From fa62bb8facc1fe8daad6a55117009313c042a435 Mon Sep 17 00:00:00 2001 From: Michael Weiss Date: Wed, 4 Aug 2021 21:48:57 +0200 Subject: [PATCH 1/6] ungoogled-chromium: 91.0.4472.164 -> 92.0.4515.131 (cherry picked from commit 45c32f59a58b69ca6db8c8c5fdbe0ea9eee02376) --- .../networking/browsers/chromium/common.nix | 4 +--- .../browsers/chromium/upstream-info.json | 16 ++++++++-------- 2 files changed, 9 insertions(+), 11 deletions(-) diff --git a/pkgs/applications/networking/browsers/chromium/common.nix b/pkgs/applications/networking/browsers/chromium/common.nix index c2417d9f524..e24f15179f6 100644 --- a/pkgs/applications/networking/browsers/chromium/common.nix +++ b/pkgs/applications/networking/browsers/chromium/common.nix @@ -136,11 +136,9 @@ let nativeBuildInputs = [ ninja pkg-config - python2WithPackages perl nodejs + python2WithPackages python3WithPackages perl nodejs gnutar which llvmPackages.bintools - ] ++ lib.optionals (chromiumVersionAtLeast "92") [ - python3WithPackages ]; buildInputs = defaultDependencies ++ [ diff --git a/pkgs/applications/networking/browsers/chromium/upstream-info.json b/pkgs/applications/networking/browsers/chromium/upstream-info.json index a6df334a97d..4bb2cfd1291 100644 --- a/pkgs/applications/networking/browsers/chromium/upstream-info.json +++ b/pkgs/applications/networking/browsers/chromium/upstream-info.json @@ -44,19 +44,19 @@ } }, "ungoogled-chromium": { - "version": "91.0.4472.164", - "sha256": "1g96hk72ds2b0aymgw7yjr0akgx7mkp17i99nk511ncnmni6zrc4", - "sha256bin64": "1j6p2gqlikaibcwa40k46dsm9jlrpbj21lv1snnjw8apjnjfd2wr", + "version": "92.0.4515.131", + "sha256": "0fnfyh61w6dmavvfbf2x1zzrby0xpx4jd4ifjsgyc39rsl789b5n", + "sha256bin64": "04ykc7vgq47m595j0g0gl28n5rkki6aic7ck8xr08r5cia46gk3g", "deps": { "gn": { - "version": "2021-04-06", + "version": "2021-05-07", "url": "https://gn.googlesource.com/gn", - "rev": "dba01723a441c358d843a575cb7720d54ddcdf92", - "sha256": "199xkks67qrn0xa5fhp24waq2vk8qb78a96cb3kdd8v1hgacgb8x" + "rev": "39a87c0b36310bdf06b692c098f199a0d97fc810", + "sha256": "0x63jr5hssm9dl6la4q5ahy669k4gxvbapqxi5w32vv107jrj8v4" }, "ungoogled-patches": { - "rev": "91.0.4472.164-1", - "sha256": "1vlirqrsliyl1dvm511p5axzvhvqil1m1jlk5zngvl9zfbdjw910" + "rev": "92.0.4515.131-1", + "sha256": "1nbgknj5ba116y47sxbp7pbma1bp0lmkyi3vk915x837ysaf6mrd" } } } From 7df18c5b7650ddb8b663e1717301ea88932184a6 Mon Sep 17 00:00:00 2001 From: Michael Weiss Date: Thu, 5 Aug 2021 11:20:58 +0200 Subject: [PATCH 2/6] signal-desktop: 5.12.0 -> 5.12.1 (cherry picked from commit f11652f0a6ec62eb3b8f0e93db2211a14662c322) --- .../networking/instant-messengers/signal-desktop/default.nix | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/pkgs/applications/networking/instant-messengers/signal-desktop/default.nix b/pkgs/applications/networking/instant-messengers/signal-desktop/default.nix index 3f79fba89e9..a3c12277b3b 