From 02e3a73813a7389708ac5138fb4f229f506ac647 Mon Sep 17 00:00:00 2001 From: Martin Weinelt Date: Thu, 17 Jun 2021 05:00:44 +0200 Subject: [PATCH 01/16] python38: 3.8.9 -> 3.8.10 (cherry picked from commit 3898eb189762f5e83ed4b617c58711ceae29e9fa) --- pkgs/development/interpreters/python/default.nix | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/pkgs/development/interpreters/python/default.nix b/pkgs/development/interpreters/python/default.nix index 328ed715bae..d013f1323fa 100644 --- a/pkgs/development/interpreters/python/default.nix +++ b/pkgs/development/interpreters/python/default.nix @@ -120,10 +120,10 @@ with pkgs; sourceVersion = { major = "3"; minor = "8"; - patch = "9"; + patch = "10"; suffix = ""; }; - sha256 = "XjkfPsRdopVEGcqwvq79i+OIlepc4zV3w+wUlAxLlXI="; + sha256 = "1n8rjb3jn0j8dvi1qn94rxayc9rh982d8wgkrjy41n1x15k4mwka"; }; }; From d8fa6239c76fdafcbe4b9c04812e21c060babb27 Mon Sep 17 00:00:00 2001 From: Martin Weinelt Date: Thu, 17 Jun 2021 05:01:07 +0200 Subject: [PATCH 02/16] python39: 3.9.4 -> 3.9.5 (cherry picked from commit 7ca18ab93f802dead800d76e3913eda1a8bbc705) --- pkgs/development/interpreters/python/default.nix | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/pkgs/development/interpreters/python/default.nix b/pkgs/development/interpreters/python/default.nix index d013f1323fa..35872de2dcf 100644 --- a/pkgs/development/interpreters/python/default.nix +++ b/pkgs/development/interpreters/python/default.nix @@ -179,10 +179,10 @@ in { sourceVersion = { major = "3"; minor = "9"; - patch = "4"; + patch = "5"; suffix = ""; }; - sha256 = "Sw5mRKdvjfhkriSsUApRu/aL0Jj2oXPifTthzcqaoTQ="; + sha256 = "10vdf46q5ldnzkprm8pldvr5a9hrdpxjv7mpzgdw6vj3cl318nhc"; inherit (darwin) configd; inherit passthruFun; }; From ec7dfbf84ba483a1c7f1dbbb43549f238c822b8d Mon Sep 17 00:00:00 2001 From: Martin Weinelt Date: Thu, 17 Jun 2021 05:01:49 +0200 Subject: [PATCH 03/16] python310: 3.10.0a5 -> 3.10.0b3 (cherry picked from commit bb696403b0334d1fd3dee195751f99f9e2b0270f) --- pkgs/development/interpreters/python/default.nix | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/pkgs/development/interpreters/python/default.nix b/pkgs/development/interpreters/python/default.nix index 35872de2dcf..6f2866e8039 100644 --- a/pkgs/development/interpreters/python/default.nix +++ b/pkgs/development/interpreters/python/default.nix @@ -193,9 +193,9 @@ in { major = "3"; minor = "10"; patch = "0"; - suffix = "a5"; + suffix = "b3"; }; - sha256 = "BBjlfnA24hnx5rYwOyHnEfZM/Q/dsIlNjxnzev/8XU0="; + sha256 = "05fc4mp2ysb372bzkwbn1b1z01bfldnaqig6rxmif58hs3aawrr2"; inherit (darwin) configd; inherit passthruFun; }; From 4c5903aabe68f51a4cbefe8604d6e517610016ce Mon Sep 17 00:00:00 2001 From: Martin Weinelt Date: Sat, 10 Jul 2021 00:01:20 +0200 Subject: [PATCH 04/16] python38: 3.8.10 -> 3.8.11 (cherry picked from commit 250f0514f2cfbf1c4f099870c329eb6ecc6a0115) --- pkgs/development/interpreters/python/default.nix | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/pkgs/development/interpreters/python/default.nix b/pkgs/development/interpreters/python/default.nix index 6f2866e8039..83ccbc26d00 100644 --- a/pkgs/development/interpreters/python/default.nix +++ b/pkgs/development/interpreters/python/default.nix @@ -120,10 +120,10 @@ with pkgs; sourceVersion = { major = "3"; minor = "8"; - patch = "10"; + patch = "11"; suffix = ""; }; - sha256 = "1n8rjb3jn0j8dvi1qn94rxayc9rh982d8wgkrjy41n1x15k4mwka"; + sha256 = "1chg8b0m1yrz50lizid20zha0dmj40z0iih3jqcrg7pyxca126pv"; }; }; From de46e983af73fb08903332be39f2a1bdcd9ede59 Mon Sep 17 00:00:00 2001 From: Martin Weinelt Date: Sat, 10 Jul 2021 00:01:41 +0200 Subject: [PATCH 05/16] python39: 3.9.5 -> 3.9.6 (cherry picked from commit 360c50f11d675f0a19e2245e3ebfa1179ff28360) --- pkgs/development/interpreters/python/default.nix | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/pkgs/development/interpreters/python/default.nix b/pkgs/development/interpreters/python/default.nix index 83ccbc26d00..a575675684f 100644 --- a/pkgs/development/interpreters/python/default.nix +++ b/pkgs/development/interpreters/python/default.nix @@ -179,10 +179,10 @@ in { sourceVersion = { major = "3"; minor = "9"; - patch = "5"; + patch = "6"; suffix = ""; }; - sha256 = "10vdf46q5ldnzkprm8pldvr5a9hrdpxjv7mpzgdw6vj3cl318nhc"; + sha256 = "12hhw2685i68pwfx5hdkqngzhbji4ccyjmqb5rzvkigg6fpj0y9r"; inherit (darwin) configd; inherit passthruFun; }; From d7b9ef367f788a7f122e08da0446242f8151cbea Mon Sep 17 00:00:00 2001 From: Martin Weinelt Date: Sat, 10 Jul 2021 00:01:56 +0200 Subject: [PATCH 06/16] python36: 3.6.13 -> 3.6.14 (cherry picked from commit e1e245f203e2d1b568b730eb363026ea81fdfc1e) --- pkgs/development/interpreters/python/default.nix | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/pkgs/development/interpreters/python/default.nix b/pkgs/development/interpreters/python/default.nix index a575675684f..3d3d546a2de 100644 --- a/pkgs/development/interpreters/python/default.nix +++ b/pkgs/development/interpreters/python/default.nix @@ -147,10 +147,10 @@ in { sourceVersion = { major = "3"; minor = "6"; - patch = "13"; + patch = "14"; suffix = ""; }; - sha256 = "pHpDpTq7QihqLBGWU0P/VnEbnmTo0RvyxnAaT7jOGg8="; + sha256 = "1bnm0bx7xf1jpfm0bmzlq19vwm0bvcbl7klx4rvgq05xryhafqr6"; inherit (darwin) configd; inherit passthruFun; }; From 98163bd246eb16da70546c0745eccab413547dc6 Mon Sep 17 00:00:00 2001 From: Martin Weinelt Date: Sat, 10 Jul 2021 00:02:07 +0200 Subject: [PATCH 07/16] python37: 3.7.10 -> 3.7.11 (cherry picked from commit b322c5ecaab811090690b026e1db857de6523e64) --- pkgs/development/interpreters/python/default.nix | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/pkgs/development/interpreters/python/default.nix b/pkgs/development/interpreters/python/default.nix index 3d3d546a2de..9dc48060163 100644 --- a/pkgs/development/interpreters/python/default.nix +++ b/pkgs/development/interpreters/python/default.nix @@ -160,10 +160,10 @@ in { sourceVersion = { major = "3"; minor = "7"; - patch = "10"; + patch = "11"; suffix = ""; }; - sha256 = "+NgudXLIbsnVXIYnquUEAST9IgOvQAw4PIIbmAMG7ms="; + sha256 = "0d57b5a47wapzpkkq5rbvvi4caylc35j5910b64rxxn4nmm1kd6x"; inherit (darwin) configd; inherit passthruFun; }; From d1a75c3c1de15227da4e0379a2f1067f1e1acb94 Mon Sep 17 00:00:00 2001 From: Martin Weinelt Date: Mon, 9 Aug 2021 02:34:24 +0200 Subject: [PATCH 08/16] python310: 3.10.0b3 -> 3.10.0rc1 (cherry picked from commit ebc4dae8cb65706c5d91afe3dc39d1f6c0f17e5e) --- pkgs/development/interpreters/python/default.nix | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/pkgs/development/interpreters/python/default.nix b/pkgs/development/interpreters/python/default.nix index 9dc48060163..a952e6f06d6 100644 --- a/pkgs/development/interpreters/python/default.nix +++ b/pkgs/development/interpreters/python/default.nix @@ -193,9 +193,9 @@ in { major = "3"; minor = "10"; patch = "0"; - suffix = "b3"; + suffix = "rc1"; }; - sha256 = "05fc4mp2ysb372bzkwbn1b1z01bfldnaqig6rxmif58hs3aawrr2"; + sha256 = "0f76q6rsvbvrzcnsp0k7sp555krrgvjpcd09l1rybl4249ln2w3r"; inherit (darwin) configd; inherit passthruFun; }; From eb3091ac76f1500ced6fc8951242a05a98ed774c Mon Sep 17 00:00:00 2001 From: Martin Weinelt Date: Mon, 28 Jun 2021 03:08:21 +0200 Subject: [PATCH 09/16] cpython: fix permissions on venv activation scripts Previously these ended up without u+w permissions which meant they could not be regenerated, which was hugely annoying when these venvs were for example created and recreated in a nix-shell. (cherry picked from commit 4fa69858d951409426c5b080fbdaf342fe790877) --- .../interpreters/python/cpython/default.nix | 4 ++++ .../python/cpython/virtualenv-permissions.patch | 13 +++++++++++++ 2 files changed, 17 insertions(+) create mode 100644 pkgs/development/interpreters/python/cpython/virtualenv-permissions.patch diff --git a/pkgs/development/interpreters/python/cpython/default.nix b/pkgs/development/interpreters/python/cpython/default.nix index 39f2ae0c3e4..1fe0bf4fa37 100644 --- a/pkgs/development/interpreters/python/cpython/default.nix +++ b/pkgs/development/interpreters/python/cpython/default.nix @@ -193,6 +193,10 @@ in with passthru; stdenv.mkDerivation { # (since it will do a futile invocation of gcc (!) to find # libuuid, slowing down program startup a lot). (./. + "/${sourceVersion.major}.${sourceVersion.minor}/no-ldconfig.patch") + # Make sure that the virtualenv activation scripts are + # owner-writable, so venvs can be recreated without permission + # errors. + ./virtualenv-permissions.patch ] ++ optionals mimetypesSupport [ # Make the mimetypes module refer to the right file ./mimetypes.patch diff --git a/pkgs/development/interpreters/python/cpython/virtualenv-permissions.patch b/pkgs/development/interpreters/python/cpython/virtualenv-permissions.patch new file mode 100644 index 00000000000..c686f21bfbb --- /dev/null +++ b/pkgs/development/interpreters/python/cpython/virtualenv-permissions.patch @@ -0,0 +1,13 @@ +diff --git a/Lib/venv/__init__.py b/Lib/venv/__init__.py +index caa7285..ad666ac 100644 +--- a/Lib/venv/__init__.py ++++ b/Lib/venv/__init__.py +@@ -379,7 +379,7 @@ class EnvBuilder: + if data is not None: + with open(dstfile, 'wb') as f: + f.write(data) +- shutil.copymode(srcfile, dstfile) ++ os.chmod(dstfile, 0o644) + + + def create(env_dir, system_site_packages=False, clear=False, From 59838d6ce0d68c201ee7bf8a700f5e8982c8ef20 Mon Sep 17 00:00:00 2001 From: Martin Weinelt Date: Tue, 10 Aug 2021 15:15:44 +0200 Subject: [PATCH 10/16] c-ares: 1.17.1 -> 1.17.2 (cherry picked from commit fe7d21caf21c8a8f864a1dc94ba6324cd2175fc4) --- pkgs/development/libraries/c-ares/default.nix | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/pkgs/development/libraries/c-ares/default.nix b/pkgs/development/libraries/c-ares/default.nix index 20bcf80d9e5..90e7a895746 100644 --- a/pkgs/development/libraries/c-ares/default.nix +++ b/pkgs/development/libraries/c-ares/default.nix @@ -8,11 +8,11 @@ let self = stdenv.mkDerivation rec { pname = "c-ares"; - version = "1.17.1"; + version = "1.17.2"; src = fetchurl { url = "https://c-ares.haxx.se/download/${pname}-${version}.tar.gz"; - sha256 = "0h7wjfnk2092glqcp9mqaax7xx0s13m501z1gi0gsjl2vvvd0gfp"; + sha256 = "sha256-SAPIRM4gzlEO8OuD+OpB+iTsqunSgMRoxYLSuyWzkT0="; }; meta = with lib; { From 41a38db1658a5fdcf018bb5da5eef431844cab4a Mon Sep 17 00:00:00 2001 From: Robert Scott Date: Sun, 18 Jul 2021 00:08:00 +0100 Subject: [PATCH 11/16] rsync: add patch for CVE-2020-14387 (cherry picked from commit a08ee2292caa8a676332c695d7d46bd38c235931) --- pkgs/applications/networking/sync/rsync/base.nix | 9 ++++++++- pkgs/applications/networking/sync/rsync/default.nix | 7 ++++--- pkgs/applications/networking/sync/rsync/rrsync.nix | 6 ++++-- 3 files changed, 16 insertions(+), 6 deletions(-) diff --git a/pkgs/applications/networking/sync/rsync/base.nix b/pkgs/applications/networking/sync/rsync/base.nix index 3479458088e..39ce5d3a7ea 100644 --- a/pkgs/applications/networking/sync/rsync/base.nix +++ b/pkgs/applications/networking/sync/rsync/base.nix @@ -1,4 +1,4 @@ -{ lib, fetchurl }: +{ lib, fetchurl, fetchpatch }: rec { version = "3.2.3"; @@ -12,6 +12,13 @@ rec { url = "mirror://samba/rsync/rsync-patches-${version}.tar.gz"; sha256 = "1wj21v57v135n6fnmlm2dxmb9lhrrg62jgkggldp1gb7d6s4arny"; }; + extraPatches = [ + (fetchpatch { + name = "CVE-2020-14387.patch"; + url = "https://git.samba.org/?p=rsync.git;a=patch;h=c3f7414;hp=4c4fce51072c9189cfb11b52aa54fed79f5741bd"; + sha256 = "000lyx48lns84p53nsdlr45mb9558lrvnsz3yic0y3z6h2izv82x"; + }) + ]; meta = with lib; { description = "Fast incremental file transfer utility"; diff --git a/pkgs/applications/networking/sync/rsync/default.nix b/pkgs/applications/networking/sync/rsync/default.nix index a38352a328a..f6d61dac390 100644 --- a/pkgs/applications/networking/sync/rsync/default.nix +++ b/pkgs/applications/networking/sync/rsync/default.nix @@ -1,4 +1,4 @@ -{ lib, stdenv, fetchurl, perl, libiconv, zlib, popt +{ lib, stdenv, fetchurl, fetchpatch, perl, libiconv, zlib, popt , enableACLs ? !(stdenv.isDarwin || stdenv.isSunOS || stdenv.isFreeBSD), acl ? null , enableLZ4 ? true, lz4 ? null , enableOpenSSL ? true, openssl ? null @@ -15,7 +15,7 @@ assert enableXXHash -> xxHash != null; assert enableZstd -> zstd != null; let - base = import ./base.nix { inherit lib fetchurl; }; + base = import ./base.nix { inherit lib fetchurl fetchpatch; }; in stdenv.mkDerivation rec { name = "rsync-${base.version}"; @@ -25,7 +25,8 @@ stdenv.mkDerivation rec { patchesSrc = base.upstreamPatchTarball; srcs = [mainSrc] ++ lib.optional enableCopyDevicesPatch patchesSrc; - patches = lib.optional enableCopyDevicesPatch "./patches/copy-devices.diff"; + patches = lib.optional enableCopyDevicesPatch "./patches/copy-devices.diff" + ++ base.extraPatches; buildInputs = [libiconv zlib popt] ++ lib.optional enableACLs acl diff --git a/pkgs/applications/networking/sync/rsync/rrsync.nix b/pkgs/applications/networking/sync/rsync/rrsync.nix index 83eb4658d2f..8ed09c190af 100644 --- a/pkgs/applications/networking/sync/rsync/rrsync.nix +++ b/pkgs/applications/networking/sync/rsync/rrsync.nix @@ -1,7 +1,7 @@ -{ lib, stdenv, fetchurl, perl, rsync }: +{ lib, stdenv, fetchurl, perl, rsync, fetchpatch }: let - base = import ./base.nix { inherit lib fetchurl; }; + base = import ./base.nix { inherit lib fetchurl fetchpatch; }; in stdenv.mkDerivation { name = "rrsync-${base.version}"; @@ -15,6 +15,8 @@ stdenv.mkDerivation { dontConfigure = true; dontBuild = true; + patches = base.extraPatches; + postPatch = '' substituteInPlace support/rrsync --replace /usr/bin/rsync ${rsync}/bin/rsync ''; From c9a0a881840e2eeb1807cae172e12d181a44e509 Mon Sep 17 00:00:00 