Merge #168140: staging-next 2022-04-10

This commit is contained in:
Vladimír Čunát 2022-04-12 18:00:24 +02:00
commit e1118817a1
No known key found for this signature in database
GPG key ID: E747DF1F9575A3AA
16 changed files with 132 additions and 17 deletions

View file

@ -1,6 +1,7 @@
{ config, lib, stdenv, fetchurl, fetchpatch, fetchFromGitHub, pkgs, buildPackages
, callPackage
, enableThreading ? true, coreutils, makeWrapper
, zlib
}:
# Note: this package is used for bootstrapping fetchurl, and thus
@ -115,6 +116,16 @@ let
cf_by="nixpkgs"
cf_time="$(date -d "@$SOURCE_DATE_EPOCH")"
EOF
# Compress::Raw::Zlib should use our zlib package instead of the one
# included with the distribution
cat > ./cpan/Compress-Raw-Zlib/config.in <<EOF
BUILD_ZLIB = False
INCLUDE = ${zlib.dev}/include
LIB = ${zlib.out}/lib
OLD_ZLIB = False
GZIP_OS_CODE = AUTO_DETECT
EOF
'' + optionalString stdenv.isDarwin ''
substituteInPlace hints/darwin.sh --replace "env MACOSX_DEPLOYMENT_TARGET=10.3" ""
'' + optionalString (!enableThreading) ''

View file

@ -127,6 +127,13 @@ stdenv.mkDerivation ({
./nix-nss-open-files.patch
./0001-Revert-Remove-all-usage-of-BASH-or-BASH-in-installed.patch
/* Fix segfault in getpwuid when stat fails
https://sourceware.org/bugzilla/show_bug.cgi?id=28752 */
(fetchurl {
url = "https://patchwork.sourceware.org/project/glibc/patch/20220314175316.3239120-2-sam@gentoo.org/raw/";
sha256 = "sq0BoPqXHQ69Vq4zJobCspe4XRfnAiuac/wqzVQJESc=";
})
]
++ lib.optional stdenv.hostPlatform.isMusl ./fix-rpc-types-musl-conflicts.patch
++ lib.optional stdenv.buildPlatform.isDarwin ./darwin-cross-build.patch;

View file

@ -53,6 +53,36 @@ stdenv.mkDerivation rec {
url = "https://gitlab.com/libtiff/libtiff/-/commit/561599c99f987dc32ae110370cfdd7df7975586b.patch";
sha256 = "0ycirjjc1vigj03kwjb92n6jszsl9p17ccw5hry7lli9gxyyr0an";
})
(fetchpatch {
name = "CVE-2022-0891.patch";
url = "https://gitlab.com/libtiff/libtiff/-/commit/46dc8fcd4d38c3b6f35ab28e532aee80e6f609d6.patch";
sha256 = "1zn2pgsmbrjx3g2bpdggvwwbp6i348mikwlx4ws482h2379vmyj1";
})
(fetchpatch {
name = "CVE-2022-0865.patch";
url = "https://gitlab.com/libtiff/libtiff/-/commit/5e18004500cda10d9074bdb6166b054e95b659ed.patch";
sha256 = "131b9ial6avl2agwk31wp2jkrx59955f4r0dikx1jdaywqb7zhd1";
})
(fetchpatch {
name = "CVE-2022-0924.patch";
url = "https://gitlab.com/libtiff/libtiff/-/commit/408976c44ef0aad975e0d1b6c6dc80d60f9dc665.patch";
sha256 = "1aqaynp74ijxr3rizvbyz23ncs71pbbcw5src1zv46473sy55s8p";
})
(fetchpatch {
name = "CVE-2022-0907.patch";
url = "https://gitlab.com/libtiff/libtiff/-/commit/f2b656e2e64adde07a6cffd5c8e96bd81a850fea.patch";
sha256 = "0nsplq671qx0f35qww9mx27raqp3nvslz8iv7f3hxdgldylmh2vs";
})
(fetchpatch {
name = "CVE-2022-0909.patch";
url = "https://gitlab.com/libtiff/libtiff/-/commit/f8d0f9aa1ba04c9ae3bfe869a18141a8b8117ad7.patch";
sha256 = "1plhk6ildl16bp0k3wvzfd4a97hqfqfbbn7vjinsaasf4v0x3q5j";
})
(fetchpatch {
name = "CVE-2022-0908.patch";
url = "https://gitlab.com/libtiff/libtiff/-/commit/a95b799f65064e4ba2e2dfc206808f86faf93e85.patch";
sha256 = "0i61kkjaixdn2p933lpma9s6i0772vhxjxxcwyqagw96lmszrcm7";
})
];
postPatch = ''

