diff options
186 files changed, 2242 insertions, 2060 deletions
diff --git a/.git-blame-ignore-revs b/.git-blame-ignore-revs index 2436c29afc70f..b7da3c84fc17f 100644 --- a/.git-blame-ignore-revs +++ b/.git-blame-ignore-revs @@ -96,3 +96,9 @@ fb0e5be84331188a69b3edd31679ca6576edb75a # nixos/*: add trivial defaultText for options with simple defaults 25124556397ba17bfd70297000270de1e6523b0a + +# systemd: rewrite comments +92dfeb7b3dab820ae307c56c216d175c69ee93cd + +# systemd: break too long lines of Nix code +67643f8ec84bef1482204709073e417c9f07eb87 diff --git a/nixos/doc/manual/release-notes/rl-2405.section.md b/nixos/doc/manual/release-notes/rl-2405.section.md index bad1fd449bbb9..c25fa3e07d332 100644 --- a/nixos/doc/manual/release-notes/rl-2405.section.md +++ b/nixos/doc/manual/release-notes/rl-2405.section.md @@ -8,6 +8,10 @@ In addition to numerous new and upgraded packages, this release has the followin <!-- To avoid merge conflicts, consider adding your item at an arbitrary place in the list instead. --> +- `cryptsetup` has been upgraded from 2.6.1 to 2.7.0. Cryptsetup is a critical component enabling LUKS-based (but not only) full disk encryption. + Take the time to review [the release notes](https://gitlab.com/cryptsetup/cryptsetup/-/raw/v2.7.0/docs/v2.7.0-ReleaseNotes). + One of the highlight is that it is now possible to use hardware OPAL-based encryption of your disk with `cryptsetup`, it has a lot of caveats, see the above notes for the full details. + - `screen`'s module has been cleaned, and will now require you to set `programs.screen.enable` in order to populate `screenrc` and add the program to the environment. - `linuxPackages_testing_bcachefs` is now fully deprecated by `linuxPackages_latest`, and is therefore no longer available. @@ -255,6 +259,8 @@ The pre-existing [services.ankisyncd](#opt-services.ankisyncd.enable) has been m After upgrading, follow the instructions on the [upstream release notes](https://github.com/majewsky/portunus/releases/tag/v2.0.0) to upgrade all user accounts to strong password hashes. Support for weak password hashes will be removed in NixOS 24.11. +- A stdenv's default set of hardening flags can now be set via its `bintools-wrapper`'s `defaultHardeningFlags` argument. A convenient stdenv adapter, `withDefaultHardeningFlags`, can be used to override an existing stdenv's `defaultHardeningFlags`. + - `libass` now uses the native CoreText backend on Darwin, which may fix subtitle rendering issues with `mpv`, `ffmpeg`, etc. - [Lilypond](https://lilypond.org/index.html) and [Denemo](https://www.denemo.org) are now compiled with Guile 3.0. @@ -274,6 +280,8 @@ The pre-existing [services.ankisyncd](#opt-services.ankisyncd.enable) has been m - `stdenv`: The `--replace` flag in `substitute`, `substituteInPlace`, `substituteAll`, `substituteAllStream`, and `substituteStream` is now deprecated if favor of the new `--replace-fail`, `--replace-warn` and `--replace-quiet`. The deprecated `--replace` equates to `--replace-warn`. +- A new hardening flag, `zerocallusedregs` was made available, corresponding to the gcc/clang option `-fzero-call-used-regs=used-gpr`. + - New options were added to the dnsdist module to enable and configure a DNSCrypt endpoint (see `services.dnsdist.dnscrypt.enable`, etc.). The module can generate the DNSCrypt provider key pair, certificates and also performs their rotation automatically with no downtime. @@ -290,6 +298,8 @@ The pre-existing [services.ankisyncd](#opt-services.ankisyncd.enable) has been m `globalRedirect` can now have redirect codes other than 301 through `redirectCode`. +- `libjxl` 0.9.0 [dropped support for the butteraugli API](https://github.com/libjxl/libjxl/pull/2576). You will no longer be able to set `enableButteraugli` on `libaom`. + - The source of the `mockgen` package has changed to the [go.uber.org/mock](https://github.com/uber-go/mock) fork because [the original repository is no longer maintained](https://github.com/golang/mock#gomock). - `security.pam.enableSSHAgentAuth` was renamed to `security.pam.sshAgentAuth.enable` and an `authorizedKeysFiles` @@ -298,6 +308,8 @@ The pre-existing [services.ankisyncd](#opt-services.ankisyncd.enable) has been m - [](#opt-boot.kernel.sysctl._net.core.wmem_max_) changed from a string to an integer because of the addition of a custom merge option (taking the highest value defined to avoid conflicts between 2 services trying to set that value), just as [](#opt-boot.kernel.sysctl._net.core.rmem_max_) since 22.11. +- A new top-level package set, `pkgsExtraHardening` is added. This is a set of packages built with stricter hardening flags - those that have not yet received enough testing to be applied universally, those that are more likely to cause build failures or those that have drawbacks to their use (e.g. performance or required hardware features). + - `services.zfs.zed.enableMail` now uses the global `sendmail` wrapper defined by an email module (such as msmtp or Postfix). It no longer requires using a special ZFS build with email support. diff --git a/nixos/modules/services/hardware/pcscd.nix b/nixos/modules/services/hardware/pcscd.nix index 85accd8335f78..b5963e1d29a3d 100644 --- a/nixos/modules/services/hardware/pcscd.nix +++ b/nixos/modules/services/hardware/pcscd.nix @@ -46,8 +46,8 @@ in config = mkIf config.services.pcscd.enable { environment.etc."reader.conf".source = cfgFile; - environment.systemPackages = [ package.out ]; - systemd.packages = [ (getBin package) ]; + environment.systemPackages = [ package ]; + systemd.packages = [ package ]; services.pcscd.plugins = [ pkgs.ccid ]; @@ -64,7 +64,7 @@ in # around it, we force the path to the cfgFile. # # https://github.com/NixOS/nixpkgs/issues/121088 - serviceConfig.ExecStart = [ "" "${getBin package}/bin/pcscd -f -x -c ${cfgFile}" ]; + serviceConfig.ExecStart = [ "" "${package}/bin/pcscd -f -x -c ${cfgFile}" ]; }; }; } diff --git a/nixos/modules/services/networking/dhcpcd.nix b/nixos/modules/services/networking/dhcpcd.nix index 2b59352ac616b..266a7ea1435e1 100644 --- a/nixos/modules/services/networking/dhcpcd.nix +++ b/nixos/modules/services/networking/dhcpcd.nix @@ -219,6 +219,8 @@ in ''; } ]; + environment.etc."dhcpcd.conf".source = dhcpcdConf; + systemd.services.dhcpcd = let cfgN = config.networking; hasDefaultGatewaySet = (cfgN.defaultGateway != null && cfgN.defaultGateway.address != "") diff --git a/pkgs/applications/editors/ed/sources.nix b/pkgs/applications/editors/ed/sources.nix index 5cb7501830532..e78a6085ddda0 100644 --- a/pkgs/applications/editors/ed/sources.nix +++ b/pkgs/applications/editors/ed/sources.nix @@ -23,10 +23,10 @@ in { ed = let pname = "ed"; - version = "1.19"; + version = "1.20"; src = fetchurl { url = "mirror://gnu/ed/ed-${version}.tar.lz"; - hash = "sha256-zi8uXEJHkKqW0J2suT2bv9wLfrYknJy3U4RS6Ox3zUg="; + hash = "sha256-xgMN7+auFy8Wh5Btc1QFTHWmqRMK8xnU5zxQqRlZxaY="; }; in import ./generic.nix { inherit pname version src meta; diff --git a/pkgs/applications/editors/emacs/sources.nix b/pkgs/applications/editors/emacs/sources.nix index 37bab4923bfc3..aa73fa29b0d19 100644 --- a/pkgs/applications/editors/emacs/sources.nix +++ b/pkgs/applications/editors/emacs/sources.nix @@ -77,10 +77,10 @@ in emacs29 = import ./make-emacs.nix (mkArgs { pname = "emacs"; - version = "29.1"; + version = "29.2"; variant = "mainline"; - rev = "29.1"; - hash = "sha256-3HDCwtOKvkXwSULf3W7YgTz4GV8zvYnh2RrL28qzGKg="; + rev = "29.2"; + hash = "sha256-qSQmQzVyEGSr4GAI6rqnEwBvhl09D2D8MNasHqZQPL8="; }); emacs28-macport = import ./make-emacs.nix (mkArgs { diff --git a/pkgs/build-support/cc-wrapper/add-hardening.sh b/pkgs/build-support/cc-wrapper/add-hardening.sh index 2eae278da1604..e884f8388b58b 100644 --- a/pkgs/build-support/cc-wrapper/add-hardening.sh +++ b/pkgs/build-support/cc-wrapper/add-hardening.sh @@ -32,7 +32,7 @@ if [[ -n "${hardeningEnableMap[fortify3]-}" ]]; then fi if (( "${NIX_DEBUG:-0}" >= 1 )); then - declare -a allHardeningFlags=(fortify fortify3 stackprotector pie pic strictoverflow format) + declare -a allHardeningFlags=(fortify fortify3 stackprotector pie pic strictoverflow format zerocallusedregs) declare -A hardeningDisableMap=() # Determine which flags were effectively disabled so we can report below. @@ -110,6 +110,10 @@ for flag in "${!hardeningEnableMap[@]}"; do if (( "${NIX_DEBUG:-0}" >= 1 )); then echo HARDENING: enabling format >&2; fi hardeningCFlagsBefore+=('-Wformat' '-Wformat-security' '-Werror=format-security') ;; + zerocallusedregs) + if (( "${NIX_DEBUG:-0}" >= 1 )); then echo HARDENING: enabling zerocallusedregs >&2; fi + hardeningCFlagsBefore+=('-fzero-call-used-regs=used-gpr') + ;; *) # Ignore unsupported. Checked in Nix that at least *some* # tool supports each flag. diff --git a/pkgs/build-support/cc-wrapper/default.nix b/pkgs/build-support/cc-wrapper/default.nix index 59aaa41e9c173..693c6e6fcfd49 100644 --- a/pkgs/build-support/cc-wrapper/default.nix +++ b/pkgs/build-support/cc-wrapper/default.nix @@ -223,6 +223,15 @@ let defaultHardeningFlags = bintools.defaultHardeningFlags or []; + # if cc.hardeningUnsupportedFlagsByTargetPlatform exists, this is + # called with the targetPlatform as an argument and + # cc.hardeningUnsupportedFlags is completely ignored - the function + # is responsible for including the constant hardeningUnsupportedFlags + # list however it sees fit. + ccHardeningUnsupportedFlags = if cc ? hardeningUnsupportedFlagsByTargetPlatform + then cc.hardeningUnsupportedFlagsByTargetPlatform targetPlatform + else (cc.hardeningUnsupportedFlags or []); + darwinPlatformForCC = optionalString stdenv.targetPlatform.isDarwin ( if (targetPlatform.darwinPlatform == "macos" && isGNU) then "macosx" else targetPlatform.darwinPlatform @@ -584,7 +593,7 @@ stdenv.mkDerivation { ## Hardening support ## + '' - export hardening_unsupported_flags="${builtins.concatStringsSep " " (cc.hardeningUnsupportedFlags or [])}" + export hardening_unsupported_flags="${builtins.concatStringsSep " " ccHardeningUnsupportedFlags}" '' # Machine flags. These are necessary to support diff --git a/pkgs/build-support/rust/rustc-wrapper/rustc-wrapper.sh b/pkgs/build-support/rust/rustc-wrapper/rustc-wrapper.sh index 2082f3126a538..4a90e30652fea 100644 --- a/pkgs/build-support/rust/rustc-wrapper/rustc-wrapper.sh +++ b/pkgs/build-support/rust/rustc-wrapper/rustc-wrapper.sh @@ -4,7 +4,7 @@ defaultSysroot=(@sysroot@) for arg; do case "$arg" in - --sysroot) + --sysroot|--sysroot=*) defaultSysroot=() ;; --) diff --git a/pkgs/by-name/al/alsa-lib/package.nix b/pkgs/by-name/al/alsa-lib/package.nix index f0eb349060735..f22f68d19cf85 100644 --- a/pkgs/by-name/al/alsa-lib/package.nix +++ b/pkgs/by-name/al/alsa-lib/package.nix @@ -8,11 +8,11 @@ stdenv.mkDerivation (finalAttrs: { pname = "alsa-lib"; - version = "1.2.9"; + version = "1.2.11"; src = fetchurl { url = "mirror://alsa/lib/${finalAttrs.pname}-${finalAttrs.version}.tar.bz2"; - hash = "sha256-3JxkP9xMz9BXLMaFhY3UHgivtYPzBGCzF+QYgnX2FbI="; + hash = "sha256-nz8vabmV+a03NZBy+8aaOoi/uggfyD6b4w4UZieVu00="; }; patches = [ diff --git a/pkgs/by-name/al/alsa-ucm-conf/package.nix b/pkgs/by-name/al/alsa-ucm-conf/package.nix index b7203a7376387..cb3bf00a00380 100644 --- a/pkgs/by-name/al/alsa-ucm-conf/package.nix +++ b/pkgs/by-name/al/alsa-ucm-conf/package.nix @@ -1,4 +1,4 @@ -{ lib, stdenv, fetchurl }: +{ lib, stdenv, fetchurl, fetchpatch }: stdenv.mkDerivation rec { pname = "alsa-ucm-conf"; @@ -9,6 +9,16 @@ stdenv.mkDerivation rec { hash = "sha256-nCHj8B/wC6p1jfF+hnzTbiTrtBpr7ElzfpkQXhbyrpc="; }; + patches = [ + (fetchpatch { + # ToDo: Remove this patch in the next package upgrade + # Fixes SplitPCM to make some audio devices work with alsa-ucm-conf v1.2.10 again + name = "alsa-ucm-conf-splitpcm-device-argument-fix.patch"; + url = "https://github.com/alsa-project/alsa-ucm-conf/commit/b68aa52acdd2763fedad5eec0f435fbf43e5ccc6.patch"; + hash = "sha256-8WE4+uhi4W7cCSZYmL7uFpcHJ9muX09UkGXyZIpEd9I="; + }) + ]; + dontBuild = true; installPhase = '' diff --git a/pkgs/by-name/bl/bluez/package.nix b/pkgs/by-name/bl/bluez/package.nix index 4704ecd078965..b87c84fe7f67a 100644 --- a/pkgs/by-name/bl/bluez/package.nix +++ b/pkgs/by-name/bl/bluez/package.nix @@ -5,7 +5,6 @@ , docutils , ell , enableExperimental ? false -, fetchpatch , fetchurl , glib , json_c @@ -19,13 +18,23 @@ stdenv.mkDerivation (finalAttrs: { pname = "bluez"; - version = "5.71"; + version = "5.72"; src = fetchurl { url = "mirror://kernel/linux/bluetooth/bluez-${finalAttrs.version}.tar.xz"; - hash = "sha256-uCjUGMk87R9Vthb7VILPAVN0QL+zT72hpWTz7OlHNdg="; + hash = "sha256-SZ1/o0WplsG7ZQ9cZ0nh2SkRH6bs4L4OmGh/7mEkU24="; }; + patches = + # Disable one failing test with musl libc, also seen by alpine + # https://github.com/bluez/bluez/issues/726 + lib.optional (stdenv.hostPlatform.isMusl && stdenv.hostPlatform.isx86_64) + (fetchurl { + url = "https://git.alpinelinux.org/aports/plain/main/bluez/disable_aics_unit_testcases.patch?id=8e96f7faf01a45f0ad8449c1cd825db63a8dfd48"; + hash = "sha256-1PJkipqBO3qxxOqRFQKfpWlne1kzTCgtnTFYI1cFQt4="; + }) + ; + buildInputs = [ alsa-lib dbus @@ -41,6 +50,7 @@ stdenv.mkDerivation (finalAttrs: { nativeBuildInputs = [ docutils pkg-config + python3.pkgs.pygments python3.pkgs.wrapPython ]; diff --git a/pkgs/by-name/cm/cmake/package.nix b/pkgs/by-name/cm/cmake/package.nix index 51db582b68f2a..42dbacac67b9c 100644 --- a/pkgs/by-name/cm/cmake/package.nix +++ b/pkgs/by-name/cm/cmake/package.nix @@ -46,11 +46,11 @@ stdenv.mkDerivation (finalAttrs: { + lib.optionalString isMinimalBuild "-minimal" + lib.optionalString cursesUI "-cursesUI" + lib.optionalString qt5UI "-qt5UI"; - version = "3.27.8"; + version = "3.27.9"; src = fetchurl { url = "https://cmake.org/files/v${lib.versions.majorMinor finalAttrs.version}/cmake-${finalAttrs.version}.tar.gz"; - hash = "sha256-/s4kVj9peHD7uYLqi/F0gsnV+FXYyb8LgkY9dsno0Mw="; + hash = "sha256-YJqbmFcqal6kd/kSz/uXMQntTQpqaz+eI1PSzcBIcI4="; }; patches = [ @@ -68,6 +68,7 @@ stdenv.mkDerivation (finalAttrs: { ++ lib.optional stdenv.isDarwin ./006-darwin-always-set-runtime-c-flag.diff; outputs = [ "out" ] ++ lib.optionals buildDocs [ "man" "info" ]; + separateDebugInfo = true; setOutputFlags = false; setupHooks = [ diff --git a/pkgs/development/libraries/libcamera/default.nix b/pkgs/by-name/li/libcamera/package.nix index 232fb29ecbe53..a6a0fe8fa7c35 100644 --- a/pkgs/development/libraries/libcamera/default.nix +++ b/pkgs/by-name/li/libcamera/package.nix @@ -1,7 +1,7 @@ { stdenv , fetchgit -, fetchpatch , lib +, fetchpatch , meson , ninja , pkg-config @@ -18,29 +18,23 @@ , python3 , python3Packages , systemd # for libudev +, withQcam ? false +, qt5 # withQcam +, libtiff # withQcam }: stdenv.mkDerivation rec { pname = "libcamera"; - version = "0.1.0"; + version = "0.2.0"; src = fetchgit { url = "https://git.libcamera.org/libcamera/libcamera.git"; rev = "v${version}"; - hash = "sha256-icHZtv25QvJEv0DlELT3cDxho3Oz2BJAMNKr5W4bshk="; + hash = "sha256-x0Im9m9MoACJhQKorMI34YQ+/bd62NdAPc2nWwaJAvM="; }; outputs = [ "out" "dev" "doc" ]; - patches = [ - (fetchpatch { - # https://git.libcamera.org/libcamera/libcamera.git/commit/?id=6cb92b523bd60bd7718df134cc5b1eff51cf42e5 - name = "libcamera-sphinx7.0-compat.patch"; - url = "https://git.libcamera.org/libcamera/libcamera.git/patch/?id=6cb92b523bd60bd7718df134cc5b1eff51cf42e5"; - hash = "sha256-gs0EiT3gWlmRjDim+o2C0VmnoWqEouP5pNTD4XbNSdE="; - }) - ]; - postPatch = '' patchShebangs utils/ ''; @@ -69,7 +63,7 @@ stdenv.mkDerivation rec { libyaml gtest - ]; + ] ++ lib.optionals withQcam [ libtiff qt5.qtbase qt5.qttools ]; nativeBuildInputs = [ meson @@ -83,22 +77,22 @@ stdenv.mkDerivation rec { graphviz doxygen openssl - ]; + ] ++ lib.optional withQcam qt5.wrapQtAppsHook; mesonFlags = [ "-Dv4l2=true" - "-Dqcam=disabled" + "-Dqcam=${if withQcam then "enabled" else "disabled"}" "-Dlc-compliance=disabled" # tries unconditionally to download gtest when enabled # Avoid blanket -Werror to evade build failures on less # tested compilers. "-Dwerror=false" - ]; + ]; # Fixes error on a deprecated declaration env.NIX_CFLAGS_COMPILE = "-Wno-error=deprecated-declarations"; # Silence fontconfig warnings about missing config - FONTCONFIG_FILE = makeFontsConf { fontDirectories = []; }; + FONTCONFIG_FILE = makeFontsConf { fontDirectories = [ ]; }; # libcamera signs the IPA module libraries at install time, but they are then # modified by stripping and RPATH fixup. Therefore, we need to generate the diff --git a/pkgs/by-name/ti/tinycompress/package.nix b/pkgs/by-name/ti/tinycompress/package.nix index 96b82bc696fcb..b6002c0205b07 100644 --- a/pkgs/by-name/ti/tinycompress/package.nix +++ b/pkgs/by-name/ti/tinycompress/package.nix @@ -5,11 +5,11 @@ stdenv.mkDerivation rec { pname = "tinycompress"; - version = "1.2.8"; + version = "1.2.11"; src = fetchurl { url = "mirror://alsa/tinycompress/${pname}-${version}.tar.bz2"; - hash = "sha256-L4l+URLNO8pnkLXOz9puBmLIvF7g+6uXKyR6DMYg1mw="; + hash = "sha256-6754jCgyjnzKJFqvkZSlrQ3JHp4NyIPCz5/rbULJ8/w="; }; meta = with lib; { diff --git a/pkgs/data/misc/publicsuffix-list/default.nix b/pkgs/data/misc/publicsuffix-list/default.nix index d5608036b5e3a..b2c69dff10919 100644 --- a/pkgs/data/misc/publicsuffix-list/default.nix +++ b/pkgs/data/misc/publicsuffix-list/default.nix @@ -2,13 +2,13 @@ stdenvNoCC.mkDerivation { pname = "publicsuffix-list"; - version = "unstable-2023-02-16"; + version = "0-unstable-2024-01-07"; src = fetchFromGitHub { owner = "publicsuffix"; repo = "list"; - rev = "8ec4d3049fe139f92937b6137155c33b81dcaf18"; - hash = "sha256-wA8zk0iADFNP33veIf+Mfx22zdMzHsMNWEizMp1SnuA="; + rev = "5db9b65997e3c9230ac4353b01994c2ae9667cb9"; + hash = "sha256-kIJVS2ETAXQa1MMG8cjRUSFUn+jm9jBWH8go3L+lqHE="; }; dontBuild = true; diff --git a/pkgs/data/misc/tzdata/default.nix b/pkgs/data/misc/tzdata/default.nix index b90a560045bbf..3d40384132cb2 100644 --- a/pkgs/data/misc/tzdata/default.nix +++ b/pkgs/data/misc/tzdata/default.nix @@ -1,17 +1,17 @@ { lib, stdenv, fetchurl, buildPackages }: -stdenv.mkDerivation rec { +stdenv.mkDerivation (finalAttrs: { pname = "tzdata"; - version = "2023d"; + version = "2024a"; srcs = [ (fetchurl { - url = "https://data.iana.org/time-zones/releases/tzdata${version}.tar.gz"; - hash = "sha256-28ohlwsKi4wM7O7B17kfqQO+D27KWucytTKWciMqCPM="; + url = "https://data.iana.org/time-zones/releases/tzdata${finalAttrs.version}.tar.gz"; + hash = "sha256-DQQ0RZrL0gWaeo2h8zBKhKhlkfbtacYkj/+lArbt/+M="; }) (fetchurl { - url = "https://data.iana.org/time-zones/releases/tzcode${version}.tar.gz"; - hash = "sha256-6aX54RiIbS3pK2K7BVEKKMxsBY15HJO9a4TTKSw8Fh4="; + url = "https://data.iana.org/time-zones/releases/tzcode${finalAttrs.version}.tar.gz"; + hash = "sha256-gAcolK3/WkWPHRQ+FuTKHYsqEiycU5naSCy2jLpqH/g="; }) ]; @@ -25,14 +25,14 @@ stdenv.mkDerivation rec { propagatedBuildOutputs = [ ]; makeFlags = [ - "TOPDIR=$(out)" - "TZDIR=$(out)/share/zoneinfo" - "BINDIR=$(bin)/bin" - "ZICDIR=$(bin)/bin" + "TOPDIR=${placeholder "out"}" + "TZDIR=${placeholder "out"}/share/zoneinfo" + "BINDIR=${placeholder "bin"}/bin" + "ZICDIR=${placeholder "bin"}/bin" "ETCDIR=$(TMPDIR)/etc" "TZDEFAULT=tzdefault-to-remove" - "LIBDIR=$(dev)/lib" - "MANDIR=$(man)/share/man" + "LIBDIR=${placeholder "dev"}/lib" + "MANDIR=${placeholder "man"}/share/man" "AWK=awk" "CFLAGS=-DHAVE_LINK=0" "CFLAGS+=-DZIC_BLOAT_DEFAULT=\\\"fat\\\"" @@ -45,7 +45,9 @@ stdenv.mkDerivation rec { "CFLAGS+=-DRESERVE_STD_EXT_IDS" ]; - doCheck = false; # needs more tools + doCheck = true; + # everything except for check_web, because that needs curl and wants to talk to https://validator.w3.org + checkTarget = "check_back check_character_set check_white_space check_links check_name_lengths check_now check_slashed_abbrs check_sorted check_tables check_ziguard check_zishrink check_tzs"; installFlags = lib.optionals (stdenv.buildPlatform != stdenv.hostPlatform) [ "zic=${buildPackages.tzdata.bin}/bin/zic" @@ -70,7 +72,7 @@ stdenv.mkDerivation rec { meta = with lib; { homepage = "http://www.iana.org/time-zones"; description = "Database of current and historical time zones"; - changelog = "https://github.com/eggert/tz/blob/${version}/NEWS"; + changelog = "https://github.com/eggert/tz/blob/${finalAttrs.version}/NEWS"; license = with licenses; [ bsd3 # tzcode publicDomain # tzdata @@ -78,4 +80,4 @@ stdenv.mkDerivation rec { platforms = platforms.all; maintainers = with maintainers; [ ajs124 fpletz ]; }; -} +}) diff --git a/pkgs/development/compilers/gcc/default.nix b/pkgs/development/compilers/gcc/default.nix index e0ca04a138787..53bc057a5b253 100644 --- a/pkgs/development/compilers/gcc/default.nix +++ b/pkgs/development/compilers/gcc/default.nix @@ -407,6 +407,7 @@ lib.pipe ((callFile ./common/builder.nix {}) ({ inherit langC langCC langObjC langObjCpp langAda langFortran langGo langD langJava version; isGNU = true; hardeningUnsupportedFlags = lib.optional is48 "stackprotector" + ++ lib.optional (!atLeast11) "zerocallusedregs" ++ lib.optional (!atLeast12) "fortify3" ++ lib.optionals (langFortran) [ "fortify" "format" ]; }; diff --git a/pkgs/development/compilers/llvm/10/clang/default.nix b/pkgs/development/compilers/llvm/10/clang/default.nix new file mode 100644 index 0000000000000..747e7cf1a5516 --- /dev/null +++ b/pkgs/development/compilers/llvm/10/clang/default.nix @@ -0,0 +1,133 @@ +{ lib, stdenv, llvm_meta, fetch, substituteAll, cmake, libxml2, libllvm, version, clang-tools-extra_src, python3 +, buildLlvmTools +, fixDarwinDylibNames +, enableManpages ? false +}: + +let + self = stdenv.mkDerivation ({ + pname = "clang"; + inherit version; + + src = fetch "clang" "091bvcny2lh32zy8f3m9viayyhb2zannrndni7325rl85cwgr6pr"; + + unpackPhase = '' + unpackFile $src + mv clang-${version}* clang + sourceRoot=$PWD/clang + unpackFile ${clang-tools-extra_src} + mv clang-tools-extra-* $sourceRoot/tools/extra + ''; + + nativeBuildInputs = [ cmake python3 ] + ++ lib.optional enableManpages python3.pkgs.sphinx + ++ lib.optional stdenv.hostPlatform.isDarwin fixDarwinDylibNames; + + buildInputs = [ libxml2 libllvm ]; + + cmakeFlags = [ + "-DCLANGD_BUILD_XPC=OFF" + "-DLLVM_ENABLE_RTTI=ON" + ] ++ lib.optionals enableManpages [ + "-DCLANG_INCLUDE_DOCS=ON" + "-DLLVM_ENABLE_SPHINX=ON" + "-DSPHINX_OUTPUT_MAN=ON" + "-DSPHINX_OUTPUT_HTML=OFF" + "-DSPHINX_WARNINGS_AS_ERRORS=OFF" + ] ++ lib.optionals (stdenv.hostPlatform != stdenv.buildPlatform) [ + "-DLLVM_TABLEGEN_EXE=${buildLlvmTools.llvm}/bin/llvm-tblgen" + "-DCLANG_TABLEGEN=${buildLlvmTools.libclang.dev}/bin/clang-tblgen" + ]; + + patches = [ + ./purity.patch + # https://reviews.llvm.org/D51899 + ./compiler-rt-baremetal.patch + ./gnu-install-dirs.patch + (substituteAll { + src = ../../clang-6-10-LLVMgold-path.patch; + libllvmLibdir = "${libllvm.lib}/lib"; + }) + ]; + + postPatch = '' + sed -i -e 's/DriverArgs.hasArg(options::OPT_nostdlibinc)/true/' \ + -e 's/Args.hasArg(options::OPT_nostdlibinc)/true/' \ + lib/Driver/ToolChains/*.cpp + '' + lib.optionalString stdenv.hostPlatform.isMusl '' + sed -i -e 's/lgcc_s/lgcc_eh/' lib/Driver/ToolChains/*.cpp + '' + lib.optionalString stdenv.hostPlatform.isDarwin '' + substituteInPlace tools/extra/clangd/CMakeLists.txt \ + --replace "NOT HAVE_CXX_ATOMICS64_WITHOUT_LIB" FALSE + ''; + + outputs = [ "out" "lib" "dev" "python" ]; + + postInstall = '' + ln -sv $out/bin/clang $out/bin/cpp + + # Move libclang to 'lib' output + moveToOutput "lib/libclang.*" "$lib" + moveToOutput "lib/libclang-cpp.*" "$lib" + substituteInPlace $out/lib/cmake/clang/ClangTargets-release.cmake \ + --replace "\''${_IMPORT_PREFIX}/lib/libclang." "$lib/lib/libclang." \ + --replace "\''${_IMPORT_PREFIX}/lib/libclang-cpp." "$lib/lib/libclang-cpp." + + mkdir -p $python/bin $python/share/{clang,scan-view} + mv $out/bin/{git-clang-format,scan-view} $python/bin + if [ -e $out/bin/set-xcode-analyzer ]; then + mv $out/bin/set-xcode-analyzer $python/bin + fi + mv $out/share/clang/*.py $python/share/clang + mv $out/share/scan-view/*.py $python/share/scan-view + rm $out/bin/c-index-test + patchShebangs $python/bin + + mkdir -p $dev/bin + cp bin/clang-tblgen $dev/bin + ''; + + passthru = { + inherit libllvm; + isClang = true; + hardeningUnsupportedFlags = [ "fortify3" "zerocallusedregs" ]; + }; + + meta = llvm_meta // { + homepage = "https://clang.llvm.org/"; + description = "A C language family frontend for LLVM"; + longDescription = '' + The Clang project provides a language front-end and tooling + infrastructure for languages in the C language family (C, C++, Objective + C/C++, OpenCL, CUDA, and RenderScript) for the LLVM project. + It aims to deliver amazingly fast compiles, extremely useful error and + warning messages and to provide a platform for building great source + level tools. The Clang Static Analyzer and clang-tidy are tools that + automatically find bugs in your code, and are great examples of the sort + of tools that can be built using the Clang frontend as a library to + parse C/C++ code. + ''; + mainProgram = "clang"; + }; + } // lib.optionalAttrs enableManpages { + pname = "clang-manpages"; + + buildPhase = '' + make docs-clang-man + ''; + + installPhase = '' + mkdir -p $out/share/man/man1 + # Manually install clang manpage + cp docs/man/*.1 $out/share/man/man1/ + ''; + + outputs = [ "out" ]; + + doCheck = false; + + meta = llvm_meta // { + description = "man page for Clang ${version}"; + }; + }); +in self diff --git a/pkgs/development/compilers/llvm/11/clang/default.nix b/pkgs/development/compilers/llvm/11/clang/default.nix index 0e61930f1c0e7..5ddecd1f47e90 100644 --- a/pkgs/development/compilers/llvm/11/clang/default.nix +++ b/pkgs/development/compilers/llvm/11/clang/default.nix @@ -95,7 +95,7 @@ let passthru = { inherit libllvm; isClang = true; - hardeningUnsupportedFlags = [ "fortify3" ]; + hardeningUnsupportedFlags = [ "fortify3" "zerocallusedregs" ]; }; meta = llvm_meta // { diff --git a/pkgs/development/compilers/llvm/12/clang/default.nix b/pkgs/development/compilers/llvm/12/clang/default.nix index c46776d38ac3d..28f976a26bdb3 100644 --- a/pkgs/development/compilers/llvm/12/clang/default.nix +++ b/pkgs/development/compilers/llvm/12/clang/default.nix @@ -89,7 +89,7 @@ let passthru = { inherit libllvm; isClang = true; - hardeningUnsupportedFlags = [ "fortify3" ]; + hardeningUnsupportedFlags = [ "fortify3" "zerocallusedregs" ]; }; meta = llvm_meta // { diff --git a/pkgs/development/compilers/llvm/13/clang/default.nix b/pkgs/development/compilers/llvm/13/clang/default.nix index 6604ae0efc3f1..7673c903e71cc 100644 --- a/pkgs/development/compilers/llvm/13/clang/default.nix +++ b/pkgs/development/compilers/llvm/13/clang/default.nix @@ -83,7 +83,7 @@ let passthru = { inherit libllvm; isClang = true; - hardeningUnsupportedFlags = [ "fortify3" ]; + hardeningUnsupportedFlags = [ "fortify3" "zerocallusedregs" ]; }; meta = llvm_meta // { diff --git a/pkgs/development/compilers/llvm/14/clang/default.nix b/pkgs/development/compilers/llvm/14/clang/default.nix index 9f0da7a9f46cb..f63f55cfa5466 100644 --- a/pkgs/development/compilers/llvm/14/clang/default.nix +++ b/pkgs/development/compilers/llvm/14/clang/default.nix @@ -86,7 +86,7 @@ let passthru = { inherit libllvm; isClang = true; - hardeningUnsupportedFlags = [ "fortify3" ]; + hardeningUnsupportedFlags = [ "fortify3" "zerocallusedregs" ]; }; meta = llvm_meta // { diff --git a/pkgs/development/compilers/llvm/15/clang/default.nix b/pkgs/development/compilers/llvm/15/clang/default.nix index c49d6368cb97c..9ec15a3930040 100644 --- a/pkgs/development/compilers/llvm/15/clang/default.nix +++ b/pkgs/development/compilers/llvm/15/clang/default.nix @@ -7,7 +7,7 @@ }: let - self = stdenv.mkDerivation (rec { + self = stdenv.mkDerivation (finalAttrs: rec { pname = "clang"; inherit version; @@ -97,7 +97,12 @@ let passthru = { inherit libllvm; isClang = true; - hardeningUnsupportedFlags = [ "fortify3" ]; + hardeningUnsupportedFlags = [ + "fortify3" + ]; + hardeningUnsupportedFlagsByTargetPlatform = targetPlatform: + lib.optional (!(targetPlatform.isx86_64 || targetPlatform.isAarch64)) "zerocallusedregs" + ++ (finalAttrs.passthru.hardeningUnsupportedFlags or []); }; meta = llvm_meta // { diff --git a/pkgs/development/compilers/llvm/16/clang/default.nix b/pkgs/development/compilers/llvm/16/clang/default.nix index 5f28e810f603f..43c497b927615 100644 --- a/pkgs/development/compilers/llvm/16/clang/default.nix +++ b/pkgs/development/compilers/llvm/16/clang/default.nix @@ -7,7 +7,7 @@ }: let - self = stdenv.mkDerivation (rec { + self = stdenv.mkDerivation (finalAttrs: rec { pname = "clang"; inherit version; @@ -91,7 +91,12 @@ let passthru = { inherit libllvm; isClang = true; - hardeningUnsupportedFlags = [ "fortify3" ]; + hardeningUnsupportedFlags = [ + "fortify3" + ]; + hardeningUnsupportedFlagsByTargetPlatform = targetPlatform: + lib.optional (!(targetPlatform.isx86_64 || targetPlatform.isAarch64)) "zerocallusedregs" + ++ (finalAttrs.passthru.hardeningUnsupportedFlags or []); }; meta = llvm_meta // { diff --git a/pkgs/development/compilers/llvm/17/clang/default.nix b/pkgs/development/compilers/llvm/17/clang/default.nix index 3184437830a20..f2f114233c283 100644 --- a/pkgs/development/compilers/llvm/17/clang/default.nix +++ b/pkgs/development/compilers/llvm/17/clang/default.nix @@ -7,7 +7,7 @@ }: let - self = stdenv.mkDerivation (rec { + self = stdenv.mkDerivation (finalAttrs: rec { pname = "clang"; inherit version; @@ -95,7 +95,12 @@ let passthru = { inherit libllvm; isClang = true; - hardeningUnsupportedFlags = [ "fortify3" ]; + hardeningUnsupportedFlags = [ + "fortify3" + ]; + hardeningUnsupportedFlagsByTargetPlatform = targetPlatform: + lib.optional (!(targetPlatform.isx86_64 || targetPlatform.isAarch64)) "zerocallusedregs" + ++ (finalAttrs.passthru.hardeningUnsupportedFlags or []); }; meta = llvm_meta // { diff --git a/pkgs/development/compilers/llvm/8/clang/default.nix b/pkgs/development/compilers/llvm/8/clang/default.nix new file mode 100644 index 0000000000000..36b09df19c689 --- /dev/null +++ b/pkgs/development/compilers/llvm/8/clang/default.nix @@ -0,0 +1,145 @@ +{ lib, stdenv, llvm_meta, fetch, substituteAll, cmake, libxml2, libllvm, version, clang-tools-extra_src, python3 +, buildLlvmTools +, fixDarwinDylibNames +, enableManpages ? false +, enablePolly ? false # TODO: get this info from llvm (passthru?) +}: + +let + self = stdenv.mkDerivation ({ + pname = "clang"; + inherit version; + + src = fetch "cfe" "0ihnbdl058gvl2wdy45p5am55bq8ifx8m9mhcsgj9ax8yxlzvvvh"; + + unpackPhase = '' + unpackFile $src + mv cfe-${version}* clang + sourceRoot=$PWD/clang + unpackFile ${clang-tools-extra_src} + mv clang-tools-extra-* $sourceRoot/tools/extra + ''; + + nativeBuildInputs = [ cmake python3 ] + ++ lib.optional enableManpages python3.pkgs.sphinx + ++ lib.optional stdenv.hostPlatform.isDarwin fixDarwinDylibNames; + + buildInputs = [ libxml2 libllvm ]; + + cmakeFlags = [ + "-DCMAKE_CXX_FLAGS=-std=c++11" + "-DCLANGD_BUILD_XPC=OFF" + "-DLLVM_ENABLE_RTTI=ON" + ] ++ lib.optionals enableManpages [ + "-DCLANG_INCLUDE_DOCS=ON" + "-DLLVM_ENABLE_SPHINX=ON" + "-DSPHINX_OUTPUT_MAN=ON" + "-DSPHINX_OUTPUT_HTML=OFF" + "-DSPHINX_WARNINGS_AS_ERRORS=OFF" + ] ++ lib.optionals (stdenv.hostPlatform != stdenv.buildPlatform) [ + "-DLLVM_TABLEGEN_EXE=${buildLlvmTools.llvm}/bin/llvm-tblgen" + "-DCLANG_TABLEGEN=${buildLlvmTools.libclang.dev}/bin/clang-tblgen" + ] ++ lib.optionals enablePolly [ + "-DWITH_POLLY=ON" + "-DLINK_POLLY_INTO_TOOLS=ON" + ]; + + patches = [ + ../../common/clang/5-8-purity.patch + ./xpc.patch + # Backport for -static-pie, which the latter touches, and which is nice in + # its own right. + ./static-pie.patch + # Backport for the `--unwindlib=[libgcc|compiler-rt]` flag, which is + # needed for our bootstrapping to not interfere with C. + ./unwindlib.patch + # https://reviews.llvm.org/D51899 + ./compiler-rt-baremetal.patch + # make clang -xhip use $PATH to find executables + ./HIP-use-PATH-8.patch + ./gnu-install-dirs.patch + (substituteAll { + src = ../../clang-6-10-LLVMgold-path.patch; + libllvmLibdir = "${libllvm.lib}/lib"; + }) + ]; + + postPatch = '' + sed -i -e 's/DriverArgs.hasArg(options::OPT_nostdlibinc)/true/' \ + -e 's/Args.hasArg(options::OPT_nostdlibinc)/true/' \ + lib/Driver/ToolChains/*.cpp + '' + lib.optionalString stdenv.hostPlatform.isMusl '' + sed -i -e 's/lgcc_s/lgcc_eh/' lib/Driver/ToolChains/*.cpp + '' + lib.optionalString stdenv.hostPlatform.isDarwin '' + substituteInPlace tools/extra/clangd/CMakeLists.txt \ + --replace "NOT HAVE_CXX_ATOMICS64_WITHOUT_LIB" FALSE + ''; + + outputs = [ "out" "lib" "dev" "python" ]; + + postInstall = '' + ln -sv $out/bin/clang $out/bin/cpp + + # Move libclang to 'lib' output + moveToOutput "lib/libclang.*" "$lib" + substituteInPlace $out/lib/cmake/clang/ClangTargets-release.cmake \ + --replace "\''${_IMPORT_PREFIX}/lib/libclang." "$lib/lib/libclang." + + mkdir -p $python/bin $python/share/{clang,scan-view} + mv $out/bin/{git-clang-format,scan-view} $python/bin + if [ -e $out/bin/set-xcode-analyzer ]; then + mv $out/bin/set-xcode-analyzer $python/bin + fi + mv $out/share/clang/*.py $python/share/clang + mv $out/share/scan-view/*.py $python/share/scan-view + rm $out/bin/c-index-test + patchShebangs $python/bin + + mkdir -p $dev/bin + cp bin/clang-tblgen $dev/bin + ''; + + passthru = { + inherit libllvm; + isClang = true; + hardeningUnsupportedFlags = [ "fortify3" "zerocallusedregs" ]; + }; + + meta = llvm_meta // { + homepage = "https://clang.llvm.org/"; + description = "A C language family frontend for LLVM"; + longDescription = '' + The Clang project provides a language front-end and tooling + infrastructure for languages in the C language family (C, C++, Objective + C/C++, OpenCL, CUDA, and RenderScript) for the LLVM project. + It aims to deliver amazingly fast compiles, extremely useful error and + warning messages and to provide a platform for building great source + level tools. The Clang Static Analyzer and clang-tidy are tools that + automatically find bugs in your code, and are great examples of the sort + of tools that can be built using the Clang frontend as a library to + parse C/C++ code. + ''; + mainProgram = "clang"; + }; + } // lib.optionalAttrs enableManpages { + pname = "clang-manpages"; + + buildPhase = '' + make docs-clang-man + ''; + + installPhase = '' + mkdir -p $out/share/man/man1 + # Manually install clang manpage + cp docs/man/*.1 $out/share/man/man1/ + ''; + + outputs = [ "out" ]; + + doCheck = false; + + meta = llvm_meta // { + description = "man page for Clang ${version}"; + }; + }); +in self diff --git a/pkgs/development/compilers/llvm/9/clang/default.nix b/pkgs/development/compilers/llvm/9/clang/default.nix index 75814fc11c481..e8a2a4bd0db19 100644 --- a/pkgs/development/compilers/llvm/9/clang/default.nix +++ b/pkgs/development/compilers/llvm/9/clang/default.nix @@ -97,7 +97,7 @@ let passthru = { inherit libllvm; isClang = true; - hardeningUnsupportedFlags = [ "fortify3" ]; + hardeningUnsupportedFlags = [ "fortify3" "zerocallusedregs" ]; }; meta = llvm_meta // { diff --git a/pkgs/development/compilers/llvm/git/clang/default.nix b/pkgs/development/compilers/llvm/git/clang/default.nix index fff39fa9cea03..eea346ef22efc 100644 --- a/pkgs/development/compilers/llvm/git/clang/default.nix +++ b/pkgs/development/compilers/llvm/git/clang/default.nix @@ -7,7 +7,7 @@ }: let - self = stdenv.mkDerivation (rec { + self = stdenv.mkDerivation (finalAttrs: rec { pname = "clang"; inherit version; @@ -96,7 +96,12 @@ let passthru = { inherit libllvm; isClang = true; - hardeningUnsupportedFlags = [ "fortify3" ]; + hardeningUnsupportedFlags = [ + "fortify3" + ]; + hardeningUnsupportedFlagsByTargetPlatform = targetPlatform: + lib.optional (!