2001 From: TredwellGit Date: Thu, 19 Aug 2021 02:16:24 +0000 Subject: [PATCH 12/16] c-ares: enable parallel building (cherry picked from commit b2ae763c42df36baa6d84420cf3ae9234c72fd7f) --- pkgs/development/libraries/c-ares/default.nix | 2 ++ 1 file changed, 2 insertions(+) diff --git a/pkgs/development/libraries/c-ares/default.nix b/pkgs/development/libraries/c-ares/default.nix index 20bcf80d9e5..6d8581fc0f6 100644 --- a/pkgs/development/libraries/c-ares/default.nix +++ b/pkgs/development/libraries/c-ares/default.nix @@ -15,6 +15,8 @@ stdenv.mkDerivation rec { sha256 = "0h7wjfnk2092glqcp9mqaax7xx0s13m501z1gi0gsjl2vvvd0gfp"; }; + enableParallelBuilding = true; + meta = with lib; { description = "A C library for asynchronous DNS requests"; homepage = "https://c-ares.haxx.se"; From 3ecbe36e8d5118f44994dcef6dcd2fd18c65eb02 Mon Sep 17 00:00:00 2001 From: Frederik Ramcke <757280+EggBaconAndSpam@users.noreply.github.com> Date: Mon, 23 Aug 2021 15:41:52 +0200 Subject: [PATCH 13/16] glibc: 2.32-48 -> 2.32-54 --- .../libraries/glibc/2.32-master.patch.gz | Bin 66850 -> 71829 bytes pkgs/development/libraries/glibc/common.nix | 4 ++-- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/pkgs/development/libraries/glibc/2.32-master.patch.gz b/pkgs/development/libraries/glibc/2.32-master.patch.gz index 8ea998b5bea2cb66113573133190ff3a75fd51d6..b935f821e956ad3582d97f78bd5946b84cda5306 100644 GIT binary patch delta 5190 zcmZ3~#WHmxOT!k%W|sOhv6aQQ&BXp&{}YMmy?rCQ`&q4qXK=XPBiZBMBF-(lx$H2b z{>*64D_xWNt3KWRzL&jWiQe(d$$r+kzKutC_i(@e8(>`H+btvaA}puybF^{&L6464 z7ku^WZJmEcU8&QQcx=o%IsKqZ|%iezvoQVnlep%t7@H@$U`R)@FXRCeJQ7i#at%W#j^9(jCFi1QM1i! zF5NoH^5eVXvO1=(zgMu=Puu_h#;+fRUpA_4l9<6N9M%7<{$OTXDjEK9Z4GYH)K z^UKSPZh0E^*A_Fr=bq^PFjK&R{oayB=f>yyDI6NdGkfaY7^3E-WQu>^!Wg;Y&f?i? zwLXNr*w$dSXTOaF5C6II{e4v~0dg-?_hfW_FI|0Y{gkJ!LF@VNnonjpf70Y^W3H6N zuA{x~*N(qh8kl*UaqglM`zK84%QI+lZrQ2uQn@^K%5sNEt~;W(D#xELTv2jwk5AE? z(_$hYyZ^oZmUKo>D6zieknqNd9|F%7rztDklQ?4Tpdjr62)*GFUkCy`Z|?ql z_rg}|QQcE?Nww`Ei@1E@JwojXBW2Q>ebD;~Df9C6)tgH`lIR0o>O056#$D1~9 zH`f<^$2jqitvrvzl3jXv&OeqO{rjhM-X5mH3+AoP#+*-b6k6Wz%31Z(=+8_kskjo| z$(lE3>clNRnl|VaRZfsATZ?E8zTs+}{q|`ER zK?xhdO?$qCAAR7%#JWh3sjpf;H$Fm+=MjTcOir!&$>Xj6UTFlay<~8vh zdoeFi;gRr`j(&AlBWG*n^@h_7z9iaYTLsQpa9Hn=dGZ?7j}ywGEi%1#@V?46InD0L zIjdeoP;`RV%YcX*`cEIMdg0J3TfTeE{62$kd|CE(`xl*--Z(qM?#M)O}q)b zAah2UnfwF&T^c=I-_*Kxrazx=)wD!It*x5r?PJrU6Q4WjemngAoLlr%$-ao!nUbcy z$un-&HvZ_p@Z~J~q7xr|Irgr$-f;ORi;>9&?u)E$8)lq+wJnLyRPA>CqAk7K3SP4Z z9r$QwEK?zr;q~p))8mIfFYf(j%zN1XLw&Y z)00PA?&oe!u^ z`u)E5SAY2a$jNT5Tt~avB+C_2{wM3bK5}m?y76oU$LXRoX46-vyj}Dvee+>9pR>h= z&-ry+TOEC@Iii!E*>Agc=C6B%)Ri=WlL>W4WDdVu>hxrFZrZ7oAG(Wn$LH?LJ9jQ! z?8fo4*Ed+0ufC%j%KLS(pSa$K`7h$PcD-6<+E{E=ym#>8S&)(bDI(66A>%q7G#{KxV;reZRJ0Ab@{f8Gf zzs>jGSa#1glb4ci9u9y|-B2!PYZ~wE;McQX(@CnVO`}5kyv!Rju;{3kXKRrY)acBu|GI%)qQ}qPng;Uwv-5pkK3!Av`ZIpBI zWSw5-(_3uSAG3Y8J#O&kfZ^AkXh)ITfg1wM5+UsACGPhVJtN?i^zg-13UW@zw&L!&x^L+`F)Gla-n4V`({+ z9zl%-52cKvEWU-tEeDT=X;IA&K!BLi-9epKS z%YxO^#YiIh>Jq-vOAjNC_=}x#c3e^Rbce)5{^V5aznNySr8!G`<^F`k4WY@{; zC{<_6zjskn>)hE6E9!iAwg@QBU9vq39{{GbqZLg0O2AT7uzn;jsq_?SO%eM3HTJo!|iTvDk z__D@E-_u)-FZ{Z5g)ME_?>m>j>U1*2Ur!GBv+rwUaP7V&nQ1InrRGWgzJKrH5s_&o z!4jA3o~J7B)Y_^AFwz3$S#&+i76{mT)2?PogAHsJie zwqUO6Nx@!6<7M2xE1lkCGjCVt!(D3ED{~_DF~2^-vB|=yLTtvt>7T_-7?kP_eYmVS ztoru#9sJ;;G;M8)noHJ;(pJY1vpomcT)MpH zUyR-|UuD)WLIgDJOI81ny2GLZ>!Q*WI6vSL=7okZH4!gpsce@N4FTs>R!iDUlbnbUQh53)E_ zJr`YAHvPKuFKgBCxvx&Dxa9ph`?