View file

@ -154,6 +154,7 @@ self = stdenv.mkDerivation {
meson pkg-config ninja
intltool bison flex file
python3Packages.python python3Packages.Mako
jdupes
] ++ lib.optionals (elem "wayland" eglPlatforms) [
wayland-scanner
];
@ -230,7 +231,7 @@ self = stdenv.mkDerivation {
done
# NAR doesn't support hard links, so convert them to symlinks to save space.
${jdupes}/bin/jdupes --hard-links --link-soft --recurse "$drivers"
jdupes --hard-links --link-soft --recurse "$drivers"
# add RPATH so the drivers can find the moved libgallium and libdricore9
# moved here to avoid problems with stripping patchelfed files

View file

@ -12,13 +12,13 @@ in
stdenv.mkDerivation rec {
pname = "sqlite${optionalString interactive "-interactive"}";
version = "3.38.1";
version = "3.38.2";
# nixpkgs-update: no auto update
# NB! Make sure to update ./tools.nix src (in the same directory).
src = fetchurl {
url = "https://sqlite.org/2022/sqlite-autoconf-${archiveVersion version}.tar.gz";
sha256 = "sha256-jjqM65eU2Wg5lZDS3fnVwESpfdg9OLlhM2SiReyKL8Q=";
sha256 = "sha256-55dKoUMLrWkKXp95pu5chJKtqCadxnWHWtD7dH18raQ=";
};
outputs = [ "bin" "dev" "out" ];

View file

@ -4,12 +4,12 @@ let
archiveVersion = import ./archive-version.nix lib;
mkTool = { pname, makeTarget, description, homepage }: stdenv.mkDerivation rec {
inherit pname;
version = "3.38.1";
version = "3.38.2";
# nixpkgs-update: no auto update
src = assert version == sqlite.version; fetchurl {
url = "https://sqlite.org/2022/sqlite-src-${archiveVersion version}.zip";
sha256 = "sha256-F3rv2oF/qfUoJeF0hYf3wnqbXmtTpIHNQ0YfJ0bZMdg=";
sha256 = "sha256-x8DwcKM4yS6wiAWQXAXyVPpG0cTdo1SKAkdPb7VnMpo=";
};
nativeBuildInputs = [ unzip ];

View file

@ -40,6 +40,10 @@ stdenv.mkDerivation (rec {
--replace 'ARFLAGS="-o"' 'ARFLAGS="-r"'
'';
patches = [
./fix-configure-issue-cross.patch
];
outputs = [ "out" "dev" ]
++ lib.optional splitStaticOutput "static";
setOutputFlags = false;

View file

@ -0,0 +1,24 @@
From 05796d3d8d5546cf1b4dfe2cd72ab746afae505d Mon Sep 17 00:00:00 2001
From: Mark Adler <madler@alumni.caltech.edu>
Date: Mon, 28 Mar 2022 18:34:10 -0700
Subject: [PATCH] Fix configure issue that discarded provided CC definition.
---
configure | 3 +++
1 file changed, 3 insertions(+)
diff --git a/configure b/configure
index 52ff4a04e..3fa3e8618 100755
--- a/configure
+++ b/configure
@@ -174,7 +174,10 @@ if test -z "$CC"; then
else
cc=${CROSS_PREFIX}cc
fi
+else
+ cc=${CC}
fi
+
cflags=${CFLAGS-"-O3"}
# to force the asm version use: CFLAGS="-O3 -DASMV" ./configure
case "$cc" in

View file

@ -71,11 +71,6 @@ buildPythonPackage rec {
"test_libcurl_ssl_gnutls"
# AssertionError: assert 'crypto' in ['curl']
"test_ssl_in_static_libs"
# pycurl.error: (27, '')
"test_getinfo_raw_certinfo"
"test_request_with_certinfo"
"test_request_with_verifypeer"
"test_request_without_certinfo"
];
meta = with lib; {

