Update from upstream repo nixOS/nixpkgs@master#6
Merged
eadwu merged 57 commits intoeadwu:masterfrom Jun 18, 2018
Merged
Conversation
Helmfile makes direct calls to `helm` as an implicit dependency. Now helmfile can work without Helm also being explicitly installed.
cryptsetup: 1.7.5 -> 2.0.2
The 3.2.2 build fails ATM on Hydra: https://hydra.nixos.org/build/75998362 Bumping to 3.2.8 and rebasing `osquery/CMakeLists.txt` with `misc.patch` fixes the issue. Additionally the NixOS test remains functional.
libreoffice-fresh: 6.0.3.2 -> 6.0.4.2 and don't use system xmlsec
osquery: 3.2.2 -> 3.2.8
lightdm-mini-greeter: init at 0.3.2
Fixes socket closing issues (only happened in some circumstances AFAICT).
This has been merged upstream with
OpenSMTPD/OpenSMTPD#847
Not much of a changelog: https://github.com/go-gitea/gitea/releases/tag/v1.4.2
gitea: 1.4.1 -> 1.4.2
ngx_brotli: 0.1.1 -> 0.1.2
oauth2_proxy: Handle attributes being derivations
editline: init at 1.15.3
We take care to make it use the final stdenv to avoid mass rebuilds and bootstrap python.
fc9644d accidentally enabled the sanitizer tests for GCC on Darwin, when fixing that case was never attempted. Also inverted the condition from broken to working for clarity.
darwin stdenv: Put back "man" attribute on clang and llvm
…till-fail tests.cc-wrapper: Fix sanitizer condition
We can just disable each one we don't want manually.
prometheus-node-exporter: 0.15.2 -> 0.16.0
Just a routine bump; adds support for GHC 8.4.3.
Semi-automatic update generated by https://github.com/ryantm/nixpkgs-update tools. This update was made based on information from https://repology.org/metapackage/RAxML/versions. These checks were done: - built on NixOS - /nix/store/w8iy7fvdwhjw7zx1dkga3v56fz59s7r8-RAxML-8.2.12/bin/raxmlHPC-PTHREADS-SSE3 passed the binary check. - 1 of 1 passed binary check by having a zero exit code. - 0 of 1 passed binary check by having the new version present in output. - found 8.2.12 with grep in /nix/store/w8iy7fvdwhjw7zx1dkga3v56fz59s7r8-RAxML-8.2.12 - directory tree listing: https://gist.github.com/8a2b70b299e53bfee9f18d2ab8cd5f9f - du listing: https://gist.github.com/02803409663f19671adc6be233a327fd
Semi-automatic update generated by https://github.com/ryantm/nixpkgs-update tools. This update was made based on information from https://repology.org/metapackage/picard-tools/versions. These checks were done: - built on NixOS - Warning: no invocation of /nix/store/siklhy9pl9xl9cq3nlqhln038554h72g-picard-tools-2.18.7/bin/picard had a zero exit code or showed the expected version - 0 of 1 passed binary check by having a zero exit code. - 0 of 1 passed binary check by having the new version present in output. - found 2.18.7 with grep in /nix/store/siklhy9pl9xl9cq3nlqhln038554h72g-picard-tools-2.18.7 - directory tree listing: https://gist.github.com/a49ed5f2ff312ce6180174183901e38f - du listing: https://gist.github.com/243f4d89d2100ef27d332e3562d5f173
Helmfile updates (0.16.0 -> 0.19.0, use wrapProgram)
Semi-automatic update generated by https://github.com/ryantm/nixpkgs-update tools. This update was made based on information from https://repology.org/metapackage/arangodb/versions. These checks were done: - built on NixOS - /nix/store/25nzmn4i7clwvvs00wg3bc1ik7x5a9hr-arangodb-3.3.10/bin/foxx-manager passed the binary check. - /nix/store/25nzmn4i7clwvvs00wg3bc1ik7x5a9hr-arangodb-3.3.10/bin/arangobench passed the binary check. - /nix/store/25nzmn4i7clwvvs00wg3bc1ik7x5a9hr-arangodb-3.3.10/bin/arangodump passed the binary check. - /nix/store/25nzmn4i7clwvvs00wg3bc1ik7x5a9hr-arangodb-3.3.10/bin/arangoexport passed the binary check. - /nix/store/25nzmn4i7clwvvs00wg3bc1ik7x5a9hr-arangodb-3.3.10/bin/arangoimp passed the binary