diff options
author | github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com> | 2021-11-21 18:01:07 +0000 |
---|---|---|
committer | GitHub <noreply@github.com> | 2021-11-21 18:01:07 +0000 |
commit | 18ad263272038fdf1c1634e2b51a64284ef4957c (patch) | |
tree | e7f4385a30b50370bf03e05846e50c59a087b59b /pkgs/tools | |
parent | c68c4b3db87877e2ae520ffea2583ae35a0cb04d (diff) | |
parent | 54962ddabc4cb652ab617a250ed4dc0bec54d1e3 (diff) |
Merge master into staging-next
Diffstat (limited to 'pkgs/tools')
-rw-r--r-- | pkgs/tools/compression/bsdiff/CVE-2020-14315.patch | 384 | ||||
-rw-r--r-- | pkgs/tools/compression/bsdiff/default.nix | 24 | ||||
-rw-r--r-- | pkgs/tools/graphics/pngquant/default.nix | 2 | ||||
-rw-r--r-- | pkgs/tools/misc/fluent-bit/default.nix | 7 | ||||
-rw-r--r-- | pkgs/tools/misc/fluent-bit/fix-cmetrics-darwin.patch | 23 | ||||
-rw-r--r-- | pkgs/tools/misc/fluent-bit/fix-luajit-darwin.patch | 31 | ||||
-rw-r--r-- | pkgs/tools/misc/ipxe/default.nix | 6 | ||||
-rw-r--r-- | pkgs/tools/networking/fastd/default.nix | 2 | ||||
-rw-r--r-- | pkgs/tools/security/mkp224o/default.nix | 2 |
9 files changed, 463 insertions, 18 deletions
diff --git a/pkgs/tools/compression/bsdiff/CVE-2020-14315.patch b/pkgs/tools/compression/bsdiff/CVE-2020-14315.patch new file mode 100644 index 000000000000..bb7ff41284eb --- /dev/null +++ b/pkgs/tools/compression/bsdiff/CVE-2020-14315.patch @@ -0,0 +1,384 @@ +Description: patch for CVE-2020-14315 + A memory corruption vulnerability is present in bspatch as shipped in + Colin Percival’s bsdiff tools version 4.3. Insufficient checks when + handling external inputs allows an attacker to bypass the sanity checks + in place and write out of a dynamically allocated buffer boundaries. +Source: https://svnweb.freebsd.org/base/head/usr.bin/bsdiff/bspatch/bspatch.c?revision=352742&view=co +Author: tony mancill <tmancill@debian.org> +Comment: The patch was created by comparing the Debian sources to the + "Confirmed Patched Version" [1] documented in the + X41 D-SEC GmbH Security Advisory: X41-2020-006 [2]. + References to FreeBSD capsicum have been dropped. Definitions for + TYPE_MINIMUM and TYPE_MAXIMUM have been borrowed from the Debian + coreutils package sources but originate in gnulib [3] and are used to + define OFF_MIN and OFF_MAX (limits of off_t). Whitespace changes from + the confirmed patched version are also included and keep the difference + between the Debian sources and the confirmed patched version minimal. + . + [1] https://svnweb.freebsd.org/base/head/usr.bin/bsdiff/bspatch/bspatch.c?revision=352742&view=co + [2] https://www.openwall.com/lists/oss-security/2020/07/09/2 + [3] https://www.gnu.org/software/gnulib/ +Last-Update: 2021-04-03 +Forwarded: not-needed +Bug-Debian: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=964796 + +--- a/bspatch.c ++++ b/bspatch.c +@@ -1,4 +1,6 @@ + /*- ++ * SPDX-License-Identifier: BSD-2-Clause-FreeBSD ++ * + * Copyright 2003-2005 Colin Percival + * All rights reserved + * +@@ -24,56 +26,148 @@ + * POSSIBILITY OF SUCH DAMAGE. + */ + ++#include <sys/cdefs.h> + #if 0 +-__FBSDID("$FreeBSD: src/usr.bin/bsdiff/bspatch/bspatch.c,v 1.1 2005/08/06 01:59:06 cperciva Exp $"); ++__FBSDID("$FreeBSD$"); + #endif + + #include <bzlib.h> +-#include <stdlib.h> ++#include <err.h> ++#include <fcntl.h> ++#include <libgen.h> ++#include <limits.h> ++#include <stdint.h> + #include <stdio.h> ++#include <stdlib.h> + #include <string.h> +-#include <err.h> + #include <unistd.h> +-#include <fcntl.h> ++ ++#ifndef O_BINARY ++#define O_BINARY 0 ++#endif ++#define HEADER_SIZE 32 ++ ++/* TYPE_MINIMUM and TYPE_MAXIMUM taken from coreutils */ ++#ifndef TYPE_MINIMUM ++#define TYPE_MINIMUM(t) \ ++ ((t) ((t) 0 < (t) -1 ? (t) 0 : ~ TYPE_MAXIMUM (t))) ++#endif ++#ifndef TYPE_MAXIMUM ++#define TYPE_MAXIMUM(t) \ ++ ((t) ((t) 0 < (t) -1 \ ++ ? (t) -1 \ ++ : ((((t) 1 << (sizeof (t) * CHAR_BIT - 2)) - 1) * 2 + 1))) ++#endif ++ ++#ifndef OFF_MAX ++#define OFF_MAX TYPE_MAXIMUM(off_t) ++#endif ++ ++#ifndef OFF_MIN ++#define OFF_MIN TYPE_MINIMUM(off_t) ++#endif ++ ++static char *newfile; ++static int dirfd = -1; ++ ++static void ++exit_cleanup(void) ++{ ++ ++ if (dirfd != -1 && newfile != NULL) ++ if (unlinkat(dirfd, newfile, 0)) ++ warn("unlinkat"); ++} ++ ++static inline off_t ++add_off_t(off_t a, off_t b) ++{ ++ off_t result; ++ ++#if __GNUC__ >= 5 ++ if (__builtin_add_overflow(a, b, &result)) ++ errx(1, "Corrupt patch"); ++#else ++ if ((b > 0 && a > OFF_MAX - b) || (b < 0 && a < OFF_MIN - b)) ++ errx(1, "Corrupt patch"); ++ result = a + b; ++#endif ++ return result; ++} + + static off_t offtin(u_char *buf) + { + off_t y; + +- y=buf[7]&0x7F; +- y=y*256;y+=buf[6]; +- y=y*256;y+=buf[5]; +- y=y*256;y+=buf[4]; +- y=y*256;y+=buf[3]; +- y=y*256;y+=buf[2]; +- y=y*256;y+=buf[1]; +- y=y*256;y+=buf[0]; ++ y = buf[7] & 0x7F; ++ y = y * 256; y += buf[6]; ++ y = y * 256; y += buf[5]; ++ y = y * 256; y += buf[4]; ++ y = y * 256; y += buf[3]; ++ y = y * 256; y += buf[2]; ++ y = y * 256; y += buf[1]; ++ y = y * 256; y += buf[0]; + +- if(buf[7]&0x80) y=-y; ++ if (buf[7] & 0x80) ++ y = -y; + +- return y; ++ return (y); + } + +-int main(int