JakeHillion/nixpkgs
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Merge branch 'glibc-2.22' into staging

Browse Source 
I'm running whole my working notebook on 2.22 without any problems.
I don't expect any significant issues.
This commit is contained in:
Vladimír Čunát 2016-02-25 08:42:59 +01:00
commit 30b7bd8d01
44 changed files with 199 additions and 1123 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
lib/types.nix
View File

@ -93,7 +93,7 @@ rec {
# derivation is a reserved keyword.
package = mkOptionType {
name = "derivation";
name = "package";
check = x: isDerivation x || isStorePath x;
merge = loc: defs:
let res = mergeOneOption loc defs;

1
nixos/modules/services/computing/slurm/slurm.nix
View File

@ -37,6 +37,7 @@ in
package = mkOption {
type = types.package;
default = pkgs.slurm-llnl;
defaultText = "pkgs.slurm-llnl";
example = literalExample "pkgs.slurm-llnl-full";
description = ''
The packge to use for slurm binaries.

1
nixos/modules/services/misc/matrix-synapse.nix
View File

@ -61,6 +61,7 @@ in {
package = mkOption {
type = types.package;
default = pkgs.matrix-synapse;
defaultText = "pkgs.matrix-synapse";
description = ''
Overridable attribute of the matrix synapse server package to use.
'';

1
nixos/modules/services/misc/plex.nix
View File

@ -58,6 +58,7 @@ in
package = mkOption {
type = types.package;
default = pkgs.plex;
defaultText = "pkgs.plex";
description = ''
The Plex package to use. Plex subscribers may wish to use their own
package here, pointing to subscriber-only server versions.

9
nixos/modules/services/monitoring/collectd.nix
View File

@ -34,6 +34,15 @@ in {
type = bool;
};
package = mkOption {
default = pkgs.collectd;
defaultText = "pkgs.collectd";
description = ''
Which collectd package to use.
'';
type = package;
};
user = mkOption {
default = "collectd";
description = ''

1
nixos/modules/services/networking/consul.nix
View File

@ -33,6 +33,7 @@ in
package = mkOption {
type = types.package;
default = pkgs.consul;
defaultText = "pkgs.consul";
description = ''
The package used for the Consul agent and CLI.
'';

1
nixos/modules/services/networking/ejabberd.nix
View File

@ -32,6 +32,7 @@ in {
package = mkOption {
type = types.package;
default = pkgs.ejabberd;
defaultText = "pkgs.ejabberd";
description = "ejabberd server package to use";
};

1
nixos/modules/services/networking/tlsdated.nix
View File

@ -26,6 +26,7 @@ in
extraOptions = mkOption {
type = types.string;
default = "";
description = ''
Additional command line arguments to pass to tlsdated.
'';

1
nixos/modules/services/security/haka.nix
View File

@ -59,6 +59,7 @@ in
package = mkOption {
default = pkgs.haka;
defaultText = "pkgs.haka";
type = types.package;
description = "
Which Haka derivation to use.

1
nixos/modules/services/web-servers/apache-httpd/owncloud.nix
View File

@ -370,6 +370,7 @@ rec {
package = mkOption {
type = types.package;
default = pkgs.owncloud70;
defaultText = "pkgs.owncloud70";
example = literalExample "pkgs.owncloud70";
description = ''
PostgreSQL package to use.

6
pkgs/applications/graphics/inkscape/default.nix
View File

@ -1,7 +1,7 @@
{ stdenv, fetchurl, pkgconfig, perl, perlXMLParser, gtk, libXft
, libpng, zlib, popt, boehmgc, libxml2, libxslt, glib, gtkmm
, glibmm, libsigcxx, lcms, boost, gettext, makeWrapper, intltool
, gsl, python, pyxml, lxml, poppler, imagemagick, libwpg, librevenge
, gsl, python, numpy, pyxml, lxml, poppler, imagemagick, libwpg, librevenge
, libvisio, libcdr, libexif, unzip
, boxMakerPlugin ? false # boxmaker plugin
}:
@ -37,7 +37,7 @@ stdenv.mkDerivation rec {
propagatedBuildInputs = [
# Python is used at run-time to execute scripts, e.g., those from
# the "Effects" menu.
python pyxml lxml
python pyxml numpy lxml
];
buildInputs = [
@ -66,7 +66,7 @@ stdenv.mkDerivation rec {
for i in "$out/bin/"*
do
wrapProgram "$i" --prefix PYTHONPATH : \
"$(toPythonPath ${pyxml}):$(toPythonPath ${lxml})" \
"$(toPythonPath ${pyxml}):$(toPythonPath ${lxml}):$(toPythonPath ${numpy})" \
--prefix PATH : ${python}/bin || \
exit 2
done

4
pkgs/applications/networking/cluster/spark/default.nix
View File

@ -6,11 +6,11 @@ with stdenv.lib;
stdenv.mkDerivation rec {
name = "spark-${version}";
version = "1.5.2";
version = "1.6.0";
src = fetchzip {
url = "mirror://apache/spark/${name}/${name}-bin-cdh4.tgz";
sha256 = "0bgpz3bqj24flrbajzhbkz38fjsd53qmji1kls9izji8vprcjr5v";
sha256 = "0waq8xx4bjj1yvfbadv1gdvz8s4kh5zasicv2n5623ld6lj7zgad";
};
buildInputs = [ makeWrapper jre pythonPackages.python pythonPackages.numpy ]

8
pkgs/build-support/docker/default.nix
View File

@ -267,7 +267,9 @@ EOF
let
baseJson = writeText "${name}-config.json" (builtins.toJSON {
baseName = baseNameOf name;
baseJson = writeText "${baseName}-config.json" (builtins.toJSON {
created = "1970-01-01T00:00:01Z";
architecture = "amd64";
os = "linux";
@ -277,11 +279,11 @@ EOF
layer = (if runAsRoot == null
then mkPureLayer { inherit baseJson contents extraCommands; }
else mkRootLayer { inherit baseJson fromImage fromImageName fromImageTag contents runAsRoot diskSize extraCommands; });
depsTarball = mkTarball { name = "${name}-deps";
depsTarball = mkTarball { name = "${baseName}-deps";
drv = layer;
onlyDeps = true; };
result = runCommand "${name}.tar.gz" {
result = runCommand "${baseName}.tar.gz" {
buildInputs = [ jshon ];
imageName = name;

14
pkgs/development/libraries/aws-sdk-cpp/default.nix
View File

@ -1,4 +1,9 @@
{ lib, stdenv, fetchFromGitHub, cmake, curl }:
{ lib, stdenv, fetchFromGitHub, cmake, curl
, # Allow building a limited set of APIs, e.g. ["s3" "ec2"].
apis ? ["*"]
, # Whether to enable AWS' custom memory management.
customMemoryManagement ? true
}:
stdenv.mkDerivation rec {
name = "aws-sdk-cpp-${version}";
@ -13,9 +18,10 @@ stdenv.mkDerivation rec {
buildInputs = [ cmake curl ];
# FIXME: provide flags to build only part of the SDK, or put them in
# different outputs.
# cmakeFlags = "-DBUILD_ONLY=aws-cpp-sdk-s3";
cmakeFlags =
lib.optional (!customMemoryManagement) "-DCUSTOM_MEMORY_MANAGEMENT=0"
++ lib.optional (apis != ["*"])
"-DBUILD_ONLY=${lib.concatMapStringsSep ";" (api: "aws-cpp-sdk-" + api) apis}";
enableParallelBuilding = true;

15
pkgs/development/libraries/glibc/builder.sh
View File

@ -22,22 +22,11 @@ postInstall() {
test -f $out/etc/ld.so.cache && rm $out/etc/ld.so.cache
# FIXME: Use `test -n $linuxHeaders' when `kernelHeaders' has been
# renamed.
if test -z "$hurdHeaders"; then
if test -n "$linuxHeaders"; then
# Include the Linux kernel headers in Glibc, except the `scsi'
# subdirectory, which Glibc provides itself.
(cd $out/include && \
ln -sv $(ls -d $kernelHeaders/include/* | grep -v 'scsi$') .)
fi
if test -f "$out/lib/libhurduser.so"; then
# libc.so, libhurduser.so, and libmachuser.so depend on each
# other, so add them to libc.so (a RUNPATH on libc.so.0.3
# would be ignored by the cross-linker.)
echo "adding \`libhurduser.so' and \`libmachuser.so' to the \`libc.so' linker script..."
sed -i "$out/lib/libc.so" \
-e"s|\(libc\.so\.[^ ]\+\>\)|\1 $out/lib/libhurduser.so $out/lib/libmachuser.so|g"
ln -sv $(ls -d $linuxHeaders/include/* | grep -v 'scsi$') .)
fi
# Fix for NIXOS-54 (ldd not working on x86_64). Make a symlink

