Merge branch 'staging'

- I can see some regressions, especially due to fetchzip rename c3255fe8ec.
- Darwin is only half-rebuilt on Hydra ATM.
- But there quite a few security fixes within.
This commit is contained in:
Vladimír Čunát 2017-11-01 08:37:31 +01:00
commit 06d7e54d62
No known key found for this signature in database
GPG Key ID: E747DF1F9575A3AA
38 changed files with 346 additions and 204 deletions

View File

@ -8,7 +8,10 @@
{ rootPaths }:
if builtins.langVersion >= 5 then
#if builtins.langVersion >= 5 then
# FIXME: it doesn't work on Hydra, failing to find mkdir;
# perhaps .attrs.sh clobbers PATH with new nix?
if false then
# Nix >= 1.12: Include NAR hash / size info.

View File

@ -1,19 +0,0 @@
{ lib }:
let
inherit (lib) removeSuffix hasPrefix removePrefix splitString stringToCharacters concatMapStrings last elem;
allowedChars = stringToCharacters "abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789+-._?=";
sanitizeStoreName = s:
let
s' = concatMapStrings (c: if elem c allowedChars then c else "") (stringToCharacters s);
s'' = if hasPrefix "." s' then "_${removePrefix "." s'}" else s';
in
s'';
in
urlOrRepo: rev:
let
repo' = last (splitString ":" (baseNameOf (removeSuffix ".git" (removeSuffix "/" urlOrRepo))));
rev' = baseNameOf rev;
in
"${sanitizeStoreName repo'}-${sanitizeStoreName rev'}-src"

View File

@ -11,10 +11,11 @@
stripRoot ? true
, url
, extraPostFetch ? ""
, name ? "source"
, ... } @ args:
lib.overrideDerivation (fetchurl ({
name = args.name or (baseNameOf url);
inherit name;
recursiveHash = true;

View File

@ -45,7 +45,7 @@ let
hitori gnome-taquin
];
inherit (pkgs) glib gtk2 webkitgtk216x gtk3 gtkmm3 libcanberra_gtk2
inherit (pkgs) glib gtk2 webkitgtk gtk3 gtkmm3 libcanberra_gtk2
clutter clutter-gst clutter_gtk cogl gtkvnc;
inherit (pkgs.gnome2) ORBit2;
libsoup = pkgs.libsoup.override { gnomeSupport = true; };
@ -56,7 +56,6 @@ let
gtkmm = gtkmm3;
vala = pkgs.vala_0_32;
gegl_0_3 = pkgs.gegl_0_3.override { inherit gtk; };
webkitgtk = webkitgtk216x;
# Simplify the nixos module and gnome packages
defaultIconTheme = adwaita-icon-theme;

View File

@ -85,6 +85,9 @@ stdenv.mkDerivation {
# https://reviews.llvm.org/rL281650
rm -vr src/test/run-pass/issue-36474.rs || true
# On Hydra: `TcpListener::bind(&addr)`: Address already in use (os error 98)'
sed '/^ *fn fast_rebind()/i#[ignore]' -i src/libstd/net/tcp.rs
# Disable some failing gdb tests. Try re-enabling these when gdb
# is updated past version 7.12.
rm src/test/debuginfo/basic-types-globals.rs

View File

@ -116,9 +116,7 @@ let
platforms = platforms.all;
};
};
in rec {
perl = perl524;
perl522 = common {
@ -127,8 +125,7 @@ in rec {
};
perl524 = common {
version = "5.24.2";
sha256 = "1x4yj814a79lcarwb3ab6bbcb36hvb5n4ph4zg3yb0nabsjfi6v0";
version = "5.24.3";
sha256 = "1m2px85kq2fyp2d4rx3bw9kg3car67qfqwrs5vlv96dx0x8rl06b";
};
}

View File

@ -27,7 +27,7 @@ with stdenv.lib;
let
majorVersion = "3.6";
minorVersion = "2";
minorVersion = "3";
minorVersionSuffix = "";
pythonVersion = majorVersion;
version = "${majorVersion}.${minorVersion}${minorVersionSuffix}";
@ -48,7 +48,7 @@ in stdenv.mkDerivation {
src = fetchurl {
url = "https://www.python.org/ftp/python/${majorVersion}.${minorVersion}/Python-${version}.tar.xz";
sha256 = "1ab4vlpdax1ihpiyiwchlgsk36apl4kgdw271wvl9l8ywhxpfacj";
sha256 = "1nl1raaagr4car787a2hmjv2dw6gqny53xfd6wisbgx4r5kxk9yd";
};
NIX_LDFLAGS = optionalString stdenv.isLinux "-lgcc_s";

