libfetchers: Fix fetchGit with ref = "HEAD"#14672
Merged
Ericson2314 merged 1 commit intomasterfrom Nov 30, 2025
Merged
Conversation
This seems to have been broken in ee9fa0d. Adding the HEAD:HEAD refspec looks like the correct solution. Suggested-by: hxtmdev on github
xokdvium
added
backport 2.28-maintenance
github-actions
bot
added
with-tests
2 tasks
Ericson2314
approved these changes
Nov 30, 2025
|
Backport failed for Please cherry-pick the changes locally and resolve any conflicts. git fetch origin 2.28-maintenance
git worktree add -d .worktree/backport-14672-to-2.28-maintenance origin/2.28-maintenance
cd .worktree/backport-14672-to-2.28-maintenance
git switch --create backport-14672-to-2.28-maintenance
git cherry-pick -x 18f3598d57f2c2863966fda36fb8fa82f45ff370 |
|
Backport failed for Please cherry-pick the changes locally and resolve any conflicts. git fetch origin 2.30-maintenance
git worktree add -d .worktree/backport-14672-to-2.30-maintenance origin/2.30-maintenance
cd .worktree/backport-14672-to-2.30-maintenance
git switch --create backport-14672-to-2.30-maintenance
git cherry-pick -x 18f3598d57f2c2863966fda36fb8fa82f45ff370 |
|
Backport failed for Please cherry-pick the changes locally and resolve any conflicts. git fetch origin 2.31-maintenance
git worktree add -d .worktree/backport-14672-to-2.31-maintenance origin/2.31-maintenance
cd .worktree/backport-14672-to-2.31-maintenance
git switch --create backport-14672-to-2.31-maintenance
git cherry-pick -x 18f3598d57f2c2863966fda36fb8fa82f45ff370 |
|
Successfully created backport PR for |
Merged
philiptaron
added a commit
to philiptaron/nixpkgs
that referenced
this pull request
Jan 5, 2026
- **Fix heap-use-after-free crash under high build load** ([NixOS#14772](NixOS/nix#14772)) Fixed a daemon segfault that could occur under high build load. The issue was caused by the `initialOutputs` field referencing data from an activation frame that had gone out of scope during coroutine tail-call optimization in the build scheduler. - **Fix segfault when querying non-existent derivation files** ([NixOS#14571](NixOS/nix#14571), [NixOS#14572](NixOS/nix#14572)) Running `nix derivation show /nix/store/...-doesnotexist.drv` would crash with a segfault. Now properly returns an "invalid store path" error. - **Fix RestrictedStore::addDependency crash** ([NixOS#14729](NixOS/nix#14729)) Fixed a crash caused by incorrect non-virtual interface pattern implementation that led to bad recursion/UB in `addDependencyPrep`. - **Fix "dynamic attributes not allowed in let" regression** ([NixOS#14642](NixOS/nix#14642), [NixOS#14646](NixOS/nix#14646)) Expressions like `let a = 1; "b" = 2; ${"c"} = 3; in [ a b c ]` that worked in 2.30 would incorrectly fail in 2.32.x. This was caused by the ExprString arena optimization, which has been reverted. - **Fix fetchGit with `ref = "HEAD"` regression** ([NixOS#13948](NixOS/nix#13948), [NixOS#14672](NixOS/nix#14672)) `fetchGit { url = "..."; ref = "HEAD"; }` was broken and returned "revspec 'HEAD' not found". - **Fix unnecessary substituter queries** ([NixOS#14836](NixOS/nix#14836), [NixOS#14837](NixOS/nix#14837)) Fixed a regression where Nix would query all substituters (including `cache.nixos.org`) even when a higher-priority local substituter already had the path. This caused unnecessary network traffic. - **Fix curl with c-ares failing DNS resolution in macOS sandbox** ([NixOS#14792](NixOS/nix#14792)) When curl is built with c-ares (as in recent nixpkgs), DNS resolution would fail inside the Nix build sandbox on macOS with "Could not contact DNS servers". - **Fix file system race conditions in store optimization** ([NixOS#14676](NixOS/nix#14676), [NixOS#7273](NixOS/nix#7273)) Multiple fixes to `optimizePath_`: - Actually call `remove()` when `rename()` fails - Propagate error codes in `createSymlink()` - Make `AutoDelete` non-copyable and non-movable to prevent use-after-free - **Include path in world-writable error messages** ([NixOS#14785](NixOS/nix#14785)) The error message for world-writable directory checks now