diff options
30 files changed, 231 insertions, 147 deletions
diff --git a/doc/contributing/submitting-changes.chapter.md b/doc/contributing/submitting-changes.chapter.md index 44e981f12a53a..13f15b929cfc3 100644 --- a/doc/contributing/submitting-changes.chapter.md +++ b/doc/contributing/submitting-changes.chapter.md @@ -68,15 +68,16 @@ Security fixes are submitted in the same way as other changes and thus the same guidelines apply. -If the security fix comes in the form of a patch and a CVE is available, then the name of the patch should be the CVE identifier, so e.g. `CVE-2019-13636.patch` in the case of a patch that is included in the Nixpkgs tree. If a patch is fetched the name needs to be set as well, e.g.: - -```nix -(fetchpatch { - name = "CVE-2019-11068.patch"; - url = "https://gitlab.gnome.org/GNOME/libxslt/commit/e03553605b45c88f0b4b2980adfbbb8f6fca2fd6.patch"; - sha256 = "0pkpb4837km15zgg6h57bncp66d5lwrlvkr73h0lanywq7zrwhj8"; -}) -``` +- If a new version fixing the vulnerability has been released, update the package; +- If the security fix comes in the form of a patch and a CVE is available, then add the patch to the Nixpkgs tree, and apply it to the package. + The name of the patch should be the CVE identifier, so e.g. `CVE-2019-13636.patch`; If a patch is fetched the name needs to be set as well, e.g.: + ```nix + (fetchpatch { + name = "CVE-2019-11068.patch"; + url = "https://gitlab.gnome.org/GNOME/libxslt/commit/e03553605b45c88f0b4b2980adfbbb8f6fca2fd6.patch"; + sha256 = "0pkpb4837km15zgg6h57bncp66d5lwrlvkr73h0lanywq7zrwhj8"; + }) + ``` If a security fix applies to both master and a stable release then, similar to regular changes, they are preferably delivered via master first and cherry-picked to the release branch. diff --git a/doc/contributing/vulnerability-roundup.chapter.md b/doc/contributing/vulnerability-roundup.chapter.md new file mode 100644 index 0000000000000..d451420f9815a --- /dev/null +++ b/doc/contributing/vulnerability-roundup.chapter.md @@ -0,0 +1,45 @@ +# Vulnerability Roundup {#chap-vulnerability-roundup} + +## Issues {#vulnerability-roundup-issues} + +Vulnerable packages in Nixpkgs are managed using issues. +Currently opened ones can be found using the following: + +[github.com/NixOS/nixpkgs/issues?q=is:issue+is:open+"Vulnerability+roundup"](https://github.com/NixOS/nixpkgs/issues?q=is%3Aissue+is%3Aopen+%22Vulnerability+roundup%22) + +Each issue correspond to a vulnerable version of a package; As a consequence: + +- One issue can contain several CVEs; +- One CVE can be shared across several issues; +- A single package can be concerned by several issues. + + +A "Vulnerability roundup" issue usually respects the following format: + +```txt +<link to relevant package search on search.nix.gsc.io>, <link to relevant files in Nixpkgs on GitHub> + +<list of related CVEs, their CVSS score, and the impacted NixOS version> + +<list of the scanned Nixpkgs versions> + +<list of relevant contributors> +``` + +Note that there can be an extra comment containing links to previously reported (and still open) issues for the same package. + + +## Triaging and Fixing {#vulnerability-roundup-triaging-and-fixing} + +**Note**: An issue can be a "false positive" (i.e. automatically opened, but without the package it refers to being actually vulnerable). +If you find such a "false positive", comment on the issue an explanation of why it falls into this category, linking as much information as the necessary to help maintainers double check. + +If you are investigating a "true positive": + +- Find the earliest patched version or a code patch in the CVE details; +- Is the issue already patched (version up-to-date