From 1335a986c8e0a4382c91f66a5718cbdd6d4d9274 Mon Sep 17 00:00:00 2001 From: Julien Moutinho Date: Wed, 5 Feb 2020 18:16:57 +0100 Subject: [PATCH 001/101] openldap: enable sha2 and pbkdf2 modules --- .../libraries/openldap/default.nix | 20 +++++++++++++++++-- 1 file changed, 18 insertions(+), 2 deletions(-) diff --git a/pkgs/development/libraries/openldap/default.nix b/pkgs/development/libraries/openldap/default.nix index fbc9de11e8f..fa26a0dc4d1 100644 --- a/pkgs/development/libraries/openldap/default.nix +++ b/pkgs/development/libraries/openldap/default.nix @@ -19,7 +19,11 @@ stdenv.mkDerivation rec { # Disable install stripping as it breaks cross-compiling. # We strip binaries anyway in fixupPhase. - makeFlags= [ "STRIP=" ]; + makeFlags= [ + "STRIP=" + "prefix=$(out)" + "moduledir=$(out)/lib/modules" + ]; configureFlags = [ "--enable-overlays" @@ -35,9 +39,18 @@ stdenv.mkDerivation rec { ++ stdenv.lib.optional (cyrus_sasl == null) "--without-cyrus-sasl" ++ stdenv.lib.optional stdenv.isFreeBSD "--with-pic"; + postBuild = '' + make $makeFlags -C contrib/slapd-modules/passwd/sha2 + make $makeFlags -C contrib/slapd-modules/passwd/pbkdf2 + ''; + doCheck = false; # needs a running LDAP server - installFlags = [ "sysconfdir=$(out)/etc" "localstatedir=$(out)/var" ]; + installFlags = [ + "sysconfdir=$(out)/etc" + "localstatedir=$(out)/var" + "moduledir=$(out)/lib/modules" + ]; # 1. Fixup broken libtool # 2. Libraries left in the build location confuse `patchelf --shrink-rpath` @@ -51,9 +64,12 @@ stdenv.mkDerivation rec { rm -rf $out/var rm -r libraries/*/.libs + rm -r contrib/slapd-modules/passwd/*/.libs ''; postInstall = '' + make $installFlags install -C contrib/slapd-modules/passwd/sha2 + make $installFlags install -C contrib/slapd-modules/passwd/pbkdf2 chmod +x "$out"/lib/*.{so,dylib} ''; From f43f7894ffb470722e6330b510e0dcc50359057c Mon Sep 17 00:00:00 2001 From: bb2020 Date: Wed, 26 Feb 2020 13:13:36 +0300 Subject: [PATCH 002/101] nixos/transmission: fix startup directory creation --- nixos/modules/services/torrent/transmission.nix | 15 ++++++++------- 1 file changed, 8 insertions(+), 7 deletions(-) diff --git a/nixos/modules/services/torrent/transmission.nix b/nixos/modules/services/torrent/transmission.nix index fd28b94f7be..e7f5aaed844 100644 --- a/nixos/modules/services/torrent/transmission.nix +++ b/nixos/modules/services/torrent/transmission.nix @@ -11,7 +11,7 @@ let downloadDir = "${homeDir}/Downloads"; incompleteDir = "${homeDir}/.incomplete"; - settingsDir = "${homeDir}/.config/transmission-daemon"; + settingsDir = "${homeDir}/config"; settingsFile = pkgs.writeText "settings.json" (builtins.toJSON fullSettings); # for users in group "transmission" to have access to torrents @@ -20,12 +20,6 @@ let preStart = pkgs.writeScript "transmission-pre-start" '' #!${pkgs.runtimeShell} set -ex - for DIR in "${homeDir}" "${settingsDir}" "${fullSettings.download-dir}" "${fullSettings.incomplete-dir}"; do - mkdir -p "$DIR" - done - chmod 755 "${homeDir}" - chmod 700 "${settingsDir}" - chmod ${downloadDirPermissions} "${fullSettings.download-dir}" "${fullSettings.incomplete-dir}" cp -f ${settingsFile} ${settingsDir}/settings.json ''; in @@ -110,6 +104,13 @@ in }; config = mkIf cfg.enable { + systemd.tmpfiles.rules = [ + "d '${homeDir}' 0770 '${cfg.user}' '${cfg.group}' - -" + "d '${settingsDir}' 0700 '${cfg.user}' '${cfg.group}' - -" + "d '${fullSettings.download-dir}' '${downloadDirPermissions}' '${cfg.user}' '${cfg.group}' - -" + "d '${fullSettings.incomplete-dir}' '${downloadDirPermissions}' '${cfg.user}' '${cfg.group}' - -" + ]; + systemd.services.transmission = { description = "Transmission BitTorrent Service"; after = [ "network.target" ] ++ optional apparmor "apparmor.service"; From a0174b4e2f3551e243347a212eb6918a8cfa1033 Mon Sep 17 00:00:00 2001 From: Francesco Gazzetta Date: Tue, 25 Feb 2020 15:06:24 +0100 Subject: [PATCH 003/101] goattracker,goattracker-stereo: init at 2.75 and 2.76 --- .../audio/goattracker/default.nix | 69 +++++++++++++++++++ pkgs/top-level/all-packages.nix | 6 ++ 2 files changed, 75 insertions(+) create mode 100644 pkgs/applications/audio/goattracker/default.nix diff --git a/pkgs/applications/audio/goattracker/default.nix b/pkgs/applications/audio/goattracker/default.nix new file mode 100644 index 00000000000..77a04221b84 --- /dev/null +++ b/pkgs/applications/audio/goattracker/default.nix @@ -0,0 +1,69 @@ +{ stdenv +, fetchurl +, unzip +, makeDesktopItem +, imagemagick +, SDL +, isStereo ? false +}: + +with stdenv.lib; +let + pname = "goattracker" + optionalString isStereo "-stereo"; + desktopItem = makeDesktopItem { + type = "Application"; + name = pname; + desktopName = "GoatTracker 2" + optionalString isStereo " Stereo"; + genericName = "Music Tracker"; + exec = if isStereo + then "gt2stereo" + else "goattrk2"; + icon = "goattracker"; + categories = "AudioVideo;AudioVideoEditing;"; + extraEntries = "Keywords=tracker;music;"; + }; + +in stdenv.mkDerivation rec { + inherit pname; + version = if isStereo + then "2.76" # stereo + else "2.75"; # normal + + src = fetchurl { + url = "mirror://sourceforge/goattracker2/GoatTracker_${version}${optionalString isStereo "_Stereo"}.zip"; + sha256 = if isStereo + then "12cz3780x5k047jqdv69n6rjgbfiwv67z850kfl4i37lxja432l7" # stereo + else "1km97nl7qvk6qc5l5j69wncbm76hf86j47sgzgr968423g0bxxlk"; # normal + }; + sourceRoot = (if isStereo then "gt2stereo/trunk" else "goattrk2") + "/src"; + + nativeBuildInputs = [ unzip imagemagick ]; + buildInputs = [ SDL ]; + + # PREFIX gets treated as BINDIR. + makeFlags = [ "PREFIX=$(out)/bin/" ]; + + # The zip contains some build artifacts. + prePatch = "make clean"; + + # The destination does not get created automatically. + preBuild = "mkdir -p $out/bin"; + + # Other files get installed during the build phase. + installPhase = '' + convert goattrk2.bmp goattracker.png + install -Dm644 goattracker.png $out/share/icons/hicolor/32x32/apps/goattracker.png + ${desktopItem.buildCommand} + ''; + + meta = { + description = "A crossplatform music editor for creating Commodore 64 music. Uses reSID library by Dag Lem and supports alternatively HardSID & CatWeasel devices" + + optionalString isStereo " - Stereo version"; + homepage = "https://cadaver.github.io/tools.html"; + downloadPage = "https://sourceforge.net/projects/goattracker2/"; + license = licenses.gpl2Plus; + maintainers = with maintainers; [ fgaz ]; + platforms = platforms.all; + }; +} + diff --git a/pkgs/top-level/all-packages.nix b/pkgs/top-level/all-packages.nix index a045db5e411..8846151d168 100644 --- a/pkgs/top-level/all-packages.nix +++ b/pkgs/top-level/all-packages.nix @@ -3730,6 +3730,12 @@ in # rename to upower-notify? go-upower-notify = callPackage ../tools/misc/upower-notify { }; + goattracker = callPackage ../applications/audio/goattracker { }; + + goattracker-stereo = callPackage ../applications/audio/goattracker { + isStereo = true; + }; + google-app-engine-go-sdk = callPackage ../development/tools/google-app-engine-go-sdk { }; google-authenticator = callPackage ../os-specific/linux/google-authenticator { }; From 01ff33cad71ff4baf29a89417abda02d7bd9f652 Mon Sep 17 00:00:00 2001 From: ajs124 Date: Mon, 3 Feb 2020 20:12:06 +0100 Subject: [PATCH 004/101] Revert "gnustep.libobjc: 1.9 -> 2.0" This reverts commit 937b6d73b4a8878dad269a36e5819c65e8b3e466. --- pkgs/desktops/gnustep/libobjc2/default.nix | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/pkgs/desktops/gnustep/libobjc2/default.nix b/pkgs/desktops/gnustep/libobjc2/default.nix index 10c10c33a95..0124e91a9b7 100644 --- a/pkgs/desktops/gnustep/libobjc2/default.nix +++ b/pkgs/desktops/gnustep/libobjc2/default.nix @@ -2,13 +2,13 @@ stdenv.mkDerivation rec { pname = "libobjc2"; - version = "2.0"; + version = "1.9"; src = fetchFromGitHub { owner = "gnustep"; repo = "libobjc2"; rev = "v${version}"; - sha256 = "1b4h0a4pqr8j6300qr2wmi33r7ysvp705gs0ypx69hbmifln0mlf"; + sha256 = "00pscl3ly3rv6alf9vk70kxnnxq2rfgpc1ylcv6cgjs9jxdnrqmn"; }; nativeBuildInputs = [ cmake ]; From 70b9b715c524152408a3a9f0efbef814960ad369 Mon Sep 17 00:00:00 2001 From: Martin Weinelt Date: Sat, 22 Feb 2020 21:59:02 +0100 Subject: [PATCH 005/101] tockloader: init at v1.4.0 --- .../tools/misc/tockloader/default.nix | 27 +++++++++++++++++++ pkgs/top-level/all-packages.nix | 2 ++ 2 files changed, 29 insertions(+) create mode 100644 pkgs/development/tools/misc/tockloader/default.nix diff --git a/pkgs/development/tools/misc/tockloader/default.nix b/pkgs/development/tools/misc/tockloader/default.nix new file mode 100644 index 00000000000..18c5393a6b7 --- /dev/null +++ b/pkgs/development/tools/misc/tockloader/default.nix @@ -0,0 +1,27 @@ +{ lib, python3Packages }: + +python3Packages.buildPythonApplication rec { + pname = "tockloader"; + version = "1.4.0"; + + src = python3Packages.fetchPypi { + inherit pname version; + sha256 = "0l8mvlqzyq2bfb6g5zhgv2ndgyyrmpww2l7f2snbli73g6x5j2g2"; + }; + + propagatedBuildInputs = with python3Packages; [ + argcomplete + colorama + crcmod + pytoml + pyserial + ]; + + meta = with lib; { + homepage = "https://github.com/tock/tockloader"; + license = licenses.mit; + description = "Tool for programming Tock onto hardware boards."; + maintainers = with maintainers; [ hexa ]; + }; +} + diff --git a/pkgs/top-level/all-packages.nix b/pkgs/top-level/all-packages.nix index 72efe8debbc..48c55b919f4 100644 --- a/pkgs/top-level/all-packages.nix +++ b/pkgs/top-level/all-packages.nix @@ -23939,6 +23939,8 @@ in tinyfugue = callPackage ../games/tinyfugue { }; + tockloader = callPackage ../development/tools/misc/tockloader { }; + tome2 = callPackage ../games/tome2 { }; tome4 = callPackage ../games/tome4 { }; From d68171e32759809e334035b42c3212e2d59166be Mon Sep 17 00:00:00 2001 From: ajs124 Date: Mon, 3 Feb 2020 18:49:37 +0100 Subject: [PATCH 006/101] sope: init at 4.3.2 --- pkgs/development/libraries/sope/default.nix | 46 +++++++++++++++++++++ pkgs/top-level/all-packages.nix | 2 + 2 files changed, 48 insertions(+) create mode 100644 pkgs/development/libraries/sope/default.nix diff --git a/pkgs/development/libraries/sope/default.nix b/pkgs/development/libraries/sope/default.nix new file mode 100644 index 00000000000..9d0b3bf76b3 --- /dev/null +++ b/pkgs/development/libraries/sope/default.nix @@ -0,0 +1,46 @@ +{ gnustep, lib, fetchFromGitHub , libxml2, openssl_1_1 +, openldap, mysql, libmysqlclient, postgresql }: with lib; gnustep.stdenv.mkDerivation rec { + pname = "sope"; + version = "4.3.2"; + + src = fetchFromGitHub { + owner = "inverse-inc"; + repo = pname; + rev = "SOPE-${version}"; + sha256 = "0ny1ihx38gd25w8f3dfybyswvyjfljvb2fhfmkajgg6hhjrkfar2"; + }; + + nativeBuildInputs = [ gnustep.make ]; + buildInputs = flatten ([ gnustep.base libxml2 openssl_1_1 ] + ++ optional (openldap != null) openldap + ++ optionals (mysql != null) [ libmysqlclient mysql ] + ++ optional (postgresql != null) postgresql); + + postPatch = '' + # Exclude NIX_ variables + sed -i 's/grep GNUSTEP_/grep ^GNUSTEP_/g' configure + ''; + + preConfigure = '' + export DESTDIR="$out" + ''; + + configureFlags = [ "--prefix=" "--disable-debug" "--enable-xml" "--with-ssl=ssl" ] + ++ optional (openldap != null) "--enable-openldap" + ++ optional (mysql != null) "--enable-mysql" + ++ optional (postgresql != null) "--enable-postgresql"; + + # Yes, this is ugly. + preFixup = '' + cp -rlPa $out/nix/store/*/* $out + rm -rf $out/nix/store + ''; + + meta = { + description = "SOPE is an extensive set of frameworks which form a complete Web application server environment"; + license = licenses.publicDomain; + homepage = "https://github.com/inverse-inc/sope"; + platforms = platforms.linux; + maintainers = with maintainers; [ ajs124 das_j ]; + }; +} diff --git a/pkgs/top-level/all-packages.nix b/pkgs/top-level/all-packages.nix index 3fa8a2b4b15..92742c9f5fb 100644 --- a/pkgs/top-level/all-packages.nix +++ b/pkgs/top-level/all-packages.nix @@ -14489,6 +14489,8 @@ in sonic = callPackage ../development/libraries/sonic { }; + sope = callPackage ../development/libraries/sope { }; + soprano = callPackage ../development/libraries/soprano { }; soqt = callPackage ../development/libraries/soqt { }; From 73c7c489183cf7b03461dd4561bb2f2ff68fa305 Mon Sep 17 00:00:00 2001 From: ajs124 Date: Mon, 3 Feb 2020 18:50:49 +0100 Subject: [PATCH 007/101] sogo: init at 4.3.2 --- pkgs/servers/web-apps/sogo/default.nix | 76 ++++++++++++++++++++++++++ pkgs/top-level/all-packages.nix | 2 + 2 files changed, 78 insertions(+) create mode 100644 pkgs/servers/web-apps/sogo/default.nix diff --git a/pkgs/servers/web-apps/sogo/default.nix b/pkgs/servers/web-apps/sogo/default.nix new file mode 100644 index 00000000000..3e78b5d9d43 --- /dev/null +++ b/pkgs/servers/web-apps/sogo/default.nix @@ -0,0 +1,76 @@ +{ gnustep, lib, fetchFromGitHub, fetchpatch, makeWrapper, python2, lndir +, openssl_1_1, openldap, sope, libmemcached, curl }: with lib; gnustep.stdenv.mkDerivation rec { + pname = "SOGo"; + version = "4.3.2"; + + src = fetchFromGitHub { + owner = "inverse-inc"; + repo = pname; + rev = "SOGo-${version}"; + sha256 = "1xxad23a8zy6w850x5nrrf54db0x73lc9drmc5kpfk870fk2lmr0"; + }; + + nativeBuildInputs = [ gnustep.make makeWrapper python2 ]; + buildInputs = [ gnustep.base sope openssl_1_1 libmemcached (curl.override { openssl = openssl_1_1; }) ] + ++ optional (openldap != null) openldap; + + patches = [ + # TODO: take a closer look at other patches in https://sources.debian.org/patches/sogo/ and https://github.com/Skrupellos/sogo-patches + (fetchpatch { + url = "https://sources.debian.org/data/main/s/sogo/4.3.0-1/debian/patches/0005-Remove-build-date.patch"; + sha256 = "0lrh3bkfj3r0brahfkyb0g7zx7r2jjd5cxzjl43nqla0fs09wsh8"; + }) + ]; + + postPatch = '' + # Exclude NIX_ variables + sed -i 's/grep GNUSTEP_/grep ^GNUSTEP_/g' configure + + # Disable argument verification because $out is not a GNUStep prefix + sed -i 's/^validateArgs$//g' configure + + # Patch exception-generating python scripts + patchShebangs . + + # Move all GNUStep makefiles to a common directory + mkdir -p makefiles + cp -r {${gnustep.make},${sope}}/share/GNUstep/Makefiles/* makefiles + + # Modify the search path for GNUStep makefiles + find . -type f -name GNUmakefile -exec sed -i "s:\\$.GNUSTEP_MAKEFILES.:$PWD/makefiles:g" {} + + ''; + + configureFlags = [ "--disable-debug" "--with-ssl=ssl" ]; + + preFixup = '' + # Create gnustep.conf + mkdir -p $out/share/GNUstep + cp ${gnustep.make}/etc/GNUstep/GNUstep.conf $out/share/GNUstep/ + sed -i "s:${gnustep.make}:$out:g" $out/share/GNUstep/GNUstep.conf + + # Link in GNUstep base + ${lndir}/bin/lndir ${gnustep.base}/lib/GNUstep/ $out/lib/GNUstep/ + + # Link in sope + ${lndir}/bin/lndir ${sope}/ $out/ + + # sbin fixup + mkdir -p $out/bin + mv $out/sbin/* $out/bin + rmdir $out/sbin + + # Make sogo find its files + for bin in $out/bin/*; do + wrapProgram $bin --prefix LD_LIBRARY_PATH : $out/lib/sogo --prefix GNUSTEP_CONFIG_FILE : $out/share/GNUstep/GNUstep.conf + done + ''; + + meta = { + description = "SOGo is a very fast and scalable modern collaboration suite (groupware)"; + license = with licenses; [ gpl2 lgpl21 ]; + homepage = "https://sogo.nu/"; + platforms = platforms.linux; + maintainers = with maintainers; [ ajs124 das_j ]; + }; +} + diff --git a/pkgs/top-level/all-packages.nix b/pkgs/top-level/all-packages.nix index 92742c9f5fb..d6d04fc0ca4 100644 --- a/pkgs/top-level/all-packages.nix +++ b/pkgs/top-level/all-packages.nix @@ -16108,6 +16108,8 @@ in smcroute = callPackage ../servers/smcroute { }; + sogo = callPackage ../servers/web-apps/sogo { }; + spawn_fcgi = callPackage ../servers/http/spawn-fcgi { }; spring-boot-cli = callPackage ../development/tools/spring-boot-cli { }; From 511b578c9312a36e70c33c46dc6d1f72d04ca842 Mon Sep 17 00:00:00 2001 From: ajs124 Date: Tue, 12 May 2020 18:30:33 +0200 Subject: [PATCH 008/101] nixos/sogo: init module --- nixos/modules/module-list.nix | 1 + nixos/modules/services/web-apps/sogo.nix | 272 +++++++++++++++++++++++ 2 files changed, 273 insertions(+) create mode 100644 nixos/modules/services/web-apps/sogo.nix diff --git a/nixos/modules/module-list.nix b/nixos/modules/module-list.nix index 0cd17775e51..7d36ff200d6 100644 --- a/nixos/modules/module-list.nix +++ b/nixos/modules/module-list.nix @@ -845,6 +845,7 @@ ./services/web-apps/matomo.nix ./services/web-apps/moinmoin.nix ./services/web-apps/restya-board.nix + ./services/web-apps/sogo.nix ./services/web-apps/tt-rss.nix ./services/web-apps/trac.nix ./services/web-apps/trilium.nix diff --git a/nixos/modules/services/web-apps/sogo.nix b/nixos/modules/services/web-apps/sogo.nix new file mode 100644 index 00000000000..5f30124dd68 --- /dev/null +++ b/nixos/modules/services/web-apps/sogo.nix @@ -0,0 +1,272 @@ +{ config, pkgs, lib, ... }: with lib; let + cfg = config.services.sogo; + + preStart = pkgs.writeShellScriptBin "sogo-prestart" '' + touch /etc/sogo/sogo.conf + chown sogo:sogo /etc/sogo/sogo.conf + chmod 640 /etc/sogo/sogo.conf + + ${if (cfg.configReplaces != {}) then '' + # Insert secrets + ${concatStringsSep "\n" (mapAttrsToList (k: v: ''export ${k}="$(cat "${v}" | tr -d '\n')"'') cfg.configReplaces)} + + ${pkgs.perl}/bin/perl -p ${concatStringsSep " " (mapAttrsToList (k: v: '' -e 's/${k}/''${ENV{"${k}"}}/g;' '') cfg.configReplaces)} /etc/sogo/sogo.conf.raw > /etc/sogo/sogo.conf + '' else '' + cp /etc/sogo/sogo.conf.raw /etc/sogo/sogo.conf + ''} + ''; + +in { + options.services.sogo = with types; { + enable = mkEnableOption "SOGo groupware"; + + vhostName = mkOption { + description = "Name of the nginx vhost"; + type = str; + default = "sogo"; + }; + + timezone = mkOption { + description = "Timezone of your SOGo instance"; + type = str; + example = "America/Montreal"; + }; + + language = mkOption { + description = "Language of SOGo"; + type = str; + default = "English"; + }; + + ealarmsCredFile = mkOption { + description = "Optional path to a credentials file for email alarms"; + type = nullOr str; + default = null; + }; + + configReplaces = mkOption { + description = '' + Replacement-filepath mapping for sogo.conf. + Every key is replaced with the contents of the file specified as value. + + In the example, every occurence of LDAP_BINDPW will be replaced with the text of the + specified file. + ''; + type = attrsOf str; + default = {}; + example = { + LDAP_BINDPW = "/var/lib/secrets/sogo/ldappw"; + }; + }; + + extraConfig = mkOption { + description = "Extra sogo.conf configuration lines"; + type = lines; + default = ""; + }; + }; + + config = mkIf cfg.enable { + environment.systemPackages = [ pkgs.sogo ]; + + environment.etc."sogo/sogo.conf.raw".text = '' + { + // Mandatory parameters + SOGoTimeZone = "${cfg.timezone}"; + SOGoLanguage = "${cfg.language}"; + // Paths + WOSendMail = "/run/wrappers/bin/sendmail"; + SOGoMailSpoolPath = "/var/lib/sogo/spool"; + SOGoZipPath = "${pkgs.zip}/bin/zip"; + // Enable CSRF protection + SOGoXSRFValidationEnabled = YES; + // Remove dates from log (jornald does that) + NGLogDefaultLogEventFormatterClass = "NGLogEventFormatter"; + // Extra config + ${cfg.extraConfig} + } + ''; + + systemd.services.sogo = { + description = "SOGo groupware"; + after = [ "postgresql.service" "mysql.service" "memcached.service" "openldap.service" "dovecot2.service" ]; + wantedBy = [ "multi-user.target" ]; + restartTriggers = [ config.environment.etc."sogo/sogo.conf.raw".source ]; + + environment.LDAPTLS_CACERT = "/etc/ssl/certs/ca-certificates.crt"; + + serviceConfig = { + Type = "forking"; + ExecStartPre = "+" + preStart + "/bin/sogo-prestart"; + ExecStart = "${pkgs.sogo}/bin/sogod -WOLogFile - -WOPidFile /run/sogo/sogo.pid"; + + ProtectSystem = "strict"; + ProtectHome = true; + PrivateTmp = true; + PrivateDevices = true; + ProtectKernelTunables = true; + ProtectKernelModules = true; + ProtectControlGroups = true; + RuntimeDirectory = "sogo"; + StateDirectory = "sogo/spool"; + + User = "sogo"; + Group = "sogo"; + + CapabilityBoundingSet = ""; + NoNewPrivileges = true; + + LockPersonality = true; + RestrictRealtime = true; + PrivateMounts = true; + PrivateUsers = true; + MemoryDenyWriteExecute = true; + SystemCallFilter = "@basic-io @file-system @network-io @system-service @timer"; + SystemCallArchitectures = "native"; + RestrictAddressFamilies = "AF_UNIX AF_INET AF_INET6"; + }; + }; + + systemd.services.sogo-tmpwatch = { + description = "SOGo tmpwatch"; + + startAt = [ "hourly" ]; + script = '' + SOGOSPOOL=/var/lib/sogo/spool + + find "$SOGOSPOOL" -type f -user sogo -atime +23 -delete > /dev/null + find "$SOGOSPOOL" -mindepth 1 -type d -user sogo -empty -delete > /dev/null + ''; + + serviceConfig = { + Type = "oneshot"; + + ProtectSystem = "strict"; + ProtectHome = true; + PrivateTmp = true; + PrivateDevices = true; + ProtectKernelTunables = true; + ProtectKernelModules = true; + ProtectControlGroups = true; + StateDirectory = "sogo/spool"; + + User = "sogo"; + Group = "sogo"; + + CapabilityBoundingSet = ""; + NoNewPrivileges = true; + + LockPersonality = true; + RestrictRealtime = true; + PrivateMounts = true; + PrivateUsers = true; + PrivateNetwork = true; + SystemCallFilter = "@basic-io @file-system @system-service"; + SystemCallArchitectures = "native"; + RestrictAddressFamilies = ""; + }; + }; + + systemd.services.sogo-ealarms = { + description = "SOGo email alarms"; + + after = [ "postgresql.service" "mysqld.service" "memcached.service" "openldap.service" "dovecot2.service" "sogo.service" ]; + restartTriggers = [ config.environment.etc."sogo/sogo.conf.raw".source ]; + + startAt = [ "minutely" ]; + + serviceConfig = { + Type = "oneshot"; + ExecStart = "${pkgs.sogo}/bin/sogo-ealarms-notify${optionalString (cfg.ealarmsCredFile != null) " -p ${cfg.ealarmsCredFile}"}"; + + ProtectSystem = "strict"; + ProtectHome = true; + PrivateTmp = true; + PrivateDevices = true; + ProtectKernelTunables = true; + ProtectKernelModules = true; + ProtectControlGroups = true; + StateDirectory = "sogo/spool"; + + User = "sogo"; + Group = "sogo"; + + CapabilityBoundingSet = ""; + NoNewPrivileges = true; + + LockPersonality = true; + RestrictRealtime = true; + PrivateMounts = true; + PrivateUsers = true; + MemoryDenyWriteExecute = true; + SystemCallFilter = "@basic-io @file-system @network-io @system-service"; + SystemCallArchitectures = "native"; + RestrictAddressFamilies = "AF_UNIX AF_INET AF_INET6"; + }; + }; + + # nginx vhost + services.nginx.virtualHosts."${cfg.vhostName}" = { + locations."/".extraConfig = '' + rewrite ^ https://$server_name/SOGo; + allow all; + ''; + + # For iOS 7 + locations."/principals/".extraConfig = '' + rewrite ^ https://$server_name/SOGo/dav; + allow all; + ''; + + locations."^~/SOGo".extraConfig = '' + proxy_pass http://127.0.0.1:20000; + proxy_redirect http://127.0.0.1:20000 default; + + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_set_header Host $host; + proxy_set_header x-webobjects-server-protocol HTTP/1.0; + proxy_set_header x-webobjects-remote-host 127.0.0.1; + proxy_set_header x-webobjects-server-port $server_port; + proxy_set_header x-webobjects-server-name $server_name; + proxy_set_header x-webobjects-server-url $scheme://$host; + proxy_connect_timeout 90; + proxy_send_timeout 90; + proxy_read_timeout 90; + proxy_buffer_size 4k; + proxy_buffers 4 32k; + proxy_busy_buffers_size 64k; + proxy_temp_file_write_size 64k; + client_max_body_size 50m; + client_body_buffer_size 128k; + break; + ''; + + locations."/SOGo.woa/WebServerResources/".extraConfig = '' + alias ${pkgs.sogo}/lib/GNUstep/SOGo/WebServerResources/; + allow all; + ''; + + locations."/SOGo/WebServerResources/".extraConfig = '' + alias ${pkgs.sogo}/lib/GNUstep/SOGo/WebServerResources/; + allow all; + ''; + + locations."~ ^/SOGo/so/ControlPanel/Products/([^/]*)/Resources/(.*)$".extraConfig = '' + alias ${pkgs.sogo}/lib/GNUstep/SOGo/$1.SOGo/Resources/$2; + ''; + + locations."~ ^/SOGo/so/ControlPanel/Products/[^/]*UI/Resources/.*\\.(jpg|png|gif|css|js)$".extraConfig = '' + alias ${pkgs.sogo}/lib/GNUstep/SOGo/$1.SOGo/Resources/$2; + ''; + }; + + # User and group + users.groups.sogo = {}; + users.users.sogo = { + group = "sogo"; + isSystemUser = true; + description = "SOGo service user"; + }; + }; +} From e001f5760e4b342e20ba4d91f54a1745f2d4cc53 Mon Sep 17 00:00:00 2001 From: ajs124 Date: Tue, 12 May 2020 18:32:39 +0200 Subject: [PATCH 009/101] nixosTests.sogo: init test --- nixos/tests/all-tests.nix | 1 + nixos/tests/sogo.nix | 58 +++++++++++++++++++++++++++++++++++++++ 2 files changed, 59 insertions(+) create mode 100644 nixos/tests/sogo.nix diff --git a/nixos/tests/all-tests.nix b/nixos/tests/all-tests.nix index eff1752bbbf..2c7fa1949d5 100644 --- a/nixos/tests/all-tests.nix +++ b/nixos/tests/all-tests.nix @@ -285,6 +285,7 @@ in slurm = handleTest ./slurm.nix {}; smokeping = handleTest ./smokeping.nix {}; snapper = handleTest ./snapper.nix {}; + sogo = handleTest ./sogo.nix {}; solr = handleTest ./solr.nix {}; spacecookie = handleTest ./spacecookie.nix {}; spike = handleTest ./spike.nix {}; diff --git a/nixos/tests/sogo.nix b/nixos/tests/sogo.nix new file mode 100644 index 00000000000..016331a9eed --- /dev/null +++ b/nixos/tests/sogo.nix @@ -0,0 +1,58 @@ +import ./make-test-python.nix ({ pkgs, ... }: { + name = "sogo"; + meta = with pkgs.stdenv.lib.maintainers; { + maintainers = [ ajs124 das_j ]; + }; + + nodes = { + sogo = { config, pkgs, ... }: { + services.nginx.enable = true; + + services.mysql = { + enable = true; + package = pkgs.mysql; + ensureDatabases = [ "sogo" ]; + ensureUsers = [{ + name = "sogo"; + ensurePermissions = { + "sogo.*" = "ALL PRIVILEGES"; + }; + }]; + }; + + services.sogo = { + enable = true; + timezone = "Europe/Berlin"; + extraConfig = '' + WOWorkersCount = 1; + + SOGoUserSources = ( + { + type = sql; + userPasswordAlgorithm = md5; + viewURL = "mysql://sogo@%2Frun%2Fmysqld%2Fmysqld.sock/sogo/sogo_users"; + canAuthenticate = YES; + id = users; + } + ); + + SOGoProfileURL = "mysql://sogo@%2Frun%2Fmysqld%2Fmysqld.sock/sogo/sogo_user_profile"; + OCSFolderInfoURL = "mysql://sogo@%2Frun%2Fmysqld%2Fmysqld.sock/sogo/sogo_folder_info"; + OCSSessionsFolderURL = "mysql://sogo@%2Frun%2Fmysqld%2Fmysqld.sock/sogo/sogo_sessions_folder"; + OCSEMailAlarmsFolderURL = "mysql://sogo@%2Frun%2Fmysqld%2Fmysqld.sock/sogo/sogo_alarms_folder"; + OCSStoreURL = "mysql://sogo@%2Frun%2Fmysqld%2Fmysqld.sock/sogo/sogo_store"; + OCSAclURL = "mysql://sogo@%2Frun%2Fmysqld%2Fmysqld.sock/sogo/sogo_acl"; + OCSCacheFolderURL = "mysql://sogo@%2Frun%2Fmysqld%2Fmysqld.sock/sogo/sogo_cache_folder"; + ''; + }; + }; + }; + + testScript = '' + start_all() + sogo.wait_for_unit("multi-user.target") + sogo.wait_for_open_port(20000) + sogo.wait_for_open_port(80) + sogo.succeed("curl -sSfL http://sogo/SOGo") + ''; +}) From 879778c5837c9d5df420806491669e1a6db3bd87 Mon Sep 17 00:00:00 2001 From: Matthew Piziak Date: Thu, 14 May 2020 22:12:31 -0400 Subject: [PATCH 010/101] add `enableSound` parameter to `dwarf-fortress` derivation try hardcoding add back whitespace --- pkgs/games/dwarf-fortress/lazy-pack.nix | 3 ++- pkgs/games/dwarf-fortress/wrapper/default.nix | 4 +++- 2 files changed, 5 insertions(+), 2 deletions(-) diff --git a/pkgs/games/dwarf-fortress/lazy-pack.nix b/pkgs/games/dwarf-fortress/lazy-pack.nix index e5cfe6da171..03aa5d54304 100644 --- a/pkgs/games/dwarf-fortress/lazy-pack.nix +++ b/pkgs/games/dwarf-fortress/lazy-pack.nix @@ -16,6 +16,7 @@ , enableTruetype ? true , enableFPS ? false , enableTextMode ? false +, enableSound ? true }: with lib; @@ -32,7 +33,7 @@ buildEnv { paths = [ (dwarf-fortress.override { inherit enableDFHack enableTWBT enableSoundSense enableStoneSense theme - enableIntro enableTruetype enableFPS enableTextMode; + enableIntro enableTruetype enableFPS enableTextMode enableSound; })] ++ lib.optional enableDwarfTherapist dwarf-therapist ++ lib.optional enableLegendsBrowser legends-browser; diff --git a/pkgs/games/dwarf-fortress/wrapper/default.nix b/pkgs/games/dwarf-fortress/wrapper/default.nix index 31b21c5a435..79b63e3ce9e 100644 --- a/pkgs/games/dwarf-fortress/wrapper/default.nix +++ b/pkgs/games/dwarf-fortress/wrapper/default.nix @@ -12,6 +12,7 @@ , enableTruetype ? true , enableFPS ? false , enableTextMode ? false +, enableSound ? true }: let @@ -67,7 +68,8 @@ let substituteInPlace $out/data/init/init.txt \ --replace '[INTRO:YES]' '[INTRO:${unBool enableIntro}]' \ --replace '[TRUETYPE:YES]' '[TRUETYPE:${unBool enableTruetype}]' \ - --replace '[FPS:NO]' '[FPS:${unBool enableFPS}]' + --replace '[FPS:NO]' '[FPS:${unBool enableFPS}]' \ + --replace '[SOUND:YES]' '[SOUND:${unBool enableSound}]' '')); env = buildEnv { From f522dbcdba4bcf113ef290ed9c4a95877d78613e Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Jos=C3=A9=20Romildo=20Malaquias?= Date: Mon, 18 May 2020 08:39:13 -0300 Subject: [PATCH 011/101] lxqt.libfm-qt: 0.15.0 -> 0.15.1 --- pkgs/desktops/lxqt/libfm-qt/default.nix | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/pkgs/desktops/lxqt/libfm-qt/default.nix b/pkgs/desktops/lxqt/libfm-qt/default.nix index ba83f0e3167..fc97906ab7d 100644 --- a/pkgs/desktops/lxqt/libfm-qt/default.nix +++ b/pkgs/desktops/lxqt/libfm-qt/default.nix @@ -16,13 +16,13 @@ mkDerivation rec { pname = "libfm-qt"; - version = "0.15.0"; + version = "0.15.1"; src = fetchFromGitHub { owner = "lxqt"; repo = "libfm-qt"; rev = version; - sha256 = "0isshh627zr69kdmjxsy75i1nh95ky2wfhgy90g8j4zijpkdrd3l"; + sha256 = "1gjxml6c9m3xn094zbr9835sr4749dpxk4nc0ap9lg27qim63gx3"; }; nativeBuildInputs = [ From 510ab3d61c9763032f1a2fd5a9851456d3abc827 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Jos=C3=A9=20Romildo=20Malaquias?= Date: Mon, 18 May 2020 08:39:13 -0300 Subject: [PATCH 012/101] lxqt.pcmanfm-qt: 0.15.0 -> 0.15.1 --- pkgs/desktops/lxqt/pcmanfm-qt/default.nix | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/pkgs/desktops/lxqt/pcmanfm-qt/default.nix b/pkgs/desktops/lxqt/pcmanfm-qt/default.nix index f5a5b18cfc0..7465eefc3c3 100644 --- a/pkgs/desktops/lxqt/pcmanfm-qt/default.nix +++ b/pkgs/desktops/lxqt/pcmanfm-qt/default.nix @@ -15,13 +15,13 @@ mkDerivation rec { pname = "pcmanfm-qt"; - version = "0.15.0"; + version = "0.15.1"; src = fetchFromGitHub { owner = "lxqt"; repo = pname; rev = version; - sha256 = "16zwd2jfrmsnzfpywirkrpyilq1jj99liwvg77l20b1dbql9dc0q"; + sha256 = "12rzcv5n4s299c8787islkn4xcjb9bbrj12mxcd5ii91jq39aii4"; }; nativeBuildInputs = [ From e4c8a79998a94ae0f5a0f4200a02127754070650 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Jos=C3=A9=20Romildo=20Malaquias?= Date: Mon, 18 May 2020 09:13:15 -0300 Subject: [PATCH 013/101] lxqt.lxqt-archiver: 0.1.1 -> 0.2.0 --- pkgs/desktops/lxqt/lxqt-archiver/default.nix | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/pkgs/desktops/lxqt/lxqt-archiver/default.nix b/pkgs/desktops/lxqt/lxqt-archiver/default.nix index ae772272c4b..93e5ffec2a0 100644 --- a/pkgs/desktops/lxqt/lxqt-archiver/default.nix +++ b/pkgs/desktops/lxqt/lxqt-archiver/default.nix @@ -14,13 +14,13 @@ mkDerivation rec { pname = "lxqt-archiver"; - version = "0.1.1"; + version = "0.2.0"; src = fetchFromGitHub { owner = "lxqt"; repo = "lxqt-archiver"; rev = version; - sha256 = "0c0y8sy12laqyanvy6mmnpjvy1yb8k3241pbxhc3nyl5zrq3hzdh"; + sha256 = "1cip2dbvxbdlx1axz5sn4mwigwvfxb1q14byn09crv71adyfprw5"; }; nativeBuildInputs = [ From 7db1cc47d868b6a8faa139d319e1150c0ea2d296 Mon Sep 17 00:00:00 2001 From: "R. RyanTM" Date: Tue, 19 May 2020 03:10:50 +0000 Subject: [PATCH 014/101] clightning: 0.8.2 -> 0.8.2.1 --- pkgs/applications/blockchains/clightning.nix | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/pkgs/applications/blockchains/clightning.nix b/pkgs/applications/blockchains/clightning.nix index 371bf11064d..6777e5998ce 100644 --- a/pkgs/applications/blockchains/clightning.nix +++ b/pkgs/applications/blockchains/clightning.nix @@ -4,11 +4,11 @@ with stdenv.lib; stdenv.mkDerivation rec { pname = "clightning"; - version = "0.8.2"; + version = "0.8.2.1"; src = fetchurl { url = "https://github.com/ElementsProject/lightning/releases/download/v${version}/clightning-v${version}.zip"; - sha256 = "1w5l3r3pnhnwz3x7mjgd69cw9a18fpyjwj7kmfka7cf9hdgcwp9x"; + sha256 = "02incjr59fv75q6hlrln9h4b5gq7ipd778scbz8b8dahj7x1a6i5"; }; enableParallelBuilding = true; From 73390e33490c361d5f4ea0e0ffbfa4acca5cab89 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Vladim=C3=ADr=20=C4=8Cun=C3=A1t?