View File

@ -1,4 +1,5 @@
{ lib, stdenv, fetchurl, openssl, openldap, kerberos, db, gettext, pam, fixDarwinDylibNames, autoreconfHook, enableLdap ? false }:
{ lib, stdenv, fetchurl, openssl, openldap, kerberos, db, gettext,
pam, fixDarwinDylibNames, autoreconfHook, fetchpatch, enableLdap ? false }:
with stdenv.lib;
stdenv.mkDerivation rec {
@ -21,6 +22,10 @@ stdenv.mkDerivation rec {
patches = [
./missing-size_t.patch # https://bugzilla.redhat.com/show_bug.cgi?id=906519
(fetchpatch { # CVE-2013-4122
url = "http://sourceforge.net/projects/miscellaneouspa/files/glibc217/cyrus-sasl-2.1.26-glibc217-crypt.diff";
sha256 = "05l7dh1w9d5fvzg0pjwzqh0fy4ah8y5cv6v67s4ssbq8xwd4pkf2";
})
] ++ lib.optional stdenv.isFreeBSD (
fetchurl {
url = "http://www.linuxfromscratch.org/patches/blfs/svn/cyrus-sasl-2.1.26-fixes-3.patch";

View File

@ -0,0 +1,11 @@
--- a/env/env_open.c.old 2017-06-26 10:32:11.011419981 +0200
+++ b/env/env_open.c 2017-06-26 10:32:46.893721233 +0200
@@ -473,7 +473,7 @@
env->db_mode = mode == 0 ? DB_MODE_660 : mode;
/* Read the DB_CONFIG file. */
- if ((ret = __env_read_db_config(env)) != 0)
+ if (env->db_home != NULL && (ret = __env_read_db_config(env)) != 0)
return (ret);
/*

View File

@ -0,0 +1,11 @@
--- db-5.3.28/src/env/env_open.c.old 2017-06-26 10:32:11.011419981 +0200
+++ db-5.3.28/src/env/env_open.c 2017-06-26 10:32:46.893721233 +0200
@@ -473,7 +473,7 @@
env->db_mode = mode == 0 ? DB_MODE_660 : mode;
/* Read the DB_CONFIG file. */
- if ((ret = __env_read_db_config(env)) != 0)
+ if (env->db_home != NULL && (ret = __env_read_db_config(env)) != 0)
return (ret);
/*

View File

@ -3,7 +3,7 @@
import ./generic.nix (args // rec {
version = "4.8.30";
sha256 = "0ampbl2f0hb1nix195kz1syrqqxpmvnvnfvphambj7xjrl3iljg0";
extraPatches = [ ./clang-4.8.patch ];
extraPatches = [ ./clang-4.8.patch ./CVE-2017-10140-4.8-cwd-db_config.patch ];
drvArgs.hardeningDisable = [ "format" ];
drvArgs.doCheck = false;

View File

@ -3,5 +3,5 @@
import ./generic.nix (args // rec {
version = "5.3.28";
sha256 = "0a1n5hbl7027fbz5lm0vp0zzfp1hmxnz14wx3zl9563h83br5ag0";
extraPatches = [ ./clang-5.3.patch ];
extraPatches = [ ./clang-5.3.patch ./CVE-2017-10140-cwd-db_config.patch ];
})

View File

@ -4,5 +4,5 @@ import ./generic.nix (args // rec {
version = "6.0.20";
sha256 = "00r2aaglq625y8r9xd5vw2y070plp88f1mb2gbq3kqsl7128lsl0";
license = stdenv.lib.licenses.agpl3;
extraPatches = [ ./clang-6.0.patch ];
extraPatches = [ ./clang-6.0.patch ./CVE-2017-10140-cwd-db_config.patch ];
})

View File

@ -4,5 +4,5 @@ import ./generic.nix (args // rec {
version = "6.2.23";
sha256 = "1isxx4jfmnh913jzhp8hhfngbk6dsg46f4kjpvvc56maj64jqqa7";
license = stdenv.lib.licenses.agpl3;
extraPatches = [ ./clang-6.0.patch ];
extraPatches = [ ./clang-6.0.patch ./CVE-2017-10140-cwd-db_config.patch ];
})

View File

@ -59,7 +59,7 @@ stdenv.mkDerivation rec {
description = "A high quality MPEG Audio Layer III (MP3) encoder";
homepage = http://lame.sourceforge.net;
license = licenses.lgpl2;
maintainers = with maintainers; [ codyopel ];
maintainers = with maintainers; [ codyopel fpletz ];
platforms = platforms.all;
};
}

