diff --git a/nixos/modules/services/networking/unbound.nix b/nixos/modules/services/networking/unbound.nix index 09aef9a1dcf..6d7178047ea 100644 --- a/nixos/modules/services/networking/unbound.nix +++ b/nixos/modules/services/networking/unbound.nix @@ -21,7 +21,15 @@ let )) else throw (traceSeq v "services.unbound.settings: unexpected type"); - confFile = pkgs.writeText "unbound.conf" (concatStringsSep "\n" ((mapAttrsToList (toConf "") cfg.settings) ++ [""])); + confNoServer = concatStringsSep "\n" ((mapAttrsToList (toConf "") (builtins.removeAttrs cfg.settings [ "server" ])) ++ [""]); + confServer = concatStringsSep "\n" (mapAttrsToList (toConf " ") (builtins.removeAttrs cfg.settings.server [ "define-tag" ])); + + confFile = pkgs.writeText "unbound.conf" '' + server: + ${optionalString (cfg.settings.server.define-tag != "") (toOption " " "define-tag" cfg.settings.server.define-tag)} + ${confServer} + ${confNoServer} + ''; rootTrustAnchorFile = "${cfg.stateDir}/root.key"; @@ -170,6 +178,7 @@ in { # prevent race conditions on system startup when interfaces are not yet # configured ip-freebind = mkDefault true; + define-tag = mkDefault ""; }; remote-control = { control-enable = mkDefault false; diff --git a/nixos/tests/chromium.nix b/nixos/tests/chromium.nix index 60ecf986d6e..752c8bef31d 100644 --- a/nixos/tests/chromium.nix +++ b/nixos/tests/chromium.nix @@ -30,7 +30,10 @@ mapAttrs (channel: chromiumPkg: makeTest rec { machine.imports = [ ./common/user-account.nix ./common/x11.nix ]; machine.virtualisation.memorySize = 2047; machine.test-support.displayManager.auto.user = user; - machine.environment.systemPackages = [ chromiumPkg ]; + machine.environment = { + systemPackages = [ chromiumPkg ]; + variables."XAUTHORITY" = "/home/alice/.Xauthority"; + }; startupHTML = pkgs.writeText "chromium-startup.html" '' @@ -63,17 +66,32 @@ mapAttrs (channel: chromiumPkg: makeTest rec { return "su - ${user} -c " + shlex.quote(cmd) - def get_browser_binary(): - """Returns the name of the browser binary.""" + def launch_browser(): + """Launches the web browser with the correct options.""" + # Determine the name of the binary: pname = "${getName chromiumPkg.name}" if pname.find("chromium") != -1: - return "chromium" # Same name for all channels and ungoogled-chromium - if pname == "google-chrome": - return "google-chrome-stable" - if pname == "google-chrome-dev": - return "google-chrome-unstable" - # For google-chrome-beta and as fallback: - return pname + binary = "chromium" # Same name for all channels and ungoogled-chromium + elif pname == "google-chrome": + binary = "google-chrome-stable" + elif pname == "google-chrome-dev": + binary = "google-chrome-unstable" + else: # For google-chrome-beta and as fallback: + binary = pname + # Add optional CLI options: + options = [] + major_version = "${versions.major (getVersion chromiumPkg.name)}" + if major_version > "91": + # To avoid a GPU crash: + options += ["--use-gl=angle", "--use-angle=swiftshader"] + options.append("file://${startupHTML}") + # Launch the process: + machine.succeed(ru(f'ulimit -c unlimited; {binary} {shlex.join(options)} & disown')) + if binary.startswith("google-chrome"): + # Need to click away the first window: + machine.wait_for_text("Make Google Chrome the default browser") + machine.screenshot("google_chrome_default_browser_prompt") + machine.send_key("ret") def