98
pkgs/development/libraries/glibc/common.nix
View File

@ -3,27 +3,22 @@
cross:
{ name, fetchurl, fetchgit ? null, stdenv, installLocales ? false
, gccCross ? null, kernelHeaders ? null
, machHeaders ? null, hurdHeaders ? null, libpthreadHeaders ? null
, mig ? null
{ name, fetchurl, lib, stdenv, installLocales ? false
, gccCross ? null, linuxHeaders ? null
, profilingLibraries ? false, meta
, withGd ? false, gd ? null, libpng ? null
, preConfigure ? "", ... }@args:
let
version = "2.21";
version = "2.23";
sha256 = "1lk9a8jv5kyx8hp0wmfzjyk047q95ybyjqbyw5idl7414jxqml1b";
in
assert cross != null -> gccCross != null;
assert mig != null -> machHeaders != null;
assert machHeaders != null -> hurdHeaders != null;
assert hurdHeaders != null -> libpthreadHeaders != null;
stdenv.mkDerivation ({
inherit kernelHeaders installLocales;
inherit linuxHeaders installLocales;
# The host/target system.
crossConfig = if cross != null then cross.config else null;
@ -32,9 +27,7 @@ stdenv.mkDerivation ({
enableParallelBuilding = true;
/* Don't try to apply these patches to the Hurd's snapshot, which is
older. */
patches = stdenv.lib.optionals (hurdHeaders == null)
patches =
[ /* Have rpcgen(1) look for cpp(1) in $PATH. */
./rpcgen-path.patch
@ -56,14 +49,6 @@ stdenv.mkDerivation ({
"/bin:/usr/bin", which is inappropriate on NixOS machines. This
patch extends the search path by "/run/current-system/sw/bin". */
./fix_path_attribute_in_getconf.patch
./security-4a28f4d5.patch
./security-bdf1ff05.patch
./cve-2014-8121.patch
./cve-2015-1781.patch
./cve-2015-7547.patch
./glibc-locale-incompatibility.patch
];
postPatch =
@ -100,36 +85,35 @@ stdenv.mkDerivation ({
"--sysconfdir=/etc"
"--localedir=/var/run/current-system/sw/lib/locale"
"libc_cv_ssp=no"
(if kernelHeaders != null
then "--with-headers=${kernelHeaders}/include"
(if linuxHeaders != null
then "--with-headers=${linuxHeaders}/include"
else "--without-headers")
(if profilingLibraries
then "--enable-profile"
else "--disable-profile")
] ++ stdenv.lib.optionals (cross == null && kernelHeaders != null) [
] ++ lib.optionals (cross == null && linuxHeaders != null) [
"--enable-kernel=2.6.32"
] ++ stdenv.lib.optionals (cross != null) [
] ++ lib.optionals (cross != null) [
(if cross.withTLS then "--with-tls" else "--without-tls")
(if cross.float == "soft" then "--without-fp" else "--with-fp")
] ++ stdenv.lib.optionals (cross != null
] ++ lib.optionals (cross != null
&& cross.platform ? kernelMajor
&& cross.platform.kernelMajor == "2.6") [
"--enable-kernel=2.6.0"
"--with-__thread"
] ++ stdenv.lib.optionals (cross == null && stdenv.isArm) [
] ++ lib.optionals (cross == null && stdenv.isArm) [
"--host=arm-linux-gnueabi"
"--build=arm-linux-gnueabi"
# To avoid linking with -lgcc_s (dynamic link)
# so the glibc does not depend on its compiler store path
"libc_cv_as_needed=no"
] ++ stdenv.lib.optional withGd "--with-gd";
] ++ lib.optional withGd "--with-gd";
installFlags = [ "sysconfdir=$(out)/etc" ];
buildInputs = stdenv.lib.optionals (cross != null) [ gccCross ]
++ stdenv.lib.optional (mig != null) mig
++ stdenv.lib.optionals withGd [ gd libpng ];
buildInputs = lib.optionals (cross != null) [ gccCross ]
++ lib.optionals withGd [ gd libpng ];
# Needed to install share/zoneinfo/zone.tab. Set to impure /bin/sh to
# prevent a retained dependency on the bootstrap tools in the stdenv-linux
@ -141,32 +125,22 @@ stdenv.mkDerivation ({
# I.e. when gcc is compiled with --with-arch=i686, then the
# preprocessor symbol `__i686' will be defined to `1'. This causes
# the symbol __i686.get_pc_thunk.dx to be mangled.
NIX_CFLAGS_COMPILE = stdenv.lib.optionalString (stdenv.system == "i686-linux") "-U__i686"
NIX_CFLAGS_COMPILE = lib.optionalString (stdenv.system == "i686-linux") "-U__i686"
+ " -Wno-error=strict-prototypes";
}
# Remove the `gccCross' attribute so that the *native* glibc store path
# doesn't depend on whether `gccCross' is null or not.
// (removeAttrs args [ "gccCross" "fetchurl" "fetchgit" "withGd" "gd" "libpng" ]) //
// (removeAttrs args [ "lib" "gccCross" "fetchurl" "withGd" "gd" "libpng" ]) //
{
name = name + "-${version}" +
stdenv.lib.optionalString (cross != null) "-${cross.config}";
lib.optionalString (cross != null) "-${cross.config}";
src =
if hurdHeaders != null
then fetchgit {
# Shamefully the "official" glibc won't build on GNU, so use the one
# maintained by the Hurd folks, `tschwinge/Roger_Whittaker' branch.
# See <http://www.gnu.org/software/hurd/source_repositories/glibc.html>.
url = "git://git.sv.gnu.org/hurd/glibc.git";
sha256 = "cecec9dd5a2bafc875c56b058b6d7628a22b250b53747513dec304f31ffdb82d";
rev = "d3cdecf18e6550b0984a42b43ed48c5fb26501e1";
}
else fetchurl {
url = "mirror://gnu/glibc/glibc-${version}.tar.gz";
sha256 = "0f4prv4c0fcpi85wv4028wqxn075197gwxhgf0vp571fiw2pi3wd";
};
src = fetchurl {
url = "mirror://gnu/glibc/glibc-${version}.tar.gz";
inherit sha256;
};
# Remove absolute paths from `configure' & co.; build out-of-tree.
preConfigure = ''
@ -182,17 +156,18 @@ stdenv.mkDerivation ({
configureScript="`pwd`/../$sourceRoot/configure"
${stdenv.lib.optionalString (stdenv.cc.libc != null)
${lib.optionalString (stdenv.cc.libc != null)
''makeFlags="$makeFlags BUILD_LDFLAGS=-Wl,-rpath,${stdenv.cc.libc}/lib"''
}
${preConfigure}
'';
preBuild = lib.optionalString withGd "unset NIX_DONT_SET_RPATH";
meta = {
homepage = http://www.gnu.org/software/libc/;
description = "The GNU C Library"
+ stdenv.lib.optionalString (hurdHeaders != null) ", for GNU/Hurd";
description = "The GNU C Library";
longDescription =
'' Any Unix-like operating system needs a C library: the library which
@ -203,24 +178,9 @@ stdenv.mkDerivation ({
most systems with the Linux kernel.
'';
license = stdenv.lib.licenses.lgpl2Plus;
license = lib.licenses.lgpl2Plus;
maintainers = [ ];
#platforms = stdenv.lib.platforms.linux;
maintainers = [ lib.maintainers.eelco ];
#platforms = lib.platforms.linux;
} // meta;
}
// stdenv.lib.optionalAttrs withGd {
preBuild = "unset NIX_DONT_SET_RPATH";
}
// stdenv.lib.optionalAttrs (hurdHeaders != null) {
# Work around the fact that the configure snippet that looks for
# <hurd/version.h> does not honor `--with-headers=$sysheaders' and that
# glibc expects Mach, Hurd, and pthread headers to be in the same place.
CPATH = "${hurdHeaders}/include:${machHeaders}/include:${libpthreadHeaders}/include";
# Install NSS stuff in the right place.
# XXX: This will be needed for all new glibcs and isn't Hurd-specific.
makeFlags = ''vardbdir="$out/var/db"'';
})

