From 5aea8bb6d9d251991ef781313d35e191e7e5faee Mon Sep 17 00:00:00 2001 From: Will Dietz Date: Mon, 11 Feb 2019 20:19:19 -0600 Subject: [PATCH 1/8] pantheon.elementary-icon-theme: 5.0.2 -> 5.0.3 --- .../pantheon/artwork/elementary-icon-theme/default.nix | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/pkgs/desktops/pantheon/artwork/elementary-icon-theme/default.nix b/pkgs/desktops/pantheon/artwork/elementary-icon-theme/default.nix index f70186585ec..23fb8445838 100644 --- a/pkgs/desktops/pantheon/artwork/elementary-icon-theme/default.nix +++ b/pkgs/desktops/pantheon/artwork/elementary-icon-theme/default.nix @@ -2,7 +2,7 @@ stdenv.mkDerivation rec { pname = "icons"; - version = "5.0.2"; + version = "5.0.3"; name = "elementary-icon-theme-${version}"; @@ -10,7 +10,7 @@ stdenv.mkDerivation rec { owner = "elementary"; repo = pname; rev = version; - sha256 = "12j582f0kggv2lp935r75xg7q26zpl0f05s11xcs4qxazhj1ly2r"; + sha256 = "0wpv7yirf44bfqfmyshzfw9605j1idm7c9jqg68k3nmymmd6iqzf"; }; passthru = { From 19fcdfa35633567a683f8ffbe25d817a259d387a Mon Sep 17 00:00:00 2001 From: worldofpeace Date: Sat, 16 Feb 2019 02:57:21 -0500 Subject: [PATCH 2/8] pantheon.granite: 5.2.2 -> 5.2.3 --- .../02-datetime-clock-format-gsettings.patch | 38 +++++++++---------- pkgs/desktops/pantheon/granite/default.nix | 13 +------ 2 files changed, 21 insertions(+), 30 deletions(-) diff --git a/pkgs/desktops/pantheon/granite/02-datetime-clock-format-gsettings.patch b/pkgs/desktops/pantheon/granite/02-datetime-clock-format-gsettings.patch index 7b7c9871133..7960e45582c 100644 --- a/pkgs/desktops/pantheon/granite/02-datetime-clock-format-gsettings.patch +++ b/pkgs/desktops/pantheon/granite/02-datetime-clock-format-gsettings.patch @@ -1,7 +1,7 @@ -From 698e34dd6e8d98a1818ae00d3313b69a86340771 Mon Sep 17 00:00:00 2001 +From 61e0d02c054367007e156c9ac3a084dbd6de8278 Mon Sep 17 00:00:00 2001 From: Fabio Valentini -Date: Mon, 17 Dec 2018 14:58:14 +0100 -Subject: DateTime: include "clock-format" gsettings key here +Date: Fri, 15 Feb 2019 13:53:11 +0100 +Subject: [PATCH] DateTime: include "clock-format" gsettings key here --- data/io.elementary.granite.gschema.xml | 15 +++++++++++++++ @@ -45,12 +45,12 @@ index 0000000..96cc3b1 + install_dir: schema_dir +) diff --git a/lib/DateTime.vala b/lib/DateTime.vala -index aea2ec6..3d81191 100644 +index 2069e1f..5e9075d 100644 --- a/lib/DateTime.vala +++ b/lib/DateTime.vala @@ -104,13 +104,13 @@ namespace Granite.DateTime { } - + /** - * Gets the //clock-format// key from //org.gnome.desktop.interface// schema + * Gets the //clock-format// key from //io.elementary.granite// schema @@ -65,22 +65,22 @@ index aea2ec6..3d81191 100644 return (format.contains ("12h")); } diff --git a/meson.build b/meson.build -index 8b98eeb..f0abcdf 100644 +index 8c886be..5f95055 100644 --- a/meson.build +++ b/meson.build -@@ -4,6 +4,8 @@ project( - version: '5.2.2' +@@ -5,6 +5,8 @@ project( + version: '5.2.3' ) - + +rdnn = 'io.elementary.' + meson.project_name() + if meson.get_compiler('vala').version().version_compare('<0.40.0') error('vala