or patch applied manually) in Nixpkgs's `master` branch? + - **No**: + - [Submit a security fix](#submitting-changes-submitting-security-fixes); + - Once the fix is merged into `master`, [submit the change to the vulnerable release branch(es)](https://nixos.org/manual/nixpkgs/stable/#submitting-changes-stable-release-branches); + - **Yes**: [Backport the change to the vulnerable release branch(es)](https://nixos.org/manual/nixpkgs/stable/#submitting-changes-stable-release-branches). +- When the patch has made it into all the relevant branches (`master`, and the vulnerable releases), close the relevant issue(s). diff --git a/doc/manual.xml b/doc/manual.xml index 375e2394ff4a3..1c5a7bbcaa9ee 100644 --- a/doc/manual.xml +++ b/doc/manual.xml @@ -35,6 +35,7 @@ <xi:include href="contributing/quick-start.xml" /> <xi:include href="contributing/coding-conventions.xml" /> <xi:include href="contributing/submitting-changes.chapter.xml" /> + <xi:include href="contributing/vulnerability-roundup.chapter.xml" /> <xi:include href="contributing/reviewing-contributions.xml" /> <xi:include href="contributing/contributing-to-documentation.xml" /> </part> diff --git a/nixos/modules/module-list.nix b/nixos/modules/module-list.nix index 21f421abfece0..07774dd1d2930 100644 --- a/nixos/modules/module-list.nix +++ b/nixos/modules/module-list.nix @@ -155,6 +155,7 @@ ./programs/nm-applet.nix ./programs/npm.nix ./programs/oblogout.nix + ./programs/partition-manager.nix ./programs/plotinus.nix ./programs/proxychains.nix ./programs/qt5ct.nix diff --git a/nixos/modules/programs/partition-manager.nix b/nixos/modules/programs/partition-manager.nix new file mode 100644 index 0000000000000..1be2f0a69a110 --- /dev/null +++ b/nixos/modules/programs/partition-manager.nix @@ -0,0 +1,19 @@ +{ config, lib, pkgs, ... }: + +with lib; + +{ + meta.maintainers = [ maintainers.oxalica ]; + + ###### interface + options = { + programs.partition-manager.enable = mkEnableOption "KDE Partition Manager"; + }; + + ###### implementation + config = mkIf config.programs.partition-manager.enable { + services.dbus.packages = [ pkgs.libsForQt5.kpmcore ]; + # `kpmcore` need to be installed to pull in polkit actions. + environment.systemPackages = [ pkgs.libsForQt5.kpmcore pkgs.partition-manager ]; + }; +} diff --git a/nixos/modules/system/boot/systemd-lib.nix b/nixos/modules/system/boot/systemd-lib.nix index 6051a42857494..2dbf15031a088 100644 --- a/nixos/modules/system/boot/systemd-lib.nix +++ b/nixos/modules/system/boot/systemd-lib.nix @@ -182,18 +182,7 @@ in rec { # upstream unit. for i in ${toString (mapAttrsToList (n: v: v.unit) units)}; do fn=$(basename $i/*) - - case $fn in - # if file name is a template specialization, use the template's name - *@?*.service) - # remove @foo.service and replace it with @.service - ofn="''${fn%@*.service}@.service" - ;; - *) - ofn="$fn" - esac - - if [ -e $out/$ofn ]; then + if [ -e $out/$fn ]; then if [ "$(readlink -f $i/$fn)" = /dev/null ]; then ln -sfn /dev/null $out/$fn else diff --git a/nixos/tests/systemd-template-override.nix b/nixos/tests/systemd-template-override.nix deleted file mode 100644 index d8ef4a6c1c9bd..0000000000000 --- a/nixos/tests/systemd-template-override.nix +++ /dev/null @@ -1,41 +0,0 @@ -import ./make-test-python.nix { - name = "systemd-template-override"; - - machine = { pkgs, lib, ... }: let - touchTmp = pkgs.writeTextFile { - name = "touch-tmp@.service"; - text = '' - [Service] - Type=oneshot - ExecStart=${pkgs.coreutils}/bin/touch /tmp/%I - ''; - destination = "/etc/systemd/system/touch-tmp@.service"; - }; - in { - systemd.packages = [ touchTmp ]; - - systemd.services."touch-tmp@forbidden" = { - serviceConfig.ExecStart = [ "" '' - ${pkgs.coreutils}/bin/true - '']; - }; - - systemd.services."touch-tmp@intercept" = { - serviceConfig.ExecStart = [ "" '' - ${pkgs.coreutils}/bin/touch /tmp/renamed - '']; - }; - }; - - testScript = '' - machine.wait_for_unit("default.target") - - machine.succeed("systemctl start touch-tmp@normal") - machine.succeed("systemctl start touch-tmp@forbbidden") - machine.succeed("systemctl start touch-tmp@intercept") - - machine.succeed("[ -e /tmp/normal ]") - machine.succeed("[ ! -e /tmp/forbidden ]") - machine.succeed("[ -e /tmp/renamed ]") - ''; -} diff --git a/pkgs/applications/audio/samplv1/default.nix b/pkgs/applications/audio/samplv1/default.nix index 4b06a99d4735e..8f0a480812159 100644 --- a/pkgs/applications/audio/samplv1/default.nix +++ b/pkgs/applications/audio/samplv1/default.nix @@ -5,11 +5,11 @@ mkDerivation rec { pname = "samplv1"; - version = "0.9.18"; + version = "0.9.20"; src = fetchurl { url = "mirror://sourceforge/samplv1/${pname}-${version}.tar.gz"; - sha256 = "ePhM9OTLJp1Wa2D9Y1Dqq/69WlEhEp3ih9yNUIJU5Y4="; + sha256 = "sha256-9tm72lV9i/155TVweNwO2jpPsCJkh6r82g7Z1wCI1ho="; }; nativeBuildInputs = [ qttools pkg-config ]; diff --git a/pkgs/applications/networking/browsers/chromium/upstream-info.json b/pkgs/applications/networking/browsers/chromium/upstream-info.json index 667d872ac621f..da36f2de68e36 100644 --- a/pkgs/applications/networking/browsers/chromium/upstream-info.json +++ b/pkgs/applications/networking/browsers/chromium/upstream-info.json @@ -31,15 +31,15 @@ } }, "dev": { - "version": "91.0.4442.4", - "sha256": "0cmm2pimkghb6s956bkqf2k77lj69dz51nlydgkqbvw0sc8n784k", - "sha256bin64": "1hbfx8n51p7dwwz1vbp94jdmlb96vvxrbql2af4kmvx1bmzr2ism", + "version": "91.0.4449.6", + "sha256": "1y6z7p64fi4dxyrxrnlmg0wwczgw58cinrsywhnrpl2wp2y3v6m3", + "sha256bin64": "1baxra0hg981awinyyvm1x46rlskjmhs2m1h0zf72l11y1jyj5vc", "deps": { "gn": { - "version": "2021-02-09", + "version": "2021-03-12", "url": "https://gn.googlesource.com/gn", - "rev": "dfcbc6fed0a8352696f92d67ccad54048ad182b3", - "sha256": "1941bzg37c4dpsk3sh6ga3696gpq6vjzpcw9rsnf6kdr9mcgdxvn" + "rev": "64b3b9401c1c3ed5f3c43c1cac00b91f83597ab8", + "sha256": "14whk4gyx21cqxy1560xm8p1mc1581dh9g7xy120g8vvcylknjlm" } } }, diff --git a/pkgs/applications/networking/instant-messengers/deltachat-electron/default.nix b/pkgs/applications/networking/instant-messengers/deltachat-electron/default.nix index c579220cdde12..396dec1cd09f4 100644 --- a/pkgs/applications/networking/instant-messengers/deltachat-electron/default.nix +++ b/pkgs/applications/networking/instant-messengers/deltachat-electron/default.nix @@ -2,12 +2,12 @@ let pname = "deltachat-electron"; - version = "1.15.2"; + version = "1.15.3"; name = "${pname}-${version}"; src = fetchurl { url = "https://download.delta.chat/desktop/v${version}/DeltaChat-${version}.AppImage"; - sha256 = "sha256-iw2tU8qqXWbtEdLGlW8HNBHx8F2CgnCGCBUWpM407us="; + sha256 = "sha256-cYb0uruuWpNr1jF5WZ48quBZRIVXiHr99mLPLKMOX5M="; }; appimageContents = appimageTools.extract { inherit name src; }; diff --git a/pkgs/applications/networking/instant-messengers/pidgin-plugins/carbons/default.nix b/pkgs/applications/networking/instant-messengers/pidgin-plugins/carbons/default.nix index 46f8458f15332..f702a667ae16f 100644 --- a/pkgs/applications/networking/instant-messengers/pidgin-plugins/carbons/default.nix +++ b/pkgs/applications/networking/instant-messengers/pidgin-plugins/carbons/default.nix @@ -2,13 +2,13 @@ stdenv.mkDerivation rec { pname = "pidgin-carbons"; - version = "0.2.2"; + version = "0.2.3"; src = fetchFromGitHub { owner = "gkdr"; repo = "carbons"; rev = "v${version}"; - sha256 = "1aq9bwgpmbwrigq6ywf0pjkngqcm0qxncygaj1fi57npjhcjs6ln"; + sha256 = "sha256-qiyIvmJbRmCrAi/93UxDVtO76nSdtzUVfT/sZGxxAh8="; }; makeFlags = [ "PURPLE_PLUGIN_DIR=$(out)/lib/pidgin" ]; diff --git a/pkgs/applications/science/electronics/gtkwave/default.nix b/pkgs/applications/science/electronics/gtkwave/default.nix index 971891a5b011d..3a3994d9ad62d 100644 --- a/pkgs/applications/science/electronics/gtkwave/default.nix +++ b/pkgs/applications/science/electronics/gtkwave/default.nix @@ -2,11 +2,11 @@ stdenv.mkDerivation rec { pname = "gtkwave"; - version = "3.3.107"; + version = "3.3.108"; src = fetchurl { url = "mirror://sourceforge/gtkwave/${pname}-gtk3-${version}.tar.gz"; - sha256 = "0ma30jyc94iid3v3m8aw4i2lyiqfxkpsdvdmmaibynk400cbzivl"; + sha256 = "sha256-LtlexZKih+Si/pH3oQpWdpzfZ6j+41Otgfx7nLMfFSQ="; }; nativeBuildInputs = [ pkg-config wrapGAppsHook ]; diff --git a/pkgs/applications/video/clipgrab/default.nix b/pkgs/applications/video/clipgrab/default.nix index 6db2450d13653..b24ff43ac671e 100644 --- a/pkgs/applications/video/clipgrab/default.nix +++ b/pkgs/applications/video/clipgrab/default.nix @@ -5,10 +5,10 @@ mkDerivation rec { pname = "clipgrab"; - version = "3.9.5"; + version = "3.9.6"; src = fetchurl { - sha256 = "1p8pqa5s70basdm2zpmahc54shsxrr0fr7chvv425n5a9sqba4dh"; + sha256 = "sha256-1rQu2Gh9PKSbC0tuQxLwFhzy280z4obpa+eXvDBzDW0="; # The .tar.bz2 "Download" link is a binary blob, the source is the .tar.gz! url = "https://download.clipgrab.org/${pname}-${version}.tar.gz"; }; diff --git a/pkgs/development/libraries/cutelyst/default.nix b/pkgs/development/libraries/cutelyst/default.nix index 80ec1986f8cfb..9f7d020feaf78 100644 --- a/pkgs/development/libraries/cutelyst/default.nix +++ b/pkgs/development/libraries/cutelyst/default.nix @@ -4,13 +4,13 @@ stdenv.mkDerivation rec { pname = "cutelyst"; - version = "2.14.0"; + version = "2.14.2"; src = fetchFromGitHub { owner = "cutelyst"; repo = "cutelyst"; rev = "v${version}"; - sha256 = "sha256-RidUZqDnzRrgW/7LVF+BF01zNcf1cJ/kS7OF/t1Q65c="; + sha256 = "sha256-JUffOeUTeaZvEssP5hfSGipeRuQ7FzLF4bOizCFhe5o="; }; nativeBuildInputs = [ cmake pkg-config wrapQtAppsHook ]; diff --git a/pkgs/development/libraries/kpmcore/default.nix b/pkgs/development/libraries/kpmcore/default.nix index 315a38197a1f1..c3621d375870f 100644 --- a/pkgs/development/libraries/kpmcore/default.nix +++ b/pkgs/development/libraries/kpmcore/default.nix @@ -1,25 +1,38 @@ -{ stdenv, lib, fetchurl, extra-cmake-modules -, qtbase, kio -, libatasmart, parted -, util-linux }: +{ stdenv, lib, fetchurl, fetchpatch, extra-cmake-modules +, qca-qt5, kauth, kio, polkit-qt, qtbase +, util-linux +}: stdenv.mkDerivation rec { pname = "kpmcore"; - version = "3.3.0"; + # NOTE: When changing this version, also change the version of `partition-manager`. + version = "4.2.0"; src = fetchurl { url = "mirror://kde/stable/${pname}/${version}/src/${pname}-${version}.tar.xz"; - sha256 = "0s6v0jfrhjg31ri5p6h9n4w29jvasf5dj954j3vfpzl91lygmmmq"; + hash = "sha256-MvW0CqvFZtzcJlya6DIpzorPbKJai6fxt7nKsKpJn54="; }; - buildInputs = [ - qtbase - libatasmart - parted # we only need the library + patches = [ + # Fix build with `kcoreaddons` >= 5.77.0 + (fetchpatch { + url = "https://github.com/KDE/kpmcore/commit/07e5a3ac2858e6d38cc698e0f740e7a693e9f302.patch"; + sha256 = "sha256-LYzea888euo2HXM+acWaylSw28iwzOdZBvPBt/gjP1s="; + }) + # Fix crash when `fstab` omits mount options. + (fetchpatch { + url = "https://github.com/KDE/kpmcore/commit/eea84fb60525803a789e55bb168afb968464c130.patch"; + sha256 = "sha256-NJ3PvyRC6SKNSOlhJPrDDjepuw7IlAoufPgvml3fap0="; + }) + ]; + buildInputs = [ + qca-qt5 + kauth kio + polkit-qt - util-linux # needs blkid (note that this