230
pkgs/development/libraries/glibc/cve-2014-8121.patch
View File

@ -1,230 +0,0 @@
From 03d2730b44cc2236318fd978afa2651753666c55 Mon Sep 17 00:00:00 2001
From: Florian Weimer <fweimer@redhat.com>
Date: Wed, 29 Apr 2015 14:41:25 +0200
Subject: [PATCH] CVE-2014-8121: Do not close NSS files database during
iteration [BZ #18007]
MIME-Version: 1.0
Content-Type: text/plain; charset=utf8
Content-Transfer-Encoding: 8bit
Robin Hack discovered Samba would enter an infinite loop processing
certain quota-related requests. We eventually tracked this down to a
glibc issue.
Running a (simplified) test case under strace shows that /etc/passwd
is continuously opened and closed:
…
open("/etc/passwd", O_RDONLY|O_CLOEXEC) = 3
lseek(3, 0, SEEK_CUR) = 0
read(3, "root:x:0:0:root:/root:/bin/bash\n"..., 4096) = 2717
lseek(3, 2717, SEEK_SET) = 2717
close(3) = 0
open("/etc/passwd", O_RDONLY|O_CLOEXEC) = 3
lseek(3, 0, SEEK_CUR) = 0
lseek(3, 0, SEEK_SET) = 0
read(3, "root:x:0:0:root:/root:/bin/bash\n"..., 4096) = 2717
lseek(3, 2717, SEEK_SET) = 2717
close(3) = 0
open("/etc/passwd", O_RDONLY|O_CLOEXEC) = 3
lseek(3, 0, SEEK_CUR) = 0
…
The lookup function implementation in
nss/nss_files/files-XXX.c:DB_LOOKUP has code to prevent that. It is
supposed skip closing the input file if it was already open.
/* Reset file pointer to beginning or open file. */ \
status = internal_setent (keep_stream); \
\
if (status == NSS_STATUS_SUCCESS) \
{ \
/* Tell getent function that we have repositioned the file pointer. */ \
last_use = getby; \
\
while ((status = internal_getent (result, buffer, buflen, errnop \
H_ERRNO_ARG EXTRA_ARGS_VALUE)) \
== NSS_STATUS_SUCCESS) \
{ break_if_match } \
\
if (! keep_stream) \
internal_endent (); \
} \
keep_stream is initialized from the stayopen flag in internal_setent.
internal_setent is called from the set*ent implementation as:
status = internal_setent (stayopen);
However, for non-host database, this flag is always 0, per the
STAYOPEN magic in nss/getXXent_r.c.
Thus, the fix is this:
- status = internal_setent (stayopen);
+ status = internal_setent (1);
This is not a behavioral change even for the hosts database (where the
application can specify the stayopen flag) because with a call to
sethostent(0), the file handle is still not closed in the
implementation of gethostent.
---
ChangeLog | 8 ++++
NEWS | 12 +++--
nss/Makefile | 2 +-
nss/nss_files/files-XXX.c | 2 +-
nss/tst-nss-getpwent.c | 118 ++++++++++++++++++++++++++++++++++++++++++++++
5 files changed, 136 insertions(+), 6 deletions(-)
create mode 100644 nss/tst-nss-getpwent.c
diff --git a/nss/Makefile b/nss/Makefile
index d75dad2..65ab7b5 100644
--- a/nss/Makefile
+++ b/nss/Makefile
@@ -47,7 +47,7 @@ install-bin := getent makedb
makedb-modules = xmalloc hash-string
extra-objs += $(makedb-modules:=.o)
-tests = test-netdb tst-nss-test1 test-digits-dots
+tests = test-netdb tst-nss-test1 test-digits-dots tst-nss-getpwent
xtests = bug-erange
# Specify rules for the nss_* modules. We have some services.
diff --git a/nss/nss_files/files-XXX.c b/nss/nss_files/files-XXX.c
index a7a45e5..a7ce5ea 100644
--- a/nss/nss_files/files-XXX.c
+++ b/nss/nss_files/files-XXX.c
@@ -134,7 +134,7 @@ CONCAT(_nss_files_set,ENTNAME) (int stayopen)
__libc_lock_lock (lock);
- status = internal_setent (stayopen);
+ status = internal_setent (1);
if (status == NSS_STATUS_SUCCESS && fgetpos (stream, &position) < 0)
{
diff --git a/nss/tst-nss-getpwent.c b/nss/tst-nss-getpwent.c
new file mode 100644
index 0000000..f2e8abc
--- /dev/null
+++ b/nss/tst-nss-getpwent.c
@@ -0,0 +1,118 @@
+/* Copyright (C) 2015 Free Software Foundation, Inc.
+ This file is part of the GNU C Library.
+
+ The GNU C Library is free software; you can redistribute it and/or
+ modify it under the terms of the GNU Lesser General Public
+ License as published by the Free Software Foundation; either
+ version 2.1 of the License, or (at your option) any later version.
+
+ The GNU C Library is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ Lesser General Public License for more details.
+
+ You should have received a copy of the GNU Lesser General Public
+ License along with the GNU C Library; if not, see
+ <http://www.gnu.org/licenses/>. */
+
+#include <pwd.h>
+#include <stdbool.h>
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+
+int
+do_test (void)
+{
+ /* Count the number of entries in the password database, and fetch
+ data from the first and last entries. */
+ size_t count = 0;
+ struct passwd * pw;
+ char *first_name = NULL;
+ uid_t first_uid = 0;
+ char *last_name = NULL;
+ uid_t last_uid = 0;
+ setpwent ();
+ while ((pw = getpwent ()) != NULL)
+ {
+ if (first_name == NULL)
+ {
+ first_name = strdup (pw->pw_name);
+ if (first_name == NULL)
+ {
+ printf ("strdup: %m\n");
+ return 1;
+ }
+ first_uid = pw->pw_uid;
+ }
+
+ free (last_name);
+ last_name = strdup (pw->pw_name);
+ if (last_name == NULL)
+ {
+ printf ("strdup: %m\n");
+ return 1;
+ }
+ last_uid = pw->pw_uid;
+ ++count;
+ }
+ endpwent ();
+
+ if (count == 0)
+ {
+ printf ("No entries in the password database.\n");
+ return 0;
+ }
+
+ /* Try again, this time interleaving with name-based and UID-based
+ lookup operations. The counts do not match if the interleaved
+ lookups affected the enumeration. */
+ size_t new_count = 0;
+ setpwent ();
+ while ((pw = getpwent ()) != NULL)
+ {
+ if (new_count == count)
+ {
+ printf ("Additional entry in the password database.\n");
+ return 1;
+ }
+ ++new_count;
+ struct passwd *pw2 = getpwnam (first_name);
+ if (pw2 == NULL)
+ {
+ printf ("getpwnam (%s) failed: %m\n", first_name);
+ return 1;
+ }
+ pw2 = getpwnam (last_name);
+ if (pw2 == NULL)
+ {
+ printf ("getpwnam (%s) failed: %m\n", last_name);
+ return 1;
+ }
+ pw2 = getpwuid (first_uid);
+ if (pw2 == NULL)
+ {
+ printf ("getpwuid (%llu) failed: %m\n",
+ (unsigned long long) first_uid);
+ return 1;
+ }
+ pw2 = getpwuid (last_uid);
+ if (pw2 == NULL)
+ {
+ printf ("getpwuid (%llu) failed: %m\n",
+ (unsigned long long) last_uid);
+ return 1;
+ }
+ }
+ endpwent ();
+ if (new_count < count)
+ {
+ printf ("Missing entry in the password database.\n");
+ return 1;
+ }
+
+ return 0;
+}
+
+#define TEST_FUNCTION do_test ()
+#include "../test-skeleton.c"

27
pkgs/development/libraries/glibc/cve-2015-1781.patch
View File

@ -1,27 +0,0 @@
From 2959eda9272a033863c271aff62095abd01bd4e3 Mon Sep 17 00:00:00 2001
From: Arjun Shankar <arjun.is@lostca.se>
Date: Tue, 21 Apr 2015 14:06:31 +0200
Subject: [PATCH] CVE-2015-1781: resolv/nss_dns/dns-host.c buffer overflow
[BZ#18287]
---
ChangeLog | 6 ++++++
NEWS | 9 ++++++++-
resolv/nss_dns/dns-host.c | 3 ++-
3 files changed, 16 insertions(+), 2 deletions(-)
diff --git a/resolv/nss_dns/dns-host.c b/resolv/nss_dns/dns-host.c
index b16b0dd..d8c5579 100644
--- a/resolv/nss_dns/dns-host.c
+++ b/resolv/nss_dns/dns-host.c
@@ -615,7 +615,8 @@ getanswer_r (const querybuf *answer, int anslen, const char *qname, int qtype,
int have_to_map = 0;
uintptr_t pad = -(uintptr_t) buffer % __alignof__ (struct host_data);
buffer += pad;
- if (__glibc_unlikely (buflen < sizeof (struct host_data) + pad))
+ buflen = buflen > pad ? buflen - pad : 0;
+ if (__glibc_unlikely (buflen < sizeof (struct host_data)))
{
/* The buffer is too small. */
too_small:

