3
0
Fork 0
forked from mirrors/nixpkgs
Commit graph

132 commits

Author SHA1 Message Date
Jörg Thalheim a65e3b66cb
Merge pull request #137601 from fzakaria/faridzakaria/glibc-netbase
glibc: allow environment variable for /etc/ files (i.e. /etc/protocols)
2021-09-21 08:07:02 +01:00
Farid Zakaria 4687d7523b glibc: add dependency on netbase /etc/protocols
Add an explicit dependency on netbase for /etc/protocols

Certain functions in glibc look for files present in /etc such as getprotobyname which reads /etc/protocols.
If you are using Nix over a Linux installation, this file may not be present, and therefore it will cause errors.

- add netbase as a new package in nixpks
- add a dependency in glibc on it using postPatchPhase and substitute
the path

Fixes #124401
2021-09-19 19:37:56 -07:00
TredwellGit 22b6677be5 glibc: 2.33-49 -> 2.33-50 2021-08-26 05:15:49 +00:00
TredwellGit e78c292010 glibc: 2.33-47 -> 2.33-49
https://sourceware.org/bugzilla/show_bug.cgi?id=28213
2021-08-19 03:33:29 +00:00
TredwellGit c2d4ce2808
Pick #130412: glibc: 2.33-45 -> 2.33-47 (security)
Includes CVE-2021-35942.
https://sourceware.org/bugzilla/show_bug.cgi?id=28011
2021-07-17 21:01:27 +02:00
Bernardo Meurer acdcb8566a
glibc: 2.32-46 -> 2.33-45 2021-07-06 16:02:15 +02:00
misuzu 33f09f4713 glibc: use --enable-static-pie only on supported platforms
glibc fails to build for armv7l without this change.
2021-07-02 18:08:26 +03:00
TredwellGit e58564267b glibc: 2.32-46 -> 2.32-48
https://sourceware.org/bugzilla/show_bug.cgi?id=27896
https://nvd.nist.gov/vuln/detail/CVE-2021-33574
2021-06-10 23:22:45 +00:00
github-actions[bot] a1f68141f3
Merge staging-next into staging 2021-06-06 18:30:36 +00:00
Andrew Childs e57b58bd0e glibc: fix build vs host tool confusion
Fixes cross compilation from aarch64-linux -> armv7l-linux
2021-06-04 21:44:23 +09:00
Jörg Thalheim 5551a78578
Merge pull request #123989 from Mic92/static-pie
glibc: allow to build position-independent static executable
2021-05-25 06:32:25 +01:00
Jörg Thalheim 61c74e1aee
glibc: allow to build position-independent static executable
This enables ALSR on static executables, which makes them harder to
exploit by providing a crt suitable for static PIEs.

Does this break existing binaries? Likely not. Static-pie is only
used if explicitly enabled.
2021-05-22 13:33:49 +02:00
Jonathan Ringer a459e51174 glibc: restore version passthru
downstream packages use the major.minor version
to determine ABI compatibility and paths which
do not depend on patch version
2021-05-18 12:54:43 -07:00
John Ericson 77e97ac4ca glibc: Use pname and version 2021-05-10 20:56:33 +00:00
TredwellGit ba793bcaa8 glibc: 2.32-40 -> 2.32-46 2021-04-14 07:13:15 +00:00
TredwellGit 6fb325e389 glibc: 2.32-39 -> 2.32-40 2021-03-30 19:10:03 +00:00
TredwellGit 9e06efd3c8 glibc: 2.32-37 -> 2.32-39
https://sourceware.org/bugzilla/show_bug.cgi?id=27462
https://nvd.nist.gov/vuln/detail/CVE-2021-27645
2021-03-09 02:48:09 +00:00
TredwellGit 1ef3b900c6 glibc: 2.32-35 -> 2.32-37 2021-01-29 07:50:56 +00:00
Jan Tojnar 01ee4ea574
Merge branch 'master' into staging-next 2021-01-24 00:09:45 +01:00
John Ericson 9c213398b3 lib: Clean up how linux and gcc config is specified
Second attempt of 8929989614589ee3acd070a6409b2b9700c92d65; see that
commit for details.

This reverts commit 0bc275e634.
2021-01-23 10:01:28 -05:00
Jonathan Ringer 0bc275e634
Revert "lib: Clean up how linux and gcc config is specified"
This is a stdenv-rebuild, and should not be merged
into master

This reverts commit 8929989614.
2021-01-22 14:07:06 -08:00
TredwellGit 733b53313c glibc: 2.32-25 -> 2.32-35 2021-01-22 21:36:16 +01:00
John Ericson 8929989614 lib: Clean up how linux and gcc config is specified
The `platform` field is pointless nesting: it's just stuff that happens
to be defined together, and that should be an implementation detail.

