diff --git a/pkgs/applications/networking/browsers/firefox/common.nix b/pkgs/applications/networking/browsers/firefox/common.nix index 7c58072d5af..82f1c267e77 100644 --- a/pkgs/applications/networking/browsers/firefox/common.nix +++ b/pkgs/applications/networking/browsers/firefox/common.nix @@ -94,11 +94,6 @@ stdenv.mkDerivation ({ patches = [ ./env_var_for_system_dir.patch ] - ++ lib.optional (lib.versionAtLeast ffversion "73") (fetchpatch { - # https://phabricator.services.mozilla.com/D60667 - url = "https://hg.mozilla.org/mozilla-central/raw-rev/b3d8b08265b800165d684281d19ac845a8ff9a66"; - sha256 = "0b4s75w7sl619rglcjmlyvyibpj2ar5cpy6pnywl1xpd9qzyb27p"; - }) ++ patches; @@ -297,6 +292,9 @@ stdenv.mkDerivation ({ inherit browserName; } // lib.optionalAttrs gtk3Support { inherit gtk3; }; } // +lib.optionalAttrs (lib.versionAtLeast ffversion "74") { + hardeningDisable = [ "format" ]; # -Werror=format-security +} // # the build system verifies checksums of the bundled rust sources # ./third_party/rust is be patched by our libtool fixup code in stdenv # unfortunately we can't just set this to `false` when we do not want it. diff --git a/pkgs/applications/networking/browsers/firefox/packages.nix b/pkgs/applications/networking/browsers/firefox/packages.nix index d0d3f843152..cf44639ad57 100644 --- a/pkgs/applications/networking/browsers/firefox/packages.nix +++ b/pkgs/applications/networking/browsers/firefox/packages.nix @@ -7,10 +7,10 @@ in rec { firefox = common rec { pname = "firefox"; - ffversion = "73.0.1"; + ffversion = "74.0"; src = fetchurl { url = "mirror://mozilla/firefox/releases/${ffversion}/source/firefox-${ffversion}.source.tar.xz"; - sha512 = "1vdz711v44xdiry5vm4rrg7fjkrlnyn5jjkaq0bcf98jwrn9bjklmgwblrrnvmpc9pjd2ff3m7354q7vy6gd6c3yh2jhbq91v2w5yl9"; + sha512 = "245n2ilfgx3rd0xlxzpg4gcwddcy0cgaqnaf5pwixjx0n8py1imiylwlsbihf70s41cq5q8awckchs287yysr4v6pdfqqbj7s0f02ki"; }; patches = [ diff --git a/pkgs/build-support/cc-wrapper/default.nix b/pkgs/build-support/cc-wrapper/default.nix index 9bac8feef6d..7ae1c87e993 100644 --- a/pkgs/build-support/cc-wrapper/default.nix +++ b/pkgs/build-support/cc-wrapper/default.nix @@ -363,7 +363,13 @@ stdenv.mkDerivation { done '' + # There are a few tools (to name one libstdcxx5) which do not work + # well with multi line flags, so make the flags single line again + '' + if [ -e "$out/nix-support/libc-cflags" ]; then + substituteInPlace "$out/nix-support/libc-cflags" --replace $'\n' ' ' + fi + substituteAll ${./add-flags.sh} $out/nix-support/add-flags.sh substituteAll ${./add-hardening.sh} $out/nix-support/add-hardening.sh substituteAll ${../wrapper-common/utils.bash} $out/nix-support/utils.bash diff --git a/pkgs/development/libraries/audio/libgme/default.nix b/pkgs/development/libraries/audio/libgme/default.nix index b8f1a5c088a..bcd6070831b 100644 --- a/pkgs/development/libraries/audio/libgme/default.nix +++ b/pkgs/development/libraries/audio/libgme/default.nix @@ -1,13 +1,13 @@ { stdenv, fetchFromBitbucket, cmake }: let - version = "0.6.2"; + version = "0.6.3"; in stdenv.mkDerivation { pname = "libgme"; inherit version; meta = with