diff options
59 files changed, 797 insertions, 108 deletions
diff --git a/doc/builders/packages/etc-files.section.md b/doc/builders/packages/etc-files.section.md new file mode 100644 index 00000000000..2405a54634d --- /dev/null +++ b/doc/builders/packages/etc-files.section.md @@ -0,0 +1,18 @@ +# /etc files {#etc} + +Certain calls in glibc require access to runtime files found in /etc such as `/etc/protocols` or `/etc/services` -- [getprotobyname](https://linux.die.net/man/3/getprotobyname) is one such function. + +On non-NixOS distributions these files are typically provided by packages (i.e. [netbase](https://packages.debian.org/sid/netbase)) if not already pre-installed in your distribution. This can cause non-reproducibility for code if they rely on these files being present. + +If [iana-etc](https://hydra.nixos.org/job/nixos/trunk-combined/nixpkgs.iana-etc.x86_64-linux) is part of your _buildInputs_ then it will set the environment varaibles `NIX_ETC_PROTOCOLS` and `NIX_ETC_SERVICES` to the corresponding files in the package through a _setup-hook_. + + +```bash +> nix-shell -p iana-etc + +[nix-shell:~]$ env | grep NIX_ETC +NIX_ETC_SERVICES=/nix/store/aj866hr8fad8flnggwdhrldm0g799ccz-iana-etc-20210225/etc/services +NIX_ETC_PROTOCOLS=/nix/store/aj866hr8fad8flnggwdhrldm0g799ccz-iana-etc-20210225/etc/protocols +``` + +Nixpkg's version of [glibc](https://github.com/NixOS/nixpkgs/blob/master/pkgs/development/libraries/glibc/default.nix) has been patched to check for the existence of these environment variables. If the environment variable are *not set*, then it will attempt to find the files at the default location within _/etc_. diff --git a/doc/builders/packages/index.xml b/doc/builders/packages/index.xml index f5b05b0bbcc..206e1e49f1f 100644 --- a/doc/builders/packages/index.xml +++ b/doc/builders/packages/index.xml @@ -17,6 +17,7 @@ <xi:include href="kakoune.section.xml" /> <xi:include href="linux.section.xml" /> <xi:include href="locales.section.xml" /> + <xi:include href="etc-files.section.xml" /> <xi:include href="nginx.section.xml" /> <xi:include href="opengl.section.xml" /> <xi:include href="shell-helpers.section.xml" /> diff --git a/pkgs/applications/graphics/ImageMagick/7.0.nix b/pkgs/applications/graphics/ImageMagick/7.0.nix index a8af2dfba65..40c3246a095 100644 --- a/pkgs/applications/graphics/ImageMagick/7.0.nix +++ b/pkgs/applications/graphics/ImageMagick/7.0.nix @@ -1,6 +1,6 @@ { lib, stdenv, fetchFromGitHub, pkg-config, libtool , bzip2, zlib, libX11, libXext, libXt, fontconfig, freetype, ghostscript, libjpeg, djvulibre -, lcms2, openexr, libpng, liblqr1, librsvg, libtiff, libxml2, openjpeg, libwebp, libheif +, lcms2, openexr, libjxl, libpng, liblqr1, librsvg, libtiff, libxml2, openjpeg, libwebp, libheif , ApplicationServices , Foundation , testVersion, imagemagick @@ -18,13 +18,13 @@ in stdenv.mkDerivation rec { pname = "imagemagick"; - version = "7.1.0-6"; + version = "7.1.0-8"; src = fetchFromGitHub { owner = "ImageMagick"; repo = "ImageMagick"; rev = version; - sha256 = "sha256-rwaMAkbSBTdrJ+OVZfAOBIp1tmC7/TC34w5gBIe+J94="; + sha256 = "17kgq0ja3bvc6b9lq3p29pk5j3w9f66nq6d8aidnq5qs6jwm1h5c"; }; outputs = [ "out" "dev" "doc" ]; # bin/ isn't really big @@ -37,6 +37,7 @@ stdenv.mkDerivation rec { ++ (if arch != null then [ "--with-gcc-arch=${arch}" ] else [ "--without-gcc-arch" ]) ++ lib.optional (librsvg != null) "--with-rsvg" ++ lib.optional (liblqr1 != null) "--with-lqr" + ++ lib.optional (libjxl != null) "--with-jxl" ++ lib.optionals (ghostscript != null) [ "--with-gs-font-dir=${ghostscript}/share/ghostscript/fonts" "--with-gslib" @@ -49,7 +50,7 @@ stdenv.mkDerivation rec { buildInputs = [ zlib fontconfig freetype ghostscript - liblqr1 libpng libtiff libxml2 libheif djvulibre + libjxl liblqr1 libpng libtiff libxml2 libheif djvulibre ] ++ lib.optionals (!stdenv.hostPlatform.isMinGW) [ openexr librsvg openjpeg ] diff --git a/pkgs/applications/misc/xmrig/default.nix b/pkgs/applications/misc/xmrig/default.nix index c0120e33992..56c078fd9fc 100644 --- a/pkgs/applications/misc/xmrig/default.nix +++ b/pkgs/applications/misc/xmrig/default.nix @@ -4,13 +4,13 @@ stdenv.mkDerivation rec { pname = "xmrig"; - version = "6.14.1"; + version = "6.15.0"; src = fetchFromGitHub { owner = "xmrig"; repo = "xmrig"; rev = "v${version}"; - sha256 = "sha256-JJ20LKA4gnPXO6d2Cegr3I67k+ZZc69hdL1dTUIF5OM="; + sha256 = "sha256-AsYfByiI5W50T/kOhLtD/kUSwDOWMCo33OZ6WGmNcFk="; }; nativeBuildInputs = [ cmake ]; diff --git a/pkgs/build-support/bintools-wrapper/add-hardening.sh b/pkgs/build-support/bintools-wrapper/add-hardening.sh index 4d289a334b7..0a2b2509a82 100644 --- a/pkgs/build-support/bintools-wrapper/add-hardening.sh +++ b/pkgs/build-support/bintools-wrapper/add-hardening.sh @@ -37,7 +37,11 @@ fi for flag in "${!hardeningEnableMap[@]}"; do case $flag in pie) - if [[ ! ("$*" =~ " -shared " || "$*" =~ " -static " || "$*" =~ " -r " || "$*" =~ " -Ur " || "$*" =~ " -i ") ]]; then + if [[ ! (" $* " =~ " -shared " \ + || " $* " =~ " -static " \ + || " $* " =~ " -r " \ + || " $* " =~ " -Ur " \ + || " $* " =~ " -i ") ]]; then if (( "${NIX_DEBUG:-0}" >= 1 )); then echo HARDENING: enabling LDFlags -pie >&2; fi hardeningLDFlags+=('-pie') fi diff --git a/pkgs/build-support/cc-wrapper/add-hardening.sh b/pkgs/build-support/cc-wrapper/add-hardening.sh index 8e2fe6c407e..e5d296f6c9c 100644 --- a/pkgs/build-support/cc-wrapper/add-hardening.sh +++ b/pkgs/build-support/cc-wrapper/add-hardening.sh @@ -45,11 +45,12 @@ for flag in "${!hardeningEnableMap[@]}"; do hardeningCFlags+=('-fstack-protector-strong' '--param' 'ssp-buffer-size=4') ;; pie) + # NB: we do not use `+=` here, because PIE flags must occur before any PIC flags if (( "${NIX_DEBUG:-0}" >= 1 )); then echo HARDENING: enabling CFlags -fPIE >&2; fi - hardeningCFlags+=('-fPIE') - if [[ ! ("$*" =~ " -shared " || "$*" =~ " -static ") ]]; then + hardeningCFlags=('-fPIE' "${hardeningCFlags[@]}") + if [[ ! (" $* " =~ " -shared " || " $* " =~ " -static ") ]]; then if (( "${NIX_DEBUG:-0}" >= 1 )); then echo HARDENING: enabling LDFlags -pie >&2; fi - hardeningCFlags+=('-pie') + hardeningCFlags=('-pie' "${hardeningCFlags[@]}") fi ;; pic) diff --git a/pkgs/build-support/setup-hooks/auto-patchelf.sh b/pkgs/build-support/setup-hooks/auto-patchelf.sh index d310f825522..4b3a1c5c390 100644 --- a/pkgs/build-support/setup-hooks/auto-patchelf.sh +++ b/pkgs/build-support/setup-hooks/auto-patchelf.sh @@ -63,10 +63,9 @@ getRpathFromElfBinary() { # NOTE: This does not use runPatchelf because it may encounter non-ELF # files. Caller is expected to check the return code if needed. local rpath - rpath="$(patchelf --print-rpath "$1" 2> /dev/null)" || return $? + IFS=':' read -ra rpath < <(patchelf --print-rpath "$1" 2> /dev/null) || return $? - local IFS=':' - printf "%s\n" $rpath + printf "%s\n" "${rpath[@]}" } populateCacheForDep() { @@ -115,8 +114,52 @@ populateCacheWithRecursiveDeps() { done } -getSoArch() { - $OBJDUMP -f "$1" | sed -ne 's/^architecture: *\([^,]\+\).*/\1/p' +getBinArch() { + $OBJDUMP -f "$1" 2> /dev/null | sed -ne 's/^architecture: *\([^,]\+\).*/\1/p' +} + +# Returns the specific OS ABI for an ELF file in the format produced by +# readelf(1), like "UNIX - System V" or "UNIX - GNU". +getBinOsabi() { + $READELF -h "$1" 2> /dev/null | sed -ne 's/^[ \t]*OS\/ABI:[ \t]*\(.*\)/\1/p' +} + +# Tests whether two OS ABIs are compatible, taking into account the generally +# accepted compatibility of SVR4 ABI with other ABIs. +areBinOsabisCompatible() { + local wanted="$1" + local got="$2" + + if [[ -z "$wanted" || -z "$got" ]]; then + # One of the types couldn't be detected, so as a fallback we'll assume + # they're compatible. + return 0 + fi + + # Generally speaking, the base ABI (0x00), which is represented by + # readelf(1) as "UNIX - System V", indicates broad compatibility with other + # ABIs. + # + # TODO: This isn't always true. For example, some OSes embed ABI + # compatibility into SHT_NOTE sections like .note.tag and .note.ABI-tag. + # It would be prudent to add these to the detection logic to produce better + # ABI information. + if [[ "$wanted" == "UNIX - System V" ]]; then + return 0 + fi + + # Similarly here, we should be able to link against a superset of features, + # so even if the target has another ABI, this should be fine. + if [[ "$got" == "UNIX - System V" ]]; then + return 0 + fi + + # Otherwise, we simply return whether the ABIs are identical. + if [[ "$wanted" == "$got" ]]; then + return 0 + fi + + return 1 } # NOTE: If you want to use this function outside of the autoPatchelf function, @@ -127,6 +170,7 @@ getSoArch() { findDependency() { local filename="$1" local arch="$2" + local osabi="$3" local lib dep if [ $depCacheInitialised -eq 0 ]; then @@ -138,7 +182,7 @@ findDependency() { for dep in "${autoPatchelfCachedDeps[@]}"; do if [ "$filename" = "${dep##*/}" ]; then - if [ "$(getSoArch "$dep")" = "$arch" ]; then + if [ "$(getBinArch "$dep")" = "$arch" ] && areBinOsabisCompatible "$osabi" "$(getBinOsabi "$dep")"; then foundDependency="$dep" return 0 fi @@ -162,7 +206,24 @@ autoPatchelfFile() { local