check. - /nix/store/25nzmn4i7clwvvs00wg3bc1ik7x5a9hr-arangodb-3.3.10/bin/arangorestore passed the binary check. - /nix/store/25nzmn4i7clwvvs00wg3bc1ik7x5a9hr-arangodb-3.3.10/bin/arangosh passed the binary check. - /nix/store/25nzmn4i7clwvvs00wg3bc1ik7x5a9hr-arangodb-3.3.10/bin/arangovpack passed the binary check. - /nix/store/25nzmn4i7clwvvs00wg3bc1ik7x5a9hr-arangodb-3.3.10/bin/arango-dfdb passed the binary check. - /nix/store/25nzmn4i7clwvvs00wg3bc1ik7x5a9hr-arangodb-3.3.10/bin/arango-init-database passed the binary check. - /nix/store/25nzmn4i7clwvvs00wg3bc1ik7x5a9hr-arangodb-3.3.10/bin/arango-secure-installation passed the binary check. - /nix/store/25nzmn4i7clwvvs00wg3bc1ik7x5a9hr-arangodb-3.3.10/bin/arangod passed the binary check. - 12 of 12 passed binary check by having a zero exit code. - 0 of 12 passed binary check by having the new version present in output. - found 3.3.10 with grep in /nix/store/25nzmn4i7clwvvs00wg3bc1ik7x5a9hr-arangodb-3.3.10 - directory tree listing: https://gist.github.com/8818b9d47b33b5c0025db3d2cf065186 - du listing: https://gist.github.com/3b134770993a508d79b2bf086d761531
Semi-automatic update generated by https://github.com/ryantm/nixpkgs-update tools. This update was made based on information from https://repology.org/metapackage/chirp-daily/versions. These checks were done: - built on NixOS - Warning: no invocation of /nix/store/b4iyklh8y10knkzrrw45dsz95hvs38mr-chirp-daily-20180611/bin/.chirpw-wrapped had a zero exit code or showed the expected version - Warning: no invocation of /nix/store/b4iyklh8y10knkzrrw45dsz95hvs38mr-chirp-daily-20180611/bin/chirpw had a zero exit code or showed the expected version - 0 of 2 passed binary check by having a zero exit code. - 0 of 2 passed binary check by having the new version present in output. - found 20180611 with grep in /nix/store/b4iyklh8y10knkzrrw45dsz95hvs38mr-chirp-daily-20180611 - directory tree listing: https://gist.github.com/c4bf3ab0db022bdfe692715110e6c3d6 - du listing: https://gist.github.com/1c1987a895d93ba39651f4037e030aad
Semi-automatic update generated by https://github.com/ryantm/nixpkgs-update tools. This update was made based on information from https://repology.org/metapackage/forkstat/versions. These checks were done: - built on NixOS - /nix/store/i74h7m1lbmyxjgrkdyii68a4dhi2m2fz-forkstat-0.02.03/bin/forkstat passed the binary check. - 1 of 1 passed binary check by having a zero exit code. - 0 of 1 passed binary check by having the new version present in output. - found 0.02.03 with grep in /nix/store/i74h7m1lbmyxjgrkdyii68a4dhi2m2fz-forkstat-0.02.03 - directory tree listing: https://gist.github.com/89b0404a0b74c11f7d41c06cf94d184a - du listing: https://gist.github.com/e13ac9907c46410b6a17fefb8f6977f3
Semi-automatic update generated by https://github.com/ryantm/nixpkgs-update tools. This update was made based on information from https://repology.org/metapackage/libraw/versions. These checks were done: - built on NixOS - /nix/store/a93d1dzw2ngcysj5sb3pj5ih6dcm8a1m-libraw-0.18.12/bin/raw-identify passed the binary check. - /nix/store/a93d1dzw2ngcysj5sb3pj5ih6dcm8a1m-libraw-0.18.12/bin/unprocessed_raw passed the binary check. - /nix/store/a93d1dzw2ngcysj5sb3pj5ih6dcm8a1m-libraw-0.18.12/bin/4channels passed the binary check. - /nix/store/a93d1dzw2ngcysj5sb3pj5ih6dcm8a1m-libraw-0.18.12/bin/simple_dcraw passed the binary check. - /nix/store/a93d1dzw2ngcysj5sb3pj5ih6dcm8a1m-libraw-0.18.12/bin/mem_image passed the binary check. - /nix/store/a93d1dzw2ngcysj5sb3pj5ih6dcm8a1m-libraw-0.18.12/bin/dcraw_half passed the binary check. - /nix/store/a93d1dzw2ngcysj5sb3pj5ih6dcm8a1m-libraw-0.18.12/bin/half_mt passed the binary check. - /nix/store/a93d1dzw2ngcysj5sb3pj5ih6dcm8a1m-libraw-0.18.12/bin/multirender_test