diff options
Diffstat (limited to 'pkgs/servers')
34 files changed, 256 insertions, 89 deletions
diff --git a/pkgs/servers/aeron/default.nix b/pkgs/servers/aeron/default.nix index 84e7d44447882..2addc87feaa8e 100644 --- a/pkgs/servers/aeron/default.nix +++ b/pkgs/servers/aeron/default.nix @@ -8,7 +8,7 @@ let pname = "aeron"; - version = "1.43.0"; + version = "1.44.1"; groupId = "io.aeron"; aeronAll_1_40_0 = fetchMavenArtifact { @@ -53,8 +53,22 @@ let hash = "sha512-a/ti4Kd8WwzOzDGMgdYk0pxsu8vRA4kRD9cm4D3S+r6xc/rL8ECHVoogOMDeabDd1EYSIbx/sKE01BJOW7BVsg=="; }; - aeronAll = aeronAll_1_43_0; - aeronSamples = aeronSamples_1_43_0; + aeronAll_1_44_1 = fetchMavenArtifact { + inherit groupId; + artifactId = "aeron-all"; + version = "1.44.1"; + hash = "sha256-O80bWp7F6mRh3me1znzpfFfFEpvvMVjL4PrAt7+3Fq0="; + }; + + aeronSamples_1_44_1 = fetchMavenArtifact { + inherit groupId; + version = "1.44.1"; + artifactId = "aeron-samples"; + hash = "sha256-ZSuTed45BRzr4JJuGeXghUgEifv/FpnCzTNJWa+nwjo="; + }; + + aeronAll = aeronAll_1_44_1; + aeronSamples = aeronSamples_1_44_1; in stdenv.mkDerivation { diff --git a/pkgs/servers/deconz/default.nix b/pkgs/servers/deconz/default.nix index 7f5d60b153f81..110048f9de285 100644 --- a/pkgs/servers/deconz/default.nix +++ b/pkgs/servers/deconz/default.nix @@ -16,16 +16,11 @@ stdenv.mkDerivation rec { pname = "deconz"; - version = "2.23.00"; + version = "2.26.3"; src = fetchurl { url = "https://deconz.dresden-elektronik.de/ubuntu/beta/deconz-${version}-qt5.deb"; - sha256 = "sha256-TMftm1fz8c8ndSyA3HUd7JWT0DINxvbdUSDrmVMwmws="; - }; - - devsrc = fetchurl { - url = "https://deconz.dresden-elektronik.de/ubuntu/beta/deconz-dev-${version}.deb"; - sha256 = "sha256-uW5iF3rvFlowFhMBVDTOHkJ2K4LBgAxxC79tXpMhy5U="; + sha256 = "sha256-BE/apFPutNdhlS1NWRHdVcVrt/16aFfZ6zRcjphIlZA="; }; nativeBuildInputs = [ dpkg autoPatchelfHook makeWrapper wrapQtAppsHook ]; @@ -36,7 +31,6 @@ stdenv.mkDerivation rec { runHook preUnpack dpkg -x $src ./deconz-src - dpkg -x $devsrc ./deconz-devsrc runHook postUnpack ''; @@ -46,7 +40,6 @@ stdenv.mkDerivation rec { mkdir -p "$out" cp -r deconz-src/* "$out" - cp -r deconz-devsrc/* "$out" # Flatten /usr and manually merge lib/ and usr/lib/, since mv refuses to. mv "$out/lib" "$out/orig_lib" diff --git a/pkgs/servers/dns/trust-dns/default.nix b/pkgs/servers/dns/trust-dns/default.nix index f330081893858..fa8fcc88261af 100644 --- a/pkgs/servers/dns/trust-dns/default.nix +++ b/pkgs/servers/dns/trust-dns/default.nix @@ -13,9 +13,9 @@ rustPlatform.buildRustPackage rec { owner = "hickory-dns"; repo = "hickory-dns"; rev = "v${version}"; - hash = "sha256-+vZnozPsORe7nK6jL/yt/wp2qjwBTqyxZYz+cXaKNFk="; + hash = "sha256-szq21RuRmkhAfHlzhGQYpwjiIRkavFCPETOt+6TxhP4="; }; - cargoHash = "sha256-VLpl6eMOstD0FsuPeHngKQitv1jcb+0dx2pc8ic3Cf4="; + cargoHash = "sha256-zGn5vHwsHgpkgOr30QiyScqnfXjH55LQIVtxoUUox64="; buildInputs = [ openssl ]; nativeBuildInputs = [ pkg-config ]; diff --git a/pkgs/servers/elasticmq-server-bin/default.nix b/pkgs/servers/elasticmq-server-bin/default.nix index 9da82d41996f2..395ac3609514e 100644 --- a/pkgs/servers/elasticmq-server-bin/default.nix +++ b/pkgs/servers/elasticmq-server-bin/default.nix @@ -2,11 +2,11 @@ stdenv.mkDerivation (finalAttrs: { pname = "elasticmq-server"; - version = "1.5.8"; + version = "1.6.0"; src = fetchurl { url = "https://s3-eu-west-1.amazonaws.com/softwaremill-public/${finalAttrs.pname}-${finalAttrs.version}.jar"; - sha256 = "sha256-7E1fkMPPwPUEZUL/VqTX0DSdL5mUlSlf7lDE1jNb3Ns="; + sha256 = "sha256-h71YX8mP9iB92gK+QQD/xl1JLZwKspAwE6D3wq+SOkU="; }; # don't do anything? diff --git a/pkgs/servers/home-assistant/component-packages.nix b/pkgs/servers/home-assistant/component-packages.nix index 33b56ccb134a8..d8da6b345eb46 100644 --- a/pkgs/servers/home-assistant/component-packages.nix +++ b/pkgs/servers/home-assistant/component-packages.nix @@ -2,7 +2,7 @@ # Do not edit! { - version = "2024.4.2"; + version = "2024.4.3"; components = { "3_day_blinds" = ps: with ps; [ ]; @@ -97,7 +97,8 @@ airtouch4pyapi ]; "airtouch5" = ps: with ps; [ - ]; # missing inputs: airtouch5py + airtouch5py + ]; "airvisual" = ps: with ps; [ pyairvisual ]; @@ -162,7 +163,8 @@ sqlalchemy ]; "analytics_insights" = ps: with ps; [ - ]; # missing inputs: python-homeassistant-analytics + python-homeassistant-analytics + ]; "android_ip_webcam" = ps: with ps; [ pydroid-ipcam ]; @@ -5956,6 +5958,7 @@ "ambiclimate" "ambient_station" "analytics" + "analytics_insights" "android_ip_webcam" "androidtv" "androidtv_remote" diff --git a/pkgs/servers/home-assistant/custom-components/better_thermostat/default.nix b/pkgs/servers/home-assistant/custom-components/better_thermostat/default.nix index d61d1850e13b8..5557e11761dfd 100644 --- a/pkgs/servers/home-assistant/custom-components/better_thermostat/default.nix +++ b/pkgs/servers/home-assistant/custom-components/better_thermostat/default.nix @@ -3,13 +3,13 @@ buildHomeAssistantComponent rec { owner = "KartoffelToby"; domain = "better_thermostat"; - version = "1.5.0-beta7"; + version = "1.5.0"; src = fetchFromGitHub { owner = "KartoffelToby"; repo = "better_thermostat"; rev = "refs/tags/${version}"; - hash = "sha256-bJURpeBgoxXGR7C9MY/gmNY7OFvBxrJKz2cA61b5hNo="; + hash = "sha256-noo96Uks+MHtTbwIoU5gnekp/IwMry0U18X4I1qe4LQ="; }; meta = with lib; { diff --git a/pkgs/servers/home-assistant/custom-components/miele/default.nix b/pkgs/servers/home-assistant/custom-components/miele/default.nix index 71624f674b4d7..3ebdc6283c035 100644 --- a/pkgs/servers/home-assistant/custom-components/miele/default.nix +++ b/pkgs/servers/home-assistant/custom-components/miele/default.nix @@ -8,13 +8,13 @@ buildHomeAssistantComponent rec { owner = "astrandb"; domain = "miele"; - version = "0.1.19"; + version = "2024.3.0"; src = fetchFromGitHub { inherit owner; repo = domain; rev = "refs/tags/v${version}"; - hash = "sha256-od7DV10/rkIw9eFMsTRw4bMmhQo9BAmw2rCbKKySeIk="; + hash = "sha256-J9n4PFcd87L301B2YktrLcxp5Vu1HwDeCYnrMEJ0+TA="; }; propagatedBuildInputs = [ diff --git a/pkgs/servers/home-assistant/default.nix b/pkgs/servers/home-assistant/default.nix index cc42a6b90582f..e3bec47d25a80 100644 --- a/pkgs/servers/home-assistant/default.nix +++ b/pkgs/servers/home-assistant/default.nix @@ -526,7 +526,7 @@ let extraBuildInputs = extraPackages python.pkgs; # Don't forget to run parse-requirements.py after updating - hassVersion = "2024.4.2"; + hassVersion = "2024.4.3"; in python.pkgs.buildPythonApplication rec { pname = "homeassistant"; @@ -544,13 +544,13 @@ in python.pkgs.buildPythonApplication rec { owner = "home-assistant"; repo = "core"; rev = "refs/tags/${version}"; - hash = "sha256-V6qvpPrhfSLINH99hYkAjvG8pfIN8AXGO3HuwiKgMPo="; + hash = "sha256-jHt4cWi1JxUs2XKf0N9gqsYj5XZK7TXwgj7WPZ7dmEA="; }; # Secondary source is pypi sdist for translations sdist = fetchPypi { inherit pname version; - hash = "sha256-ZtTlLRDSXKUz+ZA+UctFL+d3wdKrcPdeROIUhS35qWU="; + hash = "sha256-sj3usdXUl/wNElO3OgGx6dsBqn9+h9zq/AC3Zdn379M="; }; nativeBuildInputs = with python.pkgs; [ @@ -559,6 +559,7 @@ in python.pkgs.buildPythonApplication rec { ]; pythonRelaxDeps = [ + "aiohttp" "attrs" "bcrypt" "ciso8601" @@ -566,6 +567,7 @@ in python.pkgs.buildPythonApplication rec { "hass-nabucasa" "httpx" "orjson" + "pillow" "pyopenssl" "typing-extensions" "urllib3" diff --git a/pkgs/servers/home-assistant/frontend.nix b/pkgs/servers/home-assistant/frontend.nix index 4b95c1cb86886..afa2c53ca3f7f 100644 --- a/pkgs/servers/home-assistant/frontend.nix +++ b/pkgs/servers/home-assistant/frontend.nix @@ -4,7 +4,7 @@ buildPythonPackage rec { # the frontend version corresponding to a specific home-assistant version can be found here # https://github.com/home-assistant/home-assistant/blob/master/homeassistant/components/frontend/manifest.json pname = "home-assistant-frontend"; - version = "20240404.1"; + version = "20240404.2"; format = "wheel"; src = fetchPypi { @@ -12,7 +12,7 @@ buildPythonPackage rec { pname = "home_assistant_frontend"; dist = "py3"; python = "py3"; - hash = "sha256-Vuk/e+wn8Cbko7tbjLIbclhdj3R+BdHzu4OSsBUAOcU="; + hash = "sha256-xCpQHzfXXt9aOWWVGYtt9NYws//ZPjI/owXBQafb31k="; }; # there is nothing to strip in this package diff --git a/pkgs/servers/home-assistant/stubs.nix b/pkgs/servers/home-assistant/stubs.nix index b70aa8ed3d230..f8e4e49b13ff0 100644 --- a/pkgs/servers/home-assistant/stubs.nix +++ b/pkgs/servers/home-assistant/stubs.nix @@ -8,7 +8,7 @@ buildPythonPackage rec { pname = "homeassistant-stubs"; - version = "2024.4.2"; + version = "2024.4.3"; format = "pyproject"; disabled = python.version != home-assistant.python.version; @@ -17,7 +17,7 @@ buildPythonPackage rec { owner = "KapJI"; repo = "homeassistant-stubs"; rev = "refs/tags/${version}"; - hash = "sha256-qt7NBbjjeiNcHOM6wKI7Y3+L579xBQJD48hU89BB+ss="; + hash = "sha256-uFQQNcRfo4m3GnfCbAe4yjdphkpqnhpqVr1EZP3bqVM="; }; nativeBuildInputs = [ diff --git a/pkgs/servers/http/envoy/default.nix b/pkgs/servers/http/envoy/default.nix index 50067d7dd6220..7e58f50fa1c64 100644 --- a/pkgs/servers/http/envoy/default.nix +++ b/pkgs/servers/http/envoy/default.nix @@ -25,15 +25,15 @@ let # However, the version string is more useful for end-users. # These are contained in a attrset of their own to make it obvious that # people should update both. - version = "1.27.3"; - rev = "0fd81ee7ffcd7cfc864094b24dc9b5c3ade89ff2"; - hash = "sha256-WNyyUw3517oKqMd1sJMk9CiLa/V7UrhwlRS+AWNNOOo="; + version = "1.27.5"; + rev = "be4f1cfd31c79fc05651efa2f88429b3c03d1d9e"; + hash = "sha256-+sjNqq91YfyW83aq/8WoSo7Jl5QZUmtWtsajnLLMgDc="; }; # these need to be updated for any changes to fetchAttrs depsHash = { - x86_64-linux = "sha256-wTGHfeFkCuijPdX//lT5GPspaxZsxzBHJffH1tpVM2w="; - aarch64-linux = "sha256-9/Wem+Gk/7bFeMNFC4J3mdTm3mrNmyMxiu5oadQcovU="; + x86_64-linux = "sha256-4XJgPfNEPmbvAZMLlQcnIaoGzaFtyhsuEshdEjLh0OY="; + aarch64-linux = "sha256-85HLiK+xX/tabazh97J4fWk5KYc7kynbxj/g8HCGTD4="; }.${stdenv.system} or (throw "unsupported system ${stdenv.system}"); in buildBazelPackage { @@ -179,8 +179,13 @@ buildBazelPackage { # | ^ "--define=tcmalloc=disabled" ]); + bazelFetchFlags = [ "--define=wasm=${wasmRuntime}" + + # https://github.com/bazelbuild/rules_go/issues/3844 + "--repo_env=GOPROXY=https://proxy.golang.org,direct" + "--repo_env=GOSUMDB=sum.golang.org" ]; passthru.tests = { @@ -197,6 +202,5 @@ buildBazelPackage { license = licenses.asl20; maintainers = with maintainers; [ lukegb ]; platforms = [ "x86_64-linux" "aarch64-linux" ]; - knownVulnerabilities = [ "CVE-2024-30255" ]; }; } diff --git a/pkgs/servers/hylafaxplus/default.nix b/pkgs/servers/hylafaxplus/default.nix index 278f0b4c5260a..246ad636ceb4c 100644 --- a/pkgs/servers/hylafaxplus/default.nix +++ b/pkgs/servers/hylafaxplus/default.nix @@ -32,8 +32,8 @@ let pname = "hylafaxplus"; - version = "7.0.7"; - hash = "sha512-nUvt+M0HBYN+MsGskuuDt1j0nI5Dk8MbfK/OVxP2FCDby3eiDg0eDtcpIxlOe4o0klko07zDRIb06zqh8ABuKA=="; + version = "7.0.8"; + hash = "sha512-6wTLVcaHpASy+2i+jeoJ1cM2aLgI5vznGrLd4NCkLHiOxlfCh/ASRaj2Nxt9ZZ5NN/deEwf9tNSZ7MkFZHVsqA=="; configSite = substituteAll { name = "${pname}-config.site"; diff --git a/pkgs/servers/hylafaxplus/libtiff-4.patch b/pkgs/servers/hylafaxplus/libtiff-4.patch index e00d94b5a979b..d7284e2428651 100644 --- a/pkgs/servers/hylafaxplus/libtiff-4.patch +++ b/pkgs/servers/hylafaxplus/libtiff-4.patch @@ -1,11 +1,11 @@ https://bugs.gentoo.org/706154 --- a/configure +++ b/configure -@@ -2583,7 +2583,7 @@ EOF +@@ -2584,7 +2584,7 @@ EOF echo '#define TIFFSTRIPBYTECOUNTS uint32_t' echo '#define TIFFVERSION TIFF_VERSION' echo '#define TIFFHEADER TIFFHeader';; -- 4.[012345]) tiff_runlen_t="uint32_t" +- 4.[0123456]) tiff_runlen_t="uint32_t" + 4.