Commit graph

264 commits

Author SHA1 Message Date
Vladimír Čunát
b479a21403
Merge #68032: systemd: fix CVE-2019-15718 (staging-next) 2019-09-04 11:03:10 +02:00
Andreas Rammhold
cde7715039 systemd: fix CVE-2019-15718
More details at: https://www.openwall.com/lists/oss-security/2019/09/03/1
2019-09-04 01:05:28 +02:00
volth
08f68313a4 treewide: remove redundant rec 2019-08-28 11:07:32 +00:00
volth
46420bbaa3 treewide: name -> pname (easy cases) (#66585)
treewide replacement of

stdenv.mkDerivation rec {
  name = "*-${version}";
  version = "*";

to pname
2019-08-15 13:41:18 +01:00
Nikolay Amiantov
cc9fb5f015 systemd: update revision 2019-08-01 00:55:35 +03:00
Florian Klink
df489f82e1 systemd: apply systemd-stable 242 backports
from https://github.com/NixOS/systemd/pull/29
2019-06-29 16:10:37 +02:00
volth
f3282c8d1e treewide: remove unused variables (#63177)
* treewide: remove unused variables

* making ofborg happy
2019-06-16 19:59:05 +00:00
Andreas Rammhold
0f93834c5e
systemd: remove references to $out/lib/systemd/catalog
On aarch64 we "leak" a reference to $out/lib/systemd/catalog in the lib
output. The result of that is a dependency cycle between $out and $lib.
Thus nix (rightfully) marks the build as failed. That reference
originates from an array of strings (catalog_file_dirs) in systemd
(src/src/journal/catalog.{c,h}).  The only consumer (as of v242) of the
symbol is the main function of journalctl.  Still libsystemd.so contains
the VALUE but not the symbol.  Systemd seems to be properly using
function & data sections together with the linker flags to garbage
collect unused sections (-Wl,--gc-sections).  For unknown reasons those
flags do not eliminate the unused string constants, in this case on
aarch64-linux. The hacky way is to just remove the reference after we
finished compiling.  Since it can not be used (there is no symbol to
actually refer to it) there should not be any harm.  It is a bit odd and
I really do not like starting these kind of hacks but there doesn't seem
to be a straight forward way at this point in time.

The reference will be replaced by the same reference the usual nukeRefs
tooling uses.  The standard tooling can not / should not be uesd since
it is a bit too excessive and could potentially do us some (more) harm.
2019-06-03 15:05:22 +02:00
Andreas Rammhold
81f390d2e3
systemd: disable building tests
We are currently not running any tests but building them takes
signitifcant amounts of time since they account to about 40% of all the
compilation targets.
2019-06-03 15:05:21 +02:00
Andreas Rammhold
8c7e588362
systemd: 241.20190221 -> 242 2019-06-03 15:05:11 +02:00
Jörg Thalheim
5b0db07ee1
systemd: 239.20190219 -> 241.20190221 2019-06-03 15:05:09 +02:00
Samuel Dionne-Riel
cc058156bd systemd: Enables systemd-boot for ARM platforms 2019-05-28 19:26:57 -04:00
rnhmjoj
d16a24379a
systemd: lower priority to solve collisions with openresolv 2019-05-08 13:21:04 +02:00
Matthew Bauer
4224b034cc systemd: use lib.getBin for utillinux
it’s almost always a better idea to use getBin instead of .bin.
Otherwise, we could get an evaluation error if utillinux is missing
the bin otuput.
2019-04-20 16:39:12 -04:00
Andreas Rammhold
bb821c65ff
systemd: update debian patches url to snapshots.debian.org
The current approach will fail when enough time has passed. We ideally
want to be reproducible even in a few years of time. So we should pick
the sources of patches wisely as otherwise we can not do that.
2019-03-23 09:52:35 +01:00
Franz Pletz
e94914560b
systemd: 239.20190110 -> 239.20190219
Fix CVE-2019-6454.
2019-02-19 23:22:34 +01:00
Vladimír Čunát
2c226107cb
systemd-cryptsetup-generator: fixup linkage
It got broken by 74a64a8a6 #53483.
But IMO it's *this* expression that was written in a too fragile way.
2019-01-26 14:16:56 +01:00
Franz Pletz
74a64a8a61
systemd: 239 -> 239.20190110
Fixes CVE-2018-16864 & CVE-2018-16865 (journald stack clash). Fixes #53755.

Also updates the debian patches to fix CVE-2018-15686. Fixes #52250.
2019-01-10 20:54:12 +01:00
Vladimír Čunát
179b8146e6
systemd: apply patches from Debian
There are some security fixes among those.
2018-11-04 11:08:04 +01:00
Vladimír Čunát
587c3774ab
Revert "systemd: 239 -> 239.20181031"
This reverts commit d1de23b8302d02d4699e884533906a3992f370b6.
The changes turned out to be too intrusive, so we'll patch instead.
Discussion: https://github.com/NixOS/systemd/pull/24
2018-11-04 11:08:03 +01:00
Franz Pletz
a7912ecc85
systemd: 239 -> 239.20181031
Fixes CVE-2018-15688 and updates latest upstream stable v239 branch.

See https://github.com/NixOS/systemd/pull/24 for details.

Co-authored-by: Andreas Rammhold <andreas@rammhold.de>
2018-10-31 16:12:00 +01:00
Daiderd Jordan
1383c08f2c
Merge branch 'master' into staging-next 2018-10-01 19:42:07 +02:00
Tuomas Tynkkynen
fe7919f7a1 systemd: Replace meta.available checks
This sort of code breaks config.{allowBroken, allowUnsupportedSystem} =
true by making them do unpredictable things.
2018-09-28 15:01:00 +03:00
Florian Klink
c3cc34f20a systemd: update to fix nspawn containers (#47264)
This fixes nspawn containers with older systemd inside currently failing
to start.

