Commit Graph

60 Commits

Author SHA1 Message Date
John Ericson
ba52ae5048 treewide: isArm -> isAarch32
Following legacy packing conventions, `isArm` was defined just for
32-bit ARM instruction set. This is confusing to non packagers though,
because Aarch64 is an ARM instruction set.

The official ARM overview for ARMv8[1] is surprisingly not confusing,
given the overall state of affairs for ARM naming conventions, and
offers us a solution. It divides the nomenclature into three levels:

```
ISA:             ARMv8   {-A, -R, -M}
                 /    \
Mode:     Aarch32     Aarch64
             |         /   \
Encoding:   A64      A32   T32
```

At the top is the overall v8 instruction set archicture. Second are the
two modes, defined by bitwidth but differing in other semantics too, and
buttom are the encodings, (hopefully?) isomorphic if they encode the
same mode.

The 32 bit encodings are mostly backwards compatible with previous
non-Thumb and Thumb encodings, and if so we can pun the mode names to
instead mean "sets of compatable or isomorphic encodings", and then
voilà we have nice names for 32-bit and 64-bit arm instruction sets
which do not use the word ARM so as to not confused either laymen or
experienced ARM packages.

[1]: https://developer.arm.com/products/architecture/a-profile
2018-04-25 15:28:55 -04:00
Will Dietz
c3ab285ce2 glibc: use local copy of patch to fix w/musl
fetchpatch doesn't work with bootstrap fetchurl,
so just use local file like we do for other glibc patches.
2018-04-24 16:57:57 -05:00
Vladimír Čunát
17c4b83d05
Merge #31320: docs and glibc: explicit comments on outputs 2018-04-22 11:55:23 +02:00
Shea Levy
273e58ebd9
glibc: Make 2.27 the default. 2018-03-17 21:58:14 -04:00
Will Dietz
54c4c183dd glibc: make fetchpatch optional ("? null"), just in case. 2018-03-11 11:16:53 -05:00
Will Dietz
82644c15e5 glibc: patch to fix building w/musl-based stdenv
See:
https://sourceware.org/bugzilla/show_bug.cgi?id=21604
2018-03-11 10:53:31 -05:00
Ben Gamari
a868bf3797 glibc: Fix cross-compilation of locales 2018-02-13 09:44:26 -06:00
John Ericson
7d0d12e3e0 glibc: Remove two tiny old cross hacks
- Name is already suffixed

 - Env vars are already exported
2018-01-26 21:01:33 -05:00
John Ericson
71f814a889 lib, glibc: Get rid of withTLS
glibc removed the underlying flag in 2011 in
83cd14204559abbb52635006832eaf4d2f42514a [1].

This gets us one step closer to fixing #34274: the cross stdenv for
aarch64-unknown-linux-gnu at least evals now.

Thanks to @Dezgeg for doing all the research for this.

[1]: https://sourceware.org/git/?p=glibc.git;a=commit;h=83cd14204559abbb52635006832eaf4d2f42514a
2018-01-26 23:29:06 +02:00
Vladimír Čunát
990ff97c6d
glibc: 2.26-115 -> 2.26-131 to fix CVE-2018-1000001
/cc https://github.com/NixOS/nixpkgs/issues/33826#issuecomment-357436030
2018-01-14 20:41:43 +01:00
John Ericson
4d2b763817
Merge pull request #26805 from obsidiansystems/cross-elegant
Make cross compilation elegant
2017-12-30 22:58:02 -05:00
John Ericson
5b74540c5b treewide: Use depsBuildBuild for buildPackges.stdenv.cc 2017-12-30 22:04:21 -05:00
Vladimír Čunát
87acb2b9fd
glibc: support RHEL 6 -like kernels again
We lost the support with 2.25 -> 2.26
2017-12-21 21:56:31 +01:00
Vladimír Čunát
a139613983
glibc: maintenance 2.26-75 -> 2.26-115 2017-12-20 15:31:13 +01:00
Orivej Desh
035b589245 glibc: support obsolete "compat" in nsswitch.conf
Fixes #31700. See https://bugs.archlinux.org/task/54592.
2017-11-17 06:37:25 +00:00
Ilya Kolpakov
e4afe8fc6c glibc: comments on bin not being the first output
The glibc package does not respect a standard convention to put the
executables in the first output which should be as clear as possible
to anyone seeking to use such executables (e.g. `ldd`). This commit
adds a detailed comment a the top of `common.nix` explaining the
deviation from the convention and how to reference the binaries.
2017-11-06 16:47:30 +01:00
Vladimír Čunát
9bb67d5c1e
glibc: 2.25-49 -> 2.26-75
Security: the NEWS claims a couple more CVEs are fixed than what we
patched, though perhaps nothing critical.