create_new_win(): @@ -124,24 +142,32 @@ mapAttrs (channel: chromiumPkg: makeTest rec { @contextmanager - def test_new_win(description): + def test_new_win(description, url, window_name): create_new_win() + machine.wait_for_window("New Tab") + machine.send_chars(f"{url}\n") + machine.wait_for_window(window_name) + machine.screenshot(description) + machine.succeed( + ru( + "${xdo "copy-all" '' + key --delay 1000 Ctrl+a Ctrl+c + ''}" + ) + ) + clipboard = machine.succeed( + ru("${pkgs.xclip}/bin/xclip -o") + ) + print(f"{description} window content:\n{clipboard}") with machine.nested(description): - yield + yield clipboard # Close the newly created window: machine.send_key("ctrl-w") machine.wait_for_x() - url = "file://${startupHTML}" - machine.succeed(ru(f'ulimit -c unlimited; "{get_browser_binary()}" "{url}" & disown')) - - if get_browser_binary().startswith("google-chrome"): - # Need to click away the first window: - machine.wait_for_text("Make Google Chrome the default browser") - machine.screenshot("google_chrome_default_browser_prompt") - machine.send_key("ret") + launch_browser() machine.wait_for_text("startup done") machine.wait_until_succeeds( @@ -164,49 +190,7 @@ mapAttrs (channel: chromiumPkg: makeTest rec { machine.screenshot("startup_done") - with test_new_win("check sandbox"): - machine.succeed( - ru( - "${xdo "type-url" '' - search --sync --onlyvisible --name "New Tab" - windowfocus --sync - type --delay 1000 "chrome://sandbox" - ''}" - ) - ) - - machine.succeed( - ru( - "${xdo "submit-url" '' - search --sync --onlyvisible --name "New Tab" - windowfocus --sync - key --delay 1000 Return - ''}" - ) - ) - - machine.screenshot("sandbox_info") - - machine.succeed( - ru( - "${xdo "find-window" '' - search --sync --onlyvisible --name "Sandbox Status" - windowfocus --sync - ''}" - ) - ) - machine.succeed( - ru( - "${xdo "copy-sandbox-info" '' - key --delay 1000 Ctrl+a Ctrl+c - ''}" - ) - ) - - clipboard = machine.succeed( - ru("${pkgs.xclip}/bin/xclip -o") - ) - + with test_new_win("sandbox_info", "chrome://sandbox", "Sandbox Status") as clipboard: filters = [ "layer 1 sandbox.*namespace", "pid namespaces.*yes", @@ -253,6 +237,12 @@ mapAttrs (channel: chromiumPkg: makeTest rec { machine.screenshot("after_copy_from_chromium") + + with test_new_win("gpu_info", "chrome://gpu", "chrome://gpu"): + # To check the text rendering (catches regressions like #131074): + machine.wait_for_text("Graphics Feature Status") + + machine.shutdown() ''; }) channelMap diff --git a/pkgs/applications/networking/apache-directory-studio/default.nix b/pkgs/applications/networking/apache-directory-studio/default.nix index 18f9a7990c3..b37039c94d2 100644 --- a/pkgs/applications/networking/apache-directory-studio/default.nix +++ b/pkgs/applications/networking/apache-directory-studio/default.nix @@ -10,8 +10,8 @@ let genericName = "Apache Directory Studio"; categories = "Java;Network"; }; - version = "2.0.0-M15"; - versionWithDate = "2.0.0.v20200411-M15"; + version = "2.0.0-M17"; + versionWithDate = "2.0.0.v20210717-M17"; in stdenv.mkDerivation rec { pname = "apache-directory-studio"; @@ -21,7 +21,7 @@ stdenv.mkDerivation rec { if stdenv.hostPlatform.system == "x86_64-linux" then fetchurl { url = "mirror://apache/directory/studio/${versionWithDate}/ApacheDirectoryStudio-${versionWithDate}-linux.gtk.x86_64.tar.gz"; - sha256 = "1rkyb0qcsl9hk2qcwp5mwaab69q3sn77v5xyn9mbvi5wg9icbc37"; + sha256 = "19zdspzv4n3mfgb1g45s3wh0vbvn6a9zjd4xi5x2afmdjkzlwxi4"; } else throw "Unsupported system: ${stdenv.hostPlatform.system}"; diff --git a/pkgs/applications/networking/browsers/chromium/browser.nix b/pkgs/applications/networking/browsers/chromium/browser.nix index cc443764447..1b21093e944 100644 --- a/pkgs/applications/networking/browsers/chromium/browser.nix +++ b/pkgs/applications/networking/browsers/chromium/browser.nix @@ -62,7 +62,7 @@ mkChromiumDerivation (base: rec { -e '/\[Desktop Entry\]/a\' \ -e 'StartupWMClass=chromium-browser' \ $out/share/applications/chromium-browser.desktop - '' + lib.optionalString (channel == "dev") '' + '' + lib.optionalString (channel != "stable") '' cp -v "$buildPath/crashpad_handler" "$libExecPath/" ''; @@ -84,7 +84,7 @@ mkChromiumDerivation (base: rec { else "https://www.chromium.org/"; maintainers = with maintainers; if ungoogled then [ squalus primeos ] - else [ primeos thefloweringash bendlas ]; + else [ primeos thefloweringash ]; license = if enableWideVine then licenses.unfree else licenses.bsd3; platforms = platforms.linux; mainProgram = "chromium"; diff --git a/pkgs/applications/networking/browsers/chromium/default.nix b/pkgs/applications/networking/browsers/chromium/default.nix index 14ee3290c71..535b87a87fd 100644 --- a/pkgs/applications/networking/browsers/chromium/default.nix +++ b/pkgs/applications/networking/browsers/chromium/default.nix @@ -149,9 +149,11 @@ in stdenv.mkDerivation { + "chromium${suffix}-${version}"; inherit version; - buildInputs = [ + nativeBuildInputs = [ makeWrapper ed + ]; + buildInputs = [ # needed for GSETTINGS_SCHEMAS_PATH gsettings-desktop-schemas glib gtk3 diff --git a/pkgs/applications/networking/browsers/chromium/get-commit-message.py b/pkgs/applications/networking/browsers/chromium/get-commit-message.py index 2768e31bd03..7a91b74c83d 100755 --- a/pkgs/applications/networking/browsers/chromium/get-commit-message.py +++ b/pkgs/applications/networking/browsers/chromium/get-commit-message.py @@ -19,14 +19,14 @@ for entry in feed.entries: continue url = requests.get(entry.link).url.split('?')[0] content = entry.content[0].value + content = html_tags.sub('', content) # Remove any HTML tags if re.search(r'Linux', content) is None: continue #print(url) # For debugging purposes version = re.search(r'\d+(\.\d+){3}', content).group(0) print('chromium: TODO -> ' + version) print('\n' + url) - if fixes := re.search(r'This update includes .+ security fixes\.', content): - fixes = html_tags.sub('', fixes.group(0)) + if fixes := re.search(r'This update includes .+ security fixes\.', content).group(0): zero_days = re.search(r'Google is aware( of reports)? that .+ in the wild\.', content) if zero_days: fixes += " " + zero_days.group(0) diff --git a/pkgs/applications/networking/browsers/chromium/upstream-info.json b/pkgs/applications/networking/browsers/chromium/upstream-info.json index eaf86f8a1ff..a278192f136 100644 --- a/pkgs/applications/networking/browsers/chromium/upstream-info.json +++ b/pkgs/applications/networking/browsers/chromium/upstream-info.json @@ -18,9 +18,9 @@ } }, "beta": { - "version": "92.0.4515.40", - "sha256": "1v0vmnzdqq7d2rqp1sam8nk7z20xg5l9lnlpqjxj30y8k37gzh8p", - "sha256bin64": "0i3plysx51n2gsm5vbf9666rz73pqbbns7v09wznbbncvw9zngrf", + "version": "92.0.4515.107", + "sha256": "04khamgxwzgbm2rn7is53j5g55vm5qfyz7zwxqc51sd429jsqlbf", + "sha256bin64": "179i18lckd85i6cc60mqpvv2jqdshc338m686yackdgz9qjrrlwd", "deps": { "gn": { "version": "2021-05-07", @@ -31,15 +31,15 @@ } }, "dev": { - "version": "93.0.4535.3", - "sha256": "19iy4p59n0pg9s39g614y4yxh5f6h86bcp471qdnm6fvzmzcxd18", - "sha256bin64": "16q9s8l20bmr2n0y3pi505l5hbhbmpi8kh47aylj5gzk1nr30a8r", + "version": "93.0.4577.8", + "sha256": "1x6i5bmcnj8bkpcb9gcyd1m9nzpq206yyprxrnpak117k7abr2b1", + "sha256bin64": "0qjfb9jxr2gmwb1dsvl6yzz06vsjny2l3icrsdcm0pl6r6davk2w", "deps": { "gn": { - "version": "2021-05-07", + "version": "2021-07-08", "url": "https://gn.googlesource.com/gn", - "rev": "39a87c0b36310bdf06b692c098f199a0d97fc810", - "sha256": "0x63jr5hssm9dl6la4q5ahy669k4gxvbapqxi5w32vv107jrj8v4" + "rev": "24e2f7df92641de0351a96096fb2c490b2436bb8", + "sha256": "1lwkyhfhw0zd7daqz466n7x5cddf0danr799h4jg3s0yvd4galjl" } } }, diff --git a/pkgs/applications/networking/browsers/google-chrome/default.nix b/pkgs/applications/networking/browsers/google-chrome/default.nix index a7b9ddd07d0..e6e7629ea25 100644 --- a/pkgs/applications/networking/browsers/google-chrome/default.nix +++ b/pkgs/applications/networking/browsers/google-chrome/default.nix @@ -18,7 +18,7 @@ , systemd # Loaded at runtime. -, libexif +, libexif, pciutils # Additional dependencies according to other distros. ## Ubuntu @@ -62,7 +62,7 @@ let alsaLib libXdamage libXtst libXrandr libxshmfence expat cups dbus gdk-pixbuf gcc-unwrapped.lib systemd - libexif + libexif pciutils liberation_ttf curl util-linux xdg-utils wget flac harfbuzz icu libpng opusWithCustomModes snappy speechd bzip2 libcap at-spi2-atk at-spi2-core diff --git a/pkgs/applications/networking/instant-messengers/telegram/tdesktop/default.nix b/pkgs/applications/networking/instant-messengers/telegram/tdesktop/default.nix index 27af9698788..5997de14edb 100644 --- a/pkgs/applications/networking/instant-messengers/telegram/tdesktop/default.nix +++ b/pkgs/applications/networking/instant-messengers/telegram/tdesktop/default.nix @@ -2,7 +2,7 @@ , pkg-config, cmake, ninja, python3, wrapGAppsHook, wrapQtAppsHook, removeReferencesTo , qtbase, qtimageformats, gtk3, libsForQt5, enchant2, lz4, xxHash , dee, ffmpeg, openalSoft, minizip, libopus, alsaLib, libpulseaudio, range-v3 -, tl-expected, hunspell, glibmm, webkitgtk, libtgvoip +, tl-expected, hunspell, glibmm, webkitgtk # Transitive dependencies: , pcre, xorg, util-linux, libselinux, libsepol, epoxy , at-spi2-core, libXtst, libthai, libdatrie @@ -47,6 +47,13 @@ in mkDerivation rec { --replace '"libenchant-2.so.2"' '"${enchant2}/lib/libenchant-2.so.2"' substituteInPlace Telegram/CMakeLists.txt \ --replace '"''${TDESKTOP_LAUNCHER_BASENAME}.appdata.xml"' '"''${TDESKTOP_LAUNCHER_BASENAME}.metainfo.xml"' + + substituteInPlace Telegram/ThirdParty/libtgvoip/os/linux/AudioInputALSA.cpp \ + --replace '"libasound.so.2"' '"${alsaLib}/lib/libasound.so.2"' + substituteInPlace Telegram/ThirdParty/libtgvoip/os/linux/AudioOutputALSA.cpp \ + --replace '"libasound.so.2"' '"${alsaLib}/lib/libasound.so.2"' + substituteInPlace Telegram/ThirdParty/libtgvoip/os/linux/AudioPulse.cpp \ + --replace '"libpulse.so.0"' '"${libpulseaudio}/lib/libpulse.so.0"' ''; # We want to run wrapProgram manually (with additional parameters) @@ -59,7 +66,7 @@ in mkDerivation rec { qtbase