staging-next 2025-02-09 #380680
Open
staging-next 2025-02-09 #380680
+8,458
−4,980
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This is a bit of a silly one. It's a symbol redefinition problem caused by autoconf being pessimistic, then a funny eval error where `stdenv.hostPlatform.extensions.dynamicLibrary` is not defined, say, when the platform does not support dynamic libraries. Fixes: #380168
It's quite useful for r-ryantm's automatic pull requests.
Closes: #235270
This was merged 9 months ago, and still no release, so let's backport it, because the alternative is adding the same hack as curl in other packages, like libsoup.
Upstream build system has no way to build a shared library, but having the command line tool is better than nothing.
* util-linuxMinimal: build without pam and shadow These depend on python via audit preventing the use of libuuid from util-linux in python builds. * cpython: provide libuuid for the _uuid module Relying on libuuid offers synchronization primitives, so that "no two processes can obtain the same UUID"¹. [1] https://docs.python.org/3/library/uuid.html#module-uuid
…: Conditionalize gobject-introspection and vala gobject-introspection doesn't support static Although the dependencies for these don't build on static this can still be useful in the future or for preventing additional issues being created for xfce packages. Tested on native by changing the conditionals to false.
Without the change the build of upcoming `sqlite-3.49.0` will fail as:
> Error: Unknown option --oldincludedir
> Try: 'configure --help' for options
Looking at https://www.gnu.org/prep/standards/html_node/Directory-Variables.html
it feels like it's something that predates gcc and
it should be an alias to `--includedir=`.
Let's just drop the setting of `--oldincludedir=`
(and `cmake` equivalent).
…he staging ones) (#377057)
Signed-off-by: misilelab <[email protected]>
Updates OpenSSL 3.x latest to 3.4.1 Security Fixes in 3.4.1: * Fixed RFC7250 handshakes with unauthenticated servers don't abort as expected. ([CVE-2024-12797]) * Fixed timing side-channel in ECDSA signature computation. ([CVE-2024-13176](https://www.openssl.org/news/vulnerabilities.html#CVE-2024-13176)) Release notes: https://github.com/openssl/openssl/blob/openssl-3.4.0/NEWS.md#openssl-34 Some significant changes: * Deprecation of TS_VERIFY_CTX_set_* functions and addition of replacement TS_VERIFY_CTX_set0_* functions with improved semantics * SHAKE-128 and SHAKE-256 implementations have no default digest length anymore. That means these algorithms cannot be used with EVP_DigestFinal/_ex() unless the xoflen param is set before. * An empty renegotiate extension will be used in TLS client hellos instead of the empty renegotiation SCSV, for all connections with a minimum TLS version > 1.0. * Deprecation of SSL_SESSION_get_time(), SSL_SESSION_set_time() and SSL_CTX_flush_sessions() functions in favor of their respective _ex functions which are Y2038-safe on platforms with Y2038-safe time_t Some new features: * Support for directly fetched composite signature algorithms such as RSA-SHA2-256 including new API functions * New options -not_before and -not_after for explicit setting start and end dates of certificates created with the req and x509 apps * Support for attribute certificates * Support for pkeyutl in combination with key encapsulation (e.q. PQC-KEMs): -encap/-decap Signed-off-by: Markus Theil <[email protected]>
Fix paths related to OpenSSL 3.4.x patches. Signed-off-by: Markus Theil <[email protected]>
Security Fixes in 3.0.16: * Fixed timing side-channel in ECDSA signature computation. (CVE-2024-13176) * Fixed possible OOB memory access with invalid low-level GF(2^m) elliptic curve parameters. (CVE-2024-9143) Signed-off-by: Markus Theil <[email protected]>
github-actions
bot
added
6.topic: GNOME
ofborg
bot
added
the
2.status: merge conflict
This is the hash for the GitHub snapshot of the 3.4.1 tag, not the official tarball we're using. When the PR doing this update was updated after the tarballs came out, updating the hash was forgotten. I've checked the hashes of the other OpenSSL versions and they're fine. Fixes: c05c515 ("openssl_3_4: init at 3.4.1; openssl_3_3: remove")
ofborg
bot
removed
the
2.status: merge conflict
This hack hasn't been necessary since libcdr 0.0.9 or 0.1.0, and now breaks the build with ICU 76.
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Helpful links
https://hydra.nixos.org/job/nixpkgs/staging-next/unstable#tabs-constituents
https://hydra.nixos.org/job/nixos/staging-next-small/tested
https://hydra.nixos.org/jobset/nixpkgs/staging-next
https://hydra.nixos.org/jobset/nixos/staging-next-small
Important breakages
nothing so far