compiler version 0.40.0 or newer is required.') endif -@@ -52,10 +54,18 @@ icons_dir = join_paths( +@@ -53,10 +55,18 @@ icons_dir = join_paths( 'hicolor' ) - + +schema_dir = join_paths( + get_option('prefix'), + get_option('datadir'), @@ -90,40 +90,40 @@ index 8b98eeb..f0abcdf 100644 + pkgconfig = import('pkgconfig') i18n = import('i18n') - + subdir('lib') +subdir('data') subdir('demo') subdir('icons') subdir('po') -@@ -68,5 +78,6 @@ endif +@@ -69,5 +79,6 @@ endif meson.add_install_script( join_paths(meson.current_source_dir(), 'meson', 'post_install.py'), '--iconsdir', icons_dir, + '--schemadir', schema_dir, ) - + diff --git a/meson/post_install.py b/meson/post_install.py index 1864515..5313f96 100755 --- a/meson/post_install.py +++ b/meson/post_install.py @@ -6,11 +6,16 @@ import subprocess - + parser = argparse.ArgumentParser() parser.add_argument("--iconsdir", action="store", required=True) +parser.add_argument("--schemadir", action="store", required=True) args = vars(parser.parse_args()) - + icons_dir = args["iconsdir"] +schema_dir = args["schemadir"] - + if not os.environ.get('DESTDIR'): print('Compiling icon cache ...') subprocess.run(['gtk-update-icon-cache', icons_dir]) - + + print('Compiling GSettings schemas ...') + subprocess.run(['glib-compile-schemas', schema_dir]) + --- +-- 2.20.1 diff --git a/pkgs/desktops/pantheon/granite/default.nix b/pkgs/desktops/pantheon/granite/default.nix index fe0e880ccb2..eae9aa4afca 100644 --- a/pkgs/desktops/pantheon/granite/default.nix +++ b/pkgs/desktops/pantheon/granite/default.nix @@ -2,25 +2,16 @@ stdenv.mkDerivation rec { pname = "granite"; - version = "5.2.2"; + version = "5.2.3"; src = fetchFromGitHub { owner = "elementary"; repo = pname; rev = version; - sha256 = "1zp0pp5v3j8k6ail724p7h5jj2zmznj0a2ybwfw5sspfdw5bfydh"; + sha256 = "10ddq1s2w4jvpzq813cylmqhh8pggzaz890fy3kzg07275i98gah"; }; patches = [ - # Add Meson support that hit after 5.2.2 - (fetchpatch { - url = "https://github.com/elementary/granite/commit/2066b377226cf327cb2d5399b6b40a2d36d47b11.patch"; - sha256 = "1bxjgq8wvl1sb79cwhmh9kwawnkkfn7c5q67cyz1fjxmamwyyi85"; - }) - (fetchpatch { - url = "https://github.com/elementary/granite/commit/f1b29f52e3aaf0f5d6bba44c42617da265f679c8.patch"; - sha256 = "0cdp9ny6fj1lpcirab641p1qn1rbsvnsaa03hnr6zsdpim96jlvs"; - }) # Resolve the circular dependency between granite and the datetime wingpanel indicator # See: https://github.com/elementary/granite/pull/242 ./02-datetime-clock-format-gsettings.patch From 27ed56ce1d3108f49fc02590d6d819b9f3eef5cc Mon Sep 17 00:00:00 2001 From: worldofpeace Date: Sat, 16 Feb 2019 02:59:12 -0500 Subject: [PATCH 3/8] pantheon.elementary-files: 4.1.4 -> 4.1.5 --- pkgs/desktops/pantheon/apps/elementary-files/default.nix | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/pkgs/desktops/pantheon/apps/elementary-files/default.nix b/pkgs/desktops/pantheon/apps/elementary-files/default.nix index 7c736df2c53..3494474c49c 100644 --- a/pkgs/desktops/pantheon/apps/elementary-files/default.nix +++ b/pkgs/desktops/pantheon/apps/elementary-files/default.nix @@ -5,7 +5,7 @@ stdenv.mkDerivation rec { pname = "files"; - version = "4.1.4"; + version = "4.1.5"; name = "elementary-${pname}-${version}"; @@ -13,7 +13,7 @@ stdenv.mkDerivation rec { owner = "elementary"; repo = pname; rev = version; - sha256 = "0nlmg3izbi4yh2sd69hh8avg76pipxn11l9a39xgqm55lvidlqmn"; + sha256 = "0z0pisg7py2k6i31v18z5fgpj8x64m1s5clfq4vbbjrcjwx6dcx5"; }; passthru = { From 705167a5dceb53befd22f4e6184bbfba0813b73d Mon Sep 17 00:00:00 2001 From: Pierre Bourdon Date: Sun, 17 Feb 2019 05:33:44 +0100 Subject: [PATCH 4/8] unzip: patch CVE-2018-18384 Patch from https://sourceforge.net/p/infozip/bugs/53/ --- .../archivers/unzip/CVE-2018-18384.patch | 35 +++++++++++++++++++ pkgs/tools/archivers/unzip/default.nix | 1 + 2 files changed, 36 insertions(+) create mode 100644 pkgs/tools/archivers/unzip/CVE-2018-18384.patch diff --git a/pkgs/tools/archivers/unzip/CVE-2018-18384.patch b/pkgs/tools/archivers/unzip/CVE-2018-18384.patch new file mode 100644 index 00000000000..e9320e125cf --- /dev/null +++ b/pkgs/tools/archivers/unzip/CVE-2018-18384.patch @@ -0,0 +1,35 @@ +--- unzip60/list.c ++++ unzip60/list.c +@@ -97,7 +97,7 @@ int list_files(__G) /* return PK-type + { + int do_this_file=FALSE, cfactor, error, error_in_archive=PK_COOL; + #ifndef WINDLL +- char sgn, cfactorstr[10]; ++ char sgn, cfactorstr[1+10+1+1]; /* %NUL */ + int longhdr=(uO.vflag>1); + #endif + int date_format; +@@ -389,9 +389,9 @@ int list_files(__G) /* return PK-type + } + #else /* !WINDLL */ + if (cfactor == 100) +- sprintf(cfactorstr, LoadFarString(CompFactor100)); ++ snprintf(cfactorstr, sizeof(cfactorstr), LoadFarString(CompFactor100)); + else +- sprintf(cfactorstr, LoadFarString(CompFactorStr), sgn, cfactor); ++ snprintf(cfactorstr, sizeof(cfactorstr), LoadFarString(CompFactorStr), sgn, cfactor); + if (longhdr) + Info(slide, 0, ((char *)slide, LoadFarString(LongHdrStats), + FmZofft(G.crec.ucsize, "8", "u"), methbuf, +@@ -471,9 +471,9 @@ int list_files(__G) /* return PK-type + + #else /* !WINDLL */ + if (cfactor == 100) +- sprintf(cfactorstr, LoadFarString(CompFactor100)); ++ snprintf(cfactorstr, sizeof(cfactorstr), LoadFarString(CompFactor100)); + else +- sprintf(cfactorstr, LoadFarString(CompFactorStr), sgn, cfactor); ++ snprintf(cfactorstr, sizeof(cfactorstr), LoadFarString(CompFactorStr), sgn, cfactor); + if (longhdr) { + Info(slide, 0, ((char *)slide, LoadFarString(LongFileTrailer), + FmZofft(tot_ucsize, "8", "u"), FmZofft(tot_csize, "8", "u"), diff --git a/pkgs/tools/archivers/unzip/default.nix b/pkgs/tools/archivers/unzip/default.nix index 7c4bb988b62..cdf189e82df 100644 --- a/pkgs/tools/archivers/unzip/default.nix +++ b/pkgs/tools/archivers/unzip/default.nix @@ -24,6 +24,7 @@ stdenv.mkDerivation { ./CVE-2015-7697.diff ./CVE-2014-9913.patch ./CVE-2016-9844.patch + ./CVE-2018-18384.patch ./dont-hardcode-cc.patch ] ++ stdenv.lib.optional enableNLS (fetchurl { From 21531d353b2b1ccd4ac5719db677b1baa7894600 Mon Sep 17 00:00:00 2001 From: worldofpeace Date: Sun, 17 Feb 2019 03:52:37 +0000 Subject: [PATCH 5/8] Merge #55894: cairo: apply patch for CVE-2018-19876 (cherry picked from commit bad2db31b7b256e7b26f60e18dd2301cd277880c) Forward-picked from staging to staging-next; it's a trivial patch and we now rebuild anyway due to unzip. --- pkgs/development/libraries/cairo/default.nix | 15 ++++++++++++++- 1 file changed, 14 insertions(+), 1 deletion(-) diff --git a/pkgs/development/libraries/cairo/default.nix b/pkgs/development/libraries/cairo/default.nix index 8f7a04cbb68..f161e0f511a 100644 --- a/pkgs/development/libraries/cairo/default.nix +++ b/pkgs/development/libraries/cairo/default.nix @@ -1,4 +1,4 @@ -{ stdenv, fetchurl, pkgconfig, libiconv +{ stdenv, fetchurl, fetchpatch, pkgconfig, libiconv , libintl, expat, zlib, libpng, pixman, fontconfig, freetype, xorg , gobjectSupport ? true, glib , xcbSupport ? true # no longer experimental since 1.12 @@ -20,6 +20,19 @@ in stdenv.mkDerivation rec { sha256 = "0c930mk5xr2bshbdljv005j3j8zr47gqmkry3q6qgvqky6rjjysy"; }; + patches = [ + # Fixes CVE-2018-19876; see Nixpkgs issue #55384 + # CVE information: https://nvd.nist.gov/vuln/detail/CVE-2018-19876 + # Upstream PR: https://gitlab.freedesktop.org/cairo/cairo/merge_requests/5 + # + # This patch is the merged commit from the above PR. + (fetchpatch { + name = "CVE-2018-19876.patch"; + url = "https://gitlab.freedesktop.org/cairo/cairo/commit/6edf572ebb27b00d3c371ba5ae267e39d27d5b6d.patch"; + sha256 = "112hgrrsmcwxh1r52brhi5lksq4pvrz4xhkzcf2iqp55jl2pb7n1"; + }) + ]; + outputs = [ "out" "dev" "devdoc" ]; outputBin = "dev"; # very small From 97c05bda526695a11624914f2d74e69887851984 Mon Sep 17 00:00:00 2001 From: Daiderd Jordan Date: Sun, 17 Feb 2019 10:11:25 +0100 Subject: [PATCH 6/8] darwin.architecture: fix sandbox build Re-applies bad2db31b7b256e7b26f60e18dd2301cd277880c. This reverts commit f84aef11a4cea741b68e2966f5f189320708bc60. --- .../darwin/apple-source-releases/architecture/default.nix | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/pkgs/os-specific/darwin/apple-source-releases/architecture/default.nix b/pkgs/os-specific/darwin/apple-source-releases/architecture/default.nix index 4a155a4c403..ebeb3ef0884 100644 --- a/pkgs/os-specific/darwin/apple-source-releases/architecture/default.nix +++ b/pkgs/os-specific/darwin/apple-source-releases/architecture/default.nix @@ -3,6 +3,12 @@ appleDerivation { dontBuild = true; + postPatch = '' + substituteInPlace Makefile \ + --replace '/bin/mkdir' 'mkdir' \ + --replace '/usr/bin/install' 'install' + ''; + installFlags = [ "EXPORT_DSTDIR=/include/architecture" ]; DSTROOT = "$(out)"; From 23191f045ddb7224fb2acd6f6d835a1c4d367980 Mon Sep 17 00:00:00 2001 From: worldofpeace Date: Mon, 18 Feb 2019 18:52:42 -0500 Subject: [PATCH 7/8] pantheon.granite: fetch for DateTime GSettings patch Typo in the patch was fixed. [0] [0]: https://src.fedoraproject.org/rpms/granite/c/0550b44ed6400c9b1ff7e70871913747df2ff323?branch=master --- .../02-datetime-clock-format-gsettings.patch | 129 ------------------ pkgs/desktops/pantheon/granite/default.nix | 5 +- 2 files changed, 4 insertions(+), 130 deletions(-) delete