From 10456c940888d3f23405bcb8f009fade8cfd4111 Mon Sep 17 00:00:00 2001 From: "R. RyanTM" Date: Tue, 19 Jan 2021 09:26:44 +0000 Subject: [PATCH 01/24] clipgrab: 3.9.5 -> 3.9.6 --- pkgs/applications/video/clipgrab/default.nix | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/pkgs/applications/video/clipgrab/default.nix b/pkgs/applications/video/clipgrab/default.nix index c1701dd5174..c92f0bb8d80 100644 --- a/pkgs/applications/video/clipgrab/default.nix +++ b/pkgs/applications/video/clipgrab/default.nix @@ -5,10 +5,10 @@ mkDerivation rec { pname = "clipgrab"; - version = "3.9.5"; + version = "3.9.6"; src = fetchurl { - sha256 = "1p8pqa5s70basdm2zpmahc54shsxrr0fr7chvv425n5a9sqba4dh"; + sha256 = "sha256-1rQu2Gh9PKSbC0tuQxLwFhzy280z4obpa+eXvDBzDW0="; # The .tar.bz2 "Download" link is a binary blob, the source is the .tar.gz! url = "https://download.clipgrab.org/${pname}-${version}.tar.gz"; }; From 366bfd5cac3abc317c7fc12a777b43a5cc994671 Mon Sep 17 00:00:00 2001 From: "R. RyanTM" Date: Tue, 19 Jan 2021 09:36:21 +0000 Subject: [PATCH 02/24] cproto: 4.7q -> 4.7r --- pkgs/development/tools/misc/cproto/default.nix | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/pkgs/development/tools/misc/cproto/default.nix b/pkgs/development/tools/misc/cproto/default.nix index e18196fe595..a5a6596c332 100644 --- a/pkgs/development/tools/misc/cproto/default.nix +++ b/pkgs/development/tools/misc/cproto/default.nix @@ -2,7 +2,7 @@ stdenv.mkDerivation rec { pname = "cproto"; - version = "4.7q"; + version = "4.7r"; src = fetchurl { urls = [ @@ -10,7 +10,7 @@ stdenv.mkDerivation rec { # No version listings and apparently no versioned tarball over http(s). "ftp://ftp.invisible-island.net/cproto/cproto-${version}.tgz" ]; - sha256 = "138n5j6lkanbbdcs63irzxny4nfgp0zk66z621xjbnybf920svpk"; + sha256 = "sha256-bgRg2yVZXHobUz8AUaV4ZKBkp2KjP+2oXbDXmPTUX8U="; }; # patch made by Joe Khoobyar copied from gentoo bugs From 6d7f4515576b6355c710a285136ca6ea328065e6 Mon Sep 17 00:00:00 2001 From: "R. RyanTM" Date: Wed, 20 Jan 2021 13:33:19 +0000 Subject: [PATCH 03/24] pax-utils: 1.2.6 -> 1.2.8 --- pkgs/os-specific/linux/pax-utils/default.nix | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/pkgs/os-specific/linux/pax-utils/default.nix b/pkgs/os-specific/linux/pax-utils/default.nix index f69b2bd7fce..40159cd2acd 100644 --- a/pkgs/os-specific/linux/pax-utils/default.nix +++ b/pkgs/os-specific/linux/pax-utils/default.nix @@ -2,11 +2,11 @@ stdenv.mkDerivation rec { pname = "pax-utils"; - version = "1.2.6"; + version = "1.2.8"; src = fetchurl { url = "http://distfiles.gentoo.org/distfiles/${pname}-${version}.tar.xz"; - sha256 = "08bzvgv1z3371sqf7zlm9i0b1y3wdymj2dqdvzvf192k3nix4hlp"; + sha256 = "sha256-urTIhG4dLMNmnPqSMdIdszWEHX1Y+eGc0Jn+bOYmsVc="; }; makeFlags = [ "PREFIX=$(out)" ]; From 1849f2131bcc62ef700a1f259f7467f82b7b5a08 Mon Sep 17 00:00:00 2001 From: "R. RyanTM" Date: Thu, 21 Jan 2021 14:25:34 +0000 Subject: [PATCH 04/24] cutelyst: 2.14.0 -> 2.14.2 --- pkgs/development/libraries/cutelyst/default.nix | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/pkgs/development/libraries/cutelyst/default.nix b/pkgs/development/libraries/cutelyst/default.nix index 80ec1986f8c..9f7d020feaf 100644 --- a/pkgs/development/libraries/cutelyst/default.nix +++ b/pkgs/development/libraries/cutelyst/default.nix @@ -4,13 +4,13 @@ stdenv.mkDerivation rec { pname = "cutelyst"; - version = "2.14.0"; + version = "2.14.2"; src = fetchFromGitHub { owner = "cutelyst"; repo = "cutelyst"; rev = "v${version}"; - sha256 = "sha256-RidUZqDnzRrgW/7LVF+BF01zNcf1cJ/kS7OF/t1Q65c="; + sha256 = "sha256-JUffOeUTeaZvEssP5hfSGipeRuQ7FzLF4bOizCFhe5o="; }; nativeBuildInputs = [ cmake pkg-config wrapQtAppsHook ]; From 17c5a6bab2b22deba43d716f76486f777d2bcdcb Mon Sep 17 00:00:00 2001 From: "R. RyanTM" Date: Fri, 22 Jan 2021 19:21:13 +0000 Subject: [PATCH 05/24] pidgin-carbons: 0.2.2 -> 0.2.3 --- .../instant-messengers/pidgin-plugins/carbons/default.nix | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/pkgs/applications/networking/instant-messengers/pidgin-plugins/carbons/default.nix b/pkgs/applications/networking/instant-messengers/pidgin-plugins/carbons/default.nix index 46f8458f153..f702a667ae1 100644 --- a/pkgs/applications/networking/instant-messengers/pidgin-plugins/carbons/default.nix +++ b/pkgs/applications/networking/instant-messengers/pidgin-plugins/carbons/default.nix @@ -2,13 +2,13 @@ stdenv.mkDerivation rec { pname = "pidgin-carbons"; - version = "0.2.2"; + version = "0.2.3"; src = fetchFromGitHub { owner = "gkdr"; repo = "carbons"; rev = "v${version}"; - sha256 = "1aq9bwgpmbwrigq6ywf0pjkngqcm0qxncygaj1fi57npjhcjs6ln"; + sha256 = "sha256-qiyIvmJbRmCrAi/93UxDVtO76nSdtzUVfT/sZGxxAh8="; }; makeFlags = [ "PURPLE_PLUGIN_DIR=$(out)/lib/pidgin" ]; From 9da1056eefcf7c146ad290fdb1c13e4ecc610cab Mon Sep 17 00:00:00 2001 From: "R. RyanTM" Date: Sat, 30 Jan 2021 01:46:31 +0000 Subject: [PATCH 06/24] gtkwave: 3.3.107 -> 3.3.108 --- pkgs/applications/science/electronics/gtkwave/default.nix | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/pkgs/applications/science/electronics/gtkwave/default.nix b/pkgs/applications/science/electronics/gtkwave/default.nix index 971891a5b01..3a3994d9ad6 100644 --- a/pkgs/applications/science/electronics/gtkwave/default.nix +++ b/pkgs/applications/science/electronics/gtkwave/default.nix @@ -2,11 +2,11 @@ stdenv.mkDerivation rec { pname = "gtkwave"; - version = "3.3.107"; + version = "3.3.108"; src = fetchurl { url = "mirror://sourceforge/gtkwave/${pname}-gtk3-${version}.tar.gz"; - sha256 = "0ma30jyc94iid3v3m8aw4i2lyiqfxkpsdvdmmaibynk400cbzivl"; + sha256 = "sha256-LtlexZKih+Si/pH3oQpWdpzfZ6j+41Otgfx7nLMfFSQ="; }; nativeBuildInputs = [ pkg-config wrapGAppsHook ]; From 0b03e2c08a6c42f52e9d4d7c0d6d5ee93e8fef75 Mon Sep 17 00:00:00 2001 From: "R. RyanTM" Date: Wed, 3 Feb 2021 16:47:01 +0000 Subject: [PATCH 07/24] matterbridge: 1.21.0 -> 1.22.0 --- pkgs/servers/matterbridge/default.nix | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/pkgs/servers/matterbridge/default.nix b/pkgs/servers/matterbridge/default.nix index 6d12ac84d90..4235c7e26b1 100644 --- a/pkgs/servers/matterbridge/default.nix +++ b/pkgs/servers/matterbridge/default.nix @@ -2,7 +2,7 @@ buildGoModule rec { pname = "matterbridge"; - version = "1.21.0"; + version = "1.22.0"; vendorSha256 = null; @@ -10,7 +10,7 @@ buildGoModule rec { src = fetchurl { url = "https://github.com/42wim/matterbridge/archive/v${version}.tar.gz"; - sha256 = "sha256-ehn6KdPpDpfdyWCVfLuZLq2dDmZXc6InlnovqNsdG6Y="; + sha256 = "sha256-jwatqxQh4t4tgNiOEjS9vxIM+9XtnH8QNch887+xDnI="; }; meta = with lib; { From 2e024cb867c57d589c8dee482fec131df08b7e39 Mon Sep 17 00:00:00 2001 From: oxalica Date: Mon, 22 Feb 2021 22:32:37 +0800 Subject: [PATCH 08/24] {partition-manager,libsForQt5.kpmcore}: 3.3.1 -> 4.2.0 and fix build --- .../development/libraries/kpmcore/default.nix | 42 +++++++++---- pkgs/tools/misc/partition-manager/default.nix | 60 +++++++++++++++---- 2 files changed, 77 insertions(+), 25 deletions(-) diff --git a/pkgs/development/libraries/kpmcore/default.nix b/pkgs/development/libraries/kpmcore/default.nix index 315a38197a1..c3621d37587 100644 --- a/pkgs/development/libraries/kpmcore/default.nix +++ b/pkgs/development/libraries/kpmcore/default.nix @@ -1,25 +1,38 @@ -{ stdenv, lib, fetchurl, extra-cmake-modules -, qtbase, kio -, libatasmart, parted -, util-linux }: +{ stdenv, lib, fetchurl, fetchpatch, extra-cmake-modules +, qca-qt5, kauth, kio, polkit-qt, qtbase +, util-linux +}: stdenv.mkDerivation rec { pname = "kpmcore"; - version = "3.3.0"; + # NOTE: When changing this version, also change the version of `partition-manager`. + version = "4.2.0"; src = fetchurl { url = "mirror://kde/stable/${pname}/${version}/src/${pname}-${version}.tar.xz"; - sha256 = "0s6v0jfrhjg31ri5p6h9n4w29jvasf5dj954j3vfpzl91lygmmmq"; + hash = "sha256-MvW0CqvFZtzcJlya6DIpzorPbKJai6fxt7nKsKpJn54="; }; + patches = [ + # Fix build with `kcoreaddons` >= 5.77.0 + (fetchpatch { + url = "https://github.com/KDE/kpmcore/commit/07e5a3ac2858e6d38cc698e0f740e7a693e9f302.patch"; + sha256 = "sha256-LYzea888euo2HXM+acWaylSw28iwzOdZBvPBt/gjP1s="; + }) + # Fix crash when `fstab` omits mount options. + (fetchpatch { + url = "https://github.com/KDE/kpmcore/commit/eea84fb60525803a789e55bb168afb968464c130.patch"; + sha256 = "sha256-NJ3PvyRC6SKNSOlhJPrDDjepuw7IlAoufPgvml3fap0="; + }) + ]; + buildInputs = [ - qtbase - libatasmart - parted # we only need the library - + qca-qt5 + kauth kio + polkit-qt - util-linux # needs blkid (note that this is not provided by util-linux-compat) + util-linux # Needs blkid in configure script (note that this is not provided by util-linux-compat) ]; nativeBuildInputs = [ extra-cmake-modules ]; @@ -27,8 +40,11 @@ stdenv.mkDerivation rec { dontWrapQtApps = true; meta = with lib; { - maintainers = with lib.maintainers; [ peterhoeg ]; + description = "KDE Partition Manager core library"; + homepage = "https://invent.kde.org/system/kpmcore"; + license = with licenses; [ cc-by-40 cc0 gpl3Plus mit ]; + maintainers = with maintainers; [ peterhoeg oxalica ]; # The build requires at least Qt 5.14: - broken = lib.versionOlder qtbase.version "5.14"; + broken = versionOlder qtbase.version "5.14"; }; } diff --git a/pkgs/tools/misc/partition-manager/default.nix b/pkgs/tools/misc/partition-manager/default.nix index 