John Ericson
7d0d12e3e0
glibc: Remove two tiny old cross hacks
...
- Name is already suffixed
- Env vars are already exported
2018-01-26 21:01:33 -05:00
John Ericson
71f814a889
lib, glibc: Get rid of withTLS
...
glibc removed the underlying flag in 2011 in
83cd14204559abbb52635006832eaf4d2f42514a [1].
This gets us one step closer to fixing #34274 : the cross stdenv for
aarch64-unknown-linux-gnu at least evals now.
Thanks to @Dezgeg for doing all the research for this.
[1]: https://sourceware.org/git/?p=glibc.git;a=commit;h=83cd14204559abbb52635006832eaf4d2f42514a
2018-01-26 23:29:06 +02:00
Vladimír Čunát
990ff97c6d
glibc: 2.26-115 -> 2.26-131 to fix CVE-2018-1000001
...
/cc https://github.com/NixOS/nixpkgs/issues/33826#issuecomment-357436030
2018-01-14 20:41:43 +01:00
John Ericson
4d2b763817
Merge pull request #26805 from obsidiansystems/cross-elegant
...
Make cross compilation elegant
2017-12-30 22:58:02 -05:00
John Ericson
5b74540c5b
treewide: Use depsBuildBuild
for buildPackges.stdenv.cc
2017-12-30 22:04:21 -05:00
Vladimír Čunát
87acb2b9fd
glibc: support RHEL 6 -like kernels again
...
We lost the support with 2.25 -> 2.26
2017-12-21 21:56:31 +01:00
Vladimír Čunát
a139613983
glibc: maintenance 2.26-75 -> 2.26-115
2017-12-20 15:31:13 +01:00
Orivej Desh
035b589245
glibc: support obsolete "compat" in nsswitch.conf
...
Fixes #31700 . See https://bugs.archlinux.org/task/54592 .
2017-11-17 06:37:25 +00:00
Vladimír Čunát
9bb67d5c1e
glibc: 2.25-49 -> 2.26-75
...
Security: the NEWS claims a couple more CVEs are fixed than what we
patched, though perhaps nothing critical.
I personally don't find DNS fragmentation attacks that interesting
anymore, as it's just about weaker improvements for cases that choose
not to use DNSSEC.
Largest expected caveat: upstream bumped the minimal supportable kernel
to 3.2.0. That's the oldest kernel still supported upstream, released
in Jan 2012, but most notably RHEL 6 and derivates still use a heavily
patched 2.6.32 kernel and those systems are still supported and in use
(production support is scheduled to last till the end of 2020!).
2017-11-05 19:10:42 +01:00
John Ericson
8bfb247224
glibc: Grab the right linux headers when build != host
...
In #28519 / 791ce593ce
I made linux
headers be intended to be used from the stage stage, as it would be if
it were a library containing headers and code. I forgot to update glibc,
however, so it was incorrectly using headers for the build platform, not
host platform.
This fixes that, basically reverting a small portion of changes I made a
few months ago in 25edc476fd
and its
parent.
No native hashes are changed.
2017-09-20 20:57:41 -04:00
Vladimír Čunát
0c660ad42f
Merge #28906 : glibc: 2.25 -> 2.25-49 (upstream patches)
2017-09-07 08:19:40 +02:00
Orivej Desh
7803d69b78
nixos: update glibc locales link
2017-09-03 18:00:35 +00:00
Vladimír Čunát
bdfc989bba
glibc: remove a fixup; not needed since glibc-2.22
2017-09-02 17:22:37 +02:00
Vladimír Čunát
0f91a1dbd7
glibc: remove patch with blowfish support
2017-09-02 17:22:37 +02:00
Vladimír Čunát
51cf42ad0d
glibc: 2.25 -> 2.25-49
...
Various fixes within, e.g. mutexes deadlocking sometimes.
https://sourceware.org/git/?p=glibc.git;a=blob;f=NEWS;h=f7057710f14d6c
2017-09-02 17:22:36 +02:00
Tuomas Tynkkynen
f9b2d7b4dd
Revert "binutils: 2.28 -> 2.29"
...
This reverts commit 733e20fee4
.
Downgrading to 2.28.1, 2.29 is too buggy.
2017-08-17 18:37:04 +03:00
Tim Steinbach
733e20fee4
binutils: 2.28 -> 2.29
...
Binutils 2.29 no longer allows .semver symbols, which is why
we need to patch glibc to avoid them
2017-07-29 13:23:59 -04:00
rnhmjoj
8fcc92fc69
glibc: fix unaligned __tls_get_addr issue
2017-07-06 13:51:50 +02:00
Franz Pletz
7cfd1c8c1b
glibc: fix i686 build
2017-06-26 02:19:08 +02:00
Franz Pletz
2296bf394e
glibc: patch CVE-2017-1000366 (stack clash)
2017-06-22 00:44:35 +02:00
John Ericson
25edc476fd
glibc: Simplify derivation further
...
No native hashes should be changed with this commit
default.nix's cross hash should also not be changed
2017-05-20 22:17:28 -04:00
John Ericson
7e096024d7
glibc: Fix for cross
2017-05-19 18:44:24 -04:00
John Ericson
8328e3d3a6
glibc: Remove hack around long-fixed bug
...
https://sourceware.org/bugzilla/show_bug.cgi?id=411 was solved in 2012.
2017-04-25 21:43:15 -04:00
Vladimír Čunát
e47ac55a21
glibc: apply the i686 patch only on i686
...
