Merge #168140: staging-next 2022-04-10
This commit is contained in:
commit
e1118817a1
@ -1,6 +1,7 @@
|
||||
{ config, lib, stdenv, fetchurl, fetchpatch, fetchFromGitHub, pkgs, buildPackages
|
||||
, callPackage
|
||||
, enableThreading ? true, coreutils, makeWrapper
|
||||
, zlib
|
||||
}:
|
||||
|
||||
# Note: this package is used for bootstrapping fetchurl, and thus
|
||||
@ -115,6 +116,16 @@ let
|
||||
cf_by="nixpkgs"
|
||||
cf_time="$(date -d "@$SOURCE_DATE_EPOCH")"
|
||||
EOF
|
||||
|
||||
# Compress::Raw::Zlib should use our zlib package instead of the one
|
||||
# included with the distribution
|
||||
cat > ./cpan/Compress-Raw-Zlib/config.in <<EOF
|
||||
BUILD_ZLIB = False
|
||||
INCLUDE = ${zlib.dev}/include
|
||||
LIB = ${zlib.out}/lib
|
||||
OLD_ZLIB = False
|
||||
GZIP_OS_CODE = AUTO_DETECT
|
||||
EOF
|
||||
'' + optionalString stdenv.isDarwin ''
|
||||
substituteInPlace hints/darwin.sh --replace "env MACOSX_DEPLOYMENT_TARGET=10.3" ""
|
||||
'' + optionalString (!enableThreading) ''
|
||||
|
@ -127,6 +127,13 @@ stdenv.mkDerivation ({
|
||||
./nix-nss-open-files.patch
|
||||
|
||||
./0001-Revert-Remove-all-usage-of-BASH-or-BASH-in-installed.patch
|
||||
|
||||
/* Fix segfault in getpwuid when stat fails
|
||||
https://sourceware.org/bugzilla/show_bug.cgi?id=28752 */
|
||||
(fetchurl {
|
||||
url = "https://patchwork.sourceware.org/project/glibc/patch/20220314175316.3239120-2-sam@gentoo.org/raw/";
|
||||
sha256 = "sq0BoPqXHQ69Vq4zJobCspe4XRfnAiuac/wqzVQJESc=";
|
||||
})
|
||||
]
|
||||
++ lib.optional stdenv.hostPlatform.isMusl ./fix-rpc-types-musl-conflicts.patch
|
||||
++ lib.optional stdenv.buildPlatform.isDarwin ./darwin-cross-build.patch;
|
||||
|
@ -53,6 +53,36 @@ stdenv.mkDerivation rec {
|
||||
url = "https://gitlab.com/libtiff/libtiff/-/commit/561599c99f987dc32ae110370cfdd7df7975586b.patch";
|
||||
sha256 = "0ycirjjc1vigj03kwjb92n6jszsl9p17ccw5hry7lli9gxyyr0an";
|
||||
})
|
||||
(fetchpatch {
|
||||
name = "CVE-2022-0891.patch";
|
||||
url = "https://gitlab.com/libtiff/libtiff/-/commit/46dc8fcd4d38c3b6f35ab28e532aee80e6f609d6.patch";
|
||||
sha256 = "1zn2pgsmbrjx3g2bpdggvwwbp6i348mikwlx4ws482h2379vmyj1";
|
||||
})
|
||||
(fetchpatch {
|
||||
name = "CVE-2022-0865.patch";
|
||||
url = "https://gitlab.com/libtiff/libtiff/-/commit/5e18004500cda10d9074bdb6166b054e95b659ed.patch";
|
||||
sha256 = "131b9ial6avl2agwk31wp2jkrx59955f4r0dikx1jdaywqb7zhd1";
|
||||
})
|
||||
(fetchpatch {
|
||||
name = "CVE-2022-0924.patch";
|
||||
url = "https://gitlab.com/libtiff/libtiff/-/commit/408976c44ef0aad975e0d1b6c6dc80d60f9dc665.patch";
|
||||
sha256 = "1aqaynp74ijxr3rizvbyz23ncs71pbbcw5src1zv46473sy55s8p";
|
||||
})
|
||||
(fetchpatch {
|
||||
name = "CVE-2022-0907.patch";
|
||||
url = "https://gitlab.com/libtiff/libtiff/-/commit/f2b656e2e64adde07a6cffd5c8e96bd81a850fea.patch";
|
||||
sha256 = "0nsplq671qx0f35qww9mx27raqp3nvslz8iv7f3hxdgldylmh2vs";
|
||||
})
|
||||
(fetchpatch {
|
||||
name = "CVE-2022-0909.patch";
|
||||