573
pkgs/development/libraries/glibc/cve-2015-7547.patch
View File

@ -1,573 +0,0 @@
CVE-2015-7547
2016-02-15 Carlos O'Donell <carlos@redhat.com>
[BZ #18665]
* resolv/nss_dns/dns-host.c (gaih_getanswer_slice): Always set
*herrno_p.
(gaih_getanswer): Document functional behviour. Return tryagain
if any result is tryagain.
* resolv/res_query.c (__libc_res_nsearch): Set buffer size to zero
when freed.
* resolv/res_send.c: Add copyright text.
(__libc_res_nsend): Document that MAXPACKET is expected.
(send_vc): Document. Remove buffer reuse.
(send_dg): Document. Remove buffer reuse. Set *thisanssizp to set the
size of the buffer. Add Dprint for truncated UDP buffer.
diff --git a/resolv/nss_dns/dns-host.c b/resolv/nss_dns/dns-host.c
index a255d5e..47cfe27 100644
--- a/resolv/nss_dns/dns-host.c
+++ b/resolv/nss_dns/dns-host.c
@@ -1031,7 +1031,10 @@ gaih_getanswer_slice (const querybuf *answer, int anslen, const char *qname,
int h_namelen = 0;
if (ancount == 0)
- return NSS_STATUS_NOTFOUND;
+ {
+ *h_errnop = HOST_NOT_FOUND;
+ return NSS_STATUS_NOTFOUND;
+ }
while (ancount-- > 0 && cp < end_of_message && had_error == 0)
{
@@ -1208,7 +1211,14 @@ gaih_getanswer_slice (const querybuf *answer, int anslen, const char *qname,
/* Special case here: if the resolver sent a result but it only
contains a CNAME while we are looking for a T_A or T_AAAA record,
we fail with NOTFOUND instead of TRYAGAIN. */
- return canon == NULL ? NSS_STATUS_TRYAGAIN : NSS_STATUS_NOTFOUND;
+ if (canon != NULL)
+ {
+ *h_errnop = HOST_NOT_FOUND;
+ return NSS_STATUS_NOTFOUND;
+ }
+
+ *h_errnop = NETDB_INTERNAL;
+ return NSS_STATUS_TRYAGAIN;
}
@@ -1222,11 +1232,101 @@ gaih_getanswer (const querybuf *answer1, int anslen1, const querybuf *answer2,
enum nss_status status = NSS_STATUS_NOTFOUND;
+ /* Combining the NSS status of two distinct queries requires some
+ compromise and attention to symmetry (A or AAAA queries can be
+ returned in any order). What follows is a breakdown of how this
+ code is expected to work and why. We discuss only SUCCESS,
+ TRYAGAIN, NOTFOUND and UNAVAIL, since they are the only returns
+ that apply (though RETURN and MERGE exist). We make a distinction
+ between TRYAGAIN (recoverable) and TRYAGAIN' (not-recoverable).
+ A recoverable TRYAGAIN is almost always due to buffer size issues
+ and returns ERANGE in errno and the caller is expected to retry
+ with a larger buffer.
+
+ Lastly, you may be tempted to make significant changes to the
+ conditions in this code to bring about symmetry between responses.
+ Please don't change anything without due consideration for
+ expected application behaviour. Some of the synthesized responses
+ aren't very well thought out and sometimes appear to imply that
+ IPv4 responses are always answer 1, and IPv6 responses are always
+ answer 2, but that's not true (see the implemetnation of send_dg
+ and send_vc to see response can arrive in any order, particlarly
+ for UDP). However, we expect it holds roughly enough of the time
+ that this code works, but certainly needs to be fixed to make this
+ a more robust implementation.
+
+ ----------------------------------------------
+ | Answer 1 Status / | Synthesized | Reason |
+ | Answer 2 Status | Status | |
+ |--------------------------------------------|
+ | SUCCESS/SUCCESS | SUCCESS | [1] |
+ | SUCCESS/TRYAGAIN | TRYAGAIN | [5] |
+ | SUCCESS/TRYAGAIN' | SUCCESS | [1] |
+ | SUCCESS/NOTFOUND | SUCCESS | [1] |
+ | SUCCESS/UNAVAIL | SUCCESS | [1] |
+ | TRYAGAIN/SUCCESS | TRYAGAIN | [2] |
+ | TRYAGAIN/TRYAGAIN | TRYAGAIN | [2] |
+ | TRYAGAIN/TRYAGAIN' | TRYAGAIN | [2] |
+ | TRYAGAIN/NOTFOUND | TRYAGAIN | [2] |
+ | TRYAGAIN/UNAVAIL | TRYAGAIN | [2] |
+ | TRYAGAIN'/SUCCESS | SUCCESS | [3] |
+ | TRYAGAIN'/TRYAGAIN | TRYAGAIN | [3] |
+ | TRYAGAIN'/TRYAGAIN' | TRYAGAIN' | [3] |
+ | TRYAGAIN'/NOTFOUND | TRYAGAIN' | [3] |
+ | TRYAGAIN'/UNAVAIL | UNAVAIL | [3] |
+ | NOTFOUND/SUCCESS | SUCCESS | [3] |
+ | NOTFOUND/TRYAGAIN | TRYAGAIN | [3] |
+ | NOTFOUND/TRYAGAIN' | TRYAGAIN' | [3] |
+ | NOTFOUND/NOTFOUND | NOTFOUND | [3] |
+ | NOTFOUND/UNAVAIL | UNAVAIL | [3] |
+ | UNAVAIL/SUCCESS | UNAVAIL | [4] |
+ | UNAVAIL/TRYAGAIN | UNAVAIL | [4] |
+ | UNAVAIL/TRYAGAIN' | UNAVAIL | [4] |
+ | UNAVAIL/NOTFOUND | UNAVAIL | [4] |
+ | UNAVAIL/UNAVAIL | UNAVAIL | [4] |
+ ----------------------------------------------
+
+ [1] If the first response is a success we return success.
+ This ignores the state of the second answer and in fact
+ incorrectly sets errno and h_errno to that of the second
+ answer. However because the response is a success we ignore
+ *errnop and *h_errnop (though that means you touched errno on
+ success). We are being conservative here and returning the
+ likely IPv4 response in the first answer as a success.
+
+ [2] If the first response is a recoverable TRYAGAIN we return
+ that instead of looking at the second response. The
+ expectation here is that we have failed to get an IPv4 response
+ and should retry both queries.
+
+ [3] If the first response was not a SUCCESS and the second
+ response is not NOTFOUND (had a SUCCESS, need to TRYAGAIN,
+ or failed entirely e.g. TRYAGAIN' and UNAVAIL) then use the
+ result from the second response, otherwise the first responses
+ status is used. Again we have some odd side-effects when the
+ second response is NOTFOUND because we overwrite *errnop and
+ *h_errnop that means that a first answer of NOTFOUND might see
+ its *errnop and *h_errnop values altered. Whether it matters
+ in practice that a first response NOTFOUND has the wrong
+ *errnop and *h_errnop is undecided.
+
+ [4] If the first response is UNAVAIL we return that instead of
+ looking at the second response. The expectation here is that
+ it will have failed similarly e.g. configuration failure.
+
+ [5] Testing this code is complicated by the fact that truncated
+ second response buffers might be returned as SUCCESS if the
+ first answer is a SUCCESS. To fix this we add symmetry to
+ TRYAGAIN with the second response. If the second response
+ is a recoverable error we now return TRYAGIN even if the first
+ response was SUCCESS. */
+
if (anslen1 > 0)
status = gaih_getanswer_slice(answer1, anslen1, qname,
&pat, &buffer, &buflen,
errnop, h_errnop, ttlp,
&first);
+
if ((status == NSS_STATUS_SUCCESS || status == NSS_STATUS_NOTFOUND
|| (status == NSS_STATUS_TRYAGAIN
/* We want to look at the second answer in case of an
@@ -1242,8 +1342,15 @@ gaih_getanswer (const querybuf *answer1, int anslen1, const querybuf *answer2,
&pat, &buffer, &buflen,
errnop, h_errnop, ttlp,
&first);
+ /* Use the second response status in some cases. */
if (status != NSS_STATUS_SUCCESS && status2 != NSS_STATUS_NOTFOUND)
status = status2;
+ /* Do not return a truncated second response (unless it was
+ unavoidable e.g. unrecoverable TRYAGAIN). */
+ if (status == NSS_STATUS_SUCCESS
+ && (status2 == NSS_STATUS_TRYAGAIN
+ && *errnop == ERANGE && *h_errnop != NO_RECOVERY))
+ status = NSS_STATUS_TRYAGAIN;
}
return status;
diff --git a/resolv/res_query.c b/resolv/res_query.c
index 4a9b3b3..95470a9 100644
--- a/resolv/res_query.c
+++ b/resolv/res_query.c
@@ -396,6 +396,7 @@ __libc_res_nsearch(res_state statp,
{
free (*answerp2);
*answerp2 = NULL;
+ *nanswerp2 = 0;
*answerp2_malloced = 0;
}
}
@@ -447,6 +448,7 @@ __libc_res_nsearch(res_state statp,
{
free (*answerp2);
*answerp2 = NULL;
+ *nanswerp2 = 0;
*answerp2_malloced = 0;
}
@@ -521,6 +523,7 @@ __libc_res_nsearch(res_state statp,
{
free (*answerp2);
*answerp2 = NULL;
+ *nanswerp2 = 0;
*answerp2_malloced = 0;
}
if (saved_herrno != -1)
diff --git a/resolv/res_send.c b/resolv/res_send.c
index a968b95..21843f1 100644
--- a/resolv/res_send.c
+++ b/resolv/res_send.c
@@ -1,3 +1,20 @@
+/* Copyright (C) 2016 Free Software Foundation, Inc.
+ This file is part of the GNU C Library.
+
+ The GNU C Library is free software; you can redistribute it and/or
+ modify it under the terms of the GNU Lesser General Public
+ License as published by the Free Software Foundation; either
+ version 2.1 of the License, or (at your option) any later version.
+
+ The GNU C Library is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ Lesser General Public License for more details.
+
+ You should have received a copy of the GNU Lesser General Public
+ License along with the GNU C Library; if not, see
+ <http://www.gnu.org/licenses/>. */
+
/*
* Copyright (c) 1985, 1989, 1993
* The Regents of the University of California. All rights reserved.
@@ -355,6 +372,8 @@ __libc_res_nsend(res_state statp, const u_char *buf, int buflen,
#ifdef USE_HOOKS
if (__glibc_unlikely (statp->qhook || statp->rhook)) {
if (anssiz < MAXPACKET && ansp) {
+ /* Always allocate MAXPACKET, callers expect
+ this specific size. */
u_char *buf = malloc (MAXPACKET);
if (buf == NULL)
return (-1);
@@ -630,6 +649,77 @@ get_nsaddr (res_state statp, int n)
return (struct sockaddr *) (void *) &statp->nsaddr_list[n];
}
+/* The send_vc function is responsible for sending a DNS query over TCP
+ to the nameserver numbered NS from the res_state STATP i.e.
+ EXT(statp).nssocks[ns]. The function supports sending both IPv4 and
+ IPv6 queries at the same serially on the same socket.
+
+ Please note that for TCP there is no way to disable sending both
+ queries, unlike UDP, which honours RES_SNGLKUP and RES_SNGLKUPREOP
+ and sends the queries serially and waits for the result after each
+ sent query. This implemetnation should be corrected to honour these
+ options.
+
+ Please also note that for TCP we send both queries over the same
+ socket one after another. This technically violates best practice
+ since the server is allowed to read the first query, respond, and
+ then close the socket (to service another client). If the server
+ does this, then the remaining second query in the socket data buffer
+ will cause the server to send the client an RST which will arrive
+ asynchronously and the client's OS will likely tear down the socket
+ receive buffer resulting in a potentially short read and lost
+ response data. This will force the client to retry the query again,
+ and this process may repeat until all servers and connection resets
+ are exhausted and then the query will fail. It's not known if this
+ happens with any frequency in real DNS server implementations. This
+ implementation should be corrected to use two sockets by default for
+ parallel queries.
+
+ The query stored in BUF of BUFLEN length is sent first followed by
+ the query stored in BUF2 of BUFLEN2 length. Queries are sent
+ serially on the same socket.
+
+ Answers to the query are stored firstly in *ANSP up to a max of
+ *ANSSIZP bytes. If more than *ANSSIZP bytes are needed and ANSCP
+ is non-NULL (to indicate that modifying the answer buffer is allowed)
+ then malloc is used to allocate a new response buffer and ANSCP and
+ ANSP will both point to the new buffer. If more than *ANSSIZP bytes
+ are needed but ANSCP is NULL, then as much of the response as
+ possible is read into the buffer, but the results will be truncated.