(targetPlatform.isx86_64 || targetPlatform.isAarch64)) "zerocallusedregs" + ++ (finalAttrs.passthru.hardeningUnsupportedFlags or []); }; meta = llvm_meta // { diff --git a/pkgs/development/interpreters/python/cpython/3.10/asyncio-deprecation.patch b/pkgs/development/interpreters/python/cpython/3.10/asyncio-deprecation.patch deleted file mode 100644 index 656e4eb6a4cb3..0000000000000 --- a/pkgs/development/interpreters/python/cpython/3.10/asyncio-deprecation.patch +++ /dev/null @@ -1,598 +0,0 @@ -REVERT https://github.com/python/cpython/commit/300d812fd1c4d9244e71de0d228cc72439d312a7 ---- b/Doc/library/asyncio-eventloop.rst -+++ a/Doc/library/asyncio-eventloop.rst -@@ -43,12 +43,10 @@ - - Get the current event loop. - -+ If there is no current event loop set in the current OS thread, -+ the OS thread is main, and :func:`set_event_loop` has not yet -+ been called, asyncio will create a new event loop and set it as the -+ current one. -- When called from a coroutine or a callback (e.g. scheduled with -- call_soon or similar API), this function will always return the -- running event loop. -- -- If there is no running event loop set, the function will return -- the result of ``get_event_loop_policy().get_event_loop()`` call. - - Because this function has rather complex behavior (especially - when custom event loop policies are in use), using the -@@ -60,14 +58,10 @@ - event loop. - - .. deprecated:: 3.10 -+ Emits a deprecation warning if there is no running event loop. -+ In future Python releases, this function may become an alias of -+ :func:`get_running_loop` and will accordingly raise a -+ :exc:`RuntimeError` if there is no running event loop. -- Deprecation warning is emitted if there is no current event loop. -- In Python 3.12 it will be an error. -- -- .. note:: -- In Python versions 3.10.0--3.10.8 this function -- (and other functions which used it implicitly) emitted a -- :exc:`DeprecationWarning` if there was no running event loop, even if -- the current loop was set. - - .. function:: set_event_loop(loop) - -reverted: ---- b/Doc/library/asyncio-llapi-index.rst -+++ a/Doc/library/asyncio-llapi-index.rst -@@ -19,7 +19,7 @@ - - The **preferred** function to get the running event loop. - - * - :func:`asyncio.get_event_loop` -+ - Get an event loop instance (current or via the policy). -- - Get an event loop instance (running or current via the current policy). - - * - :func:`asyncio.set_event_loop` - - Set the event loop as current via the current policy. -reverted: ---- b/Doc/library/asyncio-policy.rst -+++ a/Doc/library/asyncio-policy.rst -@@ -112,11 +112,6 @@ - - On Windows, :class:`ProactorEventLoop` is now used by default. - -- .. deprecated:: 3.10.9 -- :meth:`get_event_loop` now emits a :exc:`DeprecationWarning` if there -- is no current event loop set and a new event loop has been implicitly -- created. In Python 3.12 it will be an error. -- - - .. class:: WindowsSelectorEventLoopPolicy - -reverted: ---- b/Lib/asyncio/events.py -+++ a/Lib/asyncio/events.py -@@ -650,21 +650,6 @@ - if (self._local._loop is None and - not self._local._set_called and - threading.current_thread() is threading.main_thread()): -- stacklevel = 2 -- try: -- f = sys._getframe(1) -- except AttributeError: -- pass -- else: -- while f: -- module = f.f_globals.get('__name__') -- if not (module == 'asyncio' or module.startswith('asyncio.')): -- break -- f = f.f_back -- stacklevel += 1 -- import warnings -- warnings.warn('There is no current event loop', -- DeprecationWarning, stacklevel=stacklevel) - self.set_event_loop(self.new_event_loop()) - - if self._local._loop is None: -@@ -778,13 +763,12 @@ - - - def _get_event_loop(stacklevel=3): -- # This internal method is going away in Python 3.12, left here only for -- # backwards compatibility with 3.10.0 - 3.10.8 and 3.11.0. -- # Similarly, this method's C equivalent in _asyncio is going away as well. -- # See GH-99949 for more details. - current_loop = _get_running_loop() - if current_loop is not None: - return current_loop -+ import warnings -+ warnings.warn('There is no current event loop', -+ DeprecationWarning, stacklevel=stacklevel) - return get_event_loop_policy().get_event_loop() - - -reverted: ---- b/Lib/test/test_asyncio/test_base_events.py -+++ a/Lib/test/test_asyncio/test_base_events.py -@@ -752,7 +752,7 @@ - def test_env_var_debug(self): - code = '\n'.join(( - 'import asyncio', -+ 'loop = asyncio.get_event_loop()', -- 'loop = asyncio.new_event_loop()', - 'print(loop.get_debug())')) - - # Test with -E to not fail if the unit test was run with -reverted: ---- b/Lib/test/test_asyncio/test_events.py -+++ a/Lib/test/test_asyncio/test_events.py -@@ -2561,9 +2561,8 @@ - def test_get_event_loop(self): - policy = asyncio.DefaultEventLoopPolicy() - self.assertIsNone(policy._local._loop) -+ -+ loop = policy.get_event_loop() -- with self.assertWarns(DeprecationWarning) as cm: -- loop = policy.get_event_loop() -- self.assertEqual(cm.filename, __file__) - self.assertIsInstance(loop, asyncio.AbstractEventLoop) - - self.assertIs(policy._local._loop, loop) -@@ -2577,10 +2576,7 @@ - policy, "set_event_loop", - wraps=policy.set_event_loop) as m_set_event_loop: - -+ loop = policy.get_event_loop() -- with self.assertWarns(DeprecationWarning) as cm: -- loop = policy.get_event_loop() -- self.addCleanup(loop.close) -- self.assertEqual(cm.filename, __file__) - - # policy._local._loop must be set through .set_event_loop() - # (the unix DefaultEventLoopPolicy needs this call to attach -@@ -2614,8 +2610,7 @@ - - def test_set_event_loop(self): - policy = asyncio.DefaultEventLoopPolicy() -+ old_loop = policy.get_event_loop() -- old_loop = policy.new_event_loop() -- policy.set_event_loop(old_loop) - - self.assertRaises(AssertionError, policy.set_event_loop, object()) - -@@ -2728,11 +2723,15 @@ - asyncio.set_event_loop_policy(Policy()) - loop = asyncio.new_event_loop() - -+ with self.assertWarns(DeprecationWarning) as cm: -+ with self.assertRaises(TestError): -+ asyncio.get_event_loop() -+ self.assertEqual(cm.warnings[0].filename, __file__) -- with self.assertRaises(TestError): -- asyncio.get_event_loop() - asyncio.set_event_loop(None) -+ with self.assertWarns(DeprecationWarning) as cm: -+ with self.assertRaises(TestError): -+ asyncio.get_event_loop() -+ self.assertEqual(cm.warnings[0].filename, __file__) -- with self.assertRaises(TestError): -- asyncio.get_event_loop() - - with self.assertRaisesRegex(RuntimeError, 'no running'): - asyncio.get_running_loop() -@@ -2746,11 +2745,16 @@ - loop.run_until_complete(func()) - - asyncio.set_event_loop(loop) -+ with self.assertWarns(DeprecationWarning) as cm: -+ with self.assertRaises(TestError): -+ asyncio.get_event_loop() -+ self.assertEqual(cm.warnings[0].filename, __file__) -+ -- with self.assertRaises(TestError): -- asyncio.get_event_loop() - asyncio.set_event_loop(None) -+ with self.assertWarns(DeprecationWarning) as cm: -+ with self.assertRaises(TestError): -+ asyncio.get_event_loop() -+ self.assertEqual(cm.warnings[0].filename, __file__) -- with self.assertRaises(TestError): -- asyncio.get_event_loop() - - finally: - asyncio.set_event_loop_policy(old_policy) -@@ -2774,8 +2778,10 @@ - self.addCleanup(loop2.close) - self.assertEqual(cm.warnings[0].filename, __file__) - asyncio.set_event_loop(None) -+ with self.assertWarns(DeprecationWarning) as cm: -+ with self.assertRaisesRegex(RuntimeError, 'no current'): -+ asyncio.get_event_loop() -+ self.assertEqual(cm.warnings[0].filename, __file__) -- with self.assertRaisesRegex(RuntimeError, 'no current'): -- asyncio.get_event_loop() - - with self.assertRaisesRegex(RuntimeError, 'no running'): - asyncio.get_running_loop() -@@ -2789,11 +2795,15 @@ - loop.run_until_complete(func()) - - asyncio.set_event_loop(loop) -+ with self.assertWarns(DeprecationWarning) as cm: -+ self.assertIs(asyncio.get_event_loop(), loop) -+ self.assertEqual(cm.warnings[0].filename, __file__) -- self.assertIs(asyncio.get_event_loop(), loop) - - asyncio.set_event_loop(None) -+ with self.assertWarns(DeprecationWarning) as cm: -+ with self.assertRaisesRegex(RuntimeError, 'no current'): -+ asyncio.get_event_loop() -+ self.assertEqual(cm.warnings[0].filename, __file__) -- with self.assertRaisesRegex(RuntimeError, 'no current'): -- asyncio.get_event_loop() - - finally: - asyncio.set_event_loop_policy(old_policy) -reverted: ---- b/Lib/test/test_asyncio/test_futures.py -+++ a/Lib/test/test_asyncio/test_futures.py -@@ -145,8 +145,10 @@ - self.assertTrue(f.cancelled()) - - def test_constructor_without_loop(self): -+ with self.assertWarns(DeprecationWarning) as cm: -+ with self.assertRaisesRegex(RuntimeError, 'There is no current event loop'): -+ self._new_future() -+ self.assertEqual(cm.warnings[0].filename, __file__) -- with self.assertRaisesRegex(RuntimeError, 'no current event loop'): -- self._new_future() - - def test_constructor_use_running_loop(self): - async def test(): -@@ -156,10 +158,12 @@ - self.assertIs(f.get_loop(), self.loop) - - def test_constructor_use_global_loop(self): -+ # Deprecated in 3.10 -- # Deprecated in 3.10, undeprecated in 3.11.1 - asyncio.set_event_loop(self.loop) - self.addCleanup(asyncio.set_event_loop, None) -+ with self.assertWarns(DeprecationWarning) as cm: -+ f = self._new_future() -+ self.assertEqual(cm.warnings[0].filename, __file__) -- f = self._new_future() - self.assertIs(f._loop, self.loop) - self.assertIs(f.get_loop(), self.loop) - -@@ -495,8 +499,10 @@ - return (arg, threading.get_ident()) - ex = concurrent.futures.ThreadPoolExecutor(1) - f1 = ex.submit(run, 'oi') -+ with self.assertWarns(DeprecationWarning) as cm: -+ with self.assertRaises(RuntimeError): -+ asyncio.wrap_future(f1) -+ self.assertEqual(cm.warnings[0].filename, __file__) -- with self.assertRaisesRegex(RuntimeError, 'no current event loop'): -- asyncio.wrap_future(f1) - ex.shutdown(wait=True) - - def test_wrap_future_use_running_loop(self): -@@ -511,14 +517,16 @@ - ex.shutdown(wait=True) - - def test_wrap_future_use_global_loop(self): -+ # Deprecated in 3.10 -- # Deprecated in 3.10, undeprecated in 3.11.1 - asyncio.set_event_loop(self.loop) - self.addCleanup(asyncio.set_event_loop, None) - def run(arg): - return (arg, threading.get_ident()) - ex = concurrent.futures.ThreadPoolExecutor(1) - f1 = ex.submit(run, 'oi') -+ with self.assertWarns(DeprecationWarning) as cm: -+ f2 = asyncio.wrap_future(f1) -+ self.assertEqual(cm.warnings[0].filename, __file__) -- f2 = asyncio.wrap_future(f1) - self.assertIs(self.loop, f2._loop) - ex.shutdown(wait=True) - -reverted: ---- b/Lib/test/test_asyncio/test_streams.py -+++ a/Lib/test/test_asyncio/test_streams.py -@@ -747,8 +747,10 @@ - self.assertEqual(data, b'data') - - def test_streamreader_constructor_without_loop(self): -+ with self.assertWarns(DeprecationWarning) as cm: -+ with self.assertRaisesRegex(RuntimeError, 'There is no current event loop'): -+ asyncio.StreamReader() -+ self.assertEqual(cm.warnings[0].filename, __file__) -- with self.assertRaisesRegex(RuntimeError, 'no current event loop'): -- asyncio.StreamReader() - - def test_streamreader_constructor_use_running_loop(self): - # asyncio issue #184: Ensure that StreamReaderProtocol constructor -@@ -762,17 +764,21 @@ - def test_streamreader_constructor_use_global_loop(self): - # asyncio issue #184: Ensure that StreamReaderProtocol constructor - # retrieves the current loop if the loop parameter is not set -+ # Deprecated in 3.10 -- # Deprecated in 3.10, undeprecated in 3.11.1 - self.addCleanup(asyncio.set_event_loop, None) - asyncio.set_event_loop(self.loop) -+ with self.assertWarns(DeprecationWarning) as cm: -+ reader = asyncio.StreamReader() -+ self.assertEqual(cm.warnings[0].filename, __file__) -- reader = asyncio.StreamReader() - self.assertIs(reader._loop, self.loop) - - - def test_streamreaderprotocol_constructor_without_loop(self): - reader = mock.Mock() -+ with self.assertWarns(DeprecationWarning) as cm: -+ with self.assertRaisesRegex(RuntimeError, 'There is no current event loop'): -+ asyncio.StreamReaderProtocol(reader) -+ self.assertEqual(cm.warnings[0].filename, __file__) -- with self.assertRaisesRegex(RuntimeError, 'no current event loop'): -- asyncio.StreamReaderProtocol(reader) - - def test_streamreaderprotocol_constructor_use_running_loop(self): - # asyncio issue #184: Ensure that StreamReaderProtocol constructor -@@ -786,11 +792,13 @@ - def test_streamreaderprotocol_constructor_use_global_loop(self): - # asyncio issue #184: Ensure that StreamReaderProtocol constructor - # retrieves the current loop if the loop parameter is not set -+ # Deprecated in 3.10 -- # Deprecated in 3.10, undeprecated in 3.11.1 - self.addCleanup(asyncio.set_event_loop, None) - asyncio.set_event_loop(self.loop) - reader = mock.Mock() -+ with self.assertWarns(DeprecationWarning) as cm: -+ protocol = asyncio.StreamReaderProtocol(reader) -+ self.assertEqual(cm.warnings[0].filename, __file__) -- protocol = asyncio.StreamReaderProtocol(reader) - self.assertIs(protocol._loop, self.loop) - - def test_multiple_drain(self): -reverted: ---- b/Lib/test/test_asyncio/test_tasks.py -+++ a/Lib/test/test_asyncio/test_tasks.py -@@ -210,8 +210,10 @@ - - a = notmuch() - self.addCleanup(a.close) -+ with self.assertWarns(DeprecationWarning) as cm: -+ with self.assertRaisesRegex(RuntimeError, 'There is no current event loop'): -+ asyncio.ensure_future(a) -+ self.assertEqual(cm.warnings[0].filename, __file__) -- with self.assertRaisesRegex(RuntimeError, 'no current event loop'): -- asyncio.ensure_future(a) - - async def test(): - return asyncio.ensure_future(notmuch()) -@@ -221,10 +223,12 @@ - self.assertTrue(t.done()) - self.assertEqual(t.result(), 'ok') - -+ # Deprecated in 3.10 -- # Deprecated in 3.10.0, undeprecated in 3.10.9 - asyncio.set_event_loop(self.loop) - self.addCleanup(asyncio.set_event_loop, None) -+ with self.assertWarns(DeprecationWarning) as cm: -+ t = asyncio.ensure_future(notmuch()) -+ self.assertEqual(cm.warnings[0].filename, __file__) -- t = asyncio.ensure_future(notmuch()) - self.assertIs(t._loop, self.loop) - self.loop.run_until_complete(t) - self.assertTrue(t.done()) -@@ -243,8 +247,10 @@ - - a = notmuch() - self.addCleanup(a.close) -+ with self.assertWarns(DeprecationWarning) as cm: -+ with self.assertRaisesRegex(RuntimeError, 'There is no current event loop'): -+ asyncio.ensure_future(a) -+ self.assertEqual(cm.warnings[0].filename, __file__) -- with self.assertRaisesRegex(RuntimeError, 'There is no current event loop'): -- asyncio.ensure_future(a) - - async def test(): - return asyncio.ensure_future(notmuch()) -@@ -254,10 +260,12 @@ - self.assertTrue(t.done()) - self.assertEqual(t.result(), 'ok') - -+ # Deprecated in 3.10 -- # Deprecated in 3.10.0, undeprecated in 3.10.9 - asyncio.set_event_loop(self.loop) - self.addCleanup(asyncio.set_event_loop, None) -+ with self.assertWarns(DeprecationWarning) as cm: -+ t = asyncio.ensure_future(notmuch()) -+ self.assertEqual(cm.warnings[0].filename, __file__) -- t = asyncio.ensure_future(notmuch()) - self.assertIs(t._loop, self.loop) - self.loop.run_until_complete(t) - self.assertTrue(t.done()) -@@ -1480,8 +1488,10 @@ - self.addCleanup(a.close) - - futs = asyncio.as_completed([a]) -+ with self.assertWarns(DeprecationWarning) as cm: -+ with self.assertRaisesRegex(RuntimeError, 'There is no current event loop'): -+ list(futs) -+ self.assertEqual(cm.warnings[0].filename, __file__) -- with self.assertRaisesRegex(RuntimeError, 'no current event loop'): -- list(futs) - - def test_as_completed_coroutine_use_running_loop(self): - loop = self.new_test_loop() -@@ -1497,14 +1507,17 @@ - loop.run_until_complete(test()) - - def test_as_completed_coroutine_use_global_loop(self): -+ # Deprecated in 3.10 -- # Deprecated in 3.10.0, undeprecated in 3.10.9 - async def coro(): - return 42 - - loop = self.new_test_loop() - asyncio.set_event_loop(loop) - self.addCleanup(asyncio.set_event_loop, None) -+ futs = asyncio.as_completed([coro()]) -+ with self.assertWarns(DeprecationWarning) as cm: -+ futs = list(futs) -+ self.assertEqual(cm.warnings[0].filename, __file__) -- futs = list(asyncio.as_completed([coro()])) - self.assertEqual(len(futs), 1) - self.assertEqual(loop.run_until_complete(futs[0]), 42) - -@@ -1974,8 +1987,10 @@ - - inner = coro() - self.addCleanup(inner.close) -+ with self.assertWarns(DeprecationWarning) as cm: -+ with self.assertRaisesRegex(RuntimeError, 'There is no current event loop'): -+ asyncio.shield(inner) -+ self.assertEqual(cm.warnings[0].filename, __file__) -- with self.assertRaisesRegex(RuntimeError, 'no current event loop'): -- asyncio.shield(inner) - - def test_shield_coroutine_use_running_loop(self): - async def coro(): -@@ -1989,13 +2004,15 @@ - self.assertEqual(res, 42) - - def test_shield_coroutine_use_global_loop(self): -+ # Deprecated in 3.10 -- # Deprecated in 3.10.0, undeprecated in 3.10.9 - async def coro(): - return 42 - - asyncio.set_event_loop(self.loop) - self.addCleanup(asyncio.set_event_loop, None) -+ with self.assertWarns(DeprecationWarning) as cm: -+ outer = asyncio.shield(coro()) -+ self.assertEqual(cm.warnings[0].filename, __file__) -- outer = asyncio.shield(coro()) - self.assertEqual(outer._loop, self.loop) - res = self.loop.run_until_complete(outer) - self.assertEqual(res, 42) -@@ -2933,7 +2950,7 @@ - self.assertIsNone(asyncio.current_task(loop=self.loop)) - - def test_current_task_no_running_loop_implicit(self): -+ with self.assertRaises(RuntimeError): -- with self.assertRaisesRegex(RuntimeError, 'no running event loop'): - asyncio.current_task() - - def test_current_task_with_implicit_loop(self): -@@ -3097,8 +3114,10 @@ - return asyncio.gather(*args, **kwargs) - - def test_constructor_empty_sequence_without_loop(self): -+ with self.assertWarns(DeprecationWarning) as cm: -+ with self.assertRaises(RuntimeError): -+ asyncio.gather() -+ self.assertEqual(cm.warnings[0].filename, __file__) -- with self.assertRaisesRegex(RuntimeError, 'no current event loop'): -- asyncio.gather() - - def test_constructor_empty_sequence_use_running_loop(self): - async def gather(): -@@ -3111,10 +3130,12 @@ - self.assertEqual(fut.result(), []) - - def test_constructor_empty_sequence_use_global_loop(self): -+ # Deprecated in 3.10 -- # Deprecated in 3.10.0, undeprecated in 3.10.9 - asyncio.set_event_loop(self.one_loop) - self.addCleanup(asyncio.set_event_loop, None) -+ with self.assertWarns(DeprecationWarning) as cm: -+ fut = asyncio.gather() -+ self.assertEqual(cm.warnings[0].filename, __file__) -- fut = asyncio.gather() - self.assertIsInstance(fut, asyncio.Future) - self.assertIs(fut._loop, self.one_loop) - self._run_loop(self.one_loop) -@@ -3202,8 +3223,10 @@ - self.addCleanup(gen1.close) - gen2 = coro() - self.addCleanup(gen2.close) -+ with self.assertWarns(DeprecationWarning) as cm: -+ with self.assertRaises(RuntimeError): -+ asyncio.gather(gen1, gen2) -+ self.assertEqual(cm.warnings[0].filename, __file__) -- with self.assertRaisesRegex(RuntimeError, 'no current event loop'): -- asyncio.gather(gen1, gen2) - - def test_constructor_use_running_loop(self): - async def coro(): -@@ -3217,14 +3240,16 @@ - self.one_loop.run_until_complete(fut) - - def test_constructor_use_global_loop(self): -+ # Deprecated in 3.10 -- # Deprecated in 3.10.0, undeprecated in 3.10.9 - async def coro(): - return 'abc' - asyncio.set_event_loop(self.other_loop) - self.addCleanup(asyncio.set_event_loop, None) - gen1 = coro() - gen2 = coro() -+ with self.assertWarns(DeprecationWarning) as cm: -+ fut = asyncio.gather(gen1, gen2) -+ self.assertEqual(cm.warnings[0].filename, __file__) -- fut = asyncio.gather(gen1, gen2) - self.assertIs(fut._loop, self.other_loop) - self.other_loop.run_until_complete(fut) - -reverted: ---- b/Lib/test/test_asyncio/test_unix_events.py -+++ a/Lib/test/test_asyncio/test_unix_events.py -@@ -1740,8 +1740,7 @@ - - def test_child_watcher_replace_mainloop_existing(self): - policy = self.create_policy() -+ loop = policy.get_event_loop() -- loop = policy.new_event_loop() -- policy.set_event_loop(loop) - - # Explicitly setup SafeChildWatcher, - # default ThreadedChildWatcher has no _loop property -reverted: ---- b/Lib/test/test_coroutines.py -+++ a/Lib/test/test_coroutines.py -@@ -2319,8 +2319,7 @@ - def test_unawaited_warning_during_shutdown(self): - code = ("import asyncio\n" - "async def f(): pass\n" -+ "asyncio.gather(f())\n") -- "async def t(): asyncio.gather(f())\n" -- "asyncio.run(t())\n") - assert_python_ok("-c", code) - - code = ("import sys\n" -reverted: ---- b/Modules/_asynciomodule.c -+++ a/Modules/_asynciomodule.c -@@ -332,6 +332,13 @@ - return loop; - } - -+ if (PyErr_WarnEx(PyExc_DeprecationWarning, -+ "There is no current event loop", -+ stacklevel)) -+ { -+ return NULL; -+ } -+ - policy = PyObject_CallNoArgs(asyncio_get_event_loop_policy); - if (policy == NULL) { - return NULL; -@@ -3085,11 +3092,6 @@ - return get_event_loop(1); - } - --// This internal method is going away in Python 3.12, left here only for --// backwards compatibility with 3.10.0 - 3.10.8 and 3.11.0. --// Similarly, this method's Python equivalent in asyncio.events is going --// away as well. --// See GH-99949 for more details. - /*[clinic input] - _asyncio._get_event_loop - stacklevel: int = 3 diff --git a/pkgs/development/interpreters/python/cpython/default.nix b/pkgs/development/interpreters/python/cpython/default.nix index 8e13ed51bc741..1eea842871fc1 100644 --- a/pkgs/development/interpreters/python/cpython/default.nix +++ b/pkgs/development/interpreters/python/cpython/default.nix @@ -1,40 +1,55 @@ -{ lib, stdenv, fetchurl, fetchpatch, fetchgit +{ lib +, stdenv +, fetchurl +, fetchpatch +, fetchgit + +# build dependencies +, autoconf-archive +, autoreconfHook +, nukeReferences +, pkg-config +, python-setup-hook + +# runtime dependencies , bzip2 , expat , libffi -, gdbm -, xz -, mailcap, mimetypesSupport ? true +, libxcrypt +, mpdecimal , ncurses , openssl -, openssl_legacy -, readline , sqlite -, tcl ? null, tk ? null, tix ? null, libX11 ? null, xorgproto ? null, x11Support ? false -, bluez ? null, bluezSupport ? false +, xz , zlib -, tzdata ? null -, libxcrypt -, self + +# platform-specific dependencies +, bash , configd , darwin , windows -, autoreconfHook -, autoconf-archive -, pkg-config -, python-setup-hook -, nukeReferences -# For the Python package set -, packageOverrides ? (self: super: {}) + +# optional dependencies +, bluezSupport ? false, bluez +, mimetypesSupport ? true, mailcap +, tzdata +, withGdbm ? !stdenv.hostPlatform.isWindows, gdbm +, withReadline ? !stdenv.hostPlatform.isWindows, readline +, x11Support ? false, tcl, tk, tix, libX11, xorgproto + +# splicing/cross +, pythonAttr ? "python${sourceVersion.major}${sourceVersion.minor}" +, self , pkgsBuildBuild , pkgsBuildHost , pkgsBuildTarget , pkgsHostHost , pkgsTargetTarget + +# build customization , sourceVersion , hash , passthruFun -, bash , stripConfig ? false , stripIdlelib ? false , stripTests ? false @@ -44,21 +59,28 @@ , includeSiteCustomize ? true , static ? stdenv.hostPlatform.isStatic , enableFramework ? false +, noldconfigPatch ? ./. + "/${sourceVersion.major}.${sourceVersion.minor}/no-ldconfig.patch" + +# pgo (not reproducible) + -fno-semantic-interposition +# https://docs.python.org/3/using/configure.html#cmdoption-enable-optimizations , enableOptimizations ? false -# these dont build for windows -, withGdbm ? !stdenv.hostPlatform.isWindows -, withReadline ? !stdenv.hostPlatform.isWindows -# enableNoSemanticInterposition is a subset of the enableOptimizations flag that doesn't harm reproducibility. -# clang starts supporting `-fno-sematic-interposition` with version 10 -, enableNoSemanticInterposition ? (!stdenv.cc.isClang || (stdenv.cc.isClang && lib.versionAtLeast stdenv.cc.version "10")) -# enableLTO is a subset of the enableOptimizations flag that doesn't harm reproducibility. + +# improves performance, but remains reproducible +, enableNoSemanticInterposition ? true + # enabling LTO on 32bit arch causes downstream packages to fail when linking # enabling LTO on *-darwin causes python3 to fail when linking. , enableLTO ? stdenv.is64bit && stdenv.isLinux + +# enable asserts to ensure the build remains reproducible , reproducibleBuild ? false -, pythonAttr ? "python${sourceVersion.major}${sourceVersion.minor}" -, noldconfigPatch ? ./. + "/${sourceVersion.major}.${sourceVersion.minor}/no-ldconfig.patch" + +# for the Python package set +, packageOverrides ? (self: super: {}) + +# tests , testers + } @ inputs: # Note: this package is used for bootstrapping fetchurl, and thus @@ -73,7 +95,11 @@ assert x11Support -> tcl != null assert bluezSupport -> bluez != null; -assert enableFramework -> stdenv.isDarwin; +assert lib.assertMsg (bluezSupport -> stdenv.isLinux) + "Bluez support is only available on Linux."; + +assert lib.assertMsg (enableFramework -> stdenv.isDarwin) + "Framework builds are only supported on Darwin."; assert lib.assertMsg (reproducibleBuild -> stripBytecode) "Deterministic builds require stripping bytecode."; @@ -84,18 +110,21 @@ assert lib.assertMsg (reproducibleBuild -> (!enableOptimizations)) assert lib.assertMsg (reproducibleBuild -> (!rebuildBytecode)) "Deterministic builds are not achieved when (default unoptimized) bytecode is created."; -with lib; - let - # some python packages need legacy ciphers, so we're using openssl 3, but with that config - # null check for Minimal - openssl' = if openssl != null then openssl_legacy else null; + inherit (lib) + concatMapStringsSep + concatStringsSep + getDev + getLib + optionals + optionalString + replaceStrings + versionOlder + ; buildPackages = pkgsBuildHost; inherit (passthru) pythonOnBuildForHost; - inherit (darwin.apple_sdk.frameworks) Cocoa; - tzdataSupport = tzdata != null && passthru.pythonAtLeast "3.9"; passthru = let @@ -119,12 +148,12 @@ let version = with sourceVersion; "${major}.${minor}.${patch}${suffix}"; - nativeBuildInputs = optionals (!stdenv.isDarwin) [ + nativeBuildInputs = [ + nukeReferences + ] ++ optionals (!stdenv.isDarwin) [ + autoconf-archive # needed for AX_CHECK_COMPILE_FLAG autoreconfHook pkg-config - autoconf-archive # needed for AX_CHECK_COMPILE_FLAG - ] ++ [ - nukeReferences ] ++ optionals (stdenv.hostPlatform != stdenv.buildPlatform) [ buildPackages.stdenv.cc pythonOnBuildForHost @@ -132,19 +161,38 @@ let stdenv.cc.cc.libllvm.out ]; - buildInputs = filter (p: p != null) ([ - zlib bzip2 expat xz libffi libxcrypt ] - ++ optional withGdbm gdbm - ++ [ sqlite ] - ++ optional withReadline readline - ++ [ ncurses openssl' ] - ++ optionals x11Support [ tcl tk libX11 xorgproto ] - ++ optionals (bluezSupport && stdenv.isLinux) [ bluez ] - ++ optionals stdenv.isDarwin [ configd ]) - - ++ optionals enableFramework [ Cocoa ] - ++ optionals stdenv.hostPlatform.isMinGW [ windows.mingw_w64_pthreads windows.dlfcn ] - ++ optionals tzdataSupport [ tzdata ]; # `zoneinfo` module + buildInputs = lib.filter (p: p != null) ([ + bzip2 + expat + libffi + libxcrypt + mpdecimal + ncurses + openssl + sqlite + xz + zlib + ] ++ optionals bluezSupport [ + bluez + ] ++ optionals enableFramework [ + darwin.apple_sdk.frameworks.Cocoa + ] ++ optionals stdenv.hostPlatform.isMinGW [ + windows.dlfcn + windows.mingw_w64_pthreads + ] ++ optionals stdenv.isDarwin [ + configd + ] ++ optionals tzdataSupport [ + tzdata + ] ++ optionals withGdbm [ + gdbm + ] ++ optionals withReadline [ + readline + ] ++ optionals x11Support [ + libX11 + tcl + tk + xorgproto + ]); hasDistutilsCxxPatch = !(stdenv.cc.isGNU or false); @@ -207,7 +255,7 @@ let pythonAbi = nixpkgsPythonAbiMappings.${parsed.abi.name} or parsed.abi.name; in # Python <3.11 doesn't distinguish musl and glibc and always prefixes with "gnu" - if lib.versionOlder version "3.11" then + if versionOlder version "3.11" then replaceStrings [ "musl" ] [ "gnu" ] pythonAbi else pythonAbi; @@ -238,29 +286,18 @@ in with passthru; stdenv.mkDerivation (finalAttrs: { inherit src version; inherit nativeBuildInputs; - buildInputs = lib.optionals (!stdenv.hostPlatform.isWindows) [ bash ] ++ buildInputs; # bash is only used for patchShebangs - + buildInputs = lib.optionals (!stdenv.hostPlatform.isWindows) [ + bash # only required for patchShebangs + ] ++ buildInputs; prePatch = optionalString stdenv.isDarwin '' - substituteInPlace configure --replace '`/usr/bin/arch`' '"i386"' + substituteInPlace configure --replace-fail '`/usr/bin/arch`' '"i386"' '' + optionalString (pythonOlder "3.9" && stdenv.isDarwin && x11Support) '' # Broken on >= 3.9; replaced with ./3.9/darwin-tcl-tk.patch - substituteInPlace setup.py --replace /Library/Frameworks /no-such-path + substituteInPlace setup.py --replace-fail /Library/Frameworks /no-such-path ''; - patches = optionals (version == "3.10.9") [ - # https://github.com/python/cpython/issues/100160 - ./3.10/asyncio-deprecation.patch - ] ++ optionals (version == "3.11.1") [ - # https://github.com/python/cpython/issues/100160 - (fetchpatch { - name = "asyncio-deprecation-3.11.patch"; - url = "https://github.com/python/cpython/commit/3fae04b10e2655a20a3aadb5e0d63e87206d0c67.diff"; - revert = true; - excludes = [ "Misc/NEWS.d/*" ]; - hash = "sha256-PmkXf2D9trtW1gXZilRIWgdg2Y47JfELq1z4DuG3wJY="; - }) - ] ++ [ + patches = [ # Disable the use of ldconfig in ctypes.util.find_library (since # ldconfig doesn't work on NixOS), and don't use # ctypes.util.find_library during the loading of the uuid module @@ -282,7 +319,7 @@ in with passthru; stdenv.mkDerivation (finalAttrs: { ] ++ optionals (pythonAtLeast "3.9" && pythonOlder "3.11" && stdenv.isDarwin) [ # Stop checking for TCL/TK in global macOS locations ./3.9/darwin-tcl-tk.patch - ] ++ optionals (isPy3k && hasDistutilsCxxPatch && pythonOlder "3.12") [ + ] ++ optionals (hasDistutilsCxxPatch && pythonOlder "3.12") [ # Fix for http://bugs.python.org/issue1222585 # Upstream distutils is calling C compiler to compile C++ code, which # only works for GCC and Apple Clang. This makes distutils to call C++ @@ -323,12 +360,14 @@ in with passthru; stdenv.mkDerivation (finalAttrs: { postPatch = optionalString (!stdenv.hostPlatform.isWindows) '' substituteInPlace Lib/subprocess.py \ - --replace "'/bin/sh'" "'${bash}/bin/sh'" + --replace-fail "'/bin/sh'" "'${bash}/bin/sh'" '' + optionalString mimetypesSupport '' substituteInPlace Lib/mimetypes.py \ - --replace "@mime-types@" "${mailcap}" + --replace-fail "@mime-types@" "${mailcap}" '' + optionalString (pythonOlder "3.13" && x11Support && (tix != null)) '' - substituteInPlace "Lib/tkinter/tix.py" --replace "os.environ.get('TIX_LIBRARY')" "os.environ.get('TIX_LIBRARY') or '${tix}/lib'" + substituteInPlace "Lib/tkinter/tix.py" --replace-fail \ + "os.environ.get('TIX_LIBRARY')" \ + "os.environ.get('TIX_LIBRARY') or '${tix}/lib'" ''; env = { @@ -343,25 +382,30 @@ in with passthru; stdenv.mkDerivation (finalAttrs: { PYTHONHASHSEED=0; }; + # https://docs.python.org/3/using/configure.html configureFlags = [ "--without-ensurepip" "--with-system-expat" - "--with-system-ffi" + ] ++ optionals (!