| Commit message (Expand) | Author | Age | Files | Lines |
|---|
| * | Merge pull request #185612 from obsidiansystems/buildRustCrate-21.05-no-choke...•••[Backport release 21.05] buildRustCrate: don't try to set CARGO_FEATURE_ variables for dep: fe…origin/release-21.05origin/nixpkgs-21.05-darwinorigin/nixos-21.05-smallorigin/nixos-21.05-aarch64origin/nixos-21.05 | John Ericson | 2022-08-07 | 1 | -2/+7 |
| |\ |
|
| | * | buildRustCrate: don't try to set CARGO_FEATURE_ variables for dep: features•••These features are internal-only, have special characters that bash
doesn't support in variable names, and aren't normally given
environment variables by cargo as far as I can tell.
(cherry picked from commit ede639a8d63f2c6da0944cab441955ca16e9cce5)
(cherry picked from commit a94a643de982df1a1e94fb09fb6bc974def243ef)
| Faye Duxovni | 2022-08-07 | 1 | -2/+7 |
| |/ |
|
| * | Merge pull request #184824 from obsidiansystems/backport-21.05•••[backport release-21.05] Two recent backports from 21.11 | John Ericson | 2022-08-02 | 4 | -8/+24 |
| |\ |
|
| | * | buildRustCrate: Add support for standard library deps•••We are replicating one mechanism behind `-Z build-std`.
There isn't yet crate2nix support for this, but one can (and I do) add
the missing stdlib deps (for this feature to pick up) with overrides.
(cherry picked from commit cc29693a0979c3b81da6942c214841ef11de95b5)
(cherry picked from commit 5aef865cefc2a906296b9a256bf597f70e4ee243)
(cherry picked from commit c19d19615c20844835b8729e21e038bc01f959c9)
| John Ericson | 2022-08-02 | 2 | -6/+22 |
| | * | compiler-rt: Fix "bare metal" case boolean logic•••It is possible to both be bare metal and have a libc (newlib).
This libc doesn't provide very much --- not enough for CMake to think
the C toolchain works. We therefore adjust our logic so we hit the "bare
metal" case with or without libc.
The "use LLVM" bootstrap is intentionally not affected.
(cherry picked from commit bf39e322721e581f972a14e18310797260f7f35f)
(cherry picked from commit c820cd8cee30f09431d8ce78dee613360052727a)
(cherry picked from commit 0a284ae9b9585d7ff0606092d1df2c01301c2ed5)
| John Ericson | 2022-08-02 | 2 | -2/+2 |
| |/ |
|
| * | Merge pull request #182180 from obsidiansystems/rust-platform-respect-fields-...•••[Backport release-21.06] build-support/rust/lib: make arch and os functions respect target JSON | John Ericson | 2022-07-20 | 1 | -3/+5 |
| |\ |
|
| | * | build-support/rust/lib: make arch and os functions respect target JSON•••(cherry picked from commit 39811b1da9fb1c97c65ff09dd27dc3a68e6d4e65)
(cherry picked from commit b49c1ce29f34a503a9e11038a156729ad7bf1fde)
(cherry picked from commit 38d5ec716adf140532889312445a0c889a281b0e)
| John Ericson | 2022-07-20 | 1 | -3/+5 |
| |/ |
|
| * | autoPatchelfHook: fix packages that use stdenvNoCC•••autoPatchelfHook actually doesn't depend on stdenv and only needs
bintools (with its wrapper). This change uses $NIX_BINTOOLS instead of
$NIX_CC and makes the dependency on bintools explicit.
(cherry picked from commit a7f5e8321e9db6f2cf2f3c6be7ce5cac28bff271)
Conflicts:
pkgs/top-level/all-packages.nix
| Noah Fontes | 2022-06-12 | 2 | -3/+4 |
| * | autoPatchelfHook: improve arch/ABI compatibility•••Fully enabling crossSystem support for autoPatchelfHook came with some
perhaps unintended consequences of being a bit more aggressive about
patching ELF files from architectures/ABIs that differ from the target
(previously, those files would be ignored because ldd usually couldn't
handle them).
