diff options
Diffstat (limited to 'third_party/overlays/patches')
9 files changed, 416 insertions, 0 deletions
diff --git a/third_party/overlays/patches/.skip-tree b/third_party/overlays/patches/.skip-tree new file mode 100644 index 000000000000..86eae51a6d62 --- /dev/null +++ b/third_party/overlays/patches/.skip-tree @@ -0,0 +1 @@ +No readTree-compatible files. diff --git a/third_party/overlays/patches/0001-configure-ac-version.patch b/third_party/overlays/patches/0001-configure-ac-version.patch new file mode 100644 index 000000000000..fa2575cb938a --- /dev/null +++ b/third_party/overlays/patches/0001-configure-ac-version.patch @@ -0,0 +1,13 @@ +diff --git a/configure.ac b/configure.ac +index e861e42..018c19c 100644 +--- a/configure.ac ++++ b/configure.ac +@@ -26,7 +26,7 @@ + #;**********************************************************************; + + AC_INIT([tpm2-pkcs11], +- [m4_esyscmd_s([git describe --tags --always --dirty])], ++ [git-@VERSION@], + [https://github.com/tpm2-software/tpm2-pkcs11/issues], + [], + [https://github.com/tpm2-software/tpm2-pkcs11]) diff --git a/third_party/overlays/patches/buf-tests-dont-use-file-transport.patch b/third_party/overlays/patches/buf-tests-dont-use-file-transport.patch new file mode 100644 index 000000000000..34be80eb361d --- /dev/null +++ b/third_party/overlays/patches/buf-tests-dont-use-file-transport.patch @@ -0,0 +1,64 @@ +commit e9219b88de5ed37af337ee2d2e71e7ec7c0aad1b +Author: Robbert van Ginkel <rvanginkel@buf.build> +Date: Thu Oct 20 16:43:28 2022 -0400 + + Fix git unit test by using fake git server rather than file:// (#1518) + + More recent versions of git fix a CVE by disabling some usage of the + `file://` transport, see + https://github.blog/2022-10-18-git-security-vulnerabilities-announced/#cve-2022-39253. + We were using this transport in tests. + + Instead, use https://git-scm.com/docs/git-http-backend to serve up this + repository locally so we don't have to use the file protocol. This + should be a more accurate tests, since we mostly expect submodules to + come from servers. + +diff --git a/.golangci.yml b/.golangci.yml +index 318d1171..865e03e7 100644 +--- a/.golangci.yml ++++ b/.golangci.yml +@@ -136,3 +136,8 @@ issues: + - linters: + - containedctx + path: private/bufpkg/bufmodule/bufmoduleprotocompile ++ # We should be able to use net/http/cgi in a unit test, in addition the CVE mentions only versions of go < 1.6.3 are affected. ++ - linters: ++ - gosec ++ path: private/pkg/git/git_test.go ++ text: "G504:" +diff --git a/private/pkg/git/git_test.go b/private/pkg/git/git_test.go +index 7b77b6cd..7132054e 100644 +--- a/private/pkg/git/git_test.go ++++ b/private/pkg/git/git_test.go +@@ -17,6 +17,8 @@ package git + import ( + "context" + "errors" ++ "net/http/cgi" ++ "net/http/httptest" + "os" + "os/exec" + "path/filepath" +@@ -213,6 +215,21 @@ func createGitDirs( + runCommand(ctx, t, container, runner, "git", "-C", submodulePath, "add", "test.proto") + runCommand(ctx, t, container, runner, "git", "-C", submodulePath, "commit", "-m", "commit 0") + ++ gitExecPath, err := command.RunStdout(ctx, container, runner, "git", "--exec-path") ++ require.NoError(t, err) ++ t.Log(filepath.Join(string(gitExecPath), "git-http-backend")) ++ // https://git-scm.com/docs/git-http-backend#_description ++ f, err := os.Create(filepath.Join(submodulePath, ".git", "git-daemon-export-ok")) ++ require.NoError(t, err) ++ require.NoError(t, f.Close()) ++ server := httptest.NewServer(&cgi.Handler{ ++ Path: filepath.Join(strings.TrimSpace(string(gitExecPath)), "git-http-backend"), ++ Dir: submodulePath, ++ Env: []string{"GIT_PROJECT_ROOT=" + submodulePath}, ++ }) ++ t.Cleanup(server.Close) ++ submodulePath = server.URL ++ + originPath := filepath.Join(tmpDir, "origin") + require.NoError(t, os.MkdirAll(originPath, 0777)) + runCommand(ctx, t, container, runner, "git", "-C", originPath, "init") diff --git a/third_party/overlays/patches/clickhouse-support-reading-arrow-LargeListArray.patch b/third_party/overlays/patches/clickhouse-support-reading-arrow-LargeListArray.patch new file mode 100644 index 000000000000..9e79aa7267da --- /dev/null +++ b/third_party/overlays/patches/clickhouse-support-reading-arrow-LargeListArray.patch @@ -0,0 +1,106 @@ +From cdea2e8ad98995202ce81c9c030f2ae64d73b05a Mon Sep 17 00:00:00 2001 +From: edef <edef@edef.eu> +Date: Mon, 30 Oct 2023 08:08:10 +0000 +Subject: [PATCH] Support reading arrow::LargeListArray + +--- + .../Formats/Impl/ArrowColumnToCHColumn.cpp | 33 +++++++++++++++---- + 1 file changed, 26 insertions(+), 7 deletions(-) + +diff --git a/src/Processors/Formats/Impl/ArrowColumnToCHColumn.cpp b/src/Processors/Formats/Impl/ArrowColumnToCHColumn.cpp +index 6f9d49498f2..b93846cd4eb 100644 +--- a/src/Processors/Formats/Impl/ArrowColumnToCHColumn.cpp ++++ b/src/Processors/Formats/Impl/ArrowColumnToCHColumn.cpp +@@ -436,6 +436,22 @@ static ColumnPtr readByteMapFromArrowColumn(std::shared_ptr<arrow::ChunkedArray> + return nullmap_column; + } + ++template <typename T> ++struct ArrowOffsetArray; ++ ++template <> ++struct ArrowOffsetArray<arrow::ListArray> ++{ ++ using type = arrow::Int32Array; ++}; ++ ++template <> ++struct ArrowOffsetArray<arrow::LargeListArray> ++{ ++ using type = arrow::Int64Array; ++}; ++ ++template <typename ArrowListArray> + static ColumnPtr readOffsetsFromArrowListColumn(std::shared_ptr<arrow::ChunkedArray> & arrow_column) + { + auto offsets_column = ColumnUInt64::create(); +@@ -444,9 +460,9 @@ static ColumnPtr readOffsetsFromArrowListColumn(std::shared_ptr<arrow::ChunkedAr + + for (int chunk_i = 0, num_chunks = arrow_column->num_chunks(); chunk_i < num_chunks; ++chunk_i) + { +- arrow::ListArray & list_chunk = dynamic_cast<arrow::ListArray &>(*(arrow_column->chunk(chunk_i))); ++ ArrowListArray & list_chunk = dynamic_cast<ArrowListArray &>(*(arrow_column->chunk(chunk_i))); + auto arrow_offsets_array = list_chunk.offsets(); +- auto & arrow_offsets = dynamic_cast<arrow::Int32Array &>(*arrow_offsets_array); ++ auto & arrow_offsets = dynamic_cast<ArrowOffsetArray<ArrowListArray>::type &>(*arrow_offsets_array); + + /* + * CH uses element size as "offsets", while arrow uses actual offsets as offsets. +@@ -602,13 +618,14 @@ static ColumnPtr readColumnWithIndexesData(std::shared_ptr<arrow::ChunkedArray> + } + } + ++template <typename ArrowListArray> + static std::shared_ptr<arrow::ChunkedArray> getNestedArrowColumn(std::shared_ptr<arrow::ChunkedArray> & arrow_column) + { + arrow::ArrayVector array_vector; + array_vector.reserve(arrow_column->num_chunks()); + for (int chunk_i = 0, num_chunks = arrow_column->num_chunks(); chunk_i < num_chunks; ++chunk_i) + { +- arrow::ListArray & list_chunk = dynamic_cast<arrow::ListArray &>(*(arrow_column->chunk(chunk_i))); ++ ArrowListArray & list_chunk = dynamic_cast<ArrowListArray &>(*(arrow_column->chunk(chunk_i))); + + /* + * It seems like arrow::ListArray::values() (nested column data) might or might not be shared across chunks. +@@ -819,12 +836,12 @@ static ColumnWithTypeAndName readColumnFromArrowColumn( + key_type_hint = map_type_hint->getKeyType(); + } + } +- auto arrow_nested_column = getNestedArrowColumn(arrow_column); ++ auto arrow_nested_column = getNestedArrowColumn<arrow::ListArray>(arrow_column); + auto nested_column = readColumnFromArrowColumn(arrow_nested_column, column_name, format_name, false, dictionary_infos, allow_null_type, skip_columns_with_unsupported_types, skipped, date_time_overflow_behavior, nested_type_hint, true); + if (skipped) + return {}; + +- auto offsets_column = readOffsetsFromArrowListColumn(arrow_column); ++ auto offsets_column = readOffsetsFromArrowListColumn<arrow::ListArray>(arrow_column); + + const auto * tuple_column = assert_cast<const ColumnTuple *>(nested_column.column.get()); + const auto * tuple_type = assert_cast<const DataTypeTuple *>(nested_column.type.get()); +@@ -846,7 +863,9 @@ static ColumnWithTypeAndName readColumnFromArrowColumn( + return {std::move(map_column), std::move(map_type), column_name}; + } + case arrow::Type::LIST: ++ case arrow::Type::LARGE_LIST: + { ++ bool is_large = arrow_column->type()->id() == arrow::Type::LARGE_LIST; + DataTypePtr nested_type_hint; + if (type_hint) + { +@@ -854,11 +873,11 @@ static ColumnWithTypeAndName readColumnFromArrowColumn( + if (array_type_hint) + nested_type_hint = array_type_hint->getNestedType(); + } +- auto arrow_nested_column = getNestedArrowColumn(arrow_column); ++ auto arrow_nested_column = is_large ? getNestedArrowColumn<arrow::LargeListArray>(arrow_column) : getNestedArrowColumn<arrow::ListArray>(arrow_column); + auto nested_column = readColumnFromArrowColumn(arrow_nested_column, column_name, format_name, false, dictionary_infos, allow_null_type, skip_columns_with_unsupported_types, skipped, date_time_overflow_behavior, nested_type_hint); + if (skipped) + return {}; +- auto offsets_column = readOffsetsFromArrowListColumn(arrow_column); ++ auto offsets_column = is_large ? readOffsetsFromArrowListColumn<arrow::LargeListArray>(arrow_column) : readOffsetsFromArrowListColumn<arrow::ListArray>(arrow_column); + auto array_column = ColumnArray::create(nested_column.column, offsets_column); + auto array_type = std::make_shared<DataTypeArray>(nested_column.type); + return {std::move(array_column), std::move(array_type), column_name}; +-- +2.42.0 + diff --git a/third_party/overlays/patches/crate2nix-0001-Fix-Use-mkDerivation-with-src-instead-of-runCommand.patch b/third_party/overlays/patches/crate2nix-0001-Fix-Use-mkDerivation-with-src-instead-of-runCommand.patch new file mode 100644 index 000000000000..fbc18860ac81 --- /dev/null +++ b/third_party/overlays/patches/crate2nix-0001-Fix-Use-mkDerivation-with-src-instead-of-runCommand.patch @@ -0,0 +1,109 @@ +From 96f66ec32e003c6c215aa2a644281289a71dae7d Mon Sep 17 00:00:00 2001 +From: Ilan Joselevich <personal@ilanjoselevich.com> +Date: Sun, 4 Aug 2024 02:35:27 +0300 +Subject: [PATCH] Fix: Use mkDerivation with src instead of runCommand for test + derivation + +The problem with using runCommand and recreating the src directory with +lndir is that it changes the file types of individual files, they will +now be a symlink instead of a regular file. If you have a crate that tests +that a file is of regular type then it will fail inside the crate2nix derivation. +--- + templates/nix/crate2nix/default.nix | 81 ++++++++----------- + 1 file changed, 35 insertions(+), 46 deletions(-) + +diff --git a/templates/nix/crate2nix/default.nix b/templates/nix/crate2nix/default.nix +index c53925e..90e10c6 100644 +--- a/templates/nix/crate2nix/default.nix ++++ b/templates/nix/crate2nix/default.nix +@@ -120,52 +120,41 @@ rec { + testPostRun + ]); + in +- pkgs.runCommand "run-tests-${testCrate.name}" +- { +- inherit testCrateFlags; +- buildInputs = testInputs; +- } '' +- set -e +- +- export RUST_BACKTRACE=1 +- +- # recreate a file hierarchy as when running tests with cargo +- +- # the source for test data +- # It's necessary to locate the source in $NIX_BUILD_TOP/source/ +- # instead of $NIX_BUILD_TOP/ +- # because we compiled those test binaries in the former and not the latter. +- # So all paths will expect source tree to be there and not in the build top directly. +- # For example: $NIX_BUILD_TOP := /build in general, if you ask yourself. +- # NOTE: There could be edge cases if `crate.sourceRoot` does exist but +- # it's very hard to reason about them. +- # Open a bug if you run into this! +- mkdir -p source/ +- cd source/ +- +- ${pkgs.buildPackages.xorg.lndir}/bin/lndir ${crate.src} +- +- # build outputs +- testRoot=target/debug +- mkdir -p $testRoot +- +- # executables of the crate +- # we copy to prevent std::env::current_exe() to resolve to a store location +- for i in ${crate}/bin/*; do +- cp "$i" "$testRoot" +- done +- chmod +w -R . +- +- # test harness executables are suffixed with a hash, like cargo does +- # this allows to prevent name collision with the main +- # executables of the crate +- hash=$(basename $out) +- for file in ${drv}/tests/*; do +- f=$testRoot/$(basename $file)-$hash +- cp $file $f +- ${testCommand} +- done +- ''; ++ pkgs.stdenvNoCC.mkDerivation { ++ name = "run-tests-${testCrate.name}"; ++ ++ inherit (crate) src; ++ ++ inherit testCrateFlags; ++ ++ buildInputs = testInputs; ++ ++ buildPhase = '' ++ set -e ++ export RUST_BACKTRACE=1 ++ ++ # build outputs ++ testRoot=target/debug ++ mkdir -p $testRoot ++ ++ # executables of the crate ++ # we copy to prevent std::env::current_exe() to resolve to a store location ++ for i in ${crate}/bin/*; do ++ cp "$i" "$testRoot" ++ done ++ chmod +w -R . ++ ++ # test harness executables are suffixed with a hash, like cargo does ++ # this allows to prevent name collision with the main ++ # executables of the crate ++ hash=$(basename $out) ++ for file in ${drv}/tests/*; do ++ f=$testRoot/$(basename $file)-$hash ++ cp $file $f ++ ${testCommand} ++ done ++ ''; ++ }; + in + pkgs.runCommand "${crate.name}-linked" + { +-- +2.44.0 + diff --git a/third_party/overlays/patches/crate2nix-tests-debug.patch b/third_party/overlays/patches/crate2nix-tests-debug.patch new file mode 100644 index 000000000000..384178c805f7 --- /dev/null +++ b/third_party/overlays/patches/crate2nix-tests-debug.patch @@ -0,0 +1,12 @@ +diff --git a/templates/nix/crate2nix/default.nix b/templates/nix/crate2nix/default.nix +index 4eefda8..d064118 100644 +--- a/templates/nix/crate2nix/default.nix ++++ b/templates/nix/crate2nix/default.nix +@@ -111,6 +111,7 @@ rec { + ( + _: { + buildTests = true; ++ release = false; + } + ); + # If the user hasn't set any pre/post commands, we don't want to diff --git a/third_party/overlays/patches/evans-add-support-for-unix-domain-sockets.patch b/third_party/overlays/patches/evans-add-support-for-unix-domain-sockets.patch new file mode 100644 index 000000000000..c66528f53880 --- /dev/null +++ b/third_party/overlays/patches/evans-add-support-for-unix-domain-sockets.patch @@ -0,0 +1,39 @@ +From 55d7e7af7c56f678eb817059417241bb61ee5181 Mon Sep 17 00:00:00 2001 +From: Florian Klink <flokli@flokli.de> +Date: Sun, 8 Oct 2023 11:00:27 +0200 +Subject: [PATCH] add support for unix domain sockets + +grpc.NewClient already supports connecting to unix domain sockets, and +accepts a string anyways. + +As a quick fix, detect the `address` starting with `unix://` and don't +add the port. + +In the long term, we might want to deprecate `host` and `port` cmdline +args in favor