845c0fec921..064590ef979 100644 --- a/pkgs/tools/misc/partition-manager/default.nix +++ b/pkgs/tools/misc/partition-manager/default.nix @@ -1,30 +1,66 @@ -{ mkDerivation, fetchurl, lib +{ mkDerivation, fetchurl, lib, makeWrapper , extra-cmake-modules, kdoctools, wrapGAppsHook, wrapQtAppsHook , kconfig, kcrash, kinit, kpmcore -, eject, libatasmart , util-linux, qtbase +, cryptsetup, lvm2, mdadm, smartmontools, systemdMinimal, util-linux +, btrfs-progs, dosfstools, e2fsprogs, exfat, f2fs-tools, fatresize, hfsprogs +, jfsutils, nilfs-utils, ntfs3g, reiser4progs, reiserfsprogs, udftools, xfsprogs, zfs }: let - pname = "partitionmanager"; + # External programs are resolved by `partition-manager` and then + # invoked by `kpmcore_externalcommand` from `kpmcore` as root. + # So these packages should be in PATH of `partition-manager`. + # https://github.com/KDE/kpmcore/blob/06f15334ecfbe871730a90dbe2b694ba060ee998/src/util/externalcommand_whitelist.h + runtimeDeps = lib.makeBinPath [ + cryptsetup + lvm2 + mdadm + smartmontools + systemdMinimal + util-linux + + btrfs-progs + dosfstools + e2fsprogs + exfat + f2fs-tools + fatresize + hfsprogs + jfsutils + nilfs-utils + ntfs3g + reiser4progs + reiserfsprogs + udftools + xfsprogs + zfs + + # FIXME: Missing command: tune.exfat hfsck hformat fsck.nilfs2 {fsck,mkfs,debugfs,tunefs}.ocfs2 + ]; + in mkDerivation rec { - name = "${pname}-${version}"; - version = "3.3.1"; + pname = "partitionmanager"; + # NOTE: When changing this version, also change the version of `kpmcore`. + version = "4.2.0"; src = fetchurl { - url = "mirror://kde/stable/${pname}/${version}/src/${name}.tar.xz"; - sha256 = "0jhggb4xksb0k0mj752n6pz0xmccnbzlp984xydqbz3hkigra1si"; + url = "mirror://kde/stable/${pname}/${version}/src/${pname}-${version}.tar.xz"; + hash = "sha256-6Qlt1c47Eek6TkWWBzTyBZYJ1jfhtwsC9X5q5h6IhPg="; }; - nativeBuildInputs = [ extra-cmake-modules kdoctools wrapGAppsHook wrapQtAppsHook ]; + nativeBuildInputs = [ extra-cmake-modules kdoctools wrapGAppsHook wrapQtAppsHook makeWrapper ]; - # refer to kpmcore for the use of eject - buildInputs = [ eject libatasmart util-linux ]; propagatedBuildInputs = [ kconfig kcrash kinit kpmcore ]; + postFixup = '' + wrapProgram $out/bin/partitionmanager \ + --prefix PATH : "${runtimeDeps}" + ''; + meta = with lib; { description = "KDE Partition Manager"; - license = licenses.gpl2; + license = with licenses; [ cc-by-40 cc0 gpl3Plus lgpl3Plus mit ]; homepage = "https://www.kde.org/applications/system/kdepartitionmanager/"; - maintainers = with maintainers; [ peterhoeg ]; + maintainers = with maintainers; [ peterhoeg oxalica ]; }; } From bb0bc3c1f8bdd0d222662b6ad87a2681f38115b1 Mon Sep 17 00:00:00 2001 From: oxalica Date: Mon, 22 Feb 2021 22:35:43 +0800 Subject: [PATCH 09/24] nixos/partition-manager: init --- nixos/modules/module-list.nix | 1 + nixos/modules/programs/partition-manager.nix | 19 +++++++++++++++++++ 2 files changed, 20 insertions(+) create mode 100644 nixos/modules/programs/partition-manager.nix diff --git a/nixos/modules/module-list.nix b/nixos/modules/module-list.nix index 644229627b2..9ddf5b92e63 100644 --- a/nixos/modules/module-list.nix +++ b/nixos/modules/module-list.nix @@ -155,6 +155,7 @@ ./programs/nm-applet.nix ./programs/npm.nix ./programs/oblogout.nix + ./programs/partition-manager.nix ./programs/plotinus.nix ./programs/proxychains.nix ./programs/qt5ct.nix diff --git a/nixos/modules/programs/partition-manager.nix b/nixos/modules/programs/partition-manager.nix new file mode 100644 index 00000000000..1be2f0a69a1 --- /dev/null +++ b/nixos/modules/programs/partition-manager.nix @@ -0,0 +1,19 @@ +{ config, lib, pkgs, ... }: + +with lib; + +{ + meta.maintainers = [ maintainers.oxalica ]; + + ###### interface + options = { + programs.partition-manager.enable = mkEnableOption "KDE Partition Manager"; + }; + + ###### implementation + config = mkIf config.programs.partition-manager.enable { + services.dbus.packages = [ pkgs.libsForQt5.kpmcore ]; + # `kpmcore` need to be installed to pull in polkit actions. + environment.systemPackages = [ pkgs.libsForQt5.kpmcore pkgs.partition-manager ]; + }; +} From 101a708184102249125147cd73f0534db142bd60 Mon Sep 17 00:00:00 2001 From: "R. RyanTM" Date: Tue, 9 Mar 2021 15:43:33 +0000 Subject: [PATCH 10/24] samplv1: 0.9.18 -> 0.9.20 --- pkgs/applications/audio/samplv1/default.nix | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/pkgs/applications/audio/samplv1/default.nix b/pkgs/applications/audio/samplv1/default.nix index 4b06a99d473..8f0a4808121 100644 --- a/pkgs/applications/audio/samplv1/default.nix +++ b/pkgs/applications/audio/samplv1/default.nix @@ -5,11 +5,11 @@ mkDerivation rec { pname = "samplv1"; - version = "0.9.18"; + version = "0.9.20"; src = fetchurl { url = "mirror://sourceforge/samplv1/${pname}-${version}.tar.gz"; - sha256 = "ePhM9OTLJp1Wa2D9Y1Dqq/69WlEhEp3ih9yNUIJU5Y4="; + sha256 = "sha256-9tm72lV9i/155TVweNwO2jpPsCJkh6r82g7Z1wCI1ho="; }; nativeBuildInputs = [ qttools pkg-config ]; From 1adef4a8788763dc416284f610efd4d566be1fad Mon Sep 17 00:00:00 2001 From: Pamplemousse Date: Mon, 15 Mar 2021 12:17:28 -0700 Subject: [PATCH 11/24] documentation: Add content about Vulnerability roundups Signed-off-by: Pamplemousse --- .../submitting-changes.chapter.md | 19 ++++---- .../vulnerability-roundup.chapter.md | 45 +++++++++++++++++++ doc/manual.xml | 1 + 3 files changed, 56 insertions(+), 9 deletions(-) create mode 100644 doc/contributing/vulnerability-roundup.chapter.md diff --git a/doc/contributing/submitting-changes.chapter.md b/doc/contributing/submitting-changes.chapter.md index 44e981f12a5..13f15b929cf 100644 --- a/doc/contributing/submitting-changes.chapter.md +++ b/doc/contributing/submitting-changes.chapter.md @@ -68,15 +68,16 @@ Security fixes are submitted in the same way as other changes and thus the same guidelines apply. -If the security fix comes in the form of a patch and a CVE is available, then the name of the patch should be the CVE identifier, so e.g. `CVE-2019-13636.patch` in the case of a patch that is included in the Nixpkgs tree. If a patch is fetched the name needs to be set as well, e.g.: - -```nix -(fetchpatch { - name = "CVE-2019-11068.patch"; - url = "https://gitlab.gnome.org/GNOME/libxslt/commit/e03553605b45c88f0b4b2980adfbbb8f6fca2fd6.patch"; - sha256 = "0pkpb4837km15zgg6h57bncp66d5lwrlvkr73h0lanywq7zrwhj8"; -}) -``` +- If a new version fixing the vulnerability has been released, update the package; +- If the security fix comes in the form of a patch and a CVE is available, then add the patch to the Nixpkgs tree, and apply it to the package. + The name of the patch should be the CVE identifier, so e.g. `CVE-2019-13636.patch`; If a patch is fetched the name needs to be set as well, e.g.: + ```nix + (fetchpatch { + name = "CVE-2019-11068.patch"; + url = "https://gitlab.gnome.org/GNOME/libxslt/commit/e03553605b45c88f0b4b2980adfbbb8f6fca2fd6.patch"; + sha256 = "0pkpb4837km15zgg6h57bncp66d5lwrlvkr73h0lanywq7zrwhj8"; + }) + ``` If a security fix applies to both master and a stable release then, similar to regular changes, they are preferably delivered via master first and cherry-picked to the release branch. diff --git a/doc/contributing/vulnerability-roundup.chapter.md b/doc/contributing/vulnerability-roundup.chapter.md new file mode 100644 index 00000000000..d451420f981 --- /dev/null +++ b/doc/contributing/vulnerability-roundup.chapter.md @@ -0,0 +1,45 @@ +# Vulnerability Roundup {#chap-vulnerability-roundup} + +## Issues {#vulnerability-roundup-issues} + +Vulnerable packages in Nixpkgs are managed using issues. +Currently opened ones can be found using the following: + +[github.com/NixOS/nixpkgs/issues?q=is:issue+is:open+"Vulnerability+roundup"](https://github.com/NixOS/nixpkgs/issues?q=is%3Aissue+is%3Aopen+%22Vulnerability+roundup%22) + +Each issue correspond to a vulnerable version of a package; As a consequence: + +- One issue can contain several CVEs; +- One CVE can be shared across several issues; +- A single package can be concerned by several issues. + + +A "Vulnerability roundup" issue usually respects the following format: + +```txt +, + + + + + + +``` + +Note that there can be an extra comment containing links to previously reported (and still open) issues for the same package. + + +## Triaging and Fixing {#vulnerability-roundup-triaging-and-fixing} + +**Note**: An issue can be a "false positive" (i.e. automatically opened, but without the package it refers to being actually vulnerable). +If you find such a "false positive", comment on the issue an explanation of why it falls into this category, linking as much information as the necessary to help maintainers double check. + +If you are investigating a "true positive": + +- Find the earliest patched version or a code patch in the CVE details; +- Is the issue already patched (version up-to-date or patch applied manually) in Nixpkgs's `master` branch? + - **No**: + - [Submit a security fix](#submitting-changes-submitting-security-fixes); + - Once the fix is merged into `master`, [submit the change to the vulnerable release branch(es)](https://nixos.org/manual/nixpkgs/stable/#submitting-changes-stable-release-branches); + - **Yes**: [Backport the change to the vulnerable release branch(es)](https://nixos.org/manual/nixpkgs/stable/#submitting-changes-stable-release-branches). +- When the patch