This change adds architecture and rough OS ABI detection to the script
so that it doesn't try to blindly replace the interpreter of files that
can't possibly use that interpreter, and also makes sure it doesn't
accidentally use libraries of other architectures/ABIs.
(cherry picked from commit 4765a3e153040b9576cbc086dab46fa7abda381d)
| Noah Fontes | 2022-06-12 | 1 | -10/+78 |
| * | autoPatchelfHook: fix detection under crossSystem•••In #84415, autoPatchelfHook was taught to use the correct path to the
readelf binary when a crossSystem is specified. Unfortunately, the
remainder of the functionality in the script depended on ldd, which only
reads ELF files of its own architecture. It has the further unfortunate
quality of not reporting any useful error, but rather that the file is
not a dynamic executable.
This change uses patchelf to directly analyze the DT_NEEDED tags in the
target files instead, which correctly works across architectures. It
also updates the use of objdump to be prefix-aware $OBJDUMP (which would
have been required in the PR mentioned above, but we never made it that
far into the script execution).
(cherry picked from commit b79483d2b72c8e349a8fa8a6e67e8061d82d6027)
| Noah Fontes | 2022-06-12 | 1 | -24/+71 |
| * | pkgs: Add _type = "pkgs"•••(cherry picked from commit ad1e2500efd0aa49b0dc7427bf69d4879f3b0ff5)
(cherry picked from commit aec730a0af4c977513ce28236cbecaca72af6901)
| Robert Hensing | 2022-05-02 | 1 | -0/+15 |
| * | Merge pull request #150591 from Yarny0/tsm-client-2105•••[21.05] tsm-client: 8.1.8.0 -> 8.1.13.3 (security update) | Renaud | 2022-02-19 | 1 | -19/+45 |
| |\ |
|
| | * | tsm-client: 8.1.13.2 -> 8.1.13.3•••Link to Security Bulletin:
https://www.ibm.com/support/pages/node/6540692 (CVE-2021-44832)
cherry-picked from https://github.com/NixOS/nixpkgs/pull/138386
| Yarny0 | 2022-01-15 | 1 | -2/+2 |
| | * | tsm-client: 8.1.13.1 -> 8.1.13.2•••Link to Security Bulletin:
https://www.ibm.com/support/pages/node/6537640 (CVE-2021-45105, CVE-2021-45046)
cherry-picked from https://github.com/NixOS/nixpkgs/pull/138386
| Yarny0 | 2022-01-15 | 1 | -2/+2 |
| | * | tsm-client: 8.1.13.0 -> 8.1.13.1•••Link to Security Bulletin:
https://www.ibm.com/support/pages/node/6527080 (CVE-2021-44228)
cherry-picked from https://github.com/NixOS/nixpkgs/pull/138386
| Yarny0 | 2022-01-15 | 1 | -2/+2 |
| | * | tsm-client: use rpm source instead of deb/Ubuntu•••IBM publishes their IBM Spectrum Protect client
for Linux in two flavors:
* "Linux x86_64 client"
* "Linux x86_64 Ubuntu client"
Up to this commit, nixpkgs used the Ubuntu
flavor to build its `tsm-client` derivation.
However, the history of published archive files in
* https://public.dhe.ibm.com/storage/tivoli-storage-management/maintenance/client/v8r1/Linux/
* https://public.dhe.ibm.com/storage/tivoli-storage-management/patches/client/v8r1/Linux/
suggests that updates in the fourth level of
the version numbers (e.g. 8.1.13.0 -> 8.1.13.1)
do not get published as Ubuntu flavor.
It order to be able to always use the latest release,
this commit switches to the non-Ubuntu flavor.
The non-Ubuntu archive contains rpm files,
so this commit switches from `ar` to `rpmextract`.
Instead of unpacking all deb files,
the build recipe now unpacks all _but one_ rpm file:
The file `TIVsm-WEBGUI.x86_64.rpm` apparently
contains a plugin that is not included
in the Ubuntu version (see note below).
