diff options
author | Leona Maroni <dev@leona.is> | 2024-06-17 10:15:09 +0200 |
---|---|---|
committer | GitHub <noreply@github.com> | 2024-06-17 10:15:09 +0200 |
commit | c4cb6eb3c9186ab852f11dc1bee3f5bacef1902b (patch) | |
tree | 3cc9e9fd4ca515a04906b8e467be719e1d71ed42 | |
parent | 116b140bab7aaeca9b0251ce0d08647759531797 (diff) | |
parent | bea2f0a2eaed6e0d7e139c5d5e55095843cc875f (diff) |
Merge pull request #315851 from LeSuisse/v8-mark-vulnerable
v8: mark vulnerable, move dependents to `nodejs.libv8`
6 files changed, 46 insertions, 47 deletions
diff --git a/pkgs/applications/networking/misc/zammad/default.nix b/pkgs/applications/networking/misc/zammad/default.nix index 350e2fc245297..065749554ea10 100644 --- a/pkgs/applications/networking/misc/zammad/default.nix +++ b/pkgs/applications/networking/misc/zammad/default.nix @@ -17,7 +17,6 @@ , nodejs , yarn , yarn2nix-moretea -, v8 , cacert , redis }: @@ -83,7 +82,7 @@ let }; mini_racer = attrs: { buildFlags = [ - "--with-v8-dir=\"${v8}\"" + "--with-v8-dir=\"${nodejs.libv8}\"" ]; dontBuild = false; postPatch = '' diff --git a/pkgs/development/libraries/v8/default.nix b/pkgs/development/libraries/v8/default.nix index e633be6ac2ea7..9320fe34bb64a 100644 --- a/pkgs/development/libraries/v8/default.nix +++ b/pkgs/development/libraries/v8/default.nix @@ -190,5 +190,6 @@ stdenv.mkDerivation rec { maintainers = with maintainers; [ proglodyte matthewbauer ]; platforms = platforms.unix; license = licenses.bsd3; + knownVulnerabilities = [ "Severely outdated with multiple publicly known vulnerabilities" ]; }; } diff --git a/pkgs/development/r-modules/default.nix b/pkgs/development/r-modules/default.nix index ce5f581be1bcf..95e062808bc31 100644 --- a/pkgs/development/r-modules/default.nix +++ b/pkgs/development/r-modules/default.nix @@ -483,7 +483,7 @@ let units = [ pkgs.udunits ]; unigd = [ pkgs.pkg-config ]; vdiffr = [ pkgs.libpng.dev ]; - V8 = [ pkgs.v8 ]; + V8 = [ pkgs.nodejs.libv8 ]; XBRL = with pkgs; [ zlib libxml2.dev ]; XLConnect = [ pkgs.jdk ]; xml2 = [ pkgs.libxml2.dev ] ++ lib.optionals stdenv.isDarwin [ pkgs.perl ]; @@ -1407,12 +1407,15 @@ let V8 = old.V8.overrideAttrs (attrs: { postPatch = '' substituteInPlace configure \ - --replace " -lv8_libplatform" "" + --replace-fail " -lv8_libplatform" "" + # Bypass the test checking if pointer compression is needed + substituteInPlace configure \ + --replace-fail "./pctest1" "true" ''; preConfigure = '' - export INCLUDE_DIR=${pkgs.v8}/include - export LIB_DIR=${pkgs.v8}/lib + export INCLUDE_DIR=${pkgs.nodejs.libv8}/include + export LIB_DIR=${pkgs.nodejs.libv8}/lib patchShebangs configure ''; diff --git a/pkgs/development/ruby-modules/gem-config/default.nix b/pkgs/development/ruby-modules/gem-config/default.nix index 3a64f7d2fd9d1..2e59b8a99cc11 100644 --- a/pkgs/development/ruby-modules/gem-config/default.nix +++ b/pkgs/development/ruby-modules/gem-config/default.nix @@ -18,7 +18,7 @@ # (to make gems behave if necessary). { lib, fetchurl, writeScript, ruby, libkrb5, libxml2, libxslt, python2, stdenv, which -, libiconv, postgresql, v8, clang, sqlite, zlib, imagemagick, lasem +, libiconv, postgresql, nodejs, clang, sqlite, zlib, imagemagick, lasem , pkg-config , ncurses, xapian, gpgme, util-linux, tzdata, icu, libffi , cmake, libssh2, openssl, openssl_1_1, libmysqlclient, git, perl, pcre, pcre2, gecode_3, curl , libsodium, snappy, libossp_uuid, lxc, libpcap, xorg, gtk2, gtk3, buildRubyGem @@ -476,7 +476,7 @@ in # otherwise the gem will fail to link to the libv8 binary. # see: https://github.com/cowboyd/libv8/pull/161 libv8 = attrs: { - buildInputs = [ which v8 python2 ]; + buildInputs = [ which nodejs.libv8 python2 ]; buildFlags = [ "--with-system-v8=true" ]; dontBuild = false; # The gem includes broken symlinks which are ignored during unpacking, but @@ -496,7 +496,7 @@ in }; execjs = attrs: { - propagatedBuildInputs = [ v8 ]; + propagatedBuildInputs = [ nodejs.libv8 ]; }; libxml-ruby = attrs: { diff --git a/pkgs/servers/sql/postgresql/ext/plv8/0001-build-Allow-using-V8-from-system.patch b/pkgs/servers/sql/postgresql/ext/plv8/0001-build-Allow-using-V8-from-system.patch index 05f607911f20a..e6099771ea1a8 100644 --- a/pkgs/servers/sql/postgresql/ext/plv8/0001-build-Allow-using-V8-from-system.patch +++ b/pkgs/servers/sql/postgresql/ext/plv8/0001-build-Allow-using-V8-from-system.patch @@ -1,47 +1,44 @@ diff --git a/Makefile b/Makefile -index 38879cc..6e78eeb 100644 +index a705c11..08b952b 100644 --- a/Makefile +++ b/Makefile -@@ -20,6 +20,7 @@ OBJS = $(SRCS:.cc=.o) +@@ -13,11 +13,14 @@ OBJS = $(SRCS:.cc=.o) MODULE_big = plv8-$(PLV8_VERSION) EXTENSION = plv8 PLV8_DATA = plv8.control plv8--$(PLV8_VERSION).sql +USE_SYSTEM_V8 = 0 - - # Platform detection -@@ -41,6 +42,7 @@ PGXS := $(shell $(PG_CONFIG) --pgxs) - PG_VERSION_NUM := $(shell cat `$(PG_CONFIG) --includedir-server`/pg_config*.h \ - | perl -ne 'print $$1 and exit if /PG_VERSION_NUM\s+(\d+)/') + ifeq ($(OS),Windows_NT) + # noop for now + else ++ ifeq ($(USE_SYSTEM_V8),0) + SHLIB_LINK += -Ldeps/v8-cmake/build ++ endif + UNAME_S := $(shell uname -s) + ifeq ($(UNAME_S),Darwin) + CCFLAGS += -stdlib=libc++ +@@ -34,6 +37,7 @@ ifeq ($(NUMPROC),0) + NUMPROC = 1 + endif +ifeq ($(USE_SYSTEM_V8),0) - AUTOV8_DIR = build/v8 - AUTOV8_OUT = build/v8/out.gn/obj - AUTOV8_STATIC_LIBS = -lv8_libplatform -lv8_libbase -@@ -66,6 +68,7 @@ v8: - make -f Makefiles/Makefile.macos v8 - endif - endif + SHLIB_LINK += -Ldeps/v8-cmake/build + + all: v8 $(OBJS) +@@ -46,11 +50,16 @@ deps/v8-cmake/build/libv8_libbase.a: + @cd deps/v8-cmake && mkdir -p build && cd build && cmake -Denable-fPIC=ON -DCMAKE_BUILD_TYPE=Release ../ && make -j $(NUMPROC) + + v8: deps/v8-cmake/build/libv8_libbase.a ++else ++all: $(OBJS) +endif # enable direct jsonb conversion by default CCFLAGS += -DJSONB_DIRECT_CONVERSION -@@ -83,6 +86,7 @@ ifdef BIGINT_GRACEFUL - endif - +ifeq ($(USE_SYSTEM_V8),0) - # We're gonna build static link. Rip it out after include Makefile - SHLIB_LINK := $(filter-out -lv8, $(SHLIB_LINK)) - -@@ -101,6 +105,7 @@ else - SHLIB_LINK += -lrt -std=c++14 - endif - endif + CCFLAGS += -Ideps/v8-cmake/v8/include -std=c++17 +endif - DATA = $(PLV8_DATA) - ifndef DISABLE_DIALECT --- -2.37.3 - + ifdef EXECUTION_TIMEOUT + CCFLAGS += -DEXECUTION_TIMEOUT diff --git a/pkgs/servers/sql/postgresql/ext/plv8/default.nix b/pkgs/servers/sql/postgresql/ext/plv8/default.nix index 2e8ac591a2ddd..615dcb3a80ae1 100644 --- a/pkgs/servers/sql/postgresql/ext/plv8/default.nix +++ b/pkgs/servers/sql/postgresql/ext/plv8/default.nix @@ -1,7 +1,7 @@ { stdenv , lib , fetchFromGitHub -, v8 +, nodejs_20 , perl , postgresql , jitSupport @@ -11,15 +11,17 @@ , gnugrep }: -stdenv.mkDerivation (finalAttrs: { +let + libv8 = nodejs_20.libv8; +in stdenv.mkDerivation (finalAttrs: { pname = "plv8"; - version = "3.1.10"; + version = "3.2.2"; src = fetchFromGitHub { owner = "plv8"; repo = "plv8"; rev = "v${finalAttrs.version}"; - hash = "sha256-g1A/XPC0dX2360Gzvmo9/FSQnM6Wt2K4eR0pH0p9fz4="; + hash = "sha256-azO33v22EF+/sTNmwswxyDR0PhrvWfTENuLu6JgSGJ0="; }; patches = [ @@ -33,7 +35,7 @@ stdenv.mkDerivation (finalAttrs: { ]; buildInputs = [ - v8 + libv8 postgresql ]; @@ -43,7 +45,7 @@ stdenv.mkDerivation (finalAttrs: { # Nixpkgs build a v8 monolith instead of separate v8_libplatform. "USE_SYSTEM_V8=1" "SHLIB_LINK=-lv8" - "V8_OUTDIR=${v8}/lib" + "V8_OUTDIR=${libv8}/lib" ]; installFlags = [ @@ -56,9 +58,6 @@ stdenv.mkDerivation (finalAttrs: { postPatch = '' patchShebangs ./generate_upgrade.sh - # https://github.com/plv8/plv8/pull/506 - substituteInPlace generate_upgrade.sh \ - --replace " 2.3.10 " " 2.3.10 2.3.11 2.3.12 2.3.13 2.3.14 2.3.15 " ''; postInstall = '' |