has made it into all the relevant branches (`master`, and the vulnerable releases), close the relevant issue(s). diff --git a/doc/manual.xml b/doc/manual.xml index b0490ec74ae..dd1434fce02 100644 --- a/doc/manual.xml +++ b/doc/manual.xml @@ -35,6 +35,7 @@ + From df8fc751da377a52a9e1987378c29a53d04b5d9e Mon Sep 17 00:00:00 2001 From: freezeboy Date: Thu, 18 Mar 2021 15:28:05 +0100 Subject: [PATCH 12/24] mattermost: 5.25.3 -> 5.32.1 --- pkgs/servers/mattermost/default.nix | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/pkgs/servers/mattermost/default.nix b/pkgs/servers/mattermost/default.nix index f63f76efaba..6a7ba06df88 100644 --- a/pkgs/servers/mattermost/default.nix +++ b/pkgs/servers/mattermost/default.nix @@ -1,7 +1,7 @@ { lib, stdenv, fetchurl, fetchFromGitHub, buildGoPackage, buildEnv }: let - version = "5.25.3"; + version = "5.32.1"; mattermost-server = buildGoPackage rec { pname = "mattermost-server"; @@ -11,7 +11,7 @@ let owner = "mattermost"; repo = "mattermost-server"; rev = "v${version}"; - sha256 = "03xcwlbb9ff5whsdn2m3kqskxpwpfciikjjndbhksc8k8963z07j"; + sha256 = "BssrTfkIxUbXYXIfz9i+5b4rEYSzBim+/riK78m8Bxo="; }; goPackagePath = "github.com/mattermost/mattermost-server"; @@ -29,7 +29,7 @@ let src = fetchurl { url = "https://releases.mattermost.com/${version}/mattermost-${version}-linux-amd64.tar.gz"; - sha256 = "1p1qxzrd6rj1i43vj18ysknrw2v02s7llx94nrdd5lk10ayzmg63"; + sha256 = "kRerl3fYRTrotj86AIFSor3GpjhABkCmego1ms9HmkQ="; }; installPhase = '' From 12238b08ef347c3e6118e97daadc6ac05efc48b0 Mon Sep 17 00:00:00 2001 From: Ivan Babrou Date: Thu, 18 Mar 2021 19:38:58 -0700 Subject: [PATCH 13/24] pythonPackages.pylint: fix build on darwin The test no longer exists after #112908: ``` Disabled tests path "pylint/test/test_functional.py" does not exist. Aborting ``` --- pkgs/development/python-modules/pylint/default.nix | 2 -- 1 file changed, 2 deletions(-) diff --git a/pkgs/development/python-modules/pylint/default.nix b/pkgs/development/python-modules/pylint/default.nix index a7606de3f34..43183482ece 100644 --- a/pkgs/development/python-modules/pylint/default.nix +++ b/pkgs/development/python-modules/pylint/default.nix @@ -63,8 +63,6 @@ buildPythonPackage rec { "test_py3k_jobs_option" ]; - disabledTestPaths = lib.optional stdenv.isDarwin "pylint/test/test_functional.py"; - meta = with lib; { homepage = "https://pylint.pycqa.org/"; description = "A bug and style checker for Python"; From 1f7bf3790d6b4ac3002b6af80259ae2df3eb4f6b Mon Sep 17 00:00:00 2001 From: "R. RyanTM" Date: Fri, 19 Mar 2021 04:11:25 +0000 Subject: [PATCH 14/24] python38Packages.gradient: 1.4.2 -> 1.4.3 --- pkgs/development/python-modules/gradient/default.nix | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/pkgs/development/python-modules/gradient/default.nix b/pkgs/development/python-modules/gradient/default.nix index 05a590e52fe..c74501c621e 100644 --- a/pkgs/development/python-modules/gradient/default.nix +++ b/pkgs/development/python-modules/gradient/default.nix @@ -7,11 +7,11 @@ buildPythonPackage rec { pname = "gradient"; - version = "1.4.2"; + version = "1.4.3"; src = fetchPypi { inherit pname version; - sha256 = "2ed10db306d4c8632b7d04d71d44a04331a6e80e5ebab7296a98e67e8a50fb71"; + sha256 = "a8fa91669c97440049132119019e90d0a9cf09e96352cf43c7c6ca244894bd4e"; }; postPatch = '' From 6e356dd8f7b2e331e542b08d8e1f613a070ea4a5 Mon Sep 17 00:00:00 2001 From: "R. RyanTM" Date: Fri, 19 Mar 2021 02:19:58 +0000 Subject: [PATCH 15/24] python38Packages.databricks-cli: 0.14.2 -> 0.14.3 --- pkgs/development/python-modules/databricks-cli/default.nix | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/pkgs/development/python-modules/databricks-cli/default.nix b/pkgs/development/python-modules/databricks-cli/default.nix index 54cec0f98ad..547b9a3af7a 100644 --- a/pkgs/development/python-modules/databricks-cli/default.nix +++ b/pkgs/development/python-modules/databricks-cli/default.nix @@ -9,11 +9,11 @@ buildPythonPackage rec { pname = "databricks-cli"; - version = "0.14.2"; + version = "0.14.3"; src = fetchPypi { inherit pname version; - sha256 = "9e956f0efb7aad100d9963f223db986392cf2dc3e9922f2f83e55d372e84ef16"; + sha256 = "bdf89a3917a3f8f8b99163e38d40e66dc478c7408954747f145cd09816b05e2c"; }; checkInputs = [ From dd503734f05f1750e86f89ea122fc4e5e2407c7a Mon Sep 17 00:00:00 2001 From: "R. RyanTM" Date: Fri, 19 Mar 2021 03:34:40 +0000 Subject: [PATCH 16/24] python38Packages.jenkins-job-builder: 3.8.0 -> 3.9.0 --- .../python-modules/jenkins-job-builder/default.nix | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/pkgs/development/python-modules/jenkins-job-builder/default.nix b/pkgs/development/python-modules/jenkins-job-builder/default.nix