diff options
author | Vladimír Čunát <v@cunat.cz> | 2024-02-16 16:04:36 +0100 |
---|---|---|
committer | Vladimír Čunát <v@cunat.cz> | 2024-02-16 16:04:36 +0100 |
commit | c350dcb26d8360f958fa548806175f2e3e773b09 (patch) | |
tree | 093fb7eee76cf0da0292402836a65937e760f31e | |
parent | 56e214acc96bcca8462fb0a16897719c86341d17 (diff) | |
parent | 82ea63762507ebe9f7c95ddd57420a4fa400d908 (diff) |
Merge branch 'release-23.11' into staging-next-23.11
-rw-r--r-- | pkgs/applications/networking/cluster/kubernetes/default.nix | 4 | ||||
-rw-r--r-- | pkgs/applications/office/planify/default.nix | 17 | ||||
-rw-r--r-- | pkgs/build-support/php/build-composer-project.nix | 4 | ||||
-rw-r--r-- | pkgs/build-support/php/build-composer-repository.nix | 4 | ||||
-rw-r--r-- | pkgs/by-name/ph/phel/package.nix | 2 | ||||
-rw-r--r-- | pkgs/development/interpreters/php/8.2.nix | 4 | ||||
-rw-r--r-- | pkgs/development/interpreters/php/8.3.nix | 4 | ||||
-rw-r--r-- | pkgs/os-specific/linux/kernel/hardened/patches.json | 30 | ||||
-rw-r--r-- | pkgs/servers/http/nginx/mainline.nix | 4 | ||||
-rw-r--r-- | pkgs/servers/mastodon/gemset.nix | 14 | ||||
-rw-r--r-- | pkgs/servers/mastodon/source.nix | 4 | ||||
-rw-r--r-- | pkgs/servers/monitoring/grafana/default.nix | 10 | ||||
-rw-r--r-- | pkgs/tools/misc/graylog/5.0.nix | 4 | ||||
-rw-r--r-- | pkgs/tools/misc/graylog/graylog.nix | 3 |
14 files changed, 58 insertions, 50 deletions
diff --git a/pkgs/applications/networking/cluster/kubernetes/default.nix b/pkgs/applications/networking/cluster/kubernetes/default.nix index f67d650e77a54..2f6654671a767 100644 --- a/pkgs/applications/networking/cluster/kubernetes/default.nix +++ b/pkgs/applications/networking/cluster/kubernetes/default.nix @@ -20,13 +20,13 @@ buildGoModule rec { pname = "kubernetes"; - version = "1.28.4"; + version = "1.28.7"; src = fetchFromGitHub { owner = "kubernetes"; repo = "kubernetes"; rev = "v${version}"; - hash = "sha256-aaGcAIyy0hFJGFfOq5FaF0qAlygXcs2WcwgvMe5dkbo="; + hash = "sha256-Qhx5nB4S5a8NlRhxQrD1U4oOCMLxJ9XUk2XemwAwe5k="; }; vendorHash = null; diff --git a/pkgs/applications/office/planify/default.nix b/pkgs/applications/office/planify/default.nix index e4cca46bbd636..9c8aad5e9cae8 100644 --- a/pkgs/applications/office/planify/default.nix +++ b/pkgs/applications/office/planify/default.nix @@ -11,11 +11,13 @@ , glib , glib-networking , gtk4 +, gtksourceview5 , json-glib , libadwaita , libgee , libical , libportal-gtk4 +, libsoup_3 , pantheon , sqlite , webkitgtk_6_0 @@ -23,16 +25,13 @@ stdenv.mkDerivation rec { pname = "planify"; - version = "4.1.1"; + version = "4.4"; src = fetchFromGitHub { owner = "alainm23"; repo = "planify"; - # The commit is named as "Release 4.1.1", published to Flathub, but not tags - # https://github.com/flathub/io.github.alainm23.planify/commit/2a353ccfcf3379add6778d569f49da37f40accfa - # https://github.com/alainm23/planify/issues/1002 - rev = "adf3629bcacfc9978f6dde5b87eff0278533ab3e"; - hash = "sha256-xqklvSYmqBQ+IQ3lRjMbV4W4vD/rLCln7rBVCbYiBGo="; + rev = version; + hash = "sha256-HX6ZMx2NUAQxEGLIk/wgUlQX0BFtee3+t/JdlMTIYBw="; }; nativeBuildInputs = [ @@ -49,16 +48,22 @@ stdenv.mkDerivation rec { glib glib-networking gtk4 + gtksourceview5 json-glib libadwaita libgee libical libportal-gtk4 + libsoup_3 pantheon.granite7 sqlite