passed the binary check. - /nix/store/a93d1dzw2ngcysj5sb3pj5ih6dcm8a1m-libraw-0.18.12/bin/postprocessing_benchmark passed the binary check. - /nix/store/a93d1dzw2ngcysj5sb3pj5ih6dcm8a1m-libraw-0.18.12/bin/dcraw_emu passed the binary check. - 10 of 10 passed binary check by having a zero exit code. - 0 of 10 passed binary check by having the new version present in output. - found 0.18.12 with grep in /nix/store/a93d1dzw2ngcysj5sb3pj5ih6dcm8a1m-libraw-0.18.12 - directory tree listing: https://gist.github.com/20e1b0e52e1c94011da90df577fa84e2 - du listing: https://gist.github.com/adb7f31a821d3bd4157e8003f58d47ce
Semi-automatic update generated by https://github.com/ryantm/nixpkgs-update tools. This update was made based on information from https://repology.org/metapackage/chromedriver/versions. These checks were done: - built on NixOS - /nix/store/b62dsg9dibywkpx8yzfm08dbcdfh9i60-chromedriver-2.40/bin/chromedriver passed the binary check. - Warning: no invocation of /nix/store/b62dsg9dibywkpx8yzfm08dbcdfh9i60-chromedriver-2.40/bin/.chromedriver-wrapped had a zero exit code or showed the expected version - 1 of 2 passed binary check by having a zero exit code. - 0 of 2 passed binary check by having the new version present in output. - found 2.40 with grep in /nix/store/b62dsg9dibywkpx8yzfm08dbcdfh9i60-chromedriver-2.40 - directory tree listing: https://gist.github.com/2beed7dbaa434f54d37a742a2c0e2662 - du listing: https://gist.github.com/8b1a61054a03382c346ba383ac79c163
Semi-automatic update generated by https://github.com/ryantm/nixpkgs-update tools. This update was made based on information from https://repology.org/metapackage/mlterm/versions. These checks were done: - built on NixOS - Warning: no invocation of /nix/store/y5kq18q0af30rvbhl25jpxrrf7czp5b8-mlterm-3.8.6/bin/mlterm had a zero exit code or showed the expected version - Warning: no invocation of /nix/store/y5kq18q0af30rvbhl25jpxrrf7czp5b8-mlterm-3.8.6/bin/mlfc had a zero exit code or showed the expected version - /nix/store/y5kq18q0af30rvbhl25jpxrrf7czp5b8-mlterm-3.8.6/bin/mlcc passed the binary check. - /nix/store/y5kq18q0af30rvbhl25jpxrrf7czp5b8-mlterm-3.8.6/bin/mlclient passed the binary check. - /nix/store/y5kq18q0af30rvbhl25jpxrrf7czp5b8-mlterm-3.8.6/bin/mlclientx passed the binary check. - Warning: no invocation of /nix/store/y5kq18q0af30rvbhl25jpxrrf7czp5b8-mlterm-3.8.6/bin/mlterm-fb had a zero exit code or showed the expected version - 3 of 6 passed binary check by having a zero exit code. - 0 of 6 passed binary check by having the new version present in output. - found 3.8.6 with grep in /nix/store/y5kq18q0af30rvbhl25jpxrrf7czp5b8-mlterm-3.8.6 - directory tree listing: https://gist.github.com/917b0ce2af6e7d2a9baa6c66857143a5 - du listing: https://gist.github.com/7b0c64048e0913af1cabbed5885116b2
Semi-automatic update generated by https://github.com/ryantm/nixpkgs-update tools. This update was made based on information from https://repology.org/metapackage/mcelog/versions. These checks were done: - built on NixOS - /nix/store/cb40l2kslmy5lr78j30h74d1mbpa6bxv-mcelog-159/bin/mcelog passed the binary check. - 1 of 1 passed binary check by having a zero exit code. - 1 of 1 passed binary check by having the new version present in output. - found 159 with grep in /nix/store/cb40l2kslmy5lr78j30h74d1mbpa6bxv-mcelog-159 - directory tree listing: https://gist.github.com/453a2e6f8b596debb0596272afaf34c1 - du listing: https://gist.github.com/57e4337775456719a1e299eee738068f