I personally don't find DNS fragmentation attacks that interesting
anymore, as it's just about weaker improvements for cases that choose
not to use DNSSEC.

Largest expected caveat: upstream bumped the minimal supportable kernel
to 3.2.0.  That's the oldest kernel still supported upstream, released
in Jan 2012, but most notably RHEL 6 and derivates still use a heavily
patched 2.6.32 kernel and those systems are still supported and in use
(production support is scheduled to last till the end of 2020!).
2017-11-05 19:10:42 +01:00
John Ericson
8bfb247224 glibc: Grab the right linux headers when build != host
In #28519 / 791ce593ce I made linux
headers be intended to be used from the stage stage, as it would be if
it were a library containing headers and code. I forgot to update glibc,
however, so it was incorrectly using headers for the build platform, not
host platform.

This fixes that, basically reverting a small portion of changes I made a
few months ago in 25edc476fd and its
parent.

No native hashes are changed.
2017-09-20 20:57:41 -04:00
Vladimír Čunát
bdfc989bba
glibc: remove a fixup; not needed since glibc-2.22 2017-09-02 17:22:37 +02:00
Vladimír Čunát
0f91a1dbd7
glibc: remove patch with blowfish support 2017-09-02 17:22:37 +02:00
Vladimír Čunát
51cf42ad0d
glibc: 2.25 -> 2.25-49
Various fixes within, e.g. mutexes deadlocking sometimes.
https://sourceware.org/git/?p=glibc.git;a=blob;f=NEWS;h=f7057710f14d6c
2017-09-02 17:22:36 +02:00
Tuomas Tynkkynen
f9b2d7b4dd Revert "binutils: 2.28 -> 2.29"
This reverts commit 733e20fee4.

Downgrading to 2.28.1, 2.29 is too buggy.
2017-08-17 18:37:04 +03:00
Tim Steinbach
733e20fee4
binutils: 2.28 -> 2.29
Binutils 2.29 no longer allows .semver symbols, which is why
we need to patch glibc to avoid them
2017-07-29 13:23:59 -04:00
rnhmjoj
8fcc92fc69
glibc: fix unaligned __tls_get_addr issue 2017-07-06 13:51:50 +02:00
Franz Pletz
7cfd1c8c1b
glibc: fix i686 build 2017-06-26 02:19:08 +02:00
Franz Pletz
2296bf394e
glibc: patch CVE-2017-1000366 (stack clash) 2017-06-22 00:44:35 +02:00
John Ericson
25edc476fd glibc: Simplify derivation further
No native hashes should be changed with this commit
default.nix's cross hash should also not be changed
2017-05-20 22:17:28 -04:00
John Ericson
7e096024d7 glibc: Fix for cross 2017-05-19 18:44:24 -04:00
John Ericson
8328e3d3a6 glibc: Remove hack around long-fixed bug
https://sourceware.org/bugzilla/show_bug.cgi?id=411 was solved in 2012.
2017-04-25 21:43:15 -04:00
Vladimír Čunát
e47ac55a21
glibc: apply the i686 patch only on i686
... to reduce rebuilding. /cc #23177.
2017-04-10 11:18:50 +02:00
Vladimír Čunát
c30b12b9a5
glibc: fix i686 crashes via an upstream patch
Fixes #23177.
2017-04-10 11:13:00 +02:00
Vladimír Čunát
09d02f72f6
Re-revert "Merge: glibc: 2.24 -> 2.25"
This reverts commit 55cc7700e9.
I hope most problems have been solved.  /cc #22874.
2017-02-20 21:16:41 +01:00
Vladimír Čunát
55cc7700e9
Revert "Merge: glibc: 2.24 -> 2.25"
This reverts commit 1daf2e26d2, reversing
changes made to c0c50dfcb7.

It seems this is what has been causing all the reliability problems
on Hydra.  I'm currently unable to find why it happens, so I'm forced
to revert the update for now.  Discussion: #22874.
2017-02-16 18:16:06 +01:00
Vladimír Čunát
a01f8a4c38
glibc: security 2.24 -> 2.25
https://sourceware.org/ml/libc-alpha/2017-02/msg00079.html

Stripping was failing on libm.a; I don't know why.
2017-02-11 22:14:49 +01:00
Tuomas Tynkkynen
41fd1ed903 glibc: Check that 'cross.float' is defined
Because if we define it, then gcc compilation fails because it doesn't
support --with-float for aarch64.
2017-01-24 22:13:47 +02:00
Franz Pletz
3ba99f83a7
glibc: enable stackprotection hardening
Enables previously manually disabled stackprotector and stackguard
randomization.