See:
https://github.com/NixOS/systemd/pull/23
https://github.com/systemd/systemd/pull/10104
https://github.com/NixOS/nixpkgs/issues/47253
2018-09-24 10:00:50 +01:00
Vladimír Čunát
2d6179d1e8
Merge branch 'master' into staging
A few trivial conflicts due to *Platforms mass replace.
2018-09-01 17:38:18 +02:00
John Ericson
0828e2d8c3 treewide: Remove usage of remaining redundant platform compatability stuff
Want to get this out of here for 18.09, so it can be deprecated
thereafter.
2018-08-30 17:20:32 -04:00
Uli Baum
03c1f567d5 systemd: don't use options from fstab on remount
Include fix by @aszlig to fix remount with comment/application-specific
fstab options.
2018-08-30 12:53:18 +02:00
Jörg Thalheim
734c2bc4d0 systemd-cryptsetup-generator: cryptsetup belongs to buildInputs
This fixes the build.
2018-08-29 17:07:12 +01:00
Markus Kowalewski
2ba5ac8dda
systemd: add license 2018-08-18 00:32:36 +02:00
Jörg Thalheim
05daf390b3 systemd: 238 -> 239 2018-08-06 11:03:09 +02:00
volth
52f53c69ce pkgs/*: remove unreferenced function arguments 2018-07-21 02:48:04 +00:00
Matthew Justin Bauer
98f2f08b4b
Merge pull request #41009 from matthewbauer/normalize-names
Add versions to packages missing it
2018-05-25 16:32:48 -05:00
Matthew Bauer
73b11060fc treewide: add more versions to package names 2018-05-25 15:48:30 -05:00
Jan Tojnar
cd1fb3babf
systemd: fix build
meson 0.46 no longer likes receiving both -Dmandir and --mandir. I removed the flags from the expression in favour of those in the meson setup hook. This also fixes manpages which were previously
installed to $man/lib for some reason.
2018-05-22 21:04:40 +02:00
John Ericson
ee4b56edd3 Merge remote-tracking branch 'upstream/master' into staging 2018-05-11 14:36:08 -04:00
Matthew Bauer
c37b93bd52 treewide: remove lib.meta.enableIfAvailable 2018-05-09 16:21:22 -05:00
Matthew Bauer
6748534d83 Merge remote-tracking branch 'upstream/master' into staging 2018-05-08 09:36:00 -05:00
xeji
e450d9fb90
Merge pull request #38961 from bachp/cryptsetup-generator
cryptsetup-generator: add postFixup
2018-05-05 17:41:40 +02:00
John Ericson
cf06e42d1c Merge remote-tracking branch 'upstream/master' into staging 2018-05-03 16:35:36 -04:00
Matthew Bauer
143978a477 treewide: remove platform assertions
linux: readd assertion
2018-05-03 13:09:20 -05:00
Matthew Justin Bauer
eeb016e8f0
Merge branch 'staging' into fix-ncurses-darwin-extensions 2018-05-02 15:40:38 -05:00
Will Dietz
919dda7aba
Merge pull request #37814 from dtzWill/update/util-linux-2.32
util-linux: 2.31.1 -> 2.32
2018-04-30 13:21:59 -05:00
Will Dietz
dadf222934 systemd: add pcre2 as build dep for searching in journalctl 2018-04-29 20:24:04 -05:00
Will Dietz
b341529a35 systemd: use upstream patch to fix building with util-linux 2.32
See linked PR.
2018-04-29 16:54:24 -05:00
Pascal Bach
caed1877eb cryptsetup-generator: add postFixup
This makes cryptsetup-generator link correctly
to the shared systemd library.
2018-04-29 22:16:27 +02:00
John Ericson
ba52ae5048 treewide: isArm -> isAarch32
Following legacy packing conventions, `isArm` was defined just for
32-bit ARM instruction set. This is confusing to non packagers though,
because Aarch64 is an ARM instruction set.

The official ARM overview for ARMv8[1] is surprisingly not confusing,
given the overall state of affairs for ARM naming conventions, and
offers us a solution. It divides the nomenclature into three levels:

```
ISA:             ARMv8   {-A, -R, -M}
                 /    \
Mode:     Aarch32     Aarch64
             |         /   \
Encoding:   A64      A32   T32
```

At the top is the overall v8 instruction set archicture. Second are the
two modes, defined by bitwidth but differing in other semantics too, and
buttom are the encodings, (hopefully?) isomorphic if they encode the
same mode.

The 32 bit encodings are mostly backwards compatible with previous
non-Thumb and Thumb encodings, and if so we can pun the mode names to
instead mean "sets of compatable or isomorphic encodings", and then
voilà we have nice names for 32-bit and 64-bit arm instruction sets
which do not use the word ARM so as to not confused either laymen or
experienced ARM packages.

[1]: https://developer.arm.com/products/architecture/a-profile
2018-04-25 15:28:55 -04:00
Jan Malakhovski
7438083a4d tree-wide: disable doCheck and doInstallCheck where it fails (the trivial part) 2018-04-25 04:18:46 +00:00
xeji
0de00d5799 systemd 238: bump revision for upstream bugfixes
fixes #37744, #38341
2018-04-05 17:45:41 +02:00
Shea Levy
05e375d710
Merge remote-tracking branch 'origin/master' into staging 2018-03-28 09:36:47 -04:00
Nikolay Amiantov
0402877344 systemd: disable EFI support on AArch64
It seemingly isn't used by NixOS and currently breaks AArch64 build.
2018-03-28 15:40:50 +03:00