stdenv.lib; { description = "A collection of video game music chip emulators"; - homepage = https://bitbucket.org/mpyne/game-music-emu/overview; + homepage = "https://bitbucket.org/mpyne/game-music-emu/overview"; license = licenses.lgpl21; platforms = platforms.all; maintainers = with maintainers; [ lheckemann ]; @@ -17,7 +17,7 @@ in stdenv.mkDerivation { owner = "mpyne"; repo = "game-music-emu"; rev = version; - sha256 = "00vlbfk5h99dq5rbwxk20dv72dig6wdwpgf83q451avsscky0jvk"; + sha256 = "100ahb4n4pvgcry9xzlf2fr4j57n5h9x7pvyhhxys4dcy8axqqsy"; }; buildInputs = [ cmake ]; diff --git a/pkgs/development/libraries/eigen/2.0.nix b/pkgs/development/libraries/eigen/2.0.nix index 015aeaed55b..d1527571943 100644 --- a/pkgs/development/libraries/eigen/2.0.nix +++ b/pkgs/development/libraries/eigen/2.0.nix @@ -1,15 +1,14 @@ -{stdenv, fetchurl, cmake}: +{ stdenv, fetchFromGitLab, cmake }: -let - v = "2.0.17"; -in -stdenv.mkDerivation { - name = "eigen-${v}"; +stdenv.mkDerivation rec { + pname = "eigen"; + version = "2.0.17"; - src = fetchurl { - url = "https://bitbucket.org/eigen/eigen/get/${v}.tar.bz2"; - name = "eigen-${v}.tar.bz2"; - sha256 = "0q4ry2pmdb9lvm0g92wi6s6qng3m9q73n5flwbkfcz1nxmbfhmbj"; + src = fetchFromGitLab { + owner = "libeigen"; + repo = "eigen"; + rev = version; + sha256 = "0d4knrcz04pxmxaqs5r3wv092950kl1z9wsw87vdzi9kgvc6wl0b"; }; nativeBuildInputs = [ cmake ]; @@ -17,7 +16,7 @@ stdenv.mkDerivation { meta = with stdenv.lib; { description = "C++ template library for linear algebra: vectors, matrices, and related algorithms"; license = licenses.lgpl3Plus; - homepage = http://eigen.tuxfamily.org ; + homepage = "https://eigen.tuxfamily.org"; maintainers = with stdenv.lib.maintainers; [ sander raskin ]; branch = "2"; platforms = with stdenv.lib.platforms; unix; diff --git a/pkgs/development/libraries/eigen/default.nix b/pkgs/development/libraries/eigen/default.nix index 63e2707917a..3c6a5cc1ca6 100644 --- a/pkgs/development/libraries/eigen/default.nix +++ b/pkgs/development/libraries/eigen/default.nix @@ -1,16 +1,14 @@ -{stdenv, fetchurl, cmake}: +{ stdenv, fetchFromGitLab, cmake }: -let - version = "3.3.7"; -in -stdenv.mkDerivation { +stdenv.mkDerivation rec { pname = "eigen"; - inherit version; + version = "3.3.7"; - src = fetchurl { - url = "https://bitbucket.org/eigen/eigen/get/${version}.tar.gz"; - name = "eigen-${version}.tar.gz"; - sha256 = "1nnh0v82a5xibcjaph51mx06mxbllk77fvihnd5ba0kpl23yz13y"; + src = fetchFromGitLab { + owner = "libeigen"; + repo = "eigen"; + rev = version; + sha256 = "1i3cvg8d70dk99fl3lrv3wqhfpdnm5kx01fl7r2bz46sk9bphwm1"; }; patches = [ @@ -22,7 +20,7 @@ stdenv.mkDerivation { meta = with stdenv.lib; { description = "C++ template library for linear algebra: vectors, matrices, and related algorithms"; license = licenses.lgpl3Plus; - homepage = http://eigen.tuxfamily.org ; + homepage = "https://eigen.tuxfamily.org"; platforms = platforms.unix; maintainers = with stdenv.lib.maintainers; [ sander raskin ]; inherit version; diff --git a/pkgs/development/libraries/libical/default.nix b/pkgs/development/libraries/libical/default.nix index 69c4b3aeb74..cd802fde778 