+ When truncation happens because of a small answer buffer the DNS
+ packets header feild TC will bet set to 1, indicating a truncated
+ message and the rest of the socket data will be read and discarded.
+
+ Answers to the query are stored secondly in *ANSP2 up to a max of
+ *ANSSIZP2 bytes, with the actual response length stored in
+ *RESPLEN2. If more than *ANSSIZP bytes are needed and ANSP2
+ is non-NULL (required for a second query) then malloc is used to
+ allocate a new response buffer, *ANSSIZP2 is set to the new buffer
+ size and *ANSP2_MALLOCED is set to 1.
+
+ The ANSP2_MALLOCED argument will eventually be removed as the
+ change in buffer pointer can be used to detect the buffer has
+ changed and that the caller should use free on the new buffer.
+
+ Note that the answers may arrive in any order from the server and
+ therefore the first and second answer buffers may not correspond to
+ the first and second queries.
+
+ It is not supported to call this function with a non-NULL ANSP2
+ but a NULL ANSCP. Put another way, you can call send_vc with a
+ single unmodifiable buffer or two modifiable buffers, but no other
+ combination is supported.
+
+ It is the caller's responsibility to free the malloc allocated
+ buffers by detecting that the pointers have changed from their
+ original values i.e. *ANSCP or *ANSP2 has changed.
+
+ If errors are encountered then *TERRNO is set to an appropriate
+ errno value and a zero result is returned for a recoverable error,
+ and a less-than zero result is returned for a non-recoverable error.
+
+ If no errors are encountered then *TERRNO is left unmodified and
+ a the length of the first response in bytes is returned. */
static int
send_vc(res_state statp,
const u_char *buf, int buflen, const u_char *buf2, int buflen2,
@@ -639,11 +729,7 @@ send_vc(res_state statp,
{
const HEADER *hp = (HEADER *) buf;
const HEADER *hp2 = (HEADER *) buf2;
- u_char *ans = *ansp;
- int orig_anssizp = *anssizp;
- // XXX REMOVE
- // int anssiz = *anssizp;
- HEADER *anhp = (HEADER *) ans;
+ HEADER *anhp = (HEADER *) *ansp;
struct sockaddr_in6 *nsap = EXT(statp).nsaddrs[ns];
int truncating, connreset, n;
/* On some architectures compiler might emit a warning indicating
@@ -731,6 +817,8 @@ send_vc(res_state statp,
* Receive length & response
*/
int recvresp1 = 0;
+ /* Skip the second response if there is no second query.
+ To do that we mark the second response as received. */
int recvresp2 = buf2 == NULL;
uint16_t rlen16;
read_len:
@@ -767,40 +855,14 @@ send_vc(res_state statp,
u_char **thisansp;
int *thisresplenp;
if ((recvresp1 | recvresp2) == 0 || buf2 == NULL) {
+ /* We have not received any responses
+ yet or we only have one response to
+ receive. */
thisanssizp = anssizp;
thisansp = anscp ?: ansp;
assert (anscp != NULL || ansp2 == NULL);
thisresplenp = &resplen;
} else {
- if (*anssizp != MAXPACKET) {
- /* No buffer allocated for the first
- reply. We can try to use the rest
- of the user-provided buffer. */
-#if __GNUC_PREREQ (4, 7)
- DIAG_PUSH_NEEDS_COMMENT;
- DIAG_IGNORE_NEEDS_COMMENT (5, "-Wmaybe-uninitialized");
-#endif
-#if _STRING_ARCH_unaligned
- *anssizp2 = orig_anssizp - resplen;
- *ansp2 = *ansp + resplen;
-#else
- int aligned_resplen
- = ((resplen + __alignof__ (HEADER) - 1)
- & ~(__alignof__ (HEADER) - 1));
- *anssizp2 = orig_anssizp - aligned_resplen;
- *ansp2 = *ansp + aligned_resplen;
-#endif
-#if __GNUC_PREREQ (4, 7)
- DIAG_POP_NEEDS_COMMENT;
-#endif
- } else {
- /* The first reply did not fit into the
- user-provided buffer. Maybe the second
- answer will. */
- *anssizp2 = orig_anssizp;
- *ansp2 = *ansp;
- }
-
thisanssizp = anssizp2;
thisansp = ansp2;
thisresplenp = resplen2;
@@ -804,10 +870,14 @@ send_vc(res_state statp,
anhp = (HEADER *) *thisansp;
*thisresplenp = rlen;
- if (rlen > *thisanssizp) {
- /* Yes, we test ANSCP here. If we have two buffers
- both will be allocatable. */
- if (__glibc_likely (anscp != NULL)) {
+ /* Is the answer buffer too small? */
+ if (*thisanssizp < rlen) {
+ /* If the current buffer is not the the static
+ user-supplied buffer then we can reallocate
+ it. */
+ if (thisansp != NULL && thisansp != ansp) {
+ /* Always allocate MAXPACKET, callers expect
+ this specific size. */
u_char *newp = malloc (MAXPACKET);
if (newp == NULL) {
*terrno = ENOMEM;
@@ -819,6 +889,9 @@ send_vc(res_state statp,
if (thisansp == ansp2)
*ansp2_malloced = 1;
anhp = (HEADER *) newp;
+ /* A uint16_t can't be larger than MAXPACKET
+ thus it's safe to allocate MAXPACKET but
+ read RLEN bytes instead. */
len = rlen;
} else {
Dprint(statp->options & RES_DEBUG,
@@ -948,6 +1021,66 @@ reopen (res_state statp, int *terrno, int ns)
return 1;
}
+/* The send_dg function is responsible for sending a DNS query over UDP
+ to the nameserver numbered NS from the res_state STATP i.e.
+ EXT(statp).nssocks[ns]. The function supports IPv4 and IPv6 queries
+ along with the ability to send the query in parallel for both stacks
+ (default) or serially (RES_SINGLKUP). It also supports serial lookup
+ with a close and reopen of the socket used to talk to the server
+ (RES_SNGLKUPREOP) to work around broken name servers.
+
+ The query stored in BUF of BUFLEN length is sent first followed by
+ the query stored in BUF2 of BUFLEN2 length. Queries are sent
+ in parallel (default) or serially (RES_SINGLKUP or RES_SNGLKUPREOP).
+
+ Answers to the query are stored firstly in *ANSP up to a max of
+ *ANSSIZP bytes. If more than *ANSSIZP bytes are needed and ANSCP
+ is non-NULL (to indicate that modifying the answer buffer is allowed)
+ then malloc is used to allocate a new response buffer and ANSCP and
+ ANSP will both point to the new buffer. If more than *ANSSIZP bytes
+ are needed but ANSCP is NULL, then as much of the response as
+ possible is read into the buffer, but the results will be truncated.
+ When truncation happens because of a small answer buffer the DNS
+ packets header feild TC will bet set to 1, indicating a truncated
+ message, while the rest of the UDP packet is discarded.
+
+ Answers to the query are stored secondly in *ANSP2 up to a max of
+ *ANSSIZP2 bytes, with the actual response length stored in
+ *RESPLEN2. If more than *ANSSIZP bytes are needed and ANSP2
+ is non-NULL (required for a second query) then malloc is used to
+ allocate a new response buffer, *ANSSIZP2 is set to the new buffer
+ size and *ANSP2_MALLOCED is set to 1.
+
+ The ANSP2_MALLOCED argument will eventually be removed as the
+ change in buffer pointer can be used to detect the buffer has
+ changed and that the caller should use free on the new buffer.
+
+ Note that the answers may arrive in any order from the server and
+ therefore the first and second answer buffers may not correspond to
+ the first and second queries.
+
+ It is not supported to call this function with a non-NULL ANSP2
+ but a NULL ANSCP. Put another way, you can call send_vc with a
+ single unmodifiable buffer or two modifiable buffers, but no other
+ combination is supported.
+
+ It is the caller's responsibility to free the malloc allocated
+ buffers by detecting that the pointers have changed from their
+ original values i.e. *ANSCP or *ANSP2 has changed.
+
+ If an answer is truncated because of UDP datagram DNS limits then
+ *V_CIRCUIT is set to 1 and the return value non-zero to indicate to
+ the caller to retry with TCP. The value *GOTSOMEWHERE is set to 1
+ if any progress was made reading a response from the nameserver and
+ is used by the caller to distinguish between ECONNREFUSED and
+ ETIMEDOUT (the latter if *GOTSOMEWHERE is 1).
+
+ If errors are encountered then *TERRNO is set to an appropriate
+ errno value and a zero result is returned for a recoverable error,
+ and a less-than zero result is returned for a non-recoverable error.
+
+ If no errors are encountered then *TERRNO is left unmodified and
+ a the length of the first response in bytes is returned. */
static int
send_dg(res_state statp,
const u_char *buf, int buflen, const u_char *buf2, int buflen2,
@@ -957,8 +1090,6 @@ send_dg(res_state statp,
{
const HEADER *hp = (HEADER *) buf;
const HEADER *hp2 = (HEADER *) buf2;
- u_char *ans = *ansp;
- int orig_anssizp = *anssizp;
struct timespec now, timeout, finish;
struct pollfd pfd[1];
int ptimeout;
@@ -991,6 +1122,8 @@ send_dg(res_state statp,
int need_recompute = 0;
int nwritten = 0;
int recvresp1 = 0;
+ /* Skip the second response if there is no second query.
+ To do that we mark the second response as received. */
int recvresp2 = buf2 == NULL;
pfd[0].fd = EXT(statp).nssocks[ns];
pfd[0].events = POLLOUT;
@@ -1154,55 +1287,56 @@ send_dg(res_state statp,
int *thisresplenp;
if ((recvresp1 | recvresp2) == 0 || buf2 == NULL) {
+ /* We have not received any responses
+ yet or we only have one response to
+ receive. */
thisanssizp = anssizp;
thisansp = anscp ?: ansp;
assert (anscp != NULL || ansp2 == NULL);
thisresplenp = &resplen;
} else {
- if (*anssizp != MAXPACKET) {
- /* No buffer allocated for the first
- reply. We can try to use the rest
- of the user-provided buffer. */
-#if _STRING_ARCH_unaligned
- *anssizp2 = orig_anssizp - resplen;
- *ansp2 = *ansp + resplen;
-#else
- int aligned_resplen
- = ((resplen + __alignof__ (HEADER) - 1)
- & ~(__alignof__ (HEADER) - 1));
- *anssizp2 = orig_anssizp - aligned_resplen;
- *ansp2 = *ansp + aligned_resplen;
-#endif
- } else {
- /* The first reply did not fit into the
- user-provided buffer. Maybe the second
- answer will. */
- *anssizp2 = orig_anssizp;
- *ansp2 = *ansp;
- }
-
thisanssizp = anssizp2;
thisansp = ansp2;
thisresplenp = resplen2;
}
if (*thisanssizp < MAXPACKET
- /* Yes, we test ANSCP here. If we have two buffers
- both will be allocatable. */
- && anscp
+ /* If the current buffer is not the the static
+ user-supplied buffer then we can reallocate
+ it. */
+ && (thisansp != NULL && thisansp != ansp)
#ifdef FIONREAD
+ /* Is the size too small? */
&& (ioctl (pfd[0].fd, FIONREAD, thisresplenp) < 0
|| *thisanssizp < *thisresplenp)
#endif
) {
+ /* Always allocate MAXPACKET, callers expect
+ this specific size. */
u_char *newp = malloc (MAXPACKET);
if (newp != NULL) {
- *anssizp = MAXPACKET;
- *thisansp = ans = newp;
+ *thisanssizp = MAXPACKET;
+ *thisansp = newp;
if (thisansp == ansp2)
*ansp2_malloced = 1;
}
}
+ /* We could end up with truncation if anscp was NULL
+ (not allowed to change caller's buffer) and the
+ response buffer size is too small. This isn't a
+ reliable way to detect truncation because the ioctl
+ may be an inaccurate report of the UDP message size.
+ Therefore we use this only to issue debug output.
+ To do truncation accurately with UDP we need
+ MSG_TRUNC which is only available on Linux. We
+ can abstract out the Linux-specific feature in the
+ future to detect truncation. */
+ if (__glibc_unlikely (*thisanssizp < *thisresplenp)) {
+ Dprint(statp->options & RES_DEBUG,
+ (stdout, ";; response may be truncated (UDP)\n")
+ );
+ }
+
HEADER *anhp = (HEADER *) *thisansp;
socklen_t fromlen = sizeof(struct sockaddr_in6);
assert (sizeof(from) <= fromlen);

