Merge pull request #138268 from NixOS/staging-next

Staging next 2021-09-17
author: Luke Granger-Brown <git@lukegb.com> 2021-09-24 12:07:12 +0100
committer: GitHub <noreply@github.com> 2021-09-24 12:07:12 +0100
commit: a78925d568e884da7e7812bed09e02c750e8d3b0 (patch)
tree: 711ef356bd3bef86d935662a90724be800b249b9 /pkgs/tools
parent: 22e82f4850407cb16730848cb53a9ffb6205eef8 (diff)
parent: 0459b659305b2b8d23ba6b506c98ca22af611bd6 (diff)
6 files changed, 34 insertions, 12 deletions
diff --git a/pkgs/tools/archivers/cpio/default.nix b/pkgs/tools/archivers/cpio/default.nix
index 5b88e10b1c37a..c172edd1fd981 100644
--- a/pkgs/tools/archivers/cpio/default.nix
+++ b/pkgs/tools/archivers/cpio/default.nix
@@ -1,4 +1,4 @@
-{ lib, stdenv, fetchurl }:
+{ lib, stdenv, fetchurl, fetchpatch }:
 
 let
   version = "2.13";
@@ -11,6 +11,14 @@ in stdenv.mkDerivation {
     sha256 = "0vbgnhkawdllgnkdn6zn1f56fczwk0518krakz2qbwhxmv2vvdga";
   };
 
+  patches = [
+    (fetchpatch {
+      name = "CVE-2021-38185.patch";
+      url = "https://git.savannah.gnu.org/cgit/cpio.git/patch/?id=dd96882877721703e19272fe25034560b794061b";
+      sha256 = "0vmr0qjwj2ldnzsvccl105ckwgx3ssvn9mp3f27ss0kiyigrzz32";
+    })
+  ];
+
   preConfigure = if stdenv.isCygwin then ''
     sed -i gnu/fpending.h -e 's,include <stdio_ext.h>,,'
   '' else null;
diff --git a/pkgs/tools/bootloaders/refind/default.nix b/pkgs/tools/bootloaders/refind/default.nix
index 600967e996c0f..c8dc645d69b4f 100644
--- a/pkgs/tools/bootloaders/refind/default.nix
+++ b/pkgs/tools/bootloaders/refind/default.nix
@@ -14,11 +14,11 @@ in
 
 stdenv.mkDerivation rec {
   pname = "refind";
-  version = "0.13.1";
+  version = "0.13.2";
 
   src = fetchurl {
     url = "mirror://sourceforge/project/refind/${version}/${pname}-src-${version}.tar.gz";
-    sha256 = "1yjni0mr3rqrrk4ynwb8i0whpqhd56cck4mxd97qmxn7wbr826i9";
+    sha256 = "0w6990ggns4xsdmgj3aq527q15frrxfmxwa3m6igabd4ai498n6x";
   };
 
   patches = [
diff --git a/pkgs/tools/misc/hdf5/default.nix b/pkgs/tools/misc/hdf5/default.nix
index 248351272d891..c5485a5b3fb1d 100644
--- a/pkgs/tools/misc/hdf5/default.nix
+++ b/pkgs/tools/misc/hdf5/default.nix
@@ -34,10 +34,10 @@ stdenv.mkDerivation rec {
 
   outputs = [ "out" "dev" ];
 
-  nativeBuildInputs = [ removeReferencesTo ];
+  nativeBuildInputs = [ removeReferencesTo ]
+    ++ optional (gfortran != null) gfortran;
 
   buildInputs = []
-    ++ optional (gfortran != null) gfortran
     ++ optional (szip != null) szip
     ++ optional javaSupport jdk;
 
diff --git a/pkgs/tools/networking/openssh/default.nix b/pkgs/tools/networking/openssh/default.nix
index 2652f68234257..b57633b750f87 100644
--- a/pkgs/tools/networking/openssh/default.nix
+++ b/pkgs/tools/networking/openssh/default.nix
@@ -6,11 +6,11 @@ in
 
   openssh = common rec {
     pname = "openssh";
-    version = "8.6p1";
+    version = "8.7p1";
 