[0-9]) tiff_runlen_t="uint32_t" tiff_offset_t="uint64_t" echo '#define TIFFSTRIPBYTECOUNTS uint64_t' diff --git a/pkgs/servers/mail/spamassassin/default.nix b/pkgs/servers/mail/spamassassin/default.nix index 8b6623200eba2..22d482d1bc64a 100644 --- a/pkgs/servers/mail/spamassassin/default.nix +++ b/pkgs/servers/mail/spamassassin/default.nix @@ -2,16 +2,16 @@ perlPackages.buildPerlPackage rec { pname = "SpamAssassin"; - version = "4.0.0"; - rulesRev = "r1905950"; + version = "4.0.1"; + rulesRev = "r1916528"; src = fetchurl { url = "mirror://apache/spamassassin/source/Mail-${pname}-${version}.tar.bz2"; - hash = "sha256-5aoXBQowvHK6qGr9xgSMrepNHsLsxh14dxegWbgxnog="; + hash = "sha256-l3XtdVnoPsPmwD7bK+j/x/FcxAX7E+hcFI6wvxkXIag="; }; defaultRulesSrc = fetchurl { url = "mirror://apache/spamassassin/source/Mail-${pname}-rules-${version}.${rulesRev}.tgz"; - hash = "sha256-rk/7uRfrx/76ckD8W7UVHdpmP45AWRYa18m0Lu0brG0="; + hash = "sha256-OB6t/H5RPl9zU4m3gXPeWvRx89Bv5quPEpY0pmRLS/Q="; }; patches = [ diff --git a/pkgs/servers/minio/default.nix b/pkgs/servers/minio/default.nix index 671eb4c108a84..411c609369b94 100644 --- a/pkgs/servers/minio/default.nix +++ b/pkgs/servers/minio/default.nix @@ -21,16 +21,16 @@ let in buildGoModule rec { pname = "minio"; - version = "2024-04-06T05-26-02Z"; + version = "2024-04-18T19-09-19Z"; src = fetchFromGitHub { owner = "minio"; repo = "minio"; rev = "RELEASE.${version}"; - hash = "sha256-6ThzAPpLKzhHAXYW6EC6aiyVRvI0nJ2a4Q2GvLpg3wo="; + hash = "sha256-yfVB9CTNg/Vv2j3q3vMU2rwtT6R1laA9MNhcpUKSg2U="; }; - vendorHash = "sha256-JJfLeKoMBQ1/Q2xF6n9VD3khaiLB1ZLNl9HaQl9eKb8="; + vendorHash = "sha256-FMLxXwB1lSzV8C+tJZYhZHJbaKQ3xDhtHfc68ZIJFyw="; doCheck = false; diff --git a/pkgs/servers/misc/irrd/default.nix b/pkgs/servers/misc/irrd/default.nix index e6cc723ab4dc0..c2ce5bed86e0b 100644 --- a/pkgs/servers/misc/irrd/default.nix +++ b/pkgs/servers/misc/irrd/default.nix @@ -16,7 +16,7 @@ let sqlalchemy = prev.sqlalchemy.overridePythonAttrs (oldAttrs: rec { version = "1.3.24"; src = fetchPypi { - inherit (oldAttrs) pname; + pname = "SQLAlchemy"; inherit version; hash = "sha256-67t3fL+TEjWbiXv4G6ANrg9ctp+6KhgmXcwYpvXvdRk="; }; @@ -157,6 +157,7 @@ py.pkgs.buildPythonPackage rec { license = licenses.mit; homepage = "https://github.com/irrdnet/irrd"; maintainers = teams.wdz.members; + broken = true; # last successful build 2023-10-21 }; } diff --git a/pkgs/servers/monitoring/prometheus/fastly-exporter.nix b/pkgs/servers/monitoring/prometheus/fastly-exporter.nix index ba2d5217e3440..5a52027bc5d1a 100644 --- a/pkgs/servers/monitoring/prometheus/fastly-exporter.nix +++ b/pkgs/servers/monitoring/prometheus/fastly-exporter.nix @@ -6,16 +6,16 @@ buildGoModule rec { pname = "fastly-exporter"; - version = "7.6.1"; + version = "8.0.0"; src = fetchFromGitHub { owner = "fastly"; repo = "fastly-exporter"; rev = "v${version}"; - hash = "sha256-JUbjWAJ70iq0RCr6U2thbtZ3nmCic9wGtSf2ArRy4uA="; + hash = "sha256-3XIw9Sq7aQ6bs7kY0fYP3UGfJeq80gB2vXX69EEOtl4="; }; - vendorHash = "sha256-lEaMhJL/sKNOXx0W+QHMG4QUUE6Pc4AqulhgyCMQQNY="; + vendorHash = "sha256-kiP9nL/fVnekIf1ABAbSNebszcrj/xkFw9NcuBr/wKQ="; passthru.tests = { inherit (nixosTests.prometheus-exporters) fastly; diff --git a/pkgs/servers/monitoring/prometheus/nats-exporter.nix b/pkgs/servers/monitoring/prometheus/nats-exporter.nix index b9b4fcc71f43a..fc8d360fc97a8 100644 --- a/pkgs/servers/monitoring/prometheus/nats-exporter.nix +++ b/pkgs/servers/monitoring/prometheus/nats-exporter.nix @@ -2,16 +2,16 @@ buildGoModule rec { pname = "prometheus-nats-exporter"; - version = "0.14.0"; + version = "0.15.0"; src = fetchFromGitHub { owner = "nats-io"; repo = pname; rev = "v${version}"; - sha256 = "sha256-Zg4zmb0tvu7JPv9XS5Qd5o/ClnODSPz36isjUbFM1ec="; + sha256 = "sha256-siucc55qi1SS2R07xgxh25CWYjxncUqvzxo0XoIPyOo="; }; - vendorHash = "sha256-VygRE6YviSSIYpMbTEPndR6WUmLAZDwgvuJcwBuizck="; + vendorHash = "sha256-vRUPLKxwVTt3t8UpsSH4yMCIShpYhYI6j7AEmlyOADs="; preCheck = '' # Fix `insecure algorithm SHA1-RSA` problem diff --git a/pkgs/servers/monitoring/prometheus/redis-exporter.nix