dep rpath="" toPatch="$1" local interpreter - interpreter="$(< "$NIX_CC/nix-support/dynamic-linker")" + interpreter="$(< "$NIX_BINTOOLS/nix-support/dynamic-linker")" + + local interpreterArch interpreterOsabi toPatchArch toPatchOsabi + interpreterArch="$(getBinArch "$interpreter")" + interpreterOsabi="$(getBinOsabi "$interpreter")" + toPatchArch="$(getBinArch "$toPatch")" + toPatchOsabi="$(getBinOsabi "$toPatch")" + + if [ "$interpreterArch" != "$toPatchArch" ]; then + # Our target architecture is different than this file's architecture, + # so skip it. + echo "skipping $toPatch because its architecture ($toPatchArch) differs from target ($interpreterArch)" >&2 + return 0 + elif ! areBinOsabisCompatible "$interpreterOsabi" "$toPatchOsabi"; then + echo "skipping $toPatch because its OS ABI ($toPatchOsabi) is not compatible with target ($interpreterOsabi)" >&2 + return 0 + fi + if isExecutable "$toPatch"; then runPatchelf --set-interpreter "$interpreter" "$toPatch" # shellcheck disable=SC2154 @@ -175,7 +236,7 @@ autoPatchelfFile() { fi local libcLib - libcLib="$(< "$NIX_CC/nix-support/orig-libc")/lib" + libcLib="$(< "$NIX_BINTOOLS/nix-support/orig-libc")/lib" echo "searching for dependencies of $toPatch" >&2 @@ -187,14 +248,21 @@ autoPatchelfFile() { # new package where you don't yet know its dependencies. for dep in $missing; do - # Check whether this library exists in libc. If so, we don't need to do - # any futher searching -- it will be resolved correctly by the linker. - if [ -f "$libcLib/$dep" ]; then + if [[ "$dep" == /* ]]; then + # This is an absolute path. If it exists, just use it. Otherwise, + # we probably want this to produce an error when checked (because + # just updating the rpath won't satisfy it). + if [ -f "$dep" ]; then + continue + fi + elif [ -f "$libcLib/$dep" ]; then + # This library exists in libc, and will be correctly resolved by + # the linker. continue fi echo -n " $dep -> " >&2 - if findDependency "$dep" "$(getSoArch "$toPatch")"; then + if findDependency "$dep" "$toPatchArch" "$toPatchOsabi"; then rpath="$rpath${rpath:+:}${foundDependency%/*}" echo "found: $foundDependency" >&2 else diff --git a/pkgs/data/misc/iana-etc/default.nix b/pkgs/data/misc/iana-etc/default.nix index 60735eb4782..29ebac848d8 100644 --- a/pkgs/data/misc/iana-etc/default.nix +++ b/pkgs/data/misc/iana-etc/default.nix @@ -1,17 +1,23 @@ -{ lib, fetchzip }: +{ lib, fetchzip, stdenvNoCC, writeText }: let version = "20210225"; -in fetchzip { +in stdenvNoCC.mkDerivation { name = "iana-etc-${version}"; - url = "https://github.com/Mic92/iana-etc/releases/download/${version}/iana-etc-${version}.tar.gz"; - sha256 = "sha256-NVvZG3EJEYOXFDTBXD5m9sg/8msyMiBMkiZr+ZxWZ/g="; + src = fetchzip { + url = "https://github.com/Mic92/iana-etc/releases/download/${version}/iana-etc-${version}.tar.gz"; + sha256 = "sha256:1bbbnj2ya0apyyhnw37521yl1hrz3zy3l8dw6sacmir0y6pmx9gi"; + }; - postFetch = '' - tar -xzvf $downloadedFile --strip-components=1 + installPhase = '' install -D -m0644 -t $out/etc services protocols ''; + setupHook = writeText "setup-hook" '' + export NIX_ETC_PROTOCOLS=@out@/etc/protocols + export NIX_ETC_SERVICES=@out@/etc/services + ''; + meta = with lib; { homepage = "https://github.com/Mic92/iana-etc"; description = "IANA protocol and port number assignments (/etc/protocols and /etc/services)"; diff --git a/pkgs/development/compilers/gcc/10/default.nix b/pkgs/development/compilers/gcc/10/default.nix index a1598d3d3f0..f9dd0465b92 100644 --- a/pkgs/development/compilers/gcc/10/default.nix +++ b/pkgs/development/compilers/gcc/10/default.nix @@ -73,7 +73,9 @@ let majorVersion = "10"; ++ optional (targetPlatform.libc == "musl" && targetPlatform.isPower) ../ppc-musl.patch # Obtain latest patch with ../update-mcfgthread-patches.sh - ++ optional (!crossStageStatic && targetPlatform.isMinGW) ./Added-mcf-thread-model-support-from-mcfgthread.patch; + ++ optional (!crossStageStatic && targetPlatform.isMinGW) ./Added-mcf-thread-model-support-from-mcfgthread.patch + + ++ [ ../libsanitizer-no-cyclades.patch ]; /* Cross-gcc settings (build == host != target) */ crossMingw = targetPlatform != hostPlatform && targetPlatform.libc == "msvcrt"; diff --git a/pkgs/development/compilers/gcc/11/default.nix b/pkgs/development/compilers/gcc/11/default.nix index 7b7f542de0c..850b267441f 100644 --- a/pkgs/development/compilers/gcc/11/default.nix +++ b/pkgs/development/compilers/gcc/11/default.nix @@ -78,7 +78,9 @@ let majorVersion = "11"; }) # Obtain latest patch with ../update-mcfgthread-patches.sh - ++ optional (!crossStageStatic && targetPlatform.isMinGW) ./Added-mcf-thread-model-support-from-mcfgthread.patch; + ++ optional (!crossStageStatic && targetPlatform.isMinGW) ./Added-mcf-thread-model-support-from-mcfgthread.patch + + ++ [ ../libsanitizer-no-cyclades.patch ]; /* Cross-gcc settings (build == host != target) */ crossMingw = targetPlatform != hostPlatform && targetPlatform.libc == "msvcrt"; diff --git a/pkgs/development/compilers/gcc/4.8/default.nix b/pkgs/development/compilers/gcc/4.8/default.nix index 98332290a07..e1c441e7afe 100644 --- a/pkgs/development/compilers/gcc/4.8/default.nix +++ b/pkgs/development/compilers/gcc/4.8/default.nix @@ -86,6 +86,13 @@ let majorVersion = "4"; ../struct-ucontext-4.8.patch ../sigsegv-not-declared.patch ../res_state-not-declared.patch + # gcc-11 compatibility + (fetchpatch { + name = "gcc4-char-reload.patch"; + url = "https://gcc.gnu.org/git/?p=gcc.git;a=commitdiff_plain;h=d57c99458933a21fdf94f508191f145ad8d5ec58"; + includes = [ "gcc/reload.h" ]; + sha256 = "sha256-66AMP7/ajunGKAN5WJz/yPn42URZ2KN51yPrFdsxEuM="; + }) ]; javaEcj = fetchurl { diff --git a/pkgs/development/compilers/gcc/4.9/default.nix b/pkgs/development/compilers/gcc/4.9/default.nix index a15cb770fdf..3b92ecddc08 100644 --- a/pkgs/development/compilers/gcc/4.9/default.nix +++ b/pkgs/development/compilers/gcc/4.9/default.nix @@ -98,7 +98,18 @@ let majorVersion = "4"; { commit = "98c7bf9ddc80db965d69d61521b1c7a1cec32d9a"; sha256 = "1d7pfdv1q23nf0wadw7jbp6d6r7pnzjpbyxgbdfv7j1vr9l1bp60"; } { commit = "3dc76b53ad896494ca62550a7a752fecbca3f7a2"; sha256 = "0jvdzfpvfdmklfcjwqblwq1i22iqis7ljpvm7adra5d7zf2xk7xz"; } { commit = "1e961ed49b18e176c7457f53df2433421387c23b"; sha256 = "04dnqqs4qsvz4g8cq6db5id41kzys7hzhcaycwmc9rpqygs2ajwz"; } - { commit = "e137c72d099f9b3b47f4cc718aa11eab14df1a9c"; sha256 = "1ms0dmz74yf6kwgjfs4d2fhj8y6mcp2n184r3jk44wx2xc24vgb2"; }]; + { commit = "e137c72d099f9b3b47f4cc718aa11eab14df1a9c"; sha256 = "1ms0dmz74yf6kwgjfs4d2fhj8y6mcp2n184r3jk44wx2xc24vgb2"; }] + + ++ [ + ../libsanitizer-no-cyclades-9.patch + # gcc-11 compatibility + (fetchpatch { + name = "gcc4-char-reload.patch"; + url = "https://gcc.gnu.org/git/?p=gcc.git;a=commitdiff_plain;h=d57c99458933a21fdf94f508191f145ad8d5ec58"; + includes = [ "gcc/reload.h" ]; + sha256 = "sha256-66AMP7/ajunGKAN5WJz/yPn42URZ2KN51yPrFdsxEuM="; + }) + ]; javaEcj = fetchurl { # The `$(top_srcdir)/ecj.jar' file is automatically picked up at diff --git a/pkgs/development/compilers/gcc/6/default.nix b/pkgs/development/compilers/gcc/6/default.nix index df4a632db05..e0ef8e31789 100644 --- a/pkgs/development/compilers/gcc/6/default.nix +++ b/pkgs/development/compilers/gcc/6/default.nix @@ -87,7 +87,9 @@ let majorVersion = "6"; ++ optional (targetPlatform.libc == "musl" && targetPlatform.isx86_32) (fetchpatch { url = "https://git.alpinelinux.org/aports/plain/main/gcc/gcc-6.1-musl-libssp.patch?id=5e4b96e23871ee28ef593b439f8c07ca7c7eb5bb"; sha256 = "1jf1ciz4gr49lwyh8knfhw6l5gvfkwzjy90m7qiwkcbsf4a3fqn2"; - }); + }) + + ++ [ ../libsanitizer-no-cyclades-9.patch ]; javaEcj = fetchurl { # The `$(top_srcdir)/ecj.jar' file is automatically picked up at diff --git a/pkgs/development/compilers/gcc/7/default.nix b/pkgs/development/compilers/gcc/7/default.nix index 44e8b38fdf8..dcb7d0b91f6 100644 --- a/pkgs/development/compilers/gcc/7/default.nix +++ b/pkgs/development/compilers/gcc/7/default.nix @@ -84,7 +84,9 @@ let majorVersion = "7"; ++ optional (targetPlatform.libc == "musl") ../libgomp-dont-force-initial-exec.patch # Obtain latest patch with ../update-mcfgthread-patches.sh - ++ optional (!crossStageStatic && targetPlatform.isMinGW) ./Added-mcf-thread-model-support-from-mcfgthread.patch; + ++ optional (!crossStageStatic && targetPlatform.isMinGW) ./Added-mcf-thread-model-support-from-mcfgthread.patch + + ++ [ ../libsanitizer-no-cyclades-9.patch ]; /* Cross-gcc settings (build == host != target) */ crossMingw = targetPlatform != hostPlatform && targetPlatform.libc == "msvcrt"; diff --git a/pkgs/development/compilers/gcc/8/default.nix b/pkgs/development/compilers/gcc/8/default.nix index b264d37418e..a6fd34c60cc 100644 --- a/pkgs/development/compilers/gcc/8/default.nix +++ b/pkgs/development/compilers/gcc/8/default.nix @@ -71,7 +71,9 @@ let majorVersion = "8"; ++ optional (targetPlatform.libc == "musl") ../libgomp-dont-force-initial-exec.patch # Obtain latest patch with ../update-mcfgthread-patches.sh - ++ optional (!crossStageStatic && targetPlatform.isMinGW) ./Added-mcf-thread-model-support-from-mcfgthread.patch; + ++ optional (!crossStageStatic && targetPlatform.isMinGW) ./Added-mcf-thread-model-support-from-mcfgthread.patch + + ++ [ ../libsanitizer-no-cyclades-9.patch ]; /* Cross-gcc settings (build == host != target) */ crossMingw = targetPlatform != hostPlatform && targetPlatform.libc == "msvcrt"; diff --git a/pkgs/development/compilers/gcc/9/default.nix b/pkgs/development/compilers/gcc/9/default.nix index 43b2e0b5ef5..604d90fa782 100644 --- a/pkgs/development/compilers/gcc/9/default.nix +++ b/pkgs/development/compilers/gcc/9/default.nix @@ -87,7 +87,9 @@ let majorVersion = "9"; ++ optional (targetPlatform.libc == "musl" && targetPlatform.isPower) ../ppc-musl.patch # Obtain latest patch with ../update-mcfgthread-patches.sh - ++ optional (!crossStageStatic && targetPlatform.isMinGW) ./Added-mcf-thread-model-support-from-mcfgthread.patch; + ++ optional (!crossStageStatic && targetPlatform.isMinGW) ./Added-mcf-thread-model-support-from-mcfgthread.patch + + ++ [ ../libsanitizer-no-cyclades-9.patch ]; /* Cross-gcc settings (build == host != target) */ crossMingw = targetPlatform != hostPlatform && targetPlatform.libc == "msvcrt"; diff --git a/pkgs/development/compilers/gcc/libsanitizer-no-cyclades-9.patch b/pkgs/development/compilers/gcc/libsanitizer-no-cyclades-9.patch new file mode 100644 index 00000000000..072403d1495 --- /dev/null +++ b/pkgs/development/compilers/gcc/libsanitizer-no-cyclades-9.patch @@ -0,0 +1,82 @@ +https://gcc.gnu.org/git/?p=gcc.git;a=patch;h=2b40941d23b1570cdd90083b58fa0f66aa58c86e +https://gcc.gnu.org/PR100379 +--- a/libsanitizer/sanitizer_common/sanitizer_common_interceptors_ioctl.inc ++++ b/libsanitizer/sanitizer_common/sanitizer_common_interceptors_ioctl.inc +@@ -365,15 +365,6 @@ static void ioctl_table_fill() { + + #if SANITIZER_LINUX && !SANITIZER_ANDROID + // _(SIOCDEVPLIP, WRITE, struct_ifreq_sz); // the same as EQL_ENSLAVE +- _(CYGETDEFTHRESH, WRITE, sizeof(int)); +- _(CYGETDEFTIMEOUT, WRITE, sizeof(int)); +- _(CYGETMON, WRITE, struct_cyclades_monitor_sz); +- _(CYGETTHRESH, WRITE, sizeof(int)); +- _(CYGETTIMEOUT, WRITE, sizeof(int)); +- _(CYSETDEFTHRESH, NONE, 0); +- _(CYSETDEFTIMEOUT, NONE, 0); +- _(CYSETTHRESH, NONE, 0); +- _(CYSETTIMEOUT, NONE, 0); + _(EQL_EMANCIPATE, WRITE, struct_ifreq_sz); + _(EQL_ENSLAVE, WRITE, struct_ifreq_sz); + _(EQL_GETMASTRCFG, WRITE, struct_ifreq_sz); +--- a/libsanitizer/sanitizer_common/sanitizer_platform_limits_posix.cc ++++ b/libsanitizer/sanitizer_common/sanitizer_platform_limits_posix.cc +@@ -157,7 +157,6 @@ typedef struct user_fpregs elf_fpregset_t; + # include <sys/procfs.h> + #endif + #include <sys/user.h> +-#include <linux/cyclades.h> + #include <linux/if_eql.h> + #include <linux/if_plip.h> + #include <linux/lp.h> +@@ -466,7 +465,6 @@ unsigned struct_ElfW_Phdr_sz = sizeof(Elf_Phdr); + + #if SANITIZER_LINUX && !SANITIZER_ANDROID + unsigned struct_ax25_parms_struct_sz = sizeof(struct ax25_parms_struct); +- unsigned struct_cyclades_monitor_sz = sizeof(struct cyclades_monitor); + #if EV_VERSION > (0x010000) + unsigned struct_input_keymap_entry_sz = sizeof(struct input_keymap_entry); + #else +@@ -833,15 +831,6 @@ unsigned struct_ElfW_Phdr_sz = sizeof(Elf_Phdr); + #endif // SANITIZER_LINUX || SANITIZER_FREEBSD + + #if SANITIZER_LINUX && !SANITIZER_ANDROID +- unsigned IOCTL_CYGETDEFTHRESH = CYGETDEFTHRESH; +- unsigned IOCTL_CYGETDEFTIMEOUT = CYGETDEFTIMEOUT; +- unsigned IOCTL_CYGETMON = CYGETMON; +- unsigned IOCTL_CYGETTHRESH = CYGETTHRESH; +- unsigned IOCTL_CYGETTIMEOUT = CYGETTIMEOUT; +- unsigned IOCTL_CYSETDEFTHRESH = CYSETDEFTHRESH; +- unsigned IOCTL_CYSETDEFTIMEOUT = CYSETDEFTIMEOUT; +- unsigned IOCTL_CYSETTHRESH = CYSETTHRESH; +- unsigned IOCTL_CYSETTIMEOUT = CYSETTIMEOUT; + unsigned IOCTL_EQL_EMANCIPATE = EQL_EMANCIPATE; + unsigned IOCTL_EQL_ENSLAVE = EQL_ENSLAVE; + unsigned IOCTL_EQL_GETMASTRCFG = EQL_GETMASTRCFG; +--- a/libsanitizer/sanitizer_common/sanitizer_platform_limits_posix.h ++++ b/libsanitizer/sanitizer_common/sanitizer_platform_limits_posix.h +@@ -1040,7 +1040,6 @@ struct __sanitizer_cookie_io_functions_t { + + #if SANITIZER_LINUX && !SANITIZER_ANDROID + extern unsigned struct_ax25_parms_struct_sz; +- extern unsigned struct_cyclades_monitor_sz; + extern unsigned struct_input_keymap_entry_sz; + extern unsigned struct_ipx_config_data_sz; + extern unsigned struct_kbdiacrs_sz; +@@ -1385,15 +1384,6 @@ struct __sanitizer_cookie_io_functions_t { + #endif // SANITIZER_LINUX || SANITIZER_FREEBSD + + #if SANITIZER_LINUX && !SANITIZER_ANDROID +- extern unsigned IOCTL_CYGETDEFTHRESH; +- extern unsigned IOCTL_CYGETDEFTIMEOUT; +- extern unsigned IOCTL_CYGETMON; +- extern unsigned IOCTL_CYGETTHRESH; +- extern unsigned IOCTL_CYGETTIMEOUT; +- extern unsigned IOCTL_CYSETDEFTHRESH; +- extern unsigned IOCTL_CYSETDEFTIMEOUT; +- extern unsigned IOCTL_CYSETTHRESH; +- extern unsigned IOCTL_CYSETTIMEOUT; + extern unsigned IOCTL_EQL_EMANCIPATE; + extern unsigned IOCTL_EQL_ENSLAVE; + extern unsigned IOCTL_EQL_GETMASTRCFG; +-- +2.27.0 diff --git a/pkgs/development/compilers/gcc/libsanitizer-no-cyclades.patch b/pkgs/development/compilers/gcc/libsanitizer-no-cyclades.patch new file mode 100644 index 00000000000..e2155cd0c98 --- /dev/null +++ b/pkgs/development/compilers/gcc/libsanitizer-no-cyclades.patch @@ -0,0 +1,83 @@ +https://gcc.gnu.org/git/?p=gcc.git;a=patch;h=2bf34b9f4e446bf9be7f04458058dd5319fb396e +https://gcc.gnu.org/PR100379 +--- a/libsanitizer/sanitizer_common/sanitizer_common_interceptors_ioctl.inc ++++ b/libsanitizer/sanitizer_common/sanitizer_common_interceptors_ioctl.inc +@@ -366,15 +366,6 @@ static void ioctl_table_fill() { + + #if SANITIZER_LINUX && !SANITIZER_ANDROID + // _(SIOCDEVPLIP, WRITE, struct_ifreq_sz); // the same as EQL_ENSLAVE +- _(CYGETDEFTHRESH, WRITE, sizeof(int)); +- _(CYGETDEFTIMEOUT, WRITE, sizeof(int)); +- _(CYGETMON, WRITE, struct_cyclades_monitor_sz); +- _(CYGETTHRESH, WRITE, sizeof(int)); +- _(CYGETTIMEOUT, WRITE, sizeof(int)); +- _(CYSETDEFTHRESH, NONE, 0); +- _(CYSETDEFTIMEOUT, NONE, 0); +- _(CYSETTHRESH, NONE, 0); +- _(CYSETTIMEOUT, NONE, 0); + _(EQL_EMANCIPATE, WRITE, struct_ifreq_sz); + _(EQL_ENSLAVE, WRITE, struct_ifreq_sz); + _(EQL_GETMASTRCFG, WRITE, struct_ifreq_sz); +--- a/libsanitizer/sanitizer_common/sanitizer_platform_limits_posix.cpp ++++ b/libsanitizer/sanitizer_common/sanitizer_platform_limits_posix.cpp +@@ -130,7 +130,6 @@ typedef struct user_fpregs elf_fpregset_t; + # include <sys/procfs.h> + #endif + #include <sys/user.h> +-#include <linux/cyclades.h> + #include <linux/if_eql.h> + #include <linux/if_plip.h> + #include <linux/lp.h> +@@ -443,7 +442,6 @@ unsigned struct_ElfW_Phdr_sz = sizeof(Elf_Phdr); + + #if SANITIZER_LINUX && !SANITIZER_ANDROID + unsigned struct_ax25_parms_struct_sz = sizeof(struct ax25_parms_struct); +- unsigned struct_cyclades_monitor_sz = sizeof(struct cyclades_monitor); + #if EV_VERSION > (0x010000) + unsigned struct_input_keymap_entry_sz = sizeof(struct input_keymap_entry); + #else +@@ -809,15 +807,6 @@ unsigned struct_ElfW_Phdr_sz = sizeof(Elf_Phdr); + #endif // SANITIZER_LINUX + + #if SANITIZER_LINUX && !SANITIZER_ANDROID +- unsigned IOCTL_CYGETDEFTHRESH = CYGETDEFTHRESH; +- unsigned IOCTL_CYGETDEFTIMEOUT = CYGETDEFTIMEOUT; +- unsigned IOCTL_CYGETMON = CYGETMON; +- unsigned IOCTL_CYGETTHRESH = CYGETTHRESH; +- unsigned IOCTL_CYGETTIMEOUT = CYGETTIMEOUT; +- unsigned IOCTL_CYSETDEFTHRESH = CYSETDEFTHRESH; +- unsigned IOCTL_CYSETDEFTIMEOUT = CYSETDEFTIMEOUT; +- unsigned IOCTL_CYSETTHRESH = CYSETTHRESH; +- unsigned IOCTL_CYSETTIMEOUT = CYSETTIMEOUT; + unsigned IOCTL_EQL_EMANCIPATE = EQL_EMANCIPATE; + unsigned IOCTL_EQL_ENSLAVE = EQL_ENSLAVE; + unsigned IOCTL_EQL_GETMASTRCFG = EQL_GETMASTRCFG; +--- a/libsanitizer/sanitizer_common/sanitizer_platform_limits_posix.h ++++ b/libsanitizer/sanitizer_common/sanitizer_platform_limits_posix.h +@@ -974,7 +974,6 @@ extern unsigned struct_vt_mode_sz; + + #if SANITIZER_LINUX && !SANITIZER_ANDROID + extern unsigned struct_ax25_parms_struct_sz; +-extern unsigned struct_cyclades_monitor_sz; + extern unsigned struct_input_keymap_entry_sz; + extern unsigned struct_ipx_config_data_sz; + extern unsigned struct_kbdiacrs_sz; +@@ -1319,15 +1318,6 @@ extern unsigned IOCTL_VT_WAITACTIVE; + #endif // SANITIZER_LINUX + + #if SANITIZER_LINUX && !SANITIZER_ANDROID +-extern unsigned IOCTL_CYGETDEFTHRESH; +-extern unsigned IOCTL_CYGETDEFTIMEOUT; +-extern unsigned IOCTL_CYGETMON; +-extern unsigned IOCTL_CYGETTHRESH; +-extern unsigned IOCTL_CYGETTIMEOUT; +-extern unsigned IOCTL_CYSETDEFTHRESH; +-extern unsigned IOCTL_CYSETDEFTIMEOUT; +-extern unsigned IOCTL_CYSETTHRESH; +-extern unsigned IOCTL_CYSETTIMEOUT; + extern unsigned IOCTL_EQL_EMANCIPATE; + extern unsigned IOCTL_EQL_ENSLAVE; + extern unsigned IOCTL_EQL_GETMASTRCFG; +-- +2.33.0 + diff --git a/pkgs/development/compilers/llvm/10/compiler-rt/default.nix b/pkgs/development/compilers/llvm/10/compiler-rt/default.nix index faba5d97b79..657a465a3fe 100644 --- a/pkgs/development/compilers/llvm/10/compiler-rt/default.nix +++ b/pkgs/development/compilers/llvm/10/compiler-rt/default.nix @@ -57,6 +57,7 @@ stdenv.mkDerivation { ./codesign.patch # Revert compiler-rt commit that makes codesign mandatory ./find-darwin-sdk-version.patch # don't test for macOS being >= 10.15 ./gnu-install-dirs.patch + ../../common/compiler-rt/libsanitizer-no-cyclades-11.patch ]# ++ lib.optional stdenv.hostPlatform.isMusl ./sanitizers-nongnu.patch ++ lib.optional stdenv.hostPlatform.isAarch32 ./armv7l.patch; diff --git a/pkgs/development/compilers/llvm/11/compiler-rt/default.nix b/pkgs/development/compilers/llvm/11/compiler-rt/default.nix index e5b79692ae2..1111f14f9be 100644 --- a/pkgs/development/compilers/llvm/11/compiler-rt/default.nix +++ b/pkgs/development/compilers/llvm/11/compiler-rt/default.nix @@ -58,6 +58,7 @@ stdenv.mkDerivation { # ld-wrapper dislikes `-rpath-link //nix/store`, so we normalize away the # extra `/`. ./normalize-var.patch + ../../common/compiler-rt/libsanitizer-no-cyclades-11.patch ]# ++ lib.optional stdenv.hostPlatform.isMusl ./sanitizers-nongnu.patch ++ lib.optional stdenv.hostPlatform.isAarch32 ./armv7l.patch; diff --git a/pkgs/development/compilers/llvm/5/compiler-rt/default.nix b/pkgs/development/compilers/llvm/5/compiler-rt/default.nix index 9f937ed140f..c684437cefd 100644 --- a/pkgs/development/compilers/llvm/5/compiler-rt/default.nix +++ b/pkgs/development/compilers/llvm/5/compiler-rt/default.nix @@ -57,7 +57,8 @@ stdenv.mkDerivation { ./gnu-install-dirs.patch ] ++ lib.optional stdenv.hostPlatform.isMusl ./sanitizers-nongnu.patch ++ lib.optional (stdenv.hostPlatform.libc == "glibc") ./sys-ustat.patch - ++ lib.optional stdenv.hostPlatform.isAarch32 ./armv7l.patch; + ++ lib.optional stdenv.hostPlatform.isAarch32 ./armv7l.patch + ++ [ ../../common/compiler-rt/libsanitizer-no-cyclades-9.patch ]; # TSAN requires XPC on Darwin, which we have no public/free source files for. We can depend on the Apple frameworks # to get it, but they're unfree. Since LLVM is rather central to the stdenv, we patch out TSAN support so that Hydra diff --git a/pkgs/development/compilers/llvm/5/llvm/default.nix b/pkgs/development/compilers/llvm/5/llvm/default.nix index 54fd783a7c2..6388cd65fbf 100644 --- a/pkgs/development/compilers/llvm/5/llvm/default.nix +++ b/pkgs/development/compilers/llvm/5/llvm/default.nix @@ -82,6 +82,9 @@ stdenv.mkDerivation ({ substituteInPlace unittests/Support/CMakeLists.txt \ --replace "Path.cpp" "" rm unittests/Support/Path.cpp + + # llvm-5 does not support dwarf-5 style info, fails on gcc-11. + rm test/tools/llvm-symbolizer/print_context.c '' + optionalString stdenv.isAarch64 '' patch -p0 < ${../../aarch64.patch} '' + optionalString stdenv.hostPlatform.isMusl '' diff --git a/pkgs/development/compilers/llvm/6/compiler-rt/default.nix b/pkgs/development/compilers/llvm/6/compiler-rt/default.nix index 7ee0943a888..74c17fd3e64 100644 --- a/pkgs/development/compilers/llvm/6/compiler-rt/default.nix +++ b/pkgs/development/compilers/llvm/6/compiler-rt/default.nix @@ -55,6 +55,7 @@ stdenv.mkDerivation { # https://github.com/llvm/llvm-project/commit/947f9692440836dcb8d88b74b69dd379d85974ce ../../common/compiler-rt/glibc.patch ./gnu-install-dirs.patch + ../../common/compiler-rt/libsanitizer-no-cyclades-9.patch ] ++ lib.optional stdenv.hostPlatform.isMusl ./sanitizers-nongnu.patch ++ lib.optional stdenv.hostPlatform.isAarch32 ./armv7l.patch; diff --git a/pkgs/development/compilers/llvm/7/compiler-rt/default.nix b/pkgs/development/compilers/llvm/7/compiler-rt/default.nix index f6190b79918..6ea1280a403 100644 --- a/pkgs/development/compilers/llvm/7/compiler-rt/default.nix +++ b/pkgs/development/compilers/llvm/7/compiler-rt/default.nix @@ -57,6 +57,7 @@ stdenv.mkDerivation { ../../common/compiler-rt/glibc.patch ./codesign.patch # Revert compiler-rt commit that makes codesign mandatory ./gnu-install-dirs.patch + ../../common/compiler-rt/libsanitizer-no-cyclades-9.patch ] ++ lib.optional (useLLVM) ./crtbegin-and-end.patch ++ lib.optional stdenv.hostPlatform.isMusl ./sanitizers-nongnu.patch ++ lib.optional stdenv.hostPlatform.isAarch32 ./armv7l.patch; diff --git a/pkgs/development/compilers/llvm/8/compiler-rt/default.nix b/pkgs/development/compilers/llvm/8/compiler-rt/default.nix index bbaae803738..62672b336ff 100644 --- a/pkgs/development/compilers/llvm/8/compiler-rt/default.nix +++ b/pkgs/development/compilers/llvm/8/compiler-rt/default.nix @@ -57,6 +57,7 @@ stdenv.mkDerivation { ../../common/compiler-rt/glibc.patch ./codesign.patch # Revert compiler-rt commit that makes codesign mandatory ./gnu-install-dirs.patch + ../../common/compiler-rt/libsanitizer-no-cyclades-9.patch ]# ++ lib.optional stdenv.hostPlatform.isMusl ./sanitizers-nongnu.patch ++ lib.optional (useLLVM) ./crtbegin-and-end.patch ++ lib.optional stdenv.hostPlatform.isAarch32 ./armv7l.patch; diff --git a/pkgs/development/compilers/llvm/9/compiler-rt/default.nix b/pkgs/development/compilers/llvm/9/compiler-rt/default.nix index 4dc75bd1c14..83a75f516a0 100644 --- a/pkgs/development/compilers/llvm/9/compiler-rt/default.nix +++ b/pkgs/development/compilers/llvm/9/compiler-rt/default.nix @@ -57,6 +57,7 @@ stdenv.mkDerivation { ../../common/compiler-rt/glibc.patch ./codesign.patch # Revert compiler-rt commit that makes codesign mandatory ./gnu-install-dirs.patch + ../../common/compiler-rt/libsanitizer-no-cyclades-9.patch ]# ++ lib.optional stdenv.hostPlatform.isMusl ./sanitizers-nongnu.patch ++ lib.optional stdenv.hostPlatform.isAarch32 ./armv7l.patch; diff --git a/pkgs/development/compilers/llvm/common/compiler-rt/libsanitizer-no-cyclades-11.patch b/pkgs/development/compilers/llvm/common/compiler-rt/libsanitizer-no-cyclades-11.patch new file mode 100644 index 00000000000..890230cc14e --- /dev/null +++ b/pkgs/development/compilers/llvm/common/compiler-rt/libsanitizer-no-cyclades-11.patch @@ -0,0 +1,80 @@ +https://github.com/llvm/llvm-project/commit/68d5235cb58f988c71b403334cd9482d663841ab.patch +https://reviews.llvm.org/D102059 +--- a/lib/sanitizer_common/sanitizer_common_interceptors_ioctl.inc ++++ b/lib/sanitizer_common/sanitizer_common_interceptors_ioctl.inc +@@ -370,15 +370,6 @@ static void ioctl_table_fill() { + + #if SANITIZER_GLIBC + // _(SIOCDEVPLIP, WRITE, struct_ifreq_sz); // the same as EQL_ENSLAVE +- _(CYGETDEFTHRESH, WRITE, sizeof(int)); +- _(CYGETDEFTIMEOUT, WRITE, sizeof(int)); +- _(CYGETMON, WRITE, struct_cyclades_monitor_sz); +- _(CYGETTHRESH, WRITE, sizeof(int)); +- _(CYGETTIMEOUT, WRITE, sizeof(int)); +- _(CYSETDEFTHRESH, NONE, 0); +- _(CYSETDEFTIMEOUT, NONE, 0); +- _(CYSETTHRESH, NONE, 0); +- _(CYSETTIMEOUT, NONE, 0); + _(EQL_EMANCIPATE, WRITE, struct_ifreq_sz); + _(EQL_ENSLAVE, WRITE, struct_ifreq_sz); + _(EQL_GETMASTRCFG, WRITE, struct_ifreq_sz); +--- a/lib/sanitizer_common/sanitizer_platform_limits_posix.cpp ++++ b/lib/sanitizer_common/sanitizer_platform_limits_posix.cpp +@@ -143,7 +143,6 @@ typedef struct user_fpregs elf_fpregset_t; + # include <sys/procfs.h> + #endif + #include <sys/user.h> +-#include <linux/cyclades.h> + #include <linux/if_eql.h> + #include <linux/if_plip.h> + #include <linux/lp.h> +@@ -460,7 +459,6 @@ unsigned struct_ElfW_Phdr_sz = sizeof(Elf_Phdr); + + #if SANITIZER_GLIBC + unsigned struct_ax25_parms_struct_sz = sizeof(struct ax25_parms_struct); +- unsigned struct_cyclades_monitor_sz = sizeof(struct cyclades_monitor); + #if EV_VERSION > (0x010000) + unsigned struct_input_keymap_entry_sz = sizeof(struct input_keymap_entry); + #else +@@ -824,15 +822,6 @@ unsigned struct_ElfW_Phdr_sz = sizeof(Elf_Phdr); + #endif // SANITIZER_LINUX + + #if SANITIZER_LINUX && !SANITIZER_ANDROID +- unsigned IOCTL_CYGETDEFTHRESH = CYGETDEFTHRESH; +- unsigned IOCTL_CYGETDEFTIMEOUT = CYGETDEFTIMEOUT; +- unsigned IOCTL_CYGETMON = CYGETMON; +- unsigned IOCTL_CYGETTHRESH = CYGETTHRESH; +- unsigned IOCTL_CYGETTIMEOUT = CYGETTIMEOUT; +- unsigned IOCTL_CYSETDEFTHRESH = CYSETDEFTHRESH; +- unsigned IOCTL_CYSETDEFTIMEOUT = CYSETDEFTIMEOUT; +- unsigned IOCTL_CYSETTHRESH = CYSETTHRESH; +- unsigned IOCTL_CYSETTIMEOUT = CYSETTIMEOUT; + unsigned IOCTL_EQL_EMANCIPATE = EQL_EMANCIPATE; + unsigned IOCTL_EQL_ENSLAVE = EQL_ENSLAVE; + unsigned IOCTL_EQL_GETMASTRCFG = EQL_GETMASTRCFG; +--- a/lib/sanitizer_common/sanitizer_platform_limits_posix.h ++++ b/lib/sanitizer_common/sanitizer_platform_limits_posix.h +@@ -983,7 +983,6 @@ extern unsigned struct_vt_mode_sz; + + #if SANITIZER_LINUX && !SANITIZER_ANDROID + extern unsigned struct_ax25_parms_struct_sz; +-extern unsigned struct_cyclades_monitor_sz; + extern unsigned struct_input_keymap_entry_sz; + extern unsigned struct_ipx_config_data_sz; + extern unsigned struct_kbdiacrs_sz; +@@ -1328,15 +1327,6 @@ extern unsigned IOCTL_VT_WAITACTIVE; + #endif // SANITIZER_LINUX + + #if SANITIZER_LINUX && !SANITIZER_ANDROID +-extern unsigned IOCTL_CYGETDEFTHRESH; +-extern unsigned IOCTL_CYGETDEFTIMEOUT; +-extern unsigned IOCTL_CYGETMON; +-extern unsigned IOCTL_CYGETTHRESH; +-extern unsigned IOCTL_CYGETTIMEOUT; +-extern unsigned IOCTL_CYSETDEFTHRESH; +-extern unsigned IOCTL_CYSETDEFTIMEOUT; +-extern unsigned IOCTL_CYSETTHRESH; +-extern unsigned IOCTL_CYSETTIMEOUT; + extern unsigned IOCTL_EQL_EMANCIPATE; + extern unsigned IOCTL_EQL_ENSLAVE; + extern unsigned