If `/run/opengl-driver/lib` is in `LD_LIBRARY_PATH`, bwrap will try to
mount it into the already bind mounted `/run/opengl-driver`. To
prevent this, we instead specify the subpaths of `/run/opengl-driver`
we're interested in.
Also, use the correct path for i686 builds.
- Libmanette and systemd features need to be disabled since they depend on systemd.
- FastMalloc for some reason does not include <malloc/malloc.h> so we added that.
- <CommonCrypto/CommonRandom.h> depends on a type from <CommonCrypto/CommonCryptor.h> but does not include it for some reason, resulting in the following error:
In file included from ../Source/WTF/wtf/RandomDevice.cpp:44:
/nix/store/wd30p2pq4lci8fk9fqldkgk1hgmwpapj-Libsystem-1238.60.2/include/CommonCrypto/CommonRandom.h:35:9: error: unknown type name 'CCCryptorStatus'
typedef CCCryptorStatus CCRNGStatus;
- The GL-related flags were renamed and removed (in previous releases as well) so we switched to the new ones so that GL is still disabled.
- Unrelatedly, `with` statement at the top of the expression is abomination so we narrowed its scope to just meta.
I hope this will improve the situation on aarch64-linux.
I don't think it could make anything worse.
Recent staging-next timeouts:
https://hydra.nixos.org/build/141551270https://hydra.nixos.org/build/141547098
For now let's not touch meta.timeout, as there's less consensus and the
setting seems less reliable in practice, too.
The package could not compile because it did not know the meaning of
TRUE and FALSE [1]. So we have to make sure our build environment
provides reasonable, sensible definitions to make the build succeed.
[1] https://hydra.nixos.org/build/137292531
continuation of #109595
pkgconfig was aliased in 2018, however, it remained in
all-packages.nix due to its wide usage. This cleans
up the remaining references to pkgs.pkgsconfig and
moves the entry to aliases.nix.
python3Packages.pkgconfig remained unchanged because
it's the canonical name of the upstream package
on pypi.
Without access to the `/run/opengl-driver` directory, webkit fails to
create an EGL context, since it can't identify a suitable EGL
vendor. This results in a blank window and the following error output:
Cannot get default EGL display: EGL_BAD_PARAMETER
Cannot create EGL context: invalid display (last error: EGL_SUCCESS)
Fixes processing of malicousliy crafted web content which could lead to
- CVE-2020-13584: arbitrary code execution due to a use after free issue
- CVE-2020-9983: code execution due to an out-of-bounds write issue
Advisory at https://webkitgtk.org/security/WSA-2020-0008.html
Fixes: CVE-2090-13584, CVE-2020-9983
Unfortunately, CMake looks in CMAKE_PREFIX_PATH for binaries when
cross-compiling. This means that it will use gettext from
CMAKE_PREFIX_PATH even when we provide a gettext binary in PATH! This
is bad because the on in CMAKE_PREFIX_PATH is for the cross system,
not the native one. The only documented way I can find to change this
behavior is by manually setting the CMAKE_IGNORE_PATH variable.