includes the specific path that failed, making debugging easier. - **Documentation: correct `build-dir` error information** ([NixOS#14745](NixOS/nix#14745)) Fixed out-of-date information in the manual about `build-dir` errors and added links to relevant settings. - CI improvements: added `upload-release.yml` workflow, improved Docker push workflow configurability, updated magic-nix-cache with post-build-hook fix - Documented maintainer git tag signing process - Fixed lowdown override compatibility with newer nixpkgs - Removed mdbook-linkcheck and added support for mdbook 0.5.x - Remove static data from headers to fix compilation issues --- Diff: NixOS/nix@2.32.4...2.32.5
philiptaron
added a commit
to philiptaron/nixpkgs
that referenced
this pull request
Jan 5, 2026
# Changelog: Nix 2.32.5 ## Bug Fixes ### Critical Crashes Fixed - **Fix heap-use-after-free crash under high build load** ([NixOS#14772](NixOS/nix#14772)) Fixed a daemon segfault that could occur under high build load. The issue was caused by the `initialOutputs` field referencing data from an activation frame that had gone out of scope during coroutine tail-call optimization in the build scheduler. - **Fix segfault when querying non-existent derivation files** ([NixOS#14571](NixOS/nix#14571), [NixOS#14572](NixOS/nix#14572)) Running `nix derivation show /nix/store/...-doesnotexist.drv` would crash with a segfault. Now properly returns an "invalid store path" error. - **Fix RestrictedStore::addDependency crash** ([NixOS#14729](NixOS/nix#14729)) Fixed a crash caused by incorrect non-virtual interface pattern implementation that led to bad recursion/UB in `addDependencyPrep`. ### Regressions Fixed - **Fix "dynamic attributes not allowed in let" regression** ([NixOS#14642](NixOS/nix#14642), [NixOS#14646](NixOS/nix#14646)) Expressions like `let a = 1; "b" = 2; ${"c"} = 3; in [ a b c ]` that worked in 2.30 would incorrectly fail in 2.32.x. This was caused by the ExprString arena optimization, which has been reverted. - **Fix fetchGit with `ref = "HEAD"` regression** ([NixOS#13948](NixOS/nix#13948), [NixOS#14672](NixOS/nix#14672)) `fetchGit { url = "..."; ref = "HEAD"; }` was broken and returned "revspec 'HEAD' not found". - **Fix unnecessary substituter queries** ([NixOS#14836](NixOS/nix#14836), [NixOS#14837](NixOS/nix#14837)) Fixed a regression where Nix would query all substituters (including `cache.nixos.org`) even when a higher-priority local substituter already had the path. This caused unnecessary network traffic. ### Platform-Specific Fixes - **Fix curl with c-ares failing DNS resolution in macOS sandbox** ([NixOS#14792](NixOS/nix#14792)) When curl is built with c-ares (as in recent nixpkgs), DNS resolution would fail inside the Nix build sandbox on macOS with "Could not contact DNS servers". ### Store & File System Fixes - **Fix file system race conditions in store optimization** ([NixOS#14676](NixOS/nix#14676), [NixOS#7273](NixOS/nix#7273)) Multiple fixes to `optimizePath_`: - Actually call `remove()` when `rename()` fails - Propagate error codes in `createSymlink()` - Make `AutoDelete` non-copyable and non-movable to prevent use-after-free ## Improvements - **Include path in world-writable error messages** ([NixOS#14785](NixOS/nix#14785)) The error message for world-writable directory checks now includes the specific path that failed, making debugging easier. - **Documentation: correct `build-dir` error information** ([NixOS#14745](NixOS/nix#14745)) Fixed out-of-date information in the manual about `build-dir` errors and added links to relevant settings. ## Maintenance - CI improvements: added `upload-release.yml` workflow, improved Docker push workflow configurability, updated magic-nix-cache with post-build-hook fix - Documented maintainer git tag signing process - Fixed lowdown override compatibility with newer nixpkgs - Removed mdbook-linkcheck and added support for mdbook 0.5.x - Remove static data from headers to fix compilation issues - **Fix heap-use-after-free crash under high build load** ([NixOS#14772](NixOS/nix#14772)) --- Diff: NixOS/nix@2.32.4...2.32.5
13 tasks