is not provided by util-linux-compat) + util-linux # Needs blkid in configure script (note that this is not provided by util-linux-compat) ]; nativeBuildInputs = [ extra-cmake-modules ]; @@ -27,8 +40,11 @@ stdenv.mkDerivation rec { dontWrapQtApps = true; meta = with lib; { - maintainers = with lib.maintainers; [ peterhoeg ]; + description = "KDE Partition Manager core library"; + homepage = "https://invent.kde.org/system/kpmcore"; + license = with licenses; [ cc-by-40 cc0 gpl3Plus mit ]; + maintainers = with maintainers; [ peterhoeg oxalica ]; # The build requires at least Qt 5.14: - broken = lib.versionOlder qtbase.version "5.14"; + broken = versionOlder qtbase.version "5.14"; }; } diff --git a/pkgs/development/ocaml-modules/bitstring/default.nix b/pkgs/development/ocaml-modules/bitstring/default.nix index 583017d9ddec1..12ed4ae787da9 100644 --- a/pkgs/development/ocaml-modules/bitstring/default.nix +++ b/pkgs/development/ocaml-modules/bitstring/default.nix @@ -2,7 +2,7 @@ buildDunePackage rec { pname = "bitstring"; - version = "4.0.1"; + version = "4.1.0"; useDune2 = true; @@ -10,7 +10,7 @@ buildDunePackage rec { owner = "xguerin"; repo = pname; rev = "v${version}"; - sha256 = "1z7jmgljvp52lvn3ml2cp6gssxqp4sikwyjf6ym97cycbcw0fjjm"; + sha256 = "0mghsl8b2zd2676mh1r9142hymhvzy9cw8kgkjmirxkn56wbf56b"; }; propagatedBuildInputs = [ stdlib-shims ]; diff --git a/pkgs/development/ocaml-modules/bitstring/ppx.nix b/pkgs/development/ocaml-modules/bitstring/ppx.nix index ee0a8c51f732e..4d391d3458dc1 100644 --- a/pkgs/development/ocaml-modules/bitstring/ppx.nix +++ b/pkgs/development/ocaml-modules/bitstring/ppx.nix @@ -3,6 +3,10 @@ , ounit }: +if !lib.versionAtLeast ppxlib.version "0.18.0" +then throw "ppx_bitstring is not available with ppxlib-${ppxlib.version}" +else + buildDunePackage rec { pname = "ppx_bitstring"; inherit (bitstring) version useDune2 src; diff --git a/pkgs/development/ocaml-modules/ppx_import/default.nix b/pkgs/development/ocaml-modules/ppx_import/default.nix index b5651a8cec2a2..4ad26ff0862b9 100644 --- a/pkgs/development/ocaml-modules/ppx_import/default.nix +++ b/pkgs/development/ocaml-modules/ppx_import/default.nix @@ -1,27 +1,28 @@ -{ lib, fetchurl, buildDunePackage, ocaml -, ounit, ppx_deriving, ppx_tools_versioned -, ppxlib, ocaml-migrate-parsetree +{ lib, fetchurl, buildDunePackage +, ppx_tools_versioned +, ocaml-migrate-parsetree +, ounit, ppx_deriving, ppxlib }: buildDunePackage rec { pname = "ppx_import"; - version = "1.7.1"; + version = "1.8.0"; useDune2 = true; minimumOCamlVersion = "4.04"; src = fetchurl { - url = "https://github.com/ocaml-ppx/ppx_import/releases/download/v${version}/ppx_import-v${version}.tbz"; - sha256 = "16dyxfb7syz659rqa7yq36ny5vzl7gkqd7f4m6qm2zkjc1gc8j4v"; + url = "https://github.com/ocaml-ppx/ppx_import/releases/download/v${version}/ppx_import-${version}.tbz"; + sha256 = "0zqcj70yyp4ik4jc6jz3qs2xhb94vxc6yq9ij0d5cyak28klc3gv"; }; propagatedBuildInputs = [ - ppxlib ppx_tools_versioned ocaml-migrate-parsetree + ppx_tools_versioned ocaml-migrate-parsetree ]; doCheck = true; - checkInputs = [ ounit ppx_deriving ]; + checkInputs = [ ounit ppx_deriving ppxlib ]; meta = { description = "A syntax extension that allows to pull in types or signatures from other compiled interface files"; diff --git a/pkgs/development/python-modules/databricks-cli/default.nix b/pkgs/development/python-modules/databricks-cli/default.nix index 54cec0f98addf..547b9a3af7a23 100644 --- a/pkgs/development/python-modules/databricks-cli/default.nix +++ b/pkgs/development/python-modules/databricks-cli/default.nix @@ -9,11 +9,11 @@ buildPythonPackage rec { pname = "databricks-cli"; - version = "0.14.2"; + version = "0.14.3"; src = fetchPypi { inherit pname version; - sha256 = "9e956f0efb7aad100d9963f223db986392cf2dc3e9922f2f83e55d372e84ef16"; + sha256 = "bdf89a3917a3f8f8b99163e38d40e66dc478c7408954747f145cd09816b05e2c"; }; checkInputs = [ diff --git a/pkgs/development/python-modules/gradient/default.nix b/pkgs/development/python-modules/gradient/default.nix index 05a590e52feac..c74501c621e76 100644 --- a/pkgs/development/python-modules/gradient/default.nix +++ b/pkgs/development/python-modules/gradient/default.nix @@ -7,11 +7,11 @@ buildPythonPackage rec { pname = "gradient"; - version = "1.4.2"; + version = "1.4.3"; src = fetchPypi { inherit pname version; - sha256 = "2ed10db306d4c8632b7d04d71d44a04331a6e80e5ebab7296a98e67e8a50fb71"; + sha256 = "a8fa91669c97440049132119019e90d0a9cf09e96352cf43c7c6ca244894bd4e"; }; postPatch = '' diff --git a/pkgs/development/python-modules/jenkins-job-builder/default.nix b/pkgs/development/python-modules/jenkins-job-builder/default.nix index 7d4f6dd936393..3ae6bf84ae4f5 100644 --- a/pkgs/development/python-modules/jenkins-job-builder/default.nix +++ b/pkgs/development/python-modules/jenkins-job-builder/default.nix @@ -10,11 +10,11 @@ buildPythonPackage rec { pname = "jenkins-job-builder"; - version = "3.8.0"; + version = "3.9.0"; src = fetchPypi { inherit pname version; - sha256 = "sha256-uRyeRP1y3GS7tXb0kHLBi7+trJRme/Ke3xgOY+LqZ6k="; + sha256 = "4a53e146843d567c375c2e61e70a840d75a412402fd78c1dd3da5642a6aaa375"; }; postPatch = '' diff --git a/pkgs/development/tools/misc/cproto/default.nix b/pkgs/development/tools/misc/cproto/default.nix index 5ee1a64f2c236..84890f1662356 100644 --- a/pkgs/development/tools/misc/cproto/default.nix +++ b/pkgs/development/tools/misc/cproto/default.nix @@ -2,7 +2,7 @@ stdenv.mkDerivation rec { pname = "cproto"; - version = "4.7q"; + version = "4.7r"; src = fetchurl { urls = [ @@ -10,7 +10,7 @@ stdenv.mkDerivation rec { # No version listings and apparently no versioned tarball over http(s). "ftp://ftp.invisible-island.net/cproto/cproto-${version}.tgz" ]; - sha256 = "138n5j6lkanbbdcs63irzxny4nfgp0zk66z621xjbnybf920svpk"; + sha256 = "sha256-bgRg2yVZXHobUz8AUaV4ZKBkp2KjP+2oXbDXmPTUX8U="; }; # patch made by Joe Khoobyar copied from gentoo bugs diff --git a/pkgs/games/cbonsai/default.nix b/pkgs/games/cbonsai/default.nix index 9e318b92fa962..c817b5d36b5bb 100644 --- a/pkgs/games/cbonsai/default.nix +++ b/pkgs/games/cbonsai/default.nix @@ -1,14 +1,14 @@ { stdenv, lib, fetchFromGitLab, ncurses, pkg-config, nix-update-script }: stdenv.mkDerivation rec { - version = "1.0.1"; + version = "1.0.4"; pname = "cbonsai"; src = fetchFromGitLab { owner = "jallbrit"; repo = pname; rev = "v${version}"; - sha256 = "sha256-UTjbc0kGHOQse4sZF94p4LAwMk9vsZg1QHq8iuDcTDk="; + sha256 = "sha256-5yyvisExf4Minyr1ApJQ2SoctfjhdU6kEbgBGgHDtCg="; }; nativeBuildInputs = [ pkg-config ]; diff --git a/pkgs/os-specific/linux/pax-utils/default.nix b/pkgs/os-specific/linux/pax-utils/default.nix index f69b2bd7fcec1..40159cd2acd80 100644 --- a/pkgs/os-specific/linux/pax-utils/default.nix +++ b/pkgs/os-specific/linux/pax-utils/default.nix @@ -2,11 +2,11 @@ stdenv.mkDerivation rec { pname = "pax-utils"; - version = "1.2.6"; + version = "1.2.8"; src = fetchurl { url = "http://distfiles.gentoo.org/distfiles/${pname}-${version}.tar.xz"; - sha256 = "08bzvgv1z3371sqf7zlm9i0b1y3wdymj2dqdvzvf192k3nix4hlp"; + sha256 = "sha256-urTIhG4dLMNmnPqSMdIdszWEHX1Y+eGc0Jn+bOYmsVc="; }; makeFlags = [ "PREFIX=$(out)" ]; diff --git a/pkgs/servers/matterbridge/default.nix b/pkgs/servers/matterbridge/default.nix index 6d12ac84d901e..4235c7e26b1db 100644 --- a/pkgs/servers/matterbridge/default.nix +++ b/pkgs/servers/matterbridge/default.nix @@ -2,7 +2,7 @@ buildGoModule rec { pname = "matterbridge"; - version = "1.21.0"; + version = "1.22.0"; vendorSha256 = null; @@ -10,7 +10,7 @@ buildGoModule rec { src = fetchurl { url = "https://github.com/42wim/matterbridge/archive/v${version}.tar.gz"; - sha256 = "sha256-ehn6KdPpDpfdyWCVfLuZLq2dDmZXc6InlnovqNsdG6Y="; + sha256 = "sha256-jwatqxQh4t4tgNiOEjS9vxIM+9XtnH8QNch887+xDnI="; }; meta = with lib; { diff --git a/pkgs/servers/mattermost/default.nix b/pkgs/servers/mattermost/default.nix index f63f76efabae1..6a7ba06df885c 100644 --- a/pkgs/servers/mattermost/default.nix +++ b/pkgs/servers/mattermost/default.nix @@ -1,7 +1,7 @@ { lib, stdenv, fetchurl, fetchFromGitHub, buildGoPackage, buildEnv }: let - version = "5.25.3"; + version = "5.32.1"; mattermost-server = buildGoPackage rec { pname = "mattermost-server"; @@ -11,7 +11,7 @@ let owner = "mattermost"; repo = "mattermost-server"; rev = "v${version}"; - sha256 = "03xcwlbb9ff5whsdn2m3kqskxpwpfciikjjndbhksc8k8963z07j"; + sha256 = "BssrTfkIxUbXYXIfz9i+5b4rEYSzBim+/riK78m8Bxo="; }; goPackagePath = "github.com/mattermost/mattermost-server"; @@ -29,7 +29,7 @@ let src = fetchurl { url = "https://releases.mattermost.com/${version}/mattermost-${version}-linux-amd64.tar.gz"; - sha256 = "1p1qxzrd6rj1i43vj18ysknrw2v02s7llx94nrdd5lk10ayzmg63"; + sha256 = "kRerl3fYRTrotj86AIFSor3GpjhABkCmego1ms9HmkQ="; }; installPhase = '' diff --git a/pkgs/servers/monitoring/grafana/default.nix b/pkgs/servers/monitoring/grafana/default.nix index dc7ca728f2ceb..9bf10165e0076 100644 --- a/pkgs/servers/monitoring/grafana/default.nix +++ b/pkgs/servers/monitoring/grafana/default.nix @@ -2,7 +2,7 @@ buildGoModule rec { pname = "grafana"; - version = "7.4.3"; + version = "7.4.5"; excludedPackages = [ "release_publisher" ]; @@ -10,15 +10,15 @@ buildGoModule rec { rev = "v${version}"; owner = "grafana"; repo = "grafana"; - sha256 = "sha256-FPQa6q1ks9Lpod5sI29YBnGZvVRU12hTiw6GR85/mEs="; + sha256 = "10pnwd4d19ry7w2x46acc3j8gjn73b45fzc579gz1hc8hx2b3s0s"; }; srcStatic = fetchurl { url = "https://dl.grafana.com/oss/release/grafana-${version}.linux-amd64.tar.gz"; - sha256 = "sha256-idbG+K9NVnNhEB0f7DfP7iaEnHMf59ieQtYnmT6CvVM="; + sha256 = "1x9jx3ww37cn6r6cn6gqlavmllxydks23vm8w4934bv8zppj1zwz"; }; - vendorSha256 = "sha256-LL+EkDZbbaNo/fPMGlPsB8jgBYHoe6SdkBbQoW5y4EU="; + vendorSha256 = "0ig0f9pa3l0nj2fs8yz8h42y1j07xi9imk7kzmla6vav6s889grc"; postPatch = '' substituteInPlace pkg/cmd/grafana-server/main.go \ diff --git a/pkgs/tools/misc/nncp/default.nix b/pkgs/tools/misc/nncp/default.nix index 4469f130b5892..4c03172d9affe 100644 --- a/pkgs/tools/misc/nncp/default.nix +++ b/pkgs/tools/misc/nncp/default.nix @@ -1,6 +1,7 @@ { lib, stdenv , go , fetchurl +, redo-apenwarr , curl , perl , genericUpdater @@ -9,24 +10,33 @@ stdenv.mkDerivation rec { pname = "nncp"; - version = "5.3.3"; + version = "6.2.0"; src = fetchurl { url = "http://www.nncpgo.org/download/${pname}-${version}.tar.xz"; - sha256 = "1l35ndzrvpfim29jn1p0bwmc8w892z44nsrdnay28k229r9dhz3h"; + sha256 = "1zj0v82zqigcxhpc50mvafvi1ihs92ck35vjfrwb7wzzd7nysb17"; }; - nativeBuildInputs = [ go ]; + nativeBuildInputs = [ go redo-apenwarr ]; - preConfigure = '' + buildPhase = '' + runHook preBuild export GOCACHE=$PWD/.cache + export CFGPATH=/etc/nncp.hjson + export SENDMAIL=sendmail # default value for generated config file + redo ''${enableParallelBuilding:+-j''${NIX_BUILD_CORES}} + runHook postBuild ''; - makeFlags = [ - "PREFIX=${placeholder "out"}" - "CFGPATH=/etc/nncp.hjson" - "SENDMAIL=/run/wrappers/bin/sendmail" - ]; + installPhase = '' + runHook preInstall + export PREFIX=$out + rm -f INSTALL # work around case insensitivity + redo install + runHook postInstall + ''; + + enableParallelBuilding = true; passthru.updateScript = genericUpdater { inherit pname version; @@ -54,7 +64,7 @@ stdenv.mkDerivation rec { transmission exists. ''; homepage = "http://www.nncpgo.org/"; - license = licenses.gpl3; + license = licenses.gpl3Only; platforms = platforms.all; maintainers = [ maintainers.woffs ]; }; diff --git a/pkgs/tools/misc/partition-manager/default.nix b/pkgs/tools/misc/partition-manager/default.nix index 845c0fec92118..064590ef979b7 100644 --- a/pkgs/tools/misc/partition-manager/default.nix +++ b/pkgs/tools/misc/partition-manager/default.nix @@ -1,30 +1,66 @@ -{ mkDerivation, fetchurl, lib +{ mkDerivation, fetchurl, lib, makeWrapper , extra-cmake-modules, kdoctools, wrapGAppsHook, wrapQtAppsHook , kconfig, kcrash, kinit, kpmcore -, eject, libatasmart , util-linux, qtbase +, cryptsetup, lvm2, mdadm, smartmontools, systemdMinimal, util-linux +, btrfs-progs, dosfstools, e2fsprogs, exfat, f2fs-tools, fatresize, hfsprogs +, jfsutils, nilfs-utils, ntfs3g, reiser4progs, reiserfsprogs, udftools, xfsprogs, zfs }: let - pname = "partitionmanager"; + # External programs are resolved by `partition-manager` and then + # invoked by `kpmcore_externalcommand` from `kpmcore` as root. + # So these packages should be in PATH of `partition-manager`. + # https://github.com/KDE/kpmcore/blob/06f15334ecfbe871730a90dbe2b694ba060ee998/src/util/externalcommand_whitelist.h + runtimeDeps = lib.makeBinPath [ + cryptsetup + lvm2 + mdadm + smartmontools + systemdMinimal + util-linux + + btrfs-progs + dosfstools + e2fsprogs + exfat + f2fs-tools + fatresize + hfsprogs + jfsutils + nilfs-utils + ntfs3g + reiser4progs + reiserfsprogs + udftools + xfsprogs + zfs + + # FIXME: Missing command: tune.exfat hfsck hformat fsck.nilfs2 {fsck,mkfs,debugfs,tunefs}.ocfs2 + ]; + in mkDerivation rec { - name = "${pname}-${version}"; - version = "3.3.1"; + pname = "partitionmanager"; + # NOTE: When changing this version, also change the version of `kpmcore`. + version = "4.2.0"; src = fetchurl { - url = "mirror://kde/stable/${pname}/${version}/src/${name}.tar.xz"; - sha256 = "0jhggb4xksb0k0mj752n6pz0xmccnbzlp984xydqbz3hkigra1si"; + url = "mirror://kde/stable/${pname}/${version}/src/${pname}-${version}.tar.xz"; + hash = "sha256-6Qlt1c47Eek6TkWWBzTyBZYJ1jfhtwsC9X5q5h6IhPg="; }; - nativeBuildInputs = [ extra-cmake-modules kdoctools wrapGAppsHook wrapQtAppsHook ]; + nativeBuildInputs = [ extra-cmake-modules kdoctools wrapGAppsHook wrapQtAppsHook makeWrapper ]; - # refer to kpmcore for the use of eject - buildInputs = [ eject libatasmart util-linux ]; propagatedBuildInputs = [ kconfig kcrash kinit kpmcore ]; + postFixup = '' + wrapProgram $out/bin/partitionmanager \ + --prefix PATH : "${runtimeDeps}" + ''; + meta = with lib; { description = "KDE Partition Manager"; - license = licenses.gpl2; + license = with licenses; [ cc-by-40 cc0 gpl3Plus lgpl3Plus mit ]; homepage = "https://www.kde.org/applications/system/kdepartitionmanager/"; - maintainers = with maintainers; [ peterhoeg ]; + maintainers = with maintainers; [ peterhoeg oxalica ]; }; } diff --git a/pkgs/top-level/ocaml-packages.nix b/pkgs/top-level/ocaml-packages.nix index 8b4b56d57a493..fd8165085f085 100644 --- a/pkgs/top-level/ocaml-packages.nix +++ b/pkgs/top-level/ocaml-packages.nix @@ -929,7 +929,9 @@ let ppx_bap = callPackage ../development/ocaml-modules/ppx_bap { }; - ppx_bitstring = callPackage ../development/ocaml-modules/bitstring/ppx.nix { }; + ppx_bitstring = callPackage ../development/ocaml-modules/bitstring/ppx.nix { + ppxlib = ppxlib.override { version = "0.22.0"; }; + }; ppxfind = callPackage ../development/ocaml-modules/ppxfind { }; |