url = "https://gitlab.com/libtiff/libtiff/-/commit/f8d0f9aa1ba04c9ae3bfe869a18141a8b8117ad7.patch";
|
||||
sha256 = "1plhk6ildl16bp0k3wvzfd4a97hqfqfbbn7vjinsaasf4v0x3q5j";
|
||||
})
|
||||
(fetchpatch {
|
||||
name = "CVE-2022-0908.patch";
|
||||
url = "https://gitlab.com/libtiff/libtiff/-/commit/a95b799f65064e4ba2e2dfc206808f86faf93e85.patch";
|
||||
sha256 = "0i61kkjaixdn2p933lpma9s6i0772vhxjxxcwyqagw96lmszrcm7";
|
||||
})
|
||||
];
|
||||
|
||||
postPatch = ''
|
||||
|
@ -154,6 +154,7 @@ self = stdenv.mkDerivation {
|
||||
meson pkg-config ninja
|
||||
intltool bison flex file
|
||||
python3Packages.python python3Packages.Mako
|
||||
jdupes
|
||||
] ++ lib.optionals (elem "wayland" eglPlatforms) [
|
||||
wayland-scanner
|
||||
];
|
||||
@ -230,7 +231,7 @@ self = stdenv.mkDerivation {
|
||||
done
|
||||
|
||||
# NAR doesn't support hard links, so convert them to symlinks to save space.
|
||||
${jdupes}/bin/jdupes --hard-links --link-soft --recurse "$drivers"
|
||||
jdupes --hard-links --link-soft --recurse "$drivers"
|
||||
|
||||
# add RPATH so the drivers can find the moved libgallium and libdricore9
|
||||
# moved here to avoid problems with stripping patchelfed files
|
||||
|
@ -12,13 +12,13 @@ in
|
||||
|
||||
stdenv.mkDerivation rec {
|
||||
pname = "sqlite${optionalString interactive "-interactive"}";
|
||||
version = "3.38.1";
|
||||
version = "3.38.2";
|
||||
|
||||
# nixpkgs-update: no auto update
|
||||
# NB! Make sure to update ./tools.nix src (in the same directory).
|
||||
src = fetchurl {
|
||||
url = "https://sqlite.org/2022/sqlite-autoconf-${archiveVersion version}.tar.gz";
|
||||
sha256 = "sha256-jjqM65eU2Wg5lZDS3fnVwESpfdg9OLlhM2SiReyKL8Q=";
|
||||
sha256 = "sha256-55dKoUMLrWkKXp95pu5chJKtqCadxnWHWtD7dH18raQ=";
|
||||
};
|
||||
|
||||
outputs = [ "bin" "dev" "out" ];
|
||||
|
@ -4,12 +4,12 @@ let
|
||||
archiveVersion = import ./archive-version.nix lib;
|
||||
mkTool = { pname, makeTarget, description, homepage }: stdenv.mkDerivation rec {
|
||||
inherit pname;
|
||||
version = "3.38.1";
|
||||
version = "3.38.2";
|
||||
|
||||
# nixpkgs-update: no auto update
|
||||
src = assert version == sqlite.version; fetchurl {
|
||||
url = "https://sqlite.org/2022/sqlite-src-${archiveVersion version}.zip";
|
||||
sha256 = "sha256-F3rv2oF/qfUoJeF0hYf3wnqbXmtTpIHNQ0YfJ0bZMdg=";
|
||||
sha256 = "sha256-x8DwcKM4yS6wiAWQXAXyVPpG0cTdo1SKAkdPb7VnMpo=";
|
||||
};
|
||||
|
||||
nativeBuildInputs = [ unzip ];
|
||||
|
@ -40,6 +40,10 @@ stdenv.mkDerivation (rec {
|
||||
--replace 'ARFLAGS="-o"' 'ARFLAGS="-r"'
|
||||
'';
|
||||
|
||||
patches = [
|
||||
./fix-configure-issue-cross.patch
|
||||
];
|
||||
|
||||
outputs = [ "out" "dev" ]
|
||||
++ lib.optional splitStaticOutput "static";
|
||||
setOutputFlags = false;
|
||||
|
@ -0,0 +1,24 @@
|
||||
From 05796d3d8d5546cf1b4dfe2cd72ab746afae505d Mon Sep 17 00:00:00 2001
|
||||
From: Mark Adler <madler@alumni.caltech.edu>
|
||||
Date: Mon, 28 Mar 2022 18:34:10 -0700
|
||||
Subject: [PATCH] Fix configure issue that discarded provided CC definition.
