Commit Graph

21 Commits

Author SHA1 Message Date
annalee
4a74c4cf51
ip2unix: upstream PR for out of range access
https://github.com/nixcloud/ip2unix/pull/35
2024-05-12 08:14:17 +00:00
h7x4
8121f3559a
treewide: add mainProgram 2024-02-11 03:19:15 +01:00
aszlig
6cc020bedd
ip2unix: 2.2.0 -> 2.2.1
Upstream changes:

  * Fix missing serialisation for from-unix and from-abstract.
  * Improve wording/grammar in README and manpage.

Signed-off-by: aszlig <aszlig@nix.build>
2023-08-19 00:45:52 +02:00
aszlig
9fd74d2f9a
ip2unix: 2.1.4 -> 2.2.0
Upstream changes:

  * Unlink socket file before bind if SO_REUSEADDR is used.
  * Add support for Linux abstract sockets.
  * Add support for matching an existing Unix domain socket or abstract
    socket.
  * Add stream/datagram aliases for tcp/udp socket types.
  * Add flag to prevent unlinking of socket files when closing sockets.
  * Fix missing header files for newer GCC versions, thanks to Varun
    Madiath.
  * Fix use-after-free of blackhole working directory path.
  * Fix a few compiler warnings on unnecessary allocation of string
    literals.
  * Add deprecation warnings if rules are specified in YAML format.
  * Rule files (-f) are now just a list of newline-separated rule (-r)
    arguments instead of YAML files.
  * Improve serializer to be more robust in end-of-stream conditions.
  * Bump requirements to require at least GCC version 9.
  * No longer prefer C library path over using RTLD_NEXT.

The missing include added via postPatch is no longer needed as it has
been fixed upstream.

Signed-off-by: aszlig <aszlig@nix.build>
2023-08-17 19:54:27 +02:00
Vladimír Čunát
555f300879
treewide: another round of gcc12 fixups 2023-02-05 15:29:43 +01:00
OPNA2608
c9b4c7dccd treewide: Rename libyamlcpp* to yaml-cpp* 2023-01-31 16:22:54 +01:00
aszlig
8b7f8e2e69
ip2unix: 2.1.3 -> 2.1.4
Upstream changes:

  * Fix ordering between systemd socket file descriptor names and rules.
  * Fix usage of C library path as discovered by Meson.

Signed-off-by: aszlig <aszlig@nix.build>
2021-07-10 01:53:03 +02:00
Ben Siraphob
76f93cc731 pkgs/tools: pkgconfig -> pkg-config 2021-01-16 23:49:59 -08:00
Ben Siraphob
8c5d37129f pkgs/tools: stdenv.lib -> lib 2021-01-15 17:12:36 +07:00
aszlig
67325b12c6
ip2unix: 2.1.2 -> 2.1.3
Upstream fixes:

  - Pass linker version script to the linker instead of the compiler.
  - Compile with `-fPIC` again (regression from version 2.1.2).
  - Out of bounds array access in `globpath`.
  - Handling of `epoll_ctl` calls (they're now replayed after replacing
    socket).
  - GCC 10 build errors and Clang warnings.

While most of these fixes are more relevant for other distros, the
linker script fix is actually a regression existing since a long time
(version 1.x) and caused libip2unix to expose way too many symbols.

Built and tested on i686-linux and x86_64-linux.

Signed-off-by: aszlig <aszlig@nix.build>
2020-06-01 05:51:00 +02:00
aszlig
b51d39fbe4
ip2unix: 2.1.1 -> 2.1.2
This fixes the issues with glibc 2.30, which were caused because glibc
no longer allows to dlopen/LD_PRELOAD a PIE executable.

So this release is essentially just a hotfix release which addresses
this issue by splitting the executable and library.

Signed-off-by: aszlig <aszlig@nix.build>
Reported-by: @zimbatm
2020-05-27 05:58:03 +02:00
Michael Reilly
84cf00f980
treewide: Per RFC45, remove all unquoted URLs 2020-04-10 17:54:53 +01:00
aszlig
d69bc56e69
ip2unix: 2.1.0 -> 2.1.1
This is just a small bugfix release (essentially adds two lines of code)
which fixes a segfault if using with a program that doesn't pass a
sockaddr buffer to accept() or accept4().