Comparing the old and the new derivation's output indicates
that this choice minimizes the difference between the results:
The output of the old (Ubuntu flavor) derivation contains:
* `commons-codec-1.6.jar`
* `share/` with changelog and copyright information
for the packages `gskssl64` and `gskcrypt64`
The output of the new (non-Ubuntu flavor) derivation contains:
* `lib64`, symlink to `lib`
* `commons-codec-1.14.jar`
* `opt/tivoli/tsm/license/{api,baclient}/sm/`
with license agreement files in many languages
Besides these differences, the outputs' file names are equal.
Note: I don't know what functionality
`TIVsm-WEBGUI.x86_64.rpm` actually provides.
Unpacking it with the other rpm files makes patchelf complain
about missing X11 libraries, so in order to include it here,
one would likely need to add those to `buildInputs`.
However, as the old (Ubuntu flavor) `tsm-client` package
did not contain this functionality and as I cannot test
or use it in any way, I opted to not include it now.
If we want to include this with a later commit,
we should add another package build option (like `enableGui`)
so that the default `tsm-client` package does not pull in
X11 libraries and its closure size therefore stays small.
cherry-picked/adapted from https://github.com/NixOS/nixpkgs/pull/138386
| Yarny0 | 2022-01-15 | 1 | -17/+29 |
| | * | tsm-client: 8.1.8.0 -> 8.1.13.0•••tsm-client now links against openssl;
patchelf complains without it.
Links to IBM's "Authorized Program Analysis Report"s
(something like release notes),
to READMEs, and to Security Bulletins,
for all updates between 8.1.8.0 and 8.1.13.0:
* 8.1.9.x
* APARs: https://www.ibm.com/support/pages/node/1077159
* READMEs: https://www.ibm.com/support/pages/node/1108473
* https://www.ibm.com/support/pages/node/1107261 (CVE-2018-2025)
* https://www.ibm.com/support/pages/node/1107777 (CVE-2019-4406)
* 8.1.10.x
* APARs: https://www.ibm.com/support/pages/node/6223098
* READMEs: https://www.ibm.com/support/pages/node/6223388
* https://www.ibm.com/support/pages/node/6221448 (CVE-2020-4494, CVE-2020-4406)
* https://www.ibm.com/support/pages/node/6245356 (CVE-2020-2654)
* https://www.ibm.com/support/pages/node/6245366 (CVE-2015-4000)
* 8.1.11.x
* APARs: https://www.ibm.com/support/pages/node/6367203
* READMEs: https://www.ibm.com/support/pages/node/6367205
* https://www.ibm.com/support/pages/node/6371646
* https://www.ibm.com/support/pages/node/6371650
* https://www.ibm.com/support/pages/node/6371652
* 8.1.12.x
* APARs: https://www.ibm.com/support/pages/node/6429561
* READMEs: https://www.ibm.com/support/pages/node/6443671
* https://www.ibm.com/support/pages/node/6445503 (CVE-2021-20532)
* https://www.ibm.com/support/pages/node/6445497 (CVE-2021-29672, CVE-2021-20546)
* https://www.ibm.com/support/pages/node/6445489 (CVE-2020-1971, CVE-2021-23840, CVE-2021-23841)
* https://www.ibm.com/support/pages/node/6445483 (CVE-2020-27221, CVE-2020-14782)
* 8.1.13.x
* APARs: https://www.ibm.com/support/pages/node/6524936
* READMEs: https://www.ibm.com/support/pages/node/6524938
* https://www.ibm.com/support/pages/node/6524706 (CVE-2021-39048)
* https://www.ibm.com/support/pages/node/6524712 (CVE-2021-3712, CVE-2021-3711)
cherry-picked/adapted from https://github.com/NixOS/nixpkgs/pull/138386
| Yarny0 | 2022-01-15 | 1 | -3/+5 |
| | * | tsm-client: update URL structure•••IBM has changed the URL structures of their support web pages.