IOCTL_EQL_GETMASTRCFG; diff --git a/pkgs/development/compilers/llvm/common/compiler-rt/libsanitizer-no-cyclades-9.patch b/pkgs/development/compilers/llvm/common/compiler-rt/libsanitizer-no-cyclades-9.patch new file mode 100644 index 00000000000..7ef02a16926 --- /dev/null +++ b/pkgs/development/compilers/llvm/common/compiler-rt/libsanitizer-no-cyclades-9.patch @@ -0,0 +1,80 @@ +https://github.com/llvm/llvm-project/commit/68d5235cb58f988c71b403334cd9482d663841ab.patch +https://reviews.llvm.org/D102059 +--- a/lib/sanitizer_common/sanitizer_common_interceptors_ioctl.inc ++++ b/lib/sanitizer_common/sanitizer_common_interceptors_ioctl.inc +@@ -370,15 +370,6 @@ static void ioctl_table_fill() { + + #if SANITIZER_GLIBC + // _(SIOCDEVPLIP, WRITE, struct_ifreq_sz); // the same as EQL_ENSLAVE +- _(CYGETDEFTHRESH, WRITE, sizeof(int)); +- _(CYGETDEFTIMEOUT, WRITE, sizeof(int)); +- _(CYGETMON, WRITE, struct_cyclades_monitor_sz); +- _(CYGETTHRESH, WRITE, sizeof(int)); +- _(CYGETTIMEOUT, WRITE, sizeof(int)); +- _(CYSETDEFTHRESH, NONE, 0); +- _(CYSETDEFTIMEOUT, NONE, 0); +- _(CYSETTHRESH, NONE, 0); +- _(CYSETTIMEOUT, NONE, 0); + _(EQL_EMANCIPATE, WRITE, struct_ifreq_sz); + _(EQL_ENSLAVE, WRITE, struct_ifreq_sz); + _(EQL_GETMASTRCFG, WRITE, struct_ifreq_sz); +--- a/lib/sanitizer_common/sanitizer_platform_limits_posix.cc ++++ b/lib/sanitizer_common/sanitizer_platform_limits_posix.cc +@@ -143,7 +143,6 @@ typedef struct user_fpregs elf_fpregset_t; + # include <sys/procfs.h> + #endif + #include <sys/user.h> +-#include <linux/cyclades.h> + #include <linux/if_eql.h> + #include <linux/if_plip.h> + #include <linux/lp.h> +@@ -460,7 +459,6 @@ unsigned struct_ElfW_Phdr_sz = sizeof(Elf_Phdr); + + #if SANITIZER_GLIBC + unsigned struct_ax25_parms_struct_sz = sizeof(struct ax25_parms_struct); +- unsigned struct_cyclades_monitor_sz = sizeof(struct cyclades_monitor); + #if EV_VERSION > (0x010000) + unsigned struct_input_keymap_entry_sz = sizeof(struct input_keymap_entry); + #else +@@ -824,15 +822,6 @@ unsigned struct_ElfW_Phdr_sz = sizeof(Elf_Phdr); + #endif // SANITIZER_LINUX + + #if SANITIZER_LINUX && !SANITIZER_ANDROID +- unsigned IOCTL_CYGETDEFTHRESH = CYGETDEFTHRESH; +- unsigned IOCTL_CYGETDEFTIMEOUT = CYGETDEFTIMEOUT; +- unsigned IOCTL_CYGETMON = CYGETMON; +- unsigned IOCTL_CYGETTHRESH = CYGETTHRESH; +- unsigned IOCTL_CYGETTIMEOUT = CYGETTIMEOUT; +- unsigned IOCTL_CYSETDEFTHRESH = CYSETDEFTHRESH; +- unsigned IOCTL_CYSETDEFTIMEOUT = CYSETDEFTIMEOUT; +- unsigned IOCTL_CYSETTHRESH = CYSETTHRESH; +- unsigned IOCTL_CYSETTIMEOUT = CYSETTIMEOUT; + unsigned IOCTL_EQL_EMANCIPATE = EQL_EMANCIPATE; + unsigned IOCTL_EQL_ENSLAVE = EQL_ENSLAVE; + unsigned IOCTL_EQL_GETMASTRCFG = EQL_GETMASTRCFG; +--- a/lib/sanitizer_common/sanitizer_platform_limits_posix.h ++++ b/lib/sanitizer_common/sanitizer_platform_limits_posix.h +@@ -983,7 +983,6 @@ extern unsigned struct_vt_mode_sz; + + #if SANITIZER_LINUX && !SANITIZER_ANDROID + extern unsigned struct_ax25_parms_struct_sz; +- extern unsigned struct_cyclades_monitor_sz; + extern unsigned struct_input_keymap_entry_sz; + extern unsigned struct_ipx_config_data_sz; + extern unsigned struct_kbdiacrs_sz; +@@ -1328,15 +1327,6 @@ extern unsigned IOCTL_VT_WAITACTIVE; + #endif // SANITIZER_LINUX + + #if SANITIZER_LINUX && !SANITIZER_ANDROID +- extern unsigned IOCTL_CYGETDEFTHRESH; +- extern unsigned IOCTL_CYGETDEFTIMEOUT; +- extern unsigned IOCTL_CYGETMON; +- extern unsigned IOCTL_CYGETTHRESH; +- extern unsigned IOCTL_CYGETTIMEOUT; +- extern unsigned IOCTL_CYSETDEFTHRESH; +- extern unsigned IOCTL_CYSETDEFTIMEOUT; +- extern unsigned IOCTL_CYSETTHRESH; +- extern unsigned IOCTL_CYSETTIMEOUT; + extern unsigned IOCTL_EQL_EMANCIPATE; + extern unsigned IOCTL_EQL_ENSLAVE; + extern unsigned IOCTL_EQL_GETMASTRCFG; diff --git a/pkgs/development/interpreters/python/cpython/default.nix b/pkgs/development/interpreters/python/cpython/default.nix index 353535ed682..7bb2bb28893 100644 --- a/pkgs/development/interpreters/python/cpython/default.nix +++ b/pkgs/development/interpreters/python/cpython/default.nix @@ -45,9 +45,7 @@ # enableLTO is a subset of the enableOptimizations flag that doesn't harm reproducibility. # enabling LTO on 32bit arch causes downstream packages to fail when linking # enabling LTO on *-darwin causes python3 to fail when linking. -# enabling LTO with musl and dynamic linking fails with a linker error although it should -# be possible as alpine is doing it: https://github.com/alpinelinux/aports/blob/a8ccb04668c7729e0f0db6c6ff5f25d7519e779b/main/python3/APKBUILD#L82 -, enableLTO ? stdenv.is64bit && stdenv.isLinux && !(stdenv.hostPlatform.isMusl && !stdenv.hostPlatform.isStatic) +, enableLTO ? stdenv.is64bit && stdenv.isLinux , reproducibleBuild ? false , pythonAttr ? "python${sourceVersion.major}${sourceVersion.minor}" }: diff --git a/pkgs/development/libraries/freeglut/default.nix b/pkgs/development/libraries/freeglut/default.nix index ecdc1c19ff1..0e81e2188af 100644 --- a/pkgs/development/libraries/freeglut/default.nix +++ b/pkgs/development/libraries/freeglut/default.nix @@ -1,4 +1,4 @@ -{ lib, stdenv, fetchurl, libXi, libXrandr, libXxf86vm, libGL, libGLU, xlibsWrapper, cmake }: +{ lib, stdenv, fetchurl, fetchpatch, libXi, libXrandr, libXxf86vm, libGL, libGLU, xlibsWrapper, cmake }: stdenv.mkDerivation rec { pname = "freeglut"; @@ -9,6 +9,15 @@ stdenv.mkDerivation rec { sha256 = "0s6sk49q8ijgbsrrryb7dzqx2fa744jhx1wck5cz5jia2010w06l"; }; + patches = [ + (fetchpatch { + # upstream build fix against -fno-common compilers like >=gcc-10 + url = "https://github.com/dcnieho/FreeGLUT/commit/b9998bbc1e1c329f6bf69c24606a2be7a4973b8c.patch"; + sha256 = "0j43vrnm22mz3r3c43szgcnil19cx9vcydzky9gwzqlyacr51swd"; + stripLen = 2; + }) + ]; + outputs = [ "out" "dev" ]; nativeBuildInputs = [ cmake ]; diff --git a/pkgs/development/libraries/gd/default.nix b/pkgs/development/libraries/gd/default.nix index 36a93095603..3a64cc56397 100644 --- a/pkgs/development/libraries/gd/default.nix +++ b/pkgs/development/libraries/gd/default.nix @@ -14,25 +14,19 @@ stdenv.mkDerivation rec { pname = "gd"; - version = "2.3.0"; + version = "2.3.2"; src = fetchurl { url = "https://github.com/libgd/libgd/releases/download/${pname}-${version}/libgd-${version}.tar.xz"; - sha256 = "0n5czhxzinvjvmhkf5l9fwjdx5ip69k5k7pj6zwb6zs1k9dibngc"; + sha256 = "1yypywkh8vphcy4qqpf51kxpb0a3r7rjqk3fc61rpn70hiq092j7"; }; hardeningDisable = [ "format" ]; patches = [ - # Fixes an issue where some other packages would fail to build - # their documentation with an error like: - # "Error: Problem doing text layout" - # - # Can be removed if Wayland can still be built successfully with - # documentation. (fetchpatch { - url = "https://github.com/libgd/libgd/commit/3dd0e308cbd2c24fde2fc9e9b707181252a2de95.patch"; - excludes = [ "tests/gdimagestringft/.gitignore" ]; - sha256 = "12iqlanl9czig9d7c3rvizrigw2iacimnmimfcny392dv9iazhl1"; + name = "CVE-2021-40812.partial.patch"; + url = "https://github.com/libgd/libgd/commit/6f5136821be86e7068fcdf651ae9420b5d42e9a9.patch"; + sha256 = "11rvhd23bl05ksj8z39hwrhqqjm66svr4hl3y230wrc64rvnd2d2"; }) ]; diff --git a/pkgs/development/libraries/glib/default.nix b/pkgs/development/libraries/glib/default.nix index edb37d2ddd3..679a91d1bc3 100644 --- a/pkgs/development/libraries/glib/default.nix +++ b/pkgs/development/libraries/glib/default.nix @@ -134,8 +134,6 @@ stdenv.mkDerivation rec { "-DG_DISABLE_CAST_CHECKS" ]; - hardeningDisable = [ "pie" ]; - postPatch = '' chmod +x gio/tests/gengiotypefuncs.py patchShebangs gio/tests/gengiotypefuncs.py diff --git a/pkgs/development/libraries/glibc/common.nix b/pkgs/development/libraries/glibc/common.nix index fe8fd6d80c6..a715ba752ec 100644 --- a/pkgs/development/libraries/glibc/common.nix +++ b/pkgs/development/libraries/glibc/common.nix @@ -120,6 +120,9 @@ stdenv.mkDerivation ({ }) ./fix-x64-abi.patch + + /* https://github.com/NixOS/nixpkgs/pull/137601 */ + ./nix-nss-open-files.patch ] ++ lib.optional stdenv.hostPlatform.isMusl ./fix-rpc-types-musl-conflicts.patch ++ lib.optional stdenv.buildPlatform.isDarwin ./darwin-cross-build.patch; diff --git a/pkgs/development/libraries/glibc/nix-nss-open-files.patch b/pkgs/development/libraries/glibc/nix-nss-open-files.patch new file mode 100644 index 00000000000..9a515c4662e --- /dev/null +++ b/pkgs/development/libraries/glibc/nix-nss-open-files.patch @@ -0,0 +1,51 @@ +diff --git a/nss/nss_files/files-XXX.c b/nss/nss_files/files-XXX.c +index 1db9e46127..3a567e0224 100644 +--- a/nss/nss_files/files-XXX.c ++++ b/nss/nss_files/files-XXX.c +@@ -75,8 +75,20 @@ internal_setent (FILE **stream) + + if (*stream == NULL) + { +- *stream = __nss_files_fopen (DATAFILE); +- ++ const char *file = DATAFILE; ++ ++ #ifdef NIX_DATAFILE ++ // use the Nix environment variable such as `NIX_ETC_PROTOCOLS` ++ char *path = secure_getenv (NIX_DATAFILE); ++ ++ // if the environment variable is set, then read from the /nix/store entry instead ++ if (path && path[0]) { ++ file = path; ++ } ++ #endif ++ ++ *stream = __nss_files_fopen (file); ++ + if (*stream == NULL) + status = errno == EAGAIN ? NSS_STATUS_TRYAGAIN : NSS_STATUS_UNAVAIL; + } +diff --git a/nss/nss_files/files-proto.c b/nss/nss_files/files-proto.c +index c30bedc0aa..b321e68d3c 100644 +--- a/nss/nss_files/files-proto.c ++++ b/nss/nss_files/files-proto.c +@@ -23,6 +23,7 @@ NSS_DECLARE_MODULE_FUNCTIONS (files) + + #define ENTNAME protoent + #define DATABASE "protocols" ++#define NIX_DATAFILE "NIX_ETC_PROTOCOLS" + + struct protoent_data {}; + +diff --git a/nss/nss_files/files-service.c b/nss/nss_files/files-service.c +index bfc2590699..0bff36aee5 100644 +--- a/nss/nss_files/files-service.c ++++ b/nss/nss_files/files-service.c +@@ -24,6 +24,7 @@ NSS_DECLARE_MODULE_FUNCTIONS (files) + + #define ENTNAME servent + #define DATABASE "services" ++#define NIX_DATAFILE "NIX_ETC_SERVICES" + + struct servent_data {}; + diff --git a/pkgs/development/libraries/libiscsi/default.nix b/pkgs/development/libraries/libiscsi/default.nix index 6dd23d219d9..3cc2e0eee8c 100644 --- a/pkgs/development/libraries/libiscsi/default.nix +++ b/pkgs/development/libraries/libiscsi/default.nix @@ -13,10 +13,6 @@ stdenv.mkDerivation rec { nativeBuildInputs = [ autoreconfHook ]; - # This can be removed after >=1.20.0, or if the build suceeds with - # pie enabled (default on Musl). - hardeningDisable = [ "pie" ]; - # This problem is gone on libiscsi master. NIX_CFLAGS_COMPILE = lib.optional stdenv.hostPlatform.is32bit "-Wno-error=sign-compare"; diff --git a/pkgs/development/libraries/libunwind/default.nix b/pkgs/development/libraries/libunwind/default.nix index bda7f72a557..643752da1dc 100644 --- a/pkgs/development/libraries/libunwind/default.nix +++ b/pkgs/development/libraries/libunwind/default.nix @@ -1,4 +1,4 @@ -{ stdenv, lib, fetchurl, autoreconfHook, xz, coreutils }: +{ stdenv, lib, fetchurl, fetchpatch, autoreconfHook, xz, coreutils }: stdenv.mkDerivation rec { pname = "libunwind"; @@ -9,7 +9,15 @@ stdenv.mkDerivation rec { sha256 = "0dc46flppifrv2z0mrdqi60165ghxm1wk0g47vcbyzjdplqwjnfz"; }; - patches = [ ./backtrace-only-with-glibc.patch ]; + patches = [ + ./backtrace-only-with-glibc.patch + + (fetchpatch { + # upstream build fix against -fno-common compilers like >=gcc-10 + url = "https://github.com/libunwind/libunwind/commit/29e17d8d2ccbca07c423e3089a6d5ae8a1c9cb6e.patch"; + sha256 = "1angwfq6h0jskg6zx8g6w9min38g5mgmrcbppcy5hqn59cgsxbw0"; + }) + ]; postPatch = lib.optionalString stdenv.hostPlatform.isMusl '' substituteInPlace configure.ac --replace "-lgcc_s" "-lgcc_eh" diff --git a/pkgs/development/libraries/libva/default.nix b/pkgs/development/libraries/libva/default.nix index 2d418638519..10f90a16c92 100644 --- a/pkgs/development/libraries/libva/default.nix +++ b/pkgs/development/libraries/libva/default.nix @@ -7,13 +7,13 @@ stdenv.mkDerivation rec { pname = "libva" + lib.optionalString minimal "minimal"; - version = "2.12.0"; + version = "2.13.0"; src = fetchFromGitHub { owner = "intel"; repo = "libva"; rev = version; - sha256 = "1zfv4kjx0715sy62lkpv0s31f9xwy232z5zwqi5all4w1jr630i7"; + sha256 = "0vsvli3xc0gqqp06p7wkm973lhr7c5qgnyz5jfjmf8kv75rajazp"; }; outputs = [ "dev" "out" ]; diff --git a/pkgs/development/libraries/mesa/default.nix b/pkgs/development/libraries/mesa/default.nix index 81d553547c3..15e7d497f66 100644 --- a/pkgs/development/libraries/mesa/default.nix +++ b/pkgs/development/libraries/mesa/default.nix @@ -13,6 +13,8 @@ , withValgrind ? !stdenv.isDarwin && lib.meta.availableOn stdenv.hostPlatform valgrind-light, valgrind-light , enableGalliumNine ? stdenv.isLinux , enableOSMesa ? stdenv.isLinux +, enableOpenCL ? stdenv.isLinux && stdenv.isx86_64 +, libclc }: /** Packaging design: @@ -53,7 +55,7 @@ self = stdenv.mkDerivation { # ~35 MB in $drivers; watch https://launchpad.net/ubuntu/+source/mesa/+changelog patches = [ ./missing-includes.patch # dev_t needs sys/stat.h, time_t needs time.h, etc.-- fixes build w/musl - ./opencl-install-dir.patch + ./opencl.patch ./disk_cache-include-dri-driver-path-in-cache-key.patch # Fix `-Werror=int-conversion` pthread warnings on musl. # TODO: Remove when https://gitlab.freedesktop.org/mesa/mesa/-/merge_requests/6121 is merged and available @@ -88,7 +90,8 @@ self = stdenv.mkDerivation { outputs = [ "out" "dev" "drivers" ] ++ lib.optional enableOSMesa "osmesa" - ++ lib.optional stdenv.isLinux "driversdev"; + ++ lib.optional stdenv.isLinux "driversdev" + ++ lib.optional enableOpenCL "opencl"; # TODO: Figure out how to enable opencl without having a runtime dependency on clang mesonFlags = [ @@ -118,6 +121,9 @@ self = stdenv.mkDerivation { "-Dmicrosoft-clc=disabled" # Only relevant on Windows (OpenCL 1.2 API on top of D3D12) ] ++ optionals stdenv.isLinux [ "-Dglvnd=true" + ] ++ optionals enableOpenCL [ + "-Dgallium-opencl=icd" # Enable the gallium OpenCL frontend + "-Dclang-libdir=${llvmPackages.clang-unwrapped.lib}/lib" ]; buildInputs = with xorg; [ @@ -128,6 +134,7 @@ self = stdenv.mkDerivation { ] ++ lib.optionals (elem "wayland" eglPlatforms) [ wayland wayland-protocols ] ++ lib.optionals stdenv.isLinux [ libomxil-bellagio libva-minimal ] ++ lib.optionals stdenv.isDarwin [ libunwind ] + ++ lib.optionals enableOpenCL [ libclc llvmPackages.clang llvmPackages.clang-unwrapped ] ++ lib.optional withValgrind valgrind-light; depsBuildBuild = [ pkg-config ]; @@ -162,7 +169,7 @@ self = stdenv.mkDerivation { if [ -n "$(shopt -s nullglob; echo "$out"/lib/lib*_mesa*)" ]; then # Move other drivers to a separate output - mv $out/lib/lib*_mesa* $drivers/lib + mv -t $drivers/lib $out/lib/lib*_mesa* fi # Update search path used by glvnd @@ -175,6 +182,17 @@ self = stdenv.mkDerivation { for js in $drivers/share/vulkan/icd.d/*.json; do substituteInPlace "$js" --replace "$out" "$drivers" done + '' + optionalString enableOpenCL '' + # Move OpenCL stuff + mkdir -p $opencl/lib + mv -t "$opencl/lib/" \ + $out/lib/gallium-pipe \ + $out/lib/libMesaOpenCL* + + # We construct our own .icd file that contains an absolute path. + rm -r $out/etc/OpenCL + mkdir -p $opencl/etc/OpenCL/vendors/ + echo $opencl/lib/libMesaOpenCL.so > $opencl/etc/OpenCL/vendors/mesa.icd '' + lib.optionalString enableOSMesa '' # move libOSMesa to $osmesa, as it's relatively big mkdir -p $osmesa/lib @@ -209,7 +227,10 @@ self = stdenv.mkDerivation { done ''; - NIX_CFLAGS_COMPILE = lib.optionalString stdenv.isDarwin "-fno-common"; + NIX_CFLAGS_COMPILE = optionals stdenv.isDarwin [ "-fno-common" ] ++ lib.optionals enableOpenCL [ + "-UPIPE_SEARCH_DIR" + "-DPIPE_SEARCH_DIR=\"${placeholder "opencl"}/lib/gallium-pipe\"" + ]; passthru = { inherit libdrm; diff --git a/pkgs/development/libraries/mesa/opencl-install-dir.patch b/pkgs/development/libraries/mesa/opencl-install-dir.patch deleted file mode 100644 index fe85d2c90bb..00000000000 --- a/pkgs/development/libraries/mesa/opencl-install-dir.patch +++ /dev/null @@ -1,12 +0,0 @@ -diff --git a/src/gallium/targets/opencl/meson.build b/src/gallium/targets/opencl/meson.build -index 317ad8dab4a..5567308caf0 100644 ---- a/src/gallium/targets/opencl/meson.build -+++ b/src/gallium/targets/opencl/meson.build -@@ -68,6 +68,6 @@ if with_opencl_icd - input : 'mesa.icd.in', - output : 'mesa.icd', - install : true, -- install_dir : join_paths(get_option('sysconfdir'), 'OpenCL', 'vendors'), -+ install_dir : join_paths(get_option('prefix'), 'etc', 'OpenCL', 'vendors'), - ) - endif diff --git a/pkgs/development/libraries/mesa/opencl.patch b/pkgs/development/libraries/mesa/opencl.patch new file mode 100644 index 00000000000..ce6e3d57508 --- /dev/null +++ b/pkgs/development/libraries/mesa/opencl.patch @@ -0,0 +1,70 @@ +diff --git a/meson_options.txt b/meson_options.txt +index a7030aba31e..1d2d8814992 100644 +--- a/meson_options.txt ++++ b/meson_options.txt +@@ -18,6 +18,12 @@ + # OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE + # SOFTWARE. + ++option( ++ 'clang-libdir', ++ type : 'string', ++ value : '', ++ description : 'Locations to search for clang libraries.' ++) + option( + 'platforms', + type : 'array', +diff --git a/src/gallium/targets/opencl/meson.build b/src/gallium/targets/opencl/meson.build +index b77826b6e1e..14fa9ba7177 100644 +--- a/src/gallium/targets/opencl/meson.build ++++ b/src/gallium/targets/opencl/meson.build +@@ -30,6 +30,7 @@ if with_ld_version_script + endif + + llvm_libdir = dep_llvm.get_variable(cmake : 'LLVM_LIBRARY_DIR', configtool: 'libdir') ++clang_libdir = get_option('clang-libdir') + opencl_libname = with_opencl_icd ? 