This allows xkbvalidate to be compiled via Clang and also has a few
other portability improvements, eg. it now can even be compiled on OS X,
even though it's probably not needed there.
In addition, I changed the binary name so that it matches the package
name.
I'm merging this in right now, because there is only the xserver NixOS
module where this is used, so the risk of a catastrophic breakage is
very low.
Checks and build done by ofborg also ran successfully and I also did a
few local tests (eg. running via valgrind to avoid leaks) to make sure
it's still working properly.
So far, the output binary has been just "validate", which is quite a
very generic name and doesn't match the package name.
Even though I highly doubt that this program will ever be used outside
of NixOS modules, it's nevertheless less confusing to have a consistent
naming.
Signed-off-by: aszlig <aszlig@nix.build>
The only reason why I was using _GNU_SOURCE was because of vasprintf(),
so getting rid of that extension should make the source way more
portable.
When using vsnprintf() with a null pointer for the output buffer and a
size of 0, I wasn't quite sure whether this would be undefined
behaviour, so I looked it up in the C11 standard.
In section 7.21.6.5, it explicitly mentions this case, so we're lucky:
If n is zero, nothing is written, and s may be a null pointer.
Additionally, section 7.21.6.12 writes the following about vsnprintf():
The vsnprintf function does not invoke the va_end macro.
So to be sure to avoid undefined behaviour I subsequently added the
corresponding va_end() calls.
With this, the platforms attribute is now "unix", because the program
should now even run on OS X, even though it usually wouldn't be needed.
Signed-off-by: aszlig <aszlig@nix.build>
Stop hardcoding 10.10 as the platform when building. Instead we'll use
$MACOSX_DEPLOYMENT_TARGET so erlang doesn't have to be updated again the
next time that's changed.
I initially didn't use $CC because I thought this would be GCC specific,
but it turns out that Clang actually accepts -std=gnu11.
So using $CC here might not work on compilers other than Clang or GCC,
but at the moment those are the compilers we typically use in nixpkgs,
so even if we'd use some other compiler it *might* even work there.
I've tested this by compiling against clangStdenv with both $CC and
clang hardcoded and it works.
This was reported by @dkudriavtsev on IRC.
Signed-off-by: aszlig <aszlig@nix.build>
This addresses CVE-2019-9511, CVE-2019-9513 and CVE-2019-9516. Details
about these vulnerabilities can be found at:
216433296d/advisories/third-party/2019-002.md
Version 1.16.1 only includes the security fixes, however version 1.17.3
has two additional bugfixes:
* "zero size buf" alerts might appear in logs when using gzipping; the
bug had appeared in 1.17.2.
* a segmentation fault might occur in a worker process if the
"resolver" directive was used in SMTP proxy.
I haven't extensively tested this, but from a quick test, nginx is still
working and the NixOS tests also succeed.
Thanks to @Izorkin for the pull request.
The old `cp` suffers from a permission issue on the 2nd start of the
service. The files were copied from the read-only nix store. On the 2nd
start of the service the `cp` failed.
The new version force creates a symlink which does not suffer from this.