vdemeester
pushed a commit
to vdemeester/nixpkgs
that referenced
this pull request
Jan 8, 2026
# Changelog: Nix 2.32.5 ## Bug Fixes ### Critical Crashes Fixed - **Fix heap-use-after-free crash under high build load** ([NixOS#14772](NixOS/nix#14772)) Fixed a daemon segfault that could occur under high build load. The issue was caused by the `initialOutputs` field referencing data from an activation frame that had gone out of scope during coroutine tail-call optimization in the build scheduler. - **Fix segfault when querying non-existent derivation files** ([NixOS#14571](NixOS/nix#14571), [NixOS#14572](NixOS/nix#14572)) Running `nix derivation show /nix/store/...-doesnotexist.drv` would crash with a segfault. Now properly returns an "invalid store path" error. - **Fix RestrictedStore::addDependency crash** ([NixOS#14729](NixOS/nix#14729)) Fixed a crash caused by incorrect non-virtual interface pattern implementation that led to bad recursion/UB in `addDependencyPrep`. ### Regressions Fixed - **Fix "dynamic attributes not allowed in let" regression** ([NixOS#14642](NixOS/nix#14642), [NixOS#14646](NixOS/nix#14646)) Expressions like `let a = 1; "b" = 2; ${"c"} = 3; in [ a b c ]` that worked in 2.30 would incorrectly fail in 2.32.x. This was caused by the ExprString arena optimization, which has been reverted. - **Fix fetchGit with `ref = "HEAD"` regression** ([NixOS#13948](NixOS/nix#13948), [NixOS#14672](NixOS/nix#14672)) `fetchGit { url = "..."; ref = "HEAD"; }` was broken and returned "revspec 'HEAD' not found". - **Fix unnecessary substituter queries** ([NixOS#14836](NixOS/nix#14836), [NixOS#14837](NixOS/nix#14837)) Fixed a regression where Nix would query all substituters (including `cache.nixos.org`) even when a higher-priority local substituter already had the path. This caused unnecessary network traffic. ### Platform-Specific Fixes - **Fix curl with c-ares failing DNS resolution in macOS sandbox** ([NixOS#14792](NixOS/nix#14792)) When curl is built with c-ares (as in recent nixpkgs), DNS resolution would fail inside the Nix build sandbox on macOS with "Could not contact DNS servers". ### Store & File System Fixes - **Fix file system race conditions in store optimization** ([NixOS#14676](NixOS/nix#14676), [NixOS#7273](NixOS/nix#7273)) Multiple fixes to `optimizePath_`: - Actually call `remove()` when `rename()` fails - Propagate error codes in `createSymlink()` - Make `AutoDelete` non-copyable and non-movable to prevent use-after-free ## Improvements - **Include path in world-writable error messages** ([NixOS#14785](NixOS/nix#14785)) The error message for world-writable directory checks now includes the specific path that failed, making debugging easier. - **Documentation: correct `build-dir` error information** ([NixOS#14745](NixOS/nix#14745)) Fixed out-of-date information in the manual about `build-dir` errors and added links to relevant settings. ## Maintenance - CI improvements: added `upload-release.yml` workflow, improved Docker push workflow configurability, updated magic-nix-cache with post-build-hook fix - Documented maintainer git tag signing process - Fixed lowdown override compatibility with newer nixpkgs - Removed mdbook-linkcheck and added support for mdbook 0.5.x - Remove static data from headers to fix compilation issues - **Fix heap-use-after-free crash under high build load** ([NixOS#14772](NixOS/nix#14772)) --- Diff: NixOS/nix@2.32.4...2.32.5
vdemeester
pushed a commit
to vdemeester/nixpkgs
that referenced
this pull request
Jan 9, 2026