28
pkgs/development/libraries/glibc/default.nix
View File

@ -1,6 +1,4 @@
{ stdenv, fetchurl, fetchgit ? null, kernelHeaders
, machHeaders ? null, hurdHeaders ? null, libpthreadHeaders ? null
, mig ? null
{ lib, stdenv, fetchurl, linuxHeaders
, installLocales ? true
, profilingLibraries ? false
, gccCross ? null
@ -16,11 +14,10 @@ let
in
build cross ({
name = "glibc"
+ stdenv.lib.optionalString (hurdHeaders != null) "-hurd"
+ stdenv.lib.optionalString debugSymbols "-debug"
+ stdenv.lib.optionalString withGd "-gd";
+ lib.optionalString debugSymbols "-debug"
+ lib.optionalString withGd "-gd";
inherit fetchurl fetchgit stdenv kernelHeaders installLocales
inherit lib stdenv fetchurl linuxHeaders installLocales
profilingLibraries gccCross withGd gd libpng;
builder = ./builder.sh;
@ -58,23 +55,6 @@ in
//
(if hurdHeaders != null
then rec {
inherit machHeaders hurdHeaders libpthreadHeaders mig fetchgit;
propagatedBuildInputs = [ machHeaders hurdHeaders libpthreadHeaders ];
passthru = {
# When building GCC itself `propagatedBuildInputs' above is not
# honored, so we pass it here so that the GCC builder can do the right
# thing.
inherit propagatedBuildInputs;
};
}
else { })
//
(if cross != null
then {
preConfigure = ''

25
pkgs/development/libraries/glibc/glibc-locale-incompatibility.patch
View File

@ -1,25 +0,0 @@
http://git.savannah.gnu.org/cgit/guix.git/plain/gnu/packages/patches/glibc-locale-incompatibility.patch
This patch avoids an assertion failure when incompatible locale data
is encountered:
https://sourceware.org/ml/libc-alpha/2015-09/msg00575.html
--- glibc-2.22/locale/loadlocale.c 2015-09-22 17:16:02.321981548 +0200
+++ glibc-2.22/locale/loadlocale.c 2015-09-22 17:17:34.814659064 +0200
@@ -120,10 +120,11 @@
_nl_value_type_LC_XYZ array. There are all pointers. */
switch (category)
{
-#define CATTEST(cat) \
- case LC_##cat: \
- assert (cnt < (sizeof (_nl_value_type_LC_##cat) \
- / sizeof (_nl_value_type_LC_##cat[0]))); \
+#define CATTEST(cat) \
+ case LC_##cat: \
+ if (cnt >= (sizeof (_nl_value_type_LC_##cat) \
+ / sizeof (_nl_value_type_LC_##cat[0]))) \
+ goto puntdata; \
break
CATTEST (NUMERIC);
CATTEST (TIME);

4
pkgs/development/libraries/glibc/info.nix
View File

@ -1,4 +1,4 @@
{ stdenv, fetchurl, texinfo, perl }:
{ lib, stdenv, fetchurl, texinfo, perl }:
let build = import ./common.nix; in
@ -6,7 +6,7 @@ let build = import ./common.nix; in
build null {
name = "glibc-info";
inherit fetchurl stdenv;
inherit fetchurl stdenv lib;
configureFlags = [ "--enable-add-ons" ];

4
pkgs/development/libraries/glibc/locales.nix
View File

@ -6,14 +6,14 @@
http://sourceware.org/cgi-bin/cvsweb.cgi/libc/localedata/SUPPORTED?cvsroot=glibc
*/
{ stdenv, fetchurl, writeText, allLocales ? true, locales ? ["en_US.UTF-8/UTF-8"] }:
{ lib, stdenv, fetchurl, writeText, allLocales ? true, locales ? ["en_US.UTF-8/UTF-8"] }:
let build = import ./common.nix; in
build null {
name = "glibc-locales";
inherit fetchurl stdenv;
inherit fetchurl stdenv lib;
installLocales = true;
builder = ./locales-builder.sh;

53
pkgs/development/libraries/glibc/security-4a28f4d5.patch
View File

@ -1,53 +0,0 @@
From 4a28f4d55a6cc33474c0792fe93b5942d81bf185 Mon Sep 17 00:00:00 2001
From: Andreas Schwab <schwab@suse.de>
Date: Thu, 26 Feb 2015 14:55:24 +0100
Subject: [PATCH] Fix read past end of pattern in fnmatch (bug 18032)
---
ChangeLog | 7 +++++++
NEWS | 2 +-
posix/fnmatch_loop.c | 5 ++---
posix/tst-fnmatch3.c | 8 +++++---
4 files changed, 15 insertions(+), 7 deletions(-)
diff --git a/posix/fnmatch_loop.c b/posix/fnmatch_loop.c
index c0cb2fc..72c5d8f 100644
--- a/posix/fnmatch_loop.c
+++ b/posix/fnmatch_loop.c
@@ -945,14 +945,13 @@ FCT (pattern, string, string_end, no_leading_period, flags, ends, alloca_used)
}
else if (c == L('[') && *p == L('.'))
{
- ++p;
while (1)
{
c = *++p;
- if (c == '\0')
+ if (c == L('\0'))
return FNM_NOMATCH;
- if (*p == L('.') && p[1] == L(']'))
+ if (c == L('.') && p[1] == L(']'))
break;
}
p += 2;
diff --git a/posix/tst-fnmatch3.c b/posix/tst-fnmatch3.c
index d27a557..75bc00a 100644
--- a/posix/tst-fnmatch3.c
+++ b/posix/tst-fnmatch3.c
@@ -21,9 +21,11 @@
int
do_test (void)
{
- const char *pattern = "[[:alpha:]'[:alpha:]\0]";
-
- return fnmatch (pattern, "a", 0) != FNM_NOMATCH;
+ if (fnmatch ("[[:alpha:]'[:alpha:]\0]", "a", 0) != FNM_NOMATCH)
+ return 1;
+ if (fnmatch ("[a[.\0.]]", "a", 0) != FNM_NOMATCH)
+ return 1;
+ return 0;
}
#define TEST_FUNCTION do_test ()

39
pkgs/development/libraries/glibc/security-bdf1ff05.patch
View File

@ -1,39 +0,0 @@
From bdf1ff052a8e23d637f2c838fa5642d78fcedc33 Mon Sep 17 00:00:00 2001
From: Paul Pluzhnikov <ppluzhnikov@google.com>
Date: Sun, 22 Feb 2015 12:01:47 -0800
Subject: [PATCH] Fix BZ #17269 -- _IO_wstr_overflow integer overflow
---
ChangeLog | 6 ++++++
NEWS | 6 +++---
libio/wstrops.c | 8 +++++++-
3 files changed, 16 insertions(+), 4 deletions(-)
diff --git a/libio/wstrops.c b/libio/wstrops.c
index 43d847d..3993579 100644
--- a/libio/wstrops.c
+++ b/libio/wstrops.c
@@ -95,8 +95,11 @@ _IO_wstr_overflow (fp, c)
wchar_t *old_buf = fp->_wide_data->_IO_buf_base;
size_t old_wblen = _IO_wblen (fp);
_IO_size_t new_size = 2 * old_wblen + 100;
- if (new_size < old_wblen)
+
+ if (__glibc_unlikely (new_size < old_wblen)
+ || __glibc_unlikely (new_size > SIZE_MAX / sizeof (wchar_t)))
return EOF;
+
new_buf
= (wchar_t *) (*((_IO_strfile *) fp)->_s._allocate_buffer) (new_size
* sizeof (wchar_t));
@@ -186,6 +189,9 @@ enlarge_userbuf (_IO_FILE *fp, _IO_off64_t offset, int reading)
return 1;
_IO_size_t newsize = offset + 100;
+ if (__glibc_unlikely (newsize > SIZE_MAX / sizeof (wchar_t)))
+ return 1;
+
wchar_t *oldbuf = wd->_IO_buf_base;
wchar_t *newbuf
= (wchar_t *) (*((_IO_strfile *) fp)->_s._allocate_buffer) (newsize

