diff --git a/pkgs/os-specific/linux/systemd/0007-Ignore-IPv6-link-local-addresses.patch b/pkgs/os-specific/linux/systemd/0007-Ignore-IPv6-link-local-addresses.patch new file mode 100644 index 000000000000..1a8d294fd225 --- /dev/null +++ b/pkgs/os-specific/linux/systemd/0007-Ignore-IPv6-link-local-addresses.patch @@ -0,0 +1,37 @@ +From ab889004b8972258a87798133451f99dfce21823 Mon Sep 17 00:00:00 2001 +From: Eelco Dolstra +Date: Mon, 4 Feb 2013 12:41:14 +0100 +Subject: [PATCH 7/8] Ignore IPv6 link-local addresses + +Returning IPv6 link-local addresses is a bad idea, because they only +work if an application connects specifically over the corresponding +interface. So you get errors like: + + $ curl -6 http://my-machine/ + curl: (7) Failed to connect to fe80::d6be:d9ff:fe1b:8477: Invalid argument + +To prevent this, this patch filters out link-local addresses. So if +you don't have a routable IPv6 address, nss-myhostname will fall back +to returning ::1. +--- + src/nss-myhostname/netlink.c | 4 ++++ + 1 file changed, 4 insertions(+) + +diff --git a/src/nss-myhostname/netlink.c b/src/nss-myhostname/netlink.c +index 53c3b50..621ca1d 100644 +--- a/src/nss-myhostname/netlink.c ++++ b/src/nss-myhostname/netlink.c +@@ -155,6 +155,10 @@ int ifconf_acquire_addresses(struct address **_list, unsigned *_n_list) { + ifaddrmsg->ifa_scope == RT_SCOPE_NOWHERE) + continue; + ++ if (ifaddrmsg->ifa_family == AF_INET6 && ++ ifaddrmsg->ifa_scope == RT_SCOPE_LINK) ++ continue; ++ + if (ifaddrmsg->ifa_flags & IFA_F_DEPRECATED) + continue; + +-- +1.8.1 + diff --git a/pkgs/os-specific/linux/systemd/0008-Fix-a-segfault-in-nscd-when-using-nss-myhostname.patch b/pkgs/os-specific/linux/systemd/0008-Fix-a-segfault-in-nscd-when-using-nss-myhostname.patch new file mode 100644 index 000000000000..6937c6c594e9 --- /dev/null +++ b/pkgs/os-specific/linux/systemd/0008-Fix-a-segfault-in-nscd-when-using-nss-myhostname.patch @@ -0,0 +1,42 @@ +From ef9b259ae24e7bf4ebec04b0b0a44964bc661bb5 Mon Sep 17 00:00:00 2001 +From: Eelco Dolstra +Date: Mon, 4 Feb 2013 12:43:08 +0100 +Subject: [PATCH 8/8] Fix a segfault in nscd when using nss-myhostname +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +Nscd expects that an NSS module's gethostbyname4_r function returns +its first result in the pre-allocated gaih_addrtuple denoted by **pat. +(See nscd/aicache.c in the Glibc sources.) However, nss-myhostname +doesn't fill in **pat but allocates the first result in ‘buffer’, then +sets *pat. So nscd crashes (e.g. when running ‘getent ahosts +my-machine’). + +Hard to tell if this is a bug in nscd, since there doesn't seem to be +a proper API spec for gethostbyname4_r. But in any case, this patch +fixes the crash by copying the first result to **pat. +--- + src/nss-myhostname/nss-myhostname.c | 6 +++++- + 1 file changed, 5 insertions(+), 1 deletion(-) + +diff --git a/src/nss-myhostname/nss-myhostname.c b/src/nss-myhostname/nss-myhostname.c +index 834a806..b0fb832 100644 +--- a/src/nss-myhostname/nss-myhostname.c ++++ b/src/nss-myhostname/nss-myhostname.c +@@ -176,7 +176,11 @@ enum nss_status _nss_myhostname_gethostbyname4_r( + /* Verify the size matches */ + assert(idx == ms); + +- *pat = r_tuple_prev; ++ /* Nscd expects us to store the first record in **pat. */ ++ if (*pat) ++ **pat = *r_tuple_prev; ++ else ++ *pat = r_tuple_prev; + + if (ttlp) + *ttlp = 0; +-- +1.8.1 + diff --git a/pkgs/os-specific/linux/systemd/default.nix b/pkgs/os-specific/linux/systemd/default.nix index 0bf5e8a61ddf..9e64bb7ed405 100644 --- a/pkgs/os-specific/linux/systemd/default.nix +++ b/pkgs/os-specific/linux/systemd/default.nix @@ -20,6 +20,8 @@ stdenv.mkDerivation rec { ./0004-Set-switch-to-configuration-hints-for-some-units.patch ./0005-sysinit.target-Drop-the-dependency-on-local-fs.targe.patch ./0006-Don-t-call-plymouth-quit.patch + ./0007-Ignore-IPv6-link-local-addresses.patch + ./0008-Fix-a-segfault-in-nscd-when-using-nss-myhostname.patch ] ++ stdenv.lib.optional stdenv.isArm ./libc-bug-accept4-arm.patch; buildInputs =