b/pkgs/servers/monitoring/prometheus/redis-exporter.nix index d6cb49b2eaf86..af56a220feaa2 100644 --- a/pkgs/servers/monitoring/prometheus/redis-exporter.nix +++ b/pkgs/servers/monitoring/prometheus/redis-exporter.nix @@ -2,16 +2,16 @@ buildGoModule rec { pname = "redis_exporter"; - version = "1.58.0"; + version = "1.59.0"; src = fetchFromGitHub { owner = "oliver006"; repo = "redis_exporter"; rev = "v${version}"; - sha256 = "sha256-tZ09vQBFUWw2l6OYwT/bXhBEMOTSl5r/Hu732msPGkg="; + sha256 = "sha256-/nfAB4h5VvAzuludQ7Zx3OoJThyyD5nS6B5pOSbQYFs="; }; - vendorHash = "sha256-32EjLEPeFsihdG83ru4SSf03F2XJGD8+tbO9ANaI1hs="; + vendorHash = "sha256-Nns8hpKwxL1GQfjVt9+rnmjGjmdm2TB+8wob7ze4RrI="; ldflags = [ "-X main.BuildVersion=${version}" diff --git a/pkgs/servers/monitoring/unpoller/default.nix b/pkgs/servers/monitoring/unpoller/default.nix index 5ce7d27d86f92..5cae8fbc7982b 100644 --- a/pkgs/servers/monitoring/unpoller/default.nix +++ b/pkgs/servers/monitoring/unpoller/default.nix @@ -6,16 +6,16 @@ buildGoModule rec { pname = "unpoller"; - version = "2.11.1"; + version = "2.11.2"; src = fetchFromGitHub { owner = "unpoller"; repo = "unpoller"; rev = "v${version}"; - hash = "sha256-ZCNXwq0kSfXOqF7QktHg1Yw7gqUXkccCgLIs7GTZnuw="; + hash = "sha256-/X2hCtF38X0twHsHSjpf23Mdz9aK43z3jhWbfkUo0kQ="; }; - vendorHash = "sha256-VK0ekEBHn0O41MgxhuPzueF6FazKiipL0OQRVPco3uk="; + vendorHash = "sha256-d7kkdiGMT3bN1dfNo8m+zp3VY8kaZM2BWO3B3iAdUQY="; ldflags = [ "-w" "-s" diff --git a/pkgs/servers/nosql/influxdb2/cli.nix b/pkgs/servers/nosql/influxdb2/cli.nix index 0627afed10512..5583014c2a3ea 100644 --- a/pkgs/servers/nosql/influxdb2/cli.nix +++ b/pkgs/servers/nosql/influxdb2/cli.nix @@ -4,13 +4,13 @@ }: let - version = "2.7.4"; + version = "2.7.5"; src = fetchFromGitHub { owner = "influxdata"; repo = "influx-cli"; rev = "v${version}"; - sha256 = "sha256-g/3hakOTRjRA6DU0DT5A+ChUF6ED/sdg3p4ZB5nbbU0="; + sha256 = "sha256-0Gyoy9T5pA+40k8kKybWBMtOfpKZxw3Vvp4ZB4ptcJs="; }; in buildGoModule { diff --git a/pkgs/servers/plex/raw.nix b/pkgs/servers/plex/raw.nix index 5b5af73e1805e..9e2488e3b7bc4 100644 --- a/pkgs/servers/plex/raw.nix +++ b/pkgs/servers/plex/raw.nix @@ -12,16 +12,16 @@ # server, and the FHS userenv and corresponding NixOS module should # automatically pick up the changes. stdenv.mkDerivation rec { - version = "1.40.1.8227-c0dd5a73e"; + version = "1.40.2.8395-c67dce28e"; pname = "plexmediaserver"; # Fetch the source src = if stdenv.hostPlatform.system == "aarch64-linux" then fetchurl { url = "https://downloads.plex.tv/plex-media-server-new/${version}/debian/plexmediaserver_${version}_arm64.deb"; - sha256 = "16gc8fwb29x3l9s263xs9c7nb0i1rzgaps2wlx0cil8bs2a9izz8"; + sha256 = "sha256-ZJqbE9pgflqFVjiDqCED6K5KBk6KHSbkIQllF06jJVQ="; } else fetchurl { url = "https://downloads.plex.tv/plex-media-server-new/${version}/debian/plexmediaserver_${version}_amd64.deb"; - sha256 = "03sx5fvwy2njpfh7k4xvkqscrxnafdvzh42g4hsn2hqxp0bqkl51"; + sha256 = "sha256-gYRhQIf6RaXgFTaigFW1yJ7ndxRmOP6oJSNnr8o0EBM="; }; outputs = [ "out" "basedb" ]; diff --git a/pkgs/servers/pocketbase/default.nix b/pkgs/servers/pocketbase/default.nix index 39063ca20860c..0d8f6a22a3e47 100644 --- a/pkgs/servers/pocketbase/default.nix +++ b/pkgs/servers/pocketbase/default.nix @@ -6,16 +6,16 @@ buildGoModule rec { pname = "pocketbase"; - version = "0.22.8"; + version = "0.22.9"; src = fetchFromGitHub { owner = "pocketbase"; repo = "pocketbase"; rev = "v${version}"; - hash = "sha256-D9kxi/+e56/DREoT14EozAB4Z5X4QgmkhoD/sw1VAeY="; + hash = "sha256-0VzhjiNLAwZNi84ud/l00rWIFV4qPTXY7jZQB/pMD6A="; }; - vendorHash = "sha256-5zO0C/+tVVOgV7TH6eC1Sjh6W8AKannU4e0+OITk4XY="; + vendorHash = "sha256-/SPJr2x3o1KkV8NgciBFC6zwDNUKmFQBWjEHO2CRgZ4="; # This is the released subpackage from upstream repo subPackages = [ "examples/base" ]; diff --git a/pkgs/servers/readarr/default.nix b/pkgs/servers/readarr/default.nix index 912db6f5ec3b1..de407700bccd6 100644 --- a/pkgs/servers/readarr/default.nix +++ b/pkgs/servers/readarr/default.nix @@ -8,13 +8,13 @@ let x86_64-darwin = "x64"; }."