= Date: Tue, 19 May 2020 10:55:13 +0200 Subject: [PATCH 015/101] unbound: 1.10.0 -> 1.10.1 (security) https://www.nlnetlabs.nl/news/2020/May/19/unbound-1.10.1-released/ It fixes DoS CVEs; details e.g. on http://www.nxnsattack.com/ On each Linux platform this should be around 8k rebuilds, so as a compromise I'm pushing to staging-next. --- pkgs/tools/networking/unbound/default.nix | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/pkgs/tools/networking/unbound/default.nix b/pkgs/tools/networking/unbound/default.nix index c03f68c36e2..6390ab35f95 100644 --- a/pkgs/tools/networking/unbound/default.nix +++ b/pkgs/tools/networking/unbound/default.nix @@ -2,11 +2,11 @@ stdenv.mkDerivation rec { pname = "unbound"; - version = "1.10.0"; + version = "1.10.1"; src = fetchurl { url = "https://unbound.net/downloads/${pname}-${version}.tar.gz"; - sha256 = "0mg9divpysr42sp0m693a70693dp8025v6c9dv1yabr4g1jlhbqm"; + sha256 = "0dnmh9jjh2v274f0hl31bgv40pl77mmfgky8bkqr5kvi3b17fdmp"; }; # https://github.com/NLnetLabs/unbound/pull/90 From 1d444255196e4205eecf23b343fc6fad43f4aa75 Mon Sep 17 00:00:00 2001 From: Sebastian Neubauer Date: Tue, 19 May 2020 15:48:59 +0200 Subject: [PATCH 016/101] spirv-cross: 2020-04-03 -> 2020-05-19 --- pkgs/tools/graphics/spirv-cross/default.nix | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/pkgs/tools/graphics/spirv-cross/default.nix b/pkgs/tools/graphics/spirv-cross/default.nix index 57b447b1ad7..3ca698f1c54 100644 --- a/pkgs/tools/graphics/spirv-cross/default.nix +++ b/pkgs/tools/graphics/spirv-cross/default.nix @@ -2,13 +2,13 @@ stdenv.mkDerivation rec { pname = "spirv-cross"; - version = "2020-04-03"; + version = "2020-05-19"; src = fetchFromGitHub { owner = "KhronosGroup"; repo = "SPIRV-Cross"; rev = version; - sha256 = "0489s29kqgq20clxqg22y299yxz23p0yjh87yhka705hm9skx4sa"; + sha256 = "0zyijp9zx9wbd4i5lwjap7n793iz6yjkf27la60dsffxl75yy9pd"; }; nativeBuildInputs = [ cmake python3 ]; From 7e4c79d0b1f20c7b4edac5fc96ee2334e1185f03 Mon Sep 17 00:00:00 2001 From: Tobias Happ Date: Tue, 19 May 2020 19:47:45 +0200 Subject: [PATCH 017/101] dwm-status: 1.6.4 -> 1.7.0 --- pkgs/applications/window-managers/dwm/dwm-status.nix | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/pkgs/applications/window-managers/dwm/dwm-status.nix b/pkgs/applications/window-managers/dwm/dwm-status.nix index 568258ee2c4..176c2a0ddff 100644 --- a/pkgs/applications/window-managers/dwm/dwm-status.nix +++ b/pkgs/applications/window-managers/dwm/dwm-status.nix @@ -9,19 +9,19 @@ in rustPlatform.buildRustPackage rec { pname = "dwm-status"; - version = "1.6.4"; + version = "1.7.0"; src = fetchFromGitHub { owner = "Gerschtli"; repo = "dwm-status"; rev = version; - sha256 = "05dhd2gy7ysrnchdimrdd7jvzs1db9fyrk4ci7850jhrgavfd7c4"; + sha256 = "1a3dpawxgi8d2a6w5jzvzm5q13rvqd656ris8mz77gj6f8qp7ddl"; }; nativeBuildInputs = [ makeWrapper pkgconfig ]; buildInputs = [ dbus gdk-pixbuf libnotify xorg.libX11 ]; - cargoSha256 = "0zkbps8vsjcvy7x0sgb07kacszi57dlyq8j6ia6yy0jyqnvlaqa7"; + cargoSha256 = "12b6fdhj13axhwf854n071dpiycg73g4kvl7igk1qn7l3gqwsfqn"; postInstall = lib.optionalString (bins != []) '' wrapProgram $out/bin/dwm-status --prefix "PATH" : "${stdenv.lib.makeBinPath bins}" From 58596231632092a48ee3c93ca3369db02d2dcc1d Mon Sep 17 00:00:00 2001 From: "R. RyanTM" Date: Tue, 19 May 2020 19:36:05 +0000 Subject: [PATCH 018/101] moosefs: 3.0.112 -> 3.0.113 --- pkgs/tools/filesystems/moosefs/default.nix | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/pkgs/tools/filesystems/moosefs/default.nix b/pkgs/tools/filesystems/moosefs/default.nix index 4a912d3b42c..af09cafe1de 100644 --- a/pkgs/tools/filesystems/moosefs/default.nix +++ b/pkgs/tools/filesystems/moosefs/default.nix @@ -10,13 +10,13 @@ stdenv.mkDerivation rec { pname = "moosefs"; - version = "3.0.112"; + version = "3.0.113"; src = fetchFromGitHub { owner = pname; repo = pname; rev = "v${version}"; - sha256 = "04ymwg9r9x9gqjwy9jbjv7zzfgwal0xlfy6z5bwl27m2ys6l5k4a"; + sha256 = "0h3dhj6lznbkvmkr21w58avl9fa4pgj73fv0lkzcagksyyh5l0n9"; }; nativeBuildInputs = [ pkgconfig makeWrapper ]; From 7ff368e69b608c8563d6de6b25826b85e02c9a1d Mon Sep 17 00:00:00 2001 From: "R. RyanTM" Date: Tue, 19 May 2020 20:41:40 +0000 Subject: [PATCH 019/101] opendht: 2.0.0 -> 2.1.1 --- pkgs/development/libraries/opendht/default.nix | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/pkgs/development/libraries/opendht/default.nix b/pkgs/development/libraries/opendht/default.nix index 82cfb5c3d06..a62138e8ccf 100644 --- a/pkgs/development/libraries/opendht/default.nix +++ b/pkgs/development/libraries/opendht/default.nix @@ -5,13 +5,13 @@ stdenv.mkDerivation rec { pname = "opendht"; - version = "2.0.0"; + version = "2.1.1"; src = fetchFromGitHub { owner = "savoirfairelinux"; repo = "opendht"; rev = version; - sha256 = "1q1fwk8wwk9r6bp0indpr60ql668lsk16ykslacyhrh7kg97kvhr"; + sha256 = "10sbiwjljxi0a1q3xakmf6v02x3yf38ljvjpql70q4rqggqj9zhh"; }; nativeBuildInputs = From 159c7cb39df6d85283f118f15c490e00f13acfc3 Mon Sep 17 00:00:00 2001 From: "R. RyanTM" Date: Tue, 19 May 2020 22:55:34 +0000 Subject: [PATCH 020/101] pt2-clone: 1.12 -> 1.16 --- pkgs/applications/audio/pt2-clone/default.nix | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/pkgs/applications/audio/pt2-clone/default.nix b/pkgs/applications/audio/pt2-clone/default.nix index 5284c8af682..c5004634256 100644 --- a/pkgs/applications/audio/pt2-clone/default.nix +++ b/pkgs/applications/audio/pt2-clone/default.nix @@ -7,13 +7,13 @@ stdenv.mkDerivation rec { pname = "pt2-clone"; - version = "1.12"; + version = "1.16"; src = fetchFromGitHub { owner = "8bitbubsy"; repo = "pt2-clone"; rev = "v${version}"; - sha256 = "1y7kv889rm3nvaigcda4bglvwm799f3gp0zrivkvrg1lrlygs89f"; + sha256 = "0rbjphhyca71j22lbyx53w3n2mkdw7xflks2knfaziwdkqcfcvp2"; }; nativeBuildInputs = [ cmake ]; From 1b6e96075515406f9e2ddf4ce866d9b56e64d68a Mon Sep 17 00:00:00 2001 From: "R. RyanTM" Date: Wed, 20 May 2020 00:27:42 +0000 Subject: [PATCH 021/101] rshell: 0.0.27 -> 0.0.28 --- pkgs/development/tools/rshell/default.nix | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/pkgs/development/tools/rshell/default.nix b/pkgs/development/tools/rshell/default.nix index 5087b811ac0..4e3e12a8eeb 100644 --- a/pkgs/development/tools/rshell/default.nix +++ b/pkgs/development/tools/rshell/default.nix @@ -2,11 +2,11 @@ buildPythonApplication rec { pname = "rshell"; - version = "0.0.27"; + version = "0.0.28"; src = fetchPypi { inherit pname version; - sha256 = "15pm60jfmr5nms43nrh5jlpz4lxxfhaahznfcys6nc4g80r2fwr2"; + sha256 = "1crnlv0khplpibl9mj3flrgp877pnr1xz6hnnsi6hk3kfbc6p3nj"; }; propagatedBuildInputs = [ pyserial pyudev ]; From c00af269b59183dde63da1ebe62493e2bc67c9ac Mon Sep 17 00:00:00 2001 From: "R. RyanTM" Date: Wed, 20 May 2020 01:20:50 +0000 Subject: [PATCH 022/101] snapraid: 11.3 -> 11.4 --- pkgs/tools/filesystems/snapraid/default.nix | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/pkgs/tools/filesystems/snapraid/default.nix b/pkgs/tools/filesystems/snapraid/default.nix index db9afedad96..1cb9ccd873e 100644 --- a/pkgs/tools/filesystems/snapraid/default.nix +++ b/pkgs/tools/filesystems/snapraid/default.nix @@ -2,13 +2,13 @@ stdenv.mkDerivation rec { pname = "snapraid"; - version = "11.3"; + version = "11.4"; src = fetchFromGitHub { owner = "amadvance"; repo = "snapraid"; rev = "v${version}"; - sha256 = "08rwz55njkr1w794y3hs8nxc11vzbv4drds9wgxpf6ps8qf9q49f"; + sha256 = "1mhinc9wny4a1xdrbksdl58kfrsh1cxp79zcgsl99gnyw47r22jy"; }; VERSION = version; From 5fb28b9f65f5a867fef34f4334f67e5da04d662c Mon Sep 17 00:00:00 2001 From: "R. RyanTM" Date: Wed, 20 May 2020 02:24:19 +0000 Subject: [PATCH 023/101] tmux-xpanes: 4.1.1 -> 4.1.2 --- pkgs/tools/misc/tmux-xpanes/default.nix | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/pkgs/tools/misc/tmux-xpanes/default.nix b/pkgs/tools/misc/tmux-xpanes/default.nix index 06e7980167a..6e41eba7359 100644 --- a/pkgs/tools/misc/tmux-xpanes/default.nix +++ b/pkgs/tools/misc/tmux-xpanes/default.nix @@ -2,13 +2,13 @@ stdenv.mkDerivation rec { pname = "tmux-xpanes"; - version = "4.1.1"; + version = "4.1.2"; src = fetchFromGitHub { owner = "greymd"; repo = pname; rev = "v${version}"; - sha256 = "13q02vdk229chgbn547wwv29cj4njvz02lmw840g8qmwh73qb2pi"; + sha256 = "0vm5mi6dqdbg0b5qh4r8sr1plpc00jryd8a2qxpp3a72cigjvvf0"; }; buildInputs = [ openssl perl ]; From 3130356b9ec07b0fbbd3150a620f78f4c7645a65 Mon Sep 17 00:00:00 2001 From: "R. RyanTM" Date: Wed, 20 May 2020 02:54:26 +0000 Subject: [PATCH 024/101] urh: 2.8.7 -> 2.8.8 --- pkgs/applications/radio/urh/default.nix | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/pkgs/applications/radio/urh/default.nix b/pkgs/applications/radio/urh/default.nix index d75572e5e57..730b679ba61 100644 --- a/pkgs/applications/radio/urh/default.nix +++ b/pkgs/applications/radio/urh/default.nix @@ -5,13 +5,13 @@ python3Packages.buildPythonApplication rec { pname = "urh"; - version = "2.8.7"; + version = "2.8.8"; src = fetchFromGitHub { owner = "jopohl"; repo = pname; rev = "v${version}"; - sha256 = "1grak0vzlzqvg8bqaalyamwvkyzlmj9nbczqp6jcdf6w2vnbzhph"; + sha256 = "0knymy85n9kxj364jpxjc4v9c238b00nl40rafi1ripkqx36bsfv"; }; nativeBuildInputs = [ qt5.wrapQtAppsHook ]; From cace963fc1d3cc325d3400d31827bc82f6d786f3 Mon Sep 17 00:00:00 2001 From: "R. RyanTM" Date: Wed, 20 May 2020 05:26:57 +0000 Subject: [PATCH 025/101] atlassian-confluence: 7.3.4 -> 7.4.0 --- pkgs/servers/atlassian/confluence.nix | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/pkgs/servers/atlassian/confluence.nix b/pkgs/servers/atlassian/confluence.nix index d8410c87b76..81f8422bb04 100644 --- a/pkgs/servers/atlassian/confluence.nix +++ b/pkgs/servers/atlassian/confluence.nix @@ -8,11 +8,11 @@ assert withMysql -> (mysql_jdbc != null); stdenvNoCC.mkDerivation rec { pname = "atlassian-confluence"; - version = "7.3.4"; + version = "7.4.0"; src = fetchurl { url = "https://product-downloads.atlassian.com/software/confluence/downloads/${pname}-${version}.tar.gz"; - sha256 = "13d0vnsvyl8cjdxnp2w284814bnqgbksl8mq7lkjms1x083mhnzi"; + sha256 = "1spykb8f24dlzrcyj01nv1ra278j0b6bxbnvrcnp6yr2s69cjwd0"; }; buildPhase = '' From 88a760ef95e6fcf2e590616202e46fd580fc00d1 Mon Sep 17 00:00:00 2001 From: "R. RyanTM" Date: Wed, 20 May 2020 06:15:57 +0000 Subject: [PATCH 026/101] bindfs: 1.14.5 -> 1.14.7 --- pkgs/tools/filesystems/bindfs/default.nix | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/pkgs/tools/filesystems/bindfs/default.nix b/pkgs/tools/filesystems/bindfs/default.nix index bf6c68072aa..f8968260ce7 100644 --- a/pkgs/tools/filesystems/bindfs/default.nix +++ b/pkgs/tools/filesystems/bindfs/default.nix @@ -1,12 +1,12 @@ { stdenv, fetchurl, fuse, pkgconfig }: stdenv.mkDerivation rec { - version = "1.14.5"; + version = "1.14.7"; pname = "bindfs"; src = fetchurl { url = "https://bindfs.org/downloads/${pname}-${version}.tar.gz"; - sha256 = "173c5fcnfbnlw5a437r2x899ax77j3wp8gg8gffhryahcgyn1abq"; + sha256 = "1lbqyc9vpgck05n0q3qsvsr34142iv721z6iwxhc5j98370ff9i8"; }; dontStrip = true; From 61999ffd0e744fafdaf3b49ceb750dd07225ea9a Mon Sep 17 00:00:00 2001 From: "R. RyanTM" Date: Wed, 20 May 2020 06:56:22 +0000 Subject: [PATCH 027/101] bmake: 20200402 -> 20200506 --- pkgs/development/tools/build-managers/bmake/default.nix | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/pkgs/development/tools/build-managers/bmake/default.nix b/pkgs/development/tools/build-managers/bmake/default.nix index 7550068274c..499ef7a19b3 100644 --- a/pkgs/development/tools/build-managers/bmake/default.nix +++ b/pkgs/development/tools/build-managers/bmake/default.nix @@ -4,11 +4,11 @@ stdenv.mkDerivation rec { pname = "bmake"; - version = "20200402"; + version = "20200506"; src = fetchurl { url = "http://www.crufty.net/ftp/pub/sjg/${pname}-${version}.tar.gz"; - sha256 = "0a49pfmbqb3g1h2r2vwbcb4hdyygq1g9n5y7qab37slfml2g45fg"; + sha256 = "1qiq6lvlg2hqiq03slv4vzv3bn4cr3w95r3i6m5fa4hgn2dkrhqa"; }; nativeBuildInputs = [ getopt ]; From d1b7e3f8cc14a4d6aa6e42f6253f4848697250b6 Mon Sep 17 00:00:00 2001 From: "R. RyanTM" Date: Wed, 20 May 2020 10:04:01 +0000 Subject: [PATCH 028/101] clp: 1.17.5 -> 1.17.6 --- pkgs/applications/science/math/clp/default.nix | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/pkgs/applications/science/math/clp/default.nix b/pkgs/applications/science/math/clp/default.nix index 5e770cec13b..97ef3dd7543 100644 --- a/pkgs/applications/science/math/clp/default.nix +++ b/pkgs/applications/science/math/clp/default.nix @@ -1,11 +1,11 @@ { stdenv, fetchurl, zlib }: stdenv.mkDerivation rec { - version = "1.17.5"; + version = "1.17.6"; pname = "clp"; src = fetchurl { url = "https://www.coin-or.org/download/source/Clp/Clp-${version}.tgz"; - sha256 = "0y5wg4lfffy5vh8gc20v68pmmv241ndi2jgm9pgvk39b00bzkaa9"; + sha256 = "0ap1f0lxppa6pnbc4bg7ih7a96avwaki482nig8w5fr3vg9wvkzr"; }; propagatedBuildInputs = [ zlib ]; From ccbba967917cb86e7ac338ac22d6fbf276d7daf3 Mon Sep 17 00:00:00 2001 From: "R. RyanTM" Date: Wed, 20 May 2020 11:46:39 +0000 Subject: [PATCH 029/101] bsequencer: 1.4.0 -> 1.4.2 --- pkgs/applications/audio/bsequencer/default.nix | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/pkgs/applications/audio/bsequencer/default.nix b/pkgs/applications/audio/bsequencer/default.nix index 674795dca20..bb45a846b1b 100644 --- a/pkgs/applications/audio/bsequencer/default.nix +++ b/pkgs/applications/audio/bsequencer/default.nix @@ -2,13 +2,13 @@ stdenv.mkDerivation rec { pname = "BSEQuencer"; - version = "1.4.0"; + version = "1.4.2"; src = fetchFromGitHub { owner = "sjaehn"; repo = pname; rev = "${version}"; - sha256 = "1zz1cirmx4wm4im4gjdp691f2042c8d1i8np1ns71f6kqdj9ps3k"; + sha256 = "1fz0p0ba00b7k7a8q9mxwj01jwl8xwh9a2npn00pbbdrg9zv4fdr"; }; nativeBuildInputs = [ pkgconfig ]; From f33a047d4bf6e13e717f65dcb26ff9336b06179e Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Jos=C3=A9=20Romildo=20Malaquias?= Date: Wed, 20 May 2020 15:35:48 -0300 Subject: [PATCH 030/101] fbmenugen: init at 2020-05-20 --- .../misc/fbmenugen/0001-Fix-paths.patch | 69 +++++++++++++++++ pkgs/applications/misc/fbmenugen/default.nix | 75 +++++++++++++++++++ pkgs/top-level/all-packages.nix | 2 + 3 files changed, 146 insertions(+) create mode 100644 pkgs/applications/misc/fbmenugen/0001-Fix-paths.patch create mode 100644 pkgs/applications/misc/fbmenugen/default.nix diff --git a/pkgs/applications/misc/fbmenugen/0001-Fix-paths.patch b/pkgs/applications/misc/fbmenugen/0001-Fix-paths.patch new file mode 100644 index 00000000000..b52aeafb5f3 --- /dev/null +++ b/pkgs/applications/misc/fbmenugen/0001-Fix-paths.patch @@ -0,0 +1,69 @@ +From 76c25147328d71960c70bbdd5a9396aac4a362a2 Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Jos=C3=A9=20Romildo=20Malaquias?= +Date: Wed, 20 May 2020 14:19:07 -0300 +Subject: [PATCH] Fix paths + +--- + fbmenugen | 14 ++++++-------- + 1 file changed, 6 insertions(+), 8 deletions(-) + +diff --git a/fbmenugen b/fbmenugen +index 46a18dc..0c8eb08 100755 +--- a/fbmenugen ++++ b/fbmenugen +@@ -214,9 +214,7 @@ my %CONFIG = ( + + #<<< + desktop_files_paths => [ +- '/usr/share/applications', +- '/usr/local/share/applications', +- '/usr/share/applications/kde4', ++ '/run/current-system/sw/share/applications', + "$home_dir/.local/share/applications", + ], + #>>> +@@ -232,7 +230,7 @@ my %CONFIG = ( + force_icon_size => 0, + generic_fallback => 0, + locale_support => 1, +- use_gtk3 => 0, ++ use_gtk3 => 1, + + VERSION => $version, + ); +@@ -252,7 +250,7 @@ if (not -e $config_file) { + } + + if (not -e $schema_file) { +- if (-e (my $etc_schema_file = "/etc/xdg/$pkgname/schema.pl")) { ++ if (-e (my $etc_schema_file = "@fbmenugen@/etc/xdg/$pkgname/schema.pl")) { + require File::Copy; + File::Copy::copy($etc_schema_file, $schema_file) + or warn "$0: can't copy file `$etc_schema_file' to `$schema_file': $!\n"; +@@ -570,7 +568,7 @@ EXIT + $generated_menu .= begin_category(@{$schema->{fluxbox}}) . <<"FOOTER"; + [config] (Configure) + [submenu] (System Styles) {Choose a style...} +- [stylesdir] (/usr/share/fluxbox/styles) ++ [stylesdir] (@fluxbox@/share/fluxbox/styles) + [end] + [submenu] (User Styles) {Choose a style...} + [stylesdir] (~/.fluxbox/styles) +@@ -580,12 +578,12 @@ EXIT + [exec] (Screenshot - JPG) {import screenshot.jpg && display -resize 50% screenshot.jpg} + [exec] (Screenshot - PNG) {import screenshot.png && display -resize 50% screenshot.png} + [exec] (Run) {fbrun} +- [exec] (Regen Menu) {fluxbox-generate_menu} ++ [exec] (Regen Menu) {@fluxbox@/bin/fluxbox-generate_menu} + [end] + [commanddialog] (Fluxbox Command) + [reconfig] (Reload config) + [restart] (Restart) +- [exec] (About) {(fluxbox -v; fluxbox -info | sed 1d) | xmessage -file - -center} ++ [exec] (About) {(@fluxbox@/bin/fluxbox -v; @fluxbox@/bin/fluxbox -info | @gnused@/bin/sed 1d) | @xmessage@/bin/xmessage -file - -center} + [separator] + [exit] (Exit) + [end] +-- +2.26.2 + diff --git a/pkgs/applications/misc/fbmenugen/default.nix b/pkgs/applications/misc/fbmenugen/default.nix new file mode 100644 index 00000000000..fcf8191d3b7 --- /dev/null +++ b/pkgs/applications/misc/fbmenugen/default.nix @@ -0,0 +1,75 @@ +{ stdenv +, fetchFromGitHub +, fluxbox +, gnused +, makeWrapper +, perlPackages +, substituteAll +, xorg +, wrapGAppsHook +}: + +perlPackages.buildPerlPackage rec { + pname = "fbmenugen"; + version = "2020-05-20"; + + src = fetchFromGitHub { + owner = "trizen"; + repo = pname; + rev = "ed9a680546edbb5b05086971b6a9f42a37cb485f"; + sha256 = "1fikdl08a0s8d6k1ls1pzmw2rcwkfbbczsjfx6lr12ngd2bz222h"; + }; + + patches = [ + (substituteAll { + src = ./0001-Fix-paths.patch; + xmessage = xorg.xmessage; + inherit fluxbox gnused; + }) + ]; + + outputs = [ "out" ]; + + nativeBuildInputs = [ + makeWrapper + wrapGAppsHook + ]; + + buildInputs = [ + fluxbox + gnused + perlPackages.DataDump + perlPackages.FileDesktopEntry + perlPackages.Gtk3 + perlPackages.LinuxDesktopFiles + perlPackages.perl + xorg.xmessage + ]; + + dontConfigure = true; + + dontBuild = true; + + postPatch = '' + substituteInPlace fbmenugen --subst-var-by fbmenugen $out + ''; + + installPhase = '' + runHook preInstall + install -D -t $out/bin ${pname} + install -D -t $out/etc/xdg/${pname} schema.pl + runHook postInstall + ''; + + postFixup = '' + wrapProgram "$out/bin/${pname}" --prefix PERL5LIB : "$PERL5LIB" + ''; + + meta = with stdenv.lib; { + homepage = "https://github.com/trizen/fbmenugen"; + description = "Simple menu generator for the Fluxbox Window Manager"; + license = licenses.gpl3; + platforms = platforms.linux; + maintainers = [ maintainers.romildo ]; + }; +} diff --git a/pkgs/top-level/all-packages.nix b/pkgs/top-level/all-packages.nix index 6e5f9d8f888..6dcb70595e2 100644 --- a/pkgs/top-level/all-packages.nix +++ b/pkgs/top-level/all-packages.nix @@ -19342,6 +19342,8 @@ in fasttext = callPackage ../applications/science/machine-learning/fasttext { }; + fbmenugen = callPackage ../applications/misc/fbmenugen { }; + fbpanel = callPackage ../applications/window-managers/fbpanel { }; fbreader = callPackage ../applications/misc/fbreader { From 05ff09956cadf8836093826311bdfa7f9843afed Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Roberto=20Abdelkader=20Mart=C3=ADnez=20P=C3=A9rez?= Date: Wed, 20 May 2020 23:02:01 +0200 Subject: [PATCH 031/101] kapow: init at 0.5.3 --- maintainers/maintainer-list.nix | 6 ++++++ pkgs/servers/kapow/default.nix | 26 ++++++++++++++++++++++++++ pkgs/top-level/all-packages.nix | 2 ++ 3 files changed, 34 insertions(+) create mode 100644 pkgs/servers/kapow/default.nix diff --git a/maintainers/maintainer-list.nix b/maintainers/maintainer-list.nix index f84b8bc2ec1..2b62058aeee 100644 --- a/maintainers/maintainer-list.nix +++ b/maintainers/maintainer-list.nix @@ -5558,6 +5558,12 @@ githubId = 4368690; name = "Ratko Mladic"; }; + nilp0inter = { + email = "robertomartinezp@gmail.com"; + github = "nilp0inter"; + githubId = 1224006; + name = "Roberto Abdelkader Martínez Pérez"; + }; ninjatrappeur = { email = "felix@alternativebit.fr"; github = "ninjatrappeur"; diff --git a/pkgs/servers/kapow/default.nix b/pkgs/servers/kapow/default.nix new file mode 100644 index 00000000000..1990dba381d --- /dev/null +++ b/pkgs/servers/kapow/default.nix @@ -0,0 +1,26 @@ +{ stdenv, buildGoModule, fetchFromGitHub }: + +buildGoModule rec { + pname = "kapow"; + version = "0.5.3"; + + goPackagePath = "github.com/BBVA/kapow"; + + subPackages = [ "." ]; + + src = fetchFromGitHub { + owner = "BBVA"; + repo = pname; + rev = "v${version}"; + sha256 = "0m5b9lvg5d908d27khyx9p3567pap1b2mxl8fk7cxhb51r89jypj"; + }; + + vendorSha256 = "159s46rhg67mgglaxgddx3k8kssl0cqiq8yjdqgjhhxppf16r7dy"; + + meta = with stdenv.lib; { + homepage = "https://github.com/BBVA/kapow"; + description = "Expose command-line tools over HTTP"; + license = licenses.asl20; + maintainers = with maintainers; [ nilp0inter ]; + }; +} diff --git a/pkgs/top-level/all-packages.nix b/pkgs/top-level/all-packages.nix index c60a8d72dd7..229b645e879 100644 --- a/pkgs/top-level/all-packages.nix +++ b/pkgs/top-level/all-packages.nix @@ -15658,6 +15658,8 @@ in jetty = callPackage ../servers/http/jetty { }; + kapow = callPackage ../servers/kapow { }; + keycloak = callPackage ../servers/keycloak { }; knot-dns = callPackage ../servers/dns/knot-dns { }; From c82e3789b35f7c28e759f5bc1da3450e04432c5e Mon Sep 17 00:00:00 2001 From: "R. RyanTM" Date: Wed, 20 May 2020 22:03:30 +0000 Subject: [PATCH 032/101] pspg: 3.0.7 -> 3.1.1 --- pkgs/tools/misc/pspg/default.nix | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/pkgs/tools/misc/pspg/default.nix b/pkgs/tools/misc/pspg/default.nix index 1bb7f9582c4..fa8404615f9 100644 --- a/pkgs/tools/misc/pspg/default.nix +++ b/pkgs/tools/misc/pspg/default.nix @@ -2,13 +2,13 @@ stdenv.mkDerivation rec { pname = "pspg"; - version = "3.0.7"; + version = "3.1.1"; src = fetchFromGitHub { owner = "okbob"; repo = pname; rev = version; - sha256 = "10w47hbi6y92imzh1rlwkh5bfj1pnlkfxhbi8lhmy6ggxa62xmf7"; + sha256 = "1hs1cixk1jcx8br81c4drm1b56hwcq6jiww0ywrpdna475jv5vvw"; }; nativeBuildInputs = [ pkgconfig ]; From 59c9a6ee3b67be38a8b9b1d795e1753b4a762054 Mon Sep 17 00:00:00 2001 From: "R. RyanTM" Date: Thu, 21 May 2020 00:49:18 +0000 Subject: [PATCH 033/101] x11docker: 6.6.1 -> 6.6.2 --- pkgs/applications/virtualization/x11docker/default.nix | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/pkgs/applications/virtualization/x11docker/default.nix b/pkgs/applications/virtualization/x11docker/default.nix index 7ef91e6f609..cbaa0a57992 100644 --- a/pkgs/applications/virtualization/x11docker/default.nix +++ b/pkgs/applications/virtualization/x11docker/default.nix @@ -1,12 +1,12 @@ { stdenv, fetchFromGitHub, makeWrapper, nx-libs, xorg, getopt, gnugrep, gawk, ps, mount, iproute }: stdenv.mkDerivation rec { pname = "x11docker"; - version = "6.6.1"; + version = "6.6.2"; src = fetchFromGitHub { owner = "mviereck"; repo = "x11docker"; rev = "v${version}"; - sha256 = "0p1ypgy45ngxxjczd986pkfh4cn5bs45cwzlfv9fm2p58fkx3aar"; + sha256 = "1skdgr2hipd7yx9c7r7nr3914gm9cm1xj6h3qdsa9f92xxm3aml1"; }; nativeBuildInputs = [ makeWrapper ]; From 2c29c7a06cc08a8a02b1df87136c01ecad746ad9 Mon Sep 17 00:00:00 2001 From: "R. RyanTM" Date: Thu, 21 May 2020 05:41:31 +0000 Subject: [PATCH 034/101] cfr: 0.149 -> 0.150 --- pkgs/development/tools/java/cfr/default.nix | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/pkgs/development/tools/java/cfr/default.nix b/pkgs/development/tools/java/cfr/default.nix index 09684ea9986..ce1501fa4dd 100644 --- a/pkgs/development/tools/java/cfr/default.nix +++ b/pkgs/development/tools/java/cfr/default.nix @@ -2,11 +2,11 @@ stdenv.mkDerivation rec { pname = "cfr"; - version = "0.149"; + version = "0.150"; src = fetchurl { url = "http://www.benf.org/other/cfr/cfr_${version}.jar"; - sha256 = "1jksjr1345wj42nfad7k6skvpg5qsm4xgjdwzb90zhn27ddkns6v"; + sha256 = "09lq21phnhr374wb8gj355jsqj8c4m5m818r3pbr8f8zpaamjxfj"; }; nativeBuildInputs = [ makeWrapper ]; From 0fca1e3db4e105d3137b96df255c2064e284fc47 Mon Sep 17 00:00:00 2001 From: "R. RyanTM" Date: Thu, 21 May 2020 07:30:30 +0000 Subject: [PATCH 035/101] duo-unix: 1.11.3 -> 1.11.4 --- pkgs/tools/security/duo-unix/default.nix | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/pkgs/tools/security/duo-unix/default.nix b/pkgs/tools/security/duo-unix/default.nix index 2cf9b92745f..2c3a7a441af 100644 --- a/pkgs/tools/security/duo-unix/default.nix +++ b/pkgs/tools/security/duo-unix/default.nix @@ -2,11 +2,11 @@ stdenv.mkDerivation rec { pname = "duo-unix"; - version = "1.11.3"; + version = "1.11.4"; src = fetchurl { url = "https://dl.duosecurity.com/duo_unix-${version}.tar.gz"; - sha256 = "097i2dsnbndpnyc4nx1j76qkx1bxwwlxnzmp1h3j4raghddgiq0g"; + sha256 = "1hqklf6jzrxn5hgh69bbl6962hwwgf06dlrb0ry7n5iy8w8imnsg"; }; buildInputs = [ pam openssl zlib ]; From 02ac04d3cb00089d2dd779ba7194e192eb3240d8 Mon Sep 17 00:00:00 2001 From: "R. RyanTM" Date: Thu, 21 May 2020 07:38:27 +0000 Subject: [PATCH 036/101] dit: 0.6 -> 0.7 --- pkgs/applications/editors/dit/default.nix | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/pkgs/applications/editors/dit/default.nix b/pkgs/applications/editors/dit/default.nix index f973e67599c..e89267d04c5 100644 --- a/pkgs/applications/editors/dit/default.nix +++ b/pkgs/applications/editors/dit/default.nix @@ -2,11 +2,11 @@ stdenv.mkDerivation rec { pname = "dit"; - version = "0.6"; + version = "0.7"; src = fetchurl { url = "https://hisham.hm/dit/releases/${version}/${pname}-${version}.tar.gz"; - sha256 = "0ryvm54xxkg2gcgz4r8zdxrl6j2h8mgg9nfqmdmdr31qkcj8wjsq"; + sha256 = "0cmbyzqfz2qa83cg8lpjifn34wmx34c5innw485zh4vk3c0k8wlj"; }; buildInputs = [ ncurses lua ] From 5cf586672a03fe086553240f88c803c27be2954c Mon Sep 17 00:00:00 2001 From: "R. RyanTM" Date: Thu, 21 May 2020 09:06:36 +0000 Subject: [PATCH 037/101] evince: 3.36.0 -> 3.36.1 --- pkgs/desktops/gnome-3/core/evince/default.nix | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/pkgs/desktops/gnome-3/core/evince/default.nix b/pkgs/desktops/gnome-3/core/evince/default.nix index 2852c816e4b..88e5d78c4c3 100644 --- a/pkgs/desktops/gnome-3/core/evince/default.nix +++ b/pkgs/desktops/gnome-3/core/evince/default.nix @@ -43,13 +43,13 @@ stdenv.mkDerivation rec { pname = "evince"; - version = "3.36.0"; + version = "3.36.1"; outputs = [ "out" "dev" "devdoc" ]; src = fetchurl { url = "mirror://gnome/sources/evince/${stdenv.lib.versions.majorMinor version}/${pname}-${version}.tar.xz"; - sha256 = "1a7v534sqbg7rlrvg9x1rffdf6p9n37blp3wix6anyfl6i99n7c5"; + sha256 = "1msbb66lasikpfjpkwsvi7h22hqmk275850ilpdqwbd0b39vzf4c"; }; postPatch = '' From 8e860b9e7b886e48605a19bb50dd38a0ea103496 Mon Sep 17 00:00:00 2001 From: Mario Rodas Date: Thu, 21 May 2020 04:20:00 -0500 Subject: [PATCH 038/101] vault: 1.4.1 -> 1.4.2 --- pkgs/tools/security/vault/default.nix | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/pkgs/tools/security/vault/default.nix b/pkgs/tools/security/vault/default.nix index 515b5884999..e1b6ef80860 100644 --- a/pkgs/tools/security/vault/default.nix +++ b/pkgs/tools/security/vault/default.nix @@ -2,13 +2,13 @@ buildGoPackage rec { pname = "vault"; - version = "1.4.1"; + version = "1.4.2"; src = fetchFromGitHub { owner = "hashicorp"; repo = "vault"; rev = "v${version}"; - sha256 = "0fbbvihvlzh95rrk65bwxfcam6y57q0yffq8dzvcbm3i0ap7ndar"; + sha256 = "0aschysngs6f50plqkqbnhgl6zryd0bpypr50zd45cgww7jvvqd4"; }; goPackagePath = "github.com/hashicorp/vault"; From 1039faacfb9cbb005153dff573ad9ce2e817a418 Mon Sep 17 00:00:00 2001 From: "R. RyanTM" Date: Thu, 21 May 2020 09:33:39 +0000 Subject: [PATCH 039/101] gensio: 1.3.3 -> 2.0.5 --- pkgs/development/libraries/gensio/default.nix | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/pkgs/development/libraries/gensio/default.nix b/pkgs/development/libraries/gensio/default.nix index 20e2f6905ce..684bad14dda 100644 --- a/pkgs/development/libraries/gensio/default.nix +++ b/pkgs/development/libraries/gensio/default.nix @@ -2,13 +2,13 @@ stdenv.mkDerivation rec { pname = "gensio"; - version = "1.3.3"; + version = "2.0.5"; src = fetchFromGitHub { owner = "cminyard"; repo = "${pname}"; rev = "v${version}"; - sha256 = "04yrm3kg8m77kh6z0b9yw4h43fm0d54wnyrd8lp5ddn487kawm5g"; + sha256 = "1j6c6vmnip24pxafk29y312vif1xlryymv7aaxgqp9ca3s91nlrf"; }; configureFlags = [ From 6e8f3635a2dd24120dfcefafe4f68dede2a3a1d5 Mon Sep 17 00:00:00 2001 From: Rouven Czerwinski Date: Thu, 21 May 2020 12:09:07 +0200 Subject: [PATCH 040/101] ser2net: 4.1.1 -> 4.1.8 --- pkgs/servers/ser2net/default.nix | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/pkgs/servers/ser2net/default.nix b/pkgs/servers/ser2net/default.nix index e18d96013e4..bbfb0315d9e 100644 --- a/pkgs/servers/ser2net/default.nix +++ b/pkgs/servers/ser2net/default.nix @@ -1,17 +1,17 @@ -{ stdenv, lib, fetchFromGitHub, gensio, libyaml, autoreconfHook }: +{ stdenv, lib, fetchFromGitHub, gensio, libyaml, autoreconfHook, pkgconfig }: stdenv.mkDerivation rec { pname = "ser2net"; - version = "4.1.1"; + version = "4.1.8"; src = fetchFromGitHub { owner = "cminyard"; repo = "${pname}"; rev = "v${version}"; - sha256 = "1zl68mmd7pp10cjv1jk8rs2dlbwvzskyb58qvc7ph7vc6957lfhc"; + sha256 = "0xxxxlfi4wln2l86ybdsc42qcj37mnac2s2baj6s7mqri8alaa14"; }; - buildInputs = [ autoreconfHook gensio libyaml ]; + buildInputs = [ pkgconfig autoreconfHook gensio libyaml ]; meta = with lib; { description = "Serial to network connection server"; From 5b4607a92df360b5a80e42c9b01db88d6e76dc61 Mon Sep 17 00:00:00 2001 From: "R. RyanTM" Date: Thu, 21 May 2020 11:34:18 +0000 Subject: [PATCH 041/101] fetchmail: 6.4.4 -> 6.4.5 --- pkgs/applications/misc/fetchmail/default.nix | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/pkgs/applications/misc/fetchmail/default.nix b/pkgs/applications/misc/fetchmail/default.nix index 1b892c7f536..c1104eb0a57 100644 --- a/pkgs/applications/misc/fetchmail/default.nix +++ b/pkgs/applications/misc/fetchmail/default.nix @@ -1,7 +1,7 @@ { stdenv, fetchurl, openssl }: let - version = "6.4.4"; + version = "6.4.5"; in stdenv.mkDerivation { pname = "fetchmail"; @@ -9,7 +9,7 @@ stdenv.mkDerivation { src = fetchurl { url = "mirror://sourceforge/fetchmail/fetchmail-${version}.tar.xz"; - sha256 = "1smbydwfjq29a2l44g6mgj0cd412fz40gbq6vq0klm7pmgd606si"; + sha256 = "073bjh8qbvww7f5gbd6pq640qspi7dc6cjndvm0h2jcl0a90c3yk"; }; buildInputs = [ openssl ]; From 06af79c680191f9e27bd5e53ee4b34d44d7524f8 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?G=C3=BCrkan=20G=C3=BCr?= Date: Thu, 21 May 2020 14:00:22 +0200 Subject: [PATCH 042/101] pysnooper: 0.3.0 -> 0.4.1 --- pkgs/development/python-modules/pysnooper/default.nix | 6 ++---- 1 file changed, 2 insertions(+), 4 deletions(-) diff --git a/pkgs/development/python-modules/pysnooper/default.nix b/pkgs/development/python-modules/pysnooper/default.nix index 347daa6cec0..61e1de20acf 100644 --- a/pkgs/development/python-modules/pysnooper/default.nix +++ b/pkgs/development/python-modules/pysnooper/default.nix @@ -1,26 +1,24 @@ { lib , buildPythonPackage , fetchPypi -, python-toolbox , pytest , isPy27 }: buildPythonPackage rec { - version = "0.3.0"; + version = "0.4.1"; pname = "pysnooper"; src = fetchPypi { inherit version; pname = "PySnooper"; - sha256 = "14vcxrzfmfhsmdck1cb56a6lbfga15qfhlkap9mh47fgspcq8xkx"; + sha256 = "1xngly13x3ylwwcdml2ns8skpxip2myzavp3b9ff2dpqaalf0hdl"; }; # test dependency python-toolbox fails with py27 doCheck = !isPy27; checkInputs = [ - python-toolbox pytest ]; From 4e1b9efd7318d5f119e05f751dddc2968b9242b3 Mon Sep 17 00:00:00 2001 From: "R. RyanTM" Date: Thu, 21 May 2020 12:09:53 +0000 Subject: [PATCH 043/101] gitkraken: 6.6.0 -> 7.0.0 --- pkgs/applications/version-management/gitkraken/default.nix | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/pkgs/applications/version-management/gitkraken/default.nix b/pkgs/applications/version-management/gitkraken/default.nix index c5ee8f39443..88f8df4e254 100644 --- a/pkgs/applications/version-management/gitkraken/default.nix +++ b/pkgs/applications/version-management/gitkraken/default.nix @@ -13,11 +13,11 @@ let in stdenv.mkDerivation rec { pname = "gitkraken"; - version = "6.6.0"; + version = "7.0.0"; src = fetchzip { url = "https://release.axocdn.com/linux/GitKraken-v${version}.tar.gz"; - sha256 = "1k94dyynsnm90mp7q9h6baq6q9zi539b1qszf3mqvd5i0id9kjcw"; + sha256 = "0ws1gb7fgy72s6hxkf9g16x565m58k1cdzx9ldcdghfffimz4cqx"; }; dontBuild = true; From 4e4616d89fe81f3a63d1b61bb9d8885eef941011 Mon Sep 17 00:00:00 2001 From: "R. RyanTM" Date: Thu, 21 May 2020 16:26:35 +0000 Subject: [PATCH 044/101] glusterfs: 7.5 -> 7.6 --- pkgs/tools/filesystems/glusterfs/default.nix | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/pkgs/tools/filesystems/glusterfs/default.nix b/pkgs/tools/filesystems/glusterfs/default.nix index f02fec85a5b..44880638e65 100644 --- a/pkgs/tools/filesystems/glusterfs/default.nix +++ b/pkgs/tools/filesystems/glusterfs/default.nix @@ -15,10 +15,10 @@ let # The command # find /nix/store/...