Semi-automatic update generated by https://github.com/ryantm/nixpkgs-update tools. This update was made based on information from https://repology.org/metapackage/grantlee/versions. These checks were done: - built on NixOS - 0 of 0 passed binary check by having a zero exit code. - 0 of 0 passed binary check by having the new version present in output. - found 0.5.1 with grep in /nix/store/6g40ly4agw1h9kvb3cl6yf0g3swi95fc-grantlee-0.5.1 - directory tree listing: https://gist.github.com/e74be5a3f1cab3f4f9f9a56612731410 - du listing: https://gist.github.com/6e697a1e258b3e9e42c164a437f319f2
Semi-automatic update generated by https://github.com/ryantm/nixpkgs-update tools. This update was made based on information from https://repology.org/metapackage/cppcms/versions. These checks were done: - built on NixOS - Warning: no invocation of /nix/store/9rzm8kp5fc4w1n4iygff2fl9i9l47n83-cppcms-1.2.1/bin/cppcms_config_find_param had a zero exit code or showed the expected version - /nix/store/9rzm8kp5fc4w1n4iygff2fl9i9l47n83-cppcms-1.2.1/bin/cppcms_make_key passed the binary check. - Warning: no invocation of /nix/store/9rzm8kp5fc4w1n4iygff2fl9i9l47n83-cppcms-1.2.1/bin/cppcms_scale had a zero exit code or showed the expected version - Warning: no invocation of /nix/store/9rzm8kp5fc4w1n4iygff2fl9i9l47n83-cppcms-1.2.1/bin/cppcms_tmpl_cc had a zero exit code or showed the expected version - Warning: no invocation of /nix/store/9rzm8kp5fc4w1n4iygff2fl9i9l47n83-cppcms-1.2.1/bin/cppcms_run had a zero exit code or showed the expected version - 1 of 5 passed binary check by having a zero exit code. - 0 of 5 passed binary check by having the new version present in output. - found 1.2.1 with grep in /nix/store/9rzm8kp5fc4w1n4iygff2fl9i9l47n83-cppcms-1.2.1 - directory tree listing: https://gist.github.com/d1f2849fe9d35b02a9db07f7d396c6a7 - du listing: https://gist.github.com/f5c96329d8e59da59472edbaf149d83d
Semi-automatic update generated by https://github.com/ryantm/nixpkgs-update tools. This update was made based on information from https://repology.org/metapackage/gzdoom/versions. These checks were done: - built on NixOS - Warning: no invocation of /nix/store/f4bpkw3bk3p8ca0vcxdi17hc5lm2r3jz-gzdoom-3.4.0/bin/gzdoom had a zero exit code or showed the expected version - 0 of 1 passed binary check by having a zero exit code. - 0 of 1 passed binary check by having the new version present in output. - found 3.4.0 with grep in /nix/store/f4bpkw3bk3p8ca0vcxdi17hc5lm2r3jz-gzdoom-3.4.0 - directory tree listing: https://gist.github.com/1d92d331e8c24929e998260ca9018ddb - du listing: https://gist.github.com/ba47c37ae7b73d3fb85a14b537b6c270
Semi-automatic update generated by https://github.com/ryantm/nixpkgs-update tools. This update was made based on information from https://repology.org/metapackage/jackett/versions. These checks were done: - built on NixOS - /nix/store/a9gjyqrjq6gf7l9s16pipj77p7vb3qcm-jackett-0.8.1070/bin/Jackett passed the binary check. - 1 of 1 passed binary check by having a zero exit code. - 0 of 1 passed binary check by having the new version present in output. - found 0.8.1070 with grep in /nix/store/a9gjyqrjq6gf7l9s16pipj77p7vb3qcm-jackett-0.8.1070 - directory tree listing: https://gist.github.com/ee9b1ad710c8226187cbc65aa3ab9042 - du listing: https://gist.github.com/c374f814801d76ac2507c5cb6fa5d405
Semi-automatic update generated by https://github.com/ryantm/nixpkgs-update tools. This update was made based on information from https://repology.org/metapackage/mate-settings-daemon/versions. These checks were done: - built on NixOS - 0 of 0 passed binary check by having a zero exit code. - 0 of 0 passed binary check by having the new version present in output. - found 1.20.3 with grep in /nix/store/gdndnz6arz8xpvppphm7jxsyfsm7nq2y-mate-settings-daemon-1.20.3 - directory tree listing: https://gist.github.com/2cdc92987c9492e4c99b02efde4fd349 - du listing: https://gist.github.com/071f4f1371037662c45c8ef83b163383