mode 100644 pkgs/desktops/pantheon/granite/02-datetime-clock-format-gsettings.patch diff --git a/pkgs/desktops/pantheon/granite/02-datetime-clock-format-gsettings.patch b/pkgs/desktops/pantheon/granite/02-datetime-clock-format-gsettings.patch deleted file mode 100644 index 7960e45582c..00000000000 --- a/pkgs/desktops/pantheon/granite/02-datetime-clock-format-gsettings.patch +++ /dev/null @@ -1,129 +0,0 @@ -From 61e0d02c054367007e156c9ac3a084dbd6de8278 Mon Sep 17 00:00:00 2001 -From: Fabio Valentini -Date: Fri, 15 Feb 2019 13:53:11 +0100 -Subject: [PATCH] DateTime: include "clock-format" gsettings key here - ---- - data/io.elementary.granite.gschema.xml | 15 +++++++++++++++ - data/meson.build | 4 ++++ - lib/DateTime.vala | 4 ++-- - meson.build | 11 +++++++++++ - meson/post_install.py | 5 +++++ - 5 files changed, 37 insertions(+), 2 deletions(-) - create mode 100644 data/io.elementary.granite.gschema.xml - create mode 100644 data/meson.build - -diff --git a/data/io.elementary.granite.gschema.xml b/data/io.elementary.granite.gschema.xml -new file mode 100644 -index 0000000..1540fb0 ---- /dev/null -+++ b/data/io.elementary.granite.gschema.xml -@@ -0,0 +1,15 @@ -+ -+ -+ -+ -+ -+ -+ -+ -+ -+ "12h" -+ Whether the clock displays in 12h or 24h format -+ Whether the clock displays in 12h or 24h format -+ -+ -+ -diff --git a/data/meson.build b/data/meson.build -new file mode 100644 -index 0000000..96cc3b1 ---- /dev/null -+++ b/data/meson.build -@@ -0,0 +1,4 @@ -+install_data( -+ rdnn + '.gschema.xml', -+ install_dir: schema_dir -+) -diff --git a/lib/DateTime.vala b/lib/DateTime.vala -index 2069e1f..5e9075d 100644 ---- a/lib/DateTime.vala -+++ b/lib/DateTime.vala -@@ -104,13 +104,13 @@ namespace Granite.DateTime { - } - - /** -- * Gets the //clock-format// key from //org.gnome.desktop.interface// schema -+ * Gets the //clock-format// key from //io.elementary.granite// schema - * and determines if the clock format is 12h based - * - * @return true if the clock format is 12h based, false otherwise. - */ - private static bool is_clock_format_12h () { -- var h24_settings = new Settings ("io.elementary.desktop.wingpanel.datetime"); -+ var h24_settings = new Settings ("io.elementary.granite"); - var format = h24_settings.get_string ("clock-format"); - return (format.contains ("12h")); - } -diff --git a/meson.build b/meson.build -index 8c886be..5f95055 100644 ---- a/meson.build -+++ b/meson.build -@@ -5,6 +5,8 @@ project( - version: '5.2.3' - ) - -+rdnn = 'io.elementary.' + meson.project_name() -+ - if meson.get_compiler('vala').version().version_compare('<0.40.0') - error('vala compiler version 0.40.0 or newer is required.') - endif -@@ -53,10 +55,18 @@ icons_dir = join_paths( - 'hicolor' - ) - -+schema_dir = join_paths( -+ get_option('prefix'), -+ get_option('datadir'), -+ 'glib-2.0', -+ 'schemas' -+) -+ - pkgconfig = import('pkgconfig') - i18n = import('i18n') - - subdir('lib') -+subdir('data') - subdir('demo') - subdir('icons') - subdir('po') -@@ -69,5 +79,6 @@ endif - meson.add_install_script( - join_paths(meson.current_source_dir(), 