When a library path contained the library name it was eagerly matched
libfwupd.so.2 => /build/fwupd-1.0.5/build/libfwupd/libfwupd.so.2 (0x00007ffff7bbd000)
^^^^^^^^^^^^^^^^^^^^^^
libgweather-3.so.15 => /build/libgweather-3.28.0/build/libgweather/libgweather-3.so.15 (0x00007ffff7bae000)
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
which lead to a broken shared library path in the generated GIR file.
This patch allows the soname on the left-hand side of the arrow to
be matched to avoid the trap of the right-hand side. A negative
lookahead had to be added to select the store path, since only
the first match is taken into account.
libglib-2.0.so.0 => /nix/store/dqlc8y4phlg1hmdbwkhqfwhnxcac88d1-glib-2.56.0/lib/libglib-2.0.so.0 (0x00007ffff6400000)
This will not fix non-GNU platforms, where the soname is not printed
first, but we cannot do much without structured ldd output.
Closes: https://github.com/NixOS/nixpkgs/issues/34988
Upstream insists on not allowing bindir and other dir options
outside of prefix for some reason:
https://github.com/mesonbuild/meson/issues/2561
We remove the check so multiple outputs can work sanely.
In common distributions, RPATH is only needed for internal libraries so
meson removes everything else. With Nix, the locations of libraries
are not as predictable, therefore we need to keep them in the RPATH. [1]
Previously we have just kept the RPATH produced by the linker, patching
meson not to remove it. This deprived us of potentially replacing it
with install_rpath provided by project so we had to re-add it manually,
and also introduced a vulnerability of keeping build paths in RPATH.
This commit restores the clean-up but modifies it so the items starting
with /nix/store are retained.
This should be relatively safe since the store is immutable, however,
there might be some unwanted retainment of build_rpath [2] if it contains
paths from Nix store.
[1]: https://github.com/NixOS/nixpkgs/issues/31222#issuecomment-365811634
[2]: http://mesonbuild.com/Release-notes-for-0-42-0.html#added-build_rpath-keyword-argument
Semi-automatic update generated by https://github.com/ryantm/nix-update tools. These checks were done:
- built on NixOS
- ran `/nix/store/zchkzwsgsnl8aqbxzvi7hh93bdfl4759-netcdf-4.6.1/bin/nc-config --help` got 0 exit code
- ran `/nix/store/zchkzwsgsnl8aqbxzvi7hh93bdfl4759-netcdf-4.6.1/bin/nc-config --version` and found version 4.6.1
- found 4.6.1 with grep in /nix/store/zchkzwsgsnl8aqbxzvi7hh93bdfl4759-netcdf-4.6.1
- directory tree listing: https://gist.github.com/74ab9782611602d870caba813c09697e
Semi-automatic update generated by https://github.com/ryantm/nix-update tools. These checks were done:
- built on NixOS
- ran `/nix/store/mmcxnlq2km3jcd0iwfnfrqr1v3g1k0ax-unixODBC-2.3.6/bin/isql --help` got 0 exit code
- ran `/nix/store/mmcxnlq2km3jcd0iwfnfrqr1v3g1k0ax-unixODBC-2.3.6/bin/isql --version` and found version 2.3.6
- ran `/nix/store/mmcxnlq2km3jcd0iwfnfrqr1v3g1k0ax-unixODBC-2.3.6/bin/isql --help` and found version 2.3.6
- ran `/nix/store/mmcxnlq2km3jcd0iwfnfrqr1v3g1k0ax-unixODBC-2.3.6/bin/odbcinst --help` got 0 exit code
- ran `/nix/store/mmcxnlq2km3jcd0iwfnfrqr1v3g1k0ax-unixODBC-2.3.6/bin/odbcinst --version` and found version 2.3.6
- ran `/nix/store/mmcxnlq2km3jcd0iwfnfrqr1v3g1k0ax-unixODBC-2.3.6/bin/odbcinst --help` and found version 2.3.6
- ran `/nix/store/mmcxnlq2km3jcd0iwfnfrqr1v3g1k0ax-unixODBC-2.3.6/bin/iusql --help` got 0 exit code
- ran `/nix/store/mmcxnlq2km3jcd0iwfnfrqr1v3g1k0ax-unixODBC-2.3.6/bin/iusql --version` and found version 2.3.6
- ran `/nix/store/mmcxnlq2km3jcd0iwfnfrqr1v3g1k0ax-unixODBC-2.3.6/bin/iusql --help` and found version 2.3.6
- ran `/nix/store/mmcxnlq2km3jcd0iwfnfrqr1v3g1k0ax-unixODBC-2.3.6/bin/odbc_config --version` and found version 2.3.6
- found 2.3.6 with grep in /nix/store/mmcxnlq2km3jcd0iwfnfrqr1v3g1k0ax-unixODBC-2.3.6
- directory tree listing: https://gist.github.com/09c59bac7a63f422b01e46272e81915b
Semi-automatic update generated by https://github.com/ryantm/nix-update tools. These checks were done:
- built on NixOS
- ran `/nix/store/hlkw8kda3fc03mr4j8pcz11cj19rlls2-xerces-c-3.2.1/bin/MemParse -h` got 0 exit code
- ran `/nix/store/hlkw8kda3fc03mr4j8pcz11cj19rlls2-xerces-c-3.2.1/bin/MemParse --help` got 0 exit code
- ran `/nix/store/hlkw8kda3fc03mr4j8pcz11cj19rlls2-xerces-c-3.2.1/bin/PSVIWriter help` got 0 exit code
- ran `/nix/store/hlkw8kda3fc03mr4j8pcz11cj19rlls2-xerces-c-3.2.1/bin/SCMPrint help` got 0 exit code
- ran `/nix/store/hlkw8kda3fc03mr4j8pcz11cj19rlls2-xerces-c-3.2.1/bin/SEnumVal help` got 0 exit code
- found 3.2.1 with grep in /nix/store/hlkw8kda3fc03mr4j8pcz11cj19rlls2-xerces-c-3.2.1
- directory tree listing: https://gist.github.com/b0e7f99274b68686c5e81ab68cf510ba
And also build in parallel.
I don't understand why we manually tediously link every single directory
from the source, but I don't want to investigate too much.
- Have only one sed expression per line
- Put the important stuff closer to the command and not hidden in some
continuation line. That is, don't do:
sed \
<boring stuff> \
<boring stuff> \
<boring stuff> \
<boring stuff> \
<boring stuff> \
<IMPORTANT STUFF>
but:
sed <IMPORTANT STUFF> \
<boring stuff> \
<boring stuff> \
<boring stuff> \
<boring stuff> \
<boring stuff>
This is so that Qt user environment packages are also propagated. Fixes
Electrum environment installations when no other Qt applications are installed.
Added `dev` output so that closure size won't explode.
In Heimdal 7.1 through 7.4, remote unauthenticated attackers are able to
crash the KDC by sending a crafted UDP packet containing empty data
fields for client name or realm.
Security: CVE-2017-17439
