Commit Graph

109 Commits

Author SHA1 Message Date
06kellyjac
db4d8640c1 busybox: patch CVE-2022-30065
https://nvd.nist.gov/vuln/detail/CVE-2022-30065
2022-06-27 10:39:07 +00:00
Alyssa Ross
7d83997eb4 busybox: 1.34.1 -> 1.35.0 2022-04-16 13:23:37 +00:00
Alyssa Ross
ac60e92b15
busybox: fix CVE-2022-28391 2022-04-05 16:09:18 +00:00
Adam Joseph
78d815c5ef busybox: add enableAppletSymlinks?true
This commit adds an argument enableAppletSymlinks?true, which can be
set to false in order to turn off CONFIG_INSTALL_APPLET_SYMLINKS by
users if they only want the main busybox binary in their profile.
This is particularly useful when building pkgsStatic.busybox.
2022-02-23 14:36:12 -08:00
Alyssa Ross
9b3045bd2a busybox: enable debug info 2022-01-31 18:06:05 +00:00
Alyssa Ross
7ff58e4a86 busybox: use more featureful modprobe by default
The default version (modprobe-small) is missing important features,
and can also be _extremely_ slow (on purpose[1]).

The non-small modprobe implementation doesn't have all features
enabled by default, so by changing implementation we'd be risking
regression.  To mitigate that, I've ensured every feature checked for
in modprobe.c is enabled.  So unless there's functionality that's
_only_ in modprobe-small, we should be fine.

[1]: https://git.busybox.net/busybox/tree/modutils/Config.src?h=1_34_1#n8
2021-10-13 17:30:25 +00:00
Alyssa Ross
a24951ed7b
busybox: 1.33.1 -> 1.34.1; adopt
Tested rebuilding the bootstrap tools.
2021-10-12 09:46:21 +00:00
Vladimír Čunát
f526256a6f
busybox-sandbox-shell: use 64-bit numbers in test command
The default is C int, which usually gives 32-bit even on 64-bit Linux.
This will be the right way to fix #110149 (but needs to be deployed).
2021-07-06 10:43:39 +02:00
Alyssa Ross
cd92f32734 busybox: 1.32.1 -> 1.33.1; clarify license
The patch for CVE-2021-28831 is included in this release.
2021-06-09 18:29:07 +00:00
Tethys Svensson
a376d4944c
busybox: Add a fix for CVE-2021-28831 (#121578) 2021-05-03 19:01:09 +02:00
Jörg Thalheim
8fb7c7fdfa
busybox: fix patchShebangs & build
Our patchShebangs expect coreutils stat instead of busybox stat.
This broke patching the dispatch script. By enabling strict
dependencies and using explicit --host parameter we not only
avoid cross-compiling breackages but also work around this problem.

Signed-off-by: Jörg Thalheim <joerg@thalheim.io>
2021-02-16 21:06:37 +01:00
Pavol Rusnak
a6ce00c50c
treewide: remove stdenv where not needed 2021-01-25 18:31:47 +01:00
Ben Siraphob
16d91ee628 pkgs/os-specific: stdenv.lib -> lib 2021-01-17 23:26:08 +07:00
Profpatsch
4a7f99d55d treewide: with stdenv.lib; in meta -> with lib;
Part of: https://github.com/NixOS/nixpkgs/issues/108938

meta = with stdenv.lib;

is a widely used pattern. We want to slowly remove
the `stdenv.lib` indirection and encourage people
to use `lib` directly. Thus let’s start with the meta
field.

This used a rewriting script to mostly automatically
replace all occurances of this pattern, and add the
`lib` argument to the package header if it doesn’t
exist yet.

The script in its current form is available at
https://cs.tvl.fyi/depot@2f807d7f141068d2d60676a89213eaa5353ca6e0/-/blob/users/Profpatsch/nixpkgs-rewriter/default.nix
2021-01-11 10:38:22 +01:00
Arnout Engelen
ac24eaff9e
busybox: 1.32.0 -> 1.32.1
Fixes #108675, a tty deadlock issue that affected one of the
texinfoInteractive tests.

Co-Authored-By: Sandro <sandro.jaeckel@gmail.com>
2021-01-08 09:42:46 +01:00
John Ericson
f52263ced0 treewide: Start to break up static overlay
We can use use `stdenv.hostPlatform.isStatic` instead, and move the
logic per package. The least opionated benefit of this is that it makes
it much easier to replace packages with modified ones, as there is no
longer any issue of overlay order.