index 7d4f6dd9363..3ae6bf84ae4 100644 --- a/pkgs/development/python-modules/jenkins-job-builder/default.nix +++ b/pkgs/development/python-modules/jenkins-job-builder/default.nix @@ -10,11 +10,11 @@ buildPythonPackage rec { pname = "jenkins-job-builder"; - version = "3.8.0"; + version = "3.9.0"; src = fetchPypi { inherit pname version; - sha256 = "sha256-uRyeRP1y3GS7tXb0kHLBi7+trJRme/Ke3xgOY+LqZ6k="; + sha256 = "4a53e146843d567c375c2e61e70a840d75a412402fd78c1dd3da5642a6aaa375"; }; postPatch = '' From 1bb03d47cd31fcf88e727878e33569c9b4ab335f Mon Sep 17 00:00:00 2001 From: Vincent Laporte Date: Fri, 12 Mar 2021 18:00:28 +0100 Subject: [PATCH 17/24] =?UTF-8?q?ocamlPackages.ppx=5Fimport:=201.7.1=20?= =?UTF-8?q?=E2=86=92=201.8.0?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- .../ocaml-modules/ppx_import/default.nix | 17 +++++++++-------- 1 file changed, 9 insertions(+), 8 deletions(-) diff --git a/pkgs/development/ocaml-modules/ppx_import/default.nix b/pkgs/development/ocaml-modules/ppx_import/default.nix index b5651a8cec2..4ad26ff0862 100644 --- a/pkgs/development/ocaml-modules/ppx_import/default.nix +++ b/pkgs/development/ocaml-modules/ppx_import/default.nix @@ -1,27 +1,28 @@ -{ lib, fetchurl, buildDunePackage, ocaml -, ounit, ppx_deriving, ppx_tools_versioned -, ppxlib, ocaml-migrate-parsetree +{ lib, fetchurl, buildDunePackage +, ppx_tools_versioned +, ocaml-migrate-parsetree +, ounit, ppx_deriving, ppxlib }: buildDunePackage rec { pname = "ppx_import"; - version = "1.7.1"; + version = "1.8.0"; useDune2 = true; minimumOCamlVersion = "4.04"; src = fetchurl { - url = "https://github.com/ocaml-ppx/ppx_import/releases/download/v${version}/ppx_import-v${version}.tbz"; - sha256 = "16dyxfb7syz659rqa7yq36ny5vzl7gkqd7f4m6qm2zkjc1gc8j4v"; + url = "https://github.com/ocaml-ppx/ppx_import/releases/download/v${version}/ppx_import-${version}.tbz"; + sha256 = "0zqcj70yyp4ik4jc6jz3qs2xhb94vxc6yq9ij0d5cyak28klc3gv"; }; propagatedBuildInputs = [ - ppxlib ppx_tools_versioned ocaml-migrate-parsetree + ppx_tools_versioned ocaml-migrate-parsetree ]; doCheck = true; - checkInputs = [ ounit ppx_deriving ]; + checkInputs = [ ounit ppx_deriving ppxlib ]; meta = { description = "A syntax extension that allows to pull in types or signatures from other compiled interface files"; From 297b1ba320ae8467bf273f5831e5ec358685057c Mon Sep 17 00:00:00 2001 From: Alexander Foremny Date: Fri, 19 Mar 2021 09:03:49 +0100 Subject: [PATCH 18/24] Revert "nixos/systemd: Handle template overrides" This reverts commit e3b90b6ccc4cf4147fd01df1ed8779b1c85744bd. This commit broke container tests and thus blocked channels from advancing. --- nixos/modules/system/boot/systemd-lib.nix | 13 +------ nixos/tests/systemd-template-override.nix | 41 ----------------------- 2 files changed, 1 insertion(+), 53 deletions(-) delete mode 100644 nixos/tests/systemd-template-override.nix diff --git a/nixos/modules/system/boot/systemd-lib.nix b/nixos/modules/system/boot/systemd-lib.nix index 6051a428574..2dbf15031a0 100644 --- a/nixos/modules/system/boot/systemd-lib.nix +++ b/nixos/modules/system/boot/systemd-lib.nix @@ -182,18 +182,7 @@ in rec { # upstream unit. for i in ${toString (mapAttrsToList (n: v: v.unit) units)}; do fn=$(basename $i/*) - - case $fn in - # if file name is a template specialization, use the template's name - *@?*.service) - # remove @foo.service and replace it with @.service - ofn="''${fn%@*.service}@.service" - ;; - *) - ofn="$fn" - esac - - if [ -e $out/$ofn ]; then + if [ -e $out/$fn ]; then if [ "$(readlink -f $i/$fn)" = /dev/null ]; then ln -sfn /dev/null $out/$fn else diff --git a/nixos/tests/systemd-template-override.nix b/nixos/tests/systemd-template-override.nix deleted file mode 100644 index d8ef4a6c1c9..00000000000 --- a/nixos/tests/systemd-template-override.nix +++ /dev/null @@ -1,41 +0,0 @@ -import ./make-test-python.nix { - name = "systemd-template-override"; - - machine = { pkgs, lib, ... }: let - touchTmp = pkgs.writeTextFile { - name = "touch-tmp@.service"; - text = '' - [Service] - Type=oneshot - ExecStart=${pkgs.coreutils}/bin/touch /tmp/%I - ''; - destination = "/etc/systemd/system/touch-tmp@.service"; - }; - in { - systemd.packages = [ touchTmp ]; - - systemd.services."touch-tmp@forbidden" = { - serviceConfig.ExecStart = [ "" '' - ${pkgs.coreutils}/bin/true - '']; - }; - - systemd.services."touch-tmp@intercept" = { - serviceConfig.ExecStart = [ "" '' - ${pkgs.coreutils}/bin/touch /tmp/renamed - '']; - }; - }; - - testScript = '' - machine.wait_for_unit("default.target") - - machine.succeed("systemctl start touch-tmp@normal") - machine.succeed("systemctl start