argc,char * argv[]) ++static void ++usage(void) + { +- FILE * f, * cpf, * dpf, * epf; +- BZFILE * cpfbz2, * dpfbz2, * epfbz2; ++ ++ fprintf(stderr, "usage: bspatch oldfile newfile patchfile\n"); ++ exit(1); ++} ++ ++int main(int argc, char *argv[]) ++{ ++ FILE *f, *cpf, *dpf, *epf; ++ BZFILE *cpfbz2, *dpfbz2, *epfbz2; ++ char *directory, *namebuf; + int cbz2err, dbz2err, ebz2err; +- int fd; +- ssize_t oldsize,newsize; +- ssize_t bzctrllen,bzdatalen; +- u_char header[32],buf[8]; ++ int newfd, oldfd; ++ off_t oldsize, newsize; ++ off_t bzctrllen, bzdatalen; ++ u_char header[HEADER_SIZE], buf[8]; + u_char *old, *new; +- off_t oldpos,newpos; ++ off_t oldpos, newpos; + off_t ctrl[3]; +- off_t lenread; +- off_t i; ++ off_t i, lenread, offset; + +- if(argc!=4) errx(1,"usage: %s oldfile newfile patchfile\n",argv[0]); ++ if (argc != 4) ++ usage(); + + /* Open patch file */ +- if ((f = fopen(argv[3], "r")) == NULL) ++ if ((f = fopen(argv[3], "rb")) == NULL) ++ err(1, "fopen(%s)", argv[3]); ++ /* Open patch file for control block */ ++ if ((cpf = fopen(argv[3], "rb")) == NULL) ++ err(1, "fopen(%s)", argv[3]); ++ /* open patch file for diff block */ ++ if ((dpf = fopen(argv[3], "rb")) == NULL) + err(1, "fopen(%s)", argv[3]); ++ /* open patch file for extra block */ ++ if ((epf = fopen(argv[3], "rb")) == NULL) ++ err(1, "fopen(%s)", argv[3]); ++ /* open oldfile */ ++ if ((oldfd = open(argv[1], O_RDONLY | O_BINARY, 0)) < 0) ++ err(1, "open(%s)", argv[1]); ++ /* open directory where we'll write newfile */ ++ if ((namebuf = strdup(argv[2])) == NULL || ++ (directory = dirname(namebuf)) == NULL || ++ (dirfd = open(directory, O_DIRECTORY)) < 0) ++ err(1, "open %s", argv[2]); ++ free(namebuf); ++ if ((newfile = basename(argv[2])) == NULL) ++ err(1, "basename"); ++ /* open newfile */ ++ if ((newfd = openat(dirfd, newfile, ++ O_CREAT | O_TRUNC | O_WRONLY | O_BINARY, 0666)) < 0) ++ err(1, "open(%s)", argv[2]); ++ atexit(exit_cleanup); + + /* + File format: +@@ -90,104 +185,104 @@ + */ + + /* Read header */ +- if (fread(header, 1, 32, f) < 32) { ++ if (fread(header, 1, HEADER_SIZE, f) < HEADER_SIZE) { + if (feof(f)) +- errx(1, "Corrupt patch\n"); ++ errx(1, "Corrupt patch"); + err(1, "fread(%s)", argv[3]); + } + + /* Check for appropriate magic */ + if (memcmp(header, "BSDIFF40", 8) != 0) +- errx(1, "Corrupt patch\n"); ++ errx(1, "Corrupt patch"); + + /* Read lengths from header */ +- bzctrllen=offtin(header+8); +- bzdatalen=offtin(header+16); +- newsize=offtin(header+24); +- if((bzctrllen<0) || (bzdatalen<0) || (newsize<0)) +- errx(1,"Corrupt patch\n"); ++ bzctrllen = offtin(header + 8); ++ bzdatalen = offtin(header + 16); ++ newsize = offtin(header + 24); ++ if (bzctrllen < 0 || bzctrllen > OFF_MAX - HEADER_SIZE || ++ bzdatalen < 0 || bzctrllen + HEADER_SIZE > OFF_MAX - bzdatalen || ++ newsize < 0 || newsize > SSIZE_MAX) ++ errx(1, "Corrupt patch"); + + /* Close patch file and re-open it via libbzip2 at the right places */ + if (fclose(f)) + err(1, "fclose(%s)", argv[3]); +- if ((cpf = fopen(argv[3], "r")) == NULL) +- err(1, "fopen(%s)", argv[3]); +- if (fseeko(cpf, 32, SEEK_SET)) +- err(1, "fseeko(%s, %lld)", argv[3], +- (long long)32); ++ offset = HEADER_SIZE; ++ if (fseeko(cpf, offset, SEEK_SET)) ++ err(1, "fseeko(%s, %jd)", argv[3], (intmax_t)offset); + if ((cpfbz2 = BZ2_bzReadOpen(&cbz2err, cpf, 0, 0, NULL, 0)) == NULL) + errx(1, "BZ2_bzReadOpen, bz2err = %d", cbz2err); +- if ((dpf = fopen(argv[3], "r")) == NULL) +- err(1, "fopen(%s)", argv[3]); +- if (fseeko(dpf, 32 + bzctrllen, SEEK_SET)) +- err(1, "fseeko(%s, %lld)", argv[3], +- (long long)(32 + bzctrllen)); ++ offset = add_off_t(offset, bzctrllen); ++ if (fseeko(dpf, offset, SEEK_SET)) ++ err(1, "fseeko(%s, %jd)", argv[3], (intmax_t)offset); + if ((dpfbz2 = BZ2_bzReadOpen(&dbz2err, dpf, 0, 0, NULL, 0)) == NULL) + errx(1, "BZ2_bzReadOpen, bz2err = %d", dbz2err); +- if ((epf = fopen(argv[3], "r")) == NULL) +- err(1, "fopen(%s)", argv[3]); +- if (fseeko(epf, 32 + bzctrllen + bzdatalen, SEEK_SET)) +- err(1, "fseeko(%s, %lld)", argv[3], +- (long long)(32 + bzctrllen + bzdatalen)); ++ offset = add_off_t(offset, bzdatalen); ++ if (fseeko(epf, offset, SEEK_SET)) ++ err(1, "fseeko(%s, %jd)", argv[3], (intmax_t)offset); + if ((epfbz2 = BZ2_bzReadOpen(&ebz2err, epf, 0, 0, NULL, 0)) == NULL) + errx(1, "BZ2_bzReadOpen, bz2err = %d", ebz2err); + +- if(((fd=open(argv[1],O_RDONLY,0))<0) || +- ((oldsize=lseek(fd,0,SEEK_END))==-1) || +- ((old=malloc(oldsize+1))==NULL) || +- (lseek(fd,0,SEEK_SET)!=0) || +- (read(fd,old,oldsize)!=oldsize) || +- (close(fd)==-1)) err(1,"%s",argv[1]); +- if((new=malloc(newsize+1))==NULL) err(1,NULL); +- +- oldpos=0;newpos=0; +- while(newpos<newsize) { ++ if ((oldsize = lseek(oldfd, 0, SEEK_END)) == -1 || ++ oldsize > SSIZE_MAX || ++ (old = malloc(oldsize)) == NULL || ++ lseek(oldfd, 0, SEEK_SET) != 0 || ++ read(oldfd, old, oldsize) != oldsize || ++ close(oldfd) == -1) ++ err(1, "%s", argv[1]); ++ if ((new = malloc(newsize)) == NULL) ++ err(1, NULL); ++ ++ oldpos = 0; ++ newpos = 0; ++ while (newpos < newsize) { + /* Read control data */ +- for(i=0;i<=2;i++) { ++ for (i = 0; i <= 2; i++) { + lenread = BZ2_bzRead(&cbz2err, cpfbz2, buf, 8); + if ((lenread < 8) || ((cbz2err != BZ_OK) && + (cbz2err != BZ_STREAM_END))) +- errx(1, "Corrupt patch\n"); +- ctrl[i]=offtin(buf); +- }; ++ errx(1, "Corrupt patch"); ++ ctrl[i] = offtin(buf); ++ } + + /* Sanity-check */ +- if ((ctrl[0] < 0) || (ctrl[1] < 0)) +- errx(1,"Corrupt patch\n"); ++ if (ctrl[0] < 0 || ctrl[0] > INT_MAX || ++ ctrl[1] < 0 || ctrl[1] > INT_MAX) ++ errx(1, "Corrupt patch"); + + /* Sanity-check */ +- if(newpos+ctrl[0]>newsize) +- errx(1,"Corrupt patch\n"); ++ if (add_off_t(newpos, ctrl[0]) > newsize) ++ errx(1, "Corrupt patch"); + + /* Read diff string */ + lenread = BZ2_bzRead(&dbz2err, dpfbz2, new + newpos, ctrl[0]); + if ((lenread < ctrl[0]) || + ((dbz2err != BZ_OK) && (dbz2err != BZ_STREAM_END))) +- errx(1, "Corrupt patch\n"); ++ errx(1, "Corrupt patch"); + + /* Add old data to diff string */ +- for(i=0;i<ctrl[0];i++) +- if((oldpos+i>=0) && (oldpos+i<oldsize)) +- new[newpos+i]+=old[oldpos+i]; ++ for (i = 0; i < ctrl[0]; i++) ++ if (add_off_t(oldpos, i) < oldsize) ++ new[newpos + i] += old[oldpos + i]; + + /* Adjust pointers */ +- newpos+=ctrl[0]; +- oldpos+=ctrl[0]; ++ newpos = add_off_t(newpos, ctrl[0]); ++ oldpos = add_off_t(oldpos, ctrl[0]); + + /* Sanity-check */ +- if(newpos+ctrl[1]>newsize) +- errx(1,"Corrupt patch\n"); ++ if (add_off_t(newpos, ctrl[1]) > newsize) ++ errx(1, "Corrupt patch"); + + /* Read extra string */ + lenread = BZ2_bzRead(&ebz2err, epfbz2, new + newpos, ctrl[1]); + if ((lenread < ctrl[1]) || + ((ebz2err != BZ_OK) && (ebz2err != BZ_STREAM_END))) +- errx(1, "Corrupt patch\n"); ++ errx(1, "Corrupt patch"); + + /* Adjust pointers */ +- newpos+=ctrl[1]; +- oldpos+=ctrl[2]; +- }; ++ newpos = add_off_t(newpos, ctrl[1]); ++ oldpos = add_off_t(oldpos, ctrl[2]); ++ } + + /* Clean up the bzip2 reads */ + BZ2_bzReadClose(&cbz2err, cpfbz2); +@@ -197,12 +292,13 @@ + err(1, "fclose(%s)", argv[3]); + + /* Write the new file */ +- if(((fd=open(argv[2],O_CREAT|O_TRUNC|O_WRONLY,0666))<0) || +- (write(fd,new,newsize)!=newsize) || (close(fd)==-1)) +- err(1,"%s",argv[2]); ++ if (write(newfd, new, newsize) != newsize || close(newfd) == -1) ++ err(1, "%s", argv[2]); ++ /* Disable atexit cleanup */ ++ newfile = NULL; + + free(new); + free(old); + +- return 0; ++ return (0); + } diff --git a/pkgs/tools/compression/bsdiff/default.nix b/pkgs/tools/compression/bsdiff/default.nix index 8f8818781ab4..b8a86eae89bd 100644 --- a/pkgs/tools/compression/bsdiff/default.nix +++ b/pkgs/tools/compression/bsdiff/default.nix @@ -1,4 +1,4 @@ -{ lib, stdenv, fetchurl, bzip2 }: +{ lib, stdenv, fetchurl, fetchpatch, bzip2 }: stdenv.mkDerivation rec { pname = "bsdiff"; @@ -10,7 +10,27 @@ stdenv.mkDerivation rec { }; buildInputs = [ bzip2 ]; - patches = [ ./include-systypes.patch ]; + patches = [ + (fetchpatch { + url = "https://sources.debian.org/data/main/b/bsdiff/4.3-22/debian/patches/20-CVE-2014-9862.patch"; + sha256 = "sha256-3UuUfNvShQ8fLqxCKUTb/n4BmjL4+Nl7aEqCxYrrERQ="; + }) + ./CVE-2020-14315.patch + ./include-systypes.patch + ] ++ lib.optional stdenv.hostPlatform.isLinux [ + (fetchpatch { + url = "https://sources.debian.org/data/main/b/bsdiff/4.3-22/debian/patches/30-bug-632585-mmap-src-file-instead-of-malloc-read-it.patch"; + sha256 = "sha256-esbhz2/efUiuQDuF7LGfSeEn3/f1WbqCxQpTs2A0ulI="; + }) + (fetchpatch { + url = "https://sources.debian.org/data/main/b/bsdiff/4.3-22/debian/patches/31-bug-632585-mmap-dst-file-instead-of-malloc-read-it.patch"; + sha256 = "sha256-Of4aOcI0rsgdRzPqyw2VRn2p9wQuo3hdlgDTBdXGzoc="; + }) + (fetchpatch { + url = "https://sources.debian.org/data/main/b/bsdiff/4.3-22/debian/patches/32-bug-632585-use-int32_t-instead-off_t-for-file-size.patch"; + sha256 = "sha256-SooFnFK4uKNXvXQb/LEcH8GocnRtkryExI4b3BZTsAY="; + }) + ]; buildPhase = '' $CC -O3 -lbz2 bspatch.c -o bspatch diff --git a/pkgs/tools/graphics/pngquant/default.nix b/pkgs/tools/graphics/pngquant/default.nix index bb0ef8581250..dd145d48fc1b 100644 --- a/pkgs/tools/graphics/pngquant/default.nix +++ b/pkgs/tools/graphics/pngquant/default.nix @@ -14,7 +14,7 @@ stdenv.mkDerivation rec { preConfigure = "patchShebangs ."; - configureFlags = lib.optionals (!stdenv.isi686 && !stdenv.isx86_64) [ "--disable-sse" ]; + configureFlags = lib.optionals (!stdenv.hostPlatform.isx86) [ "--disable-sse" ]; nativeBuildInputs = [ pkg-config ]; buildInputs = [ libpng zlib lcms2 ]; diff --git a/pkgs/tools/misc/fluent-bit/default.nix b/pkgs/tools/misc/fluent-bit/default.nix index 795e2b39b7b2..713b1df0c4e9 100644 --- a/pkgs/tools/misc/fluent-bit/default.nix +++ b/pkgs/tools/misc/fluent-bit/default.nix @@ -11,14 +11,17 @@ stdenv.mkDerivation rec { sha256 = "sha256-b+MZuZQB/sl0HcioU1KCxH3TNiXYSPBfC9dBKqCVeXk="; }; + patches = lib.optionals stdenv.isDarwin [ + ./fix-cmetrics-darwin.patch + ./fix-luajit-darwin.patch + ]; + nativeBuildInputs = [ cmake flex bison ]; buildInputs = lib.optionals stdenv.isLinux [ systemd ]; cmakeFlags = [ "-DFLB_METRICS=ON" "-DFLB_HTTP_SERVER=ON" ]; - patches = lib.optionals stdenv.isDarwin [ ./fix-luajit-darwin.patch ]; - # _FORTIFY_SOURCE requires compiling with optimization (-O) NIX_CFLAGS_COMPILE = lib.optionalString stdenv.cc.isGNU "-O"; diff --git a/pkgs/tools/misc/fluent-bit/fix-cmetrics-darwin.patch b/pkgs/tools/misc/fluent-bit/fix-cmetrics-darwin.patch new file mode 100644 index 000000000000..8bd77605cbc0 --- /dev/null +++ b/pkgs/tools/misc/fluent-bit/fix-cmetrics-darwin.patch @@ -0,0 +1,23 @@ +diff --git i/lib/cmetrics/src/cmt_time.c w/lib/cmetrics/src/cmt_time.c +--- i/lib/cmetrics/src/cmt_time.c ++++ w/lib/cmetrics/src/cmt_time.c +@@ -20,7 +20,7 @@ + #include <cmetrics/cmt_info.h> + + /* MacOS */ +-#ifdef FLB_HAVE_CLOCK_GET_TIME ++#ifdef CMT_HAVE_CLOCK_GET_TIME + #include <mach/clock.h> + #include <mach/mach.h> + #endif +@@ -41,8 +41,8 @@ + mach_timespec_t mts; + host_get_clock_service(mach_host_self(), CALENDAR_CLOCK, &cclock); + clock_get_time(cclock, &mts); +- tm->tv_sec = mts.tv_sec; +- tm->tv_nsec = mts.tv_nsec; ++ tm.tv_sec = mts.tv_sec; ++ tm.tv_nsec = mts.tv_nsec; + mach_port_deallocate(mach_task_self(), cclock); + #else /* __STDC_VERSION__ */ + clock_gettime(CLOCK_REALTIME, &tm); diff --git a/pkgs/tools/misc/fluent-bit/fix-luajit-darwin.patch b/pkgs/tools/misc/fluent-bit/fix-luajit-darwin.patch index 21d9c21f5b9b..ef6be0f5ad35 100644 --- a/pkgs/tools/misc/fluent-bit/fix-luajit-darwin.patch +++ b/pkgs/tools/misc/fluent-bit/fix-luajit-darwin.patch @@ -1,14 +1,29 @@ diff -Naur fluent-bit.old/cmake/luajit.cmake fluent-bit.new/cmake/luajit.cmake --- fluent-bit.old/cmake/luajit.cmake +++ fluent-bit.new/cmake/luajit.cmake -@@ -11,10 +11,6 @@ - set(LUAJIT_SRC ${CMAKE_CURRENT_SOURCE_DIR}/${FLB_PATH_LIB_LUAJIT}) +@@ -12,15 +12,7 @@ set(LUAJIT_DEST ${CMAKE_CURRENT_BINARY_DIR}) --if (CMAKE_SYSTEM_NAME MATCHES "Darwin") -- set(CFLAGS "${CFLAGS} -isysroot ${CMAKE_OSX_SYSROOT}") --endif() -- + if (CMAKE_SYSTEM_NAME MATCHES "Darwin") +- set(CFLAGS "${CFLAGS} -isysroot ${CMAKE_OSX_SYSROOT} -fno-stack-check") +- if (CMAKE_HOST_SYSTEM_VERSION VERSION_GREATER_EQUAL 20 +- AND CMAKE_HOST_SYSTEM_VERSION VERSION_LESS 21) +- set(DEPLOYMENT_TARGET "MACOSX_DEPLOYMENT_TARGET=11.0") +- else() +- set(DEPLOYMENT_TARGET "MACOSX_DEPLOYMENT_TARGET=10.15") +- endif() +-else() +- set(DEPLOYMENT_TARGET "") ++ set(CFLAGS "${CFLAGS} -fno-stack-check") + endif() + # luajit (UNIX) - # ============= - ExternalProject_Add(luajit +@@ -30,7 +22,7 @@ + EXCLUDE_FROM_ALL TRUE + SOURCE_DIR ${LUAJIT_SRC} + CONFIGURE_COMMAND ./configure +- BUILD_COMMAND $(MAKE) CROSS=${CROSS_PREFIX} CFLAGS=${CFLAGS} BUILD_MODE=static "XCFLAGS=-fPIC" ${DEPLOYMENT_TARGET} ++ BUILD_COMMAND $(MAKE) DEFAULT_CC=cc CROSS=${CROSS_PREFIX} CFLAGS=${CFLAGS} BUILD_MODE=static "XCFLAGS=-fPIC" + INSTALL_COMMAND cp src/libluajit.a "${LUAJIT_DEST}/lib/libluajit.a") + + # luajit (Windows) diff --git a/pkgs/tools/misc/ipxe/default.nix b/pkgs/tools/misc/ipxe/default.nix index 70b1ae48ae9c..76ce66e56864 100644 --- a/pkgs/tools/misc/ipxe/default.nix +++ b/pkgs/tools/misc/ipxe/default.nix @@ -9,7 +9,7 @@ let "bin-x86_64-efi/ipxe.efi" = null; "bin-x86_64-efi/ipxe.efirom" = null; "bin-x86_64-efi/ipxe.usb" = "ipxe-efi.usb"; - } // lib.optionalAttrs (stdenv.isi686 || stdenv.isx86_64) { + } // lib.optionalAttrs stdenv.hostPlatform.isx86 { "bin/ipxe.dsk" = null; "bin/ipxe.usb" = null; "bin/ipxe.iso" = null; @@ -30,7 +30,7 @@ stdenv.mkDerivation rec { pname = "ipxe"; version = "1.21.1"; - nativeBuildInputs = [ perl cdrkit xz openssl gnu-efi mtools ] ++ lib.optional (stdenv.isi686 || stdenv.isx86_64) syslinux; + nativeBuildInputs = [ perl cdrkit xz openssl gnu-efi mtools ] ++ lib.optional stdenv.hostPlatform.isx86 syslinux; src = fetchFromGitHub { owner = "ipxe"; @@ -46,7 +46,7 @@ stdenv.mkDerivation rec { makeFlags = [ "ECHO_E_BIN_ECHO=echo" "ECHO_E_BIN_ECHO_E=echo" # No /bin/echo here. - ] ++ lib.optionals (stdenv.isi686 || stdenv.isx86_64) [ + ] ++ lib.optionals stdenv.hostPlatform.isx86 [ "ISOLINUX_BIN_LIST=${syslinux}/share/syslinux/isolinux.bin" "LDLINUX_C32=${syslinux}/share/syslinux/ldlinux.c32" ] ++ lib.optional (embedScript != null) "EMBED=${embedScript}"; diff --git a/pkgs/tools/networking/fastd/default.nix b/pkgs/tools/networking/fastd/default.nix index 8d1594b8187d..47007e1646ee 100644 --- a/pkgs/tools/networking/fastd/default.nix +++ b/pkgs/tools/networking/fastd/default.nix @@ -42,7 +42,7 @@ stdenv.mkDerivation rec { ]; # some options are only available on x86 - mesonFlags = lib.optionals (!stdenv.isx86_64 && !stdenv.isi686) [ + mesonFlags = lib.optionals (!stdenv.hostPlatform.isx86) [ "-Dcipher_salsa20_xmm=disabled" "-Dcipher_salsa2012_xmm=disabled" "-Dmac_ghash_pclmulqdq=disabled" diff --git a/pkgs/tools/security/mkp224o/default.nix b/pkgs/tools/security/mkp224o/default.nix index dc17cc602764..17d8e8ad4ffb 100644 --- a/pkgs/tools/security/mkp224o/default.nix +++ b/pkgs/tools/security/mkp224o/default.nix @@ -18,7 +18,7 @@ stdenv.mkDerivation rec { variants = [ { suffix = "ref10"; configureFlags = ["--enable-ref10"]; } { suffix = "donna"; configureFlags = ["--enable-donna"]; } - ] ++ lib.optionals (stdenv.isi686 || stdenv.isx86_64) [ + ] ++ lib.optionals stdenv.hostPlatform.isx86 [ { suffix = "donna-sse2"; configureFlags = ["--enable-donna-sse2"]; } ] ++ lib.optionals stdenv.isx86_64 [ { suffix = "amd64-51-30k"; configureFlags = ["--enable-amd64-51-30k"]; } |