This instead makes `linux-kernel` and `gcc` top level fields in platform
configs. They join `rustc` there [all are optional], which was put there
and not in `platform` in anticipation of a change like this.

`linux-kernel.arch` in particular also becomes `linuxArch`, to match the
other `*Arch`es.

The next step after is this to combine the *specific* machines from
`lib.systems.platforms` with `lib.systems.examples`, keeping just the
"multiplatform" ones for defaulting.
2021-01-21 22:44:09 -05:00
TredwellGit 9a4e098cc4 glibc: 2.32-24 -> 2.32-25
https://sourceware.org/bugzilla/show_bug.cgi?id=24973
2021-01-09 08:48:18 +01:00
TredwellGit 899354d2c8 glibc: 2.32-10 -> 2.32-24
https://sourceware.org/glibc/wiki/Release
https://sourceware.org/git/?p=glibc.git;a=log;h=refs/heads/release/2.32/master
2020-12-30 20:04:16 -05:00
luc65r dde943e535 Revert "Revert "Merge pull request #86954 from lovesegfault/binutils-2.34""
This reverts commit 24c96b9259.
2020-12-28 08:43:32 +01:00
Vladimír Čunát 098a7b67ac glibc: 2.32 -> 2.32-10
This should fix #100799 thanks to
https://sourceware.org/bugzilla/show_bug.cgi?id=26534#c5
2020-12-08 05:19:20 +01:00
Ryan Burns 0924152075 glibc: fix cross-compile to ppc64le
Fixes cross-compilation when build == host != target == ppc64le.
Glibc invokes objcopy during cross-compilation to ppc64le, which
fails when the nonprefixed objcopy can't understand the target format.
2020-11-23 19:04:14 -08:00
Maximilian Bosch 30286ebcc1
glibc: 2.31 -> 2.32
ChangeLog: https://sourceware.org/pipermail/libc-announce/2020/000029.html

Patches removed:

* `rpcgen-path.patch` is obsolete as the support for SunOS RPC has been
  removed in 2.32[1].

* The vulnerabilities CVE-2020-1752[2] & CVE-2020-10029[3] are fixed in
  `glibc-2.32`[4][5], thus applying those manually isn't necessary anymore.

I also added myself as second maintainer as I'm quite regularly doing
`glibc`-related stuff in `nixpkgs`, so let's make this situation
official.

[1] https://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commit;h=5500cdba4018ddbda7909bc7f4f9718610b43cf0
[2] https://nvd.nist.gov/vuln/detail/CVE-2020-1752
[3] https://nvd.nist.gov/vuln/detail/CVE-2020-10029
[4] Commit 9333498794cde1d5cca518badf79533a24114b6f (CVE-2020-1752)
[5] Commit ddc650e9b3dc916eab417ce9f79e67337b05035c (CVE-2020-10029)
2020-09-12 23:04:43 +02:00
Matthew Bauer d0677e6d45 treewide: add warning comment to “boot” packages
This adds a warning to the top of each “boot” package that reads:

  Note: this package is used for bootstrapping fetchurl, and thus cannot
  use fetchpatch! All mutable patches (generated by GitHub or cgit) that
  are needed here should be included directly in Nixpkgs as files.

This makes it clear to maintainer that they may need to treat this
package a little differently than others. Importantly, we can’t use
fetchpatch here due to using <nix/fetchurl.nix>. To avoid having stale
hashes, we need to include patches that are subject to changing
overtime (for instance, gitweb’s patches contain a version number at
the bottom).
2020-07-31 08:56:53 +02:00
Maximilian Bosch 9cd98386a3
glibc: build with patches for CVE-2020-1752 & CVE-2020-10029
/cc roundup #88306
2020-06-30 14:29:54 +02:00
Maximilian Bosch 4a78b2b04f
glibc: 2.30 -> 2.31
https://lists.gnu.org/archive/html/info-gnu/2020-02/msg00001.html
2020-06-29 14:41:42 +02:00
Vladimír Čunát 3f08d642fe
glibc: patch CVE-2020-1752
/cc roundup #88306; the issue seems quite serious to me.

I also made two other patches non-conditional, as we rebuild
all platforms anyway.
2020-05-31 09:11:45 +02:00
Frederik Rietdijk 24c96b9259 Revert "Merge pull request #86954 from lovesegfault/binutils-2.34"
Pythons find_library is broken with binutils 2.34, and numpy could not import libraries because of not properly aligned ELF's.