-glusterfs-.../ -name '*.py' -executable # can help with finding new Python scripts. - version = "7.5"; + version = "7.6"; name="${baseName}-${version}"; url="https://github.com/gluster/glusterfs/archive/v${version}.tar.gz"; - sha256 = "1zahld2v1y920i0p25zcn15a593g3bl5sgnmhkdmn7kvk7mx4p93"; + sha256 = "0zdcv2jk8dp67id8ic30mkn97ccp07jf20g7v09a5k31pw9aqyih"; }; buildInputs = [ From 65bd987b129b33d5a05f6f9a07cba8ee7b82868b Mon Sep 17 00:00:00 2001 From: "R. RyanTM" Date: Thu, 21 May 2020 18:22:55 +0000 Subject: [PATCH 045/101] goffice: 0.10.46 -> 0.10.47 --- pkgs/development/libraries/goffice/default.nix | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/pkgs/development/libraries/goffice/default.nix b/pkgs/development/libraries/goffice/default.nix index f41fa73a6ef..308a4db2800 100644 --- a/pkgs/development/libraries/goffice/default.nix +++ b/pkgs/development/libraries/goffice/default.nix @@ -3,13 +3,13 @@ stdenv.mkDerivation rec { pname = "goffice"; - version = "0.10.46"; + version = "0.10.47"; outputs = [ "out" "dev" "devdoc" ]; src = fetchurl { url = "mirror://gnome/sources/${pname}/${stdenv.lib.versions.majorMinor version}/${pname}-${version}.tar.xz"; - sha256 = "058d6d3a40e1f60525682ec6b857c441d5deb50d0d30a76804f9f36f865a13a9"; + sha256 = "0xmigfdzvmlpa0fw79mf3xwchmxc8rlidryn5syv8bz7msmrb215"; }; nativeBuildInputs = [ pkgconfig intltool ]; From a0203146fdef1b6451c7ec67fbdffc8ef5f5d80f Mon Sep 17 00:00:00 2001 From: "R. RyanTM" Date: Thu, 21 May 2020 18:37:32 +0000 Subject: [PATCH 046/101] flyway: 6.4.1 -> 6.4.2 --- pkgs/development/tools/flyway/default.nix | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/pkgs/development/tools/flyway/default.nix b/pkgs/development/tools/flyway/default.nix index 2d639467910..6018d630674 100644 --- a/pkgs/development/tools/flyway/default.nix +++ b/pkgs/development/tools/flyway/default.nix @@ -1,13 +1,13 @@ { stdenv, fetchurl, jre_headless, makeWrapper }: let - version = "6.4.1"; + version = "6.4.2"; in stdenv.mkDerivation { pname = "flyway"; inherit version; src = fetchurl { url = "https://repo1.maven.org/maven2/org/flywaydb/flyway-commandline/${version}/flyway-commandline-${version}.tar.gz"; - sha256 = "00vm2p4xn8jnldjxcj0djpjjx2hppq0ii8367abhbswq7xfhy2d2"; + sha256 = "1m5i7mw3ml2iaqy09h8nmykn602rwkjfgh2mrmc1gss9q3klj1r8"; }; nativeBuildInputs = [ makeWrapper ]; dontBuild = true; From d0593a7e04671706a07c37231c51abc4b564bd2d Mon Sep 17 00:00:00 2001 From: "R. RyanTM" Date: Thu, 21 May 2020 18:41:52 +0000 Subject: [PATCH 047/101] goaccess: 1.3 -> 1.4 --- pkgs/tools/misc/goaccess/default.nix | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/pkgs/tools/misc/goaccess/default.nix b/pkgs/tools/misc/goaccess/default.nix index b9fdac6cba3..1906c9d5665 100644 --- a/pkgs/tools/misc/goaccess/default.nix +++ b/pkgs/tools/misc/goaccess/default.nix @@ -1,12 +1,12 @@ { stdenv, fetchurl, pkgconfig, ncurses, glib, libmaxminddb }: stdenv.mkDerivation rec { - version = "1.3"; + version = "1.4"; pname = "goaccess"; src = fetchurl { url = "https://tar.goaccess.io/goaccess-${version}.tar.gz"; - sha256 = "16vv3pj7pbraq173wlxa89jjsd279004j4kgzlrsk1dz4if5qxwc"; + sha256 = "1gkpjg39f3afdwm9128jqjsfap07p8s027czzlnxfmi5hpzvkyz8"; }; configureFlags = [ From 93f303a21c809358243d2f2c14538328092364f5 Mon Sep 17 00:00:00 2001 From: "R. RyanTM" Date: Thu, 21 May 2020 19:24:38 +0000 Subject: [PATCH 048/101] gnome3.gnome-applets: 3.36.2 -> 3.36.3 --- pkgs/desktops/gnome-3/misc/gnome-applets/default.nix | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/pkgs/desktops/gnome-3/misc/gnome-applets/default.nix b/pkgs/desktops/gnome-3/misc/gnome-applets/default.nix index bc2afb51979..ef87571e038 100644 --- a/pkgs/desktops/gnome-3/misc/gnome-applets/default.nix +++ b/pkgs/desktops/gnome-3/misc/gnome-applets/default.nix @@ -24,13 +24,13 @@ let pname = "gnome-applets"; - version = "3.36.2"; + version = "3.36.3"; in stdenv.mkDerivation rec { name = "${pname}-${version}"; src = fetchurl { url = "mirror://gnome/sources/${pname}/${stdenv.lib.versions.majorMinor version}/${name}.tar.xz"; - sha256 = "1hlblnajjkvlcd45lxfdxscx7j51nwyvri5jci6ylgpaxlwwm1s8"; + sha256 = "02jwh5yxka2mnzdqnr55lfijplvscy97isv7lqx1zvsi2p7hy38m"; }; nativeBuildInputs = [ From 33647890f23eb89a48e7d633ca8bf41b3aa862a4 Mon Sep 17 00:00:00 2001 From: "R. RyanTM" Date: Thu, 21 May 2020 20:08:56 +0000 Subject: [PATCH 049/101] home-assistant-cli: 0.8.0 -> 0.9.1 --- pkgs/servers/home-assistant/cli.nix | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/pkgs/servers/home-assistant/cli.nix b/pkgs/servers/home-assistant/cli.nix index 17e5559821e..6b7758dd5e1 100644 --- a/pkgs/servers/home-assistant/cli.nix +++ b/pkgs/servers/home-assistant/cli.nix @@ -2,11 +2,11 @@ python3.pkgs.buildPythonApplication rec { pname = "homeassistant-cli"; - version = "0.8.0"; + version = "0.9.1"; src = python3.pkgs.fetchPypi { inherit pname version; - sha256 = "0qq42b2a0rlrzaxwf3zqks5gzgv0hf4pz4yjjl6ldnizw8fcj40n"; + sha256 = "1a31ky2p5w8byf0bjgma6xi328jj690qqksm3dwbi3v8dpqvghgf"; }; postPatch = '' From 226f644abad31d0483098e2e06dd58b3e6978fb2 Mon Sep 17 00:00:00 2001 From: "R. RyanTM" Date: Thu, 21 May 2020 20:32:22 +0000 Subject: [PATCH 050/101] hopper: 4.5.25 -> 4.5.27 --- pkgs/development/tools/analysis/hopper/default.nix | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/pkgs/development/tools/analysis/hopper/default.nix b/pkgs/development/tools/analysis/hopper/default.nix index d854065d601..8a265d89849 100644 --- a/pkgs/development/tools/analysis/hopper/default.nix +++ b/pkgs/development/tools/analysis/hopper/default.nix @@ -12,12 +12,12 @@ }: stdenv.mkDerivation rec { pname = "hopper"; - version = "4.5.25"; + version = "4.5.27"; rev = "v${lib.versions.major version}"; src = fetchurl { url = "https://d2ap6ypl1xbe4k.cloudfront.net/Hopper-${rev}-${version}-Linux.pkg.tar.xz"; - sha256 = "1xv4q41kz7a4cqkkdfgwaw2kgi81z62r9l7hmm8qmsnnlbk4xd5j"; + sha256 = "1c0lyj20kvb6ljf7zk6hzs70bl5fwnmyiv6w3hhr079bgn4fq4m0"; }; sourceRoot = "."; From 027908357f35d1e9eabd51b76a16cd7316f759cc Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?J=C3=B6rg=20Thalheim?= Date: Thu, 21 May 2020 22:46:44 +0100 Subject: [PATCH 051/101] openafs_1_8: include 5.6 fixes --- pkgs/servers/openafs/1.8/module.nix | 20 +++++++++++++++++++- 1 file changed, 19 insertions(+), 1 deletion(-) diff --git a/pkgs/servers/openafs/1.8/module.nix b/pkgs/servers/openafs/1.8/module.nix index 4aecc851b86..d998784b3fa 100644 --- a/pkgs/servers/openafs/1.8/module.nix +++ b/pkgs/servers/openafs/1.8/module.nix @@ -1,7 +1,9 @@ { stdenv, fetchurl, which, autoconf, automake, flex, yacc , kernel, glibc, perl, libtool_2, kerberos, fetchpatch }: -with (import ./srcs.nix { inherit fetchurl; }); +with (import ./srcs.nix { + inherit fetchurl; +}); let modDestDir = "$out/lib/modules/${kernel.modDirVersion}/extra/openafs"; @@ -16,6 +18,22 @@ in stdenv.mkDerivation { buildInputs = [ kerberos ]; + patches = [ + # openafs 5.6 patches, included in the next release + (fetchpatch { + url = "https://github.com/openafs/openafs/commit/34f1689b7288688550119638ee9959e453fde414.patch"; + sha256 = "0rxjqzr8c5ajlk8wrhgjc1qp1934qiriqdi0qxsnk4gj5ibbk4d5"; + }) + (fetchpatch { + url = "https://github.com/openafs/openafs/commit/355ea43f0d1b7feae1b3af58bc33af12838db7c3.patch"; + sha256 = "1f9xn8ql6vnxglpj3dvi30sj8vkncazjab2rc13hbw48nvsvcnhm"; + }) + (fetchpatch { + url = "https://github.com/openafs/openafs/commit/17d38e31e6f2e237a7fb4dfb46841060296310b6.patch"; + sha256 = "14dydxfm0f5fvnj0kmvgm3bgh0ajhh04i3l7l0hr9cpmwl7vrlcg"; + }) + ]; + hardeningDisable = [ "pic" ]; configureFlags = [ From aef1ddfbe9355a4c229c70abc6adee948ac5e38d Mon Sep 17 00:00:00 2001 From: zowoq <59103226+zowoq@users.noreply.github.com> Date: Wed, 20 May 2020 16:13:07 +1000 Subject: [PATCH 052/101] metasploit: add libiconv to shell.nix --- pkgs/tools/security/metasploit/shell.nix | 11 ++++++----- 1 file changed, 6 insertions(+), 5 deletions(-) diff --git a/pkgs/tools/security/metasploit/shell.nix b/pkgs/tools/security/metasploit/shell.nix index cd7a01214c6..e4bae57b686 100644 --- a/pkgs/tools/security/metasploit/shell.nix +++ b/pkgs/tools/security/metasploit/shell.nix @@ -3,14 +3,15 @@ with import {}; stdenv.mkDerivation { name = "env"; buildInputs = [ - ruby.devEnv + bundix git - sqlite + libiconv libpcap - postgresql libxml2 libxslt - pkgconfig - bundix + pkg-config + postgresql + ruby.devEnv + sqlite ]; } From 1ccf7cd70459344b93fb7f7df3046a2b43b35f6a Mon Sep 17 00:00:00 2001 From: zowoq <59103226+zowoq@users.noreply.github.com> Date: Wed, 20 May 2020 16:12:05 +1000 Subject: [PATCH 053/101] metasploit: 5.0.74 -> 5.0.90 --- pkgs/tools/security/metasploit/Gemfile | 2 +- pkgs/tools/security/metasploit/Gemfile.lock | 104 +++++++------ pkgs/tools/security/metasploit/default.nix | 4 +- pkgs/tools/security/metasploit/gemset.nix | 164 ++++++++++++-------- 4 files changed, 156 insertions(+), 118 deletions(-) diff --git a/pkgs/tools/security/metasploit/Gemfile b/pkgs/tools/security/metasploit/Gemfile index 3924e6919d3..457c6249ca0 100644 --- a/pkgs/tools/security/metasploit/Gemfile +++ b/pkgs/tools/security/metasploit/Gemfile @@ -1,4 +1,4 @@ # frozen_string_literal: true source "https://rubygems.org" -gem "metasploit-framework", git: "https://github.com/rapid7/metasploit-framework", ref: "refs/tags/5.0.74" +gem "metasploit-framework", git: "https://github.com/rapid7/metasploit-framework", ref: "refs/tags/5.0.90" diff --git a/pkgs/tools/security/metasploit/Gemfile.lock b/pkgs/tools/security/metasploit/Gemfile.lock index 17d160c8dcb..7142983f98c 100644 --- a/pkgs/tools/security/metasploit/Gemfile.lock +++ b/pkgs/tools/security/metasploit/Gemfile.lock @@ -1,9 +1,9 @@ GIT remote: https://github.com/rapid7/metasploit-framework - revision: 22104a154544b3ee57d3ce98a490c4b42a4a8776 - ref: refs/tags/5.0.74 + revision: 592eedc5584953fb94b01a9aae48ec04d2cf153a + ref: refs/tags/5.0.90 specs: - metasploit-framework (5.0.74) + metasploit-framework (5.0.90) actionpack (~> 4.2.6) activerecord (~> 4.2.6) activesupport (~> 4.2.6) @@ -13,27 +13,30 @@ GIT bcrypt (= 3.1.12) bcrypt_pbkdf bit-struct + bson concurrent-ruby (= 1.0.5) dnsruby ed25519 em-http-request eventmachine faker - faraday (<= 0.17.0) + faraday faye-websocket filesize + hrr_rb_ssh (= 0.3.0.pre2) jsobfu json metasm metasploit-concern (~> 2.0.0) metasploit-credential (~> 3.0.0) metasploit-model (~> 2.0.4) - metasploit-payloads (= 1.3.84) + metasploit-payloads (= 1.4.2) metasploit_data_models (~> 3.0.10) - metasploit_payloads-mettle (= 0.5.16) + metasploit_payloads-mettle (= 0.5.21) mqtt msgpack nessus_rest + net-ldap net-ssh network_interface nexpose @@ -87,27 +90,27 @@ GEM remote: https://rubygems.org/ specs: Ascii85 (1.0.3) - actionpack (4.2.11.1) - actionview (= 4.2.11.1) - activesupport (= 4.2.11.1) + actionpack (4.2.11.3) + actionview (= 4.2.11.3) + activesupport (= 4.2.11.3) rack (~> 1.6) rack-test (~> 0.6.2) rails-dom-testing (~> 1.0, >= 1.0.5) rails-html-sanitizer (~> 1.0, >= 1.0.2) - actionview (4.2.11.1) - activesupport (= 4.2.11.1) + actionview (4.2.11.3) + activesupport (= 4.2.11.3) builder (~> 3.1) erubis (~> 2.7.0) rails-dom-testing (~> 1.0, >= 1.0.5) rails-html-sanitizer (~> 1.0, >= 1.0.3) - activemodel (4.2.11.1) - activesupport (= 4.2.11.1) + activemodel (4.2.11.3) + activesupport (= 4.2.11.3) builder (~> 3.1) - activerecord (4.2.11.1) - activemodel (= 4.2.11.1) - activesupport (= 4.2.11.1) + activerecord (4.2.11.3) + activemodel (= 4.2.11.3) + activesupport (= 4.2.11.3) arel (~> 6.0) - activesupport (4.2.11.1) + activesupport (4.2.11.3) i18n (~> 0.7) minitest (~> 5.1) thread_safe (~> 0.3, >= 0.3.4) @@ -118,32 +121,33 @@ GEM arel (6.0.4) arel-helpers (2.11.0) activerecord (>= 3.1.0, < 7) - aws-eventstream (1.0.3) - aws-partitions (1.274.0) - aws-sdk-core (3.90.1) - aws-eventstream (~> 1.0, >= 1.0.2) + aws-eventstream (1.1.0) + aws-partitions (1.319.0) + aws-sdk-core (3.96.1) + aws-eventstream (~> 1, >= 1.0.2) aws-partitions (~> 1, >= 1.239.0) aws-sigv4 (~> 1.1) jmespath (~> 1.0) - aws-sdk-ec2 (1.144.0) + aws-sdk-ec2 (1.162.0) aws-sdk-core (~> 3, >= 3.71.0) aws-sigv4 (~> 1.1) - aws-sdk-iam (1.33.0) + aws-sdk-iam (1.37.0) aws-sdk-core (~> 3, >= 3.71.0) aws-sigv4 (~> 1.1) - aws-sdk-kms (1.29.0) + aws-sdk-kms (1.31.0) aws-sdk-core (~> 3, >= 3.71.0) aws-sigv4 (~> 1.1) - aws-sdk-s3 (1.60.2) - aws-sdk-core (~> 3, >= 3.83.0) + aws-sdk-s3 (1.66.0) + aws-sdk-core (~> 3, >= 3.96.1) aws-sdk-kms (~> 1) aws-sigv4 (~> 1.1) - aws-sigv4 (1.1.0) + aws-sigv4 (1.1.3) aws-eventstream (~> 1.0, >= 1.0.2) bcrypt (3.1.12) bcrypt_pbkdf (1.0.1) - bindata (2.4.4) + bindata (2.4.7) bit-struct (0.16) + bson (4.8.2) builder (3.2.4) concurrent-ruby (1.0.5) cookiejar (0.3.3) @@ -164,13 +168,15 @@ GEM eventmachine (1.2.7) faker (2.2.1) i18n (>= 0.8) - faraday (0.17.0) + faraday (1.0.1) multipart-post (>= 1.2, < 3) faye-websocket (0.10.9) eventmachine (>= 0.12.0) websocket-driver (>= 0.5.1) filesize (0.2.0) hashery (2.1.2) + hrr_rb_ssh (0.3.0.pre2) + ed25519 (~> 1.2) http_parser.rb (0.6.0) i18n (0.9.5) concurrent-ruby (~> 1.0) @@ -178,7 +184,7 @@ GEM jsobfu (0.4.2) rkelly-remix json (2.3.0) - loofah (2.4.0) + loofah (2.5.0) crass (~> 1.0.2) nokogiri (>= 1.5.9) metasm (1.0.4) @@ -200,7 +206,7 @@ GEM activemodel (~> 4.2.6) activesupport (~> 4.2.6) railties (~> 4.2.6) - metasploit-payloads (1.3.84) + metasploit-payloads (1.4.2) metasploit_data_models (3.0.10) activerecord (~> 4.2.6) activesupport (~> 4.2.6) @@ -211,19 +217,20 @@ GEM postgres_ext railties (~> 4.2.6) recog (~> 2.0) - metasploit_payloads-mettle (0.5.16) + metasploit_payloads-mettle (0.5.21) mini_portile2 (2.4.0) - minitest (5.14.0) + minitest (5.14.1) mqtt (0.5.0) msgpack (1.3.3) multipart-post (2.1.1) nessus_rest (0.1.6) - net-ssh (5.2.0) + net-ldap (0.16.2) + net-ssh (6.0.2) network_interface (0.0.2) nexpose (7.2.1) - nokogiri (1.10.8) + nokogiri (1.10.9) mini_portile2 (~> 2.4.0) - octokit (4.16.0) + octokit (4.18.0) faraday (>= 0.9) sawyer (~> 0.8.0, >= 0.5.3) openssl-ccm (1.2.2) @@ -244,7 +251,7 @@ GEM activerecord (~> 4.0) arel (>= 4.0.1) pg_array_parser (~> 0.0.9) - public_suffix (4.0.3) + public_suffix (4.0.5) rack (1.6.13) rack-protection (1.5.5) rack @@ -258,14 +265,14 @@ GEM rails-deprecated_sanitizer (>= 1.0.1) rails-html-sanitizer (1.3.0) loofah (~> 2.3) - railties (4.2.11.1) - actionpack (= 4.2.11.1) - activesupport (= 4.2.11.1) + railties (4.2.11.3) + actionpack (= 4.2.11.3) + activesupport (= 4.2.11.3) rake (>= 0.8.7) thor (>= 0.18.1, < 2.0) rake (13.0.1) rb-readline (0.5.5) - recog (2.3.6) + recog (2.3.7) nokogiri redcarpet (3.5.0) rex-arch (0.1.13) @@ -281,7 +288,7 @@ GEM metasm rex-arch rex-text - rex-exploitation (0.1.22) + rex-exploitation (0.1.24) jsobfu metasm rex-arch @@ -294,9 +301,10 @@ GEM rex-arch rex-ole (0.1.6) rex-text - rex-powershell (0.1.86) + rex-powershell (0.1.87) rex-random_identifier rex-text + ruby-rc4 rex-random_identifier (0.1.4) rex-text rex-registry (0.1.3) @@ -304,14 +312,14 @@ GEM metasm rex-core rex-text - rex-socket (0.1.21) + rex-socket (0.1.23) rex-core rex-sslscan (0.1.5) rex-core rex-socket rex-text rex-struct2 (0.1.2) - rex-text (0.2.24) + rex-text (0.2.26) rex-zip (0.1.3) rex-text rkelly-remix (0.0.7) @@ -322,7 +330,7 @@ GEM rubyntlm windows_error rubyntlm (0.6.2) - rubyzip (2.2.0) + rubyzip (2.3.0) sawyer (0.8.2) addressable (>= 2.3.5) faraday (> 0.8, < 2.0) @@ -340,9 +348,9 @@ GEM thread_safe (0.3.6) tilt (2.0.10) ttfunk (1.6.2.1) - tzinfo (1.2.6) + tzinfo (1.2.7) thread_safe (~> 0.1) - tzinfo-data (1.2019.3) + tzinfo-data (1.2020.1) tzinfo (>= 1.0.0) warden (1.2.7) rack (>= 1.0) diff --git a/pkgs/tools/security/metasploit/default.nix b/pkgs/tools/security/metasploit/default.nix index 54da89a99b5..cc3d26fbee0 100644 --- a/pkgs/tools/security/metasploit/default.nix +++ b/pkgs/tools/security/metasploit/default.nix @@ -17,13 +17,13 @@ let }; in stdenv.mkDerivation rec { pname = "metasploit-framework"; - version = "5.0.74"; + version = "5.0.90"; src = fetchFromGitHub { owner = "rapid7"; repo = "metasploit-framework"; rev = version; - sha256 = "1ml4d6xfaxyv1mamc2qldd39db92qkic8660f8clabi9f1k0ghpp"; + sha256 = "1z3m8pvf1r8rz0snfkr9svhgjl2xn2qjgf8qswszzplsccqx1rss"; }; buildInputs = [ makeWrapper ]; diff --git a/pkgs/tools/security/metasploit/gemset.nix b/pkgs/tools/security/metasploit/gemset.nix index a35aa958a1d..cd3b2a336bd 100644 --- a/pkgs/tools/security/metasploit/gemset.nix +++ b/pkgs/tools/security/metasploit/gemset.nix @@ -4,50 +4,50 @@ platforms = []; source = { remotes = ["https://rubygems.org"]; - sha256 = "0rmldsk3a4lwxk0lrp6x1nz1v1r2xmbm3300l4ghgfygv3grdwjh"; + sha256 = "1955wx9m2g776sinamanzlk1jx2dzd34ci3sk22xicp0rmglps37"; type = "gem"; }; - version = "4.2.11.1"; + version = "4.2.11.3"; }; actionview = { groups = ["default"]; platforms = []; source = { remotes = ["https://rubygems.org"]; - sha256 = "0x7vjn8q6blzyf7j3kwg0ciy7vnfh28bjdkd1mp9k4ghp9jn0g9p"; + sha256 = "0glnaq3jx4m9q6vn55xqlsg8dbflqzm99fgsl9fl267mc2mz3qrv"; type = "gem"; }; - version = "4.2.11.1"; + version = "4.2.11.3"; }; activemodel = { groups = ["default"]; platforms = []; source = { remotes = ["https://rubygems.org"]; - sha256 = "1c1x0rd6wnk1f0gsmxs6x3gx7yf6fs9qqkdv7r4hlbcdd849in33"; + sha256 = "1z3777xsm82i7ggkg74mg21sqz8m5dfl8ykjm7xcrhd2nj843fcp"; type = "gem"; }; - version = "4.2.11.1"; + version = "4.2.11.3"; }; activerecord = { groups = ["default"]; platforms = []; source = { remotes = ["https://rubygems.org"]; - sha256 = "07ixiwi0zzs9skqarvpfamsnay7npfswymrn28ngxaf8hi279q5p"; + sha256 = "1fpw9vyf2frkxkc6jbq9g78lhhflwz04j89qxj4krvmlq12q8v6d"; type = "gem"; }; - version = "4.2.11.1"; + version = "4.2.11.3"; }; activesupport = { groups = ["default"]; platforms = []; source = { remotes = ["https://rubygems.org"]; - sha256 = "1vbq7a805bfvyik2q3kl9s3r418f5qzvysqbz2cwy4hr7m2q4ir6"; + sha256 = "0wp36wi3r3dscmcr0q6sbz13hr5h911c24ar7zrmmcy7p32ial2i"; type = "gem"; }; - version = "4.2.11.1"; + version = "4.2.11.3"; }; addressable = { groups = ["default"]; @@ -104,80 +104,80 @@ platforms = []; source = { remotes = ["https://rubygems.org"]; - sha256 = "100g77a5ixg4p5zwq77f28n2pdkk0y481f7v83qrlmnj22318qq6"; + sha256 = "0r0pn66yqrdkrfdin7qdim0yj2x75miyg4wp6mijckhzhrjb7cv5"; type = "gem"; }; - version = "1.0.3"; + version = "1.1.0"; }; aws-partitions = { groups = ["default"]; platforms = []; source = { remotes = ["https://rubygems.org"]; - sha256 = "1k2dpn0xznksh5y9bq9gbvbych06pzyswsdak7bz8nlkbsgf38x3"; + sha256 = "11gr3pkd0cq034jdmvmi32sb99hkh91qjrpvc6jchi4lsaiaiqgc"; type = "gem"; }; - version = "1.274.0"; + version = "1.319.0"; }; aws-sdk-core = { groups = ["default"]; platforms = []; source = { remotes = ["https://rubygems.org"]; - sha256 = "1q7f9jkpmpppj31kh3wnzybkphq4piy8ays3vld0zsibfjs9iw7i"; + sha256 = "0jdnzynjrpp2jyg8vrbfbaad16k8ni1520xah1z2ckl5779x9fi6"; type = "gem"; }; - version = "3.90.1"; + version = "3.96.1"; }; aws-sdk-ec2 = { groups = ["default"]; platforms = []; source = { remotes = ["https://rubygems.org"]; - sha256 = "1wnql5rzwkn97w4l3pq6k97grqdci1qs7h132pnd6lc3bx62v4h5"; + sha256 = "0xp9kp90ixk1ywd0d8ssbk8dl5kxqnz942yr2qq00m7fd60pihh7"; type = "gem"; }; - version = "1.144.0"; + version = "1.162.0"; }; aws-sdk-iam = { groups = ["default"]; platforms = []; source = { remotes = ["https://rubygems.org"]; - sha256 = "0s78ssjcp974v7r1znrgk78bqz23jhws4gy1nm659z5390zsn1fz"; + sha256 = "09l3g5a2r7gnc6pwln409b9ahwcs6xpnjx2qaj70cbllanyxbw0c"; type = "gem"; }; - version = "1.33.0"; + version = "1.37.0"; }; aws-sdk-kms = { groups = ["default"]; platforms = []; source = { remotes = ["https://rubygems.org"]; - sha256 = "191qnrpg9qhwj24pisha28fwqx30sqkj75ibgpqcf4q389l3a2gw"; + sha256 = "1czxr6yi8p9gma4dwgygp1jn0i289hwa2vw69kzfscgbn118c3mm"; type = "gem"; }; - version = "1.29.0"; + version = "1.31.0"; }; aws-sdk-s3 = { groups = ["default"]; platforms = []; source = { remotes = ["https://rubygems.org"]; - sha256 = "1pblkq7rw465w08hs2xy6v7w10x9n004hk43yqzswqxirki68ldz"; + sha256 = "1x1d1azxwanvm0d7qppw41x5nx2zv0bcz41yk9vqi5lvr7apaq13"; type = "gem"; }; - version = "1.60.2"; + version = "1.66.0"; }; aws-sigv4 = { groups = ["default"]; platforms = []; source = { remotes = ["https://rubygems.org"]; - sha256 = "1dfc8i5cxjwlvi4b665lbpbwvks8a6wfy3vfmwr3pjdmxwdmc2cs"; + sha256 = "0kysxyw1zkvggbmcj4xnscdh15kxli8mx07hv447h74g9x02drsd"; type = "gem"; }; - version = "1.1.0"; + version = "1.1.3"; }; bcrypt = { groups = ["default"]; @@ -204,10 +204,10 @@ platforms = []; source = { remotes = ["https://rubygems.org"]; - sha256 = "0kz42nvxnk1j9cj0i8lcnhprcgdqsqska92g6l19ziadydfk2gqy"; + sha256 = "033vd169q751qn3zrsv8j5f80k6wg5yhsy8z3clds6py4vqm6xl8"; type = "gem"; }; - version = "2.4.4"; + version = "2.4.7"; }; bit-struct = { groups = ["default"]; @@ -219,6 +219,16 @@ }; version = "0.16"; }; + bson = { + groups = ["default"]; + platforms = []; + source = { + remotes = ["https://rubygems.org"]; + sha256 = "06h8sk2wl7pgrwl15xb1bd6l9ws8sz006rf9cy6n6q7g0iwdalkh"; + type = "gem"; + }; + version = "4.8.2"; + }; builder = { groups = ["default"]; platforms = []; @@ -344,10 +354,10 @@ platforms = []; source = { remotes = ["https://rubygems.org"]; - sha256 = "0jk2bar4x6miq2cr73lv0lsbmw4cymiljvp29xb85jifsb3ba6az"; + sha256 = "0wwks9652xwgjm7yszcq5xr960pjypc07ivwzbjzpvy9zh2fw6iq"; type = "gem"; }; - version = "0.17.0"; + version = "1.0.1"; }; faye-websocket = { groups = ["default"]; @@ -379,6 +389,16 @@ }; version = "2.1.2"; }; + hrr_rb_ssh = { + groups = ["default"]; + platforms = []; + source = { + remotes = ["https://rubygems.org"]; + sha256 = "066dj9sw5p8aa54vqc1bw7a8nfpf5rggrjyxqw2ccyxp10964qkz"; + type = "gem"; + }; + version = "0.3.0.pre2"; + }; "http_parser.rb" = { groups = ["default"]; platforms = []; @@ -434,10 +454,10 @@ platforms = []; source = { remotes = ["https://rubygems.org"]; - sha256 = "1g7ps9m3s14cajhxrfgbzahv9i3gy47s4hqrv3mpybpj5cyr0srn"; + sha256 = "0jk9fgn5ayzbqvzqm11gbkqvas77zdbpkvynlylyiwynclgrn040"; type = "gem"; }; - version = "2.4.0"; + version = "2.5.0"; }; metasm = { groups = ["default"]; @@ -474,12 +494,12 @@ platforms = []; source = { fetchSubmodules = false; - rev = "22104a154544b3ee57d3ce98a490c4b42a4a8776"; - sha256 = "1ml4d6xfaxyv1mamc2qldd39db92qkic8660f8clabi9f1k0ghpp"; + rev = "592eedc5584953fb94b01a9aae48ec04d2cf153a"; + sha256 = "1z3m8pvf1r8rz0snfkr9svhgjl2xn2qjgf8qswszzplsccqx1rss"; type = "git"; url = "https://github.com/rapid7/metasploit-framework"; }; - version = "5.0.74"; + version = "5.0.90"; }; metasploit-model = { groups = ["default"]; @@ -496,10 +516,10 @@ platforms = []; source = { remotes = ["https://rubygems.org"]; - sha256 = "1wz72w5a34r6jcgbl97ha3zhl8d28r974clcp99qj5sg71k280c0"; + sha256 = "1kddir54jnzl64nsawnvkzdabnmqncq9vav49i1cfschnf4cxc4g"; type = "gem"; }; - version = "1.3.84"; + version = "1.4.2"; }; metasploit_data_models = { groups = ["default"]; @@ -516,10 +536,10 @@ platforms = []; source = { remotes = ["https://rubygems.org"]; - sha256 = "1x2rgs2r16m8z87j5z78vp49xvr2sr4dxjgbi6d0nxrlr52pd8yf"; + sha256 = "1419z6z0j69zdlkfx3kqgqygsm0ysigwccgn82z5lz82i16krhca"; type = "gem"; }; - version = "0.5.16"; + version = "0.5.21"; }; mini_portile2 = { groups = ["default"]; @@ -536,10 +556,10 @@ platforms = []; source = { remotes = ["https://rubygems.org"]; - sha256 = "0g73x65hmjph8dg1h3rkzfg7ys3ffxm35hj35grw75fixmq53qyz"; + sha256 = "09bz9nsznxgaf06cx3b5z71glgl0hdw469gqx3w7bqijgrb55p5g"; type = "gem"; }; - version = "5.14.0"; + version = "5.14.1"; }; mqtt = { groups = ["default"]; @@ -581,15 +601,25 @@ }; version = "0.1.6"; }; + net-ldap = { + groups = ["default"]; + platforms = []; + source = { + remotes = ["https://rubygems.org"]; + sha256 = "1vzfhivjfr9q65hkln7xig3qcba6fw9y4kb4384fpm7d7ww0b7xg"; + type = "gem"; + }; + version = "0.16.2"; + }; net-ssh = { groups = ["default"]; platforms = []; source = { remotes = ["https://rubygems.org"]; - sha256 = "101wd2px9lady54aqmkibvy4j62zk32w0rjz4vnigyg974fsga40"; + sha256 = "0kf4am0mz8mwqhif4iqh5yz9pcbbmja5w707j00sfsgrq19nxqld"; type = "gem"; }; - version = "5.2.0"; + version = "6.0.2"; }; network_interface = { groups = ["default"]; @@ -616,20 +646,20 @@ platforms = []; source = { remotes = ["https://rubygems.org"]; - sha256 = "1yi8j8hwrlc3rg5v3w52gxndmwifyk7m732q9yfbal0qajqbh1h8"; + sha256 = "12j76d0bp608932xkzmfi638c7aqah57l437q8494znzbj610qnm"; type = "gem"; }; - version = "1.10.8"; + version = "1.10.9"; }; octokit = { groups = ["default"]; platforms = []; source = { remotes = ["https://rubygems.org"]; - sha256 = "06kx258qa5k24q5pv8i4daaw3g57gif6p5k5h3gndj3q2jk6vhkn"; + sha256 = "0zvfr9njmj5svi39fcsi2b0g7pcxb0vamw9dlyas8bg814jlzhi6"; type = "gem"; }; - version = "4.16.0"; + version = "4.18.0"; }; openssl-ccm = { groups = ["default"]; @@ -726,10 +756,10 @@ platforms = []; source = { remotes = ["https://rubygems.org"]; - sha256 = "1c6kq6s13idl2036b5lch8r7390f8w82cal8hcp4ml76fm2vdac7"; + sha256 = "0vywld400fzi17cszwrchrzcqys4qm6sshbv73wy5mwcixmrgg7g"; type = "gem"; }; - version = "4.0.3"; + version = "4.0.5"; }; rack = { groups = ["default"]; @@ -796,10 +826,10 @@ platforms = []; source = { remotes = ["https://rubygems.org"]; - sha256 = "1bjf21z9maiiazc1if56nnh9xmgbkcqlpznv34f40a1hsvgk1d1m"; + sha256 = "12f7g5iw1gqjwl2rvfmbgxipds5c475ggalw6qskzzrx9vyc2fpk"; type = "gem"; }; - version = "4.2.11.1"; + version = "4.2.11.3"; }; rake = { groups = ["default"]; @@ -826,10 +856,10 @@ platforms = []; source = { remotes = ["https://rubygems.org"]; - sha256 = "0kw753vq5m5m8pzn1avafzz757gdzzsv7ck94y6d8n4jzqa50isv"; + sha256 = "1j65iary8qkgyrjc3vnjd7dbyjs2bsz2hcg7ndibjk623faxb1wk"; type = "gem"; }; - version = "2.3.6"; + version = "2.3.7"; }; redcarpet = { groups = ["default"]; @@ -886,10 +916,10 @@ platforms = []; source = { remotes = ["https://rubygems.org"]; - sha256 = "16anprj4pc4pi2yb1y6b7c8nrqgpk49g40wy1384snmii24jiwyx"; + sha256 = "0inrf2vahmpxhjf84i8ak2b7gcirsrjrmb1rnvvqqr9kl0xw5xm3"; type = "gem"; }; - version = "0.1.22"; + version = "0.1.24"; }; rex-java = { groups = ["default"]; @@ -936,10 +966,10 @@ platforms = []; source = { remotes = ["https://rubygems.org"]; - sha256 = "150nmpgrvpd6hyx9cghah8dxpcfb1h7inpcwmz7ijpir60zxxfdj"; + sha256 = "11wi8dpb2s8bvkqhbf80g16nyj2hscs3vz31ffzl1g0g6imcs0dl"; type = "gem"; }; - version = "0.1.86"; + version = "0.1.87"; }; rex-random_identifier = { groups = ["default"]; @@ -976,10 +1006,10 @@ platforms = []; source = { remotes = ["https://rubygems.org"]; - sha256 = "0jkmff92ga9qd9gg13cd6s99qcdmr5n354l9br70j784mpyl9apb"; + sha256 = "07vm17w791vdpr23aqp45kqsjbqgwpqj92a535h6n4fckxgzhg94"; type = "gem"; }; - version = "0.1.21"; + version = "0.1.23"; }; rex-sslscan = { groups = ["default"]; @@ -1006,10 +1036,10 @@ platforms = []; source = { remotes = ["https://rubygems.org"]; - sha256 = "0wjrp4n7j2ifdgqc6z8z4jbz9gr7g5m5h35b7vx4k9cbaq9b5zxw"; + sha256 = "17m5zwca15qsd7mqqhi2q530iwsrb7wkqh8qff7pxjxwlxbvsrxx"; type = "gem"; }; - version = "0.2.24"; + version = "0.2.26"; }; rex-zip = { groups = ["default"]; @@ -1076,10 +1106,10 @@ platforms = []; source = { remotes = ["https://rubygems.org"]; - sha256 = "13b15icwx0c8zzjfzf7bmqq9ynilw0dy8ydgjb199nqzp93p6wqv"; + sha256 = "0590m2pr9i209pp5z4mx0nb1961ishdiqb28995hw1nln1d1b5ji"; type = "gem"; }; - version = "2.2.0"; + version = "2.3.0"; }; sawyer = { groups = ["default"]; @@ -1176,20 +1206,20 @@ platforms = []; source = { remotes = ["https://rubygems.org"]; - sha256 = "04f18jdv6z3zn3va50rqq35nj3izjpb72fnf21ixm7vanq6nc4fp"; + sha256 = "1i3jh086w1kbdj3k5l60lc3nwbanmzdf8yjj3mlrx9b2gjjxhi9r"; type = "gem"; }; - version = "1.2.6"; + version = "1.2.7"; }; tzinfo-data = { groups = ["default"]; platforms = []; source = { remotes = ["https://rubygems.org"]; - sha256 = "17fbf05qhcxp8anmp7k5wnafw3ypy607h5ybnqg92dqgh4b1c3yi"; + sha256 = "1kjywciambyhlkc8ijp3kkx4r24pi9zs7plmxw003mxr6mrhah1w"; type = "gem"; }; - version = "1.2019.3"; + version = "1.2020.1"; }; warden = { groups = ["default"]; From dd50011d388509890f30ed71f7bd8aad29bfd4d1 Mon Sep 17 00:00:00 2001 From: zowoq <59103226+zowoq@users.noreply.github.com> Date: Fri, 22 May 2020 14:42:43 +1000 Subject: [PATCH 054/101] etcd: 3.3.21 -> 3.3.22 https://github.com/etcd-io/etcd/blob/master/CHANGELOG-3.3.md#v3322-2020-05-20 --- pkgs/servers/etcd/default.nix | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/pkgs/servers/etcd/default.nix b/pkgs/servers/etcd/default.nix index 19e2f720e52..4c0df659f3e 100644 --- a/pkgs/servers/etcd/default.nix +++ b/pkgs/servers/etcd/default.nix @@ -2,7 +2,7 @@ buildGoPackage rec { pname = "etcd"; - version = "3.3.21"; + version = "3.3.22"; goPackagePath = "github.com/coreos/etcd"; @@ -10,7 +10,7 @@ buildGoPackage rec { owner = "etcd-io"; repo = "etcd"; rev = "v${version}"; - sha256 = "1xrhkynach3c7wsfac6zlpi5n1hy3y75vyimvw2zl7ryhm00413s"; + sha256 = "1rd390qfx9k20j9gh1wp1g9ygc571f2kv1dg2wvqij3kwydhymcj"; }; buildPhase = '' From be00210050ee148dbbafd32f70b5aeb21140b0d7 Mon Sep 17 00:00:00 2001 From: Marcus Boyd Date: Fri, 22 May 2020 12:16:41 +0930 Subject: [PATCH 055/101] python3Packages.cadquery: 2.0RC0 -> 2.0 --- .../python-modules/cadquery/default.nix | 33 ++++++++++++------- 1 file changed, 22 insertions(+), 11 deletions(-) diff --git a/pkgs/development/python-modules/cadquery/default.nix b/pkgs/development/python-modules/cadquery/default.nix index 6f3632f743b..886224d1691 100644 --- a/pkgs/development/python-modules/cadquery/default.nix +++ b/pkgs/development/python-modules/cadquery/default.nix @@ -2,6 +2,7 @@ , buildPythonPackage , isPy3k , pythonOlder + , pythonAtLeast , fetchFromGitHub , pyparsing , opencascade @@ -16,9 +17,12 @@ , libGLU , libX11 , six + , pytest + , makeFontsConf + , freefont_ttf }: -let +let pythonocc-core-cadquery = stdenv.mkDerivation { pname = "pythonocc-core-cadquery"; version = "0.18.2"; @@ -31,7 +35,7 @@ let sha256 = "07zmiiw74dyj4v0ar5vqkvk30wzcpjjzbi04nsdk5mnlzslmyi6c"; }; - nativeBuildInputs = [ + nativeBuildInputs = [ cmake swig ninja @@ -63,27 +67,34 @@ let in buildPythonPackage rec { pname = "cadquery"; - version = "2.0RC0"; - + version = "2.0"; + src = fetchFromGitHub { owner = "CadQuery"; repo = pname; rev = version; - sha256 = "1xgd00rih0gjcnlrf9s6r5a7ypjkzgf2xij2b6436i76h89wmir3"; + sha256 = "1n63b6cjjrdwdfmwq0zx1xabjnhndk9mgfkm4w7z9ardcfpvg84l"; }; - + buildInputs = [ opencascade ]; - + propagatedBuildInputs = [ pyparsing pythonocc-core-cadquery ]; - - # Build errors on 2.7 and >=3.8 (officially only supports 3.6 and 3.7). - disabled = !(isPy3k && (pythonOlder "3.8")); - + + FONTCONFIG_FILE = makeFontsConf { + fontDirectories = [ freefont_ttf ]; + }; + + checkInputs = [ + pytest + ]; + + disabled = pythonOlder "3.6" || pythonAtLeast "3.8"; + meta = with lib; { description = "Parametric scripting language for creating and traversing CAD models"; homepage = "https://github.com/CadQuery/cadquery"; From a2ba99b22fe225b4da7600b77ebae8b7dc2271e1 Mon Sep 17 00:00:00 2001 From: Marcus Boyd Date: Fri, 22 May 2020 12:21:04 +0930 Subject: [PATCH 056/101] cq-editor: 0.1RC1 -> 0.1RC2 --- pkgs/applications/graphics/cq-editor/default.nix | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/pkgs/applications/graphics/cq-editor/default.nix b/pkgs/applications/graphics/cq-editor/default.nix index a6b35b1d8ea..a6cfd256ac5 100644 --- a/pkgs/applications/graphics/cq-editor/default.nix +++ b/pkgs/applications/graphics/cq-editor/default.nix @@ -6,13 +6,13 @@ mkDerivationWith python3Packages.buildPythonApplication rec { pname = "cq-editor"; - version = "0.1RC1"; + version = "0.1RC2"; src = fetchFromGitHub { owner = "CadQuery"; repo = "CQ-editor"; rev = version; - sha256 = "0iwcpnj15s64k16948sakvkn1lb4mqwrhmbxk3r03bczs0z33zax"; + sha256 = "0zima4pmn34s8b2axxwy6qd1f1r5ki34byq4x3rrd7n3g0hagxz5"; }; propagatedBuildInputs = with python3Packages; [ From 5c04d90f24aa86308efe7bd46be6899024de0bff Mon Sep 17 00:00:00 2001 From: zowoq <59103226+zowoq@users.noreply.github.com> Date: Fri, 22 May 2020 14:57:50 +1000 Subject: [PATCH 057/101] etcd_3_4: 3.4.8 -> 3.4.9 https://github.com/etcd-io/etcd/blob/master/CHANGELOG-3.4.md#v349-2020-05-20 --- pkgs/servers/etcd/3.4.nix | 9 ++++++--- 1 file changed, 6 insertions(+), 3 deletions(-) diff --git a/pkgs/servers/etcd/3.4.nix b/pkgs/servers/etcd/3.4.nix index 4ceb9451b73..699ec033d3f 100644 --- a/pkgs/servers/etcd/3.4.nix +++ b/pkgs/servers/etcd/3.4.nix @@ -2,15 +2,18 @@ buildGoModule rec { pname = "etcd"; - version = "3.4.8"; + version = "3.4.9"; - vendorSha256 = null; + #vendorSha256 = null; revert to `null` for > 3.4.9 + + vendorSha256 = "1fhrycl8m8ddb7mwasbyfiwrl4d9lfdk7zd3mxb7ahkipdp2c94z"; + deleteVendor = true; src = fetchFromGitHub { owner = "etcd-io"; repo = "etcd"; rev = "v${version}"; - sha256 = "0kx36kq6a7i3cja3wp9mwbnar752pz8c0n2fcvwyzi6l6ph6alx7"; + sha256 = "16l4wmnm7mkhpb2vzf6xnhhyx6lj8xx3z6x1bfs05idajnrw824p"; }; buildPhase = '' From 0428650daeb33d79c170e4b66137d2bdf18af715 Mon Sep 17 00:00:00 2001 From: "R. RyanTM" Date: Fri, 22 May 2020 05:49:18 +0000 Subject: [PATCH 058/101] ldb: 2.1.2 -> 2.1.3 --- pkgs/development/libraries/ldb/default.nix | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/pkgs/development/libraries/ldb/default.nix b/pkgs/development/libraries/ldb/default.nix index 702738fdfc0..33a9974211f 100644 --- a/pkgs/development/libraries/ldb/default.nix +++ b/pkgs/development/libraries/ldb/default.nix @@ -16,11 +16,11 @@ stdenv.mkDerivation rec { pname = "ldb"; - version = "2.1.2"; + version = "2.1.3"; src = fetchurl { url = "mirror://samba/ldb/${pname}-${version}.tar.gz"; - sha256 = "0x6yr14znp42b92i7br4wxfjri6i689dsifzz9kbyzvn558a16b4"; + sha256 = "0xkps414ndb87abla7dlv44ndnfg5r5vwgmkm3ngcq9knbv1x6w7"; }; outputs = [ "out" "dev" ]; From 5191691c46926adf629ead38747e89f5e4142d6b Mon Sep 17 00:00:00 2001 From: Elis Hirwing Date: Fri, 22 May 2020 09:00:39 +0200 Subject: [PATCH 059/101] linux-steam-integration: Drop abandoned package that doesn't build This fixes #88460 --- .../games/linux-steam-integration/default.nix | 81 ------------------- pkgs/top-level/aliases.nix | 1 + pkgs/top-level/all-packages.nix | 4 - 3 files changed, 1 insertion(+), 85 deletions(-) delete mode 100644 pkgs/games/linux-steam-integration/default.nix diff --git a/pkgs/games/linux-steam-integration/default.nix b/pkgs/games/linux-steam-integration/default.nix deleted file mode 100644 index 2a814f30a5f..00000000000 --- a/pkgs/games/linux-steam-integration/default.nix +++ /dev/null @@ -1,81 +0,0 @@ -{ stdenv, fetchFromGitHub, meson, ninja, pkgconfig, git, gtk, gettext, - gcc_multi, libressl, gnome3, steam }: - -let - version = "0.7.3"; - -in stdenv.mkDerivation { - pname = "linux-steam-integration"; - inherit version; - - src = fetchFromGitHub { - owner = "clearlinux"; - repo = "linux-steam-integration"; - rev = "v${version}"; - sha256 = "0brv3swx8h170ycxksb31sf5jvj85csfpx7gjlf6yrfz7jw2j6vp"; - fetchSubmodules = true; - }; - - nativeBuildInputs = [ meson ninja pkgconfig git gettext gcc_multi ]; - buildInputs = [ gtk libressl ]; - - # Patch lib paths (AUDIT_PATH and REDIRECT_PATH) in shim.c - # Patch path to lsi-steam in lsi-steam.desktop - # Patch path to zenity in lsi.c - postPatch = '' - substituteInPlace src/shim/shim.c --replace "/usr/" $out - substituteInPlace data/lsi-steam.desktop --replace "/usr/" $out - substituteInPlace src/lsi/lsi.c --replace zenity ${gnome3.zenity}/bin/zenity - substituteInPlace data/lsi-settings.desktop.in \ - --replace "Name=Linux Steam Integration" "Name=Linux Steam Integration Settings" - ''; - - configurePhase = '' - # Configure 64bit things - meson build \ - -Dwith-shim=co-exist \ - -Dwith-frontend=true \ - -Dwith-steam-binary=${steam}/bin/steam \ - -Dwith-new-libcxx-abi=true \ - -Dwith-libressl-mode=native \ - --prefix / \ - --libexecdir lib \ - --libdir lib \ - --bindir bin - - # Configure 32bit things - CC="gcc -m32" CXX="g++ -m32" meson build32 \ - -Dwith-shim=none \ - -Dwith-libressl-mode=native \ - --prefix / \ - --libexecdir lib32 \ - --libdir lib32 - ''; - - buildPhase = '' - # Build 64bit things - ninja -C build - - # Build 32bit things - ninja -C build32 - ''; - - installPhase = '' - DESTDIR="$out" ninja -C build install - DESTDIR="$out" ninja -C build32 install - ''; - - meta = with stdenv.lib; { - description = "Steam wrapper to improve compability and performance"; - longDescription = '' - Linux Steam Integration is a helper system to make the Steam Client and - Steam games run better on Linux. In a nutshell, LSI automatically applies - various workarounds to get games working, and fixes long standing bugs in - both games and the client - ''; - homepage = "https://github.com/clearlinux/linux-steam-integration"; - license = licenses.lgpl21; - maintainers = [ maintainers.etu ]; - platforms = [ "x86_64-linux" ]; - }; -} diff --git a/pkgs/top-level/aliases.nix b/pkgs/top-level/aliases.nix index 1ef754ccba0..5eb7c201183 100644 --- a/pkgs/top-level/aliases.nix +++ b/pkgs/top-level/aliases.nix @@ -266,6 +266,7 @@ mapAliases ({ linuxPackages_testing_hardened = throw "linuxPackages_testing_hardened has been removed, please use linuxPackages_latest_hardened"; linux_testing_hardened = throw "linux_testing_hardened has been removed, please use linux_latest_hardened"; + linux-steam-integration = throw "linux-steam-integration has been removed, as the upstream project has been abandoned"; # added 2020-05-22 loadcaffe = throw "loadcaffe