10
pkgs/development/libraries/qt-5/5.5/qtbase/default.nix
View File

@ -26,6 +26,12 @@
let
inherit (srcs.qt5) version;
system-x86_64 = lib.elem stdenv.system lib.platforms.x86_64;
dontInvalidateBacking = fetchurl {
url = "https://codereview.qt-project.org/gitweb?p=qt/qtbase.git;a=patch;h=0f68f8920573cdce1729a285a92ac8582df32841;hp=24c50f8dcf7fa61ac3c3d4d6295c259a104a2b8c";
name = "qtbug-48321-dont-invalidate-backing-store.patch";
sha256 = "07vnndmvri73psz0nrs2hg0zw2i4b1k1igy2al6kwjbp7d5xpglr";
};
in
stdenv.mkDerivation {
@ -49,6 +55,10 @@ stdenv.mkDerivation {
postPatch =
''
cd qtbase
patch -p1 <${dontInvalidateBacking}
cd ..
substituteInPlace configure --replace /bin/pwd pwd
substituteInPlace qtbase/configure --replace /bin/pwd pwd
substituteInPlace qtbase/src/corelib/global/global.pri --replace /bin/ls ${coreutils}/bin/ls

13
pkgs/development/python-modules/matplotlib/default.nix
View File

@ -12,11 +12,11 @@ assert enableGtk2 -> pygtk != null;
buildPythonPackage rec {
name = "matplotlib-${version}";
version = "1.5.0";
version = "1.5.1";
src = fetchurl {
url = "https://pypi.python.org/packages/source/m/matplotlib/${name}.tar.gz";
sha256 = "67b08b1650a00a6317d94b76a30a47320087e5244920604c5462188cba0c2646";
sha256 = "3ab8d968eac602145642d0db63dd8d67c85e9a5444ce0e2ecb2a8fedc7224d40";
};
NIX_CFLAGS_COMPILE = stdenv.lib.optionalString stdenv.isDarwin "-I${libcxx}/include/c++/v1";
@ -37,6 +37,14 @@ buildPythonPackage rec {
patches = stdenv.lib.optionals stdenv.isDarwin [ ./darwin-stdenv.patch ];
checkPhase = ''
${python.interpreter} tests.py
'';
# The entry point for running tests, tests.py, is not included in the release.
# https://github.com/matplotlib/matplotlib/issues/6017
doCheck = false;
prePatch = ''
# Failing test: ERROR: matplotlib.tests.test_style.test_use_url
sed -i 's/test_use_url/fails/' lib/matplotlib/tests/test_style.py
@ -52,4 +60,5 @@ buildPythonPackage rec {
maintainers = with maintainers; [ lovek323 ];
platforms = platforms.unix;
};
}

9
pkgs/development/tools/build-managers/apache-ant/default.nix
View File

@ -23,9 +23,14 @@ stdenv.mkDerivation {
mv * $out/lib/ant/
# Get rid of the manual (35 MiB). Maybe we should put this in a
# separate output. Also get rid of the Ant scripts since we
# provide our own.
# separate output. Keep the antRun script since it's vanilla sh
# and needed for the <exec/> task (but since we set ANT_HOME to
# a weird value, we have to move antRun to a weird location).
# Get rid of the other Ant scripts since we provide our own.
mv $out/lib/ant/bin/antRun $out/bin/
rm -rf $out/lib/ant/{manual,bin,WHATSNEW}
mkdir $out/lib/ant/bin
mv $out/bin/antRun $out/lib/ant/bin/
# Install ant-contrib.
unpackFile $contrib

4
pkgs/development/tools/continuous-integration/jenkins/default.nix
View File

@ -2,11 +2,11 @@
stdenv.mkDerivation rec {
name = "jenkins-${version}";
version = "1.643";
version = "1.647";
src = fetchurl {
url = "http://mirrors.jenkins-ci.org/war/${version}/jenkins.war";
sha256 = "b8c6387e56d04a0a4a7ec8d9dacd379fbd5d4001d01fdfcd443f9864809f9293";
sha256 = "03r0wic5y8yhpa353s5px7l6m63p7jkb56sh6k4k5dacsc4qcxsj";
};
meta = with stdenv.lib; {
description = "An extendable open source continuous integration server";

7
pkgs/development/tools/misc/gdb/default.nix
View File

@ -3,6 +3,8 @@
, python ? null
, guile ? null
, target ? null
# Support all known targets in one gdb binary.
, multitarget ? false
# Additional dependencies for GNU/Hurd.
, mig ? null, hurd ? null
@ -47,6 +49,7 @@ stdenv.mkDerivation rec {
"--with-separate-debug-dir=/run/current-system/sw/lib/debug"
]
++ optional (target != null) "--target=${target.config}"
++ optional multitarget "--enable-targets=all"
++ optional (elem stdenv.system platforms.cygwin) "--without-python";
crossAttrs = {
@ -54,7 +57,9 @@ stdenv.mkDerivation rec {
configureFlags = with stdenv.lib;
[ "--with-gmp=${gmp.crossDrv}" "--with-mpfr=${mpfr.crossDrv}" "--with-system-readline"
"--with-system-zlib" "--with-expat" "--with-libexpat-prefix=${expat.crossDrv}" "--without-python"
] ++ optional (target != null) "--target=${target.config}";
]
++ optional (target != null) "--target=${target.config}"
++ optional multitarget "--enable-targets=all";
};
postInstall =

21
pkgs/development/tools/misc/msitools/default.nix Normal file
View File

@ -0,0 +1,21 @@
{stdenv, fetchurl, intltool, glib, pkgconfig, libgsf, libuuid, gcab, bzip2}:
stdenv.mkDerivation rec {
version = "0.94";
name = "msitools-${version}";
src = fetchurl {
url = "http://ftp.gnome.org/pub/GNOME/sources/msitools/0.94/${name}.tar.xz";
sha256 = "0bndnm3mgcqkw5dhwy5l1zri4lqvjbhbn5rxz651fkxlkhab8bhm";
};
buildInputs = [intltool glib pkgconfig libgsf libuuid gcab bzip2];
meta = with stdenv.lib; {
description = "Set of programs to inspect and build Windows Installer (.MSI) files";
homepage = https://wiki.gnome.org/msitools;
license = [licenses.gpl2 licenses.lgpl21];
maintainer = [maintainers.vcunat];
platforms = platforms.unix;
};
}

2
pkgs/os-specific/linux/alsa-tools/default.nix
View File

@ -9,7 +9,7 @@ stdenv.mkDerivation rec {
"ftp://ftp.alsa-project.org/pub/tools/${name}.tar.bz2"
"http://alsa.cybermirror.org/tools/${name}.tar.bz2"
];
sha256 = "3b1c3135b76e14532d3dd23fb15759ddd7daf9ffbc183f7a9a0a3a86374748f1";
sha256 = "0ldbaz3qr7z0639xg37ba7cmrb512rrjavap6r5jjl0ab665ad3x";
};
buildInputs = [ alsaLib pkgconfig gtk gtk3 fltk13 ];

2
pkgs/os-specific/linux/cpufrequtils/default.nix
View File

@ -21,7 +21,7 @@ stdenv.mkDerivation rec {
-i Makefile
'';
buildInputs = [ stdenv.cc.libc.kernelHeaders libtool gettext ];
buildInputs = [ stdenv.cc.libc.linuxHeaders libtool gettext ];
meta = {
description = "Tools to display or change the CPU governor settings";

2
pkgs/os-specific/linux/dietlibc/default.nix
View File

@ -11,7 +11,7 @@ stdenv.mkDerivation {
builder = ./builder.sh;
inherit glibc;
kernelHeaders = glibc.kernelHeaders;
kernelHeaders = glibc.linuxHeaders;
patches = [

6
pkgs/os-specific/linux/firmware/firmware-linux-nonfree/default.nix
View File

@ -2,7 +2,7 @@
stdenv.mkDerivation rec {
name = "firmware-linux-nonfree-${version}";
version = "2015-12-04";
version = "2016-01-26";
# This repo is built by merging the latest versions of
# http://git.kernel.org/cgit/linux/kernel/git/firmware/linux-firmware.git/
@ -14,8 +14,8 @@ stdenv.mkDerivation rec {
src = fetchFromGitHub {
owner = "wkennington";
repo = "linux-firmware";
rev = "bbe4917c054eb0a73e250c6363341e3bf6725839";
sha256 = "1p9c74p8j8zmddljaan5i29h8wsbz8911dv2sykpnahg9r939ykd";
rev = "0922e78fc8431c2cc6585eb66e5b75f566644ac8";
sha256 = "07hv4kgbsxndhm1va6k6scy083886aap3naq1l4jdz7dnph4ir02";
};
preInstall = ''

4
pkgs/os-specific/linux/kernel/linux-3.18.nix
View File

@ -1,12 +1,12 @@
{ stdenv, fetchurl, perl, buildLinux, ... } @ args:
import ./generic.nix (args // rec {
version = "3.18.26";
version = "3.18.27";
extraMeta.branch = "3.18";
src = fetchurl {
url = "mirror://kernel/linux/kernel/v3.x/linux-${version}.tar.xz";
sha256 = "0bhf8x1h5crc9kimprjs7q74p86gsqsdr8nz54nv33c6zmryqsic";
sha256 = "01lz0c3ns0yp5vnjch1pn10h43g6fr4xw7w3b6kb477083cjr7dc";
};
kernelPatches = args.kernelPatches;