CC @FRidh @matthewbauer
2021-01-03 19:18:16 +00:00
James Landrein
565c6a2a57
busybox: 1.31.1 -> 1.32.0 2020-11-24 00:58:36 +01:00
Tethys Svensson
a9597f9573 busybox: Use git to fetch debian.script from debian
Debian has yanked the upstream tarball we use to get default.script. We
could simply bump the version number to get the new tarball, but to
avoid the problem in the future, we should instead fetch it from git.
2020-09-13 12:34:08 +02:00
Tethys Svensson
87af0f9871 busybox: Pull in upstream patch for CVE-2018-1000500 2020-08-09 15:05:34 +02:00
Jörg Thalheim
b75f2114ea
Merge pull request #92581 from TethysSvensson/busybox-udhcpc-script 2020-07-31 07:09:45 +01:00
Tethys Svensson
b657c899d6 busybox: Use fetchzip instead of fetchTarball to get the dispatcher script 2020-07-29 10:33:58 +02:00
Tethys Svensson
dcc963bd2d busybox: Download and patch the dispatcher script from upstream 2020-07-29 00:24:19 +02:00
Tethys Svensson
179b74c216 maintainers: add TethysSvensson 2020-07-28 22:59:51 +02:00
Tethys Svensson
b98ad8de37 busybox: Add a default udhcpc dispatcher script
The udhcpc binary which currently ships as part of the busybox
derivation will by default search for a dispatcher script at the
location /usr/share/udhcpc/default.script.

This commit includes a working default script with udhcpc and updates
the location where udhcpc searches for this script.

The script was taken the script from the udhcpc package in debian
buster. The only changes from that script is to make it use paths from
the nix store and remove the run-time check for /sbin/resolvconf.
2020-07-07 15:31:31 +02:00
Maximilian Bosch
4847222db1
busybox: fix build w/glibc-2.31 2020-06-29 14:41:42 +02:00
Michael Reilly
84cf00f980
treewide: Per RFC45, remove all unquoted URLs 2020-04-10 17:54:53 +01:00
R. RyanTM
7b599dc25e busybox: 1.30.1 -> 1.31.1
(#72452)
2019-11-14 00:07:53 +01:00
Vladimír Čunát
d0ec32c4fd
Partially revert "busybox: fix musl builds"
Original commit 5ba8c04ae5 destroyed the meaning
of the *overridable* flag, and incidentally we were
relying on it in channel-critical stuff:
https://hydra.nixos.org/build/102298542
2019-10-12 08:52:07 +02:00
Domen Kožar
5ea4c9184b
busybox: remove the missing diff 2019-09-29 18:43:32 +02:00
Domen Kožar
39769df9df
busybox: flip around logic how musl is determined 2019-09-29 16:56:16 +02:00
Jörg Thalheim
64d821d9f4
Revert "busybox: fix musl builds"
This reverts commit 5ba8c04ae5.

Broke non-musl busybox.

fixes: #70007
2019-09-29 15:31:50 +01:00
Matthew Bauer
5ba8c04ae5
busybox: fix musl builds
You shouldn’t need to add anything with musl builds. The libc will
configure these values for you.
2019-09-29 11:19:56 +02:00
Matthew Bauer
78879ae0e9 Revert "busybox: fix static builds"
This reverts commit b4f6931acd.

Broke busybox-sandbox-shell

https://hydra.nixos.org/build/100470231
2019-09-09 17:49:10 -04:00
Matthew Bauer
b4f6931acd busybox: fix static builds
Fixes #52074
2019-08-28 14:34:05 -04:00
Derek Kulinski
7e7e26e9b1 busybox: apply clang-cross patch when host is different than build system.
It looks like the original comparrision was incorrect:
host platform - system on which the binary will run
target platform - system for which compiler generates code
                  (used with compilers)
build platform - system on which the build is invoked

see: https://nixos.org/nixpkgs/manual/#sec-cross-platform-parameters

This change allows to cross compile busybox on OS X
2019-08-09 22:49:23 -07:00
Matthew Bauer
dbd1a4481f busybox: only use stdenv.cc.libc.static when it exists
causes on evaluation error on macOS otherwise
2019-05-08 21:54:27 -04:00
Matthew Bauer
3bf69b1e40 busybox: add patch to allow cross in llvm
Fixes #57670

$ nix build -f. --arg crossSystem '{ config = "aarch64-unknown-linux-musl"; useLLVM = true; }' busybox
2019-04-14 22:03:33 -04:00
Will Dietz
8019d4a1c7 busybox: 1.29.3 -> 1.30.1
For changes see https://busybox.net
(most of which are part of 1.30.0).
2019-02-18 13:17:10 -06:00
Matthew Bauer
1c02863317
busybox: give priority of 10
Lots of packages provide this. Usually we don't want the busybox version.
2019-01-18 18:16:37 -05:00
Matthew Bauer
76c956be5c treewide: disable pie in more places
Some packages don’t work correctly with pie. Here I disable it for:

- busybox
- linux kernel
- kexectools

I also get rid of the Musl conditional for disabling pie in GCC and
Binutils. Some day we might want to enable PIE without Musl and it
will be useful to have the *just* work with our compiler and linkers.
2018-11-13 07:03:31 -06:00
Matthew Bauer
0d30f7b023
Update sandbox-shell.nix 2018-11-05 15:16:45 -06:00
Will Dietz
30500d23bc busybox: 1.29.2 -> 1.29.3 (#46458) 2018-09-10 08:43:55 +02:00
John Ericson
0828e2d8c3 treewide: Remove usage of remaining redundant platform compatability stuff
Want to get this out of here for 18.09, so it can be deprecated
thereafter.
2018-08-30 17:20:32 -04:00
Will Dietz
7deef2e869 busybox: 1.29.1 -> 1.29.2 (#45473)
Website's summary of changes:

> Bug fix release. 1.29.2 has fixes for fdisk (compat fixes, allow 2TB+ sizes), gzip (FEATURE_GZIP_LEVELS was producing badly-compressed .gz), hexedit (segfault fix).
2018-08-22 23:34:40 +02:00
Lluís Batlle i Rossell
f54b387b63 Merge remote-tracking branch 'central/master' into viric_clean 2018-07-28 19:25:14 +02:00
Frederik Rietdijk
099c13da1b Merge staging-next into master (#44009)
* substitute(): --subst-var was silently coercing to "" if the variable does not exist.