has been removed, as the upstream project has been abandoned"; # added 2020-03-28 lttngTools = lttng-tools; # added 2014-07-31 lttngUst = lttng-ust; # added 2014-07-31 diff --git a/pkgs/top-level/all-packages.nix b/pkgs/top-level/all-packages.nix index 6ff52634963..d6be9351b6c 100644 --- a/pkgs/top-level/all-packages.nix +++ b/pkgs/top-level/all-packages.nix @@ -23969,10 +23969,6 @@ in steamcmd = steamPackages.steamcmd; - linux-steam-integration = callPackage ../games/linux-steam-integration { - gtk = pkgs.gtk3; - }; - protontricks = callPackage ../tools/package-management/protontricks { inherit (python3Packages) buildPythonApplication pytest setuptools_scm vdf; inherit (gnome3) zenity; From 8b6e001392289d760ae45e4f622fc4eb25f79822 Mon Sep 17 00:00:00 2001 From: Lancelot SIX Date: Fri, 22 May 2020 08:23:38 +0100 Subject: [PATCH 060/101] freeipmi: 1.6.4 -> 1.6.5 --- pkgs/tools/system/freeipmi/default.nix | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/pkgs/tools/system/freeipmi/default.nix b/pkgs/tools/system/freeipmi/default.nix index e51f554ea0f..35fb630d238 100644 --- a/pkgs/tools/system/freeipmi/default.nix +++ b/pkgs/tools/system/freeipmi/default.nix @@ -1,12 +1,12 @@ { fetchurl, stdenv, libgcrypt, readline, libgpgerror }: stdenv.mkDerivation rec { - version = "1.6.4"; + version = "1.6.5"; pname = "freeipmi"; src = fetchurl { url = "mirror://gnu/freeipmi/${pname}-${version}.tar.gz"; - sha256 = "0g0s4iwx0ng4rv7hp5cc3kkx4drahsc89981gwjblf04lfavppv5"; + sha256 = "1ncf1s84752xaq07h36wrxa5ww1167s2bizkww0igxv8djyddwk1"; }; buildInputs = [ libgcrypt readline libgpgerror ]; From dc46f52f9b3ed0b052b1bec446d51f868a39a84c Mon Sep 17 00:00:00 2001 From: "R. RyanTM" Date: Fri, 22 May 2020 07:33:01 +0000 Subject: [PATCH 061/101] mopidy-iris: 3.47.0 -> 3.49.0 --- pkgs/applications/audio/mopidy/iris.nix | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/pkgs/applications/audio/mopidy/iris.nix b/pkgs/applications/audio/mopidy/iris.nix index 742c63b3d83..5cc3a957d26 100644 --- a/pkgs/applications/audio/mopidy/iris.nix +++ b/pkgs/applications/audio/mopidy/iris.nix @@ -2,11 +2,11 @@ python3Packages.buildPythonApplication rec { pname = "Mopidy-Iris"; - version = "3.47.0"; + version = "3.49.0"; src = python3Packages.fetchPypi { inherit pname version; - sha256 = "1lvq5qsnn2djwkgbadzr7rr6ik2xh8yyj0p3y3hck9pl96ms7lfv"; + sha256 = "0zddm7286iwx437gjz47m4g28s8gdcxnm2hmly9w1dzi08aa4fas"; }; propagatedBuildInputs = [ From 865f214e33dd61ad2c6371a387c1ccfb10a78d58 Mon Sep 17 00:00:00 2001 From: "R. RyanTM" Date: Fri, 22 May 2020 08:24:24 +0000 Subject: [PATCH 062/101] moodle: 3.8.2 -> 3.8.3 --- pkgs/servers/web-apps/moodle/default.nix | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/pkgs/servers/web-apps/moodle/default.nix b/pkgs/servers/web-apps/moodle/default.nix index 98bd8e0027f..62de7620c5e 100644 --- a/pkgs/servers/web-apps/moodle/default.nix +++ b/pkgs/servers/web-apps/moodle/default.nix @@ -1,7 +1,7 @@ { stdenv, fetchurl, writeText }: let - version = "3.8.2"; + version = "3.8.3"; stableVersion = builtins.substring 0 2 (builtins.replaceStrings ["."] [""] version); in @@ -11,7 +11,7 @@ stdenv.mkDerivation rec { src = fetchurl { url = "https://download.moodle.org/stable${stableVersion}/${pname}-${version}.tgz"; - sha256 = "134vxsbslk7sfalmgcp744aygaxz2k080d14j8nkivk9zhplds53"; + sha256 = "1anjv4gvbb6833j04a1b4aaysnl4h0x96sr1hhm4nm5kq2fimjd1"; }; phpConfig = writeText "config.php" '' From dca6325a2b7f19db050c40f524802bf2e24749d8 Mon Sep 17 00:00:00 2001 From: "R. RyanTM" Date: Fri, 22 May 2020 08:29:04 +0000 Subject: [PATCH 063/101] mksh: 59 -> 59b --- pkgs/shells/mksh/default.nix | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/pkgs/shells/mksh/default.nix b/pkgs/shells/mksh/default.nix index 682d88dbfbd..7abf75c70f4 100644 --- a/pkgs/shells/mksh/default.nix +++ b/pkgs/shells/mksh/default.nix @@ -2,14 +2,14 @@ stdenv.mkDerivation rec { pname = "mksh"; - version = "59"; + version = "59b"; src = fetchurl { urls = [ "https://www.mirbsd.org/MirOS/dist/mir/mksh/mksh-R${version}.tgz" "http://pub.allbsd.org/MirOS/dist/mir/mksh/mksh-R${version}.tgz" ]; - sha256 = "1flhsdfksvv9gmfkgjwgdia1irv53g9abmq3y22s5a5ycyx2hajr"; + sha256 = "1rp0farbylypyiaald2hw5avg5w3m8x7cjnxxyyihzvfb2lx2zlh"; }; dontConfigure = true; From 822918df4cec0ee14a657efb86a08bf7f457e647 Mon Sep 17 00:00:00 2001 From: Florian Klink Date: Sun, 17 May 2020 21:57:01 +0200 Subject: [PATCH 064/101] nixos/scripted-networking: use udev to configure link MACAddress and MTUBytes The `network-link-${i.name}` units raced with other things trying to configure the interface, or ran before the interface was available. Instead of running our own set of shell scripts on boot, and hoping they're executed at the right time, we can make use of udev to configure the interface *while they appear*, by providing `.link` files in /etc/systemd/network/*.link to set MACAddress and MTUBytes. This doesn't require networkd to be enabled, and is populated properly on non-networkd systems since https://github.com/NixOS/nixpkgs/pull/82941. This continues clean-up work done in https://github.com/NixOS/nixpkgs/pull/85170 for the scripted networking stack. The only leftover part of the `network-link-${i.name}` unit (bringing the interface up) is moved to the beginning of the `network-addresses-${i.name}` unit. Fixes: https://github.com/NixOS/nixpkgs/issues/74471 Closes: https://github.com/NixOS/nixpkgs/pull/87116 --- nixos/doc/manual/release-notes/rl-2009.xml | 15 ++++++ .../tasks/network-interfaces-scripted.nix | 53 ++++++------------- 2 files changed, 30 insertions(+), 38 deletions(-) diff --git a/nixos/doc/manual/release-notes/rl-2009.xml b/nixos/doc/manual/release-notes/rl-2009.xml index a4c2719d044..5d2ffd262e0 100644 --- a/nixos/doc/manual/release-notes/rl-2009.xml +++ b/nixos/doc/manual/release-notes/rl-2009.xml @@ -437,6 +437,21 @@ systemd.services.nginx.serviceConfig.ReadWritePaths = [ "/var/www" ]; Default algorithm for ZRAM swap was changed to zstd. + + + The scripted networking system now uses .link files in + /etc/systemd/network to configure mac address and link MTU, + instead of the sometimes buggy network-link-* units, which + have been removed. + Bringing the interface up has been moved to the beginning of the + network-addresses-* unit. + Note this doesn't require systemd-networkd - it's udev that + parses .link files. + Extra care needs to be taken in the presence of legacy udev rules + to rename interfaces, as MAC Address and MTU defined in these options can only match on the original link name. + In such cases, you most likely want to create a 10-*.link file through and set both name and MAC Address / MTU there. + + diff --git a/nixos/modules/tasks/network-interfaces-scripted.nix b/nixos/modules/tasks/network-interfaces-scripted.nix index f6fce3b1c8b..d895c58bab0 100644 --- a/nixos/modules/tasks/network-interfaces-scripted.nix +++ b/nixos/modules/tasks/network-interfaces-scripted.nix @@ -54,7 +54,16 @@ let }; normalConfig = { - + systemd.network.links = let + createNetworkLink = i: nameValuePair "40-${i.name}" { + matchConfig.OriginalName = i.name; + linkConfig = optionalAttrs (i.macAddress != null) { + MACAddress = i.macAddress; + } // optionalAttrs (i.mtu != null) { + MTUBytes = toString i.mtu; + }; + }; + in listToAttrs (map createNetworkLink interfaces); systemd.services = let @@ -164,7 +173,6 @@ let { description = "Address configuration of ${i.name}"; wantedBy = [ "network-setup.service" - "network-link-${i.name}.service" "network.target" ]; # order before network-setup because the routes that are configured @@ -183,6 +191,8 @@ let state="/run/nixos/network/addresses/${i.name}" mkdir -p $(dirname "$state") + ip link set "${i.name}" up + ${flip concatMapStrings ips (ip: let cidr = "${ip.address}/${toString ip.prefixLength}"; @@ -237,38 +247,6 @@ let ''; }; - createNetworkLink = i: - let - deviceDependency = if (config.boot.isContainer || i.name == "lo") - then [] - else [ (subsystemDevice i.name) ]; - in - nameValuePair "network-link-${i.name}" - { description = "Link configuration of ${i.name}"; - wantedBy = [ "network-interfaces.target" ]; - before = [ "network-interfaces.target" ]; - bindsTo = deviceDependency; - after = [ "network-pre.target" ] ++ deviceDependency; - path = [ pkgs.iproute ]; - serviceConfig = { - Type = "oneshot"; - RemainAfterExit = true; - }; - script = - '' - echo "Configuring link..." - '' + optionalString (i.macAddress != null) '' - echo "setting MAC address to ${i.macAddress}..." - ip link set "${i.name}" address "${i.macAddress}" - '' + optionalString (i.mtu != null) '' - echo "setting MTU to ${toString i.mtu}..." - ip link set "${i.name}" mtu "${toString i.mtu}" - '' + '' - echo -n "bringing up interface... " - ip link set "${i.name}" up && echo "done" || (echo "failed"; exit 1) - ''; - }; - createTunDevice = i: nameValuePair "${i.name}-netdev" { description = "Virtual Network Interface ${i.name}"; bindsTo = [ "dev-net-tun.device" ]; @@ -298,7 +276,7 @@ let bindsTo = deps ++ optional v.rstp "mstpd.service"; partOf = [ "network-setup.service" ] ++ optional v.rstp "mstpd.service"; after = [ "network-pre.target" ] ++ deps ++ optional v.rstp "mstpd.service" - ++ concatMap (i: [ "network-addresses-${i}.service" "network-link-${i}.service" ]) v.interfaces; + ++ map (i: "network-addresses-${i}.service") v.interfaces; before = [ "network-setup.service" ]; serviceConfig.Type = "oneshot"; serviceConfig.RemainAfterExit = true; @@ -375,7 +353,7 @@ let createVswitchDevice = n: v: nameValuePair "${n}-netdev" (let deps = concatLists (map deviceDependency (attrNames (filterAttrs (_: config: config.type != "internal") v.interfaces))); - internalConfigs = concatMap (i: ["network-link-${i}.service" "network-addresses-${i}.service"]) (attrNames (filterAttrs (_: config: config.type == "internal") v.interfaces)); + internalConfigs = map (i: "network-addresses-${i}.service") (attrNames (filterAttrs (_: config: config.type == "internal") v.interfaces)); ofRules = pkgs.writeText "vswitch-${n}-openFlowRules" v.openFlowRules; in { description = "Open vSwitch Interface ${n}"; @@ -427,7 +405,7 @@ let bindsTo = deps; partOf = [ "network-setup.service" ]; after = [ "network-pre.target" ] ++ deps - ++ concatMap (i: [ "network-addresses-${i}.service" "network-link-${i}.service" ]) v.interfaces; + ++ map (i: "network-addresses-${i}.service") v.interfaces; before = [ "network-setup.service" ]; serviceConfig.Type = "oneshot"; serviceConfig.RemainAfterExit = true; @@ -540,7 +518,6 @@ let }); in listToAttrs ( - map createNetworkLink interfaces ++ map configureAddrs interfaces ++ map createTunDevice (filter (i: i.virtual) interfaces)) // mapAttrs' createBridgeDevice cfg.bridges From 8cbf8116e7b9bf74b32a8f7bba39f83d1047dcad Mon Sep 17 00:00:00 2001 From: Vincent Laporte Date: Mon, 18 May 2020 21:26:42 +0200 Subject: [PATCH 065/101] =?UTF-8?q?ocamlPackages.ppxfind:=201.3=20?= =?UTF-8?q?=E2=86=92=201.4?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit ocamlPackages.ocaml-migrate-parsetree: 1.5.0 → 1.7.3 --- .../ocaml-modules/ocaml-migrate-parsetree/default.nix | 4 ++-- pkgs/development/ocaml-modules/ppxfind/default.nix | 5 +++-- 2 files changed, 5 insertions(+), 4 deletions(-) diff --git a/pkgs/development/ocaml-modules/ocaml-migrate-parsetree/default.nix b/pkgs/development/ocaml-modules/ocaml-migrate-parsetree/default.nix index f633d17252c..bcd0a519899 100644 --- a/pkgs/development/ocaml-modules/ocaml-migrate-parsetree/default.nix +++ b/pkgs/development/ocaml-modules/ocaml-migrate-parsetree/default.nix @@ -2,13 +2,13 @@ buildDunePackage rec { pname = "ocaml-migrate-parsetree"; - version = "1.5.0"; + version = "1.7.3"; src = fetchFromGitHub { owner = "ocaml-ppx"; repo = pname; rev = "v${version}"; - sha256 = "0ms7nx7x16nkbm9rln3sycbzg6ad8swz8jw6bjndrill8bg3fipv"; + sha256 = "0336vz0galjnsazbmkxjwdv1qvdqsx2rgrvp778xgq2fzasz45cx"; }; propagatedBuildInputs = [ ppx_derivers result ]; diff --git a/pkgs/development/ocaml-modules/ppxfind/default.nix b/pkgs/development/ocaml-modules/ppxfind/default.nix index 75d1e57765e..1008dfe62a9 100644 --- a/pkgs/development/ocaml-modules/ppxfind/default.nix +++ b/pkgs/development/ocaml-modules/ppxfind/default.nix @@ -2,13 +2,14 @@ buildDunePackage (rec { pname = "ppxfind"; - version = "1.3"; + version = "1.4"; src = fetchurl { url = "https://github.com/diml/ppxfind/releases/download/${version}/ppxfind-${version}.tbz"; - sha256 = "1r4jp0516378js62ss50a9s8ql2pm8lfdd3mnk214hp7s0kb17fl"; + sha256 = "0wa9vcrc26kirc2cqqs6kmarbi8gqy3dgdfiv9y7nzsgy1liqacq"; }; minimumOCamlVersion = "4.03"; + useDune2 = true; buildInputs = [ ocaml-migrate-parsetree ]; From 4e7599ac57fa602c4d1e8aedc52b3b7dfb4d3303 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?G=C3=BCrkan=20G=C3=BCr?= Date: Thu, 21 May 2020 13:55:28 +0200 Subject: [PATCH 066/101] python-toolbox: 0.9.4 -> 1.0.10 --- pkgs/development/python-modules/python-toolbox/default.nix | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) diff --git a/pkgs/development/python-modules/python-toolbox/default.nix b/pkgs/development/python-modules/python-toolbox/default.nix index 57085b04cf9..bdf09fdf2c7 100644 --- a/pkgs/development/python-modules/python-toolbox/default.nix +++ b/pkgs/development/python-modules/python-toolbox/default.nix @@ -4,10 +4,11 @@ , fetchFromGitHub , isPy27 , nose +, pytest }: buildPythonPackage rec { - version = "0.9.4"; + version = "1.0.10"; pname = "python_toolbox"; disabled = isPy27; @@ -15,12 +16,12 @@ buildPythonPackage rec { owner = "cool-RR"; repo = pname; rev = version; - sha256 = "1qy2sfqfrkgxixmd22v5lkrdykdfiymsd2s3xa7ndlvg084cgj6r"; + sha256 = "1hpls1hwisdjx1g15cq052bdn9fvh43r120llws8bvgvj9ivnaha"; }; checkInputs = [ docutils - nose + pytest ]; meta = with lib; { From 81ccf1303b0930d1d50239ad71bbe109fba9e18b Mon Sep 17 00:00:00 2001 From: David Terry Date: Sun, 10 May 2020 12:26:22 +0200 Subject: [PATCH 067/101] bazarr: init at 0.8.4.3 --- pkgs/servers/bazarr/default.nix | 35 +++++++++++++++++++++++++++++++++ pkgs/top-level/all-packages.nix | 2 ++ 2 files changed, 37 insertions(+) create mode 100644 pkgs/servers/bazarr/default.nix diff --git a/pkgs/servers/bazarr/default.nix b/pkgs/servers/bazarr/default.nix new file mode 100644 index 00000000000..cc44efe2098 --- /dev/null +++ b/pkgs/servers/bazarr/default.nix @@ -0,0 +1,35 @@ +{ stdenv, lib, fetchurl, makeWrapper, python3, nixosTests }: + +stdenv.mkDerivation rec { + pname = "bazarr"; + version = "0.8.4.3"; + + src = fetchurl { + url = "https://github.com/morpheus65535/bazarr/archive/v${version}.tar.gz"; + sha256 = "0vvx1lrngxq8c9i0ad8sy6sigcf67b2h7kkaxnlfdlnp1d8kmf1m"; + }; + + nativeBuildInputs = [ makeWrapper ]; + + installPhase = '' + mkdir -p $out/src + cp -r * $out/src + + mkdir -p $out/bin + makeWrapper "${(python3.withPackages (ps: [ps.lxml])).interpreter}" \ + $out/bin/bazarr \ + --add-flags "$out/src/bazarr.py" \ + ''; + + passthru.tests = { + smoke-test = nixosTests.bazarr; + }; + + meta = with lib; { + description = "Subtitle manager for Sonarr and Radarr"; + homepage = "https://www.bazarr.media/"; + license = licenses.gpl3; + maintainers = with maintainers; [ xwvvvvwx ]; + platforms = platforms.all; + }; +} diff --git a/pkgs/top-level/all-packages.nix b/pkgs/top-level/all-packages.nix index 9f979731a84..4cfd71b806c 100644 --- a/pkgs/top-level/all-packages.nix +++ b/pkgs/top-level/all-packages.nix @@ -816,6 +816,8 @@ in bashcards = callPackage ../tools/misc/bashcards { }; + bazarr = callPackage ../servers/bazarr { }; + bcachefs-tools = callPackage ../tools/filesystems/bcachefs-tools { }; bitwarden = callPackage ../tools/security/bitwarden { }; From 8724c96e718898d0913b3f2dce571f25eceeaacc Mon Sep 17 00:00:00 2001 From: David Terry Date: Sun, 10 May 2020 12:54:09 +0200 Subject: [PATCH 068/101] nixos/bazarr: init --- nixos/modules/module-list.nix | 1 + nixos/modules/services/misc/bazarr.nix | 76 ++++++++++++++++++++++++++ nixos/tests/all-tests.nix | 1 + nixos/tests/bazarr.nix | 26 +++++++++ 4 files changed, 104 insertions(+) create mode 100644 nixos/modules/services/misc/bazarr.nix create mode 100644 nixos/tests/bazarr.nix diff --git a/nixos/modules/module-list.nix b/nixos/modules/module-list.nix index 460c74f857c..d5285cfabd7 100644 --- a/nixos/modules/module-list.nix +++ b/nixos/modules/module-list.nix @@ -415,6 +415,7 @@ ./services/misc/apache-kafka.nix ./services/misc/autofs.nix ./services/misc/autorandr.nix + ./services/misc/bazarr.nix ./services/misc/beanstalkd.nix ./services/misc/bees.nix ./services/misc/bepasty.nix diff --git a/nixos/modules/services/misc/bazarr.nix b/nixos/modules/services/misc/bazarr.nix new file mode 100644 index 00000000000..d3fd5b08cc8 --- /dev/null +++ b/nixos/modules/services/misc/bazarr.nix @@ -0,0 +1,76 @@ +{ config, pkgs, lib, ... }: + +with lib; + +let + cfg = config.services.bazarr; +in +{ + options = { + services.bazarr = { + enable = mkEnableOption "bazarr, a subtitle manager for Sonarr and Radarr"; + + openFirewall = mkOption { + type = types.bool; + default = false; + description = "Open ports in the firewall for the bazarr web interface."; + }; + + listenPort = mkOption { + type = types.port; + default = 6767; + description = "Port on which the bazarr web interface should listen"; + }; + + user = mkOption { + type = types.str; + default = "bazarr"; + description = "User account under which bazarr runs."; + }; + + group = mkOption { + type = types.str; + default = "bazarr"; + description = "Group under which bazarr runs."; + }; + }; + }; + + config = mkIf cfg.enable { + systemd.services.bazarr = { + description = "bazarr"; + after = [ "network.target" ]; + wantedBy = [ "multi-user.target" ]; + + serviceConfig = rec { + Type = "simple"; + User = cfg.user; + Group = cfg.group; + StateDirectory = "bazarr"; + SyslogIdentifier = "bazarr"; + ExecStart = pkgs.writeShellScript "start-bazarr" '' + ${pkgs.bazarr}/bin/bazarr \ + --config '/var/lib/${StateDirectory}' \ + --port ${toString cfg.listenPort} \ + --no-update True + ''; + Restart = "on-failure"; + }; + }; + + networking.firewall = mkIf cfg.openFirewall { + allowedTCPPorts = [ cfg.listenPort ]; + }; + + users.users = mkIf (cfg.user == "bazarr") { + bazarr = { + group = cfg.group; + home = "/var/lib/${config.systemd.services.bazarr.serviceConfig.StateDirectory}"; + }; + }; + + users.groups = mkIf (cfg.group == "bazarr") { + bazarr = {}; + }; + }; +} diff --git a/nixos/tests/all-tests.nix b/nixos/tests/all-tests.nix index 942cee04abc..af619ac99a3 100644 --- a/nixos/tests/all-tests.nix +++ b/nixos/tests/all-tests.nix @@ -27,6 +27,7 @@ in atd = handleTest ./atd.nix {}; avahi = handleTest ./avahi.nix {}; babeld = handleTest ./babeld.nix {}; + bazarr = handleTest ./bazarr.nix {}; bcachefs = handleTestOn ["x86_64-linux"] ./bcachefs.nix {}; # linux-4.18.2018.10.12 is unsupported on aarch64 beanstalkd = handleTest ./beanstalkd.nix {}; bees = handleTest ./bees.nix {}; diff --git a/nixos/tests/bazarr.nix b/nixos/tests/bazarr.nix new file mode 100644 index 00000000000..b8cd8ef38b4 --- /dev/null +++ b/nixos/tests/bazarr.nix @@ -0,0 +1,26 @@ +import ./make-test-python.nix ({ lib, ... }: + +with lib; + +let + port = 42069; +in +{ + name = "bazarr"; + meta.maintainers = with maintainers; [ xwvvvvwx ]; + + nodes.machine = + { pkgs, ... }: + { + services.bazarr = { + enable = true; + listenPort = port; + }; + }; + + testScript = '' + machine.wait_for_unit("bazarr.service") + machine.wait_for_open_port("${toString port}") + machine.succeed("curl --fail http://localhost:${toString port}/") + ''; +}) From 74bf0fafd5792e92ce604136fb29ae95ab91c34b Mon Sep 17 00:00:00 2001 From: David Terry Date: Fri, 22 May 2020 09:06:33 +0200 Subject: [PATCH 069/101] bazarr: 0.8.4.3 -> 0.8.4.4 --- pkgs/servers/bazarr/default.nix | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/pkgs/servers/bazarr/default.nix b/pkgs/servers/bazarr/default.nix index cc44efe2098..075b5e58447 100644 --- a/pkgs/servers/bazarr/default.nix +++ b/pkgs/servers/bazarr/default.nix @@ -2,11 +2,11 @@ stdenv.mkDerivation rec { pname = "bazarr"; - version = "0.8.4.3"; + version = "0.8.4.4"; src = fetchurl { url = "https://github.com/morpheus65535/bazarr/archive/v${version}.tar.gz"; - sha256 = "0vvx1lrngxq8c9i0ad8sy6sigcf67b2h7kkaxnlfdlnp1d8kmf1m"; + sha256 = "09qpy5fyyidi45968qg37cighfh3rgwsi8pfz4fk5fp2v1xq23yg"; }; nativeBuildInputs = [ makeWrapper ]; From d8fc7deb694c8d024a387f3352283e14ea0a85e6 Mon Sep 17 00:00:00 2001 From: Doron Behar Date: Wed, 13 May 2020 13:54:17 +0300 Subject: [PATCH 070/101] syncthingtray: test --help in installCheckPhase To spare the need to test this package every time @r-ryantm updates it, make sure it passes this sanity test. --- pkgs/applications/misc/syncthingtray/default.nix | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/pkgs/applications/misc/syncthingtray/default.nix b/pkgs/applications/misc/syncthingtray/default.nix index 01d1891dd73..7af90535530 100644 --- a/pkgs/applications/misc/syncthingtray/default.nix +++ b/pkgs/applications/misc/syncthingtray/default.nix @@ -39,6 +39,12 @@ mkDerivation rec { nativeBuildInputs = [ cmake qttools ]; + # No tests are available by upstream, but we test --help anyway + doInstallCheck = true; + installCheckPhase = '' + $out/bin/syncthingtray --help | grep ${version} + ''; + cmakeFlags = [ # See https://github.com/Martchus/syncthingtray/issues/42 "-DQT_PLUGIN_DIR:STRING=${placeholder "out"}/lib/qt-5" From 19c762bdd84640125c72b8a82ab6cef3e090f720 Mon Sep 17 00:00:00 2001 From: Atemu Date: Fri, 22 May 2020 12:42:03 +0200 Subject: [PATCH 071/101] audacity: 2.4.0 -> 2.4.1 --- pkgs/applications/audio/audacity/default.nix | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/pkgs/applications/audio/audacity/default.nix b/pkgs/applications/audio/audacity/default.nix index 72669aa183b..542a1f85188 100644 --- a/pkgs/applications/audio/audacity/default.nix +++ b/pkgs/applications/audio/audacity/default.nix @@ -7,12 +7,12 @@ with stdenv.lib; stdenv.mkDerivation rec { - version = "2.4.0"; + version = "2.4.1"; pname = "audacity"; src = fetchzip { url = "https://github.com/audacity/audacity/archive/Audacity-${version}.tar.gz"; - sha256 = "1f0lbzisqaj4pr9xxsx105a9ibym2qbngalnsb7iwmcvyrpc0l6a"; + sha256 = "1xk0piv72d2xd3p7igr916fhcbrm76fhjr418k1rlqdzzg1hfljn"; }; preConfigure = /* we prefer system-wide libs */ '' From 9e7ea5f897a626c4bb7fdcc283787cc7256eca3c Mon Sep 17 00:00:00 2001 From: Michael Weiss Date: Fri, 22 May 2020 12:11:54 +0200 Subject: [PATCH 072/101] jekyll: Update the dependencies (security, CVE-2020-8165) This fixes a potential security issue (reported by bundler-audit) by updating activesupport to 6.0.3.1 for CVE-2020-8165 [0]. [0]: https://groups.google.com/forum/#!topic/rubyonrails-security/bv6fW4S0Y1c --- pkgs/applications/misc/jekyll/basic/Gemfile.lock | 6 +++--- pkgs/applications/misc/jekyll/basic/gemset.nix | 12 ++++++------ pkgs/applications/misc/jekyll/full/Gemfile.lock | 8 ++++---- pkgs/applications/misc/jekyll/full/gemset.nix | 16 ++++++++-------- 4 files changed, 21 insertions(+), 21 deletions(-) diff --git a/pkgs/applications/misc/jekyll/basic/Gemfile.lock b/pkgs/applications/misc/jekyll/basic/Gemfile.lock index 9e244fb44b8..7bef929bea1 100644 --- a/pkgs/applications/misc/jekyll/basic/Gemfile.lock +++ b/pkgs/applications/misc/jekyll/basic/Gemfile.lock @@ -1,7 +1,7 @@ GEM remote: https://rubygems.org/ specs: - activesupport (6.0.3) + activesupport (6.0.3.1) concurrent-ruby (~> 1.0, >= 1.0.2) i18n (>= 0.7, < 2) minitest (~> 5.1) @@ -66,7 +66,7 @@ GEM rb-inotify (~> 0.9, >= 0.9.10) mercenary (0.3.6) mini_portile2 (2.4.0) - minitest (5.14.0) + minitest (5.14.1) nokogiri (1.10.9) mini_portile2 (~> 2.4.0) pathutil (0.16.2) @@ -76,7 +76,7 @@ GEM rb-inotify (0.10.1) ffi (~> 1.0) rexml (3.2.4) - rouge (3.18.0) + rouge (3.19.0) safe_yaml (1.0.5) sassc (2.3.0) ffi (~> 1.9) diff --git a/pkgs/applications/misc/jekyll/basic/gemset.nix b/pkgs/applications/misc/jekyll/basic/gemset.nix index a02ec1f16c4..3faa3dde82c 100644 --- a/pkgs/applications/misc/jekyll/basic/gemset.nix +++ b/pkgs/applications/misc/jekyll/basic/gemset.nix @@ -5,10 +5,10 @@ platforms = []; source = { remotes = ["https://rubygems.org"]; - sha256 = "0shh34xx9ygxb57s8mag8l22klvjfnk1c4jbjvchk16r6z0ps326"; + sha256 = "1l29n9n38c9lpy5smh26r7fy7jp2bpjqlzhxgsr79cv7xpwlrbhs"; type = "gem"; }; - version = "6.0.3"; + version = "6.0.3.1"; }; addressable = { dependencies = ["public_suffix"]; @@ -280,10 +280,10 @@ platforms = []; source = { remotes = ["https://rubygems.org"]; - sha256 = "0g73x65hmjph8dg1h3rkzfg7ys3ffxm35hj35grw75fixmq53qyz"; + sha256 = "09bz9nsznxgaf06cx3b5z71glgl0hdw469gqx3w7bqijgrb55p5g"; type = "gem"; }; - version = "5.14.0"; + version = "5.14.1"; }; nokogiri = { dependencies = ["mini_portile2"]; @@ -353,10 +353,10 @@ platforms = []; source = { remotes = ["https://rubygems.org"]; - sha256 = "1n9h0ls2a2zq0bcsw31wxci1wdxb8s3vglfadxpcs6b04vkf6nqq"; + sha256 = "102rc07d78k5bkl0s9nd1gw6wz0w0zcvg4g5sl7z9xxi4r793c35"; type = "gem"; }; - version = "3.18.0"; + version = "3.19.0"; }; safe_yaml = { groups = ["default"]; diff --git a/pkgs/applications/misc/jekyll/full/Gemfile.lock b/pkgs/applications/misc/jekyll/full/Gemfile.lock index d5588438ae6..5f956f406fd 100644 --- a/pkgs/applications/misc/jekyll/full/Gemfile.lock +++ b/pkgs/applications/misc/jekyll/full/Gemfile.lock @@ -1,7 +1,7 @@ GEM remote: https://rubygems.org/ specs: - activesupport (6.0.3) + activesupport (6.0.3.1) concurrent-ruby (~> 1.0, >= 1.0.2) i18n (>= 0.7, < 2) minitest (~> 5.1) @@ -93,9 +93,9 @@ GEM mercenary (0.3.6) mime-types (3.3.1) mime-types-data (~> 3.2015) - mime-types-data (3.2020.0425) + mime-types-data (3.2020.0512) mini_portile2 (2.4.0) - minitest (5.14.0) + minitest (5.14.1) multipart-post (2.1.1) nokogiri (1.10.9) mini_portile2 (~> 2.4.0) @@ -110,7 +110,7 @@ GEM ffi (~> 1.0) rdoc (6.2.1) rexml (3.2.4) - rouge (3.18.0) + rouge (3.19.0) safe_yaml (1.0.5) sassc (2.3.0) ffi (~> 1.9) diff --git a/pkgs/applications/misc/jekyll/full/gemset.nix b/pkgs/applications/misc/jekyll/full/gemset.nix index 8c2b1ffaf95..04844b47310 100644 --- a/pkgs/applications/misc/jekyll/full/gemset.nix +++ b/pkgs/applications/misc/jekyll/full/gemset.nix @@ -5,10 +5,10 @@ platforms = []; source = { remotes = ["https://rubygems.org"]; - sha256 = "0shh34xx9ygxb57s8mag8l22klvjfnk1c4jbjvchk16r6z0ps326"; + sha256 = "1l29n9n38c9lpy5smh26r7fy7jp2bpjqlzhxgsr79cv7xpwlrbhs"; type = "gem"; }; - version = "6.0.3"; + version = "6.0.3.1"; }; addressable = { dependencies = ["public_suffix"]; @@ -478,10 +478,10 @@ platforms = []; source = { remotes = ["https://rubygems.org"]; - sha256 = "1zin0q26wc5p7zb7glpwary7ms60s676vcq987yv22jgm6hnlwlh"; + sha256 = "1z75svngyhsglx0y2f9rnil2j08f9ab54b3l95bpgz67zq2if753"; type = "gem"; }; - version = "3.2020.0425"; + version = "3.2020.0512"; }; mini_portile2 = { groups = ["default"]; @@ -498,10 +498,10 @@ platforms = []; source = { remotes = ["https://rubygems.org"]; - sha256 = "0g73x65hmjph8dg1h3rkzfg7ys3ffxm35hj35grw75fixmq53qyz"; + sha256 = "09bz9nsznxgaf06cx3b5z71glgl0hdw469gqx3w7bqijgrb55p5g"; type = "gem"; }; - version = "5.14.0"; + version = "5.14.1"; }; multipart-post = { groups = ["default"]; @@ -602,10 +602,10 @@ platforms = []; source = { remotes = ["https://rubygems.org"]; - sha256 = "1n9h0ls2a2zq0bcsw31wxci1wdxb8s3vglfadxpcs6b04vkf6nqq"; + sha256 = "102rc07d78k5bkl0s9nd1gw6wz0w0zcvg4g5sl7z9xxi4r793c35"; type = "gem"; }; - version = "3.18.0"; + version = "3.19.0"; }; safe_yaml = { groups = ["default"]; From 9404c8ee74ebaf36fbd5a1dbb2fe1e7950424586 Mon Sep 17 00:00:00 2001 From: Michael Weiss Date: Fri, 22 May 2020 13:03:29 +0200 Subject: [PATCH 073/101] gitRepo: 2.7 -> 2.8 --- pkgs/applications/version-management/git-repo/default.nix | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/pkgs/applications/version-management/git-repo/default.nix b/pkgs/applications/version-management/git-repo/default.nix index 9488bb8ff78..eb3f95a354f 100644 --- a/pkgs/applications/version-management/git-repo/default.nix +++ b/pkgs/applications/version-management/git-repo/default.nix @@ -4,13 +4,13 @@ stdenv.mkDerivation rec { pname = "git-repo"; - version = "2.7"; + version = "2.8"; src = fetchFromGitHub { owner = "android"; repo = "tools_repo"; rev = "v${version}"; - sha256 = "19wn16m9sy8fv31zl90av5la60l5hsf5fvvfpgiy0470rkagvz6j"; + sha256 = "00sahddplisg55zpjz4v4sc7zqbh3apx36xv77g55nabwz7han8d"; }; patches = [ ./import-ssl-module.patch ]; From 7923f0d955bd49e3134a35af77a01013438ff1f9 Mon Sep 17 00:00:00 2001 From: Albert Safin Date: Fri, 22 May 2020 11:02:25 +0000 Subject: [PATCH 074/101] cached-nix-shell: 0.1.2 -> 0.1.3 --- pkgs/tools/nix/cached-nix-shell/default.nix | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/pkgs/tools/nix/cached-nix-shell/default.nix b/pkgs/tools/nix/cached-nix-shell/default.nix index dc69d3f030d..eab8b6ba488 100644 --- a/pkgs/tools/nix/cached-nix-shell/default.nix +++ b/pkgs/tools/nix/cached-nix-shell/default.nix @@ -1,25 +1,25 @@ { stdenv, fetchFromGitHub, openssl, pkgconfig, ronn, rustPlatform }: -let +let blake3-src = fetchFromGitHub { owner = "BLAKE3-team"; repo = "BLAKE3"; - rev = "0.3.1"; - sha256 = "0wkxx2w56hsng28p8zpndsy288ix4s5qg6xqjzgjz53fbyk46hda"; + rev = "0.3.3"; + sha256 = "0av41ld0gqf3g60gcllpz59nqlr7r62v99mgfq9gs0p8diw5gi7x"; }; in rustPlatform.buildRustPackage rec { pname = "cached-nix-shell"; - version = "0.1.2"; + version = "0.1.3"; src = fetchFromGitHub { owner = "xzfc"; repo = pname; rev = "v${version}"; - sha256 = "0pzwknpc4qrh9pv5z0xvldql2dkj9ddksvaci86a4f8cnd86p2l6"; + sha256 = "1ni671wr2lrvyz6myaz3v4llrjvq4jc1ygw1m7rvnadzyf3va3lw"; }; - cargoSha256 = "1n88gcnrfdrk025hb54igc83cn5vlv8n6ndyx1ydmzhd95vhbznf"; + cargoSha256 = "19i39b1yqdf81ql4psr3nfah6ci2mw3ljkv740clqmz088j2av8g"; # The BLAKE3 C library is intended to be built by the project depending on it # rather than as a standalone library. From 3960e06ea79e7b85bb21ca424545ef5c881a165d Mon Sep 17 00:00:00 2001 From: Benjamin Andresen Date: Fri, 22 May 2020 13:11:21 +0200 Subject: [PATCH 075/101] chromedriver: 81.0.4044.69 -> 83.0.4103.39 --- pkgs/development/tools/selenium/chromedriver/default.nix | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/pkgs/development/tools/selenium/chromedriver/default.nix b/pkgs/development/tools/selenium/chromedriver/default.nix index 29ed96b778a..8aad3230003 100644 --- a/pkgs/development/tools/selenium/chromedriver/default.nix +++ b/pkgs/development/tools/selenium/chromedriver/default.nix @@ -6,12 +6,12 @@ let allSpecs = { x86_64-linux = { system = "linux64"; - sha256 = "1mqsangjindfqgvjxgmpgfrcd8a2lqmwl587l0ip0p5wwz8yq5wi"; + sha256 = "149p43zaz45malmff1274r2bwjcyjwsdickivk3pd0mvnjbfid2r"; }; x86_64-darwin = { system = "mac64"; - sha256 = "18ydf2bk5aiin3yffb9z8215idz65nkhgxq0mmlvwb8gwsdvnwi1"; + sha256 = "1xpyqxpsz3r653ls67s6alv4g2vr4lxf29gyxc162ikywyrx80nr"; }; }; @@ -28,7 +28,7 @@ let in stdenv.mkDerivation rec { pname = "chromedriver"; - version = "81.0.4044.69"; + version = "83.0.4103.39"; src = fetchurl { url = "https://chromedriver.storage.googleapis.com/${version}/chromedriver_${spec.system}.zip"; From bc8432f6411eb2de66001f37ebde6c41569087a1 Mon Sep 17 00:00:00 2001 From: "R. RyanTM" Date: Fri, 22 May 2020 12:31:39 +0000 Subject: [PATCH 076/101] memcached: 1.6.5 -> 1.6.6 --- pkgs/servers/memcached/default.nix | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/pkgs/servers/memcached/default.nix b/pkgs/servers/memcached/default.nix index fb284970af0..58276ff8632 100644 --- a/pkgs/servers/memcached/default.nix +++ b/pkgs/servers/memcached/default.nix @@ -1,12 +1,12 @@ {stdenv, fetchurl, cyrus_sasl, libevent, nixosTests }: stdenv.mkDerivation rec { - version = "1.6.5"; + version = "1.6.6"; pname = "memcached"; src = fetchurl { url = "https://memcached.org/files/${pname}-${version}.tar.gz"; - sha256 = "1pr7igk7ic9wc2yax26wy3ar223vilf2qyzrknz36g61dxqa6k8z"; + sha256 = "1xrj7vy05nc6bky4wnrmrbxfibvk5vq4dp2fwk4jk4amzbn0x3wh"; }; configureFlags = [ From d64d42e023f99ae592bc7ccd6298d66a657aa8ea Mon Sep 17 00:00:00 2001 From: Florian Klink Date: Fri, 22 May 2020 14:42:25 +0200 Subject: [PATCH 077/101] nixos/udev: support /run/current-system/systemd in udevRules https://github.com/NixOS/nixpkgs/pull/88492 flipped some references to systemctl from config.systemd.package to /run/current-system/systemd/, which udevRules obviously isn't able resolve. If we encounter such references, replace them with config.systemd.package before doing the check. --- nixos/modules/services/hardware/udev.nix | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/nixos/modules/services/hardware/udev.nix b/nixos/modules/services/hardware/udev.nix index 168056a475e..587b9b0234a 100644 --- a/nixos/modules/services/hardware/udev.nix +++ b/nixos/modules/services/hardware/udev.nix @@ -83,6 +83,10 @@ let run_progs=$(grep -v '^[[:space:]]*#' $out/* | grep 'RUN+="/' | sed -e 's/.*RUN+="\([^ "]*\)[ "].*/\1/' | uniq) for i in $import_progs $run_progs; do + # if the path refers to /run/current-system/systemd, replace with config.systemd.package + if [[ $i == /run/current-system/systemd* ]]; then + i="${config.systemd.package}/''${i#/run/current-system/systemd/}" + fi if [[ ! -x $i ]]; then echo "FAIL" echo "$i is called in udev rules but is not executable or does not exist" From 1ccf44204bb15d6e4fd6155a971e3a6fbf95e8ac Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?J=C3=B6rg=20Thalheim?