     src = fetchurl {
       url = "mirror://openbsd/OpenSSH/portable/openssh-${version}.tar.gz";
-      sha256 = "1bnpivgk98h2f9afpp88jv6g9ps83vnpxd031n2jqxi12vdf9rn3";
+      sha256 = "090yxpi03pxxzb4ppx8g8hdpw7c4nf8p0avr6c7ybsaana5lp8vw";
     };
 
     extraPatches = [ ./ssh-keysign-8.5.patch ];
diff --git a/pkgs/tools/text/diffutils/default.nix b/pkgs/tools/text/diffutils/default.nix
index d95e7ae399db5..d5f27747cf1c2 100644
--- a/pkgs/tools/text/diffutils/default.nix
+++ b/pkgs/tools/text/diffutils/default.nix
@@ -7,11 +7,11 @@
 
 stdenv.mkDerivation rec {
   pname = "diffutils";
-  version = "3.7";
+  version = "3.8";
 
   src = fetchurl {
     url = "mirror://gnu/diffutils/diffutils-${version}.tar.xz";
-    sha256 = "09isrg0isjinv8c535nxsi1s86wfdfzml80dbw41dj9x3hiad9xk";
+    sha256 = "sha256-pr3X0bMSZtEcT03mwbdI1GB6sCMa9RiPwlM9CuJDj+w=";
   };
 
   outputs = [ "out" "info" ];
diff --git a/pkgs/tools/text/source-highlight/default.nix b/pkgs/tools/text/source-highlight/default.nix
index 6e1a7b24b5942..8817b7a09fda9 100644
--- a/pkgs/tools/text/source-highlight/default.nix
+++ b/pkgs/tools/text/source-highlight/default.nix
@@ -1,4 +1,4 @@
-{ lib, stdenv, fetchurl, boost }:
+{ lib, stdenv, fetchpatch, fetchurl, boost }:
 
 stdenv.mkDerivation rec {
   pname = "source-highlight";
@@ -9,10 +9,19 @@ stdenv.mkDerivation rec {
     sha256 = "148w47k3zswbxvhg83z38ifi85f9dqcpg7icvvw1cm6bg21x4zrs";
   };
 
+  patches = [
+    # gcc-11 compat upstream patch
+    (fetchpatch {
+      url = "http://git.savannah.gnu.org/cgit/src-highlite.git/patch/?id=904949c9026cb772dc93fbe0947a252ef47127f4";
+      sha256 = "1wnj0jmkmrwjww7qk9dvfxh8h06jdn7mi8v2fvwh95b6x87z5l47";
+      excludes = [ "ChangeLog" ];
+    })
+  ];
+
   # source-highlight uses it's own binary to generate documentation.
   # During cross-compilation, that binary was built for the target
   # platform architecture, so it can't run on the build host.
-  patchPhase = lib.optionalString (stdenv.hostPlatform != stdenv.buildPlatform) ''
+  postPatch = lib.optionalString (stdenv.hostPlatform != stdenv.buildPlatform) ''
     substituteInPlace Makefile.in --replace "src doc tests" "src tests"
   '';
 
@@ -21,7 +30,12 @@ stdenv.mkDerivation rec {
 
   configureFlags = [ "--with-boost=${boost.out}" ];
 
-  enableParallelBuilding = false;
+  doCheck = !stdenv.cc.isClang;
+
+  enableParallelBuilding = true;
+  # Upstream uses the same intermediate files in multiple tests, running
+  # them in parallel by make will eventually break one or more tests.
+  enableParallelChecking = false;
 
   outputs = [ "out" "doc" "dev" ];
author	Luke Granger-Brown <git@lukegb.com>	2021-09-24 12:07:12 +0100
committer	GitHub <noreply@github.com>	2021-09-24 12:07:12 +0100
commit	a78925d568e884da7e7812bed09e02c750e8d3b0 (patch)
tree	711ef356bd3bef86d935662a90724be800b249b9 /pkgs/tools
parent	22e82f4850407cb16730848cb53a9ffb6205eef8 (diff)
parent	0459b659305b2b8d23ba6b506c98ca22af611bd6 (diff)