diff options
Diffstat (limited to 'pkgs/applications/networking')
9 files changed, 70 insertions, 23 deletions
diff --git a/pkgs/applications/networking/browsers/firefox-bin/default.nix b/pkgs/applications/networking/browsers/firefox-bin/default.nix index 8130f9f775849..56d21187ebb2e 100644 --- a/pkgs/applications/networking/browsers/firefox-bin/default.nix +++ b/pkgs/applications/networking/browsers/firefox-bin/default.nix @@ -20,7 +20,6 @@ , runtimeShell , systemLocale ? config.i18n.defaultLocale or "en_US" , patchelfUnstable # have to use patchelfUnstable to support --no-clobber-old-sections -, makeWrapper }: let @@ -58,20 +57,6 @@ let source = lib.findFirst (sourceMatches mozLocale) defaultSource sources; pname = "firefox-${channel}-bin-unwrapped"; - - # FIXME: workaround for not being able to pass flags to patchelf - # Remove after https://github.com/NixOS/nixpkgs/pull/256525 - wrappedPatchelf = stdenv.mkDerivation { - pname = "patchelf-wrapped"; - inherit (patchelfUnstable) version; - - nativeBuildInputs = [ makeWrapper ]; - - buildCommand = '' - mkdir -p $out/bin - makeWrapper ${patchelfUnstable}/bin/patchelf $out/bin/patchelf --append-flags "--no-clobber-old-sections" - ''; - }; in stdenv.mkDerivation { @@ -79,7 +64,7 @@ stdenv.mkDerivation { src = fetchurl { inherit (source) url sha256; }; - nativeBuildInputs = [ wrapGAppsHook autoPatchelfHook wrappedPatchelf ]; + nativeBuildInputs = [ wrapGAppsHook autoPatchelfHook patchelfUnstable ]; buildInputs = [ gtk3 adwaita-icon-theme @@ -93,8 +78,10 @@ stdenv.mkDerivation { pciutils ]; appendRunpaths = [ - "${pipewire.lib}/lib" + "${pipewire}/lib" ]; + # Firefox uses "relrhack" to manually process relocations from a fixed offset + patchelfFlags = [ "--no-clobber-old-sections" ]; installPhase = '' diff --git a/pkgs/applications/networking/browsers/webmacs/default.nix b/pkgs/applications/networking/browsers/webmacs/default.nix index de3c1cfdcdba8..2f63670128bb1 100644 --- a/pkgs/applications/networking/browsers/webmacs/default.nix +++ b/pkgs/applications/networking/browsers/webmacs/default.nix @@ -1,4 +1,5 @@ { lib +, stdenv , mkDerivationWith , fetchFromGitHub , python3Packages @@ -6,6 +7,8 @@ }: mkDerivationWith python3Packages.buildPythonApplication rec { + inherit stdenv; + pname = "webmacs"; version = "0.8"; diff --git a/pkgs/applications/networking/instant-messengers/ricochet/default.nix b/pkgs/applications/networking/instant-messengers/ricochet/default.nix index f612ec524a7b1..99c7cbbc7d8ee 100644 --- a/pkgs/applications/networking/instant-messengers/ricochet/default.nix +++ b/pkgs/applications/networking/instant-messengers/ricochet/default.nix @@ -6,7 +6,6 @@ , qtbase , qttools , qtmultimedia -, qtquick1 , qtquickcontrols , openssl , protobuf @@ -38,7 +37,6 @@ mkDerivation rec { qtbase qttools qtmultimedia - qtquick1 qtquickcontrols openssl protobuf diff --git a/pkgs/applications/networking/localproxy/default.nix b/pkgs/applications/networking/localproxy/default.nix index 019da46951241..719b730817b41 100644 --- a/pkgs/applications/networking/localproxy/default.nix +++ b/pkgs/applications/networking/localproxy/default.nix @@ -3,14 +3,14 @@ , fetchFromGitHub , cmake , openssl -, protobuf3_21 +, protobuf_21 , catch2 , boost181 , icu }: let boost = boost181.override { enableStatic = true; }; - protobuf = protobuf3_21.override { enableShared = false; }; + protobuf = protobuf_21.override { enableShared = false; }; in stdenv.mkDerivation (finalAttrs: { pname = "localproxy"; diff --git a/pkgs/applications/networking/mailreaders/neomutt/default.nix b/pkgs/applications/networking/mailreaders/neomutt/default.nix index 9ac8c83dc5e70..8d0bc45c4a029 100644 --- a/pkgs/applications/networking/mailreaders/neomutt/default.nix +++ b/pkgs/applications/networking/mailreaders/neomutt/default.nix @@ -20,8 +20,9 @@ stdenv.mkDerivation rec { # https://github.com/neomutt/neomutt/issues/3773#issuecomment-1493295144 ./fix-open-very-large-mailbox.patch (fetchpatch { + # https://github.com/neomutt/neomutt/pull/3933 name = "disable-incorrect-tests.patch"; - url = "https://github.com/neomutt/neomutt/pull/3933.patch"; + url = "https://github.com/neomutt/neomutt/compare/f624551b86cdb53224b5b48304a808ca2815111e...a9a1d99e6c0fdf367188125451300fa89d3e801a.patch"; hash = "sha256-Plei063T8XyXF4/7/nAb6/4OyXz72vBAXHwls9WL1vM="; excludes = [".github/workflows/macos.yml"]; }) diff --git a/pkgs/applications/networking/p2p/freenet/default.nix b/pkgs/applications/networking/p2p/freenet/default.nix index 8a46b5a476c1e..3ca23647251a1 100644 --- a/pkgs/applications/networking/p2p/freenet/default.nix +++ b/pkgs/applications/networking/p2p/freenet/default.nix @@ -16,8 +16,9 @@ let patches = [ # gradle 7 support + # https://github.com/freenet/fred/pull/827 (fetchpatch { - url = "https://github.com/freenet/fred/pull/827.patch"; + url = "https://github.com/freenet/fred/commit/8991303493f2c0d9933f645337f0a7a5a979e70a.patch"; sha256 = "sha256-T1zymxRTADVhhwp2TyB+BC/J4gZsT/CUuMrT4COlpTY="; }) ]; diff --git a/pkgs/applications/networking/remote/freerdp/default.nix b/pkgs/applications/networking/remote/freerdp/default.nix index 931b788156d38..b159bd0a996ac 100644 --- a/pkgs/applications/networking/remote/freerdp/default.nix +++ b/pkgs/applications/networking/remote/freerdp/default.nix @@ -190,6 +190,8 @@ stdenv.mkDerivation rec { "-DTARGET_OS_IPHONE=0" "-DTARGET_OS_WATCH=0" "-include AudioToolbox/AudioToolbox.h" + ] ++ lib.optionals stdenv.cc.isClang [ + "-Wno-error=incompatible-function-pointer-types" ]); NIX_LDFLAGS = lib.optionals stdenv.isDarwin [ diff --git a/pkgs/applications/networking/sync/rsync/default.nix b/pkgs/applications/networking/sync/rsync/default.nix index 9df26b6bb8453..1baf1c40eb14b 100644 --- a/pkgs/applications/networking/sync/rsync/default.nix +++ b/pkgs/applications/networking/sync/rsync/default.nix @@ -30,6 +30,12 @@ stdenv.mkDerivation rec { nativeBuildInputs = [ perl ]; + patches = [ + # https://github.com/WayneD/rsync/issues/511#issuecomment-1774612577 + # original source: https://build.opensuse.org/package/view_file/network/rsync/rsync-fortified-strlcpy-fix.patch?expand=1&rev=3f8dd2f4a404c96c0f69176e60893714 + ./rsync-fortified-strlcpy-fix.patch + ]; + buildInputs = [ libiconv zlib popt ] ++ lib.optional enableACLs acl ++ lib.optional enableZstd zstd diff --git a/pkgs/applications/networking/sync/rsync/rsync-fortified-strlcpy-fix.patch b/pkgs/applications/networking/sync/rsync/rsync-fortified-strlcpy-fix.patch new file mode 100644 index 0000000000000..296445b4bb563 --- /dev/null +++ b/pkgs/applications/networking/sync/rsync/rsync-fortified-strlcpy-fix.patch @@ -0,0 +1,49 @@ +From 1f83963f59960150e8c46112daa8411324c1f209 Mon Sep 17 00:00:00 2001 +From: Jiri Slaby <jslaby@suse.cz> +Date: Fri, 18 Aug 2023 08:26:20 +0200 +Subject: [PATCH] exclude: fix crashes with fortified strlcpy() + +Fortified (-D_FORTIFY_SOURCE=2 for gcc) builds make strlcpy() crash when +its third parameter (size) is larger than the buffer: + $ rsync -FFXHav '--filter=merge global-rsync-filter' Align-37-43/ xxx + sending incremental file list + *** buffer overflow detected ***: terminated + +It's in the exclude code in setup_merge_file(): + strlcpy(y, save, MAXPATHLEN); + +Note the 'y' pointer was incremented, so it no longer points to memory +with MAXPATHLEN "owned" bytes. + +Fix it by remembering the number of copied bytes into the 'save' buffer +and use that instead of MAXPATHLEN which is clearly incorrect. + +Fixes #511. +--- + exclude.c | 5 +++-- + 1 file changed, 3 insertions(+), 2 deletions(-) + +diff --git a/exclude.c b/exclude.c +index ffe55b167..1a5de3b9e 100644 +--- a/exclude.c ++++ b/exclude.c +@@ -720,7 +720,8 @@ static BOOL setup_merge_file(int mergelist_num, filter_rule *ex, + parent_dirscan = True; + while (*y) { + char save[MAXPATHLEN]; +- strlcpy(save, y, MAXPATHLEN); ++ /* copylen is strlen(y) which is < MAXPATHLEN. +1 for \0 */ ++ size_t copylen = strlcpy(save, y, MAXPATHLEN) + 1; + *y = '\0'; + dirbuf_len = y - dirbuf; + strlcpy(x, ex->pattern, MAXPATHLEN - (x - buf)); +@@ -734,7 +735,7 @@ static BOOL setup_merge_file(int mergelist_num, filter_rule *ex, + lp->head = NULL; + } + lp->tail = NULL; +- strlcpy(y, save, MAXPATHLEN); ++ strlcpy(y, save, copylen); + while ((*x++ = *y++) != '/') {} + } + parent_dirscan = False; + |