= Date: Fri, 22 May 2020 14:15:13 +0100 Subject: [PATCH 078/101] actions/editorconfig: disable until we can combine this with ofborg (#88608) We cannot run this check now, as it marks CI as green even though ofborg has not evaluated it yet. In future we might be able to mark ofborg as a required test: https://github.com/NixOS/nixpkgs/pull/87853#issuecomment-632676824 --- .github/workflows/editorconfig.yml | 22 ---------------------- 1 file changed, 22 deletions(-) delete mode 100644 .github/workflows/editorconfig.yml diff --git a/.github/workflows/editorconfig.yml b/.github/workflows/editorconfig.yml deleted file mode 100644 index 9e8a1bd97db..00000000000 --- a/.github/workflows/editorconfig.yml +++ /dev/null @@ -1,22 +0,0 @@ -name: actions - -on: - pull_request: - branches: - - master - -jobs: - editorconfig: - runs-on: ubuntu-latest - steps: - - uses: actions/checkout@v2 - - uses: technote-space/get-diff-action@v1.2.8 - - name: editorconfig check - env: - VERSION: "2.0.4" - OS: "linux" - ARCH: "amd64" - run: | - curl -sSf -O -L -C - https://github.com/editorconfig-checker/editorconfig-checker/releases/download/$VERSION/ec-$OS-$ARCH.tar.gz && \ - tar xzf ec-$OS-$ARCH.tar.gz && \ - ./bin/ec-$OS-$ARCH -disable-indentation ${{ env.GIT_DIFF }} From d09d7924238e82f5841b2d08bcd6554fb9f666c8 Mon Sep 17 00:00:00 2001 From: Maximilian Bosch Date: Fri, 22 May 2020 02:08:09 +0200 Subject: [PATCH 079/101] scalafmt: 2.5.1 -> 2.5.2 https://github.com/scalameta/scalafmt/releases/tag/v2.5.2 --- pkgs/development/tools/scalafmt/default.nix | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/pkgs/development/tools/scalafmt/default.nix b/pkgs/development/tools/scalafmt/default.nix index 89970c7dc98..0905c27d4c1 100644 --- a/pkgs/development/tools/scalafmt/default.nix +++ b/pkgs/development/tools/scalafmt/default.nix @@ -2,7 +2,7 @@ let baseName = "scalafmt"; - version = "2.5.1"; + version = "2.5.2"; deps = stdenv.mkDerivation { name = "${baseName}-deps-${version}"; buildCommand = '' @@ -13,7 +13,7 @@ let ''; outputHashMode = "recursive"; outputHashAlgo = "sha256"; - outputHash = "113dn10y0q8d2agr0g4cnx5fzdxjcz67i9089j86nn5i76wilm5s"; + outputHash = "14sfpzhd7r8srl9qyrdfqwmgrircqsgrr5hwvg8h1vaiwakq7m00"; }; in stdenv.mkDerivation { From 7857634d3feb4a98720630cb8ba232ea8b65930a Mon Sep 17 00:00:00 2001 From: Maximilian Bosch Date: Fri, 22 May 2020 02:08:58 +0200 Subject: [PATCH 080/101] documize-community: 3.7.0 -> 3.8.0 https://github.com/documize/community/releases/tag/v3.8.0 --- pkgs/servers/documize-community/default.nix | 6 +- pkgs/servers/documize-community/vendor.patch | 2392 ------------------ 2 files changed, 2 insertions(+), 2396 deletions(-) delete mode 100644 pkgs/servers/documize-community/vendor.patch diff --git a/pkgs/servers/documize-community/default.nix b/pkgs/servers/documize-community/default.nix index 4c09d7f1eeb..9a6580353fc 100644 --- a/pkgs/servers/documize-community/default.nix +++ b/pkgs/servers/documize-community/default.nix @@ -2,15 +2,13 @@ buildGoModule rec { pname = "documize-community"; - version = "3.7.0"; - - patches = [ ./vendor.patch ]; + version = "3.8.0"; src = fetchFromGitHub { owner = "documize"; repo = "community"; rev = "v${version}"; - sha256 = "1pcldf9lqvpb2h2a3kr3mahj2v1jasjwrszj6czjmkyml7x2sz7c"; + sha256 = "0jrqab0c2nnw8632g1f6zll3dycn7xyk01ycmn969i5qxx70am50"; }; vendorSha256 = null; diff --git a/pkgs/servers/documize-community/vendor.patch b/pkgs/servers/documize-community/vendor.patch deleted file mode 100644 index 82146981f32..00000000000 --- a/pkgs/servers/documize-community/vendor.patch +++ /dev/null @@ -1,2392 +0,0 @@ -diff --git a/vendor/github.com/microcosm-cc/bluemonday/.coveralls.yml b/vendor/github.com/microcosm-cc/bluemonday/.coveralls.yml -new file mode 100644 -index 00000000..e0c87602 ---- /dev/null -+++ b/vendor/github.com/microcosm-cc/bluemonday/.coveralls.yml -@@ -0,0 +1 @@ -+repo_token: x2wlA1x0X8CK45ybWpZRCVRB4g7vtkhaw -diff --git a/vendor/github.com/microcosm-cc/bluemonday/.travis.yml b/vendor/github.com/microcosm-cc/bluemonday/.travis.yml -new file mode 100644 -index 00000000..4f666461 ---- /dev/null -+++ b/vendor/github.com/microcosm-cc/bluemonday/.travis.yml -@@ -0,0 +1,22 @@ -+language: go -+go: -+ - 1.1.x -+ - 1.2.x -+ - 1.3.x -+ - 1.4.x -+ - 1.5.x -+ - 1.6.x -+ - 1.7.x -+ - 1.8.x -+ - 1.9.x -+ - 1.10.x -+ - 1.11.x -+ - tip -+matrix: -+ allow_failures: -+ - go: tip -+ fast_finish: true -+install: -+ - go get . -+script: -+ - go test -v ./... -diff --git a/vendor/github.com/microcosm-cc/bluemonday/CONTRIBUTING.md b/vendor/github.com/microcosm-cc/bluemonday/CONTRIBUTING.md -new file mode 100644 -index 00000000..d2b12302 ---- /dev/null -+++ b/vendor/github.com/microcosm-cc/bluemonday/CONTRIBUTING.md -@@ -0,0 +1,51 @@ -+# Contributing to bluemonday -+ -+Third-party patches are essential for keeping bluemonday secure and offering the features developers want. However there are a few guidelines that we need contributors to follow so that we can maintain the quality of work that developers who use bluemonday expect. -+ -+## Getting Started -+ -+* Make sure you have a [Github account](https://github.com/signup/free) -+ -+## Guidelines -+ -+1. Do not vendor dependencies. As a security package, were we to vendor dependencies the projects that then vendor bluemonday may not receive the latest security updates to the dependencies. By not vendoring dependencies the project that implements bluemonday will vendor the latest version of any dependent packages. Vendoring is a project problem, not a package problem. bluemonday will be tested against the latest version of dependencies periodically and during any PR/merge. -+ -+## Submitting an Issue -+ -+* Submit a ticket for your issue, assuming one does not already exist -+* Clearly describe the issue including the steps to reproduce (with sample input and output) if it is a bug -+ -+If you are reporting a security flaw, you may expect that we will provide the code to fix it for you. Otherwise you may want to submit a pull request to ensure the resolution is applied sooner rather than later: -+ -+* Fork the repository on Github -+* Issue a pull request containing code to resolve the issue -+ -+## Submitting a Pull Request -+ -+* Submit a ticket for your issue, assuming one does not already exist -+* Describe the reason for the pull request and if applicable show some example inputs and outputs to demonstrate what the patch does -+* Fork the repository on Github -+* Before submitting the pull request you should -+ 1. Include tests for your patch, 1 test should encapsulate the entire patch and should refer to the Github issue -+ 1. If you have added new exposed/public functionality, you should ensure it is documented appropriately -+ 1. If you have added new exposed/public functionality, you should consider demonstrating how to use it within one of the helpers or shipped policies if appropriate or within a test if modifying a helper or policy is not appropriate -+ 1. Run all of the tests `go test -v ./...` or `make test` and ensure all tests pass -+ 1. Run gofmt `gofmt -w ./$*` or `make fmt` -+ 1. Run vet `go tool vet *.go` or `make vet` and resolve any issues -+ 1. Install golint using `go get -u github.com/golang/lint/golint` and run vet `golint *.go` or `make lint` and resolve every warning -+* When submitting the pull request you should -+ 1. Note the issue(s) it resolves, i.e. `Closes #6` in the pull request comment to close issue #6 when the pull request is accepted -+ -+Once you have submitted a pull request, we *may* merge it without changes. If we have any comments or feedback, or need you to make changes to your pull request we will update the Github pull request or the associated issue. We expect responses from you within two weeks, and we may close the pull request is there is no activity. -+ -+### Contributor Licence Agreement -+ -+We haven't gone for the formal "Sign a Contributor Licence Agreement" thing that projects like [puppet](https://cla.puppetlabs.com/), [Mojito](https://developer.yahoo.com/cocktails/mojito/cla/) and companies like [Google](http://code.google.com/legal/individual-cla-v1.0.html) are using. -+ -+But we do need to know that we can accept and merge your contributions, so for now the act of contributing a pull request should be considered equivalent to agreeing to a contributor licence agreement, specifically: -+ -+You accept that the act of submitting code to the bluemonday project is to grant a copyright licence to the project that is perpetual, worldwide, non-exclusive, no-charge, royalty free and irrevocable. -+ -+You accept that all who comply with the licence of the project (BSD 3-clause) are permitted to use your contributions to the project. -+ -+You accept, and by submitting code do declare, that you have the legal right to grant such a licence to the project and that each of the contributions is your own original creation. -diff --git a/vendor/github.com/microcosm-cc/bluemonday/CREDITS.md b/vendor/github.com/microcosm-cc/bluemonday/CREDITS.md -new file mode 100644 -index 00000000..b98873f3 ---- /dev/null -+++ b/vendor/github.com/microcosm-cc/bluemonday/CREDITS.md -@@ -0,0 +1,6 @@ -+1. Andrew Krasichkov @buglloc https://github.com/buglloc -+1. John Graham-Cumming http://jgc.org/ -+1. Mike Samuel mikesamuel@gmail.com -+1. Dmitri Shuralyov shurcooL@gmail.com -+1. https://github.com/opennota -+1. https://github.com/Gufran -\ No newline at end of file -diff --git a/vendor/github.com/microcosm-cc/bluemonday/LICENSE.md b/vendor/github.com/microcosm-cc/bluemonday/LICENSE.md -new file mode 100644 -index 00000000..f822458e ---- /dev/null -+++ b/vendor/github.com/microcosm-cc/bluemonday/LICENSE.md -@@ -0,0 +1,28 @@ -+Copyright (c) 2014, David Kitchen -+ -+All rights reserved. -+ -+Redistribution and use in source and binary forms, with or without -+modification, are permitted provided that the following conditions are met: -+ -+* Redistributions of source code must retain the above copyright notice, this -+ list of conditions and the following disclaimer. -+ -+* Redistributions in binary form must reproduce the above copyright notice, -+ this list of conditions and the following disclaimer in the documentation -+ and/or other materials provided with the distribution. -+ -+* Neither the name of the organisation (Microcosm) nor the names of its -+ contributors may be used to endorse or promote products derived from -+ this software without specific prior written permission. -+ -+THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" -+AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE -+IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE -+DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE -+FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL -+DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR -+SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER -+CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, -+OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE -+OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. -diff --git a/vendor/github.com/microcosm-cc/bluemonday/Makefile b/vendor/github.com/microcosm-cc/bluemonday/Makefile -new file mode 100644 -index 00000000..b15dc74f ---- /dev/null -+++ b/vendor/github.com/microcosm-cc/bluemonday/Makefile -@@ -0,0 +1,42 @@ -+# Targets: -+# -+# all: Builds the code locally after testing -+# -+# fmt: Formats the source files -+# build: Builds the code locally -+# vet: Vets the code -+# lint: Runs lint over the code (you do not need to fix everything) -+# test: Runs the tests -+# cover: Gives you the URL to a nice test coverage report -+# -+# install: Builds, tests and installs the code locally -+ -+.PHONY: all fmt build vet lint test cover install -+ -+# The first target is always the default action if `make` is called without -+# args we build and install into $GOPATH so that it can just be run -+ -+all: fmt vet test install -+ -+fmt: -+ @gofmt -s -w ./$* -+ -+build: -+ @go build -+ -+vet: -+ @go vet *.go -+ -+lint: -+ @golint *.go -+ -+test: -+ @go test -v ./... -+ -+cover: COVERAGE_FILE := coverage.out -+cover: -+ @go test -coverprofile=$(COVERAGE_FILE) && \ -+ cover -html=$(COVERAGE_FILE) && rm $(COVERAGE_FILE) -+ -+install: -+ @go install ./... -diff --git a/vendor/github.com/microcosm-cc/bluemonday/README.md b/vendor/github.com/microcosm-cc/bluemonday/README.md -new file mode 100644 -index 00000000..ce679c10 ---- /dev/null -+++ b/vendor/github.com/microcosm-cc/bluemonday/README.md -@@ -0,0 +1,350 @@ -+# bluemonday [![Build Status](https://travis-ci.org/microcosm-cc/bluemonday.svg?branch=master)](https://travis-ci.org/microcosm-cc/bluemonday) [![GoDoc](https://godoc.org/github.com/microcosm-cc/bluemonday?status.png)](https://godoc.org/github.com/microcosm-cc/bluemonday) [![Sourcegraph](https://sourcegraph.com/github.com/microcosm-cc/bluemonday/-/badge.svg)](https://sourcegraph.com/github.com/microcosm-cc/bluemonday?badge) -+ -+bluemonday is a HTML sanitizer implemented in Go. It is fast and highly configurable. -+ -+bluemonday takes untrusted user generated content as an input, and will return HTML that has been sanitised against a whitelist of approved HTML elements and attributes so that you can safely include the content in your web page. -+ -+If you accept user generated content, and your server uses Go, you **need** bluemonday. -+ -+The default policy for user generated content (`bluemonday.UGCPolicy().Sanitize()`) turns this: -+```html -+Hello World -+``` -+ -+Into a harmless: -+```html -+Hello World -+``` -+ -+And it turns this: -+```html -+XSS -+``` -+ -+Into this: -+```html -+XSS -+``` -+ -+Whilst still allowing this: -+```html -+ -+ -+ -+``` -+ -+To pass through mostly unaltered (it gained a rel="nofollow" which is a good thing for user generated content): -+```html -+ -+ -+ -+``` -+ -+It protects sites from [XSS](http://en.wikipedia.org/wiki/Cross-site_scripting) attacks. There are many [vectors for an XSS attack](https://www.owasp.org/index.php/XSS_Filter_Evasion_Cheat_Sheet) and the best way to mitigate the risk is to sanitize user input against a known safe list of HTML elements and attributes. -+ -+You should **always** run bluemonday **after** any other processing. -+ -+If you use [blackfriday](https://github.com/russross/blackfriday) or [Pandoc](http://johnmacfarlane.net/pandoc/) then bluemonday should be run after these steps. This ensures that no insecure HTML is introduced later in your process. -+ -+bluemonday is heavily inspired by both the [OWASP Java HTML Sanitizer](https://code.google.com/p/owasp-java-html-sanitizer/) and the [HTML Purifier](http://htmlpurifier.org/). -+ -+## Technical Summary -+ -+Whitelist based, you need to either build a policy describing the HTML elements and attributes to permit (and the `regexp` patterns of attributes), or use one of the supplied policies representing good defaults. -+ -+The policy containing the whitelist is applied using a fast non-validating, forward only, token-based parser implemented in the [Go net/html library](https://godoc.org/golang.org/x/net/html) by the core Go team. -+ -+We expect to be supplied with well-formatted HTML (closing elements for every applicable open element, nested correctly) and so we do not focus on repairing badly nested or incomplete HTML. We focus on simply ensuring that whatever elements do exist are described in the policy whitelist and that attributes and links are safe for use on your web page. [GIGO](http://en.wikipedia.org/wiki/Garbage_in,_garbage_out) does apply and if you feed it bad HTML bluemonday is not tasked with figuring out how to make it good again. -+ -+### Supported Go Versions -+ -+bluemonday is tested against Go 1.1, 1.2, 1.3, 1.4, 1.5, 1.6, 1.7, 1.8, 1.9, and tip. -+ -+We do not support Go 1.0 as we depend on `golang.org/x/net/html` which includes a reference to `io.ErrNoProgress` which did not exist in Go 1.0. -+ -+## Is it production ready? -+ -+*Yes* -+ -+We are using bluemonday in production having migrated from the widely used and heavily field tested OWASP Java HTML Sanitizer. -+ -+We are passing our extensive test suite (including AntiSamy tests as well as tests for any issues raised). Check for any [unresolved issues](https://github.com/microcosm-cc/bluemonday/issues?page=1&state=open) to see whether anything may be a blocker for you. -+ -+We invite pull requests and issues to help us ensure we are offering comprehensive protection against various attacks via user generated content. -+ -+## Usage -+ -+Install in your `${GOPATH}` using `go get -u github.com/microcosm-cc/bluemonday` -+ -+Then call it: -+```go -+package main -+ -+import ( -+ "fmt" -+ -+ "github.com/microcosm-cc/bluemonday" -+) -+ -+func main() { -+ // Do this once for each unique policy, and use the policy for the life of the program -+ // Policy creation/editing is not safe to use in multiple goroutines -+ p := bluemonday.UGCPolicy() -+ -+ // The policy can then be used to sanitize lots of input and it is safe to use the policy in multiple goroutines -+ html := p.Sanitize( -+ `Google`, -+ ) -+ -+ // Output: -+ // Google -+ fmt.Println(html) -+} -+``` -+ -+We offer three ways to call Sanitize: -+```go -+p.Sanitize(string) string -+p.SanitizeBytes([]byte) []byte -+p.SanitizeReader(io.Reader) bytes.Buffer -+``` -+ -+If you are obsessed about performance, `p.SanitizeReader(r).Bytes()` will return a `[]byte` without performing any unnecessary casting of the inputs or outputs. Though the difference is so negligible you should never need to care. -+ -+You can build your own policies: -+```go -+package main -+ -+import ( -+ "fmt" -+ -+ "github.com/microcosm-cc/bluemonday" -+) -+ -+func main() { -+ p := bluemonday.NewPolicy() -+ -+ // Require URLs to be parseable by net/url.Parse and either: -+ // mailto: http:// or https:// -+ p.AllowStandardURLs() -+ -+ // We only allow

and -+ p.AllowAttrs("href").OnElements("a") -+ p.AllowElements("p") -+ -+ html := p.Sanitize( -+ `Google`, -+ ) -+ -+ // Output: -+ // Google -+ fmt.Println(html) -+} -+``` -+ -+We ship two default policies: -+ -+1. `bluemonday.StrictPolicy()` which can be thought of as equivalent to stripping all HTML elements and their attributes as it has nothing on its whitelist. An example usage scenario would be blog post titles where HTML tags are not expected at all and if they are then the elements *and* the content of the elements should be stripped. This is a *very* strict policy. -+2. `bluemonday.UGCPolicy()` which allows a broad selection of HTML elements and attributes that are safe for user generated content. Note that this policy does *not* whitelist iframes, object, embed, styles, script, etc. An example usage scenario would be blog post bodies where a variety of formatting is expected along with the potential for TABLEs and IMGs. -+ -+## Policy Building -+ -+The essence of building a policy is to determine which HTML elements and attributes are considered safe for your scenario. OWASP provide an [XSS prevention cheat sheet](https://www.owasp.org/index.php/XSS_(Cross_Site_Scripting)_Prevention_Cheat_Sheet) to help explain the risks, but essentially: -+ -+1. Avoid anything other than the standard HTML elements -+1. Avoid `script`, `style`, `iframe`, `object`, `embed`, `base` elements that allow code to be executed by the client or third party content to be included that can execute code -+1. Avoid anything other than plain HTML attributes with values matched to a regexp -+ -+Basically, you should be able to describe what HTML is fine for your scenario. If you do not have confidence that you can describe your policy please consider using one of the shipped policies such as `bluemonday.UGCPolicy()`. -+ -+To create a new policy: -+```go -+p := bluemonday.NewPolicy() -+``` -+ -+To add elements to a policy either add just the elements: -+```go -+p.AllowElements("b", "strong") -+``` -+ -+Or add elements as a virtue of adding an attribute: -+```go -+// Not the recommended pattern, see the recommendation on using .Matching() below -+p.AllowAttrs("nowrap").OnElements("td", "th") -+``` -+ -+Attributes can either be added to all elements: -+```go -+p.AllowAttrs("dir").Matching(regexp.MustCompile("(?i)rtl|ltr")).Globally() -+``` -+ -+Or attributes can be added to specific elements: -+```go -+// Not the recommended pattern, see the recommendation on using .Matching() below -+p.AllowAttrs("value").OnElements("li") -+``` -+ -+It is **always** recommended that an attribute be made to match a pattern. XSS in HTML attributes is very easy otherwise: -+```go -+// \p{L} matches unicode letters, \p{N} matches unicode numbers -+p.AllowAttrs("title").Matching(regexp.MustCompile(`[\p{L}\p{N}\s\-_',:\[\]!\./\\\(\)&]*`)).Globally() -+``` -+ -+You can stop at any time and call .Sanitize(): -+```go -+// string htmlIn passed in from a HTTP POST -+htmlOut := p.Sanitize(htmlIn) -+``` -+ -+And you can take any existing policy and extend it: -+```go -+p := bluemonday.UGCPolicy() -+p.AllowElements("fieldset", "select", "option") -+``` -+ -+### Links -+ -+Links are difficult beasts to sanitise safely and also one of the biggest attack vectors for malicious content. -+ -+It is possible to do this: -+```go -+p.AllowAttrs("href").Matching(regexp.MustCompile(`(?i)mailto|https?`)).OnElements("a") -+``` -+ -+But that will not protect you as the regular expression is insufficient in this case to have prevented a malformed value doing something unexpected. -+ -+We provide some additional global options for safely working with links. -+ -+`RequireParseableURLs` will ensure that URLs are parseable by Go's `net/url` package: -+```go -+p.RequireParseableURLs(true) -+``` -+ -+If you have enabled parseable URLs then the following option will `AllowRelativeURLs`. By default this is disabled (bluemonday is a whitelist tool... you need to explicitly tell us to permit things) and when disabled it will prevent all local and scheme relative URLs (i.e. `href="localpage.html"`, `href="../home.html"` and even `href="//www.google.com"` are relative): -+```go -+p.AllowRelativeURLs(true) -+``` -+ -+If you have enabled parseable URLs then you can whitelist the schemes (commonly called protocol when thinking of `http` and `https`) that are permitted. Bear in mind that allowing relative URLs in the above option will allow for a blank scheme: -+```go -+p.AllowURLSchemes("mailto", "http", "https") -+``` -+ -+Regardless of whether you have enabled parseable URLs, you can force all URLs to have a rel="nofollow" attribute. This will be added if it does not exist, but only when the `href` is valid: -+```go -+// This applies to "a" "area" "link" elements that have a "href" attribute -+p.RequireNoFollowOnLinks(true) -+``` -+ -+We provide a convenience method that applies all of the above, but you will still need to whitelist the linkable elements for the URL rules to be applied to: -+```go -+p.AllowStandardURLs() -+p.AllowAttrs("cite").OnElements("blockquote", "q") -+p.AllowAttrs("href").OnElements("a", "area") -+p.AllowAttrs("src").OnElements("img") -+``` -+ -+An additional complexity regarding links is the data URI as defined in [RFC2397](http://tools.ietf.org/html/rfc2397). The data URI allows for images to be served inline using this format: -+ -+```html -+ -+``` -+ -+We have provided a helper to verify the mimetype followed by base64 content of data URIs links: -+ -+```go -+p.AllowDataURIImages() -+``` -+ -+That helper will enable GIF, JPEG, PNG and WEBP images. -+ -+It should be noted that there is a potential [security](http://palizine.plynt.com/issues/2010Oct/bypass-xss-filters/) [risk](https://capec.mitre.org/data/definitions/244.html) with the use of data URI links. You should only enable data URI links if you already trust the content. -+ -+We also have some features to help deal with user generated content: -+```go -+p.AddTargetBlankToFullyQualifiedLinks(true) -+``` -+ -+This will ensure that anchor `` links that are fully qualified (the href destination includes a host name) will get `target="_blank"` added to them. -+ -+Additionally any link that has `target="_blank"` after the policy has been applied will also have the `rel` attribute adjusted to add `noopener`. This means a link may start like `` and will end up as ``. It is important to note that the addition of `noopener` is a security feature and not an issue. There is an unfortunate feature to browsers that a browser window opened as a result of `target="_blank"` can still control the opener (your web page) and this protects against that. The background to this can be found here: [https://dev.to/ben/the-targetblank-vulnerability-by-example](https://dev.to/ben/the-targetblank-vulnerability-by-example) -+ -+### Policy Building Helpers -+ -+We also bundle some helpers to simplify policy building: -+```go -+ -+// Permits the "dir", "id", "lang", "title" attributes globally -+p.AllowStandardAttributes() -+ -+// Permits the "img" element and its standard attributes -+p.AllowImages() -+ -+// Permits ordered and unordered lists, and also definition lists -+p.AllowLists() -+ -+// Permits HTML tables and all applicable elements and non-styling attributes -+p.AllowTables() -+``` -+ -+### Invalid Instructions -+ -+The following are invalid: -+```go -+// This does not say where the attributes are allowed, you need to add -+// .Globally() or .OnElements(...) -+// This will be ignored without error. -+p.AllowAttrs("value") -+ -+// This does not say where the attributes are allowed, you need to add -+// .Globally() or .OnElements(...) -+// This will be ignored without error. -+p.AllowAttrs( -+ "type", -+).Matching( -+ regexp.MustCompile("(?i)^(circle|disc|square|a|A|i|I|1)$"), -+) -+``` -+ -+Both examples exhibit the same issue, they declare attributes but do not then specify whether they are whitelisted globally or only on specific elements (and which elements). Attributes belong to one or more elements, and the policy needs to declare this. -+ -+## Limitations -+ -+We are not yet including any tools to help whitelist and sanitize CSS. Which means that unless you wish to do the heavy lifting in a single regular expression (inadvisable), **you should not allow the "style" attribute anywhere**. -+ -+It is not the job of bluemonday to fix your bad HTML, it is merely the job of bluemonday to prevent malicious HTML getting through. If you have mismatched HTML elements, or non-conforming nesting of elements, those will remain. But if you have well-structured HTML bluemonday will not break it. -+ -+## TODO -+ -+* Add support for CSS sanitisation to allow some CSS properties based on a whitelist, possibly using the [Gorilla CSS3 scanner](http://www.gorillatoolkit.org/pkg/css/scanner) - PRs welcome so long as testing covers XSS and demonstrates safety first -+* Investigate whether devs want to blacklist elements and attributes. This would allow devs to take an existing policy (such as the `bluemonday.UGCPolicy()` ) that encapsulates 90% of what they're looking for but does more than they need, and to remove the extra things they do not want to make it 100% what they want -+* Investigate whether devs want a validating HTML mode, in which the HTML elements are not just transformed into a balanced tree (every start tag has a closing tag at the correct depth) but also that elements and character data appear only in their allowed context (i.e. that a `table` element isn't a descendent of a `caption`, that `colgroup`, `thead`, `tbody`, `tfoot` and `tr` are permitted, and that character data is not permitted) -+ -+## Development -+ -+If you have cloned this repo you will probably need the dependency: -+ -+`go get golang.org/x/net/html` -+ -+Gophers can use their familiar tools: -+ -+`go build` -+ -+`go test` -+ -+I personally use a Makefile as it spares typing the same args over and over whilst providing consistency for those of us who jump from language to language and enjoy just typing `make` in a project directory and watch magic happen. -+ -+`make` will build, vet, test and install the library. -+ -+`make clean` will remove the library from a *single* `${GOPATH}/pkg` directory tree -+ -+`make test` will run the tests -+ -+`make cover` will run the tests and *open a browser window* with the coverage report -+ -+`make lint` will run golint (install via `go get github.com/golang/lint/golint`) -+ -+## Long term goals -+ -+1. Open the code to adversarial peer review similar to the [Attack Review Ground Rules](https://code.google.com/p/owasp-java-html-sanitizer/wiki/AttackReviewGroundRules) -+1. Raise funds and pay for an external security review -diff --git a/vendor/github.com/microcosm-cc/bluemonday/doc.go b/vendor/github.com/microcosm-cc/bluemonday/doc.go -new file mode 100644 -index 00000000..71dab608 ---- /dev/null -+++ b/vendor/github.com/microcosm-cc/bluemonday/doc.go -@@ -0,0 +1,104 @@ -+// Copyright (c) 2014, David Kitchen -+// -+// All rights reserved. -+// -+// Redistribution and use in source and binary forms, with or without -+// modification, are permitted provided that the following conditions are met: -+// -+// * Redistributions of source code must retain the above copyright notice, this -+// list of conditions and the following disclaimer. -+// -+// * Redistributions in binary form must reproduce the above copyright notice, -+// this list of conditions and the following disclaimer in the documentation -+// and/or other materials provided with the distribution. -+// -+// * Neither the name of the organisation (Microcosm) nor the names of its -+// contributors may be used to endorse or promote products derived from -+// this software without specific prior written permission. -+// -+// THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" -+// AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE -+// IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE -+// DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE -+// FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL -+// DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR -+// SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER -+// CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, -+// OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE -+// OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. -+ -+/* -+Package bluemonday provides a way of describing a whitelist of HTML elements -+and attributes as a policy, and for that policy to be applied to untrusted -+strings from users that may contain markup. All elements and attributes not on -+the whitelist will be stripped. -+ -+The default bluemonday.UGCPolicy().Sanitize() turns this: -+ -+ Hello World -+ -+Into the more harmless: -+ -+ Hello World -+ -+And it turns this: -+ -+ XSS -+ -+Into this: -+ -+ XSS -+ -+Whilst still allowing this: -+ -+ -+ -+ -+ -+To pass through mostly unaltered (it gained a rel="nofollow"): -+ -+ -+ -+ -+ -+The primary purpose of bluemonday is to take potentially unsafe user generated -+content (from things like Markdown, HTML WYSIWYG tools, etc) and make it safe -+for you to put on your website. -+ -+It protects sites against XSS (http://en.wikipedia.org/wiki/Cross-site_scripting) -+and other malicious content that a user interface may deliver. There are many -+vectors for an XSS attack (https://www.owasp.org/index.php/XSS_Filter_Evasion_Cheat_Sheet) -+and the safest thing to do is to sanitize user input against a known safe list -+of HTML elements and attributes. -+ -+Note: You should always run bluemonday after any other processing. -+ -+If you use blackfriday (https://github.com/russross/blackfriday) or -+Pandoc (http://johnmacfarlane.net/pandoc/) then bluemonday should be run after -+these steps. This ensures that no insecure HTML is introduced later in your -+process. -+ -+bluemonday is heavily inspired by both the OWASP Java HTML Sanitizer -+(https://code.google.com/p/owasp-java-html-sanitizer/) and the HTML Purifier -+(http://htmlpurifier.org/). -+ -+We ship two default policies, one is bluemonday.StrictPolicy() and can be -+thought of as equivalent to stripping all HTML elements and their attributes as -+it has nothing on its whitelist. -+ -+The other is bluemonday.UGCPolicy() and allows a broad selection of HTML -+elements and attributes that are safe for user generated content. Note that -+this policy does not whitelist iframes, object, embed, styles, script, etc. -+ -+The essence of building a policy is to determine which HTML elements and -+attributes are considered safe for your scenario. OWASP provide an XSS -+prevention cheat sheet ( https://www.google.com/search?q=xss+prevention+cheat+sheet ) -+to help explain the risks, but essentially: -+ -+ 1. Avoid whitelisting anything other than plain HTML elements -+ 2. Avoid whitelisting `script`, `style`, `iframe`, `object`, `embed`, `base` -+ elements -+ 3. Avoid whitelisting anything other than plain HTML elements with simple -+ values that you can match to a regexp -+*/ -+package bluemonday -diff --git a/vendor/github.com/microcosm-cc/bluemonday/go.mod b/vendor/github.com/microcosm-cc/bluemonday/go.mod -new file mode 100644 -index 00000000..fa8453c5 ---- /dev/null -+++ b/vendor/github.com/microcosm-cc/bluemonday/go.mod -@@ -0,0 +1,5 @@ -+module github.com/microcosm-cc/bluemonday -+ -+go 1.9 -+ -+require golang.org/x/net v0.0.0-20181220203305-927f97764cc3 -diff --git a/vendor/github.com/microcosm-cc/bluemonday/go.sum b/vendor/github.com/microcosm-cc/bluemonday/go.sum -new file mode 100644 -index 00000000..bee241d1 ---- /dev/null -+++ b/vendor/github.com/microcosm-cc/bluemonday/go.sum -@@ -0,0 +1,2 @@ -+golang.org/x/net v0.0.0-20181220203305-927f97764cc3 h1:eH6Eip3UpmR+yM/qI9Ijluzb1bNv/cAU/n+6l8tRSis= -+golang.org/x/net v0.0.0-20181220203305-927f97764cc3/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= -diff --git a/vendor/github.com/microcosm-cc/bluemonday/helpers.go b/vendor/github.com/microcosm-cc/bluemonday/helpers.go -new file mode 100644 -index 00000000..dfa5868d ---- /dev/null -+++ b/vendor/github.com/microcosm-cc/bluemonday/helpers.go -@@ -0,0 +1,297 @@ -+// Copyright (c) 2014, David Kitchen -+// -+// All rights reserved. -+// -+// Redistribution and use in source and binary forms, with or without -+// modification, are permitted provided that the following conditions are met: -+// -+// * Redistributions of source code must retain the above copyright notice, this -+// list of conditions and the following disclaimer. -+// -+// * Redistributions in binary form must reproduce the above copyright notice, -+// this list of conditions and the following disclaimer in the documentation -+// and/or other materials provided with the distribution. -+// -+// * Neither the name of the organisation (Microcosm) nor the names of its -+// contributors may be used to endorse or promote products derived from -+// this software without specific prior written permission. -+// -+// THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" -+// AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE -+// IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE -+// DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE -+// FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL -+// DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR -+// SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER -+// CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, -+// OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE -+// OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. -+ -+package bluemonday -+ -+import ( -+ "encoding/base64" -+ "net/url" -+ "regexp" -+) -+ -+// A selection of regular expressions that can be used as .Matching() rules on -+// HTML attributes. -+var ( -+ // CellAlign handles the `align` attribute -+ // https://developer.mozilla.org/en-US/docs/Web/HTML/Element/td#attr-align -+ CellAlign = regexp.MustCompile(`(?i)^(center|justify|left|right|char)$`) -+ -+ // CellVerticalAlign handles the `valign` attribute -+ // https://developer.mozilla.org/en-US/docs/Web/HTML/Element/td#attr-valign -+ CellVerticalAlign = regexp.MustCompile(`(?i)^(baseline|bottom|middle|top)$`) -+ -+ // Direction handles the `dir` attribute -+ // https://developer.mozilla.org/en-US/docs/Web/HTML/Element/bdo#attr-dir -+ Direction = regexp.MustCompile(`(?i)^(rtl|ltr)$`) -+ -+ // ImageAlign handles the `align` attribute on the `image` tag -+ // http://www.w3.org/MarkUp/Test/Img/imgtest.html -+ ImageAlign = regexp.MustCompile( -+ `(?i)^(left|right|top|texttop|middle|absmiddle|baseline|bottom|absbottom)$`, -+ ) -+ -+ // Integer describes whole positive integers (including 0) used in places -+ // like td.colspan -+ // https://developer.mozilla.org/en-US/docs/Web/HTML/Element/td#attr-colspan -+ Integer = regexp.MustCompile(`^[0-9]+$`) -+ -+ // ISO8601 according to the W3 group is only a subset of the ISO8601 -+ // standard: http://www.w3.org/TR/NOTE-datetime -+ // -+ // Used in places like time.datetime -+ // https://developer.mozilla.org/en-US/docs/Web/HTML/Element/time#attr-datetime -+ // -+ // Matches patterns: -+ // Year: -+ // YYYY (eg 1997) -+ // Year and month: -+ // YYYY-MM (eg 1997-07) -+ // Complete date: -+ // YYYY-MM-DD (eg 1997-07-16) -+ // Complete date plus hours and minutes: -+ // YYYY-MM-DDThh:mmTZD (eg 1997-07-16T19:20+01:00) -+ // Complete date plus hours, minutes and seconds: -+ // YYYY-MM-DDThh:mm:ssTZD (eg 1997-07-16T19:20:30+01:00) -+ // Complete date plus hours, minutes, seconds and a decimal fraction of a -+ // second -+ // YYYY-MM-DDThh:mm:ss.sTZD (eg 1997-07-16T19:20:30.45+01:00) -+ ISO8601 = regexp.MustCompile( -+ `^[0-9]{4}(-[0-9]{2}(-[0-9]{2}([ T][0-9]{2}(:[0-9]{2}){1,2}(.