diff options
Diffstat (limited to 'pkgs')
| -rw-r--r-- | pkgs/applications/networking/browsers/palemoon/bin.nix | 6 | ||||
| -rw-r--r-- | pkgs/development/python-modules/hg-git/default.nix | 4 | ||||
| -rw-r--r-- | pkgs/os-specific/linux/kernel/kernels-org.json | 8 | ||||
| -rw-r--r-- | pkgs/servers/http/nginx/mainline.nix | 4 | ||||
| -rw-r--r-- | pkgs/servers/http/nginx/quic.nix | 34 | ||||
| -rw-r--r-- | pkgs/tools/graphics/vips/default.nix | 4 |
6 files changed, 47 insertions, 13 deletions
diff --git a/pkgs/applications/networking/browsers/palemoon/bin.nix b/pkgs/applications/networking/browsers/palemoon/bin.nix index c32bfb5591333..bc0068644f7bb 100644 --- a/pkgs/applications/networking/browsers/palemoon/bin.nix +++ b/pkgs/applications/networking/browsers/palemoon/bin.nix @@ -20,7 +20,7 @@ stdenv.mkDerivation (finalAttrs: { pname = "palemoon-bin"; - version = "33.1.0"; + version = "33.1.1"; src = finalAttrs.passthru.sources."gtk${if withGTK3 then "3" else "2"}"; @@ -158,11 +158,11 @@ stdenv.mkDerivation (finalAttrs: { in { gtk3 = fetchzip { urls = urlRegionVariants "gtk3"; - hash = "sha256-qjztSvNL7KNFG3sszgk5qH77do0HFQ8YTrgjFi2ZM00="; + hash = "sha256-0i0hXC6mC1SY2V6ANMXHS4LZ/HZk8FUsSDQfQUE14IM="; }; gtk2 = fetchzip { urls = urlRegionVariants "gtk2"; - hash = "sha256-q4zAmnCN9SHGb8PthjAx7d5FKq/oAQ8c0R+U1SWqjAA="; + hash = "sha256-RnBlCxIsWxm6BbtAS0YKHtix93N6t9jihFItqhtLhRU="; }; }; diff --git a/pkgs/development/python-modules/hg-git/default.nix b/pkgs/development/python-modules/hg-git/default.nix index e2b8420911539..1e1803c9061fa 100644 --- a/pkgs/development/python-modules/hg-git/default.nix +++ b/pkgs/development/python-modules/hg-git/default.nix @@ -9,14 +9,14 @@ buildPythonPackage rec { pname = "hg-git"; - version = "1.0.3"; + version = "1.1.0"; format = "pyproject"; disabled = pythonOlder "3.7"; src = fetchPypi { inherit pname version; - hash = "sha256-HuFwRW/SuGrzMX9bttdqztFRB19dZZNF5Y8+e9gAQWw="; + hash = "sha256-btEamGLqCC5PRigxHbe49/bnJNVGm6Czf852JaAdB38="; }; nativeBuildInputs = [ diff --git a/pkgs/os-specific/linux/kernel/kernels-org.json b/pkgs/os-specific/linux/kernel/kernels-org.json index 26c1dbda270cd..90cb44b7c312b 100644 --- a/pkgs/os-specific/linux/kernel/kernels-org.json +++ b/pkgs/os-specific/linux/kernel/kernels-org.json @@ -32,11 +32,11 @@ "hash": "sha256:1qbc8dqmk2xs1cz968rysw5xvhq3lj8g0pxp48fr2qbzy3m29a5a" }, "6.8": { - "version": "6.8.11", - "hash": "sha256:1di8kr596sf68sm61kp5rz6bn3sb0q5ag1qc5hm8f9dpyq4wv3dp" + "version": "6.8.12", + "hash": "sha256:0fb0m0fv4521g63gq04d7lm6hy8169s1rykiav5bkd99s9b1kcqr" }, "6.9": { - "version": "6.9.2", - "hash": "sha256:1yg5j284y1gz7zwxjz2abvlnas259m1y1vzd9lmcqqar5kgmnv6l" + "version": "6.9.3", + "hash": "sha256:1bnzxparybwh320019pr2msaapas41dhjmvg4gy791rn05jc88f3" } } diff --git a/pkgs/servers/http/nginx/mainline.nix b/pkgs/servers/http/nginx/mainline.nix index ddb9c14740bb0..53a56989ae2cf 