diff options
76 files changed, 2433 insertions, 278 deletions
diff --git a/pkgs/applications/networking/browsers/chromium/common.nix b/pkgs/applications/networking/browsers/chromium/common.nix index 259309757b11c..e7597249acdb5 100644 --- a/pkgs/applications/networking/browsers/chromium/common.nix +++ b/pkgs/applications/networking/browsers/chromium/common.nix @@ -20,6 +20,7 @@ , pkgsBuildHost # configurePhase: , gnChromium +, symlinkJoin # Build inputs: , libpng @@ -378,6 +379,14 @@ let ${ungoogler}/utils/domain_substitution.py apply -r ${ungoogler}/domain_regex.list -f ${ungoogler}/domain_substitution.list -c ./ungoogled-domsubcache.tar.gz . ''; + llvmCcAndBintools = symlinkJoin { + name = "llvmCcAndBintools"; + paths = [ + pkgsBuildTarget.${llvmPackages_attrName}.llvm + pkgsBuildTarget.${llvmPackages_attrName}.stdenv.cc + ]; + }; + gnFlags = mkGnFlags ({ # Main build and toolchain settings: # Create an official and optimized release build (only official builds @@ -445,7 +454,7 @@ let rtc_use_pipewire = true; # Disable PGO because the profile data requires a newer compiler version (LLVM 14 isn't sufficient): chrome_pgo_phase = 0; - clang_base_path = "${pkgsBuildTarget.${llvmPackages_attrName}.stdenv.cc}"; + clang_base_path = "${llvmCcAndBintools}"; use_qt = false; # To fix the build as we don't provide libffi_pic.a # (ld.lld: error: unable to find library -l:libffi_pic.a): diff --git a/pkgs/applications/networking/instant-messengers/element/keytar/default.nix b/pkgs/applications/networking/instant-messengers/element/keytar/default.nix index 84196371be3af..d43894e08239a 100644 --- a/pkgs/applications/networking/instant-messengers/element/keytar/default.nix +++ b/pkgs/applications/networking/instant-messengers/element/keytar/default.nix @@ -1,4 +1,4 @@ -{ lib, stdenv, fetchFromGitHub, nodejs, python3, callPackage, removeReferencesTo +{ lib, stdenv, fetchFromGitHub, nodejs, python3, removeReferencesTo , pkg-config, libsecret, xcbuild, Security, AppKit, fetchNpmDeps, npmHooks }: let @@ -31,6 +31,17 @@ in stdenv.mkDerivation rec { doCheck = false; + postPatch = lib.optionalString (stdenv.hostPlatform != stdenv.buildPlatform) '' + pkg-config() { "''${PKG_CONFIG}" "$@"; } + export -f pkg-config + ''; + + # https://nodejs.org/api/os.html#osarch + npmFlagsArray = [ "--arch=${if stdenv.hostPlatform.parsed.cpu.name == "i686" then "ia32" + else if stdenv.hostPlatform.parsed.cpu.name == "x86_64" then "x64" + else if stdenv.hostPlatform.parsed.cpu.name == "aarch64" then "arm64" + else stdenv.hostPlatform.parsed.cpu.name}" ]; + installPhase = '' runHook preInstall shopt -s extglob diff --git a/pkgs/applications/networking/instant-messengers/element/seshat/default.nix b/pkgs/applications/networking/instant-messengers/element/seshat/default.nix index ed6b5ebe72a65..c1c9a57d43569 100644 --- a/pkgs/applications/networking/instant-messengers/element/seshat/default.nix +++ b/pkgs/applications/networking/instant-messengers/element/seshat/default.nix @@ -1,4 +1,4 @@ -{ lib, stdenv, rustPlatform, fetchFromGitHub, callPackage, sqlcipher, nodejs, python3, yarn, fixup-yarn-lock, CoreServices, fetchYarnDeps, removeReferencesTo }: +{ lib, stdenv, rustPlatform, fetchFromGitHub, rust, sqlcipher, nodejs, python3, yarn, fixup-yarn-lock, CoreServices, fetchYarnDeps, removeReferencesTo }: let pinData = lib.importJSON ./pin.json; @@ -36,7 +36,7 @@ in rustPlatform.buildRustPackage rec { fixup-yarn-lock yarn.lock yarn install --offline --frozen-lockfile --ignore-platform --ignore-scripts --no-progress --non-interactive patchShebangs node_modules/ - node_modules/.bin/neon build --release + node_modules/.bin/neon build --release -- --target ${rust.toRustTargetSpec stdenv.hostPlatform} -Z unstable-options --out-dir target/release runHook postBuild ''; diff --git a/pkgs/applications/version-management/git/default.nix b/pkgs/applications/version-management/git/default.nix index 8f57c97230fbd..375908863a2ab 100644 --- a/pkgs/applications/version-management/git/default.nix +++ b/pkgs/applications/version-management/git/default.nix @@ -29,7 +29,7 @@ assert sendEmailSupport -> perlSupport; assert svnSupport -> perlSupport; let - version = "2.44.0"; + version = "2.44.1"; svn = subversionClient.override { perlBindings = perlSupport; }; gitwebPerlLibs = with perlPackages; [ CGI HTMLParser CGIFast FCGI FCGIProcManager HTMLTagCloud ]; in @@ -42,7 +42,7 @@ stdenv.mkDerivation (finalAttrs: { src = fetchurl { url = "https://www.kernel.org/pub/software/scm/git/git-${version}.tar.xz"; - hash = "sha256-41hzjctbXqNAzpAKABXAOuhugE5/9k5HqkYx3e5oHeM="; + hash = "sha256-e2CmJMD3AJoWuFYlBiGq/c3YXrjUS7AgYXtlJbhyYeQ="; }; outputs = [ "out" ] ++ lib.optional withManual "doc"; diff --git a/pkgs/by-name/li/libcamera/ipa-priv-key.pem b/pkgs/by-name/li/libcamera/ipa-priv-key.pem new file mode 100644 index 0000000000000..b5b5b17ba0d0c --- /dev/null +++ b/pkgs/by-name/li/libcamera/ipa-priv-key.pem @@ -0,0 +1,28 @@ +-----BEGIN PRIVATE KEY----- +MIIEvQIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEAAoIBAQCocmtyzPPjv+52 +JiZrpZFfaZ0eeUgugc8gV+0+2Q9GEkl/xxqjiDVg31gBO3iwQov2NmGuPbXr+vwZ +QcUqNQakmmdi22tBaTtd6hMuhu9OfbP8sIFaf0dToZRHkPgf63+WCF6w0O9enEz4 +zjW3kPa1eVRVekiYCXGML/VhN+h5WwWouNWgEOw5JH39ZuGmhsGN5XekkHtyMkwq +Vr+JodoSizhYs9VBYNA1J4PlyiS4BYr4pLiLffzPwRjcSS777x33g+nWNr1lsFxB +nDoVvVnq0E7fiXxlmCtAr/7dv0Ug5ixuNfZ9yoT0f+mfUiG/anmfodHujIm2Db37 +jvmfxaq1AgMBAAECggEAFhJKBHSY92xod0g37A55fiZFTV8oZ1mgdXU386522yBd +y5Wf5rIcBmm1axHrFjNeCgClq3JQEk/kdP3Ccy2YBXzq04/7HYrHmd5oLYZGOINt +kExjYqN/SdTH7FmxPWN66AKIP8RcvQmfZ1GDxd4DiZNQitO3S96e53bIQPkVp8Lg +GfK6LQCdOGimD00wvRoeqbV0PWGGVMfx+KvD5hxKYolyi/hNUxToD28qCAoMlMTi +yL+17q3nIYZvUmL0k7d64U+lXF8ov3cVXNJzAzFi41MXZ2Xqk3Lj+IhNweUhlOyn +fTo8QntNlirNL/XmtJ+5mPbGufE/6zsSNOf2Cyz2aQKBgQDio/tA3tFBzOz31hox +gW6NKarhp7e5R3XHQjZPmQXKq2lGCTBN+LzwCLYDa+ZWkS+cel/xSbkUFl0dopCu +7uGrSvmVAv+l1k879WHsYmLlDjJSa8WmDtVQ0SJr70X9UJmD2BivWnTnzrpZFu2A +Nv57gvebJTI4tLfAAyIfbg8gOQKBgQC+RJRv8/jVha/4sPonQYvpH0scS0Xzwca6 +xd23e+vULBpk7IVzMbVGJEDdfWXVJeAO++FSQcgTJA38nfYm2XRPZAProliLaW8o +XVhhhWbXP7Jc8BmL5zyfDaLOXNFBX2kfr/oKeOoQ+0dRDlWKlarw1SxC+RT6i2qQ +YETgXHKmXQKBgGk8mWsqy2HRZOtDqE/6eLnlciprtVy7+M14Sj21oUHVTAGwPJTH +/fs7IEEAdikWK1RuYmRoxh60r7IWDTadR35BRxjRFqILnCkMLNcVbDRN3kH1NwZ/ +dr+bDG+v4ADazx2wVu39g7Erhc3eXpOddZcmXhDVObeo+nWXPt33PeDJAoGBAJ4v ++FVnuo8Tee1Cfogat87W5KSedIcnqSjpjt+Y2MXq8PrNplnSjwrE42UCd6KRvcnX +Ykr4Q/ad+D75uYgtLMVAuv2yWPl3bCJcETnrJkh5PbqFKEgntT/rn1sA0j0OrSDa +NwFz6+64a1+ZkkcJDjjykr0Px4BSXwOv9jOuyOdFAoGADZEADOLX5y4utxboe1M0 +UnaFKGEDE6H8qdRJQ9bSvEwJI142al02CvnvqvP4cpd8rKOCRs9nSXFJFXCedTLy +ojSVfjTyJMTVJxab/c/Qugkxb/TqGfEnZF2yoTsfPYp2pXRd6DvyKlDQzlSOj933 +FrqeSe1QKapuPRsujVwLZDU= +-----END PRIVATE KEY----- diff --git a/pkgs/by-name/li/libcamera/package.nix b/pkgs/by-name/li/libcamera/package.nix index a6a0fe8fa7c35..dabf457de7432 100644 --- a/pkgs/by-name/li/libcamera/package.nix +++ b/pkgs/by-name/li/libcamera/package.nix @@ -1,7 +1,6 @@ { stdenv , fetchgit , lib -, fetchpatch , meson , ninja , pkg-config @@ -33,12 +32,24 @@ stdenv.mkDerivation rec { hash = "sha256-x0Im9m9MoACJhQKorMI34YQ+/bd62NdAPc2nWwaJAvM="; }; - outputs = [ "out" "dev" "doc" ]; + outputs = [ "out" "dev" ]; postPatch = '' patchShebangs utils/ ''; + # libcamera signs the IPA module libraries at install time, but they are then + # modified by stripping and RPATH fixup. Therefore, we need to generate the + # signatures again ourselves. For reproducibility, we use a static private key. + # + # If this is not done, libcamera will still try to load them, but it will + # isolate them in separate processes, which can cause crashes for IPA modules + # that are not designed for this (notably ipa_rpi.so). + preBuild = '' + ninja src/ipa-priv-key.pem + install -D ${./ipa-priv-key.pem} src/ipa-priv-key.pem + ''; + strictDeps = true; buildInputs = [ @@ -86,6 +97,10 @@ stdenv.mkDerivation rec { # Avoid blanket -Werror to evade build failures on less # tested compilers. "-Dwerror=false" + # Documentation breaks binary compatibility. + # Given that upstream also provides public documentation, + # we can disable it here. + "-Ddocumentation=disabled" ]; # Fixes error on a deprecated declaration @@ -94,17 +109,6 @@ stdenv.mkDerivation rec { # Silence fontconfig warnings about missing config FONTCONFIG_FILE = makeFontsConf { fontDirectories = [ ]; }; - # libcamera signs the IPA module libraries at install time, but they are then - # modified by stripping and RPATH fixup. Therefore, we need to generate the - # signatures again ourselves. - # - # If this is not done, libcamera will still try to load them, but it will - # isolate them in separate processes, which can cause crashes for IPA modules - # that are not designed for this (notably ipa_rpi.so). - postFixup = '' - ../src/ipa/ipa-sign-install.sh src/ipa-priv-key.pem $out/lib/libcamera/ipa_*.so - ''; - meta = with lib; { description = "An open source camera stack and framework for Linux, Android, and ChromeOS"; homepage = "https://libcamera.org"; diff --git a/pkgs/tools/networking/unbound/default.nix b/pkgs/by-name/un/unbound/package.nix index 45c794a532eb3..1a9025a4a9078 100644 --- a/pkgs/tools/networking/unbound/default.nix +++ b/pkgs/by-name/un/unbound/package.nix @@ -50,11 +50,11 @@ stdenv.mkDerivation (finalAttrs: { pname = "unbound"; - version = "1.19.3"; + version = "1.20.0"; src = fetchurl { url = "https://nlnetlabs.nl/downloads/unbound/unbound-${finalAttrs.version}.tar.gz"; - hash = "sha256-OuMivn3C+DFgPksDkUNVM61YYcIyLjSnYAap+2XrVrk="; + hash = "sha256-VrTO7TNjlSIAD9lndVdt34eCuzYXYQcV1/Hnd8XsHb8="; }; outputs = [ "out" "lib" "man" ]; # "dev" would only split ~20 kB diff --git a/pkgs/by-name/vu/vulkan-volk/package.nix b/pkgs/by-name/vu/vulkan-volk/package.nix index a659f9a1c6da7..d65002027a174 100644 --- a/pkgs/by-name/vu/vulkan-volk/package.nix +++ b/pkgs/by-name/vu/vulkan-volk/package.nix @@ -2,13 +2,13 @@ stdenv.mkDerivation (finalAttrs: { pname = "volk"; - version = "1.3.280.0"; + version = "1.3.283.0"; src = fetchFromGitHub { owner = "zeux"; repo = "volk"; rev = "vulkan-sdk-${finalAttrs.version}"; - hash = "sha256-e4TLGRqn0taYeiRVxc9WevURjO5dsVq3RpOwZBGDknQ="; + hash = "sha256-AoUStYeSTu6YmdyKgx0n3O+p3asb39GU6HSHgOhhFhQ="; }; nativeBuildInputs = [ cmake ]; diff --git a/pkgs/development/compilers/glslang/default.nix b/pkgs/development/compilers/glslang/default.nix index 1f84487239d24..91dfb296318cc 100644 --- a/pkgs/development/compilers/glslang/default.nix +++ b/pkgs/development/compilers/glslang/default.nix @@ -9,13 +9,13 @@ }: stdenv.mkDerivation rec { pname = "glslang"; - version = "14.1.0"; + version = "14.2.0"; src = fetchFromGitHub { owner = "KhronosGroup"; repo = "glslang"; rev = version; - hash = "sha256-trm5bR3/2w+oQppHQBB+b6l0N0sLjTk5+rRGDfnGb+8="; + hash = "sha256-B6jVCeoFjd2H6+7tIses+Kj8DgHS6E2dkVzQAIzDHEc="; }; # These get set at all-packages, keep onto them for child drvs diff --git a/pkgs/development/compilers/go/1.22.nix b/pkgs/development/compilers/go/1.22.nix index 6a3cfd39203d5..c0103090b3314 100644 --- a/pkgs/development/compilers/go/1.22.nix +++ b/pkgs/development/compilers/go/1.22.nix @@ -47,11 +47,11 @@ let in stdenv.mkDerivation (finalAttrs: { pname = "go"; - version = "1.22.2"; + version = "1.22.3"; src = fetchurl { url = "https://go.dev/dl/go${finalAttrs.version}.src.tar.gz"; - hash = "sha256-N06oKyiexzjpaCZ8rFnH1f8YD5SSJQJUeEsgROkN9ak="; + hash = "sha256-gGSO80+QMZPXKlnA3/AZ9fmK4MmqE63gsOy/+ZGnb2g="; }; strictDeps = true; diff --git a/pkgs/development/compilers/llvm/common/libcxx/default.nix b/pkgs/development/compilers/llvm/common/libcxx/default.nix index 0e91f50551c55..5b4c2ca56ae1a 100644 --- a/pkgs/development/compilers/llvm/common/libcxx/default.nix +++ b/pkgs/development/compilers/llvm/common/libcxx/default.nix @@ -67,6 +67,12 @@ let cxxCMakeFlags = [ "-DLIBCXX_CXX_ABI=${cxxabiName}" + ] ++ lib.optionals (cxxabi == null && lib.versionAtLeast release_version "16") [ + # Note: llvm < 16 doesn't support this flag (or it's broken); handled in postInstall instead. + # Include libc++abi symbols within libc++.a for static linking libc++; + # dynamic linking includes them through libc++.so being a linker script + # which includes both shared objects. + "-DLIBCXX_STATICALLY_LINK_ABI_IN_STATIC_LIBRARY=ON" ] ++ lib.optionals (cxxabi != null) [ "-DLIBCXX_CXX_ABI_INCLUDE_PATHS=${lib.getDev cxxabi}/include" ] ++ lib.optionals (stdenv.hostPlatform.isMusl || stdenv.hostPlatform.isWasi) [ @@ -126,6 +132,31 @@ stdenv.mkDerivation (rec { postInstall = lib.optionalString (cxxabi != null) '' lndir ${lib.getDev cxxabi}/include $dev/include/c++/v1 lndir ${lib.getLib cxxabi}/lib $out/lib + libcxxabi=$out/lib/lib${cxxabi.libName}.a + '' + # LIBCXX_STATICALLY_LINK_ABI_IN_STATIC_LIBRARY=ON doesn't work for LLVM < 16 or + # external cxxabi libraries so merge libc++abi.a into libc++.a ourselves. + + # GNU binutils emits objects in LIFO order in MRI scripts so after the merge + # the objects are in reversed order so a second MRI script is required so the + # objects in the archive are listed in proper order (libc++.a, libc++abi.a) + + lib.optionalString (cxxabi != null || lib.versionOlder release_version "16") '' + libcxxabi=''${libcxxabi-$out/lib/libc++abi.a} + if [[ -f $out/lib/libc++.a && -e $libcxxabi ]]; then + $AR -M <<MRI + create $out/lib/libc++.a + addlib $out/lib/libc++.a + addlib $libcxxabi + save + end + MRI + $AR -M <<MRI + create $out/lib/libc++.a + addlib $out/lib/libc++.a + save + end + MRI + fi ''; passthru = { diff --git a/pkgs/development/interpreters/python/catch_conflicts/catch_conflicts.py b/pkgs/development/interpreters/python/catch_conflicts/catch_conflicts.py index ad679d9f9f99e..4713cfb7026e5 100644 --- a/pkgs/development/interpreters/python/catch_conflicts/catch_conflicts.py +++ b/pkgs/development/interpreters/python/catch_conflicts/catch_conflicts.py @@ -3,9 +3,10 @@ from pathlib import Path import collections import sys import os -from typing import Dict, List, Tuple +from typing import Dict, List, Set, Tuple do_abort: bool = False -packages: Dict[str, Dict[str, List[Dict[str, List[str]]]]] = collections.defaultdict(list) +packages: Dict[str, Dict[str, Dict[str, List[str]]]] = collections.defaultdict(dict) +found_paths: Set[Path] = set() out_path: Path = Path(os.getenv("out")) version: Tuple[int, int] = sys.version_info site_packages_path: str = f'lib/python{version[0]}.{version[1]}/site-packages' @@ -31,14 +32,10 @@ def describe_parents(parents: List[str]) -> str: # inserts an entry into 'packages' def add_entry(name: str, version: str, store_path: str, parents: List[str]) -> None: - if name not in packages: - packages[name] = {} - if store_path not in packages[name]: - packages[name][store_path] = [] - packages[name][store_path].append(dict( + packages[name][store_path] = dict( version=version, parents=parents, - )) + ) # transitively discover python dependencies and store them in 'packages' @@ -46,6 +43,12 @@ def find_packages(store_path: Path, site_packages_path: str, parents: List[str]) site_packages: Path = (store_path / site_packages_path) propagated_build_inputs: Path = (store_path / "nix-support/propagated-build-inputs") + # only visit each path once, to avoid exponential complexity with highly + # connected dependency graphs + if store_path in found_paths: + return + found_paths.add(store_path) + # add the current package to the list if site_packages.exists(): for dist_info in site_packages.glob("*.dist-info"): @@ -55,10 +58,9 @@ def find_packages(store_path: Path, site_packages_path: str, parents: List[str]) # recursively add dependencies if propagated_build_inputs.exists(): with open(propagated_build_inputs, "r") as f: - build_inputs: List[str] = f.read().strip().split(" ") + build_inputs: List[str] = f.read().split() for build_input in build_inputs: - if build_input not in parents: - find_packages(Path(build_input), site_packages_path, parents + [build_input]) + find_packages(Path(build_input), site_packages_path, parents + [build_input]) find_packages(out_path, site_packages_path, [f"this derivation: {out_path}"]) @@ -68,10 +70,9 @@ for name, store_paths in packages.items(): if len(store_paths) > 1: do_abort = True print("Found duplicated packages in closure for dependency '{}': ".format(name)) - for store_path, candidates in store_paths.items(): - for candidate in candidates: - print(f" {name} {candidate['version']} ({store_path})") - print(describe_parents(candidate['parents'])) + for store_path, candidate in store_paths.items(): + print(f" {name} {candidate['version']} ({store_path})") + print(describe_parents(candidate['parents'])) # fail if duplicates were found if do_abort: diff --git a/pkgs/development/interpreters/python/hooks/python-catch-conflicts-hook-tests.nix b/pkgs/development/interpreters/python/hooks/python-catch-conflicts-hook-tests.nix index cba1034e0963d..3890df40cb742 100644 --- a/pkgs/development/interpreters/python/hooks/python-catch-conflicts-hook-tests.nix +++ b/pkgs/development/interpreters/python/hooks/python-catch-conflicts-hook-tests.nix @@ -143,4 +143,46 @@ in { }; in expectFailure toplevel "Found duplicated packages in closure for dependency 'leaf'"; + + /* + Transitive conflict with multiple dependency chains leading to the + conflicting package. + + Test sets up this dependency tree: + + toplevel + ├── dep1 + │ └── leaf + ├── dep2 + │ └── leaf + └── dep3 + └── leaf (customized version -> conflicting) + */ + catches-conflict-multiple-chains = let + # package depending on dependency1, dependency2 and dependency3 + toplevel = generatePythonPackage { + pname = "catches-conflict-multiple-chains"; + propagatedBuildInputs = [ dep1 dep2 dep3 ]; + }; + # dep1 package depending on leaf + dep1 = generatePythonPackage { + pname = "dependency1"; + propagatedBuildInputs = [ leaf ]; + }; + # dep2 package depending on leaf + dep2 = generatePythonPackage { + pname = "dependency2"; + propagatedBuildInputs = [ leaf ]; + }; + # dep3 package depending on conflicting version of leaf + dep3 = generatePythonPackage { + pname = "dependency3"; + propagatedBuildInputs = [ (customize leaf) ]; + }; + # some leaf package + leaf = generatePythonPackage { + pname = "leaf"; + }; + in + expectFailure toplevel "Found duplicated packages in closure for dependency 'leaf'"; } diff --git a/pkgs/development/libraries/at-spi2-core/default.nix b/pkgs/development/libraries/at-spi2-core/default.nix index c70044308d023..4ca364ad9f8de 100644 --- a/pkgs/development/libraries/at-spi2-core/default.nix +++ b/pkgs/development/libraries/at-spi2-core/default.nix @@ -19,6 +19,7 @@ , libXext , gnome , systemd +, systemdSupport ? lib.meta.availableOn stdenv.hostPlatform systemd }: stdenv.mkDerivation rec { @@ -51,7 +52,7 @@ stdenv.mkDerivation rec { libXi # libXext is a transitive dependency of libXi libXext - ] ++ lib.optionals (lib.meta.availableOn stdenv.hostPlatform systemd) [ + ] ++ lib.optionals systemdSupport [ # libsystemd is a needed for dbus-broker support systemd ]; @@ -72,9 +73,11 @@ stdenv.mkDerivation rec { # including the entire dbus closure in libraries linked with # the at-spi2-core libraries. "-Ddbus_daemon=/run/current-system/sw/bin/dbus-daemon" - ] ++ lib.optionals stdenv.hostPlatform.isLinux [ + ] ++ lib.optionals systemdSupport [ # Same as the above, but for dbus-broker "-Ddbus_broker=/run/current-system/sw/bin/dbus-broker-launch" + ] ++ lib.optionals (!systemdSupport) [ + "-Duse_systemd=false" ]; passthru = { diff --git a/pkgs/development/libraries/directfb/default.nix b/pkgs/development/libraries/directfb/default.nix index e7a7996d91f22..be6a2da6566c5 100644 --- a/pkgs/development/libraries/directfb/default.nix +++ b/pkgs/development/libraries/directfb/default.nix @@ -33,6 +33,13 @@ stdenv.mkDerivation rec { url = "https://git.alpinelinux.org/aports/plain/community/directfb/0002-Fix-musl-PTHREAD_RECURSIVE_MUTEX_INITIALIZER_NP-comp.patch?id=f8158258493fc0c3eb5de2302e40f4bc44ecfb09"; sha256 = "sha256-j3+mcP6hV9LKuba1GOdcM1cZfmXuJtRgx4vE484jIns="; }) + # This uses POSIX basename() while directfb expects GNU + # basename(), but the POSIX behaviour of modifying the input + # should be fine since directfb never uses the buffer afterwards. + (fetchpatch { + url = "https://git.alpinelinux.org/aports/plain/community/directfb/fix-missing-basename.patch?id=bc049ae1bcf9ef3f66cd12a6fbb7ac4e917764b1"; + hash = "sha256-BX/C8+nh2fovHx8vKXFqKzBtfiTKUcW2BUCsaDIhodc="; + }) ]; postPatch = '' diff --git a/pkgs/development/libraries/ffmpeg/generic.nix b/pkgs/development/libraries/ffmpeg/generic.nix index 92a28d8a7705b..55f6709c1361c 100644 --- a/pkgs/development/libraries/ffmpeg/generic.nix +++ b/pkgs/development/libraries/ffmpeg/generic.nix @@ -427,6 +427,21 @@ stdenv.mkDerivation (finalAttrs: { url = "https://git.ffmpeg.org/gitweb/ffmpeg.git/patch/75b1a555a70c178a9166629e43ec2f6250219eb2"; hash = "sha256-+2kzfPJf5piim+DqEgDuVEEX5HLwRsxq0dWONJ4ACrU="; } + { + name = "5.x-CVE-2024-31585.patch"; + url = "https://git.ffmpeg.org/gitweb/ffmpeg.git/patch/8711cea3841fc385cccb1e7255176479e865cd4d"; + hash = "sha256-WT+ly/l04yM/tRVbhkESA3sDDjwvtd/Cg2y8tQo4ApI="; + } + { + name = "CVE-2024-31582.patch"; + url = "https://git.ffmpeg.org/gitweb/ffmpeg.git/patch/99debe5f823f45a482e1dc08de35879aa9c74bd2"; + hash = "sha256-+CQ9FXR6Vr/AmsbXFiCUXZcxKj1s8nInEdke/Oc/kUA="; + } + { + name = "CVE-2024-31578.patch"; + url = "https://git.ffmpeg.org/gitweb/ffmpeg.git/patch/3bb00c0a420c3ce83c6fafee30270d69622ccad7"; + hash = "sha256-oZMZysBA+/gwaGEM1yvI+8wCadXWE7qLRL6Emap3b8Q="; + } ]) ++ (lib.optionals (lib.versionAtLeast version "6.1" && lib.versionOlder version "6.2") [ { # this can be removed post 6.1 @@ -439,6 +454,16 @@ stdenv.mkDerivation (finalAttrs: { url = "https://git.ffmpeg.org/gitweb/ffmpeg.git/patch/e06ce6d2b45edac4a2df04f304e18d4727417d24"; hash = "sha256-73mlX1rdJrguw7OXaSItfHtI7gflDrFj+7SepVvvUIg="; } + { + name = "CVE-2024-31582.patch"; + url = "https://git.ffmpeg.org/gitweb/ffmpeg.git/patch/99debe5f823f45a482e1dc08de35879aa9c74bd2"; + hash = "sha256-+CQ9FXR6Vr/AmsbXFiCUXZcxKj1s8nInEdke/Oc/kUA="; + } + { + name = "CVE-2024-31578.patch"; + url = "https://git.ffmpeg.org/gitweb/ffmpeg.git/patch/3bb00c0a420c3ce83c6fafee30270d69622ccad7"; + hash = "sha256-oZMZysBA+/gwaGEM1yvI+8wCadXWE7qLRL6Emap3b8Q="; + } ]) ++ (lib.optionals (lib.versionAtLeast version "7.0") [ { diff --git a/pkgs/development/libraries/gdk-pixbuf/default.nix b/pkgs/development/libraries/gdk-pixbuf/default.nix index a90a2c5c9f780..f9fd75f1a6af9 100644 --- a/pkgs/development/libraries/gdk-pixbuf/default.nix +++ b/pkgs/development/libraries/gdk-pixbuf/default.nix @@ -21,6 +21,7 @@ , buildPackages , withIntrospection ? lib.meta.availableOn stdenv.hostPlatform gobject-introspection && stdenv.hostPlatform.emulatorAvailable buildPackages , gobject-introspection +, fetchpatch }: stdenv.mkDerivation (finalAttrs: { @@ -41,6 +42,12 @@ stdenv.mkDerivation (finalAttrs: { patches = [ # Move installed tests to a separate output ./installed-tests-path.patch + # Remove post 2.42.11 + (fetchpatch { + name = "fix-meson.build-typo.patch"; + url = "https://gitlab.gnome.org/GNOME/gdk-pixbuf/-/commit/238893d8cd6f9c2616a05ab521a29651a17a38c2.patch"; + hash = "sha256-6IhdNH6hhygSXD7EJo/hoBLFeb2lJlBIHNBPTkA3Do0="; + }) ]; # gdk-pixbuf-thumbnailer is not wrapped therefore strictDeps will work @@ -79,6 +86,7 @@ stdenv.mkDerivation (finalAttrs: { "-Dgio_sniffing=false" (lib.mesonBool "gtk_doc" withIntrospection) (lib.mesonEnable "introspection" withIntrospection) + (lib.mesonEnable "others" true) ]; postPatch = '' @@ -93,6 +101,9 @@ stdenv.mkDerivation (finalAttrs: { substituteInPlace docs/meson.build \ --replace "dependency('gi-docgen'," "dependency('gi-docgen', native:true," \ --replace "'gi-docgen', req" "'gi-docgen', native:true, req" + + # Remove 'ani' loader until proper fix for CVE-2022-48622 + substituteInPlace meson.build --replace-fail "'ani'," "" ''; postInstall = diff --git a/pkgs/development/libraries/glib/default.nix b/pkgs/development/libraries/glib/default.nix index 70d24842a86e3..feef4630afd8c 100644 --- a/pkgs/development/libraries/glib/default.nix +++ b/pkgs/development/libraries/glib/default.nix @@ -60,11 +60,11 @@ in stdenv.mkDerivation (finalAttrs: { pname = "glib"; - version = "2.80.0"; + version = "2.80.2"; src = fetchurl { url = "mirror://gnome/sources/glib/${lib.versions.majorMinor finalAttrs.version}/glib-${finalAttrs.version}.tar.xz"; - hash = "sha256-giipL5KkEhYLE5rmi2NFvSjyRDSnta8VDr4h/1h6Vh0="; + hash = "sha256-uc+296W9WzEjj9XVbfImst2l6jdhFHW/ifag+UAP6L0="; }; patches = lib.optionals stdenv.isDarwin [ @@ -239,7 +239,7 @@ stdenv.mkDerivation (finalAttrs: { done # Cannot be in postInstall, otherwise _multioutDocs hook in preFixup will move right back. - moveToOutput "share/doc/glib-2.0" "$devdoc" + moveToOutput "share/doc" "$devdoc" ''; nativeCheckInputs = [ tzdata desktop-file-utils shared-mime-info ]; diff --git a/pkgs/development/libraries/glibc/2.39-master.patch b/pkgs/development/libraries/glibc/2.39-master.patch index b1d7d60411c81..88e629981e3ce 100644 --- a/pkgs/development/libraries/glibc/2.39-master.patch +++ b/pkgs/development/libraries/glibc/2.39-master.patch @@ -9074,3 +9074,1784 @@ index 0000000000..96a8765fd5 +} + +#include <support/test-driver.c> + +commit e828914cf9f2fc2caa5bced0fc6a03cb78324979 +Author: Florian Weimer <fweimer@redhat.com> +Date: Tue Apr 23 21:16:32 2024 +0200 + + nptl: Fix tst-cancel30 on kernels without ppoll_time64 support + + Fall back to ppoll if ppoll_time64 fails with ENOSYS. + Fixes commit 370da8a121c3ba9eeb2f13da15fc0f21f4136b25 ("nptl: Fix + tst-cancel30 on sparc64"). + + Reviewed-by: Adhemerval Zanella <adhemerval.zanella@linaro.org> + (cherry picked from commit f4724843ada64a51d66f65d3199fe431f9d4c254) + +diff --git a/sysdeps/pthread/tst-cancel30.c b/sysdeps/pthread/tst-cancel30.c +index 3030660e5f..94ad6281bc 100644 +--- a/sysdeps/pthread/tst-cancel30.c ++++ b/sysdeps/pthread/tst-cancel30.c +@@ -18,6 +18,7 @@ + License along with the GNU C Library; if not, see + <https://www.gnu.org/licenses/>. */ + ++#include <errno.h> + #include <support/check.h> + #include <support/xstdio.h> + #include <support/xthread.h> +@@ -46,13 +47,19 @@ tf (void *arg) + + /* Wait indefinitely for cancellation, which only works if asynchronous + cancellation is enabled. */ +-#if defined SYS_ppoll || defined SYS_ppoll_time64 +-# ifndef SYS_ppoll_time64 +-# define SYS_ppoll_time64 SYS_ppoll ++#ifdef SYS_ppoll_time64 ++ long int ret = syscall (SYS_ppoll_time64, NULL, 0, NULL, NULL); ++ (void) ret; ++# ifdef SYS_ppoll ++ if (ret == -1 && errno == ENOSYS) ++ syscall (SYS_ppoll, NULL, 0, NULL, NULL); + # endif +- syscall (SYS_ppoll_time64, NULL, 0, NULL, NULL); + #else ++# ifdef SYS_ppoll ++ syscall (SYS_ppoll, NULL, 0, NULL, NULL); ++# else + for (;;); ++# endif + #endif + + return 0; + +commit e701c7d761f6e5c48d8e9dd5da88cbe2e94943f4 +Author: Florian Weimer <fweimer@redhat.com> +Date: Thu Apr 25 12:56:48 2024 +0200 + + i386: ulp update for SSE2 --disable-multi-arch configurations + + (cherry picked from commit 3a3a4497421422aa854c855cbe5110ca7d598ffc) + +diff --git a/sysdeps/i386/fpu/libm-test-ulps b/sysdeps/i386/fpu/libm-test-ulps +index 84e6686eba..f2139fc172 100644 +--- a/sysdeps/i386/fpu/libm-test-ulps ++++ b/sysdeps/i386/fpu/libm-test-ulps +@@ -1232,6 +1232,7 @@ ldouble: 6 + + Function: "hypot": + double: 1 ++float: 1 + float128: 1 + ldouble: 1 + + +commit 2f8f157eb0cc7f1d8d9a3fcaa8c55bed53b092a8 +Author: H.J. Lu <hjl.tools@gmail.com> +Date: Tue Apr 23 13:59:50 2024 -0700 + + x86: Define MINIMUM_X86_ISA_LEVEL in config.h [BZ #31676] + + Define MINIMUM_X86_ISA_LEVEL at configure time to avoid + + /usr/bin/ld: …/build/elf/librtld.os: in function `init_cpu_features': + …/git/elf/../sysdeps/x86/cpu-features.c:1202: undefined reference to `_dl_runtime_resolve_fxsave' + /usr/bin/ld: …/build/elf/librtld.os: relocation R_X86_64_PC32 against undefined hidden symbol `_dl_runtime_resolve_fxsave' can not be used when making a shared object + /usr/bin/ld: final link failed: bad value + collect2: error: ld returned 1 exit status + + when glibc is built with -march=x86-64-v3 and configured with + --with-rtld-early-cflags=-march=x86-64, which is used to allow ld.so to + print an error message on unsupported CPUs: + + Fatal glibc error: CPU does not support x86-64-v3 + + This fixes BZ #31676. + Reviewed-by: Sunil K Pandey <skpgkp2@gmail.com> + + (cherry picked from commit 46c999741340ea559784c20a45077955b50aca43) + +diff --git a/config.h.in b/config.h.in +index 4d33c63a84..1e647de585 100644 +--- a/config.h.in ++++ b/config.h.in +@@ -286,6 +286,9 @@ + /* Define if x86 ISA level should be included in shared libraries. */ + #undef INCLUDE_X86_ISA_LEVEL + ++/* The x86 ISA level. 1 for baseline. Undefined on non-x86. */ ++#undef MINIMUM_X86_ISA_LEVEL ++ + /* Define if -msahf is enabled by default on x86. */ + #undef HAVE_X86_LAHF_SAHF + +diff --git a/sysdeps/x86/configure b/sysdeps/x86/configure +index 2a5421bb31..d28d9bcb29 100644 +--- a/sysdeps/x86/configure ++++ b/sysdeps/x86/configure +@@ -151,6 +151,13 @@ printf "%s\n" "$libc_cv_have_x86_isa_level" >&6; } + else + libc_cv_have_x86_isa_level=baseline + fi ++if test $libc_cv_have_x86_isa_level = baseline; then ++ printf "%s\n" "#define MINIMUM_X86_ISA_LEVEL 1" >>confdefs.h ++ ++else ++ printf "%s\n" "#define MINIMUM_X86_ISA_LEVEL $libc_cv_have_x86_isa_level" >>confdefs.h ++ ++fi + config_vars="$config_vars + have-x86-isa-level = $libc_cv_have_x86_isa_level" + config_vars="$config_vars +diff --git a/sysdeps/x86/configure.ac b/sysdeps/x86/configure.ac +index 78ff7c8f41..5b0acd03d2 100644 +--- a/sysdeps/x86/configure.ac ++++ b/sysdeps/x86/configure.ac +@@ -105,6 +105,11 @@ EOF + else + libc_cv_have_x86_isa_level=baseline + fi ++if test $libc_cv_have_x86_isa_level = baseline; then ++ AC_DEFINE_UNQUOTED(MINIMUM_X86_ISA_LEVEL, 1) ++else ++ AC_DEFINE_UNQUOTED(MINIMUM_X86_ISA_LEVEL, $libc_cv_have_x86_isa_level) ++fi + LIBC_CONFIG_VAR([have-x86-isa-level], [$libc_cv_have_x86_isa_level]) + LIBC_CONFIG_VAR([x86-isa-level-3-or-above], [3 4]) + LIBC_CONFIG_VAR([enable-x86-isa-level], [$libc_cv_include_x86_isa_level]) +diff --git a/sysdeps/x86/isa-level.h b/sysdeps/x86/isa-level.h +index 11fe1ca90c..2c7f74212b 100644 +--- a/sysdeps/x86/isa-level.h ++++ b/sysdeps/x86/isa-level.h +@@ -61,8 +61,10 @@ + # define __X86_ISA_V4 0 + #endif + +-#define MINIMUM_X86_ISA_LEVEL \ ++#ifndef MINIMUM_X86_ISA_LEVEL ++# define MINIMUM_X86_ISA_LEVEL \ + (__X86_ISA_V1 + __X86_ISA_V2 + __X86_ISA_V3 + __X86_ISA_V4) ++#endif + + /* Depending on the minimum ISA level, a feature check result can be a + compile-time constant.. */ + +commit 1263d583d2e28afb8be53f8d6922f0842036f35d +Author: Florian Weimer <fweimer@redhat.com> +Date: Thu Apr 25 15:00:45 2024 +0200 + + CVE-2024-33599: nscd: Stack-based buffer overflow in netgroup cache (bug 31677) + + Using alloca matches what other caches do. The request length is + bounded by MAXKEYLEN. + + Reviewed-by: Carlos O'Donell <carlos@redhat.com> + (cherry picked from commit 87801a8fd06db1d654eea3e4f7626ff476a9bdaa) + +diff --git a/nscd/netgroupcache.c b/nscd/netgroupcache.c +index 0c6e46f15c..f227dc7fa2 100644 +--- a/nscd/netgroupcache.c ++++ b/nscd/netgroupcache.c +@@ -502,12 +502,13 @@ addinnetgrX (struct database_dyn *db, int fd, request_header *req, + = (struct indataset *) mempool_alloc (db, + sizeof (*dataset) + req->key_len, + 1); +- struct indataset dataset_mem; + bool cacheable = true; + if (__glibc_unlikely (dataset == NULL)) + { + cacheable = false; +- dataset = &dataset_mem; ++ /* The alloca is safe because nscd_run_worker verfies that ++ key_len is not larger than MAXKEYLEN. */ ++ dataset = alloca (sizeof (*dataset) + req->key_len); + } + + datahead_init_pos (&dataset->head, sizeof (*dataset) + req->key_len, + +commit 5a508e0b508c8ad53bd0d2fb48fd71b242626341 +Author: Florian Weimer <fweimer@redhat.com> +Date: Thu Apr 25 15:01:07 2024 +0200 + + CVE-2024-33600: nscd: Do not send missing not-found response in addgetnetgrentX (bug 31678) + + If we failed to add a not-found response to the cache, the dataset + point can be null, resulting in a null pointer dereference. + + Reviewed-by: Siddhesh Poyarekar <siddhesh@sourceware.org> + (cherry picked from commit 7835b00dbce53c3c87bbbb1754a95fb5e58187aa) + +diff --git a/nscd/netgroupcache.c b/nscd/netgroupcache.c +index f227dc7fa2..c18fe111f3 100644 +--- a/nscd/netgroupcache.c ++++ b/nscd/netgroupcache.c +@@ -147,7 +147,7 @@ addgetnetgrentX (struct database_dyn *db, int fd, request_header *req, + /* No such service. */ + cacheable = do_notfound (db, fd, req, key, &dataset, &total, &timeout, + &key_copy); +- goto writeout; ++ goto maybe_cache_add; + } + + memset (&data, '\0', sizeof (data)); +@@ -348,7 +348,7 @@ addgetnetgrentX (struct database_dyn *db, int fd, request_header *req, + { + cacheable = do_notfound (db, fd, req, key, &dataset, &total, &timeout, + &key_copy); +- goto writeout; ++ goto maybe_cache_add; + } + + total = buffilled; +@@ -410,14 +410,12 @@ addgetnetgrentX (struct database_dyn *db, int fd, request_header *req, + } + + if (he == NULL && fd != -1) +- { +- /* We write the dataset before inserting it to the database +- since while inserting this thread might block and so would +- unnecessarily let the receiver wait. */ +- writeout: ++ /* We write the dataset before inserting it to the database since ++ while inserting this thread might block and so would ++ unnecessarily let the receiver wait. */ + writeall (fd, &dataset->resp, dataset->head.recsize); +- } + ++ maybe_cache_add: + if (cacheable) + { + /* If necessary, we also propagate the data to disk. */ + +commit c99f886de54446cd4447db6b44be93dabbdc2f8b +Author: Florian Weimer <fweimer@redhat.com> +Date: Thu Apr 25 15:01:07 2024 +0200 + + CVE-2024-33600: nscd: Avoid null pointer crashes after notfound response (bug 31678) + + The addgetnetgrentX call in addinnetgrX may have failed to produce + a result, so the result variable in addinnetgrX can be NULL. + Use db->negtimeout as the fallback value if there is no result data; + the timeout is also overwritten below. + + Also avoid sending a second not-found response. (The client + disconnects after receiving the first response, so the data stream did + not go out of sync even without this fix.) It is still beneficial to + add the negative response to the mapping, so that the client can get + it from there in the future, instead of going through the socket. + + Reviewed-by: Siddhesh Poyarekar <siddhesh@sourceware.org> + (cherry picked from commit b048a482f088e53144d26a61c390bed0210f49f2) + +diff --git a/nscd/netgroupcache.c b/nscd/netgroupcache.c +index c18fe111f3..e22ffa5884 100644 +--- a/nscd/netgroupcache.c ++++ b/nscd/netgroupcache.c +@@ -511,14 +511,15 @@ addinnetgrX (struct database_dyn *db, int fd, request_header *req, + + datahead_init_pos (&dataset->head, sizeof (*dataset) + req->key_len, + sizeof (innetgroup_response_header), +- he == NULL ? 0 : dh->nreloads + 1, result->head.ttl); ++ he == NULL ? 0 : dh->nreloads + 1, ++ result == NULL ? db->negtimeout : result->head.ttl); + /* Set the notfound status and timeout based on the result from + getnetgrent. */ +- dataset->head.notfound = result->head.notfound; ++ dataset->head.notfound = result == NULL || result->head.notfound; + dataset->head.timeout = timeout; + + dataset->resp.version = NSCD_VERSION; +- dataset->resp.found = result->resp.found; ++ dataset->resp.found = result != NULL && result->resp.found; + /* Until we find a matching entry the result is 0. */ + dataset->resp.result = 0; + +@@ -566,7 +567,9 @@ addinnetgrX (struct database_dyn *db, int fd, request_header *req, + goto out; + } + +- if (he == NULL) ++ /* addgetnetgrentX may have already sent a notfound response. Do ++ not send another one. */ ++ if (he == NULL && dataset->resp.found) + { + /* We write the dataset before inserting it to the database + since while inserting this thread might block and so would + +commit a9a8d3eebb145779a18d90e3966009a1daa63cd8 +Author: Florian Weimer <fweimer@redhat.com> +Date: Thu Apr 25 15:01:07 2024 +0200 + + CVE-2024-33601, CVE-2024-33602: nscd: netgroup: Use two buffers in addgetnetgrentX (bug 31680) + + This avoids potential memory corruption when the underlying NSS + callback function does not use the buffer space to store all strings + (e.g., for constant strings). + + Instead of custom buffer management, two scratch buffers are used. + This increases stack usage somewhat. + + Scratch buffer allocation failure is handled by return -1 + (an invalid timeout value) instead of terminating the process. + This fixes bug 31679. + + Reviewed-by: Siddhesh Poyarekar <siddhesh@sourceware.org> + (cherry picked from commit c04a21e050d64a1193a6daab872bca2528bda44b) + +diff --git a/nscd/netgroupcache.c b/nscd/netgroupcache.c +index e22ffa5884..e8fe041846 100644 +--- a/nscd/netgroupcache.c ++++ b/nscd/netgroupcache.c +@@ -23,6 +23,7 @@ + #include <stdlib.h> + #include <unistd.h> + #include <sys/mman.h> ++#include <scratch_buffer.h> + + #include "../nss/netgroup.h" + #include "nscd.h" +@@ -65,6 +66,16 @@ struct dataset + char strdata[0]; + }; + ++/* Send a notfound response to FD. Always returns -1 to indicate an ++ ephemeral error. */ ++static time_t ++send_notfound (int fd) ++{ ++ if (fd != -1) ++ TEMP_FAILURE_RETRY (send (fd, ¬found, sizeof (notfound), MSG_NOSIGNAL)); ++ return -1; ++} ++ + /* Sends a notfound message and prepares a notfound dataset to write to the + cache. Returns true if there was enough memory to allocate the dataset and + returns the dataset in DATASETP, total bytes to write in TOTALP and the +@@ -83,8 +94,7 @@ do_notfound (struct database_dyn *db, int fd, request_header *req, + total = sizeof (notfound); + timeout = time (NULL) + db->negtimeout; + +- if (fd != -1) +- TEMP_FAILURE_RETRY (send (fd, ¬found, total, MSG_NOSIGNAL)); ++ send_notfound (fd); + + dataset = mempool_alloc (db, sizeof (struct dataset) + req->key_len, 1); + /* If we cannot permanently store the result, so be it. */ +@@ -109,11 +119,78 @@ do_notfound (struct database_dyn *db, int fd, request_header *req, + return cacheable; + } + ++struct addgetnetgrentX_scratch ++{ ++ /* This is the result that the caller should use. It can be NULL, ++ point into buffer, or it can be in the cache. */ ++ struct dataset *dataset; ++ ++ struct scratch_buffer buffer; ++ ++ /* Used internally in addgetnetgrentX as a staging area. */ ++ struct scratch_buffer tmp; ++ ++ /* Number of bytes in buffer that are actually used. */ ++ size_t buffer_used; ++}; ++ ++static void ++addgetnetgrentX_scratch_init (struct addgetnetgrentX_scratch *scratch) ++{ ++ scratch->dataset = NULL; ++ scratch_buffer_init (&scratch->buffer); ++ scratch_buffer_init (&scratch->tmp); ++ ++ /* Reserve space for the header. */ ++ scratch->buffer_used = sizeof (struct dataset); ++ static_assert (sizeof (struct dataset) < sizeof (scratch->tmp.