100644 --- a/pkgs/applications/networking/instant-messengers/signal-desktop/default.nix +++ b/pkgs/applications/networking/instant-messengers/signal-desktop/default.nix @@ -25,7 +25,7 @@ let else ""); in stdenv.mkDerivation rec { pname = "signal-desktop"; - version = "5.12.0"; # Please backport all updates to the stable channel. + version = "5.12.1"; # Please backport all updates to the stable channel. # All releases have a limited lifetime and "expire" 90 days after the release. # When releases "expire" the application becomes unusable until an update is # applied. The expiration date for the current release can be extracted with: @@ -35,7 +35,7 @@ in stdenv.mkDerivation rec { src = fetchurl { url = "https://updates.signal.org/desktop/apt/pool/main/s/signal-desktop/signal-desktop_${version}_amd64.deb"; - sha256 = "0cvh70ijx61rq7qjzrmn85lhkm8vkcbxvgjvkpls21v3yl5anrjb"; + sha256 = "099p0bmaa60dfij5wq9pyfxnhy77cdnfqx4dj4377rzyfmfgnhzx"; }; nativeBuildInputs = [ From 5e6c3593d669707e1c7209d101e27abbd4896cc1 Mon Sep 17 00:00:00 2001 From: Frederik Ramcke <757280+EggBaconAndSpam@users.noreply.github.com> Date: Thu, 5 Aug 2021 12:55:56 +0200 Subject: [PATCH 3/6] mupdf: apply patch for CVE-2021-37220 (cherry picked from commit 2ac25f65a491524898f2c28a19699664ed6198b9) --- pkgs/applications/misc/mupdf/default.nix | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/pkgs/applications/misc/mupdf/default.nix b/pkgs/applications/misc/mupdf/default.nix index 21c699da3fa..f23ca82074f 100644 --- a/pkgs/applications/misc/mupdf/default.nix +++ b/pkgs/applications/misc/mupdf/default.nix @@ -60,6 +60,11 @@ stdenv.mkDerivation rec { url = "http://git.ghostscript.com/?p=mupdf.git;a=patch;h=cee7cefc610d42fd383b3c80c12cbc675443176a"; sha256 = "18g9jsj90jnqibaff8pqi70a7x8ygc3sh4jl4xnvlv8vr7fxxbh6"; }) + (fetchpatch { + name = "CVE-2021-37220.patch"; + url = "http://git.ghostscript.com/?p=mupdf.git;a=patch;h=f5712c9949d026e4b891b25837edd2edc166151f"; + sha256 = "1zyw6w6zr7k2akpzkyycj2zzw3y5qc7afsn1ysklfj2rvb6cnsx3"; + }) ]; postPatch = '' From 274b5f5099a57d8b9b67c31077276780f5c84e03 Mon Sep 17 00:00:00 2001 From: Yureka Date: Thu, 29 Jul 2021 15:22:51 +0200 Subject: [PATCH 4/6] gitlab: 14.1.0 -> 14.1.1 https://about.gitlab.com/releases/2021/07/28/gitlab-14-1-1-released/ (cherry picked from commit 5a69fb930d7621376a17fb144ba57da99e2814a9) --- pkgs/applications/version-management/gitlab/data.json | 10 +++++----- .../version-management/gitlab/gitaly/default.nix | 4 ++-- .../gitlab/gitlab-workhorse/default.nix | 2 +- 3 files changed, 8 insertions(+), 8 deletions(-) diff --git a/pkgs/applications/version-management/gitlab/data.json b/pkgs/applications/version-management/gitlab/data.json index c46aaffbbd2..ec91ef3ccc6 100644 --- a/pkgs/applications/version-management/gitlab/data.json +++ b/pkgs/applications/version-management/gitlab/data.json @@ -1,13 +1,13 @@ { - "version": "14.1.0", - "repo_hash": "1a61jc8rsbdbyh891nwygl7qlsj0lm8v59s66hn22csg0dvn6qk6", + "version": "14.1.1", + "repo_hash": "1cygdllhqxah7d8lmx4hcx880wijwfvbbs6dfkdzcn0cd3czpcv8", "owner": "gitlab-org", "repo": "gitlab", - "rev": "v14.1.0-ee", + "rev": "v14.1.1-ee", "passthru": { - "GITALY_SERVER_VERSION": "14.1.0", + "GITALY_SERVER_VERSION": "14.1.1", "GITLAB_PAGES_VERSION": "1.41.0", "GITLAB_SHELL_VERSION": "13.19.0", - "GITLAB_WORKHORSE_VERSION": "14.1.0" + "GITLAB_WORKHORSE_VERSION": "14.1.1" } } diff --git a/pkgs/applications/version-management/gitlab/gitaly/default.nix b/pkgs/applications/version-management/gitlab/gitaly/default.nix index bdc5eb92249..87f200a20fc 100644 --- a/pkgs/applications/version-management/gitlab/gitaly/default.nix +++ b/pkgs/applications/version-management/gitlab/gitaly/default.nix @@ -21,14 +21,14 @@ let }; }; in buildGoModule rec { - version = "14.1.0"; + version = "14.1.1"; pname = "gitaly"; src = fetchFromGitLab { owner = "gitlab-org"; repo = "gitaly"; rev = "v${version}"; - sha256 = "sha256-k9Vz/b5ZKz93/7nzEA5mnQI8U++CB3E9b8gJBefl2b0="; + sha256 = "sha256-UCWN9TXbfysNLMOU8bDcjrwYtz7+kTCDQmRAl84ysWU="; }; vendorSha256 = "sha256-/SZJGRUg0qV7RYCUSGDE/HL9CmzGVffhL6BmZ316tU0="; diff --git a/pkgs/applications/version-management/gitlab/gitlab-workhorse/default.nix b/pkgs/applications/version-management/gitlab/gitlab-workhorse/default.nix index 39bb89722e5..beee2c2c894 100644 --- a/pkgs/applications/version-management/gitlab/gitlab-workhorse/default.nix +++ b/pkgs/applications/version-management/gitlab/gitlab-workhorse/default.nix @@ -5,7 +5,7 @@ in buildGoModule rec { pname = "gitlab-workhorse"; - version = "14.1.0"; + version = "14.1.1"; src = fetchFromGitLab { owner = data.owner; From ff1ea3a36c1dfafdf0490e0d144c5a0ed0891bb9 Mon Sep 17 00:00:00 2001 From: Yureka Date: Mon, 2 Aug 2021 18:04:54 +0200 Subject: [PATCH 5/6] nixos/tests/gitlab: disable gitlab-pages tests (cherry picked from commit 6b021012c5d8e53a7129c08996aa3d8c7067d407) --- nixos/tests/gitlab.nix | 12 +++++++----- 1 file changed, 7 insertions(+), 5 deletions(-) diff --git a/nixos/tests/gitlab.nix b/nixos/tests/gitlab.nix index a629bf749ca..5c9aac46961 100644 --- a/nixos/tests/gitlab.nix +++ b/nixos/tests/gitlab.nix @@ -51,10 +51,11 @@ import ./make-test-python.nix ({ pkgs, lib, ...} : with lib; { host = "localhost"; port = 143; }; - pages = { - enabled = true; - host = "localhost"; - }; + # https://github.com/NixOS/nixpkgs/issues/132295 + # pages = { + # enabled = true; + # host = "localhost"; + # }; }; secrets = { secretFile = pkgs.writeText "secret" "Aig5zaic"; @@ -92,7 +93,8 @@ import ./make-test-python.nix ({ pkgs, lib, ...