>y5F#oWN?vCVsDoXoV@ z-J8Dt;~VpN%o+*qA_9N?QWon?v`Vp+QG<$tMsk(+94r8VFBVnvTC z>|;|p#FDLX^tj8~mFXHHO&4>|^sLtCcjt6Tzh~X8pH||> z%c813m1Dl}satYQrxz?wny7G6?WN+xBRmU3Po+JrU+$3b;I5&pCC`ncI#N#zQ|-?> zPH>&#m|?hV+I7>9mWPggNlCsTc(6y2x9Z@fIVLjcPK>S{zb@)Nn$)*UBR)VdpI?7>zQXx`{_4xs!{s+9yQ_z% zx9^p+w%VWayF-9G>-Fx-f4$2-z7vXgr|6+z`;w1ouR!wdtShSpk5BDrk9pD9z%@sz zo!{X3q_cv@ypIa~n8WeqNaoV!E2p$f&G+dC^fe#d$GyjQLGhjtv-(xHZ%41SpEa>D zOQB2ad)@);!HkW+WWyeBtt_pM8aJmyqCkl=>6i0d-nuRpA??3 z{Zytz*EEjpQxC-7J8{2d!LRp+>%B$R3NDzM>zOh$S0%1!tAn8SI@T!%4{%LqbNSNh z%^WV)zwZJ^ug_7((_-tSL>$956@LBeQ1bbQ^5ekPQ?@3Hr%ibsHgnaxq?oj>E?$+l zLNPwE_9`dC4o|)ovL!KU)uGF zTQec+saaU@rUm?Gy=N=^KbijI!QHQCyjQR;RTG>MekS>FWuMILyjMGa|M|Y9=-IO< z-oBfWx?$^I#Rt!DW8E&aq})#5{e4)%950P!%K2NL?8`d7vhl~)J5|SXJrA7YKKwy0 zfANJ7=3`6d|AjIY9UL8Fzg?+crSj=|7TZrpXU~~(m*yYkRSpvW z-s3U#w%eZz3+5>9Z@%YPd+bs7rvAvAt9J$llsX#KD8I88?Y)=VrhVDI;{NO3r$fcp z>ea5=y=&hbt?ETuOJ8TZntU@-+q>sQ@SQI|7jBOg-^LVN*SabuY(m4-V|xo)58M$= zaDT$3)bw13mz+vH`9tbohC=w^;wI&bFgAlSuoEr&CFzG{r$*if1XAz|H8KK zqmhXsn1=W?WLFt%QP&g)=zJ0W80?6{+D`;PPHpOgk+R; zE5@Bu$hcF&=ibj#A@RXIk+*e2!ck^Eo!~_;&z?xyw#xU?meynKyrL#8TmJprqbw8h zbI-ybmmQZJ&=+f8kkoNYVPpN)g~tA$Q%Xx`yjO61y+)2@W^#09mfJ*8>Ascj8z26h znVVMlAw>D@r5@X?HGl0H7#RNlUlZ%?eb_-@-*4@2D!LgN+dQQOTC)O=sB=8>on+R! zVB6Iz)BaVbr|rL+<0EZTv2jxFvYU4+Q=Wf)`@^iS;c$R@=DN=YllFwq^-W&;zdk~C zM|all&t=zTgmK+T1d$Z3`ad-KIlZ);OrPr)m751gOr@QoJ%CE$O)_vwF3$9+?RZw(%kHVv1fbxDmSU=*H7s-I6OSFoI_`&sHR8UeTHJ&(Cqa~{T8Kf&YZ;m zIB}Mnpl5Nt&^PwUH(Q=qpR2m)vOLhNV{v`pi!INlS1#L<^uFwk%$<35;)O+$>najd zwtB^U-u~ihsdZj~hsK4)O#KFxx5FO#Nl!MZPPb?-p2{x}dC;rtcf#fgleS)ZeRq9` z#0u{Di4$Ba|5iAzni^--{KrF5EGu#DDqpS&jSuxs>{&gh^6Cwimb%V}50stlHG5jo z%ZFt;@eA9yXWz`;t$~$lcD+gsPp>D%7ATe3 zrO)YzT`^bpTKEdF=9GX~u9VtBfhRdkvnSoDIqZ0S!KR&8>ff-4ek;{~!&?tdpnK<@ z&1*K`IUb+7YD;i|X5*GM*S)4%Y^iNyTHCUv@aDIFTOYT)&*5;LBhXaul5pbuf0mr( zS?cdo|F}$_c_g*Z`sL$Dn~=(Y!YYj?x8(MIeRMl_p1W3{{HJ~Kw->tyu?ea&99Y}4 ztY*SOE33S@7HmE#f$<+6Cu+4MatH3MFT7|zk3DVf9(A7OX(m0AtsTG2LS6@OxqsNW za@~`5pClKx+xyjZIOj(Q#cfpiSAT4hX^Xj5r+IzMqkaEWCr3`n{p?x#HGQ$fmKi3B z7W-E?edEls6O#IsY`K*2l4s2aUjEE>w~!OpWjDQiVaq<Q~SM2nbqfI<9O+0EW zk`j(=evWKvn_a&v*xsIb>{zh5%)Xni_pVE`U%M+wEAyS^KUr7JfAVEMdo_=V+RwMr z&EE9-rm@`s!|;!JhirJm+t6@JjILW<8F$+xtpOLaIwTaLGsR MvYJSf+oCKC0NU;R$N&HU delta 172 zcmbQbk!4XAOT!k%W|n&AkRMf5p36F?u^l^ktkZ4Fx<87doIC6o?|*Un&(#{W)b>~! z4-;E+xLCoVydL$FTw7#SuUcdmPk7&O_D#hJMQ;V)Stm~aQV6eBxcYO+m5{axv%0+A zGGuIUEOW2?^|RvF&SUKEY}VGlel+;BNUd9(u!Pw-a;=5vHEp%6eV0|&DfBtdVdN8L fdF$?^qVr{LKG%_JRa`r=Y#AQzdpqgFEoKG)`ms-< diff --git a/pkgs/development/libraries/glibc/common.nix b/pkgs/development/libraries/glibc/common.nix index 049688cf74d..5d4556da32e 100644 --- a/pkgs/development/libraries/glibc/common.nix +++ b/pkgs/development/libraries/glibc/common.nix @@ -42,7 +42,7 @@ let version = "2.32"; - patchSuffix = "-48"; + patchSuffix = "-54"; sha256 = "0di848ibffrnwq7g2dvgqrnn4xqhj3h96csn69q4da51ymafl9qn"; in @@ -61,7 +61,7 @@ stdenv.mkDerivation ({ [ /* No tarballs for stable upstream branch, only https://sourceware.org/git/glibc.git and using git would complicate bootstrapping. $ git fetch --all -p && git checkout origin/release/2.32/master && git describe - glibc-2.32-48-g16949aeaa0 + glibc-2.32-54-g182ffd8e75 $ git show --minimal --reverse glibc-2.32.. | gzip -9n --rsyncable - > 2.32-master.patch.gz To compare the archive contents zdiff can be used. From ea4cbf4b3a5d8b54286da5f25bb6aa9b5d760bd2 Mon Sep 17 00:00:00 2001 From: Kerstin Humm Date: Sun, 22 Aug 2021 17:05:26 +0200 Subject: [PATCH 14/16] imagemagick: 7.1.0-4 -> 7.1.0-5 (cherry picked from commit 042229148d725151a89727bf70cd117250945f9f) --- pkgs/applications/graphics/ImageMagick/7.0.nix | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/pkgs/applications/graphics/ImageMagick/7.0.nix b/pkgs/applications/graphics/ImageMagick/7.0.nix index 5e0605bce9a..ce1dbc8e3e8 100644 --- a/pkgs/applications/graphics/ImageMagick/7.0.nix +++ b/pkgs/applications/graphics/ImageMagick/7.0.nix @@ -18,13 +18,13 @@ in stdenv.mkDerivation rec { pname = "imagemagick"; - version = "7.1.0-4"; + version = "7.1.0-5"; src = fetchFromGitHub { owner = "ImageMagick"; repo = "ImageMagick"; rev = version; - sha256 = "sha256-CvrSeoKaTigR+4egelwLRr2++CQ5OWUePwX9e1/G1GM="; + sha256 = "sha256-iXE3kVpJHMuZ+H6aaZ1GuOUHnP0lO/Q1F5yK8sPPS3M="; }; outputs = [ "out" "dev" "doc" ]; # bin/ isn't really big From 3d0d142b7540e7cf46a8d37fc72eceb8f5c593da Mon Sep 17 00:00:00 2001 From: Martin Weinelt Date: Wed, 25 Aug 2021 02:17:23 +0200 Subject: [PATCH 15/16] openssl: 1.1.1k -> 1.1.1l (cherry picked from commit 174868d4fa8452c0dc7ebcaf5548376351fa280a) --- .../openssl/1.1/macos-yosemite-compat.patch | 56 +++++++++++++++++++ .../development/libraries/openssl/default.nix | 6 +- 2 files changed, 60 insertions(+), 2 deletions(-) create mode 100644 pkgs/development/libraries/openssl/1.1/macos-yosemite-compat.patch diff --git a/pkgs/development/libraries/openssl/1.1/macos-yosemite-compat.patch b/pkgs/development/libraries/openssl/1.1/macos-yosemite-compat.patch new file mode 100644 index 00000000000..b0e37e32561 --- /dev/null +++ b/pkgs/development/libraries/openssl/1.1/macos-yosemite-compat.patch @@ -0,0 +1,56 @@ +From cef404f1e7a598166cbc2fd2e0048f7e2d752ad5 Mon Sep 17 00:00:00 2001 +From: David Carlier +Date: Tue, 24 Aug 2021 22:40:14 +0100 +Subject: [PATCH] Darwin platform allows to build on releases before + Yosemite/ios 8. + +issue #16407 #16408 +--- + crypto/rand/rand_unix.c | 5 +---- + include/crypto/rand.h | 10 ++++++++++ + 2 files changed, 11 insertions(+), 4 deletions(-) + +diff --git a/crypto/rand/rand_unix.c b/crypto/rand/rand_unix.c +index 43f1069d151d..0f4525106af7 100644 +--- a/crypto/rand/rand_unix.c ++++ b/crypto/rand/rand_unix.c +@@ -34,9 +34,6 @@ + #if defined(__OpenBSD__) + # include + #endif +-#if defined(__APPLE__) +-# include +-#endif + + #if defined(OPENSSL_SYS_UNIX) || defined(__DJGPP__) + # include +@@ -381,7 +378,7 @@ static ssize_t syscall_random(void *buf, size_t buflen) + if (errno != ENOSYS) + return -1; + } +-# elif defined(__APPLE__) ++# elif defined(OPENSSL_APPLE_CRYPTO_RANDOM) + if (CCRandomGenerateBytes(buf, buflen) == kCCSuccess) + return (ssize_t)buflen; + +diff --git a/include/crypto/rand.h b/include/crypto/rand.h +index 5350d3a93119..674f840fd13c 100644 +--- a/include/crypto/rand.h ++++ b/include/crypto/rand.h +@@ -20,6 +20,16 @@ + + # include + ++# if defined(__APPLE__) && !defined(OPENSSL_NO_APPLE_CRYPTO_RANDOM) ++# include ++# if (defined(__MAC_OS_X_VERSION_MIN_REQUIRED) && __MAC_OS_X_VERSION_MIN_REQUIRED >= 101000) || \ ++ (defined(__IPHONE_OS_VERSION_MIN_REQUIRED) && __IPHONE_OS_VERSION_MIN_REQUIRED >= 80000) ++# define OPENSSL_APPLE_CRYPTO_RANDOM 1 ++# include ++# include ++# endif ++# endif ++ + /* forward declaration */ + typedef struct rand_pool_st RAND_POOL; + diff --git a/pkgs/development/libraries/openssl/default.nix b/pkgs/development/libraries/openssl/default.nix index 77a6b513ee6..00bdf14ae15 