/gd { }; gdal = callPackage ../development/libraries/gdal { }; @@ -6777,22 +6771,18 @@ let glfw3 = callPackage ../development/libraries/glfw/3.x.nix { }; glibc = callPackage ../development/libraries/glibc { - kernelHeaders = linuxHeaders; installLocales = config.glibc.locales or false; - machHeaders = null; - hurdHeaders = null; gccCross = null; }; glibc_memusage = callPackage ../development/libraries/glibc { - kernelHeaders = linuxHeaders; installLocales = false; withGd = true; }; glibcCross = forceNativeDrv (glibc.override { gccCross = gccCrossStageStatic; - kernelHeaders = linuxHeadersCross; + linuxHeaders = linuxHeadersCross; }); # We can choose: @@ -6987,9 +6977,7 @@ let cupsSupport = config.gtk2.cups or stdenv.isLinux; }; - gtk3 = callPackage ../development/libraries/gtk+/3.x.nix { - gettext = gettextWithExpat; - }; + gtk3 = callPackage ../development/libraries/gtk+/3.x.nix { }; gtk = pkgs.gtk2; @@ -10125,8 +10113,8 @@ let libuuid = if crossSystem != null && crossSystem.config == "i586-pc-gnu" - then (utillinux // { - crossDrv = lib.overrideDerivation utillinux.crossDrv (args: { + then (utillinuxMinimal // { + crossDrv = lib.overrideDerivation utillinuxMinimal.crossDrv (args: { # `libblkid' fails to build on GNU/Hurd. configureFlags = args.configureFlags + " --disable-libblkid --disable-mount --disable-libmount" @@ -10139,7 +10127,7 @@ let }); }) else if stdenv.isLinux - then utillinux + then utillinuxMinimal else null; light = callPackage ../os-specific/linux/light { }; @@ -10913,13 +10901,12 @@ let usermount = callPackage ../os-specific/linux/usermount { }; - utillinux = callPackage ../os-specific/linux/util-linux { + utillinux = callPackage ../os-specific/linux/util-linux { }; + + utillinuxMinimal = appendToName "minimal" (utillinux.override { ncurses = null; perl = null; - }; - - utillinuxCurses = appendToName "curses" (utillinux.override { - inherit ncurses perl; + systemd = null; }); v4l_utils = callPackage ../os-specific/linux/v4l-utils { @@ -16204,6 +16191,7 @@ aliases = with pkgs; { firefox-wrapper = firefox; # 2016-01 firefoxWrapper = firefox; # 2015-09 fuse_exfat = exfat; # 2015-09-11 + gettextWithExpat = gettext; # 2016-02-19 grantlee5 = qt5.grantlee; # added 2015-12-19 gupnptools = gupnp-tools; # added 2015-12-19 htmlTidy = html-tidy; # added 2014-12-06 diff --git a/pkgs/top-level/release-small.nix b/pkgs/top-level/release-small.nix index fc428a73743b..017865919739 100644 --- a/pkgs/top-level/release-small.nix +++ b/pkgs/top-level/release-small.nix @@ -169,7 +169,7 @@ with import ./release-lib.nix { inherit supportedSystems; }; upstart = linux; usbutils = linux; utillinux = linux; - utillinuxCurses = linux; + utillinuxMinimal = linux; w3m = all; webkit = linux; wget = all;