} : with lib; { waitForServices = '' gitlab.wait_for_unit("gitaly.service") gitlab.wait_for_unit("gitlab-workhorse.service") - gitlab.wait_for_unit("gitlab-pages.service") + # https://github.com/NixOS/nixpkgs/issues/132295 + # gitlab.wait_for_unit("gitlab-pages.service") gitlab.wait_for_unit("gitlab-mailroom.service") gitlab.wait_for_unit("gitlab.service") gitlab.wait_for_unit("gitlab-sidekiq.service") From 7036ca99ae5f9abbc09cdd31db6497f352b48fa5 Mon Sep 17 00:00:00 2001 From: Yureka Date: Thu, 5 Aug 2021 14:22:39 +0200 Subject: [PATCH 6/6] gitlab: 14.1.1 -> 14.1.2 (cherry picked from commit 5957f4edb9f3a266733c0335dc6ab7f8e674c444) --- .../applications/version-management/gitlab/data.json | 12 ++++++------ .../version-management/gitlab/default.nix | 4 ++-- .../version-management/gitlab/gitaly/default.nix | 4 ++-- .../gitlab/gitlab-shell/default.nix | 4 ++-- .../gitlab/gitlab-workhorse/default.nix | 2 +- .../version-management/gitlab/rubyEnv/Gemfile.lock | 2 +- .../version-management/gitlab/rubyEnv/gemset.nix | 4 ++-- 7 files changed, 16 insertions(+), 16 deletions(-) diff --git a/pkgs/applications/version-management/gitlab/data.json b/pkgs/applications/version-management/gitlab/data.json index ec91ef3ccc6..9294700afed 100644 --- a/pkgs/applications/version-management/gitlab/data.json +++ b/pkgs/applications/version-management/gitlab/data.json @@ -1,13 +1,13 @@ { - "version": "14.1.1", - "repo_hash": "1cygdllhqxah7d8lmx4hcx880wijwfvbbs6dfkdzcn0cd3czpcv8", + "version": "14.1.2", + "repo_hash": "1d28minrpgp8awcnx15bm7jv0k27i46wji3pc2d6wh1m0wk74b60", "owner": "gitlab-org", "repo": "gitlab", - "rev": "v14.1.1-ee", + "rev": "v14.1.2-ee", "passthru": { - "GITALY_SERVER_VERSION": "14.1.1", + "GITALY_SERVER_VERSION": "14.1.2", "GITLAB_PAGES_VERSION": "1.41.0", - "GITLAB_SHELL_VERSION": "13.19.0", - "GITLAB_WORKHORSE_VERSION": "14.1.1" + "GITLAB_SHELL_VERSION": "13.19.1", + "GITLAB_WORKHORSE_VERSION": "14.1.2" } } diff --git a/pkgs/applications/version-management/gitlab/default.nix b/pkgs/applications/version-management/gitlab/default.nix index 225b9f6c0cb..8753def1121 100644 --- a/pkgs/applications/version-management/gitlab/default.nix +++ b/pkgs/applications/version-management/gitlab/default.nix @@ -1,7 +1,7 @@ { stdenv, lib, fetchurl, fetchpatch, fetchFromGitLab, bundlerEnv , ruby, tzdata, git, nettools, nixosTests, nodejs, openssl , gitlabEnterprise ? false, callPackage, yarn -, fixup_yarn_lock, replace, file +, fixup_yarn_lock, replace, file, cacert }: let @@ -51,7 +51,7 @@ let pname = "gitlab-assets"; inherit version src; - nativeBuildInputs = [ rubyEnv.wrappedRuby rubyEnv.bundler nodejs yarn git ]; + nativeBuildInputs = [ rubyEnv.wrappedRuby rubyEnv.bundler nodejs yarn git cacert ]; # Since version 12.6.0, the rake tasks need the location of git, # so we have to apply the location patches here too. diff --git a/pkgs/applications/version-management/gitlab/gitaly/default.nix b/pkgs/applications/version-management/gitlab/gitaly/default.nix index 87f200a20fc..36223aa1942 100644 --- a/pkgs/applications/version-management/gitlab/gitaly/default.nix +++ b/pkgs/applications/version-management/gitlab/gitaly/default.nix @@ -21,14 +21,14 @@ let }; }; in buildGoModule rec { - version = "14.1.1"; + version = "14.1.2"; pname = "gitaly"; src = fetchFromGitLab { owner = "gitlab-org"; repo = "gitaly"; rev = "v${version}"; - sha256 = "sha256-UCWN9TXbfysNLMOU8bDcjrwYtz7+kTCDQmRAl84ysWU="; + sha256 = "sha256-7OqTOJDQJ/ojHevj/ld8VLjm5ZRQgCGZKchPrAlOSO8="; }; vendorSha256 = "sha256-/SZJGRUg0qV7RYCUSGDE/HL9CmzGVffhL6BmZ316tU0="; diff --git a/pkgs/applications/version-management/gitlab/gitlab-shell/default.nix b/pkgs/applications/version-management/gitlab/gitlab-shell/default.nix index 704d9080331..ee039c4adb2 100644 --- a/pkgs/applications/version-management/gitlab/gitlab-shell/default.nix +++ b/pkgs/applications/version-management/gitlab/gitlab-shell/default.nix @@ -2,12 +2,12 @@ buildGoModule rec { pname = "gitlab-shell"; - version = "13.19.0"; + version = "13.19.1"; src = fetchFromGitLab { owner = "gitlab-org"; repo = "gitlab-shell"; rev = "v${version}"; - sha256 = "sha256-CmatKArkpDS3GGbIIkKjs4FwywLiU+lRL32GKEpOqZ0="; + sha256 = "sha256-F0TW0VjO5hc/lHqZhhMJJvpHazWRyR7Q7W324Fgn7fA="; }; buildInputs = [ ruby ]; diff --git a/pkgs/applications/version-management/gitlab/gitlab-workhorse/default.nix b/pkgs/applications/version-management/gitlab/gitlab-workhorse/default.nix index beee2c2c894..ffd6ff7d16c 100644 --- a/pkgs/applications/version-management/gitlab/gitlab-workhorse/default.nix +++ b/pkgs/applications/version-management/gitlab/gitlab-workhorse/default.nix @@ -5,7 +5,7 @@ in buildGoModule rec { pname = "gitlab-workhorse"; - version = "14.1.1"; + version = "14.1.2"; src = fetchFromGitLab { owner = data.owner; diff --git a/pkgs/applications/version-management/gitlab/rubyEnv/Gemfile.lock b/pkgs/applications/version-management/gitlab/rubyEnv/Gemfile.lock index 2ac92ce9ae7..d1147c55c78 100644 --- a/pkgs/applications/version-management/gitlab/rubyEnv/Gemfile.lock +++ b/pkgs/applications/version-management/gitlab/rubyEnv/Gemfile.lock @@ -798,7 +798,7 @@ GEM nenv (~> 0.1) shellany (~> 0.0) numerizer (0.2.0) - oauth (0.5.4) + oauth (0.5.6) oauth2 (1.4.7) faraday (>= 0.8, < 2.0) jwt (>= 1.0, < 3.0) diff --git a/pkgs/applications/version-management/gitlab/rubyEnv/gemset.nix b/pkgs/applications/version-management/gitlab/rubyEnv/gemset.nix index 236245ca001..933776ace73 100644 --- a/pkgs/applications/version-management/gitlab/rubyEnv/gemset.nix +++ b/pkgs/applications/version-management/gitlab/rubyEnv/gemset.nix @@ -3427,10 +3427,10 @@ platforms = []; source = { remotes = ["https://rubygems.org"]; - sha256 = "1zszdg8q1b135z7l7crjj234k4j0m347hywp5kj6zsq7q78pw09y"; + sha256 = "1zwd6v39yqfdrpg1p3d9jvzs9ljg55ana2p06m0l7qn5w0lgx1a0"; type = "gem"; }; - version = "0.5.4"; + version = "0.5.6"; }; oauth2 = { dependencies = ["faraday" "jwt" "multi_json" "multi_xml" "rack"];