John Ericson
71f814a889
lib, glibc: Get rid of withTLS
...
glibc removed the underlying flag in 2011 in
83cd14204559abbb52635006832eaf4d2f42514a [1].
This gets us one step closer to fixing #34274 : the cross stdenv for
aarch64-unknown-linux-gnu at least evals now.
Thanks to @Dezgeg for doing all the research for this.
[1]: https://sourceware.org/git/?p=glibc.git;a=commit;h=83cd14204559abbb52635006832eaf4d2f42514a
2018-01-26 23:29:06 +02:00
Vladimír Čunát
990ff97c6d
glibc: 2.26-115 -> 2.26-131 to fix CVE-2018-1000001
...
/cc https://github.com/NixOS/nixpkgs/issues/33826#issuecomment-357436030
2018-01-14 20:41:43 +01:00
John Ericson
4d2b763817
Merge pull request #26805 from obsidiansystems/cross-elegant
...
Make cross compilation elegant
2017-12-30 22:58:02 -05:00
John Ericson
5b74540c5b
treewide: Use depsBuildBuild for buildPackges.stdenv.cc
2017-12-30 22:04:21 -05:00
Vladimír Čunát
87acb2b9fd
glibc: support RHEL 6 -like kernels again
...
We lost the support with 2.25 -> 2.26
2017-12-21 21:56:31 +01:00
Vladimír Čunát
a139613983
glibc: maintenance 2.26-75 -> 2.26-115
2017-12-20 15:31:13 +01:00
Orivej Desh
035b589245
glibc: support obsolete "compat" in nsswitch.conf
...
Fixes #31700 . See https://bugs.archlinux.org/task/54592 .
2017-11-17 06:37:25 +00:00
Vladimír Čunát
9bb67d5c1e
glibc: 2.25-49 -> 2.26-75
...
Security: the NEWS claims a couple more CVEs are fixed than what we
patched, though perhaps nothing critical.
I personally don't find DNS fragmentation attacks that interesting
anymore, as it's just about weaker improvements for cases that choose
not to use DNSSEC.
Largest expected caveat: upstream bumped the minimal supportable kernel
to 3.2.0. That's the oldest kernel still supported upstream, released
in Jan 2012, but most notably RHEL 6 and derivates still use a heavily
patched 2.6.32 kernel and those systems are still supported and in use
(production support is scheduled to last till the end of 2020!).
2017-11-05 19:10:42 +01:00
John Ericson
8bfb247224
glibc: Grab the right linux headers when build != host
...
In #28519 / 791ce593ce25edc476fd
2017-09-20 20:57:41 -04:00
Vladimír Čunát
0c660ad42f
Merge #28906 : glibc: 2.25 -> 2.25-49 (upstream patches)
2017-09-07 08:19:40 +02:00
Orivej Desh
7803d69b78
nixos: update glibc locales link
2017-09-03 18:00:35 +00:00
Vladimír Čunát
bdfc989bba
glibc: remove a fixup; not needed since glibc-2.22
2017-09-02 17:22:37 +02:00
Vladimír Čunát
0f91a1dbd7
glibc: remove patch with blowfish support
2017-09-02 17:22:37 +02:00
Vladimír Čunát
51cf42ad0d
glibc: 2.25 -> 2.25-49
...
Various fixes within, e.g. mutexes deadlocking sometimes.
https://sourceware.org/git/?p=glibc.git;a=blob;f=NEWS;h=f7057710f14d6c
2017-09-02 17:22:36 +02:00
Tuomas Tynkkynen
f9b2d7b4dd
Revert "binutils: 2.28 -> 2.29"
...
This reverts commit 733e20fee4
2017-08-17 18:37:04 +03:00
Tim Steinbach
733e20fee4
binutils: 2.28 -> 2.29
...
Binutils 2.29 no longer allows .semver symbols, which is why
we need to patch glibc to avoid them
2017-07-29 13:23:59 -04:00
rnhmjoj
8fcc92fc69
glibc: fix unaligned __tls_get_addr issue
2017-07-06 13:51:50 +02:00
Franz Pletz
7cfd1c8c1b
glibc: fix i686 build
2017-06-26 02:19:08 +02:00
Franz Pletz
2296bf394e
glibc: patch CVE-2017-1000366 (stack clash)
2017-06-22 00:44:35 +02:00
John Ericson
25edc476fd
glibc: Simplify derivation further
...
No native hashes should be changed with this commit
default.nix's cross hash should also not be changed
2017-05-20 22:17:28 -04:00
John Ericson
7e096024d7
glibc: Fix for cross
2017-05-19 18:44:24 -04:00
John Ericson
8328e3d3a6
glibc: Remove hack around long-fixed bug
...
https://sourceware.org/bugzilla/show_bug.cgi?id=411 was solved in 2012.
2017-04-25 21:43:15 -04:00
Vladimír Čunát
e47ac55a21
glibc: apply the i686 patch only on i686
...
... to reduce rebuilding. /cc #23177 .
2017-04-10 11:18:50 +02:00
Vladimír Čunát
c30b12b9a5
glibc: fix i686 crashes via an upstream patch
...
Fixes #23177 .