(stdenv.isDarwin && pythonAtLeast "3.12")) [ + # ./Modules/_decimal/_decimal.c:4673:6: error: "No valid combination of CONFIG_64, CONFIG_32 and _PyHASH_BITS" + # https://hydra.nixos.org/build/248410479/nixlog/2/tail + "--with-system-libmpdec" + ] ++ optionals (openssl != null) [ + "--with-openssl=${openssl.dev}" + ] ++ optionals tzdataSupport [ + "--with-tzpath=${tzdata}/share/zoneinfo" + ] ++ optionals (execSuffix != "") [ + "--with-suffix=${execSuffix}" + ] ++ optionals enableLTO [ + "--with-lto" ] ++ optionals (!static && !enableFramework) [ "--enable-shared" ] ++ optionals enableFramework [ "--enable-framework=${placeholder "out"}/Library/Frameworks" ] ++ optionals enableOptimizations [ "--enable-optimizations" - ] ++ optionals enableLTO [ - "--with-lto" - ] ++ optionals (pythonOlder "3.7") [ - # This is unconditionally true starting in CPython 3.7. - "--with-threads" - ] ++ optionals (sqlite != null && isPy3k) [ + ] ++ optionals (sqlite != null) [ "--enable-loadable-sqlite-extensions" - ] ++ optionals (openssl' != null) [ - "--with-openssl=${openssl'.dev}" ] ++ optionals (libxcrypt != null) [ "CFLAGS=-I${libxcrypt}/include" "LIBS=-L${libxcrypt}/lib" @@ -393,14 +437,14 @@ in with passthru; stdenv.mkDerivation (finalAttrs: { # Never even try to use lchmod on linux, # don't rely on detecting glibc-isms. "ac_cv_func_lchmod=no" - ] ++ optionals tzdataSupport [ - "--with-tzpath=${tzdata}/share/zoneinfo" - ] ++ optional static "LDFLAGS=-static" - ++ optional (execSuffix != "") "--with-suffix=${execSuffix}"; + ] ++ optionals static [ + "LDFLAGS=-static" + ]; preConfigure = optionalString (pythonOlder "3.12") '' - for i in /usr /sw /opt /pkg; do # improve purity - substituteInPlace ./setup.py --replace $i /no-such-path + # Improve purity + for path in /usr /sw /opt /pkg; do + substituteInPlace ./setup.py --replace-warn $path /no-such-path done '' + optionalString stdenv.isDarwin '' # Override the auto-detection in setup.py, which assumes a universal build @@ -408,10 +452,6 @@ in with passthru; stdenv.mkDerivation (finalAttrs: { '' + optionalString (stdenv.isDarwin && x11Support && pythonAtLeast "3.11") '' export TCLTK_LIBS="-L${tcl}/lib -L${tk}/lib -l${tcl.libPrefix} -l${tk.libPrefix}" export TCLTK_CFLAGS="-I${tcl}/include -I${tk}/include" - '' + optionalString (isPy3k && pythonOlder "3.7") '' - # Determinism: The interpreter is patched to write null timestamps when compiling Python files - # so Python doesn't try to update the bytecode when seeing frozen timestamps in Nix's store. - export DETERMINISTIC_BUILD=1; '' + optionalString stdenv.hostPlatform.isMusl '' export NIX_CFLAGS_COMPILE+=" -DTHREAD_STACK_SIZE=0x100000" '' + @@ -482,9 +522,6 @@ in with passthru; stdenv.mkDerivation (finalAttrs: { # This allows build Python to import host Python's sysconfigdata mkdir -p "$out/${sitePackages}" ln -s "$out/lib/${libPrefix}/"_sysconfigdata*.py "$out/${sitePackages}/" - '' + lib.optionalString (pythonOlder "3.8") '' - # This is gone in Python >= 3.8 - ln -s "$out/include/${executable}m" "$out/include/${executable}" '' + optionalString stripConfig '' rm -R $out/bin/python*-config $out/lib/python*/config-* '' + optionalString stripIdlelib '' @@ -498,7 +535,6 @@ in with passthru; stdenv.mkDerivation (finalAttrs: { '' + optionalString includeSiteCustomize '' # Include a sitecustomize.py file cp ${../sitecustomize.py} $out/${sitePackages}/sitecustomize.py - '' + optionalString stripBytecode '' # Determinism: deterministic bytecode # First we delete all old bytecode. @@ -556,9 +592,9 @@ in with passthru; stdenv.mkDerivation (finalAttrs: { # Enforce that we don't have references to the OpenSSL -dev package, which we # explicitly specify in our configure flags above. - disallowedReferences = - lib.optionals (openssl' != null && !static && !enableFramework) [ openssl'.dev ] - ++ lib.optionals (stdenv.hostPlatform != stdenv.buildPlatform) [ + disallowedReferences = lib.optionals (openssl != null && !static && !enableFramework) [ + openssl.dev + ] ++ lib.optionals (stdenv.hostPlatform != stdenv.buildPlatform) [ # Ensure we don't have references to build-time packages. # These typically end up in shebangs. pythonOnBuildForHost buildPackages.bash @@ -591,11 +627,11 @@ in with passthru; stdenv.mkDerivation (finalAttrs: { enableParallelBuilding = true; - meta = { + meta = with lib; { homepage = "https://www.python.org"; changelog = let - majorMinor = lib.versions.majorMinor version; - dashedVersion = lib.replaceStrings [ "." "a" ] [ "-" "-alpha-" ] version; + majorMinor = versions.majorMinor version; + dashedVersion = replaceStrings [ "." "a" ] [ "-" "-alpha-" ] version; in if sourceVersion.suffix == "" then "https://docs.python.org/release/${version}/whatsnew/changelog.html" diff --git a/pkgs/development/interpreters/python/default.nix b/pkgs/development/interpreters/python/default.nix index 7f60ba036c5ff..1322673c1bc6b 100644 --- a/pkgs/development/interpreters/python/default.nix +++ b/pkgs/development/interpreters/python/default.nix @@ -16,16 +16,6 @@ passthruFun = import ./passthrufun.nix args; sources = { - python310 = { - sourceVersion = { - major = "3"; - minor = "10"; - patch = "13"; - suffix = ""; - }; - hash = "sha256-XIiEhmhkDT4VKzW0U27xwjsspL0slX7x7LsFP1cd0/Y="; - }; - python311 = { sourceVersion = { major = "3"; @@ -78,11 +68,18 @@ in { inherit passthruFun; }; - python310 = callPackage ./cpython ({ + python310 = callPackage ./cpython { self = __splicedPackages.python310; + sourceVersion = { + major = "3"; + minor = "10"; + patch = "13"; + suffix = ""; + }; + hash = "sha256-XIiEhmhkDT4VKzW0U27xwjsspL0slX7x7LsFP1cd0/Y="; inherit (darwin) configd; inherit passthruFun; - } // sources.python310); + }; python311 = callPackage ./cpython ({ self = __splicedPackages.python311; @@ -125,8 +122,8 @@ in { readline = null; ncurses = null; gdbm = null; - sqlite = null; configd = null; + sqlite = null; tzdata = null; libffi = libffiBoot; # without test suite stripConfig = true; diff --git a/pkgs/development/interpreters/wamr/default.nix b/pkgs/development/interpreters/wamr/default.nix index d1d0796f5e97a..34a60c320bcb4 100644 --- a/pkgs/development/interpreters/wamr/default.nix +++ b/pkgs/development/interpreters/wamr/default.nix @@ -18,7 +18,7 @@ stdenv.mkDerivation (finalAttrs: { nativeBuildInputs = [ cmake ]; cmakeFlags = lib.optionals stdenv.isDarwin [ - "-DCMAKE_OSX_DEPLOYMENT_TARGET=${stdenv.targetPlatform.darwinSdkVersion}" + "-DCMAKE_OSX_DEPLOYMENT_TARGET=${stdenv.hostPlatform.darwinSdkVersion}" ]; sourceRoot = let diff --git a/pkgs/development/libraries/acl/LFS64.patch b/pkgs/development/libraries/acl/LFS64.patch deleted file mode 100644 index dee951f4121e3..0000000000000 --- a/pkgs/development/libraries/acl/LFS64.patch +++ /dev/null @@ -1,38 +0,0 @@ -From 2b42f64737adf6a2ddd491213580d6e9cdd2f5af Mon Sep 17 00:00:00 2001 -From: Khem Raj <raj.khem@gmail.com> -Date: Thu, 10 Nov 2022 18:04:15 -0800 -Subject: chacl: Use portable version of dirent and readdir - -Using 64bit versions on 32bit architectures should be enabled with ---enable-largefile, this makes it portable across musl and glibc - -Signed-off-by: Khem Raj <raj.khem@gmail.com> ---- - tools/chacl.c | 4 ++-- - 1 file changed, 2 insertions(+), 2 deletions(-) - -diff --git a/tools/chacl.c b/tools/chacl.c -index 525a7ff..8fff875 100644 ---- a/tools/chacl.c -+++ b/tools/chacl.c -@@ -320,7 +320,7 @@ walk_dir(acl_t acl, acl_t dacl, const char *fname) - { - int failed = 0; - DIR *dir; -- struct dirent64 *d; -+ struct dirent *d; - char *name; - - if ((dir = opendir(fname)) == NULL) { -@@ -332,7 +332,7 @@ walk_dir(acl_t acl, acl_t dacl, const char *fname) - return(0); /* got a file, not an error */ - } - -- while ((d = readdir64(dir)) != NULL) { -+ while ((d = readdir(dir)) != NULL) { - /* skip "." and ".." entries */ - if (strcmp(d->d_name, ".") == 0 || strcmp(d->d_name, "..") == 0) - continue; --- -cgit v1.1 - diff --git a/pkgs/development/libraries/acl/default.nix b/pkgs/development/libraries/acl/default.nix index eccfef568e9ce..7d8a04a2f0a97 100644 --- a/pkgs/development/libraries/acl/default.nix +++ b/pkgs/development/libraries/acl/default.nix @@ -7,31 +7,19 @@ stdenv.mkDerivation rec { pname = "acl"; - version = "2.3.1"; + version = "2.3.2"; src = fetchurl { url = "mirror://savannah/acl/acl-${version}.tar.gz"; - sha256 = "sha256-dgxhxokBs3/dXu/ur0wMeia9/disdHoe3/HODiQ8Ea8="; + hash = "sha256-XyvbrWKXB6p9hcYj+ZSqih0t7FWnPeUgW6wL9gWKL3w="; }; - patches = [ - ./LFS64.patch - ]; - outputs = [ "bin" "dev" "out" "man" "doc" ]; nativeBuildInputs = [ gettext ]; buildInputs = [ attr ]; - # causes failures in coreutils test suite - hardeningDisable = [ "fortify3" ]; - - # Upstream use C++-style comments in C code. Remove them. - # This comment breaks compilation if too strict gcc flags are used. postPatch = '' - echo "Removing C++-style comments from include/acl.h" - sed -e '/^\/\//d' -i include/acl.h - patchShebangs . ''; diff --git a/pkgs/development/libraries/at-spi2-core/default.nix b/pkgs/development/libraries/at-spi2-core/default.nix index 7af9edd26865a..271c54ea97fab 100644 --- a/pkgs/development/libraries/at-spi2-core/default.nix +++ b/pkgs/development/libraries/at-spi2-core/default.nix @@ -26,6 +26,7 @@ stdenv.mkDerivation rec { version = "2.50.0"; outputs = [ "out" "dev" ]; + separateDebugInfo = true; src = fetchurl { url = "mirror://gnome/sources/${pname}/${lib.versions.majorMinor version}/${pname}-${version}.tar.xz"; diff --git a/pkgs/development/libraries/attr/default.nix b/pkgs/development/libraries/attr/default.nix index 4ad1525c2e09f..4815497da14f5 100644 --- a/pkgs/development/libraries/attr/default.nix +++ b/pkgs/development/libraries/attr/default.nix @@ -7,11 +7,11 @@ stdenv.mkDerivation rec { pname = "attr"; - version = "2.5.1"; + version = "2.5.2"; src = fetchurl { url = "mirror://savannah/attr/${pname}-${version}.tar.gz"; - sha256 = "1y6sibbkrcjygv8naadnsg6xmsqwfh6cwrqk01l0v2i5kfacdqds"; + sha256 = "sha256-Ob9nRS+kHQlIwhl2AQU/SLPXigKTiXNDMqYwmmgMbIc="; }; outputs = [ "bin" "dev" "out" "man" "doc" ]; diff --git a/pkgs/development/libraries/audio/lilv/default.nix b/pkgs/development/libraries/audio/lilv/default.nix index 3c691c245ce57..c17b27a7aa6ff 100644 --- a/pkgs/development/libraries/audio/lilv/default.nix +++ b/pkgs/development/libraries/audio/lilv/default.nix @@ -18,13 +18,13 @@ stdenv.mkDerivation rec { pname = "lilv"; - version = "0.24.22"; + version = "0.24.24"; outputs = [ "out" "dev" "man" ]; src = fetchurl { url = "https://download.drobilla.net/${pname}-${version}.tar.xz"; - hash = "sha256-dvlJ0OWfyDNjQJtexeFcEEb7fdZYnTwbkgzsH9Kfn/M="; + hash = "sha256-a7a+n4hQQXbQZC8S3oCbK54txVYhporbjH7bma76u08="; }; nativeBuildInputs = [ meson ninja pkg-config python3 ]; diff --git a/pkgs/development/libraries/boehm-gc/default.nix b/pkgs/development/libraries/boehm-gc/default.nix index e37eb26deb388..6da88ee8258fb 100644 --- a/pkgs/development/libraries/boehm-gc/default.nix +++ b/pkgs/development/libraries/boehm-gc/default.nix @@ -1,7 +1,8 @@ { lib , stdenv -, fetchurl -# doc: https://github.com/ivmai/bdwgc/blob/v8.2.2/doc/README.macros (LARGE_CONFIG) +, fetchFromGitHub +, autoreconfHook +# doc: https://github.com/ivmai/bdwgc/blob/v8.2.4/doc/README.macros (LARGE_CONFIG) , enableLargeConfig ? false , enableMmap ? true , enableStatic ? false @@ -10,19 +11,22 @@ stdenv.mkDerivation (finalAttrs: { pname = "boehm-gc"; - version = "8.2.2"; + version = "8.2.4"; - src = fetchurl { - urls = [ - # "https://www.hboehm.info/gc/gc_source/gc-${finalAttrs.version}.tar.gz" - "https://github.com/ivmai/bdwgc/releases/download/v${finalAttrs.version}/gc-${finalAttrs.version}.tar.gz" - ]; - sha256 = "sha256-8wEHvLBi4JIKeQ//+lbZUSNIVGhZNkwjoUviZLOINqA="; + src = fetchFromGitHub { + owner = "ivmai"; + repo = "bdwgc"; + rev = "v${finalAttrs.version}"; + hash = "sha256-KHijT4BBKfDvTpHpwognN+3ZXoC6JabBTFSYFyOUT9o="; }; outputs = [ "out" "dev" "doc" ]; separateDebugInfo = stdenv.isLinux && stdenv.hostPlatform.libc != "musl"; + nativeBuildInputs = [ + autoreconfHook + ]; + configureFlags = [ "--enable-cplusplus" "--with-libatomic-ops=none" @@ -38,7 +42,7 @@ stdenv.mkDerivation (finalAttrs: { # not fix the problem the test failure will be a reminder to # extend the set of versions requiring the workaround). makeFlags = lib.optionals (stdenv.hostPlatform.isPower64 && - finalAttrs.version == "8.2.2") + finalAttrs.version == "8.2.4") [ # do not use /proc primitives to track dirty bits; see: # https://github.com/ivmai/bdwgc/issues/479#issuecomment-1279687537 diff --git a/pkgs/development/libraries/dav1d/default.nix b/pkgs/development/libraries/dav1d/default.nix index 670f568e0b6af..4e48536fa3afb 100644 --- a/pkgs/development/libraries/dav1d/default.nix +++ b/pkgs/development/libraries/dav1d/default.nix @@ -26,13 +26,13 @@ assert useVulkan -> withExamples; stdenv.mkDerivation rec { pname = "dav1d"; - version = "1.2.1"; + version = "1.3.0"; src = fetchFromGitHub { owner = "videolan"; repo = pname; rev = version; - hash = "sha256-RrEim3HXXjx2RUU7K3wPH3QbhNTRN9ZX/oAcyE9aV8I="; + hash = "sha256-c7Dur+0HpteI7KkR9oo3WynoH/FCRaBwZA7bJmPDJp8="; }; outputs = [ "out" "dev" ]; diff --git a/pkgs/development/libraries/dbus-cplusplus/default.nix b/pkgs/development/libraries/dbus-cplusplus/default.nix index 2452f3e8f35cc..3100163632532 100644 --- a/pkgs/development/libraries/dbus-cplusplus/default.nix +++ b/pkgs/development/libraries/dbus-cplusplus/default.nix @@ -32,7 +32,6 @@ stdenv.mkDerivation rec { url = "https://src.fedoraproject.org/rpms/dbus-c++/raw/9f515ace0594c8b2b9f0d41ffe71bc5b78d30eee/f/dbus-c++-template-operators.patch"; hash = "sha256-B8S7z/YH2YEQgaRsBJBBVTx8vHQhHW7z171TZmogpL8="; }) - ] ++ lib.optionals stdenv.hostPlatform.isMusl [ (fetchpatch { name = "0001-src-eventloop.cpp-use-portable-method-for-initializi.patch"; url = "https://github.com/openembedded/meta-openembedded/raw/119e75e48dbf0539b4e440417901458ffff79b38/meta-oe/recipes-core/dbus/libdbus-c++-0.9.0/0001-src-eventloop.cpp-use-portable-method-for-initializi.patch"; diff --git a/pkgs/development/libraries/enchant/2.x.nix b/pkgs/development/libraries/enchant/2.x.nix index c843fef4a0efe..10d9a4106bb91 100644 --- a/pkgs/development/libraries/enchant/2.x.nix +++ b/pkgs/development/libraries/enchant/2.x.nix @@ -13,13 +13,13 @@ stdenv.mkDerivation rec { pname = "enchant"; - version = "2.6.3"; + version = "2.6.5"; outputs = [ "out" "dev" ]; src = fetchurl { url = "https://github.com/AbiWord/${pname}/releases/download/v${version}/${pname}-${version}.tar.gz"; - hash = "sha256-wcVxnypZfOPgbJOM+5n7aX2gk96nuFfMAE3B3PG7oYI="; + hash = "sha256-no/SjLZae22jVFh4pcL1KhXwPASTOl/0jbif6GhFco4="; }; strictDeps = true; diff --git a/pkgs/development/libraries/exempi/default.nix b/pkgs/development/libraries/exempi/default.nix index ac45084a74f9a..2ebf1ce7cc917 100644 --- a/pkgs/development/libraries/exempi/default.nix +++ b/pkgs/development/libraries/exempi/default.nix @@ -2,11 +2,11 @@ stdenv.mkDerivation rec { pname = "exempi"; - version = "2.6.4"; + version = "2.6.5"; src = fetchurl { url = "https://libopenraw.freedesktop.org/download/${pname}-${version}.tar.bz2"; - sha256 = "sha256-p1FJyWth45zcsEb9XlbYjP7qtuCPiU4V6//ZlECSv9A="; + sha256 = "sha256-6fmj1Cv/c7XrD3fsIs0BY8PiGUnMQUrR8ZoEZd3kH/4="; }; configureFlags = [ diff --git a/pkgs/development/libraries/fdk-aac/default.nix b/pkgs/development/libraries/fdk-aac/default.nix index 99e211877da1e..0b07b5704916e 100644 --- a/pkgs/development/libraries/fdk-aac/default.nix +++ b/pkgs/development/libraries/fdk-aac/default.nix @@ -6,11 +6,11 @@ stdenv.mkDerivation rec { pname = "fdk-aac"; - version = "2.0.2"; + version = "2.0.3"; src = fetchurl { url = "mirror://sourceforge/opencore-amr/fdk-aac/${pname}-${version}.tar.gz"; - sha256 = "sha256-yehjDPnUM/POrXSQahUg0iI/ibzT+pJUhhAXRAuOsi8="; + sha256 = "sha256-gptrie7zgkCc2mhX/YKvhPq7Y0F7CO3p6npVP4Ect54="; }; outputs = [ "out" "dev" ]; diff --git a/pkgs/development/libraries/ffmpeg/generic.nix b/pkgs/development/libraries/ffmpeg/generic.nix index 0f5d889845669..89893d32ef5d8 100644 --- a/pkgs/development/libraries/ffmpeg/generic.nix +++ b/pkgs/development/libraries/ffmpeg/generic.nix @@ -34,15 +34,17 @@ , withBzlib ? withHeadlessDeps , withCaca ? withFullDeps # Textual display (ASCII art) , withCelt ? withFullDeps # CELT decoder +, withChromaprint ? withFullDeps # Audio fingerprinting , withCuda ? withFullDeps && (with stdenv; (!isDarwin && !hostPlatform.isAarch && !hostPlatform.isRiscV)) , withCudaLLVM ? withFullDeps , withDav1d ? withHeadlessDeps # AV1 decoder (focused on speed and correctness) , withDc1394 ? withFullDeps && !stdenv.isDarwin # IIDC-1394 grabbing (ieee 1394) , withDrm ? withHeadlessDeps && (with stdenv; isLinux || isFreeBSD) # libdrm support , withFdkAac ? withFullDeps && withUnfree # Fraunhofer FDK AAC de/encoder +, withFlite ? withFullDeps # Voice Synthesis , withFontconfig ? withHeadlessDeps # Needed for drawtext filter , withFreetype ? withHeadlessDeps # Needed for drawtext filter -, withFrei0r ? withFullDeps # frei0r video filtering +, withFrei0r ? withFullDeps && withGPL # frei0r video filtering , withFribidi ? withFullDeps # Needed for drawtext filter , withGme ? withFullDeps # Game Music Emulator , withGnutls ? withHeadlessDeps @@ -50,7 +52,6 @@ , withIconv ? withHeadlessDeps , withJack ? withFullDeps && !stdenv.isDarwin # Jack audio , withLadspa ? withFullDeps # LADSPA audio filtering -, withLibplacebo ? withFullDeps && !stdenv.isDarwin # libplacebo video processing library , withLzma ? withHeadlessDeps # xz-utils , withMfx ? withFullDeps && (with stdenv.hostPlatform; isLinux && !isAarch) # Hardware acceleration via intel-media-sdk/libmfx , withModplug ? withFullDeps && !stdenv.isDarwin # ModPlug support @@ -61,16 +62,17 @@ , withOgg ? withHeadlessDeps # Ogg container used by vorbis & theora , withOpenal ? withFullDeps # OpenAL 1.1 capture support , withOpencl ? withFullDeps -, withOpencoreAmrnb ? withFullDeps # AMR-NB de/encoder & AMR-WB decoder +, withOpencoreAmrnb ? withFullDeps && withVersion3 # AMR-NB de/encoder & AMR-WB decoder , withOpengl ? false # OpenGL rendering , withOpenh264 ? withFullDeps # H.264/AVC encoder , withOpenjpeg ? withFullDeps # JPEG 2000 de/encoder , withOpenmpt ? withFullDeps # Tracked music files decoder , withOpus ? withHeadlessDeps # Opus de/encoder +, withPlacebo ? withFullDeps && !stdenv.isDarwin # libplacebo video processing library , withPulse ? withSmallDeps && !stdenv.isDarwin # Pulseaudio input support , withRav1e ? withFullDeps # AV1 encoder (focused on speed and safety) , withRtmp ? false # RTMP[E] support -, withSamba ? withFullDeps && !stdenv.isDarwin # Samba protocol +, withSamba ? withFullDeps && !stdenv.isDarwin && withGPLv3 # Samba protocol , withSdl2 ? withSmallDeps , withShaderc ? withFullDeps && !stdenv.isDarwin && lib.versionAtLeast version "5.0" , withSoxr ? withHeadlessDeps # Resampling via soxr @@ -85,23 +87,23 @@ , withV4l2M2m ? withV4l2 , withVaapi ? withHeadlessDeps && (with stdenv; isLinux || isFreeBSD) # Vaapi hardware acceleration , withVdpau ? withSmallDeps # Vdpau hardware acceleration -, withVidStab ? withFullDeps # Video stabilization -, withVmaf ? withFullDeps && withGPLv3 && !stdenv.isAarch64 && lib.versionAtLeast version "5" # Netflix's VMAF (Video Multi-Method Assessment Fusion) -, withVoAmrwbenc ? withFullDeps # AMR-WB encoder +, withVidStab ? withFullDeps && withGPL # Video stabilization +, withVmaf ? withFullDeps && !stdenv.isAarch64 && lib.versionAtLeast version "5" # Netflix's VMAF (Video Multi-Method Assessment Fusion) +, withVoAmrwbenc ? withFullDeps && withVersion3 # AMR-WB encoder , withVorbis ? withHeadlessDeps # Vorbis de/encoding, native encoder exists , withVpx ? withHeadlessDeps && stdenv.buildPlatform == stdenv.hostPlatform # VP8 & VP9 de/encoding , withVulkan ? withFullDeps && !stdenv.isDarwin , withWebp ? withFullDeps # WebP encoder -, withX264 ? withHeadlessDeps # H.264/AVC encoder -, withX265 ? withHeadlessDeps # H.265/HEVC encoder -, withXavs ? withFullDeps # AVS encoder +, withX264 ? withHeadlessDeps && withGPL # H.264/AVC encoder +, withX265 ? withHeadlessDeps && withGPL # H.265/HEVC encoder +, withXavs ? withFullDeps && withGPL # AVS encoder , withXcb ? withXcbShm || withXcbxfixes || withXcbShape # X11 grabbing using XCB , withXcbShape ? withFullDeps # X11 grabbing shape rendering , withXcbShm ? withFullDeps # X11 grabbing shm communication , withXcbxfixes ? withFullDeps # X11 grabbing mouse rendering , withXlib ? withFullDeps # Xlib support , withXml2 ? withFullDeps # libxml2 support, for IMF and DASH demuxers -, withXvid ? withHeadlessDeps # Xvid encoder, native encoder exists +, withXvid ? withHeadlessDeps && withGPL # Xvid encoder, native encoder exists , withZimg ? withHeadlessDeps , withZlib ? withHeadlessDeps , withZmq ? withFullDeps # Message passing @@ -110,7 +112,8 @@ * Licensing options (yes some are listed twice, filters and such are not listed) */ , withGPL ? true -, withGPLv3 ? true +, withVersion3 ? true # When withGPL is set this implies GPLv3 otherwise it is LGPLv3 +, withGPLv3 ? withGPL && withVersion3 , withUnfree ? false /* @@ -125,6 +128,11 @@ , withMultithread ? true # Multithreading via pthreads/win32 threads , withNetwork ? withHeadlessDeps # Network support , withPixelutils ? withHeadlessDeps # Pixel utils in libavutil +, withStatic ? stdenv.hostPlatform.isStatic +, withShared ? !stdenv.hostPlatform.isStatic +, withPic ? true +, withThumb ? false # On some ARM platforms + /* * Program options */ @@ -181,9 +189,11 @@ , alsa-lib , bzip2 , celt +, chromaprint , clang , dav1d , fdk_aac +, flite , fontconfig , freetype , frei0r @@ -301,8 +311,8 @@ assert lib.elem ffmpegVariant [ "headless" "small" "full" ]; /* * Licensing dependencies */ -assert withGPLv3 -> withGPL; -assert withUnfree -> withGPL && withGPLv3; +assert withGPLv3 -> withGPL && withVersion3; + /* * Build dependencies */ @@ -376,14 +386,15 @@ stdenv.mkDerivation (finalAttrs: { * Licensing flags */ (enableFeature withGPL "gpl") - (enableFeature withGPLv3 "version3") + (enableFeature withVersion3 "version3") (enableFeature withUnfree "nonfree") /* * Build flags */ - # On some ARM platforms --enable-thumb - "--enable-shared" - "--enable-pic" + (enableFeature withStatic "static") + (enableFeature withShared "shared") + (enableFeature withPic "pic") + (enableFeature withThumb "thumb") (enableFeature withSmallBuild "small") (enableFeature withRuntimeCPUDetection "runtime-cpudetect") @@ -447,15 +458,23 @@ stdenv.mkDerivation (finalAttrs: { * External libraries */ (enableFeature withAlsa "alsa") - # FIXME: see if jellyfin-ffmpeg is already on a version >= 6.1 to use enableFeature - (optionalString (withAribcaption && lib.versionAtLeast finalAttrs.version "6.1") "--enable-libaribcaption") + (enableFeature withAom "libaom") + ] ++ optionals (versionAtLeast finalAttrs.version "6.1") [ + (enableFeature withAribcaption "libaribcaption") + ] ++ [ + (enableFeature withAss "libass") + (enableFeature withBluray "libbluray") + (enableFeature withBs2b "libbs2b") (enableFeature withBzlib "bzlib") (enableFeature withCelt "libcelt") + (enableFeature withChromaprint "chromaprint") (enableFeature withCuda "cuda") (enableFeature withCudaLLVM "cuda-llvm") (enableFeature withDav1d "libdav1d") + (enableFeature withDc1394 "libdc1394") + (enableFeature withDrm "libdrm") (enableFeature withFdkAac "libfdk-aac") - "--disable-libflite" # Force disable until a solution is found + (enableFeature withFlite "libflite") (enableFeature withFontconfig "fontconfig") (enableFeature withFreetype "libfreetype") (enableFeature withFrei0r "frei0r") @@ -463,41 +482,14 @@ stdenv.mkDerivation (finalAttrs: { (enableFeature withGme "libgme") (enableFeature withGnutls "gnutls") (enableFeature withGsm "libgsm") - (enableFeature withLadspa "ladspa") - (enableFeature withMp3lame "libmp3lame") - (enableFeature withAom "libaom") - (enableFeature withAss "libass") - (enableFeature withBluray "libbluray") - (enableFeature withBs2b "libbs2b") - (enableFeature withDc1394 "libdc1394") - (enableFeature withDrm "libdrm") (enableFeature withIconv "iconv") (enableFeature withJack "libjack") + (enableFeature withLadspa "ladspa") + (enableFeature withLzma "lzma") (enableFeature withMfx "libmfx") (enableFeature withModplug "libmodplug") + (enableFeature withMp3lame "libmp3lame") (enableFeature withMysofa "libmysofa") - (enableFeature withOpus "libopus") - (optionalString (versionAtLeast finalAttrs.version "5.0" && withLibplacebo) "--enable-libplacebo") - (enableFeature withSvg "librsvg") - (enableFeature withSrt "libsrt") - (enableFeature withSsh "libssh") - (enableFeature withTensorflow "libtensorflow") - (enableFeature withTheora "libtheora") - (enableFeature withV4l2 "libv4l2") - (enableFeature withV4l2M2m "v4l2-m2m") - (enableFeature withVaapi "vaapi") - (enableFeature withVdpau "vdpau") - (enableFeature withVorbis "libvorbis") - (enableFeature withVmaf "libvmaf") - (enableFeature withVpx "libvpx") - (enableFeature withWebp "libwebp") - (enableFeature withXlib "xlib") - (enableFeature withXcb "libxcb") - (enableFeature withXcbShm "libxcb-shm") - (enableFeature withXcbxfixes "libxcb-xfixes") - (enableFeature withXcbShape "libxcb-shape") - (enableFeature withXml2 "libxml2") - (enableFeature withLzma "lzma") (enableFeature withNvdec "cuvid") (enableFeature withNvdec "nvdec") (enableFeature withNvenc "nvenc") @@ -508,25 +500,50 @@ stdenv.mkDerivation (finalAttrs: { (enableFeature withOpenh264 "libopenh264") (enableFeature withOpenjpeg "libopenjpeg") (enableFeature withOpenmpt "libopenmpt") + (enableFeature withOpus "libopus") + ] ++ optionals (versionAtLeast finalAttrs.version "5.0") [ + (enableFeature withPlacebo "libplacebo") + ] ++ [ (enableFeature withPulse "libpulse") (enableFeature withRav1e "librav1e") - (enableFeature withSvtav1 "libsvtav1") (enableFeature withRtmp "librtmp") + (enableFeature withSamba "libsmbclient") (enableFeature withSdl2 "sdl2") + ] ++ optionals (versionAtLeast finalAttrs.version "5.0") [ + (enableFeature withShaderc "libshaderc") + ] ++ [ (enableFeature withSoxr "libsoxr") (enableFeature withSpeex "libspeex") + (enableFeature withSrt "libsrt") + (enableFeature withSsh "libssh") + (enableFeature withSvg "librsvg") + (enableFeature withSvtav1 "libsvtav1") + (enableFeature withTensorflow "libtensorflow") + (enableFeature withTheora "libtheora") + (enableFeature withV4l2 "libv4l2") + (enableFeature withV4l2M2m "v4l2-m2m") + (enableFeature withVaapi "vaapi") + (enableFeature withVdpau "vdpau") (enableFeature withVidStab "libvidstab") # Actual min. version 2.0 + (enableFeature withVmaf "libvmaf") (enableFeature withVoAmrwbenc "libvo-amrwbenc") + (enableFeature withVorbis "libvorbis") + (enableFeature withVpx "libvpx") + (enableFeature withVulkan "vulkan") + (enableFeature withWebp "libwebp") (enableFeature withX264 "libx264") (enableFeature withX265 "libx265") (enableFeature withXavs "libxavs") + (enableFeature withXcb "libxcb") + (enableFeature withXcbShape "libxcb-shape") + (enableFeature withXcbShm "libxcb-shm") + (enableFeature withXcbxfixes "libxcb-xfixes") + (enableFeature withXlib "xlib") + (enableFeature withXml2 "libxml2") (enableFeature withXvid "libxvid") - (enableFeature withZmq "libzmq") (enableFeature withZimg "libzimg") (enableFeature withZlib "zlib") - (enableFeature withVulkan "vulkan") - (optionalString (lib.versionAtLeast finalAttrs.version "5") (enableFeature withShaderc "libshaderc")) - (enableFeature withSamba "libsmbclient") + (enableFeature withZmq "libzmq") /* * Developer flags */ @@ -558,10 +575,7 @@ stdenv.mkDerivation (finalAttrs: { nativeBuildInputs = [ removeReferencesTo addOpenGLRunpath perl pkg-config texinfo yasm ] ++ optionals withCudaLLVM [ clang ]; - # TODO This was always in buildInputs before, why? - buildInputs = optionals withFullDeps [ libdc1394 ] - ++ optionals (withFullDeps && !stdenv.isDarwin) [ libraw1394 ] # TODO where does this belong to - ++ optionals (withNvdec || withNvenc) [ (if (lib.versionAtLeast finalAttrs.version "6") then nv-codec-headers-12 else nv-codec-headers) ] + buildInputs = optionals (withNvdec || withNvenc) [ (if (lib.versionAtLeast finalAttrs.version "6") then nv-codec-headers-12 else nv-codec-headers) ] ++ optionals withAlsa [ alsa-lib ] ++ optionals withAom [ libaom ] ++ optionals withAribcaption [ libaribcaption ] @@ -571,9 +585,12 @@ stdenv.mkDerivation (finalAttrs: { ++ optionals withBzlib [ bzip2 ] ++ optionals withCaca [ libcaca ] ++ optionals withCelt [ celt ] + ++ optionals withChromaprint [ chromaprint ] ++ optionals withDav1d [ dav1d ] + ++ optionals withDc1394 [ libdc1394 libraw1394 ] ++ optionals withDrm [ libdrm ] ++ optionals withFdkAac [ fdk_aac ] + ++ optionals withFlite [ flite ] ++ optionals withFontconfig [ fontconfig ] ++ optionals withFreetype [ freetype ] ++ optionals withFrei0r [ frei0r ] @@ -584,7 +601,6 @@ stdenv.mkDerivation (finalAttrs: { ++ optionals withIconv [ libiconv ] # On Linux this should be in libc, do we really need it? ++ optionals withJack [ libjack2 ] ++ optionals withLadspa [ ladspaH ] - ++ optionals withLibplacebo [ (if (lib.versionAtLeast finalAttrs.version "6.1") then libplacebo else libplacebo_5) vulkan-headers ] ++ optionals withLzma [ xz ] ++ optionals withMfx [ intel-media-sdk ] ++ optionals withModplug [ libmodplug ] @@ -599,6 +615,7 @@ stdenv.mkDerivation (finalAttrs: { ++ optionals withOpenjpeg [ openjpeg ] ++ optionals withOpenmpt [ libopenmpt ] ++ optionals withOpus [ libopus ] + ++ optionals withPlacebo [ (if (lib.versionAtLeast finalAttrs.version "6.1") then libplacebo else libplacebo_5) vulkan-headers ] ++ optionals withPulse [ libpulseaudio ] ++ optionals withRav1e [ rav1e ] ++ optionals withRtmp [ rtmpdump ] @@ -613,6 +630,7 @@ stdenv.mkDerivation (finalAttrs: { ++ optionals withSvtav1 [ svt-av1 ] ++ optionals withTensorflow [ libtensorflow ] ++ optionals withTheora [ libtheora ] + ++ optionals withV4l2 [ libv4l ] ++ optionals withVaapi [ (if withSmallDeps then libva else libva-minimal) ] ++ optionals withVdpau [ libvdpau ] ++ optionals withVidStab [ vid-stab ] @@ -620,7 +638,6 @@ stdenv.mkDerivation (finalAttrs: { ++ optionals withVoAmrwbenc [ vo-amrwbenc ] ++ optionals withVorbis [ libvorbis ] ++ optionals withVpx [ libvpx ] - ++ optionals withV4l2 [ libv4l ] ++ optionals withVulkan [ vulkan-headers vulkan-loader ] ++ optionals withWebp [ libwebp ] ++ optionals withX264 [ x264 ] @@ -703,11 +720,13 @@ stdenv.mkDerivation (finalAttrs: { ''; license = with licenses; [ lgpl21Plus ] ++ optional withGPL gpl2Plus + ++ optional withVersion3 lgpl3Plus ++ optional withGPLv3 gpl3Plus - ++ optional withUnfree unfreeRedistributable; + ++ optional withUnfree unfreeRedistributable + ++ optional (withGPL && withUnfree) unfree; pkgConfigModules = [ "libavutil" ]; platforms = platforms.all; - maintainers = with maintainers; [ atemu arthsmn ]; + maintainers = with maintainers; [ atemu arthsmn jopejoe1 ]; mainProgram = "ffmpeg"; }; }) diff --git a/pkgs/development/libraries/gjs/default.nix b/pkgs/development/libraries/gjs/default.nix index b7f91afa3710c..1c1c1d5ff407f 100644 --- a/pkgs/development/libraries/gjs/default.nix +++ b/pkgs/development/libraries/gjs/default.nix @@ -32,13 +32,13 @@ let ]; in stdenv.mkDerivation (finalAttrs: { pname = "gjs"; - version = "1.78.1"; + version = "1.78.3"; outputs = [ "out" "dev" "installedTests" ]; src = fetchurl { url = "mirror://gnome/sources/gjs/${lib.versions.majorMinor finalAttrs.version}/gjs-${finalAttrs.version}.tar.xz"; - hash = "sha256-fpBRHEKRJ8OerABoxKyaNT335vu8ZG9fGOiWKILBhkE="; + hash = "sha256-QtUDZMql15LHZzT+W7zEudu0iBnaIKQGAGHouVJhNKQ="; }; patches = [ diff --git a/pkgs/development/libraries/glib/default.nix b/pkgs/development/libraries/glib/default.nix index f92db5b0e5d60..2a1bae9cf41b1 100644 --- a/pkgs/development/libraries/glib/default.nix +++ b/pkgs/development/libraries/glib/default.nix @@ -50,11 +50,11 @@ in stdenv.mkDerivation (finalAttrs: { pname = "glib"; - version = "2.78.3"; + version = "2.78.4"; src = fetchurl { url = "mirror://gnome/sources/glib/${lib.versions.majorMinor finalAttrs.version}/glib-${finalAttrs.version}.tar.xz"; - sha256 = "YJgB3Tc3luUVlyv5X8Cy2qRFRUge4vRlxPIE0iSyvCE="; + sha256 = "sha256-JLjgZy3KEgzDLTlLzLhYROcy4E/nXRi7BXOy28dUj2M="; }; patches = lib.optionals stdenv.isDarwin [ diff --git a/pkgs/development/libraries/glibc/2.38-master.patch.gz b/pkgs/development/libraries/glibc/2.38-master.patch.gz index 6414956807f44..a07e4f8e1d507 100644 --- a/pkgs/development/libraries/glibc/2.38-master.patch.gz +++ b/pkgs/development/libraries/glibc/2.38-master.patch.gz Binary files differdiff --git a/pkgs/development/libraries/glibc/common.nix b/pkgs/development/libraries/glibc/common.nix index 3e17817c0babe..826d1e9c83899 100644 --- a/pkgs/development/libraries/glibc/common.nix +++ b/pkgs/development/libraries/glibc/common.nix @@ -44,7 +44,7 @@ let version = "2.38"; - patchSuffix = "-27"; + patchSuffix = "-44"; sha256 = "sha256-+4KZiZiyspllRnvBtp0VLpwwfSzzAcnq+0VVt3DvP9I="; in @@ -60,7 +60,7 @@ stdenv.mkDerivation ({ [ /* No tarballs for stable upstream branch, only https://sourceware.org/git/glibc.git and using git would complicate bootstrapping. $ git fetch --all -p && git checkout origin/release/2.38/master && git describe - glibc-2.38-27-g750a45a783 + glibc-2.38-44-gd37c2b20a4 $ git show --minimal --reverse glibc-2.38.. | gzip -9n --rsyncable - > 2.38-master.patch.gz To compare the archive contents zdiff can be used. @@ -96,6 +96,11 @@ stdenv.mkDerivation ({ & https://github.com/NixOS/nixpkgs/pull/188492#issuecomment-1233802991 */ ./reenable_DT_HASH.patch + + /* Retrieved from https://salsa.debian.org/glibc-team/glibc/-/commit/662dbc4f9287139a0d9c91df328a5ba6cc6abee1#0f3c6d67cb8cf5bb35c421c20f828fea97b68edf + Qualys advisory: https://www.qualys.com/2024/01/30/qsort.txt + */ + ./local-qsort-memory-corruption.patch ] /* NVCC does not support ARM intrinsics. Since <math.h> is pulled in by almost every HPC piece of software, without this patch CUDA compilation on ARM @@ -155,7 +160,7 @@ stdenv.mkDerivation ({ # and on aarch64 with binutils 2.30 or later. # https://sourceware.org/glibc/wiki/PortStatus "--enable-static-pie" - ] ++ lib.optionals stdenv.hostPlatform.isx86 [ + ] ++ lib.optionals stdenv.hostPlatform.isx86_64 [ # Enable Intel Control-flow Enforcement Technology (CET) support "--enable-cet" ] ++ lib.optionals withLinuxHeaders [ diff --git a/pkgs/development/libraries/glibc/local-qsort-memory-corruption.patch b/pkgs/development/libraries/glibc/local-qsort-memory-corruption.patch new file mode 100644 index 0000000000000..f7e25c72a61c9 --- /dev/null +++ b/pkgs/development/libraries/glibc/local-qsort-memory-corruption.patch @@ -0,0 +1,14 @@ +diff -rup a/stdlib/qsort.c b/stdlib/qsort.c +--- a/stdlib/qsort.c 2023-07-31 10:54:16.000000000 -0700 ++++ b/stdlib/qsort.c 2024-01-15 09:08:25.596167959 -0800 +@@ -224,7 +224,8 @@ _quicksort (void *const pbase, size_t to + while ((run_ptr += size) <= end_ptr) + { + tmp_ptr = run_ptr - size; +- while ((*cmp) ((void *) run_ptr, (void *) tmp_ptr, arg) < 0) ++ while (tmp_ptr != base_ptr ++ && (*cmp) ((void *) run_ptr, (void *) tmp_ptr, arg) < 0) + tmp_ptr -= size; + + tmp_ptr += size; + diff --git a/pkgs/development/libraries/gperftools/default.nix b/pkgs/development/libraries/gperftools/default.nix index 132ae64577a71..e76c033c705d7 100644 --- a/pkgs/development/libraries/gperftools/default.nix +++ b/pkgs/development/libraries/gperftools/default.nix @@ -9,13 +9,13 @@ stdenv.mkDerivation rec { pname = "gperftools"; - version = "2.10"; + version = "2.15"; src = fetchFromGitHub { owner = pname; repo = pname; rev = "${pname}-${version}"; - sha256 = "sha256-lUX9T31cYZEi+0DgF52EDSL9yiSHa8ToMxhpQFKHOGk="; + sha256 = "sha256-3ibr8AHzo7txX1U+9oOWA60qeeJs/OGeevv+sgBwQa0="; }; patches = [ diff --git a/pkgs/development/libraries/graphene/default.nix b/pkgs/development/libraries/graphene/default.nix index 2972d5712cba3..23b617d4a6100 100644 --- a/pkgs/development/libraries/graphene/default.nix +++ b/pkgs/development/libraries/graphene/default.nix @@ -11,10 +11,13 @@ , mutest , nixosTests , glib +, withDocumentation ? !stdenv.hostPlatform.isStatic , gtk-doc , docbook_xsl , docbook_xml_dtd_43 +, buildPackages , gobject-introspection +, withIntrospection ? lib.meta.availableOn stdenv.hostPlatform gobject-introspection && stdenv.hostPlatform.emulatorAvailable buildPackages , makeWrapper }: @@ -22,7 +25,8 @@ stdenv.mkDerivation rec { pname = "graphene"; version = "1.10.8"; - outputs = [ "out" "dev" "devdoc" ] + outputs = [ "out" "dev" ] + ++ lib.optionals withDocumentation [ "devdoc" ] ++ lib.optionals (stdenv.hostPlatform == stdenv.buildPlatform) [ "installedTests" ]; src = fetchFromGitHub { @@ -51,15 +55,17 @@ stdenv.mkDerivation rec { ]; nativeBuildInputs = [ - docbook_xml_dtd_43 - docbook_xsl - gtk-doc meson ninja pkg-config - gobject-introspection python3 makeWrapper + ] ++ lib.optionals withDocumentation [ + docbook_xml_dtd_43 + docbook_xsl + gtk-doc + ] ++ lib.optionals withIntrospection [ + gobject-introspection ] ++ lib.optionals (!stdenv.buildPlatform.canExecute stdenv.hostPlatform) [ mesonEmulatorHook ]; @@ -73,8 +79,8 @@ stdenv.mkDerivation rec { ]; mesonFlags = [ - "-Dgtk_doc=true" - "-Dintrospection=enabled" + (lib.mesonBool "gtk_doc" withDocumentation) + (lib.mesonEnable "introspection" withIntrospection) "-Dinstalled_test_datadir=${placeholder "installedTests"}/share" "-Dinstalled_test_bindir=${placeholder "installedTests"}/libexec" ] ++ lib.optionals stdenv.isAarch32 [ @@ -87,12 +93,13 @@ stdenv.mkDerivation rec { postPatch = '' patchShebangs tests/gen-installed-test.py + '' + lib.optionalString withIntrospection '' PATH=${python3.withPackages (pp: [ pp.pygobject3 pp.tappy ])}/bin:$PATH patchShebangs tests/introspection.py ''; postFixup = let introspectionPy = "${placeholder "installedTests"}/libexec/installed-tests/graphene-1.0/introspection.py"; - in '' + in lib.optionalString withIntrospection '' if [ -x '${introspectionPy}' ] ; then wrapProgram '${introspectionPy}' \ --prefix GI_TYPELIB_PATH : "$out/lib/girepository-1.0" diff --git a/pkgs/development/libraries/iso-codes/default.nix b/pkgs/development/libraries/iso-codes/default.nix index f5a4c46f5791f..5539a97f0ce6e 100644 --- a/pkgs/development/libraries/iso-codes/default.nix +++ b/pkgs/development/libraries/iso-codes/default.nix @@ -2,11 +2,11 @@ stdenv.mkDerivation rec { pname = "iso-codes"; - version = "4.15.0"; + version = "4.16.0"; src = fetchurl { url = "https://salsa.debian.org/iso-codes-team/iso-codes/-/archive/v${version}/${pname}-v${version}.tar.gz"; - sha256 = "sha256-uDtUudfdbrh3OAs+xG83CwXa8sv6ExxhLwNZjWVMDvg="; + sha256 = "sha256-fJkPw5oFl1vtsBdeP/Cfw4MEiBX2i0Yqu/BVqAMuZsw="; }; nativeBuildInputs = [ gettext python3 ]; diff --git a/pkgs/development/libraries/jellyfin-ffmpeg/default.nix b/pkgs/development/libraries/jellyfin-ffmpeg/default.nix index 5c015910eab73..6398f8b872d5f 100644 --- a/pkgs/development/libraries/jellyfin-ffmpeg/default.nix +++ b/pkgs/development/libraries/jellyfin-ffmpeg/default.nix @@ -1,5 +1,4 @@ { ffmpeg_6-full -, chromaprint , fetchFromGitHub , lib }: @@ -18,12 +17,9 @@ ffmpeg_6-full.overrideAttrs (old: rec { # Clobber upstream patches as they don't apply to the Jellyfin fork patches = []; - buildInputs = old.buildInputs ++ [ chromaprint ]; - configureFlags = old.configureFlags ++ [ "--extra-version=Jellyfin" "--disable-ptx-compression" # https://github.com/jellyfin/jellyfin/issues/7944#issuecomment-1156880067 - "--enable-chromaprint" ]; postPatch = '' diff --git a/pkgs/development/libraries/libaom/default.nix b/pkgs/development/libraries/libaom/default.nix index 78aac8754787b..a808b62c3a3bf 100644 --- a/pkgs/development/libraries/libaom/default.nix +++ b/pkgs/development/libraries/libaom/default.nix @@ -1,5 +1,4 @@ { lib, stdenv, fetchzip, yasm, perl, cmake, pkg-config, python3 -, enableButteraugli ? true, libjxl , enableVmaf ? true, libvmaf , gitUpdater }: @@ -9,11 +8,11 @@ let in stdenv.mkDerivation rec { pname = "libaom"; - version = "3.8.0"; + version = "3.8.1"; src = fetchzip { url = "https://aomedia.googlesource.com/aom/+archive/v${version}.tar.gz"; - hash = "sha256-JxMz+XnjmUvk8TlTqdU2HP1Gq3bXfcLkXp5AEv9+7hM="; + hash = "sha256-qng9fEbm71HqPnPzfgqswSium9egIgpB6ZLesOQVg6c="; stripRoot = false; }; @@ -23,8 +22,7 @@ stdenv.mkDerivation rec { yasm perl cmake pkg-config python3 ]; - propagatedBuildInputs = lib.optional enableButteraugli libjxl - ++ lib.optional enableVmaf libvmaf; + propagatedBuildInputs = lib.optional enableVmaf libvmaf; preConfigure = '' # build uses `git describe` to set the build version @@ -42,8 +40,6 @@ stdenv.mkDerivation rec { cmakeFlags = [ "-DBUILD_SHARED_LIBS=ON" "-DENABLE_TESTS=OFF" - ] ++ lib.optionals enableButteraugli [ - "-DCONFIG_TUNE_BUTTERAUGLI=1" ] ++ lib.optionals enableVmaf [ "-DCONFIG_TUNE_VMAF=1" ] ++ lib.optionals (stdenv.isDarwin && stdenv.isAarch64) [ diff --git a/pkgs/development/libraries/libcbor/default.nix b/pkgs/development/libraries/libcbor/default.nix index 514ee36d02df2..43a73d374ea56 100644 --- a/pkgs/development/libraries/libcbor/default.nix +++ b/pkgs/development/libraries/libcbor/default.nix @@ -14,13 +14,13 @@ stdenv.mkDerivation (finalAttrs: { pname = "libcbor"; - version = "unstable-2023-01-29"; # Musl fix hasn't been released yet. + version = "0.10.2"; src = fetchFromGitHub { owner = "PJK"; repo = "libcbor"; - rev = "cb4162f40d94751141b4d43b07c4add83e738a68"; - sha256 = "sha256-ZTa+wG1g9KsVoqJG/yqxo2fJ7OhPnaI9QcfOmpOT3pg="; + rev = "v${finalAttrs.version}"; + hash = "sha256-eE11hYPsOKqfoX8fx/oYfOAichhUe4mMpNQNVZ6vAUI="; }; outputs = [ "out" "dev" ]; diff --git a/pkgs/development/libraries/libdecor/default.nix b/pkgs/development/libraries/libdecor/default.nix index fefaf98c40e9b..f81fdc68768ac 100644 --- a/pkgs/development/libraries/libdecor/default.nix +++ b/pkgs/development/libraries/libdecor/default.nix @@ -10,18 +10,19 @@ , cairo , dbus , pango +, gtk3 }: stdenv.mkDerivation rec { pname = "libdecor"; - version = "0.1.1"; + version = "0.2.2"; src = fetchFromGitLab { domain = "gitlab.freedesktop.org"; owner = "libdecor"; repo = "libdecor"; rev = version; - hash = "sha256-8b6qCqOSDDbhYwAeAaUyI71tSopTkGtCJaxZaJw1vQQ="; + hash = "sha256-mID19uHXFKJUZtQsSOXjRdz541YVjMxmSHVa+DlkPRc="; }; outputs = [ "out" "dev" ]; @@ -45,6 +46,7 @@ stdenv.mkDerivation rec { cairo dbus pango + gtk3 ]; meta = with lib; { diff --git a/pkgs/development/libraries/libedit/default.nix b/pkgs/development/libraries/libedit/default.nix index d8c7be41f4a10..97636e36e8481 100644 --- a/pkgs/development/libraries/libedit/default.nix +++ b/pkgs/development/libraries/libedit/default.nix @@ -2,11 +2,11 @@ stdenv.mkDerivation rec { pname = "libedit"; - version = "20221030-3.1"; + version = "20230828-3.1"; src = fetchurl { url = "https://thrysoee.dk/editline/${pname}-${version}.tar.gz"; - sha256 = "sha256-8JJaWt9LG/EW7hl2a32qdmkXrsGYdHlDscTt9npL4rs="; + sha256 = "sha256-TugYK25WkpDn0fRPD3jayHFrNfZWt2Uo9pnGnJiBTa0="; }; outputs = [ "out" "dev" ]; diff --git a/pkgs/development/libraries/libei/default.nix b/pkgs/development/libraries/libei/default.nix index 3b687fcd8edcb..18bf680ca840b 100644 --- a/pkgs/development/libraries/libei/default.nix +++ b/pkgs/development/libraries/libei/default.nix @@ -23,14 +23,14 @@ let in stdenv.mkDerivation rec { pname = "libei"; - version = "1.1.0"; + version = "1.2.0"; src = fetchFromGitLab { domain = "gitlab.freedesktop.org"; owner = "libinput"; repo = "libei"; rev = version; - hash = "sha256-ebZZ2dGXrPBUDPsuu5GZY5kDv9qndnxepQUGFDe9PUg="; + hash = "sha256-MHPWEBMtxoEJ8j3LyDPD+m3DsO9u8nE+/pPtRHHXEXA="; }; buildInputs = [ diff --git a/pkgs/development/libraries/libgit2/default.nix b/pkgs/development/libraries/libgit2/default.nix index 1012092c71dfd..957a146ce2a04 100644 --- a/pkgs/development/libraries/libgit2/default.nix +++ b/pkgs/development/libraries/libgit2/default.nix @@ -23,6 +23,8 @@ stdenv.mkDerivation rec { version = "1.7.1"; # also check the following packages for updates: python3Packages.pygit2 and libgit2-glib + outputs = ["lib" "dev" "out"]; + src = fetchFromGitHub { owner = "libgit2"; repo = "libgit2"; @@ -47,7 +49,22 @@ stdenv.mkDerivation rec { propagatedBuildInputs = lib.optional (!stdenv.isLinux) libiconv; - doCheck = false; # hangs. or very expensive? + doCheck = true; + checkPhase = '' + testArgs=(-v -xonline) + + # slow + testArgs+=(-xclone::nonetwork::bad_urls) + + # failed to set permissions on ...: Operation not permitted + testArgs+=(-xrepo::init::extended_1) + testArgs+=(-xrepo::template::extended_with_template_and_shared_mode) + + ( + set -x + ./libgit2_tests ''${testArgs[@]} + ) + ''; passthru.tests = { inherit libgit2-glib; diff --git a/pkgs/development/libraries/libgudev/default.nix b/pkgs/development/libraries/libgudev/default.nix index 5098bd9f65ca9..fd21c9e7f85e2 100644 --- a/pkgs/development/libraries/libgudev/default.nix +++ b/pkgs/development/libraries/libgudev/default.nix @@ -9,7 +9,6 @@ , gnome , vala , gobject-introspection -, fetchpatch , glibcLocales , umockdev }: @@ -25,6 +24,18 @@ stdenv.mkDerivation (finalAttrs: { hash = "sha256-YSZqsa/J1z28YKiyr3PpnS/f9H2ZVE0IV2Dk+mZ7XdE="; }; + patches = [ + # Conditionally disable one test that requires a locale implementation + # https://gitlab.gnome.org/GNOME/libgudev/-/merge_requests/31 + ./tests-skip-double-test-on-stub-locale-impls.patch + ]; + + postPatch = '' + # The relative location of LD_PRELOAD works for Glibc but not for other loaders (e.g. pkgsMusl) + substituteInPlace tests/meson.build \ + --replace "LD_PRELOAD=libumockdev-preload.so.0" "LD_PRELOAD=${lib.getLib umockdev}/lib/libumockdev-preload.so.0" + ''; + strictDeps = true; nativeBuildInputs = [ diff --git a/pkgs/development/libraries/libgudev/tests-skip-double-test-on-stub-locale-impls.patch b/pkgs/development/libraries/libgudev/tests-skip-double-test-on-stub-locale-impls.patch new file mode 100644 index 0000000000000..277670aeed2b7 --- /dev/null +++ b/pkgs/development/libraries/libgudev/tests-skip-double-test-on-stub-locale-impls.patch @@ -0,0 +1,41 @@ +From ad8b10870ee2092268f87144d8e5ab7db2011139 Mon Sep 17 00:00:00 2001 +From: Alyssa Ross <hi@alyssa.is> +Date: Tue, 30 Jan 2024 20:47:21 +0100 +Subject: [PATCH] tests: Skip double test on stub locale impls + +On musl, setlocale() with an unknown locale name will succeed, but +treat the requested locale as if it were C.UTF-8. Therefore, to +properly check whether the locale is supported, we need to actually +verify whether it works the way we expect when deciding whether to +skip the test. +--- + tests/test-double.c | 6 ++++-- + 1 file changed, 4 insertions(+), 2 deletions(-) + +diff --git a/tests/test-double.c b/tests/test-double.c +index 91e77c9..e9d9232 100644 +--- a/tests/test-double.c ++++ b/tests/test-double.c +@@ -39,8 +39,6 @@ fixture_teardown (Fixture *f, G_GNUC_UNUSED const void *data) + static void + test_double (Fixture *f, G_GNUC_UNUSED const void *data) + { +- g_assert_cmpstr (nl_langinfo(RADIXCHAR), ==, ","); +- + umockdev_testbed_add_device (f->testbed, "platform", "dev1", NULL, + "in_accel_scale", "0.0000098", NULL, + "ID_MODEL", "KoolGadget", "SCALE", "0.0000098", NULL); +@@ -73,6 +71,10 @@ int main(int argc, char **argv) + if (setlocale (LC_NUMERIC, "fr_FR.UTF-8") == NULL) + return GNU_SKIP_RETURNCODE; + ++ /* Skip if locale doesn't work how we expect. */ ++ if (strcmp (nl_langinfo(RADIXCHAR), ",")) ++ return GNU_SKIP_RETURNCODE; ++ + g_test_init (&argc, &argv, NULL); + + g_test_add ("/gudev/double", Fixture, NULL, +-- +GitLab + diff --git a/pkgs/development/libraries/libidn/default.nix b/pkgs/development/libraries/libidn/default.nix index 9e1d9e55c16a4..da37ef781b357 100644 --- a/pkgs/development/libraries/libidn/default.nix +++ b/pkgs/development/libraries/libidn/default.nix @@ -4,11 +4,11 @@ stdenv.mkDerivation (finalAttrs: { pname = "libidn"; - version = "1.41"; + version = "1.42"; src = fetchurl { url = "mirror://gnu/libidn/${finalAttrs.pname}-${finalAttrs.version}.tar.gz"; - sha256 = "sha256-iE1wY2S4Gr3Re+6Whtj/KudDHFoUZRBHxorfizH9iUU="; + sha256 = "sha256-1sGZ3NgG5P4nk2DLSwg0mg05Vg7VSP/RzK3ajN7LRyM="; }; outputs = [ "bin" "dev" "out" "info" "devdoc" ]; diff --git a/pkgs/development/libraries/libidn2/default.nix b/pkgs/development/libraries/libidn2/default.nix index 0782f94f41e5b..8fcbe42650fcc 100644 --- a/pkgs/development/libraries/libidn2/default.nix +++ b/pkgs/development/libraries/libidn2/default.nix @@ -7,11 +7,11 @@ stdenv.mkDerivation rec { pname = "libidn2"; - version = "2.3.4"; + version = "2.3.7"; src = fetchurl { url = "https://ftp.gnu.org/gnu/libidn/${pname}-${version}.tar.gz"; - sha256 = "sha256-k8q6crTgUdH41PWgdqtjyZt3+u4Bm3K5eDsmeYbbtF8="; + hash = "sha256-TCGnkbYQuVGbnQ4SuAl78vNZsS+N2SZHYRqSnmv9fWQ="; }; strictDeps = true; diff --git a/pkgs/development/libraries/libimagequant/Cargo.lock b/pkgs/development/libraries/libimagequant/Cargo.lock index fdad112994ac6..8e542f3586935 100644 --- a/pkgs/development/libraries/libimagequant/Cargo.lock +++ b/pkgs/development/libraries/libimagequant/Cargo.lock @@ -10,13 +10,14 @@ checksum = "f26201604c87b1e01bd3d98f8d5d9a8fcbb815e8cedb41ffccbeb4bf593a35fe" [[package]] name = "ahash" -version = "0.8.3" +version = "0.8.7" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "2c99f64d1e06488f620f932677e24bc6e2897582980441ae90a671415bd7ec2f" +checksum = "77c3a9648d43b9cd48db467b3f87fdd6e146bcc88ab0180006cef2179fe11d01" dependencies = [ "cfg-if", "once_cell", "version_check", + "zerocopy", ] [[package]] @@ -26,16 +27,10 @@ source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "96d30a06541fbafbc7f82ed10c06164cfbd2c401138f6addd8404629c4b16711" [[package]] -name = "autocfg" -version = "1.1.0" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "d468802bab17cbc0cc575e9b053f41e72aa36bfa6b7f55e3529ffa43161b97fa" - -[[package]] name = "bitflags" -version = "2.4.0" +version = "2.4.2" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "b4682ae6287fcf752ecaabbfcc7b6f9b72aa33933dc23a554d853aea8eea8635" +checksum = "ed570934406eb16438a4e976b1b4500774099c13b8cb96eec99f620f05090ddf" [[package]] name = "bytemuck" @@ -77,36 +72,28 @@ dependencies = [ [[package]] name = "crossbeam-deque" -version = "0.8.3" +version = "0.8.5" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "ce6fd6f855243022dcecf8702fef0c297d4338e226845fe067f6341ad9fa0cef" +checksum = "613f8cc01fe9cf1a3eb3d7f488fd2fa8388403e97039e2f73692932e291a770d" dependencies = [ - "cfg-if", "crossbeam-epoch", "crossbeam-utils", ] [[package]] name = "crossbeam-epoch" -version = "0.9.15" +version = "0.9.18" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "ae211234986c545741a7dc064309f67ee1e5ad243d0e48335adc0484d960bcc7" +checksum = "5b82ac4a3c2ca9c3460964f020e1402edd5753411d7737aa39c3714ad1b5420e" dependencies = [ - "autocfg", - "cfg-if", "crossbeam-utils", - "memoffset", - "scopeguard", ] [[package]] name = "crossbeam-utils" -version = "0.8.16" +version = "0.8.19" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "5a22b2d63d4d1dc0b7f1b6b2747dd0088008a9be28b6ddf0b1e7d335e3037294" -dependencies = [ - "cfg-if", -] +checksum = "248e3bacc7dc6baa3b21e405ee045c3047101a49145e7e9eca583ab4c2ca5345" [[package]] name = "either" @@ -144,7 +131,7 @@ dependencies = [ [[package]] name = "imagequant" -version = "4.2.2" +version = "4.3.0" dependencies = [ "arrayvec", "lodepng", @@ -156,7 +143,7 @@ dependencies = [ [[package]] name = "imagequant-sys" -version = "4.0.3" +version = "4.0.4" dependencies = [ "bitflags", "imagequant", @@ -165,15 +152,15 @@ dependencies = [ [[package]] name = "libc" -version = "0.2.149" +version = "0.2.152" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "a08173bc88b7955d1b3145aa561539096c421ac8debde8cbc3612ec635fee29b" +checksum = "13e3bf6590cbc649f4d1a3eefc9d5d6eb746f5200ffb04e5e142700b8faa56e7" [[package]] name = "lodepng" -version = "3.9.1" +version = "3.10.1" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "a3cdccd0cf57a5d456f0656ebcff72c2e19503287e1afbf3b84382812adc0606" +checksum = "a42d298694b14401847de29abd44adf278b42e989e516deac7b72018400002d8" dependencies = [ "crc32fast", "fallible_collections", @@ -183,15 +170,6 @@ dependencies = [ ] [[package]] -name = "memoffset" -version = "0.9.0" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "5a634b1c61a95585bd15607c6ab0c4e5b226e695ff2800ba0cdccddf208c406c" -dependencies = [ - "autocfg", -] - -[[package]] name = "miniz_oxide" version = "0.7.1" source = "registry+https://github.com/rust-lang/crates.io-index" @@ -202,15 +180,33 @@ dependencies = [ [[package]] name = "once_cell" -version = "1.18.0" +version = "1.19.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "3fdb12b2476b595f9358c5161aa467c2438859caa136dec86c26fdd2efe17b92" + +[[package]] +name = "proc-macro2" +version = "1.0.78" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "e2422ad645d89c99f8f3e6b88a9fdeca7fabeac836b1002371c4367c8f984aae" +dependencies = [ + "unicode-ident", +] + +[[package]] +name = "quote" +version = "1.0.35" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "dd8b5dd2ae5ed71462c540258bedcb51965123ad7e7ccf4b9a8cafaa4a63576d" +checksum = "291ec9ab5efd934aaf503a6466c5d5251535d108ee747472c3977cc5acc868ef" +dependencies = [ + "proc-macro2", +] [[package]] name = "rayon" -version = "1.8.0" +version = "1.8.1" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "9c27db03db7734835b3f53954b534c91069375ce6ccaa2e065441e07d9b6cdb1" +checksum = "fa7237101a77a10773db45d62004a272517633fbcc3df19d96455ede1122e051" dependencies = [ "either", "rayon-core", @@ -218,9 +214,9 @@ dependencies = [ [[package]] name = "rayon-core" -version = "1.12.0" +version = "1.12.1" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "5ce3fb6ad83f861aac485e76e1985cd109d9a3713802152be56c3b1f0e0658ed" +checksum = "1465873a3dfdaa8ae7cb14b4383657caab0b3e8a0aa9ae8e04b044854c8dfce2" dependencies = [ "crossbeam-deque", "crossbeam-utils", @@ -228,18 +224,23 @@ dependencies = [ [[package]] name = "rgb" -version = "0.8.36" +version = "0.8.37" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "20ec2d3e3fc7a92ced357df9cebd5a10b6fb2aa1ee797bf7e9ce2f17dffc8f59" +checksum = "05aaa8004b64fd573fc9d002f4e632d51ad4f026c2b5ba95fcb6c2f32c2c47d8" dependencies = [ "bytemuck", ] [[package]] -name = "scopeguard" -version = "1.2.0" +name = "syn" +version = "2.0.48" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "94143f37725109f92c262ed2cf5e59bce7498c01bcc1502d7b9afe439a4e9f49" +checksum = "0f3531638e407dfc0814761abb7c00a5b54992b849452a0646b7f65c9f770f3f" +dependencies = [ + "proc-macro2", + "quote", + "unicode-ident", +] [[package]] name = "thread_local" @@ -252,7 +253,33 @@ dependencies = [ ] [[package]] +name = "unicode-ident" +version = "1.0.12" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "3354b9ac3fae1ff6755cb6db53683adb661634f67557942dea4facebec0fee4b" + +[[package]] name = "version_check" version = "0.9.4" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "49874b5167b65d7193b8aba1567f5c7d93d001cafc34600cee003eda787e483f" + +[[package]] +name = "zerocopy" +version = "0.7.32" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "74d4d3961e53fa4c9a25a8637fc2bfaf2595b3d3ae34875568a5cf64787716be" +dependencies = [ + "zerocopy-derive", +] + +[[package]] +name = "zerocopy-derive" +version = "0.7.32" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "9ce1b18ccd8e73a9321186f97e46f9f04b778851177567b1975109d26a08d2a6" +dependencies = [ + "proc-macro2", + "quote", + "syn", +] diff --git a/pkgs/development/libraries/libimagequant/default.nix b/pkgs/development/libraries/libimagequant/default.nix index f60a1c7cab7a6..8d8acfd835d0d 100644 --- a/pkgs/development/libraries/libimagequant/default.nix +++ b/pkgs/development/libraries/libimagequant/default.nix @@ -1,14 +1,27 @@ -{ lib, stdenv, fetchFromGitHub, fetchurl, rust, rustPlatform, cargo-c, python3 }: +{ lib +, stdenv +, fetchFromGitHub +, fetchurl +, rust +, rustPlatform +, cargo-c +, python3 + +# tests +, testers +, vips +, libimagequant +}: rustPlatform.buildRustPackage rec { pname = "libimagequant"; - version = "4.2.2"; + version = "4.3.0"; src = fetchFromGitHub { owner = "ImageOptim"; - repo = pname; + repo = "libimagequant"; rev = version; - hash = "sha256-cZgnJOmj+xJDcewsxH2Jp5AAnFZKVuYxKPtoGeN03g4="; + hash = "sha256-/gHe3LQaBWOQImBesKvHK46T42TtRld988wgxbut4i0="; }; cargoLock = { @@ -34,7 +47,13 @@ rustPlatform.buildRustPackage rec { ''; passthru.tests = { + inherit vips; inherit (python3.pkgs) pillow; + + pkg-config = testers.hasPkgConfigModules { + package = libimagequant; + moduleNames = [ "imagequant" ]; + }; }; meta = with lib; { diff --git a/pkgs/development/libraries/libinput/default.nix b/pkgs/development/libraries/libinput/default.nix index a159a1fb5f62e..16193e5e5148e 100644 --- a/pkgs/development/libraries/libinput/default.nix +++ b/pkgs/development/libraries/libinput/default.nix @@ -45,7 +45,7 @@ in stdenv.mkDerivation rec { pname = "libinput"; - version = "1.24.0"; + version = "1.25.0"; outputs = [ "bin" "out" "dev" ]; @@ -54,7 +54,7 @@ stdenv.mkDerivation rec { owner = "libinput"; repo = "libinput"; rev = version; - sha256 = "sha256-gTcgEZ7cs4jq8w5Genxtio9nVFy7y3n0nNXJ6SVtYHY="; + hash = "sha256-c2FU5OW+CIgtYTQy+bwIbaw3SP1pVxaLokhO+ag5/1s="; }; patches = [ diff --git a/pkgs/development/libraries/libipt/default.nix b/pkgs/development/libraries/libipt/default.nix index 9b3de39e5d919..6a05aec46854a 100644 --- a/pkgs/development/libraries/libipt/default.nix +++ b/pkgs/development/libraries/libipt/default.nix @@ -2,13 +2,13 @@ stdenv.mkDerivation rec { pname = "libipt"; - version = "2.0.6"; + version = "2.1"; src = fetchFromGitHub { owner = "intel"; repo = "libipt"; rev = "v${version}"; - sha256 = "sha256-RuahOkDLbac9bhXn8QSf7lMRw11PIpXQo3eaQ9N4Rtc="; + sha256 = "sha256-SLCuNTFRGFh0mTv1xLCIDg7b6DbWCxgHhrCoPu9xpmw="; }; nativeBuildInputs = [ cmake ]; diff --git a/pkgs/development/libraries/libjpeg-turbo/0001-Compile-transupp.c-as-part-of-the-library.patch b/pkgs/development/libraries/libjpeg-turbo/0001-Compile-transupp.c-as-part-of-the-library.patch index 0a09a8845c133..7753150180642 100644 --- a/pkgs/development/libraries/libjpeg-turbo/0001-Compile-transupp.c-as-part-of-the-library.patch +++ b/pkgs/development/libraries/libjpeg-turbo/0001-Compile-transupp.c-as-part-of-the-library.patch @@ -1,29 +1,26 @@ -From 4a0584f7c05641143151ebdc1be1163bebf9d35d Mon Sep 17 00:00:00 2001 +From 6442d11617f95d13e2a371bd3e01f5082a9c356d Mon Sep 17 00:00:00 2001 From: Las <las@protonmail.ch> Date: Sun, 3 Jan 2021 18:35:37 +0000 Subject: [PATCH] Compile transupp.c as part of the library -The exported symbols are made weak to not conflict with users -of the library that already vendor this functionality. --- CMakeLists.txt | 4 ++-- - transupp.c | 14 +++++++------- - 2 files changed, 9 insertions(+), 9 deletions(-) + 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/CMakeLists.txt b/CMakeLists.txt -index 0ca6f98..a9a0fae 100644 +index adb0ca45..46fc16dd 100644 --- a/CMakeLists.txt +++ b/CMakeLists.txt -@@ -533,7 +533,7 @@ set(JPEG_SOURCES jcapimin.c jcapistd.c jccoefct.c jccolor.c jcdctmgr.c jchuff.c - jdatasrc.c jdcoefct.c jdcolor.c jddctmgr.c jdhuff.c jdicc.c jdinput.c - jdmainct.c jdmarker.c jdmaster.c jdmerge.c jdphuff.c jdpostct.c jdsample.c - jdtrans.c jerror.c jfdctflt.c jfdctfst.c jfdctint.c jidctflt.c jidctfst.c -- jidctint.c jidctred.c jquant1.c jquant2.c jutils.c jmemmgr.c jmemnobs.c) -+ jidctint.c jidctred.c jquant1.c jquant2.c jutils.c jmemmgr.c jmemnobs.c transupp.c) +@@ -581,7 +581,7 @@ set(JPEG_SOURCES ${JPEG12_SOURCES} jcapimin.c jchuff.c jcicc.c jcinit.c + jclhuff.c jcmarker.c jcmaster.c jcomapi.c jcparam.c jcphuff.c jctrans.c + jdapimin.c jdatadst.c jdatasrc.c jdhuff.c jdicc.c jdinput.c jdlhuff.c + jdmarker.c jdmaster.c jdphuff.c jdtrans.c jerror.c jfdctflt.c jmemmgr.c +- jmemnobs.c jpeg_nbits.c) ++ jmemnobs.c jpeg_nbits.c transupp.c) if(WITH_ARITH_ENC OR WITH_ARITH_DEC) set(JPEG_SOURCES ${JPEG_SOURCES} jaricom.c) -@@ -1489,7 +1489,7 @@ install(EXPORT ${CMAKE_PROJECT_NAME}Targets +@@ -1803,7 +1803,7 @@ install(EXPORT ${CMAKE_PROJECT_NAME}Targets install(FILES ${CMAKE_CURRENT_BINARY_DIR}/jconfig.h ${CMAKE_CURRENT_SOURCE_DIR}/jerror.h ${CMAKE_CURRENT_SOURCE_DIR}/jmorecfg.h @@ -32,73 +29,6 @@ index 0ca6f98..a9a0fae 100644 DESTINATION ${CMAKE_INSTALL_INCLUDEDIR}) include(cmakescripts/BuildPackages.cmake) -diff --git a/transupp.c b/transupp.c -index 6e86077..2da49a7 100644 ---- a/transupp.c -+++ b/transupp.c -@@ -1386,7 +1386,7 @@ jt_read_integer(const char **strptr, JDIMENSION *result) - * This code is loosely based on XParseGeometry from the X11 distribution. - */ - --GLOBAL(boolean) -+GLOBAL(boolean) __attribute__((weak)) - jtransform_parse_crop_spec(jpeg_transform_info *info, const char *spec) - { - info->crop = FALSE; -@@ -1486,7 +1486,7 @@ trim_bottom_edge(jpeg_transform_info *info, JDIMENSION full_height) - * and transformation is not perfect. Otherwise returns TRUE. - */ - --GLOBAL(boolean) -+GLOBAL(boolean) __attribute__((weak)) - jtransform_request_workspace(j_decompress_ptr srcinfo, - jpeg_transform_info *info) - { -@@ -2033,7 +2033,7 @@ adjust_exif_parameters(JOCTET *data, unsigned int length, JDIMENSION new_width, - * to jpeg_write_coefficients(). - */ - --GLOBAL(jvirt_barray_ptr *) -+GLOBAL(jvirt_barray_ptr *) __attribute__((weak)) - jtransform_adjust_parameters(j_decompress_ptr srcinfo, j_compress_ptr dstinfo, - jvirt_barray_ptr *src_coef_arrays, - jpeg_transform_info *info) -@@ -2152,7 +2152,7 @@ jtransform_adjust_parameters(j_decompress_ptr srcinfo, j_compress_ptr dstinfo, - * Note that some transformations will modify the source data arrays! - */ - --GLOBAL(void) -+GLOBAL(void) __attribute__((weak)) - jtransform_execute_transform(j_decompress_ptr srcinfo, j_compress_ptr dstinfo, - jvirt_barray_ptr *src_coef_arrays, - jpeg_transform_info *info) -@@ -2264,7 +2264,7 @@ jtransform_execute_transform(j_decompress_ptr srcinfo, j_compress_ptr dstinfo, - * (may use custom action then) - */ - --GLOBAL(boolean) -+GLOBAL(boolean) __attribute__((weak)) - jtransform_perfect_transform(JDIMENSION image_width, JDIMENSION image_height, - int MCU_width, int MCU_height, - JXFORM_CODE transform) -@@ -2303,7 +2303,7 @@ jtransform_perfect_transform(JDIMENSION image_width, JDIMENSION image_height, - * This must be called before jpeg_read_header() to have the desired effect. - */ - --GLOBAL(void) -+GLOBAL(void) __attribute__((weak)) - jcopy_markers_setup(j_decompress_ptr srcinfo, JCOPY_OPTION option) - { - #ifdef SAVE_MARKERS_SUPPORTED -@@ -2331,7 +2331,7 @@ jcopy_markers_setup(j_decompress_ptr srcinfo, JCOPY_OPTION option) - * JFIF APP0 or Adobe APP14 markers if selected. - */ - --GLOBAL(void) -+GLOBAL(void) __attribute__((weak)) - jcopy_markers_execute(j_decompress_ptr srcinfo, j_compress_ptr dstinfo, - JCOPY_OPTION option) - { -- -2.29.2 +2.43.0 diff --git a/pkgs/development/libraries/libjpeg-turbo/0002-Make-exported-symbols-in-transupp.c-weak.patch b/pkgs/development/libraries/libjpeg-turbo/0002-Make-exported-symbols-in-transupp.c-weak.patch new file mode 100644 index 0000000000000..fc23b776312a5 --- /dev/null +++ b/pkgs/development/libraries/libjpeg-turbo/0002-Make-exported-symbols-in-transupp.c-weak.patch @@ -0,0 +1,81 @@ +From 6442d11617f95d13e2a371bd3e01f5082a9c356d Mon Sep 17 00:00:00 2001 +From: Las <las@protonmail.ch> +Date: Sun, 3 Jan 2021 18:35:37 +0000 +Subject: [PATCH] Make exported symbols in transupp.c weak + +The exported symbols are made weak to not conflict with users +of the library that already vendor this functionality. +--- + transupp.c | 14 +++++++------- + 1 file changed, 7 insertions(+), 7 deletions(-) + +diff --git a/transupp.c b/transupp.c +index 34fbb371..c0ade5a9 100644 +--- a/transupp.c ++++ b/transupp.c +@@ -1388,7 +1388,7 @@ jt_read_integer(const char **strptr, JDIMENSION *result) + * This code is loosely based on XParseGeometry from the X11 distribution. + */ + +-GLOBAL(boolean) ++GLOBAL(boolean) __attribute__((weak)) + jtransform_parse_crop_spec(jpeg_transform_info *info, const char *spec) + { + info->crop = FALSE; +@@ -1488,7 +1488,7 @@ trim_bottom_edge(jpeg_transform_info *info, JDIMENSION full_height) + * and transformation is not perfect. Otherwise returns TRUE. + */ + +-GLOBAL(boolean) ++GLOBAL(boolean) __attribute__((weak)) + jtransform_request_workspace(j_decompress_ptr srcinfo, + jpeg_transform_info *info) + { +@@ -2035,7 +2035,7 @@ adjust_exif_parameters(JOCTET *data, unsigned int length, JDIMENSION new_width, + * to jpeg_write_coefficients(). + */ + +-GLOBAL(jvirt_barray_ptr *) ++GLOBAL(jvirt_barray_ptr *) __attribute__((weak)) + jtransform_adjust_parameters(j_decompress_ptr srcinfo, j_compress_ptr dstinfo, + jvirt_barray_ptr *src_coef_arrays, + jpeg_transform_info *info) +@@ -2154,7 +2154,7 @@ jtransform_adjust_parameters(j_decompress_ptr srcinfo, j_compress_ptr dstinfo, + * Note that some transformations will modify the source data arrays! + */ + +-GLOBAL(void) ++GLOBAL(void) __attribute__((weak)) + jtransform_execute_transform(j_decompress_ptr srcinfo, j_compress_ptr dstinfo, + jvirt_barray_ptr *src_coef_arrays, + jpeg_transform_info *info) +@@ -2266,7 +2266,7 @@ jtransform_execute_transform(j_decompress_ptr srcinfo, j_compress_ptr dstinfo, + * (may use custom action then) + */ + +-GLOBAL(boolean) ++GLOBAL(boolean) __attribute__((weak)) + jtransform_perfect_transform(JDIMENSION image_width, JDIMENSION image_height, + int MCU_width, int MCU_height, + JXFORM_CODE transform) +@@ -2305,7 +2305,7 @@ jtransform_perfect_transform(JDIMENSION image_width, JDIMENSION image_height, + * This must be called before jpeg_read_header() to have the desired effect. + */ + +-GLOBAL(void) ++GLOBAL(void) __attribute__((weak)) + jcopy_markers_setup(j_decompress_ptr srcinfo, JCOPY_OPTION option) + { + #ifdef SAVE_MARKERS_SUPPORTED +@@ -2337,7 +2337,7 @@ jcopy_markers_setup(j_decompress_ptr srcinfo, JCOPY_OPTION option) + * JFIF APP0 or Adobe APP14 markers if selected. + */ + +-GLOBAL(void) ++GLOBAL(void) __attribute__((weak)) + jcopy_markers_execute(j_decompress_ptr srcinfo, j_compress_ptr dstinfo, + JCOPY_OPTION option) + { +-- +2.43.0 + diff --git a/pkgs/development/libraries/libjpeg-turbo/default.nix b/pkgs/development/libraries/libjpeg-turbo/default.nix index 711f05779e851..a34a60b11bf15 100644 --- a/pkgs/development/libraries/libjpeg-turbo/default.nix +++ b/pkgs/development/libraries/libjpeg-turbo/default.nix @@ -1,6 +1,7 @@ { lib , stdenv , fetchFromGitHub +, fetchpatch , cmake , nasm , openjdk @@ -32,19 +33,29 @@ assert !(enableJpeg7 && enableJpeg8); # pick only one or none, not both stdenv.mkDerivation (finalAttrs: { pname = "libjpeg-turbo"; - version = "2.1.5.1"; + version = "3.0.2"; src = fetchFromGitHub { owner = "libjpeg-turbo"; repo = "libjpeg-turbo"; rev = finalAttrs.version; - sha256 = "sha256-96SBBZp+/4WkXLvHKSPItNi5WuzdVccI/ZcbJOFjYYk="; + hash = "sha256-xHjd0WHN50b75wdWPHUwfmJGsiWKmj+zA59UwakIo74="; }; - # This is needed by freeimage - patches = [ ./0001-Compile-transupp.c-as-part-of-the-library.patch ] - ++ lib.optional stdenv.hostPlatform.isMinGW - ./mingw-boolean.patch; + patches = [ + (fetchpatch { + name = "CMAKE_CROSSCOMPILING_EMULATOR=env-fix.patch"; + url = "https://github.com/libjpeg-turbo/libjpeg-turbo/compare/36c51dd3eb60ebde3ca77d3cfa7df3422f1aaaf1..b6ee1016abbc55116304ad396cf88aa19391e10a.patch"; + hash = "sha256-dNwXicvZEsG02TBaM5nYMlZ+VczT/Dfx6ZM/6huZpwE="; + }) + + # This is needed by freeimage + ./0001-Compile-transupp.c-as-part-of-the-library.patch + ] ++ lib.optionals (!stdenv.hostPlatform.isMinGW) [ + ./0002-Make-exported-symbols-in-transupp.c-weak.patch + ] ++ lib.optionals stdenv.hostPlatform.isMinGW [ + ./mingw-boolean.patch + ]; outputs = [ "bin" "dev" "dev_private" "out" "man" "doc" ]; diff --git a/pkgs/development/libraries/libjxl/default.nix b/pkgs/development/libraries/libjxl/default.nix index 8454f3e1e83b3..833b58e59428b 100644 --- a/pkgs/development/libraries/libjxl/default.nix +++ b/pkgs/development/libraries/libjxl/default.nix @@ -1,5 +1,4 @@ { stdenv, lib, fetchFromGitHub -, fetchpatch , brotli , cmake , giflib @@ -12,7 +11,6 @@ , openexr_3 , pkg-config , zlib -, buildDocs ? true , asciidoc , graphviz , doxygen @@ -21,7 +19,7 @@ stdenv.mkDerivation rec { pname = "libjxl"; - version = "0.8.2"; + version = "0.9.1"; outputs = [ "out" "dev" ]; @@ -29,31 +27,21 @@ stdenv.mkDerivation rec { owner = "libjxl"; repo = "libjxl"; rev = "v${version}"; - hash = "sha256-I3PGgh0XqRkCFz7lUZ3Q4eU0+0GwaQcVb6t4Pru1kKo="; + hash = "sha256-n5KNbbw6NQRROEM7Cojla/igRCFNawUq7nfhzJlMlPI="; # There are various submodules in `third_party/`. fetchSubmodules = true; }; - patches = [ - # Add missing <atomic> content to fix gcc compilation for RISCV architecture - # https://github.com/libjxl/libjxl/pull/2211 - (fetchpatch { - url = "https://github.com/libjxl/libjxl/commit/22d12d74e7bc56b09cfb1973aa89ec8d714fa3fc.patch"; - hash = "sha256-X4fbYTMS+kHfZRbeGzSdBW5jQKw8UN44FEyFRUtw0qo="; - }) - ]; - nativeBuildInputs = [ cmake gtest pkg-config - ] ++ lib.optionals buildDocs [ asciidoc doxygen python3 ]; - depsBuildBuild = lib.optionals buildDocs [ + depsBuildBuild = [ graphviz ]; diff --git a/pkgs/development/libraries/libmaxminddb/default.nix b/pkgs/development/libraries/libmaxminddb/default.nix index db794925504a3..1651d36710e61 100644 --- a/pkgs/development/libraries/libmaxminddb/default.nix +++ b/pkgs/development/libraries/libmaxminddb/default.nix @@ -2,11 +2,11 @@ stdenv.mkDerivation rec { pname = "libmaxminddb"; - version = "1.7.1"; + version = "1.9.1"; src = fetchurl { url = meta.homepage + "/releases/download/${version}/${pname}-${version}.tar.gz"; - sha256 = "sha256-6EFPDe3Oy8H2wxy2XNgWUJUqsGd6TYxJyrYDs7j7CD4="; + sha256 = "sha256-qAaCqJ2RX99gs10xYjL7BOvzb/8n/am9Of6KONPNPxI="; }; meta = with lib; { diff --git a/pkgs/development/libraries/libplacebo/default.nix b/pkgs/development/libraries/libplacebo/default.nix index cad556ee7a7e3..558acc4bbbeb8 100644 --- a/pkgs/development/libraries/libplacebo/default.nix +++ b/pkgs/development/libraries/libplacebo/default.nix @@ -19,14 +19,14 @@ stdenv.mkDerivation rec { pname = "libplacebo"; - version = "6.338.1"; + version = "6.338.2"; src = fetchFromGitLab { domain = "code.videolan.org"; owner = "videolan"; repo = pname; rev = "v${version}"; - hash = "sha256-NZmwR3+lIC2PF+k+kqCjoMYkMM/PKOJmDwAq7t6YONY="; + hash = "sha256-gE6yKnFvsOFh8bFYc7b+bS+zmdDU7jucr0HwhdDeFzU="; }; nativeBuildInputs = [ diff --git a/pkgs/development/libraries/libpsl/default.nix b/pkgs/development/libraries/libpsl/default.nix index 2af41e7785ae1..3d0a3f2087142 100644 --- a/pkgs/development/libraries/libpsl/default.nix +++ b/pkgs/development/libraries/libpsl/default.nix @@ -14,22 +14,13 @@ , publicsuffix-list }: -let - enableValgrindTests = !stdenv.isDarwin && lib.meta.availableOn stdenv.hostPlatform valgrind - # Apparently valgrind doesn't support some new ARM features on (some) Hydra machines: - # VEX: Mismatch detected between RDMA and atomics features. - && !stdenv.isAarch64 - # Valgrind on musl does not hook malloc calls properly, resulting in errors `Invalid free() / delete / delete[] / realloc()` - # https://bugs.kde.org/show_bug.cgi?id=435441 - && !stdenv.hostPlatform.isMusl - ; -in stdenv.mkDerivation rec { +stdenv.mkDerivation rec { pname = "libpsl"; - version = "0.21.2"; + version = "0.21.5"; src = fetchurl { url = "https://github.com/rockdaboot/libpsl/releases/download/${version}/libpsl-${version}.tar.lz"; - sha256 = "sha256-qj1wbEUnhtE0XglNriAc022B8Dz4HWNtXPwQ02WQfxc="; + hash = "sha256-mp9qjG7bplDPnqVUdc0XLdKEhzFoBOnHMgLZdXLNOi0="; }; nativeBuildInputs = [ @@ -41,8 +32,6 @@ in stdenv.mkDerivation rec { pkg-config python3 libxslt - ] ++ lib.optionals enableValgrindTests [ - valgrind ]; buildInputs = [ @@ -69,8 +58,6 @@ in stdenv.mkDerivation rec { "--with-psl-distfile=${publicsuffix-list}/share/publicsuffix/public_suffix_list.dat" "--with-psl-file=${publicsuffix-list}/share/publicsuffix/public_suffix_list.dat" "--with-psl-testfile=${publicsuffix-list}/share/publicsuffix/test_psl.txt" - ] ++ lib.optionals enableValgrindTests [ - "--enable-valgrind-tests" ]; enableParallelBuilding = true; diff --git a/pkgs/development/libraries/libusb1/default.nix b/pkgs/development/libraries/libusb1/default.nix index 57ceb5b444dfb..9103689546173 100644 --- a/pkgs/development/libraries/libusb1/default.nix +++ b/pkgs/development/libraries/libusb1/default.nix @@ -15,13 +15,13 @@ stdenv.mkDerivation rec { pname = "libusb"; - version = "1.0.26"; + version = "1.0.27"; src = fetchFromGitHub { owner = "libusb"; repo = "libusb"; rev = "v${version}"; - sha256 = "sha256-LEy45YiFbueCCi8d2hguujMsxBezaTUERHUpFsTKGZQ="; + sha256 = "sha256-OtzYxWwiba0jRK9X+4deWWDDTeZWlysEt0qMyGUarDo="; }; outputs = [ "out" "dev" ]; diff --git a/pkgs/development/libraries/libuv/default.nix b/pkgs/development/libraries/libuv/default.nix index 9381f370754c9..a150bddc626d0 100644 --- a/pkgs/development/libraries/libuv/default.nix +++ b/pkgs/development/libraries/libuv/default.nix @@ -69,6 +69,9 @@ stdenv.mkDerivation (finalAttrs: { "fs_event_watch_dir_recursive" "fs_event_watch_file" "fs_event_watch_file_current_dir" "fs_event_watch_file_exact_path" "process_priority" "udp_create_early_bad_bind" + ] ++ lib.optionals (stdenv.isDarwin && stdenv.isx86_64) [ + # fail on macos < 10.15 (starting in libuv 1.47.0) + "fs_write_alotof_bufs_with_offset" "fs_write_multiple_bufs" "fs_read_bufs" ] ++ lib.optionals stdenv.isAarch32 [ # I observe this test failing with some regularity on ARMv7: # https://github.com/libuv/libuv/issues/1871 diff --git a/pkgs/development/libraries/libvpx/default.nix b/pkgs/development/libraries/libvpx/default.nix index eb5b320b317b9..dda6b13c1bf6c 100644 --- a/pkgs/development/libraries/libvpx/default.nix +++ b/pkgs/development/libraries/libvpx/default.nix @@ -75,13 +75,13 @@ assert isCygwin -> unitTestsSupport && webmIOSupport && libyuvSupport; stdenv.mkDerivation rec { pname = "libvpx"; - version = "1.13.1"; + version = "1.14.0"; src = fetchFromGitHub { owner = "webmproject"; repo = pname; rev = "v${version}"; - hash = "sha256-KTbzZ5/qCH+bCvatYZhFiWcT+L2duD40E2w/BUaRorQ="; + hash = "sha256-duU1exUg7JiKCtZfNxyb/y40hxsXeTIMShf9YounTWA="; }; postPatch = '' diff --git a/pkgs/development/libraries/libwpe/default.nix b/pkgs/development/libraries/libwpe/default.nix index 408d082a00ded..9978082fc60ea 100644 --- a/pkgs/development/libraries/libwpe/default.nix +++ b/pkgs/development/libraries/libwpe/default.nix @@ -12,11 +12,11 @@ stdenv.mkDerivation rec { pname = "libwpe"; - version = "1.14.1"; + version = "1.14.2"; src = fetchurl { url = "https://wpewebkit.org/releases/libwpe-${version}.tar.xz"; - sha256 = "sha256-sdDNzw+Nu0lOZbD3kT41cQbamg1X9Pu3udEjim2+mt4="; + sha256 = "sha256-iuOAIsUMs0DJb9vuEhfx5Gq1f7wci6mBQlZau+2+Iu8="; }; nativeBuildInputs = [ diff --git a/pkgs/development/libraries/libxml2/default.nix b/pkgs/development/libraries/libxml2/default.nix index d06c45e819906..ce7e51c04f482 100644 --- a/pkgs/development/libraries/libxml2/default.nix +++ b/pkgs/development/libraries/libxml2/default.nix @@ -1,7 +1,6 @@ { stdenv , lib , fetchurl -, fetchFromGitLab , zlib , pkg-config , autoreconfHook @@ -35,19 +34,16 @@ in let libxml = stdenv.mkDerivation rec { pname = "libxml2"; - version = "2.12.3-unstable-2023-12-14"; + version = "2.12.4"; outputs = [ "bin" "dev" "out" "doc" ] ++ lib.optional pythonSupport "py" ++ lib.optional (enableStatic && enableShared) "static"; outputMan = "bin"; - src = fetchFromGitLab { - domain = "gitlab.gnome.org"; - owner = "GNOME"; - repo = "libxml2"; - rev = "f006355eda722cae204606b9f95ba51f5ce9189b"; - hash = "sha256-3WE90KDZq4Uaawuulc3t2+R8duCqgjEGUDN4HSXxohY="; + src = fetchurl { + url = "mirror://gnome/sources/libxml2/${lib.versions.majorMinor version}/libxml2-${version}.tar.xz"; + hash = "sha256-SXNg5CPPC9merNt8YhXeqS5tbonulAOTwrrg53y5t9A="; }; strictDeps = true; diff --git a/pkgs/development/libraries/lmdb/default.nix b/pkgs/development/libraries/lmdb/default.nix index 99296b63a7279..8c65d02bf565b 100644 --- a/pkgs/development/libraries/lmdb/default.nix +++ b/pkgs/development/libraries/lmdb/default.nix @@ -2,14 +2,14 @@ stdenv.mkDerivation rec { pname = "lmdb"; - version = "0.9.31"; + version = "0.9.32"; src = fetchFromGitLab { domain = "git.openldap.org"; owner = "openldap"; repo = "openldap"; rev = "LMDB_${version}"; - sha256 = "sha256-SBbo7MX3NST+OFPDtQshevIYrIsZD9bOkSsH91inMBw="; + sha256 = "sha256-29ZrGIiGqrvX+WsPRs2V25hPmAJSHTHaGo19nMldsb8="; }; postUnpack = "sourceRoot=\${sourceRoot}/libraries/liblmdb"; @@ -66,6 +66,7 @@ stdenv.mkDerivation rec { limited to the size of the virtual address space. ''; homepage = "https://symas.com/lmdb/"; + changelog = "https://git.openldap.org/openldap/openldap/-/blob/LMDB_${version}/libraries/liblmdb/CHANGES"; maintainers = with maintainers; [ jb55 vcunat ]; license = licenses.openldap; platforms = platforms.all; diff --git a/pkgs/development/libraries/mesa/default.nix b/pkgs/development/libraries/mesa/default.nix index 970081741b14b..38b73f56cab60 100644 --- a/pkgs/development/libraries/mesa/default.nix +++ b/pkgs/development/libraries/mesa/default.nix @@ -86,8 +86,8 @@ */ let - version = "23.3.3"; - hash = "sha256-UYMHwAV/o87otY33i+Qx1N9ar6ftxg0JJ4stegqA87Q="; + version = "23.3.5"; + hash = "sha256-acyxJ4ZB/1utccoPhmGIrrGpKq3E27nTX1CuvsW4tQ8="; # Release calendar: https://www.mesa3d.org/release-calendar.html # Release frequency: https://www.mesa3d.org/releasing.html#schedule @@ -121,7 +121,6 @@ self = stdenv.mkDerivation { ./musl.patch ./opencl.patch - ./disk_cache-include-dri-driver-path-in-cache-key.patch # Backports to fix build # FIXME: remove when applied upstream @@ -170,7 +169,6 @@ self = stdenv.mkDerivation { # https://gitlab.freedesktop.org/mesa/mesa/blob/master/docs/meson.html#L327 "-Db_ndebug=true" - "-Ddisk-cache-key=${placeholder "drivers"}" "-Ddri-search-path=${libglvnd.driverLink}/lib/dri" "-Dplatforms=${lib.concatStringsSep "," eglPlatforms}" @@ -316,8 +314,9 @@ self = stdenv.mkDerivation { postFixup = lib.optionalString stdenv.isLinux '' # set the default search path for DRI drivers; used e.g. by X server - substituteInPlace "$dev/lib/pkgconfig/dri.pc" --replace "$drivers" "${libglvnd.driverLink}" - [ -f "$dev/lib/pkgconfig/d3d.pc" ] && substituteInPlace "$dev/lib/pkgconfig/d3d.pc" --replace "$drivers" "${libglvnd.driverLink}" + for pc in lib/pkgconfig/{dri,d3d}.pc; do + [ -f "$dev/$pc" ] && substituteInPlace "$dev/$pc" --replace "$drivers" "${libglvnd.driverLink}" + done # remove pkgconfig files for GL/EGL; they are provided by libGL. rm -f $dev/lib/pkgconfig/{gl,egl}.pc diff --git a/pkgs/development/libraries/mesa/disk_cache-include-dri-driver-path-in-cache-key.patch b/pkgs/development/libraries/mesa/disk_cache-include-dri-driver-path-in-cache-key.patch deleted file mode 100644 index 05f5ec7b6a034..0000000000000 --- a/pkgs/development/libraries/mesa/disk_cache-include-dri-driver-path-in-cache-key.patch +++ /dev/null @@ -1,59 +0,0 @@ -diff --git a/meson_options.txt b/meson_options.txt -index 591ed957c85..6cb550593e3 100644 ---- a/meson_options.txt -+++ b/meson_options.txt -@@ -519,6 +519,13 @@ option( - description : 'Enable direct rendering in GLX and EGL for DRI', - ) - -+option( -+ 'disk-cache-key', -+ type : 'string', -+ value : '', -+ description : 'Mesa cache key.' -+) -+ - option('egl-lib-suffix', - type : 'string', - value : '', -diff --git a/src/util/disk_cache.c b/src/util/disk_cache.c -index 1d23b92af7e..fbb4b04f3cf 100644 ---- a/src/util/disk_cache.c -+++ b/src/util/disk_cache.c -@@ -218,8 +218,10 @@ disk_cache_type_create(const char *gpu_name, - - /* Create driver id keys */ - size_t id_size = strlen(driver_id) + 1; -+ size_t key_size = strlen(DISK_CACHE_KEY) + 1; - size_t gpu_name_size = strlen(gpu_name) + 1; - cache->driver_keys_blob_size += id_size; -+ cache->driver_keys_blob_size += key_size; - cache->driver_keys_blob_size += gpu_name_size; - - /* We sometimes store entire structs that contains a pointers in the cache, -@@ -240,6 +242,7 @@ disk_cache_type_create(const char *gpu_name, - uint8_t *drv_key_blob = cache->driver_keys_blob; - DRV_KEY_CPY(drv_key_blob, &cache_version, cv_size) - DRV_KEY_CPY(drv_key_blob, driver_id, id_size) -+ DRV_KEY_CPY(drv_key_blob, DISK_CACHE_KEY, key_size) - DRV_KEY_CPY(drv_key_blob, gpu_name, gpu_name_size) - DRV_KEY_CPY(drv_key_blob, &ptr_size, ptr_size_size) - DRV_KEY_CPY(drv_key_blob, &driver_flags, driver_flags_size) -diff --git a/src/util/meson.build b/src/util/meson.build -index eb88f235c47..eae5c54cc10 100644 ---- a/src/util/meson.build -+++ b/src/util/meson.build -@@ -286,7 +286,12 @@ _libmesa_util = static_library( - include_directories : [inc_util, include_directories('format')], - dependencies : deps_for_libmesa_util, - link_with: [libmesa_util_sse41], -- c_args : [c_msvc_compat_args], -+ c_args : [ -+ c_msvc_compat_args, -+ '-DDISK_CACHE_KEY="@0@"'.format( -+ get_option('disk-cache-key') -+ ), -+ ], - gnu_symbol_visibility : 'hidden', - build_by_default : false - ) diff --git a/pkgs/development/libraries/minizip/default.nix b/pkgs/development/libraries/minizip/default.nix index 74493a06b526c..586dd113f1d10 100644 --- a/pkgs/development/libraries/minizip/default.nix +++ b/pkgs/development/libraries/minizip/default.nix @@ -4,14 +4,6 @@ stdenv.mkDerivation { pname = "minizip"; inherit (zlib) src version; - patches = [ - (fetchpatch { - name = "CVE-2023-45853.patch"; - url = "https://github.com/madler/zlib/commit/73331a6a0481067628f065ffe87bb1d8f787d10c.patch"; - hash = "sha256-yayfe1g9HsvgMN28WF/MYkH7dGMX4PsK53FcnfL3InM="; - }) - ]; - patchFlags = [ "-p3" ]; nativeBuildInputs = [ autoreconfHook ]; diff --git a/pkgs/development/libraries/mpdecimal/default.nix b/pkgs/development/libraries/mpdecimal/default.nix index 514c61ffcb0c0..3a2e4b1fe7d09 100644 --- a/pkgs/development/libraries/mpdecimal/default.nix +++ b/pkgs/development/libraries/mpdecimal/default.nix @@ -2,12 +2,12 @@ stdenv.mkDerivation rec { pname = "mpdecimal"; - version = "4.0.0"; + version = "2.5.1"; outputs = [ "out" "cxx" "doc" "dev" ]; src = fetchurl { url = "https://www.bytereef.org/software/mpdecimal/releases/mpdecimal-${version}.tar.gz"; - hash = "sha256-lCRFwyRbInMP1Bpnp8XCMdEcsbmTa5wPdjNPt9C0Row="; + hash = "sha256-n5zUwEH5m1xJ/7e1nZ8S2VtoPYhYVgiqVqYwdmeysh8="; }; configureFlags = [ "LD=${stdenv.cc.targetPrefix}cc" ]; diff --git a/pkgs/development/libraries/nghttp2/default.nix b/pkgs/development/libraries/nghttp2/default.nix index b208607f7b1b6..f4ae615b6e94a 100644 --- a/pkgs/development/libraries/nghttp2/default.nix +++ b/pkgs/development/libraries/nghttp2/default.nix @@ -32,11 +32,11 @@ assert enableJemalloc -> enableApp; stdenv.mkDerivation rec { pname = "nghttp2"; - version = "1.57.0"; + version = "1.59.0"; src = fetchurl { url = "https://github.com/${pname}/${pname}/releases/download/v${version}/${pname}-${version}.tar.bz2"; - sha256 = "sha256-xjdnfLrESU6q+LDgOGFzFGhFgw76/+To3JL7O0KOWtI="; + sha256 = "sha256-A1P8u6ENKl9304ouSS5eZ3tjexdxI0WkcyXDw1+0d/g="; }; outputs = [ "out" "dev" "lib" "doc" "man" ]; diff --git a/pkgs/development/libraries/opencv/4.x.nix b/pkgs/development/libraries/opencv/4.x.nix index 48cc2adc6c753..7bb2649ff8944 100644 --- a/pkgs/development/libraries/opencv/4.x.nix +++ b/pkgs/development/libraries/opencv/4.x.nix @@ -233,7 +233,7 @@ let printEnabled = enabled: if enabled then "ON" else "OFF"; withOpenblas = (enableBlas && blas.provider.pname == "openblas"); #multithreaded openblas conflicts with opencv multithreading, which manifest itself in hung tests - #https://github.com/xianyi/OpenBLAS/wiki/Faq/4bded95e8dc8aadc70ce65267d1093ca7bdefc4c#multi-threaded + #https://github.com/OpenMathLib/OpenBLAS/wiki/Faq/4bded95e8dc8aadc70ce65267d1093ca7bdefc4c#multi-threaded openblas_ = blas.provider.override { singleThreaded = true; }; inherit (cudaPackages) cudaFlags cudaVersion; diff --git a/pkgs/development/libraries/openldap/default.nix b/pkgs/development/libraries/openldap/default.nix index d04690948041c..aa04ff683bfd4 100644 --- a/pkgs/development/libraries/openldap/default.nix +++ b/pkgs/development/libraries/openldap/default.nix @@ -17,11 +17,11 @@ stdenv.mkDerivation rec { pname = "openldap"; - version = "2.6.6"; + version = "2.6.7"; src = fetchurl { url = "https://www.openldap.org/software/download/OpenLDAP/openldap-release/${pname}-${version}.tgz"; - hash = "sha256-CC6ZjPVCmE1DY0RC2+EdqGB1nlEJBxUupXm9xC/jnqA="; + hash = "sha256-zXdfYlyUTteKPaGKA7A7CO6nPIqryXtBuzNumhCVSTA="; }; # TODO: separate "out" and "bin" @@ -99,6 +99,11 @@ stdenv.mkDerivation rec { # skip flaky tests rm -f tests/scripts/test063-delta-multiprovider + + # https://bugs.openldap.org/show_bug.cgi?id=10009 + # can probably be re-added once https://github.com/cyrusimap/cyrus-sasl/pull/772 + # has made it to a release + rm -f tests/scripts/test076-authid-rewrite ''; doCheck = true; diff --git a/pkgs/development/libraries/openssl/default.nix b/pkgs/development/libraries/openssl/default.nix index c7234c3da81ec..7af5085410f76 100644 --- a/pkgs/development/libraries/openssl/default.nix +++ b/pkgs/development/libraries/openssl/default.nix @@ -264,8 +264,8 @@ in { }; openssl_3 = common { - version = "3.0.12"; - hash = "sha256-+Tyejt3l6RZhGd4xdV/Ie0qjSGNmL2fd/LoU0La2m2E="; + version = "3.0.13"; + hash = "sha256-iFJXU/edO+wn0vp8ZqoLkrOqlJja/ZPXz6SzeAza4xM="; patches = [ ./3.0/nix-ssl-cert-file.patch @@ -287,8 +287,8 @@ in { }; openssl_3_2 = common { - version = "3.2.0"; - hash = "sha256-FMgm8Hx+QzcG+1xp+p4l2rlWhIRLTJYqLPG/GD60aQ4="; + version = "3.2.1"; + hash = "sha256-g8cyn+UshQZ3115dCwyiRTCbl+jsvP3B39xKufrDWzk="; patches = [ ./3.0/nix-ssl-cert-file.patch diff --git a/pkgs/development/libraries/p11-kit/default.nix b/pkgs/development/libraries/p11-kit/default.nix index 6127b83813c71..ab9bfcbc1d97e 100644 --- a/pkgs/development/libraries/p11-kit/default.nix +++ b/pkgs/development/libraries/p11-kit/default.nix @@ -73,6 +73,13 @@ stdenv.mkDerivation rec { --replace 'install_dir: prefix / p11_system_config' "install_dir: '$out/etc/pkcs11'" ''; + preCheck = '' + # Tests run in fakeroot for non-root users (with Nix single-user install) + if [ "$(id -u)" != "0" ]; then + export FAKED_MODE=1 + fi + ''; + meta = with lib; { description = "Library for loading and sharing PKCS#11 modules"; longDescription = '' diff --git a/pkgs/development/libraries/pipewire/default.nix b/pkgs/development/libraries/pipewire/default.nix index 0d1e3b03a09a8..4cfcf9b3a6d80 100644 --- a/pkgs/development/libraries/pipewire/default.nix +++ b/pkgs/development/libraries/pipewire/default.nix @@ -1,8 +1,6 @@ { stdenv , lib -, buildPackages , fetchFromGitLab -, fetchpatch , python3 , meson , ninja @@ -28,7 +26,6 @@ , readline # meson can't find <7 as those versions don't have a .pc file , lilv , makeFontsConf -, callPackage , nixosTests , withValgrind ? lib.meta.availableOn stdenv.hostPlatform valgrind , valgrind @@ -76,147 +73,141 @@ # Bluetooth codec only makes sense if general bluetooth enabled assert ldacbtSupport -> bluezSupport; -let - mesonEnableFeature = b: if b then "enabled" else "disabled"; - - self = stdenv.mkDerivation rec { - pname = "pipewire"; - version = "1.0.1"; - - outputs = [ - "out" - "jack" - "dev" - "doc" - "man" - "installedTests" - ]; - - src = fetchFromGitLab { - domain = "gitlab.freedesktop.org"; - owner = "pipewire"; - repo = "pipewire"; - rev = version; - sha256 = "sha256-rvf0sZRgDDLcqroLg7hcMUqXD/4JT+3lBRX6/m+3Ry8="; - }; - - patches = [ - # Load libjack from a known location - ./0060-libjack-path.patch - # Move installed tests into their own output. - ./0070-installed-tests-path.patch - ]; - - strictDeps = true; - nativeBuildInputs = [ - docutils - doxygen - graphviz - meson - ninja - pkg-config - python3 - glib - ]; - - buildInputs = [ - alsa-lib - dbus - glib - libjack2 - libusb1 - libselinux - libsndfile - lilv - ncurses - readline - udev - vulkan-headers - vulkan-loader - tinycompress - ] ++ (if enableSystemd then [ systemd ] else [ eudev ]) - ++ (if lib.meta.availableOn stdenv.hostPlatform webrtc-audio-processing_1 then [ webrtc-audio-processing_1 ] else [ webrtc-audio-processing ]) - ++ lib.optionals gstreamerSupport [ gst_all_1.gst-plugins-base gst_all_1.gstreamer ] - ++ lib.optionals libcameraSupport [ libcamera libdrm ] - ++ lib.optional ffmpegSupport ffmpeg - ++ lib.optionals bluezSupport [ bluez libfreeaptx liblc3 sbc fdk_aac libopus ] - ++ lib.optional ldacbtSupport ldacbt - ++ lib.optional nativeModemManagerSupport modemmanager - ++ lib.optional pulseTunnelSupport libpulseaudio - ++ lib.optional zeroconfSupport avahi - ++ lib.optional raopSupport openssl - ++ lib.optional rocSupport roc-toolkit - ++ lib.optionals x11Support [ libcanberra xorg.libX11 xorg.libXfixes ] - ++ lib.optional mysofaSupport libmysofa - ++ lib.optional ffadoSupport ffado; - - # Valgrind binary is required for running one optional test. - nativeCheckInputs = lib.optional withValgrind valgrind; - - mesonFlags = [ - "-Ddocs=enabled" - "-Dudevrulesdir=lib/udev/rules.d" - "-Dinstalled_tests=enabled" - "-Dinstalled_test_prefix=${placeholder "installedTests"}" - "-Dlibjack-path=${placeholder "jack"}/lib" - "-Dlibcamera=${mesonEnableFeature libcameraSupport}" - "-Dlibffado=${mesonEnableFeature ffadoSupport}" - "-Droc=${mesonEnableFeature rocSupport}" - "-Dlibpulse=${mesonEnableFeature pulseTunnelSupport}" - "-Davahi=${mesonEnableFeature zeroconfSupport}" - "-Dgstreamer=${mesonEnableFeature gstreamerSupport}" - "-Dsystemd-system-service=${mesonEnableFeature enableSystemd}" - "-Dudev=${mesonEnableFeature (!enableSystemd)}" - "-Dffmpeg=${mesonEnableFeature ffmpegSupport}" - "-Dbluez5=${mesonEnableFeature bluezSupport}" - "-Dbluez5-backend-hsp-native=${mesonEnableFeature nativeHspSupport}" - "-Dbluez5-backend-hfp-native=${mesonEnableFeature nativeHfpSupport}" - "-Dbluez5-backend-native-mm=${mesonEnableFeature nativeModemManagerSupport}" - "-Dbluez5-backend-ofono=${mesonEnableFeature ofonoSupport}" - "-Dbluez5-backend-hsphfpd=${mesonEnableFeature hsphfpdSupport}" - # source code is not easily obtainable - "-Dbluez5-codec-lc3plus=disabled" - "-Dbluez5-codec-lc3=${mesonEnableFeature bluezSupport}" - "-Dbluez5-codec-ldac=${mesonEnableFeature ldacbtSupport}" - "-Dsysconfdir=/etc" - "-Draop=${mesonEnableFeature raopSupport}" - "-Dsession-managers=" - "-Dvulkan=enabled" - "-Dx11=${mesonEnableFeature x11Support}" - "-Dx11-xfixes=${mesonEnableFeature x11Support}" - "-Dlibcanberra=${mesonEnableFeature x11Support}" - "-Dlibmysofa=${mesonEnableFeature mysofaSupport}" - "-Dsdl2=disabled" # required only to build examples, causes dependency loop - "-Drlimits-install=false" # installs to /etc, we won't use this anyway - "-Dcompress-offload=enabled" - "-Dman=enabled" - ]; - - # Fontconfig error: Cannot load default config file - FONTCONFIG_FILE = makeFontsConf { fontDirectories = [ ]; }; - - doCheck = true; - - postUnpack = '' - patchShebangs source/doc/*.py - patchShebangs source/doc/input-filter-h.sh - ''; - - postInstall = '' - moveToOutput "bin/pw-jack" "$jack" - ''; - - passthru.tests.installed-tests = nixosTests.installed-tests.pipewire; - - meta = with lib; { - description = "Server and user space API to deal with multimedia pipelines"; - changelog = "https://gitlab.freedesktop.org/pipewire/pipewire/-/releases/${version}"; - homepage = "https://pipewire.org/"; - license = licenses.mit; - platforms = platforms.linux; - maintainers = with maintainers; [ kranzes k900 ]; - }; +stdenv.mkDerivation(finalAttrs: { + pname = "pipewire"; + version = "1.0.3"; + + outputs = [ + "out" + "jack" + "dev" + "doc" + "man" + "installedTests" + ]; + + src = fetchFromGitLab { + domain = "gitlab.freedesktop.org"; + owner = "pipewire"; + repo = "pipewire"; + rev = finalAttrs.version; + sha256 = "sha256-QVw7Q+RNo8BBy/uxoZeSQQn/vQcIl1bOiA9fYMR0+oI="; }; -in -self + patches = [ + # Load libjack from a known location + ./0060-libjack-path.patch + # Move installed tests into their own output. + ./0070-installed-tests-path.patch + ]; + + strictDeps = true; + nativeBuildInputs = [ + docutils + doxygen + graphviz + meson + ninja + pkg-config + python3 + glib + ]; + + buildInputs = [ + alsa-lib + dbus + glib + libjack2 + libusb1 + libselinux + libsndfile + lilv + ncurses + readline + udev + vulkan-headers + vulkan-loader + tinycompress + ] ++ (if enableSystemd then [ systemd ] else [ eudev ]) + ++ (if lib.meta.availableOn stdenv.hostPlatform webrtc-audio-processing_1 then [ webrtc-audio-processing_1 ] else [ webrtc-audio-processing ]) + ++ lib.optionals gstreamerSupport [ gst_all_1.gst-plugins-base gst_all_1.gstreamer ] + ++ lib.optionals libcameraSupport [ libcamera libdrm ] + ++ lib.optional ffmpegSupport ffmpeg + ++ lib.optionals bluezSupport [ bluez libfreeaptx liblc3 sbc fdk_aac libopus ] + ++ lib.optional ldacbtSupport ldacbt + ++ lib.optional nativeModemManagerSupport modemmanager + ++ lib.optional pulseTunnelSupport libpulseaudio + ++ lib.optional zeroconfSupport avahi + ++ lib.optional raopSupport openssl + ++ lib.optional rocSupport roc-toolkit + ++ lib.optionals x11Support [ libcanberra xorg.libX11 xorg.libXfixes ] + ++ lib.optional mysofaSupport libmysofa + ++ lib.optional ffadoSupport ffado; + + # Valgrind binary is required for running one optional test. + nativeCheckInputs = lib.optional withValgrind valgrind; + + mesonFlags = [ + (lib.mesonEnable "docs" true) + (lib.mesonOption "udevrulesdir" "lib/udev/rules.d") + (lib.mesonEnable "installed_tests" true) + (lib.mesonOption "installed_test_prefix" (placeholder "installedTests")) + (lib.mesonOption "libjack-path" "${placeholder "jack"}/lib") + (lib.mesonEnable "libcamera" libcameraSupport) + (lib.mesonEnable "libffado" ffadoSupport) + (lib.mesonEnable "roc" rocSupport) + (lib.mesonEnable "libpulse" pulseTunnelSupport) + (lib.mesonEnable "avahi" zeroconfSupport) + (lib.mesonEnable "gstreamer" gstreamerSupport) + (lib.mesonEnable "systemd-system-service" enableSystemd) + (lib.mesonEnable "udev" (!enableSystemd)) + (lib.mesonEnable "ffmpeg" ffmpegSupport) + (lib.mesonEnable "bluez5" bluezSupport) + (lib.mesonEnable "bluez5-backend-hsp-native" nativeHspSupport) + (lib.mesonEnable "bluez5-backend-hfp-native" nativeHfpSupport) + (lib.mesonEnable "bluez5-backend-native-mm" nativeModemManagerSupport) + (lib.mesonEnable "bluez5-backend-ofono" ofonoSupport) + (lib.mesonEnable "bluez5-backend-hsphfpd" hsphfpdSupport) + # source code is not easily obtainable + (lib.mesonEnable "bluez5-codec-lc3plus" false) + (lib.mesonEnable "bluez5-codec-lc3" bluezSupport) + (lib.mesonEnable "bluez5-codec-ldac" ldacbtSupport) + (lib.mesonOption "sysconfdir" "/etc") + (lib.mesonEnable "raop" raopSupport) + (lib.mesonOption "session-managers" "") + (lib.mesonEnable "vulkan" true) + (lib.mesonEnable "x11" x11Support) + (lib.mesonEnable "x11-xfixes" x11Support) + (lib.mesonEnable "libcanberra" x11Support) + (lib.mesonEnable "libmysofa" mysofaSupport) + (lib.mesonEnable "sdl2" false) # required only to build examples, causes dependency loop + (lib.mesonBool "rlimits-install" false) # installs to /etc, we won't use this anyway + (lib.mesonEnable "compress-offload" true) + (lib.mesonEnable "man" true) + ]; + + # Fontconfig error: Cannot load default config file + FONTCONFIG_FILE = makeFontsConf { fontDirectories = [ ]; }; + + doCheck = true; + + postUnpack = '' + patchShebangs source/doc/*.py + patchShebangs source/doc/input-filter-h.sh + ''; + + postInstall = '' + moveToOutput "bin/pw-jack" "$jack" + ''; + + passthru.tests.installed-tests = nixosTests.installed-tests.pipewire; + + meta = with lib; { + description = "Server and user space API to deal with multimedia pipelines"; + changelog = "https://gitlab.freedesktop.org/pipewire/pipewire/-/releases/${version}"; + homepage = "https://pipewire.org/"; + license = licenses.mit; + platforms = platforms.linux; + maintainers = with maintainers; [ kranzes k900 ]; + }; +}) diff --git a/pkgs/development/libraries/pixman/default.nix b/pkgs/development/libraries/pixman/default.nix index 121bb03f4caca..1b5aaaaa06d47 100644 --- a/pkgs/development/libraries/pixman/default.nix +++ b/pkgs/development/libraries/pixman/default.nix @@ -20,14 +20,14 @@ stdenv.mkDerivation rec { pname = "pixman"; - version = "0.43.0"; + version = "0.43.2"; src = fetchurl { urls = [ "mirror://xorg/individual/lib/${pname}-${version}.tar.gz" "https://cairographics.org/releases/${pname}-${version}.tar.gz" ]; - hash = "sha256-plwoIJhY+xa+5Q2AnID5Co5BXA5P2DIQeKGCJ4WlVgo="; + hash = "sha256-6nkpflQY+1KNBGbotbkdG+iIV/o3BvSXd7KSWnKumSQ="; }; separateDebugInfo = !stdenv.hostPlatform.isStatic; diff --git a/pkgs/development/libraries/qca/default.nix b/pkgs/development/libraries/qca/default.nix index 6e2afe6f0deb1..66cdfe28eb311 100644 --- a/pkgs/development/libraries/qca/default.nix +++ b/pkgs/development/libraries/qca/default.nix @@ -4,11 +4,11 @@ let isQt6 = lib.versions.major qtbase.version == "6"; in stdenv.mkDerivation rec { pname = "qca"; - version = "2.3.7"; + version = "2.3.8"; src = fetchurl { url = "mirror://kde/stable/qca/${version}/qca-${version}.tar.xz"; - sha256 = "sha256-/uI0O1RofVvj4w+zPOKW7lCseuXiPXq3JfY//fevP0M="; + sha256 = "sha256-SHWcqGoCAkYdkIumYTQ4DMO7fSD+08AxufwCiXlqgmQ="; }; buildInputs = [ openssl qtbase qt5compat ]; diff --git a/pkgs/development/libraries/qpdf/default.nix b/pkgs/development/libraries/qpdf/default.nix index 2cabf50228447..872faafdd1ffd 100644 --- a/pkgs/development/libraries/qpdf/default.nix +++ b/pkgs/development/libraries/qpdf/default.nix @@ -2,13 +2,13 @@ stdenv.mkDerivation rec { pname = "qpdf"; - version = "11.6.3"; + version = "11.8.0"; src = fetchFromGitHub { owner = "qpdf"; repo = "qpdf"; rev = "v${version}"; - hash = "sha256-asGNZ/5iEkyIjRO9FECV1bN4k/YHv4/7I125BUr9+fE="; + hash = "sha256-EoFCRAWia8LAaLdoBW0ByndzIAjSvQ7bJFh0SZ/FKtY="; }; nativeBuildInputs = [ cmake perl ]; diff --git a/pkgs/development/libraries/qt-6/modules/qtwebengine.nix b/pkgs/development/libraries/qt-6/modules/qtwebengine.nix index 564c5c60eb516..068c04b4c89e1 100644 --- a/pkgs/development/libraries/qt-6/modules/qtwebengine.nix +++ b/pkgs/development/libraries/qt-6/modules/qtwebengine.nix @@ -204,7 +204,7 @@ qtModule { ] ++ lib.optionals enableProprietaryCodecs [ "-DQT_FEATURE_webengine_proprietary_codecs=ON" ] ++ lib.optionals stdenv.isDarwin [ - "-DCMAKE_OSX_DEPLOYMENT_TARGET=${stdenv.targetPlatform.darwinSdkVersion}" + "-DCMAKE_OSX_DEPLOYMENT_TARGET=${stdenv.hostPlatform.darwinSdkVersion}" ]; propagatedBuildInputs = [ diff --git a/pkgs/development/libraries/s2n-tls/default.nix b/pkgs/development/libraries/s2n-tls/default.nix index 6c6fa1d6be950..9f68c243cf50f 100644 --- a/pkgs/development/libraries/s2n-tls/default.nix +++ b/pkgs/development/libraries/s2n-tls/default.nix @@ -8,13 +8,13 @@ stdenv.mkDerivation rec { pname = "s2n-tls"; - version = "1.4.1"; + version = "1.4.3"; src = fetchFromGitHub { owner = "aws"; repo = pname; rev = "v${version}"; - hash = "sha256-Kq4jl/ss+Xf5/zv18QWuIyXZDyz8mk3av4mdRoQrvJY="; + hash = "sha256-E3Giiu8xiTCSAPkbxOaVL/LXZWjhAS1M/n//Pe5eOKg="; }; nativeBuildInputs = [ cmake ]; diff --git a/pkgs/development/libraries/science/math/openblas/default.nix b/pkgs/development/libraries/science/math/openblas/default.nix index c5b9f9019e064..7ecd6a88d13c9 100644 --- a/pkgs/development/libraries/science/math/openblas/default.nix +++ b/pkgs/development/libraries/science/math/openblas/default.nix @@ -6,14 +6,14 @@ # Multi-threaded applications must not call a threaded OpenBLAS # (the only exception is when an application uses OpenMP as its # *only* form of multi-threading). See -# https://github.com/xianyi/OpenBLAS/wiki/Faq/4bded95e8dc8aadc70ce65267d1093ca7bdefc4c#multi-threaded -# https://github.com/xianyi/OpenBLAS/issues/2543 +# https://github.com/OpenMathLib/OpenBLAS/wiki/Faq/4bded95e8dc8aadc70ce65267d1093ca7bdefc4c#multi-threaded +# https://github.com/OpenMathLib/OpenBLAS/issues/2543 # This flag builds a single-threaded OpenBLAS using the flags # stated in thre. , singleThreaded ? false , buildPackages # Select a specific optimization target (other than the default) -# See https://github.com/xianyi/OpenBLAS/blob/develop/TargetList.txt +# See https://github.com/OpenMathLib/OpenBLAS/blob/develop/TargetList.txt , target ? null # Select whether DYNAMIC_ARCH is enabled or not. , dynamicArch ? null @@ -30,6 +30,7 @@ , octave , opencv , python3 +, openmp ? null }: let blas64_ = blas64; in @@ -141,15 +142,15 @@ let in stdenv.mkDerivation rec { pname = "openblas"; - version = "0.3.25"; + version = "0.3.26"; outputs = [ "out" "dev" ]; src = fetchFromGitHub { - owner = "xianyi"; + owner = "OpenMathLib"; repo = "OpenBLAS"; rev = "v${version}"; - hash = "sha256-eY/R7gLDOls3csuwZkUS+x+v3GeL3dCsOD+4STxDpCg="; + hash = "sha256-AA3+x3SXkcg3g7bROZYLpWAbxnRedmQBZPe+rBJKxJ8="; }; postPatch = '' @@ -179,6 +180,8 @@ stdenv.mkDerivation rec { which ]; + buildInputs = lib.optional (stdenv.cc.isClang && config.USE_OPENMP) openmp; + depsBuildBuild = [ buildPackages.gfortran buildPackages.stdenv.cc @@ -206,10 +209,12 @@ stdenv.mkDerivation rec { else stdenv.hostPlatform != stdenv.buildPlatform; # This disables automatic build job count detection (which honours neither enableParallelBuilding nor NIX_BUILD_CORES) # and uses the main make invocation's job count, falling back to 1 if no parallelism is used. - # https://github.com/xianyi/OpenBLAS/blob/v0.3.20/getarch.c#L1781-L1792 + # https://github.com/OpenMathLib/OpenBLAS/blob/v0.3.20/getarch.c#L1781-L1792 MAKE_NB_JOBS = 0; - } // (lib.optionalAttrs singleThreaded { - # As described on https://github.com/xianyi/OpenBLAS/wiki/Faq/4bded95e8dc8aadc70ce65267d1093ca7bdefc4c#multi-threaded + } // (lib.optionalAttrs stdenv.cc.isClang { + LDFLAGS = "-L${lib.getLib buildPackages.gfortran.cc}/lib"; # contains `libgfortran.so`; building with clang needs this, gcc has it implicit + }) // (lib.optionalAttrs singleThreaded { + # As described on https://github.com/OpenMathLib/OpenBLAS/wiki/Faq/4bded95e8dc8aadc70ce65267d1093ca7bdefc4c#multi-threaded USE_THREAD = false; USE_LOCKING = true; # available with openblas >= 0.3.7 USE_OPENMP = false; # openblas will refuse building with both USE_OPENMP=1 and USE_THREAD=0 @@ -220,7 +225,7 @@ stdenv.mkDerivation rec { postInstall = '' # Write pkgconfig aliases. Upstream report: - # https://github.com/xianyi/OpenBLAS/issues/1740 + # https://github.com/OpenMathLib/OpenBLAS/issues/1740 for alias in blas cblas lapack; do cat <<EOF > $out/lib/pkgconfig/$alias.pc Name: $alias @@ -257,7 +262,7 @@ EOF meta = with lib; { description = "Basic Linear Algebra Subprograms"; license = licenses.bsd3; - homepage = "https://github.com/xianyi/OpenBLAS"; + homepage = "https://github.com/OpenMathLib/OpenBLAS"; platforms = attrNames configs; maintainers = with maintainers; [ ttuegel ]; }; diff --git a/pkgs/development/libraries/science/math/suitesparse/default.nix b/pkgs/development/libraries/science/math/suitesparse/default.nix index 45ea5900e286d..9561cf2ed7795 100644 --- a/pkgs/development/libraries/science/math/suitesparse/default.nix +++ b/pkgs/development/libraries/science/math/suitesparse/default.nix @@ -9,6 +9,7 @@ , config , enableCuda ? config.cudaSupport , cudaPackages +, openmp ? null }: stdenv.mkDerivation rec { @@ -38,6 +39,8 @@ stdenv.mkDerivation rec { gfortran.cc.lib gmp mpfr + ] ++ lib.optionals stdenv.cc.isClang [ + openmp ] ++ lib.optionals enableCuda [ cudaPackages.cuda_cudart.dev cudaPackages.cuda_cudart.lib diff --git a/pkgs/development/libraries/sqlite/default.nix b/pkgs/development/libraries/sqlite/default.nix index 952fc28eae4cf..5152f5d0e33c8 100644 --- a/pkgs/development/libraries/sqlite/default.nix +++ b/pkgs/development/libraries/sqlite/default.nix @@ -15,13 +15,13 @@ in stdenv.mkDerivation rec { pname = "sqlite${lib.optionalString interactive "-interactive"}"; - version = "3.44.2"; + version = "3.45.1"; # nixpkgs-update: no auto update # NB! Make sure to update ./tools.nix src (in the same directory). src = fetchurl { - url = "https://sqlite.org/2023/sqlite-autoconf-${archiveVersion version}.tar.gz"; - hash = "sha256-HGcZoUi8Qc8PK7vjkm184/XKCdh48SRvzCB2exdbtAc="; + url = "https://sqlite.org/2024/sqlite-autoconf-${archiveVersion version}.tar.gz"; + hash = "sha256-zZwnhBt6WTLJiXZR4guGxwHddAVWmJsByllvz6PUmgo="; }; outputs = [ "bin" "dev" "out" ]; diff --git a/pkgs/development/libraries/sqlite/tools.nix b/pkgs/development/libraries/sqlite/tools.nix index dd092dd0f0431..695d2207da7d9 100644 --- a/pkgs/development/libraries/sqlite/tools.nix +++ b/pkgs/development/libraries/sqlite/tools.nix @@ -4,12 +4,12 @@ let archiveVersion = import ./archive-version.nix lib; mkTool = { pname, makeTarget, description, homepage, mainProgram }: stdenv.mkDerivation rec { inherit pname; - version = "3.44.2"; + version = "3.45.1"; # nixpkgs-update: no auto update src = assert version == sqlite.version; fetchurl { - url = "https://sqlite.org/2023/sqlite-src-${archiveVersion version}.zip"; - hash = "sha256-cxh0c/63RQk1fo+my5/WcVOy0BDQCusv3bbO6xirryc="; + url = "https://sqlite.org/2024/sqlite-src-${archiveVersion version}.zip"; + hash = "sha256-f3sUpo7bzUpX3zqMTb1W0tNUam583VDeQM6wOvM9NLo="; }; nativeBuildInputs = [ unzip ]; diff --git a/pkgs/development/libraries/umockdev/default.nix b/pkgs/development/libraries/umockdev/default.nix index 1cae2c62b33c0..9c3026b0c9fbe 100644 --- a/pkgs/development/libraries/umockdev/default.nix +++ b/pkgs/development/libraries/umockdev/default.nix @@ -2,6 +2,7 @@ , lib , docbook-xsl-nons , fetchurl +, fetchpatch , glib , gobject-introspection , gtk-doc @@ -12,7 +13,8 @@ , ninja , pkg-config , python3 -, systemd +, substituteAll +, systemdMinimal , usbutils , vala , which @@ -33,6 +35,20 @@ stdenv.mkDerivation (finalAttrs: { # Hardcode absolute paths to libraries so that consumers # do not need to set LD_LIBRARY_PATH themselves. ./hardcode-paths.patch + + # Replace references to udevadm with an absolute paths, so programs using + # umockdev will just work without having to provide it in their test environment + # $PATH. + (substituteAll { + src = ./substitute-udevadm.patch; + udevadm = "${systemdMinimal}/bin/udevadm"; + }) + + (fetchpatch { + name = "musl.patch"; + url = "https://github.com/martinpitt/umockdev/commit/d4efe24be59bd859b87473ea3d7efe8100bedc74.patch"; + hash = "sha256-whf3p2e7FWN1xk5+HF9KsbMW74DPOQ0R0+FxBfCZTX0="; + }) ]; nativeBuildInputs = [ @@ -49,7 +65,7 @@ stdenv.mkDerivation (finalAttrs: { buildInputs = [ glib - systemd + systemdMinimal libpcap ]; @@ -59,10 +75,12 @@ stdenv.mkDerivation (finalAttrs: { nativeCheckInputs = [ python3 - which usbutils + which ]; + strictDeps = true; + mesonFlags = [ "-Dgtk_doc=true" ]; diff --git a/pkgs/development/libraries/umockdev/substitute-udevadm.patch b/pkgs/development/libraries/umockdev/substitute-udevadm.patch new file mode 100644 index 0000000000000..b09d151018e50 --- /dev/null +++ b/pkgs/development/libraries/umockdev/substitute-udevadm.patch @@ -0,0 +1,41 @@ +From 09efbe8090f501c60975d5467fb587ed633d6a01 Mon Sep 17 00:00:00 2001 +From: Florian Klink <flokli@flokli.de> +Date: Wed, 24 Jan 2024 14:29:28 +0200 +Subject: [PATCH] substitute udevadm + +--- + src/umockdev-record.vala | 2 +- + tests/test-umockdev-run.vala | 4 ++-- + 2 files changed, 3 insertions(+), 3 deletions(-) + +diff --git a/src/umockdev-record.vala b/src/umockdev-record.vala +index 2d49bc8..272f25e 100644 +--- a/src/umockdev-record.vala ++++ b/src/umockdev-record.vala +@@ -223,7 +223,7 @@ record_device(string dev) + int exitcode; + try { + Process.spawn_sync(null, +- {"udevadm", "info", "--query=all", "--path", dev}, ++ {"@udevadm@", "info", "--query=all", "--path", dev}, + null, + SpawnFlags.SEARCH_PATH, + null, +diff --git a/tests/test-umockdev-run.vala b/tests/test-umockdev-run.vala +index cd00a08..94616cb 100644 +--- a/tests/test-umockdev-run.vala ++++ b/tests/test-umockdev-run.vala +@@ -199,8 +199,8 @@ A: size=1048576\n + + // unfortunately the udevadm output between distros is not entirely constant + assert (get_program_out ( +- "udevadm", +- umockdev_run_command + "-d " + umockdev_file + " -- udevadm info --query=all --name=/dev/loop23", ++ "@udevadm@", ++ umockdev_run_command + "-d " + umockdev_file + " -- @udevadm@ info --query=all --name=/dev/loop23", + out sout, out serr, out exit)); + + assert_cmpstr (serr, CompareOperator.EQ, ""); +-- +2.43.0 + diff --git a/pkgs/development/libraries/wayland/protocols.nix b/pkgs/development/libraries/wayland/protocols.nix index 0fadb103ce33d..9625f3a5ee1b4 100644 --- a/pkgs/development/libraries/wayland/protocols.nix +++ b/pkgs/development/libraries/wayland/protocols.nix @@ -6,14 +6,14 @@ stdenv.mkDerivation rec { pname = "wayland-protocols"; - version = "1.32"; + version = "1.33"; # https://gitlab.freedesktop.org/wayland/wayland-protocols/-/issues/48 doCheck = stdenv.hostPlatform == stdenv.buildPlatform && stdenv.hostPlatform.linker == "bfd" && wayland.withLibraries; src = fetchurl { url = "https://gitlab.freedesktop.org/wayland/${pname}/-/releases/${version}/downloads/${pname}-${version}.tar.xz"; - hash = "sha256-dFl5nTQMgpa2le+FfAfd7yTFoJsJq2p097kmQNKxuhE="; + hash = "sha256-lPDFCwkNbmGgP2IEhGexmrvoUb5OEa57NvZfi5jDljo="; }; postPatch = lib.optionalString doCheck '' diff --git a/pkgs/development/libraries/webrtc-audio-processing/default.nix b/pkgs/development/libraries/webrtc-audio-processing/default.nix index ad2b12de8910b..1b847528550e2 100644 --- a/pkgs/development/libraries/webrtc-audio-processing/default.nix +++ b/pkgs/development/libraries/webrtc-audio-processing/default.nix @@ -1,6 +1,7 @@ { lib , stdenv , fetchFromGitLab +, fetchurl , darwin , abseil-cpp , meson @@ -20,6 +21,15 @@ stdenv.mkDerivation rec { hash = "sha256-8CDt4kMt2Owzyv22dqWIcFuHeg4Y3FxB405cLw3FZ+g="; }; + patches = [ + # Fix an include oppsie that happens to not happen on glibc + # https://gitlab.freedesktop.org/pulseaudio/webrtc-audio-processing/-/merge_requests/38 + (fetchurl { + url = "https://git.alpinelinux.org/aports/plain/community/webrtc-audio-processing-1/0001-rtc_base-Include-stdint.h-to-fix-build-failures.patch?id=625e19c19972e69e034c0870a31b375833d1ab5d"; + hash = "sha256-9nI22SJoU0H3CzsPSAObtCFTadtvkzdnqIh6mxmUuds="; + }) + ]; + outputs = [ "out" "dev" ]; nativeBuildInputs = [ diff --git a/pkgs/development/libraries/zlib/default.nix b/pkgs/development/libraries/zlib/default.nix index 9fccef25da179..687fb3598444e 100644 --- a/pkgs/development/libraries/zlib/default.nix +++ b/pkgs/development/libraries/zlib/default.nix @@ -9,6 +9,7 @@ # If false, and if `{ static = true; }`, the .a stays in the main output. , splitStaticOutput ? shared && static , testers +, minizip }: # Without either the build will actually still succeed because the build @@ -24,7 +25,7 @@ assert splitStaticOutput -> static; stdenv.mkDerivation (finalAttrs: { pname = "zlib"; - version = "1.3"; + version = "1.3.1"; src = let inherit (finalAttrs) version; @@ -35,7 +36,7 @@ stdenv.mkDerivation (finalAttrs: { # Stable archive path, but captcha can be encountered, causing hash mismatch. "https://www.zlib.net/fossils/zlib-${version}.tar.gz" ]; - hash = "sha256-/wukwpIBPbwnUws6geH5qBPNOd4Byl4Pi/NVcC76WT4="; + hash = "sha256-mpOyt9/ax3zrpaVYpYDnRmfdb+3kWFuR7vtg8Dty3yM="; }; postPatch = lib.optionalString stdenv.hostPlatform.isDarwin '' @@ -128,7 +129,11 @@ stdenv.mkDerivation (finalAttrs: { "SHARED_MODE=1" ]; - passthru.tests.pkg-config = testers.testMetaPkgConfig finalAttrs.finalPackage; + passthru.tests = { + pkg-config = testers.testMetaPkgConfig finalAttrs.finalPackage; + # uses `zlib` derivation: + inherit minizip; + }; meta = with lib; { homepage = "https://zlib.net"; diff --git a/pkgs/development/python-modules/aiohttp/default.nix b/pkgs/development/python-modules/aiohttp/default.nix index 691345d65a163..11eb19010fdd7 100644 --- a/pkgs/development/python-modules/aiohttp/default.nix +++ b/pkgs/development/python-modules/aiohttp/default.nix @@ -18,18 +18,18 @@ , aiodns , brotli # tests_require +, freezegun , gunicorn , pytest-mock , pytestCheckHook , python-on-whales , re-assert -, time-machine , trustme }: buildPythonPackage rec { pname = "aiohttp"; - version = "3.9.1"; + version = "3.9.3"; pyproject = true; disabled = pythonOlder "3.8"; @@ -38,7 +38,7 @@ buildPythonPackage rec { owner = "aio-libs"; repo = "aiohttp"; rev = "refs/tags/v${version}"; - hash = "sha256-uiqBUDbmROrhkanfBz4avvTSrnKxgVqw54k4jKhfRGY="; + hash = "sha256-dEeMHruFJ1o0J6VUJcpUk7LhEC8sV8hUKXoKcd618lE="; }; patches = [ @@ -79,12 +79,12 @@ buildPythonPackage rec { # NOTE: pytest-xdist cannot be added because it is flaky. See https://github.com/NixOS/nixpkgs/issues/230597 for more info. nativeCheckInputs = [ + freezegun gunicorn pytest-mock pytestCheckHook python-on-whales re-assert - time-machine ] ++ lib.optionals (!