# Changelog: Nix 2.32.5 ## Bug Fixes ### Critical Crashes Fixed - **Fix heap-use-after-free crash under high build load** ([NixOS#14772](NixOS/nix#14772)) Fixed a daemon segfault that could occur under high build load. The issue was caused by the `initialOutputs` field referencing data from an activation frame that had gone out of scope during coroutine tail-call optimization in the build scheduler. - **Fix segfault when querying non-existent derivation files** ([NixOS#14571](NixOS/nix#14571), [NixOS#14572](NixOS/nix#14572)) Running `nix derivation show /nix/store/...-doesnotexist.drv` would crash with a segfault. Now properly returns an "invalid store path" error. - **Fix RestrictedStore::addDependency crash** ([NixOS#14729](NixOS/nix#14729)) Fixed a crash caused by incorrect non-virtual interface pattern implementation that led to bad recursion/UB in `addDependencyPrep`. ### Regressions Fixed - **Fix "dynamic attributes not allowed in let" regression** ([NixOS#14642](NixOS/nix#14642), [NixOS#14646](NixOS/nix#14646)) Expressions like `let a = 1; "b" = 2; ${"c"} = 3; in [ a b c ]` that worked in 2.30 would incorrectly fail in 2.32.x. This was caused by the ExprString arena optimization, which has been reverted. - **Fix fetchGit with `ref = "HEAD"` regression** ([NixOS#13948](NixOS/nix#13948), [NixOS#14672](NixOS/nix#14672)) `fetchGit { url = "..."; ref = "HEAD"; }` was broken and returned "revspec 'HEAD' not found". - **Fix unnecessary substituter queries** ([NixOS#14836](NixOS/nix#14836), [NixOS#14837](NixOS/nix#14837)) Fixed a regression where Nix would query all substituters (including `cache.nixos.org`) even when a higher-priority local substituter already had the path. This caused unnecessary network traffic. ### Platform-Specific Fixes - **Fix curl with c-ares failing DNS resolution in macOS sandbox** ([NixOS#14792](NixOS/nix#14792)) When curl is built with c-ares (as in recent nixpkgs), DNS resolution would fail inside the Nix build sandbox on macOS with "Could not contact DNS servers". ### Store & File System Fixes - **Fix file system race conditions in store optimization** ([NixOS#14676](NixOS/nix#14676), [NixOS#7273](NixOS/nix#7273)) Multiple fixes to `optimizePath_`: - Actually call `remove()` when `rename()` fails - Propagate error codes in `createSymlink()` - Make `AutoDelete` non-copyable and non-movable to prevent use-after-free ## Improvements - **Include path in world-writable error messages** ([NixOS#14785](NixOS/nix#14785)) The error message for world-writable directory checks now includes the specific path that failed, making debugging easier. - **Documentation: correct `build-dir` error information** ([NixOS#14745](NixOS/nix#14745)) Fixed out-of-date information in the manual about `build-dir` errors and added links to relevant settings. ## Maintenance - CI improvements: added `upload-release.yml` workflow, improved Docker push workflow configurability, updated magic-nix-cache with post-build-hook fix - Documented maintainer git tag signing process - Fixed lowdown override compatibility with newer nixpkgs - Removed mdbook-linkcheck and added support for mdbook 0.5.x - Remove static data from headers to fix compilation issues - **Fix heap-use-after-free crash under high build load** ([NixOS#14772](NixOS/nix#14772)) --- Diff: NixOS/nix@2.32.4...2.32.5
vdemeester
pushed a commit
to vdemeester/nixpkgs
that referenced
this pull request
Jan 10, 2026
# Changelog: Nix 2.32.5 ## Bug Fixes ### Critical Crashes Fixed - **Fix heap-use-after-free crash under high build load** ([NixOS#14772](NixOS/nix#14772)) Fixed a daemon segfault that could occur under high build load. The issue was caused by the `initialOutputs` field referencing data from an activation frame that had gone out of scope during coroutine tail-call optimization in the build scheduler. - **Fix segfault when querying non-existent derivation files** ([NixOS#14571](NixOS/nix#14571), [NixOS#14572](NixOS/nix#14572)) Running `nix derivation show /nix/store/...