__space), ++ "initial buffer space"); ++ memset (scratch->tmp.data, 0, sizeof (struct dataset)); ++} ++ ++static void ++addgetnetgrentX_scratch_free (struct addgetnetgrentX_scratch *scratch) ++{ ++ scratch_buffer_free (&scratch->buffer); ++ scratch_buffer_free (&scratch->tmp); ++} ++ ++/* Copy LENGTH bytes from S into SCRATCH. Returns NULL if SCRATCH ++ could not be resized, otherwise a pointer to the copy. */ ++static char * ++addgetnetgrentX_append_n (struct addgetnetgrentX_scratch *scratch, ++ const char *s, size_t length) ++{ ++ while (true) ++ { ++ size_t remaining = scratch->buffer.length - scratch->buffer_used; ++ if (remaining >= length) ++ break; ++ if (!scratch_buffer_grow_preserve (&scratch->buffer)) ++ return NULL; ++ } ++ char *copy = scratch->buffer.data + scratch->buffer_used; ++ memcpy (copy, s, length); ++ scratch->buffer_used += length; ++ return copy; ++} ++ ++/* Copy S into SCRATCH, including its null terminator. Returns false ++ if SCRATCH could not be resized. */ ++static bool ++addgetnetgrentX_append (struct addgetnetgrentX_scratch *scratch, const char *s) ++{ ++ if (s == NULL) ++ s = ""; ++ return addgetnetgrentX_append_n (scratch, s, strlen (s) + 1) != NULL; ++} ++ ++/* Caller must initialize and free *SCRATCH. If the return value is ++ negative, this function has sent a notfound response. */ + static time_t + addgetnetgrentX (struct database_dyn *db, int fd, request_header *req, + const char *key, uid_t uid, struct hashentry *he, +- struct datahead *dh, struct dataset **resultp, +- void **tofreep) ++ struct datahead *dh, struct addgetnetgrentX_scratch *scratch) + { + if (__glibc_unlikely (debug_level > 0)) + { +@@ -132,14 +209,10 @@ addgetnetgrentX (struct database_dyn *db, int fd, request_header *req, + + char *key_copy = NULL; + struct __netgrent data; +- size_t buflen = MAX (1024, sizeof (*dataset) + req->key_len); +- size_t buffilled = sizeof (*dataset); +- char *buffer = NULL; + size_t nentries = 0; + size_t group_len = strlen (key) + 1; + struct name_list *first_needed + = alloca (sizeof (struct name_list) + group_len); +- *tofreep = NULL; + + if (netgroup_database == NULL + && !__nss_database_get (nss_database_netgroup, &netgroup_database)) +@@ -151,8 +224,6 @@ addgetnetgrentX (struct database_dyn *db, int fd, request_header *req, + } + + memset (&data, '\0', sizeof (data)); +- buffer = xmalloc (buflen); +- *tofreep = buffer; + first_needed->next = first_needed; + memcpy (first_needed->name, key, group_len); + data.needed_groups = first_needed; +@@ -195,8 +266,8 @@ addgetnetgrentX (struct database_dyn *db, int fd, request_header *req, + while (1) + { + int e; +- status = getfct.f (&data, buffer + buffilled, +- buflen - buffilled - req->key_len, &e); ++ status = getfct.f (&data, scratch->tmp.data, ++ scratch->tmp.length, &e); + if (status == NSS_STATUS_SUCCESS) + { + if (data.type == triple_val) +@@ -204,68 +275,10 @@ addgetnetgrentX (struct database_dyn *db, int fd, request_header *req, + const char *nhost = data.val.triple.host; + const char *nuser = data.val.triple.user; + const char *ndomain = data.val.triple.domain; +- +- size_t hostlen = strlen (nhost ?: "") + 1; +- size_t userlen = strlen (nuser ?: "") + 1; +- size_t domainlen = strlen (ndomain ?: "") + 1; +- +- if (nhost == NULL || nuser == NULL || ndomain == NULL +- || nhost > nuser || nuser > ndomain) +- { +- const char *last = nhost; +- if (last == NULL +- || (nuser != NULL && nuser > last)) +- last = nuser; +- if (last == NULL +- || (ndomain != NULL && ndomain > last)) +- last = ndomain; +- +- size_t bufused +- = (last == NULL +- ? buffilled +- : last + strlen (last) + 1 - buffer); +- +- /* We have to make temporary copies. */ +- size_t needed = hostlen + userlen + domainlen; +- +- if (buflen - req->key_len - bufused < needed) +- { +- buflen += MAX (buflen, 2 * needed); +- /* Save offset in the old buffer. We don't +- bother with the NULL check here since +- we'll do that later anyway. */ +- size_t nhostdiff = nhost - buffer; +- size_t nuserdiff = nuser - buffer; +- size_t ndomaindiff = ndomain - buffer; +- +- char *newbuf = xrealloc (buffer, buflen); +- /* Fix up the triplet pointers into the new +- buffer. */ +- nhost = (nhost ? newbuf + nhostdiff +- : NULL); +- nuser = (nuser ? newbuf + nuserdiff +- : NULL); +- ndomain = (ndomain ? newbuf + ndomaindiff +- : NULL); +- *tofreep = buffer = newbuf; +- } +- +- nhost = memcpy (buffer + bufused, +- nhost ?: "", hostlen); +- nuser = memcpy ((char *) nhost + hostlen, +- nuser ?: "", userlen); +- ndomain = memcpy ((char *) nuser + userlen, +- ndomain ?: "", domainlen); +- } +- +- char *wp = buffer + buffilled; +- wp = memmove (wp, nhost ?: "", hostlen); +- wp += hostlen; +- wp = memmove (wp, nuser ?: "", userlen); +- wp += userlen; +- wp = memmove (wp, ndomain ?: "", domainlen); +- wp += domainlen; +- buffilled = wp - buffer; ++ if (!(addgetnetgrentX_append (scratch, nhost) ++ && addgetnetgrentX_append (scratch, nuser) ++ && addgetnetgrentX_append (scratch, ndomain))) ++ return send_notfound (fd); + ++nentries; + } + else +@@ -317,8 +330,8 @@ addgetnetgrentX (struct database_dyn *db, int fd, request_header *req, + } + else if (status == NSS_STATUS_TRYAGAIN && e == ERANGE) + { +- buflen *= 2; +- *tofreep = buffer = xrealloc (buffer, buflen); ++ if (!scratch_buffer_grow (&scratch->tmp)) ++ return send_notfound (fd); + } + else if (status == NSS_STATUS_RETURN + || status == NSS_STATUS_NOTFOUND +@@ -351,10 +364,17 @@ addgetnetgrentX (struct database_dyn *db, int fd, request_header *req, + goto maybe_cache_add; + } + +- total = buffilled; ++ /* Capture the result size without the key appended. */ ++ total = scratch->buffer_used; ++ ++ /* Make a copy of the key. The scratch buffer must not move after ++ this point. */ ++ key_copy = addgetnetgrentX_append_n (scratch, key, req->key_len); ++ if (key_copy == NULL) ++ return send_notfound (fd); + + /* Fill in the dataset. */ +- dataset = (struct dataset *) buffer; ++ dataset = scratch->buffer.data; + timeout = datahead_init_pos (&dataset->head, total + req->key_len, + total - offsetof (struct dataset, resp), + he == NULL ? 0 : dh->nreloads + 1, +@@ -363,11 +383,7 @@ addgetnetgrentX (struct database_dyn *db, int fd, request_header *req, + dataset->resp.version = NSCD_VERSION; + dataset->resp.found = 1; + dataset->resp.nresults = nentries; +- dataset->resp.result_len = buffilled - sizeof (*dataset); +- +- assert (buflen - buffilled >= req->key_len); +- key_copy = memcpy (buffer + buffilled, key, req->key_len); +- buffilled += req->key_len; ++ dataset->resp.result_len = total - sizeof (*dataset); + + /* Now we can determine whether on refill we have to create a new + record or not. */ +@@ -398,7 +414,7 @@ addgetnetgrentX (struct database_dyn *db, int fd, request_header *req, + if (__glibc_likely (newp != NULL)) + { + /* Adjust pointer into the memory block. */ +- key_copy = (char *) newp + (key_copy - buffer); ++ key_copy = (char *) newp + (key_copy - (char *) dataset); + + dataset = memcpy (newp, dataset, total + req->key_len); + cacheable = true; +@@ -439,7 +455,7 @@ addgetnetgrentX (struct database_dyn *db, int fd, request_header *req, + } + + out: +- *resultp = dataset; ++ scratch->dataset = dataset; + + return timeout; + } +@@ -460,6 +476,9 @@ addinnetgrX (struct database_dyn *db, int fd, request_header *req, + if (user != NULL) + key = strchr (key, '\0') + 1; + const char *domain = *key++ ? key : NULL; ++ struct addgetnetgrentX_scratch scratch; ++ ++ addgetnetgrentX_scratch_init (&scratch); + + if (__glibc_unlikely (debug_level > 0)) + { +@@ -475,12 +494,8 @@ addinnetgrX (struct database_dyn *db, int fd, request_header *req, + group, group_len, + db, uid); + time_t timeout; +- void *tofree; + if (result != NULL) +- { +- timeout = result->head.timeout; +- tofree = NULL; +- } ++ timeout = result->head.timeout; + else + { + request_header req_get = +@@ -489,7 +504,10 @@ addinnetgrX (struct database_dyn *db, int fd, request_header *req, + .key_len = group_len + }; + timeout = addgetnetgrentX (db, -1, &req_get, group, uid, NULL, NULL, +- &result, &tofree); ++ &scratch); ++ result = scratch.dataset; ++ if (timeout < 0) ++ goto out; + } + + struct indataset +@@ -603,7 +621,7 @@ addinnetgrX (struct database_dyn *db, int fd, request_header *req, + } + + out: +- free (tofree); ++ addgetnetgrentX_scratch_free (&scratch); + return timeout; + } + +@@ -613,11 +631,12 @@ addgetnetgrentX_ignore (struct database_dyn *db, int fd, request_header *req, + const char *key, uid_t uid, struct hashentry *he, + struct datahead *dh) + { +- struct dataset *ignore; +- void *tofree; +- time_t timeout = addgetnetgrentX (db, fd, req, key, uid, he, dh, +- &ignore, &tofree); +- free (tofree); ++ struct addgetnetgrentX_scratch scratch; ++ addgetnetgrentX_scratch_init (&scratch); ++ time_t timeout = addgetnetgrentX (db, fd, req, key, uid, he, dh, &scratch); ++ addgetnetgrentX_scratch_free (&scratch); ++ if (timeout < 0) ++ timeout = 0; + return timeout; + } + +@@ -661,5 +680,9 @@ readdinnetgr (struct database_dyn *db, struct hashentry *he, + .key_len = he->len + }; + +- return addinnetgrX (db, -1, &req, db->data + he->key, he->owner, he, dh); ++ int timeout = addinnetgrX (db, -1, &req, db->data + he->key, he->owner, ++ he, dh); ++ if (timeout < 0) ++ timeout = 0; ++ return timeout; + } + +commit fd658f026f25cf59e8db243bc3b3e09cd5a20ba0 +Author: H.J. Lu <hjl.tools@gmail.com> +Date: Thu Apr 25 08:06:52 2024 -0700 + + elf: Also compile dl-misc.os with $(rtld-early-cflags) + + Also compile dl-misc.os with $(rtld-early-cflags) to avoid + + Program received signal SIGILL, Illegal instruction. + 0x00007ffff7fd36ea in _dl_strtoul (nptr=nptr@entry=0x7fffffffe2c9 "2", + endptr=endptr@entry=0x7fffffffd728) at dl-misc.c:156 + 156 bool positive = true; + (gdb) bt + #0 0x00007ffff7fd36ea in _dl_strtoul (nptr=nptr@entry=0x7fffffffe2c9 "2", + endptr=endptr@entry=0x7fffffffd728) at dl-misc.c:156 + #1 0x00007ffff7fdb1a9 in tunable_initialize ( + cur=cur@entry=0x7ffff7ffbc00 <tunable_list+2176>, + strval=strval@entry=0x7fffffffe2c9 "2", len=len@entry=1) + at dl-tunables.c:131 + #2 0x00007ffff7fdb3a2 in parse_tunables (valstring=<optimized out>) + at dl-tunables.c:258 + #3 0x00007ffff7fdb5d9 in __GI___tunables_init (envp=0x7fffffffdd58) + at dl-tunables.c:288 + #4 0x00007ffff7fe44c3 in _dl_sysdep_start ( + start_argptr=start_argptr@entry=0x7fffffffdcb0, + dl_main=dl_main@entry=0x7ffff7fe5f80 <dl_main>) + at ../sysdeps/unix/sysv/linux/dl-sysdep.c:110 + #5 0x00007ffff7fe5cae in _dl_start_final (arg=0x7fffffffdcb0) at rtld.c:494 + #6 _dl_start (arg=0x7fffffffdcb0) at rtld.c:581 + #7 0x00007ffff7fe4b38 in _start () + (gdb) + + when setting GLIBC_TUNABLES in glibc compiled with APX. + Reviewed-by: Florian Weimer <fweimer@redhat.com> + + (cherry picked from commit 049b7684c912dd32b67b1b15b0f43bf07d5f512e) + +diff --git a/elf/Makefile b/elf/Makefile +index 69aa423c4b..a50a988e73 100644 +--- a/elf/Makefile ++++ b/elf/Makefile +@@ -170,6 +170,7 @@ CFLAGS-.op += $(call elide-stack-protector,.op,$(elide-routines.os)) + CFLAGS-.os += $(call elide-stack-protector,.os,$(all-rtld-routines)) + + # Add the requested compiler flags to the early startup code. ++CFLAGS-dl-misc.os += $(rtld-early-cflags) + CFLAGS-dl-printf.os += $(rtld-early-cflags) + CFLAGS-dl-setup_hash.os += $(rtld-early-cflags) + CFLAGS-dl-sysdep.os += $(rtld-early-cflags) + +commit 9831f98c266a8d56d1bf729b709c08e40375540c +Author: Florian Weimer <fweimer@redhat.com> +Date: Fri Apr 19 14:38:17 2024 +0200 + + login: Check default sizes of structs utmp, utmpx, lastlog + + The default <utmp-size.h> is for ports with a 64-bit time_t. + Ports with a 32-bit time_t or with __WORDSIZE_TIME64_COMPAT32=1 + need to override it. + + Reviewed-by: Adhemerval Zanella <adhemerval.zanella@linaro.org> + (cherry picked from commit 4d4da5aab936504b2d3eca3146e109630d9093c4) + +diff --git a/login/Makefile b/login/Makefile +index 1e22008a61..b26ac42bfc 100644 +--- a/login/Makefile ++++ b/login/Makefile +@@ -44,7 +44,7 @@ subdir-dirs = programs + vpath %.c programs + + tests := tst-utmp tst-utmpx tst-grantpt tst-ptsname tst-getlogin tst-updwtmpx \ +- tst-pututxline-lockfail tst-pututxline-cache ++ tst-pututxline-lockfail tst-pututxline-cache tst-utmp-size + + # Empty compatibility library for old binaries. + extra-libs := libutil +diff --git a/login/tst-utmp-size.c b/login/tst-utmp-size.c +new file mode 100644 +index 0000000000..1b7f7ff042 +--- /dev/null ++++ b/login/tst-utmp-size.c +@@ -0,0 +1,33 @@ ++/* Check expected sizes of struct utmp, struct utmpx, struct lastlog. ++ Copyright (C) 2024 Free Software Foundation, Inc. ++ This file is part of the GNU C Library. ++ ++ The GNU C Library is free software; you can redistribute it and/or ++ modify it under the terms of the GNU Lesser General Public ++ License as published by the Free Software Foundation; either ++ version 2.1 of the License, or (at your option) any later version. ++ ++ The GNU C Library is distributed in the hope that it will be useful, ++ but WITHOUT ANY WARRANTY; without even the implied warranty of ++ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU ++ Lesser General Public License for more details. ++ ++ You should have received a copy of the GNU Lesser General Public ++ License along with the GNU C Library; if not, see ++ <https://www.gnu.org/licenses/>. */ ++ ++#include <utmp.h> ++#include <utmpx.h> ++#include <utmp-size.h> ++ ++static int ++do_test (void) ++{ ++ _Static_assert (sizeof (struct utmp) == UTMP_SIZE, "struct utmp size"); ++ _Static_assert (sizeof (struct utmpx) == UTMP_SIZE, "struct utmpx size"); ++ _Static_assert (sizeof (struct lastlog) == LASTLOG_SIZE, ++ "struct lastlog size"); ++ return 0; ++} ++ ++#include <support/test-driver.c> +diff --git a/sysdeps/arc/utmp-size.h b/sysdeps/arc/utmp-size.h +new file mode 100644 +index 0000000000..a247fcd3da +--- /dev/null ++++ b/sysdeps/arc/utmp-size.h +@@ -0,0 +1,3 @@ ++/* arc has less padding than other architectures with 64-bit time_t. */ ++#define UTMP_SIZE 392 ++#define LASTLOG_SIZE 296 +diff --git a/sysdeps/arm/utmp-size.h b/sysdeps/arm/utmp-size.h +new file mode 100644 +index 0000000000..8f21ebe1b6 +--- /dev/null ++++ b/sysdeps/arm/utmp-size.h +@@ -0,0 +1,2 @@ ++#define UTMP_SIZE 384 ++#define LASTLOG_SIZE 292 +diff --git a/sysdeps/csky/utmp-size.h b/sysdeps/csky/utmp-size.h +new file mode 100644 +index 0000000000..8f21ebe1b6 +--- /dev/null ++++ b/sysdeps/csky/utmp-size.h +@@ -0,0 +1,2 @@ ++#define UTMP_SIZE 384 ++#define LASTLOG_SIZE 292 +diff --git a/sysdeps/generic/utmp-size.h b/sysdeps/generic/utmp-size.h +new file mode 100644 +index 0000000000..89dbe878b0 +--- /dev/null ++++ b/sysdeps/generic/utmp-size.h +@@ -0,0 +1,23 @@ ++/* Expected sizes of utmp-related structures stored in files. 64-bit version. ++ Copyright (C) 2024 Free Software Foundation, Inc. ++ This file is part of the GNU C Library. ++ ++ The GNU C Library is free software; you can redistribute it and/or ++ modify it under the terms of the GNU Lesser General Public ++ License as published by the Free Software Foundation; either ++ version 2.1 of the License, or (at your option) any later version. ++ ++ The GNU C Library is distributed in the hope that it will be useful, ++ but WITHOUT ANY WARRANTY; without even the implied warranty of ++ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU ++ Lesser General Public License for more details. ++ ++ You should have received a copy of the GNU Lesser General Public ++ License along with the GNU C Library; if not, see ++ <https://www.gnu.org/licenses/>. */ ++ ++/* Expected size, in bytes, of struct utmp and struct utmpx. */ ++#define UTMP_SIZE 400 ++ ++/* Expected size, in bytes, of struct lastlog. */ ++#define LASTLOG_SIZE 296 +diff --git a/sysdeps/hppa/utmp-size.h b/sysdeps/hppa/utmp-size.h +new file mode 100644 +index 0000000000..8f21ebe1b6 +--- /dev/null ++++ b/sysdeps/hppa/utmp-size.h +@@ -0,0 +1,2 @@ ++#define UTMP_SIZE 384 ++#define LASTLOG_SIZE 292 +diff --git a/sysdeps/m68k/utmp-size.h b/sysdeps/m68k/utmp-size.h +new file mode 100644 +index 0000000000..5946685819 +--- /dev/null ++++ b/sysdeps/m68k/utmp-size.h +@@ -0,0 +1,3 @@ ++/* m68k has 2-byte alignment. */ ++#define UTMP_SIZE 382 ++#define LASTLOG_SIZE 292 +diff --git a/sysdeps/microblaze/utmp-size.h b/sysdeps/microblaze/utmp-size.h +new file mode 100644 +index 0000000000..8f21ebe1b6 +--- /dev/null ++++ b/sysdeps/microblaze/utmp-size.h +@@ -0,0 +1,2 @@ ++#define UTMP_SIZE 384 ++#define LASTLOG_SIZE 292 +diff --git a/sysdeps/mips/utmp-size.h b/sysdeps/mips/utmp-size.h +new file mode 100644 +index 0000000000..8f21ebe1b6 +--- /dev/null ++++ b/sysdeps/mips/utmp-size.h +@@ -0,0 +1,2 @@ ++#define UTMP_SIZE 384 ++#define LASTLOG_SIZE 292 +diff --git a/sysdeps/nios2/utmp-size.h b/sysdeps/nios2/utmp-size.h +new file mode 100644 +index 0000000000..8f21ebe1b6 +--- /dev/null ++++ b/sysdeps/nios2/utmp-size.h +@@ -0,0 +1,2 @@ ++#define UTMP_SIZE 384 ++#define LASTLOG_SIZE 292 +diff --git a/sysdeps/or1k/utmp-size.h b/sysdeps/or1k/utmp-size.h +new file mode 100644 +index 0000000000..6b3653aa4d +--- /dev/null ++++ b/sysdeps/or1k/utmp-size.h +@@ -0,0 +1,3 @@ ++/* or1k has less padding than other architectures with 64-bit time_t. */ ++#define UTMP_SIZE 392 ++#define LASTLOG_SIZE 296 +diff --git a/sysdeps/powerpc/utmp-size.h b/sysdeps/powerpc/utmp-size.h +new file mode 100644 +index 0000000000..8f21ebe1b6 +--- /dev/null ++++ b/sysdeps/powerpc/utmp-size.h +@@ -0,0 +1,2 @@ ++#define UTMP_SIZE 384 ++#define LASTLOG_SIZE 292 +diff --git a/sysdeps/riscv/utmp-size.h b/sysdeps/riscv/utmp-size.h +new file mode 100644 +index 0000000000..8f21ebe1b6 +--- /dev/null ++++ b/sysdeps/riscv/utmp-size.h +@@ -0,0 +1,2 @@ ++#define UTMP_SIZE 384 ++#define LASTLOG_SIZE 292 +diff --git a/sysdeps/sh/utmp-size.h b/sysdeps/sh/utmp-size.h +new file mode 100644 +index 0000000000..8f21ebe1b6 +--- /dev/null ++++ b/sysdeps/sh/utmp-size.h +@@ -0,0 +1,2 @@ ++#define UTMP_SIZE 384 ++#define LASTLOG_SIZE 292 +diff --git a/sysdeps/sparc/utmp-size.h b/sysdeps/sparc/utmp-size.h +new file mode 100644 +index 0000000000..8f21ebe1b6 +--- /dev/null ++++ b/sysdeps/sparc/utmp-size.h +@@ -0,0 +1,2 @@ ++#define UTMP_SIZE 384 ++#define LASTLOG_SIZE 292 +diff --git a/sysdeps/x86/utmp-size.h b/sysdeps/x86/utmp-size.h +new