This is the second time binutils 2.34 got reverted. Next time, we should have a dedicated Hydra job for it.

This reverts commit 629fa8a2d4, reversing
changes made to 4ddd080d19.
2020-05-23 10:18:26 +02:00
Bernardo Meurer b83fb95a41 glibc: force OBJDUMP to cc.bintools 2020-05-09 15:21:17 -07:00
Michael Reilly 84cf00f980
treewide: Per RFC45, remove all unquoted URLs 2020-04-10 17:54:53 +01:00
Dmitry Kalinkin 6740593bdd
glibc: provide fallback for kernels with missing prlimit64
The current version of glibc implements support for kernels down to
3.2.0 (and we make sure to enable such support with apporopriate
--enable-kernel setting). The current RHEL6 operating system is based on
a maintained kernel based on 2.6.32 with lots of backports. We provide
basic support for this specific kernel by patching glibc to provide an
exception for this specific version of kernel. This allows for nixpkgs
software distribution to work on RHEL6 and it does so quite well with
almost no problems. There are, however, a few syscalls that are missing
in the 2.6.32 kernel, one of which is prlimit64. This commit provides a
fallback that uses an older {get,set}rlimit syscalls in cases when
prlimit64 is not available. This should streamline the experience for
nixpkgs users wanting to run it on RHEL6, namely, this fixes one of the
tests in findutils.

See also discussion in guix:
https://lists.gnu.org/archive/html/guix-devel/2018-03/msg00356.html
2020-03-01 17:33:27 -05:00
Vladimír Čunát f6519103bf
glibc: use python3Minimal instead of python3
This should improve the speed of bootstrapping process.
Cost of evaluation also decreases a bit,
but I don't expect that will be significant.
2020-02-14 13:19:00 +01:00
Vladimír Čunát c2038483fd
glibc, openssl: unbreak cross eval (with minor caveats)
It's certainly better to have those two caveats than not evaluate.
Both seem rather niche.  Unfortunately I failed to find a better way.
I started testing builds of several cross variants; all seem OK.
2020-02-10 15:52:20 +01:00
Maximilian Bosch 2d5ed2b4b0 glibc: remove outdated patches
Co-authored-by: Luka Blaskovic <lblasc@znode.net>
2020-01-14 08:51:52 +00:00
Vladimír Čunát 2aea16c4d6 glibc: depend on libidn2 (and libunistring, transitively)
It's a bit hacky, but ATM I can't see any better way for glibc >= 2.28.

Signed-off-by: Luka Blaskovic <lblasc@tvbeat.com>
2020-01-14 08:27:00 +00:00
Luka Blaskovic 447edaa32f glibc: 2.27 -> 2.30 2020-01-14 08:26:58 +00:00
Andrew Childs b5a45106ae glibc: backport fix for out of bounds access in IBM-1390 converter 2020-01-12 07:08:19 +09:00
Andrew Childs 22a8e7f13d glibc: fix cross compilation build failure (again) 2020-01-12 06:04:42 +09:00
Florian Klink cd827f2209 Revert "glibc: fix cross compilation build failure"
This reverts commit 51014768d2.
2020-01-11 21:53:02 +01:00
Andrew Childs 51014768d2 glibc: fix cross compilation build failure 2020-01-12 03:37:07 +09:00
Robert Scott 9234d1d6db glibc: add patch for CVE-2019-19126
including patch in-repo as it needs modification to remove the changes to
NEWS but fetchpatch doesn't work here
2019-12-10 18:51:16 +01:00
Niklas Hambüchen def9d09806
Merge pull request #71480 from nh2/glibc-musl-gcc8-werror-fixes
glibc: Fix building with musl on GCC 8
2019-10-31 02:52:29 +01:00
Niklas Hambüchen 08ec575c93 glibc: Fix building with musl on GCC 8.
GCC 8 introduced new warnings that were picked up by -Werror;
this commit makes them non-errors until fixed upstream.

See

* https://github.com/NixOS/nixpkgs/pull/68244#issuecomment-544307798
* https://github.com/nh2/static-haskell-nix/issues/56

This commit takes care to not change the derivation for non-musl builds.
2019-10-30 13:29:53 +01:00
Pierre Bourdon 17be09a1f0
glibc: patch CVE-2018-11236, CVE-2018-11237
Patches have been imported into nixpkgs and manually edited to avoid
merge conflicts on ChangeLog / NEWS files.
2019-10-03 00:03:11 +02:00