... to reduce rebuilding. /cc #23177 .
2017-04-10 11:18:50 +02:00
Vladimír Čunát
c30b12b9a5
glibc: fix i686 crashes via an upstream patch
...
Fixes #23177 .
2017-04-10 11:13:00 +02:00
Vladimír Čunát
4b7215368a
glibc: fixup libm.a
...
Now it's not an actual archive but a linker script, and the absolute
paths in there were broken due to moving *.a into $static.
Let's fix this up in all *.a in case there are more in future.
2017-02-21 14:19:07 +01:00
Vladimír Čunát
09d02f72f6
Re-revert "Merge: glibc: 2.24 -> 2.25"
...
This reverts commit 55cc7700e9
.
I hope most problems have been solved. /cc #22874 .
2017-02-20 21:16:41 +01:00
Vladimír Čunát
55cc7700e9
Revert "Merge: glibc: 2.24 -> 2.25"
...
This reverts commit 1daf2e26d2
, reversing
changes made to c0c50dfcb7
.
It seems this is what has been causing all the reliability problems
on Hydra. I'm currently unable to find why it happens, so I'm forced
to revert the update for now. Discussion: #22874 .
2017-02-16 18:16:06 +01:00
Vladimír Čunát
1daf2e26d2
Merge: glibc: 2.24 -> 2.25
2017-02-13 22:14:15 +01:00
Vladimír Čunát
a01f8a4c38
glibc: security 2.24 -> 2.25
...
https://sourceware.org/ml/libc-alpha/2017-02/msg00079.html
Stripping was failing on libm.a; I don't know why.
2017-02-11 22:14:49 +01:00
Tuomas Tynkkynen
41fd1ed903
glibc: Check that 'cross.float' is defined
...
Because if we define it, then gcc compilation fails because it doesn't
support --with-float for aarch64.
2017-01-24 22:13:47 +02:00
Franz Pletz
3ba99f83a7
glibc: enable stackprotection hardening
...
Enables previously manually disabled stackprotector and stackguard
randomization.
From https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=511811 :
If glibc is built with the --enable-stackguard-randomization option,
each application gets a random canary value (at runtime) from /dev/urandom.
If --enable-stackguard-randomization is absent, applications get a static
canary value of "0xff0a0000". This is very unfortunate, because the
attacker may be able to bypass the stack protection mechanism, by placing
those 4 bytes in the canary word, before the actual canary check is
performed (for example in memcpy-based buffer overflows).
2016-09-12 02:36:11 +02:00
Tuomas Tynkkynen
73f1ade407
glibc_multi: Reference dev outputs of glibc
2016-08-30 15:18:51 +03:00
Tuomas Tynkkynen
040fadf345
glibc_multi: Fix unnoticed output shuffle
2016-08-29 14:49:53 +03:00
Tuomas Tynkkynen
e065baafba
glibc: Make one exception for output order
...
Usages like '${stdenv.cc.libc}/lib/ld-linux-x86-64.so.2' are much more
common than the bin output.
2016-08-29 14:49:52 +03:00
Tuomas Tynkkynen
a17216af4c
treewide: Shuffle outputs
...
Make either 'bin' or 'out' the first output.
2016-08-29 14:49:51 +03:00
Robin Gloster
e17bc25943
Merge remote-tracking branch 'upstream/master' into staging
2016-08-29 00:24:47 +00:00
Tuomas Tynkkynen
d1c7eb8098
glibc: Uncomment 'meta.platforms'
2016-08-28 18:04:09 +03:00
obadz
24a9183f90
Merge branch 'hardened-stdenv' into staging
...
Closes #12895
Amazing work by @globin & @fpletz getting hardened compiler flags by
enabled default on the whole package set
2016-08-22 01:19:35 +01:00
obadz
b092538811
Revert "glibc: add patch to fix segfault in forkpty"
...
This reverts commit 1747d28e5a
.
Was fixed upstream in glibc 2.24
2016-08-20 22:39:05 +01:00
obadz
3e03db11b7
glibc: fixup, that should have been $bin not $out
2016-08-19 15:23:56 +01:00
obadz
a7bfa77787
glibc: remove sln from bin, not sbin
2016-08-19 15:20:46 +01:00
obadz
9744c7768d
glibc: 2.23 -> 2.24
...
- Removed patches that were merged upstream
- Removed --localdir from configureFlags as according to
https://sourceware.org/bugzilla/show_bug.cgi?id=14259
it was unused before
2016-08-19 15:05:41 +01:00
Robin Gloster
1747d28e5a
glibc: add patch to fix segfault in forkpty
2016-08-16 07:52:03 +00:00
Robin Gloster
5185bc1773
Merge remote-tracking branch 'upstream/master' into hardened-stdenv
2016-07-15 14:41:01 +00:00
Vladimír Čunát
91c1317272
glibc: fixup retaining bootstrap-tools reference
...
https://github.com/NixOS/nixpkgs/pull/15867#issuecomment-227949096
2016-06-23 12:11:21 +02:00
Eric Litak
251c97adee
fix brace warnings in glibc
2016-05-31 16:28:05 -07:00
Eric Litak
e8ca9dca53
manual strip broke crossDrv. no clue why it was ever added; should be automatic
2016-05-31 16:27:24 -07:00
Eric Litak
44ae9a3c0a
reorganize crossDrv hooks
2016-05-31 16:27:24 -07:00
Eric Litak
0265285b96
moving builder.sh hooks into nix
2016-05-31 09:33:32 -07:00