View File

@ -1,33 +0,0 @@
fix sse optimizations build on 32-bit with gcc 4.9
http://git.videolan.org/gitweb.cgi/vlc.git/?a=commit;h=351af417bae0d09bd5a3753d1237f03adf591933
xmm_quantize_sub.c: In function 'init_xrpow_core_sse':
xmm_quantize_sub.c:65:18: warning: SSE vector return without SSE enabled changes the ABI [-W
psabi]
const __m128 vec_fabs_mask = _mm_loadu_ps(&fabs_mask._float[0]);
^
In file included from xmm_quantize_sub.c:37:0:
/usr/lib/gcc/i686-w64-mingw32/4.9.0/include/xmmintrin.h:933:1: error: inlining failed in call to always_inline '_mm_loadu_ps': target specific option mismatch
_mm_loadu_ps (float const *__P)
^
xmm_quantize_sub.c:65:18: error: called from here
const __m128 vec_fabs_mask = _mm_loadu_ps(&fabs_mask._float[0]);
^
--- lame/libmp3lame/vector/xmm_quantize_sub.c.orig 2014-06-08 12:16:19.455468042 -0700
+++ lame/libmp3lame/vector/xmm_quantize_sub.c 2014-06-08 12:16:09.592356980 -0700
@@ -35,6 +35,7 @@
#ifdef HAVE_XMMINTRIN_H
#include <xmmintrin.h>
+#pragma GCC target("sse")
typedef union {
int32_t _i_32[4]; /* unions are initialized by its first member */
@@ -124,6 +125,7 @@
}
+#pragma GCC target("sse2")
void
fht_SSE2(FLOAT * fz, int n)
{

View File

@ -0,0 +1,36 @@
From fa7438a0ff4033e4741c807394a9af6207940d71 Mon Sep 17 00:00:00 2001
From: Joerg Sonnenberger <joerg@bec.de>
Date: Tue, 5 Sep 2017 18:12:19 +0200
Subject: [PATCH] Do something sensible for empty strings to make fuzzers
happy.
---
libarchive/archive_read_support_format_xar.c | 8 +++++++-
1 file changed, 7 insertions(+), 1 deletion(-)
diff --git a/libarchive/archive_read_support_format_xar.c b/libarchive/archive_read_support_format_xar.c
index 7a22beb9d..93eeacc5e 100644
--- a/libarchive/archive_read_support_format_xar.c
+++ b/libarchive/archive_read_support_format_xar.c
@@ -1040,6 +1040,9 @@ atol10(const char *p, size_t char_cnt)
uint64_t l;
int digit;
+ if (char_cnt == 0)
+ return (0);
+
l = 0;
digit = *p - '0';
while (digit >= 0 && digit < 10 && char_cnt-- > 0) {
@@ -1054,7 +1057,10 @@ atol8(const char *p, size_t char_cnt)
{
int64_t l;
int digit;
-
+
+ if (char_cnt == 0)
+ return (0);
+
l = 0;
while (char_cnt-- > 0) {
if (*p >= '0' && *p <= '7')

View File

@ -0,0 +1,28 @@
From 5562545b5562f6d12a4ef991fae158bf4ccf92b6 Mon Sep 17 00:00:00 2001
From: Joerg Sonnenberger <joerg@bec.de>
Date: Sat, 9 Sep 2017 17:47:32 +0200
Subject: [PATCH] Avoid a read off-by-one error for UTF16 names in RAR
archives.
Reported-By: OSS-Fuzz issue 573
---
libarchive/archive_read_support_format_rar.c | 6 +++++-
1 file changed, 5 insertions(+), 1 deletion(-)
diff --git a/libarchive/archive_read_support_format_rar.c b/libarchive/archive_read_support_format_rar.c
index cbb14c32d..751de6979 100644
--- a/libarchive/archive_read_support_format_rar.c
+++ b/libarchive/archive_read_support_format_rar.c
@@ -1496,7 +1496,11 @@ read_header(struct archive_read *a, struct archive_entry *entry,
return (ARCHIVE_FATAL);
}
filename[filename_size++] = '\0';
- filename[filename_size++] = '\0';
+ /*
+ * Do not increment filename_size here as the computations below
+ * add the space for the terminating NUL explicitly.
+ */
+ filename[filename_size] = '\0';
/* Decoded unicode form is UTF-16BE, so we have to update a string
* conversion object for it. */

View File

@ -17,6 +17,11 @@ stdenv.mkDerivation rec {
sha256 = "1km0mzfl6in7l5vz9kl09a88ajx562rw93ng9h2jqavrailvsbgd";
};
patches = [
./CVE-2017-14166.patch
./CVE-2017-14502.patch
];
outputs = [ "out" "lib" "dev" ];
nativeBuildInputs = [ pkgconfig ];

View File

@ -66,7 +66,7 @@ let
in
let
version = "17.2.2";
version = "17.2.4";
branch = head (splitString "." version);
driverLink = "/run/opengl-driver" + optionalString stdenv.isi686 "-32";
in
@ -81,7 +81,7 @@ stdenv.mkDerivation {
"ftp://ftp.freedesktop.org/pub/mesa/older-versions/${branch}.x/${version}/mesa-${version}.tar.xz"
"https://launchpad.net/mesa/trunk/${version}/+download/mesa-${version}.tar.xz"
];
sha256 = "10jplvxg7rlbp7569w08z0igwlsjjfb7q3n07zgfr8d5sr224lng";
sha256 = "0l75q9l4g15y66rqk2swqvj18qj60hpimv0f97jk44bfrpz0i92v";
};
prePatch = "patchShebangs .";