qtimageformats gtk3 libsForQt5.kwayland libsForQt5.libdbusmenu enchant2 lz4 xxHash dee ffmpeg openalSoft minizip libopus alsaLib libpulseaudio range-v3 tl-expected hunspell glibmm webkitgtk - tg_owt libtgvoip + tg_owt # Transitive dependencies: pcre xorg.libpthreadstubs xorg.libXdmcp util-linux libselinux libsepol epoxy at-spi2-core libXtst libthai libdatrie libsysprof-capture libpsl brotli @@ -70,8 +77,9 @@ in mkDerivation rec { # We're allowed to used the API ID of the Snap package: "-DTDESKTOP_API_ID=611335" "-DTDESKTOP_API_HASH=d524b414d21f4d37f08684c1df41ac9c" - #"-DDESKTOP_APP_SPECIAL_TARGET=\"\"" # TODO: Error when set to "": Bad special target '""' "-DTDESKTOP_LAUNCHER_BASENAME=telegramdesktop" # Note: This is the default + # See: https://github.com/NixOS/nixpkgs/pull/130827#issuecomment-885212649 + "-DDESKTOP_APP_USE_PACKAGED_FONTS=OFF" ]; # Note: The following packages could be packaged system-wide, but it's @@ -115,7 +123,7 @@ in mkDerivation rec { license = licenses.gpl3; platforms = platforms.linux; homepage = "https://desktop.telegram.org/"; - changelog = "https://github.com/telegramdesktop/tdesktop/releases/tag/v{version}"; - maintainers = with maintainers; [ primeos abbradar ]; + changelog = "https://github.com/telegramdesktop/tdesktop/releases/tag/v${version}"; + maintainers = with maintainers; [ primeos abbradar oxalica ]; }; } diff --git a/pkgs/applications/networking/instant-messengers/zoom-us/default.nix b/pkgs/applications/networking/instant-messengers/zoom-us/default.nix index 44bbbeece30..9e7593c1fb8 100644 --- a/pkgs/applications/networking/instant-messengers/zoom-us/default.nix +++ b/pkgs/applications/networking/instant-messengers/zoom-us/default.nix @@ -29,11 +29,11 @@ assert pulseaudioSupport -> libpulseaudio != null; let - version = "5.6.16888.0424"; + version = "5.7.28852.0718"; srcs = { x86_64-linux = fetchurl { url = "https://zoom.us/client/${version}/zoom_x86_64.pkg.tar.xz"; - sha256 = "H/G9cSVmxYM0AVfrdpXzm7ohssDbKq2xdvIBc4d+elc="; + sha256 = "NoB9qxsuGsiwsZ3Y+F3WZpszujPBX/nehtFFI+KPV5E="; }; }; diff --git a/pkgs/applications/networking/seafile-client/default.nix b/pkgs/applications/networking/seafile-client/default.nix index 6b73f03531d..446da4cdea3 100644 --- a/pkgs/applications/networking/seafile-client/default.nix +++ b/pkgs/applications/networking/seafile-client/default.nix @@ -1,27 +1,18 @@ -{ mkDerivation, lib, fetchFromGitHub, fetchpatch, pkg-config, cmake, qtbase, qttools +{ mkDerivation, lib, fetchFromGitHub, pkg-config, cmake, qtbase, qttools , seafile-shared, jansson, libsearpc , withShibboleth ? true, qtwebengine }: mkDerivation rec { pname = "seafile-client"; - version = "8.0.1"; + version = "8.0.3"; src = fetchFromGitHub { owner = "haiwen"; repo = "seafile-client"; - rev = "b4b944921c7efef13a93d693c45c997943899dec"; - sha256 = "2vV+6ZXjVg81JVLfWeD0UK+RdmpBxBU2Ozx790WFSyw="; + rev = "v${version}"; + sha256 = "cG3OSqRhYnxlzfauQia6pM/1gu+iE5mtHTGk3kGMFH0="; }; - patches = [ - # Fix compilation failure with "error: template with C linkage", fixes #122505 - (fetchpatch { - url = "https://aur.archlinux.org/cgit/aur.git/plain/fix_build_with_glib2.diff?h=seafile-client&id=7be253aaa2bdb6771721f45aa08bc875c8001c5a"; - name = "fix_build_with_glib2.diff"; - sha256 = "0hl7rcqfr8k62c1pr133bp3j63b905izaaggmgvr1af4jibal05v"; - }) - ]; - nativeBuildInputs = [ pkg-config cmake ]; buildInputs = [ qtbase qttools seafile-shared jansson libsearpc ] ++ lib.optional withShibboleth qtwebengine; diff --git a/pkgs/applications/virtualization/docker/default.nix b/pkgs/applications/virtualization/docker/default.nix index 6b72653c347..bec51af81ac 100644 --- a/pkgs/applications/virtualization/docker/default.nix +++ b/pkgs/applications/virtualization/docker/default.nix @@ -10,7 +10,7 @@ rec { , containerdRev, containerdSha256 , tiniRev, tiniSha256, buildxSupport ? false # package dependencies - , stdenv, fetchFromGitHub, fetchpatch, buildGoPackage + , stdenv, fetchFromGitHub, buildGoPackage , makeWrapper, installShellFiles, pkg-config , go-md2man, go, containerd, runc, docker-proxy, tini, libtool , sqlite, iproute2, lvm2, systemd, docker-buildx @@ -124,7 +124,7 @@ rec { }) // rec { inherit version rev; - name = "docker-${version}"; + pname = "docker"; src = fetchFromGitHub { owner = "docker"; @@ -163,8 +163,6 @@ rec { postPatch = '' patchShebangs . substituteInPlace ./scripts/build/.variables --replace "set -eu" "" - substituteInPlace ./scripts/docs/generate-man.sh --replace "-v md2man" "-v go-md2man" - substituteInPlace ./man/md2man-all.sh --replace md2man go-md2man '' + optionalString buildxSupport '' substituteInPlace ./cli-plugins/manager/manager_unix.go --replace /usr/libexec/docker/cli-plugins \ ${lib.strings.makeSearchPathOutput "bin" "libexec/docker/cli-plugins" [docker-buildx]} @@ -222,19 +220,19 @@ rec { # Get revisions from # https://github.com/moby/moby/tree/${version}/hack/dockerfile/install/* docker_20_10 = callPackage dockerGen rec { - version = "20.10.2"; + version = "20.10.6"; rev = "v${version}"; - sha256 = "0z0hpm5hrqh7p8my8lmiwpym2shs48my6p0zv2cc34wym0hcly51"; + sha256 = "15kknb26vyzjgqmn8r81a1sy1i5br6bvngqd5xljihppnxvp2gvl"; moby-src = fetchFromGitHub { owner = "moby"; repo = "moby"; rev = "v${version}"; - sha256 = "0c2zycpnwj4kh8m8xckv1raj3fx07q9bfaj46rr85jihm4p2dp5w"; + sha256 = "1l4ra9bsvydaxd2fy7dgxp7ynpp0mrlwvcdhxiafw596559ab6qk"; }; - runcRev = "ff819c7e9184c13b7c2607fe6c30ae19403a7aff"; # v1.0.0-rc92 - runcSha256 = "0r4zbxbs03xr639r7848282j1ybhibfdhnxyap9p76j5w8ixms94"; - containerdRev = "269548fa27e0089a8b8278fc4fc781d7f65a939b"; # v1.4.3 - containerdSha256 = "09xvhjg5f8h90w1y94kqqnqzhbhd62dcdd9wb9sdqakisjk6zrl0"; + runcRev = "b9ee9c6314599f1b4a7f497e1f1f856fe433d3b7"; # v1.0.0-rc95 + runcSha256 = "18sbvmlvb6kird4w3rqsfrjdj7n25firabvdxsl0rxjfy9r1g2xb"; + containerdRev = "12dca9790f4cb6b18a6a7a027ce420145cb98ee7"; # v1.5.1 + containerdSha256 = "16q34yiv5q98b9d5vgy1lmmppg8agrmnfd1kzpakkf4czkws0p4d"; tiniRev = "de40ad007797e0dcd8b7126f27bb87401d224240"; # v0.19.0 tiniSha256 = "1h20i3wwlbd8x4jr2gz68hgklh0lb0jj7y5xk1wvr8y58fip1rdn"; }; diff --git a/pkgs/applications/virtualization/firecracker/default.nix b/pkgs/applications/virtualization/firecracker/default.nix index a8fbb1d09c1..b0cfe8d5973 100644 --- a/pkgs/applications/virtualization/firecracker/default.nix +++ b/pkgs/applications/virtualization/firecracker/default.nix @@ -1,17 +1,17 @@ { fetchurl, lib, stdenv }: let - version = "0.24.3"; + version = "0.24.4"; suffix = { - x86_64-linux = "x86_64"; + x86_64-linux = "x86_64"; aarch64-linux = "aarch64"; }."