(stdenv.isDarwin && stdenv.isAarch64)) [ #Â Optional test dependency. Depends indirectly on pyopenssl, which is # broken on aarch64-darwin. diff --git a/pkgs/development/python-modules/cryptography/default.nix b/pkgs/development/python-modules/cryptography/default.nix index 770561126fb34..4ae2e77de6ac3 100644 --- a/pkgs/development/python-modules/cryptography/default.nix +++ b/pkgs/development/python-modules/cryptography/default.nix @@ -3,22 +3,20 @@ , buildPythonPackage , callPackage , cargo +, certifi , cffi , cryptography-vectors ? (callPackage ./vectors.nix { }) , fetchPypi -, hypothesis -, iso8601 +, fetchpatch2 , isPyPy , libiconv , libxcrypt , openssl , pkg-config , pretend -, py -, pytest-subtests +, pytest-xdist , pytestCheckHook , pythonOlder -, pytz , rustc , rustPlatform , Security @@ -27,26 +25,34 @@ buildPythonPackage rec { pname = "cryptography"; - version = "41.0.7"; # Also update the hash in vectors.nix + version = "42.0.2"; # Also update the hash in vectors.nix pyproject = true; disabled = pythonOlder "3.7"; src = fetchPypi { inherit pname version; - hash = "sha256-E/k86b6oAWwlOzSvxr1qdZk+XEBnLtVAWpyDLw1KALw="; + hash = "sha256-4OxSujx/G32BPNUmSaWz7x/A1DMhncjJOCfFfqts+Ig="; }; cargoDeps = rustPlatform.fetchCargoTarball { inherit src; sourceRoot = "${pname}-${version}/${cargoRoot}"; name = "${pname}-${version}"; - hash = "sha256-VeZhKisCPDRvmSjGNwCgJJeVj65BZ0Ge+yvXbZw86Rw="; + hash = "sha256-jw/FC5rQO77h6omtBp0Nc2oitkVbNElbkBUduyprTIc="; }; + patches = [ + (fetchpatch2 { + # skip overflowing tests on 32 bit; https://github.com/pyca/cryptography/pull/10366 + url = "https://github.com/pyca/cryptography/commit/d741901dddd731895346636c0d3556c6fa51fbe6.patch"; + hash = "sha256-eC+MZg5O8Ia5CbjRE4y+JhaFs3Q5c62QtPHr3x9T+zw="; + }) + ]; + postPatch = '' substituteInPlace pyproject.toml \ - --replace "--benchmark-disable" "" + --replace-fail "--benchmark-disable" "" ''; cargoRoot = "src/rust"; @@ -75,14 +81,11 @@ buildPythonPackage rec { ]; nativeCheckInputs = [ + certifi cryptography-vectors - hypothesis - iso8601 pretend - py pytestCheckHook - pytest-subtests - pytz + pytest-xdist ]; pytestFlagsArray = [ diff --git a/pkgs/development/python-modules/cryptography/vectors.nix b/pkgs/development/python-modules/cryptography/vectors.nix index c02e4d3bcf7e3..a5654de86cbbc 100644 --- a/pkgs/development/python-modules/cryptography/vectors.nix +++ b/pkgs/development/python-modules/cryptography/vectors.nix @@ -2,7 +2,7 @@ , buildPythonPackage , fetchPypi , cryptography -, setuptools +, flit-core }: buildPythonPackage rec { @@ -14,11 +14,11 @@ buildPythonPackage rec { src = fetchPypi { pname = "cryptography_vectors"; inherit version; - hash = "sha256-ezb5drbljMGAExDhyTxYTGU503Haf4U47dj8Rj3IDVs="; + hash = "sha256-rc3M9dnuZhqWAq0h0lJfZ4ugem52jOeYNZlOIIurDhY="; }; nativeBuildInputs = [ - setuptools + flit-core ]; # No tests included diff --git a/pkgs/development/python-modules/django/4.nix b/pkgs/development/python-modules/django/4.nix index 66ea0f5c1cf80..365a775c11a64 100644 --- a/pkgs/development/python-modules/django/4.nix +++ b/pkgs/development/python-modules/django/4.nix @@ -42,14 +42,14 @@ buildPythonPackage rec { pname = "Django"; - version = "4.2.9"; + version = "4.2.10"; format = "pyproject"; disabled = pythonOlder "3.8"; src = fetchPypi { inherit pname version; - hash = "sha256-EkmMw8uLyAOFOf756Q6V9QdQJDbB8MOmc0ETJPpnXRQ="; + hash = "sha256-sSYO04GxChF1PHNERAjhmGnzJB/EXJhc1VowF3x4nRM="; }; patches = [ diff --git a/pkgs/development/python-modules/fastapi/default.nix b/pkgs/development/python-modules/fastapi/default.nix index 89c1c2ffbe409..74f816d9b8a64 100644 --- a/pkgs/development/python-modules/fastapi/default.nix +++ b/pkgs/development/python-modules/fastapi/default.nix @@ -38,8 +38,8 @@ buildPythonPackage rec { pname = "fastapi"; - version = "0.104.1"; - format = "pyproject"; + version = "0.109.0"; + pyproject = true; disabled = pythonOlder "3.7"; @@ -47,7 +47,7 @@ buildPythonPackage rec { owner = "tiangolo"; repo = pname; rev = "refs/tags/${version}"; - hash = "sha256-xTTFBc+fswLYUhKRkWP/eiYSbG3j1E7CASkEtHVNTlk="; + hash = "sha256-iZBc0tYGmhQuOL/pdthhBYYnZhe+wEttoinePNAIgEs="; }; nativeBuildInputs = [ @@ -98,14 +98,9 @@ buildPythonPackage rec { # ignoring deprecation warnings to avoid test failure from # tests/test_tutorial/test_testing/test_tutorial001.py "-W ignore::DeprecationWarning" - - # http code mismatches - "--deselect=tests/test_annotated.py::test_get" ]; disabledTestPaths = [ - # Disabled tests require orjson which requires rust nightly - "tests/test_default_response_class.py" # Don't test docs and examples "docs_src" # databases is incompatible with SQLAlchemy 2.0 @@ -113,30 +108,12 @@ buildPythonPackage rec { "tests/test_tutorial/test_sql_databases" ]; - disabledTests = [ - "test_get_custom_response" - # Failed: DID NOT RAISE <class 'starlette.websockets.WebSocketDisconnect'> - "test_websocket_invalid_data" - "test_websocket_no_credentials" - # TypeError: __init__() missing 1...starlette-releated - "test_head" - "test_options" - "test_trace" - # Unexpected number of warnings caught - "test_warn_duplicate_operation_id" - # assert state["except"] is True - "test_dependency_gets_exception" - # Fixtures drift - "test_openapi_schema_sub" - # 200 != 404 - "test_flask" - ]; - pythonImportsCheck = [ "fastapi" ]; meta = with lib; { + changelog = "https://github.com/tiangolo/fastapi/releases/tag/${version}"; description = "Web framework for building APIs"; homepage = "https://github.com/tiangolo/fastapi"; license = licenses.mit; diff --git a/pkgs/development/python-modules/flask-api/default.nix b/pkgs/development/python-modules/flask-api/default.nix index 9b4a398f7f79e..e837dc71df379 100644 --- a/pkgs/development/python-modules/flask-api/default.nix +++ b/pkgs/development/python-modules/flask-api/default.nix @@ -2,14 +2,23 @@ , buildPythonPackage , pythonOlder , fetchFromGitHub +, fetchpatch + +# build-system +, setuptools + +# dependencies , flask + +# tests , markdown +, pytestCheckHook }: buildPythonPackage rec { - pname = "Flask-API"; + pname = "flask-api"; version = "3.1"; - format = "setuptools"; + pyproject = true; disabled = pythonOlder "3.6"; @@ -20,9 +29,25 @@ buildPythonPackage rec { hash = "sha256-nHgeI5FLKkDp4uWO+0eaT4YSOMkeQ0wE3ffyJF+WzTM="; }; + patches = [ + (fetchpatch { + # werkzeug 3.0 support + url = "https://github.com/flask-api/flask-api/commit/9c998897f67d8aa959dc3005d7d22f36568b6938.patch"; + hash = "sha256-vaCZ4gVlfQXyeksA44ydkjz2FxODHt3gTTP+ukJwEGY="; + }) + ]; + + nativeBuildInputs = [ + setuptools + ]; + propagatedBuildInputs = [ flask + ]; + + nativeCheckInputs = [ markdown + pytestCheckHook ]; meta = with lib; { diff --git a/pkgs/development/python-modules/flask-autoindex/default.nix b/pkgs/development/python-modules/flask-autoindex/default.nix deleted file mode 100644 index c8e14eaf35e32..0000000000000 --- a/pkgs/development/python-modules/flask-autoindex/default.nix +++ /dev/null @@ -1,51 +0,0 @@ -{ lib -, buildPythonPackage -, fetchPypi -, flask -, flask-silk -, future -, pythonOlder -, unittestCheckHook -}: - -buildPythonPackage rec { - pname = "flask-autoindex"; - version = "0.6.6"; - format = "setuptools"; - - disabled = pythonOlder "3.7"; - - src = fetchPypi { - pname = "Flask-AutoIndex"; - inherit version; - sha256 = "ea319f7ccadf68ddf98d940002066278c779323644f9944b300066d50e2effc7"; - }; - - propagatedBuildInputs = [ - flask - flask-silk - future - ]; - - nativeCheckInputs = [ - unittestCheckHook - ]; - - pythonImportsCheck = [ - "flask_autoindex" - ]; - - meta = with lib; { - description = "The mod_autoindex for Flask"; - longDescription = '' - Flask-AutoIndex generates an index page for your Flask application automatically. - The result is just like mod_autoindex, but the look is more awesome! - ''; - homepage = "https://flask-autoindex.readthedocs.io/"; - changelog = "https://github.com/general03/flask-autoindex/blob/v${version}/CHANGELOG.md"; - license = licenses.bsd2; - maintainers = teams.sage.members; - # https://github.com/general03/flask-autoindex/issues/67 - broken = true; - }; -} diff --git a/pkgs/development/python-modules/flask-basicauth/default.nix b/pkgs/development/python-modules/flask-basicauth/default.nix deleted file mode 100644 index 97a214744457b..0000000000000 --- a/pkgs/development/python-modules/flask-basicauth/default.nix +++ /dev/null @@ -1,55 +0,0 @@ -{ lib -, buildPythonPackage -, fetchFromGitHub -, fetchpatch -, flask -, python -}: - -buildPythonPackage rec { - pname = "flask-basicauth"; - version = "0.2.0"; - format = "setuptools"; - - src = fetchFromGitHub { - owner = "jpvanhal"; - repo = pname; - rev = "v${version}"; - hash = "sha256-han0OjMI1XmuWKHGVpk+xZB+/+cpV1I+659zOG3hcPY="; - }; - - patches = [ - (fetchpatch { - # The unit tests fail due to an invalid import: - # from flask.ext.basicauth import BasicAuth - # - # This patch replaces it with the correct import: - # from flask_basicauth import BasicAuth - # - # The patch uses the changes from this pull request, - # and therefore can be removed once this pull request - # has been merged: - # https://github.com/jpvanhal/flask-basicauth/pull/29 - name = "fix-test-flask-ext-imports.patch"; - url = "https://github.com/jpvanhal/flask-basicauth/commit/23f57dc1c3d85ea6fc7f468e8d8c6f19348a0a81.patch"; - hash = "sha256-njUYjO0TRe3vr5D0XjIfCNcsFlShbGxtFV/DJerAKDE="; - }) - ]; - - propagatedBuildInputs = [ flask ]; - - checkPhase = '' - runHook preCheck - ${python.interpreter} -m unittest discover - runHook postCheck - ''; - - pythonImportsCheck = [ "flask_basicauth" ]; - - meta = with lib; { - homepage = "https://github.com/jpvanhal/flask-basicauth"; - description = "HTTP basic access authentication for Flask"; - license = licenses.mit; - maintainers = with maintainers; [ wesnel ]; - }; -} diff --git a/pkgs/development/python-modules/flask-gravatar/default.nix b/pkgs/development/python-modules/flask-gravatar/default.nix index a52feb8aecbf7..1a305f017cee3 100644 --- a/pkgs/development/python-modules/flask-gravatar/default.nix +++ b/pkgs/development/python-modules/flask-gravatar/default.nix @@ -1,7 +1,15 @@ { lib , buildPythonPackage , fetchPypi +, fetchpatch + +# build-system +, setuptools + +# dependencies , flask + +# tests , pytestCheckHook , pygments }: @@ -17,6 +25,14 @@ buildPythonPackage rec { sha256 = "YGZfMcLGEokdto/4Aek+06CIHGyOw0arxk0qmSP1YuE="; }; + patches = [ + (fetchpatch { + # flask 3.0 compat + url = "https://github.com/zzzsochi/Flask-Gravatar/commit/d74d70d9695c464b602c96c2383d391b38ed51ac.patch"; + hash = "sha256-tCKkA2io/jhvrh6RhTeEw4AKnIZc9hsqTf2qItUsdjo="; + }) + ]; + postPatch = '' sed -i setup.py \ -e "s|tests_require=tests_require,||g" \ @@ -28,6 +44,10 @@ buildPythonPackage rec { --replace "--cov=flask_gravatar --cov-report=term-missing" "" ''; + nativeBuildInputs = [ + setuptools + ]; + propagatedBuildInputs = [ flask ]; @@ -37,7 +57,9 @@ buildPythonPackage rec { pygments ]; - pythonImportsCheck = [ "flask_gravatar" ]; + pythonImportsCheck = [ + "flask_gravatar" + ]; meta = with lib; { homepage = "https://github.com/zzzsochi/Flask-Gravatar"; diff --git a/pkgs/development/python-modules/flask-restful/default.nix b/pkgs/development/python-modules/flask-restful/default.nix index 68072b7ddde98..3107d4c7f5bc2 100644 --- a/pkgs/development/python-modules/flask-restful/default.nix +++ b/pkgs/development/python-modules/flask-restful/default.nix @@ -29,6 +29,8 @@ buildPythonPackage rec { # conditional so that overrides are easier for web applications patches = lib.optionals (lib.versionAtLeast werkzeug.version "2.1.0") [ ./werkzeug-2.1.0-compat.patch + ] ++ lib.optionals (lib.versionAtLeast flask.version "3.0.0") [ + ./flask-3.0-compat.patch ]; propagatedBuildInputs = [ diff --git a/pkgs/development/python-modules/flask-restful/flask-3.0-compat.patch b/pkgs/development/python-modules/flask-restful/flask-3.0-compat.patch new file mode 100644 index 0000000000000..c78105e722827 --- /dev/null +++ b/pkgs/development/python-modules/flask-restful/flask-3.0-compat.patch @@ -0,0 +1,24 @@ +diff --git a/tests/test_api.py b/tests/test_api.py +index 582ee5a..20db1f5 100644 +--- a/tests/test_api.py ++++ b/tests/test_api.py +@@ -1,7 +1,7 @@ + import unittest + import json + from flask import Flask, Blueprint, redirect, views, abort as flask_abort +-from flask.signals import got_request_exception, signals_available ++from flask.signals import got_request_exception + try: + from mock import Mock + except: +@@ -491,10 +491,6 @@ class APITestCase(unittest.TestCase): + self.assertEqual(api.default_mediatype, resp.headers['Content-Type']) + + def test_handle_error_signal(self): +- if not signals_available: +- # This test requires the blinker lib to run. +- print("Can't test signals without signal support") +- return + app = Flask(__name__) + api = flask_restful.Api(app) + diff --git a/pkgs/development/python-modules/flask-session-captcha/default.nix b/pkgs/development/python-modules/flask-session-captcha/default.nix index a720d2a4b555e..8a71b99c1539e 100644 --- a/pkgs/development/python-modules/flask-session-captcha/default.nix +++ b/pkgs/development/python-modules/flask-session-captcha/default.nix @@ -1,17 +1,25 @@ { lib , fetchFromGitHub +, fetchpatch , buildPythonPackage + +# build-system +, setuptools + +# dependencies +, captcha , flask -, flask-sessionstore +, markupsafe + +# tests , flask-sqlalchemy -, captcha , pytestCheckHook }: buildPythonPackage rec { pname = "flask-session-captcha"; version = "1.3.0"; - format = "setuptools"; + pyproject = true; src = fetchFromGitHub { owner = "Tethik"; @@ -20,15 +28,36 @@ buildPythonPackage rec { hash = "sha256-V0f3mXCfqwH2l3OtJKOHGdrlKAFxs2ynqXvNve7Amkc="; }; - propagatedBuildInputs = [ flask flask-sessionstore captcha ]; + patches = [ + (fetchpatch { + # https://github.com/Tethik/flask-session-captcha/pull/44 + url = "https://github.com/Tethik/flask-session-captcha/commit/3f79c22a71c60dd60e9df61b550cce641603dcb6.patch"; + hash = "sha256-MXsoSytBNbcg3HU6IWlvf2MgNUL78T5ToxKGv4YMtZw="; + }) + ]; + + nativeBuildInputs = [ + setuptools + ]; - pythonImportsCheck = [ "flask_session_captcha" ]; + propagatedBuildInputs = [ + captcha + flask + markupsafe + ]; - nativeCheckInputs = [ flask-sqlalchemy pytestCheckHook ]; + pythonImportsCheck = [ + "flask_session_captcha" + ]; # RuntimeError: Working outside of application context. doCheck = false; + nativeCheckInputs = [ + flask-sqlalchemy + pytestCheckHook + ]; + meta = with lib; { description = "A captcha implemention for flask"; homepage = "https://github.com/Tethik/flask-session-captcha"; diff --git a/pkgs/development/python-modules/flask-sessionstore/default.nix b/pkgs/development/python-modules/flask-sessionstore/default.nix deleted file mode 100644 index 12f3ff51b425c..0000000000000 --- a/pkgs/development/python-modules/flask-sessionstore/default.nix +++ /dev/null @@ -1,35 +0,0 @@ -{ lib -, fetchPypi -, buildPythonPackage -, flask -, nose -}: - -buildPythonPackage rec { - pname = "flask-sessionstore"; - version = "0.4.5"; - format = "setuptools"; - - src = fetchPypi { - pname = "Flask-Sessionstore"; - inherit version; - hash = "sha256-AQ3jWrnw2UI8L3nFEx4AhDwGP4R8Tr7iBMsDS5jLQPQ="; - }; - - propagatedBuildInputs = [ flask ]; - - pythonImportsCheck = [ "flask_sessionstore" ]; - - nativeCheckInputs = [ nose ]; - - checkPhase = '' - nosetests -s - ''; - - meta = with lib; { - description = "Session Storage Backends for Flask"; - homepage = "https://github.com/mcrowson/flask-sessionstore"; - license = licenses.bsd3; - maintainers = with maintainers; [ Flakebi ]; - }; -} diff --git a/pkgs/development/python-modules/flask/default.nix b/pkgs/development/python-modules/flask/default.nix index 154625f6c52a2..083cf33c88fd2 100644 --- a/pkgs/development/python-modules/flask/default.nix +++ b/pkgs/development/python-modules/flask/default.nix @@ -1,18 +1,28 @@ { lib , buildPythonPackage , fetchPypi -, asgiref +, pythonOlder + +# build-system +, flit-core + +# dependencies , blinker , click -, flit-core , importlib-metadata , itsdangerous , jinja2 -, python-dotenv , werkzeug + +# optional-dependencies +, asgiref +, python-dotenv + +# tests +, greenlet , pytestCheckHook -, pythonOlder - # used in passthru.tests + +# reverse dependencies , flask-limiter , flask-restful , flask-restx @@ -21,12 +31,12 @@ buildPythonPackage rec { pname = "flask"; - version = "2.3.3"; + version = "3.0.1"; format = "pyproject"; src = fetchPypi { inherit pname version; - hash = "sha256-CcNHqSqn/0qOfzIGeV8w2CZlS684uHPQdEzVccpgnvw="; + hash = "sha256-ZIn1G7Nmbe9vMU4V8Z1QoYaaGa4OjJo2Qf/mbHfUJAM="; }; nativeBuildInputs = [ @@ -39,21 +49,31 @@ buildPythonPackage rec { itsdangerous jinja2 werkzeug - ] ++ lib.optional (pythonOlder "3.10") importlib-metadata; + ] ++ lib.optionals (pythonOlder "3.10") [ + importlib-metadata + ]; + + passthru.optional-dependencies = { + async = [ + asgiref + ]; + dotenv = [ + python-dotenv + ]; + }; nativeCheckInputs = [ pytestCheckHook - ]; + ] ++ lib.optionals (pythonOlder "3.11") [ + greenlet + ] ++ lib.flatten (builtins.attrValues passthru.optional-dependencies); passthru.tests = { inherit flask-limiter flask-restful flask-restx moto; }; - passthru.optional-dependencies = { - dotenv = [ python-dotenv ]; - async = [ asgiref ]; - }; meta = with lib; { + changelog = "https://flask.palletsprojects.com/en/${versions.majorMinor version}.x/changes/#version-${replaceStrings [ "." ] [ "-" ] version}"; homepage = "https://flask.palletsprojects.com/"; description = "The Python micro framework for building web applications"; longDescription = '' diff --git a/pkgs/development/python-modules/fontparts/default.nix b/pkgs/development/python-modules/fontparts/default.nix index 9f042cf1ef460..d543220c4b25d 100644 --- a/pkgs/development/python-modules/fontparts/default.nix +++ b/pkgs/development/python-modules/fontparts/default.nix @@ -1,40 +1,67 @@ -{ lib, buildPythonPackage, fetchPypi, python, pythonOlder -, fonttools, lxml, fs, unicodedata2 -, defcon, fontpens, fontmath, booleanoperations -, pytest, setuptools-scm +{ lib +, buildPythonPackage +, fetchPypi +, fetchpatch2 +, pythonOlder + +# build-system +, setuptools +, setuptools-scm + +# dependencies +, fonttools +, defcon +, fontmath +, booleanoperations + +# tests +, python }: buildPythonPackage rec { - pname = "fontParts"; + pname = "fontparts"; version = "0.12.1"; + pyproject = true; disabled = pythonOlder "3.7"; src = fetchPypi { - inherit pname version; + pname = "fontParts"; + inherit version; hash = "sha256-eeU13S1IcC+bsiK3YDlT4rVDeXDGcxx1wY/is8t5pCA="; extension = "zip"; }; - nativeBuildInputs = [ setuptools-scm ]; + patches = [ + (fetchpatch2 { + # replace remaining usage of assertEquals for Python 3.12 support + # https://github.com/robotools/fontParts/pull/720 + url = "https://github.com/robotools/fontParts/commit/d7484cd98051aa1588683136da0bb99eac31523b.patch"; + hash = "sha256-maoUgbmXY/RC4TUZI4triA9OIfB4T98qjUaQ94uhsbg="; + }) + ]; + + nativeBuildInputs = [ + setuptools + setuptools-scm + ]; propagatedBuildInputs = [ booleanoperations - fonttools - unicodedata2 # fonttools[unicode] extra - lxml # fonttools[lxml] extra - fs # fonttools[ufo] extra defcon - fontpens # defcon[pens] extra fontmath - ]; + fonttools + ] + ++ defcon.optional-dependencies.pens + ++ fonttools.optional-dependencies.ufo + ++ fonttools.optional-dependencies.lxml + ++ fonttools.optional-dependencies.unicode; checkPhase = '' runHook preCheck ${python.interpreter} Lib/fontParts/fontshell/test.py runHook postCheck ''; - nativeCheckInputs = [ pytest ]; meta = with lib; { description = "An API for interacting with the parts of fonts during the font development process."; diff --git a/pkgs/development/python-modules/hatchling/default.nix b/pkgs/development/python-modules/hatchling/default.nix index 221c266287f9b..6dca631c967e4 100644 --- a/pkgs/development/python-modules/hatchling/default.nix +++ b/pkgs/development/python-modules/hatchling/default.nix @@ -20,13 +20,13 @@ buildPythonPackage rec { pname = "hatchling"; - version = "1.21.0"; + version = "1.21.1"; format = "pyproject"; disabled = pythonOlder "3.8"; src = fetchPypi { inherit pname version; - hash = "sha256-XAhncjV6UHI7gl/V2lJ4rH42l833eX0HVBpskLb/dUw="; + hash = "sha256-u6RARToiTn1EeEV/oujYw2M3Zbr6Apdaa1O5v5F5gLw="; }; # listed in backend/pyproject.toml diff --git a/pkgs/development/python-modules/httpbin/default.nix b/pkgs/development/python-modules/httpbin/default.nix index 48de08ee3b4c5..0fbc8bc73ee9b 100644 --- a/pkgs/development/python-modules/httpbin/default.nix +++ b/pkgs/development/python-modules/httpbin/default.nix @@ -1,6 +1,7 @@ { lib , buildPythonPackage , fetchPypi +, fetchpatch , pythonRelaxDepsHook # build-system @@ -33,6 +34,14 @@ buildPythonPackage rec { hash = "sha256-e4WWvrDnWntlPDnR888mPW1cR20p4d9ve7K3C/nwaj0="; }; + patches = [ + (fetchpatch { + # backport flask 3.0 support; drop after 0.10.1 + url = "https://github.com/psf/httpbin/commit/c1d9e33049263fed3cb27806a97f094acc350905.patch"; + hash = "sha256-SYJgQN3ERDgLIaBc4eqDfey+EX4z6CSxLoAA7j+16xI="; + }) + ]; + nativeBuildInputs = [ setuptools pythonRelaxDepsHook diff --git a/pkgs/development/python-modules/httpx/default.nix b/pkgs/development/python-modules/httpx/default.nix index 0bbb64652737d..9641597a516d0 100644 --- a/pkgs/development/python-modules/httpx/default.nix +++ b/pkgs/development/python-modules/httpx/default.nix @@ -30,7 +30,7 @@ buildPythonPackage rec { pname = "httpx"; - version = "0.25.2"; + version = "0.26.0"; format = "pyproject"; disabled = pythonOlder "3.7"; @@ -39,7 +39,7 @@ buildPythonPackage rec { owner = "encode"; repo = pname; rev = "refs/tags/${version}"; - hash = "sha256-rGtIrs4dffs7Ndtjb400q7JrZh+HG9k0uwHw9pRlC5s="; + hash = "sha256-qMMx1CYu2/yH4NRvZFzJOflAPIbcvMYJqU4r+chuzl0="; }; nativeBuildInputs = [ diff --git a/pkgs/development/python-modules/ipython/default.nix b/pkgs/development/python-modules/ipython/default.nix index 09121fb1f24a7..e92d5fbbf6563 100644 --- a/pkgs/development/python-modules/ipython/default.nix +++ b/pkgs/development/python-modules/ipython/default.nix @@ -29,13 +29,13 @@ buildPythonPackage rec { pname = "ipython"; - version = "8.18.1"; - format = "pyproject"; - disabled = pythonOlder "3.8"; + version = "8.20.0"; + pyproject = true; + disabled = pythonOlder "3.10"; src = fetchPypi { inherit pname version; - sha256 = "sha256-ym8Hm7M0V8ZuIz5FgOv8QSiFW0z2Nw3d1zhCqVY+iic="; + hash = "sha256-LyG9P8HVFVDInuOUSuBLvHvHnhKeoJN9pubGi/2/EXo="; }; nativeBuildInputs = [ diff --git a/pkgs/development/python-modules/json-logging/default.nix b/pkgs/development/python-modules/json-logging/default.nix index a3ac3ff7f0059..3d22f4e878baa 100644 --- a/pkgs/development/python-modules/json-logging/default.nix +++ b/pkgs/development/python-modules/json-logging/default.nix @@ -6,6 +6,7 @@ , httpx , pytestCheckHook , pythonOlder +, quart , requests , sanic , uvicorn @@ -31,7 +32,7 @@ buildPythonPackage rec { flask httpx pytestCheckHook - # quart + quart requests sanic uvicorn diff --git a/pkgs/development/python-modules/numpy/default.nix b/pkgs/development/python-modules/numpy/default.nix index ff50cf872f9cb..039e571695f8b 100644 --- a/pkgs/development/python-modules/numpy/default.nix +++ b/pkgs/development/python-modules/numpy/default.nix @@ -114,7 +114,7 @@ in buildPythonPackage rec { # we default openblas to build with 64 threads # if a machine has more than 64 threads, it will segfault - # see https://github.com/xianyi/OpenBLAS/issues/2993 + # see https://github.com/OpenMathLib/OpenBLAS/issues/2993 preConfigure = '' sed -i 's/-faltivec//' numpy/distutils/system_info.py export OMP_NUM_THREADS=$((NIX_BUILD_CORES > 64 ? 64 : NIX_BUILD_CORES)) diff --git a/pkgs/development/python-modules/pdm-backend/default.nix b/pkgs/development/python-modules/pdm-backend/default.nix index 3d32a02768b41..0e1cc04f920b3 100644 --- a/pkgs/development/python-modules/pdm-backend/default.nix +++ b/pkgs/development/python-modules/pdm-backend/default.nix @@ -15,14 +15,14 @@ buildPythonPackage rec { pname = "pdm-backend"; - version = "2.1.7"; + version = "2.1.8"; format = "pyproject"; src = fetchFromGitHub { owner = "pdm-project"; repo = "pdm-backend"; rev = "refs/tags/${version}"; - hash = "sha256-1YM/vba+8+2wKcWzPKzkpaWVmHqbFsYdhQSY/VBBAfo="; + hash = "sha256-d8i+FvxNFPM18W7NmOwh9bqZnMUenF7eCPdcCw4BT7s="; }; env.PDM_BUILD_SCM_VERSION = version; diff --git a/pkgs/development/python-modules/pillow/default.nix b/pkgs/development/python-modules/pillow/default.nix index 7cf0bb9420fee..f101d6b361ec1 100644 --- a/pkgs/development/python-modules/pillow/default.nix +++ b/pkgs/development/python-modules/pillow/default.nix @@ -12,15 +12,15 @@ import ./generic.nix (rec { pname = "pillow"; - version = "10.1.0"; + version = "10.2.0"; format = "pyproject"; disabled = pythonOlder "3.8"; src = fetchPypi { - pname = "Pillow"; + pname = "pillow"; inherit version; - hash = "sha256-5r+N5sNu2WyG6jtuHVJzxT9G71GKBiRkzX713Sz5Ljg="; + hash = "sha256-6H8LLHgVfhLXaGsn1jwHD9ZdmU6N2ubzKODc9KDNAH4="; }; passthru.tests = { diff --git a/pkgs/development/python-modules/pluggy/default.nix b/pkgs/development/python-modules/pluggy/default.nix index 6b1c8e67f1eb5..a768e8ce942f9 100644 --- a/pkgs/development/python-modules/pluggy/default.nix +++ b/pkgs/development/python-modules/pluggy/default.nix @@ -9,17 +9,17 @@ buildPythonPackage rec { pname = "pluggy"; - version = "1.3.0"; + version = "1.4.0"; disabled = pythonOlder "3.8"; - format = "pyproject"; + pyproject = true; src = fetchFromGitHub { owner = "pytest-dev"; repo = "pluggy"; rev = "refs/tags/${version}"; - hash = "sha256-jLasnqmATIOoheGu90Wo1+iTCwslYzNOKckqHIZDJec="; + hash = "sha256-1XHJwODmpYQkYZvnZck6RrtT4lOeCf8cr1QFx9DCbzw="; }; nativeBuildInputs = [ setuptools-scm ]; diff --git a/pkgs/development/python-modules/psutil/default.nix b/pkgs/development/python-modules/psutil/default.nix index a08ff4c7a697f..a27bb429c7c1c 100644 --- a/pkgs/development/python-modules/psutil/default.nix +++ b/pkgs/development/python-modules/psutil/default.nix @@ -11,7 +11,7 @@ buildPythonPackage rec { pname = "psutil"; - version = "5.9.6"; + version = "5.9.8"; format = "setuptools"; inherit stdenv; @@ -20,9 +20,17 @@ buildPythonPackage rec { src = fetchPypi { inherit pname version; - hash = "sha256-5Lkt3NfdTN0/kAGA6h4QSTLHvOI0+4iXbio7KWRBIlo="; + hash = "sha256-a+Em4yJUht/yhqj7mgYkalJT9MfFO0depfWsk05kGUw="; }; + postPatch = '' + # stick to the old SDK name for now + # https://developer.apple.com/documentation/iokit/kiomasterportdefault/ + # https://developer.apple.com/documentation/iokit/kiomainportdefault/ + substituteInPlace psutil/arch/osx/cpu.c \ + --replace-fail kIOMainPortDefault kIOMasterPortDefault + ''; + buildInputs = # workaround for https://github.com/NixOS/nixpkgs/issues/146760 lib.optionals (stdenv.isDarwin && stdenv.isx86_64) [ diff --git a/pkgs/development/python-modules/pydantic-settings/default.nix b/pkgs/development/python-modules/pydantic-settings/default.nix index 3034b2f927119..000f0dd52a170 100644 --- a/pkgs/development/python-modules/pydantic-settings/default.nix +++ b/pkgs/development/python-modules/pydantic-settings/default.nix @@ -10,7 +10,7 @@ , pytest-mock }: -buildPythonPackage rec { +let self = buildPythonPackage rec { pname = "pydantic-settings"; version = "2.1.0"; pyproject = true; @@ -50,6 +50,15 @@ buildPythonPackage rec { export HOME=$TMPDIR ''; + # ruff is a dependency of pytest-examples which is required to run the tests. + # We do not want all of the downstream packages that depend on pydantic-settings to also depend on ruff. + doCheck = false; + passthru.tests = { + pytest = self.overridePythonAttrs { + doCheck = true; + }; + }; + meta = with lib; { description = "Settings management using pydantic"; homepage = "https://github.com/pydantic/pydantic-settings"; @@ -57,4 +66,4 @@ buildPythonPackage rec { broken = lib.versionOlder pydantic.version "2.0.0"; maintainers = with maintainers; [ ]; }; -} +}; in self diff --git a/pkgs/development/python-modules/pytest/default.nix b/pkgs/development/python-modules/pytest/default.nix index 67fb6989df01a..88398d5ab438a 100644 --- a/pkgs/development/python-modules/pytest/default.nix +++ b/pkgs/development/python-modules/pytest/default.nix @@ -29,12 +29,12 @@ buildPythonPackage rec { pname = "pytest"; - version = "7.4.3"; + version = "7.4.4"; pyproject = true; src = fetchPypi { inherit pname version; - hash = "sha256-2YnRNpgt5OOynavMg4rVgcZOjtUsEfvobd69naCBjNU="; + hash = "sha256-LPAAWSLGrOSj4uyLQIDrDZdT/ckxB0FTMvUM6eeZQoA="; }; outputs = [ diff --git a/pkgs/development/python-modules/python-memcached/default.nix b/pkgs/development/python-modules/python-memcached/default.nix index e82b6b51643aa..4ca7cbbadd256 100644 --- a/pkgs/development/python-modules/python-memcached/default.nix +++ b/pkgs/development/python-modules/python-memcached/default.nix @@ -2,20 +2,21 @@ , buildPythonPackage , fetchFromGitHub , setuptools +, memcached , mock , pytestCheckHook }: buildPythonPackage rec { pname = "python-memcached"; - version = "1.61"; + version = "1.62"; pyproject = true; src = fetchFromGitHub { owner = "linsomniac"; repo = "python-memcached"; rev = version; - hash = "sha256-7bUCVAmOJ6znVmTZg9AJokOuym07NHL12gZgQ2uhfNo="; + hash = "sha256-Qko4Qr9WofeklU0uRRrSPrT8YaBYMCy0GP+TF7YZHLI="; }; nativeBuildInputs = [ @@ -23,12 +24,20 @@ buildPythonPackage rec { ]; nativeCheckInputs = [ + memcached mock pytestCheckHook ]; - # all tests fail - doCheck = false; + preCheck = '' + memcached & + ''; + + postCheck = '' + kill %% + ''; + + __darwinAllowLocalNetworking = true; pythonImportsCheck = [ "memcache" ]; diff --git a/pkgs/development/python-modules/quart/default.nix b/pkgs/development/python-modules/quart/default.nix index 6cf51d6920ffa..1effbadf3b67c 100644 --- a/pkgs/development/python-modules/quart/default.nix +++ b/pkgs/development/python-modules/quart/default.nix @@ -1,6 +1,7 @@ { lib , buildPythonPackage , fetchFromGitHub +, pythonOlder # build-system , poetry-core @@ -9,6 +10,7 @@ , aiofiles , blinker , click +, flask , hypercorn , importlib-metadata , itsdangerous @@ -29,14 +31,14 @@ buildPythonPackage rec { pname = "quart"; - version = "0.18.4"; + version = "0.19.4"; format = "pyproject"; src = fetchFromGitHub { owner = "pallets"; repo = "quart"; rev = "refs/tags/${version}"; - hash = "sha256-iT/pePUtH1hwNIOG8Y/YbqCVseNXVOKC0nrXfB2RTlQ="; + hash = "sha256-EgCZ0AXK2vGxo55BWAcDVv6zNUrWNbAYNnEXEBJk+84="; }; nativeBuildInputs = [ @@ -52,15 +54,17 @@ buildPythonPackage rec { aiofiles blinker click + flask hypercorn - importlib-metadata itsdangerous jinja2 markupsafe pydata-sphinx-theme python-dotenv - typing-extensions werkzeug + ] ++ lib.optionals (pythonOlder "3.10") [ + importlib-metadata + typing-extensions ]; pythonImportsCheck = [ @@ -75,11 +79,6 @@ buildPythonPackage rec { pytestCheckHook ]; - disabledTestPaths = [ - # remove after 0.18.4 - "tests/test_signals.py" - ]; - meta = with lib; { description = "An async Python micro framework for building web applications"; homepage = "https://github.com/pallets/quart/"; diff --git a/pkgs/development/python-modules/scipy/default.nix b/pkgs/development/python-modules/scipy/default.nix index ec6e966d79bf4..b2a58d71c0b1d 100644 --- a/pkgs/development/python-modules/scipy/default.nix +++ b/pkgs/development/python-modules/scipy/default.nix @@ -76,6 +76,11 @@ in buildPythonPackage { "doc/source/dev/contributor/meson_advanced.rst" ]; }) + (fetchpatch { + name = "openblas-0.3.26-compat.patch"; + url = "https://github.com/scipy/scipy/commit/8c96a1f742335bca283aae418763aaba62c03378.patch"; + hash = "sha256-SGoYDxwSAkr6D5/XEqHLerF4e4nmmI+PX+z+3taWAps="; + }) ]; # Upstream complicated numpy version pinning is causing issues in the diff --git a/pkgs/development/python-modules/sentry-sdk/default.nix b/pkgs/development/python-modules/sentry-sdk/default.nix index 11d1df937702a..e89d8ca0e32f2 100644 --- a/pkgs/development/python-modules/sentry-sdk/default.nix +++ b/pkgs/development/python-modules/sentry-sdk/default.nix @@ -27,6 +27,7 @@ , pytest-watch , pytestCheckHook , pythonOlder +, quart , rq , sanic , setuptools @@ -96,7 +97,7 @@ buildPythonPackage rec { pure-eval ]; quart = [ - # quart missing + quart blinker ]; rq = [ diff --git a/pkgs/development/python-modules/setuptools/default.nix b/pkgs/development/python-modules/setuptools/default.nix index 231580cf9675e..7cacc0ca5a4d5 100644 --- a/pkgs/development/python-modules/setuptools/default.nix +++ b/pkgs/development/python-modules/setuptools/default.nix @@ -8,14 +8,14 @@ buildPythonPackage rec { pname = "setuptools"; - version = "69.0.2"; + version = "69.0.3"; format = "pyproject"; src = fetchFromGitHub { owner = "pypa"; repo = "setuptools"; rev = "refs/tags/v${version}"; - hash = "sha256-7xOZC85glpXPKdPTYOpwjQHRpkKL1hgbMFgJF3q5EW0="; + hash = "sha256-38csULki+SBcg7StScj0/09A+JZesm8iwOBjSgXyXMA="; }; patches = [ diff --git a/pkgs/development/python-modules/sip/default.nix b/pkgs/development/python-modules/sip/default.nix index c36e3acc30ea3..32c28211cd065 100644 --- a/pkgs/development/python-modules/sip/default.nix +++ b/pkgs/development/python-modules/sip/default.nix @@ -9,7 +9,11 @@ , ply , toml , tomli + +# tests , poppler-qt5 +, qgis +, qgis-ltr }: buildPythonPackage rec { @@ -38,7 +42,8 @@ buildPythonPackage rec { pythonImportsCheck = [ "sipbuild" ]; passthru.tests = { - inherit poppler-qt5; + # test depending packages + inherit poppler-qt5 qgis qgis-ltr; }; meta = with lib; { diff --git a/pkgs/development/python-modules/sqlalchemy-utils/default.nix b/pkgs/development/python-modules/sqlalchemy-utils/default.nix index 84b42ad27f2f2..9fd3c75adcc6a 100644 --- a/pkgs/development/python-modules/sqlalchemy-utils/default.nix +++ b/pkgs/development/python-modules/sqlalchemy-utils/default.nix @@ -1,6 +1,7 @@ { lib , buildPythonPackage , fetchPypi +, fetchpatch , pythonOlder # runtime @@ -48,6 +49,12 @@ buildPythonPackage rec { patches = [ ./skip-database-tests.patch + + (fetchpatch { + # sqlalchemy 2.0.22+ compat; https://github.com/kvesteri/sqlalchemy-utils/pull/725 + url = "https://github.com/kvesteri/sqlalchemy-utils/commit/712aabaefc5c8ca3680751c705cf5a5984c74af1.patch"; + hash = "sha256-xBdiUtFWjlUhBzHgGFbaKBt3at6NDo+mv9sd8WwiPOA="; + }) ]; propagatedBuildInputs = [ diff --git a/pkgs/development/python-modules/sqlalchemy/default.nix b/pkgs/development/python-modules/sqlalchemy/default.nix index 9ea29db26c8dc..edee5d1d44142 100644 --- a/pkgs/development/python-modules/sqlalchemy/default.nix +++ b/pkgs/development/python-modules/sqlalchemy/default.nix @@ -40,7 +40,7 @@ buildPythonPackage rec { pname = "SQLAlchemy"; - version = "2.0.21"; + version = "2.0.25"; format = "pyproject"; disabled = pythonOlder "3.7"; @@ -49,7 +49,7 @@ buildPythonPackage rec { owner = "sqlalchemy"; repo = "sqlalchemy"; rev = "refs/tags/rel_${lib.replaceStrings [ "." ] [ "_" ] version}"; - hash = "sha256-ldBn+pdZfqnBKdYkOcG47ScH/hBgeJBeIvn1hCIBw/A="; + hash = "sha256-nfkYzLpWyNXDuRUJl5pzaedw5v7jHpG7kpmr6VTGUaw="; }; postPatch = '' diff --git a/pkgs/development/python-modules/starlette/default.nix b/pkgs/development/python-modules/starlette/default.nix index 137bd59c703c7..4f248044cc7f7 100644 --- a/pkgs/development/python-modules/starlette/default.nix +++ b/pkgs/development/python-modules/starlette/default.nix @@ -1,37 +1,42 @@ { lib -, stdenv , buildPythonPackage , fetchFromGitHub + +# build-system , hatchling -# runtime -, ApplicationServices +# dependencies , anyio +, typing-extensions + +# optional dependencies , itsdangerous , jinja2 , python-multipart , pyyaml , httpx -, typing-extensions # tests , pytestCheckHook , pythonOlder , trio + +# reverse dependencies +, fastapi }: buildPythonPackage rec { pname = "starlette"; - version = "0.32.0.post1"; - format = "pyproject"; + version = "0.35.1"; + pyproject = true; - disabled = pythonOlder "3.7"; + disabled = pythonOlder "3.8"; src = fetchFromGitHub { owner = "encode"; repo = pname; rev = "refs/tags/${version}"; - hash = "sha256-1twyN3fSlxwfDtyqaFFuCAVehLZ8vCV4voCT7CVSEbk="; + hash = "sha256-ynT1KowVJ1QdKLSOXYWVe5Q/PrYEWQDUbj395ebfk6Y="; }; nativeBuildInputs = [ @@ -40,38 +45,37 @@ buildPythonPackage rec { propagatedBuildInputs = [ anyio + ] ++ lib.optionals (pythonOlder "3.10") [ + typing-extensions + ]; + + passthru.optional-dependencies.full = [ itsdangerous jinja2 python-multipart pyyaml httpx - ] ++ lib.optionals (pythonOlder "3.10") [ - typing-extensions - ] ++ lib.optionals stdenv.isDarwin [ - ApplicationServices ]; nativeCheckInputs = [ pytestCheckHook trio typing-extensions - ]; + ] ++ lib.flatten (lib.attrValues passthru.optional-dependencies); pytestFlagsArray = [ "-W" "ignore::DeprecationWarning" "-W" "ignore::trio.TrioDeprecationWarning" ]; - disabledTests = [ - # asserts fail due to inclusion of br in Accept-Encoding - "test_websocket_headers" - "test_request_headers" - ]; - pythonImportsCheck = [ "starlette" ]; + passthru.tests = { + inherit fastapi; + }; + meta = with lib; { changelog = "https://github.com/encode/starlette/releases/tag/${version}"; downloadPage = "https://github.com/encode/starlette"; diff --git a/pkgs/development/python-modules/tqdm/default.nix b/pkgs/development/python-modules/tqdm/default.nix index 6cf4c9713f9e4..84489b22ce4ae 100644 --- a/pkgs/development/python-modules/tqdm/default.nix +++ b/pkgs/development/python-modules/tqdm/default.nix @@ -2,7 +2,7 @@ , stdenv , buildPythonPackage , fetchPypi -, pythonAtLeast +, pythonOlder , setuptools , setuptools-scm , wheel @@ -20,9 +20,6 @@ buildPythonPackage rec { version = "4.66.1"; format = "pyproject"; - # https://github.com/tqdm/tqdm/issues/1537 - disabled = pythonAtLeast "3.12"; - src = fetchPypi { inherit pname version; hash = "sha256-2I5lH5242FUaYlVtPP+eMDQnTKXWbpMZfPJJDi3Lacc="; @@ -34,6 +31,9 @@ buildPythonPackage rec { wheel ]; + # https://github.com/tqdm/tqdm/issues/1537 + doCheck = pythonOlder "3.12"; + nativeCheckInputs = [ pytestCheckHook pytest-asyncio diff --git a/pkgs/development/python-modules/trove-classifiers/default.nix b/pkgs/development/python-modules/trove-classifiers/default.nix index 3485c0f1fd2ce..f65c9e651bed8 100644 --- a/pkgs/development/python-modules/trove-classifiers/default.nix +++ b/pkgs/development/python-modules/trove-classifiers/default.nix @@ -10,14 +10,14 @@ let self = buildPythonPackage rec { pname = "trove-classifiers"; - version = "2023.11.29"; + version = "2024.1.8"; pyproject = true; disabled = pythonOlder "3.7"; src = fetchPypi { inherit pname version; - hash = "sha256-/49/2Cx5MhE7RufvZ0LHAJHMY2QMjGXbANkfLpQLlRQ="; + hash = "sha256-bjbK9DD/ZIXEtXpMazZKE/aomNFrlBfGw3Rn5ZwUsFo="; }; postPatch = '' diff --git a/pkgs/development/python-modules/werkzeug/default.nix b/pkgs/development/python-modules/werkzeug/default.nix index 35c5f943cb190..e59eda006e6e0 100644 --- a/pkgs/development/python-modules/werkzeug/default.nix +++ b/pkgs/development/python-modules/werkzeug/default.nix @@ -3,27 +3,39 @@ , buildPythonPackage , pythonOlder , fetchPypi + +# build-system , flit-core + +# dependencies +, markupsafe + +# optional-dependencies , watchdog + +# tests +, cryptography , ephemeral-port-reserve +, greenlet , pytest-timeout , pytest-xprocess , pytestCheckHook -, markupsafe -# for passthru.tests -, moto, sentry-sdk + +# reverse dependencies +, moto +, sentry-sdk }: buildPythonPackage rec { pname = "werkzeug"; - version = "2.3.8"; + version = "3.0.1"; format = "pyproject"; disabled = pythonOlder "3.8"; src = fetchPypi { inherit pname version; - hash = "sha256-VUslfHS763oNJUFgpPj/4YUkP1KlIDUGC3Ycpi2XfwM="; + hash = "sha256-UH6BHs6nKxikBJR63tSzOQ4duPgmtJTXZVDvRbs7Hcw="; }; nativeBuildInputs = [ @@ -36,16 +48,19 @@ buildPythonPackage rec { passthru.optional-dependencies = { watchdog = lib.optionals (!stdenv.isDarwin) [ - # watchdog requires macos-sdk 10.13[ + # watchdog requires macos-sdk 10.13 watchdog ]; }; nativeCheckInputs = [ + cryptography ephemeral-port-reserve pytest-timeout pytest-xprocess pytestCheckHook + ] ++ lib.optionals (pythonOlder "3.11") [ + greenlet ] ++ lib.flatten (builtins.attrValues passthru.optional-dependencies); disabledTests = lib.optionals stdenv.isDarwin [ @@ -68,6 +83,7 @@ buildPythonPackage rec { }; meta = with lib; { + changelog = "https://werkzeug.palletsprojects.com/en/${versions.majorMinor version}.x/changes/#version-${replaceStrings [ "." ] [ "-" ] version}"; homepage = "https://palletsprojects.com/p/werkzeug/"; description = "The comprehensive WSGI web application library"; longDescription = '' diff --git a/pkgs/development/tools/global-platform-pro/default.nix b/pkgs/development/tools/global-platform-pro/default.nix index a5b1a35531b94..dc533daf99a38 100644 --- a/pkgs/development/tools/global-platform-pro/default.nix +++ b/pkgs/development/tools/global-platform-pro/default.nix @@ -47,7 +47,7 @@ mavenJdk8.buildMavenPackage rec { cp tool/target/gp.jar "$out/share/java" makeWrapper "${jre8_headless}/bin/java" "$out/bin/gp" \ --add-flags "-jar '$out/share/java/gp.jar'" \ - --prefix LD_LIBRARY_PATH : "${pcsclite.out}/lib" + --prefix LD_LIBRARY_PATH : "${lib.getLib pcsclite}/lib" ''; meta = with lib; { diff --git a/pkgs/development/tools/misc/lsof/default.nix b/pkgs/development/tools/misc/lsof/default.nix index 2faefedd66563..9153a2dea1986 100644 --- a/pkgs/development/tools/misc/lsof/default.nix +++ b/pkgs/development/tools/misc/lsof/default.nix @@ -1,4 +1,4 @@ -{ lib, stdenv, fetchFromGitHub, buildPackages, perl, which, ncurses }: +{ lib, stdenv, fetchFromGitHub, buildPackages, perl, which, ncurses, nukeReferences }: let dialect = with lib; last (splitString "-" stdenv.hostPlatform.system); @@ -6,27 +6,29 @@ in stdenv.mkDerivation rec { pname = "lsof"; - version = "4.98.0"; + version = "4.99.3"; src = fetchFromGitHub { owner = "lsof-org"; repo = "lsof"; rev = version; - sha256 = "sha256-DQLY0a0sOCZFEJA4Y4b18OcWZw47RyqKZ0mVG0CDVTI="; + hash = "sha256-XW3l+E9D8hgI9jGJGKkIAKa8O9m0JHgZhEASqg4gYuw="; }; - patches = [ - ./no-build-info.patch - ]; - - postPatch = lib.optionalString stdenv.hostPlatform.isMusl '' + postPatch = '' + patchShebangs --build lib/dialects/*/Mksrc + # Do not re-build version.h in every 'make' to allow nuke-refs below. + # We remove phony 'FRC' target that forces rebuilds: + # 'version.h: FRC ...' is translated to 'version.h: ...'. + sed -i lib/dialects/*/Makefile -e 's/version.h:\s*FRC/version.h:/' + '' + lib.optionalString stdenv.hostPlatform.isMusl '' substituteInPlace dialects/linux/dlsof.h --replace "defined(__UCLIBC__)" 1 '' + lib.optionalString stdenv.isDarwin '' sed -i 's|lcurses|lncurses|g' Configure ''; depsBuildBuild = [ buildPackages.stdenv.cc ]; - nativeBuildInputs = [ perl which ]; + nativeBuildInputs = [ nukeReferences perl which ]; buildInputs = [ ncurses ]; # Stop build scripts from searching global include paths @@ -37,6 +39,10 @@ stdenv.mkDerivation rec { for filepath in $(find dialects/${dialect} -type f); do sed -i "s,/usr/include,$LSOF_INCLUDE,g" $filepath done + + # Wipe out development-only flags from CFLAGS embedding + make version.h + nuke-refs version.h ''; installPhase = '' diff --git a/pkgs/development/tools/misc/lsof/no-build-info.patch b/pkgs/development/tools/misc/lsof/no-build-info.patch deleted file mode 100644 index 3c518896b0452..0000000000000 --- a/pkgs/development/tools/misc/lsof/no-build-info.patch +++ /dev/null @@ -1,40 +0,0 @@ ---- a/usage.c -+++ b/usage.c -@@ -931,24 +931,6 @@ usage(err, fh, version) - (void) fprintf(stderr, " configuration info: %s\n", cp); - #endif /* defined(LSOF_CINFO) */ - -- cp = isnullstr(LSOF_HOST); -- if (!(cp1 = isnullstr(LSOF_LOGNAME))) -- cp1 = isnullstr(LSOF_USER); -- if (cp || cp1) { -- if (cp && cp1) -- cp2 = "by and on"; -- else if (cp) -- cp2 = "on"; -- else -- cp2 = "by"; -- (void) fprintf(stderr, " constructed %s: %s%s%s\n", -- cp2, -- cp1 ? cp1 : "", -- (cp && cp1) ? "@" : "", -- cp ? cp : "" -- ); -- } -- - #if defined(LSOF_BLDCMT) - if ((cp = isnullstr(LSOF_BLDCMT))) - (void) fprintf(stderr, " builder's comment: %s\n", cp); -@@ -958,12 +940,6 @@ usage(err, fh, version) - (void) fprintf(stderr, " compiler: %s\n", cp); - if ((cp = isnullstr(LSOF_CCV))) - (void) fprintf(stderr, " compiler version: %s\n", cp); -- if ((cp = isnullstr(LSOF_CCFLAGS))) -- (void) fprintf(stderr, " compiler flags: %s\n", cp); -- if ((cp = isnullstr(LSOF_LDFLAGS))) -- (void) fprintf(stderr, " loader flags: %s\n", cp); -- if ((cp = isnullstr(LSOF_SYSINFO))) -- (void) fprintf(stderr, " system info: %s\n", cp); - // display configurations that might affect output - char *features[] = { - #if defined(HASEFFNLINK) diff --git a/pkgs/development/tools/ruff/default.nix b/pkgs/development/tools/ruff/default.nix index dadfba7cc67bf..a75c7759902a3 100644 --- a/pkgs/development/tools/ruff/default.nix +++ b/pkgs/development/tools/ruff/default.nix @@ -5,22 +5,29 @@ , stdenv , darwin , rust-jemalloc-sys - # tests , ruff-lsp }: rustPlatform.buildRustPackage rec { pname = "ruff"; - version = "0.1.13"; + version = "0.1.15"; src = fetchFromGitHub { owner = "astral-sh"; repo = "ruff"; rev = "refs/tags/v${version}"; - hash = "sha256-cH/Vw04QQ3U7E1ZCwozjhPcn0KVljP976/p3okrBpEU="; + hash = "sha256-DzdzMO9PEwf4HmpG8SxRJTmdrmkXuQ8RsIchvsKstH8="; }; - cargoHash = "sha256-tmoFnghHQEsyv0vO9fnWyTsxiIhmovhi/zHXOCi5u10="; + # The following specific substitution is not working as the current directory is `/build/source` and thus has no mention of `ruff` in it. + # https://github.com/astral-sh/ruff/blob/866bea60a5de3c59d2537b0f3a634ae0ac9afd94/crates/ruff/tests/show_settings.rs#L12 + # -> Just patch it so that it expects the actual current directory and not `"[BASEPATH]"`. + postPatch = '' + substituteInPlace crates/ruff/tests/snapshots/show_settings__display_default_settings.snap \ + --replace '"[BASEPATH]"' '"'$PWD'"' + ''; + + cargoHash = "sha256-MpiWdNUs66OGYfOJo1kJQTCqjrk/DAYecaLf6GUUKew="; nativeBuildInputs = [ installShellFiles @@ -32,9 +39,6 @@ rustPlatform.buildRustPackage rec { darwin.apple_sdk.frameworks.CoreServices ]; - cargoBuildFlags = [ "--package=ruff_cli" ]; - cargoTestFlags = cargoBuildFlags; - # tests expect no colors preCheck = '' export NO_COLOR=1 diff --git a/pkgs/development/tools/rust/bindgen/unwrapped.nix b/pkgs/development/tools/rust/bindgen/unwrapped.nix index c2ea437148c65..859d826180635 100644 --- a/pkgs/development/tools/rust/bindgen/unwrapped.nix +++ b/pkgs/development/tools/rust/bindgen/unwrapped.nix @@ -7,15 +7,15 @@ let rustfmt-nightly = rustfmt.override { asNightly = true; }; in rustPlatform.buildRustPackage rec { pname = "rust-bindgen-unwrapped"; - version = "0.69.1"; + version = "0.69.2"; src = fetchCrate { pname = "bindgen-cli"; inherit version; - sha256 = "sha256-zqyIc07RLti2xb23bWzL7zFjreEZuUstnYSp+jUX8Lw="; + sha256 = "sha256-ytbaXCVNXXBtJet5CBkCNUoISxdFXt/kgb4VVZisUXE="; }; - cargoHash = "sha256-o1B8jq7Ze97pBLE9gvNsmCaD/tsW4f6DL0upzQkxbA4="; + cargoHash = "sha256-pnoCq25CrZIAQNkDsokIVVyUYLlg7WY6th17IgeW9x8="; buildInputs = [ clang.cc.lib ]; diff --git a/pkgs/os-specific/darwin/apple-sdk-11.0/default.nix b/pkgs/os-specific/darwin/apple-sdk-11.0/default.nix index a02445adb33b8..0e908d0179db1 100644 --- a/pkgs/os-specific/darwin/apple-sdk-11.0/default.nix +++ b/pkgs/os-specific/darwin/apple-sdk-11.0/default.nix @@ -61,12 +61,15 @@ let mkStdenv = stdenv: if stdenv.isAarch64 then stdenv else + let + darwinMinVersion = "10.12"; + darwinSdkVersion = "11.0"; + in (overrideCC stdenv (mkCc stdenv.cc)).override { extraBuildInputs = [ pkgs.darwin.apple_sdk_11_0.frameworks.CoreFoundation ]; - targetPlatform = stdenv.targetPlatform // { - darwinMinVersion = "10.12"; - darwinSdkVersion = "11.0"; - }; + buildPlatform = stdenv.buildPlatform // { inherit darwinMinVersion darwinSdkVersion; }; + hostPlatform = stdenv.hostPlatform // { inherit darwinMinVersion darwinSdkVersion; }; + targetPlatform = stdenv.targetPlatform // { inherit darwinMinVersion darwinSdkVersion; }; }; stdenvs = { diff --git a/pkgs/os-specific/linux/cryptsetup/default.nix b/pkgs/os-specific/linux/cryptsetup/default.nix index fbff9a3363de6..33edbc0a4f732 100644 --- a/pkgs/os-specific/linux/cryptsetup/default.nix +++ b/pkgs/os-specific/linux/cryptsetup/default.nix @@ -14,14 +14,14 @@ stdenv.mkDerivation rec { pname = "cryptsetup"; - version = "2.6.1"; + version = "2.7.0"; outputs = [ "bin" "out" "dev" "man" ]; separateDebugInfo = true; src = fetchurl { url = "mirror://kernel/linux/utils/cryptsetup/v${lib.versions.majorMinor version}/${pname}-${version}.tar.xz"; - hash = "sha256-QQ3tZaEHKrnI5Brd7Te5cpwIf+9NLbArtO9SmtbaRpM="; + hash = "sha256-lAA6AM1agZRPRejcUp4M/Spv9im9LNIc9eV05GXa95U="; }; patches = [ diff --git a/pkgs/os-specific/linux/ffado/default.nix b/pkgs/os-specific/linux/ffado/default.nix index 3d44ad813a69d..d1e78a312e05a 100644 --- a/pkgs/os-specific/linux/ffado/default.nix +++ b/pkgs/os-specific/linux/ffado/default.nix @@ -24,13 +24,15 @@ let in mkDerivation rec { pname = "ffado"; - version = "2.4.7"; + version = "2.4.8"; src = fetchurl { url = "http://www.ffado.org/files/libffado-${version}.tgz"; - sha256 = "0vsn3y52g6f77lqh9qfkd7dslmb7bbgy46cv5idynx4frqscc23s"; + hash = "sha256-f0x561ehKw6uMSri0RZip+v1JHZuhixtywl0PVU/N44="; }; + sourceRoot = "libffado-${version}/libffado"; + prePatch = '' substituteInPlace ./support/tools/ffado-diag.in \ --replace /lib/modules/ "/run/booted-system/kernel-modules/lib/modules/" diff --git a/pkgs/os-specific/linux/iproute/default.nix b/pkgs/os-specific/linux/iproute/default.nix index 1fae93c532510..03eb1959c9b27 100644 --- a/pkgs/os-specific/linux/iproute/default.nix +++ b/pkgs/os-specific/linux/iproute/default.nix @@ -6,11 +6,11 @@ stdenv.mkDerivation rec { pname = "iproute2"; - version = "6.6.0"; + version = "6.7.0"; src = fetchurl { url = "mirror://kernel/linux/utils/net/${pname}/${pname}-${version}.tar.xz"; - hash = "sha256-hzjIBK/Qnwv3VpN/DD3iMReDKpjYy79QOGz1AFzWE84="; + hash = "sha256-/5Qt2YKNfR+Gf2H+cs5DMHjDHl2OSnjiDwLLWJLohB0="; }; postPatch = '' diff --git a/pkgs/os-specific/linux/iputils/default.nix b/pkgs/os-specific/linux/iputils/default.nix index 56ac85fa0b7a5..75d706b63f952 100644 --- a/pkgs/os-specific/linux/iputils/default.nix +++ b/pkgs/os-specific/linux/iputils/default.nix @@ -15,13 +15,13 @@ stdenv.mkDerivation rec { pname = "iputils"; - version = "20231222"; + version = "20240117"; src = fetchFromGitHub { owner = pname; repo = pname; rev = version; - hash = "sha256-/blxT6k79fgbxX8qCQuJMf7zDPwMjJUt7FCscaMXx6U="; + hash = "sha256-sERY8ZKuXiY85cXdNWOm4byiNU7mOVIeA55dgQJHdoE="; }; outputs = [ "out" "apparmor" ]; diff --git a/pkgs/os-specific/linux/kbd/default.nix b/pkgs/os-specific/linux/kbd/default.nix index 9d97f73780d5b..badb02aaec5a8 100644 --- a/pkgs/os-specific/linux/kbd/default.nix +++ b/pkgs/os-specific/linux/kbd/default.nix @@ -17,11 +17,11 @@ stdenv.mkDerivation rec { pname = "kbd"; - version = "2.6.3"; + version = "2.6.4"; src = fetchurl { url = "mirror://kernel/linux/utils/kbd/${pname}-${version}.tar.xz"; - sha256 = "sha256-BJlsCNfRxGCWb7JEo9OIM1LCZ0t61SIAPZ9Oy4q0jes="; + sha256 = "sha256-UZ+NCHrsyn4KM80IS++SwGbrGXMWZmU9zHDJ1xqkCSY="; }; # vlock is moved into its own output, since it depends on pam. This diff --git a/pkgs/os-specific/linux/kernel-headers/default.nix b/pkgs/os-specific/linux/kernel-headers/default.nix index 6524680027759..fc2f8ddbd1434 100644 --- a/pkgs/os-specific/linux/kernel-headers/default.nix +++ b/pkgs/os-specific/linux/kernel-headers/default.nix @@ -111,12 +111,12 @@ let in { inherit makeLinuxHeaders; - linuxHeaders = let version = "6.6"; in + linuxHeaders = let version = "6.7"; in makeLinuxHeaders { inherit version; src = fetchurl { url = "mirror://kernel/linux/kernel/v${lib.versions.major version}.x/linux-${version}.tar.xz"; - hash = "sha256-2SagbGPdisffP4buH/ws4qO4Gi0WhITna1s4mrqOVtA="; + hash = "sha256-7zEUSiV20IDYwxaY6D7J9mv5fGd/oqrw1bu58zRbEGk="; }; patches = [ ./no-relocs.patch # for building x86 kernel headers on non-ELF platforms diff --git a/pkgs/os-specific/linux/libsepol/default.nix b/pkgs/os-specific/linux/libsepol/default.nix index 5d1c1cfc89c04..548d5222c7a29 100644 --- a/pkgs/os-specific/linux/libsepol/default.nix +++ b/pkgs/os-specific/linux/libsepol/default.nix @@ -2,14 +2,14 @@ stdenv.mkDerivation rec { pname = "libsepol"; - version = "3.5"; + version = "3.6"; se_url = "https://github.com/SELinuxProject/selinux/releases/download"; outputs = [ "bin" "out" "dev" "man" ]; src = fetchurl { url = "${se_url}/${version}/libsepol-${version}.tar.gz"; - sha256 = "sha256-eP2vaZJNt4C6x4VG5D2cRAdLrXmMLEFdC5u5bQZe6KI="; + sha256 = "sha256-ydxYXqlJA9eE1ZfIYc1dzmRZFo+V4isxoOqxzdgAl1o="; }; postPatch = lib.optionalString stdenv.hostPlatform.isStatic '' diff --git a/pkgs/os-specific/linux/pam/default.nix b/pkgs/os-specific/linux/pam/default.nix index 8660313a71897..c956dfad4c64f 100644 --- a/pkgs/os-specific/linux/pam/default.nix +++ b/pkgs/os-specific/linux/pam/default.nix @@ -1,5 +1,4 @@ -{ lib, stdenv, buildPackages, fetchurl -, fetchpatch +{ lib, stdenv, buildPackages, fetchurl, fetchpatch , flex, cracklib, db4, gettext, audit, libxcrypt , nixosTests , autoreconfHook269, pkg-config-unwrapped @@ -7,30 +6,23 @@ stdenv.mkDerivation rec { pname = "linux-pam"; - version = "1.5.3"; + version = "1.6.0"; src = fetchurl { url = "https://github.com/linux-pam/linux-pam/releases/download/v${version}/Linux-PAM-${version}.tar.xz"; - hash = "sha256-esS1D+7gBKn6iPHf0tL6c4qCiWdjBQzXc7PFSwqBgoM="; + hash = "sha256-//SjTlu+534ujxmS8nYx4jKby/igVj3etcM4m04xaa0="; }; patches = [ ./suid-wrapper-path.patch - # Pull support for localization on non-default --prefix: - # https://github.com/NixOS/nixpkgs/issues/249010 - # https://github.com/linux-pam/linux-pam/pull/604 + + # Backport fix for missing include breaking musl builds. (fetchpatch { - name = "bind-locales.patch"; - url = "https://github.com/linux-pam/linux-pam/commit/77bd338125cde583ecdfb9fd69619bcd2baf15c2.patch"; - hash = "sha256-tlc9RcLZpEH315NFD4sdN9yOco8qhC6+bszl4OHm+AI="; - }) - ] - ++ lib.optional stdenv.hostPlatform.isMusl (fetchpatch { - name = "missing-termio.patch"; - url = "https://github.com/linux-pam/linux-pam/commit/5374f677e4cae669eb9accf2449178b602e8a40a.patch"; - hash = "sha256-b6n8f16ETSNj5h+5/Yhn32XMfVO8xEnZRRhw+nuLP/8="; + name = "pam_namespace-stdint.h.patch"; + url = "https://github.com/linux-pam/linux-pam/commit/cc9d40b7cdbd3e15ccaa324a0dda1680ef9dea13.patch"; + hash = "sha256-tCnH2yPO4dBbJOZA0fP2gm1EavHRMEJyfzB5Vy7YjAA="; }) - ; + ]; # Case-insensitivity workaround for https://github.com/linux-pam/linux-pam/issues/569 postPatch = if stdenv.buildPlatform.isDarwin && stdenv.buildPlatform != stdenv.hostPlatform then '' @@ -41,8 +33,7 @@ stdenv.mkDerivation rec { outputs = [ "out" "doc" "man" /* "modules" */ ]; depsBuildBuild = [ buildPackages.stdenv.cc ]; - # autoreconfHook269 is needed for `suid-wrapper-path.patch` and - # `bind-locales.patch` above. + # autoreconfHook269 is needed for `suid-wrapper-path.patch` above. # pkg-config-unwrapped is needed for `AC_CHECK_LIB` and `AC_SEARCH_LIBS` nativeBuildInputs = [ flex autoreconfHook269 pkg-config-unwrapped ] ++ lib.optional stdenv.buildPlatform.isDarwin gettext; diff --git a/pkgs/os-specific/linux/shadow/default.nix b/pkgs/os-specific/linux/shadow/default.nix index d6319fd0dcf31..2f4e49062aef4 100644 --- a/pkgs/os-specific/linux/shadow/default.nix +++ b/pkgs/os-specific/linux/shadow/default.nix @@ -17,13 +17,13 @@ in stdenv.mkDerivation rec { pname = "shadow"; - version = "4.14.2"; + version = "4.14.3"; src = fetchFromGitHub { owner = "shadow-maint"; repo = pname; rev = version; - hash = "sha256-8sFXxP4MPFzKfBHzlKlsibj0lVQKJbC/Z7pWCy3WEuc="; + hash = "sha256-Y5wyvmTh66Bjb1/UPdDF78lgvH7HFTCFowhQQ+Fo9ak="; }; outputs = [ "out" "su" "dev" "man" ]; diff --git a/pkgs/os-specific/linux/systemd/default.nix b/pkgs/os-specific/linux/systemd/default.nix index c084112a5bdc6..064c465bd6e3b 100644 --- a/pkgs/os-specific/linux/systemd/default.nix +++ b/pkgs/os-specific/linux/systemd/default.nix @@ -68,16 +68,17 @@ , libpwquality , qrencode - # the (optional) BPF feature requires bpftool, libbpf, clang and llvm-strip to be available during build time. + # the (optional) BPF feature requires bpftool, libbpf, clang and llvm-strip to + # be available during build time. # Only libbpf should be a runtime dependency. # Note: llvmPackages is explicitly taken from buildPackages instead of relying # on splicing. Splicing will evaluate the adjacent (pkgsHostTarget) llvmPackages # which is sometimes problematic: llvmPackages.clang looks at targetPackages.stdenv.cc - # which, in the unfortunate case of pkgsCross.ghcjs, `throw`s. If we explicitly - # take buildPackages.llvmPackages, this is no problem because - # `buildPackages.targetPackages.stdenv.cc == stdenv.cc` relative to us. Working - # around this is important, because systemd is in the dependency closure of - # GHC via emscripten and jdk. + # which, in the unfortunate case of pkgsCross.ghcjs, `throw`s. If we + # explicitly take buildPackages.llvmPackages, this is no problem because + # `buildPackages.targetPackages.stdenv.cc == stdenv.cc` relative to + # us. Working around this is important, because systemd is in the dependency + # closure of GHC via emscripten and jdk. , bpftools , libbpf @@ -93,14 +94,16 @@ && !stdenv.hostPlatform.isMusl # "Unknown 64-bit data model" && !stdenv.hostPlatform.isRiscV32 -, withCompression ? true # adds bzip2, lz4, xz and zstd + # adds bzip2, lz4, xz and zstd +, withCompression ? true , withCoredump ? true , withCryptsetup ? true , withRepart ? true , withDocumentation ? true , withEfi ? stdenv.hostPlatform.isEfi , withFido2 ? true -, withFirstboot ? false # conflicts with the NixOS /etc management + # conflicts with the NixOS /etc management +, withFirstboot ? false , withHomed ? !stdenv.hostPlatform.isMusl , withHostnamed ? true , withHwdb ? true @@ -108,8 +111,10 @@ , withIptables ? true , withKmod ? true , withLibBPF ? lib.versionAtLeast buildPackages.llvmPackages.clang.version "10.0" - && (stdenv.hostPlatform.isAarch -> lib.versionAtLeast stdenv.hostPlatform.parsed.cpu.version "6") # assumes hard floats - && !stdenv.hostPlatform.isMips64 # see https://github.com/NixOS/nixpkgs/pull/194149#issuecomment-1266642211 + # assumes hard floats + && (stdenv.hostPlatform.isAarch -> lib.versionAtLeast stdenv.hostPlatform.parsed.cpu.version "6") + # see https://github.com/NixOS/nixpkgs/pull/194149#issuecomment-1266642211 + && !stdenv.hostPlatform.isMips64 # can't find gnu/stubs-32.h && (stdenv.hostPlatform.isPower64 -> stdenv.hostPlatform.isBigEndian) # https://reviews.llvm.org/D43106#1019077 @@ -139,7 +144,8 @@ , withTimedated ? true , withTimesyncd ? true , withTpm2Tss ? true -, withUkify ? false # adds python to closure which is too much by default + # adds python to closure which is too much by default +, withUkify ? false , withUserDb ? true , withUtmp ? !stdenv.hostPlatform.isMusl , withVmspawn ? true @@ -148,7 +154,7 @@ # build only libudev and libsystemd , buildLibsOnly ? false - # name argument + # yes, pname is an argument here , pname ? "systemd" , libxslt @@ -171,7 +177,8 @@ let wantGcrypt = withResolved || withImportd; version = "255.2"; - # Bump this variable on every (major) version change. See below (in the meson options list) for why. + # Use the command below to update `releaseTimestamp` on every (major) version + # change. More details in the commentary at mesonFlags. # command: # $ curl -s https://api.github.com/repos/systemd/systemd/releases/latest | \ # jq '.created_at|strptime("%Y-%m-%dT%H:%M:%SZ")|mktime' @@ -189,11 +196,14 @@ stdenv.mkDerivation (finalAttrs: { hash = "sha256-8SfJY/pcH4yrDeJi0GfIUpetTbpMwyswvSu+RSfgqfY="; }; - # On major changes, or when otherwise required, you *must* reformat the patches, - # `git am path/to/00*.patch` them into a systemd worktree, rebase to the more recent - # systemd version, and export the patches again via - # `git -c format.signoff=false format-patch v${version} --no-numbered --zero-commit --no-signature`. - # Use `find . -name "*.patch" | sort` to get an up-to-date listing of all patches + # On major changes, or when otherwise required, you *must* : + # 1. reformat the patches, + # 2. `git am path/to/00*.patch` them into a systemd worktree, + # 3. rebase to the more recent systemd version, + # 4. and export the patches again via + # `git -c format.signoff=false format-patch v${version} --no-numbered --zero-commit --no-signature`. + # Use `find . -name "*.patch" | sort` to get an up-to-date listing of all + # patches patches = [ ./0001-Start-device-units-for-uninitialised-encrypted-devic.patch ./0002-Don-t-try-to-unmount-nix-or-nix-store.patch @@ -262,8 +272,8 @@ stdenv.mkDerivation (finalAttrs: { "$out/lib/systemd/boot/efi" '' + ( let - # The following patches references to dynamic libraries to ensure that - # all the features that are implemented via dlopen(3) are available (or + # The following patches references to dynamic libraries to ensure that all + # the features that are implemented via dlopen(3) are available (or # explicitly deactivated) by pointing dlopen to the absolute store path # instead of relying on the linkers runtime lookup code. # @@ -275,11 +285,11 @@ stdenv.mkDerivation (finalAttrs: { # found` when using e.g. --grep with journalctl. Those errors should # become less unexpected now. # - # There are generally two classes of dlopen(3) calls. Those that we want to - # support and those that should be deactivated / unsupported. This change - # enforces that we handle all dlopen calls explicitly. Meaning: There is - # not a single dlopen call in the source code tree that we did not - # explicitly handle. + # There are generally two classes of dlopen(3) calls. Those that we want + # to support and those that should be deactivated / unsupported. This + # change enforces that we handle all dlopen calls explicitly. Meaning: + # There is not a single dlopen call in the source code tree that we did + # not explicitly handle. # # In order to do this we introduced a list of attributes that maps from # shared object name to the package that contains them. The package can be @@ -288,7 +298,8 @@ stdenv.mkDerivation (finalAttrs: { # path location). # # To get a list of dynamically loaded libraries issue something like - # `grep -ri '"lib[a-zA-Z0-9-]*\.so[\.0-9a-zA-z]*"'' $src` and update the below list. + # `grep -ri '"lib[a-zA-Z0-9-]*\.so[\.0-9a-zA-z]*"'' $src` + # and update the list below. dlopenLibs = let opt = condition: pkg: if condition then pkg else null; @@ -374,7 +385,8 @@ stdenv.mkDerivation (finalAttrs: { # patch all the dlopen calls to contain absolute paths to the libraries lib.concatMapStringsSep "\n" patchDlOpen dlopenLibs ) - # finally ensure that there are no left-over dlopen calls (or rather strings pointing to shared libraries) that we didn't handle + # finally ensure that there are no left-over dlopen calls (or rather strings + # pointing to shared libraries) that we didn't handle + '' if grep -qr '"lib[a-zA-Z0-9-]*\.so[\.0-9a-zA-z]*"' src; then echo "Found unhandled dynamic library calls: " @@ -461,12 +473,13 @@ stdenv.mkDerivation (finalAttrs: { mesonFlags = [ # Options - # We bump this variable on every (major) version change to ensure - # that we have known-good value for a timestamp that is in the (not so distant) past. - # This serves as a lower bound for valid system timestamps during startup. Systemd will - # reset the system timestamp if this date is +- 15 years from the system time. + # We bump this attribute on every (major) version change to ensure that we + # have known-good value for a timestamp that is in the (not so distant) + # past. This serves as a lower bound for valid system timestamps during + # startup. Systemd will reset the system timestamp if this date is +- 15 + # years from the system time. # See the systemd v250 release notes for further details: - # https://github.com/systemd/systemd/blob/60e930fc3e6eb8a36fbc184773119eb8d2f30364/NEWS#L258-L266 + # https://github.com/systemd/systemd/blob/60e930fc3e6eb8a36fbc184773119eb8d2f30364/NEWS#L258-L266 (lib.mesonOption "time-epoch" releaseTimestamp) (lib.mesonOption "version-tag" version) @@ -616,11 +629,19 @@ stdenv.mkDerivation (finalAttrs: { ]; preConfigure = let - # A list of all the runtime binaries that the systemd executables, tests and libraries are referencing in their source code, scripts and unit files. - # As soon as a dependency isn't required anymore we should remove it from the list. The `where` attribute for each of the replacement patterns must be exhaustive. If another (unhandled) case is found in the source code the build fails with an error message. + # A list of all the runtime binaries referenced by the source code (plus + # scripts and unit files) of systemd executables, tests and libraries. + # As soon as a dependency is lo longer required we should remove it from + # the list. + # The `where` attribute for each of the replacement patterns must be + # exhaustive. If another (unhandled) case is found in the source code the + # build fails with an error message. binaryReplacements = [ - { search = "/usr/bin/getent"; replacement = "${getent}/bin/getent"; where = [ "src/nspawn/nspawn-setuid.c" ]; } - + { + search = "/usr/bin/getent"; + replacement = "${getent}/bin/getent"; + where = [ "src/nspawn/nspawn-setuid.c" ]; + } { search = "/sbin/mkswap"; replacement = "${lib.getBin util-linux}/sbin/mkswap"; @@ -628,8 +649,19 @@ stdenv.mkDerivation (finalAttrs: { "man/systemd-makefs@.service.xml" ]; } - { search = "/sbin/swapon"; replacement = "${lib.getOutput "swap" util-linux}/sbin/swapon"; where = [ "src/core/swap.c" "src/basic/unit-def.h" ]; } - { search = "/sbin/swapoff"; replacement = "${lib.getOutput "swap" util-linux}/sbin/swapoff"; where = [ "src/core/swap.c" ]; } + { + search = "/sbin/swapon"; + replacement = "${lib.getOutput "swap" util-linux}/sbin/swapon"; + where = [ + "src/core/swap.c" + "src/basic/unit-def.h" + ]; + } + { + search = "/sbin/swapoff"; + replacement = "${lib.getOutput "swap" util-linux}/sbin/swapoff"; + where = [ "src/core/swap.c" ]; + } { search = "/bin/echo"; replacement = "${coreutils}/bin/echo"; @@ -646,14 +678,15 @@ stdenv.mkDerivation (finalAttrs: { { search = "/bin/cat"; replacement = "${coreutils}/bin/cat"; - where = [ "test/test-execute/exec-noexecpaths-simple.service" "src/journal/cat.c" ]; + where = [ + "test/test-execute/exec-noexecpaths-simple.service" + "src/journal/cat.c" + ]; } { search = "/usr/lib/systemd/systemd-fsck"; replacement = "$out/lib/systemd/systemd-fsck"; - where = [ - "man/systemd-fsck@.service.xml" - ]; + where = [ "man/systemd-fsck@.service.xml" ]; } ] ++ lib.optionals withImportd [ { @@ -682,10 +715,14 @@ stdenv.mkDerivation (finalAttrs: { ]; } ] ++ lib.optionals withKmod [ - { search = "/sbin/modprobe"; replacement = "${lib.getBin kmod}/sbin/modprobe"; where = [ "units/modprobe@.service" ]; } + { + search = "/sbin/modprobe"; + replacement = "${lib.getBin kmod}/sbin/modprobe"; + where = [ "units/modprobe@.service" ]; + } ]; - # { replacement, search, where } -> List[str] + # { replacement, search, where, ignore } -> List[str] mkSubstitute = { replacement, search, where, ignore ? [ ] }: map (path: "substituteInPlace ${path} --replace '${search}' \"${replacement}\"") where; mkEnsureSubstituted = { replacement, search, where, ignore ? [ ] }: @@ -778,11 +815,11 @@ stdenv.mkDerivation (finalAttrs: { mv $out/lib/sysusers.d $out/example ''; - # Avoid *.EFI binary stripping. At least on aarch64-linux strip - # removes too much from PE32+ files: + # Avoid *.EFI binary stripping. + # At least on aarch64-linux strip removes too much from PE32+ files: # https://github.com/NixOS/nixpkgs/issues/169693 - # The hack is to move EFI file out of lib/ before doStrip - # run and return it after doStrip run. + # The hack is to move EFI file out of lib/ before doStrip run and return it + # after doStrip run. preFixup = lib.optionalString withBootloader '' mv $out/lib/systemd/boot/efi $out/dont-strip-me ''; @@ -807,15 +844,15 @@ stdenv.mkDerivation (finalAttrs: { (builtins.map (p: p.__spliced.buildHost or p) finalAttrs.nativeBuildInputs); passthru = { - # The interface version prevents NixOS from switching to an - # incompatible systemd at runtime. (Switching across reboots is - # fine, of course.) It should be increased whenever systemd changes - # in a backwards-incompatible way. If the interface version of two - # systemd builds is the same, then we can switch between them at - # runtime; otherwise we can't and we need to reboot. + # The `interfaceVersion` attribute below points out the incompatibilities + # between systemd versions. When the new systemd build is + # backwards-compatible with the previous one, then they can be switched at + # runtime (the reboot being optional in this case); otherwise, a reboot is + # needed - and therefore `interfaceVersion` should be incremented. interfaceVersion = 2; - inherit withCryptsetup withHostnamed withImportd withKmod withLocaled withMachined withPortabled withTimedated withUtmp util-linux kmod kbd; + inherit withCryptsetup withHostnamed withImportd withKmod withLocaled + withMachined withPortabled withTimedated withUtmp util-linux kmod kbd; tests = { inherit (nixosTests) @@ -823,19 +860,53 @@ stdenv.mkDerivation (finalAttrs: { systemd-journal systemd-journal-gateway systemd-journal-upload; - cross = pkgsCross.${if stdenv.buildPlatform.isAarch64 then "gnu64" else "aarch64-multiplatform"}.systemd; + cross = + let + systemString = + if stdenv.buildPlatform.isAarch64 + then "gnu64" + else "aarch64-multiplatform"; + in + pkgsCross.