100644 --- a/pkgs/development/libraries/libical/default.nix +++ b/pkgs/development/libraries/libical/default.nix @@ -15,7 +15,7 @@ stdenv.mkDerivation rec { pname = "libical"; - version = "3.0.7"; + version = "3.0.8"; outputs = [ "out" "dev" ]; # "devdoc" ]; @@ -23,7 +23,7 @@ stdenv.mkDerivation rec { owner = "libical"; repo = "libical"; rev = "v${version}"; - sha256 = "1ppf8jlpiclq3jprhx889y5lgf6lc2q4d8wy2zavzsxgnsqf67il"; + sha256 = "0pkh74bfrgp1slv8wsv7lbmal2m7qkixwm5llpmfwaiv14njlp68"; }; nativeBuildInputs = [ @@ -77,7 +77,7 @@ stdenv.mkDerivation rec { ''; meta = with stdenv.lib; { - homepage = https://github.com/libical/libical; + homepage = "https://github.com/libical/libical"; description = "An Open Source implementation of the iCalendar protocols"; license = licenses.mpl20; platforms = platforms.unix; diff --git a/pkgs/development/libraries/libseccomp/default.nix b/pkgs/development/libraries/libseccomp/default.nix index 08c276c4d55..f3816c2ef0c 100644 --- a/pkgs/development/libraries/libseccomp/default.nix +++ b/pkgs/development/libraries/libseccomp/default.nix @@ -2,11 +2,11 @@ stdenv.mkDerivation rec { pname = "libseccomp"; - version = "2.4.2"; + version = "2.4.3"; src = fetchurl { url = "https://github.com/seccomp/libseccomp/releases/download/v${version}/libseccomp-${version}.tar.gz"; - sha256 = "0nsq81acrbkdr8zairxbwa33bj2a6126npp76b4srjl472sjfkxm"; + sha256 = "07crwxqzvl5k2b90a47ii9wgvi09s9hsy5b5jddw9ylp351d25fg"; }; outputs = [ "out" "lib" "dev" "man" ]; diff --git a/pkgs/development/libraries/libusb/default.nix b/pkgs/development/libraries/libusb/default.nix index adf354c45f2..681b2eef456 100644 --- a/pkgs/development/libraries/libusb/default.nix +++ b/pkgs/development/libraries/libusb/default.nix @@ -1,17 +1,20 @@ -{stdenv, fetchurl, pkgconfig, libusb1}: +{stdenv, fetchFromGitHub, autoreconfHook, pkgconfig, libusb1}: -stdenv.mkDerivation { - name = "libusb-compat-0.1.5"; +stdenv.mkDerivation rec { + name = "libusb-compat-${version}"; + version = "0.1.7"; outputs = [ "out" "dev" ]; # get rid of propagating systemd closure outputBin = "dev"; - nativeBuildInputs = [ pkgconfig ]; + nativeBuildInputs = [ pkgconfig autoreconfHook ]; propagatedBuildInputs = [ libusb1 ]; - src = fetchurl { - url = mirror://sourceforge/libusb/libusb-compat-0.1.5.tar.bz2; - sha256 = "0nn5icrfm9lkhzw1xjvaks9bq3w6mjg86ggv3fn7kgi4nfvg8kj0"; + src = fetchFromGitHub { + owner = "libusb"; + repo = "libusb-compat-0.1"; + rev = "v${version}"; + sha256 = "1nybccgjs14b3phhaycq2jx1gym4nf6sghvnv9qdfmlqxacx0jz5"; }; patches = stdenv.lib.optional stdenv.hostPlatform.isMusl ./fix-headers.patch; diff --git a/pkgs/development/libraries/libusb1/default.nix b/pkgs/development/libraries/libusb1/default.nix index 9d90304042c..65023814171 100644 --- a/pkgs/development/libraries/libusb1/default.nix +++ b/pkgs/development/libraries/libusb1/default.nix @@ -1,5 +1,6 @@ { stdenv -, fetchurl +, fetchFromGitHub +, autoreconfHook , pkgconfig , enableSystemd ? stdenv.isLinux && !stdenv.hostPlatform.isMusl , systemd ? null @@ -10,22 +11,26 @@ assert enableSystemd -> systemd != null; -stdenv.mkDerivation (rec { +stdenv.mkDerivation