Commit graph

63 commits

Author SHA1 Message Date
Matthew Bauer
76c956be5c treewide: disable pie in more places
Some packages don’t work correctly with pie. Here I disable it for:

- busybox
- linux kernel
- kexectools

I also get rid of the Musl conditional for disabling pie in GCC and
Binutils. Some day we might want to enable PIE without Musl and it
will be useful to have the *just* work with our compiler and linkers.
2018-11-13 07:03:31 -06:00
Will Dietz
30500d23bc busybox: 1.29.2 -> 1.29.3 (#46458) 2018-09-10 08:43:55 +02:00
Will Dietz
7deef2e869 busybox: 1.29.1 -> 1.29.2 (#45473)
Website's summary of changes:

> Bug fix release. 1.29.2 has fixes for fdisk (compat fixes, allow 2TB+ sizes), gzip (FEATURE_GZIP_LEVELS was producing badly-compressed .gz), hexedit (segfault fix).
2018-08-22 23:34:40 +02:00
Lluís Batlle i Rossell
f54b387b63 Merge remote-tracking branch 'central/master' into viric_clean 2018-07-28 19:25:14 +02:00
Frederik Rietdijk
099c13da1b Merge staging-next into master (#44009)
* substitute(): --subst-var was silently coercing to "" if the variable does not exist.

* libffi: simplify using `checkInputs`

* pythonPackges.hypothesis, pythonPackages.pytest: simpify dependency cycle fix

* utillinux: 2.32 -> 2.32.1

https://lkml.org/lkml/2018/7/16/532

* busybox: 1.29.0 -> 1.29.1

* bind: 9.12.1-P2 -> 9.12.2

https://ftp.isc.org/isc/bind9/9.12.2/RELEASE-NOTES-bind-9.12.2.html

* curl: 7.60.0 -> 7.61.0

* gvfs: make tests run, but disable

* ilmbase: disable tests on i686. Spooky!

* mdds: fix tests

* git: disable checks as tests are run in installcheck

* ruby: disable tests

* libcommuni: disable checks as tests are run in installcheck

* librdf: make tests run, but disable

* neon, neon_0_29: make tests run, but disable

* pciutils: 3.6.0 -> 3.6.1

Semi-automatic update generated by https://github.com/ryantm/nixpkgs-update tools. This update was made based on information from https://repology.org/metapackage/pciutils/versions.

* mesa: more include fixes

mostly from void-linux (thanks!)

* npth: 1.5 -> 1.6

minor bump

* boost167: Add lockfree next_prior patch

* stdenv: cleanup darwin bootstrapping

Also gets rid of the full python and some of it's dependencies in the
stdenv build closure.

* Revert "pciutils: use standardized equivalent for canonicalize_file_name"

This reverts commit f8db20fb3a.
Patching should no longer be needed with 3.6.1.

* binutils-wrapper: Try to avoid adding unnecessary -L flags

(cherry picked from commit f3758258b8895508475caf83e92bfb236a27ceb9)
Signed-off-by: Domen Kožar <domen@dev.si>

* libffi: don't check on darwin

libffi usages in stdenv broken darwin. We need to disable doCheck for that case.

* "rm $out/share/icons/hicolor/icon-theme.cache" -> hicolor-icon-theme setup-hook

* python.pkgs.pytest: setupHook to prevent creation of .pytest-cache folder, fixes #40273

When `py.test` was run with a folder as argument, it would not only
search for tests in that folder, but also create a .pytest-cache folder.
Not only is this state we don't want, but it was also causing
collisions.

* parity-ui: fix after merge

* python.pkgs.pytest-flake8: disable test, fix build

* Revert "meson: 0.46.1 -> 0.47.0"

With meson 0.47.0 (or 0.47.1, or git)
things are very wrong re:rpath handling
resulting in at best missing libs but
even corrupt binaries :(.

When we run patchelf it masks the problem
by removing obviously busted paths.
Which is probably why this wasn't noticed immediately.

Unfortunately the binary already
has a long series of paths scribbled
in a space intended for a much smaller string;
in my testing it was something like
lengths were 67 with 300+ written to it.

I think we've reported the relevant issues upstream,
but unfortunately it appears our patches
are what introduces the overwrite/corruption
(by no longer being correct in what they assume)

This doesn't look so bad to fix but it's
not something I can spend more time on
at the moment.