'MesaOpenCL' : 'OpenCL' + + polly_dep = null_dep +@@ -60,19 +61,19 @@ else + endif + if not (dep_clang.found() and dep_clang_usable) + dep_clang = [ +- cpp.find_library('clangCodeGen', dirs : llvm_libdir), +- cpp.find_library('clangFrontendTool', dirs : llvm_libdir), +- cpp.find_library('clangFrontend', dirs : llvm_libdir), +- cpp.find_library('clangDriver', dirs : llvm_libdir), +- cpp.find_library('clangSerialization', dirs : llvm_libdir), +- cpp.find_library('clangParse', dirs : llvm_libdir), +- cpp.find_library('clangSema', dirs : llvm_libdir), +- cpp.find_library('clangAnalysis', dirs : llvm_libdir), +- cpp.find_library('clangAST', dirs : llvm_libdir), +- cpp.find_library('clangASTMatchers', dirs : llvm_libdir), +- cpp.find_library('clangEdit', dirs : llvm_libdir), +- cpp.find_library('clangLex', dirs : llvm_libdir), +- cpp.find_library('clangBasic', dirs : llvm_libdir), ++ cpp.find_library('clangCodeGen', dirs : clang_libdir), ++ cpp.find_library('clangFrontendTool', dirs : clang_libdir), ++ cpp.find_library('clangFrontend', dirs : clang_libdir), ++ cpp.find_library('clangDriver', dirs : clang_libdir), ++ cpp.find_library('clangSerialization', dirs : clang_libdir), ++ cpp.find_library('clangParse', dirs : clang_libdir), ++ cpp.find_library('clangSema', dirs : clang_libdir), ++ cpp.find_library('clangAnalysis', dirs : clang_libdir), ++ cpp.find_library('clangAST', dirs : clang_libdir), ++ cpp.find_library('clangASTMatchers', dirs : clang_libdir), ++ cpp.find_library('clangEdit', dirs : clang_libdir), ++ cpp.find_library('clangLex', dirs : clang_libdir), ++ cpp.find_library('clangBasic', dirs : clang_libdir), + polly_dep, polly_isl_dep, + ] + # check clang once more +@@ -120,6 +121,6 @@ if with_opencl_icd + input : 'mesa.icd.in', + output : 'mesa.icd', + install : true, +- install_dir : join_paths(get_option('sysconfdir'), 'OpenCL', 'vendors'), ++ install_dir : join_paths(get_option('prefix'), 'etc', 'OpenCL', 'vendors'), + ) + endif diff --git a/pkgs/development/libraries/qt-5/modules/qtbase.nix b/pkgs/development/libraries/qt-5/modules/qtbase.nix index 3cb8a3e801c..0d82acc7092 100644 --- a/pkgs/development/libraries/qt-5/modules/qtbase.nix +++ b/pkgs/development/libraries/qt-5/modules/qtbase.nix @@ -11,7 +11,7 @@ , libXcursor, libXext, libXi, libXrender, libinput, libjpeg, libpng , libxcb, libxkbcommon, libxml2, libxslt, openssl, pcre16, pcre2, sqlite, udev , xcbutil, xcbutilimage, xcbutilkeysyms, xcbutilrenderutil, xcbutilwm -, zlib +, zlib, at-spi2-core # optional dependencies , cups ? null, libmysqlclient ? null, postgresql ? null @@ -68,7 +68,7 @@ stdenv.mkDerivation { ] ++ lib.optional libGLSupported libGL ); - buildInputs = [ python3 ] + buildInputs = [ python3 at-spi2-core ] ++ lib.optionals (!stdenv.isDarwin) ( [ libinput ] @@ -84,6 +84,8 @@ stdenv.mkDerivation { propagatedNativeBuildInputs = [ lndir ]; + enableParallelBuilding = true; + outputs = [ "bin" "dev" "out" ]; inherit patches; diff --git a/pkgs/development/libraries/tpm2-tss/default.nix b/pkgs/development/libraries/tpm2-tss/default.nix index 06e1ac9409a..5ab4ff3b413 100644 --- a/pkgs/development/libraries/tpm2-tss/default.nix +++ b/pkgs/development/libraries/tpm2-tss/default.nix @@ -26,11 +26,21 @@ stdenv.mkDerivation rec { nativeBuildInputs = [ autoreconfHook autoconf-archive pkg-config doxygen perl ]; - buildInputs = [ openssl json_c curl libgcrypt ]; + + # cmocka is checked / used(?) in the configure script + # when unit and/or integration testing is enabled + buildInputs = [ openssl json_c curl libgcrypt uthash ] + # cmocka doesn't build with pkgsStatic, and we don't need it anyway + # when tests are not run + ++ lib.optionals (stdenv.buildPlatform == stdenv.hostPlatform) [ + cmocka + ]; + checkInputs = [ - cmocka uthash ibm-sw-tpm2 iproute2 procps_pkg which + cmocka which openssl procps_pkg iproute2 ibm-sw-tpm2 ]; + strictDeps = true; preAutoreconf = "./bootstrap"; enableParallelBuilding = true; @@ -49,7 +59,7 @@ stdenv.mkDerivation rec { --replace '@PREFIX@' $out/lib ''; - configureFlags = [ + configureFlags = lib.optionals (stdenv.buildPlatform == stdenv.hostPlatform) [ "--enable-unit" "--enable-integration" ]; diff --git a/pkgs/development/python-modules/sqlalchemy/default.nix b/pkgs/development/python-modules/sqlalchemy/default.nix index 819f2949724..54f21c49f77 100644 --- a/pkgs/development/python-modules/sqlalchemy/default.nix +++ b/pkgs/development/python-modules/sqlalchemy/default.nix @@ -13,11 +13,11 @@ buildPythonPackage rec { pname = "SQLAlchemy"; - version = "1.4.23"; + version = "1.4.25"; src = fetchPypi { inherit pname version; - sha256 = "sha256-dv8kaIH1KAib8ZOFExuWYZe7SUZTmQOW0s4TjipEdYM="; + sha256 = "sha256-Gt89JeLjOvvNSM+tgHb5N4eTvkPn/sPkM0MGysa+wTg="; }; propagatedBuildInputs = [ diff --git a/pkgs/development/tools/misc/gdb/default.nix b/pkgs/development/tools/misc/gdb/default.nix index ea0002d78c0..88e3393dedc 100644 --- a/pkgs/development/tools/misc/gdb/default.nix +++ b/pkgs/development/tools/misc/gdb/default.nix @@ -26,11 +26,11 @@ assert pythonSupport -> python3 != null; stdenv.mkDerivation rec { pname = targetPrefix + basename; - version = "10.2"; + version = "11.1"; src = fetchurl { url = "mirror://gnu/gdb/${basename}-${version}.tar.xz"; - sha256 = "0aag1c0fw875pvhjg1qp7x8pf6gf92bjv5gcic5716scacyj58da"; + sha256 = "151z6d0265hv9cgx9zqqa4bd6vbp20hrljhd6bxl7lr0gd0crkyc"; }; postPatch = if stdenv.isDarwin then '' diff --git a/pkgs/development/tools/misc/texinfo/6.8.nix b/pkgs/development/tools/misc/texinfo/6.8.nix new file mode 100644 index 00000000000..11435bf329f --- /dev/null +++ b/pkgs/development/tools/misc/texinfo/6.8.nix @@ -0,0 +1,4 @@ +import ./common.nix { + version = "6.8"; + sha256 = "1i7yb7mrp3inz25zbzv2pllr4y7d58v818f1as7iz8mw53nm7dwf"; +} diff --git a/pkgs/development/tools/misc/texinfo/common.nix b/pkgs/development/tools/misc/texinfo/common.nix index 1c5de083bc0..8d8f1e1627a 100644 --- a/pkgs/development/tools/misc/texinfo/common.nix +++ b/pkgs/development/tools/misc/texinfo/common.nix @@ -54,6 +54,12 @@ stdenv.mkDerivation { && !stdenv.isDarwin && !stdenv.isSunOS; # flaky + checkFlagsArray = [ + # Test is known to fail on various locales on texinfo-6.8: + # https://lists.gnu.org/r/bug-texinfo/2021-07/msg00012.html + "XFAIL_TESTS=test_scripts/layout_formatting_fr_icons.sh" + ]; + meta = { homepage = "https://www.gnu.org/software/texinfo/"; description = "The GNU documentation system"; diff --git a/pkgs/development/tools/xcbuild/default.nix b/pkgs/development/tools/xcbuild/default.nix index af0f546eb82..3c90603477e 100644 --- a/pkgs/development/tools/xcbuild/default.nix +++ b/pkgs/development/tools/xcbuild/default.nix @@ -30,6 +30,8 @@ in stdenv.mkDerivation { sha256 = "1xxwg2849jizxv0g1hy0b1m3i7iivp9bmc4f5pi76swsn423d41m"; }; + patches = [ ./includes.patch ]; + prePatch = '' rmdir ThirdParty/* cp -r --no-preserve=all ${googletest} ThirdParty/googletest diff --git a/pkgs/development/tools/xcbuild/includes.patch b/pkgs/development/tools/xcbuild/includes.patch new file mode 100644 index 00000000000..7a05a33eb67 --- /dev/null +++ b/pkgs/development/tools/xcbuild/includes.patch @@ -0,0 +1,10 @@ +--- a/Libraries/plist/Sources/Format/Encoding.cpp ++++ b/Libraries/plist/Sources/Format/Encoding.cpp +@@ -11,6 +11,7 @@ + #include <plist/Format/unicode.h> + + #include <cassert> ++#include <cstdlib> /* abort() */ + + #if defined(__linux__) + #include <endian.h> diff --git a/pkgs/os-specific/linux/audit/default.nix b/pkgs/os-specific/linux/audit/default.nix index 6fa7ba28d8e..a7f17e44950 100644 --- a/pkgs/os-specific/linux/audit/default.nix +++ b/pkgs/os-specific/linux/audit/default.nix @@ -37,7 +37,14 @@ stdenv.mkDerivation rec { # TODO: Remove the musl patches when # https://github.com/linux-audit/audit-userspace/pull/25 # is available with the next release. - patches = [ ./patches/weak-symbols.patch ] + patches = [ + ./patches/weak-symbols.patch + (fetchpatch { + # upstream build fix against -fno-common compilers like >=gcc-10 + url = "https://github.com/linux-audit/audit-userspace/commit/017e6c6ab95df55f34e339d2139def83e5dada1f.patch"; + sha256 = "100xa1rzkv0mvhjbfgpfm72f7c4p68syflvgc3xm6pxgrqqmfq8h"; + }) + ] ++ lib.optional stdenv.hostPlatform.isMusl [ ( let patch = fetchpatch { diff --git a/pkgs/os-specific/linux/bcc/default.nix b/pkgs/os-specific/linux/bcc/default.nix index 929981df470..221f38faa87 100644 --- a/pkgs/os-specific/linux/bcc/default.nix +++ b/pkgs/os-specific/linux/bcc/default.nix @@ -1,4 +1,4 @@ -{ lib, stdenv, fetchFromGitHub, fetchpatch +{ lib, stdenv, fetchFromGitHub , makeWrapper, cmake, llvmPackages, kernel , flex, bison, elfutils, python, luajit, netperf, iperf, libelf , systemtap, bash, libbpf @@ -29,12 +29,6 @@ python.pkgs.buildPythonApplication rec { # This is needed until we fix # https://github.com/NixOS/nixpkgs/issues/40427 ./fix-deadlock-detector-import.patch - # Add definition for BTF_KIND_FLOAT, added in Linux 5.14 - # Can be removed once linuxHeaders (used here via glibc) are bumped to 5.14+. - (fetchpatch { - url = "https://salsa.debian.org/debian/bpfcc/-/raw/71136ef5b66a2ecefd635a7aca2e0e835ff09095/debian/patches/0004-compat-defs.patch"; - sha256 = "05s1zxihwkvbl2r2mqc5dj7fpcipqyvwr11v8b9hqbwjkm3qpz40"; - }) ]; propagatedBuildInputs = [ python.pkgs.netaddr ]; diff --git a/pkgs/os-specific/linux/kernel-headers/default.nix b/pkgs/os-specific/linux/kernel-headers/default.nix index 9d727838b3f..27428b37284 100644 --- a/pkgs/os-specific/linux/kernel-headers/default.nix +++ b/pkgs/os-specific/linux/kernel-headers/default.nix @@ -81,12 +81,12 @@ let in { inherit makeLinuxHeaders; - linuxHeaders = let version = "5.12"; in + linuxHeaders = let version = "5.14"; in makeLinuxHeaders { inherit version; src = fetchurl { url = "mirror://kernel/linux/kernel/v5.x/linux-${version}.tar.xz"; - sha256 = "sha256-fQ328r8jhNaNC9jh/j4HHWQ2Tc3GAC57XIfJLUj6w2Y="; + sha256 = "sha256-fgaLXg0mpisQ5TILJdzldYjLvG94HAkEQhOMnJwycbI="; }; patches = [ ./no-relocs.patch # for building x86 kernel headers on non-ELF platforms diff --git a/pkgs/os-specific/linux/kernel/manual-config.nix b/pkgs/os-specific/linux/kernel/manual-config.nix index 12eca63e216..53e04b684d6 100644 --- a/pkgs/os-specific/linux/kernel/manual-config.nix +++ b/pkgs/os-specific/linux/kernel/manual-config.nix @@ -261,8 +261,7 @@ let find . -type f -name '*.lds' -print0 | xargs -0 -r chmod u-w # Keep root and arch-specific Makefiles - chmod u-w Makefile - chmod u-w arch/$arch/Makefile* + chmod u-w Makefile arch/"$arch"/Makefile* # Keep whole scripts dir chmod u-w -R scripts diff --git a/pkgs/os-specific/linux/kexec-tools/default.nix b/pkgs/os-specific/linux/kexec-tools/default.nix index 21d803e2b72..6e6eecd4931 100644 --- a/pkgs/os-specific/linux/kexec-tools/default.nix +++ b/pkgs/os-specific/linux/kexec-tools/default.nix @@ -29,6 +29,13 @@ stdenv.mkDerivation rec { url = "https://src.fedoraproject.org/rpms/kexec-tools/raw/cb1e5463b5298b064e9b6c86ad6fe3505fec9298/f/kexec-tools-2.0.20-fix-broken-multiboot2-buliding-for-i386.patch"; sha256 = "1kzmcsbhwfdgxlc5s88ir0n494phww1j16yk0z42x09qlkxxkg0l"; }) + + (fetchpatch { + # upstream build fix against -fno-common compilers like >=gcc-10 + name = "fno-common.patch"; + url = "https://git.kernel.org/pub/scm/utils/kernel/kexec/kexec-tools.git/patch/?id=cc087b11462af9f971a2c090d07e8d780a867b50"; + sha256 = "043hcsy6m14h64p6b9w25c7a3y0f487322dj81l6mbm6sws6s9lv"; + }) ]; meta = with lib; { diff --git a/pkgs/os-specific/linux/libsepol/default.nix b/pkgs/os-specific/linux/libsepol/default.nix index 732ad88c70d..e90c0894209 100644 --- a/pkgs/os-specific/linux/libsepol/default.nix +++ b/pkgs/os-specific/linux/libsepol/default.nix @@ -1,4 +1,4 @@ -{ lib, stdenv, fetchurl, flex }: +{ lib, stdenv, fetchurl, fetchpatch, flex }: stdenv.mkDerivation rec { pname = "libsepol"; @@ -13,6 +13,20 @@ stdenv.mkDerivation rec { sha256 = "0ygb6dh5lng91xs6xiqf5v0nxa68qmjc787p0s5h9w89364f2yjv"; }; + patches = [ + # upstream build fix against -fno-common compilers like >=gcc-10 + (fetchpatch { + url = "https://github.com/SELinuxProject/selinux/commit/a96e8c59ecac84096d870b42701a504791a8cc8c.patch"; + sha256 = "0aybv4kzbhx8xq6s82dsh4ib76k59qzh2bgxmk44iq5cjnqn5rd6"; + stripLen = 1; + }) + (fetchpatch { + url = "https://github.com/SELinuxProject/selinux/commit/3d32fc24d6aff360a538c63dad08ca5c957551b0.patch"; + sha256 = "1mphwdlj4d6mwmsp5xkpf6ci4rxhgbi3fm79d08h4jbzxaf4wny4"; + stripLen = 1; + }) + ]; + postPatch = lib.optionalString stdenv.hostPlatform.isStatic '' substituteInPlace src/Makefile --replace 'all: $(LIBA) $(LIBSO)' 'all: $(LIBA)' sed -i $'/^\t.*LIBSO/d' src/Makefile diff --git a/pkgs/os-specific/linux/systemd/default.nix b/pkgs/os-specific/linux/systemd/default.nix index 9f92c34cee6..e0a4128b0cd 100644 --- a/pkgs/os-specific/linux/systemd/default.nix +++ b/pkgs/os-specific/linux/systemd/default.nix @@ -184,9 +184,6 @@ stdenv.mkDerivation { substituteInPlace src/basic/path-util.h --replace "@defaultPathNormal@" "${placeholder "out"}/bin/" substituteInPlace src/boot/efi/meson.build \ --replace \ - "find_program('ld'" \ - "find_program('${stdenv.cc.bintools.targetPrefix}ld'" \ - --replace \ "find_program('objcopy'" \ "find_program('${stdenv.cc.bintools.targetPrefix}objcopy'" '' + ( @@ -408,6 +405,7 @@ stdenv.mkDerivation { "-Dsmack=true" "-Db_pie=true" "-Dinstall-sysconfdir=false" + "-Defi-ld=${stdenv.cc.bintools.targetPrefix}ld" /* As of now, systemd doesn't allow runtime configuration of these values. So the settings in /etc/login.defs have no effect on it. Many people think this diff --git a/pkgs/tools/archivers/cpio/default.nix b/pkgs/tools/archivers/cpio/default.nix index c172edd1fd9..adf73732f6d 100644 --- a/pkgs/tools/archivers/cpio/default.nix +++ b/pkgs/tools/archivers/cpio/default.nix @@ -17,6 +17,12 @@ in stdenv.mkDerivation { url = "https://git.savannah.gnu.org/cgit/cpio.git/patch/?id=dd96882877721703e19272fe25034560b794061b"; sha256 = "0vmr0qjwj2ldnzsvccl105ckwgx3ssvn9mp3f27ss0kiyigrzz32"; }) + (fetchpatch { + # upstream build fix against -fno-common compilers like >=gcc-10 + name = "fno-common-fix.patch"; + url = "https://git.savannah.gnu.org/cgit/cpio.git/patch/?id=641d3f489cf6238bb916368d4ba0d9325a235afb"; + sha256 = "1ffawzxjw72kzpdwffi2y7pvibrmwf4jzrxdq9f4a75q6crl66iq"; + }) ]; preConfigure = if stdenv.isCygwin then '' diff --git a/pkgs/tools/archivers/sharutils/default.nix b/pkgs/tools/archivers/sharutils/default.nix index ec0f096915f..c504ed8f16e 100644 --- a/pkgs/tools/archivers/sharutils/default.nix +++ b/pkgs/tools/archivers/sharutils/default.nix @@ -1,4 +1,4 @@ -{ lib, stdenv, fetchurl, gettext, coreutils }: +{ lib, stdenv, fetchurl, fetchpatch, gettext, coreutils }: stdenv.mkDerivation rec { pname = "sharutils"; @@ -30,6 +30,19 @@ stdenv.mkDerivation rec { url = "https://sources.debian.org/data/main/s/sharutils/1:4.15.2-4/debian/patches/02-fix-ftbfs-with-glibc-2.28.patch"; sha256 = "15kpjqnfs98n6irmkh8pw7masr08xala7gx024agv7zv14722vkc"; }) + + # pending upstream build fix against -fno-common compilers like >=gcc-10 + # Taken from https://lists.gnu.org/archive/html/bug-gnu-utils/2020-01/msg00002.html + (fetchpatch { + name = "sharutils-4.15.2-Fix-building-with-GCC-10.patch"; + url = "https://lists.gnu.org/archive/html/bug-gnu-utils/2020-01/txtDL8i6V6mUU.txt"; + sha256 = "0kfch1vm45lg237hr6fdv4b2lh5b1933k0fn8yj91gqm58svskvl"; + }) + (fetchpatch { + name = "sharutils-4.15.2-Do-not-include-lib-md5.c-into-src-shar.c.patch"; + url = "https://lists.gnu.org/archive/html/bug-gnu-utils/2020-01/txt5Z_KZup0yN.txt"; + sha256 = "0an8vfy3qj6sss9w0i4j8ilf7g5mbc7y13l644jy5bcm9przcjbd"; + }) ]; postPatch = let diff --git a/pkgs/tools/networking/dhcp/default.nix b/pkgs/tools/networking/dhcp/default.nix index 2a722d17c01..7df04ac0c89 100644 --- a/pkgs/tools/networking/dhcp/default.nix +++ b/pkgs/tools/networking/dhcp/default.nix @@ -1,4 +1,4 @@ -{ stdenv, fetchurl, perl, file, nettools, iputils, iproute2, makeWrapper +{ stdenv, fetchurl, fetchpatch, perl, file, nettools, iputils, iproute2, makeWrapper , coreutils, gnused, openldap ? null , buildPackages, lib }: @@ -18,6 +18,12 @@ stdenv.mkDerivation rec { # patch, the hostname doesn't get set properly if the old # hostname (i.e. before reboot) is equal to the new hostname. ./set-hostname.patch + + (fetchpatch { + # upstream build fix against -fno-common compilers like >=gcc-10 + url = "https://gitlab.isc.org/isc-projects/dhcp/-/commit/6c7e61578b1b449272dbb40dd8b98d03dad8a57a.patch"; + sha256 = "1g37ix0yf9zza8ri8bg438ygcjviniblfyb20y4gzc8lysy28m8b"; + }) ]; nativeBuildInputs = [ perl makeWrapper ]; diff --git a/pkgs/top-level/all-packages.nix b/pkgs/top-level/all-packages.nix index db3c85fc342..80ef56eba2d 100644 --- a/pkgs/top-level/all-packages.nix +++ b/pkgs/top-level/all-packages.nix @@ -143,7 +143,8 @@ with pkgs; autorestic = callPackage ../tools/backup/autorestic { }; - autoPatchelfHook = makeSetupHook { name = "auto-patchelf-hook"; } + autoPatchelfHook = makeSetupHook + { name = "auto-patchelf-hook"; deps = [ bintools ]; } ../build-support/setup-hooks/auto-patchelf.sh; appimageTools = callPackage ../build-support/appimage { @@ -5186,7 +5187,9 @@ with pkgs; fverb = callPackage ../applications/audio/fverb { }; - fwknop = callPackage ../tools/security/fwknop { }; + fwknop = callPackage ../tools/security/fwknop { + texinfo = texinfo6_7; # Uses @setcontentsaftertitlepage, removed in 6.8. + }; exfat = callPackage ../tools/filesystems/exfat { }; @@ -14860,7 +14863,8 @@ with pkgs; texinfo4 = texinfo413; texinfo5 = callPackage ../development/tools/misc/texinfo/5.2.nix { }; texinfo6_5 = callPackage ../development/tools/misc/texinfo/6.5.nix { }; # needed for allegro - texinfo6 = callPackage ../development/tools/misc/texinfo/6.7.nix { }; + texinfo6_7 = callPackage ../development/tools/misc/texinfo/6.7.nix { }; # needed for gpm, iksemel and fwknop + texinfo6 = callPackage ../development/tools/misc/texinfo/6.8.nix { }; texinfo = texinfo6; texinfoInteractive = appendToName "interactive" ( texinfo.override { interactive = true; } @@ -21318,6 +21322,10 @@ with pkgs; gpm = callPackage ../servers/gpm { ncurses = null; # Keep curses disabled for lack of value + + # latest 6.8 mysteriously fails to parse '@headings single': + # https://lists.gnu.org/archive/html/bug-texinfo/2021-09/msg00011.html + texinfo = texinfo6_7; }; gpm-ncurses = gpm.override { inherit ncurses; }; @@ -25201,7 +25209,9 @@ with pkgs; inherit (perlPackages.override { pkgs = pkgs // { imagemagick = imagemagickBig;}; }) ImageMagick; }; - iksemel = callPackage ../development/libraries/iksemel { }; + iksemel = callPackage ../development/libraries/iksemel { + texinfo = texinfo6_7; # Uses @setcontentsaftertitlepage, removed in 6.8. + }; imag = callPackage ../applications/misc/imag { inherit (darwin.apple_sdk.frameworks) Security; @@ -25253,6 +25263,7 @@ with pkgs; djvulibre = null; lcms2 = null; openexr = null; + libjxl = null; libpng = null; liblqr1 = null; librsvg = null; |