The commit at hand updates most URLs and
in particular the package update instructions
so they follow the new structure.
It also calculates the source download URL from the
version number, so package updates no longer have to
update the URL in addition to the version string.
cherry-picked from https://github.com/NixOS/nixpkgs/pull/138386
| Yarny0 | 2022-01-15 | 1 | -10/+22 |
| * | | Merge pull request #154727 from ymatsiuk/ymatsiuk/teleport-6.2.26•••[21.05] teleport: 6.1.3 -> 6.2.26 | Renaud | 2022-01-15 | 1 | -4/+4 |
| |\ \
| |/
|/| |
|
| | * | teleport: 6.1.3 -> 6.2.26 | Yurii Matsiuk | 2022-01-12 | 1 | -4/+4 |
| |/ |
|
| * | Merge #153619: hyperscan: fix build (into release-21.05) | Vladimír Čunát | 2022-01-09 | 1 | -1/+9 |
| |\ |
|
| | * | hyperscan: fix build•••(cherry picked from commit 76c1bb81060673f9c2e6991a95f85aa0840758e3)
| Jörg Thalheim | 2022-01-05 | 1 | -1/+9 |
| * | | Merge #153003: unicorn: add patch for CVE-2021-44078•••... into release-21.05
| Vladimír Čunát | 2022-01-09 | 2 | -0/+17 |
| |\ \ |
|
| | * | | unicorn: add patch for CVE-2021-44078 | Robert Scott | 2021-12-31 | 2 | -0/+17 |
| * | | | Merge #152424: mediathekview: CVE-2021-45105 (log4j) mitigation•••... into release-21.05
| Vladimír Čunát | 2022-01-09 | 1 | -2/+5 |
| |\ \ \ |
|
| | * | | | mediathekview: CVE-2021-45105 (log4j) mitigation•••Remove the affected JndiLookup.class until we can update to the lastest
Mediathekview version.
(cherry picked from commit 2a360652e2af41c7afdc4d15b96e187417aebb04)
origin/backport-152261-to-release-21.05 | André-Patrick Bubel | 2021-12-28 | 1 | -2/+5 |
| * | | | | Merge #152460: gegl_0_4: patch CVE-2021-45463 (into release-21.05) | Vladimír Čunát | 2022-01-09 | 1 | -0/+9 |
| |\ \ \ \
| |_|_|/
|/| | | |
|
| | * | | | gegl_0_4: add patch for CVE-2021-45463 | Robert Scott | 2021-12-28 | 1 | -0/+9 |
| | |/ / |
|
| * | | | Merge #152850: staging-next: 21.05 2021-12-31•••Hydra looks OK, only a few thousand x86_64-darwin builds are queued now.
| Vladimír Čunát | 2022-01-03 | 8 | -3/+371 |
| |\ \ \ |
|
| | * \ \ | Merge release-21.05 into staging-next-21.05 | github-actions[bot] | 2022-01-01 | 1 | -1/+3 |
| | |\ \ \ |
|
| | * \ \ \ | Merge pull request #152152 from NixOS/backport-149488-to-staging-21.05 | Martin Weinelt | 2021-12-31 | 4 | -1/+46 |
| | |\ \ \ \ |
|
| | | * | | | | gmp5: add patch for CVE-2021-43618•••(cherry picked from commit 7ba37884e2c504686d465de5cbd500d23072f971)
| Robert Scott | 2021-12-25 | 2 | -1/+25 |
| | | * | | | | gmp: add patch for CVE-2021-43618•••(cherry picked from commit d35c79a419f49277fd4b7e55e69c16607b7a8a65)
| Robert Scott | 2021-12-25 | 2 | -0/+21 |
| | * | | | | | Merge pull request #152831 from risicle/ris-binutils-2.35.2-r21.05 | Martin Weinelt | 2021-12-31 | 1 | -2/+2 |
| | |\ \ \ \ \ |
