Merge branch 'release-23.11' into staging-next-23.11

author: Vladimír Čunát <v@cunat.cz> 2024-02-16 16:04:36 +0100
committer: Vladimír Čunát <v@cunat.cz> 2024-02-16 16:04:36 +0100
commit: c350dcb26d8360f958fa548806175f2e3e773b09 (patch)
tree: 093fb7eee76cf0da0292402836a65937e760f31e
parent: 56e214acc96bcca8462fb0a16897719c86341d17 (diff)
parent: 82ea63762507ebe9f7c95ddd57420a4fa400d908 (diff)
14 files changed, 58 insertions, 50 deletions
diff --git a/pkgs/applications/networking/cluster/kubernetes/default.nix b/pkgs/applications/networking/cluster/kubernetes/default.nix
index f67d650e77a54..2f6654671a767 100644
--- a/pkgs/applications/networking/cluster/kubernetes/default.nix
+++ b/pkgs/applications/networking/cluster/kubernetes/default.nix
@@ -20,13 +20,13 @@
 
 buildGoModule rec {
   pname = "kubernetes";
-  version = "1.28.4";
+  version = "1.28.7";
 
   src = fetchFromGitHub {
     owner = "kubernetes";
     repo = "kubernetes";
     rev = "v${version}";
-    hash = "sha256-aaGcAIyy0hFJGFfOq5FaF0qAlygXcs2WcwgvMe5dkbo=";
+    hash = "sha256-Qhx5nB4S5a8NlRhxQrD1U4oOCMLxJ9XUk2XemwAwe5k=";
   };
 
   vendorHash = null;
diff --git a/pkgs/applications/office/planify/default.nix b/pkgs/applications/office/planify/default.nix
index e4cca46bbd636..9c8aad5e9cae8 100644
--- a/pkgs/applications/office/planify/default.nix
+++ b/pkgs/applications/office/planify/default.nix
@@ -11,11 +11,13 @@
 , glib
 , glib-networking
 , gtk4
+, gtksourceview5
 , json-glib
 , libadwaita
 , libgee
 , libical
 , libportal-gtk4
+, libsoup_3
 , pantheon
 , sqlite
 , webkitgtk_6_0
@@ -23,16 +25,13 @@
 
 stdenv.mkDerivation rec {
   pname = "planify";
-  version = "4.1.1";
+  version = "4.4";
 
   src = fetchFromGitHub {
     owner = "alainm23";
     repo = "planify";
-    # The commit is named as "Release 4.1.1", published to Flathub, but not tags
-    # https://github.com/flathub/io.github.alainm23.planify/commit/2a353ccfcf3379add6778d569f49da37f40accfa
-    # https://github.com/alainm23/planify/issues/1002
-    rev = "adf3629bcacfc9978f6dde5b87eff0278533ab3e";
-    hash = "sha256-xqklvSYmqBQ+IQ3lRjMbV4W4vD/rLCln7rBVCbYiBGo=";
+    rev = version;
+    hash = "sha256-HX6ZMx2NUAQxEGLIk/wgUlQX0BFtee3+t/JdlMTIYBw=";
   };
 
   nativeBuildInputs = [
@@ -49,16 +48,22 @@ stdenv.mkDerivation rec {
     glib
     glib-networking
     gtk4
+    gtksourceview5
     json-glib
     libadwaita
     libgee
     libical
     libportal-gtk4
+    libsoup_3
     pantheon.granite7
     sqlite
     webkitgtk_6_0
   ];
 
+  mesonFlags = [
+    "-Dprofile=default"
+  ];
+
   meta = with lib; {
     description = "Task manager with Todoist support designed for GNU/Linux";
     homepage = "https://github.com/alainm23/planify";
diff --git a/pkgs/build-support/php/build-composer-project.nix b/pkgs/build-support/php/build-composer-project.nix
index 778aa35fa6a51..80c63bcde71b9 100644
--- a/pkgs/build-support/php/build-composer-project.nix
+++ b/pkgs/build-support/php/build-composer-project.nix
@@ -57,9 +57,9 @@ let
 
       doInstallCheck = previousAttrs.doInstallCheck or false;
       installCheckPhase = previousAttrs.installCheckPhase or ''
-        runHook preCheckInstall
+        runHook preInstallCheck
 
-        runHook postCheckInstall
+        runHook postInstallCheck
       '';
 
       composerRepository = phpDrv.mkComposerRepository {
diff --git a/pkgs/build-support/php/build-composer-repository.nix b/pkgs/build-support/php/build-composer-repository.nix
index 5b31f86e61cfa..e359c0829aaf7 100644
--- a/pkgs/build-support/php/build-composer-repository.nix
+++ b/pkgs/build-support/php/build-composer-repository.nix
@@ -78,9 +78,9 @@ let
 
       doInstallCheck = previousAttrs.doInstallCheck or false;
       installCheckPhase = previousAttrs.installCheckPhase or ''
-        runHook preCheckInstall
+        runHook preInstallCheck
 