View File

@ -1,52 +0,0 @@
--- a/pcre_internal.h 2016/05/21 13:34:44 1649
+++ b/pcre_internal.h 2017/02/24 17:30:30 1688
@@ -2772,6 +2772,9 @@
extern const pcre_uint16 PRIV(ucd_stage2)[];
extern const pcre_uint32 PRIV(ucp_gentype)[];
extern const pcre_uint32 PRIV(ucp_gbtable)[];
+#ifdef COMPILE_PCRE32
+extern const ucd_record PRIV(dummy_ucd_record)[];
+#endif
#ifdef SUPPORT_JIT
extern const int PRIV(ucp_typerange)[];
#endif
@@ -2780,9 +2783,15 @@
/* UCD access macros */
#define UCD_BLOCK_SIZE 128
-#define GET_UCD(ch) (PRIV(ucd_records) + \
+#define REAL_GET_UCD(ch) (PRIV(ucd_records) + \
PRIV(ucd_stage2)[PRIV(ucd_stage1)[(int)(ch) / UCD_BLOCK_SIZE] * \
UCD_BLOCK_SIZE + (int)(ch) % UCD_BLOCK_SIZE])
+
+#ifdef COMPILE_PCRE32
+#define GET_UCD(ch) ((ch > 0x10ffff)? PRIV(dummy_ucd_record) : REAL_GET_UCD(ch))
+#else
+#define GET_UCD(ch) REAL_GET_UCD(ch)
+#endif
#define UCD_CHARTYPE(ch) GET_UCD(ch)->chartype
#define UCD_SCRIPT(ch) GET_UCD(ch)->script
--- a/pcre_ucd.c 2014/06/19 07:51:39 1490
+++ b/pcre_ucd.c 2017/02/24 17:30:30 1688
@@ -38,6 +38,20 @@
const pcre_uint32 PRIV(ucd_caseless_sets)[] = {0};
#else
+/* If the 32-bit library is run in non-32-bit mode, character values
+greater than 0x10ffff may be encountered. For these we set up a
+special record. */
+
+#ifdef COMPILE_PCRE32
+const ucd_record PRIV(dummy_ucd_record)[] = {{
+ ucp_Common, /* script */
+ ucp_Cn, /* type unassigned */
+ ucp_gbOther, /* grapheme break property */
+ 0, /* case set */
+ 0, /* other case */
+ }};
+#endif
+
/* When recompiling tables with a new Unicode version, please check the
types in this structure definition from pcre_internal.h (the actual
field names will be different):

View File

@ -9,7 +9,7 @@ with stdenv.lib;
assert elem variant [ null "cpp" "pcre16" "pcre32" ];
let
version = "8.40";
version = "8.41";
pname = if (variant == null) then "pcre"
else if (variant == "cpp") then "pcre-cpp"
else variant;
@ -19,7 +19,7 @@ in stdenv.mkDerivation rec {
src = fetchurl {
url = "ftp://ftp.csx.cam.ac.uk/pub/software/programming/pcre/pcre-${version}.tar.bz2";
sha256 = "1x7lpjn7jhk0n3sdvggxrlrhab8kkfjwl7qix0ypw9nlx8lpmqh0";
sha256 = "0c5m469p5pd7jip621ipq6hbgh7128lzh7xndllfgh77ban7wb76";
};
outputs = [ "bin" "dev" "out" "doc" "man" ];
@ -31,8 +31,6 @@ in stdenv.mkDerivation rec {
]
++ optional (variant != null) "--enable-${variant}";
patches = [ ./CVE-2017-7186.patch ];
buildInputs = optional (hostPlatform.libc == "msvcrt") windows.mingw_w64_pthreads;
doCheck = !(with hostPlatform; isCygwin || isFreeBSD) && hostPlatform == buildPlatform;

View File

@ -3,11 +3,11 @@
assert interactive -> readline != null && ncurses != null;
stdenv.mkDerivation {
name = "sqlite-3.20.0";
name = "sqlite-3.21.0";
src = fetchurl {
url = "http://sqlite.org/2017/sqlite-autoconf-3200000.tar.gz";
sha256 = "1876dapm1xx5aqd2d8l7ymmkd2z9rybh99rp5f5rd4zz57vcc51q";
url = "http://sqlite.org/2017/sqlite-autoconf-3210000.tar.gz";
sha256 = "1qxvzdjwzw6k0kqjfabj86rnq87xdbwbca7laxxdhnh0fmkm3pfp";
};
outputs = [ "bin" "dev" "out" ];