touch-tmp@forbbidden") - machine.succeed("systemctl start touch-tmp@intercept") - - machine.succeed("[ -e /tmp/normal ]") - machine.succeed("[ ! -e /tmp/forbidden ]") - machine.succeed("[ -e /tmp/renamed ]") - ''; -} From 33bd43d2ea3bbed1aef2cd9d5a30f04756842045 Mon Sep 17 00:00:00 2001 From: Michael Weiss Date: Fri, 19 Mar 2021 11:26:07 +0100 Subject: [PATCH 19/24] chromiumDev: 91.0.4442.4 -> 91.0.4449.6 --- .../networking/browsers/chromium/upstream-info.json | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/pkgs/applications/networking/browsers/chromium/upstream-info.json b/pkgs/applications/networking/browsers/chromium/upstream-info.json index 667d872ac62..da36f2de68e 100644 --- a/pkgs/applications/networking/browsers/chromium/upstream-info.json +++ b/pkgs/applications/networking/browsers/chromium/upstream-info.json @@ -31,15 +31,15 @@ } }, "dev": { - "version": "91.0.4442.4", - "sha256": "0cmm2pimkghb6s956bkqf2k77lj69dz51nlydgkqbvw0sc8n784k", - "sha256bin64": "1hbfx8n51p7dwwz1vbp94jdmlb96vvxrbql2af4kmvx1bmzr2ism", + "version": "91.0.4449.6", + "sha256": "1y6z7p64fi4dxyrxrnlmg0wwczgw58cinrsywhnrpl2wp2y3v6m3", + "sha256bin64": "1baxra0hg981awinyyvm1x46rlskjmhs2m1h0zf72l11y1jyj5vc", "deps": { "gn": { - "version": "2021-02-09", + "version": "2021-03-12", "url": "https://gn.googlesource.com/gn", - "rev": "dfcbc6fed0a8352696f92d67ccad54048ad182b3", - "sha256": "1941bzg37c4dpsk3sh6ga3696gpq6vjzpcw9rsnf6kdr9mcgdxvn" + "rev": "64b3b9401c1c3ed5f3c43c1cac00b91f83597ab8", + "sha256": "14whk4gyx21cqxy1560xm8p1mc1581dh9g7xy120g8vvcylknjlm" } } }, From 9a3f2457f128cbbcbddb9053822988fdd247e416 Mon Sep 17 00:00:00 2001 From: Andreas Rammhold Date: Fri, 19 Mar 2021 11:26:01 +0100 Subject: [PATCH 20/24] grafana: 7.4.3 -> 7.4.5 This fixes a few CVEs around authentication bypass with Grafana. Details are available in the [annoucement]. CVE-2021-27962, CVE-2021-28146, CVE-2021-28147, CVE-2021-28148 [annoucement]: https://grafana.com/blog/2021/03/18/grafana-6.7.6-7.3.10-and-7.4.5-released-with-important-security-fixes-for-grafana-enterprise/ --- pkgs/servers/monitoring/grafana/default.nix | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/pkgs/servers/monitoring/grafana/default.nix b/pkgs/servers/monitoring/grafana/default.nix index dc7ca728f2c..9bf10165e00 100644 --- a/pkgs/servers/monitoring/grafana/default.nix +++ b/pkgs/servers/monitoring/grafana/default.nix @@ -2,7 +2,7 @@ buildGoModule rec { pname = "grafana"; - version = "7.4.3"; + version = "7.4.5"; excludedPackages = [ "release_publisher" ]; @@ -10,15 +10,15 @@ buildGoModule rec { rev = "v${version}"; owner = "grafana"; repo = "grafana"; - sha256 = "sha256-FPQa6q1ks9Lpod5sI29YBnGZvVRU12hTiw6GR85/mEs="; + sha256 = "10pnwd4d19ry7w2x46acc3j8gjn73b45fzc579gz1hc8hx2b3s0s"; }; srcStatic = fetchurl { url = "https://dl.grafana.com/oss/release/grafana-${version}.linux-amd64.tar.gz"; - sha256 = "sha256-idbG+K9NVnNhEB0f7DfP7iaEnHMf59ieQtYnmT6CvVM="; + sha256 = "1x9jx3ww37cn6r6cn6gqlavmllxydks23vm8w4934bv8zppj1zwz"; }; - vendorSha256 = "sha256-LL+EkDZbbaNo/fPMGlPsB8jgBYHoe6SdkBbQoW5y4EU="; + vendorSha256 = "0ig0f9pa3l0nj2fs8yz8h42y1j07xi9imk7kzmla6vav6s889grc"; postPatch = '' substituteInPlace pkg/cmd/grafana-server/main.go \ From b68839485d2064a574e0825ac662912727ec62da Mon Sep 17 00:00:00 2001 From: Vincent Laporte Date: Sun, 14 Mar 2021 21:06:38 +0100 Subject: [PATCH 21/24] =?UTF-8?q?ocamlPackages.bitstring:=204.0.1=20?= =?UTF-8?q?=E2=86=92=204.1.0?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- pkgs/development/ocaml-modules/bitstring/default.nix | 4 ++-- pkgs/development/ocaml-modules/bitstring/ppx.nix | 4 ++++ pkgs/top-level/ocaml-packages.nix | 4 +++- 3 files changed, 9 insertions(+), 3 deletions(-) diff --git a/pkgs/development/ocaml-modules/bitstring/default.nix b/pkgs/development/ocaml-modules/bitstring/default.nix index 583017d9dde..12ed4ae787d 100644 --- a/pkgs/development/ocaml-modules/bitstring/default.nix +++ b/pkgs/development/ocaml-modules/bitstring/default.nix @@ -2,7 +2,7 @@ buildDunePackage rec { pname = "bitstring"; - version = "4.0.1"; + version = "4.1.0"; useDune2 = true; @@ -10,7 +10,7 @@ buildDunePackage rec { owner = "xguerin"; repo = pname; rev = "v${version}"; - sha256 = "1z7jmgljvp52lvn3ml2cp6gssxqp4sikwyjf6ym97cycbcw0fjjm"; + sha256 = "0mghsl8b2zd2676mh1r9142hymhvzy9cw8kgkjmirxkn56wbf56b"; }; propagatedBuildInputs = [ stdlib-shims ]; diff --git a/pkgs/development/ocaml-modules/bitstring/ppx.nix b/pkgs/development/ocaml-modules/bitstring/ppx.nix index ee0a8c51f73..4d391d3458d 100644 --- a/pkgs/development/ocaml-modules/bitstring/ppx.nix +++ b/pkgs/development/ocaml-modules/bitstring/ppx.nix @@ -3,6 +3,10 @@ , ounit }: +if !lib.versionAtLeast