|
| | | * | | | | | binutils: 2.35.1 → 2.35.2•••CVEs:
- https://nvd.nist.gov/vuln/detail/CVE-2020-35448 (3.3 Low)
- https://nvd.nist.gov/vuln/detail/CVE-2021-20284 (5.5 Medium)
- https://nvd.nist.gov/vuln/detail/CVE-2021-20294 (7.8 High)
(cherry picked from commit f378420360a278e317b6cb14bfce1a305acbbedb)
| Fabián Heredia Montiel | 2021-12-30 | 1 | -2/+2 |
| | * | | | | | | Merge pull request #152353 from risicle/ris-binutils-CVE-2021-3487-CVE-2021-4... | Martin Weinelt | 2021-12-31 | 3 | -0/+314 |
| | |\ \ \ \ \ \ |
|
| | | * | | | | | | binutils: add patch for CVE-2021-45078 (#151658)•••(cherry picked from commit 6a6756ce7ec780ae1ecae79e8a85188c89937981)
| Robert Scott | 2021-12-27 | 2 | -0/+240 |
| | | * | | | | | | binutils: patch CVE-2021-3487•••(cherry picked from commit 745023e01a287d8833b6c95a7a12f675dfef6d45)
| Fabián Heredia Montiel | 2021-12-27 | 2 | -0/+74 |
| | | | |/ / / /
| | |/| | | | |
|
| | * | | | | | | Merge staging-next-21.05 into staging-21.05 | github-actions[bot] | 2021-12-31 | 9 | -19/+19 |
| | |\ \ \ \ \ \
| | |_|/ / / /
| |/| | | | | |
|
| | | * | | | | | Merge release-21.05 into staging-next-21.05 | github-actions[bot] | 2021-12-31 | 9 | -19/+19 |
| | | |\ \ \ \ \
| | | | |_|_|/
| | | |/| | | |
|
| | * | | | | | | Merge staging-next-21.05 into staging-21.05 | github-actions[bot] | 2021-12-29 | 1 | -2/+2 |
| | |\| | | | | |
|
| | | * | | | | | Merge release-21.05 into staging-next-21.05 | github-actions[bot] | 2021-12-29 | 1 | -2/+2 |
| | | |\ \ \ \ \
| | | | |_|_|/
| | | |/| | | |
|
| | * | | | | | | Merge pull request #152359 from risicle/ris-lapack-CVE-2021-4048-r21.05•••[21.05] lapack: add patch for CVE-2021-4048 | Robert Scott | 2021-12-28 | 1 | -0/+9 |
| | |\ \ \ \ \ \ |
|
| | | * | | | | | | lapack: add patch for CVE-2021-4048•••(cherry picked from commit 6d952e40483a6951d585b79070872e81909409a9)
| Robert Scott | 2021-12-27 | 1 | -0/+9 |
| | | | |_|_|/ /
| | |/| | | | |
|
| | * | | | | | | Merge staging-next-21.05 into staging-21.05 | github-actions[bot] | 2021-12-28 | 1 | -7/+5 |
| | |\ \ \ \ \ \
| | |/ / / / /
| |/| / / / /
| | |/ / / / |
|
| | | * | | | | Merge release-21.05 into staging-next-21.05 | github-actions[bot] | 2021-12-28 | 1 | -7/+5 |
| | | |\ \ \ \ |
|
| | * | | | | | | Merge staging-next-21.05 into staging-21.05 | github-actions[bot] | 2021-12-24 | 5 | -406/+406 |
| | |\| | | | | |
|
| | | * | | | | | Merge release-21.05 into staging-next-21.05 | github-actions[bot] | 2021-12-24 | 5 | -406/+406 |
| | | |\ \ \ \ \ |
|
| | * | | | | | | | Merge staging-next-21.05 into staging-21.05 | github-actions[bot] | 2021-12-23 | 1 | -3/+3 |
| | |\| | | | | | |
|
| | | * | | | | | | Merge release-21.05 into staging-next-21.05 | github-actions[bot] | 2021-12-23 | 1 | -3/+3 |
| | | |\ \ \ \ \ \ |
|