View File

@ -4,7 +4,7 @@
, libxml2, libsoup, libsecret, libxslt, harfbuzz, libpthreadstubs, pcre, nettle, libtasn1, p11_kit
, libidn, libedit, readline, mesa, libintlOrEmpty
, enableGeoLocation ? true, geoclue2, sqlite
, gst-plugins-base
, gst-plugins-base, gst-plugins-bad
}:
assert enableGeoLocation -> geoclue2 != null;
@ -12,7 +12,7 @@ assert enableGeoLocation -> geoclue2 != null;
with stdenv.lib;
stdenv.mkDerivation rec {
name = "webkitgtk-${version}";
version = "2.16.6";
version = "2.18.1";
meta = {
description = "Web content rendering engine, GTK+ port";
@ -42,7 +42,7 @@ stdenv.mkDerivation rec {
src = fetchurl {
url = "http://webkitgtk.org/releases/${name}.tar.xz";
sha256 = "08abxbhi2n1pfby9f2c20z8mpmbvbs2z7vf0p5ckq4jkz46na8zw";
sha256 = "15fp7szmkpannx7avsynf0nv3y343qwq0fvq3rz2m2mw5wq7pnww";
};
# see if we can clean this up....
@ -77,10 +77,7 @@ stdenv.mkDerivation rec {
"-DENABLE_GTKDOC=OFF"
];
# XXX: WebKit2 missing include path for gst-plugins-base.
# Filled: https://bugs.webkit.org/show_bug.cgi?id=148894
NIX_CFLAGS_COMPILE = "-I${gst-plugins-base.dev}/include/gstreamer-1.0"
+ (optionalString stdenv.isDarwin " -lintl");
NIX_CFLAGS_COMPILE = optionalString stdenv.isDarwin " -lintl";
nativeBuildInputs = [
cmake perl python2 ruby bison gperf
@ -90,7 +87,7 @@ stdenv.mkDerivation rec {
buildInputs = libintlOrEmpty ++ [
gtk2 libwebp enchant libnotify gnutls pcre nettle libidn
libxml2 libsecret libxslt harfbuzz libpthreadstubs libtasn1 p11_kit
sqlite gst-plugins-base libxkbcommon epoxy at_spi2_core
sqlite gst-plugins-base gst-plugins-bad libxkbcommon epoxy at_spi2_core
] ++ optional enableGeoLocation geoclue2
++ (with xlibs; [ libXdmcp libXt libXtst ])
++ optionals stdenv.isDarwin [ libedit readline mesa ]

View File

@ -3,13 +3,13 @@
, withMesa ? true, mesa_glu ? null, mesa_noglu ? null
, compat24 ? false, compat26 ? true, unicode ? true
, withGtk2 ? true
, withWebKit ? false, webkitgtk24x-gtk2 ? null, webkitgtk216x ? null
, withWebKit ? false, webkitgtk24x-gtk2 ? null, webkitgtk218x ? null
, AGL ? null, Carbon ? null, Cocoa ? null, Kernel ? null, QTKit ? null
}:
assert withMesa -> mesa_glu != null && mesa_noglu != null;
assert withWebKit -> (if withGtk2 then webkitgtk24x-gtk2 else webkitgtk216x) != null;
assert withWebKit -> (if withGtk2 then webkitgtk24x-gtk2 else webkitgtk218x) != null;
with stdenv.lib;
@ -30,7 +30,7 @@ stdenv.mkDerivation {
[ (if withGtk2 then gtk2 else gtk3) libXinerama libSM libXxf86vm xf86vidmodeproto gstreamer
gst-plugins-base GConf ]
++ optional withMesa mesa_glu
++ optional withWebKit (if withGtk2 then webkitgtk24x-gtk2 else webkitgtk216x)
++ optional withWebKit (if withGtk2 then webkitgtk24x-gtk2 else webkitgtk218x)
++ optionals stdenv.isDarwin [ setfile Carbon Cocoa Kernel QTKit ];
nativeBuildInputs = [ pkgconfig ];

View File

@ -1,25 +1,24 @@
{ stdenv, fetchurl, buildPerlPackage, DBI, sqlite }:
buildPerlPackage rec {
name = "DBD-SQLite-1.50";
name = "DBD-SQLite-${version}";
version = "1.54";
src = fetchurl {
url = "mirror://cpan/authors/id/I/IS/ISHIGAKI/${name}.tar.gz";
sha256 = "1qcw2nzla03ywrl6mx1qklvbc8n5bn4gxqbjnvadfkwlffmi7i9s";
sha256 = "3929a6dbd8d71630f0cb57f85dcef9588cd7ac4c9fa12db79df77b9d3a4d7269";
};
propagatedBuildInputs = [ DBI ];
makeMakerFlags = "SQLITE_LOCATION=${sqlite.dev}";
buildInputs = [ sqlite ];
patches = [
# Support building against our own sqlite.
./external-sqlite.patch
];
sqlite_dev = sqlite.dev;
sqlite_out = sqlite.out;
postPatch = "substituteAllInPlace Makefile.PL; cat Makefile.PL";
SQLITE_INC = sqlite.dev + "/include";
SQLITE_LIB = sqlite.out + "/lib";
preBuild =
''
@ -39,5 +38,9 @@ buildPerlPackage rec {
# (e.g. "database is locked(5) at dbdimp.c line 402 at t/07busy.t").
#doCheck = false;
meta.platforms = stdenv.lib.platforms.unix;
meta = with stdenv.lib; {
description = "Self Contained SQLite RDBMS in a DBI Driver";
license = with licenses; [ artistic1 gpl1Plus ];
platforms = platforms.unix;
};
}