[0-9]{1,6})` + -+ `?Z?([\+-][0-9]{2}:[0-9]{2})?)?)?)?$`, -+ ) -+ -+ // ListType encapsulates the common value as well as the latest spec -+ // values for lists -+ // https://developer.mozilla.org/en-US/docs/Web/HTML/Element/ol#attr-type -+ ListType = regexp.MustCompile(`(?i)^(circle|disc|square|a|A|i|I|1)$`) -+ -+ // SpaceSeparatedTokens is used in places like `a.rel` and the common attribute -+ // `class` which both contain space delimited lists of data tokens -+ // http://www.w3.org/TR/html-markup/datatypes.html#common.data.tokens-def -+ // Regexp: \p{L} matches unicode letters, \p{N} matches unicode numbers -+ SpaceSeparatedTokens = regexp.MustCompile(`^([\s\p{L}\p{N}_-]+)$`) -+ -+ // Number is a double value used on HTML5 meter and progress elements -+ // http://www.whatwg.org/specs/web-apps/current-work/multipage/the-button-element.html#the-meter-element -+ Number = regexp.MustCompile(`^[-+]?[0-9]*\.?[0-9]+([eE][-+]?[0-9]+)?$`) -+ -+ // NumberOrPercent is used predominantly as units of measurement in width -+ // and height attributes -+ // https://developer.mozilla.org/en-US/docs/Web/HTML/Element/img#attr-height -+ NumberOrPercent = regexp.MustCompile(`^[0-9]+[%]?$`) -+ -+ // Paragraph of text in an attribute such as *.'title', img.alt, etc -+ // https://developer.mozilla.org/en-US/docs/Web/HTML/Global_attributes#attr-title -+ // Note that we are not allowing chars that could close tags like '>' -+ Paragraph = regexp.MustCompile(`^[\p{L}\p{N}\s\-_',\[\]!\./\\\(\)]*$`) -+ -+ // dataURIImagePrefix is used by AllowDataURIImages to define the acceptable -+ // prefix of data URIs that contain common web image formats. -+ // -+ // This is not exported as it's not useful by itself, and only has value -+ // within the AllowDataURIImages func -+ dataURIImagePrefix = regexp.MustCompile( -+ `^image/(gif|jpeg|png|webp);base64,`, -+ ) -+) -+ -+// AllowStandardURLs is a convenience function that will enable rel="nofollow" -+// on "a", "area" and "link" (if you have allowed those elements) and will -+// ensure that the URL values are parseable and either relative or belong to the -+// "mailto", "http", or "https" schemes -+func (p *Policy) AllowStandardURLs() { -+ // URLs must be parseable by net/url.Parse() -+ p.RequireParseableURLs(true) -+ -+ // !url.IsAbs() is permitted -+ p.AllowRelativeURLs(true) -+ -+ // Most common URL schemes only -+ p.AllowURLSchemes("mailto", "http", "https") -+ -+ // For all anchors we will add rel="nofollow" if it does not already exist -+ // This applies to "a" "area" "link" -+ p.RequireNoFollowOnLinks(true) -+} -+ -+// AllowStandardAttributes will enable "id", "title" and the language specific -+// attributes "dir" and "lang" on all elements that are whitelisted -+func (p *Policy) AllowStandardAttributes() { -+ // "dir" "lang" are permitted as both language attributes affect charsets -+ // and direction of text. -+ p.AllowAttrs("dir").Matching(Direction).Globally() -+ p.AllowAttrs( -+ "lang", -+ ).Matching(regexp.MustCompile(`[a-zA-Z]{2,20}`)).Globally() -+ -+ // "id" is permitted. This is pretty much as some HTML elements require this -+ // to work well ("dfn" is an example of a "id" being value) -+ // This does create a risk that JavaScript and CSS within your web page -+ // might identify the wrong elements. Ensure that you select things -+ // accurately -+ p.AllowAttrs("id").Matching( -+ regexp.MustCompile(`[a-zA-Z0-9\:\-_\.]+`), -+ ).Globally() -+ -+ // "title" is permitted as it improves accessibility. -+ p.AllowAttrs("title").Matching(Paragraph).Globally() -+} -+ -+// AllowStyling presently enables the class attribute globally. -+// -+// Note: When bluemonday ships a CSS parser and we can safely sanitise that, -+// this will also allow sanitized styling of elements via the style attribute. -+func (p *Policy) AllowStyling() { -+ -+ // "class" is permitted globally -+ p.AllowAttrs("class").Matching(SpaceSeparatedTokens).Globally() -+} -+ -+// AllowImages enables the img element and some popular attributes. It will also -+// ensure that URL values are parseable. This helper does not enable data URI -+// images, for that you should also use the AllowDataURIImages() helper. -+func (p *Policy) AllowImages() { -+ -+ // "img" is permitted -+ p.AllowAttrs("align").Matching(ImageAlign).OnElements("img") -+ p.AllowAttrs("alt").Matching(Paragraph).OnElements("img") -+ p.AllowAttrs("height", "width").Matching(NumberOrPercent).OnElements("img") -+ -+ // Standard URLs enabled -+ p.AllowStandardURLs() -+ p.AllowAttrs("src").OnElements("img") -+} -+ -+// AllowDataURIImages permits the use of inline images defined in RFC2397 -+// http://tools.ietf.org/html/rfc2397 -+// http://en.wikipedia.org/wiki/Data_URI_scheme -+// -+// Images must have a mimetype matching: -+// image/gif -+// image/jpeg -+// image/png -+// image/webp -+// -+// NOTE: There is a potential security risk to allowing data URIs and you should -+// only permit them on content you already trust. -+// http://palizine.plynt.com/issues/2010Oct/bypass-xss-filters/ -+// https://capec.mitre.org/data/definitions/244.html -+func (p *Policy) AllowDataURIImages() { -+ -+ // URLs must be parseable by net/url.Parse() -+ p.RequireParseableURLs(true) -+ -+ // Supply a function to validate images contained within data URI -+ p.AllowURLSchemeWithCustomPolicy( -+ "data", -+ func(url *url.URL) (allowUrl bool) { -+ if url.RawQuery != "" || url.Fragment != "" { -+ return false -+ } -+ -+ matched := dataURIImagePrefix.FindString(url.Opaque) -+ if matched == "" { -+ return false -+ } -+ -+ _, err := base64.StdEncoding.DecodeString(url.Opaque[len(matched):]) -+ if err != nil { -+ return false -+ } -+ -+ return true -+ }, -+ ) -+} -+ -+// AllowLists will enabled ordered and unordered lists, as well as definition -+// lists -+func (p *Policy) AllowLists() { -+ // "ol" "ul" are permitted -+ p.AllowAttrs("type").Matching(ListType).OnElements("ol", "ul") -+ -+ // "li" is permitted -+ p.AllowAttrs("type").Matching(ListType).OnElements("li") -+ p.AllowAttrs("value").Matching(Integer).OnElements("li") -+ -+ // "dl" "dt" "dd" are permitted -+ p.AllowElements("dl", "dt", "dd") -+} -+ -+// AllowTables will enable a rich set of elements and attributes to describe -+// HTML tables -+func (p *Policy) AllowTables() { -+ -+ // "table" is permitted -+ p.AllowAttrs("height", "width").Matching(NumberOrPercent).OnElements("table") -+ p.AllowAttrs("summary").Matching(Paragraph).OnElements("table") -+ -+ // "caption" is permitted -+ p.AllowElements("caption") -+ -+ // "col" "colgroup" are permitted -+ p.AllowAttrs("align").Matching(CellAlign).OnElements("col", "colgroup") -+ p.AllowAttrs("height", "width").Matching( -+ NumberOrPercent, -+ ).OnElements("col", "colgroup") -+ p.AllowAttrs("span").Matching(Integer).OnElements("colgroup", "col") -+ p.AllowAttrs("valign").Matching( -+ CellVerticalAlign, -+ ).OnElements("col", "colgroup") -+ -+ // "thead" "tr" are permitted -+ p.AllowAttrs("align").Matching(CellAlign).OnElements("thead", "tr") -+ p.AllowAttrs("valign").Matching(CellVerticalAlign).OnElements("thead", "tr") -+ -+ // "td" "th" are permitted -+ p.AllowAttrs("abbr").Matching(Paragraph).OnElements("td", "th") -+ p.AllowAttrs("align").Matching(CellAlign).OnElements("td", "th") -+ p.AllowAttrs("colspan", "rowspan").Matching(Integer).OnElements("td", "th") -+ p.AllowAttrs("headers").Matching( -+ SpaceSeparatedTokens, -+ ).OnElements("td", "th") -+ p.AllowAttrs("height", "width").Matching( -+ NumberOrPercent, -+ ).OnElements("td", "th") -+ p.AllowAttrs( -+ "scope", -+ ).Matching( -+ regexp.MustCompile(`(?i)(?:row|col)(?:group)?`), -+ ).OnElements("td", "th") -+ p.AllowAttrs("valign").Matching(CellVerticalAlign).OnElements("td", "th") -+ p.AllowAttrs("nowrap").Matching( -+ regexp.MustCompile(`(?i)|nowrap`), -+ ).OnElements("td", "th") -+ -+ // "tbody" "tfoot" -+ p.AllowAttrs("align").Matching(CellAlign).OnElements("tbody", "tfoot") -+ p.AllowAttrs("valign").Matching( -+ CellVerticalAlign, -+ ).OnElements("tbody", "tfoot") -+} -diff --git a/vendor/github.com/microcosm-cc/bluemonday/policies.go b/vendor/github.com/microcosm-cc/bluemonday/policies.go -new file mode 100644 -index 00000000..570bba88 ---- /dev/null -+++ b/vendor/github.com/microcosm-cc/bluemonday/policies.go -@@ -0,0 +1,253 @@ -+// Copyright (c) 2014, David Kitchen -+// -+// All rights reserved. -+// -+// Redistribution and use in source and binary forms, with or without -+// modification, are permitted provided that the following conditions are met: -+// -+// * Redistributions of source code must retain the above copyright notice, this -+// list of conditions and the following disclaimer. -+// -+// * Redistributions in binary form must reproduce the above copyright notice, -+// this list of conditions and the following disclaimer in the documentation -+// and/or other materials provided with the distribution. -+// -+// * Neither the name of the organisation (Microcosm) nor the names of its -+// contributors may be used to endorse or promote products derived from -+// this software without specific prior written permission. -+// -+// THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" -+// AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE -+// IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE -+// DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE -+// FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL -+// DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR -+// SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER -+// CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, -+// OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE -+// OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. -+ -+package bluemonday -+ -+import ( -+ "regexp" -+) -+ -+// StrictPolicy returns an empty policy, which will effectively strip all HTML -+// elements and their attributes from a document. -+func StrictPolicy() *Policy { -+ return NewPolicy() -+} -+ -+// StripTagsPolicy is DEPRECATED. Use StrictPolicy instead. -+func StripTagsPolicy() *Policy { -+ return StrictPolicy() -+} -+ -+// UGCPolicy returns a policy aimed at user generated content that is a result -+// of HTML WYSIWYG tools and Markdown conversions. -+// -+// This is expected to be a fairly rich document where as much markup as -+// possible should be retained. Markdown permits raw HTML so we are basically -+// providing a policy to sanitise HTML5 documents safely but with the -+// least intrusion on the formatting expectations of the user. -+func UGCPolicy() *Policy { -+ -+ p := NewPolicy() -+ -+ /////////////////////// -+ // Global attributes // -+ /////////////////////// -+ -+ // "class" is not permitted as we are not allowing users to style their own -+ // content -+ -+ p.AllowStandardAttributes() -+ -+ ////////////////////////////// -+ // Global URL format policy // -+ ////////////////////////////// -+ -+ p.AllowStandardURLs() -+ -+ //////////////////////////////// -+ // Declarations and structure // -+ //////////////////////////////// -+ -+ // "xml" "xslt" "DOCTYPE" "html" "head" are not permitted as we are -+ // expecting user generated content to be a fragment of HTML and not a full -+ // document. -+ -+ ////////////////////////// -+ // Sectioning root tags // -+ ////////////////////////// -+ -+ // "article" and "aside" are permitted and takes no attributes -+ p.AllowElements("article", "aside") -+ -+ // "body" is not permitted as we are expecting user generated content to be a fragment -+ // of HTML and not a full document. -+ -+ // "details" is permitted, including the "open" attribute which can either -+ // be blank or the value "open". -+ p.AllowAttrs( -+ "open", -+ ).Matching(regexp.MustCompile(`(?i)^(|open)$`)).OnElements("details") -+ -+ // "fieldset" is not permitted as we are not allowing forms to be created. -+ -+ // "figure" is permitted and takes no attributes -+ p.AllowElements("figure") -+ -+ // "nav" is not permitted as it is assumed that the site (and not the user) -+ // has defined navigation elements -+ -+ // "section" is permitted and takes no attributes -+ p.AllowElements("section") -+ -+ // "summary" is permitted and takes no attributes -+ p.AllowElements("summary") -+ -+ ////////////////////////// -+ // Headings and footers // -+ ////////////////////////// -+ -+ // "footer" is not permitted as we expect user content to be a fragment and -+ // not structural to this extent -+ -+ // "h1" through "h6" are permitted and take no attributes -+ p.AllowElements("h1", "h2", "h3", "h4", "h5", "h6") -+ -+ // "header" is not permitted as we expect user content to be a fragment and -+ // not structural to this extent -+ -+ // "hgroup" is permitted and takes no attributes -+ p.AllowElements("hgroup") -+ -+ ///////////////////////////////////// -+ // Content grouping and separating // -+ ///////////////////////////////////// -+ -+ // "blockquote" is permitted, including the "cite" attribute which must be -+ // a standard URL. -+ p.AllowAttrs("cite").OnElements("blockquote") -+ -+ // "br" "div" "hr" "p" "span" "wbr" are permitted and take no attributes -+ p.AllowElements("br", "div", "hr", "p", "span", "wbr") -+ -+ /////////// -+ // Links // -+ /////////// -+ -+ // "a" is permitted -+ p.AllowAttrs("href").OnElements("a") -+ -+ // "area" is permitted along with the attributes that map image maps work -+ p.AllowAttrs("name").Matching( -+ regexp.MustCompile(`^([\p{L}\p{N}_-]+)$`), -+ ).OnElements("map") -+ p.AllowAttrs("alt").Matching(Paragraph).OnElements("area") -+ p.AllowAttrs("coords").Matching( -+ regexp.MustCompile(`^([0-9]+,)+[0-9]+$`), -+ ).OnElements("area") -+ p.AllowAttrs("href").OnElements("area") -+ p.AllowAttrs("rel").Matching(SpaceSeparatedTokens).OnElements("area") -+ p.AllowAttrs("shape").Matching( -+ regexp.MustCompile(`(?i)^(default|circle|rect|poly)$`), -+ ).OnElements("area") -+ p.AllowAttrs("usemap").Matching( -+ regexp.MustCompile(`(?i)^#[\p{L}\p{N}_-]+$`), -+ ).OnElements("img") -+ -+ // "link" is not permitted -+ -+ ///////////////////// -+ // Phrase elements // -+ ///////////////////// -+ -+ // The following are all inline phrasing elements -+ p.AllowElements("abbr", "acronym", "cite", "code", "dfn", "em", -+ "figcaption", "mark", "s", "samp", "strong", "sub", "sup", "var") -+ -+ // "q" is permitted and "cite" is a URL and handled by URL policies -+ p.AllowAttrs("cite").OnElements("q") -+ -+ // "time" is permitted -+ p.AllowAttrs("datetime").Matching(ISO8601).OnElements("time") -+ -+ //////////////////// -+ // Style elements // -+ //////////////////// -+ -+ // block and inline elements that impart no semantic meaning but style the -+ // document -+ p.AllowElements("b", "i", "pre", "small", "strike", "tt", "u") -+ -+ // "style" is not permitted as we are not yet sanitising CSS and it is an -+ // XSS attack vector -+ -+ ////////////////////// -+ // HTML5 Formatting // -+ ////////////////////// -+ -+ // "bdi" "bdo" are permitted -+ p.AllowAttrs("dir").Matching(Direction).OnElements("bdi", "bdo") -+ -+ // "rp" "rt" "ruby" are permitted -+ p.AllowElements("rp", "rt", "ruby") -+ -+ /////////////////////////// -+ // HTML5 Change tracking // -+ /////////////////////////// -+ -+ // "del" "ins" are permitted -+ p.AllowAttrs("cite").Matching(Paragraph).OnElements("del", "ins") -+ p.AllowAttrs("datetime").Matching(ISO8601).OnElements("del", "ins") -+ -+ /////////// -+ // Lists // -+ /////////// -+ -+ p.AllowLists() -+ -+ //////////// -+ // Tables // -+ //////////// -+ -+ p.AllowTables() -+ -+ /////////// -+ // Forms // -+ /////////// -+ -+ // By and large, forms are not permitted. However there are some form -+ // elements that can be used to present data, and we do permit those -+ // -+ // "button" "fieldset" "input" "keygen" "label" "output" "select" "datalist" -+ // "textarea" "optgroup" "option" are all not permitted -+ -+ // "meter" is permitted -+ p.AllowAttrs( -+ "value", -+ "min", -+ "max", -+ "low", -+ "high", -+ "optimum", -+ ).Matching(Number).OnElements("meter") -+ -+ // "progress" is permitted -+ p.AllowAttrs("value", "max").Matching(Number).OnElements("progress") -+ -+ ////////////////////// -+ // Embedded content // -+ ////////////////////// -+ -+ // Vast majority not permitted -+ // "audio" "canvas" "embed" "iframe" "object" "param" "source" "svg" "track" -+ // "video" are all not permitted -+ -+ p.AllowImages() -+ -+ return p -+} -diff --git a/vendor/github.com/microcosm-cc/bluemonday/policy.go b/vendor/github.com/microcosm-cc/bluemonday/policy.go -new file mode 100644 -index 00000000..f61d98f5 ---- /dev/null -+++ b/vendor/github.com/microcosm-cc/bluemonday/policy.go -@@ -0,0 +1,552 @@ -+// Copyright (c) 2014, David Kitchen -+// -+// All rights reserved. -+// -+// Redistribution and use in source and binary forms, with or without -+// modification, are permitted provided that the following conditions are met: -+// -+// * Redistributions of source code must retain the above copyright notice, this -+// list of conditions and the following disclaimer. -+// -+// * Redistributions in binary form must reproduce the above copyright notice, -+// this list of conditions and the following disclaimer in the documentation -+// and/or other materials provided with the distribution. -+// -+// * Neither the name of the organisation (Microcosm) nor the names of its -+// contributors may be used to endorse or promote products derived from -+// this software without specific prior written permission. -+// -+// THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" -+// AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE -+// IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE -+// DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE -+// FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL -+// DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR -+// SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER -+// CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, -+// OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE -+// OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. -+ -+package bluemonday -+ -+import ( -+ "net/url" -+ "regexp" -+ "strings" -+) -+ -+// Policy encapsulates the whitelist of HTML elements and attributes that will -+// be applied to the sanitised HTML. -+// -+// You should use bluemonday.NewPolicy() to create a blank policy as the -+// unexported fields contain maps that need to be initialized. -+type Policy struct { -+ -+ // Declares whether the maps have been initialized, used as a cheap check to -+ // ensure that those using Policy{} directly won't cause nil pointer -+ // exceptions -+ initialized bool -+ -+ // If true then we add spaces when stripping tags, specifically the closing -+ // tag is replaced by a space character. -+ addSpaces bool -+ -+ // When true, add rel="nofollow" to HTML anchors -+ requireNoFollow bool -+ -+ // When true, add rel="nofollow" to HTML anchors -+ // Will add for href="http://foo" -+ // Will skip for href="/foo" or href="foo" -+ requireNoFollowFullyQualifiedLinks bool -+ -+ // When true add target="_blank" to fully qualified links -+ // Will add for href="http://foo" -+ // Will skip for href="/foo" or href="foo" -+ addTargetBlankToFullyQualifiedLinks bool -+ -+ // When true, URLs must be parseable by "net/url" url.Parse() -+ requireParseableURLs bool -+ -+ // When true, u, _ := url.Parse("url"); !u.IsAbs() is permitted -+ allowRelativeURLs bool -+ -+ // When true, allow data attributes. -+ allowDataAttributes bool -+ -+ // map[htmlElementName]map[htmlAttributeName]attrPolicy -+ elsAndAttrs map[string]map[string]attrPolicy -+ -+ // map[htmlAttributeName]attrPolicy -+ globalAttrs map[string]attrPolicy -+ -+ // If urlPolicy is nil, all URLs with matching schema are allowed. -+ // Otherwise, only the URLs with matching schema and urlPolicy(url) -+ // returning true are allowed. -+ allowURLSchemes map[string]urlPolicy -+ -+ // If an element has had all attributes removed as a result of a policy -+ // being applied, then the element would be removed from the output. -+ // -+ // However some elements are valid and have strong layout meaning without -+ // any attributes, i.e. . To prevent those being removed we maintain -+ // a list of elements that are allowed to have no attributes and that will -+ // be maintained in the output HTML. -+ setOfElementsAllowedWithoutAttrs map[string]struct{} -+ -+ setOfElementsToSkipContent map[string]struct{} -+} -+ -+type attrPolicy struct { -+ -+ // optional pattern to match, when not nil the regexp needs to match -+ // otherwise the attribute is removed -+ regexp *regexp.Regexp -+} -+ -+type attrPolicyBuilder struct { -+ p *Policy -+ -+ attrNames []string -+ regexp *regexp.Regexp -+ allowEmpty bool -+} -+ -+type urlPolicy func(url *url.URL) (allowUrl bool) -+ -+// init initializes the maps if this has not been done already -+func (p *Policy) init() { -+ if !p.initialized { -+ p.elsAndAttrs = make(map[string]map[string]attrPolicy) -+ p.globalAttrs = make(map[string]attrPolicy) -+ p.allowURLSchemes = make(map[string]urlPolicy) -+ p.setOfElementsAllowedWithoutAttrs = make(map[string]struct{}) -+ p.setOfElementsToSkipContent = make(map[string]struct{}) -+ p.initialized = true -+ } -+} -+ -+// NewPolicy returns a blank policy with nothing whitelisted or permitted. This -+// is the recommended way to start building a policy and you should now use -+// AllowAttrs() and/or AllowElements() to construct the whitelist of HTML -+// elements and attributes. -+func NewPolicy() *Policy { -+ -+ p := Policy{} -+ -+ p.addDefaultElementsWithoutAttrs() -+ p.addDefaultSkipElementContent() -+ -+ return &p -+} -+ -+// AllowAttrs takes a range of HTML attribute names and returns an -+// attribute policy builder that allows you to specify the pattern and scope of -+// the whitelisted attribute. -+// -+// The attribute policy is only added to the core policy when either Globally() -+// or OnElements(...) are called. -+func (p *Policy) AllowAttrs(attrNames ...string) *attrPolicyBuilder { -+ -+ p.init() -+ -+ abp := attrPolicyBuilder{ -+ p: p, -+ allowEmpty: false, -+ } -+ -+ for _, attrName := range attrNames { -+ abp.attrNames = append(abp.attrNames, strings.ToLower(attrName)) -+ } -+ -+ return &abp -+} -+ -+// AllowDataAttributes whitelists all data attributes. We can't specify the name -+// of each attribute exactly as they are customized. -+// -+// NOTE: These values are not sanitized and applications that evaluate or process -+// them without checking and verification of the input may be at risk if this option -+// is enabled. This is a 'caveat emptor' option and the person enabling this option -+// needs to fully understand the potential impact with regards to whatever application -+// will be consuming the sanitized HTML afterwards, i.e. if you know you put a link in a -+// data attribute and use that to automatically load some new window then you're giving -+// the author of a HTML fragment the means to open a malicious destination automatically. -+// Use with care! -+func (p *Policy) AllowDataAttributes() { -+ p.allowDataAttributes = true -+} -+ -+// AllowNoAttrs says that attributes on element are optional. -+// -+// The attribute policy is only added to the core policy when OnElements(...) -+// are called. -+func (p *Policy) AllowNoAttrs() *attrPolicyBuilder { -+ -+ p.init() -+ -+ abp := attrPolicyBuilder{ -+ p: p, -+ allowEmpty: true, -+ } -+ return &abp -+} -+ -+// AllowNoAttrs says that attributes on element are optional. -+// -+// The attribute policy is only added to the core policy when OnElements(...) -+// are called. -+func (abp *attrPolicyBuilder) AllowNoAttrs() *attrPolicyBuilder { -+ -+ abp.allowEmpty = true -+ -+ return abp -+} -+ -+// Matching allows a regular expression to be applied to a nascent attribute -+// policy, and returns the attribute policy. Calling this more than once will -+// replace the existing regexp. -+func (abp *attrPolicyBuilder) Matching(regex *regexp.Regexp) *attrPolicyBuilder { -+ -+ abp.regexp = regex -+ -+ return abp -+} -+ -+// OnElements will bind an attribute policy to a given range of HTML elements -+// and return the updated policy -+func (abp *attrPolicyBuilder) OnElements(elements ...string) *Policy { -+ -+ for _, element := range elements { -+ element = strings.ToLower(element) -+ -+ for _, attr := range abp.attrNames { -+ -+ if _, ok := abp.p.elsAndAttrs[element]; !ok { -+ abp.p.elsAndAttrs[element] = make(map[string]attrPolicy) -+ } -+ -+ ap := attrPolicy{} -+ if abp.regexp != nil { -+ ap.regexp = abp.regexp -+ } -+ -+ abp.p.elsAndAttrs[element][attr] = ap -+ } -+ -+ if abp.allowEmpty { -+ abp.p.setOfElementsAllowedWithoutAttrs[element] = struct{}{} -+ -+ if _, ok := abp.p.elsAndAttrs[element]; !ok { -+ abp.p.elsAndAttrs[element] = make(map[string]attrPolicy) -+ } -+ } -+ } -+ -+ return abp.p -+} -+ -+// Globally will bind an attribute policy to all HTML elements and return the -+// updated policy -+func (abp *attrPolicyBuilder) Globally() *Policy { -+ -+ for _, attr := range abp.attrNames { -+ if _, ok := abp.p.globalAttrs[attr]; !ok { -+ abp.p.globalAttrs[attr] = attrPolicy{} -+ } -+ -+ ap := attrPolicy{} -+ if abp.regexp != nil { -+ ap.regexp = abp.regexp -+ } -+ -+ abp.p.globalAttrs[attr] = ap -+ } -+ -+ return abp.p -+} -+ -+// AllowElements will append HTML elements to the whitelist without applying an -+// attribute policy to those elements (the elements are permitted -+// sans-attributes) -+func (p *Policy) AllowElements(names ...string) *Policy { -+ p.init() -+ -+ for _, element := range names { -+ element = strings.ToLower(element) -+ -+ if _, ok := p.elsAndAttrs[element]; !ok { -+ p.elsAndAttrs[element] = make(map[string]attrPolicy) -+ } -+ } -+ -+ return p -+} -+ -+// RequireNoFollowOnLinks will result in all tags having a rel="nofollow" -+// added to them if one does not already exist -+// -+// Note: This requires p.RequireParseableURLs(true) and will enable it. -+func (p *Policy) RequireNoFollowOnLinks(require bool) *Policy { -+ -+ p.requireNoFollow = require -+ p.requireParseableURLs = true -+ -+ return p -+} -+ -+// RequireNoFollowOnFullyQualifiedLinks will result in all tags that point -+// to a non-local destination (i.e. starts with a protocol and has a host) -+// having a rel="nofollow" added to them if one does not already exist -+// -+// Note: This requires p.RequireParseableURLs(true) and will enable it. -+func (p *Policy) RequireNoFollowOnFullyQualifiedLinks(require bool) *Policy { -+ -+ p.requireNoFollowFullyQualifiedLinks = require -+ p.requireParseableURLs = true -+ -+ return p -+} -+ -+// AddTargetBlankToFullyQualifiedLinks will result in all tags that point -+// to a non-local destination (i.e. starts with a protocol and has a host) -+// having a target="_blank" added to them if one does not already exist -+// -+// Note: This requires p.RequireParseableURLs(true) and will enable it. -+func (p *Policy) AddTargetBlankToFullyQualifiedLinks(require bool) *Policy { -+ -+ p.addTargetBlankToFullyQualifiedLinks = require -+ p.requireParseableURLs = true -+ -+ return p -+} -+ -+// RequireParseableURLs will result in all URLs requiring that they be parseable -+// by "net/url" url.Parse() -+// This applies to: -+// - a.href -+// - area.href -+// - blockquote.cite -+// - img.src -+// - link.href -+// - script.src -+func (p *Policy) RequireParseableURLs(require bool) *Policy { -+ -+ p.requireParseableURLs = require -+ -+ return p -+} -+ -+// AllowRelativeURLs enables RequireParseableURLs and then permits URLs that -+// are parseable, have no schema information and url.IsAbs() returns false -+// This permits local URLs -+func (p *Policy) AllowRelativeURLs(require bool) *Policy { -+ -+ p.RequireParseableURLs(true) -+ p.allowRelativeURLs = require -+ -+ return p -+} -+ -+// AllowURLSchemes will append URL schemes to the whitelist -+// Example: p.AllowURLSchemes("mailto", "http", "https") -+func (p *Policy) AllowURLSchemes(schemes ...string) *Policy { -+ p.init() -+ -+ p.RequireParseableURLs(true) -+ -+ for _, scheme := range schemes { -+ scheme = strings.ToLower(scheme) -+ -+ // Allow all URLs with matching scheme. -+ p.allowURLSchemes[scheme] = nil -+ } -+ -+ return p -+} -+ -+// AllowURLSchemeWithCustomPolicy will append URL schemes with -+// a custom URL policy to the whitelist. -+// Only the URLs with matching schema and urlPolicy(url) -+// returning true will be allowed. -+func (p *Policy) AllowURLSchemeWithCustomPolicy( -+ scheme string, -+ urlPolicy func(url *url.URL) (allowUrl bool), -+) *Policy { -+ -+ p.init() -+ -+ p.RequireParseableURLs(true) -+ -+ scheme = strings.ToLower(scheme) -+ -+ p.allowURLSchemes[scheme] = urlPolicy -+ -+ return p -+} -+ -+// AddSpaceWhenStrippingTag states whether to add a single space " " when -+// removing tags that are not whitelisted by the policy. -+// -+// This is useful if you expect to strip tags in dense markup and may lose the -+// value of whitespace. -+// -+// For example: "

Hello

World

"" would be sanitized to "HelloWorld" -+// with the default value of false, but you may wish to sanitize this to -+// " Hello World " by setting AddSpaceWhenStrippingTag to true as this would -+// retain the intent of the text. -+func (p *Policy) AddSpaceWhenStrippingTag(allow bool) *Policy { -+ -+ p.addSpaces = allow -+ -+ return p -+} -+ -+// SkipElementsContent adds the HTML elements whose tags is needed to be removed -+// with its content. -+func (p *Policy) SkipElementsContent(names ...string) *Policy { -+ -+ p.init() -+ -+ for _, element := range names { -+ element = strings.ToLower(element) -+ -+ if _, ok := p.setOfElementsToSkipContent[element]; !ok { -+ p.setOfElementsToSkipContent[element] = struct{}{} -+ } -+ } -+ -+ return p -+} -+ -+// AllowElementsContent marks the HTML elements whose content should be -+// retained after removing the tag. -+func (p *Policy) AllowElementsContent(names ...string) *Policy { -+ -+ p.init() -+ -+ for _, element := range names { -+ delete(p.setOfElementsToSkipContent, strings.ToLower(element)) -+ } -+ -+ return p -+} -+ -+// addDefaultElementsWithoutAttrs adds the HTML elements that we know are valid -+// without any attributes to an internal map. -+// i.e. we know that