Semi-automatic update generated by https://github.com/ryantm/nixpkgs-update tools. This update was made based on information from https://repology.org/metapackage/folly/versions. These checks were done: - built on NixOS - 0 of 0 passed binary check by having a zero exit code. - 0 of 0 passed binary check by having the new version present in output. - found 2018.06.11.00 with grep in /nix/store/3x7mc1n99r135i68xrax71bqcxpk6cbs-folly-2018.06.11.00 - directory tree listing: https://gist.github.com/cd02bb388dc7ae5c5b39289c8d8b3dc9 - du listing: https://gist.github.com/87c16407b769dd56c0d14d59d577da32
Semi-automatic update generated by https://github.com/ryantm/nixpkgs-update tools. This update was made based on information from https://repology.org/metapackage/ace/versions. These checks were done: - built on NixOS - /nix/store/4fh87988qw0bjzks9cy73ly1np8bkkn3-ace-6.5.0/bin/ace_gperf passed the binary check. - 1 of 1 passed binary check by having a zero exit code. - 0 of 1 passed binary check by having the new version present in output. - found 6.5.0 with grep in /nix/store/4fh87988qw0bjzks9cy73ly1np8bkkn3-ace-6.5.0 - directory tree listing: https://gist.github.com/fa80e4b2dda282f3a3dc47a359985002 - du listing: https://gist.github.com/35c8e366656494975834ec145335d2f5
eadwu
pushed a commit
that referenced
this pull request
Jan 2, 2023
Without this change it segfaults when trying to play any media: $ jellyfinmediaplayer Warning: Ignoring XDG_SESSION_TYPE=wayland on Gnome. Use QT_QPA_PLATFORM=wayland to run on Wayland anyway. libpng warning: iCCP: known incorrect sRGB profile Logging to /home/bf/.local/share/jellyfinmediaplayer/logs/jellyfinmediaplayer.log Cannot load libcuda.so.1 Segmentation fault (core dumped) The backtrace shows pipewire being at fault: $ coredumpctl debug [...] Program terminated with signal SIGSEGV, Segmentation fault. #0 0x00007f711428c9bb in core_event_demarshal_remove_id () from /nix/store/nhffrd7f15dhfbkwzgayq7hhzmdvdy19-pipewire-0.3.63-lib/lib/pipewire-0.3/libpipewire-module-protocol-native.so [Current thread is 1 (Thread 0x7f6ffdc87640 (LWP 1360949))] (gdb) bt #0 0x00007f711428c9bb in core_event_demarshal_remove_id () from /nix/store/nhffrd7f15dhfbkwzgayq7hhzmdvdy19-pipewire-0.3.63-lib/lib/pipewire-0.3/libpipewire-module-protocol-native.so #1 0x00007f711428886c in process_remote () from /nix/store/nhffrd7f15dhfbkwzgayq7hhzmdvdy19-pipewire-0.3.63-lib/lib/pipewire-0.3/libpipewire-module-protocol-native.so #2 0x00007f7114288e68 in on_remote_data () from /nix/store/nhffrd7f15dhfbkwzgayq7hhzmdvdy19-pipewire-0.3.63-lib/lib/pipewire-0.3/libpipewire-module-protocol-native.so #3 0x00007f7114310efe in loop_iterate () from /nix/store/nhffrd7f15dhfbkwzgayq7hhzmdvdy19-pipewire-0.3.63-lib/lib/spa-0.2/support/libspa-support.so #4 0x00007f71266fe7f2 in do_loop () from /nix/store/nhffrd7f15dhfbkwzgayq7hhzmdvdy19-pipewire-0.3.63-lib/lib/libpipewire-0.3.so.0 #5 0x00007f7128b08e86 in start_thread () from /nix/store/ayfr5l52xkqqjn3n4h9jfacgnchz1z7s-glibc-2.35-224/lib/libc.so.6 #6 0x00007f7128b8fce0 in clone3 () from /nix/store/ayfr5l52xkqqjn3n4h9jfacgnchz1z7s-glibc-2.35-224/lib/libc.so.6 (gdb) Standalone mpv doesn't segfault (when directly playing the underlying media files). I don't know why. Fixes: b97cda7 ("mpv-unwrapped: 0.34.1 -> 0.35.0") Fixes NixOS#205141 Ref jellyfin/jellyfin-desktop#341
eadwu
pushed a commit
that referenced
this pull request
Aug 4, 2023
Pull in _FORTIFY_SOURCE=3 stack smashing fix. Without the change on
current `master` `rtorrent` crashes at start as:
*** buffer overflow detected ***: terminated
__pthread_kill_implementation (threadid=<optimized out>, signo=signo@entry=6, no_tid=no_tid@entry=0) at pthread_kill.c:44
44 pthread_kill.c: No such file or directory.