100644 --- a/pkgs/servers/http/nginx/mainline.nix +++ b/pkgs/servers/http/nginx/mainline.nix @@ -1,6 +1,6 @@ { callPackage, ... }@args: callPackage ./generic.nix args { - version = "1.25.4"; - hash = "sha256-dgcpkBrLqlF5luaB7m6iWQMpheN8J2i+74DfOod97tk="; + version = "1.25.5"; + hash = "sha256-L+IpT4r0FE5+hC6uqIQYKoTueXDhEEa6mBlEAJArvsA="; } diff --git a/pkgs/servers/http/nginx/quic.nix b/pkgs/servers/http/nginx/quic.nix index ea5af571f1107..3eeabd2e3d867 100644 --- a/pkgs/servers/http/nginx/quic.nix +++ b/pkgs/servers/http/nginx/quic.nix @@ -1,5 +1,6 @@ { callPackage , nginxMainline +, fetchpatch , ... } @ args: @@ -11,4 +12,37 @@ callPackage ./generic.nix args { configureFlags = [ "--with-http_v3_module" ]; + + extraPatches = [ + (fetchpatch { + name = "CVE-2024-32760_CVE-2024-31079_CVE-2024-35200_CVE-2024-34161_1.patch"; + url = "https://hg.nginx.org/nginx/raw-rev/04bc350b2919"; + hash = "sha256-zIt5epu1vox8z9oONuHF+eYLrECxVZPMOjI2rp6yBTQ="; + }) + (fetchpatch { + name = "CVE-2024-32760_CVE-2024-31079_CVE-2024-35200_CVE-2024-34161_2.patch"; + url = "https://hg.nginx.org/nginx/raw-rev/08f8e9c33a08"; + hash = "sha256-w324E98LgRDaMF9RKQdUCmntMv2vxdBTPDLk+Y2Gb9Y="; + }) + (fetchpatch { + name = "CVE-2024-32760_CVE-2024-31079_CVE-2024-35200_CVE-2024-34161_3.patch"; + url = "https://hg.nginx.org/nginx/raw-rev/ed593e26c79a"; + hash = "sha256-yrBKfsGlI93ln1jlvBCY5PspPED40mOH80xWH7WjXOE="; + }) + (fetchpatch { + name = "CVE-2024-32760_CVE-2024-31079_CVE-2024-35200_CVE-2024-34161_4.patch"; + url = "https://hg.nginx.org/nginx/raw-rev/e4e9d7003b31"; + hash = "sha256-FVEWP4bUaWAx5aKoAvn2qFWZ6aWb9PhAJeUV25wXMrw="; + }) + (fetchpatch { + name = "CVE-2024-32760_CVE-2024-31079_CVE-2024-35200_CVE-2024-34161_5.patch"; + url = "https://hg.nginx.org/nginx/raw-rev/b32b516f36b1"; + hash = "sha256-rZj0f7YXlO2hLJ/NSANHmxoawlfyFJ9z3vfu35kt7XQ="; + }) + (fetchpatch { + name = "CVE-2024-32760_CVE-2024-31079_CVE-2024-35200_CVE-2024-34161_6.patch"; + url = "https://hg.nginx.org/nginx/raw-rev/5b3f409d55f0"; + hash = "sha256-bURuSZyajMst2k/qIvE9XUVhEhOZ7vwlmL2zpCWyc48="; + }) + ]; } diff --git a/pkgs/tools/graphics/vips/default.nix b/pkgs/tools/graphics/vips/default.nix index 5c59971f955c3..fde14fe0c53d3 100644 --- a/pkgs/tools/graphics/vips/default.nix +++ b/pkgs/tools/graphics/vips/default.nix @@ -42,7 +42,7 @@ stdenv.mkDerivation (finalAttrs: { pname = "vips"; - version = "8.15.1"; + version = "8.15.2"; outputs = [ "bin" "out" "man" "dev" ] ++ lib.optionals (!stdenv.isDarwin) [ "devdoc" ]; @@ -50,7 +50,7 @@ stdenv.mkDerivation (finalAttrs: { owner = "libvips"; repo = "libvips"; rev = "refs/tags/v${finalAttrs.version}"; - hash = "sha256-0zfYpOawH7XnTH9k8BdNDtZEKpYUlCXp7GY+fdXalsE="; + hash = "sha256-jp6RPceFzzWgFBzcfvggniAkhXaAGszT/sy4H6aCtGc="; # Remove unicode file names which leads to different checksums on HFS+ # vs. other filesystems because of unicode normalisation. postFetch = '' |