100644 --- a/pkgs/development/libraries/openssl/default.nix +++ b/pkgs/development/libraries/openssl/default.nix @@ -188,14 +188,16 @@ in { }; openssl_1_1 = common { - version = "1.1.1k"; - sha256 = "1rdfzcrxy9y38wqdw5942vmdax9hjhgrprzxm42csal7p5shhal9"; + version = "1.1.1l"; + sha256 = "sha256-C3o+XlnDSCf+DDp0t+yLrvMCuY+oAIjX+RU6oW+na9E="; patches = [ ./1.1/nix-ssl-cert-file.patch (if stdenv.hostPlatform.isDarwin then ./1.1/use-etc-ssl-certs-darwin.patch else ./1.1/use-etc-ssl-certs.patch) + ] ++ lib.optionals (stdenv.isDarwin) [ + ./1.1/macos-yosemite-compat.patch ]; withDocs = true; }; From efedf9a09e4dbb9a40145e142f5b513dace9a1b2 Mon Sep 17 00:00:00 2001 From: Robert Scott Date: Sun, 29 Aug 2021 20:13:37 +0100 Subject: [PATCH 16/16] Revert "[Backport staging-21.05] ffmpeg, ffmpeg-full: enable basic tests" --- pkgs/development/libraries/ffmpeg-full/default.nix | 8 -------- pkgs/development/libraries/ffmpeg/2.8.nix | 1 - pkgs/development/libraries/ffmpeg/generic.nix | 11 ++--------- 3 files changed, 2 insertions(+), 18 deletions(-) diff --git a/pkgs/development/libraries/ffmpeg-full/default.nix b/pkgs/development/libraries/ffmpeg-full/default.nix index ddcc81f8930..2186c154f80 100644 --- a/pkgs/development/libraries/ffmpeg-full/default.nix +++ b/pkgs/development/libraries/ffmpeg-full/default.nix @@ -443,14 +443,6 @@ stdenv.mkDerivation rec { buildFlags = [ "all" ] ++ optional qtFaststartProgram "tools/qt-faststart"; # Build qt-faststart executable - doCheck = true; - checkPhase = let - ldLibraryPathEnv = if stdenv.isDarwin then "DYLD_LIBRARY_PATH" else "LD_LIBRARY_PATH"; - in '' - ${ldLibraryPathEnv}="libavcodec:libavdevice:libavfilter:libavformat:libavresample:libavutil:libpostproc:libswresample:libswscale:''${${ldLibraryPathEnv}}" \ - make check -j$NIX_BUILD_CORES - ''; - # Hacky framework patching technique borrowed from the phantomjs2 package postInstall = optionalString qtFaststartProgram '' cp -a tools/qt-faststart $out/bin/ diff --git a/pkgs/development/libraries/ffmpeg/2.8.nix b/pkgs/development/libraries/ffmpeg/2.8.nix index 0df810ff10b..6d94c2e9974 100644 --- a/pkgs/development/libraries/ffmpeg/2.8.nix +++ b/pkgs/development/libraries/ffmpeg/2.8.nix @@ -7,5 +7,4 @@ callPackage ./generic.nix (rec { knownVulnerabilities = [ "CVE-2021-30123" ]; - doCheck = false; } // args) diff --git a/pkgs/development/libraries/ffmpeg/generic.nix b/pkgs/development/libraries/ffmpeg/generic.nix index 083210b1fef..7e4a6a08098 100644 --- a/pkgs/development/libraries/ffmpeg/generic.nix +++ b/pkgs/development/libraries/ffmpeg/generic.nix @@ -17,8 +17,7 @@ # Darwin frameworks , Cocoa, darwinFrameworks ? [ Cocoa ] # Inherit generics -, branch, sha256, version, patches ? [], knownVulnerabilities ? [] -, doCheck ? true, ... +, branch, sha256, version, patches ? [], knownVulnerabilities ? [], ... }: /* Maintainer notes: @@ -188,13 +187,7 @@ stdenv.mkDerivation rec { enableParallelBuilding = true; - inherit doCheck; - checkPhase = let - ldLibraryPathEnv = if stdenv.isDarwin then "DYLD_LIBRARY_PATH" else "LD_LIBRARY_PATH"; - in '' - ${ldLibraryPathEnv}="libavcodec:libavdevice:libavfilter:libavformat:libavresample:libavutil:libpostproc:libswresample:libswscale:''${${ldLibraryPathEnv}}" \ - make check -j$NIX_BUILD_CORES - ''; + doCheck = false; # fails # ffmpeg 3+ generates pkg-config (.pc) files that don't have the # form automatically handled by the multiple-outputs hooks.