--

Interestingly the overwritten string data
(because it is scribbled past the bounds)
remains in the binary and is why we're suddenly
seeing unexpected references in various builds
-- notably this is is the reason we're
seeing the "extra-utils" breakage
that entirely crippled NixOS on master
(and probably on staging before?).

Fixes #43650.

This reverts commit 305ac4dade.

(cherry picked from commit 273d68eff8f7b6cd4ebed3718e5078a0f43cb55d)
Signed-off-by: Domen Kožar <domen@dev.si>
2018-07-24 15:04:48 +01:00
Lluís Batlle i Rossell
66d7126255 Take me (viric) out of most maintenance
Since years I'm not maintaining anything of the list below other
than some updates when I needed them for some reason. Other people
is doing that maintenance on my behalf so I better take me out but
for very few packages. Finally!
2018-07-22 21:50:19 +02:00
volth
52f53c69ce pkgs/*: remove unreferenced function arguments 2018-07-21 02:48:04 +00:00
Tim Steinbach
d6aa506e3b
busybox: 1.28.4 -> 1.29.0 2018-07-03 09:17:43 -04:00
Silvan Mosberger
57bccb3cb8 treewide: http -> https sources (#42676)
* treewide: http -> https sources

This updates the source urls of all top-level packages from http to
https where possible.

* buildtorrent: fix url and tab -> spaces
2018-06-28 20:43:35 +02:00
Tim Steinbach
1e51906025
busybox: 1.28.3 -> 1.28.4 2018-05-27 13:29:53 -04:00
Jan Malakhovski
7438083a4d tree-wide: disable doCheck and doInstallCheck where it fails (the trivial part) 2018-04-25 04:18:46 +00:00
Will Dietz
ce4a423499 busybox: 1.28.2 -> 1.28.3 2018-04-05 12:00:51 -05:00
Will Dietz
e022366fb7 busybox: 1.28.1 -> 1.28.2 2018-03-28 23:47:13 +01:00
Will Dietz
b546c7440e busybox: patchshebangs to fix build on "limited" /bin/sh builders 2018-03-14 16:58:54 -05:00
Will Dietz
9261c17ad0 busybox: 1.28.0 -> 1.28.1 2018-02-22 14:51:33 -06:00
Will Dietz
7522d6b02f busybox: don't force gcc 2018-02-13 09:45:02 -06:00
Will Dietz
d4a2e336b4 busybox: fixup after musl multiple outputs 2018-02-13 09:44:34 -06:00
Will Dietz
329db7b490 busybox: bump copybuf 4kB -> 64kB 2018-02-01 08:57:22 -06:00
Will Dietz
b78025586b busybox: don't use utmp/wtmp on musl since they won't work anyway
https://wiki.musl-libc.org/faq.html#Q:-Why-is-the-utmp/wtmp-functionality-only-implemented-as-stubs?
2018-02-01 08:51:21 -06:00
adisbladis
65774cb22e
busybox: 1.27.2 -> 1.28.0 2018-01-11 21:42:32 +08:00
John Ericson
5b74540c5b treewide: Use depsBuildBuild for buildPackges.stdenv.cc 2017-12-30 22:04:21 -05:00
Michael Raskin
ab917a22f5 busybox: apply upstream patch for CVE-2017-16544 2017-12-08 22:47:11 +01:00
John Ericson
e755a8a27d treewide: Use targetPrefix instead of prefix for platform name prefixes
Certain tools, e.g. compilers, are customarily prefixed with the name of
their target platform so that multiple builds can be used at once
without clobbering each other on the PATH. I was using identifiers named
`prefix` for this purpose, but that conflicts with the standard use of
`prefix` to mean the directory where something is installed. To avoid
conflict and confusion, I renamed those to `targetPrefix`.
2017-11-27 03:15:50 -05:00
Andreas Rammhold
17fae2499a
busybox: fix CVE-2017-1587{34} 2017-11-11 13:32:29 +01:00
Orivej Desh
d70006c6d9 mkDerivation: fix hardening flags check
- allow "all" in hardeningDisable
- fix busybox flags
- print detailed error message