-doesnotexist.drv` would crash with a segfault. Now properly returns an "invalid store path" error. - **Fix RestrictedStore::addDependency crash** ([NixOS#14729](NixOS/nix#14729)) Fixed a crash caused by incorrect non-virtual interface pattern implementation that led to bad recursion/UB in `addDependencyPrep`. ### Regressions Fixed - **Fix "dynamic attributes not allowed in let" regression** ([NixOS#14642](NixOS/nix#14642), [NixOS#14646](NixOS/nix#14646)) Expressions like `let a = 1; "b" = 2; ${"c"} = 3; in [ a b c ]` that worked in 2.30 would incorrectly fail in 2.32.x. This was caused by the ExprString arena optimization, which has been reverted. - **Fix fetchGit with `ref = "HEAD"` regression** ([NixOS#13948](NixOS/nix#13948), [NixOS#14672](NixOS/nix#14672)) `fetchGit { url = "..."; ref = "HEAD"; }` was broken and returned "revspec 'HEAD' not found". - **Fix unnecessary substituter queries** ([NixOS#14836](NixOS/nix#14836), [NixOS#14837](NixOS/nix#14837)) Fixed a regression where Nix would query all substituters (including `cache.nixos.org`) even when a higher-priority local substituter already had the path. This caused unnecessary network traffic. ### Platform-Specific Fixes - **Fix curl with c-ares failing DNS resolution in macOS sandbox** ([NixOS#14792](NixOS/nix#14792)) When curl is built with c-ares (as in recent nixpkgs), DNS resolution would fail inside the Nix build sandbox on macOS with "Could not contact DNS servers". ### Store & File System Fixes - **Fix file system race conditions in store optimization** ([NixOS#14676](NixOS/nix#14676), [NixOS#7273](NixOS/nix#7273)) Multiple fixes to `optimizePath_`: - Actually call `remove()` when `rename()` fails - Propagate error codes in `createSymlink()` - Make `AutoDelete` non-copyable and non-movable to prevent use-after-free ## Improvements - **Include path in world-writable error messages** ([NixOS#14785](NixOS/nix#14785)) The error message for world-writable directory checks now includes the specific path that failed, making debugging easier. - **Documentation: correct `build-dir` error information** ([NixOS#14745](NixOS/nix#14745)) Fixed out-of-date information in the manual about `build-dir` errors and added links to relevant settings. ## Maintenance - CI improvements: added `upload-release.yml` workflow, improved Docker push workflow configurability, updated magic-nix-cache with post-build-hook fix - Documented maintainer git tag signing process - Fixed lowdown override compatibility with newer nixpkgs - Removed mdbook-linkcheck and added support for mdbook 0.5.x - Remove static data from headers to fix compilation issues - **Fix heap-use-after-free crash under high build load** ([NixOS#14772](NixOS/nix#14772)) --- Diff: NixOS/nix@2.32.4...2.32.5
vdemeester
pushed a commit
to vdemeester/nixpkgs
that referenced
this pull request
Jan 11, 2026
# Changelog: Nix 2.32.5 ## Bug Fixes ### Critical Crashes Fixed - **Fix heap-use-after-free crash under high build load** ([NixOS#14772](NixOS/nix#14772)) Fixed a daemon segfault that could occur under high build load. The issue was caused by the `initialOutputs` field referencing data from an activation frame that had gone out of scope during coroutine tail-call optimization in the build scheduler. - **Fix segfault when querying non-existent derivation files** ([NixOS#14571](NixOS/nix#14571), [NixOS#14572](NixOS/nix#14572)) Running `nix derivation show /nix/store/...-doesnotexist.drv` would crash with a segfault. Now properly returns an "invalid store path" error. - **Fix RestrictedStore::addDependency crash** ([NixOS#14729](NixOS/nix#14729)) Fixed a crash caused by incorrect non-virtual interface pattern implementation that led to bad recursion/UB in `addDependencyPrep`. ### Regressions Fixed - **Fix "dynamic attributes not allowed in let" regression** ([NixOS#14642](NixOS/nix#14642), [NixOS#14646](NixOS/nix#14646)) Expressions like `let a = 1; "b" = 2; ${"c"} = 3; in [ a b c ]` that worked in 2.30 would incorrectly fail in 2.32.x. This was caused by the ExprString arena optimization, which has been reverted. - **Fix fetchGit with `ref = "HEAD"` regression** ([NixOS#13948](NixOS/nix#13948), [NixOS#14672](NixOS/nix#14672)) `fetchGit { url = "..."; ref = "HEAD"; }` was broken and returned "revspec 'HEAD' not found". - **Fix unnecessary substituter queries** ([NixOS#14836](NixOS/nix#14836), [NixOS#14837](NixOS/nix#14837)) Fixed a regression where Nix would query all substituters (including `cache.nixos.org`) even when a higher-priority local substituter already had the path. This caused unnecessary network traffic. ### Platform-Specific