From https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=511811:

    If glibc is built with the --enable-stackguard-randomization option,
    each application gets a random canary value (at runtime) from /dev/urandom.
    If --enable-stackguard-randomization is absent, applications get a static
    canary value of "0xff0a0000". This is very unfortunate, because the
    attacker may be able to bypass the stack protection mechanism, by placing
    those 4 bytes in the canary word, before the actual canary check is
    performed (for example in memcpy-based buffer overflows).
2016-09-12 02:36:11 +02:00
Tuomas Tynkkynen
e065baafba glibc: Make one exception for output order
Usages like '${stdenv.cc.libc}/lib/ld-linux-x86-64.so.2' are much more
common than the bin output.
2016-08-29 14:49:52 +03:00
Tuomas Tynkkynen
a17216af4c treewide: Shuffle outputs
Make either 'bin' or 'out' the first output.
2016-08-29 14:49:51 +03:00
Tuomas Tynkkynen
d1c7eb8098 glibc: Uncomment 'meta.platforms' 2016-08-28 18:04:09 +03:00
obadz
9744c7768d glibc: 2.23 -> 2.24
- Removed patches that were merged upstream
- Removed --localdir from configureFlags as according to
  https://sourceware.org/bugzilla/show_bug.cgi?id=14259
  it was unused before
2016-08-19 15:05:41 +01:00
Eric Litak
251c97adee fix brace warnings in glibc 2016-05-31 16:28:05 -07:00
Scott R. Parish
64f5845418 glibc: patch 2.23 for CVE-2016-3075, CVE-2016-1234, CVE-2016-3706
This addresses the following security advisories:

+ CVE-2016-3075: Stack overflow in _nss_dns_getnetbyname_r
+ CVE-2016-1234: glob: buffer overflow with GLOB_ALTDIRFUNC due to incorrect
                 NAME_MAX limit assumption
+ CVE-2016-3706: getaddrinfo: stack overflow in hostent conversion

Patches cherry-picked from glibc's release/2.23/master branch.

The "glob-simplify-interface.patch" was a dependency for
"cve-2016-1234.patch".
2016-05-13 23:47:17 -07:00
Vladimír Čunát
09af15654f Merge master into closure-size
The kde-5 stuff still didn't merge well.
I hand-fixed what I saw, but there may be more problems.
2016-03-08 09:58:19 +01:00
Vladimír Čunát
59617de6d7 glibc: 2.22 -> 2.23
The two patches were included upstream.
(Even the one from guix, except for a whitespace difference.)
2016-02-21 10:31:14 +01:00
Eelco Dolstra
1ab14aad7a glibc: Drop hurd support
This hasn't been maintained since 2012.

Also, renamed glibc's kernelHeaders argument to linuxHeaders.
2016-02-18 21:11:15 +01:00
Eelco Dolstra
f98a5946b7 glibc: 2.21 -> 2.22 2016-02-18 20:54:52 +01:00
Nathan Zadoks
b5aa8a4e64 glibc: patch CVE-2015-7547
The glibc DNS client side resolver is vulnerable to a stack-based buffer
overflow when the getaddrinfo() library function is used. Software using
this function may be exploited with attacker-controlled domain names,
attacker-controlled DNS servers, or through a man-in-the-middle attack.
https://googleonlinesecurity.blogspot.co.uk/2016/02/cve-2015-7547-glibc-getaddrinfo-stack.html
2016-02-16 16:15:07 +01:00
Vladimír Čunát
f9f6f41bff Merge branch 'master' into closure-size
TODO: there was more significant refactoring of qtbase and plasma 5.5
on master, and I'm deferring pointing to correct outputs to later.
2015-12-31 09:53:02 +01:00
Eelco Dolstra
6a766f47c2 glibc: Fix assertion failure when using incompatible locale data
Borrowed from

  http://git.savannah.gnu.org/cgit/guix.git/plain/gnu/packages/patches/glibc-locale-incompatibility.patch

https://github.com/NixOS/nix/issues/599

We may also want to apply

  http://git.savannah.gnu.org/cgit/guix.git/tree/gnu/packages/patches/glibc-versioned-locpath.patch

but we'll need to ditch locale-archive first. (Apparently
locale-archive is not very useful anymore anyway.)
2015-12-02 11:27:39 +01:00
Vladimír Čunát
5227fb1dd5 Merge commit staging+systemd into closure-size
Many non-conflict problems weren't (fully) resolved in this commit yet.
2015-10-03 13:33:37 +02:00