So far, the output binary has been just "validate", which is quite a
very generic name and doesn't match the package name.
Even though I highly doubt that this program will ever be used outside
of NixOS modules, it's nevertheless less confusing to have a consistent
naming.
Signed-off-by: aszlig <aszlig@nix.build>
The only reason why I was using _GNU_SOURCE was because of vasprintf(),
so getting rid of that extension should make the source way more
portable.
When using vsnprintf() with a null pointer for the output buffer and a
size of 0, I wasn't quite sure whether this would be undefined
behaviour, so I looked it up in the C11 standard.
In section 7.21.6.5, it explicitly mentions this case, so we're lucky:
If n is zero, nothing is written, and s may be a null pointer.
Additionally, section 7.21.6.12 writes the following about vsnprintf():
The vsnprintf function does not invoke the va_end macro.
So to be sure to avoid undefined behaviour I subsequently added the
corresponding va_end() calls.
With this, the platforms attribute is now "unix", because the program
should now even run on OS X, even though it usually wouldn't be needed.
Signed-off-by: aszlig <aszlig@nix.build>
I initially didn't use $CC because I thought this would be GCC specific,
but it turns out that Clang actually accepts -std=gnu11.
So using $CC here might not work on compilers other than Clang or GCC,
but at the moment those are the compilers we typically use in nixpkgs,
so even if we'd use some other compiler it *might* even work there.
I've tested this by compiling against clangStdenv with both $CC and
clang hardcoded and it works.
This was reported by @dkudriavtsev on IRC.
Signed-off-by: aszlig <aszlig@nix.build>
This addresses CVE-2019-9511, CVE-2019-9513 and CVE-2019-9516. Details
about these vulnerabilities can be found at:
216433296d/advisories/third-party/2019-002.md
Version 1.16.1 only includes the security fixes, however version 1.17.3
has two additional bugfixes:
* "zero size buf" alerts might appear in logs when using gzipping; the
bug had appeared in 1.17.2.
* a segmentation fault might occur in a worker process if the
"resolver" directive was used in SMTP proxy.
I haven't extensively tested this, but from a quick test, nginx is still
working and the NixOS tests also succeed.
Thanks to @Izorkin for the pull request.
The old `cp` suffers from a permission issue on the 2nd start of the
service. The files were copied from the read-only nix store. On the 2nd
start of the service the `cp` failed.
The new version force creates a symlink which does not suffer from this.
- Fix go build process to include critest as well.
- Fix GitHub repo location to be `kubernetes-sigs`
- Add me as maintainer
Signed-off-by: Sascha Grunert <sgrunert@suse.com>