file mode 100644 +index 0000000000..8f21ebe1b6 +--- /dev/null ++++ b/sysdeps/x86/utmp-size.h +@@ -0,0 +1,2 @@ ++#define UTMP_SIZE 384 ++#define LASTLOG_SIZE 292 + +commit 836d43b98973e0845b739ff5d3aad3af09dc7d0f +Author: Florian Weimer <fweimer@redhat.com> +Date: Fri Apr 19 14:38:17 2024 +0200 + + login: structs utmp, utmpx, lastlog _TIME_BITS independence (bug 30701) + + These structs describe file formats under /var/log, and should not + depend on the definition of _TIME_BITS. This is achieved by + defining __WORDSIZE_TIME64_COMPAT32 to 1 on 32-bit ports that + support 32-bit time_t values (where __time_t is 32 bits). + + Reviewed-by: Adhemerval Zanella <adhemerval.zanella@linaro.org> + (cherry picked from commit 9abdae94c7454c45e02e97e4ed1eb1b1915d13d8) + +diff --git a/bits/wordsize.h b/bits/wordsize.h +index 14edae3a11..53013a9275 100644 +--- a/bits/wordsize.h ++++ b/bits/wordsize.h +@@ -21,7 +21,9 @@ + #define __WORDSIZE32_PTRDIFF_LONG + + /* Set to 1 in order to force time types to be 32 bits instead of 64 bits in +- struct lastlog and struct utmp{,x} on 64-bit ports. This may be done in ++ struct lastlog and struct utmp{,x}. This may be done in + order to make 64-bit ports compatible with 32-bit ports. Set to 0 for +- 64-bit ports where the time types are 64-bits or for any 32-bit ports. */ ++ 64-bit ports where the time types are 64-bits and new 32-bit ports ++ where time_t is 64 bits, and there is no companion architecture with ++ 32-bit time_t. */ + #define __WORDSIZE_TIME64_COMPAT32 +diff --git a/login/Makefile b/login/Makefile +index b26ac42bfc..f91190e3dc 100644 +--- a/login/Makefile ++++ b/login/Makefile +@@ -44,7 +44,9 @@ subdir-dirs = programs + vpath %.c programs + + tests := tst-utmp tst-utmpx tst-grantpt tst-ptsname tst-getlogin tst-updwtmpx \ +- tst-pututxline-lockfail tst-pututxline-cache tst-utmp-size ++ tst-pututxline-lockfail tst-pututxline-cache tst-utmp-size tst-utmp-size-64 ++ ++CFLAGS-tst-utmp-size-64.c += -D_FILE_OFFSET_BITS=64 -D_TIME_BITS=64 + + # Empty compatibility library for old binaries. + extra-libs := libutil +diff --git a/login/tst-utmp-size-64.c b/login/tst-utmp-size-64.c +new file mode 100644 +index 0000000000..7a581a4c12 +--- /dev/null ++++ b/login/tst-utmp-size-64.c +@@ -0,0 +1,2 @@ ++/* The on-disk layout must not change in time64 mode. */ ++#include "tst-utmp-size.c" +diff --git a/sysdeps/arm/bits/wordsize.h b/sysdeps/arm/bits/wordsize.h +new file mode 100644 +index 0000000000..6ecbfe7c86 +--- /dev/null ++++ b/sysdeps/arm/bits/wordsize.h +@@ -0,0 +1,21 @@ ++/* Copyright (C) 1999-2024 Free Software Foundation, Inc. ++ This file is part of the GNU C Library. ++ ++ The GNU C Library is free software; you can redistribute it and/or ++ modify it under the terms of the GNU Lesser General Public ++ License as published by the Free Software Foundation; either ++ version 2.1 of the License, or (at your option) any later version. ++ ++ The GNU C Library is distributed in the hope that it will be useful, ++ but WITHOUT ANY WARRANTY; without even the implied warranty of ++ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU ++ Lesser General Public License for more details. ++ ++ You should have received a copy of the GNU Lesser General Public ++ License along with the GNU C Library; if not, see ++ <https://www.gnu.org/licenses/>. */ ++ ++#define __WORDSIZE 32 ++#define __WORDSIZE_TIME64_COMPAT32 1 ++#define __WORDSIZE32_SIZE_ULONG 0 ++#define __WORDSIZE32_PTRDIFF_LONG 0 +diff --git a/sysdeps/csky/bits/wordsize.h b/sysdeps/csky/bits/wordsize.h +new file mode 100644 +index 0000000000..6ecbfe7c86 +--- /dev/null ++++ b/sysdeps/csky/bits/wordsize.h +@@ -0,0 +1,21 @@ ++/* Copyright (C) 1999-2024 Free Software Foundation, Inc. ++ This file is part of the GNU C Library. ++ ++ The GNU C Library is free software; you can redistribute it and/or ++ modify it under the terms of the GNU Lesser General Public ++ License as published by the Free Software Foundation; either ++ version 2.1 of the License, or (at your option) any later version. ++ ++ The GNU C Library is distributed in the hope that it will be useful, ++ but WITHOUT ANY WARRANTY; without even the implied warranty of ++ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU ++ Lesser General Public License for more details. ++ ++ You should have received a copy of the GNU Lesser General Public ++ License along with the GNU C Library; if not, see ++ <https://www.gnu.org/licenses/>. */ ++ ++#define __WORDSIZE 32 ++#define __WORDSIZE_TIME64_COMPAT32 1 ++#define __WORDSIZE32_SIZE_ULONG 0 ++#define __WORDSIZE32_PTRDIFF_LONG 0 +diff --git a/sysdeps/m68k/bits/wordsize.h b/sysdeps/m68k/bits/wordsize.h +new file mode 100644 +index 0000000000..6ecbfe7c86 +--- /dev/null ++++ b/sysdeps/m68k/bits/wordsize.h +@@ -0,0 +1,21 @@ ++/* Copyright (C) 1999-2024 Free Software Foundation, Inc. ++ This file is part of the GNU C Library. ++ ++ The GNU C Library is free software; you can redistribute it and/or ++ modify it under the terms of the GNU Lesser General Public ++ License as published by the Free Software Foundation; either ++ version 2.1 of the License, or (at your option) any later version. ++ ++ The GNU C Library is distributed in the hope that it will be useful, ++ but WITHOUT ANY WARRANTY; without even the implied warranty of ++ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU ++ Lesser General Public License for more details. ++ ++ You should have received a copy of the GNU Lesser General Public ++ License along with the GNU C Library; if not, see ++ <https://www.gnu.org/licenses/>. */ ++ ++#define __WORDSIZE 32 ++#define __WORDSIZE_TIME64_COMPAT32 1 ++#define __WORDSIZE32_SIZE_ULONG 0 ++#define __WORDSIZE32_PTRDIFF_LONG 0 +diff --git a/sysdeps/microblaze/bits/wordsize.h b/sysdeps/microblaze/bits/wordsize.h +new file mode 100644 +index 0000000000..6ecbfe7c86 +--- /dev/null ++++ b/sysdeps/microblaze/bits/wordsize.h +@@ -0,0 +1,21 @@ ++/* Copyright (C) 1999-2024 Free Software Foundation, Inc. ++ This file is part of the GNU C Library. ++ ++ The GNU C Library is free software; you can redistribute it and/or ++ modify it under the terms of the GNU Lesser General Public ++ License as published by the Free Software Foundation; either ++ version 2.1 of the License, or (at your option) any later version. ++ ++ The GNU C Library is distributed in the hope that it will be useful, ++ but WITHOUT ANY WARRANTY; without even the implied warranty of ++ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU ++ Lesser General Public License for more details. ++ ++ You should have received a copy of the GNU Lesser General Public ++ License along with the GNU C Library; if not, see ++ <https://www.gnu.org/licenses/>. */ ++ ++#define __WORDSIZE 32 ++#define __WORDSIZE_TIME64_COMPAT32 1 ++#define __WORDSIZE32_SIZE_ULONG 0 ++#define __WORDSIZE32_PTRDIFF_LONG 0 +diff --git a/sysdeps/mips/bits/wordsize.h b/sysdeps/mips/bits/wordsize.h +index 57f0f2a22f..30dd3fd85d 100644 +--- a/sysdeps/mips/bits/wordsize.h ++++ b/sysdeps/mips/bits/wordsize.h +@@ -19,11 +19,7 @@ + + #define __WORDSIZE _MIPS_SZPTR + +-#if _MIPS_SIM == _ABI64 +-# define __WORDSIZE_TIME64_COMPAT32 1 +-#else +-# define __WORDSIZE_TIME64_COMPAT32 0 +-#endif ++#define __WORDSIZE_TIME64_COMPAT32 1 + + #if __WORDSIZE == 32 + #define __WORDSIZE32_SIZE_ULONG 0 +diff --git a/sysdeps/nios2/bits/wordsize.h b/sysdeps/nios2/bits/wordsize.h +new file mode 100644 +index 0000000000..6ecbfe7c86 +--- /dev/null ++++ b/sysdeps/nios2/bits/wordsize.h +@@ -0,0 +1,21 @@ ++/* Copyright (C) 1999-2024 Free Software Foundation, Inc. ++ This file is part of the GNU C Library. ++ ++ The GNU C Library is free software; you can redistribute it and/or ++ modify it under the terms of the GNU Lesser General Public ++ License as published by the Free Software Foundation; either ++ version 2.1 of the License, or (at your option) any later version. ++ ++ The GNU C Library is distributed in the hope that it will be useful, ++ but WITHOUT ANY WARRANTY; without even the implied warranty of ++ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU ++ Lesser General Public License for more details. ++ ++ You should have received a copy of the GNU Lesser General Public ++ License along with the GNU C Library; if not, see ++ <https://www.gnu.org/licenses/>. */ ++ ++#define __WORDSIZE 32 ++#define __WORDSIZE_TIME64_COMPAT32 1 ++#define __WORDSIZE32_SIZE_ULONG 0 ++#define __WORDSIZE32_PTRDIFF_LONG 0 +diff --git a/sysdeps/powerpc/powerpc32/bits/wordsize.h b/sysdeps/powerpc/powerpc32/bits/wordsize.h +index 04ca9debf0..6993fb6b29 100644 +--- a/sysdeps/powerpc/powerpc32/bits/wordsize.h ++++ b/sysdeps/powerpc/powerpc32/bits/wordsize.h +@@ -2,10 +2,9 @@ + + #if defined __powerpc64__ + # define __WORDSIZE 64 +-# define __WORDSIZE_TIME64_COMPAT32 1 + #else + # define __WORDSIZE 32 +-# define __WORDSIZE_TIME64_COMPAT32 0 + # define __WORDSIZE32_SIZE_ULONG 0 + # define __WORDSIZE32_PTRDIFF_LONG 0 + #endif ++#define __WORDSIZE_TIME64_COMPAT32 1 +diff --git a/sysdeps/powerpc/powerpc64/bits/wordsize.h b/sysdeps/powerpc/powerpc64/bits/wordsize.h +index 04ca9debf0..6993fb6b29 100644 +--- a/sysdeps/powerpc/powerpc64/bits/wordsize.h ++++ b/sysdeps/powerpc/powerpc64/bits/wordsize.h +@@ -2,10 +2,9 @@ + + #if defined __powerpc64__ + # define __WORDSIZE 64 +-# define __WORDSIZE_TIME64_COMPAT32 1 + #else + # define __WORDSIZE 32 +-# define __WORDSIZE_TIME64_COMPAT32 0 + # define __WORDSIZE32_SIZE_ULONG 0 + # define __WORDSIZE32_PTRDIFF_LONG 0 + #endif ++#define __WORDSIZE_TIME64_COMPAT32 1 +diff --git a/sysdeps/sh/bits/wordsize.h b/sysdeps/sh/bits/wordsize.h +new file mode 100644 +index 0000000000..6ecbfe7c86 +--- /dev/null ++++ b/sysdeps/sh/bits/wordsize.h +@@ -0,0 +1,21 @@ ++/* Copyright (C) 1999-2024 Free Software Foundation, Inc. ++ This file is part of the GNU C Library. ++ ++ The GNU C Library is free software; you can redistribute it and/or ++ modify it under the terms of the GNU Lesser General Public ++ License as published by the Free Software Foundation; either ++ version 2.1 of the License, or (at your option) any later version. ++ ++ The GNU C Library is distributed in the hope that it will be useful, ++ but WITHOUT ANY WARRANTY; without even the implied warranty of ++ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU ++ Lesser General Public License for more details. ++ ++ You should have received a copy of the GNU Lesser General Public ++ License along with the GNU C Library; if not, see ++ <https://www.gnu.org/licenses/>. */ ++ ++#define __WORDSIZE 32 ++#define __WORDSIZE_TIME64_COMPAT32 1 ++#define __WORDSIZE32_SIZE_ULONG 0 ++#define __WORDSIZE32_PTRDIFF_LONG 0 +diff --git a/sysdeps/sparc/sparc32/bits/wordsize.h b/sysdeps/sparc/sparc32/bits/wordsize.h +index 4bbd2e63b4..a2e79e0fa9 100644 +--- a/sysdeps/sparc/sparc32/bits/wordsize.h ++++ b/sysdeps/sparc/sparc32/bits/wordsize.h +@@ -1,6 +1,6 @@ + /* Determine the wordsize from the preprocessor defines. */ + + #define __WORDSIZE 32 +-#define __WORDSIZE_TIME64_COMPAT32 0 ++#define __WORDSIZE_TIME64_COMPAT32 1 + #define __WORDSIZE32_SIZE_ULONG 0 + #define __WORDSIZE32_PTRDIFF_LONG 0 +diff --git a/sysdeps/sparc/sparc64/bits/wordsize.h b/sysdeps/sparc/sparc64/bits/wordsize.h +index 2f66f10d72..ea103e5970 100644 +--- a/sysdeps/sparc/sparc64/bits/wordsize.h ++++ b/sysdeps/sparc/sparc64/bits/wordsize.h +@@ -2,10 +2,9 @@ + + #if defined __arch64__ || defined __sparcv9 + # define __WORDSIZE 64 +-# define __WORDSIZE_TIME64_COMPAT32 1 + #else + # define __WORDSIZE 32 +-# define __WORDSIZE_TIME64_COMPAT32 0 + # define __WORDSIZE32_SIZE_ULONG 0 + # define __WORDSIZE32_PTRDIFF_LONG 0 + #endif ++#define __WORDSIZE_TIME64_COMPAT32 1 +diff --git a/sysdeps/unix/sysv/linux/hppa/bits/wordsize.h b/sysdeps/unix/sysv/linux/hppa/bits/wordsize.h +new file mode 100644 +index 0000000000..6ecbfe7c86 +--- /dev/null ++++ b/sysdeps/unix/sysv/linux/hppa/bits/wordsize.h +@@ -0,0 +1,21 @@ ++/* Copyright (C) 1999-2024 Free Software Foundation, Inc. ++ This file is part of the GNU C Library. ++ ++ The GNU C Library is free software; you can redistribute it and/or ++ modify it under the terms of the GNU Lesser General Public ++ License as published by the Free Software Foundation; either ++ version 2.1 of the License, or (at your option) any later version. ++ ++ The GNU C Library is distributed in the hope that it will be useful, ++ but WITHOUT ANY WARRANTY; without even the implied warranty of ++ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU ++ Lesser General Public License for more details. ++ ++ You should have received a copy of the GNU Lesser General Public ++ License along with the GNU C Library; if not, see ++ <https://www.gnu.org/licenses/>. */ ++ ++#define __WORDSIZE 32 ++#define __WORDSIZE_TIME64_COMPAT32 1 ++#define __WORDSIZE32_SIZE_ULONG 0 ++#define __WORDSIZE32_PTRDIFF_LONG 0 +diff --git a/sysdeps/unix/sysv/linux/powerpc/bits/wordsize.h b/sysdeps/unix/sysv/linux/powerpc/bits/wordsize.h +index 04ca9debf0..6993fb6b29 100644 +--- a/sysdeps/unix/sysv/linux/powerpc/bits/wordsize.h ++++ b/sysdeps/unix/sysv/linux/powerpc/bits/wordsize.h +@@ -2,10 +2,9 @@ + + #if defined __powerpc64__ + # define __WORDSIZE 64 +-# define __WORDSIZE_TIME64_COMPAT32 1 + #else + # define __WORDSIZE 32 +-# define __WORDSIZE_TIME64_COMPAT32 0 + # define __WORDSIZE32_SIZE_ULONG 0 + # define __WORDSIZE32_PTRDIFF_LONG 0 + #endif ++#define __WORDSIZE_TIME64_COMPAT32 1 +diff --git a/sysdeps/unix/sysv/linux/sparc/bits/wordsize.h b/sysdeps/unix/sysv/linux/sparc/bits/wordsize.h +index 7562875ee2..ea103e5970 100644 +--- a/sysdeps/unix/sysv/linux/sparc/bits/wordsize.h ++++ b/sysdeps/unix/sysv/linux/sparc/bits/wordsize.h +@@ -2,10 +2,9 @@ + + #if defined __arch64__ || defined __sparcv9 + # define __WORDSIZE 64 +-# define __WORDSIZE_TIME64_COMPAT32 1 + #else + # define __WORDSIZE 32 + # define __WORDSIZE32_SIZE_ULONG 0 + # define __WORDSIZE32_PTRDIFF_LONG 0 +-# define __WORDSIZE_TIME64_COMPAT32 0 + #endif ++#define __WORDSIZE_TIME64_COMPAT32 1 +diff --git a/sysdeps/x86/bits/wordsize.h b/sysdeps/x86/bits/wordsize.h +index 70f652bca1..3f40aa76f9 100644 +--- a/sysdeps/x86/bits/wordsize.h ++++ b/sysdeps/x86/bits/wordsize.h +@@ -8,10 +8,9 @@ + #define __WORDSIZE32_PTRDIFF_LONG 0 + #endif + ++#define __WORDSIZE_TIME64_COMPAT32 1 ++ + #ifdef __x86_64__ +-# define __WORDSIZE_TIME64_COMPAT32 1 + /* Both x86-64 and x32 use the 64-bit system call interface. */ + # define __SYSCALL_WORDSIZE 64 +-#else +-# define __WORDSIZE_TIME64_COMPAT32 0 + #endif + +commit acc56074b0a5127631a64640aef1b7c5c103ebd8 +Author: Florian Weimer <fweimer@redhat.com> +Date: Thu May 2 17:06:19 2024 +0200 + + nscd: Use time_t for return type of addgetnetgrentX + + Using int may give false results for future dates (timeouts after the + year 2028). + + Fixes commit 04a21e050d64a1193a6daab872bca2528bda44b ("CVE-2024-33601, + CVE-2024-33602: nscd: netgroup: Use two buffers in addgetnetgrentX + (bug 31680)"). + + Reviewed-by: Carlos O'Donell <carlos@redhat.com> + (cherry picked from commit 4bbca1a44691a6e9adcee5c6798a707b626bc331) + +diff --git a/nscd/netgroupcache.c b/nscd/netgroupcache.c +index e8fe041846..01d554af9c 100644 +--- a/nscd/netgroupcache.c ++++ b/nscd/netgroupcache.c +@@ -680,8 +680,8 @@ readdinnetgr (struct database_dyn *db, struct hashentry *he, + .key_len = he->len + }; + +- int timeout = addinnetgrX (db, -1, &req, db->data + he->key, he->owner, +- he, dh); ++ time_t timeout = addinnetgrX (db, -1, &req, db->data + he->key, he->owner, ++ he, dh); + if (timeout < 0) + timeout = 0; + return timeout; + +commit 273a835fe7c685cc54266bb8b502787bad5e9bae +Author: Carlos O'Donell <carlos@redhat.com> +Date: Tue Apr 23 13:30:37 2024 -0400 + + time: Allow later version licensing. + + The FSF's Licensing and Compliance Lab noted a discrepancy in the + licensing of several files in the glibc package. + + When timespect_get.c was impelemented the license did not include + the standard ", or (at your option) any later version." text. + + Change the license in timespec_get.c and all copied files to match + the expected license. + + This change was previously approved in principle by the FSF in + RT ticket #1316403. And a similar instance was fixed in + commit 46703efa02f6ddebce5ee54c92f7c32598de0de6. + + (cherry picked from commit 91695ee4598b39d181ab8df579b888a8863c4cab) + +diff --git a/sysdeps/unix/sysv/linux/timespec_get.c b/sysdeps/unix/sysv/linux/timespec_get.c +index c6e5e66289..778d1e3354 100644 +--- a/sysdeps/unix/sysv/linux/timespec_get.c ++++ b/sysdeps/unix/sysv/linux/timespec_get.c +@@ -5,7 +5,7 @@ + The GNU C Library is free software; you can redistribute it and/or + modify it under the terms of the GNU Lesser General Public + License as published by the Free Software Foundation; either +- version 2.1 of the License. ++ version 2.1 of the License, or (at your option) any later version. + + The GNU C Library is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of +diff --git a/sysdeps/unix/sysv/linux/timespec_getres.c b/sysdeps/unix/sysv/linux/timespec_getres.c +index 5acebe2a2c..2eef9e512c 100644 +--- a/sysdeps/unix/sysv/linux/timespec_getres.c ++++ b/sysdeps/unix/sysv/linux/timespec_getres.c +@@ -5,7 +5,7 @@ + The GNU C Library is free software; you can redistribute it and/or + modify it under the terms of the GNU Lesser General Public + License as published by the Free Software Foundation; either +- version 2.1 of the License. ++ version 2.1 of the License, or (at your option) any later version. + + The GNU C Library is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of +diff --git a/time/timespec_get.c b/time/timespec_get.c +index b031e42ca2..26a044bca6 100644 +--- a/time/timespec_get.c ++++ b/time/timespec_get.c +@@ -4,7 +4,7 @@ + The GNU C Library is free software; you can redistribute it and/or + modify it under the terms of the GNU Lesser General Public + License as published by the Free Software Foundation; either +- version 2.1 of the License. ++ version 2.1 of the License, or (at your option) any later version. + + The GNU C Library is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of +diff --git a/time/timespec_getres.c b/time/timespec_getres.c +index edb397507c..2e18b8bcac 100644 +--- a/time/timespec_getres.c ++++ b/time/timespec_getres.c +@@ -5,7 +5,7 @@ + The GNU C Library is free software; you can redistribute it and/or + modify it under the terms of the GNU Lesser General Public + License as published by the Free Software Foundation; either +- version 2.1 of the License. ++ version 2.1 of the License, or (at your option) any later version. + + The GNU C Library is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + +commit 3148714ab61ad61281bae5a30f530d637034ac3b +Author: Gabi Falk <gabifalk@gmx.com> +Date: Tue Apr 30 20:05:02 2024 +0000 + + i586: Fix multiple definitions of __memcpy_chk and __mempcpy_chk + + /home/bmg/install/compilers/x86_64-linux-gnu/lib/gcc/x86_64-glibc-linux-gnu/13.2.1/../../../../x86_64-glibc-linux-gnu/bin/ld: /home/bmg/build/glibcs/i586-linux-gnu/glibc/libc.a(memcpy_chk.o): in function `__memcpy_chk': + /home/bmg/src/glibc/debug/../sysdeps/i386/memcpy_chk.S:29: multiple definition of `__memcpy_chk';/home/bmg/build/glibcs/i586-linux-gnu/glibc/libc.a(memcpy.o):/home/bmg/src/glibc/string/../sysdeps/i386/i586/memcpy.S:31: first defined here /home/bmg/install/compilers/x86_64-linux-gnu/lib/gcc/x86_64-glibc-linux-gnu/13.2.1/../../../../x86_64-glibc-linux-gnu/bin/ld: /home/bmg/build/glibcs/i586-linux-gnu/glibc/libc.a(mempcpy_chk.o): in function `__mempcpy_chk': /home/bmg/src/glibc/debug/../sysdeps/i386/mempcpy_chk.S:28: multiple definition of `__mempcpy_chk'; /home/bmg/build/glibcs/i586-linux-gnu/glibc/libc.a(mempcpy.o):/home/bmg/src/glibc/string/../sysdeps/i386/i586/memcpy.S:31: first defined here + + After this change, the static library built for i586, regardless of PIC + options, contains implementations of these functions respectively from + sysdeps/i386/memcpy_chk.S and sysdeps/i386/mempcpy_chk.S. This ensures + that memcpy and mempcpy won't pull in __chk_fail and the routines it + calls. + + Reported-by: Florian Weimer <fweimer@redhat.com> + Signed-off-by: Gabi Falk <gabifalk@gmx.com> + Reviewed-by: H.J. Lu <hjl.tools@gmail.com> + Reviewed-by: Dmitry V. Levin <ldv@altlinux.org> + (cherry picked from commit 789894a2f554d4503ecb2f13b2b4e93e43414f33) + +diff --git a/sysdeps/i386/i586/memcpy.S b/sysdeps/i386/i586/memcpy.S +index 3e26f112d6..79856d498a 100644 +--- a/sysdeps/i386/i586/memcpy.S ++++ b/sysdeps/i386/i586/memcpy.S +@@ -26,7 +26,7 @@ + #define LEN SRC+4 + + .text +-#if defined PIC && IS_IN (libc) ++#if defined SHARED && IS_IN (libc) + ENTRY (__memcpy_chk) + movl 12(%esp), %eax + cmpl %eax, 16(%esp) + +commit ad92c483a4bd34db1cfb3eb625212ea64848244f +Author: Gabi Falk <gabifalk@gmx.com> +Date: Tue Apr 30 20:05:03 2024 +0000 + + i686: Fix multiple definitions of __memmove_chk and __memset_chk + + Commit c73c96a4a1af1326df7f96eec58209e1e04066d8 updated memcpy.S and + mempcpy.S, but omitted memmove.S and memset.S. As a result, the static + library built as PIC, whether with or without multiarch support, + contains two definitions for each of the __memmove_chk and __memset_chk + symbols. + + /usr/lib/gcc/i686-pc-linux-gnu/14/../../../../i686-pc-linux-gnu/bin/ld: /usr/lib/gcc/i686-pc-linux-gnu/14/../../../../lib/libc.a(memset-ia32.o): in function `__memset_chk': + /var/tmp/portage/sys-libs/glibc-2.39-r3/work/glibc-2.39/string/../sysdeps/i386/i686/memset.S:32: multiple definition of `__memset_chk'; /usr/lib/gcc/i686-pc-linux-gnu/14/../../../../lib/libc.a(memset_chk.o):/var/tmp/portage/sys-libs/glibc-2.39-r3/work/glibc-2.39/debug/../sysdeps/i386/i686/multiarch/memset_chk.c:24: first defined here + + After this change, regardless of PIC options, the static library, built + for i686 with multiarch contains implementations of these functions + respectively from debug/memmove_chk.c and debug/memset_chk.c, and + without multiarch contains implementations of these functions + respectively from sysdeps/i386/memmove_chk.S and + sysdeps/i386/memset_chk.S. This ensures that memmove and memset won't + pull in __chk_fail and the routines it calls. + + Reported-by: Sam James <sam@gentoo.org> + Tested-by: Sam James <sam@gentoo.org> + Fixes: c73c96a4a1 ("i686: Fix build with --disable-multiarch") + Signed-off-by: Gabi Falk <gabifalk@gmx.com> + Reviewed-by: H.J. Lu <hjl.tools@gmail.com> + Reviewed-by: Dmitry V. Levin <ldv@altlinux.org> + (cherry picked from commit 5a2cf833f5772d6c37c7adac388dd9af9cc1c4b9) + +diff --git a/sysdeps/i386/i686/memmove.S b/sysdeps/i386/i686/memmove.S +index f230359ad6..effd958120 100644 +--- a/sysdeps/i386/i686/memmove.S ++++ b/sysdeps/i386/i686/memmove.S +@@ -29,7 +29,7 @@ + #define SRC DEST+4 + #define LEN SRC+4 + +-#if defined PIC && IS_IN (libc) ++#if defined SHARED && IS_IN (libc) + ENTRY_CHK (__memmove_chk) + movl 12(%esp), %eax + cmpl %eax, 16(%esp) +diff --git a/sysdeps/i386/i686/memset.S b/sysdeps/i386/i686/memset.S +index f02f5a6df7..ab06771ea0 100644 +--- a/sysdeps/i386/i686/memset.S ++++ b/sysdeps/i386/i686/memset.S +@@ -27,7 +27,7 @@ + #define LEN CHR+4 + + .text +-#if defined PIC && IS_IN (libc) ++#if defined SHARED && IS_IN (libc) + ENTRY_CHK (__memset_chk) + movl 12(%esp), %eax + cmpl %eax, 16(%esp) + +commit ff110b2591f0bdeccd121c3726af19c62d6fb184 +Author: Gabi Falk <gabifalk@gmx.com> +Date: Tue Apr 30 20:05:04 2024 +0000 + + Add a test to check for duplicate definitions in the static library + + This change follows two previous fixes addressing multiple definitions + of __memcpy_chk and __mempcpy_chk functions on i586, and __memmove_chk + and __memset_chk functions on i686. The test is intended to prevent + such issues from occurring in the future. + + Signed-off-by: Gabi Falk <gabifalk@gmx.com> + Reviewed-by: H.J. Lu <hjl.tools@gmail.com> + Reviewed-by: Dmitry V. Levin <ldv@altlinux.org> + (cherry picked from commit ded2e0753e9c46debeb2e0d26c5e560d2581d314) + +diff --git a/Makefile b/Makefile +index 7052b46df8..2e351c0321 100644 +--- a/Makefile ++++ b/Makefile +@@ -577,6 +577,13 @@ $(objpfx)lint-makefiles.out: scripts/lint-makefiles.sh + $(SHELL) $< "$(PYTHON)" `pwd` > $@ ; \ + $(evaluate-test) + ++# Link libc.a as a whole to verify that it does not contain multiple ++# definitions of any symbols. ++tests-special += $(objpfx)link-static-libc.out ++$(objpfx)link-static-libc.out: ++ $(LINK.o) $(whole-archive) -r $(objpfx)libc.a -o /dev/null > $@ 2>&1; \ ++ $(evaluate-test) ++ + # Print test summary for tests in $1 .sum file; + # $2 is optional test identifier. + # Fail if there are unexpected failures in the test results. + +commit fa616ea3730cb42046d19f28d611be0bc390af7c +Author: Sam James <sam@gentoo.org> +Date: Sat May 4 13:28:13 2024 +0100 + + Revert "Add a test to check for duplicate definitions in the static library" + + This reverts commit ff110b2591f0bdeccd121c3726af19c62d6fb184. + + I had the wrong cherry-pick reference (the commit content is right; it's + just referring to a base that isn't upstream), but let's revert and reapply + for clarity. + + Signed-off-by: Sam James <sam@gentoo.org> + +diff --git a/Makefile b/Makefile +index 2e351c0321..7052b46df8 100644 +--- a/Makefile ++++ b/Makefile +@@ -577,13 +577,6 @@ $(objpfx)lint-makefiles.out: scripts/lint-makefiles.sh + $(SHELL) $< "$(PYTHON)" `pwd` > $@ ; \ + $(evaluate-test) + +-# Link libc.a as a whole to verify that it does not contain multiple +-# definitions of any symbols. +-tests-special += $(objpfx)link-static-libc.out +-$(objpfx)link-static-libc.out: +- $(LINK.o) $(whole-archive) -r $(objpfx)libc.a -o /dev/null > $@ 2>&1; \ +- $(evaluate-test) +- + # Print test summary for tests in $1 .sum file; + # $2 is optional test identifier. + # Fail if there are unexpected failures in the test results. + +commit c16871e662cd0f3370173d916864b19e69f1bc9a +Author: Sam James <sam@gentoo.org> +Date: Sat May 4 13:28:51 2024 +0100 + + Revert "i686: Fix multiple definitions of __memmove_chk and __memset_chk" + + This reverts commit ad92c483a4bd34db1cfb3eb625212ea64848244f. + + I had the wrong cherry-pick reference (the commit content is right; it's + just referring to a base that isn't upstream), but let's revert and reapply + for clarity. + + Signed-off-by: Sam James <sam@gentoo.org> + +diff --git a/sysdeps/i386/i686/memmove.S b/sysdeps/i386/i686/memmove.S +index effd958120..f230359ad6 100644 +--- a/sysdeps/i386/i686/memmove.S ++++ b/sysdeps/i386/i686/memmove.S +@@ -29,7 +29,7 @@ + #define SRC DEST+4 + #define LEN SRC+4 + +-#if defined SHARED && IS_IN (libc) ++#if defined PIC && IS_IN (libc) + ENTRY_CHK (__memmove_chk) + movl 12(%esp), %eax + cmpl %eax, 16(%esp) +diff --git a/sysdeps/i386/i686/memset.S b/sysdeps/i386/i686/memset.S +index ab06771ea0..f02f5a6df7 100644 +--- a/sysdeps/i386/i686/memset.S ++++ b/sysdeps/i386/i686/memset.S +@@ -27,7 +27,7 @@ + #define LEN CHR+4 + + .text +-#if defined SHARED && IS_IN (libc) ++#if defined PIC && IS_IN (libc) + ENTRY_CHK (__memset_chk) + movl 12(%esp), %eax + cmpl %eax, 16(%esp) + +commit 5141d4d83c17406f0eaea3e345ef2b52e10f386e +Author: Sam James <sam@gentoo.org> +Date: Sat May 4 13:28:54 2024 +0100 + + Revert "i586: Fix multiple definitions of __memcpy_chk and __mempcpy_chk" + + This reverts commit 3148714ab61ad61281bae5a30f530d637034ac3b. + + I had the wrong cherry-pick reference (the commit content is right; it's + just referring to a base that isn't upstream), but let's revert and reapply + for clarity. + + Signed-off-by: Sam James <sam@gentoo.org> + +diff --git a/sysdeps/i386/i586/memcpy.S b/sysdeps/i386/i586/memcpy.S +index 79856d498a..3e26f112d6 100644 +--- a/sysdeps/i386/i586/memcpy.S ++++ b/sysdeps/i386/i586/memcpy.S +@@ -26,7 +26,7 @@ + #define LEN SRC+4 + + .text +-#if defined SHARED && IS_IN (libc) ++#if defined PIC && IS_IN (libc) + ENTRY (__memcpy_chk) + movl 12(%esp), %eax + cmpl %eax, 16(%esp) + +commit 8323a83abd73446dc434aceff66219712c09140b +Author: Gabi Falk <gabifalk@gmx.com> +Date: Tue Apr 30 20:05:02 2024 +0000 + + i586: Fix multiple definitions of __memcpy_chk and __mempcpy_chk + + /home/bmg/install/compilers/x86_64-linux-gnu/lib/gcc/x86_64-glibc-linux-gnu/13.2.1/../../../../x86_64-glibc-linux-gnu/bin/ld: /home/bmg/build/glibcs/i586-linux-gnu/glibc/libc.a(memcpy_chk.o): in function `__memcpy_chk': + /home/bmg/src/glibc/debug/../sysdeps/i386/memcpy_chk.S:29: multiple definition of `__memcpy_chk';/home/bmg/build/glibcs/i586-linux-gnu/glibc/libc.a(memcpy.o):/home/bmg/src/glibc/string/../sysdeps/i386/i586/memcpy.S:31: first defined here /home/bmg/install/compilers/x86_64-linux-gnu/lib/gcc/x86_64-glibc-linux-gnu/13.2.1/../../../../x86_64-glibc-linux-gnu/bin/ld: /home/bmg/build/glibcs/i586-linux-gnu/glibc/libc.a(mempcpy_chk.o): in function `__mempcpy_chk': /home/bmg/src/glibc/debug/../sysdeps/i386/mempcpy_chk.S:28: multiple definition of `__mempcpy_chk'; /home/bmg/build/glibcs/i586-linux-gnu/glibc/libc.a(mempcpy.o):/home/bmg/src/glibc/string/../sysdeps/i386/i586/memcpy.S:31: first defined here + + After this change, the static library built for i586, regardless of PIC + options, contains implementations of these functions respectively from + sysdeps/i386/memcpy_chk.S and sysdeps/i386/mempcpy_chk.S. This ensures + that memcpy and mempcpy won't pull in __chk_fail and the routines it + calls. + + Reported-by: Florian Weimer <fweimer@redhat.com> + Signed-off-by: Gabi Falk <gabifalk@gmx.com> + Reviewed-by: H.J. Lu <hjl.tools@gmail.com> + Reviewed-by: Dmitry V. Levin <ldv@altlinux.org> + (cherry picked from commit 0fdf4ba48ccce5abf567340b0ab8fa8ed8a9bc6e) + +diff --git a/sysdeps/i386/i586/memcpy.S b/sysdeps/i386/i586/memcpy.S +index 3e26f112d6..79856d498a 100644 +--- a/sysdeps/i386/i586/memcpy.S ++++ b/sysdeps/i386/i586/memcpy.S +@@ -26,7 +26,7 @@ + #define LEN SRC+4 + + .text +-#if defined PIC && IS_IN (libc) ++#if defined SHARED && IS_IN (libc) + ENTRY (__memcpy_chk) + movl 12(%esp), %eax + cmpl %eax, 16(%esp) + +commit 8b005d7869debac4d5cd67f65e49a0fad89da9ad +Author: Gabi Falk <gabifalk@gmx.com> +Date: Tue Apr 30 20:05:03 2024 +0000 + + i686: Fix multiple definitions of __memmove_chk and __memset_chk + + Commit c73c96a4a1af1326df7f96eec58209e1e04066d8 updated memcpy.S and + mempcpy.S, but omitted memmove.S and memset.S. As a result, the static + library built as PIC, whether with or without multiarch support, + contains two definitions for each of the __memmove_chk and __memset_chk + symbols. + + /usr/lib/gcc/i686-pc-linux-gnu/14/../../../../i686-pc-linux-gnu/bin/ld: /usr/lib/gcc/i686-pc-linux-gnu/14/../../../../lib/libc.a(memset-ia32.o): in function `__memset_chk': + /var/tmp/portage/sys-libs/glibc-2.39-r3/work/glibc-2.39/string/../sysdeps/i386/i686/memset.S:32: multiple definition of `__memset_chk'; /usr/lib/gcc/i686-pc-linux-gnu/14/../../../../lib/libc.a(memset_chk.o):/var/tmp/portage/sys-libs/glibc-2.39-r3/work/glibc-2.39/debug/../sysdeps/i386/i686/multiarch/memset_chk.c:24: first defined here + + After this change, regardless of PIC options, the static library, built + for i686 with multiarch contains implementations of these functions + respectively from debug/memmove_chk.c and debug/memset_chk.c, and + without multiarch contains implementations of these functions + respectively from sysdeps/i386/memmove_chk.S and + sysdeps/i386/memset_chk.S. This ensures that memmove and memset won't + pull in __chk_fail and the routines it calls. + + Reported-by: Sam James <sam@gentoo.org> + Tested-by: Sam James <sam@gentoo.org> + Fixes: c73c96a4a1 ("i686: Fix build with --disable-multiarch") + Signed-off-by: Gabi Falk <gabifalk@gmx.com> + Reviewed-by: H.J. Lu <hjl.tools@gmail.com> + Reviewed-by: Dmitry V. Levin <ldv@altlinux.org> + (cherry picked from commit 5a2cf833f5772d6c37c7adac388dd9af9cc1c4b9) + +diff --git a/sysdeps/i386/i686/memmove.S b/sysdeps/i386/i686/memmove.S +index f230359ad6..effd958120 100644 +--- a/sysdeps/i386/i686/memmove.S ++++ b/sysdeps/i386/i686/memmove.S +@@ -29,7 +29,7 @@ + #define SRC DEST+4 + #define LEN SRC+4 + +-#if defined PIC && IS_IN (libc) ++#if defined SHARED && IS_IN (libc) + ENTRY_CHK (__memmove_chk) + movl 12(%esp), %eax + cmpl %eax, 16(%esp) +diff --git a/sysdeps/i386/i686/memset.S b/sysdeps/i386/i686/memset.S +index f02f5a6df7..ab06771ea0 100644 +--- a/sysdeps/i386/i686/memset.S ++++ b/sysdeps/i386/i686/memset.S +@@ -27,7 +27,7 @@ + #define LEN CHR+4 + + .text +-#if defined PIC && IS_IN (libc) ++#if defined SHARED && IS_IN (libc) + ENTRY_CHK (__memset_chk) + movl 12(%esp), %eax + cmpl %eax, 16(%esp) + +commit f8e462342189525e4605cf233b8f798d1c7f398d +Author: Gabi Falk <gabifalk@gmx.com> +Date: Tue Apr 30 20:05:04 2024 +0000 + + Add a test to check for duplicate definitions in the static library + + This change follows two previous fixes addressing multiple definitions + of __memcpy_chk and __mempcpy_chk functions on i586, and __memmove_chk + and __memset_chk functions on i686. The test is intended to prevent + such issues from occurring in the future. + + Signed-off-by: Gabi Falk <gabifalk@gmx.com> + Reviewed-by: H.J. Lu <hjl.tools@gmail.com> + Reviewed-by: Dmitry V. Levin <ldv@altlinux.org> + (cherry picked from commit ded2e0753e9c46debeb2e0d26c5e560d2581d314) + +diff --git a/Makefile b/Makefile +index 7052b46df8..2e351c0321 100644 +--- a/Makefile ++++ b/Makefile +@@ -577,6 +577,13 @@ $(objpfx)lint-makefiles.out: scripts/lint-makefiles.sh + $(SHELL) $< "$(PYTHON)" `pwd` > $@ ; \ + $(evaluate-test) + ++# Link libc.a as a whole to verify that it does not contain multiple ++# definitions of any symbols. ++tests-special += $(objpfx)link-static-libc.out ++$(objpfx)link-static-libc.out: ++ $(LINK.o) $(whole-archive) -r $(objpfx)libc.a -o /dev/null > $@ 2>&1; \ ++ $(evaluate-test) ++ + # Print test summary for tests in $1 .sum file; + # $2 is optional test identifier. + # Fail if there are unexpected failures in the test results. diff --git a/pkgs/development/libraries/glibc/common.nix b/pkgs/development/libraries/glibc/common.nix index 7418abaa1ba5c..1dde7c44bd47d 100644 --- a/pkgs/development/libraries/glibc/common.nix +++ b/pkgs/development/libraries/glibc/common.nix @@ -44,7 +44,7 @@ let version = "2.39"; - patchSuffix = "-31"; + patchSuffix = "-52"; sha256 = "sha256-93vUfPgXDFc2Wue/hmlsEYrbOxINMlnGTFAtPcHi2SY="; in @@ -60,7 +60,7 @@ stdenv.mkDerivation ({ [ /* No tarballs for stable upstream branch, only https://sourceware.org/git/glibc.git and using git would complicate bootstrapping. $ git fetch --all -p && git checkout origin/release/2.39/master && git describe - glibc-2.39-31-g31da30f23c + glibc-2.39-52-gf8e4623421 $ git show --minimal --reverse glibc-2.39.. ':!ADVISORIES' > 2.39-master.patch To compare the archive contents zdiff can be used. diff --git a/pkgs/development/libraries/gnu-config/default.nix b/pkgs/development/libraries/gnu-config/default.nix index 0315f39c60592..9fa5247cb489b 100644 --- a/pkgs/development/libraries/gnu-config/default.nix +++ b/pkgs/development/libraries/gnu-config/default.nix @@ -6,22 +6,22 @@ # files. let - rev = "28ea239c53a2d5d8800c472bc2452eaa16e37af2"; + rev = "948ae97ca5703224bd3eada06b7a69f40dd15a02"; # Don't use fetchgit as this is needed during Aarch64 bootstrapping configGuess = fetchurl { name = "config.guess-${builtins.substring 0 7 rev}"; url = "https://git.savannah.gnu.org/cgit/config.git/plain/config.guess?id=${rev}"; - hash = "sha256-7CV3YUJSMm+InfHel7mkV8A6mpSBEEhWPCEaRElti6M="; + hash = "sha256-ZByuPAx0xJNU0+3gCfP+vYD+vhUBp3wdn6yNQsxFtss="; }; configSub = fetchurl { name = "config.sub-${builtins.substring 0 7 rev}"; url = "https://git.savannah.gnu.org/cgit/config.git/plain/config.sub?id=${rev}"; - hash = "sha256-Rlxf5nx9NrcugIgScWRF1NONS5RzTKjTaoY50SMjh4s="; + hash = "sha256-/jovMvuv9XhIcyVJ9I2YP9ZSYCTsLw9ancdcL0NZo6Y="; }; in stdenv.mkDerivation { pname = "gnu-config"; - version = "2023-09-19"; + version = "2024-01-01"; unpackPhase = '' runHook preUnpack diff --git a/pkgs/development/libraries/gnutls/default.nix b/pkgs/development/libraries/gnutls/default.nix index 13bdb921ef71d..b527c0d3c3331 100644 --- a/pkgs/development/libraries/gnutls/default.nix +++ b/pkgs/development/libraries/gnutls/default.nix @@ -85,6 +85,16 @@ stdenv.mkDerivation rec { revert = true; hash = "sha256-r/+Gmwqy0Yc1LHL/PdPLXlErUBC5JxquLzCBAN3LuRM="; }) + # Makes the system-wide configuration for RSAES-PKCS1-v1_5 actually apply + # and makes it enabled by default when the config file is missing + # Without this an error 113 is thrown when using some RSA certificates + # see https://gitlab.com/gnutls/gnutls/-/issues/1540 + # "This is pretty sever[e], since it breaks on letsencrypt-issued RSA keys." (comment from above issue) + (fetchpatch2 { + name = "fix-rsaes-pkcs1-v1_5-system-wide-configuration.patch"; + url = "https://gitlab.com/gnutls/gnutls/-/commit/2d73d945c4b1dfcf8d2328c4d23187d62ffaab2d.diff"; + hash = "sha256-2aWcLff9jzJnY+XSqCIaK/zdwSLwkNlfDeMlWyRShN8="; + }) ]; # Skip some tests: diff --git a/pkgs/development/libraries/libaom/default.nix b/pkgs/development/libraries/libaom/default.nix index 474b1664fbe9d..16a9e872aae8f 100644 --- a/pkgs/development/libraries/libaom/default.nix +++ b/pkgs/development/libraries/libaom/default.nix @@ -47,9 +47,6 @@ stdenv.mkDerivation rec { "-DENABLE_TESTS=OFF" ] ++ lib.optionals enableVmaf [ "-DCONFIG_TUNE_VMAF=1" - ] ++ lib.optionals (stdenv.isDarwin && stdenv.isAarch64) [ - # CPU detection isn't supported on Darwin and breaks the aarch64-darwin build: - "-DCONFIG_RUNTIME_CPU_DETECT=0" ] ++ lib.optionals (isCross && !stdenv.hostPlatform.isx86) [ "-DCMAKE_ASM_COMPILER=${stdenv.cc.targetPrefix}as" ] ++ lib.optionals stdenv.isAarch32 [ diff --git a/pkgs/development/libraries/libdrm/default.nix b/pkgs/development/libraries/libdrm/default.nix index 8d8a932f4994e..8791203881468 100644 --- a/pkgs/development/libraries/libdrm/default.nix +++ b/pkgs/development/libraries/libdrm/default.nix @@ -1,5 +1,6 @@ { stdenv, lib, fetchurl, pkg-config, meson, ninja, docutils -, libpthreadstubs, libpciaccess +, libpthreadstubs +, withIntel ? lib.meta.availableOn stdenv.hostPlatform libpciaccess, libpciaccess , withValgrind ? lib.meta.availableOn