webkitgtk_6_0 ]; + mesonFlags = [ + "-Dprofile=default" + ]; + meta = with lib; { description = "Task manager with Todoist support designed for GNU/Linux"; homepage = "https://github.com/alainm23/planify"; diff --git a/pkgs/build-support/php/build-composer-project.nix b/pkgs/build-support/php/build-composer-project.nix index 778aa35fa6a51..80c63bcde71b9 100644 --- a/pkgs/build-support/php/build-composer-project.nix +++ b/pkgs/build-support/php/build-composer-project.nix @@ -57,9 +57,9 @@ let doInstallCheck = previousAttrs.doInstallCheck or false; installCheckPhase = previousAttrs.installCheckPhase or '' - runHook preCheckInstall + runHook preInstallCheck - runHook postCheckInstall + runHook postInstallCheck ''; composerRepository = phpDrv.mkComposerRepository { diff --git a/pkgs/build-support/php/build-composer-repository.nix b/pkgs/build-support/php/build-composer-repository.nix index 5b31f86e61cfa..e359c0829aaf7 100644 --- a/pkgs/build-support/php/build-composer-repository.nix +++ b/pkgs/build-support/php/build-composer-repository.nix @@ -78,9 +78,9 @@ let doInstallCheck = previousAttrs.doInstallCheck or false; installCheckPhase = previousAttrs.installCheckPhase or '' - runHook preCheckInstall + runHook preInstallCheck - runHook postCheckInstall + runHook postInstallCheck ''; COMPOSER_CACHE_DIR = "/dev/null"; diff --git a/pkgs/by-name/ph/phel/package.nix b/pkgs/by-name/ph/phel/package.nix index 2c6431da28870..209f7bd8bbd43 100644 --- a/pkgs/by-name/ph/phel/package.nix +++ b/pkgs/by-name/ph/phel/package.nix @@ -17,7 +17,7 @@ php.buildComposerProject (finalAttrs: { vendorHash = "sha256-83GX/dxHa6w1E34wnJshg7yxlVyRkDT5jmAPCCqPdtA="; doInstallCheck = true; - postCheckInstall = '' + postInstallCheck = '' $out/bin/phel --version ''; diff --git a/pkgs/development/interpreters/php/8.2.nix b/pkgs/development/interpreters/php/8.2.nix index 2d2a705c30e57..d97170bae7a69 100644 --- a/pkgs/development/interpreters/php/8.2.nix +++ b/pkgs/development/interpreters/php/8.2.nix @@ -2,8 +2,8 @@ let base = callPackage ./generic.nix (_args // { - version = "8.2.15"; - hash = "sha256-UMPiILeqY6hXFiM8kC60TMCkZn7QuDNXIq4jkbE1Xno="; + version = "8.2.16"; + hash = "sha256-JljBuJNatrU6fyCTVGAnYasHBm5mkgvEcriBX9G0P3E="; }); in base.withExtensions ({ all, ... }: with all; ([ diff --git a/pkgs/development/interpreters/php/8.3.nix b/pkgs/development/interpreters/php/8.3.nix index 877bde775262a..ee2bf413a426a 100644 --- a/pkgs/development/interpreters/php/8.3.nix +++ b/pkgs/development/interpreters/php/8.3.nix @@ -2,8 +2,8 @@ let base = callPackage ./generic.nix (_args // { - version = "8.3.2"; - hash = "sha256-WCs8g3qNlS7//idKXklwbEOojBYoMMKow1gIn+dEkoQ="; + version = "8.3.3"; + hash = "sha256-qvthO6eVlKI/5yL46QrUczAGEL+A50uKpS2pysLcTio="; }); in base.withExtensions ({ all, ... }: with all; ([ diff --git a/pkgs/os-specific/linux/kernel/hardened/patches.json b/pkgs/os-specific/linux/kernel/hardened/patches.json index 8d92d9cae355b..be230f2462d96 100644 --- a/pkgs/os-specific/linux/kernel/hardened/patches.json +++ b/pkgs/os-specific/linux/kernel/hardened/patches.json @@ -42,12 +42,12 @@ "6.1": { "patch": { "extra": "-hardened1", - "name": "linux-hardened-6.1.76-hardened1.patch", - "sha256": "1hybya6kxcy90cnc7m1gzykbbarqmbybmgrsbanb3gvlbvjghizx", - "url": "https://github.com/anthraxx/linux-hardened/releases/download/6.1.76-hardened1/linux-hardened-6.1.76-hardened1.patch" + "name": "linux-hardened-6.1.77-hardened1.patch", + "sha256": "0gi7sahy24158hsfx6yhlzxg152ipn918nzg6nv4633b7vg6g90f", + "url": "https://github.com/anthraxx/linux-hardened/releases/download/6.1.77-hardened1/linux-hardened-6.1.77-hardened1.patch" }, - "sha256": "1zdi4xbk7zyiab7x8z12xqg72zaw3j61slvrbwjfx6pzh47cr005", - "version": "6.1.76" + "sha256": "07grng6rrgpy6c3465hwqhn3gcdam1c8rwya30vgpk8nfxbfqm1v", + "version": "6.1.77" }, "6.5": { "patch": { @@ -62,21 +62,21 @@ "6.6": { "patch": { "extra": "-hardened1", - "name": "linux-hardened-6.6.15-hardened1.patch", - "sha256": "0yj821zaqxhk4yk1fgv1l5kcqsl05nvq8l6djbvhs0nnlmfd85yf", - "url": "https://github.com/anthraxx/linux-hardened/releases/download/6.6.15-hardened1/linux-hardened-6.6.15-hardened1.patch" + "name": "linux-hardened-6.6.16-hardened1.patch", + "sha256": "04k340nilrlarsh47gpdj5qzcy2h8z4nkr5945j40qa7nkj58ncd", + "url": "https://github.com/anthraxx/linux-hardened/releases/download/6.6.16-hardened1/linux-hardened-6.6.16-hardened1.patch" }, - "sha256": "1ajzby6isqji1xlp660m4qj2i2xs003vsjp1jspziwl7hrzhqadb", - "version": "6.6.15" + "sha256": "0c5a9agdr27bwd1z6790whczb858z8i34hhn548lzbdylfamf7dj", + "version": "6.6.16" }, "6.7": { "patch": { "extra": "-hardened1", - "name": "linux-hardened-6.7.3-hardened1.patch", - "sha256": "03jdch5fx6ly0haa2jrbjzyjnfv66dh1gkbhy1y79v3ylr4x29x4", - "url": "https://github.com/anthraxx/linux-hardened/releases/download/6.7.3-hardened1/linux-hardened-6.7.3-hardened1.patch" + "name": "linux-hardened-6.7.4-hardened1.patch", + "sha256": "1g3waasdsba65rgb6f58drj5qd61b0072hfmzl783jphj8iq045x", + "url": "https://github.com/anthraxx/linux-hardened/releases/download/6.7.4-hardened1/linux-hardened-6.7.4-hardened1.patch" }, - "sha256": "0i1bfkawyp917d9v3qa5nqzspzr3ixx7scbfl8x4lms74xjqrw5p", - "version": "6.7.3" + "sha256": "036nk3h7vqzd7gnxan2173kpss5qm2pci1lvd58gh90azigrz3gn", + "version": "6.7.4" } } diff --git a/pkgs/servers/http/nginx/mainline.nix b/pkgs/servers/http/nginx/mainline.nix index 39877f115d8ca..ddb9c14740bb0 100644 --- a/pkgs/servers/http/nginx/mainline.nix +++ b/pkgs/servers/http/nginx/mainline.nix @@ -1,6 +1,6 @@ { callPackage, ... }@args: callPackage ./generic.nix args { - version = "1.25.3"; - hash = "sha256-ZMW5dcooeTnoKDA/qFfSLxQrJR8XgI3+QXM1EtnN7YY="; + version = "1.25.4"; + hash = "sha256-dgcpkBrLqlF5luaB7m6iWQMpheN8J2i+74DfOod97tk="; } diff --git a/pkgs/servers/mastodon/gemset.nix b/pkgs/servers/mastodon/gemset.nix index 7279f61bac72e..e888bfe750bb7 100644 --- a/pkgs/servers/mastodon/gemset.nix +++ b/pkgs/servers/mastodon/gemset.nix @@ -1891,13 +1891,11 @@ groups = ["default"]; platforms = []; source = { - fetchSubmodules = false; - rev = "e020fcc3a54d993ab45b7194d89ab720296c111b"; - sha256 = "18pbm9qkancy38v0gpb6f5k0xd8r347jl4xvj4jn98ihfhzgwygj"; - type = "git"; - url = "https://github.com/jhawthorn/nsa.git"; + remotes = ["https://rubygems.org"]; + sha256 = "1narh0bj0c9pg8cb2jhpydfa9mnm3dclckzk5s6xrwa2gm99hnk4"; + type = "gem"; }; - version = "0.2.8"; + version = "0.3.0"; }; oj = { groups = ["default"]; @@ -2065,10 +2063,10 @@ platforms = []; source = { remotes = ["https://rubygems.org"]; - sha256 = "0pfj771p5a29yyyw58qacks464sl86d5m3jxjl5rlqqw2m3v5xq4"; + sha256 = "0s4vskbydg5k0z86v2g5drf03lslkr4b1l421vz29531jlrsljvy"; type = "gem"; }; - version = "1.5.4"; + version = "1.5.5"; }; pghero = { dependencies = ["activerecord"]; diff --git a/pkgs/servers/mastodon/source.nix b/pkgs/servers/mastodon/source.nix index bb1a11ac7e60a..4036b5b48135c 100644 --- a/pkgs/servers/mastodon/source.nix +++ b/pkgs/servers/mastodon/source.nix @@ -1,7 +1,7 @@ # This file was generated by pkgs.mastodon.updateScript. { fetchFromGitHub, applyPatches, patches ? [] }: let - version = "4.2.6"; + version = "4.2.7"; in ( applyPatches { @@ -9,7 +9,7 @@ in owner = "mastodon"; repo = "mastodon"; rev = "v${version}"; - hash = "sha256-xUJiyQN3xsl/8+D/kaky+iYunY0ctlSbjkftN2+NQNw="; + hash = "sha256-lz1HMg/B6BOqGxypzDTTO5yY7C5B6QRNIpRnDZW2eGs="; }; patches = patches ++ []; }) // { diff --git a/pkgs/servers/monitoring/grafana/default.nix b/pkgs/servers/monitoring/grafana/default.nix index 0ccde0228c7df..57183dd9d0c8e 100644 --- a/pkgs/servers/monitoring/grafana/default.nix +++ b/pkgs/servers/monitoring/grafana/default.nix @@ -2,7 +2,7 @@ buildGoModule rec { pname = "grafana"; - version = "10.2.2"; + version = "10.2.4"; excludedPackages = [ "alert_webhook_listener" "clean-swagger" "release_publisher" "slow_proxy" "slow_proxy_mac" "macaron" "devenv" "modowners" ]; @@ -10,19 +10,19 @@ buildGoModule rec { owner = "grafana"; repo = "grafana"; rev = "v${version}"; - hash = "sha256-MlrGBa/ZQwfETr5vt7CyJxtvZC021aeWsgKtfuc8wAc="; + hash = "sha256-pD0u36ibXIQA729p86ieQ/PIRru3yNKK9jOF5g1qieY="; }; srcStatic = fetchurl { url = "https://dl.grafana.com/oss/release/grafana-${version}.linux-amd64.tar.gz"; - hash = "sha256-Mt0si5TxkXGQp5vmVD37fl3WKXuuIcJNtiTcEYCroZ8="; + hash = "sha256-ZpaIbk6UXbKNaWVDypaY0dbry22fQFLOEBonaIMISvc="; }; - vendorHash = "sha256-z2eDbnezG9TWrqLPxAXHBgdtXvaEf8ccUQUe9MnhjtQ="; + vendorHash = "sha256-rQOnuh6t+cUqyAAnUhGgxMaW88pawnauAGQd6w0T57Q="; nativeBuildInputs = [ wire ]; - preBuild = '' + postConfigure = '' # Generate DI code that's required to compile the package. # From https://github.com/grafana/grafana/blob/v8.2.3/Makefile#L33-L35 wire gen -tags oss ./pkg/server diff --git a/pkgs/tools/misc/graylog/5.0.nix b/pkgs/tools/misc/graylog/5.0.nix index 40b296010cd46..737bfb4795ea5 100644 --- a/pkgs/tools/misc/graylog/5.0.nix +++ b/pkgs/tools/misc/graylog/5.0.nix @@ -6,4 +6,8 @@ in buildGraylog { sha256 = "sha256-TGJm2PGoXaLhlzyfSWKScEJxEGObTVttpEEaczsXHiA="; maintainers = [ lib.maintainers.f2k1de ]; license = lib.licenses.sspl; + knownVulnerabilities = [ + "CVE-2024-24823" + "CVE-2024-24824" + ]; } diff --git a/pkgs/tools/misc/graylog/graylog.nix b/pkgs/tools/misc/graylog/graylog.nix index 4608d6fa3f570..d45d18ed54c96 100644 --- a/pkgs/tools/misc/graylog/graylog.nix +++ b/pkgs/tools/misc/graylog/graylog.nix @@ -1,6 +1,6 @@ { lib, stdenv, fetchurl, makeWrapper, openjdk11_headless, openjdk17_headless, systemd, nixosTests}: -{ version, sha256, maintainers, license }: +{ version, sha256, maintainers, license, knownVulnerabilities ? [] }: stdenv.mkDerivation rec { pname = "graylog_${lib.versions.majorMinor version}"; inherit version; @@ -35,6 +35,7 @@ stdenv.mkDerivation rec { sourceProvenance = with sourceTypes; [ binaryBytecode ]; inherit license; inherit maintainers; + inherit knownVulnerabilities; mainProgram = "graylogctl"; platforms = platforms.unix; }; |