diff --git a/nixos/tests/trafficserver.nix b/nixos/tests/trafficserver.nix index 3979a1b4a48..983ded4f172 100644 --- a/nixos/tests/trafficserver.nix +++ b/nixos/tests/trafficserver.nix @@ -104,6 +104,7 @@ import ./make-test-python.nix ({ pkgs, ... }: { ats.wait_for_open_port(80) httpbin.wait_for_unit("httpbin") httpbin.wait_for_open_port(80) + client.wait_for_unit("network-online.target") with subtest("Traffic Server is running"): out = ats.succeed("traffic_ctl server status") diff --git a/pkgs/applications/graphics/fig2dev/default.nix b/pkgs/applications/graphics/fig2dev/default.nix index c7484f4cbfe..31d14185dcd 100644 --- a/pkgs/applications/graphics/fig2dev/default.nix +++ b/pkgs/applications/graphics/fig2dev/default.nix @@ -1,6 +1,7 @@ { lib , stdenv , fetchurl +, fetchpatch , ghostscript , libpng , makeWrapper @@ -20,6 +21,15 @@ stdenv.mkDerivation rec { sha256 = "1bm75lf9j54qpbjx8hzp6ixaayp1x9w4v3yxl6vxyw8g5m4sqdk3"; }; + patches = [ + (fetchpatch { + name = "CVE-2021-3561.patch"; + # Using Debian patch since it is not possible to download it directly from Sourceforge + url = "https://sources.debian.org/data/main/f/fig2dev/1:3.2.8-3/debian/patches/33_sanitize-color.patch"; + sha256 = "1bppr3li03nj4qjibnddr2f38mpk55pcn5z6k98pf00gabq33fgs"; + }) + ]; + nativeBuildInputs = [ makeWrapper ]; buildInputs = [ libpng ]; diff --git a/pkgs/applications/networking/remote/putty/default.nix b/pkgs/applications/networking/remote/putty/default.nix index e7544258acf..aab30c24e20 100644 --- a/pkgs/applications/networking/remote/putty/default.nix +++ b/pkgs/applications/networking/remote/putty/default.nix @@ -3,7 +3,7 @@ }: stdenv.mkDerivation rec { - version = "0.74"; + version = "0.75"; pname = "putty"; src = fetchurl { @@ -11,7 +11,7 @@ stdenv.mkDerivation rec { "https://the.earth.li/~sgtatham/putty/${version}/${pname}-${version}.tar.gz" "ftp://ftp.wayne.edu/putty/putty-website-mirror/${version}/${pname}-${version}.tar.gz" ]; - sha256 = "0zc43g8ycyf712cdrja4k8ih5s3agw1k0nq0jkifdn8xwn4d7mfx"; + sha256 = "1xgrr1fbirw79zafspg2b6crzfmlfw910y79md4r7gnxgq1kn5yk"; }; # glib-2.62 deprecations diff --git a/pkgs/applications/version-management/gitea/default.nix b/pkgs/applications/version-management/gitea/default.nix index 258e81acedf..bd61d984c62 100644 --- a/pkgs/applications/version-management/gitea/default.nix +++ b/pkgs/applications/version-management/gitea/default.nix @@ -16,12 +16,12 @@ with lib; buildGoPackage rec { pname = "gitea"; - version = "1.14.4"; + version = "1.14.5"; # not fetching directly from the git repo, because that lacks several vendor files for the web UI src = fetchurl { url = "https://github.com/go-gitea/gitea/releases/download/v${version}/gitea-src-${version}.tar.gz"; - sha256 = "sha256-sl/Vml8QmwZEAd2PIYWQcP7s6NYeomGJQGKhRiddtoo="; + sha256 = "sha256-8nwLVpe/5IjXJqO179lN80B/3WGUL3LKM8OWdh/bYOE="; }; unpackPhase = '' diff --git a/pkgs/development/python-modules/convertdate/2.2.x.nix b/pkgs/development/python-modules/convertdate/2.2.x.nix index d67f4c5a344..1145a61ca4f 100644 --- a/pkgs/development/python-modules/convertdate/2.2.x.nix +++ b/pkgs/development/python-modules/convertdate/2.2.x.nix @@ -15,7 +15,7 @@ buildPythonPackage rec { owner = "fitnr"; repo = pname; rev = "v${version}"; - sha256 = "1xgi7x9b9kxm0q51bqnmwdm5lp8vwhx5yk4d1b23r37spz9dbhw5"; + sha256 = "07x1j6jgkmrzdpv2lhpp4n16621mpmlylvwdwsggdjivhzvc3x9q"; }; propagatedBuildInputs = [ diff --git a/pkgs/servers/http/openresty/default.nix b/pkgs/servers/http/openresty/default.nix index 96451764990..71490b34280 100644 --- a/pkgs/servers/http/openresty/default.nix +++ b/pkgs/servers/http/openresty/default.nix @@ -9,11 +9,11 @@ callPackage ../nginx/generic.nix args rec { pname = "openresty"; nginxVersion = "1.19.3"; - version = "${nginxVersion}.1"; + version = "${nginxVersion}.2"; src = fetchurl { url = "https://openresty.org/download/openresty-${version}.tar.gz"; - sha256 = "0p9xn0xgbk6nmjfb25a3d6bwxm8q23igkixqma5fpygla6fcsvzk"; + sha256 = "1fav3qykckqcyw9ksi8s61prpwab44zbcvj95rwfpfqgk5jffh6f"; }; # generic.nix applies fixPatch on top of every patch defined there. This @@ -44,7 +44,7 @@ callPackage ../nginx/generic.nix args rec { meta = { description = "A fast web application server built on Nginx"; - homepage = "http://openresty.org"; + homepage = "https://openresty.org"; license = lib.licenses.bsd2; platforms = lib.platforms.all; maintainers = with lib.maintainers; [ thoughtpolice lblasc emily ]; diff --git a/pkgs/servers/http/trafficserver/default.nix b/pkgs/servers/http/trafficserver/default.nix index 4a7f9854d18..e7ce72e086e 100644 --- a/pkgs/servers/http/trafficserver/default.nix +++ b/pkgs/servers/http/trafficserver/default.nix @@ -49,11 +49,11 @@ stdenv.mkDerivation rec { pname = "trafficserver"; - version = "9.0.1"; + version = "9.0.2"; src = fetchurl { url = "mirror://apache/trafficserver/trafficserver-${version}.tar.bz2"; - sha256 = "1q164pvfmbqh3gzy3bqy96lwd0fdbhz78r06pd92p7rmkqwx005z"; + sha256 = "0r05iqmnnjq259nsibncgfrfsr0l4h3hsafizvgfl9zgmrkm6izz"; }; patches = [ @@ -63,13 +63,6 @@ stdenv.mkDerivation rec { url = "https://github.com/apache/trafficserver/commit/19d3af481cf74c91fbf713fc9d2f8b138ed5fbaf.diff"; sha256 = "0z1ikgpp00rzrrcqh97931586yn9wbksgai9xlkcjd5cg8gq0150"; }) - - # Fixes a bug in tspush which pushes incorrect contents to cache - # https://github.com/apache/trafficserver/pull/7696 - (fetchpatch { - url = "https://github.com/apache/trafficserver/commit/b08215272872f452787915cd3a8e0b0ea0b88385.diff"; - sha256 = "0axk8x1xvd8wvpgcxgyqqg7kgxyxwfgwmisq3xnk1da0cqv9cx9f"; - }) ]; # NOTE: The upstream README indicates that flex is needed for some features,