Fixes - **Fix curl with c-ares failing DNS resolution in macOS sandbox** ([NixOS#14792](NixOS/nix#14792)) When curl is built with c-ares (as in recent nixpkgs), DNS resolution would fail inside the Nix build sandbox on macOS with "Could not contact DNS servers". ### Store & File System Fixes - **Fix file system race conditions in store optimization** ([NixOS#14676](NixOS/nix#14676), [NixOS#7273](NixOS/nix#7273)) Multiple fixes to `optimizePath_`: - Actually call `remove()` when `rename()` fails - Propagate error codes in `createSymlink()` - Make `AutoDelete` non-copyable and non-movable to prevent use-after-free ## Improvements - **Include path in world-writable error messages** ([NixOS#14785](NixOS/nix#14785)) The error message for world-writable directory checks now includes the specific path that failed, making debugging easier. - **Documentation: correct `build-dir` error information** ([NixOS#14745](NixOS/nix#14745)) Fixed out-of-date information in the manual about `build-dir` errors and added links to relevant settings. ## Maintenance - CI improvements: added `upload-release.yml` workflow, improved Docker push workflow configurability, updated magic-nix-cache with post-build-hook fix - Documented maintainer git tag signing process - Fixed lowdown override compatibility with newer nixpkgs - Removed mdbook-linkcheck and added support for mdbook 0.5.x - Remove static data from headers to fix compilation issues - **Fix heap-use-after-free crash under high build load** ([NixOS#14772](NixOS/nix#14772)) --- Diff: NixOS/nix@2.32.4...2.32.5
vdemeester
pushed a commit
to vdemeester/nixpkgs
that referenced
this pull request
Jan 12, 2026
# Changelog: Nix 2.32.5 ## Bug Fixes ### Critical Crashes Fixed - **Fix heap-use-after-free crash under high build load** ([NixOS#14772](NixOS/nix#14772)) Fixed a daemon segfault that could occur under high build load. The issue was caused by the `initialOutputs` field referencing data from an activation frame that had gone out of scope during coroutine tail-call optimization in the build scheduler. - **Fix segfault when querying non-existent derivation files** ([NixOS#14571](NixOS/nix#14571), [NixOS#14572](NixOS/nix#14572)) Running `nix derivation show /nix/store/...-doesnotexist.drv` would crash with a segfault. Now properly returns an "invalid store path" error. - **Fix RestrictedStore::addDependency crash** ([NixOS#14729](NixOS/nix#14729)) Fixed a crash caused by incorrect non-virtual interface pattern implementation that led to bad recursion/UB in `addDependencyPrep`. ### Regressions Fixed - **Fix "dynamic attributes not allowed in let" regression** ([NixOS#14642](NixOS/nix#14642), [NixOS#14646](NixOS/nix#14646)) Expressions like `let a = 1; "b" = 2; ${"c"} = 3; in [ a b c ]` that worked in 2.30 would incorrectly fail in 2.32.x. This was caused by the ExprString arena optimization, which has been reverted. - **Fix fetchGit with `ref = "HEAD"` regression** ([NixOS#13948](NixOS/nix#13948), [NixOS#14672](NixOS/nix#14672)) `fetchGit { url = "..."; ref = "HEAD"; }` was broken and returned "revspec 'HEAD' not found". - **Fix unnecessary substituter queries** ([NixOS#14836](NixOS/nix#14836), [NixOS#14837](NixOS/nix#14837)) Fixed a regression where Nix would query all substituters (including `cache.nixos.org`) even when a higher-priority local substituter already had the path. This caused unnecessary network traffic. ### Platform-Specific Fixes - **Fix curl with c-ares failing DNS resolution in macOS sandbox** ([NixOS#14792](NixOS/nix#14792)) When curl is built with c-ares (as in recent nixpkgs), DNS resolution would fail inside the Nix build sandbox on macOS with "Could not contact DNS servers". ### Store & File System Fixes - **Fix file system race conditions in store optimization** ([NixOS#14676](NixOS/nix#14676), [NixOS#7273](NixOS/nix#7273)) Multiple fixes to `optimizePath_`: - Actually call `remove()` when `rename()` fails - Propagate error codes in `createSymlink()` - Make `AutoDelete` non-copyable and non-movable to prevent use-after-free ## Improvements - **Include path in world-writable error messages** ([NixOS#14785](NixOS/nix#14785)) The error message for world-writable directory checks now includes the specific path that failed, making debugging easier. - **Documentation: correct `build-dir` error information** ([NixOS#14745](NixOS/nix#14745)) Fixed out-of-date information in the manual about `build-dir` errors and added links to relevant settings. ## Maintenance - CI improvements: added `upload-release.yml` workflow, improved Docker push workflow configurability, updated magic-nix-cache with post-build-hook fix - Documented maintainer git tag signing process - Fixed lowdown override compatibility with newer nixpkgs - Removed mdbook-linkcheck and added support for mdbook 0.5.x - Remove static data from headers to fix compilation issues - **Fix heap-use-after-free crash under high build load** ([NixOS#14772](NixOS/nix#14772)) --- Diff: NixOS/nix@2.32.4...2.32.5
vdemeester
pushed a commit
to vdemeester/nixpkgs
that referenced
this pull request
Jan 13, 2026
# Changelog: Nix 2.32.5 ## Bug Fixes ### Critical Crashes Fixed - **Fix heap-use-after-free crash under high build load** ([NixOS#14772](NixOS/nix#14772)) Fixed a daemon segfault that could occur under high build load. The issue was caused by the `initialOutputs` field referencing data from an activation frame that had gone out of scope during coroutine tail-call optimization in the build scheduler. - **Fix segfault when querying non-existent derivation files** ([NixOS#14571](NixOS/nix#14571), [NixOS#14572](NixOS/nix#14572)) Running `nix derivation show /nix/store/...-doesnotexist.drv` would crash with a segfault. Now properly returns an "invalid store path" error. - **Fix RestrictedStore::addDependency crash** ([NixOS#14729](NixOS/nix#14729)) Fixed a crash caused by incorrect non-virtual interface pattern implementation that led to bad recursion/UB in `addDependencyPrep`. ### Regressions Fixed - **Fix "dynamic attributes not allowed in let" regression** ([NixOS#14642](NixOS/nix#14642), [NixOS#14646](NixOS/nix#14646)) Expressions like `let a = 1; "b" = 2; ${"c"} = 3; in [ a b c ]` that worked in 2.30 would incorrectly fail in 2.32.x. This was caused by the ExprString arena optimization, which has been reverted. - **Fix fetchGit with `ref = "HEAD"` regression** ([NixOS#13948](NixOS/nix#13948), [NixOS#14672](NixOS/nix#14672)) `fetchGit { url = "..."; ref = "HEAD"; }` was broken and returned "revspec 'HEAD' not found". - **Fix unnecessary substituter queries** ([NixOS#14836](NixOS/nix#14836), [NixOS#14837](NixOS/nix#14837)) Fixed a regression where Nix would query all substituters (including `cache.nixos.org`) even when a higher-priority local substituter already had the path. This caused unnecessary network traffic. ### Platform-Specific Fixes - **Fix curl with c-ares failing DNS resolution in macOS sandbox** ([NixOS#14792](NixOS/nix#14792)) When curl is built with c-ares (as in recent nixpkgs), DNS resolution would fail inside the Nix build sandbox on macOS with "Could not contact DNS servers". ### Store & File System Fixes - **Fix file system race conditions in store optimization** ([NixOS#14676](NixOS/nix#14676), [NixOS#7273](NixOS/nix#7273)) Multiple fixes to `optimizePath_`: - Actually call `remove()` when `rename()` fails - Propagate error codes in `createSymlink()` - Make `AutoDelete` non-copyable and non-movable to prevent use-after-free ## Improvements - **Include path in world-writable error messages** ([NixOS#14785](NixOS/nix#14785)) The error message for world-writable directory checks now includes the specific path that failed, making debugging easier. - **Documentation: correct `build-dir` error information** ([NixOS#14745](NixOS/nix#14745)) Fixed out-of-date information in the manual about `build-dir` errors and added links to relevant settings. ## Maintenance - CI improvements: added `upload-release.yml` workflow, improved Docker push workflow configurability, updated magic-nix-cache with post-build-hook fix - Documented maintainer git tag signing process - Fixed lowdown override compatibility with newer nixpkgs - Removed mdbook-linkcheck and added support for mdbook 0.5.x - Remove static data from headers to fix compilation issues - **Fix heap-use-after-free crash under high build load** ([NixOS#14772](NixOS/nix#14772)) --- Diff: NixOS/nix@2.32.4...2.32.5
vdemeester