of a single `address` arg. +--- + mode/common.go | 8 +++++++- + 1 file changed, 7 insertions(+), 1 deletion(-) + +diff --git a/mode/common.go b/mode/common.go +index dfc7839..55f1e36 100644 +--- a/mode/common.go ++++ b/mode/common.go +@@ -13,7 +13,13 @@ import ( + ) + + func newGRPCClient(cfg *config.Config) (grpc.Client, error) { +- addr := fmt.Sprintf("%s:%s", cfg.Server.Host, cfg.Server.Port) ++ addr := cfg.Server.Host ++ ++ // as long as the address doesn't start with unix, also add the port. ++ if !strings.HasPrefix(cfg.Server.Host, "unix://") { ++ addr = fmt.Sprintf("%s:%s", cfg.Server.Host, cfg.Server.Port) ++ } ++ + if cfg.Request.Web { + //TODO: remove second arg + return grpc.NewWebClient(addr, cfg.Server.Reflection, false, "", "", "", grpc.Headers(cfg.Request.Header)), nil +-- +2.42.0 + diff --git a/third_party/overlays/patches/tpm2-pkcs11-190-dbupgrade.patch b/third_party/overlays/patches/tpm2-pkcs11-190-dbupgrade.patch new file mode 100644 index 000000000000..f831c11a80bc --- /dev/null +++ b/third_party/overlays/patches/tpm2-pkcs11-190-dbupgrade.patch @@ -0,0 +1,29 @@ +From 987323794148a6ff5ce3d02eef8cfeb46bee1761 Mon Sep 17 00:00:00 2001 +From: Anton <tracefinder@gmail.com> +Date: Tue, 7 Nov 2023 12:02:15 +0300 +Subject: [PATCH] Skip null attribute during DB update + +Signed-off-by: Anton <tracefinder@gmail.com> +--- + src/lib/db.c | 8 +++++--- + 1 file changed, 5 insertions(+), 3 deletions(-) + +diff --git a/src/lib/db.c b/src/lib/db.c +index b4bbd1bf..74c5a7b4 100644 +--- a/src/lib/db.c ++++ b/src/lib/db.c +@@ -2169,9 +2169,11 @@ static CK_RV dbup_handler_from_7_to_8(sqlite3 *updb) { + + /* for each tobject */ + CK_ATTRIBUTE_PTR a = attr_get_attribute_by_type(tobj->attrs, CKA_ALLOWED_MECHANISMS); +- CK_BYTE type = type_from_ptr(a->pValue, a->ulValueLen); +- if (type != TYPE_BYTE_INT_SEQ) { +- rv = _db_update_tobject_attrs(updb, tobj->id, tobj->attrs); ++ if (a) { ++ CK_BYTE type = type_from_ptr(a->pValue, a->ulValueLen); ++ if (type != TYPE_BYTE_INT_SEQ) { ++ rv = _db_update_tobject_attrs(updb, tobj->id, tobj->attrs); ++ } + } + + tobject_free(tobj); diff --git a/third_party/overlays/patches/treefmt-fix-no-cache.patch b/third_party/overlays/patches/treefmt-fix-no-cache.patch new file mode 100644 index 000000000000..2ad9d595e106 --- /dev/null +++ b/third_party/overlays/patches/treefmt-fix-no-cache.patch @@ -0,0 +1,43 @@ +From 601af097720079ea40db100b1dd6aefba4685e7c Mon Sep 17 00:00:00 2001 +From: Florian Klink <flokli@flokli.de> +Date: Mon, 1 Jul 2024 17:34:08 +0300 +Subject: [PATCH] fix: only try opening the cache if cache is enabled + +Otherwise `--no-cache` still fails to open the cache. +--- + cli/format.go | 12 ++++++++---- + 1 file changed, 8 insertions(+), 4 deletions(-) + +diff --git a/cli/format.go b/cli/format.go +index 492a4f3..8ccf578 100644 +--- a/cli/format.go ++++ b/cli/format.go +@@ -118,9 +118,11 @@ func (f *Format) Run() (err error) { + f.formatters[name] = formatter + } + +- // open the cache +- if err = cache.Open(f.TreeRoot, f.ClearCache, f.formatters); err != nil { +- return err ++ // open the cache if configured ++ if !f.NoCache { ++ if cache.Open(f.TreeRoot, f.ClearCache, f.formatters); err != nil { ++ return err ++ } + } + + // create an app context and listen for shutdown +@@ -148,7 +150,9 @@ func (f *Format) Run() (err error) { + f.processedCh = make(chan *walk.File, cap(f.filesCh)) + + // start concurrent processing tasks in reverse order +- eg.Go(f.updateCache(ctx)) ++ if !f.NoCache { ++ eg.Go(f.updateCache(ctx)) ++ } + eg.Go(f.applyFormatters(ctx)) + eg.Go(f.walkFilesystem(ctx)) + +-- +2.44.1 + |