(gdb) bt
#0 __pthread_kill_implementation (threadid=<optimized out>, signo=signo@entry=6, no_tid=no_tid@entry=0) at pthread_kill.c:44
#1 0x00007ffff7880af3 in __pthread_kill_internal (signo=6, threadid=<optimized out>) at pthread_kill.c:78
#2 0x00007ffff7831c86 in __GI_raise (sig=sig@entry=6) at ../sysdeps/posix/raise.c:26
#3 0x00007ffff781b8ba in __GI_abort () at abort.c:79
#4 0x00007ffff781c5f5 in __libc_message (fmt=fmt@entry=0x7ffff7992540 "*** %s ***: terminated\n") at ../sysdeps/posix/libc_fatal.c:150
#5 0x00007ffff7910679 in __GI___fortify_fail (msg=msg@entry=0x7ffff79924e6 "buffer overflow detected") at fortify_fail.c:24
#6 0x00007ffff790eea4 in __GI___chk_fail () at chk_fail.c:28
#7 0x00007ffff790ea85 in ___snprintf_chk (s=<optimized out>, maxlen=<optimized out>, flag=<optimized out>, slen=<optimized out>, format=<optimized out>) at snprintf_chk.c:29
#8 0x0000000000472acf in utils::Lockfile::try_lock() ()
#9 0x000000000044b524 in core::DownloadStore::enable(bool) ()
#10 0x00000000004b1f7b in Control::initialize() ()
#11 0x000000000043000b in main ()
eadwu
pushed a commit
that referenced
this pull request
Feb 19, 2024
Since ba83271 the build fails with applying patch /nix/store/46rxbbvl2l3mrxb50y9rzy7ahgx0lraj-d741901dddd731895346636c0d3556c6fa51fbe6.patch patching file tests/hazmat/primitives/test_aead.py Hunk #1 FAILED at 56. Hunk #2 FAILED at 197. Hunk #3 FAILED at 378. Hunk #4 FAILED at 525. Hunk #5 FAILED at 700. Hunk #6 FAILED at 844. 6 out of 6 hunks FAILED -- saving rejects to file tests/hazmat/primitives/test_aead.py.rej
eadwu
pushed a commit
that referenced
this pull request
Feb 29, 2024
Without the change `unnethack` startup crashes as:
(gdb) bt
#0 __pthread_kill_implementation (threadid=<optimized out>, signo=signo@entry=6, no_tid=no_tid@entry=0) at pthread_kill.c:44
#1 0x00007f734250c0e3 in __pthread_kill_internal (signo=6, threadid=<optimized out>) at pthread_kill.c:78
#2 0x00007f73424bce06 in __GI_raise (sig=sig@entry=6) at ../sysdeps/posix/raise.c:26
#3 0x00007f73424a58f5 in __GI_abort () at abort.c:79
#4 0x00007f73424a67a1 in __libc_message (fmt=fmt@entry=0x7f734261e2f8 "*** %s ***: terminated\n") at ../sysdeps/posix/libc_fatal.c:150
#5 0x00007f734259b1d9 in __GI___fortify_fail (msg=msg@entry=0x7f734261e2df "buffer overflow detected") at fortify_fail.c:24
#6 0x00007f734259ab94 in __GI___chk_fail () at chk_fail.c:28
#7 0x00000000005b2ac5 in strcpy (__src=0x7ffe68838b00 "Shall I pick a character's race, role, gender and alignment for you? [YNTQ] (y)",
__dest=0x7ffe68838990 "\001") at /nix/store/B0S2LKF593R3585038WS4JD3LYLF2WDX-glibc-2.38-44-dev/include/bits/string_fortified.h:79
#8 curses_break_str (str=str@entry=0x7ffe68838b00 "Shall I pick a character's race, role, gender and alignment for you? [YNTQ] (y)", width=width@entry=163,
line_num=line_num@entry=1) at ../win/curses/cursmisc.c:275
#9 0x00000000005b3f51 in curses_character_input_dialog (prompt=prompt@entry=0x7ffe68838cf0 "Shall I pick a character's race, role, gender and alignment for you?",
choices=choices@entry=0x7ffe68838d70 "YNTQ", def=def@entry=121) at ../win/curses/cursdial.c:211
#10 0x00000000005b9ca0 in curses_choose_character () at ../win/curses/cursinit.c:556
#11 0x0000000000404eb1 in main (argc=<optimized out>, argv=<optimized out>) at ./../sys/unix/unixmain.c:309
which corresponds to `gcc` warning:
../win/curses/cursmisc.c: In function 'curses_break_str':
../win/curses/cursmisc.c:275:5: warning: '__builtin___strcpy_chk' writing one too many bytes into a region of a size that depends on 'strlen' [-Wstringop-overflow=]
275 | strcpy(substr, str);
| ^
I did not find a single small upstream change that fixes it. Let's
disable `fortify3` until next release.