4
pkgs/os-specific/linux/kernel/linux-4.1.nix
View File

@ -1,12 +1,12 @@
{ stdenv, fetchurl, perl, buildLinux, ... } @ args:
import ./generic.nix (args // rec {
version = "4.1.17";
version = "4.1.18";
extraMeta.branch = "4.1";
src = fetchurl {
url = "mirror://kernel/linux/kernel/v4.x/linux-${version}.tar.xz";
sha256 = "084ij19vgm27ljrjabqqmlqn27p168nsm9grhr6rajid4n79h6ab";
sha256 = "1n838dg058knmx4n5mfqxh2ai9d3x6w9zs1apkwzm89rpisc1ijb";
};
kernelPatches = args.kernelPatches;

4
pkgs/os-specific/linux/kernel/linux-4.3.nix
View File

@ -1,13 +1,13 @@
{ stdenv, fetchurl, perl, buildLinux, ... } @ args:
import ./generic.nix (args // rec {
version = "4.3.4";
version = "4.3.5";
extraMeta.branch = "4.3";
src = fetchurl {
url = "mirror://kernel/linux/kernel/v4.x/linux-${version}.tar.xz";
sha256 = "0vcsvnpxkpxiidlbw3cy1kl02hfml2jy3cbrvwj2nc4a9y5fb3hj";
sha256 = "0g656q51nzb61n0kb2k8br9shvz51yh8kyrsblbjmhi4dbcpizr8";
};
features.iwlwifi = true;

16
pkgs/servers/mail/rmilter/default.nix
View File

@ -2,21 +2,25 @@
stdenv.mkDerivation rec {
name = "rmilter-${version}";
version = "1.6.7";
version = "1.7.3";
src = fetchFromGitHub {
owner = "vstakhov";
repo = "rmilter";
rev = version;
sha256 = "1syviydlv4m1isl0r52sk4s0a75fyk788j1z3yvfzzf1hga333gn";
sha256 = "04xalaxq5xgg5ls0f4ayp8yhzdfq5gqjb8qwfyha3mrx4dqrgh7s";
};
nativeBuildInputs = [ bison cmake flex ];
buildInputs = [ libmilter openssl pcre opendkim];
buildInputs = [ libmilter openssl pcre opendkim ];
meta = with stdenv.lib; {
homepage = "https://github.com/vstakhov/rmilter";
license = licenses.bsd2;
description = "server, used to integrate rspamd and milter compatible MTA, for example postfix or sendmail";
maintainers = maintainers.avnik;
license = licenses.bsd2;
description = ''
Daemon to integrate rspamd and milter compatible MTA, for example
postfix or sendmail
'';
maintainers = with maintainers; [ avnik fpletz ];
};
}

13
pkgs/servers/mail/rspamd/default.nix
View File

@ -1,17 +1,18 @@
{ stdenv, fetchFromGitHub, cmake, perl
,file , glib, gmime, libevent, luajit, openssl, pcre, pkgconfig, sqlite }:
, file, glib, gmime, libevent, luajit, openssl, pcre, pkgconfig, sqlite }:
let libmagic = file; # libmagic provided buy file package ATM
in
stdenv.mkDerivation rec {
name = "rspamd-${version}";
version = "git-2016-01-16";
version = "1.1.3";
src = fetchFromGitHub {
owner = "vstakhov";
repo = "rspamd";
rev = "04bfc92c1357c0f908ce9371ab303f8bf57657df";
sha256 = "1zip1msjjy5q7jcsn4l0yyg92c3wdsf1v5jv1acglrih8dbfl7zj";
rev = version;
sha256 = "0mvh812a91yqynmcpv159dmkipx72fwg7rgscq7virzphchkbzvj";
};
nativeBuildInputs = [ cmake pkgconfig perl ];
@ -31,8 +32,8 @@ stdenv.mkDerivation rec {
meta = with stdenv.lib; {
homepage = "https://github.com/vstakhov/rspamd";
license = licenses.bsd2;
license = licenses.bsd2;
description = "advanced spam filtering system";
maintainers = maintainers.avnik;
maintainers = with maintainers; [ avnik fpletz ];
};
}

4
pkgs/servers/nosql/redis/default.nix
View File

@ -1,12 +1,12 @@
{ stdenv, fetchurl }:
stdenv.mkDerivation rec {
version = "3.0.6";
version = "3.0.7";
name = "redis-${version}";
src = fetchurl {
url = "http://download.redis.io/releases/${name}.tar.gz";
sha256 = "092nnxjyaf7h9mnwac5rwjl0ikyyqa44vn426w64hn2534iia7kg";
sha256 = "08vzfdr67gp3lvk770qpax2c5g2sx8hn6p64jn3jddrvxb2939xj";
};
makeFlags = "PREFIX=$(out)";

4
pkgs/tools/networking/nbd/default.nix
View File

@ -8,7 +8,9 @@ stdenv.mkDerivation rec {
sha256 = "1pkkid657zgjymwxv3fm32cxnq9llfz29rl15vp6mn42vnzbj1di";
};
buildInputs = [ pkgconfig glib ] ++ stdenv.lib.optional (stdenv ? glibc) stdenv.glibc.kernelHeaders;
buildInputs =
[ pkgconfig glib ]
++ stdenv.lib.optional (stdenv ? glibc) stdenv.glibc.linuxHeaders;
postInstall = ''
mkdir -p "$out/share/doc/${name}"

10
pkgs/top-level/all-packages.nix
View File

@ -5988,6 +5988,8 @@ let
mk = callPackage ../development/tools/build-managers/mk { };
msitools = callPackage ../development/tools/misc/msitools { };
multi-ghc-travis = callPackage ../development/tools/haskell/multi-ghc-travis { };
neoload = callPackage ../development/tools/neoload {
@ -6699,22 +6701,18 @@ let
glfw3 = callPackage ../development/libraries/glfw/3.x.nix { };
glibc = callPackage ../development/libraries/glibc {
kernelHeaders = linuxHeaders;
installLocales = config.glibc.locales or false;
machHeaders = null;
hurdHeaders = null;
gccCross = null;
};
glibc_memusage = callPackage ../development/libraries/glibc {
kernelHeaders = linuxHeaders;
installLocales = false;
withGd = true;
};
glibcCross = forceNativeDrv (glibc.override {
gccCross = gccCrossStageStatic;
kernelHeaders = linuxHeadersCross;
linuxHeaders = linuxHeadersCross;
});
# We can choose:
@ -12427,7 +12425,7 @@ let
inferno = callPackage_i686 ../applications/inferno { };
inkscape = callPackage ../applications/graphics/inkscape {
inherit (pythonPackages) lxml;
inherit (pythonPackages) python pyxml lxml numpy;
lcms = lcms2;
};

40
pkgs/top-level/python-packages.nix
View File

@ -1804,15 +1804,24 @@ in modules // {
cycler = buildPythonPackage rec {
name = "cycler-${version}";
version = "0.9.0";
version = "0.10.0";
src = pkgs.fetchurl {
url = "https://pypi.python.org/packages/source/C/Cycler/${name}.tar.gz";
sha256 = "96dc4ddf27ef62c09990c6196ac1167685e89168042ec0ae4db586de023355bc";
sha256 = "cd7b2d1018258d7247a71425e9f26463dfb444d411c39569972f4ce586b0c9d8";
};
buildInputs = with self; [ coverage nose ];
propagatedBuildInputs = with self; [ six ];
checkPhase = ''
${python.interpreter} run_tests.py
'';
# Tests were not included in release.
# https://github.com/matplotlib/cycler/issues/31
doCheck = false;
meta = {
description = "Composable style cycles";
homepage = http://github.com/matplotlib/cycler;
@ -8960,10 +8969,11 @@ in modules // {
${python.interpreter} -m unittest discover
'';
# Judging from SyntaxError
disabled = isPy3k;
# Lots of errors. Likely due to being in a chroot
# Because 2to3 is used the tests in $out need to be run.
# Both when using unittest and pytest this resulted in many errors,
# some Python byte/str errors, and others specific to resources tested.
# Failing tests due to the latter is to be expected with this type of package.
# Tests are therefore disabled.
doCheck = false;
meta = {
@ -10433,15 +10443,19 @@ in modules // {
keyring = buildPythonPackage rec {
name = "keyring-3.3";
name = "keyring-8.4.1";
src = pkgs.fetchurl {
url = "https://pypi.python.org/packages/source/k/keyring/${name}.zip";
md5 = "81291e0c7337affb71442e6c7671e77f";
url = "https://pypi.python.org/packages/source/k/keyring/${name}.tar.gz";
sha256 = "1286sh5g53168qxbl4g5bmns9ci0ld0jl3h44b7h8is5nw1421ar";
};
buildInputs = with self;
[ fs gdata python_keyczar mock pyasn1 pycrypto pytest six ];
[ fs gdata python_keyczar mock pyasn1 pycrypto pytest_28 six setuptools_scm pytestrunner ];
checkPhase = ''
py.test $out
'';
meta = {
description = "Store and access your passwords safely";
@ -12528,16 +12542,16 @@ in modules // {
};
numexpr = buildPythonPackage rec {
version = "2.4.6";
version = "2.5";
name = "numexpr-${version}";
src = pkgs.fetchurl {
url = "https://pypi.python.org/packages/source/n/numexpr/${name}.tar.gz";
sha256 = "052397670dc56d7845ff894cd7d858e4f115491ecd93bcc0eda5cb83990c5da3";
sha256 = "319cdf4e402177a1c8ed4972cffd09f523446f186d347b7c1974787cdabf0294";
};
# Tests fail with python 3. https://github.com/pydata/numexpr/issues/177
doCheck = !isPy3k;
# doCheck = !isPy3k;
propagatedBuildInputs = with self; [ numpy ];