View File

@ -1,33 +1,11 @@
diff --git a/Makefile.PL b/Makefile.PL
index 606b28d..0cea060 100644
--- a/Makefile.PL
+++ b/Makefile.PL
@@ -128,24 +128,10 @@ SCOPE: {
# the system SQLite. We expect that anyone sophisticated enough to use
--- a/Makefile.PL 2016-04-21 15:44:34.000000000 +0200
+++ b/Makefile.PL 2017-10-31 11:04:28.389959946 +0100
@@ -129,7 +129,7 @@
# a system sqlite is also sophisticated enough to have a patching system
# that can change the if ( 0 ) to if ( 1 )
-my ($sqlite_local, $sqlite_base, $sqlite_lib, $sqlite_inc);
my ($sqlite_local, $sqlite_base, $sqlite_lib, $sqlite_inc);
-if ( 0 ) {
- require File::Spec;
- if ( $sqlite_base = (grep(/SQLITE_LOCATION=.*/, @ARGV))[0] ) {
- $sqlite_base =~ /=(.*)/;
- $sqlite_base = $1;
- $sqlite_lib = File::Spec->catdir( $sqlite_base, 'lib' );
- $sqlite_inc = File::Spec->catdir( $sqlite_base, 'include' );
- }
- if ( $sqlite_local = (grep(/USE_LOCAL_SQLITE=.*/, @ARGV))[0] ) {
- $sqlite_local =~ /=(.*)/;
- $sqlite_local = "$1" ? 1 : 0;
- if ( $sqlite_local ) {
- # Keep these from making into CFLAGS/LDFLAGS
- undef $sqlite_lib;
- undef $sqlite_inc;
- }
- }
+my ($sqlite_local, $sqlite_lib, $sqlite_inc);
+if ( 1 ) {
+ $sqlite_lib = '@sqlite_out@/lib';
+ $sqlite_inc = '@sqlite_dev@/include';
# Now check for a compatible sqlite3
unless ( $sqlite_local ) {
require File::Spec;
if ( $sqlite_base = (grep(/SQLITE_LOCATION=.*/, @ARGV))[0] ) {
$sqlite_base =~ /=(.*)/;

View File

@ -84,6 +84,9 @@ makeCmakeFindLibs(){
-L*)
export CMAKE_LIBRARY_PATH="$CMAKE_LIBRARY_PATH${CMAKE_LIBRARY_PATH:+:}${flag:2}"
;;
-F*)
export CMAKE_FRAMEWORK_PATH="$CMAKE_FRAMEWORK_PATH${CMAKE_FRAMEWORK_PATH:+:}${flag:2}"
;;
-isystem)
isystem_seen=1
;;

View File

@ -19,6 +19,7 @@ stdenv.mkDerivation {
# and /usr/lib. It's a stupid feature anyway. Likewise, when searching for
# included Makefiles, don't look in /usr/include and friends.
./impure-dirs.patch
./pselect.patch
];
nativeBuildInputs = [ pkgconfig ];

