Commit graph

235 commits

Author SHA1 Message Date
Jan Malakhovski
7438083a4d tree-wide: disable doCheck and doInstallCheck where it fails (the trivial part) 2018-04-25 04:18:46 +00:00
Will Dietz
c3ab285ce2 glibc: use local copy of patch to fix w/musl
fetchpatch doesn't work with bootstrap fetchurl,
so just use local file like we do for other glibc patches.
2018-04-24 16:57:57 -05:00
Vladimír Čunát
17c4b83d05
Merge #31320: docs and glibc: explicit comments on outputs 2018-04-22 11:55:23 +02:00
Shea Levy
273e58ebd9
glibc: Make 2.27 the default. 2018-03-17 21:58:14 -04:00
Will Dietz
54c4c183dd glibc: make fetchpatch optional ("? null"), just in case. 2018-03-11 11:16:53 -05:00
Will Dietz
82644c15e5 glibc: patch to fix building w/musl-based stdenv
See:
https://sourceware.org/bugzilla/show_bug.cgi?id=21604
2018-03-11 10:53:31 -05:00
Shea Levy
edf0a76211
glibc_2_27: LOCAL_ARCHIVE -> LOCALE_ARCHIVE 2018-02-28 14:09:22 -05:00
Shea Levy
a551e6debc
gnumake: Fix build against glibc 2.27. 2018-02-18 09:27:50 -05:00
Shea Levy
5be93a5883
glibc: Add 2.27 2018-02-17 23:08:05 -05:00
Ben Gamari
a868bf3797 glibc: Fix cross-compilation of locales 2018-02-13 09:44:26 -06:00
John Ericson
7d0d12e3e0 glibc: Remove two tiny old cross hacks
- Name is already suffixed

 - Env vars are already exported
2018-01-26 21:01:33 -05:00
John Ericson
71f814a889 lib, glibc: Get rid of withTLS
glibc removed the underlying flag in 2011 in
83cd14204559abbb52635006832eaf4d2f42514a [1].

This gets us one step closer to fixing #34274: the cross stdenv for
aarch64-unknown-linux-gnu at least evals now.

Thanks to @Dezgeg for doing all the research for this.

[1]: https://sourceware.org/git/?p=glibc.git;a=commit;h=83cd14204559abbb52635006832eaf4d2f42514a
2018-01-26 23:29:06 +02:00
Vladimír Čunát
990ff97c6d
glibc: 2.26-115 -> 2.26-131 to fix CVE-2018-1000001
/cc https://github.com/NixOS/nixpkgs/issues/33826#issuecomment-357436030
2018-01-14 20:41:43 +01:00
John Ericson
4d2b763817
Merge pull request #26805 from obsidiansystems/cross-elegant
Make cross compilation elegant
2017-12-30 22:58:02 -05:00
John Ericson
5b74540c5b treewide: Use depsBuildBuild for buildPackges.stdenv.cc 2017-12-30 22:04:21 -05:00
Vladimír Čunát
87acb2b9fd
glibc: support RHEL 6 -like kernels again
We lost the support with 2.25 -> 2.26
2017-12-21 21:56:31 +01:00
Vladimír Čunát
a139613983
glibc: maintenance 2.26-75 -> 2.26-115 2017-12-20 15:31:13 +01:00
Orivej Desh
035b589245 glibc: support obsolete "compat" in nsswitch.conf
Fixes #31700. See https://bugs.archlinux.org/task/54592.
2017-11-17 06:37:25 +00:00
Ilya Kolpakov
e4afe8fc6c glibc: comments on bin not being the first output
The glibc package does not respect a standard convention to put the
executables in the first output which should be as clear as possible
to anyone seeking to use such executables (e.g. `ldd`). This commit
adds a detailed comment a the top of `common.nix` explaining the
deviation from the convention and how to reference the binaries.
2017-11-06 16:47:30 +01:00
Vladimír Čunát
9bb67d5c1e
glibc: 2.25-49 -> 2.26-75
Security: the NEWS claims a couple more CVEs are fixed than what we
patched, though perhaps nothing critical.

I personally don't find DNS fragmentation attacks that interesting
anymore, as it's just about weaker improvements for cases that choose
not to use DNSSEC.

Largest expected caveat: upstream bumped the minimal supportable kernel
to 3.2.0.  That's the oldest kernel still supported upstream, released
in Jan 2012, but most notably RHEL 6 and derivates still use a heavily
patched 2.6.32 kernel and those systems are still supported and in use
(production support is scheduled to last till the end of 2020!).
2017-11-05 19:10:42 +01:00
John Ericson
8bfb247224 glibc: Grab the right linux headers when build != host
In #28519 / 791ce593ce I made linux
headers be intended to be used from the stage stage, as it would be if
it were a library containing headers and code. I forgot to update glibc,
however, so it was incorrectly using headers for the build platform, not
host platform.

This fixes that, basically reverting a small portion of changes I made a
few months ago in 25edc476fd and its
parent.

No native hashes are changed.
2017-09-20 20:57:41 -04:00
Vladimír Čunát
0c660ad42f
Merge #28906: glibc: 2.25 -> 2.25-49 (upstream patches) 2017-09-07 08:19:40 +02:00
Orivej Desh
7803d69b78 nixos: update glibc locales link 2017-09-03 18:00:35 +00:00
Vladimír Čunát
bdfc989bba
glibc: remove a fixup; not needed since glibc-2.22 2017-09-02 17:22:37 +02:00
Vladimír Čunát
0f91a1dbd7
glibc: remove patch with blowfish support 2017-09-02 17:22:37 +02:00
Vladimír Čunát
51cf42ad0d
glibc: 2.25 -> 2.25-49
Various fixes within, e.g. mutexes deadlocking sometimes.
https://sourceware.org/git/?p=glibc.git;a=blob;f=NEWS;h=f7057710f14d6c
2017-09-02 17:22:36 +02:00
Tuomas Tynkkynen
f9b2d7b4dd Revert "binutils: 2.28 -> 2.29"
This reverts commit 733e20fee4.