* libffi: simplify using `checkInputs`

* pythonPackges.hypothesis, pythonPackages.pytest: simpify dependency cycle fix

* utillinux: 2.32 -> 2.32.1

https://lkml.org/lkml/2018/7/16/532

* busybox: 1.29.0 -> 1.29.1

* bind: 9.12.1-P2 -> 9.12.2

https://ftp.isc.org/isc/bind9/9.12.2/RELEASE-NOTES-bind-9.12.2.html

* curl: 7.60.0 -> 7.61.0

* gvfs: make tests run, but disable

* ilmbase: disable tests on i686. Spooky!

* mdds: fix tests

* git: disable checks as tests are run in installcheck

* ruby: disable tests

* libcommuni: disable checks as tests are run in installcheck

* librdf: make tests run, but disable

* neon, neon_0_29: make tests run, but disable

* pciutils: 3.6.0 -> 3.6.1

Semi-automatic update generated by https://github.com/ryantm/nixpkgs-update tools. This update was made based on information from https://repology.org/metapackage/pciutils/versions.

* mesa: more include fixes

mostly from void-linux (thanks!)

* npth: 1.5 -> 1.6

minor bump

* boost167: Add lockfree next_prior patch

* stdenv: cleanup darwin bootstrapping

Also gets rid of the full python and some of it's dependencies in the
stdenv build closure.

* Revert "pciutils: use standardized equivalent for canonicalize_file_name"

This reverts commit f8db20fb3a.
Patching should no longer be needed with 3.6.1.

* binutils-wrapper: Try to avoid adding unnecessary -L flags

(cherry picked from commit f3758258b8895508475caf83e92bfb236a27ceb9)
Signed-off-by: Domen Kožar <domen@dev.si>

* libffi: don't check on darwin

libffi usages in stdenv broken darwin. We need to disable doCheck for that case.

* "rm $out/share/icons/hicolor/icon-theme.cache" -> hicolor-icon-theme setup-hook

* python.pkgs.pytest: setupHook to prevent creation of .pytest-cache folder, fixes #40273

When `py.test` was run with a folder as argument, it would not only
search for tests in that folder, but also create a .pytest-cache folder.
Not only is this state we don't want, but it was also causing
collisions.

* parity-ui: fix after merge

* python.pkgs.pytest-flake8: disable test, fix build

* Revert "meson: 0.46.1 -> 0.47.0"

With meson 0.47.0 (or 0.47.1, or git)
things are very wrong re:rpath handling
resulting in at best missing libs but
even corrupt binaries :(.

When we run patchelf it masks the problem
by removing obviously busted paths.
Which is probably why this wasn't noticed immediately.

Unfortunately the binary already
has a long series of paths scribbled
in a space intended for a much smaller string;
in my testing it was something like
lengths were 67 with 300+ written to it.

I think we've reported the relevant issues upstream,
but unfortunately it appears our patches
are what introduces the overwrite/corruption
(by no longer being correct in what they assume)

This doesn't look so bad to fix but it's
not something I can spend more time on
at the moment.

--

Interestingly the overwritten string data
(because it is scribbled past the bounds)
remains in the binary and is why we're suddenly
seeing unexpected references in various builds
-- notably this is is the reason we're
seeing the "extra-utils" breakage
that entirely crippled NixOS on master
(and probably on staging before?).

Fixes #43650.

This reverts commit 305ac4dade.

(cherry picked from commit 273d68eff8)
Signed-off-by: Domen Kožar <domen@dev.si>
2018-07-24 15:04:48 +01:00
Lluís Batlle i Rossell
66d7126255 Take me (viric) out of most maintenance
Since years I'm not maintaining anything of the list below other
than some updates when I needed them for some reason. Other people
is doing that maintenance on my behalf so I better take me out but
for very few packages. Finally!
2018-07-22 21:50:19 +02:00
volth
52f53c69ce pkgs/*: remove unreferenced function arguments 2018-07-21 02:48:04 +00:00
Tim Steinbach
d6aa506e3b
busybox: 1.28.4 -> 1.29.0 2018-07-03 09:17:43 -04:00
Silvan Mosberger
57bccb3cb8 treewide: http -> https sources (#42676)
* treewide: http -> https sources

This updates the source urls of all top-level packages from http to
https where possible.

* buildtorrent: fix url and tab -> spaces
2018-06-28 20:43:35 +02:00