View File

@ -0,0 +1,170 @@
From b552b05251980f693c729e251f93f5225b400714 Mon Sep 17 00:00:00 2001
From: Paul Smith <psmith@gnu.org>
Date: Sat, 3 Jun 2017 16:20:51 -0400
Subject: [SV 51159] Use a non-blocking read with pselect to avoid hangs.
* posixos.c (set_blocking): Set blocking on a file descriptor.
(jobserver_setup): Set non-blocking on the jobserver read side.
(jobserver_parse_auth): Ditto.
(jobserver_acquire_all): Set blocking to avoid a busy-wait loop.
(jobserver_acquire): If the non-blocking read() returns without
taking a token then try again.
---
posixos.c | 97 ++++++++++++++++++++++++++++++++++++++++++++++-----------------
1 file changed, 71 insertions(+), 26 deletions(-)
diff --git posixos.c posixos.c
index e642d7f..dbafa51 100644
--- posixos.c
+++ posixos.c
@@ -62,6 +62,24 @@ make_job_rfd (void)
#endif
}
+static void
+set_blocking (int fd, int blocking)
+{
+ // If we're not using pselect() don't change the blocking
+#ifdef HAVE_PSELECT
+ int flags;
+ EINTRLOOP (flags, fcntl (fd, F_GETFL));
+ if (flags >= 0)
+ {
+ int r;
+ flags = blocking ? (flags & ~O_NONBLOCK) : (flags | O_NONBLOCK);
+ EINTRLOOP (r, fcntl (fd, F_SETFL, flags));
+ if (r < 0)
+ pfatal_with_name ("fcntl(O_NONBLOCK)");
+ }
+#endif
+}
+
unsigned int
jobserver_setup (int slots)
{
@@ -86,6 +104,9 @@ jobserver_setup (int slots)
pfatal_with_name (_("init jobserver pipe"));
}
+ /* When using pselect() we want the read to be non-blocking. */
+ set_blocking (job_fds[0], 0);
+
return 1;
}
@@ -121,6 +142,9 @@ jobserver_parse_auth (const char *auth)
return 0;
}
+ /* When using pselect() we want the read to be non-blocking. */
+ set_blocking (job_fds[0], 0);
+
return 1;
}
@@ -169,7 +193,10 @@ jobserver_acquire_all (void)
{
unsigned int tokens = 0;
- /* Close the write side, so the read() won't hang. */
+ /* Use blocking reads to wait for all outstanding jobs. */
+ set_blocking (job_fds[0], 1);
+
+ /* Close the write side, so the read() won't hang forever. */
close (job_fds[1]);
job_fds[1] = -1;
@@ -236,18 +263,12 @@ jobserver_pre_acquire (void)
unsigned int
jobserver_acquire (int timeout)
{
- sigset_t empty;
- fd_set readfds;
struct timespec spec;
struct timespec *specp = NULL;
- int r;
- char intake;
+ sigset_t empty;
sigemptyset (&empty);
- FD_ZERO (&readfds);
- FD_SET (job_fds[0], &readfds);
-
if (timeout)
{
/* Alarm after one second (is this too granular?) */
@@ -256,28 +277,52 @@ jobserver_acquire (int timeout)
specp = &spec;
}
- r = pselect (job_fds[0]+1, &readfds, NULL, NULL, specp, &empty);
-
- if (r == -1)
+ while (1)
{
- /* Better be SIGCHLD. */
- if (errno != EINTR)
- pfatal_with_name (_("pselect jobs pipe"));
- return 0;
- }
+ fd_set readfds;
+ int r;
+ char intake;
- if (r == 0)
- /* Timeout. */
- return 0;
+ FD_ZERO (&readfds);
+ FD_SET (job_fds[0], &readfds);
- /* The read FD is ready: read it! */
- EINTRLOOP (r, read (job_fds[0], &intake, 1));
- if (r < 0)
- pfatal_with_name (_("read jobs pipe"));
+ r = pselect (job_fds[0]+1, &readfds, NULL, NULL, specp, &empty);
+ if (r < 0)
+ switch (errno)
+ {
+ case EINTR:
+ /* SIGCHLD will show up as an EINTR. */
+ return 0;
+
+ case EBADF:
+ /* Someone closed the jobs pipe.
+ That shouldn't happen but if it does we're done. */
+ O (fatal, NILF, _("job server shut down"));
- /* What does it mean if read() returns 0? It shouldn't happen because only
- the master make can reap all the tokens and close the write side...?? */
- return r > 0;
+ default:
+ pfatal_with_name (_("pselect jobs pipe"));
+ }
+
+ if (r == 0)
+ /* Timeout. */
+ return 0;
+
+ /* The read FD is ready: read it! This is non-blocking. */
+ EINTRLOOP (r, read (job_fds[0], &intake, 1));
+
+ if (r < 0)
+ {
+ /* Someone sniped our token! Try again. */
+ if (errno == EAGAIN)
+ continue;
+
+ pfatal_with_name (_("read jobs pipe"));
+ }
+
+ /* read() should never return 0: only the master make can reap all the
+ tokens and close the write side...?? */
+ return r > 0;
+ }
}
#else
--
cgit v1.0-41-gc330

View File

@ -144,6 +144,10 @@ let
appleDerivation_ = name: version: sha256: attrs: stdenv.mkDerivation ({
inherit version;
name = "${name}-${version}";
enableParallelBuilding = true;
meta = {
platforms = stdenv.lib.platforms.darwin;
};
} // (if attrs ? srcs then {} else {
src = fetchApple version sha256 name;
}) // attrs);
@ -153,7 +157,7 @@ let
name = builtins.elemAt (stdenv.lib.splitString "/" namePath) 0;
appleDerivation = appleDerivation_ name version sha256;
callPackage = pkgs.newScope (packages // pkgs.darwin // { inherit appleDerivation name version; });
in callPackage (./. + builtins.toPath "/${namePath}");
in callPackage (./. + "/${namePath}");
libsecPackage = pkgs.callPackage ./libsecurity_generic {
inherit applePackage appleDerivation_;

View File

@ -127,8 +127,4 @@ appleDerivation {
mkdir $out/Library/PrivateFrameworks
mv $out/Library/Frameworks/IOKit.framework $out/Library/PrivateFrameworks
'';
meta = {
platforms = stdenv.lib.platforms.darwin;
};
}

View File

@ -30,9 +30,8 @@ stdenv.mkDerivation rec {
# ensure capsh can find bash in $PATH
substituteInPlace progs/capsh.c --replace execve execvpe
'';
preInstall = ''
# set prefixes
substituteInPlace Make.Rules \
--replace 'prefix=/usr' "prefix=$lib" \
--replace 'exec_prefix=' "exec_prefix=$out" \