|
||||
|
||||
---
|
||||
configure | 3 +++
|
||||
1 file changed, 3 insertions(+)
|
||||
|
||||
diff --git a/configure b/configure
|
||||
index 52ff4a04e..3fa3e8618 100755
|
||||
--- a/configure
|
||||
+++ b/configure
|
||||
@@ -174,7 +174,10 @@ if test -z "$CC"; then
|
||||
else
|
||||
cc=${CROSS_PREFIX}cc
|
||||
fi
|
||||
+else
|
||||
+ cc=${CC}
|
||||
fi
|
||||
+
|
||||
cflags=${CFLAGS-"-O3"}
|
||||
# to force the asm version use: CFLAGS="-O3 -DASMV" ./configure
|
||||
case "$cc" in
|
@ -71,11 +71,6 @@ buildPythonPackage rec {
|
||||
"test_libcurl_ssl_gnutls"
|
||||
# AssertionError: assert 'crypto' in ['curl']
|
||||
"test_ssl_in_static_libs"
|
||||
# pycurl.error: (27, '')
|
||||
"test_getinfo_raw_certinfo"
|
||||
"test_request_with_certinfo"
|
||||
"test_request_with_verifypeer"
|
||||
"test_request_without_certinfo"
|
||||
];
|
||||
|
||||
meta = with lib; {
|
||||
|
@ -31,7 +31,7 @@ buildPythonPackage rec {
|
||||
|
||||
# Patch t.p._inotify to point to libc. Without this,
|
||||
# twisted.python.runtime.platform.supportsINotify() == False
|
||||
patchPhase = lib.optionalString stdenv.isLinux ''
|
||||
postPatch = lib.optionalString stdenv.isLinux ''
|
||||
substituteInPlace src/twisted/python/_inotify.py --replace \
|
||||
"ctypes.util.find_library(\"c\")" "'${stdenv.glibc.out}/lib/libc.so.6'"
|
||||
'';
|
||||
@ -45,13 +45,13 @@ buildPythonPackage rec {
|
||||
'';
|
||||
|
||||
checkPhase = ''
|
||||
${python.interpreter} -m unittest discover -s twisted/test
|
||||
${python.interpreter} -m unittest discover -s src/twisted/test
|
||||
'';
|
||||
# Tests require network
|
||||
doCheck = false;
|
||||
|
||||
meta = with lib; {
|
||||
homepage = "https://twistedmatrix.com/";
|
||||
homepage = "https://github.com/twisted/twisted";
|
||||
description = "Twisted, an event-driven networking engine written in Python";
|
||||
longDescription = ''
|
||||
Twisted is an event-driven networking engine written in Python
|
||||
|
@ -69,6 +69,13 @@ stdenv.mkDerivation rec {
|
||||
sha256 = "0qjq41ridyamajz9v9nyplgq7f8nn3fxw375s9sa5a0igsrx9pm0";
|
||||
excludes = [ "ChangeLog" ];
|
||||
})
|
||||
# Fix pending upstream inclusion for linux-headers-5.17 support:
|
||||
# https://github.com/linux-audit/audit-userspace/pull/253
|
||||
(fetchpatch {
|
||||
name = "ignore-flexible-array.patch";
|
||||
url = "https://github.com/linux-audit/audit-userspace/commit/beed138222421a2eb4212d83cb889404bd7efc49.patch";
|
||||
sha256 = "1hf02zaxv6x0wmn4ca9fj48y2shks7vfna43i1zz58xw9jq7sza0";
|
||||
})
|
||||
];
|
||||
|
||||
postPatch = ''
|
||||
|
@ -20,6 +20,11 @@ stdenv.mkDerivation rec {
|
||||
libyamlcpp libsodium curl unixODBC openssl systemd lmdb tinycdb
|
||||
];