Downgrading to 2.28.1, 2.29 is too buggy.
2017-08-17 18:37:04 +03:00
Tim Steinbach
733e20fee4
binutils: 2.28 -> 2.29
Binutils 2.29 no longer allows .semver symbols, which is why
we need to patch glibc to avoid them
2017-07-29 13:23:59 -04:00
rnhmjoj
8fcc92fc69
glibc: fix unaligned __tls_get_addr issue 2017-07-06 13:51:50 +02:00
Franz Pletz
7cfd1c8c1b
glibc: fix i686 build 2017-06-26 02:19:08 +02:00
Franz Pletz
2296bf394e
glibc: patch CVE-2017-1000366 (stack clash) 2017-06-22 00:44:35 +02:00
John Ericson
25edc476fd glibc: Simplify derivation further
No native hashes should be changed with this commit
default.nix's cross hash should also not be changed
2017-05-20 22:17:28 -04:00
John Ericson
7e096024d7 glibc: Fix for cross 2017-05-19 18:44:24 -04:00
John Ericson
8328e3d3a6 glibc: Remove hack around long-fixed bug
https://sourceware.org/bugzilla/show_bug.cgi?id=411 was solved in 2012.
2017-04-25 21:43:15 -04:00
Vladimír Čunát
e47ac55a21
glibc: apply the i686 patch only on i686
... to reduce rebuilding. /cc #23177.
2017-04-10 11:18:50 +02:00
Vladimír Čunát
c30b12b9a5
glibc: fix i686 crashes via an upstream patch
Fixes #23177.
2017-04-10 11:13:00 +02:00
Vladimír Čunát
4b7215368a
glibc: fixup libm.a
Now it's not an actual archive but a linker script, and the absolute
paths in there were broken due to moving *.a into $static.
Let's fix this up in all *.a in case there are more in future.
2017-02-21 14:19:07 +01:00
Vladimír Čunát
09d02f72f6
Re-revert "Merge: glibc: 2.24 -> 2.25"
This reverts commit 55cc7700e9.
I hope most problems have been solved.  /cc #22874.
2017-02-20 21:16:41 +01:00
Vladimír Čunát
55cc7700e9
Revert "Merge: glibc: 2.24 -> 2.25"
This reverts commit 1daf2e26d2, reversing
changes made to c0c50dfcb7.

It seems this is what has been causing all the reliability problems
on Hydra.  I'm currently unable to find why it happens, so I'm forced
to revert the update for now.  Discussion: #22874.
2017-02-16 18:16:06 +01:00
Vladimír Čunát
1daf2e26d2
Merge: glibc: 2.24 -> 2.25 2017-02-13 22:14:15 +01:00
Vladimír Čunát
a01f8a4c38
glibc: security 2.24 -> 2.25
https://sourceware.org/ml/libc-alpha/2017-02/msg00079.html

Stripping was failing on libm.a; I don't know why.
2017-02-11 22:14:49 +01:00
Tuomas Tynkkynen
41fd1ed903 glibc: Check that 'cross.float' is defined
Because if we define it, then gcc compilation fails because it doesn't
support --with-float for aarch64.
2017-01-24 22:13:47 +02:00
Franz Pletz
3ba99f83a7
glibc: enable stackprotection hardening
Enables previously manually disabled stackprotector and stackguard
randomization.

From https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=511811:

    If glibc is built with the --enable-stackguard-randomization option,
    each application gets a random canary value (at runtime) from /dev/urandom.
    If --enable-stackguard-randomization is absent, applications get a static
    canary value of "0xff0a0000". This is very unfortunate, because the
    attacker may be able to bypass the stack protection mechanism, by placing
    those 4 bytes in the canary word, before the actual canary check is
    performed (for example in memcpy-based buffer overflows).
2016-09-12 02:36:11 +02:00
Tuomas Tynkkynen
73f1ade407 glibc_multi: Reference dev outputs of glibc 2016-08-30 15:18:51 +03:00
Tuomas Tynkkynen
040fadf345 glibc_multi: Fix unnoticed output shuffle 2016-08-29 14:49:53 +03:00
Tuomas Tynkkynen
e065baafba glibc: Make one exception for output order
Usages like '${stdenv.cc.libc}/lib/ld-linux-x86-64.so.2' are much more
common than the bin output.
2016-08-29 14:49:52 +03:00
Tuomas Tynkkynen
a17216af4c treewide: Shuffle outputs
Make either 'bin' or 'out' the first output.
2016-08-29 14:49:51 +03:00
Robin Gloster
e17bc25943
Merge remote-tracking branch 'upstream/master' into staging 2016-08-29 00:24:47 +00:00
Tuomas Tynkkynen
d1c7eb8098 glibc: Uncomment 'meta.platforms' 2016-08-28 18:04:09 +03:00
obadz
24a9183f90 Merge branch 'hardened-stdenv' into staging
Closes #12895

Amazing work by @globin & @fpletz getting hardened compiler flags by
enabled default on the whole package set
2016-08-22 01:19:35 +01:00