${stdenv.hostPlatform.system}" or (throw "Unsupported system: ${stdenv.hostPlatform.system}"); baseurl = "https://github.com/firecracker-microvm/firecracker/releases/download"; dlbin = sha256: fetchurl { - url = "${baseurl}/v${version}/firecracker-v${version}-${suffix}.tgz"; + url = "${baseurl}/v${version}/firecracker-v${version}-${suffix}.tgz"; sha256 = sha256."${stdenv.hostPlatform.system}"; }; @@ -22,15 +22,15 @@ stdenv.mkDerivation { sourceRoot = "."; src = dlbin { - x86_64-linux = "sha256-i6NMVFoLm4hQJH7RnhfC0t+0DJCINoP5b/iCv9JyRdk="; - aarch64-linux = "0m7xs12g97z1ipzaf7dgknf3azlah0p6bdr9i454azvzg955238b"; + x86_64-linux = "sha256-EKndfLdkxn+S+2ElAyQ+mKEo5XN6kqZLuLCsQf+fKuk="; + aarch64-linux = "0zzr8x776aya6f6pw0dc0a6jxgbqv3f37p1vd8mmlsdv66c4kmfb"; }; configurePhase = ":"; - buildPhase = '' - mv firecracker-* firecracker - mv jailer-* jailer + buildPhase = '' + mv release-v${version}/firecracker-v${version}-${suffix} firecracker + mv release-v${version}/jailer-v${version}-${suffix} jailer chmod +x firecracker jailer ''; @@ -48,9 +48,9 @@ stdenv.mkDerivation { meta = with lib; { description = "Secure, fast, minimal micro-container virtualization"; - homepage = "http://firecracker-microvm.io"; - license = licenses.asl20; - platforms = [ "x86_64-linux" "aarch64-linux" ]; - maintainers = with maintainers; [ thoughtpolice ]; + homepage = "http://firecracker-microvm.io"; + license = licenses.asl20; + platforms = [ "x86_64-linux" "aarch64-linux" ]; + maintainers = with maintainers; [ thoughtpolice endocrimes ]; }; } diff --git a/pkgs/desktops/gnome/apps/gnome-boxes/default.nix b/pkgs/desktops/gnome/apps/gnome-boxes/default.nix index 605275be7de..9ddd53ca429 100644 --- a/pkgs/desktops/gnome/apps/gnome-boxes/default.nix +++ b/pkgs/desktops/gnome/apps/gnome-boxes/default.nix @@ -53,11 +53,11 @@ stdenv.mkDerivation rec { pname = "gnome-boxes"; - version = "40.1"; + version = "40.2"; src = fetchurl { url = "mirror://gnome/sources/${pname}/${lib.versions.major version}/${pname}-${version}.tar.xz"; - sha256 = "seKPLH+3a/T7uGLQ1S6BG5TL6f8W8GdAiWRWhpCILvg="; + sha256 = "hzN1mi2GpWNnWWpTSQRjO4HKqlxFpWNtsulZDHFK6Nk="; }; doCheck = true; diff --git a/pkgs/desktops/gnome/apps/gnome-calendar/default.nix b/pkgs/desktops/gnome/apps/gnome-calendar/default.nix index 9c0b1f65976..da2e37e51fc 100644 --- a/pkgs/desktops/gnome/apps/gnome-calendar/default.nix +++ b/pkgs/desktops/gnome/apps/gnome-calendar/default.nix @@ -24,11 +24,11 @@ stdenv.mkDerivation rec { pname = "gnome-calendar"; - version = "40.1"; + version = "40.2"; src = fetchurl { url = "mirror://gnome/sources/${pname}/${lib.versions.major version}/${pname}-${version}.tar.xz"; - sha256 = "2M30n57uHDo8aZHDL4VjxKfE2w23ymPOUcyRjkM7M6U="; + sha256 = "njcB/UoOWJgA0iUgN3BkTzHVI0ZV9UqDqF/wVW3X6jM="; }; patches = [ diff --git a/pkgs/desktops/gnome/core/epiphany/default.nix b/pkgs/desktops/gnome/core/epiphany/default.nix index f286d384c4e..0b4191b2266 100644 --- a/pkgs/desktops/gnome/core/epiphany/default.nix +++ b/pkgs/desktops/gnome/core/epiphany/default.nix @@ -37,11 +37,11 @@ stdenv.mkDerivation rec { pname = "epiphany"; - version = "40.1"; + version = "40.2"; src = fetchurl { url = "mirror://gnome/sources/${pname}/${lib.versions.major version}/${pname}-${version}.tar.xz"; - sha256 = "1l0sb1xg16g4wg3z99xb0w2kbyczbn7q4mphs3w4lxq22xml4sk9"; + sha256 = "dRGeIgZWV89w7ytgPU9zg1VzvQNPHmGMD2YkeP1saDU="; }; nativeBuildInputs = [ diff --git a/pkgs/desktops/gnome/core/evolution-data-server/default.nix b/pkgs/desktops/gnome/core/evolution-data-server/default.nix