2017-04-10 11:13:00 +02:00
Vladimír Čunát
4b7215368a
glibc: fixup libm.a
...
Now it's not an actual archive but a linker script, and the absolute
paths in there were broken due to moving *.a into $static.
Let's fix this up in all *.a in case there are more in future.
2017-02-21 14:19:07 +01:00
Vladimír Čunát
09d02f72f6
Re-revert "Merge: glibc: 2.24 -> 2.25"
...
This reverts commit 55cc7700e9#22874 .
2017-02-20 21:16:41 +01:00
Vladimír Čunát
55cc7700e9
Revert "Merge: glibc: 2.24 -> 2.25"
...
This reverts commit 1daf2e26d2c0c50dfcb7#22874 .
2017-02-16 18:16:06 +01:00
Vladimír Čunát
1daf2e26d2
Merge: glibc: 2.24 -> 2.25
2017-02-13 22:14:15 +01:00
Vladimír Čunát
a01f8a4c38
glibc: security 2.24 -> 2.25
...
https://sourceware.org/ml/libc-alpha/2017-02/msg00079.html
Stripping was failing on libm.a; I don't know why.
2017-02-11 22:14:49 +01:00
Tuomas Tynkkynen
41fd1ed903
glibc: Check that 'cross.float' is defined
...
Because if we define it, then gcc compilation fails because it doesn't
support --with-float for aarch64.
2017-01-24 22:13:47 +02:00
Franz Pletz
3ba99f83a7
glibc: enable stackprotection hardening
...
Enables previously manually disabled stackprotector and stackguard
randomization.
From https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=511811 :
If glibc is built with the --enable-stackguard-randomization option,
each application gets a random canary value (at runtime) from /dev/urandom.
If --enable-stackguard-randomization is absent, applications get a static
canary value of "0xff0a0000". This is very unfortunate, because the
attacker may be able to bypass the stack protection mechanism, by placing
those 4 bytes in the canary word, before the actual canary check is
performed (for example in memcpy-based buffer overflows).
2016-09-12 02:36:11 +02:00
Tuomas Tynkkynen
73f1ade407
glibc_multi: Reference dev outputs of glibc
2016-08-30 15:18:51 +03:00
Tuomas Tynkkynen
040fadf345
glibc_multi: Fix unnoticed output shuffle
2016-08-29 14:49:53 +03:00
Tuomas Tynkkynen
e065baafba
glibc: Make one exception for output order
...
Usages like '${stdenv.cc.libc}/lib/ld-linux-x86-64.so.2' are much more
common than the bin output.
2016-08-29 14:49:52 +03:00
Tuomas Tynkkynen
a17216af4c
treewide: Shuffle outputs
...
Make either 'bin' or 'out' the first output.
2016-08-29 14:49:51 +03:00
Robin Gloster
e17bc25943
Merge remote-tracking branch 'upstream/master' into staging
2016-08-29 00:24:47 +00:00
Tuomas Tynkkynen
d1c7eb8098
glibc: Uncomment 'meta.platforms'
2016-08-28 18:04:09 +03:00
obadz
24a9183f90
Merge branch 'hardened-stdenv' into staging
...
Closes #12895
Amazing work by @globin & @fpletz getting hardened compiler flags by
enabled default on the whole package set
2016-08-22 01:19:35 +01:00
obadz
b092538811
Revert "glibc: add patch to fix segfault in forkpty"
...
This reverts commit 1747d28e5a
2016-08-20 22:39:05 +01:00
obadz
3e03db11b7
glibc: fixup, that should have been $bin not $out
2016-08-19 15:23:56 +01:00
obadz
a7bfa77787
glibc: remove sln from bin, not sbin
2016-08-19 15:20:46 +01:00
obadz
9744c7768d
glibc: 2.23 -> 2.24
...
- Removed patches that were merged upstream
- Removed --localdir from configureFlags as according to
https://sourceware.org/bugzilla/show_bug.cgi?id=14259
it was unused before
2016-08-19 15:05:41 +01:00
Robin Gloster
1747d28e5a
glibc: add patch to fix segfault in forkpty
2016-08-16 07:52:03 +00:00
Robin Gloster
5185bc1773
Merge remote-tracking branch 'upstream/master' into hardened-stdenv
2016-07-15 14:41:01 +00:00
Vladimír Čunát
91c1317272
glibc: fixup retaining bootstrap-tools reference
...
https://github.com/NixOS/nixpkgs/pull/15867#issuecomment-227949096
2016-06-23 12:11:21 +02:00
Eric Litak
251c97adee
fix brace warnings in glibc
2016-05-31 16:28:05 -07:00
Eric Litak
e8ca9dca53
manual strip broke crossDrv. no clue why it was ever added; should be automatic
2016-05-31 16:27:24 -07:00
Eric Litak
44ae9a3c0a
reorganize crossDrv hooks
2016-05-31 16:27:24 -07:00
Eric Litak
0265285b96
moving builder.sh hooks into nix
2016-05-31 09:33:32 -07:00
Franz Pletz
f8d481754c
Merge remote-tracking branch 'origin/master' into hardened-stdenv
2016-05-18 17:10:02 +02:00