${systemString}.systemd; }; }; - meta = with lib; { + meta = { homepage = "https://www.freedesktop.org/wiki/Software/systemd/"; description = "A system and service manager for Linux"; - license = licenses.lgpl21Plus; - platforms = platforms.linux; + longDescription = '' + systemd is a suite of basic building blocks for a Linux system. It + provides a system and service manager that runs as PID 1 and starts the + rest of the system. systemd provides aggressive parallelization + capabilities, uses socket and D-Bus activation for starting services, + offers on-demand starting of daemons, keeps track of processes using Linux + control groups, maintains mount and automount points, and implements an + elaborate transactional dependency-based service control logic. systemd + supports SysV and LSB init scripts and works as a replacement for + sysvinit. Other parts include a logging daemon, utilities to control basic + system configuration like the hostname, date, locale, maintain a list of + logged-in users and running containers and virtual machines, system + accounts, runtime directories and settings, and daemons to manage simple + network configuration, network time synchronization, log forwarding, and + name resolution. + ''; + license = with lib.licenses; [ + # Taken from https://raw.githubusercontent.com/systemd/systemd-stable/${finalAttrs.src.rev}/LICENSES/README.md + bsd2 + bsd3 + cc0 + lgpl21Plus + lgpl2Plus + mit + mit0 + ofl + publicDomain + ]; + maintainers = with lib.maintainers; [ flokli kloenk ]; + platforms = lib.platforms.linux; + priority = 10; badPlatforms = [ lib.systems.inspect.platformPatterns.isStatic ]; # https://github.com/systemd/systemd/issues/20600#issuecomment-912338965 broken = stdenv.hostPlatform.isStatic; - priority = 10; - maintainers = with maintainers; [ flokli kloenk ]; }; }) diff --git a/pkgs/servers/x11/xorg/default.nix b/pkgs/servers/x11/xorg/default.nix index 8786e0798627c..8e18237b8e9f9 100644 --- a/pkgs/servers/x11/xorg/default.nix +++ b/pkgs/servers/x11/xorg/default.nix @@ -998,11 +998,11 @@ self: with self; { # THIS IS A GENERATED FILE. DO NOT EDIT! imake = callPackage ({ stdenv, pkg-config, fetchurl, xorgproto, testers }: stdenv.mkDerivation (finalAttrs: { pname = "imake"; - version = "1.0.9"; + version = "1.0.10"; builder = ./builder.sh; src = fetchurl { - url = "mirror://xorg/individual/util/imake-1.0.9.tar.xz"; - sha256 = "10wgw3l0rsnvc2191awyg5j24n3g552xgc671qr5vnbliwkrvpkj"; + url = "mirror://xorg/individual/util/imake-1.0.10.tar.xz"; + sha256 = "1xgcsamfij22ggc4p8anvvihwyf4adg6gjdd6v7m9cypm37cppkm"; }; hardeningDisable = [ "bindnow" "relro" ]; strictDeps = true; diff --git a/pkgs/servers/x11/xorg/tarballs.list b/pkgs/servers/x11/xorg/tarballs.list index 1234f05b97232..c6dcd9b0402f5 100644 --- a/pkgs/servers/x11/xorg/tarballs.list +++ b/pkgs/servers/x11/xorg/tarballs.list @@ -213,7 +213,7 @@ mirror://xorg/individual/proto/xcb-proto-1.16.0.tar.xz mirror://xorg/individual/proto/xorgproto-2023.2.tar.xz mirror://xorg/individual/util/bdftopcf-1.1.1.tar.xz mirror://xorg/individual/util/gccmakedep-1.0.3.tar.bz2 -mirror://xorg/individual/util/imake-1.0.9.tar.xz +mirror://xorg/individual/util/imake-1.0.10.tar.xz mirror://xorg/individual/util/lndir-1.0.4.tar.xz mirror://xorg/individual/util/makedepend-1.0.8.tar.xz mirror://xorg/individual/util/util-macros-1.20.0.tar.xz diff --git a/pkgs/shells/bash/5.nix b/pkgs/shells/bash/5.nix index 3c4fb83e3e4e5..de0426fbcdcd3 100644 --- a/pkgs/shells/bash/5.nix +++ b/pkgs/shells/bash/5.nix @@ -22,11 +22,12 @@ let }); in stdenv.mkDerivation rec { - name = "bash-${lib.optionalString interactive "interactive-"}${version}-p${toString (builtins.length upstreamPatches)}"; - version = "5.2"; + pname = "bash${lib.optionalString interactive "-interactive"}"; + version = "5.2${patch_suffix}"; + patch_suffix = "p${toString (builtins.length upstreamPatches)}"; src = fetchurl { - url = "mirror://gnu/bash/bash-${version}.tar.gz"; + url = "mirror://gnu/bash/bash-${lib.removeSuffix patch_suffix version}.tar.gz"; sha256 = "sha256-oTnBZt9/9EccXgczBRZC7lVWwcyKSnjxRVg8XIGrMvs="; }; diff --git a/pkgs/shells/bash/bash-5.2-patches.nix b/pkgs/shells/bash/bash-5.2-patches.nix index 3aa9f331d8bb1..5d5ef94676dee 100644 --- a/pkgs/shells/bash/bash-5.2-patches.nix +++ b/pkgs/shells/bash/bash-5.2-patches.nix @@ -22,4 +22,9 @@ patch: [ (patch "019" "10njgv5mrc5rhsp5lvxcbm0pnzn59a8spi2nhdasifyl1a32cp1j") (patch "020" "07f0wlmqjdfarp44w3gj9gdqbqm5x20rvlhpn34ngklmxcm2bz5n") (patch "021" "1kahfqqalcwi4m73pg3ssz6lh0kcqsqax09myac7a15d2y0vhd43") +(patch "022" "0w74aym0g1fh48864a3qxh89f26iaq7wsbg7244c6kjr94527dbq") +(patch "023" "1lywjqbc36j5pdzfcvnz1zy30j76aqmsm190p888av0hw815b45g") +(patch "024" "1hq23djqbr7s9y2324jq9mxr5bwdkmgizn3zgpchbsqp054k85cp") +(patch "025" "0x9hc4silzl4d3zw4p43i5dm7w86k50j47f87lracwfgwy3z8f2i") +(patch "026" "1b1fhm1dsi67r8ip17s0xvx2qq31fsxc1g9n3r931dd0k9a1zvln") ] diff --git a/pkgs/stdenv/darwin/default.nix b/pkgs/stdenv/darwin/default.nix index c47937d7bfadb..1433369c3252c 100644 --- a/pkgs/stdenv/darwin/default.nix +++ b/pkgs/stdenv/darwin/default.nix @@ -317,7 +317,10 @@ in ln -s ${bootstrapTools}/lib/clang $out/lib ln -s ${bootstrapTools}/include $out ''; - passthru.isFromBootstrapFiles = true; + passthru = { + isFromBootstrapFiles = true; + hardeningUnsupportedFlags = [ "fortify3" "zerocallusedregs" ]; + }; }; clang-unwrapped = selfTools.libclang; libllvm = self.stdenv.mkDerivation { diff --git a/pkgs/stdenv/generic/make-derivation.nix b/pkgs/stdenv/generic/make-derivation.nix index cb1607c5e63aa..54a03a56866b5 100644 --- a/pkgs/stdenv/generic/make-derivation.nix +++ b/pkgs/stdenv/generic/make-derivation.nix @@ -249,6 +249,7 @@ let "relro" "stackprotector" "strictoverflow" + "zerocallusedregs" ]; defaultHardeningFlags = (if stdenv.hasCC then stdenv.cc else {}).defaultHardeningFlags or diff --git a/pkgs/stdenv/linux/bootstrap-files/i686-unknown-linux-gnu.nix b/pkgs/stdenv/linux/bootstrap-files/i686-unknown-linux-gnu.nix index 112d37670c8cd..91709d7c6670a 100644 --- a/pkgs/stdenv/linux/bootstrap-files/i686-unknown-linux-gnu.nix +++ b/pkgs/stdenv/linux/bootstrap-files/i686-unknown-linux-gnu.nix @@ -1,12 +1,21 @@ +# Autogenerated by maintainers/scripts/bootstrap-files/refresh-tarballs.bash as: +# $ ./refresh-tarballs.bash --targets=i686-unknown-linux-gnu +# +# Metadata: +# - nixpkgs revision: 125cefd4cf8f857e5ff1aceaef9230ba578a033d +# - hydra build: https://hydra.nixos.org/job/nixpkgs/trunk/stdenvBootstrapTools.i686-unknown-linux-gnu.build/latest +# - resolved hydra build: https://hydra.nixos.org/build/247889988 +# - instantiated derivation: /nix/store/chcf0brhdyn7ihmb14n0w4rm2a59gqrw-stdenv-bootstrap-tools.drv +# - output directory: /nix/store/5x6dldhza7if5s6wsicaxa8fbndyixps-stdenv-bootstrap-tools +# - build time: Fri, 26 Jan 2024 22:04:03 +0000 { + bootstrapTools = import <nix/fetchurl.nix> { + url = "http://tarballs.nixos.org/stdenv/i686-unknown-linux-gnu/125cefd4cf8f857e5ff1aceaef9230ba578a033d/bootstrap-tools.tar.xz"; + hash = "sha256-KTAh3t91aJMiMO/7NFOjUz6fXI9Iu+H7cuODreWz9N8="; + }; busybox = import <nix/fetchurl.nix> { - url = "http://tarballs.nixos.org/stdenv-linux/i686/4907fc9e8d0d82b28b3c56e3a478a2882f1d700f/busybox"; - sha256 = "ef4c1be6c7ae57e4f654efd90ae2d2e204d6769364c46469fa9ff3761195cba1"; + url = "http://tarballs.nixos.org/stdenv/i686-unknown-linux-gnu/125cefd4cf8f857e5ff1aceaef9230ba578a033d/busybox"; + hash = "sha256-omz+ZT0bhMkAZcDs9evA2PNpO6VHUozdtjMgdui6fxw="; executable = true; }; - - bootstrapTools = import <nix/fetchurl.nix> { - url = "http://tarballs.nixos.org/stdenv-linux/i686/c5aabb0d603e2c1ea05f5a93b3be82437f5ebf31/bootstrap-tools.tar.xz"; - sha256 = "b9bf20315f8c5c0411679c5326084420b522046057a0850367c67d9514794f1c"; - }; } diff --git a/pkgs/stdenv/linux/bootstrap-tools-musl/default.nix b/pkgs/stdenv/linux/bootstrap-tools-musl/default.nix index 569f0c6f31e2f..ad2449cfd9ff7 100644 --- a/pkgs/stdenv/linux/bootstrap-tools-musl/default.nix +++ b/pkgs/stdenv/linux/bootstrap-tools-musl/default.nix @@ -15,5 +15,5 @@ derivation ({ langC = true; langCC = true; isGNU = true; - hardeningUnsupportedFlags = [ "fortify3" ]; + hardeningUnsupportedFlags = [ "fortify3" "zerocallusedregs" ]; } // extraAttrs) diff --git a/pkgs/stdenv/linux/bootstrap-tools/default.nix b/pkgs/stdenv/linux/bootstrap-tools/default.nix index 569f0c6f31e2f..ad2449cfd9ff7 100644 --- a/pkgs/stdenv/linux/bootstrap-tools/default.nix +++ b/pkgs/stdenv/linux/bootstrap-tools/default.nix @@ -15,5 +15,5 @@ derivation ({ langC = true; langCC = true; isGNU = true; - hardeningUnsupportedFlags = [ "fortify3" ]; + hardeningUnsupportedFlags = [ "fortify3" "zerocallusedregs" ]; } // extraAttrs) diff --git a/pkgs/tools/X11/xdg-utils/default.nix b/pkgs/tools/X11/xdg-utils/default.nix index 3be7b2fd0ee60..3db16f0671486 100644 --- a/pkgs/tools/X11/xdg-utils/default.nix +++ b/pkgs/tools/X11/xdg-utils/default.nix @@ -1,9 +1,10 @@ -{ lib, stdenv, fetchFromGitLab, fetchFromGitHub, fetchpatch -, file, libxslt, docbook_xml_dtd_412, docbook_xsl, xmlto -, w3m, gnugrep, gnused, coreutils, xset, perlPackages -, mimiSupport ? false, gawk -, bash -, glib +{ lib, stdenv, fetchFromGitLab, fetchFromGitHub, fetchpatch, writeText +# docs deps +, libxslt, docbook_xml_dtd_412, docbook_xml_dtd_43, docbook_xsl, xmlto +# runtime deps +, resholve, bash, coreutils, dbus, file, gawk, glib, gnugrep, gnused, jq, lockfileProgs, nettools, procmail, procps, xdg-user-dirs +, perl, perlPackages +, mimiSupport ? false , withXdgOpenUsePortalPatch ? true }: let @@ -15,73 +16,248 @@ let sha256 = "15gw2nyrqmdsdin8gzxihpn77grhk9l97jp7s7pr7sl4n9ya2rpj"; }; - perlPath = with perlPackages; makePerlPath [ - NetDBus XMLTwig XMLParser X11Protocol + # Required by the common desktop detection code + commonDeps = [ dbus coreutils gnugrep gnused ]; + # These are all faked because the current desktop is detected + # based on their presence, so we want them to be missing by default. + commonFakes = [ + "explorer.exe" + "gnome-default-applications-properties" + "kde-config" + "xprop" ]; + # This is still required to work around the eval trickery some scripts do + commonPrologue = "${writeText "xdg-utils-prologue" '' + export PATH=$PATH:${coreutils}/bin + ''}"; + + solutions = [ + { + scripts = [ "bin/xdg-desktop-icon" ]; + interpreter = "${bash}/bin/bash"; + inputs = commonDeps ++ [ xdg-user-dirs ]; + execer = [ + "cannot:${xdg-user-dirs}/bin/xdg-user-dir" + ]; + # These are desktop-specific, so we don't want xdg-utils to be able to + # call them when in a different setup. + fake.external = commonFakes ++ [ + "gconftool-2" # GNOME2 + ]; + keep."$KDE_SESSION_VERSION" = true; + prologue = commonPrologue; + } + + { + scripts = [ "bin/xdg-desktop-menu" ]; + interpreter = "${bash}/bin/bash"; + inputs = commonDeps ++ [ gawk ]; + fake.external = commonFakes; + keep."$KDE_SESSION_VERSION" = true; + prologue = commonPrologue; + } + + { + scripts = [ "bin/xdg-email" ]; + interpreter = "${bash}/bin/bash"; + inputs = commonDeps ++ [ gawk glib.bin "${placeholder "out"}/bin" ]; + execer = [ + "cannot:${placeholder "out"}/bin/xdg-mime" + "cannot:${placeholder "out"}/bin/xdg-open" + ]; + # These are desktop-specific, so we don't want xdg-utils to be able to + # call them when in a different setup. + fake.external = commonFakes ++ [ + "exo-open" # XFCE + "gconftool-2" # GNOME + "gio" # GNOME (new) + "gnome-open" # GNOME (very old) + "gvfs-open" # GNOME (old) + "qtxdg-mat" # LXQT + "xdg-email-hook.sh" # user-defined hook that may be available ambiently + ]; + fix."/bin/echo" = true; + keep = { + "$command" = true; + "$kreadconfig" = true; + "$THUNDERBIRD" = true; + "$utf8" = true; + }; + } + + { + scripts = [ "bin/xdg-icon-resource" ]; + interpreter = "${bash}/bin/bash"; + inputs = commonDeps; + fake.external = commonFakes; + keep."$KDE_SESSION_VERSION" = true; + prologue = commonPrologue; + } + + { + scripts = [ "bin/xdg-mime" ]; + interpreter = "${bash}/bin/bash"; + inputs = commonDeps ++ [ file gawk ]; + # These are desktop-specific, so we don't want xdg-utils to be able to + # call them when in a different setup. + fake.external = commonFakes ++ [ + "gio" # GNOME (new) + "gnomevfs-info" # GNOME (very old) + "gvfs-info" # GNOME (old) + "kde4-config" # Plasma 4 + "kfile" # KDE 3 + "kmimetypefinder" # Plasma (generic) + "kmimetypefinder5" # Plasma 5 + "ktraderclient" # KDE 3 + "ktradertest" # KDE 3 + "mimetype" # alternative tool for file, pulls in perl, avoid + "qtpaths" # Plasma + "qtxdg-mat" # LXQT + ]; + fix."/usr/bin/file" = true; + keep = { + "$KDE_SESSION_VERSION" = true; + "$KTRADER" = true; + }; + prologue = commonPrologue; + } + + { + scripts = [ "bin/xdg-open" ]; + interpreter = "${bash}/bin/bash"; + inputs = commonDeps ++ [ nettools glib.bin "${placeholder "out"}/bin" ]; + execer = [ + "cannot:${placeholder "out"}/bin/xdg-mime" + ]; + # These are desktop-specific, so we don't want xdg-utils to be able to + # call them when in a different setup. + fake.external = commonFakes ++ [ + "cygstart" # Cygwin + "dde-open" # Deepin + "enlightenment_open" # Enlightenment + "exo-open" # XFCE + "gio" # GNOME (new) + "gnome-open" # GNOME (very old) + "gvfs-open" # GNOME (old) + "kde-open" # Plasma + "kfmclient" # KDE3 + "mate-open" # MATE + "mimeopen" # alternative tool for file, pulls in perl, avoid + "open" # macOS + "pcmanfm" # LXDE + "qtxdg-mat" # LXQT + "run-mailcap" # generic + "rundll32.exe" # WSL + "wslpath" # WSL + ]; + fix."$printf" = [ "printf" ]; + keep = { + "env:$command" = true; + "$browser" = true; + "$KDE_SESSION_VERSION" = true; + }; + } + + { + scripts = [ "bin/xdg-screensaver" ]; + interpreter = "${bash}/bin/bash"; + inputs = commonDeps ++ [ lockfileProgs nettools perl procmail procps ]; + # These are desktop-specific, so we don't want xdg-utils to be able to + # call them when in a different setup. + fake.external = commonFakes ++ [ + "dcop" # KDE3 + "mate-screensaver-command" # MATE + "xautolock" # Xautolock + "xscreensaver-command" # Xscreensaver + "xset" # generic-ish X + ]; + fix."$lockfile_command" = [ "lockfile" ]; + keep = { + "$MV" = true; + "$XPROP" = true; + }; + prologue = "${writeText "xdg-screensaver-prologue" '' + export PERL5LIB=${with perlPackages; makePerlPath [ NetDBus XMLTwig XMLParser X11Protocol ]} + export PATH=$PATH:${coreutils}/bin + ''}"; + } + + { + scripts = [ "bin/xdg-settings" ]; + interpreter = "${bash}/bin/bash"; + inputs = commonDeps ++ [ jq "${placeholder "out"}/bin" ]; + execer = [ + "cannot:${placeholder "out"}/bin/xdg-mime" + ]; + # These are desktop-specific, so we don't want xdg-utils to be able to + # call them when in a different setup. + fake.external = commonFakes ++ [ + "gconftool-2" # GNOME + "kreadconfig" # Plasma (generic) + "kreadconfig5" # Plasma 5 + "kreadconfig6" # Plasma 6 + "ktradertest" # KDE3 + "kwriteconfig" # Plasma (generic) + "kwriteconfig5" # Plasma 5 + "kwriteconfig6" # Plasma 6 + "qtxdg-mat" # LXQT + ]; + keep = { + "$KDE_SESSION_VERSION" = true; + # get_browser_$handler + "$handler" = true; + }; + } + ]; in stdenv.mkDerivation rec { pname = "xdg-utils"; - version = "unstable-2022-11-06"; + version = "1.2.0"; src = fetchFromGitLab { domain = "gitlab.freedesktop.org"; owner = "xdg"; repo = "xdg-utils"; - rev = "8ae02631a9806da11b34cd6b274af02d28aee5da"; - sha256 = "sha256-WdnnAiPYbREny633FnBi5tD9hDuF8NCVVbUaAVIKTxM="; + rev = "v${version}"; + hash = "sha256-rjNIO4B9jHsBmPaugWTMqTGNpjiw0MTEmf9/ds2Mud4="; }; - patches = lib.optionals withXdgOpenUsePortalPatch [ + patches = [ + # Backport typo fix + (fetchpatch { + url = "https://gitlab.freedesktop.org/xdg/xdg-utils/-/commit/af2fe0d1dcbcd982d84ddf2bbd174afe90976ed9.patch"; + hash = "sha256-HhQk06wWkyWjSxjXet+sADKf1irswKxDA8WuOknZKRs="; + }) + # Backport docs rendering fixes + # See: https://gitlab.freedesktop.org/xdg/xdg-utils/-/merge_requests/106 + (fetchpatch { + url = "https://gitlab.freedesktop.org/xdg/xdg-utils/-/commit/403a720ad18920030418a7c3d1f2caba9ce3892d.patch"; + hash = "sha256-XxFUeyXENHCy+wplIJ5OzoU5oyA4v1bz/9qMXp1ZwsE="; + }) + (fetchpatch { + url = "https://gitlab.freedesktop.org/xdg/xdg-utils/-/commit/a137f2ba87620402aca21b14fb1d79517782dd29.patch"; + hash = "sha256-XFUAWn4uOyzgLdvupBxsO7wm6VDSzYj1SGZEM+9ouec="; + }) + ] ++ lib.optionals withXdgOpenUsePortalPatch [ # Allow forcing the use of XDG portals using NIXOS_XDG_OPEN_USE_PORTAL environment variable. # Upstream PR: https://github.com/freedesktop/xdg-utils/pull/12 ./allow-forcing-portal-use.patch - # Allow opening files when using portal with xdg-open. - # Upstream PR: https://gitlab.freedesktop.org/xdg/xdg-utils/-/merge_requests/65 - (fetchpatch { - name = "support-openfile-with-portal.patch"; - url = "https://gitlab.freedesktop.org/xdg/xdg-utils/-/commit/5cd8c38f58d9db03240f4bc67267fe3853b66ec7.diff"; - hash = "sha256-snkhxwGF9hpqEh5NGG8xixTi/ydAk5apXRtgYrVgNY8="; - }) ]; # just needed when built from git - nativeBuildInputs = [ libxslt docbook_xml_dtd_412 docbook_xsl xmlto w3m ]; + nativeBuildInputs = [ libxslt docbook_xml_dtd_412 docbook_xml_dtd_43 docbook_xsl xmlto ]; # explicitly provide a runtime shell so patchShebangs is consistent across build platforms buildInputs = [ bash ]; postInstall = lib.optionalString mimiSupport '' cp ${mimisrc}/xdg-open $out/bin/xdg-open - '' + '' - sed '2s#.#\ - sed() { ${gnused}/bin/sed "$@"; }\ - grep() { ${gnugrep}/bin/grep "$@"; }\ - egrep() { ${gnugrep}/bin/egrep "$@"; }\ - file() { ${file}/bin/file "$@"; }\ - awk() { ${gawk}/bin/awk "$@"; }\ - xset() { ${xset}/bin/xset "$@"; }\ - perl() { PERL5LIB=${perlPath} ${perlPackages.perl}/bin/perl "$@"; }\ - mimetype() { ${perlPackages.FileMimeInfo}/bin/mimetype "$@"; }\ - PATH=$PATH:'$out'/bin:${coreutils}/bin\ - &#' -i "$out"/bin/* - - substituteInPlace $out/bin/xdg-open \ - --replace "/usr/bin/printf" "${coreutils}/bin/printf" \ - --replace "gdbus" "${glib}/bin/gdbus" \ - --replace "mimeopen" "${perlPackages.FileMimeInfo}/bin/mimeopen" - - substituteInPlace $out/bin/xdg-mime \ - --replace "/usr/bin/file" "${file}/bin/file" - - substituteInPlace $out/bin/xdg-email \ - --replace "/bin/echo" "${coreutils}/bin/echo" \ - --replace "gdbus" "${glib}/bin/gdbus" - - sed 's|\bwhich\b|type -P|g' -i "$out"/bin/* ''; + preFixup = lib.concatStringsSep "\n" (map (resholve.phraseSolution "xdg-utils-resholved") solutions); + meta = with lib; { homepage = "https://www.freedesktop.org/wiki/Software/xdg-utils/"; description = "A set of command line tools that assist applications with a variety of desktop integration tasks"; diff --git a/pkgs/tools/archivers/cpio/default.nix b/pkgs/tools/archivers/cpio/default.nix index 4116a0b3e4ca8..5b65a580fa673 100644 --- a/pkgs/tools/archivers/cpio/default.nix +++ b/pkgs/tools/archivers/cpio/default.nix @@ -1,7 +1,6 @@ { lib , stdenv , fetchurl -, fetchpatch , autoreconfHook # for passthru.tests @@ -13,22 +12,13 @@ stdenv.mkDerivation rec { pname = "cpio"; - version = "2.14"; + version = "2.15"; src = fetchurl { url = "mirror://gnu/cpio/cpio-${version}.tar.bz2"; - sha256 = "/NwV1g9yZ6b8fvzWudt7bIlmxPL7u5ZMJNQTNv0/LBI="; + hash = "sha256-k3YQuXwymh7JJoVT+3gAN7z/8Nz/6XJevE/ZwaqQdds="; }; - patches = [ - # Pull upstream fix for clang-16 and gcc-14. - (fetchpatch { - name = "major-decl.patch"; - url = "https://git.savannah.gnu.org/cgit/cpio.git/patch/?id=8179be21e664cedb2e9d238cc2f6d04965e97275"; - hash = "sha256-k5Xiv3xuPU8kPT6D9B6p+V8SK55ybFgrIIPDgHuorpM="; - }) - ]; - nativeBuildInputs = [ autoreconfHook ]; separateDebugInfo = true; diff --git a/pkgs/tools/archivers/zip/buffer-overflow-on-utf8-rh-bug-2165653.patch b/pkgs/tools/archivers/zip/buffer-overflow-on-utf8-rh-bug-2165653.patch new file mode 100644 index 0000000000000..2ee3fff0db543 --- /dev/null +++ b/pkgs/tools/archivers/zip/buffer-overflow-on-utf8-rh-bug-2165653.patch @@ -0,0 +1,12 @@ +diff -urp zip30/fileio.c zip30/fileio.c +--- zip30/fileio.c 2008-05-29 03:13:24.000000000 +0300 ++++ zip30/fileio.c 2023-05-02 12:19:50.488314853 +0300 +@@ -3502,7 +3502,7 @@ zwchar *local_to_wide_string(local_strin + if ((wc_string = (wchar_t *)malloc((wsize + 1) * sizeof(wchar_t))) == NULL) { + ZIPERR(ZE_MEM, "local_to_wide_string"); + } +- wsize = mbstowcs(wc_string, local_string, strlen(local_string) + 1); ++ wsize = mbstowcs(wc_string, local_string, wsize + 1); + wc_string[wsize] = (wchar_t) 0; + + /* in case wchar_t is not zwchar */ diff --git a/pkgs/tools/archivers/zip/default.nix b/pkgs/tools/archivers/zip/default.nix index 1ac615a3d90ff..1d75040c77844 100644 --- a/pkgs/tools/archivers/zip/default.nix +++ b/pkgs/tools/archivers/zip/default.nix @@ -33,6 +33,9 @@ stdenv.mkDerivation rec { ./fix-memset-detection.patch # Implicit declaration of `closedir` and `opendir` cause dirent detection to fail with clang 16. ./fix-implicit-declarations.patch + # Buffer overflow on Unicode characters in path names + # https://bugzilla.redhat.com/show_bug.cgi?id=2165653 + ./buffer-overflow-on-utf8-rh-bug-2165653.patch ] ++ lib.optionals (enableNLS && !stdenv.isCygwin) [ ./natspec-gentoo.patch.bz2 ]; buildInputs = lib.optional enableNLS libnatspec diff --git a/pkgs/tools/compression/xz/default.nix b/pkgs/tools/compression/xz/default.nix index e8e0ae2439f23..9e195a0aa7db1 100644 --- a/pkgs/tools/compression/xz/default.nix +++ b/pkgs/tools/compression/xz/default.nix @@ -10,11 +10,11 @@ stdenv.mkDerivation rec { pname = "xz"; - version = "5.4.5"; + version = "5.4.6"; src = fetchurl { - url = "https://tukaani.org/xz/xz-${version}.tar.bz2"; - sha256 = "sha256-jM9f/4aMAG8pUi44b7TGobZkY/vKZaTPw8S9WW6JXnk="; + url = "https://github.com/tukaani-project/xz/releases/download/v${version}/xz-${version}.tar.bz2"; + sha256 = "sha256-kThRsnTo4dMXgeyUnxwj6NvPDs9uc6JDbcIXad0+b0k="; }; strictDeps = true; diff --git a/pkgs/tools/networking/curl/configure-ipv6-autodetect.diff b/pkgs/tools/networking/curl/configure-ipv6-autodetect.diff deleted file mode 100644 index 9797d2c16d11c..0000000000000 --- a/pkgs/tools/networking/curl/configure-ipv6-autodetect.diff +++ /dev/null @@ -1,46 +0,0 @@ -diff --git a/configure b/configure -index 04d1de1..5de1b41 100755 ---- a/configure -+++ b/configure -@@ -24949,15 +24949,12 @@ else $as_nop - # include <netinet/in6.h> - #endif - #endif --#include <stdlib.h> /* for exit() */ --main() -+ -+int main(void) - { - struct sockaddr_in6 s; - (void)s; -- if (socket(AF_INET6, SOCK_STREAM, 0) < 0) -- exit(1); -- else -- exit(0); -+ return socket(AF_INET6, SOCK_STREAM, 0) < 0; - } - - -diff --git a/configure.ac b/configure.ac -index 2d71c83..bd38dd9 100644 ---- a/configure.ac -+++ b/configure.ac -@@ -1679,15 +1679,12 @@ AS_HELP_STRING([--disable-ipv6],[Disable IPv6 support]), - # include <netinet/in6.h> - #endif - #endif --#include <stdlib.h> /* for exit() */ --main() -+ -+int main(void) - { - struct sockaddr_in6 s; - (void)s; -- if (socket(AF_INET6, SOCK_STREAM, 0) < 0) -- exit(1); -- else -- exit(0); -+ return socket(AF_INET6, SOCK_STREAM, 0) < 0; - } - ]]) - ], diff --git a/pkgs/tools/networking/curl/default.nix b/pkgs/tools/networking/curl/default.nix index d7d78cea11b71..9cbf6dc1b0fb5 100644 --- a/pkgs/tools/networking/curl/default.nix +++ b/pkgs/tools/networking/curl/default.nix @@ -48,21 +48,19 @@ assert !((lib.count (x: x) [ gnutlsSupport opensslSupport wolfsslSupport rustlsS stdenv.mkDerivation (finalAttrs: { pname = "curl"; - version = "8.5.0"; + version = "8.6.0"; src = fetchurl { urls = [ "https://curl.haxx.se/download/curl-${finalAttrs.version}.tar.xz" "https://github.com/curl/curl/releases/download/curl-${builtins.replaceStrings [ "." ] [ "_" ] finalAttrs.version}/curl-${finalAttrs.version}.tar.xz" ]; - hash = "sha256-QquNueINgpCjtjPn+7POwV2zTfZf0QFe+KweRyN1Dus="; + hash = "sha256-PM1V2Rr5UWU534BiX4GMc03G8uz5utozx2dl6ZEh2xU="; }; - patches = [ - # fix ipv6 autodetect compile error in configure script - # remove once https://github.com/curl/curl/pull/12607 released (8.6.0) - ./configure-ipv6-autodetect.diff - ]; + postPatch = '' + patchShebangs scripts + ''; outputs = [ "bin" "dev" "out" "man" "devdoc" ]; separateDebugInfo = stdenv.isLinux; @@ -120,6 +118,7 @@ stdenv.mkDerivation (finalAttrs: { (lib.withFeature rtmpSupport "librtmp") (lib.withFeature rustlsSupport "rustls") (lib.withFeature zstdSupport "zstd") + (lib.withFeature pslSupport "libpsl") (lib.withFeatureAs brotliSupport "brotli" (lib.getDev brotli)) (lib.withFeatureAs gnutlsSupport "gnutls" (lib.getDev gnutls)) (lib.withFeatureAs idnSupport "libidn2" (lib.getDev libidn2)) @@ -180,7 +179,6 @@ stdenv.mkDerivation (finalAttrs: { inherit opensslSupport openssl; tests = { withCheck = finalAttrs.finalPackage.overrideAttrs (_: { doCheck = true; }); - fetchpatch = tests.fetchpatch.simple.override { fetchpatch = (fetchpatch.override { fetchurl = useThisCurl fetchurl; }) // { version = 1; }; }; curlpp = useThisCurl curlpp; coeurl = useThisCurl coeurl; haskell-curl = useThisCurl haskellPackages.curl; @@ -192,6 +190,8 @@ stdenv.mkDerivation (finalAttrs: { # nginx-http3 = useThisCurl nixosTests.nginx-http3; nginx-http3 = nixosTests.nginx-http3; pkg-config = testers.testMetaPkgConfig finalAttrs.finalPackage; + } // lib.optionalAttrs (!stdenv.isDarwin) { + fetchpatch = tests.fetchpatch.simple.override { fetchpatch = (fetchpatch.override { fetchurl = useThisCurl fetchurl; }) // { version = 1; }; }; }; }; diff --git a/pkgs/tools/networking/dhcpcd/default.nix b/pkgs/tools/networking/dhcpcd/default.nix index 0350a4989262a..9d4dc1cd7c2c6 100644 --- a/pkgs/tools/networking/dhcpcd/default.nix +++ b/pkgs/tools/networking/dhcpcd/default.nix @@ -11,13 +11,13 @@ stdenv.mkDerivation rec { pname = "dhcpcd"; - version = "10.0.3"; + version = "10.0.6"; src = fetchFromGitHub { owner = "NetworkConfiguration"; repo = "dhcpcd"; rev = "v${version}"; - sha256 = "sha256-NXLOfSPGHiRDSagaT+37TAn9XtdcG4+wP9AvyGJi4Dc="; + sha256 = "sha256-tNC5XCA8dShaTIff15mQz8v+YK9sZkRNLCX5qnlpxx4="; }; nativeBuildInputs = [ pkg-config ]; @@ -26,7 +26,7 @@ stdenv.mkDerivation rec { runtimeShellPackage # So patchShebangs finds a bash suitable for the installed scripts ]; - prePatch = '' + postPatch = '' substituteInPlace hooks/dhcpcd-run-hooks.in --replace /bin/sh ${runtimeShell} ''; diff --git a/pkgs/tools/package-management/nix/patches/boehmgc-coroutine-sp-fallback.patch b/pkgs/tools/package-management/nix/patches/boehmgc-coroutine-sp-fallback.patch index e4e2b3858ad50..578bd325d56bd 100644 --- a/pkgs/tools/package-management/nix/patches/boehmgc-coroutine-sp-fallback.patch +++ b/pkgs/tools/package-management/nix/patches/boehmgc-coroutine-sp-fallback.patch @@ -1,8 +1,8 @@ diff --git a/pthread_stop_world.c b/pthread_stop_world.c -index b5d71e62..aed7b0bf 100644 +index 2b45489..0e6d8ef 100644 --- a/pthread_stop_world.c +++ b/pthread_stop_world.c -@@ -768,6 +768,8 @@ STATIC void GC_restart_handler(int sig) +@@ -776,6 +776,8 @@ STATIC void GC_restart_handler(int sig) /* world is stopped. Should not fail if it isn't. */ GC_INNER void GC_push_all_stacks(void) { @@ -11,10 +11,10 @@ index b5d71e62..aed7b0bf 100644 GC_bool found_me = FALSE; size_t nthreads = 0; int i; -@@ -851,6 +853,31 @@ GC_INNER void GC_push_all_stacks(void) - hi = p->altstack + p->altstack_size; +@@ -868,6 +870,31 @@ GC_INNER void GC_push_all_stacks(void) + hi = p->altstack + p->altstack_size; + # endif /* FIXME: Need to scan the normal stack too, but how ? */ - /* FIXME: Assume stack grows down */ + } else { + if (pthread_getattr_np(p->id, &pattr)) { + ABORT("GC_push_all_stacks: pthread_getattr_np failed!"); @@ -41,5 +41,5 @@ index b5d71e62..aed7b0bf 100644 + #error "STACK_GROWS_UP not supported in boost_coroutine2 (as of june 2021), so we don't support it in Nix." + #endif } - GC_push_all_stack_sections(lo, hi, traced_stack_sect); - # ifdef STACK_GROWS_UP + # ifdef STACKPTR_CORRECTOR_AVAILABLE + if (GC_sp_corrector != 0) diff --git a/pkgs/tools/security/gnupg/24.nix b/pkgs/tools/security/gnupg/24.nix index 49beed63b53a7..95a6d9c0fa5ff 100644 --- a/pkgs/tools/security/gnupg/24.nix +++ b/pkgs/tools/security/gnupg/24.nix @@ -13,11 +13,11 @@ assert guiSupport -> enableMinimal == false; stdenv.mkDerivation rec { pname = "gnupg"; - version = "2.4.3"; + version = "2.4.4"; src = fetchurl { url = "mirror://gnupg/gnupg/${pname}-${version}.tar.bz2"; - hash = "sha256-onGubXMvb02AwlitnuiN2clMj9wzw+RTKMTXwSa9IZ0="; + hash = "sha256-Z+vgFsqQ+naIzmejh+vYLGJh6ViX23sj3yT/M1voW8Y="; }; depsBuildBuild = [ buildPackages.stdenv.cc ]; diff --git a/pkgs/tools/security/pcsclite/default.nix b/pkgs/tools/security/pcsclite/default.nix index 08a4b5b08d02a..2b55b76b66543 100644 --- a/pkgs/tools/security/pcsclite/default.nix +++ b/pkgs/tools/security/pcsclite/default.nix @@ -21,7 +21,7 @@ stdenv.mkDerivation (finalAttrs: { inherit pname; version = "2.0.1"; - outputs = [ "bin" "out" "dev" "doc" "man" ]; + outputs = [ "out" "lib" "dev" "doc" "man" ]; src = fetchFromGitLab { domain = "salsa.debian.org"; @@ -39,13 +39,21 @@ stdenv.mkDerivation (finalAttrs: { (lib.enableFeature polkitSupport "polkit") ] ++ lib.optionals stdenv.isLinux [ "--enable-ipcdir=/run/pcscd" - "--with-systemdsystemunitdir=${placeholder "bin"}/lib/systemd/system" + "--with-systemdsystemunitdir=${placeholder "out"}/lib/systemd/system" ]; makeFlags = [ "POLICY_DIR=$(out)/share/polkit-1/actions" ]; + # disable building pcsc-wirecheck{,-gen} when cross compiling + # see also: https://github.com/LudovicRousseau/PCSC/issues/25 + postPatch = lib.optionalString (!stdenv.buildPlatform.canExecute stdenv.hostPlatform) '' + substituteInPlace src/Makefile.am \ + --replace "noinst_PROGRAMS = testpcsc pcsc-wirecheck pcsc-wirecheck-gen" \ + "noinst_PROGRAMS = testpcsc" + ''; + postInstall = '' # pcsc-spy is a debugging utility and it drags python into the closure moveToOutput bin/pcsc-spy "$dev" diff --git a/pkgs/tools/system/efivar/default.nix b/pkgs/tools/system/efivar/default.nix index 8507c7c7cec0e..9ddb83ca5e363 100644 --- a/pkgs/tools/system/efivar/default.nix +++ b/pkgs/tools/system/efivar/default.nix @@ -29,6 +29,13 @@ stdenv.mkDerivation rec { url = "https://github.com/rhboot/efivar/commit/cece3ffd5be2f8641eb694513f2b73e5eb97ffd3.patch"; sha256 = "7/E0gboU0A45/BY6jGPLuvds6qKtNjzpgKgdNTaVaZQ="; }) + + # Fix build against gcc-13: https://github.com/rhboot/efivar/pull/242 + (fetchpatch { + name = "gcc-13.patch"; + url = "https://github.com/rhboot/efivar/commit/52fece47d4f3ebd588bd85598bfc7a0142365f7e.patch"; + hash = "sha256-tOmxbY7kD6kzbBZ2RhQ5gCCpHtu+2gRNa7VUAWdCKu0="; + }) ]; nativeBuildInputs = [ pkg-config mandoc ]; diff --git a/pkgs/top-level/all-packages.nix b/pkgs/top-level/all-packages.nix index eab696390f33d..56d60e92a7eb9 100644 --- a/pkgs/top-level/all-packages.nix +++ b/pkgs/top-level/all-packages.nix @@ -7319,6 +7319,7 @@ with pkgs; curl = curlMinimal.override ({ idnSupport = true; + pslSupport = true; zstdSupport = true; } // lib.optionalAttrs (!stdenv.hostPlatform.isStatic) { brotliSupport = true; @@ -7915,7 +7916,7 @@ with pkgs; efibootmgr = callPackage ../tools/system/efibootmgr { }; - efivar = disable-warnings-if-gcc13 (callPackage ../tools/system/efivar { }); + efivar = callPackage ../tools/system/efivar { }; eget = callPackage ../tools/misc/eget { }; @@ -20371,7 +20372,7 @@ with pkgs; then overrideSDK stdenv { darwinMinVersion = "10.13"; } else stdenv; }; - abseil-cpp = abseil-cpp_202301; + abseil-cpp = abseil-cpp_202401; accountsservice = callPackage ../development/libraries/accountsservice { }; @@ -22305,10 +22306,7 @@ with pkgs; libantlr3c = callPackage ../development/libraries/libantlr3c { }; - libaom = callPackage ../development/libraries/libaom { - # Remove circular dependency for libavif - libjxl = libjxl.override { buildDocs = false; }; - }; + libaom = callPackage ../development/libraries/libaom { }; libappindicator-gtk2 = libappindicator.override { gtkVersion = "2"; }; libappindicator-gtk3 = libappindicator.override { gtkVersion = "3"; }; @@ -22389,7 +22387,7 @@ with pkgs; libcacard = callPackage ../development/libraries/libcacard { }; - libcamera = callPackage ../development/libraries/libcamera { }; + libcamera-qcam = callPackage ../by-name/li/libcamera/package.nix { withQcam = true; }; libcanberra = callPackage ../development/libraries/libcanberra { inherit (darwin.apple_sdk.frameworks) Carbon CoreServices AppKit; @@ -24223,9 +24221,7 @@ with pkgs; openexrid-unstable = callPackage ../development/libraries/openexrid-unstable { }; - openldap = callPackage ../development/libraries/openldap { - openssl = openssl_legacy; - }; + openldap = callPackage ../development/libraries/openldap { }; opencolorio = darwin.apple_sdk_11_0.callPackage ../development/libraries/opencolorio { inherit (darwin.apple_sdk_11_0.frameworks) Carbon GLUT Cocoa; @@ -36499,9 +36495,7 @@ with pkgs; xdg-user-dirs = callPackage ../tools/X11/xdg-user-dirs { }; - xdg-utils = callPackage ../tools/X11/xdg-utils { - w3m = buildPackages.w3m-batch; - }; + xdg-utils = callPackage ../tools/X11/xdg-utils {}; xdgmenumaker = callPackage ../applications/misc/xdgmenumaker { }; @@ -39052,7 +39046,9 @@ with pkgs; notus-scanner = with python3Packages; toPythonApplication notus-scanner; - openblas = callPackage ../development/libraries/science/math/openblas { }; + openblas = callPackage ../development/libraries/science/math/openblas { + inherit (llvmPackages) openmp; + }; # A version of OpenBLAS using 32-bit integers on all platforms for compatibility with # standard BLAS and LAPACK. @@ -39170,7 +39166,9 @@ with pkgs; suitesparse_4_2 = callPackage ../development/libraries/science/math/suitesparse/4.2.nix { }; suitesparse_4_4 = callPackage ../development/libraries/science/math/suitesparse/4.4.nix { }; - suitesparse_5_3 = callPackage ../development/libraries/science/math/suitesparse { }; + suitesparse_5_3 = callPackage ../development/libraries/science/math/suitesparse { + inherit (llvmPackages) openmp; + }; suitesparse = suitesparse_5_3; suitesparse-graphblas = callPackage ../development/libraries/science/math/suitesparse-graphblas { }; diff --git a/pkgs/top-level/python-aliases.nix b/pkgs/top-level/python-aliases.nix index 20e30e9a03c91..c3c5e84c32f98 100644 --- a/pkgs/top-level/python-aliases.nix +++ b/pkgs/top-level/python-aliases.nix @@ -164,6 +164,9 @@ mapAliases ({ flask_sqlalchemy = flask-sqlalchemy; # added 2022-07-20 flask_testing = flask-testing; # added 2022-04-25 flask_wtf = flask-wtf; # added 2022-05-24 + flask-autoindex = throw "flask-autoindex was removed, as it is not compatible with flask 3.0 and unmaintained since 2020."; + flask-basicauth = throw "flask-basicauth was removed, as it is not compatible with flask 3.0 and unmaintained since 2016."; + flask-sessionstore = throw "flask-sessionstore was removed, as it is not compatible with flask 3.0 and unmaintained since 2017."; flowlogs_reader = flowlogs-reader; # added 2024-01-03 FormEncode = formencode; # added 2023-02-19 foundationdb51 = throw "foundationdb51 is no longer maintained, use foundationdb71 instead"; # added 2023-06-06 diff --git a/pkgs/top-level/python-packages.nix b/pkgs/top-level/python-packages.nix index 03bb52d050b05..7d38b3c99f32a 100644 --- a/pkgs/top-level/python-packages.nix +++ b/pkgs/top-level/python-packages.nix @@ -4121,14 +4121,10 @@ self: super: with self; { flask-assets = callPackage ../development/python-modules/flask-assets { }; - flask-autoindex = callPackage ../development/python-modules/flask-autoindex { }; - flask-babel = callPackage ../development/python-modules/flask-babel { }; flask-babelex = callPackage ../development/python-modules/flask-babelex { }; - flask-basicauth = callPackage ../development/python-modules/flask-basicauth { }; - flask-bcrypt = callPackage ../development/python-modules/flask-bcrypt { }; flask-bootstrap = callPackage ../development/python-modules/flask-bootstrap { }; @@ -4195,8 +4191,6 @@ self: super: with self; { flask-session-captcha = callPackage ../development/python-modules/flask-session-captcha { }; - flask-sessionstore = callPackage ../development/python-modules/flask-sessionstore { }; - flask-security-too = callPackage ../development/python-modules/flask-security-too { }; flask-silk = callPackage ../development/python-modules/flask-silk { }; @@ -9652,7 +9646,9 @@ self: super: with self; { python-mbedtls = callPackage ../development/python-modules/python-mbedtls { }; - python-memcached = callPackage ../development/python-modules/python-memcached { }; + python-memcached = callPackage ../development/python-modules/python-memcached { + inherit (pkgs) memcached; + }; python-otbr-api = callPackage ../development/python-modules/python-otbr-api { }; @@ -13883,9 +13879,7 @@ self: super: with self; { stanza = callPackage ../development/python-modules/stanza { }; - starlette = callPackage ../development/python-modules/starlette { - inherit (pkgs.darwin.apple_sdk.frameworks) ApplicationServices; - }; + starlette = callPackage ../development/python-modules/starlette { }; starlette-wtf = callPackage ../development/python-modules/starlette-wtf { }; diff --git a/pkgs/top-level/release-attrpaths-superset.nix b/pkgs/top-level/release-attrpaths-superset.nix index 673b63a5ac34f..55cce6101d71a 100644 --- a/pkgs/top-level/release-attrpaths-superset.nix +++ b/pkgs/top-level/release-attrpaths-superset.nix @@ -53,6 +53,7 @@ let pkgsStatic = true; pkgsCross = true; pkgsi686Linux = true; + pkgsExtraHardening = true; }; # No release package attrname may have any of these at a component diff --git a/pkgs/top-level/stage.nix b/pkgs/top-level/stage.nix index 1cc05167cee83..cbf0f585fe411 100644 --- a/pkgs/top-level/stage.nix +++ b/pkgs/top-level/stage.nix @@ -276,6 +276,19 @@ let gcc.abi = "elfv2"; }; }); + + pkgsExtraHardening = nixpkgsFun { + overlays = [ + (self': super': { + pkgsExtraHardening = super'; + stdenv = super'.withDefaultHardeningFlags ( + super'.stdenv.cc.defaultHardeningFlags ++ [ + "zerocallusedregs" + ] + ) super'.stdenv; + }) + ] ++ overlays; + }; }; # The complete chain of package set builders, applied from top to bottom. |