View File

@ -4,15 +4,15 @@
let
version = lib.concatStringsSep "." ([ majorVersion ]
++ lib.optional (patchVersion != "") patchVersion);
majorVersion = "2.30";
patchVersion = "2";
majorVersion = "2.31";
patchVersion = "";
in stdenv.mkDerivation rec {
name = "util-linux-${version}";
src = fetchurl {
url = "mirror://kernel/linux/utils/util-linux/v${majorVersion}/${name}.tar.xz";
sha256 = "1p494mwd8v6p6mpmmjybkc7bz1qwp9x4cdi8hdvp2nwvkr4fanvv";
sha256 = "12nw108xjhm63sh2n5a0qs33vpvbvb6rln96l9j50p7wykf7rgpr";
};
patches = [

View File

@ -1,4 +1,4 @@
{stdenv, fetchurl, lame, libvorbis, libmad, pkgconfig, libao}:
{stdenv, fetchurl, libvorbis, libmad, pkgconfig, libao}:
stdenv.mkDerivation {
name = "cdrdao-1.2.3";
@ -11,7 +11,7 @@ stdenv.mkDerivation {
makeFlags = "RM=rm LN=ln MV=mv";
nativeBuildInputs = [ pkgconfig ];
buildInputs = [ lame libvorbis libmad libao ];
buildInputs = [ libvorbis libmad libao ];
hardeningDisable = [ "format" ];

View File

@ -21,11 +21,11 @@ assert scpSupport -> libssh2 != null;
assert c-aresSupport -> c-ares != null;
stdenv.mkDerivation rec {
name = "curl-7.56.0";
name = "curl-7.56.1";
src = fetchurl {
url = "http://curl.haxx.se/download/${name}.tar.bz2";
sha256 = "1pvr2bqfhk46bzq2x2hskmnq3wc8qxlps7apm9q1qiixb9ra8q6y";
sha256 = "142zidvlmrz31yx480nrhh47hl01d7jbaagin23pspl7cw1ng515";
};
outputs = [ "bin" "dev" "out" "man" "devdoc" ];

View File

@ -2,11 +2,11 @@
stdenv.mkDerivation rec {
name = "unbound-${version}";
version = "1.6.6";
version = "1.6.7";
src = fetchurl {
url = "http://unbound.net/downloads/${name}.tar.gz";
sha256 = "145kska9a63yf32y3jg91y5ikcmsb7qvbcm7a8k6fgh96gf18awp";
sha256 = "17qwfmlls0w9kpkya3dlpn44b3kr87wsswzg3gawc13hh8yx8ysf";
};
outputs = [ "out" "lib" "man" ]; # "dev" would only split ~20 kB

View File

@ -186,10 +186,8 @@ with pkgs;
fetchzip = callPackage ../build-support/fetchzip { };
gitRepoToName = callPackage ../build-support/fetchgit/gitrepotoname.nix { };
fetchFromGitHub = {
owner, repo, rev, name ? gitRepoToName repo rev,
owner, repo, rev, name ? "source",
fetchSubmodules ? false, private ? false,
githubBase ? "github.com", varPrefix ? null,
... # For hash agility
@ -222,7 +220,7 @@ with pkgs;
in fetcher fetcherArgs // { meta.homepage = baseUrl; inherit rev; };
fetchFromBitbucket = {
owner, repo, rev, name ? gitRepoToName repo rev,
owner, repo, rev, name ? "source",
... # For hash agility
}@args: fetchzip ({
inherit name;
@ -233,7 +231,7 @@ with pkgs;
# cgit example, snapshot support is optional in cgit
fetchFromSavannah = {
repo, rev, name ? gitRepoToName repo rev,
repo, rev, name ? "source",
... # For hash agility
}@args: fetchzip ({
inherit name;
@ -243,7 +241,7 @@ with pkgs;
# gitlab example
fetchFromGitLab = {
owner, repo, rev, name ? gitRepoToName repo rev,
owner, repo, rev, name ? "source",
... # For hash agility
}@args: fetchzip ({
inherit name;
@ -253,7 +251,7 @@ with pkgs;
# gitweb example, snapshot support is optional in gitweb
fetchFromRepoOrCz = {
repo, rev, name ? gitRepoToName repo rev,
repo, rev, name ? "source",
... # For hash agility
}@args: fetchzip ({
inherit name;
@ -10974,7 +10972,7 @@ with pkgs;
wcslib = callPackage ../development/libraries/wcslib { };
webkitgtk = webkitgtk216x;
webkitgtk = webkitgtk218x;
webkitgtk24x-gtk3 = callPackage ../development/libraries/webkitgtk/2.4.nix {
harfbuzz = harfbuzz-icu-58;
@ -10982,9 +10980,9 @@ with pkgs;
inherit (darwin) libobjc;
};
webkitgtk216x = callPackage ../development/libraries/webkitgtk/2.16.nix {
webkitgtk218x = callPackage ../development/libraries/webkitgtk/2.18.nix {
harfbuzz = harfbuzz-icu;
gst-plugins-base = gst_all_1.gst-plugins-base;
inherit (gst_all_1) gst-plugins-base gst-plugins-bad;
};
webkitgtk24x-gtk2 = webkitgtk24x-gtk3.override {