stdenv.hostPlatform valgrind-light, valgrind-light , gitUpdater }: @@ -16,12 +17,14 @@ stdenv.mkDerivation rec { outputs = [ "out" "dev" "bin" ]; nativeBuildInputs = [ pkg-config meson ninja docutils ]; - buildInputs = [ libpthreadstubs libpciaccess ] + buildInputs = [ libpthreadstubs ] + ++ lib.optional withIntel libpciaccess ++ lib.optional withValgrind valgrind-light; mesonFlags = [ "-Dinstall-test-programs=true" "-Dcairo-tests=disabled" + (lib.mesonEnable "intel" withIntel) (lib.mesonEnable "omap" stdenv.hostPlatform.isLinux) (lib.mesonEnable "valgrind" withValgrind) ] ++ lib.optionals stdenv.hostPlatform.isAarch [ diff --git a/pkgs/development/libraries/libgudev/default.nix b/pkgs/development/libraries/libgudev/default.nix index 99ca086792fb0..0da42d832f056 100644 --- a/pkgs/development/libraries/libgudev/default.nix +++ b/pkgs/development/libraries/libgudev/default.nix @@ -6,11 +6,13 @@ , ninja , udev , glib +, glibcLocales +, umockdev , gnome , vala , gobject-introspection -, glibcLocales -, umockdev +, buildPackages +, withIntrospection ? lib.meta.availableOn stdenv.hostPlatform gobject-introspection && stdenv.hostPlatform.emulatorAvailable buildPackages }: stdenv.mkDerivation (finalAttrs: { @@ -42,9 +44,10 @@ stdenv.mkDerivation (finalAttrs: { pkg-config meson ninja - vala glib # for glib-mkenums needed during the build + ] ++ lib.optionals withIntrospection [ gobject-introspection + vala ]; buildInputs = [ @@ -57,8 +60,12 @@ stdenv.mkDerivation (finalAttrs: { umockdev ]; - doCheck = true; - mesonFlags = lib.optional (!finalAttrs.finalPackage.doCheck) "-Dtests=disabled"; + doCheck = withIntrospection; + mesonFlags = [ + (lib.mesonEnable "introspection" withIntrospection) + (lib.mesonEnable "vapi" withIntrospection) + (lib.mesonEnable "tests" finalAttrs.finalPackage.doCheck) + ]; passthru = { updateScript = gnome.updateScript { diff --git a/pkgs/development/libraries/libjpeg-turbo/0001-Compile-transupp.c-as-part-of-the-library.patch b/pkgs/development/libraries/libjpeg-turbo/0001-Compile-transupp.c-as-part-of-the-library.patch index 7753150180642..552914a51cd5b 100644 --- a/pkgs/development/libraries/libjpeg-turbo/0001-Compile-transupp.c-as-part-of-the-library.patch +++ b/pkgs/development/libraries/libjpeg-turbo/0001-Compile-transupp.c-as-part-of-the-library.patch @@ -26,7 +26,7 @@ index adb0ca45..46fc16dd 100644 ${CMAKE_CURRENT_SOURCE_DIR}/jerror.h ${CMAKE_CURRENT_SOURCE_DIR}/jmorecfg.h - ${CMAKE_CURRENT_SOURCE_DIR}/jpeglib.h + ${CMAKE_CURRENT_SOURCE_DIR}/jpeglib.h ${CMAKE_CURRENT_SOURCE_DIR}/transupp.h - DESTINATION ${CMAKE_INSTALL_INCLUDEDIR}) + DESTINATION ${CMAKE_INSTALL_INCLUDEDIR} COMPONENT include) include(cmakescripts/BuildPackages.cmake) -- diff --git a/pkgs/development/libraries/libjpeg-turbo/default.nix b/pkgs/development/libraries/libjpeg-turbo/default.nix index a34a60b11bf15..2a32bbfd7c467 100644 --- a/pkgs/development/libraries/libjpeg-turbo/default.nix +++ b/pkgs/development/libraries/libjpeg-turbo/default.nix @@ -1,7 +1,6 @@ { lib , stdenv , fetchFromGitHub -, fetchpatch , cmake , nasm , openjdk @@ -33,22 +32,16 @@ assert !(enableJpeg7 && enableJpeg8); # pick only one or none, not both stdenv.mkDerivation (finalAttrs: { pname = "libjpeg-turbo"; - version = "3.0.2"; + version = "3.0.3"; src = fetchFromGitHub { owner = "libjpeg-turbo"; repo = "libjpeg-turbo"; rev = finalAttrs.version; - hash = "sha256-xHjd0WHN50b75wdWPHUwfmJGsiWKmj+zA59UwakIo74="; + hash = "sha256-w2wJaVf4sjJ9pPPqc9R4TE6Q6Yl0U6+fI5KLpQKwEXI="; }; patches = [ - (fetchpatch { - name = "CMAKE_CROSSCOMPILING_EMULATOR=env-fix.patch"; - url = "https://github.com/libjpeg-turbo/libjpeg-turbo/compare/36c51dd3eb60ebde3ca77d3cfa7df3422f1aaaf1..b6ee1016abbc55116304ad396cf88aa19391e10a.patch"; - hash = "sha256-dNwXicvZEsG02TBaM5nYMlZ+VczT/Dfx6ZM/6huZpwE="; - }) - # This is needed by freeimage ./0001-Compile-transupp.c-as-part-of-the-library.patch ] ++ lib.optionals (!stdenv.hostPlatform.isMinGW) [ diff --git a/pkgs/development/libraries/libmbim/default.nix b/pkgs/development/libraries/libmbim/default.nix index 8ceb1b3b03bf3..ee4acc094e668 100644 --- a/pkgs/development/libraries/libmbim/default.nix +++ b/pkgs/development/libraries/libmbim/default.nix @@ -7,7 +7,6 @@ , glib , python3 , help2man -, systemd , bash-completion , bash , buildPackages @@ -52,7 +51,6 @@ stdenv.mkDerivation rec { buildInputs = [ glib - systemd bash-completion bash ]; diff --git a/pkgs/development/libraries/libndp/default.nix b/pkgs/development/libraries/libndp/default.nix index b04b22da12369..436045da89fb2 100644 --- a/pkgs/development/libraries/libndp/default.nix +++ b/pkgs/development/libraries/libndp/default.nix @@ -11,6 +11,10 @@ stdenv.mkDerivation rec { nativeBuildInputs = [ autoreconfHook ]; + configureFlags = lib.optionals (stdenv.hostPlatform != stdenv.buildPlatform) [ + "ac_cv_func_malloc_0_nonnull=yes" + ]; + meta = with lib; { homepage = "http://libndp.org/"; description = "Library for Neighbor Discovery Protocol"; diff --git a/pkgs/development/libraries/libxml2/default.nix b/pkgs/development/libraries/libxml2/default.nix index 1cca2d9222dbb..d2e614b331a1a 100644 --- a/pkgs/development/libraries/libxml2/default.nix +++ b/pkgs/development/libraries/libxml2/default.nix @@ -25,7 +25,7 @@ stdenv.mkDerivation (finalAttrs: rec { pname = "libxml2"; - version = "2.12.6"; + version = "2.12.7"; outputs = [ "bin" "dev" "out" "doc" ] ++ lib.optional pythonSupport "py" @@ -34,7 +34,7 @@ stdenv.mkDerivation (finalAttrs: rec { src = fetchurl { url = "mirror://gnome/sources/libxml2/${lib.versions.majorMinor version}/libxml2-${version}.tar.xz"; - hash = "sha256-iJxZOogaPbX92WzJMYyH3zTrZI7fxFgnKtRv1gc1P7s="; + hash = "sha256-JK54/xNjqXPm2L66lBp5RdoqwFbhm1OVautpJ/1s+1Y="; }; strictDeps = true; diff --git a/pkgs/development/libraries/mesa/default.nix b/pkgs/development/libraries/mesa/default.nix index d27707d91e889..c6c00279d59f5 100644 --- a/pkgs/development/libraries/mesa/default.nix +++ b/pkgs/development/libraries/mesa/default.nix @@ -111,8 +111,8 @@ # nix build .#mesa .#pkgsi686Linux.mesa .#pkgsCross.aarch64-multiplatform.mesa .#pkgsMusl.mesa let - version = "24.0.6"; - hash = "sha256-i3qS2+ZGjBjyODcAE1tf6d6DbN8MyP19uuPHEQI31gQ="; + version = "24.0.7"; + hash = "sha256-dFRCXx7UpvG1sQfhZyswyIsi6g7+oACuLH2W25P2wmo="; # Release calendar: https://www.mesa3d.org/release-calendar.html # Release frequency: https://www.mesa3d.org/releasing.html#schedule diff --git a/pkgs/development/libraries/pipewire/default.nix b/pkgs/development/libraries/pipewire/default.nix index 48f2dec6b89bc..f489705f5bacb 100644 --- a/pkgs/development/libraries/pipewire/default.nix +++ b/pkgs/development/libraries/pipewire/default.nix @@ -4,7 +4,6 @@ , python3 , meson , ninja -, eudev , systemd , enableSystemd ? true , pkg-config @@ -76,7 +75,7 @@ assert ldacbtSupport -> bluezSupport; stdenv.mkDerivation(finalAttrs: { pname = "pipewire"; - version = "1.0.5"; + version = "1.0.6"; outputs = [ "out" @@ -92,7 +91,7 @@ stdenv.mkDerivation(finalAttrs: { owner = "pipewire"; repo = "pipewire"; rev = finalAttrs.version; - sha256 = "sha256-lgrwN83eywMKdsm0ig9QATDt3U5RboJ4kyILE+ts9Ts="; + sha256 = "sha256-JrKSsYCMNRHHh92Sn/03Bq2gPaXNYTqmwaLXkE0axdA="; }; patches = [ @@ -125,8 +124,7 @@ stdenv.mkDerivation(finalAttrs: { lilv ncurses readline - udev - ] ++ (if enableSystemd then [ systemd ] else [ eudev ]) + ] ++ (if enableSystemd then [ systemd ] else [ udev ]) ++ (if lib.meta.availableOn stdenv.hostPlatform webrtc-audio-processing_1 then [ webrtc-audio-processing_1 ] else [ webrtc-audio-processing ]) ++ lib.optionals gstreamerSupport [ gst_all_1.gst-plugins-base gst_all_1.gstreamer ] ++ lib.optionals libcameraSupport [ libcamera ] @@ -159,6 +157,7 @@ stdenv.mkDerivation(finalAttrs: { (lib.mesonEnable "libpulse" pulseTunnelSupport) (lib.mesonEnable "avahi" zeroconfSupport) (lib.mesonEnable "gstreamer" gstreamerSupport) + (lib.mesonEnable "systemd" enableSystemd) (lib.mesonEnable "systemd-system-service" enableSystemd) (lib.mesonEnable "udev" (!enableSystemd)) (lib.mesonEnable "ffmpeg" ffmpegSupport) diff --git a/pkgs/development/libraries/polkit/0001-build-Use-datarootdir-in-Meson-generated-pkg-config-.patch b/pkgs/development/libraries/polkit/0001-build-Use-datarootdir-in-Meson-generated-pkg-config-.patch new file mode 100644 index 0000000000000..4e38660217fef --- /dev/null +++ b/pkgs/development/libraries/polkit/0001-build-Use-datarootdir-in-Meson-generated-pkg-config-.patch @@ -0,0 +1,53 @@ +From 7ba07551dfcd4ef9a87b8f0d9eb8b91fabcb41b3 Mon Sep 17 00:00:00 2001 +From: Jan Tojnar <jtojnar@gmail.com> +Date: Mon, 1 Nov 2021 14:17:17 +0100 +Subject: [PATCH] build: Use datarootdir in Meson-generated pkg-config files +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +With datadir outside of prefix (currently unsupported by Meson[1] +but a frequent occurrence in Nixpkgs), the `datadir` entry, +in the `polkit-gobject-1` pkg-config file will be an absolute path. +This will prevent changing the base directory of `policydir` +with `--define-variable=prefix=…`, which many projects use +to install policy files to their own prefix. + +Previously, this worked without changes on Nixpkgs’s part because +the pkg-config template used by Autotools contained `@datarootdir@`, +which resolves to `$(prefix)/share`[2], taking no heed of the changed datadir. + +Similar issue can happen when a distribution package redefines datadir +like Debian does/did.[3] + +This patch changes Meson-based build system to use `$(prefix)/share` +in the generated pkg-config files, mirroring Autotools. + +--- + +1. Likely to change in the future: https://github.com/mesonbuild/meson/issues/2561#issuecomment-939253717 +2. https://www.gnu.org/prep/standards/html_node/Directory-Variables.html +3. https://blogs.gnome.org/hughsie/2014/06/16/datarootdir-v-s-datadir/ +--- + src/polkit/meson.build | 5 ++--- + 1 file changed, 2 insertions(+), 3 deletions(-) + +diff --git a/src/polkit/meson.build b/src/polkit/meson.build +index 63dc1e85..c92cb70f 100644 +--- a/src/polkit/meson.build ++++ b/src/polkit/meson.build +@@ -113,9 +113,8 @@ pkg.generate( + requires: common_deps, + variables: [ + 'exec_prefix=${prefix}', +- 'datadir=' + ('${prefix}' / pk_datadir), +- 'policydir=' + ('${datadir}' / pk_actiondir), +- 'actiondir=' + ('${datadir}' / pk_actiondir), ++ 'policydir=' + ('${prefix}' / 'share' / pk_actiondir), ++ 'actiondir=' + ('${prefix}' / 'share' / pk_actiondir), + 'pkcheck_supports_uid=true', + ], + ) +-- +GitLab + diff --git a/pkgs/development/libraries/polkit/default.nix b/pkgs/development/libraries/polkit/default.nix index dabba056b4876..69b2233a8559b 100644 --- a/pkgs/development/libraries/polkit/default.nix +++ b/pkgs/development/libraries/polkit/default.nix @@ -1,6 +1,6 @@ { lib , stdenv -, fetchFromGitLab +, fetchFromGitHub , pkg-config , glib , expat @@ -10,7 +10,6 @@ , ninja , perl , python3 -, fetchpatch , gettext , duktape , gobject-introspection @@ -38,26 +37,22 @@ let in stdenv.mkDerivation rec { pname = "polkit"; - version = "123"; + version = "124"; outputs = [ "bin" "dev" "out" ]; # small man pages in $bin # Tarballs do not contain subprojects. - src = fetchFromGitLab { - domain = "gitlab.freedesktop.org"; - owner = "polkit"; + src = fetchFromGitHub { + owner = "polkit-org"; repo = "polkit"; rev = version; - hash = "sha256-/kjWkh6w2FYgtYWzw3g3GlWJKKpkJ3cqwfE0iDqJctw="; + hash = "sha256-Vc9G2xK6U1cX+xW2BnKp3oS/ACbSXS/lztbFP5oJOlM="; }; patches = [ # Allow changing base for paths in pkg-config file as before. # https://gitlab.freedesktop.org/polkit/polkit/-/merge_requests/100 - (fetchpatch { - url = "https://gitlab.freedesktop.org/polkit/polkit/-/commit/7ba07551dfcd4ef9a87b8f0d9eb8b91fabcb41b3.patch"; - sha256 = "ebbLILncq1hAZTBMsLm+vDGw6j0iQ0crGyhzyLZQgKA="; - }) + ./0001-build-Use-datarootdir-in-Meson-generated-pkg-config-.patch ]; depsBuildBuild = [ @@ -108,10 +103,14 @@ stdenv.mkDerivation rec { ])) ]; + env = { + PKG_CONFIG_SYSTEMD_SYSTEMDSYSTEMUNITDIR = "${placeholder "out"}/lib/systemd/system"; + PKG_CONFIG_SYSTEMD_SYSUSERS_DIR = "${placeholder "out"}/lib/sysusers.d"; + }; + mesonFlags = [ "--datadir=${system}/share" "--sysconfdir=/etc" - "-Dsystemdsystemunitdir=${placeholder "out"}/lib/systemd/system" "-Dpolkitd_user=polkituser" #TODO? <nixos> config.ids.uids.polkituser "-Dos_type=redhat" # only affects PAM includes "-Dintrospection=${lib.boolToString withIntrospection}" @@ -175,7 +174,7 @@ stdenv.mkDerivation rec { ''; meta = with lib; { - homepage = "https://gitlab.freedesktop.org/polkit/polkit/"; + homepage = "https://github.com/polkit-org/polkit"; description = "A toolkit for defining and handling the policy that allows unprivileged processes to speak to privileged processes"; license = licenses.lgpl2Plus; platforms = platforms.linux; diff --git a/pkgs/development/libraries/spirv-headers/default.nix b/pkgs/development/libraries/spirv-headers/default.nix index 655233362e150..31efd76209a38 100644 --- a/pkgs/development/libraries/spirv-headers/default.nix +++ b/pkgs/development/libraries/spirv-headers/default.nix @@ -2,13 +2,13 @@ stdenv.mkDerivation rec { pname = "spirv-headers"; - version = "1.3.280.0"; + version = "1.3.283.0"; src = fetchFromGitHub { owner = "KhronosGroup"; repo = "SPIRV-Headers"; rev = "vulkan-sdk-${version}"; - hash = "sha256-kyOAwe4R0FmeA9IIJF2eoZR+7g9LiGKaZ7FuIfkrXJ4="; + hash = "sha256-CAmDDqeMVKNdV/91VQYAKyCc+e+H99PRYZzt5WjswBI="; }; nativeBuildInputs = [ cmake ]; diff --git a/pkgs/development/libraries/tpm2-tss/default.nix b/pkgs/development/libraries/tpm2-tss/default.nix index 3fa8800abfa54..354ab06d26b23 100644 --- a/pkgs/development/libraries/tpm2-tss/default.nix +++ b/pkgs/development/libraries/tpm2-tss/default.nix @@ -15,13 +15,13 @@ in stdenv.mkDerivation rec { pname = "tpm2-tss"; - version = "4.1.0"; + version = "4.1.1"; src = fetchFromGitHub { owner = "tpm2-software"; repo = pname; rev = version; - hash = "sha256-cQdIPQNZzy5CisWw5yifPXC7FqaZxj4VKWpvtPOffE8="; + hash = "sha256-paqTQ7DQI0Nd8q0qUPRa2UZ/oE5nrVEq5KUiG8hRXuQ="; }; outputs = [ "out" "man" "dev" ]; diff --git a/pkgs/development/libraries/tracker/default.nix b/pkgs/development/libraries/tracker/default.nix index 67400eaee929b..da5274e0b7dfe 100644 --- a/pkgs/development/libraries/tracker/default.nix +++ b/pkgs/development/libraries/tracker/default.nix @@ -34,13 +34,13 @@ stdenv.mkDerivation (finalAttrs: { pname = "tracker"; - version = "3.7.2"; + version = "3.7.3"; outputs = [ "out" "dev" "devdoc" ]; src = fetchurl { url = with finalAttrs; "mirror://gnome/sources/${pname}/${lib.versions.majorMinor version}/${pname}-${version}.tar.xz"; - hash = "sha256-3ryqKR5Gr63Bz2olHxfvsCRAqki/9kPXjGESOAfc4A8="; + hash = "sha256-qz1KUJN+BMXteEb227mZ4pCYGUAvOJylku5rd90o0fk="; }; strictDeps = true; diff --git a/pkgs/development/libraries/vulkan-headers/default.nix b/pkgs/development/libraries/vulkan-headers/default.nix index 5793905a75a14..cd9dbec032087 100644 --- a/pkgs/development/libraries/vulkan-headers/default.nix +++ b/pkgs/development/libraries/vulkan-headers/default.nix @@ -1,7 +1,7 @@ { lib, stdenv, fetchFromGitHub, cmake }: stdenv.mkDerivation rec { pname = "vulkan-headers"; - version = "1.3.280.0"; + version = "1.3.283.0"; nativeBuildInputs = [ cmake ]; @@ -9,7 +9,7 @@ stdenv.mkDerivation rec { owner = "KhronosGroup"; repo = "Vulkan-Headers"; rev = "vulkan-sdk-${version}"; - hash = "sha256-EnKiCtH6rh3ACQgokSSfp4FPFluMZW0dheP8IEzZtY4="; + hash = "sha256-DpbTYlEJPtyf/m9QEI8fdAm1Hw8MpFd+iCd7WB2gp/M="; }; passthru.updateScript = ./update.sh; diff --git a/pkgs/development/libraries/vulkan-loader/default.nix b/pkgs/development/libraries/vulkan-loader/default.nix index f36a01e1a67ff..023bba6ee8e87 100644 --- a/pkgs/development/libraries/vulkan-loader/default.nix +++ b/pkgs/development/libraries/vulkan-loader/default.nix @@ -4,13 +4,13 @@ stdenv.mkDerivation (finalAttrs: { pname = "vulkan-loader"; - version = "1.3.280.0"; + version = "1.3.283.0"; src = fetchFromGitHub { owner = "KhronosGroup"; repo = "Vulkan-Loader"; rev = "vulkan-sdk-${finalAttrs.version}"; - hash = "sha256-zkJSPshRaZRDiBvLJbJo8l1MX10KXYZniqtNTNnokT4="; + hash = "sha256-pe4WYbfB20yRI5Pg+RxgmQcmdXsSoRxbBkQ3DdAL8r4="; }; patches = [ ./fix-pkgconfig.patch ]; diff --git a/pkgs/development/libraries/vulkan-utility-libraries/default.nix b/pkgs/development/libraries/vulkan-utility-libraries/default.nix index c2c49671b0781..81793528e84de 100644 --- a/pkgs/development/libraries/vulkan-utility-libraries/default.nix +++ b/pkgs/development/libraries/vulkan-utility-libraries/default.nix @@ -2,13 +2,13 @@ stdenv.mkDerivation (finalAttrs: { pname = "vulkan-utility-libraries"; - version = "1.3.280.0"; + version = "1.3.283.0"; src = fetchFromGitHub { owner = "KhronosGroup"; repo = "Vulkan-Utility-Libraries"; rev = "vulkan-sdk-${finalAttrs.version}"; - hash = "sha256-mCD9/bpWUXRVJ+OyOqG0tXTgFuptIlcG6UR/RiNV1Z0="; + hash = "sha256-oQC//4RHJjSncQtHPVsYnpLYtXfxSSJdbUBf8clevDI="; }; nativeBuildInputs = [ cmake python3 ]; diff --git a/pkgs/development/libraries/zlib/default.nix b/pkgs/development/libraries/zlib/default.nix index 687fb3598444e..23795b6aab40d 100644 --- a/pkgs/development/libraries/zlib/default.nix +++ b/pkgs/development/libraries/zlib/default.nix @@ -101,9 +101,16 @@ stdenv.mkDerivation (finalAttrs: { ln -s zlib1.dll $out/bin/libz.dll ''; - # As zlib takes part in the stdenv building, we don't want references - # to the bootstrap-tools libgcc (as uses to happen on arm/mips) - env.NIX_CFLAGS_COMPILE = lib.optionalString (!stdenv.hostPlatform.isDarwin) "-static-libgcc"; + env = lib.optionalAttrs (!stdenv.hostPlatform.isDarwin) { + # As zlib takes part in the stdenv building, we don't want references + # to the bootstrap-tools libgcc (as uses to happen on arm/mips) + NIX_CFLAGS_COMPILE = "-static-libgcc"; + } // lib.optionalAttrs (stdenv.hostPlatform.linker == "lld") { + # lld 16 enables --no-undefined-version by defualt + # This makes configure think it can't build dynamic libraries + # this may be removed when a version is packaged with https://github.com/madler/zlib/issues/960 fixed + NIX_LDFLAGS = "--undefined-version"; + }; # We don't strip on static cross-compilation because of reports that native # stripping corrupted the target library; see commit 12e960f5 for the report. diff --git a/pkgs/development/perl-modules/Po4a/default.nix b/pkgs/development/perl-modules/Po4a/default.nix index 38569204f5a80..042d9a3a7d7f6 100644 --- a/pkgs/development/perl-modules/Po4a/default.nix +++ b/pkgs/development/perl-modules/Po4a/default.nix @@ -1,44 +1,87 @@ -{ stdenv, lib, fetchurl, docbook_xsl, docbook_xsl_ns, gettext, libxslt, glibcLocales, docbook_xml_dtd_412, docbook_sgml_dtd_41, opensp, bash -, perl, buildPerlPackage, ModuleBuild, TextWrapI18N, LocaleGettext, TermReadKey, SGMLSpm, UnicodeLineBreak, PodParser, YAMLTiny -, fetchpatch, writeShellScriptBin +{ stdenv +, lib +, fetchurl +, docbook_xsl +, docbook_xsl_ns +, gettext +, libxslt +, glibcLocales +, docbook_xml_dtd_45 +, docbook_sgml_dtd_41 +, opensp +, bash +, perl +, buildPerlPackage +, ModuleBuild +, TextWrapI18N +, LocaleGettext +, SGMLSpm +, UnicodeLineBreak +, PodParser +, YAMLTiny +, SyntaxKeywordTry +, writeShellScriptBin }: buildPerlPackage rec { pname = "po4a"; - version = "0.62"; + version = "0.71"; + src = fetchurl { url = "https://github.com/mquinson/po4a/releases/download/v${version}/po4a-${version}.tar.gz"; - sha256 = "0eb510a66f59de68cf7a205342036cc9fc08b39334b91f1456421a5f3359e68b"; + hash = "sha256-xXJAHknMEXV8bTBgkW/ftagzJR7R1K65ibZnBLzyg/k="; }; - patches = [ - (fetchpatch { - # make devdoc output reproducible - # https://github.com/mquinson/po4a/pull/387 - url = "https://github.com/mquinson/po4a/commit/df7433b58f6570558d44b6aac885c2a8f7862e51.patch"; - sha256 = "9MVkYiItR2P3PBCUc4OhEOUHQuLqTWUYtYlZ3L8miC8="; - }) - ]; strictDeps = true; + nativeBuildInputs = # the tests for the tex-format use kpsewhich -- texlive's file finding utility. # We don't want to depend on texlive here, so we replace it with a minimal # shellscript that suffices for the tests in t/fmt/tex/, i.e. it looks up # article.cls to an existing file, but doesn't find article-wrong.cls. - let kpsewhich-stub = writeShellScriptBin "kpsewhich" - ''[[ $1 = "article.cls" ]] && echo /dev/null''; + let + kpsewhich-stub = writeShellScriptBin "kpsewhich" + ''[[ $1 = "article.cls" ]] && echo /dev/null''; in - [ gettext libxslt docbook_xsl docbook_xsl_ns ModuleBuild docbook_xml_dtd_412 docbook_sgml_dtd_41 opensp kpsewhich-stub glibcLocales ]; - propagatedBuildInputs = lib.optional (!stdenv.hostPlatform.isMusl) TextWrapI18N ++ [ LocaleGettext SGMLSpm UnicodeLineBreak PodParser YAMLTiny ]; + [ + gettext + libxslt + docbook_xsl + docbook_xsl_ns + ModuleBuild + docbook_xml_dtd_45 + docbook_sgml_dtd_41 + opensp + kpsewhich-stub + glibcLocales + ]; + # TODO: TermReadKey was temporarily removed from propagatedBuildInputs to unfreeze the build + propagatedBuildInputs = lib.optionals (!stdenv.hostPlatform.isMusl) [ + TextWrapI18N + ] ++ [ + LocaleGettext + SGMLSpm + UnicodeLineBreak + PodParser + YAMLTiny + SyntaxKeywordTry + ]; + buildInputs = [ bash ]; + LC_ALL = "en_US.UTF-8"; - SGML_CATALOG_FILES = "${docbook_xml_dtd_412}/xml/dtd/docbook/catalog.xml"; + SGML_CATALOG_FILES = "${docbook_xml_dtd_45}/xml/dtd/docbook/catalog.xml"; + preConfigure = '' touch Makefile.PL export PERL_MB_OPT="--install_base=$out --prefix=$out" ''; - buildPhase = "perl Build.PL --install_base=$out --install_path=\"lib=$out/${perl.libPrefix}\"; ./Build build"; + + buildPhase = '' + perl Build.PL --install_base=$out --install_path="lib=$out/${perl.libPrefix}" + ./Build build + ''; # Disabling tests on musl # Void linux package have investigated the failure and tracked it down to differences in gettext behavior. They decided to disable tests. @@ -53,15 +96,17 @@ buildPerlPackage rec { export SGML_CATALOG_FILES=${docbook_sgml_dtd_41}/sgml/dtd/docbook-4.1/docbook.cat ./Build test ''; + installPhase = '' ./Build install for f in $out/bin/*; do substituteInPlace $f --replace "#! /usr/bin/env perl" "#!${perl}/bin/perl" done ''; + meta = { description = "Tools for helping translation of documentation"; homepage = "https://po4a.org"; - license = with lib.licenses; [ gpl2Only ]; + license = with lib.licenses; [ gpl2Plus ]; }; } diff --git a/pkgs/development/python-modules/dbus-python/default.nix b/pkgs/development/python-modules/dbus-python/default.nix index 4e6f67f0a8ec9..22025ce6d7cb7 100644 --- a/pkgs/development/python-modules/dbus-python/default.nix +++ b/pkgs/development/python-modules/dbus-python/default.nix @@ -15,7 +15,7 @@ , dbus-glib }: -buildPythonPackage rec { +lib.fix (finalPackage: buildPythonPackage rec { pname = "dbus-python"; version = "1.3.2"; pyproject = true; @@ -52,6 +52,7 @@ buildPythonPackage rec { ''; nativeBuildInputs = [ + dbus # build systems checks for `dbus-run-session` in PATH meson meson-python pkg-config @@ -67,6 +68,10 @@ buildPythonPackage rec { "-Cbuild-dir=_meson-build" ]; + mesonFlags = [ + (lib.mesonBool "tests" finalPackage.doInstallCheck) + ]; + # workaround bug in meson-python # https://github.com/mesonbuild/meson-python/issues/240 postInstall = '' @@ -98,4 +103,4 @@ buildPythonPackage rec { platforms = dbus.meta.platforms; maintainers = with maintainers; [ ]; }; -} +}) diff --git a/pkgs/development/python-modules/gssapi/default.nix b/pkgs/development/python-modules/gssapi/default.nix index 8ca5f8ebc6f7c..90d8b4810d431 100644 --- a/pkgs/development/python-modules/gssapi/default.nix +++ b/pkgs/development/python-modules/gssapi/default.nix @@ -3,22 +3,29 @@ , buildPythonPackage , pythonOlder , fetchFromGitHub -, six -, decorator -, nose + +# build-system +, cython , krb5 +, setuptools + +# dependencies +, decorator + +# native dependencies , GSS + +# tests , parameterized -, shouldbe -, cython -, python , k5test +, pytestCheckHook }: buildPythonPackage rec { pname = "gssapi"; version = "1.8.3"; - format = "setuptools"; + pyproject = true; + disabled = pythonOlder "3.6"; src = fetchFromGitHub { @@ -28,7 +35,6 @@ buildPythonPackage rec { hash = "sha256-H1JfdvxJvX5dmC9aTqIOkjAqFEL44KoUXEhoYj2uRY8="; }; - # It's used to locate headers postPatch = '' substituteInPlace setup.py \ --replace 'get_output(f"{kc} gssapi --prefix")' '"${lib.getDev krb5}"' @@ -38,14 +44,14 @@ buildPythonPackage rec { GSSAPI_SUPPORT_DETECT = "false"; }; - nativeBuildInputs = [ + build-system = [ cython krb5 + setuptools ]; - propagatedBuildInputs = [ + dependencies = [ decorator - six ]; buildInputs = lib.optionals stdenv.isDarwin [ @@ -54,26 +60,19 @@ buildPythonPackage rec { nativeCheckInputs = [ k5test - nose parameterized - shouldbe - six + pytestCheckHook ]; - doCheck = pythonOlder "3.8" # `shouldbe` not available - && !stdenv.isDarwin; # many failures on darwin - - # skip tests which fail possibly due to be an upstream issue (see - # https://github.com/pythongssapi/python-gssapi/issues/220) - checkPhase = '' - # some tests don't respond to being disabled through nosetests -x - echo $'\ndel CredsTestCase.test_add_with_impersonate' >> gssapi/tests/test_high_level.py - echo $'\ndel TestBaseUtilities.test_acquire_creds_impersonate_name' >> gssapi/tests/test_raw.py - echo $'\ndel TestBaseUtilities.test_add_cred_impersonate_name' >> gssapi/tests/test_raw.py + preCheck = '' + mv gssapi/tests $TMPDIR/ + pushd $TMPDIR + ''; - export PYTHONPATH="$out/${python.sitePackages}:$PYTHONPATH" - nosetests -e 'ext_test_\d.*' + postCheck = '' + popd ''; + pythonImportsCheck = [ "gssapi" ]; meta = with lib; { diff --git a/pkgs/development/python-modules/ipython/default.nix b/pkgs/development/python-modules/ipython/default.nix index 577b78804907f..d9d7fda28c99a 100644 --- a/pkgs/development/python-modules/ipython/default.nix +++ b/pkgs/development/python-modules/ipython/default.nix @@ -41,13 +41,13 @@ buildPythonPackage rec { pname = "ipython"; - version = "8.23.0"; + version = "8.24.0"; pyproject = true; disabled = pythonOlder "3.10"; src = fetchPypi { inherit pname version; - hash = "sha256-dGjtr09t4+G5EuV/ZsJB5v08cJny7CE24jnhQugAJ00="; + hash = "sha256-AQ2z+KcopXi7ZB/dBsBjufuOlqlGTGOuxjEPvLXoBQE="; }; build-system = [ diff --git a/pkgs/development/python-modules/python-jose/default.nix b/pkgs/development/python-modules/python-jose/default.nix index 9739e5bf7f65e..82600b4d3e59e 100644 --- a/pkgs/development/python-modules/python-jose/default.nix +++ b/pkgs/development/python-modules/python-jose/default.nix @@ -1,6 +1,7 @@ { lib , buildPythonPackage , fetchFromGitHub +, fetchpatch # build-system , setuptools @@ -31,6 +32,19 @@ buildPythonPackage rec { hash = "sha256-6VGC6M5oyGCOiXcYp6mpyhL+JlcYZKIqOQU9Sm/TkKM="; }; + patches = [ + (fetchpatch { + name = "CVE-2024-33663.patch"; + url = "https://build.opensuse.org/public/source/openSUSE:Factory/python-python-jose/CVE-2024-33663.patch?rev=36cd8815411620042f56a3b81599b341"; + hash = "sha256-uxOCa7Lg82zY2nuHzw6CbcymCKUodITrFU3lLY1XMFU="; + }) + (fetchpatch { + name = "CVE-2024-33664.patch"; + url = "https://build.opensuse.org/public/source/openSUSE:Factory/python-python-jose/CVE-2024-33664.patch?rev=36cd8815411620042f56a3b81599b341"; + hash = "sha256-wx/U1T7t7TloP+dMXxGxEVB3bMC7e6epmN8RE8FKksM="; + }) + ]; + postPatch = '' substituteInPlace setup.py \ --replace '"pytest-runner",' "" diff --git a/pkgs/development/python-modules/shouldbe/default.nix b/pkgs/development/python-modules/shouldbe/default.nix deleted file mode 100644 index 0c03d6d58d420..0000000000000 --- a/pkgs/development/python-modules/shouldbe/default.nix +++ /dev/null @@ -1,30 +0,0 @@ -{ lib -, buildPythonPackage -, pythonAtLeast -, fetchPypi -, nose -, forbiddenfruit -}: - -buildPythonPackage rec { - version = "0.1.2"; - format = "setuptools"; - pname = "shouldbe"; - # incompatible, https://github.com/DirectXMan12/should_be/issues/4 - disabled = pythonAtLeast "3.8"; - - src = fetchPypi { - inherit pname version; - sha256 = "16zbvjxf71dl4yfbgcr6idyim3mdrfvix1dv8b95p0s9z07372pj"; - }; - - nativeCheckInputs = [ nose ]; - propagatedBuildInputs = [ forbiddenfruit ]; - - meta = with lib; { - description = "Python Assertion Helpers inspired by Shouldly"; - homepage = "https://pypi.python.org/pypi/shouldbe/"; - license = licenses.mit; - }; - -} diff --git a/pkgs/development/python-modules/tqdm/default.nix b/pkgs/development/python-modules/tqdm/default.nix index 4f3ff0f1545c2..85fd2091d69b9 100644 --- a/pkgs/development/python-modules/tqdm/default.nix +++ b/pkgs/development/python-modules/tqdm/default.nix @@ -1,8 +1,6 @@ { lib -, stdenv , buildPythonPackage , fetchPypi -, pythonOlder , setuptools , setuptools-scm , wheel @@ -17,12 +15,12 @@ buildPythonPackage rec { pname = "tqdm"; - version = "4.66.2"; + version = "4.66.4"; format = "pyproject"; src = fetchPypi { inherit pname version; - hash = "sha256-bNUs3w/vDg9UMpnPyW/skNe4p+iHRfQR7DPrRNXtNTE="; + hash = "sha256-5Nk2yd6HJ5KPO+YHlZDpfZq/6NOaWQvmeOtZGf/Bhrs="; }; nativeBuildInputs = [ @@ -31,9 +29,6 @@ buildPythonPackage rec { wheel ]; - # https://github.com/tqdm/tqdm/issues/1537 - doCheck = pythonOlder "3.12"; - nativeCheckInputs = [ pytestCheckHook pytest-asyncio diff --git a/pkgs/development/python-modules/werkzeug/default.nix b/pkgs/development/python-modules/werkzeug/default.nix index 80ed4c53539a9..66dca4c90bcb4 100644 --- a/pkgs/development/python-modules/werkzeug/default.nix +++ b/pkgs/development/python-modules/werkzeug/default.nix @@ -28,14 +28,14 @@ buildPythonPackage rec { pname = "werkzeug"; - version = "3.0.2"; + version = "3.0.3"; format = "pyproject"; disabled = pythonOlder "3.8"; src = fetchPypi { inherit pname version; - hash = "sha256-45tkWmrJKCJYjns5ppLngockzq4LDXAu+WcB+Q5wEo0="; + hash = "sha256-CX5b/anwq6jaa4VFFG3vSB0Gqn0yZudEjizM9n3YvRg="; }; nativeBuildInputs = [ @@ -63,6 +63,8 @@ buildPythonPackage rec { greenlet ] ++ lib.flatten (builtins.attrValues passthru.optional-dependencies); + pythonImportsCheck = [ "werkzeug" ]; + disabledTests = lib.optionals stdenv.isDarwin [ "test_get_machine_id" ]; @@ -82,8 +84,8 @@ buildPythonPackage rec { inherit moto sentry-sdk; }; - meta = with lib; { - changelog = "https://werkzeug.palletsprojects.com/en/${versions.majorMinor version}.x/changes/#version-${replaceStrings [ "." ] [ "-" ] version}"; + meta = { + changelog = "https://werkzeug.palletsprojects.com/en/${lib.versions.majorMinor version}.x/changes/#version-${lib.replaceStrings [ "." ] [ "-" ] version}"; homepage = "https://palletsprojects.com/p/werkzeug/"; description = "The comprehensive WSGI web application library"; longDescription = '' @@ -92,7 +94,7 @@ buildPythonPackage rec { applications and has become one of the most advanced WSGI utility libraries. ''; - license = licenses.bsd3; - maintainers = with maintainers; [ ]; + license = lib.licenses.bsd3; + maintainers = [ ]; }; } diff --git a/pkgs/development/tools/spirv-tools/default.nix b/pkgs/development/tools/spirv-tools/default.nix index dcf124e151afa..0cd2a13d5e97d 100644 --- a/pkgs/development/tools/spirv-tools/default.nix +++ b/pkgs/development/tools/spirv-tools/default.nix @@ -2,13 +2,13 @@ stdenv.mkDerivation rec { pname = "spirv-tools"; - version = "1.3.280.0"; + version = "1.3.283.0"; src = fetchFromGitHub { owner = "KhronosGroup"; repo = "SPIRV-Tools"; rev = "vulkan-sdk-${version}"; - hash = "sha256-WnlFr9M7OI4unCIxfmSkvcLqZFKhW4Qkbb4+xp8lSOo="; + hash = "sha256-at3krE0torhjg7G+NkX0/ewc26Sg/1t2xW7wghAAuZo="; }; # The cmake options are sufficient for turning on static building, but not diff --git a/pkgs/development/tools/vulkan-validation-layers/default.nix b/pkgs/development/tools/vulkan-validation-layers/default.nix index c40a6bbb6e78f..78552a7f2c685 100644 --- a/pkgs/development/tools/vulkan-validation-layers/default.nix +++ b/pkgs/development/tools/vulkan-validation-layers/default.nix @@ -23,13 +23,13 @@ let in stdenv.mkDerivation rec { pname = "vulkan-validation-layers"; - version = "1.3.280.0"; + version = "1.3.283.0"; src = fetchFromGitHub { owner = "KhronosGroup"; repo = "Vulkan-ValidationLayers"; rev = "vulkan-sdk-${version}"; - hash = "sha256-jBiVbLRbAZEEU8ZYg9Ehx4b5hDJoi7+LnN++zKLSzvA="; + hash = "sha256-OT9VfGg3+NBVV6SCGZ+Hu9FAxGJXXT45yvt2sHDIFTA="; }; nativeBuildInputs = [ diff --git a/pkgs/os-specific/darwin/apple-source-releases/default.nix b/pkgs/os-specific/darwin/apple-source-releases/default.nix index d44e67ac5969d..c34268fd41927 100644 --- a/pkgs/os-specific/darwin/apple-source-releases/default.nix +++ b/pkgs/os-specific/darwin/apple-source-releases/default.nix @@ -227,7 +227,7 @@ let pname = builtins.head (lib.splitString "/" namePath); appleDerivation' = stdenv: appleDerivation'' stdenv pname version sdkName sha256; appleDerivation = appleDerivation' stdenv; - callPackage = self.newScope { inherit appleDerivation' appleDerivation; }; + callPackage = self.newScope { inherit appleDerivation' appleDerivation; python3 = pkgs.buildPackages.python3Minimal; }; in callPackage (./. + "/${namePath}"); applePackage = namePath: sdkName: sha256: let @@ -289,9 +289,7 @@ developerToolsPackages_11_3_1 // macosPackages_11_0_1 // { ppp = applePackage "ppp" "osx-10.12.6" "sha256-M1zoEjjeKIDUEP6ACbpUJk3OXjobw4g/qzUmxGdX1J0=" {}; removefile = applePackage "removefile" "osx-10.12.6" "sha256-UpNk27kGXnZss1ZXWVJU9jLz/NW63ZAZEDLhyCYoi9M=" {}; xnu = if stdenv.isx86_64 then - applePackage "xnu" "osx-10.12.6" "sha256-C8TPQlUT3RbzAy8YnZPNtr70hpaVG9Llv0h42s3NENI=" { - python3 = pkgs.buildPackages.buildPackages.python3; # TODO(@Ericson2314) this shouldn't be needed. - } + applePackage "xnu" "osx-10.12.6" "sha256-C8TPQlUT3RbzAy8YnZPNtr70hpaVG9Llv0h42s3NENI=" {} else macosPackages_11_0_1.xnu; hfs = applePackage "hfs" "osx-10.12.6" "sha256-eGi18HQFJrU5UHoBOE0LqO5gQ0xOf8+OJuAWQljfKE4=" {}; Librpcsvc = applePackage "Librpcsvc" "osx-10.11.6" "sha256-YHbGws901xONzAbo6sB5zSea4Wp0sgYUJ8YgwVfWxnE=" {}; diff --git a/pkgs/os-specific/darwin/moltenvk/default.nix b/pkgs/os-specific/darwin/moltenvk/default.nix index 1324bdeb7f217..323096fd5c9ed 100644 --- a/pkgs/os-specific/darwin/moltenvk/default.nix +++ b/pkgs/os-specific/darwin/moltenvk/default.nix @@ -28,7 +28,7 @@ let in stdenv.mkDerivation (finalAttrs: { pname = "MoltenVK"; - version = "1.2.8"; + version = "1.2.9"; buildInputs = [ AppKit @@ -56,7 +56,7 @@ stdenv.mkDerivation (finalAttrs: { owner = "KhronosGroup"; repo = "MoltenVK"; rev = "v${finalAttrs.version}"; - hash = "sha256-nsNN2iCSjXzfarSdaNmeNbfDliUBMQMsb0rXEENWJqw="; + hash = "sha256-9k7NMw2M6IqCUQNBekzDaS6VYAOKwPmuCfJkENQ7oiI="; }; postPatch = '' diff --git a/pkgs/os-specific/linux/libbpf/default.nix b/pkgs/os-specific/linux/libbpf/default.nix index e910835ea0d7d..6a0ee908347ca 100644 --- a/pkgs/os-specific/linux/libbpf/default.nix +++ b/pkgs/os-specific/linux/libbpf/default.nix @@ -14,13 +14,13 @@ stdenv.mkDerivation rec { pname = "libbpf"; - version = "1.4.1"; + version = "1.4.2"; src = fetchFromGitHub { owner = "libbpf"; repo = "libbpf"; rev = "v${version}"; - sha256 = "sha256-dAyUBcOItDZNe2xBWoegCAmOnTugc1C7+k/hj20icJA="; + sha256 = "sha256-PlGr/qZbKnaY37wikdmX/iYtP11WHShn1I7vACUgLG0="; }; nativeBuildInputs = [ pkg-config ]; diff --git a/pkgs/os-specific/linux/systemd/default.nix b/pkgs/os-specific/linux/systemd/default.nix index 2d1f033920bda..a0f019c610dc9 100644 --- a/pkgs/os-specific/linux/systemd/default.nix +++ b/pkgs/os-specific/linux/systemd/default.nix @@ -5,7 +5,6 @@ , nixosTests , pkgsCross , fetchFromGitHub -, fetchpatch , fetchzip , buildPackages , makeBinaryWrapper @@ -180,7 +179,7 @@ assert withBootloader -> withEfi; let wantCurl = withRemote || withImportd; wantGcrypt = withResolved || withImportd; - version = "255.4"; + version = "255.6"; # Use the command below to update `releaseTimestamp` on every (major) version # change. More details in the commentary at mesonFlags. @@ -198,7 +197,7 @@ stdenv.mkDerivation (finalAttrs: { owner = "systemd"; repo = "systemd-stable"; rev = "v${version}"; - hash = "sha256-P1mKq+ythrv8MU7y2CuNtEx6qCDacugzfsPRZL+NPys="; + hash = "sha256-ah0678iNfy0c5NhHhjn0roY6RoM8OE0hWyEt+qEGKRQ="; }; # On major changes, or when otherwise required, you *must* : @@ -229,15 +228,6 @@ stdenv.mkDerivation (finalAttrs: { ./0017-meson.build-do-not-create-systemdstatedir.patch ] ++ lib.optional (stdenv.hostPlatform.isLinux && stdenv.hostPlatform.isGnu) [ ./0018-timesyncd-disable-NSCD-when-DNSSEC-validation-is-dis.patch - ] ++ lib.optional (stdenv.hostPlatform.isPower || stdenv.hostPlatform.isRiscV || stdenv.hostPlatform.isMips) [ - # Fixed upstream and included in the main and stable branches. Can be dropped - # when bumping to >= v255.5. - # https://github.com/systemd/systemd/issues/30448 - # https://github.com/NixOS/nixpkgs/pull/282607 - (fetchpatch { - url = "https://github.com/systemd/systemd/commit/8040fa55a1cbc34dede3205a902095ecd26c21e3.patch"; - sha256 = "0c6z7bsndbkb8m130jnjpsl138sfv3q171726n5vkyl2n9ihnavk"; - }) ] ++ lib.optional stdenv.hostPlatform.isMusl ( let oe-core = fetchzip { @@ -562,7 +552,7 @@ stdenv.mkDerivation (finalAttrs: { (lib.mesonEnable "zlib" withCompression) # NSS - (lib.mesonEnable "nss-mymachines" withNss) + (lib.mesonEnable "nss-mymachines" (withNss && withMachined)) (lib.mesonEnable "nss-resolve" withNss) (lib.mesonBool "nss-myhostname" withNss) (lib.mesonBool "nss-systemd" withNss) @@ -574,7 +564,7 @@ stdenv.mkDerivation (finalAttrs: { # FIDO2 (lib.mesonEnable "libfido2" withFido2) - (lib.mesonEnable "openssl" withFido2) + (lib.mesonEnable "openssl" (withHomed || withFido2 || withSysupdate)) # Password Quality (lib.mesonEnable "pwquality" withPasswordQuality) @@ -599,6 +589,7 @@ stdenv.mkDerivation (finalAttrs: { (lib.mesonEnable "libiptc" withIptables) (lib.mesonEnable "repart" withRepart) (lib.mesonEnable "sysupdate" withSysupdate) + (lib.mesonEnable "seccomp" withLibseccomp) (lib.mesonEnable "selinux" withSelinux) (lib.mesonEnable "tpm2" withTpm2Tss) (lib.mesonEnable "pcre2" withPCRE2) diff --git a/pkgs/os-specific/linux/util-linux/default.nix b/pkgs/os-specific/linux/util-linux/default.nix index ba989b41a6cac..4f957dfcc1675 100644 --- a/pkgs/os-specific/linux/util-linux/default.nix +++ b/pkgs/os-specific/linux/util-linux/default.nix @@ -1,7 +1,9 @@ -{ lib, stdenv, fetchurl, pkg-config, zlib, shadow +{ lib, stdenv, fetchurl, fetchpatch, autoreconfHook, gtk-doc, pkg-config +, zlib, shadow , capabilitiesSupport ? stdenv.isLinux , libcap_ng , libxcrypt +, sqlite , ncursesSupport ? true , ncurses , pamSupport ? true @@ -17,18 +19,35 @@ , memstreamHook , gitUpdater }: - +let + # Temporarily avoid applying the patches on systems where already we have binaries + # (in particular x86_64-linux and aarch64-linux) as the package is a huge rebuild there. + avoidRebuild = stdenv.isLinux && stdenv.is64bit; +in stdenv.mkDerivation rec { pname = "util-linux" + lib.optionalString (!nlsSupport && !ncursesSupport && !systemdSupport) "-minimal"; - version = "2.39.3"; + version = "2.40.1"; src = fetchurl { url = "mirror://kernel/linux/utils/util-linux/v${lib.versions.majorMinor version}/util-linux-${version}.tar.xz"; - hash = "sha256-e2YF5I0aSfQ8xLTPxZ8xPQ3VQC+kC5aBC9Vy4Wff7Q8="; + hash = "sha256-WeZ2qlPMtEtsOfD/4BqPonSJHJG+8UdHUvrZJGHe8k8="; }; patches = [ ./rtcwake-search-PATH-for-shutdown.patch + ] ++ lib.optionals (!avoidRebuild) [ + # Backports of patches that hopefully fix an intermittent parallel + # build failure. + (fetchpatch { + name = "pam_lastlog2:-drop-duplicate-assignment-pam_lastlog2_la_LDFLAGS.patch"; + url = "https://git.kernel.org/pub/scm/utils/util-linux/util-linux.git/patch/?id=290748729dc3edf9ea1c680c8954441a5e367a44"; + hash = "sha256-Hi+SrT8UovZyCWf6Jc7s3dc6YLyfOfgqohOEnc7aJq4="; + }) + (fetchpatch { + name = "libuuid:-drop-duplicate-assignment-liuuid_la_LDFLAGS"; + url = "https://git.kernel.org/pub/scm/utils/util-linux/util-linux.git/patch/?id=597e8b246ae31366514ead6cca240a09fe5e1528"; + hash = "sha256-QCx3MD/57x2tV1SlJ79EYyxafhaEH4UC+Dt24DA6P8I="; + }) ]; # We separate some of the utilities into their own outputs. This @@ -40,7 +59,7 @@ stdenv.mkDerivation rec { separateDebugInfo = true; postPatch = '' - patchShebangs tests/run.sh + patchShebangs tests/run.sh tools/all_syscalls substituteInPlace sys-utils/eject.c \ --replace "/bin/umount" "$bin/bin/umount" @@ -59,6 +78,7 @@ stdenv.mkDerivation rec { "--enable-fs-paths-default=/run/wrappers/bin:/run/current-system/sw/bin:/sbin" "--disable-makeinstall-setuid" "--disable-makeinstall-chown" "--disable-su" # provided by shadow + "--with-tmpfilesdir=${placeholder "out"}/lib/tmpfiles.d" (lib.enableFeature writeSupport "write") (lib.enableFeature nlsSupport "nls") (lib.withFeature ncursesSupport "ncursesw") @@ -78,9 +98,10 @@ stdenv.mkDerivation rec { ]; nativeBuildInputs = [ pkg-config installShellFiles ] + ++ lib.optionals (!avoidRebuild) [ autoreconfHook gtk-doc ] ++ lib.optionals translateManpages [ po4a ]; - buildInputs = [ zlib libxcrypt ] + buildInputs = [ zlib libxcrypt sqlite ] ++ lib.optionals pamSupport [ pam ] ++ lib.optionals capabilitiesSupport [ libcap_ng ] ++ lib.optionals ncursesSupport [ ncurses ] diff --git a/pkgs/servers/sql/postgresql/12.nix b/pkgs/servers/sql/postgresql/12.nix index d29fc7683048f..74098e91f2eb2 100644 --- a/pkgs/servers/sql/postgresql/12.nix +++ b/pkgs/servers/sql/postgresql/12.nix @@ -1,4 +1,4 @@ import ./generic.nix { - version = "12.18"; - hash = "sha256-T5kZcl2UHOmGjgf+HtHTqGdIWZtIM4ZUdYOSi3TDkYo="; + version = "12.19"; + hash = "sha256-YX495Swi6CL09X0B1bIkBQPhmKnsyvWYqFEQm9GOb7s="; } diff --git a/pkgs/servers/sql/postgresql/13.nix b/pkgs/servers/sql/postgresql/13.nix index c81e15bc7f685..6347ad1572168 100644 --- a/pkgs/servers/sql/postgresql/13.nix +++ b/pkgs/servers/sql/postgresql/13.nix @@ -1,6 +1,6 @@ import ./generic.nix { - version = "13.14"; - hash = "sha256-uN8HhVGJiWC9UA3F04oXfpkFN234H+fytmChQH+mpe0="; + version = "13.15"; + hash = "sha256-Qu3UFURtM7jCQr520a0FdTGyJksuhpOTObcHXG5OySU="; muslPatches = { disable-test-collate-icu-utf8 = { url = "https://git.alpinelinux.org/aports/plain/main/postgresql13/disable-test-collate.icu.utf8.patch?id=69faa146ec9fff3b981511068f17f9e629d4688b"; diff --git a/pkgs/servers/sql/postgresql/14.nix b/pkgs/servers/sql/postgresql/14.nix index c96ddd3ddc808..1b4827bcb7324 100644 --- a/pkgs/servers/sql/postgresql/14.nix +++ b/pkgs/servers/sql/postgresql/14.nix @@ -1,6 +1,6 @@ import ./generic.nix { - version = "14.11"; - hash = "sha256-pnC9fc4i3K1Cl7JhE2s7HUoJpvVBcZViqhTKY78paKg="; + version = "14.12"; + hash = "sha256-YRjQj53cwb2Dzyt8x007WDvc7C835iRaisADuPqoCSM="; muslPatches = { disable-test-collate-icu-utf8 = { url = "https://git.alpinelinux.org/aports/plain/main/postgresql14/disable-test-collate.icu.utf8.patch?id=56999e6d0265ceff5c5239f85fdd33e146f06cb7"; diff --git a/pkgs/servers/sql/postgresql/15.nix b/pkgs/servers/sql/postgresql/15.nix index 00dfc0cbbc19d..a9bde7fd0e673 100644 --- a/pkgs/servers/sql/postgresql/15.nix +++ b/pkgs/servers/sql/postgresql/15.nix @@ -1,4 +1,4 @@ import ./generic.nix { - version = "15.6"; - hash = "sha256-hFUUbtnGnJOlfelUrq0DAsr60DXCskIXXWqh4X68svs="; + version = "15.7"; + hash = "sha256-pG/klIWrY4Xjnau7tlT10wSSBvds1pXiJCaHKVIJmPc="; } diff --git a/pkgs/servers/sql/postgresql/16.nix b/pkgs/servers/sql/postgresql/16.nix index cdc37b7c62f5f..c964fc5800c85 100644 --- a/pkgs/servers/sql/postgresql/16.nix +++ b/pkgs/servers/sql/postgresql/16.nix @@ -1,4 +1,4 @@ import ./generic.nix { - version = "16.2"; - hash = "sha256-RG6IKU28LJCFq0twYaZG+mBLS+wDUh1epnHC5a2bKVI="; + version = "16.3"; + hash = "sha256-Mxlj1dPcTK9CFqBJ+kC2bWvLjHMGFYWUEblRh2TmBYU="; } diff --git a/pkgs/servers/sql/postgresql/generic.nix b/pkgs/servers/sql/postgresql/generic.nix index 705407a932560..294d9a86305d3 100644 --- a/pkgs/servers/sql/postgresql/generic.nix +++ b/pkgs/servers/sql/postgresql/generic.nix @@ -198,18 +198,6 @@ let # autodetection doesn't seem to able to find this, but it's there. checkTarget = "check"; - # TODO: Remove after the next set of minor releases on May 9th 2024 - preCheck = - # On musl, comment skip the following tests, because they break due to - # ! ERROR: could not load library "/build/postgresql-11.5/tmp_install/nix/store/...-postgresql-11.5-lib/lib/libpqwalreceiver.so": Error loading shared library libpq.so.5: No such file or directory (needed by /build/postgresql-11.5/tmp_install/nix/store/...-postgresql-11.5-lib/lib/libpqwalreceiver.so) - # See also here: - # https://git.alpinelinux.org/aports/tree/main/postgresql/disable-broken-tests.patch?id=6d7d32c12e073a57a9e5946e55f4c1fbb68bd442 - if stdenv'.hostPlatform.isMusl then '' - substituteInPlace src/test/regress/parallel_schedule \ - --replace "subscription" "" \ - --replace "object_address" "" - '' else null; - disallowedReferences = [ stdenv'.cc ]; passthru = let diff --git a/pkgs/servers/x11/xorg/overrides.nix b/pkgs/servers/x11/xorg/overrides.nix index 246709dd1c1cd..a6d7d7e6a7f0c 100644 --- a/pkgs/servers/x11/xorg/overrides.nix +++ b/pkgs/servers/x11/xorg/overrides.nix @@ -422,6 +422,10 @@ self: super: # https://gitlab.freedesktop.org/xorg/lib/libpciaccess/-/blob/master/configure.ac#L108-114 platforms = lib.fold (os: ps: ps ++ lib.platforms.${os}) [] [ "cygwin" "freebsd" "linux" "netbsd" "openbsd" "illumos" ]; + badPlatforms = [ + # mandatory shared library + lib.systems.inspect.platformPatterns.isStatic + ]; }; }); diff --git a/pkgs/test/cc-wrapper/default.nix b/pkgs/test/cc-wrapper/default.nix index a0088751d4a24..6a0b11a6cc974 100644 --- a/pkgs/test/cc-wrapper/default.nix +++ b/pkgs/test/cc-wrapper/default.nix @@ -46,6 +46,17 @@ in stdenv.mkDerivation { $READELF -d ./atomics.so | grep libatomic.so && echo "ok" >&2 || echo "failed" >&2 ''} + # Test that linking libc++ works, and statically. + ${lib.optionalString isCxx '' + echo "checking whether can link with libc++... " >&2 + NIX_DEBUG=1 $CXX ${./cxx-main.cc} -c -o cxx-main.o + NIX_DEBUG=1 $CC cxx-main.o -lc++ -o cxx-main + NIX_DEBUG=1 $CC cxx-main.o ${lib.getLib stdenv.cc.libcxx}/lib/libc++.a -o cxx-main-static + ${emulator} ./cxx-main + ${emulator} ./cxx-main-static + rm cxx-main{,-static,.o} + ''} + ${lib.optionalString (stdenv.isDarwin && stdenv.cc.isClang) '' echo "checking whether compiler can build with CoreFoundation.framework... " >&2 mkdir -p foo/lib diff --git a/pkgs/tools/graphics/spirv-cross/default.nix b/pkgs/tools/graphics/spirv-cross/default.nix index 5f970916049c6..7624c10dcdcf3 100644 --- a/pkgs/tools/graphics/spirv-cross/default.nix +++ b/pkgs/tools/graphics/spirv-cross/default.nix @@ -2,13 +2,13 @@ stdenv.mkDerivation (finalAttrs: { pname = "spirv-cross"; - version = "1.3.280.0"; + version = "1.3.283.0"; src = fetchFromGitHub { owner = "KhronosGroup"; repo = "SPIRV-Cross"; rev = "vulkan-sdk-${finalAttrs.version}"; - hash = "sha256-jWTTUHUvUyF5Vern3QXZo96Yvp7/T1WQjt3OpvJczsw="; + hash = "sha256-UEXKzx1NXCInOnI96Z1hfrpyoWdb3BOGEKstX1gVzIo="; }; nativeBuildInputs = [ cmake python3 ]; diff --git a/pkgs/tools/graphics/vulkan-extension-layer/default.nix b/pkgs/tools/graphics/vulkan-extension-layer/default.nix index 7d5273b4c30c0..6f5961de851d1 100644 --- a/pkgs/tools/graphics/vulkan-extension-layer/default.nix +++ b/pkgs/tools/graphics/vulkan-extension-layer/default.nix @@ -2,13 +2,13 @@ stdenv.mkDerivation rec { pname = "vulkan-extension-layer"; - version = "1.3.280.0"; + version = "1.3.283.0"; src = fetchFromGitHub { owner = "KhronosGroup"; repo = "Vulkan-ExtensionLayer"; rev = "vulkan-sdk-${version}"; - hash = "sha256-THy2/hZacOI6IUPFk8cckpBKM4W3pFFeeEwSTVoMDQo="; + hash = "sha256-ClmCYJD9GRtM0XgbZqbW1OY1ukP8+FifneaXUjvNGQ4="; }; nativeBuildInputs = [ cmake pkg-config jq ]; diff --git a/pkgs/tools/graphics/vulkan-tools-lunarg/default.nix b/pkgs/tools/graphics/vulkan-tools-lunarg/default.nix index 6ac7ac411185d..afe23265572df 100644 --- a/pkgs/tools/graphics/vulkan-tools-lunarg/default.nix +++ b/pkgs/tools/graphics/vulkan-tools-lunarg/default.nix @@ -26,13 +26,13 @@ stdenv.mkDerivation rec { pname = "vulkan-tools-lunarg"; - version = "1.3.280.0"; + version = "1.3.283.0"; src = fetchFromGitHub { owner = "LunarG"; repo = "VulkanTools"; rev = "vulkan-sdk-${version}"; - hash = "sha256-tp5b7/1lDF9oe/AsiqhVCvYY8p9UguGAgIkLS/hIhfQ="; + hash = "sha256-kRioHGrk6zsBIsnvusq6usAQqxQmCMmGk+O3ckkGEG4="; }; nativeBuildInputs = [ cmake python3 jq which pkg-config libsForQt5.qt5.wrapQtAppsHook ]; diff --git a/pkgs/tools/graphics/vulkan-tools/default.nix b/pkgs/tools/graphics/vulkan-tools/default.nix index 95423b68d6b90..b507ed416c126 100644 --- a/pkgs/tools/graphics/vulkan-tools/default.nix +++ b/pkgs/tools/graphics/vulkan-tools/default.nix @@ -24,13 +24,13 @@ stdenv.mkDerivation rec { pname = "vulkan-tools"; - version = "1.3.280.0"; + version = "1.3.283.0"; src = fetchFromGitHub { owner = "KhronosGroup"; repo = "Vulkan-Tools"; rev = "vulkan-sdk-${version}"; - hash = "sha256-v6Piz1nvNffopz5FVRkgJ1pXj63jCWTyNopkpjcBFXA="; + hash = "sha256-IAlqFCenv5e70XyLSYh2fE84JZQFJwg+YKTGaK7ShKA="; }; nativeBuildInputs = [ diff --git a/pkgs/tools/networking/modemmanager/default.nix b/pkgs/tools/networking/modemmanager/default.nix index 64d61f0e323ca..d432b590c5c3f 100644 --- a/pkgs/tools/networking/modemmanager/default.nix +++ b/pkgs/tools/networking/modemmanager/default.nix @@ -1,8 +1,8 @@ { lib , stdenv , fetchFromGitLab +, fetchpatch , glib -, udev , libgudev , polkit , ppp @@ -38,6 +38,12 @@ stdenv.mkDerivation rec { # Since /etc is the domain of NixOS, not Nix, we cannot install files there. # But these are just placeholders so we do not need to install them at all. ./no-dummy-dirs-in-sysconfdir.patch + + (fetchpatch { + name = "GI_TYPELIB_PATH.patch"; + url = "https://gitlab.freedesktop.org/mobile-broadband/ModemManager/-/commit/daa829287894273879799a383ed4dc373c6111b0.patch"; + hash = "sha256-tPQokiZO2SpTlX8xMlkWjP1AIXgoLHW3rJwnmG33z/k="; + }) ]; strictDeps = true; @@ -55,7 +61,6 @@ stdenv.mkDerivation rec { buildInputs = [ glib - udev libgudev polkit ppp @@ -89,14 +94,16 @@ stdenv.mkDerivation rec { # In Nixpkgs g-ir-scanner is patched to produce absolute paths, and # that interferes with ModemManager's tests, causing them to try to # load libraries from the install path, which doesn't usually exist - # when `make check' is run. So to work around that, we run it as an + # when `meson test' is run. So to work around that, we run it as an # install check instead, when those paths will have been created. doInstallCheck = true; - preInstallCheck = '' + installCheckPhase = '' + runHook preInstallCheck export G_TEST_DBUS_DAEMON="${dbus}/bin/dbus-daemon" patchShebangs tools/tests/test-wrapper.sh + mesonCheckPhase + runHook postInstallCheck ''; - installCheckTarget = "check"; meta = with lib; { description = "WWAN modem manager, part of NetworkManager"; diff --git a/pkgs/tools/networking/whois/default.nix b/pkgs/tools/networking/whois/default.nix index 4b7d7b778c0a0..9855a948783af 100644 --- a/pkgs/tools/networking/whois/default.nix +++ b/pkgs/tools/networking/whois/default.nix @@ -1,14 +1,14 @@ { lib, stdenv, fetchFromGitHub, fetchpatch, perl, gettext, pkg-config, libidn2, libiconv }: stdenv.mkDerivation rec { - version = "5.5.22"; + version = "5.5.23"; pname = "whois"; src = fetchFromGitHub { owner = "rfc1036"; repo = "whois"; rev = "v${version}"; - hash = "sha256-5ogHgGODqEUQ5ggoevpfSmJ8GvWImm0ufjnpcbcX7rk="; + hash = "sha256-c/Mx2HXAj6mHH8rElG7+F94sSrVSL1N9HZBvaMWUjlw="; }; patches = [ diff --git a/pkgs/tools/security/rhash/default.nix b/pkgs/tools/security/rhash/default.nix index e789eeba05394..cdad16bb4b43c 100644 --- a/pkgs/tools/security/rhash/default.nix +++ b/pkgs/tools/security/rhash/default.nix @@ -3,6 +3,7 @@ , fetchFromGitHub , which , enableStatic ? stdenv.hostPlatform.isStatic +, gettext }: stdenv.mkDerivation rec { @@ -16,7 +17,10 @@ stdenv.mkDerivation rec { sha256 = "sha256-3CW41ULdXoID4cOgrcG2j85tgIJ/sz5hU7A83qpuxf4="; }; + patches = [ ./dont-fail-ln.patch ./do-link-so.patch ]; + nativeBuildInputs = [ which ]; + buildInputs = lib.optionals stdenv.hostPlatform.isFreeBSD [ gettext ]; # configure script is not autotools-based, doesn't support these options dontAddStaticConfigureFlags = true; diff --git a/pkgs/tools/security/rhash/do-link-so.patch b/pkgs/tools/security/rhash/do-link-so.patch new file mode 100644 index 0000000000000..d75df2d048cdb --- /dev/null +++ b/pkgs/tools/security/rhash/do-link-so.patch @@ -0,0 +1,22 @@ +From b8c91ea6551e99e10352386cd46ea26973bb4a4d Mon Sep 17 00:00:00 2001 +From: Aleksey Kravchenko <rhash.admin@gmail.com> +Date: Mon, 11 Sep 2023 03:49:20 +0300 +Subject: [PATCH] Fix #238: Build on Unix + +--- + librhash/Makefile | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/librhash/Makefile b/librhash/Makefile +index e8ee862..34f1263 100644 +--- a/librhash/Makefile ++++ b/librhash/Makefile +@@ -27,7 +27,7 @@ install-lib-static: $(LIBRHASH_STATIC) + install-lib-shared: $(LIBRHASH_SHARED) $(EXTRA_INSTALL_LIBSHARED) + $(INSTALL) -d $(SO_DIR) + $(INSTALL_SHARED) $(LIBRHASH_SHARED) $(SO_DIR)/ +- test "x$(LIBRHASH_SO_MAJ)" != "x$(LIBRHASH_SHARED)" || ( \ ++ test "x$(LIBRHASH_SO_MAJ)" = "x$(LIBRHASH_SHARED)" || ( \ + rm -f $(LIBDIR)/$(LIBRHASH_SO_MAJ) && \ + ln -s $(LIBRHASH_SHARED) $(LIBDIR)/$(LIBRHASH_SO_MAJ) ) + diff --git a/pkgs/tools/security/rhash/dont-fail-ln.patch b/pkgs/tools/security/rhash/dont-fail-ln.patch new file mode 100644 index 0000000000000..7703db5feb241 --- /dev/null +++ b/pkgs/tools/security/rhash/dont-fail-ln.patch @@ -0,0 +1,59 @@ +From 9ef90b958b7ae50aeeb5c269468034d73d6e2efe Mon Sep 17 00:00:00 2001 +From: Aleksey Kravchenko <rhash.admin@gmail.com> +Date: Mon, 31 Jul 2023 02:48:15 +0300 +Subject: [PATCH] Fix #238: Build on *BSD + +--- + configure | 3 ++- + librhash/Makefile | 8 ++++---- + 2 files changed, 6 insertions(+), 5 deletions(-) + +diff --git a/configure b/configure +index dae76d5..39ef8c1 100755 +--- a/configure ++++ b/configure +@@ -567,6 +567,7 @@ qnx() { test "$OS_LC" = "qnx"; } + sunos() { test "$OS_LC" = "sunos"; } + wine() { test "$OS_LC" = "wine"; } + win32() { cygwin || mingw32 || mingw64 || msys || wine; } ++bsd() { dragonfly || freebsd || netbsd || openbsd ; } + posix_make() { aix || bsdos || hpux || irix || qnx || sunos; } + + ##################################################################### +@@ -713,7 +714,7 @@ if win32; then + elif darwin; then + SHARED_EXT=".${RHASH_VERSION_MAJOR}.dylib" + SOLINK_EXT=".dylib" +-elif linux; then ++elif linux || bsd; then + # use the full library version for the library file extension + SHARED_EXT=".so.${RHASH_VERSION}" + fi +diff --git a/librhash/Makefile b/librhash/Makefile +index d48e06e..e8ee862 100644 +--- a/librhash/Makefile ++++ b/librhash/Makefile +@@ -27,9 +27,9 @@ install-lib-static: $(LIBRHASH_STATIC) + install-lib-shared: $(LIBRHASH_SHARED) $(EXTRA_INSTALL_LIBSHARED) + $(INSTALL) -d $(SO_DIR) + $(INSTALL_SHARED) $(LIBRHASH_SHARED) $(SO_DIR)/ +- test "x$(LIBRHASH_SO_MAJ)" != "x$(LIBRHASH_SHARED)" && \ ++ test "x$(LIBRHASH_SO_MAJ)" != "x$(LIBRHASH_SHARED)" || ( \ + rm -f $(LIBDIR)/$(LIBRHASH_SO_MAJ) && \ +- ln -s $(LIBRHASH_SHARED) $(LIBDIR)/$(LIBRHASH_SO_MAJ) ++ ln -s $(LIBRHASH_SHARED) $(LIBDIR)/$(LIBRHASH_SO_MAJ) ) + + install-implib: + $(INSTALL) -d $(LIBDIR) +@@ -175,9 +175,9 @@ $(EXPORTS_FILE): $(LIB_HEADERS) + $(LIB_HEADERS) | grep -v "$(EXPORTS_SKIP)" > $@ + + $(LIBRHASH_SOLINK): +- test "x$(LIBRHASH_SO_MAJ)" != "x$(LIBRHASH_SHARED)" && \ ++ test "x$(LIBRHASH_SO_MAJ)" = "x$(LIBRHASH_SHARED)" || ( \ + rm -f $(LIBRHASH_SO_MAJ) && \ +- ln -s $(LIBRHASH_SHARED) $(LIBRHASH_SO_MAJ) ++ ln -s $(LIBRHASH_SHARED) $(LIBRHASH_SO_MAJ) ) + rm -f $(LIBRHASH_SOLINK) + ln -s $(LIBRHASH_SO_MAJ) $(LIBRHASH_SOLINK) + diff --git a/pkgs/top-level/all-packages.nix b/pkgs/top-level/all-packages.nix index 1f6c9407956fa..3faee9c5f29c9 100644 --- a/pkgs/top-level/all-packages.nix +++ b/pkgs/top-level/all-packages.nix @@ -14407,8 +14407,6 @@ with pkgs; unclutter-xfixes = callPackage ../tools/misc/unclutter-xfixes { }; - unbound = callPackage ../tools/networking/unbound { }; - unbound-with-systemd = unbound.override { withSystemd = true; }; diff --git a/pkgs/top-level/python-aliases.nix b/pkgs/top-level/python-aliases.nix index 8a2789e5dc6b1..780b1ac5cb0c3 100644 --- a/pkgs/top-level/python-aliases.nix +++ b/pkgs/top-level/python-aliases.nix @@ -480,6 +480,7 @@ mapAliases ({ setuptools_scm = setuptools-scm; # added 2021-06-03 setuptoolsTrial = setuptools-trial; # added 2023-11-11 sharkiqpy = sharkiq; # added 2022-05-21 + shouldbe = throw "shouldbe was removed, because it was disabled on all python version since 3.8 and last updated in 2019."; # added 2024-05-12 sip_4 = sip4; # added 2024-01-07 ssh-mitm = throw "ssh-mitm was removed in favor of the top-level ssh-mitm"; # added 2023-05-09 smart_open = smart-open; # added 2021-03-14 diff --git a/pkgs/top-level/python-packages.nix b/pkgs/top-level/python-packages.nix index 455b2ddbff3b5..29b5d95a99226 100644 --- a/pkgs/top-level/python-packages.nix +++ b/pkgs/top-level/python-packages.nix @@ -13874,8 +13874,6 @@ self: super: with self; { shortuuid = callPackage ../development/python-modules/shortuuid { }; - shouldbe = callPackage ../development/python-modules/shouldbe { }; - should-dsl = callPackage ../development/python-modules/should-dsl { }; show-in-file-manager = callPackage ../development/python-modules/show-in-file-manager { }; |