-        runHook postCheckInstall
+        runHook postInstallCheck
       '';
 
       COMPOSER_CACHE_DIR = "/dev/null";
diff --git a/pkgs/by-name/ph/phel/package.nix b/pkgs/by-name/ph/phel/package.nix
index 2c6431da28870..209f7bd8bbd43 100644
--- a/pkgs/by-name/ph/phel/package.nix
+++ b/pkgs/by-name/ph/phel/package.nix
@@ -17,7 +17,7 @@ php.buildComposerProject (finalAttrs: {
   vendorHash = "sha256-83GX/dxHa6w1E34wnJshg7yxlVyRkDT5jmAPCCqPdtA=";
 
   doInstallCheck = true;
-  postCheckInstall = ''
+  postInstallCheck = ''
     $out/bin/phel --version
   '';
 
diff --git a/pkgs/development/interpreters/php/8.2.nix b/pkgs/development/interpreters/php/8.2.nix
index 2d2a705c30e57..d97170bae7a69 100644
--- a/pkgs/development/interpreters/php/8.2.nix
+++ b/pkgs/development/interpreters/php/8.2.nix
@@ -2,8 +2,8 @@
 
 let
   base = callPackage ./generic.nix (_args // {
-    version = "8.2.15";
-    hash = "sha256-UMPiILeqY6hXFiM8kC60TMCkZn7QuDNXIq4jkbE1Xno=";
+    version = "8.2.16";
+    hash = "sha256-JljBuJNatrU6fyCTVGAnYasHBm5mkgvEcriBX9G0P3E=";
   });
 in
 base.withExtensions ({ all, ... }: with all; ([
diff --git a/pkgs/development/interpreters/php/8.3.nix b/pkgs/development/interpreters/php/8.3.nix
index 877bde775262a..ee2bf413a426a 100644
--- a/pkgs/development/interpreters/php/8.3.nix
+++ b/pkgs/development/interpreters/php/8.3.nix
@@ -2,8 +2,8 @@
 
 let
   base = callPackage ./generic.nix (_args // {
-    version = "8.3.2";
-    hash = "sha256-WCs8g3qNlS7//idKXklwbEOojBYoMMKow1gIn+dEkoQ=";
+    version = "8.3.3";
+    hash = "sha256-qvthO6eVlKI/5yL46QrUczAGEL+A50uKpS2pysLcTio=";
   });
 in
 base.withExtensions ({ all, ... }: with all; ([
diff --git a/pkgs/os-specific/linux/kernel/hardened/patches.json b/pkgs/os-specific/linux/kernel/hardened/patches.json
index 8d92d9cae355b..be230f2462d96 100644
--- a/pkgs/os-specific/linux/kernel/hardened/patches.json
+++ b/pkgs/os-specific/linux/kernel/hardened/patches.json
@@ -42,12 +42,12 @@
     "6.1": {
         "patch": {
             "extra": "-hardened1",
-            "name": "linux-hardened-6.1.76-hardened1.patch",
-            "sha256": "1hybya6kxcy90cnc7m1gzykbbarqmbybmgrsbanb3gvlbvjghizx",
-            "url": "https://github.com/anthraxx/linux-hardened/releases/download/6.1.76-hardened1/linux-hardened-6.1.76-hardened1.patch"
+            "name": "linux-hardened-6.1.77-hardened1.patch",
+            "sha256": "0gi7sahy24158hsfx6yhlzxg152ipn918nzg6nv4633b7vg6g90f",
+            "url": "https://github.com/anthraxx/linux-hardened/releases/download/6.1.77-hardened1/linux-hardened-6.1.77-hardened1.patch"
         },
-        "sha256": "1zdi4xbk7zyiab7x8z12xqg72zaw3j61slvrbwjfx6pzh47cr005",
-        "version": "6.1.76"
+        "sha256": "07grng6rrgpy6c3465hwqhn3gcdam1c8rwya30vgpk8nfxbfqm1v",
+        "version": "6.1.77"
     },
     "6.5": {
         "patch": {
@@ -62,21 +62,21 @@
     "6.6": {
         "patch": {
             "extra": "-hardened1",
-            "name": "linux-hardened-6.6.15-hardened1.patch",
-            "sha256": "0yj821zaqxhk4yk1fgv1l5kcqsl05nvq8l6djbvhs0nnlmfd85yf",
-            "url": "https://github.com/anthraxx/linux-hardened/releases/download/6.6.15-hardened1/linux-hardened-6.6.15-hardened1.patch"
+            "name": "linux-hardened-6.6.16-hardened1.patch",
+            "sha256": "04k340nilrlarsh47gpdj5qzcy2h8z4nkr5945j40qa7nkj58ncd",
+            "url": "https://github.com/anthraxx/linux-hardened/releases/download/6.6.16-hardened1/linux-hardened-6.6.16-hardened1.patch"
         },
-        "sha256": "1ajzby6isqji1xlp660m4qj2i2xs003vsjp1jspziwl7hrzhqadb",
-        "version": "6.6.15"
+        "sha256": "0c5a9agdr27bwd1z6790whczb858z8i34hhn548lzbdylfamf7dj",
+        "version": "6.6.16"
     },
     "6.7": {
         "patch": {
             "extra": "-hardened1",
-            "name": "linux-hardened-6.7.3-hardened1.patch",
-            "sha256": "03jdch5fx6ly0haa2jrbjzyjnfv66dh1gkbhy1y79v3ylr4x29x4",
-            "url": "https://github.com/anthraxx/linux-hardened/releases/download/6.7.3-hardened1/linux-hardened-6.7.3-hardened1.patch"
+            "name": "linux-hardened-6.7.4-hardened1.patch",
+            "sha256": "1g3waasdsba65rgb6f58drj5qd61b0072hfmzl783jphj8iq045x",
+            "url": "https://github.com/anthraxx/linux-hardened/releases/download/6.7.4-hardened1/linux-hardened-6.7.4-hardened1.patch"
         },
-        "sha256": "0i1bfkawyp917d9v3qa5nqzspzr3ixx7scbfl8x4lms74xjqrw5p",
-        "version": "6.7.3"
+        "sha256": "036nk3h7vqzd7gnxan2173kpss5qm2pci1lvd58gh90azigrz3gn",
+        "version": "6.7.4"
     }
 }
diff --git a/pkgs/servers/http/nginx/mainline.nix b/pkgs/servers/http/nginx/mainline.nix
index 39877f115d8ca..ddb9c14740bb0 100644
--- a/pkgs/servers/http/nginx/mainline.nix
+++ b/pkgs/servers/http/nginx/mainline.nix
@@ -1,6 +1,6 @@
 { callPackage, ... }@args:
 