ppxlib.version "0.18.0" +then throw "ppx_bitstring is not available with ppxlib-${ppxlib.version}" +else + buildDunePackage rec { pname = "ppx_bitstring"; inherit (bitstring) version useDune2 src; diff --git a/pkgs/top-level/ocaml-packages.nix b/pkgs/top-level/ocaml-packages.nix index 8b4b56d57a4..fd8165085f0 100644 --- a/pkgs/top-level/ocaml-packages.nix +++ b/pkgs/top-level/ocaml-packages.nix @@ -929,7 +929,9 @@ let ppx_bap = callPackage ../development/ocaml-modules/ppx_bap { }; - ppx_bitstring = callPackage ../development/ocaml-modules/bitstring/ppx.nix { }; + ppx_bitstring = callPackage ../development/ocaml-modules/bitstring/ppx.nix { + ppxlib = ppxlib.override { version = "0.22.0"; }; + }; ppxfind = callPackage ../development/ocaml-modules/ppxfind { }; From 2b16ff345726c8d55e7687e1eeaf9b15a7f34370 Mon Sep 17 00:00:00 2001 From: Frank Doepper Date: Sun, 27 Sep 2020 21:52:41 +0200 Subject: [PATCH 22/24] nncp: 5.3.3 -> 6.2.0 - change build system from makefile to redo - license gpl3Only --- pkgs/tools/misc/nncp/default.nix | 30 ++++++++++++++++++++---------- 1 file changed, 20 insertions(+), 10 deletions(-) diff --git a/pkgs/tools/misc/nncp/default.nix b/pkgs/tools/misc/nncp/default.nix index 4469f130b58..4c03172d9af 100644 --- a/pkgs/tools/misc/nncp/default.nix +++ b/pkgs/tools/misc/nncp/default.nix @@ -1,6 +1,7 @@ { lib, stdenv , go , fetchurl +, redo-apenwarr , curl , perl , genericUpdater @@ -9,24 +10,33 @@ stdenv.mkDerivation rec { pname = "nncp"; - version = "5.3.3"; + version = "6.2.0"; src = fetchurl { url = "http://www.nncpgo.org/download/${pname}-${version}.tar.xz"; - sha256 = "1l35ndzrvpfim29jn1p0bwmc8w892z44nsrdnay28k229r9dhz3h"; + sha256 = "1zj0v82zqigcxhpc50mvafvi1ihs92ck35vjfrwb7wzzd7nysb17"; }; - nativeBuildInputs = [ go ]; + nativeBuildInputs = [ go redo-apenwarr ]; - preConfigure = '' + buildPhase = '' + runHook preBuild export GOCACHE=$PWD/.cache + export CFGPATH=/etc/nncp.hjson + export SENDMAIL=sendmail # default value for generated config file + redo ''${enableParallelBuilding:+-j''${NIX_BUILD_CORES}} + runHook postBuild ''; - makeFlags = [ - "PREFIX=${placeholder "out"}" - "CFGPATH=/etc/nncp.hjson" - "SENDMAIL=/run/wrappers/bin/sendmail" - ]; + installPhase = '' + runHook preInstall + export PREFIX=$out + rm -f INSTALL # work around case insensitivity + redo install + runHook postInstall + ''; + + enableParallelBuilding = true; passthru.updateScript = genericUpdater { inherit pname version; @@ -54,7 +64,7 @@ stdenv.mkDerivation rec { transmission exists. ''; homepage = "http://www.nncpgo.org/"; - license = licenses.gpl3; + license = licenses.gpl3Only; platforms = platforms.all; maintainers = [ maintainers.woffs ]; }; From 9ed9e5f8c386eda4ac65891a6ff8ebaf02c38781 Mon Sep 17 00:00:00 2001 From: "R. RyanTM" Date: Wed, 17 Mar 2021 22:50:01 +0000 Subject: [PATCH 23/24] cbonsai: 1.0.1 -> 1.0.4 --- pkgs/games/cbonsai/default.nix | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/pkgs/games/cbonsai/default.nix b/pkgs/games/cbonsai/default.nix index 9e318b92fa9..c817b5d36b5 100644 --- a/pkgs/games/cbonsai/default.nix +++ b/pkgs/games/cbonsai/default.nix @@ -1,14 +1,14 @@ { stdenv, lib, fetchFromGitLab, ncurses, pkg-config, nix-update-script }: stdenv.mkDerivation rec { - version = "1.0.1"; + version = "1.0.4"; pname = "cbonsai"; src = fetchFromGitLab { owner = "jallbrit"; repo = pname; rev = "v${version}"; - sha256 = "sha256-UTjbc0kGHOQse4sZF94p4LAwMk9vsZg1QHq8iuDcTDk="; + sha256 = "sha256-5yyvisExf4Minyr1ApJQ2SoctfjhdU6kEbgBGgHDtCg="; }; nativeBuildInputs = [ pkg-config ]; From a99b2f4274f2993b8056b3f993f77e43a5f96c0a Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?J=C3=B6rg=20Thalheim?= Date: Thu, 18 Mar 2021 21:37:05 +0100 Subject: [PATCH 24/24] deltachat-electron: 1.15.2 -> 1.15.3 --- .../instant-messengers/deltachat-electron/default.nix | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/pkgs/applications/networking/instant-messengers/deltachat-electron/default.nix b/pkgs/applications/networking/instant-messengers/deltachat-electron/default.nix index c579220cdde..396dec1cd09 100644 --- a/pkgs/applications/networking/instant-messengers/deltachat-electron/default.nix +++ b/pkgs/applications/networking/instant-messengers/deltachat-electron/default.nix @@ -2,12 +2,12 @@ let pname = "deltachat-electron"; - version = "1.15.2"; + version = "1.15.3"; name = "${pname}-${version}"; src = fetchurl { url = "https://download.delta.chat/desktop/v${version}/DeltaChat-${version}.AppImage"; - sha256 = "sha256-iw2tU8qqXWbtEdLGlW8HNBHx8F2CgnCGCBUWpM407us="; + sha256 = "sha256-cYb0uruuWpNr1jF5WZ48quBZRIVXiHr99mLPLKMOX5M="; }; appimageContents = appimageTools.extract { inherit name src; };