pushed a commit
to vdemeester/nixpkgs
that referenced
this pull request
Jan 14, 2026
# Changelog: Nix 2.32.5 ## Bug Fixes ### Critical Crashes Fixed - **Fix heap-use-after-free crash under high build load** ([NixOS#14772](NixOS/nix#14772)) Fixed a daemon segfault that could occur under high build load. The issue was caused by the `initialOutputs` field referencing data from an activation frame that had gone out of scope during coroutine tail-call optimization in the build scheduler. - **Fix segfault when querying non-existent derivation files** ([NixOS#14571](NixOS/nix#14571), [NixOS#14572](NixOS/nix#14572)) Running `nix derivation show /nix/store/...-doesnotexist.drv` would crash with a segfault. Now properly returns an "invalid store path" error. - **Fix RestrictedStore::addDependency crash** ([NixOS#14729](NixOS/nix#14729)) Fixed a crash caused by incorrect non-virtual interface pattern implementation that led to bad recursion/UB in `addDependencyPrep`. ### Regressions Fixed - **Fix "dynamic attributes not allowed in let" regression** ([NixOS#14642](NixOS/nix#14642), [NixOS#14646](NixOS/nix#14646)) Expressions like `let a = 1; "b" = 2; ${"c"} = 3; in [ a b c ]` that worked in 2.30 would incorrectly fail in 2.32.x. This was caused by the ExprString arena optimization, which has been reverted. - **Fix fetchGit with `ref = "HEAD"` regression** ([NixOS#13948](NixOS/nix#13948), [NixOS#14672](NixOS/nix#14672)) `fetchGit { url = "..."; ref = "HEAD"; }` was broken and returned "revspec 'HEAD' not found". - **Fix unnecessary substituter queries** ([NixOS#14836](NixOS/nix#14836), [NixOS#14837](NixOS/nix#14837)) Fixed a regression where Nix would query all substituters (including `cache.nixos.org`) even when a higher-priority local substituter already had the path. This caused unnecessary network traffic. ### Platform-Specific Fixes - **Fix curl with c-ares failing DNS resolution in macOS sandbox** ([NixOS#14792](NixOS/nix#14792)) When curl is built with c-ares (as in recent nixpkgs), DNS resolution would fail inside the Nix build sandbox on macOS with "Could not contact DNS servers". ### Store & File System Fixes - **Fix file system race conditions in store optimization** ([NixOS#14676](NixOS/nix#14676), [NixOS#7273](NixOS/nix#7273)) Multiple fixes to `optimizePath_`: - Actually call `remove()` when `rename()` fails - Propagate error codes in `createSymlink()` - Make `AutoDelete` non-copyable and non-movable to prevent use-after-free ## Improvements - **Include path in world-writable error messages** ([NixOS#14785](NixOS/nix#14785)) The error message for world-writable directory checks now includes the specific path that failed, making debugging easier. - **Documentation: correct `build-dir` error information** ([NixOS#14745](NixOS/nix#14745)) Fixed out-of-date information in the manual about `build-dir` errors and added links to relevant settings. ## Maintenance - CI improvements: added `upload-release.yml` workflow, improved Docker push workflow configurability, updated magic-nix-cache with post-build-hook fix - Documented maintainer git tag signing process - Fixed lowdown override compatibility with newer nixpkgs - Removed mdbook-linkcheck and added support for mdbook 0.5.x - Remove static data from headers to fix compilation issues - **Fix heap-use-after-free crash under high build load** ([NixOS#14772](NixOS/nix#14772)) --- Diff: NixOS/nix@2.32.4...2.32.5
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Motivation
This seems to have been broken in ee9fa0d. Adding the HEAD:HEAD refspec looks like the correct solution.
Suggested-by: @hxtmdev on github
Context
Fixes #13948.
Add 👍 to pull requests you find important.
The Nix maintainer team uses a GitHub project board to schedule and track reviews.