View file

@ -31,7 +31,7 @@ buildPythonPackage rec {
# Patch t.p._inotify to point to libc. Without this,
# twisted.python.runtime.platform.supportsINotify() == False
patchPhase = lib.optionalString stdenv.isLinux ''
postPatch = lib.optionalString stdenv.isLinux ''
substituteInPlace src/twisted/python/_inotify.py --replace \
"ctypes.util.find_library(\"c\")" "'${stdenv.glibc.out}/lib/libc.so.6'"
'';
@ -45,13 +45,13 @@ buildPythonPackage rec {
'';
checkPhase = ''
${python.interpreter} -m unittest discover -s twisted/test
${python.interpreter} -m unittest discover -s src/twisted/test
'';
# Tests require network
doCheck = false;
meta = with lib; {
homepage = "https://twistedmatrix.com/";
homepage = "https://github.com/twisted/twisted";
description = "Twisted, an event-driven networking engine written in Python";
longDescription = ''
Twisted is an event-driven networking engine written in Python

View file

@ -69,6 +69,13 @@ stdenv.mkDerivation rec {
sha256 = "0qjq41ridyamajz9v9nyplgq7f8nn3fxw375s9sa5a0igsrx9pm0";
excludes = [ "ChangeLog" ];
})
# Fix pending upstream inclusion for linux-headers-5.17 support:
# https://github.com/linux-audit/audit-userspace/pull/253
(fetchpatch {
name = "ignore-flexible-array.patch";
url = "https://github.com/linux-audit/audit-userspace/commit/beed138222421a2eb4212d83cb889404bd7efc49.patch";
sha256 = "1hf02zaxv6x0wmn4ca9fj48y2shks7vfna43i1zz58xw9jq7sza0";
})
];
postPatch = ''

View file

@ -20,6 +20,11 @@ stdenv.mkDerivation rec {
libyamlcpp libsodium curl unixODBC openssl systemd lmdb tinycdb
];
# Configure phase requires 64-bit time_t even on 32-bit platforms.
NIX_CFLAGS_COMPILE = lib.optionals stdenv.hostPlatform.is32bit [
"-D_TIME_BITS=64" "-D_FILE_OFFSET_BITS=64"
];
configureFlags = [
"--disable-silent-rules"
"--enable-dns-over-tls"

View file

@ -11,11 +11,11 @@
stdenv.mkDerivation rec {
pname = "gzip";
version = "1.11";
version = "1.12";
src = fetchurl {
url = "mirror://gnu/gzip/${pname}-${version}.tar.xz";
sha256 = "01vrly90rvc98af6rcmrb3gwv1l6pylasvsdka23dffwizb9b6lv";
sha256 = "sha256-zl4D5Rn2N+H4FAEazjXE+HszwLur7sNbr1+9NHnpGVY=";
};
outputs = [ "out" "man" "info" ];

View file

@ -0,0 +1,30 @@
From 911714d617c106ed5d553bf003e34ec94ab6a136 Mon Sep 17 00:00:00 2001
From: Daniel Stenberg <daniel@haxx.se>
Date: Tue, 8 Mar 2022 13:38:13 +0100
Subject: [PATCH] openssl: fix CN check error code
Due to a missing 'else' this returns error too easily.
Regressed in: d15692ebb
Reported-by: Kristoffer Gleditsch
Fixes #8559
Closes #8560
---
lib/vtls/openssl.c | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a/lib/vtls/openssl.c b/lib/vtls/openssl.c
index 0b79fc50a9c5..4618beeb3867 100644
--- a/lib/vtls/openssl.c
+++ b/lib/vtls/openssl.c
@@ -1817,7 +1817,8 @@ CURLcode Curl_ossl_verifyhost(struct Curl_easy *data, struct connectdata *conn,
memcpy(peer_CN, ASN1_STRING_get0_data(tmp), peerlen);
peer_CN[peerlen] = '\0';
}
- result = CURLE_OUT_OF_MEMORY;
+ else
+ result = CURLE_OUT_OF_MEMORY;
}
}
else /* not a UTF8 name */

View file

@ -66,6 +66,7 @@ stdenv.mkDerivation rec {
patches = [
./7.79.1-darwin-no-systemconfiguration.patch
./7.82.0-openssl-fix-CN-check.patch
];
outputs = [ "bin" "dev" "out" "man" "devdoc" ];

View file

@ -6,11 +6,11 @@ in
openssh = common rec {
pname = "openssh";
version = "8.9p1";
version = "9.0p1";
src = fetchurl {
url = "mirror://openbsd/OpenSSH/portable/openssh-${version}.tar.gz";
sha256 = "sha256:1ry5prcax0134v6srkgznpl9ch5snkgq7yvjqvd8c5mbnxa7cjgx";
sha256 = "12m2f9czvgmi7akp7xah6y7mrrpi280a3ksk47iwr7hy2q1475q3";
};
extraPatches = [ ./ssh-keysign-8.5.patch ];