is valid, but isn't valid as the "dir" attr -+// is mandatory -+func (p *Policy) addDefaultElementsWithoutAttrs() { -+ p.init() -+ -+ p.setOfElementsAllowedWithoutAttrs["abbr"] = struct{}{} -+ p.setOfElementsAllowedWithoutAttrs["acronym"] = struct{}{} -+ p.setOfElementsAllowedWithoutAttrs["address"] = struct{}{} -+ p.setOfElementsAllowedWithoutAttrs["article"] = struct{}{} -+ p.setOfElementsAllowedWithoutAttrs["aside"] = struct{}{} -+ p.setOfElementsAllowedWithoutAttrs["audio"] = struct{}{} -+ p.setOfElementsAllowedWithoutAttrs["b"] = struct{}{} -+ p.setOfElementsAllowedWithoutAttrs["bdi"] = struct{}{} -+ p.setOfElementsAllowedWithoutAttrs["blockquote"] = struct{}{} -+ p.setOfElementsAllowedWithoutAttrs["body"] = struct{}{} -+ p.setOfElementsAllowedWithoutAttrs["br"] = struct{}{} -+ p.setOfElementsAllowedWithoutAttrs["button"] = struct{}{} -+ p.setOfElementsAllowedWithoutAttrs["canvas"] = struct{}{} -+ p.setOfElementsAllowedWithoutAttrs["caption"] = struct{}{} -+ p.setOfElementsAllowedWithoutAttrs["center"] = struct{}{} -+ p.setOfElementsAllowedWithoutAttrs["cite"] = struct{}{} -+ p.setOfElementsAllowedWithoutAttrs["code"] = struct{}{} -+ p.setOfElementsAllowedWithoutAttrs["col"] = struct{}{} -+ p.setOfElementsAllowedWithoutAttrs["colgroup"] = struct{}{} -+ p.setOfElementsAllowedWithoutAttrs["datalist"] = struct{}{} -+ p.setOfElementsAllowedWithoutAttrs["dd"] = struct{}{} -+ p.setOfElementsAllowedWithoutAttrs["del"] = struct{}{} -+ p.setOfElementsAllowedWithoutAttrs["details"] = struct{}{} -+ p.setOfElementsAllowedWithoutAttrs["dfn"] = struct{}{} -+ p.setOfElementsAllowedWithoutAttrs["div"] = struct{}{} -+ p.setOfElementsAllowedWithoutAttrs["dl"] = struct{}{} -+ p.setOfElementsAllowedWithoutAttrs["dt"] = struct{}{} -+ p.setOfElementsAllowedWithoutAttrs["em"] = struct{}{} -+ p.setOfElementsAllowedWithoutAttrs["fieldset"] = struct{}{} -+ p.setOfElementsAllowedWithoutAttrs["figcaption"] = struct{}{} -+ p.setOfElementsAllowedWithoutAttrs["figure"] = struct{}{} -+ p.setOfElementsAllowedWithoutAttrs["footer"] = struct{}{} -+ p.setOfElementsAllowedWithoutAttrs["h1"] = struct{}{} -+ p.setOfElementsAllowedWithoutAttrs["h2"] = struct{}{} -+ p.setOfElementsAllowedWithoutAttrs["h3"] = struct{}{} -+ p.setOfElementsAllowedWithoutAttrs["h4"] = struct{}{} -+ p.setOfElementsAllowedWithoutAttrs["h5"] = struct{}{} -+ p.setOfElementsAllowedWithoutAttrs["h6"] = struct{}{} -+ p.setOfElementsAllowedWithoutAttrs["head"] = struct{}{} -+ p.setOfElementsAllowedWithoutAttrs["header"] = struct{}{} -+ p.setOfElementsAllowedWithoutAttrs["hgroup"] = struct{}{} -+ p.setOfElementsAllowedWithoutAttrs["hr"] = struct{}{} -+ p.setOfElementsAllowedWithoutAttrs["html"] = struct{}{} -+ p.setOfElementsAllowedWithoutAttrs["i"] = struct{}{} -+ p.setOfElementsAllowedWithoutAttrs["ins"] = struct{}{} -+ p.setOfElementsAllowedWithoutAttrs["kbd"] = struct{}{} -+ p.setOfElementsAllowedWithoutAttrs["li"] = struct{}{} -+ p.setOfElementsAllowedWithoutAttrs["mark"] = struct{}{} -+ p.setOfElementsAllowedWithoutAttrs["marquee"] = struct{}{} -+ p.setOfElementsAllowedWithoutAttrs["nav"] = struct{}{} -+ p.setOfElementsAllowedWithoutAttrs["ol"] = struct{}{} -+ p.setOfElementsAllowedWithoutAttrs["optgroup"] = struct{}{} -+ p.setOfElementsAllowedWithoutAttrs["option"] = struct{}{} -+ p.setOfElementsAllowedWithoutAttrs["p"] = struct{}{} -+ p.setOfElementsAllowedWithoutAttrs["pre"] = struct{}{} -+ p.setOfElementsAllowedWithoutAttrs["q"] = struct{}{} -+ p.setOfElementsAllowedWithoutAttrs["rp"] = struct{}{} -+ p.setOfElementsAllowedWithoutAttrs["rt"] = struct{}{} -+ p.setOfElementsAllowedWithoutAttrs["ruby"] = struct{}{} -+ p.setOfElementsAllowedWithoutAttrs["s"] = struct{}{} -+ p.setOfElementsAllowedWithoutAttrs["samp"] = struct{}{} -+ p.setOfElementsAllowedWithoutAttrs["script"] = struct{}{} -+ p.setOfElementsAllowedWithoutAttrs["section"] = struct{}{} -+ p.setOfElementsAllowedWithoutAttrs["select"] = struct{}{} -+ p.setOfElementsAllowedWithoutAttrs["small"] = struct{}{} -+ p.setOfElementsAllowedWithoutAttrs["span"] = struct{}{} -+ p.setOfElementsAllowedWithoutAttrs["strike"] = struct{}{} -+ p.setOfElementsAllowedWithoutAttrs["strong"] = struct{}{} -+ p.setOfElementsAllowedWithoutAttrs["style"] = struct{}{} -+ p.setOfElementsAllowedWithoutAttrs["sub"] = struct{}{} -+ p.setOfElementsAllowedWithoutAttrs["summary"] = struct{}{} -+ p.setOfElementsAllowedWithoutAttrs["sup"] = struct{}{} -+ p.setOfElementsAllowedWithoutAttrs["svg"] = struct{}{} -+ p.setOfElementsAllowedWithoutAttrs["table"] = struct{}{} -+ p.setOfElementsAllowedWithoutAttrs["tbody"] = struct{}{} -+ p.setOfElementsAllowedWithoutAttrs["td"] = struct{}{} -+ p.setOfElementsAllowedWithoutAttrs["textarea"] = struct{}{} -+ p.setOfElementsAllowedWithoutAttrs["tfoot"] = struct{}{} -+ p.setOfElementsAllowedWithoutAttrs["th"] = struct{}{} -+ p.setOfElementsAllowedWithoutAttrs["thead"] = struct{}{} -+ p.setOfElementsAllowedWithoutAttrs["title"] = struct{}{} -+ p.setOfElementsAllowedWithoutAttrs["time"] = struct{}{} -+ p.setOfElementsAllowedWithoutAttrs["tr"] = struct{}{} -+ p.setOfElementsAllowedWithoutAttrs["tt"] = struct{}{} -+ p.setOfElementsAllowedWithoutAttrs["u"] = struct{}{} -+ p.setOfElementsAllowedWithoutAttrs["ul"] = struct{}{} -+ p.setOfElementsAllowedWithoutAttrs["var"] = struct{}{} -+ p.setOfElementsAllowedWithoutAttrs["video"] = struct{}{} -+ p.setOfElementsAllowedWithoutAttrs["wbr"] = struct{}{} -+ -+} -+ -+// addDefaultSkipElementContent adds the HTML elements that we should skip -+// rendering the character content of, if the element itself is not allowed. -+// This is all character data that the end user would not normally see. -+// i.e. if we exclude a tag. -+func (p *Policy) addDefaultSkipElementContent() { -+ p.init() -+ -+ p.setOfElementsToSkipContent["frame"] = struct{}{} -+ p.setOfElementsToSkipContent["frameset"] = struct{}{} -+ p.setOfElementsToSkipContent["iframe"] = struct{}{} -+ p.setOfElementsToSkipContent["noembed"] = struct{}{} -+ p.setOfElementsToSkipContent["noframes"] = struct{}{} -+ p.setOfElementsToSkipContent["noscript"] = struct{}{} -+ p.setOfElementsToSkipContent["nostyle"] = struct{}{} -+ p.setOfElementsToSkipContent["object"] = struct{}{} -+ p.setOfElementsToSkipContent["script"] = struct{}{} -+ p.setOfElementsToSkipContent["style"] = struct{}{} -+ p.setOfElementsToSkipContent["title"] = struct{}{} -+} -diff --git a/vendor/github.com/microcosm-cc/bluemonday/sanitize.go b/vendor/github.com/microcosm-cc/bluemonday/sanitize.go -new file mode 100644 -index 00000000..65ed89b7 ---- /dev/null -+++ b/vendor/github.com/microcosm-cc/bluemonday/sanitize.go -@@ -0,0 +1,581 @@ -+// Copyright (c) 2014, David Kitchen -+// -+// All rights reserved. -+// -+// Redistribution and use in source and binary forms, with or without -+// modification, are permitted provided that the following conditions are met: -+// -+// * Redistributions of source code must retain the above copyright notice, this -+// list of conditions and the following disclaimer. -+// -+// * Redistributions in binary form must reproduce the above copyright notice, -+// this list of conditions and the following disclaimer in the documentation -+// and/or other materials provided with the distribution. -+// -+// * Neither the name of the organisation (Microcosm) nor the names of its -+// contributors may be used to endorse or promote products derived from -+// this software without specific prior written permission. -+// -+// THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" -+// AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE -+// IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE -+// DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE -+// FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL -+// DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR -+// SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER -+// CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, -+// OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE -+// OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. -+ -+package bluemonday -+ -+import ( -+ "bytes" -+ "io" -+ "net/url" -+ "regexp" -+ "strings" -+ -+ "golang.org/x/net/html" -+) -+ -+var ( -+ dataAttribute = regexp.MustCompile("^data-.+") -+ dataAttributeXMLPrefix = regexp.MustCompile("^xml.+") -+ dataAttributeInvalidChars = regexp.MustCompile("[A-Z;]+") -+) -+ -+// Sanitize takes a string that contains a HTML fragment or document and applies -+// the given policy whitelist. -+// -+// It returns a HTML string that has been sanitized by the policy or an empty -+// string if an error has occurred (most likely as a consequence of extremely -+// malformed input) -+func (p *Policy) Sanitize(s string) string { -+ if strings.TrimSpace(s) == "" { -+ return s -+ } -+ -+ return p.sanitize(strings.NewReader(s)).String() -+} -+ -+// SanitizeBytes takes a []byte that contains a HTML fragment or document and applies -+// the given policy whitelist. -+// -+// It returns a []byte containing the HTML that has been sanitized by the policy -+// or an empty []byte if an error has occurred (most likely as a consequence of -+// extremely malformed input) -+func (p *Policy) SanitizeBytes(b []byte) []byte { -+ if len(bytes.TrimSpace(b)) == 0 { -+ return b -+ } -+ -+ return p.sanitize(bytes.NewReader(b)).Bytes() -+} -+ -+// SanitizeReader takes an io.Reader that contains a HTML fragment or document -+// and applies the given policy whitelist. -+// -+// It returns a bytes.Buffer containing the HTML that has been sanitized by the -+// policy. Errors during sanitization will merely return an empty result. -+func (p *Policy) SanitizeReader(r io.Reader) *bytes.Buffer { -+ return p.sanitize(r) -+} -+ -+// Performs the actual sanitization process. -+func (p *Policy) sanitize(r io.Reader) *bytes.Buffer { -+ -+ // It is possible that the developer has created the policy via: -+ // p := bluemonday.Policy{} -+ // rather than: -+ // p := bluemonday.NewPolicy() -+ // If this is the case, and if they haven't yet triggered an action that -+ // would initiliaze the maps, then we need to do that. -+ p.init() -+ -+ var ( -+ buff bytes.Buffer -+ skipElementContent bool -+ skippingElementsCount int64 -+ skipClosingTag bool -+ closingTagToSkipStack []string -+ mostRecentlyStartedToken string -+ ) -+ -+ tokenizer := html.NewTokenizer(r) -+ for { -+ if tokenizer.Next() == html.ErrorToken { -+ err := tokenizer.Err() -+ if err == io.EOF { -+ // End of input means end of processing -+ return &buff -+ } -+ -+ // Raw tokenizer error -+ return &bytes.Buffer{} -+ } -+ -+ token := tokenizer.Token() -+ switch token.Type { -+ case html.DoctypeToken: -+ -+ // DocType is not handled as there is no safe parsing mechanism -+ // provided by golang.org/x/net/html for the content, and this can -+ // be misused to insert HTML tags that are not then sanitized -+ // -+ // One might wish to recursively sanitize here using the same policy -+ // but I will need to do some further testing before considering -+ // this. -+ -+ case html.CommentToken: -+ -+ // Comments are ignored by default -+ -+ case html.StartTagToken: -+ -+ mostRecentlyStartedToken = token.Data -+ -+ aps, ok := p.elsAndAttrs[token.Data] -+ if !ok { -+ if _, ok := p.setOfElementsToSkipContent[token.Data]; ok { -+ skipElementContent = true -+ skippingElementsCount++ -+ } -+ if p.addSpaces { -+ buff.WriteString(" ") -+ } -+ break -+ } -+ -+ if len(token.Attr) != 0 { -+ token.Attr = p.sanitizeAttrs(token.Data, token.Attr, aps) -+ } -+ -+ if len(token.Attr) == 0 { -+ if !p.allowNoAttrs(token.Data) { -+ skipClosingTag = true -+ closingTagToSkipStack = append(closingTagToSkipStack, token.Data) -+ if p.addSpaces { -+ buff.WriteString(" ") -+ } -+ break -+ } -+ } -+ -+ if !skipElementContent { -+ buff.WriteString(token.String()) -+ } -+ -+ case html.EndTagToken: -+ -+ if mostRecentlyStartedToken == token.Data { -+ mostRecentlyStartedToken = "" -+ } -+ -+ if skipClosingTag && closingTagToSkipStack[len(closingTagToSkipStack)-1] == token.Data { -+ closingTagToSkipStack = closingTagToSkipStack[:len(closingTagToSkipStack)-1] -+ if len(closingTagToSkipStack) == 0 { -+ skipClosingTag = false -+ } -+ if p.addSpaces { -+ buff.WriteString(" ") -+ } -+ break -+ } -+ -+ if _, ok := p.elsAndAttrs[token.Data]; !ok { -+ if _, ok := p.setOfElementsToSkipContent[token.Data]; ok { -+ skippingElementsCount-- -+ if skippingElementsCount == 0 { -+ skipElementContent = false -+ } -+ } -+ if p.addSpaces { -+ buff.WriteString(" ") -+ } -+ break -+ } -+ -+ if !skipElementContent { -+ buff.WriteString(token.String()) -+ } -+ -+ case html.SelfClosingTagToken: -+ -+ aps, ok := p.elsAndAttrs[token.Data] -+ if !ok { -+ if p.addSpaces { -+ buff.WriteString(" ") -+ } -+ break -+ } -+ -+ if len(token.Attr) != 0 { -+ token.Attr = p.sanitizeAttrs(token.Data, token.Attr, aps) -+ } -+ -+ if len(token.Attr) == 0 && !p.allowNoAttrs(token.Data) { -+ if p.addSpaces { -+ buff.WriteString(" ") -+ } -+ break -+ } -+ -+ if !skipElementContent { -+ buff.WriteString(token.String()) -+ } -+ -+ case html.TextToken: -+ -+ if !skipElementContent { -+ switch mostRecentlyStartedToken { -+ case "script": -+ // not encouraged, but if a policy allows JavaScript we -+ // should not HTML escape it as that would break the output -+ buff.WriteString(token.Data) -+ case "style": -+ // not encouraged, but if a policy allows CSS styles we -+ // should not HTML escape it as that would break the output -+ buff.WriteString(token.Data) -+ default: -+ // HTML escape the text -+ buff.WriteString(token.String()) -+ } -+ } -+ default: -+ // A token that didn't exist in the html package when we wrote this -+ return &bytes.Buffer{} -+ } -+ } -+} -+ -+// sanitizeAttrs takes a set of element attribute policies and the global -+// attribute policies and applies them to the []html.Attribute returning a set -+// of html.Attributes that match the policies -+func (p *Policy) sanitizeAttrs( -+ elementName string, -+ attrs []html.Attribute, -+ aps map[string]attrPolicy, -+) []html.Attribute { -+ -+ if len(attrs) == 0 { -+ return attrs -+ } -+ -+ // Builds a new attribute slice based on the whether the attribute has been -+ // whitelisted explicitly or globally. -+ cleanAttrs := []html.Attribute{} -+ for _, htmlAttr := range attrs { -+ if p.allowDataAttributes { -+ // If we see a data attribute, let it through. -+ if isDataAttribute(htmlAttr.Key) { -+ cleanAttrs = append(cleanAttrs, htmlAttr) -+ continue -+ } -+ } -+ // Is there an element specific attribute policy that applies? -+ if ap, ok := aps[htmlAttr.Key]; ok { -+ if ap.regexp != nil { -+ if ap.regexp.MatchString(htmlAttr.Val) { -+ cleanAttrs = append(cleanAttrs, htmlAttr) -+ continue -+ } -+ } else { -+ cleanAttrs = append(cleanAttrs, htmlAttr) -+ continue -+ } -+ } -+ -+ // Is there a global attribute policy that applies? -+ if ap, ok := p.globalAttrs[htmlAttr.Key]; ok { -+ -+ if ap.regexp != nil { -+ if ap.regexp.MatchString(htmlAttr.Val) { -+ cleanAttrs = append(cleanAttrs, htmlAttr) -+ } -+ } else { -+ cleanAttrs = append(cleanAttrs, htmlAttr) -+ } -+ } -+ } -+ -+ if len(cleanAttrs) == 0 { -+ // If nothing was allowed, let's get out of here -+ return cleanAttrs -+ } -+ // cleanAttrs now contains the attributes that are permitted -+ -+ if linkable(elementName) { -+ if p.requireParseableURLs { -+ // Ensure URLs are parseable: -+ // - a.href -+ // - area.href -+ // - link.href -+ // - blockquote.cite -+ // - q.cite -+ // - img.src -+ // - script.src -+ tmpAttrs := []html.Attribute{} -+ for _, htmlAttr := range cleanAttrs { -+ switch elementName { -+ case "a", "area", "link": -+ if htmlAttr.Key == "href" { -+ if u, ok := p.validURL(htmlAttr.Val); ok { -+ htmlAttr.Val = u -+ tmpAttrs = append(tmpAttrs, htmlAttr) -+ } -+ break -+ } -+ tmpAttrs = append(tmpAttrs, htmlAttr) -+ case "blockquote", "q": -+ if htmlAttr.Key == "cite" { -+ if u, ok := p.validURL(htmlAttr.Val); ok { -+ htmlAttr.Val = u -+ tmpAttrs = append(tmpAttrs, htmlAttr) -+ } -+ break -+ } -+ tmpAttrs = append(tmpAttrs, htmlAttr) -+ case "img", "script": -+ if htmlAttr.Key == "src" { -+ if u, ok := p.validURL(htmlAttr.Val); ok { -+ htmlAttr.Val = u -+ tmpAttrs = append(tmpAttrs, htmlAttr) -+ } -+ break -+ } -+ tmpAttrs = append(tmpAttrs, htmlAttr) -+ default: -+ tmpAttrs = append(tmpAttrs, htmlAttr) -+ } -+ } -+ cleanAttrs = tmpAttrs -+ } -+ -+ if (p.requireNoFollow || -+ p.requireNoFollowFullyQualifiedLinks || -+ p.addTargetBlankToFullyQualifiedLinks) && -+ len(cleanAttrs) > 0 { -+ -+ // Add rel="nofollow" if a "href" exists -+ switch elementName { -+ case "a", "area", "link": -+ var hrefFound bool -+ var externalLink bool -+ for _, htmlAttr := range cleanAttrs { -+ if htmlAttr.Key == "href" { -+ hrefFound = true -+ -+ u, err := url.Parse(htmlAttr.Val) -+ if err != nil { -+ continue -+ } -+ if u.Host != "" { -+ externalLink = true -+ } -+ -+ continue -+ } -+ } -+ -+ if hrefFound { -+ var ( -+ noFollowFound bool -+ targetBlankFound bool -+ ) -+ -+ addNoFollow := (p.requireNoFollow || -+ externalLink && p.requireNoFollowFullyQualifiedLinks) -+ -+ addTargetBlank := (externalLink && -+ p.addTargetBlankToFullyQualifiedLinks) -+ -+ tmpAttrs := []html.Attribute{} -+ for _, htmlAttr := range cleanAttrs { -+ -+ var appended bool -+ if htmlAttr.Key == "rel" && addNoFollow { -+ -+ if strings.Contains(htmlAttr.Val, "nofollow") { -+ noFollowFound = true -+ tmpAttrs = append(tmpAttrs, htmlAttr) -+ appended = true -+ } else { -+ htmlAttr.Val += " nofollow" -+ noFollowFound = true -+ tmpAttrs = append(tmpAttrs, htmlAttr) -+ appended = true -+ } -+ } -+ -+ if elementName == "a" && htmlAttr.Key == "target" { -+ if htmlAttr.Val == "_blank" { -+ targetBlankFound = true -+ } -+ if addTargetBlank && !targetBlankFound { -+ htmlAttr.Val = "_blank" -+ targetBlankFound = true -+ tmpAttrs = append(tmpAttrs, htmlAttr) -+ appended = true -+ } -+ } -+ -+ if !appended { -+ tmpAttrs = append(tmpAttrs, htmlAttr) -+ } -+ } -+ if noFollowFound || targetBlankFound { -+ cleanAttrs = tmpAttrs -+ } -+ -+ if addNoFollow && !noFollowFound { -+ rel := html.Attribute{} -+ rel.Key = "rel" -+ rel.Val = "nofollow" -+ cleanAttrs = append(cleanAttrs, rel) -+ } -+ -+ if elementName == "a" && addTargetBlank && !targetBlankFound { -+ rel := html.Attribute{} -+ rel.Key = "target" -+ rel.Val = "_blank" -+ targetBlankFound = true -+ cleanAttrs = append(cleanAttrs, rel) -+ } -+ -+ if targetBlankFound { -+ // target="_blank" has a security risk that allows the -+ // opened window/tab to issue JavaScript calls against -+ // window.opener, which in effect allow the destination -+ // of the link to control the source: -+ // https://dev.to/ben/the-targetblank-vulnerability-by-example -+ // -+ // To mitigate this risk, we need to add a specific rel -+ // attribute if it is not already present. -+ // rel="noopener" -+ // -+ // Unfortunately this is processing the rel twice (we -+ // already looked at it earlier ^^) as we cannot be sure -+ // of the ordering of the href and rel, and whether we -+ // have fully satisfied that we need to do this. This -+ // double processing only happens *if* target="_blank" -+ // is true. -+ var noOpenerAdded bool -+ tmpAttrs := []html.Attribute{} -+ for _, htmlAttr := range cleanAttrs { -+ var appended bool -+ if htmlAttr.Key == "rel" { -+ if strings.Contains(htmlAttr.Val, "noopener") { -+ noOpenerAdded = true -+ tmpAttrs = append(tmpAttrs, htmlAttr) -+ } else { -+ htmlAttr.Val += " noopener" -+ noOpenerAdded = true -+ tmpAttrs = append(tmpAttrs, htmlAttr) -+ } -+ -+ appended = true -+ } -+ if !appended { -+ tmpAttrs = append(tmpAttrs, htmlAttr) -+ } -+ } -+ if noOpenerAdded { -+ cleanAttrs = tmpAttrs -+ } else { -+ // rel attr was not found, or else noopener would -+ // have been added already -+ rel := html.Attribute{} -+ rel.Key = "rel" -+ rel.Val = "noopener" -+ cleanAttrs = append(cleanAttrs, rel) -+ } -+ -+ } -+ } -+ default: -+ } -+ } -+ } -+ -+ return cleanAttrs -+} -+ -+func (p *Policy) allowNoAttrs(elementName string) bool { -+ _, ok := p.setOfElementsAllowedWithoutAttrs[elementName] -+ return ok -+} -+ -+func (p *Policy) validURL(rawurl string) (string, bool) { -+ if p.requireParseableURLs { -+ // URLs are valid if when space is trimmed the URL is valid -+ rawurl = strings.TrimSpace(rawurl) -+ -+ // URLs cannot contain whitespace, unless it is a data-uri -+ if (strings.Contains(rawurl, " ") || -+ strings.Contains(rawurl, "\t") || -+ strings.Contains(rawurl, "\n")) && -+ !strings.HasPrefix(rawurl, `data:`) { -+ return "", false -+ } -+ -+ // URLs are valid if they parse -+ u, err := url.Parse(rawurl) -+ if err != nil { -+ return "", false -+ } -+ -+ if u.Scheme != "" { -+ -+ urlPolicy, ok := p.allowURLSchemes[u.Scheme] -+ if !ok { -+ return "", false -+ -+ } -+ -+ if urlPolicy == nil || urlPolicy(u) == true { -+ return u.String(), true -+ } -+ -+ return "", false -+ } -+ -+ if p.allowRelativeURLs { -+ if u.String() != "" { -+ return u.String(), true -+ } -+ } -+ -+ return "", false -+ } -+ -+ return rawurl, true -+} -+ -+func linkable(elementName string) bool { -+ switch elementName { -+ case "a", "area", "blockquote", "img", "link", "script": -+ return true -+ default: -+ return false -+ } -+} -+ -+func isDataAttribute(val string) bool { -+ if !dataAttribute.MatchString(val) { -+ return false -+ } -+ rest := strings.Split(val, "data-") -+ if len(rest) == 1 { -+ return false -+ } -+ // data-xml* is invalid. -+ if dataAttributeXMLPrefix.MatchString(rest[1]) { -+ return false -+ } -+ // no uppercase or semi-colons allowed. -+ if dataAttributeInvalidChars.MatchString(rest[1]) { -+ return false -+ } -+ return true -+} -diff --git a/vendor/modules.txt b/vendor/modules.txt -index 0bae0d5d..ff6a5d78 100644 ---- a/vendor/modules.txt -+++ b/vendor/modules.txt -@@ -49,6 +49,8 @@ github.com/lib/pq/oid - github.com/lib/pq/scram - # github.com/mb0/diff v0.0.0-20131118162322-d8d9a906c24d - github.com/mb0/diff -+# github.com/microcosm-cc/bluemonday v1.0.2 -+github.com/microcosm-cc/bluemonday - # github.com/nu7hatch/gouuid v0.0.0-20131221200532-179d4d0c4d8d - github.com/nu7hatch/gouuid - # github.com/pkg/errors v0.8.0 From 5cdc8f4818b8ce758d7d5c8b18b87994183c3e1a Mon Sep 17 00:00:00 2001 From: Maximilian Bosch Date: Fri, 22 May 2020 11:32:03 +0200 Subject: [PATCH 081/101] mautrix-whatsapp: 2020-04-21-1 -> 2020-05-21 --- pkgs/servers/mautrix-whatsapp/default.nix | 27 ++++++----------------- 1 file changed, 7 insertions(+), 20 deletions(-) diff --git a/pkgs/servers/mautrix-whatsapp/default.nix b/pkgs/servers/mautrix-whatsapp/default.nix index dea3d7b1b23..1ee491acebe 100644 --- a/pkgs/servers/mautrix-whatsapp/default.nix +++ b/pkgs/servers/mautrix-whatsapp/default.nix @@ -1,32 +1,19 @@ -{ stdenv, buildGoModule, fetchFromGitHub }: +{ stdenv, buildGoModule, fetchFromGitHub, olm }: -let -webp = fetchFromGitHub { - owner = "chai2010"; - repo = "webp"; - rev = "19c584e49a98c31e2138c82fd0108435cd80d182"; - sha256 = "1bqf1ifsfw5dwvnc9vl3dhp775qv5hgl34219lvnja0bj6pq5zks"; -}; -in buildGoModule { pname = "mautrix-whatsapp-unstable"; - version = "2020-04-21-1"; + version = "2020-05-21"; src = fetchFromGitHub { owner = "tulir"; repo = "mautrix-whatsapp"; - rev = "e0aea74abf090bc9dc499332b28bf03640c162f8"; - sha256 = "1gayjyh0x0axc1xak38zkdhvx6fy8pwlniqsirqy2mwcgkkll9i5"; + rev = "b4949eec5982643502bb9787cf5e2872a78807c1"; + sha256 = "1hjqxqfza6r7fsxr4fgwhfdwjzligxk416692xi4pavd5krfxxmd"; }; - vendorSha256 = "0j397zyjs7v5q2jjd3l0wz4lh1fh45whgxjp7cwgc332ch9j2010"; + buildInputs = [ olm ]; - overrideModAttrs = (_: { - postBuild = '' - rm -r vendor/github.com/chai2010/webp - cp -r --reflink=auto ${webp} vendor/github.com/chai2010/webp - ''; - }); + vendorSha256 = "0ix65b48cpx6vkqmjizzij7zl8h2kjkfsa0s42vnmjdlmsv7yn42"; meta = with stdenv.lib; { homepage = "https://github.com/tulir/mautrix-whatsapp"; @@ -34,4 +21,4 @@ buildGoModule { license = licenses.agpl3; maintainers = with maintainers; [ vskilet ma27 ]; }; -} \ No newline at end of file +} From 7dcff0dab55388d26a278cb0570193cfb8fa9555 Mon Sep 17 00:00:00 2001 From: Maximilian Bosch Date: Fri, 22 May 2020 16:34:45 +0200 Subject: [PATCH 082/101] riot-web: 1.6.1 -> 1.6.2 https://github.com/vector-im/riot-web/releases/tag/v1.6.2 --- .../networking/instant-messengers/riot/riot-web.nix | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/pkgs/applications/networking/instant-messengers/riot/riot-web.nix b/pkgs/applications/networking/instant-messengers/riot/riot-web.nix index fe693ed1fe9..e61237dbb69 100644 --- a/pkgs/applications/networking/instant-messengers/riot/riot-web.nix +++ b/pkgs/applications/networking/instant-messengers/riot/riot-web.nix @@ -12,11 +12,11 @@ let in stdenv.mkDerivation rec { pname = "riot-web"; - version = "1.6.1"; + version = "1.6.2"; src = fetchurl { url = "https://github.com/vector-im/riot-web/releases/download/v${version}/riot-v${version}.tar.gz"; - sha256 = "0mqb9y38vnngwz38qgdn24mspmk6zh4v1j778ppban034ga0almv"; + sha256 = "1cyjw3x9yh96cn84r95zziwxgifkmzd5kdf4l69b7mwnqcr78dp0"; }; installPhase = '' From 84ede87458cfd624f7ea7df231a555af9b58f50f Mon Sep 17 00:00:00 2001 From: Maximilian Bosch Date: Fri, 22 May 2020 16:35:01 +0200 Subject: [PATCH 083/101] riot-desktop: 1.6.1 -> 1.6.2 https://github.com/vector-im/riot-web/releases/tag/v1.6.2 --- .../instant-messengers/riot/riot-desktop-package.json | 2 +- .../networking/instant-messengers/riot/riot-desktop.nix | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/pkgs/applications/networking/instant-messengers/riot/riot-desktop-package.json b/pkgs/applications/networking/instant-messengers/riot/riot-desktop-package.json index cb72b09d4bf..959b99e68f6 100644 --- a/pkgs/applications/networking/instant-messengers/riot/riot-desktop-package.json +++ b/pkgs/applications/networking/instant-messengers/riot/riot-desktop-package.json @@ -2,7 +2,7 @@ "name": "riot-desktop", "productName": "Riot", "main": "src/electron-main.js", - "version": "1.6.1", + "version": "1.6.2", "description": "A feature-rich client for Matrix.org", "author": "New Vector Ltd.", "repository": { diff --git a/pkgs/applications/networking/instant-messengers/riot/riot-desktop.nix b/pkgs/applications/networking/instant-messengers/riot/riot-desktop.nix index 03263471c79..e5b815e7c88 100644 --- a/pkgs/applications/networking/instant-messengers/riot/riot-desktop.nix +++ b/pkgs/applications/networking/instant-messengers/riot/riot-desktop.nix @@ -8,12 +8,12 @@ let executableName = "riot-desktop"; - version = "1.6.1"; + version = "1.6.2"; src = fetchFromGitHub { owner = "vector-im"; repo = "riot-desktop"; rev = "v${version}"; - sha256 = "05mhapcgr1802c27428m8wkmw8qis1akv4m7z3m0l89wgv4kh6za"; + sha256 = "1anmch9z3na7rphxb0p9cnk55388z22iwfnfjhmjps1ii5wx4rls"; }; electron = electron_7; From 0c9c846768d412b6f805e38119a5efc8eb14c331 Mon Sep 17 00:00:00 2001 From: Tim Steinbach Date: Fri, 22 May 2020 10:51:14 -0400 Subject: [PATCH 084/101] linux/hardened/patches/4.14: 4.14.180.a -> 4.14.181.a --- pkgs/os-specific/linux/kernel/hardened/patches.json | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/pkgs/os-specific/linux/kernel/hardened/patches.json b/pkgs/os-specific/linux/kernel/hardened/patches.json index 19517fd9ea3..6ca9bf543ac 100644 --- a/pkgs/os-specific/linux/kernel/hardened/patches.json +++ b/pkgs/os-specific/linux/kernel/hardened/patches.json @@ -1,8 +1,8 @@ { "4.14": { - "name": "linux-hardened-4.14.180.a.patch", - "sha256": "0rpk5lq947i4v48d6jv75rgwpncayr4agc3f2iich3hlkh5p72p3", - "url": "https://github.com/anthraxx/linux-hardened/releases/download/4.14.180.a/linux-hardened-4.14.180.a.patch" + "name": "linux-hardened-4.14.181.a.patch", + "sha256": "1rssvfhz10h7sqfi0ari1rsmm4h60v6bfj8fvb0yx6sxsvg7phd7", + "url": "https://github.com/anthraxx/linux-hardened/releases/download/4.14.181.a/linux-hardened-4.14.181.a.patch" }, "4.19": { "name": "linux-hardened-4.19.123.a.patch", From b7de919a9469eb73b592000187e33dd45b24cb18 Mon Sep 17 00:00:00 2001 From: Tim Steinbach Date: Fri, 22 May 2020 10:51:20 -0400 Subject: [PATCH 085/101] linux/hardened/patches/4.19: 4.19.123.a -> 4.19.124.a --- pkgs/os-specific/linux/kernel/hardened/patches.json | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/pkgs/os-specific/linux/kernel/hardened/patches.json b/pkgs/os-specific/linux/kernel/hardened/patches.json index 6ca9bf543ac..476742eccc2 100644 --- a/pkgs/os-specific/linux/kernel/hardened/patches.json +++ b/pkgs/os-specific/linux/kernel/hardened/patches.json @@ -5,9 +5,9 @@ "url": "https://github.com/anthraxx/linux-hardened/releases/download/4.14.181.a/linux-hardened-4.14.181.a.patch" }, "4.19": { - "name": "linux-hardened-4.19.123.a.patch", - "sha256": "12z4f0nph23110dpk0c8av9bjr8q9qhmyzzj2chrscfwybmld76h", - "url": "https://github.com/anthraxx/linux-hardened/releases/download/4.19.123.a/linux-hardened-4.19.123.a.patch" + "name": "linux-hardened-4.19.124.a.patch", + "sha256": "0g4kp112iarkyjw6qfdkc7j10d60jak7rlw2c1m537mb1a3zz7qm", + "url": "https://github.com/anthraxx/linux-hardened/releases/download/4.19.124.a/linux-hardened-4.19.124.a.patch" }, "5.4": { "name": "linux-hardened-5.4.41.a.patch", From f759c5af518848b6e234115fd8ac174ea2cfb2b7 Mon Sep 17 00:00:00 2001 From: Tim Steinbach Date: Fri, 22 May 2020 10:51:22 -0400 Subject: [PATCH 086/101] linux/hardened/patches/5.4: 5.4.41.a -> 5.4.42.a --- pkgs/os-specific/linux/kernel/hardened/patches.json | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/pkgs/os-specific/linux/kernel/hardened/patches.json b/pkgs/os-specific/linux/kernel/hardened/patches.json index 476742eccc2..cbc83edf662 100644 --- a/pkgs/os-specific/linux/kernel/hardened/patches.json +++ b/pkgs/os-specific/linux/kernel/hardened/patches.json @@ -10,9 +10,9 @@ "url": "https://github.com/anthraxx/linux-hardened/releases/download/4.19.124.a/linux-hardened-4.19.124.a.patch" }, "5.4": { - "name": "linux-hardened-5.4.41.a.patch", - "sha256": "0rbp0radqcs2bqapp9k0hvafxn3wlzkc50wnw1145w76mkvpc91y", - "url": "https://github.com/anthraxx/linux-hardened/releases/download/5.4.41.a/linux-hardened-5.4.41.a.patch" + "name": "linux-hardened-5.4.42.a.patch", + "sha256": "1i066nk101banphs9gbcbvmyrhcvf83xf449rs6vxanb0yhwvqvn", + "url": "https://github.com/anthraxx/linux-hardened/releases/download/5.4.42.a/linux-hardened-5.4.42.a.patch" }, "5.5": { "name": "linux-hardened-5.5.19.a.patch", From 8b66da57ede9fc31121b45424ce702ef61a5ec99 Mon Sep 17 00:00:00 2001 From: Tim Steinbach Date: Fri, 22 May 2020 10:51:24 -0400 Subject: [PATCH 087/101] linux/hardened/patches/5.6: 5.6.13.a -> 5.6.14.a --- pkgs/os-specific/linux/kernel/hardened/patches.json | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/pkgs/os-specific/linux/kernel/hardened/patches.json b/pkgs/os-specific/linux/kernel/hardened/patches.json index cbc83edf662..dd3d08a50e8 100644 --- a/pkgs/os-specific/linux/kernel/hardened/patches.json +++ b/pkgs/os-specific/linux/kernel/hardened/patches.json @@ -20,8 +20,8 @@ "url": "https://github.com/anthraxx/linux-hardened/releases/download/5.5.19.a/linux-hardened-5.5.19.a.patch" }, "5.6": { - "name": "linux-hardened-5.6.13.a.patch", - "sha256": "1z1f15h0wpajkiaqagnx8r25vmabkpc69rzn2h0p3k6z72l6iri5", - "url": "https://github.com/anthraxx/linux-hardened/releases/download/5.6.13.a/linux-hardened-5.6.13.a.patch" + "name": "linux-hardened-5.6.14.a.patch", + "sha256": "1hnlhlssa2gwmww6j17768gn2fbw2f3v8c0cs423lg14r7plkv44", + "url": "https://github.com/anthraxx/linux-hardened/releases/download/5.6.14.a/linux-hardened-5.6.14.a.patch" } } From 8ecb3a3e9751861cc79b4f6ae5f7f78e2780671a Mon Sep 17 00:00:00 2001 From: Tim Steinbach Date: Fri, 22 May 2020 10:52:12 -0400 Subject: [PATCH 088/101] oh-my-zsh: 2020-05-20 -> 2020-05-21 --- pkgs/shells/zsh/oh-my-zsh/default.nix | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/pkgs/shells/zsh/oh-my-zsh/default.nix b/pkgs/shells/zsh/oh-my-zsh/default.nix index 9ff9e11e2e2..dce9b82d026 100644 --- a/pkgs/shells/zsh/oh-my-zsh/default.nix +++ b/pkgs/shells/zsh/oh-my-zsh/default.nix @@ -4,13 +4,13 @@ { stdenv, fetchgit }: stdenv.mkDerivation rec { - version = "2020-05-20"; + version = "2020-05-21"; pname = "oh-my-zsh"; - rev = "cfdd3c8dd87cd22281ec5d964ecb915bc9ad7e92"; + rev = "b721053c87b4662c65452117a8db35af0154a29d"; src = fetchgit { inherit rev; url = "https://github.com/ohmyzsh/ohmyzsh"; - sha256 = "018r9aq5s0lc5k8i8jp8w9qgp56acj4rmk9n43nfakr6ivhyjwmd"; + sha256 = "02y6mhvsxamsvfx2bcdrfbbl7g8v1cq8qycjbffn4w3d6aprq5c6"; }; pathsToLink = [ "/share/oh-my-zsh" ]; From a3a285af0ff0837b701f6a629aa040b59af30083 Mon Sep 17 00:00:00 2001 From: Bruno Bigras Date: Fri, 22 May 2020 13:08:07 -0400 Subject: [PATCH 089/101] zenith: 0.8.2 -> 0.9.0 --- pkgs/tools/system/zenith/cargo-lock.patch | 13 ------------- pkgs/tools/system/zenith/default.nix | 7 +++---- 2 files changed, 3 insertions(+), 17 deletions(-) delete mode 100644 pkgs/tools/system/zenith/cargo-lock.patch diff --git a/pkgs/tools/system/zenith/cargo-lock.patch b/pkgs/tools/system/zenith/cargo-lock.patch deleted file mode 100644 index 023480767b0..00000000000 --- a/pkgs/tools/system/zenith/cargo-lock.patch +++ /dev/null @@ -1,13 +0,0 @@ -diff --git a/Cargo.lock b/Cargo.lock -index 3f4eec6..64b1a6a 100644 ---- a/Cargo.lock -+++ b/Cargo.lock -@@ -1297,7 +1297,7 @@ checksum = "712e227841d057c1ee1cd2fb22fa7e5a5461ae8e48fa2ca79ec42cfc1931183f" - - [[package]] - name = "zenith" --version = "0.8.0" -+version = "0.8.2" - dependencies = [ - "battery", - "bincode", diff --git a/pkgs/tools/system/zenith/default.nix b/pkgs/tools/system/zenith/default.nix index cdaf3a0f8eb..b7912f44cdd 100644 --- a/pkgs/tools/system/zenith/default.nix +++ b/pkgs/tools/system/zenith/default.nix @@ -2,17 +2,16 @@ rustPlatform.buildRustPackage rec { pname = "zenith"; - version = "0.8.2"; + version = "0.9.0"; src = fetchFromGitHub { owner = "bvaisvil"; repo = pname; rev = version; - sha256 = "1s1l4nq4bsvi54i603faann8cp1409qa2ka7id0m38b3li8z2984"; + sha256 = "1yfbr8zmcy7zp9s9cqv7qypj2vvhpq09r0398gr7ckjk6v70hhfg"; }; - cargoPatches = [ ./cargo-lock.patch ]; - cargoSha256 = "0h6k7yf4hpfxnad46iv8gp3v3zc4x4p9yab40gr8xv8r1syf9f6g"; + cargoSha256 = "1l4cjcpfghis983y31s54fzjppdnh3wa4anwi7bdsbyvqz3n3ywj"; buildInputs = stdenv.lib.optionals stdenv.isDarwin [ IOKit ]; From 002d38783ab0b570b296dadd4ee1ecfad21a9367 Mon Sep 17 00:00:00 2001 From: Sohalt Date: Fri, 22 May 2020 20:40:13 +0200 Subject: [PATCH 090/101] nottetris2: init at 2.0 (#87028) Co-authored-by: Yorick --- pkgs/games/nottetris2/default.nix | 51 +++++++++++++++++++++++++++++++ pkgs/top-level/all-packages.nix | 2 ++ 2 files changed, 53 insertions(+) create mode 100644 pkgs/games/nottetris2/default.nix diff --git a/pkgs/games/nottetris2/default.nix b/pkgs/games/nottetris2/default.nix new file mode 100644 index 00000000000..dde35e4fe32 --- /dev/null +++ b/pkgs/games/nottetris2/default.nix @@ -0,0 +1,51 @@ +{ stdenv, fetchFromGitHub, zip, love_0_7, makeWrapper, makeDesktopItem }: + +let + pname = "nottetris2"; + version = "2.0"; + + desktopItem = makeDesktopItem { + name = "nottetris2"; + exec = pname; + comment = "It's like tetris, but it's not"; + desktopName = "nottetris2"; + genericName = "nottetris2"; + categories = "Game"; + }; + +in + +stdenv.mkDerivation { + inherit pname version; + + src = fetchFromGitHub { + owner = "Stabyourself"; + repo = pname; + rev = "v${version}"; + sha256 = "17iabh6rr8jim70n96rbhif4xq02g2kppscm8l339yqx6mhb64hs"; + }; + + nativeBuildInputs = [ zip ]; + buildInputs = [ love_0_7 makeWrapper ]; + + phases = [ "unpackPhase" "installPhase" ]; + + installPhase = + '' + mkdir -p $out/bin $out/share/games/lovegames $out/share/applications + zip -9 -r ${pname}.love ./* + mv ${pname}.love $out/share/games/lovegames/${pname}.love + makeWrapper ${love_0_7}/bin/love $out/bin/${pname} --add-flags $out/share/games/lovegames/${pname}.love + ln -s ${desktopItem}/share/applications/* $out/share/applications/ + chmod +x $out/bin/${pname} + ''; + + meta = with stdenv.lib; { + description = "It's like Tetris, but it's not"; + platforms = platforms.linux; + license = licenses.wtfpl; + maintainers = with maintainers; [ yorickvp ]; + downloadPage = "https://stabyourself.net/nottetris2/"; + }; + +} diff --git a/pkgs/top-level/all-packages.nix b/pkgs/top-level/all-packages.nix index a8905910f12..81f617bdfa9 100644 --- a/pkgs/top-level/all-packages.nix +++ b/pkgs/top-level/all-packages.nix @@ -23758,6 +23758,8 @@ in newtonwars = callPackage ../games/newtonwars { }; + nottetris2 = callPackage ../games/nottetris2 { }; + nudoku = callPackage ../games/nudoku { }; nxengine-evo = callPackage ../games/nxengine-evo { }; From 9754e3485ce223656080637a201a6f4c4a0b992f Mon Sep 17 00:00:00 2001 From: zowoq <59103226+zowoq@users.noreply.github.com> Date: Sat, 23 May 2020 06:15:10 +1000 Subject: [PATCH 091/101] podman: 1.9.2 -> 1.9.3 https://github.com/containers/libpod/releases/tag/v1.9.3 --- pkgs/applications/virtualization/podman/default.nix | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/pkgs/applications/virtualization/podman/default.nix b/pkgs/applications/virtualization/podman/default.nix index eb7b65d9e2b..3ed029e55fb 100644 --- a/pkgs/applications/virtualization/podman/default.nix +++ b/pkgs/applications/virtualization/podman/default.nix @@ -16,13 +16,13 @@ buildGoModule rec { pname = "podman"; - version = "1.9.2"; + version = "1.9.3"; src = fetchFromGitHub { owner = "containers"; repo = "libpod"; rev = "v${version}"; - sha256 = "0jvqzn1q52z6aka98d2i3dyn2i8xld7xvmi2zfxgm9g53wdgi2g2"; + sha256 = "0gbp12xn1vliyawkw2w2bpn6b5h2cm41g3nj72vk4jyhis0igq1s"; }; vendorSha256 = null; From c76564c4bce9551e1bca3965f2aed88bb600b9f7 Mon Sep 17 00:00:00 2001 From: "R. RyanTM" Date: Thu, 21 May 2020 08:01:13 +0000 Subject: [PATCH 092/101] fastjet: 3.3.3 -> 3.3.4 --- pkgs/development/libraries/physics/fastjet/default.nix | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/pkgs/development/libraries/physics/fastjet/default.nix b/pkgs/development/libraries/physics/fastjet/default.nix index 3dfbaa96d31..b854fa88cd6 100644 --- a/pkgs/development/libraries/physics/fastjet/default.nix +++ b/pkgs/development/libraries/physics/fastjet/default.nix @@ -2,11 +2,11 @@ stdenv.mkDerivation rec { pname = "fastjet"; - version = "3.3.3"; + version = "3.3.4"; src = fetchurl { url = "http://fastjet.fr/repo/fastjet-${version}.tar.gz"; - sha256 = "0avkgn19plq593p872hirr0yj2vgjvsi88w68ngarbp55hla1c1h"; + sha256 = "00zwvmnp2j79z95n9lgnq67q02bqfgirqla8j9y6jd8k3r052as3"; }; buildInputs = [ python2 ]; From f26bb6d247b2209bdfbf67acb3185153f3529a0b Mon Sep 17 00:00:00 2001 From: Matt Layher Date: Fri, 22 May 2020 17:39:43 -0400 Subject: [PATCH 093/101] corerad: 0.2.4 -> 0.2.5 --- pkgs/tools/networking/corerad/default.nix | 10 ++++------ 1 file changed, 4 insertions(+), 6 deletions(-) diff --git a/pkgs/tools/networking/corerad/default.nix b/pkgs/tools/networking/corerad/default.nix index eef345c8db6..a4eb50d0c77 100644 --- a/pkgs/tools/networking/corerad/default.nix +++ b/pkgs/tools/networking/corerad/default.nix @@ -2,25 +2,23 @@ buildGoModule rec { pname = "corerad"; - version = "0.2.4"; + version = "0.2.5"; src = fetchFromGitHub { owner = "mdlayher"; repo = "corerad"; rev = "v${version}"; - sha256 = "1r9kvz1ylrnfc7y5c4knqhx6xngh1p8j1axb8bd7h7p51c4i7jz2"; + sha256 = "0fi9wgv5aj3ds3r5qjyi4pxnd56psrpdy2sz84jd0sz2w48x4k4p"; }; - vendorSha256 = "0ncwf197dx6mqzg69mnyp0iyad585izmydm0yj8ikd0y8ngpx7a3"; + vendorSha256 = "11r3vpimhik7y09gwb3p6pl0yf53hpaw24ry4a833fw8060rqp3q"; buildFlagsArray = '' -ldflags= - -X github.com/mdlayher/corerad/internal/build.linkTimestamp=1589133047 + -X github.com/mdlayher/corerad/internal/build.linkTimestamp=1590182656 -X github.com/mdlayher/corerad/internal/build.linkVersion=v${version} ''; - deleteVendor = true; - meta = with stdenv.lib; { homepage = "https://github.com/mdlayher/corerad"; description = "CoreRAD extensible and observable IPv6 NDP RA daemon"; From 51523069a6285ec834d7b3294f61ac9b0cfc4da1 Mon Sep 17 00:00:00 2001 From: Mario Rodas Date: Fri, 22 May 2020 17:51:52 -0500 Subject: [PATCH 094/101] openldap: fix build on darwin --- pkgs/development/libraries/openldap/default.