Discussed at https://github.com/NixOS/nixpkgs/pull/28555#issuecomment-326413032
2017-09-01 01:01:24 +00:00
Tim Steinbach
746979e0fc
busybox: 1.27.1 -> 1.27.2 2017-08-21 03:11:00 -04:00
Will Dietz
c20d41de0e Revert "busybox: downgrade 1.27.1 -> 1.26.2"
This reverts commit 9c3702ad35.
2017-08-14 22:40:11 +03:00
Frederik Rietdijk
13bbaee21d Merge pull request #27881 from mimadrid/fix/http-https
Update homepage attributes: http -> https
2017-08-13 21:53:20 +02:00
Vladimír Čunát
9c3702ad35
busybox: downgrade 1.27.1 -> 1.26.2
... to fix our bootstrap tools until we find what exactly is wrong.
This effectively reverts 06a513ee05 and 50831d543d.
Discussion thread: #27746.
2017-08-13 21:38:39 +02:00
mimadrid
09e0cc7cc7
Update homepage attributes: http -> https
Homepage link "http://.../" is a permanent redirect to "https://.../" and should be updated
https://repology.org/repository/nix_stable/problems
2017-08-03 11:56:15 +02:00
Tim Steinbach
06a513ee05 busybox: 1.27.0 -> 1.27.1 2017-07-29 23:15:40 +02:00
Tim Steinbach
50831d543d
busybox: 1.26.2 -> 1.27.0 2017-07-08 13:41:27 -04:00
John Ericson
95c8277701 misc pkgs: Remove unneeded *Platform == *Platform comparisons
PR #26007 used these to avoid causing a mass rebuild. Now that we know
things work, we do that to clean up.
2017-06-30 10:09:31 -04:00
John Ericson
05b3c87d9d busybox: Modernize and fix cross 2017-06-22 17:53:53 -04:00
Tim Steinbach
afb73be9f7 busybox: 1.26.1 -> 1.26.2 2017-01-14 17:19:43 +01:00
Tim Steinbach
9bd93ac6e0
busybox: 1.25.1 -> 1.26.1 2017-01-03 08:40:32 -05:00
Tim Steinbach
a5c1985fef
busybox: 1.24.2 -> 1.25.1 2016-10-27 09:31:21 -04:00
Jörg Thalheim
74876b0cad
busybox: 1.23.2 -> 1.24.2
fixes https://lwn.net/Vulnerabilities/696815/
2016-09-25 13:21:29 +02:00
Joachim Fasting
099584a27c
busybox: fix static build
The static build fails with undefined references to __memcpy_chk when
the fortify hardening is enabled.
2016-09-09 04:46:00 +02:00
Franz Pletz
df275f5b85 treewide: fix darwin builds by referring to stdenv's libc 2016-08-25 02:56:25 +02:00
Robin Gloster
1f04b4a566 Merge remote-tracking branch 'upstream/master' into hardened-stdenv 2016-07-21 00:56:43 +00:00
Tuomas Tynkkynen
2fefa331e7 busybox: Fix cross build with musl 2016-07-20 02:38:10 +03:00
Robin Gloster
203846b9de Merge remote-tracking branch 'upstream/master' into hardened-stdenv 2016-07-19 10:37:02 +00:00
Nikolay Amiantov
28740462e7 busybox: fix static build 2016-07-19 05:20:02 +03:00
Robin Gloster
5185bc1773 Merge remote-tracking branch 'upstream/master' into hardened-stdenv 2016-07-15 14:41:01 +00:00
Nikolay Amiantov
da97ba359e busybox: set default keymap path 2016-07-08 20:44:01 +03:00
Franz Pletz
aff1f4ab94 Use general hardening flag toggle lists
The following parameters are now available:

  * hardeningDisable
    To disable specific hardening flags
  * hardeningEnable
    To enable specific hardening flags

Only the cc-wrapper supports this right now, but these may be reused by
other wrappers, builders or setup hooks.

cc-wrapper supports the following flags:

  * fortify
  * stackprotector
  * pie (disabled by default)
  * pic
  * strictoverflow
  * format
  * relro
  * bindnow
2016-03-05 18:55:26 +01:00
Robin Gloster
f6d3b7a2ae switch hardening flags 2016-01-30 16:36:57 +00:00
Franz Pletz
954e9903ad Use a hardened stdenv by default 2016-01-30 16:36:57 +00:00
Vladimír Čunát
784f69e6ae busybox: fix minimal build with musl libc
Now we always enable large file support, as it should be cheap enough,
and avoids also problems on some filesystems #10181.

The minimal build disables (almost) all options, so it was building
without large file support. However, in musl the `off_t` is *always*
64-bit, which lead to problems, now detected during build time.
2015-10-25 10:20:08 +01:00