index 0ed3565d7f0..8781a2aa7fd 100644 --- a/pkgs/desktops/gnome/core/evolution-data-server/default.nix +++ b/pkgs/desktops/gnome/core/evolution-data-server/default.nix @@ -6,13 +6,13 @@ stdenv.mkDerivation rec { pname = "evolution-data-server"; - version = "3.40.1"; + version = "3.40.2"; outputs = [ "out" "dev" ]; src = fetchurl { url = "mirror://gnome/sources/evolution-data-server/${lib.versions.majorMinor version}/${pname}-${version}.tar.xz"; - sha256 = "08iykha7zhk21b3axsp3v1jfwda612v0m8rz8zlzppm5i8s5ziza"; + sha256 = "7IKVFjnzKlzs6AqLC5qj9mt9MY4+4sHDUjTy4r3opBg="; }; patches = [ diff --git a/pkgs/desktops/gnome/core/gnome-software/default.nix b/pkgs/desktops/gnome/core/gnome-software/default.nix index 64cd214e809..226b251ec46 100644 --- a/pkgs/desktops/gnome/core/gnome-software/default.nix +++ b/pkgs/desktops/gnome/core/gnome-software/default.nix @@ -43,11 +43,11 @@ in stdenv.mkDerivation rec { pname = "gnome-software"; - version = "40.1"; + version = "40.2"; src = fetchurl { url = "mirror://gnome/sources/gnome-software/${lib.versions.major version}/${pname}-${version}.tar.xz"; - sha256 = "16q2902swxsjdxb1nj335sv1bb76rvq4w6dn4yszkwf3s0fd86in"; + sha256 = "y9HdKguvw/U93kIAPEpKA3RsuNZNxdJ+uNvmc27nJ5Y="; }; patches = [ diff --git a/pkgs/development/libraries/gupnp/default.nix b/pkgs/development/libraries/gupnp/default.nix index bd8151d603e..c91d25123f6 100644 --- a/pkgs/development/libraries/gupnp/default.nix +++ b/pkgs/development/libraries/gupnp/default.nix @@ -1,5 +1,6 @@ { lib, stdenv , fetchurl +, fetchpatch , meson , ninja , pkg-config @@ -28,6 +29,14 @@ stdenv.mkDerivation rec { sha256 = "sha256-96AwfqUfXkTRuDL0k92QRURKOk4hHvhd/Zql3W6up9E="; }; + patches = [ + (fetchpatch { + name = "CVE-2021-33516.patch"; + url = "https://gitlab.gnome.org/GNOME/gupnp/-/commit/ca6ec9dcb26fd7a2a630eb6a68118659b589afac.patch"; + sha256 = "sha256-G7e/xNQB7Kp2fPzqVeD/cH3h1co9hZXh55QOUBnAnvU="; + }) + ]; + nativeBuildInputs = [ meson ninja diff --git a/pkgs/misc/seafile-shared/default.nix b/pkgs/misc/seafile-shared/default.nix index 15a129246e1..cc6d0ced6d1 100644 --- a/pkgs/misc/seafile-shared/default.nix +++ b/pkgs/misc/seafile-shared/default.nix @@ -13,13 +13,13 @@ stdenv.mkDerivation rec { pname = "seafile-shared"; - version = "8.0.1"; + version = "8.0.3"; src = fetchFromGitHub { owner = "haiwen"; repo = "seafile"; - rev = "d34499a2aafa024623a4210fe7f663cef13fe9a6"; - sha256 = "VKoGr3CTDFg3Q0X+MTlwa4BbfLB+28FeTyTJRCq37RA="; + rev = "v${version}"; + sha256 = "QflLh3fj+jOq/8etr9aG8LGrvtIlB/htVkWbdO+GIbM="; }; nativeBuildInputs = [ diff --git a/pkgs/tools/misc/lrzsz/default.nix b/pkgs/tools/misc/lrzsz/default.nix index 55c11b00c93..09e90ca0794 100644 --- a/pkgs/tools/misc/lrzsz/default.nix +++ b/pkgs/tools/misc/lrzsz/default.nix @@ -1,4 +1,4 @@ -{ lib, stdenv, fetchurl }: +{ lib, stdenv, gettext, fetchurl, fetchpatch }: stdenv.mkDerivation rec { name = "lrzsz-0.12.20"; @@ -8,6 +8,16 @@ stdenv.mkDerivation rec { sha256 = "1wcgfa9fsigf1gri74gq0pa7pyajk12m4z69x7ci9c6x9fqkd2y2"; }; + patches = [ + (fetchpatch { + name = "CVE-2018-10195.patch"; + url = "https://bugzilla.redhat.com/attachment.cgi?id=79507"; + sha256 = "0jlh8w0cjaz6k56f0h3a0h4wgc51axmrdn3mdspk7apjfzqcvx3c"; + }) + ]; + + nativeBuildInputs = [ gettext ]; + hardeningDisable = [ "format" ]; configureFlags = [ "--program-transform-name=s/^l//" ];