|
||||
|
||||
# Configure phase requires 64-bit time_t even on 32-bit platforms.
|
||||
NIX_CFLAGS_COMPILE = lib.optionals stdenv.hostPlatform.is32bit [
|
||||
"-D_TIME_BITS=64" "-D_FILE_OFFSET_BITS=64"
|
||||
];
|
||||
|
||||
configureFlags = [
|
||||
"--disable-silent-rules"
|
||||
"--enable-dns-over-tls"
|
||||
|
@ -11,11 +11,11 @@
|
||||
|
||||
stdenv.mkDerivation rec {
|
||||
pname = "gzip";
|
||||
version = "1.11";
|
||||
version = "1.12";
|
||||
|
||||
src = fetchurl {
|
||||
url = "mirror://gnu/gzip/${pname}-${version}.tar.xz";
|
||||
sha256 = "01vrly90rvc98af6rcmrb3gwv1l6pylasvsdka23dffwizb9b6lv";
|
||||
sha256 = "sha256-zl4D5Rn2N+H4FAEazjXE+HszwLur7sNbr1+9NHnpGVY=";
|
||||
};
|
||||
|
||||
outputs = [ "out" "man" "info" ];
|
||||
|
30
pkgs/tools/networking/curl/7.82.0-openssl-fix-CN-check.patch
Normal file
30
pkgs/tools/networking/curl/7.82.0-openssl-fix-CN-check.patch
Normal file
@ -0,0 +1,30 @@
|
||||
From 911714d617c106ed5d553bf003e34ec94ab6a136 Mon Sep 17 00:00:00 2001
|
||||
From: Daniel Stenberg <daniel@haxx.se>
|
||||
Date: Tue, 8 Mar 2022 13:38:13 +0100
|
||||
Subject: [PATCH] openssl: fix CN check error code
|
||||
|
||||
Due to a missing 'else' this returns error too easily.
|
||||
|
||||
Regressed in: d15692ebb
|
||||
|
||||
Reported-by: Kristoffer Gleditsch
|
||||
Fixes #8559
|
||||
Closes #8560
|
||||
---
|
||||
lib/vtls/openssl.c | 3 ++-
|
||||
1 file changed, 2 insertions(+), 1 deletion(-)
|
||||
|
||||
diff --git a/lib/vtls/openssl.c b/lib/vtls/openssl.c
|
||||
index 0b79fc50a9c5..4618beeb3867 100644
|
||||
--- a/lib/vtls/openssl.c
|
||||
+++ b/lib/vtls/openssl.c
|
||||
@@ -1817,7 +1817,8 @@ CURLcode Curl_ossl_verifyhost(struct Curl_easy *data, struct connectdata *conn,
|
||||
memcpy(peer_CN, ASN1_STRING_get0_data(tmp), peerlen);
|
||||
peer_CN[peerlen] = '\0';
|
||||
}
|
||||
- result = CURLE_OUT_OF_MEMORY;
|
||||
+ else
|
||||
+ result = CURLE_OUT_OF_MEMORY;
|
||||
}
|
||||
}
|
||||
else /* not a UTF8 name */
|
@ -66,6 +66,7 @@ stdenv.mkDerivation rec {
|
||||
|
||||
patches = [
|
||||
./7.79.1-darwin-no-systemconfiguration.patch
|
||||
./7.82.0-openssl-fix-CN-check.patch
|
||||
];
|
||||
|
||||
outputs = [ "bin" "dev" "out" "man" "devdoc" ];
|
||||
|
@ -6,11 +6,11 @@ in
|
||||
|
||||
openssh = common rec {
|
||||
pname = "openssh";
|
||||
version = "8.9p1";
|
||||
version = "9.0p1";
|
||||
|
||||
src = fetchurl {
|
||||
url = "mirror://openbsd/OpenSSH/portable/openssh-${version}.tar.gz";
|
||||
sha256 = "sha256:1ry5prcax0134v6srkgznpl9ch5snkgq7yvjqvd8c5mbnxa7cjgx";
|
||||
sha256 = "12m2f9czvgmi7akp7xah6y7mrrpi280a3ksk47iwr7hy2q1475q3";
|
||||
};
|
||||
|
||||
extraPatches = [ ./ssh-keysign-8.5.patch ];
|
||||
|
Loading…
Reference in New Issue
Block a user