Signed-off-by: aszlig <aszlig@nix.build>
2019-09-20 07:54:04 +02:00
volth
46420bbaa3 treewide: name -> pname (easy cases) (#66585)
treewide replacement of

stdenv.mkDerivation rec {
  name = "*-${version}";
  version = "*";

to pname
2019-08-15 13:41:18 +01:00
aszlig
fcf2d5745e
ip2unix: 2.0.1 -> 2.1.0
Upstream changes:

  * Support AF_INET and AF_INET6 sockets for systemd socket activation.

This basically makes ip2unix generally usable for turning any (not
statically linked) application into systemd socket activated services.

Signed-off-by: aszlig <aszlig@nix.build>
2019-06-21 05:20:19 +02:00
aszlig
6dc9f79c0f
ip2unix: 2.0.0 -> 2.0.1
Upstream fixes:

  - Unregister socket as soon as we know that no rule matches.

I also removed the encode_rules() function which was an artifact left in
version 2.0.0.

Built and tested on i686-linux and x86_64-linux.

Signed-off-by: aszlig <aszlig@nix.build>
2019-02-26 11:30:07 +01:00
aszlig
b0f9e47271
ip2unix: 1.2.0 -> 2.0.0
New upstream features:

  - New ignore rule option, which prevents conversion to Unix socket.
  - A way to increase the verbosity via the -v command line argument.
  - Reams of log messages in addition to the FATAL errors we had so far.
  - Use Syslog format for logging if stderr is a socket.
  - Set FD_CLOEXEC on systemd socket file descriptors as soon as they're
    associated.

Upstream fixes:

  - Use right endian conversion functions in port matching.
  - Pass is_unix to child socket on accept to prevent accidentally
    replacing an already converted Unix socket by a new Unix socket. The
    latter would be a socket that's not accepted, which would eventually
    lead to an error.
  - Correctly handle setsockopts used with other levels than SOL_SOCKET.

Upstream changes:

  - Improve wording and add more descriptions in README and manpage.
  - The implementation for fetching systemd sockets now no longer uses
    libsystemd, thus the build-time dependency is no longer required.
  - New serialiser for passing rules to the preloaded library in a more
    compact form instead of using YAML, so it's less likely that we'll
    hit the maximum stack size.
  - Systemd sockets are now associated during rule initialisation and
    thus behave more predictable in complex setups.

On our side, the dependency on systemd is only needed for running the
tests, as it uses the systemd-socket-activate helper. Socket association
is now done by ip2unix directly and doesn't rely on libsystemd anymore.

Built and tested on i686-linux and x86_64-linux.

Signed-off-by: aszlig <aszlig@nix.build>
2018-12-26 19:36:49 +01:00
aszlig
2ea5e68b24
ip2unix: 1.1.1 -> 1.2.0
Upstream changes:

  - Fixed: Don't fail when building the manual with AsciiDoc and xmllint.
  - Fixed: Some long options (--rule, --rules-file and --rules-data) were
           ignored.
  - Fixed: Manpage formatting is now more consistent.
  - Added: A new --version command line argument for showing version
           information.

With the new upstream release recommending to use AsciiDoc to generate
the manpage, I also switched to AsciiDoc instead of Asciidoctor. The
resulting manpage looks better in some ways (for example when definition
lists are used).

I also added an installCheckPhase to ensure that the manpage exists in
the resulting store path.

Signed-off-by: aszlig <aszlig@nix.build>
2018-11-12 15:45:23 +01:00
aszlig
1d0517ddb3
ip2unix: 1.1.0 -> 1.1.1
Upstream fixes:

  * Don't unlink target socket path if connect is used after bind.

Signed-off-by: aszlig <aszlig@nix.build>
2018-11-07 18:21:07 +01:00
aszlig
5fc73fd52e
ip2unix: 1.0.0 -> 1.1.0
Upstream fixes:

  * Prevent closing file descriptors passed by systemd.

New upstream features:

  * Allow to specify port ranges.

Signed-off-by: aszlig <aszlig@nix.build>
2018-11-07 09:42:17 +01:00
aszlig
b162b40007
ip2unix: init at 1.0.0
This tool was initially built specifically for nixcloud to prevent a few
annoying programs from binding to IP sockets.

While initially only accepting a JSON file as input, the tool now has a
proper command line interface and it's also generally usable to turn IP
sockets of any program into Unix sockets.

Another thing that might be even useful for NixOS modules is the
possibility to bend programs into using systemd socket activation.

Signed-off-by: aszlig <aszlig@nix.build>
2018-11-05 16:39:42 +01:00