${stdenv.hostPlatform.system}" or (throw "Unsupported system: ${stdenv.hostPlatform.system}"); hash = { - x64-linux_hash = "sha256-Oq8kxHfVG34qiBOOgsXy/qblrKbndrNAMzyDLMcwko0="; - arm64-linux_hash = "sha256-0IOyLZwWBJQ1c+IOLuI6TXLSPNNaWLMbuBXOOmn5PlI="; - x64-osx_hash = "sha256-Q+qgmrko7DoUTW3B8NDWi7Rw80GYLaKyK/fq7y6eq7Q="; + x64-linux_hash = "sha256-heduuPx0lnbkB1c4tgbDO9wsGnyAzTPyW0ZEvYFwjd0="; + arm64-linux_hash = "sha256-vfy0pVIacnf0lW1VwUolbE/P+aBB9uQsm3enhGkjgXg="; + x64-osx_hash = "sha256-JW+9PRW1Wu+wu+QPh7INXkq87oRSuoOqNEqj0P2Stto="; }."${arch}-${os}_hash"; in stdenv.mkDerivation rec { pname = "readarr"; - version = "0.3.22.2499"; + version = "0.3.23.2506"; src = fetchurl { url = "https://github.com/Readarr/Readarr/releases/download/v${version}/Readarr.develop.${version}.${os}-core-${arch}.tar.gz"; diff --git a/pkgs/servers/search/qdrant/1.7.4-CVE-2024-3078.patch b/pkgs/servers/search/qdrant/1.7.4-CVE-2024-3078.patch new file mode 100644 index 0000000000000..b12b438342878 --- /dev/null +++ b/pkgs/servers/search/qdrant/1.7.4-CVE-2024-3078.patch @@ -0,0 +1,142 @@ +Based on upstream 3ab5172e9c8f14fa1f7b24e7147eac74e2412b62 with minor +adjustments to apply to 1.7.4 + +diff --git a/lib/collection/src/collection/snapshots.rs b/lib/collection/src/collection/snapshots.rs +index e5a8be9c..ca48fb9e 100644 +--- a/lib/collection/src/collection/snapshots.rs ++++ b/lib/collection/src/collection/snapshots.rs +@@ -241,35 +241,35 @@ impl Collection { + .await + } + ++ /// Get full file path for a collection snapshot by name ++ /// ++ /// This enforces the file to be inside the snapshots directory + pub async fn get_snapshot_path(&self, snapshot_name: &str) -> CollectionResult<PathBuf> { +- let snapshot_path = self.snapshots_path.join(snapshot_name); +- +- let absolute_snapshot_path = +- snapshot_path +- .canonicalize() +- .map_err(|_| CollectionError::NotFound { +- what: format!("Snapshot {snapshot_name}"), +- })?; +- +- let absolute_snapshot_dir = +- self.snapshots_path +- .canonicalize() +- .map_err(|_| CollectionError::NotFound { +- what: format!("Snapshot directory: {}", self.snapshots_path.display()), +- })?; ++ let absolute_snapshot_dir = self.snapshots_path.canonicalize().map_err(|_| { ++ CollectionError::not_found(format!( ++ "Snapshot directory: {}", ++ self.snapshots_path.display() ++ )) ++ })?; ++ ++ let absolute_snapshot_path = absolute_snapshot_dir ++ .join(snapshot_name) ++ .canonicalize() ++ .map_err(|_| CollectionError::not_found(format!("Snapshot {snapshot_name}")))?; + + if !absolute_snapshot_path.starts_with(absolute_snapshot_dir) { +- return Err(CollectionError::NotFound { +- what: format!("Snapshot {snapshot_name}"), +- }); ++ return Err(CollectionError::not_found(format!( ++ "Snapshot {snapshot_name}" ++ ))); + } + +- if !snapshot_path.exists() { +- return Err(CollectionError::NotFound { +- what: format!("Snapshot {snapshot_name}"), +- }); ++ if !absolute_snapshot_path.exists() { ++ return Err(CollectionError::not_found(format!( ++ "Snapshot {snapshot_name}" ++ ))); + } +- Ok(snapshot_path) ++ ++ Ok(absolute_snapshot_path) + } + + pub async fn list_shard_snapshots( +diff --git a/lib/collection/src/operations/types.rs b/lib/collection/src/operations/types.rs +index afc38d0f..63eae16e 100644 +--- a/lib/collection/src/operations/types.rs ++++ b/lib/collection/src/operations/types.rs +@@ -906,6 +906,10 @@ impl CollectionError { + CollectionError::BadInput { description } + } + ++ pub fn not_found(what: impl Into<String>) -> CollectionError { ++ CollectionError::NotFound { what: what.into() } ++ } ++ + pub fn bad_request(description: String) -> CollectionError { + CollectionError::BadRequest { description } + } +diff --git a/lib/storage/src/content_manager/errors.rs b/lib/storage/src/content_manager/errors.rs +index 1ad8d413..4528e485 100644 +--- a/lib/storage/src/content_manager/errors.rs ++++ b/lib/storage/src/content_manager/errors.rs +@@ -46,6 +46,12 @@ impl StorageError { + } + } + ++ pub fn not_found(description: impl Into<String>) -> StorageError { ++ StorageError::NotFound { ++ description: description.into(), ++ } ++ } ++ + /// Used to override the `description` field of the resulting `StorageError` + pub fn from_inconsistent_shard_failure( + err: CollectionError, +diff --git a/lib/storage/src/content_manager/snapshots/mod.rs b/lib/storage/src/content_manager/snapshots/mod.rs +index 8a417377..9965006a 100644 +--- a/lib/storage/src/content_manager/snapshots/mod.rs ++++ b/lib/storage/src/content_manager/snapshots/mod.rs +@@ -24,17 +24,33 @@ pub struct SnapshotConfig { + pub collections_aliases: HashMap<String, String>, + } + ++/// Get full file path for a full snapshot by name ++/// ++/// This enforces the file to be inside the snapshots directory + pub async fn get_full_snapshot_path( + toc: &TableOfContent, + snapshot_name: &str, + ) -> Result<PathBuf, StorageError> { +- let snapshot_path = Path::new(toc.snapshots_path()).join(snapshot_name); +- if !snapshot_path.exists() { +- return Err(StorageError::NotFound { +- description: format!("Full storage snapshot {snapshot_name} not found"), +- }); ++ let snapshots_path = toc.snapshots_path(); ++ ++ let absolute_snapshot_dir = Path::new(snapshots_path) ++ .canonicalize() ++ .map_err(|_| StorageError::not_found(format!("Snapshot directory: {snapshots_path}")))?; ++ ++ let absolute_snapshot_path = absolute_snapshot_dir ++ .join(snapshot_name) ++ .canonicalize() ++ .map_err(|_| StorageError::not_found(format!("Snapshot {snapshot_name}")))?; ++ ++ if !absolute_snapshot_path.starts_with(absolute_snapshot_dir) { ++ return Err(StorageError::not_found(format!("Snapshot {snapshot_name}"))); + } +- Ok(snapshot_path) ++ ++ if !absolute_snapshot_path.exists() { ++ return Err(StorageError::not_found(format!("Snapshot {snapshot_name}"))); ++ } ++ ++ Ok(absolute_snapshot_path) + } + + pub async fn do_delete_full_snapshot( diff --git a/pkgs/servers/search/qdrant/default.nix b/pkgs/servers/search/qdrant/default.nix index eb6fc6c71943b..801887103ec4f 100644 --- a/pkgs/servers/search/qdrant/default.nix +++ b/pkgs/servers/search/qdrant/default.nix @@ -22,6 +22,10 @@ rustPlatform.buildRustPackage rec { sha256 = "sha256-BgsLmE50mGmB5fcUjov8wcAHRTKMYaoyoXjSUyIddlc="; }; + patches = [ + ./1.7.4-CVE-2024-3078.patch + ]; + cargoLock = { lockFile = ./Cargo.lock; outputHashes = { diff --git a/pkgs/servers/search/weaviate/default.nix b/pkgs/servers/search/weaviate/default.nix index 9f814dd68e2a5..02d3d61ea0f88 100644 --- a/pkgs/servers/search/weaviate/default.nix +++ b/pkgs/servers/search/weaviate/default.nix @@ -5,16 +5,16 @@ buildGoModule rec { pname = "weaviate"; - version = "1.24.8"; + version = "1.24.9"; src = fetchFromGitHub { owner = "weaviate"; repo = "weaviate"; rev = "v${version}"; - hash = "sha256-OydGohfsS2/Wb9uuFP+6IogmfiWMFLBIEdooFJwS3TU="; + hash = "sha256-fIOTk+h39LHUBWYvGiP2Vzhmcy0xjqprECOzzC3TvQM="; }; - vendorHash = "sha256-DMzwIxtF267C2OLyVdZ6CrCz44sy6ZeKL2qh8AkhS2I="; + vendorHash = "sha256-f7LskkQbsPwNmrzLTze0C66y++7Vqtb15tjW142TQmE="; subPackages = [ "cmd/weaviate-server" ]; diff --git a/pkgs/servers/sql/dolt/default.nix b/pkgs/servers/sql/dolt/default.nix index e0c08ef2d9876..b749d71d1223f 100644 --- a/pkgs/servers/sql/dolt/default.nix +++ b/pkgs/servers/sql/dolt/default.nix @@ -2,18 +2,18 @@ buildGoModule rec { pname = "dolt"; - version = "1.35.8"; + version = "1.35.10"; src = fetchFromGitHub { owner = "dolthub"; repo = "dolt"; rev = "v${version}"; - sha256 = "sha256-JpRJbAxu6Bz47vJ/DB3QpUZk2LcGHe/vUVpzbnsG+FI="; + sha256 = "sha256-VTScVd9GHbwHGZDGquld05zP6CrvqfdfhRO9GHH2zHA="; }; modRoot = "./go"; subPackages = [ "cmd/dolt" ]; - vendorHash = "sha256-Hk9ILvK9b/3Eh7D6NQT7W6ZCW0J3unuALqy/po46cm8="; + vendorHash = "sha256-4lmwDD9LKTATA8vJiWaWaWueIoSFrfW+C0O5uCh3TJw="; proxyVendor = true; doCheck = false; diff --git a/pkgs/servers/sql/postgresql/ext/lantern.nix b/pkgs/servers/sql/postgresql/ext/lantern.nix index 63e78c8a22215..75c321571e052 100644 --- a/pkgs/servers/sql/postgresql/ext/lantern.nix +++ b/pkgs/servers/sql/postgresql/ext/lantern.nix @@ -7,7 +7,7 @@ }: stdenv.mkDerivation (finalAttrs: { - pname = "lantern"; + pname = "postgresql-lantern"; version = "0.2.4"; src = fetchFromGitHub { diff --git a/pkgs/servers/sunshine/default.nix b/pkgs/servers/sunshine/default.nix index 7d43eff483e8c..d4ad28ca4361d 100644 --- a/pkgs/servers/sunshine/default.nix +++ b/pkgs/servers/sunshine/default.nix @@ -5,6 +5,7 @@ , autoAddDriverRunpath , makeWrapper , buildNpmPackage +, nixosTests , cmake , avahi , libevdev @@ -185,7 +186,10 @@ stdenv'.mkDerivation rec { install -Dm644 ../packaging/linux/${pname}.desktop $out/share/applications/${pname}.desktop ''; - passthru.updateScript = ./updater.sh; + passthru = { + tests.sunshine = nixosTests.sunshine; + updateScript = ./updater.sh; + }; meta = with lib; { description = "Sunshine is a Game stream host for Moonlight"; diff --git a/pkgs/servers/tailscale/default.nix b/pkgs/servers/tailscale/default.nix index 98a24d2b909d7..695e91d978944 100644 --- a/pkgs/servers/tailscale/default.nix +++ b/pkgs/servers/tailscale/default.nix @@ -12,7 +12,7 @@ }: let - version = "1.64.1"; + version = "1.64.2"; in buildGoModule { pname = "tailscale"; @@ -22,7 +22,7 @@ buildGoModule { owner = "tailscale"; repo = "tailscale"; rev = "v${version}"; - hash = "sha256-4GA31P0UIUI33AMDSVweaEDflPtCV5ZHCqyIcXShTj0="; + hash = "sha256-DS7C/G1Nj9gIjYwXaEeCLbtH9HbB0tRoJBDjZc/nq5g="; }; vendorHash = "sha256-pYeHqYd2cCOVQlD1r2lh//KC+732H0lj1fPDBr+W8qA="; diff --git a/pkgs/servers/web-apps/changedetection-io/default.nix b/pkgs/servers/web-apps/changedetection-io/default.nix index 1d45e156096ce..c3c9c8116addd 100644 --- a/pkgs/servers/web-apps/changedetection-io/default.nix +++ b/pkgs/servers/web-apps/changedetection-io/default.nix @@ -5,14 +5,14 @@ python3.pkgs.buildPythonApplication rec { pname = "changedetection-io"; - version = "0.45.17"; + version = "0.45.20"; format = "setuptools"; src = fetchFromGitHub { owner = "dgtlmoon"; repo = "changedetection.io"; - rev = version; - hash = "sha256-3LaNZourDjFjdSh5+hwc2l2DRMEI/rbfyksFD9uUebg="; + rev = "refs/tags/${version}"; + hash = "sha256-wnJz/yVOSBTgOfGxmrO4JXifZxoTk8bjqGKqKsbwXAI="; }; postPatch = '' diff --git a/pkgs/servers/x11/xorg/default.nix b/pkgs/servers/x11/xorg/default.nix index ca9483ab0c20e..a76a05fd05174 100644 --- a/pkgs/servers/x11/xorg/default.nix +++ b/pkgs/servers/x11/xorg/default.nix @@ -4158,11 +4158,11 @@ self: with self; { # THIS IS A GENERATED FILE. DO NOT EDIT! xorgserver = callPackage ({ stdenv, pkg-config, fetchurl, xorgproto, openssl, libX11, libXau, libxcb, xcbutil, xcbutilwm, xcbutilimage, xcbutilkeysyms, xcbutilrenderutil, libXdmcp, libXfixes, libxkbfile, testers }: stdenv.mkDerivation (finalAttrs: { pname = "xorg-server"; - version = "21.1.12"; + version = "21.1.13"; builder = ./builder.sh; src = fetchurl { - url = "mirror://xorg/individual/xserver/xorg-server-21.1.12.tar.xz"; - sha256 = "03x954bygi6sdynk5yy3yvsfhg6i9gjhisn3x9jxvk5mw4mnw08y"; + url = "mirror://xorg/individual/xserver/xorg-server-21.1.13.tar.xz"; + sha256 = "033lvjihidc68v08izrr63va8jhkfmzcjg0d6rm26wizjkah4nml"; }; hardeningDisable = [ "bindnow" "relro" ]; strictDeps = true; diff --git a/pkgs/servers/x11/xorg/tarballs.list b/pkgs/servers/x11/xorg/tarballs.list index ce0d9105bea52..53836294211ef 100644 --- a/pkgs/servers/x11/xorg/tarballs.list +++ b/pkgs/servers/x11/xorg/tarballs.list @@ -218,4 +218,4 @@ mirror://xorg/individual/util/lndir-1.0.4.tar.xz mirror://xorg/individual/util/makedepend-1.0.9.tar.xz mirror://xorg/individual/util/util-macros-1.20.0.tar.xz mirror://xorg/individual/util/xorg-cf-files-1.0.8.tar.xz -mirror://xorg/individual/xserver/xorg-server-21.1.12.tar.xz +mirror://xorg/individual/xserver/xorg-server-21.1.13.tar.xz |