Closes: NixOS#292113
eadwu
pushed a commit
that referenced
this pull request
Aug 14, 2024
This adds some extremely helpful and popular encoders in by default: * openjpeg * celt * libwebp * libaom On the `master` branch, closure size for ffmpeg-headless went up 18.5 MiB. ``` $ nix store diff-closures nixpkgs#ffmpeg-headless^bin .#ffmpeg-headless^bin celt: ∅ → 0.11.3, +168.4 KiB ffmpeg-headless: +70.0 KiB giflib: ∅ → 5.2.2, +398.7 KiB lcms2: ∅ → 2.16, +466.2 KiB lerc: ∅ → 4.0.0, +840.2 KiB libaom: ∅ → 3.9.0, +8047.8 KiB libdeflate: ∅ → 1.20, +427.0 KiB libtiff: ∅ → 4.6.0, +655.9 KiB libvmaf: ∅ → 3.0.0, +2665.0 KiB libwebp: ∅ → 1.4.0, +2559.7 KiB openjpeg: ∅ → 2.5.2, +1525.1 KiB zstd: ∅ → 1.5.6, +1158.0 KiB $ nvd diff $(nix build nixpkgs#ffmpeg-headless^bin --print-out-paths --no-link) $(nix build .#ffmpeg-headless^bin --print-out-paths --no-link) <<< /nix/store/4n60lnj3zkjpasd4c56bzhpx2m8lc1sx-ffmpeg-headless-6.1.1-bin >>> /nix/store/884f487w5hac6rs94jq6hq5zqkxdv666-ffmpeg-headless-6.1.1-bin Added packages: [A.] #1 celt 0.11.3 [A.] #2 giflib 5.2.2 [A.] #3 lcms2 2.16 [A.] #4 lerc 4.0.0 [A.] #5 libaom 3.9.0 [A.] #6 libdeflate 1.20 [A.] #7 libtiff 4.6.0 [A.] #8 libvmaf 3.0.0 [A.] #9 libwebp 1.4.0 x2 [A.] #10 openjpeg 2.5.2 [A.] #11 zstd 1.5.6 Closure size: 66 -> 78 (15 paths added, 3 paths removed, delta +12, disk usage +18.5MiB). ```
eadwu
pushed a commit
that referenced
this pull request
Aug 25, 2024
Strongly inspired by the forgejo counterpart[1], for the following
reasons:
* The feature is broken with the current module and crashes on
authentication with the following stacktrace (with a PAM service
`gitea` added):
server # Stack trace of thread 1008:
server # #0 0x00007f3116917dfb __nptl_setxid (libc.so.6 + 0x8ddfb)
server # #1 0x00007f3116980ae6 setuid (libc.so.6 + 0xf6ae6)
server # #2 0x00007f30cc80f420 _unix_run_helper_binary (pam_unix.so + 0x5420)
server # #3 0x00007f30cc8108c9 _unix_verify_password (pam_unix.so + 0x68c9)
server # #4 0x00007f30cc80e1b5 pam_sm_authenticate (pam_unix.so + 0x41b5)
server # #5 0x00007f3116a84e5b _pam_dispatch (libpam.so.0 + 0x3e5b)
server # #6 0x00007f3116a846a3 pam_authenticate (libpam.so.0 + 0x36a3)
server # #7 0x00000000029b1e7a n/a (.gitea-wrapped + 0x25b1e7a)
server # #8 0x000000000047c7e4 n/a (.gitea-wrapped + 0x7c7e4)
server # ELF object binary architecture: AMD x86-64
server #
server # [ 42.420827] gitea[897]: pam_unix(gitea:auth): unix_chkpwd abnormal exit: 159
server # [ 42.423142] gitea[897]: pam_unix(gitea:auth): authentication failure; logname= uid=998 euid=998 tty= ruser= rhost= user=snenskek
It only worked after turning off multiple sandbox settings and adding
`shadow` as supplementary group to `gitea.service`.
I'm not willing to maintain additional multiple sandbox settings for
different features, especially given that it was probably not used for
quite a long time:
* There was no PR or bugreport about sandboxing issues related to
PAM.
* Ever since the module exists, it used the user `gitea`, i.e. it had
never read-access to `/etc/shadow`.
* Upstream has it disabled by default[2].
If somebody really needs it, it can still be brought back by an overlay
updating `tags` accordingly and modifying the systemd service config.
[1] 07641a9
[2] https://docs.gitea.com/usage/authentication#pam-pluggable-authentication-module
eadwu
pushed a commit
that referenced
this pull request
Apr 3, 2025
fluent-bit 3.2.7, 3.2.8 and 3.2.9 are segfaulting when used in combination with the systemd input. Lets revert to 3.2.6 for now. Upstream bug: fluent/fluent-bit#10139 Note that fluent-bit-3.2.7 fixes two high CVEs which we are now reintroducing. However they are only exploitable if you are using the OpenTelemetry input or the Prometheus Remote Write input. OpenTelemetry input: [CVE-2024-50609](https://nvd.nist.gov/vuln/detail/CVE-2024-50609) Prometheus Remote Write input: [CVE-2024-50608](https://nvd.nist.gov/vuln/detail/CVE-2024-50608) The problem is as follows: 3.2.7 started vendoring a copy of `libzstd` in tree and statically linking against it. Also, the fluent-bit binary exports the symbols of static libraries it links against. This is a problem because `libzstd` gets `dlopen()`ed by `libsystemd` when enumerating the journal (as journal logs are zstd compressed). and `libzstd` in Nixpkgs is built with `-DZSTD_LEGACY_SUPPORT=0` which causes `struct ZSTD_DCtx` to be 16 bytes smaller than without this flag https://github.com/facebook/zstd/blob/dev/lib/decompress/zstd_decompress_internal.h#L183-L187 `libsystemd` calls [`sym_ZSTD_createDCtx()`](https://github.com/systemd/systemd/blob/1e79a2923364b65fc9f347884dd5b9b2087f6e32/src/basic/compress.c#L480) which calls the function pointer returned by `dlsym()` which is calling into the `libzstd` that comes with `nixpkgs` and thus allocates a struct that is 16 bytes smaller. Later then `sym_ZSTD_freeDCtx()` is called. However because fluent-bit has `zstd` in its global symbol table, any functions that `sym_ZSTD_freeDCtx()` calls will be calls to the functions in the vendored fluent-bit version of the library which expects the larger struct. This then causes enough heap corruption to cause a segfault. E.g. the subsequent calls to `ZSTD_clearDict(dctx)` and `ZSTD_customFree(dctx->inBuff)` in https://github.com/facebook/zstd/blob/dev/lib/decompress/zstd_decompress.c#L324 will be working on a struct that is 16 bytes smaller than the one that was allocated by `libsystemd` and will cause a segfault at some point and thus are probably modifying pieces of memory that they shouldn't (gdb) bt #0 0x00007f10e7e9916c in __pthread_kill_implementation () from /nix/store/rmy663w9p7xb202rcln4jjzmvivznmz8-glibc-2.40-66/lib/libc.so.6 #1 0x00007f10e7e40e86 in raise () from /nix/store/rmy663w9p7xb202rcln4jjzmvivznmz8-glibc-2.40-66/lib/libc.so.6 #2 0x00007f10e7e2893a in abort () from /nix/store/rmy663w9p7xb202rcln4jjzmvivznmz8-glibc-2.40-66/lib/libc.so.6 #3 0x000000000046a938 in flb_signal_handler () #4 <signal handler called> #5 0x00007f10e7ea42b7 in unlink_chunk.isra () from /nix/store/rmy663w9p7xb202rcln4jjzmvivznmz8-glibc-2.40-66/lib/libc.so.6 #6 0x00007f10e7ea45cd in _int_free_create_chunk () from /nix/store/rmy663w9p7xb202rcln4jjzmvivznmz8-glibc-2.40-66/lib/libc.so.6 #7 0x00007f10e7ea5a1c in _int_free_merge_chunk () from /nix/store/rmy663w9p7xb202rcln4jjzmvivznmz8-glibc-2.40-66/lib/libc.so.6 #8 0x00007f10e7ea5dc9 in _int_free () from /nix/store/rmy663w9p7xb202rcln4jjzmvivznmz8-glibc-2.40-66/lib/libc.so.6 #9 0x00007f10e7ea8613 in free () from /nix/store/rmy663w9p7xb202rcln4jjzmvivznmz8-glibc-2.40-66/lib/libc.so.6 #10 0x00007f10e80ad3b5 in ZSTD_freeDCtx () from /nix/store/wy0slah6yvchgra8nhp6vgrqa6ay72cq-zstd-1.5.6/lib/libzstd.so.1 #11 0x00007f10e8c90f6b in decompress_blob_zstd () from /nix/store/b2cfj7yk3wfg1jdwjzim7306hvsc5gnl-systemd-257.3/lib/libsystemd.so.0 #12 0x00007f10e8bf0efe in journal_file_data_payload () from /nix/store/b2cfj7yk3wfg1jdwjzim7306hvsc5gnl-systemd-257.3/lib/libsystemd.so.0 #13 0x00007f10e8c00f74 in sd_journal_enumerate_data () from /nix/store/b2cfj7yk3wfg1jdwjzim7306hvsc5gnl-systemd-257.3/lib/libsystemd.so.0 #14 0x00000000004eae2f in in_systemd_collect () #15 0x00000000004eb5a0 in in_systemd_collect_archive () #16 0x000000000047aa18 in flb_input_collector_fd () #17 0x0000000000495223 in flb_engine_start () NixOS#18 0x000000000046f304 in flb_lib_worker () NixOS#19 0x00007f10e7e972e3 in start_thread () from /nix/store/rmy663w9p7xb202rcln4jjzmvivznmz8-glibc-2.40-66/lib/libc.so.6 NixOS#20 0x00007f10e7f1b2fc in __clone3 () from /nix/store/rmy663w9p7xb202rcln4jjzmvivznmz8-glibc-2.40-66/lib/libc.so.6 Reverts 7310ab3 Reverts 4fbc6cf
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
20 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Hello!
The upstream repository
nixOS/nixpkgs@masterhas some new changes that aren't in this fork. So, here they are, ready to be merged! 🎉If this pull request can be merged without conflict, you can publish your software with these new changes. Otherwise, fix any merge conflicts by clicking the
Resolve Conflictsbutton.If you like Backstroke, consider donating to help us pay for infrastructure here. Backstroke is a completely open source project that's free to use, but we survive on sponsorships and donations. Thanks for your support! Help out Backstroke.
Created by Backstroke (I'm a bot!)