'meson', 'post_install.py'), - '--iconsdir', icons_dir, -+ '--schemadir', schema_dir, - ) - -diff --git a/meson/post_install.py b/meson/post_install.py -index 1864515..5313f96 100755 ---- a/meson/post_install.py -+++ b/meson/post_install.py -@@ -6,11 +6,16 @@ import subprocess - - parser = argparse.ArgumentParser() - parser.add_argument("--iconsdir", action="store", required=True) -+parser.add_argument("--schemadir", action="store", required=True) - args = vars(parser.parse_args()) - - icons_dir = args["iconsdir"] -+schema_dir = args["schemadir"] - - if not os.environ.get('DESTDIR'): - print('Compiling icon cache ...') - subprocess.run(['gtk-update-icon-cache', icons_dir]) - -+ print('Compiling GSettings schemas ...') -+ subprocess.run(['glib-compile-schemas', schema_dir]) -+ --- -2.20.1 - diff --git a/pkgs/desktops/pantheon/granite/default.nix b/pkgs/desktops/pantheon/granite/default.nix index eae9aa4afca..66ba331ddcd 100644 --- a/pkgs/desktops/pantheon/granite/default.nix +++ b/pkgs/desktops/pantheon/granite/default.nix @@ -14,7 +14,10 @@ stdenv.mkDerivation rec { patches = [ # Resolve the circular dependency between granite and the datetime wingpanel indicator # See: https://github.com/elementary/granite/pull/242 - ./02-datetime-clock-format-gsettings.patch + (fetchpatch { + url = "https://src.fedoraproject.org/rpms/granite/raw/0550b44ed6400c9b1ff7e70871913747df2ff323/f/00-datetime-clock-format-gsettings.patch"; + sha256 = "0i9yvdmn77x5fjdwd1raw6ym8js8yxa7w6ydc7syx7hcyls00dmq"; + }) ]; passthru = { From 98be12ab3aa2d1eece1c4daf86dcd2d66f9454a4 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Vladim=C3=ADr=20=C4=8Cun=C3=A1t?= Date: Tue, 19 Feb 2019 11:02:38 +0100 Subject: [PATCH 8/8] libpng: apply patches from Debian - first unbreaks ARM builds - second fixes a low-severity CVE These only get applied on aarch64 *for now*, to iterate staging faster. --- pkgs/development/libraries/libpng/default.nix | 11 +++++++++++ 1 file changed, 11 insertions(+) diff --git a/pkgs/development/libraries/libpng/default.nix b/pkgs/development/libraries/libpng/default.nix index 9fc7d771202..206472187b0 100644 --- a/pkgs/development/libraries/libpng/default.nix +++ b/pkgs/development/libraries/libpng/default.nix @@ -18,6 +18,17 @@ in stdenv.mkDerivation rec { url = "mirror://sourceforge/libpng/libpng-${version}.tar.xz"; sha256 = "06d35a3xz2a0kph82r56hqm1fn8fbwrqs07xzmr93dx63x695szc"; }; + patches = if !stdenv.hostPlatform.isAarch64 then null # temporarily avoid rebuild + else [ + (fetchurl { # https://github.com/glennrp/libpng/issues/266 + url = "https://salsa.debian.org/debian/libpng1.6/raw/0e1348f3d/debian/patches/272.patch"; + sha256 = "1d36khgryq2p27bdx10xrr4kcjr7cdfdj2zhdcjzznpnpns97s6n"; + }) + (fetchurl { # https://github.com/glennrp/libpng/issues/275 + url = "https://salsa.debian.org/debian/libpng1.6/raw/853d1977/debian/patches/CVE-2019-7317.patch"; + sha256 = "0c8qc176mqh08kcxlnx40rzdggchihkrlzqw6qg6lf0c9ygkf55k"; + }) + ]; postPatch = whenPatched "gunzip < ${patch_src} | patch -Np1"; outputs = [ "out" "dev" "man" ];