 callPackage ./generic.nix args {
-  version = "1.25.3";
-  hash = "sha256-ZMW5dcooeTnoKDA/qFfSLxQrJR8XgI3+QXM1EtnN7YY=";
+  version = "1.25.4";
+  hash = "sha256-dgcpkBrLqlF5luaB7m6iWQMpheN8J2i+74DfOod97tk=";
 }
diff --git a/pkgs/servers/mastodon/gemset.nix b/pkgs/servers/mastodon/gemset.nix
index 7279f61bac72e..e888bfe750bb7 100644
--- a/pkgs/servers/mastodon/gemset.nix
+++ b/pkgs/servers/mastodon/gemset.nix
@@ -1891,13 +1891,11 @@
     groups = ["default"];
     platforms = [];
     source = {
-      fetchSubmodules = false;
-      rev = "e020fcc3a54d993ab45b7194d89ab720296c111b";
-      sha256 = "18pbm9qkancy38v0gpb6f5k0xd8r347jl4xvj4jn98ihfhzgwygj";
-      type = "git";
-      url = "https://github.com/jhawthorn/nsa.git";
+      remotes = ["https://rubygems.org"];
+      sha256 = "1narh0bj0c9pg8cb2jhpydfa9mnm3dclckzk5s6xrwa2gm99hnk4";
+      type = "gem";
     };
-    version = "0.2.8";
+    version = "0.3.0";
   };
   oj = {
     groups = ["default"];
@@ -2065,10 +2063,10 @@
     platforms = [];
     source = {
       remotes = ["https://rubygems.org"];
-      sha256 = "0pfj771p5a29yyyw58qacks464sl86d5m3jxjl5rlqqw2m3v5xq4";
+      sha256 = "0s4vskbydg5k0z86v2g5drf03lslkr4b1l421vz29531jlrsljvy";
       type = "gem";
     };
-    version = "1.5.4";
+    version = "1.5.5";
   };
   pghero = {
     dependencies = ["activerecord"];
diff --git a/pkgs/servers/mastodon/source.nix b/pkgs/servers/mastodon/source.nix
index bb1a11ac7e60a..4036b5b48135c 100644
--- a/pkgs/servers/mastodon/source.nix
+++ b/pkgs/servers/mastodon/source.nix
@@ -1,7 +1,7 @@
 # This file was generated by pkgs.mastodon.updateScript.
 { fetchFromGitHub, applyPatches, patches ? [] }:
 let
-  version = "4.2.6";
+  version = "4.2.7";
 in
 (
   applyPatches {
@@ -9,7 +9,7 @@ in
       owner = "mastodon";
       repo = "mastodon";
       rev = "v${version}";
-      hash = "sha256-xUJiyQN3xsl/8+D/kaky+iYunY0ctlSbjkftN2+NQNw=";
+      hash = "sha256-lz1HMg/B6BOqGxypzDTTO5yY7C5B6QRNIpRnDZW2eGs=";
     };
     patches = patches ++ [];
   }) // {
diff --git a/pkgs/servers/monitoring/grafana/default.nix b/pkgs/servers/monitoring/grafana/default.nix
index 0ccde0228c7df..57183dd9d0c8e 100644
--- a/pkgs/servers/monitoring/grafana/default.nix
+++ b/pkgs/servers/monitoring/grafana/default.nix
@@ -2,7 +2,7 @@
 