rec { pname = "libusb"; version = "1.0.23"; - src = fetchurl { - url = "https://github.com/${pname}/${pname}/releases/download/v${version}/${pname}-${version}.tar.bz2"; - sha256 = "13dd2a9x290d1q8nb1lqiaf36grcvns5ripk5k2xm0lajmpc04fv"; + src = fetchFromGitHub { + owner = "libusb"; + repo = "libusb"; + rev = "v${version}"; + sha256 = "0mxbpg01kgbk5nh6524b0m4xk7ywkyzmc3yhi5asqcsd3rbhjj98"; }; outputs = [ "out" "dev" ]; # get rid of propagating systemd closure - nativeBuildInputs = [ pkgconfig ]; + nativeBuildInputs = [ pkgconfig autoreconfHook ]; propagatedBuildInputs = stdenv.lib.optional enableSystemd systemd ++ stdenv.lib.optionals stdenv.isDarwin [ libobjc IOKit ]; + dontDisableStatic = withStatic; + NIX_LDFLAGS = stdenv.lib.optionalString stdenv.isLinux "-lgcc_s"; preFixup = stdenv.lib.optionalString stdenv.isLinux '' @@ -43,8 +48,4 @@ stdenv.mkDerivation (rec { license = licenses.lgpl21Plus; maintainers = [ ]; }; -} // stdenv.lib.optionalAttrs withStatic { - # Carefully added here to avoid a mass rebuild. - # Inline this the next time this package changes. - dontDisableStatic = withStatic; -}) +} diff --git a/pkgs/development/libraries/nss/default.nix b/pkgs/development/libraries/nss/default.nix index fc2763486d1..3b3f522fdb9 100644 --- a/pkgs/development/libraries/nss/default.nix +++ b/pkgs/development/libraries/nss/default.nix @@ -5,7 +5,7 @@ let url = http://dev.gentoo.org/~polynomial-c/mozilla/nss-3.15.4-pem-support-20140109.patch.xz; sha256 = "10ibz6y0hknac15zr6dw4gv9nb5r5z9ym6gq18j3xqx7v7n3vpdw"; }; - version = "3.49.2"; + version = "3.51"; underscoreVersion = builtins.replaceStrings ["."] ["_"] version; in stdenv.mkDerivation rec { @@ -14,7 +14,7 @@ in stdenv.mkDerivation rec { src = fetchurl { url = "mirror://mozilla/security/nss/releases/NSS_${underscoreVersion}_RTM/src/${pname}-${version}.tar.gz"; - sha256 = "1ck0c4ikr0d747pn63h62b2iqzfgi0yzd25aw95hs9797hn519zs"; + sha256 = "1725d0idf5zzqafdqfdn9vprc7ys2ywhv23sqn328di968xqnd3m"; }; depsBuildBuild = [ buildPackages.stdenv.cc ]; diff --git a/pkgs/development/libraries/sqlite/analyzer.nix b/pkgs/development/libraries/sqlite/analyzer.nix index 2b287c7cc61..38eb1b158c8 100644 --- a/pkgs/development/libraries/sqlite/analyzer.nix +++ b/pkgs/development/libraries/sqlite/analyzer.nix @@ -6,11 +6,11 @@ in stdenv.mkDerivation rec { pname = "sqlite-analyzer"; - version = "3.31.0"; + version = "3.31.1"; src = assert version == sqlite.version; fetchurl { url = "https://sqlite.org/2020/sqlite-src-${archiveVersion version}.zip"; - sha256 = "1dz3s3q9gsxxfj9wp4lqndzpwd1hcvm42yqn02p0l0bs6bw0mp5l"; + sha256 = "0n7f3w59gr80s6k4l5a9bp2s97dlfapfbhb3qdhak6axhn127p7j"; }; nativeBuildInputs = [ unzip ]; diff --git a/pkgs/development/libraries/sqlite/default.nix b/pkgs/development/libraries/sqlite/default.nix index fe0eb54cf11..a59325ba6ca 100644 --- a/pkgs/development/libraries/sqlite/default.nix +++ b/pkgs/development/libraries/sqlite/default.nix @@ -10,12 +10,12 @@ in stdenv.mkDerivation rec { pname = "sqlite"; - version = "3.31.0"; + version = "3.31.1"; # NB! Make sure to update analyzer.nix src (in the same directory). src = fetchurl { url = "https://sqlite.org/2020/sqlite-autoconf-${archiveVersion version}.tar.gz"; - sha256 = "1w7i954349sjd5a6rvy118prra43k07y9hy8rpajs6vmjmnnx7bw"; + sha256 = "1bj936svd8i5g25xd1bj52hj4zca01fgl3sqkj86z9q5pkz4wa32"; }; outputs = [ "bin" "dev" "out" ]; @@ -76,7 +76,7 @@ stdenv.mkDerivation rec { meta = { description = "A self-contained, serverless, zero-configuration, transactional SQL database engine"; downloadPage = https://sqlite.org/download.html; - homepage = https://www.sqlite.org/; + homepage = "https://www.sqlite.org/"; license = licenses.publicDomain; maintainers = with maintainers; [ eelco np ]; platforms = platforms.unix ++ platforms.windows; diff --git a/pkgs/development/tools/build-managers/cmake/default.nix b/pkgs/development/tools/build-managers/cmake/default.nix index 4eb531f59a8..0a6335a3eb7 100644 --- a/pkgs/development/tools/build-managers/cmake/default.nix +++ b/pkgs/development/tools/build-managers/cmake/default.nix @@ -19,12 +19,12 @@ stdenv.mkDerivation rec { + lib.optionalString useNcurses "-cursesUI" + lib.optionalString withQt5 "-qt5UI" + lib.optionalString useQt4 "-qt4UI"; - version = "3.16.4"; + version = "3.16.5"; src = fetchurl { url = "${meta.homepage}files/v${lib.versions.majorMinor version}/cmake-${version}.tar.gz"; # compare with https://cmake.org/files/v${lib.versions.majorMinor version}/cmake-${version}-SHA-256.txt - sha256 = "0b5c77lqzfk5l7mnnih5c78i36d3skbkw20jjnph79lx9l8qrk4v"; + sha256 = "1z4bb8z6b4dvq5hrvajrf1hyybqay3xybyimf71w1jgcp180nxjz"; }; patches = [ @@ -103,7 +103,7 @@ stdenv.mkDerivation rec { doCheck = false; # fails meta = with lib; { - homepage = http://www.cmake.org/; + homepage = "http://www.cmake.org/"; description = "Cross-Platform Makefile Generator"; platforms = if useQt4 then qt4.meta.platforms else platforms.all; maintainers = with maintainers; [ ttuegel lnl7 ]; diff --git a/pkgs/servers/amqp/rabbitmq-server/default.nix b/pkgs/servers/amqp/rabbitmq-server/default.nix index 8fd207e9175..e7f0eb73c86 100644 --- a/pkgs/servers/amqp/rabbitmq-server/default.nix +++ b/pkgs/servers/amqp/rabbitmq-server/default.nix @@ -2,17 +2,18 @@ , docbook_xml_dtd_45, docbook_xsl, zip, unzip, rsync, getconf, socat , procps, coreutils, gnused, systemd, glibcLocales , AppKit, Carbon, Cocoa +, nixosTests }: stdenv.mkDerivation rec { pname = "rabbitmq-server"; - version = "3.8.2"; + version = "3.8.3"; # when updating, consider bumping elixir version in all-packages.nix src = fetchurl { url = "https://github.com/rabbitmq/rabbitmq-server/releases/download/v${version}/${pname}-${version}.tar.xz"; - sha256 = "17gixahxass9n4d697my8sq4an51rw3cicb36fqvl8fbhnwjjrwc"; + sha256 = "1fhs3g2pgrq2xi4hnlc437hkv3261l4i134m6mxid00sf1c89p5f"; }; buildInputs = @@ -59,10 +60,14 @@ stdenv.mkDerivation rec { ''; meta = { - homepage = https://www.rabbitmq.com/; + homepage = "https://www.rabbitmq.com/"; description = "An implementation of the AMQP messaging protocol"; license = stdenv.lib.licenses.mpl11; platforms = stdenv.lib.platforms.unix; maintainers = with stdenv.lib.maintainers; [ Profpatsch ]; }; + + passthru.tests = { + vm-test = nixosTests.rabbitmq; + }; }