Sync with upstream 2.32.4

.version

@@ -1 +1 @@
-2.32.3
+2.32.4

nix-meson-build-support/common/meson.build

@@ -42,6 +42,26 @@ if cxx.get_id() == 'clang'
   add_project_arguments('-fpch-instantiate-templates', language : 'cpp')
 endif
 
+# Detect if we're using libstdc++ (GCC's standard library)
+# libstdc++ uses Intel TBB as backend for C++17 parallel algorithms when <execution> is included.
+# boost::concurrent_flat_map includes <execution>, which would require linking against TBB.
+# Since we don't actually use parallel algorithms, disable the TBB backend to avoid the dependency.
+# TBB is a dependency of blake3 and leaking into our build environment.
+is_using_libstdcxx = cxx.compiles(
+  '''
+  #include <ciso646>
+  #ifndef __GLIBCXX__
+  #error "not libstdc++"
+  #endif
+  int main() { return 0; }
+''',
+  name : 'using libstdc++',
+)
+
+if is_using_libstdcxx
+  add_project_arguments('-D_GLIBCXX_USE_TBB_PAR_BACKEND=0', language : 'cpp')
+endif
+
 # Darwin ld doesn't like "X.Y.ZpreABCD+W"
 nix_soversion = meson.project_version().split('+')[0].split('pre')[0]
 

src/libexpr/primops.cc

@@ -2005,8 +2005,13 @@ static void prim_dirOf(EvalState & state, const PosIdx pos, Value ** args, Value
         NixStringContext context;
         auto path = state.coerceToString(
             pos, *args[0], context, "while evaluating the first argument passed to 'builtins.dirOf'", false, false);
-        auto dir = dirOf(*path);
-        v.mkString(dir, context);
+        auto pos = path->rfind('/');
+        if (pos == path->npos)
+            v.mkStringMove(".", context);
+        else if (pos == 0)
+            v.mkStringMove("/", context);
+        else
+            v.mkString(path->substr(0, pos), context);
     }
 }
 

src/libstore/include/nix/store/restricted-store.hh

@@ -52,7 +52,21 @@ struct RestrictionContext
      * Add 'path' to the set of paths that may be referenced by the
      * outputs, and make it appear in the sandbox.
      */
-    virtual void addDependency(const StorePath & path) = 0;
+    void addDependency(const StorePath & path)
+    {
+        if (isAllowed(path))
+            return;
+        addDependencyImpl(path);
+    }
+
+protected:
+
+    /**
+     * This is the underlying implementation to be defined. The caller
+     * will ensure that this is only called on newly added dependencies,
+     * and that idempotent calls are a no-op.
+     */
+    virtual void addDependencyImpl(const StorePath & path) = 0;
 };
 
 /**

src/libstore/unix/build/derivation-builder.cc

@@ -325,7 +325,7 @@ class DerivationBuilderImpl : public DerivationBuilder, public DerivationBuilder
 
 protected:
 
-    void addDependency(const StorePath & path) override;
+    void addDependencyImpl(const StorePath & path) override;
 
     /**
      * Make a file owned by the builder.
@@ -1186,11 +1186,8 @@ void DerivationBuilderImpl::stopDaemon()
     daemonSocket.close();
 }
 
-void DerivationBuilderImpl::addDependency(const StorePath & path)
+void DerivationBuilderImpl::addDependencyImpl(const StorePath & path)
 {
-    if (isAllowed(path))
-        return;
-
     addedPaths.insert(path);
 }
 

src/libstore/unix/build/linux-derivation-builder.cc

@@ -703,8 +703,11 @@ struct ChrootLinuxDerivationBuilder : ChrootDerivationBuilder, LinuxDerivationBu
         DerivationBuilderImpl::killSandbox(getStats);
     }
 
-    void addDependency(const StorePath & path) override
+    void addDependencyImpl(const StorePath & path) override
     {
+        if (isAllowed(path))
+            return;
+
         auto [source, target] = ChrootDerivationBuilder::addDependencyPrep(path);
 
         /* Bind-mount the path into the sandbox. This requires

tests/functional/lang/eval-okay-builtins-dirOf.exp

@@ -0,0 +1 @@
+{ pathDoesntExistNested1 = /totallydoesntexistreally; pathDoesntExistNested2 = /totallydoesntexistreally/subdir1; pathDoesntExistRoot = /; pathRoot = /; stringEmpty = "."; stringMultipleSeps = "a//"; stringNoSep = "."; stringRoot = "/"; stringRootA = "/"; stringRootSlash = "/"; stringRootSlashSlash = "//"; stringSingleDir = "a"; stringWithDot = "a/b/c/."; stringWithDotAndDotDot = "a/b/c/../."; stringWithDotAndDotDotSep2 = "a/b/c/.././"; stringWithDotDot = "a/b/c/.."; stringWithDotDotSep2 = "a/b/c/../"; stringWithDotSep2 = "a/b/c/./"; }

tests/functional/lang/eval-okay-builtins-dirOf.nix

@@ -0,0 +1,21 @@
+{
+  stringEmpty = dirOf "";
+  stringNoSep = dirOf "filename";
+  stringSingleDir = dirOf "a/b";
+  stringMultipleSeps = dirOf "a///b";
+  stringRoot = dirOf "/";
+  stringRootSlash = dirOf "//";
+  stringRootSlashSlash = dirOf "///";
+  stringRootA = dirOf "/a";
+  stringWithDot = dirOf "a/b/c/./d";
+  stringWithDotSep2 = dirOf "a/b/c/.//d";
+  stringWithDotDot = dirOf "a/b/c/../d";
+  stringWithDotDotSep2 = dirOf "a/b/c/..//d";
+  stringWithDotAndDotDot = dirOf "a/b/c/.././d";
+  stringWithDotAndDotDotSep2 = dirOf "a/b/c/.././/d";
+
+  pathRoot = dirOf /.;
+  pathDoesntExistRoot = dirOf /totallydoesntexistreally;
+  pathDoesntExistNested1 = dirOf /totallydoesntexistreally/subdir1;
+  pathDoesntExistNested2 = dirOf /totallydoesntexistreally/subdir1/subdir2;
+}