 buildGoModule rec {
   pname = "grafana";
-  version = "10.2.2";
+  version = "10.2.4";
 
   excludedPackages = [ "alert_webhook_listener" "clean-swagger" "release_publisher" "slow_proxy" "slow_proxy_mac" "macaron" "devenv" "modowners" ];
 
@@ -10,19 +10,19 @@ buildGoModule rec {
     owner = "grafana";
     repo = "grafana";
     rev = "v${version}";
-    hash = "sha256-MlrGBa/ZQwfETr5vt7CyJxtvZC021aeWsgKtfuc8wAc=";
+    hash = "sha256-pD0u36ibXIQA729p86ieQ/PIRru3yNKK9jOF5g1qieY=";
   };
 
   srcStatic = fetchurl {
     url = "https://dl.grafana.com/oss/release/grafana-${version}.linux-amd64.tar.gz";
-    hash = "sha256-Mt0si5TxkXGQp5vmVD37fl3WKXuuIcJNtiTcEYCroZ8=";
+    hash = "sha256-ZpaIbk6UXbKNaWVDypaY0dbry22fQFLOEBonaIMISvc=";
   };
 
-  vendorHash = "sha256-z2eDbnezG9TWrqLPxAXHBgdtXvaEf8ccUQUe9MnhjtQ=";
+  vendorHash = "sha256-rQOnuh6t+cUqyAAnUhGgxMaW88pawnauAGQd6w0T57Q=";
 
   nativeBuildInputs = [ wire ];
 
-  preBuild = ''
+  postConfigure = ''
     # Generate DI code that's required to compile the package.
     # From https://github.com/grafana/grafana/blob/v8.2.3/Makefile#L33-L35
     wire gen -tags oss ./pkg/server
diff --git a/pkgs/tools/misc/graylog/5.0.nix b/pkgs/tools/misc/graylog/5.0.nix
index 40b296010cd46..737bfb4795ea5 100644
--- a/pkgs/tools/misc/graylog/5.0.nix
+++ b/pkgs/tools/misc/graylog/5.0.nix
@@ -6,4 +6,8 @@ in buildGraylog {
   sha256 = "sha256-TGJm2PGoXaLhlzyfSWKScEJxEGObTVttpEEaczsXHiA=";
   maintainers = [ lib.maintainers.f2k1de ];
   license = lib.licenses.sspl;
+  knownVulnerabilities = [
+    "CVE-2024-24823"
+    "CVE-2024-24824"
+  ];
 }
diff --git a/pkgs/tools/misc/graylog/graylog.nix b/pkgs/tools/misc/graylog/graylog.nix
index 4608d6fa3f570..d45d18ed54c96 100644
--- a/pkgs/tools/misc/graylog/graylog.nix
+++ b/pkgs/tools/misc/graylog/graylog.nix
@@ -1,6 +1,6 @@
 { lib, stdenv, fetchurl, makeWrapper, openjdk11_headless, openjdk17_headless, systemd, nixosTests}:
 
-{ version, sha256, maintainers, license }:
+{ version, sha256, maintainers, license, knownVulnerabilities ? [] }:
 stdenv.mkDerivation rec {
   pname = "graylog_${lib.versions.majorMinor version}";
   inherit version;
@@ -35,6 +35,7 @@ stdenv.mkDerivation rec {
     sourceProvenance = with sourceTypes; [ binaryBytecode ];
     inherit license;
     inherit maintainers;
+    inherit knownVulnerabilities;
     mainProgram = "graylogctl";
     platforms   = platforms.unix;
   };
author	Vladimír Čunát <v@cunat.cz>	2024-02-16 16:04:36 +0100
committer	Vladimír Čunát <v@cunat.cz>	2024-02-16 16:04:36 +0100
commit	c350dcb26d8360f958fa548806175f2e3e773b09 (patch)
tree	093fb7eee76cf0da0292402836a65937e760f31e
parent	56e214acc96bcca8462fb0a16897719c86341d17 (diff)
parent	82ea63762507ebe9f7c95ddd57420a4fa400d908 (diff)