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/pkgs/development/libraries/openldap/default.nix b/pkgs/development/libraries/openldap/default.nix index 38871bd2168..a4274f064e5 100644 --- a/pkgs/development/libraries/openldap/default.nix +++ b/pkgs/development/libraries/openldap/default.nix @@ -23,7 +23,7 @@ stdenv.mkDerivation rec { "STRIP=" "prefix=$(out)" "moduledir=$(out)/lib/modules" - ]; + ] ++ stdenv.lib.optionals stdenv.isDarwin [ "CC=cc" ]; configureFlags = [ "--enable-overlays" From 062cd3e87c31328e0d65ebd87e591cc875aba524 Mon Sep 17 00:00:00 2001 From: Tim Steinbach Date: Fri, 22 May 2020 19:02:51 -0400 Subject: [PATCH 095/101] linux: Remove 5.5 The 5.5.x series is now EOL --- pkgs/os-specific/linux/kernel/linux-5.5.nix | 18 ------------------ pkgs/top-level/all-packages.nix | 9 --------- 2 files changed, 27 deletions(-) delete mode 100644 pkgs/os-specific/linux/kernel/linux-5.5.nix diff --git a/pkgs/os-specific/linux/kernel/linux-5.5.nix b/pkgs/os-specific/linux/kernel/linux-5.5.nix deleted file mode 100644 index 96a349d985c..00000000000 --- a/pkgs/os-specific/linux/kernel/linux-5.5.nix +++ /dev/null @@ -1,18 +0,0 @@ -{ stdenv, buildPackages, fetchurl, perl, buildLinux, modDirVersionArg ? null, ... } @ args: - -with stdenv.lib; - -buildLinux (args // rec { - version = "5.5.19"; - - # modDirVersion needs to be x.y.z, will automatically add .0 if needed - modDirVersion = if (modDirVersionArg == null) then concatStringsSep "." (take 3 (splitVersion "${version}.0")) else modDirVersionArg; - - # branchVersion needs to be x.y - extraMeta.branch = versions.majorMinor version; - - src = fetchurl { - url = "mirror://kernel/linux/kernel/v5.x/linux-${version}.tar.xz"; - sha256 = "1sqiw9d25sqqzdh04dd722i7ff6kchj869jp4l8zalpvf51k6j0l"; - }; -} // (args.argsOverride or {})) diff --git a/pkgs/top-level/all-packages.nix b/pkgs/top-level/all-packages.nix index 953146d4a88..3b3a23959d3 100644 --- a/pkgs/top-level/all-packages.nix +++ b/pkgs/top-level/all-packages.nix @@ -16836,14 +16836,6 @@ in ]; }; - linux_5_5 = callPackage ../os-specific/linux/kernel/linux-5.5.nix { - kernelPatches = [ - kernelPatches.bridge_stp_helper - kernelPatches.request_key_helper - kernelPatches.export_kernel_fpu_functions."5.3" - ]; - }; - linux_5_6 = callPackage ../os-specific/linux/kernel/linux-5.6.nix { kernelPatches = [ kernelPatches.bridge_stp_helper @@ -17074,7 +17066,6 @@ in linuxPackages_4_14 = recurseIntoAttrs (linuxPackagesFor pkgs.linux_4_14); linuxPackages_4_19 = recurseIntoAttrs (linuxPackagesFor pkgs.linux_4_19); linuxPackages_5_4 = recurseIntoAttrs (linuxPackagesFor pkgs.linux_5_4); - linuxPackages_5_5 = recurseIntoAttrs (linuxPackagesFor pkgs.linux_5_5); linuxPackages_5_6 = recurseIntoAttrs (linuxPackagesFor pkgs.linux_5_6); # When adding to this list: From c364ed710f9fe3d03c4fe0d4ba8c24e9e0fa00ba Mon Sep 17 00:00:00 2001 From: Lily Ballard Date: Fri, 22 May 2020 17:15:16 -0700 Subject: [PATCH 096/101] cocoapods: 1.9.1 -> 1.9.2 --- .../development/mobile/cocoapods/Gemfile.lock | 22 +++++----- pkgs/development/mobile/cocoapods/gemset.nix | 42 ++++++++++--------- 2 files changed, 33 insertions(+), 31 deletions(-) diff --git a/pkgs/development/mobile/cocoapods/Gemfile.lock b/pkgs/development/mobile/cocoapods/Gemfile.lock index b8db94ca06a..1c77634cbfb 100644 --- a/pkgs/development/mobile/cocoapods/Gemfile.lock +++ b/pkgs/development/mobile/cocoapods/Gemfile.lock @@ -2,20 +2,20 @@ GEM remote: https://rubygems.org/ specs: CFPropertyList (3.0.2) - activesupport (4.2.11.1) + activesupport (4.2.11.3) i18n (~> 0.7) minitest (~> 5.1) thread_safe (~> 0.3, >= 0.3.4) tzinfo (~> 1.1) - algoliasearch (1.27.1) + algoliasearch (1.27.2) httpclient (~> 2.8, >= 2.8.3) json (>= 1.5.1) atomos (0.1.3) claide (1.0.3) - cocoapods (1.9.1) + cocoapods (1.9.2) activesupport (>= 4.0.2, < 5) claide (>= 1.0.2, < 2.0) - cocoapods-core (= 1.9.1) + cocoapods-core (= 1.9.2) cocoapods-deintegrate (>= 1.0.3, < 2.0) cocoapods-downloader (>= 1.2.2, < 2.0) cocoapods-plugins (>= 1.0.0, < 2.0) @@ -31,7 +31,7 @@ GEM nap (~> 1.0) ruby-macho (~> 1.4) xcodeproj (>= 1.14.0, < 2.0) - cocoapods-core (1.9.1) + cocoapods-core (1.9.2) activesupport (>= 4.0.2, < 6) algoliasearch (~> 1.0) concurrent-ruby (~> 1.1) @@ -45,10 +45,10 @@ GEM nap cocoapods-search (1.0.0) cocoapods-stats (1.1.0) - cocoapods-trunk (1.4.1) + cocoapods-trunk (1.5.0) nap (>= 0.8, < 2.0) netrc (~> 0.11) - cocoapods-try (1.1.0) + cocoapods-try (1.2.0) colored2 (3.1.2) concurrent-ruby (1.1.6) escape (0.0.4) @@ -62,18 +62,18 @@ GEM i18n (0.9.5) concurrent-ruby (~> 1.0) json (2.3.0) - minitest (5.14.0) + minitest (5.14.1) molinillo (0.6.6) nanaimo (0.2.6) nap (1.1.0) netrc (0.11.0) ruby-macho (1.4.0) thread_safe (0.3.6) - typhoeus (1.3.1) + typhoeus (1.4.0) ethon (>= 0.9.0) - tzinfo (1.2.6) + tzinfo (1.2.7) thread_safe (~> 0.1) - xcodeproj (1.15.0) + xcodeproj (1.16.0) CFPropertyList (>= 2.3.3, < 4.0) atomos (~> 0.1.3) claide (>= 1.0.2, < 2.0) diff --git a/pkgs/development/mobile/cocoapods/gemset.nix b/pkgs/development/mobile/cocoapods/gemset.nix index 4d4979d5620..9c0ed2d5fa2 100644 --- a/pkgs/development/mobile/cocoapods/gemset.nix +++ b/pkgs/development/mobile/cocoapods/gemset.nix @@ -5,10 +5,10 @@ platforms = []; source = { remotes = ["https://rubygems.org"]; - sha256 = "1vbq7a805bfvyik2q3kl9s3r418f5qzvysqbz2cwy4hr7m2q4ir6"; + sha256 = "0wp36wi3r3dscmcr0q6sbz13hr5h911c24ar7zrmmcy7p32ial2i"; type = "gem"; }; - version = "4.2.11.1"; + version = "4.2.11.3"; }; algoliasearch = { dependencies = ["httpclient" "json"]; @@ -16,10 +16,10 @@ platforms = []; source = { remotes = ["https://rubygems.org"]; - sha256 = "1ayg8j3819ay2d8618jv32ca16fh8qsgjsiq9j32yd016c170nkj"; + sha256 = "1b3xk42ry6dlsqn379p884zdi4iyra67xh45rwl6vcrwmrnbq7f0"; type = "gem"; }; - version = "1.27.1"; + version = "1.27.2"; }; atomos = { source = { @@ -55,10 +55,10 @@ platforms = []; source = { remotes = ["https://rubygems.org"]; - sha256 = "0wxr81qy4jsbxl066nlfp8zlqk31i6fsmd7f01xmi9bv04990hrs"; + sha256 = "0zxr5din9m8zf3mynywn4qmk3af9f5anx189i4md19c1iinkbb36"; type = "gem"; }; - version = "1.9.1"; + version = "1.9.2"; }; cocoapods-core = { dependencies = ["activesupport" "algoliasearch" "concurrent-ruby" "fuzzy_match" "nap" "netrc" "typhoeus"]; @@ -66,10 +66,10 @@ platforms = []; source = { remotes = ["https://rubygems.org"]; - sha256 = "0c1679fkyp06dwsh93r0ldzly9vc74g0br4jdngwvdl4g0j4fyzc"; + sha256 = "13qhkglivmmiv0j88l4d8anw66zdy89lg1qqk4vpvavsm7s7ls6p"; type = "gem"; }; - version = "1.9.1"; + version = "1.9.2"; }; cocoapods-deintegrate = { groups = ["default"]; @@ -124,18 +124,20 @@ platforms = []; source = { remotes = ["https://rubygems.org"]; - sha256 = "0vrwsgaq3nf7v3pwksgqy0mhswrp3ipczrc96vl3ii2pcc9ilwkw"; + sha256 = "12c6028bmdwrbqcb49mr5qj1p3vcijnjqbsbzywfx1isp44j9mv5"; type = "gem"; }; - version = "1.4.1"; + version = "1.5.0"; }; cocoapods-try = { + groups = ["default"]; + platforms = []; source = { remotes = ["https://rubygems.org"]; - sha256 = "1gf2zjmcjhh9psq15yfy82wz5jnlihf5bcw79f8hlv4cnqyspncj"; + sha256 = "1znyp625rql37ivb5rk9fk9564cmax8icxfr041ysivpdrn98nql"; type = "gem"; }; - version = "1.1.0"; + version = "1.2.0"; }; colored2 = { source = { @@ -244,10 +246,10 @@ platforms = []; source = { remotes = ["https://rubygems.org"]; - sha256 = "0g73x65hmjph8dg1h3rkzfg7ys3ffxm35hj35grw75fixmq53qyz"; + sha256 = "09bz9nsznxgaf06cx3b5z71glgl0hdw469gqx3w7bqijgrb55p5g"; type = "gem"; }; - version = "5.14.0"; + version = "5.14.1"; }; molinillo = { source = { @@ -305,10 +307,10 @@ platforms = []; source = { remotes = ["https://rubygems.org"]; - sha256 = "0cni8b1idcp0dk8kybmxydadhfpaj3lbs99w5kjibv8bsmip2zi5"; + sha256 = "1m22yrkmbj81rzhlny81j427qdvz57yk5wbcf3km0nf3bl6qiygz"; type = "gem"; }; - version = "1.3.1"; + version = "1.4.0"; }; tzinfo = { dependencies = ["thread_safe"]; @@ -316,10 +318,10 @@ platforms = []; source = { remotes = ["https://rubygems.org"]; - sha256 = "04f18jdv6z3zn3va50rqq35nj3izjpb72fnf21ixm7vanq6nc4fp"; + sha256 = "1i3jh086w1kbdj3k5l60lc3nwbanmzdf8yjj3mlrx9b2gjjxhi9r"; type = "gem"; }; - version = "1.2.6"; + version = "1.2.7"; }; xcodeproj = { dependencies = ["CFPropertyList" "atomos" "claide" "colored2" "nanaimo"]; @@ -327,9 +329,9 @@ platforms = []; source = { remotes = ["https://rubygems.org"]; - sha256 = "1ldb1jckfzkk9c74nv500z0q936nn25fn5mywzwrh7sjwgkaxp5z"; + sha256 = "1bkk8y6lzd86w9yx72hd1nil3fkk5f0v3il9vm554gzpl6dhc2bi"; type = "gem"; }; - version = "1.15.0"; + version = "1.16.0"; }; } \ No newline at end of file From 30c5973f46db0a48ad3066c0b0a488deba162c10 Mon Sep 17 00:00:00 2001 From: Lily Ballard Date: Fri, 22 May 2020 17:15:27 -0700 Subject: [PATCH 097/101] cocoapods-beta: 1.9.1 -> 1.9.2 --- .../mobile/cocoapods/Gemfile-beta.lock | 24 +++++------ .../mobile/cocoapods/gemset-beta.nix | 40 +++++++++---------- 2 files changed, 32 insertions(+), 32 deletions(-) diff --git a/pkgs/development/mobile/cocoapods/Gemfile-beta.lock b/pkgs/development/mobile/cocoapods/Gemfile-beta.lock index 355608ca02e..5ccf07de2f5 100644 --- a/pkgs/development/mobile/cocoapods/Gemfile-beta.lock +++ b/pkgs/development/mobile/cocoapods/Gemfile-beta.lock @@ -2,20 +2,20 @@ GEM remote: https://rubygems.org/ specs: CFPropertyList (3.0.2) - activesupport (4.2.11.1) + activesupport (4.2.11.3) i18n (~> 0.7) minitest (~> 5.1) thread_safe (~> 0.3, >= 0.3.4) tzinfo (~> 1.1) - algoliasearch (1.27.1) + algoliasearch (1.27.2) httpclient (~> 2.8, >= 2.8.3) json (>= 1.5.1) atomos (0.1.3) claide (1.0.3) - cocoapods (1.9.1) + cocoapods (1.9.2) activesupport (>= 4.0.2, < 5) claide (>= 1.0.2, < 2.0) - cocoapods-core (= 1.9.1) + cocoapods-core (= 1.9.2) cocoapods-deintegrate (>= 1.0.3, < 2.0) cocoapods-downloader (>= 1.2.2, < 2.0) cocoapods-plugins (>= 1.0.0, < 2.0) @@ -31,7 +31,7 @@ GEM nap (~> 1.0) ruby-macho (~> 1.4) xcodeproj (>= 1.14.0, < 2.0) - cocoapods-core (1.9.1) + cocoapods-core (1.9.2) activesupport (>= 4.0.2, < 6) algoliasearch (~> 1.0) concurrent-ruby (~> 1.1) @@ -45,10 +45,10 @@ GEM nap cocoapods-search (1.0.0) cocoapods-stats (1.1.0) - cocoapods-trunk (1.4.1) + cocoapods-trunk (1.5.0) nap (>= 0.8, < 2.0) netrc (~> 0.11) - cocoapods-try (1.1.0) + cocoapods-try (1.2.0) colored2 (3.1.2) concurrent-ruby (1.1.6) escape (0.0.4) @@ -62,18 +62,18 @@ GEM i18n (0.9.5) concurrent-ruby (~> 1.0) json (2.3.0) - minitest (5.14.0) + minitest (5.14.1) molinillo (0.6.6) nanaimo (0.2.6) nap (1.1.0) netrc (0.11.0) ruby-macho (1.4.0) thread_safe (0.3.6) - typhoeus (1.3.1) + typhoeus (1.4.0) ethon (>= 0.9.0) - tzinfo (1.2.6) + tzinfo (1.2.7) thread_safe (~> 0.1) - xcodeproj (1.15.0) + xcodeproj (1.16.0) CFPropertyList (>= 2.3.3, < 4.0) atomos (~> 0.1.3) claide (>= 1.0.2, < 2.0) @@ -87,4 +87,4 @@ DEPENDENCIES cocoapods (>= 1.7.0.beta.1)! BUNDLED WITH - 1.17.3 + 2.1.4 diff --git a/pkgs/development/mobile/cocoapods/gemset-beta.nix b/pkgs/development/mobile/cocoapods/gemset-beta.nix index 1a5912b89e8..52153129262 100644 --- a/pkgs/development/mobile/cocoapods/gemset-beta.nix +++ b/pkgs/development/mobile/cocoapods/gemset-beta.nix @@ -5,10 +5,10 @@ platforms = []; source = { remotes = ["https://rubygems.org"]; - sha256 = "1vbq7a805bfvyik2q3kl9s3r418f5qzvysqbz2cwy4hr7m2q4ir6"; + sha256 = "0wp36wi3r3dscmcr0q6sbz13hr5h911c24ar7zrmmcy7p32ial2i"; type = "gem"; }; - version = "4.2.11.1"; + version = "4.2.11.3"; }; algoliasearch = { dependencies = ["httpclient" "json"]; @@ -16,10 +16,10 @@ platforms = []; source = { remotes = ["https://rubygems.org"]; - sha256 = "1ayg8j3819ay2d8618jv32ca16fh8qsgjsiq9j32yd016c170nkj"; + sha256 = "1b3xk42ry6dlsqn379p884zdi4iyra67xh45rwl6vcrwmrnbq7f0"; type = "gem"; }; - version = "1.27.1"; + version = "1.27.2"; }; atomos = { groups = ["default"]; @@ -57,10 +57,10 @@ platforms = []; source = { remotes = ["https://rubygems.org"]; - sha256 = "0wxr81qy4jsbxl066nlfp8zlqk31i6fsmd7f01xmi9bv04990hrs"; + sha256 = "0zxr5din9m8zf3mynywn4qmk3af9f5anx189i4md19c1iinkbb36"; type = "gem"; }; - version = "1.9.1"; + version = "1.9.2"; }; cocoapods-core = { dependencies = ["activesupport" "algoliasearch" "concurrent-ruby" "fuzzy_match" "nap" "netrc" "typhoeus"]; @@ -68,10 +68,10 @@ platforms = []; source = { remotes = ["https://rubygems.org"]; - sha256 = "0c1679fkyp06dwsh93r0ldzly9vc74g0br4jdngwvdl4g0j4fyzc"; + sha256 = "13qhkglivmmiv0j88l4d8anw66zdy89lg1qqk4vpvavsm7s7ls6p"; type = "gem"; }; - version = "1.9.1"; + version = "1.9.2"; }; cocoapods-deintegrate = { groups = ["default"]; @@ -130,20 +130,20 @@ platforms = []; source = { remotes = ["https://rubygems.org"]; - sha256 = "0vrwsgaq3nf7v3pwksgqy0mhswrp3ipczrc96vl3ii2pcc9ilwkw"; + sha256 = "12c6028bmdwrbqcb49mr5qj1p3vcijnjqbsbzywfx1isp44j9mv5"; type = "gem"; }; - version = "1.4.1"; + version = "1.5.0"; }; cocoapods-try = { groups = ["default"]; platforms = []; source = { remotes = ["https://rubygems.org"]; - sha256 = "1gf2zjmcjhh9psq15yfy82wz5jnlihf5bcw79f8hlv4cnqyspncj"; + sha256 = "1znyp625rql37ivb5rk9fk9564cmax8icxfr041ysivpdrn98nql"; type = "gem"; }; - version = "1.1.0"; + version = "1.2.0"; }; colored2 = { groups = ["default"]; @@ -262,10 +262,10 @@ platforms = []; source = { remotes = ["https://rubygems.org"]; - sha256 = "0g73x65hmjph8dg1h3rkzfg7ys3ffxm35hj35grw75fixmq53qyz"; + sha256 = "09bz9nsznxgaf06cx3b5z71glgl0hdw469gqx3w7bqijgrb55p5g"; type = "gem"; }; - version = "5.14.0"; + version = "5.14.1"; }; molinillo = { groups = ["default"]; @@ -333,10 +333,10 @@ platforms = []; source = { remotes = ["https://rubygems.org"]; - sha256 = "0cni8b1idcp0dk8kybmxydadhfpaj3lbs99w5kjibv8bsmip2zi5"; + sha256 = "1m22yrkmbj81rzhlny81j427qdvz57yk5wbcf3km0nf3bl6qiygz"; type = "gem"; }; - version = "1.3.1"; + version = "1.4.0"; }; tzinfo = { dependencies = ["thread_safe"]; @@ -344,10 +344,10 @@ platforms = []; source = { remotes = ["https://rubygems.org"]; - sha256 = "04f18jdv6z3zn3va50rqq35nj3izjpb72fnf21ixm7vanq6nc4fp"; + sha256 = "1i3jh086w1kbdj3k5l60lc3nwbanmzdf8yjj3mlrx9b2gjjxhi9r"; type = "gem"; }; - version = "1.2.6"; + version = "1.2.7"; }; xcodeproj = { dependencies = ["CFPropertyList" "atomos" "claide" "colored2" "nanaimo"]; @@ -355,9 +355,9 @@ platforms = []; source = { remotes = ["https://rubygems.org"]; - sha256 = "1ldb1jckfzkk9c74nv500z0q936nn25fn5mywzwrh7sjwgkaxp5z"; + sha256 = "1bkk8y6lzd86w9yx72hd1nil3fkk5f0v3il9vm554gzpl6dhc2bi"; type = "gem"; }; - version = "1.15.0"; + version = "1.16.0"; }; } \ No newline at end of file From c1cb5fee24c15a6ee7e0d315e4e5fde8ddb7b7c6 Mon Sep 17 00:00:00 2001 From: "R. RyanTM" Date: Sat, 23 May 2020 00:55:34 +0000 Subject: [PATCH 098/101] pcl: 1.10.1 -> 1.11.0 --- pkgs/development/libraries/pcl/default.nix | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/pkgs/development/libraries/pcl/default.nix b/pkgs/development/libraries/pcl/default.nix index 81da7332d0f..506c78aca8a 100644 --- a/pkgs/development/libraries/pcl/default.nix +++ b/pkgs/development/libraries/pcl/default.nix @@ -4,13 +4,13 @@ }: stdenv.mkDerivation rec { - name = "pcl-1.10.1"; + name = "pcl-1.11.0"; src = fetchFromGitHub { owner = "PointCloudLibrary"; repo = "pcl"; rev = name; - sha256 = "1i4zfcikvdl5z1s3lh0n46fgi42s9vbki4hfmy7656hamajfai0v"; + sha256 = "0nr3j71gh1v8x6wjr7a7xyr0438sw7vf621a5kbw4lmsxbj55k8g"; }; enableParallelBuilding = true; From 24c96b92595e18e73645715427bba32adbaf7677 Mon Sep 17 00:00:00 2001 From: Frederik Rietdijk Date: Sat, 23 May 2020 10:18:26 +0200 Subject: [PATCH 099/101] Revert "Merge pull request #86954 from lovesegfault/binutils-2.34" Pythons find_library is broken with binutils 2.34, and numpy could not import libraries because of not properly aligned ELF's. This is the second time binutils 2.34 got reverted. Next time, we should have a dedicated Hydra job for it. This reverts commit 629fa8a2d459449eeb3f7c911b765e58ac830254, reversing changes made to 4ddd080d1978b821391ad099806c18ac6a654e41. --- pkgs/development/libraries/glibc/common.nix | 2 +- ...OPERTY_X86_ISA_1_USED-note-if-needed.patch | 517 ++++++++++++++++ ...operly-add-X86_ISA_1_NEEDED-property.patch | 137 ++++ ...ly-merge-GNU_PROPERTY_X86_ISA_1_USED.patch | 583 ++++++++++++++++++ .../tools/misc/binutils/default.nix | 22 +- .../binutils/gold-symbol-visibility.patch | 79 +++ .../tools/misc/binutils/no-plugins.patch | 26 +- 7 files changed, 1345 insertions(+), 21 deletions(-) create mode 100644 pkgs/development/tools/misc/binutils/0001-x86-Add-a-GNU_PROPERTY_X86_ISA_1_USED-note-if-needed.patch create mode 100644 pkgs/development/tools/misc/binutils/0001-x86-Properly-add-X86_ISA_1_NEEDED-property.patch create mode 100644 pkgs/development/tools/misc/binutils/0001-x86-Properly-merge-GNU_PROPERTY_X86_ISA_1_USED.patch create mode 100644 pkgs/development/tools/misc/binutils/gold-symbol-visibility.patch diff --git a/pkgs/development/libraries/glibc/common.nix b/pkgs/development/libraries/glibc/common.nix index 52fa7191cb7..0429c7295fb 100644 --- a/pkgs/development/libraries/glibc/common.nix +++ b/pkgs/development/libraries/glibc/common.nix @@ -203,7 +203,7 @@ stdenv.mkDerivation ({ configureScript="`pwd`/../$sourceRoot/configure" ${lib.optionalString (stdenv.cc.libc != null) - ''makeFlags="$makeFlags BUILD_LDFLAGS=-Wl,-rpath,${stdenv.cc.libc}/lib OBJDUMP=${stdenv.cc.bintools.bintools}/bin/objdump"'' + ''makeFlags="$makeFlags BUILD_LDFLAGS=-Wl,-rpath,${stdenv.cc.libc}/lib"'' } diff --git a/pkgs/development/tools/misc/binutils/0001-x86-Add-a-GNU_PROPERTY_X86_ISA_1_USED-note-if-needed.patch b/pkgs/development/tools/misc/binutils/0001-x86-Add-a-GNU_PROPERTY_X86_ISA_1_USED-note-if-needed.patch new file mode 100644 index 00000000000..5a047b0f070 --- /dev/null +++ b/pkgs/development/tools/misc/binutils/0001-x86-Add-a-GNU_PROPERTY_X86_ISA_1_USED-note-if-needed.patch @@ -0,0 +1,517 @@ +From 6737a6b34f4823deb7142f27b4074831a37ac1e1 Mon Sep 17 00:00:00 2001 +From: "H.J. Lu" +Date: Fri, 20 Jul 2018 09:18:47 -0700 +Subject: [PATCH] x86: Add a GNU_PROPERTY_X86_ISA_1_USED note if needed + +When -z separate-code, which is enabled by default for Linux/x86, is +used to create executable, ld won't place any data in the code-only +PT_LOAD segment. If there are no data sections placed before the +code-only PT_LOAD segment, the program headers won't be mapped into +any PT_LOAD segment. When the executable tries to access it (based +on the program header address passed in AT_PHDR), it will lead to +segfault. This patch inserts a GNU_PROPERTY_X86_ISA_1_USED note if +there may be no data sections before the text section so that the +first PT_LOAD segment won't be code-only and will contain the program +header. + +Testcases are adjusted to either pass "-z noseparate-code" to ld or +discard the .note.gnu.property section. A Linux/x86 run-time test is +added. + +bfd/ + + PR ld/23428 + * elfxx-x86.c (_bfd_x86_elf_link_setup_gnu_properties): If the + separate code program header is needed, make sure that the first + read-only PT_LOAD segment has no code by adding a + GNU_PROPERTY_X86_ISA_1_USED note. + +ld/ + + PR ld/23428 + * testsuite/ld-elf/linux-x86.S: New file. + * testsuite/ld-elf/linux-x86.exp: Likewise. + * testsuite/ld-elf/pr23428.c: Likewise. + * testsuite/ld-elf/sec64k.exp: Pass "-z noseparate-code" to ld + for Linux/x86 targets. + * testsuite/ld-i386/abs-iamcu.d: Likewise. + * testsuite/ld-i386/abs.d: Likewise. + * testsuite/ld-i386/pr12718.d: Likewise. + * testsuite/ld-i386/pr12921.d: Likewise. + * testsuite/ld-x86-64/abs-k1om.d: Likewise. + * testsuite/ld-x86-64/abs-l1om.d: Likewise. + * testsuite/ld-x86-64/abs.d: Likewise. + * testsuite/ld-x86-64/pr12718.d: Likewise. + * testsuite/ld-x86-64/pr12921.d: Likewise. + * testsuite/ld-linkonce/zeroeh.ld: Discard .note.gnu.property + section. + * testsuite/ld-scripts/print-memory-usage.t: Likewise. + * testsuite/ld-scripts/size-2.t: Likewise. + * testsuite/lib/ld-lib.exp (run_ld_link_exec_tests): Use ld + to create executable if language is "asm". + +(cherry picked from commit 241e64e3b42cd9eba514b8e0ad2ef39a337f10a5) +--- + bfd/elfxx-x86.c | 60 ++++++++++++++----- + ld/testsuite/ld-elf/linux-x86.S | 63 ++++++++++++++++++++ + ld/testsuite/ld-elf/linux-x86.exp | 46 ++++++++++++++ + ld/testsuite/ld-elf/pr23428.c | 43 +++++++++++++ + ld/testsuite/ld-elf/sec64k.exp | 2 + + ld/testsuite/ld-i386/abs-iamcu.d | 2 +- + ld/testsuite/ld-i386/abs.d | 2 +- + ld/testsuite/ld-i386/pr12718.d | 2 +- + ld/testsuite/ld-i386/pr12921.d | 2 +- + ld/testsuite/ld-linkonce/zeroeh.ld | 1 + + ld/testsuite/ld-scripts/print-memory-usage.t | 2 + + ld/testsuite/ld-scripts/size-2.t | 1 + + ld/testsuite/ld-x86-64/abs-k1om.d | 2 +- + ld/testsuite/ld-x86-64/abs-l1om.d | 2 +- + ld/testsuite/ld-x86-64/abs.d | 2 +- + ld/testsuite/ld-x86-64/pr12718.d | 2 +- + ld/testsuite/ld-x86-64/pr12921.d | 2 +- + ld/testsuite/lib/ld-lib.exp | 5 +- + 20 files changed, 248 insertions(+), 25 deletions(-) + create mode 100644 ld/testsuite/ld-elf/linux-x86.S + create mode 100644 ld/testsuite/ld-elf/linux-x86.exp + create mode 100644 ld/testsuite/ld-elf/pr23428.c + +diff --git a/bfd/elfxx-x86.c b/bfd/elfxx-x86.c +index a2497aab86..2e4ff88f1f 100644 +--- a/bfd/elfxx-x86.c ++++ b/bfd/elfxx-x86.c +@@ -2524,6 +2524,7 @@ _bfd_x86_elf_link_setup_gnu_properties + const struct elf_backend_data *bed; + unsigned int class_align = ABI_64_P (info->output_bfd) ? 3 : 2; + unsigned int got_align; ++ bfd_boolean has_text = FALSE; + + features = 0; + if (info->ibt) +@@ -2538,24 +2539,59 @@ _bfd_x86_elf_link_setup_gnu_properties + if (bfd_get_flavour (pbfd) == bfd_target_elf_flavour + && bfd_count_sections (pbfd) != 0) + { ++ if (!has_text) ++ { ++ /* Check if there is no non-empty text section. */ ++ sec = bfd_get_section_by_name (pbfd, ".text"); ++ if (sec != NULL && sec->size != 0) ++ has_text = TRUE; ++ } ++ + ebfd = pbfd; + + if (elf_properties (pbfd) != NULL) + break; + } + +- if (ebfd != NULL && features) ++ bed = get_elf_backend_data (info->output_bfd); ++ ++ htab = elf_x86_hash_table (info, bed->target_id); ++ if (htab == NULL) ++ return pbfd; ++ ++ if (ebfd != NULL) + { +- /* If features is set, add GNU_PROPERTY_X86_FEATURE_1_IBT and +- GNU_PROPERTY_X86_FEATURE_1_SHSTK. */ +- prop = _bfd_elf_get_property (ebfd, +- GNU_PROPERTY_X86_FEATURE_1_AND, +- 4); +- prop->u.number |= features; +- prop->pr_kind = property_number; ++ prop = NULL; ++ if (features) ++ { ++ /* If features is set, add GNU_PROPERTY_X86_FEATURE_1_IBT and ++ GNU_PROPERTY_X86_FEATURE_1_SHSTK. */ ++ prop = _bfd_elf_get_property (ebfd, ++ GNU_PROPERTY_X86_FEATURE_1_AND, ++ 4); ++ prop->u.number |= features; ++ prop->pr_kind = property_number; ++ } ++ else if (has_text ++ && elf_properties (ebfd) == NULL ++ && elf_tdata (info->output_bfd)->o->build_id.sec == NULL ++ && !htab->elf.dynamic_sections_created ++ && !info->traditional_format ++ && (info->output_bfd->flags & D_PAGED) != 0 ++ && info->separate_code) ++ { ++ /* If the separate code program header is needed, make sure ++ that the first read-only PT_LOAD segment has no code by ++ adding a GNU_PROPERTY_X86_ISA_1_USED note. */ ++ prop = _bfd_elf_get_property (ebfd, ++ GNU_PROPERTY_X86_ISA_1_USED, ++ 4); ++ prop->u.number = GNU_PROPERTY_X86_ISA_1_486; ++ prop->pr_kind = property_number; ++ } + + /* Create the GNU property note section if needed. */ +- if (pbfd == NULL) ++ if (prop != NULL && pbfd == NULL) + { + sec = bfd_make_section_with_flags (ebfd, + NOTE_GNU_PROPERTY_SECTION_NAME, +@@ -2581,12 +2617,6 @@ error_alignment: + + pbfd = _bfd_elf_link_setup_gnu_properties (info); + +- bed = get_elf_backend_data (info->output_bfd); +- +- htab = elf_x86_hash_table (info, bed->target_id); +- if (htab == NULL) +- return pbfd; +- + htab->r_info = init_table->r_info; + htab->r_sym = init_table->r_sym; + +diff --git a/ld/testsuite/ld-elf/linux-x86.S b/ld/testsuite/ld-elf/linux-x86.S +new file mode 100644 +index 0000000000..bdf40c6e01 +--- /dev/null ++++ b/ld/testsuite/ld-elf/linux-x86.S +@@ -0,0 +1,63 @@ ++ .text ++ .globl _start ++ .type _start,@function ++ .p2align 4 ++_start: ++ xorl %ebp, %ebp ++#ifdef __LP64__ ++ popq %rdi ++ movq %rsp, %rsi ++ andq $~15, %rsp ++#elif defined __x86_64__ ++ mov (%rsp),%edi ++ addl $4,%esp ++ movl %esp, %esi ++ andl $~15, %esp ++#else ++ popl %esi ++ movl %esp, %ecx ++ andl $~15, %esp ++ ++ subl $8,%esp ++ pushl %ecx ++ pushl %esi ++#endif ++ ++ call main ++ ++ hlt ++ ++ .type syscall, @function ++ .globl syscall ++ .p2align 4 ++syscall: ++#ifdef __x86_64__ ++ movq %rdi, %rax /* Syscall number -> rax. */ ++ movq %rsi, %rdi /* shift arg1 - arg5. */ ++ movq %rdx, %rsi ++ movq %rcx, %rdx ++ movq %r8, %r10 ++ movq %r9, %r8 ++ movq 8(%rsp),%r9 /* arg6 is on the stack. */ ++ syscall /* Do the system call. */ ++#else ++ push %ebp ++ push %edi ++ push %esi ++ push %ebx ++ mov 0x2c(%esp),%ebp ++ mov 0x28(%esp),%edi ++ mov 0x24(%esp),%esi ++ mov 0x20(%esp),%edx ++ mov 0x1c(%esp),%ecx ++ mov 0x18(%esp),%ebx ++ mov 0x14(%esp),%eax ++ int $0x80 ++ pop %ebx ++ pop %esi ++ pop %edi ++ pop %ebp ++#endif ++ ret /* Return to caller. */ ++ .size syscall, .-syscall ++ .section .note.GNU-stack,"",@progbits +diff --git a/ld/testsuite/ld-elf/linux-x86.exp b/ld/testsuite/ld-elf/linux-x86.exp +new file mode 100644 +index 0000000000..36217c6fb4 +--- /dev/null ++++ b/ld/testsuite/ld-elf/linux-x86.exp +@@ -0,0 +1,46 @@ ++# Expect script for simple native Linux/x86 tests. ++# Copyright (C) 2018 Free Software Foundation, Inc. ++# ++# This file is part of the GNU Binutils. ++# ++# This program is free software; you can redistribute it and/or modify ++# it under the terms of the GNU General Public License as published by ++# the Free Software Foundation; either version 3 of the License, or ++# (at your option) any later version. ++# ++# This program is distributed in the hope that it will be useful, ++# but WITHOUT ANY WARRANTY; without even the implied warranty of ++# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the ++# GNU General Public License for more details. ++# ++# You should have received a copy of the GNU General Public License ++# along with this program; if not, write to the Free Software ++# Foundation, Inc., 51 Franklin Street - Fifth Floor, Boston, ++# MA 02110-1301, USA. ++# ++ ++# Test very simple native Linux/x86 programs with linux-x86.S. ++if { ![isnative] || [which $CC] == 0 \ ++ || (![istarget "i?86-*-linux*"] \ ++ && ![istarget "x86_64-*-linux*"] \ ++ && ![istarget "amd64-*-linux*"]) } { ++ return ++} ++ ++# Add $PLT_CFLAGS if PLT is expected. ++global PLT_CFLAGS ++# Add $NOPIE_CFLAGS and $NOPIE_LDFLAGS if non-PIE is required. ++global NOPIE_CFLAGS NOPIE_LDFLAGS ++ ++run_ld_link_exec_tests [list \ ++ [list \ ++ "Run PR ld/23428 test" \ ++ "--no-dynamic-linker -z separate-code" \ ++ "" \ ++ { linux-x86.S pr23428.c } \ ++ "pr23428" \ ++ "pass.out" \ ++ "$NOPIE_CFLAGS -fno-asynchronous-unwind-tables" \ ++ "asm" \ ++ ] \ ++] +diff --git a/ld/testsuite/ld-elf/pr23428.c b/ld/testsuite/ld-elf/pr23428.c +new file mode 100644 +index 0000000000..3631ed7926 +--- /dev/null ++++ b/ld/testsuite/ld-elf/pr23428.c +@@ -0,0 +1,43 @@ ++#include ++#include ++#include ++ ++#define STRING_COMMA_LEN(STR) (STR), (sizeof (STR) - 1) ++ ++int ++main (int argc, char **argv) ++{ ++ char **ev = &argv[argc + 1]; ++ char **evp = ev; ++ ElfW(auxv_t) *av; ++ const ElfW(Phdr) *phdr = NULL; ++ size_t phnum = 0; ++ size_t loadnum = 0; ++ int fd = STDOUT_FILENO; ++ size_t i; ++ ++ while (*evp++ != NULL) ++ ; ++ ++ av = (ElfW(auxv_t) *) evp; ++ ++ for (; av->a_type != AT_NULL; ++av) ++ switch (av->a_type) ++ { ++ case AT_PHDR: ++ phdr = (const void *) av->a_un.a_val; ++ break; ++ case AT_PHNUM: ++ phnum = av->a_un.a_val; ++ break; ++ } ++ ++ for (i = 0; i < phnum; i++, phdr++) ++ if (phdr->p_type == PT_LOAD) ++ loadnum++; ++ ++ syscall (SYS_write, fd, STRING_COMMA_LEN ("PASS\n")); ++ ++ syscall (SYS_exit, !loadnum); ++ return 0; ++} +diff --git a/ld/testsuite/ld-elf/sec64k.exp b/ld/testsuite/ld-elf/sec64k.exp +index b58139e9dd..3909c0eaa1 100644 +--- a/ld/testsuite/ld-elf/sec64k.exp ++++ b/ld/testsuite/ld-elf/sec64k.exp +@@ -177,6 +177,8 @@ if { ![istarget "d10v-*-*"] + foreach sfile $sfiles { puts $ofd "#source: $sfile" } + if { [istarget spu*-*-*] } { + puts $ofd "#ld: --local-store 0:0" ++ } elseif { [istarget "i?86-*-linux*"] || [istarget "x86_64-*-linux*"] } { ++ puts $ofd "#ld: -z noseparate-code" + } else { + puts $ofd "#ld:" + } +diff --git a/ld/testsuite/ld-i386/abs-iamcu.d b/ld/testsuite/ld-i386/abs-iamcu.d +index ac9beff2e5..aba7d6b03f 100644 +--- a/ld/testsuite/ld-i386/abs-iamcu.d ++++ b/ld/testsuite/ld-i386/abs-iamcu.d +@@ -2,7 +2,7 @@ + #source: abs.s + #source: zero.s + #as: --32 -march=iamcu +-#ld: -m elf_iamcu ++#ld: -m elf_iamcu -z noseparate-code + #objdump: -rs -j .text + + .*: file format .* +diff --git a/ld/testsuite/ld-i386/abs.d b/ld/testsuite/ld-i386/abs.d +index e660aca524..191ee4456a 100644 +--- a/ld/testsuite/ld-i386/abs.d ++++ b/ld/testsuite/ld-i386/abs.d +@@ -2,7 +2,7 @@ + #as: --32 + #source: abs.s + #source: zero.s +-#ld: -melf_i386 ++#ld: -melf_i386 -z noseparate-code + #objdump: -rs + + .*: file format .* +diff --git a/ld/testsuite/ld-i386/pr12718.d b/ld/testsuite/ld-i386/pr12718.d +index ec51540a42..7eba52d95e 100644 +--- a/ld/testsuite/ld-i386/pr12718.d ++++ b/ld/testsuite/ld-i386/pr12718.d +@@ -1,6 +1,6 @@ + #name: PR ld/12718 + #as: --32 +-#ld: -melf_i386 ++#ld: -melf_i386 -z noseparate-code + #readelf: -S + + There are 5 section headers, starting at offset 0x[0-9a-f]+: +diff --git a/ld/testsuite/ld-i386/pr12921.d b/ld/testsuite/ld-i386/pr12921.d +index e49079b3c8..ea2da3eb51 100644 +--- a/ld/testsuite/ld-i386/pr12921.d ++++ b/ld/testsuite/ld-i386/pr12921.d +@@ -1,6 +1,6 @@ + #name: PR ld/12921 + #as: --32 +-#ld: -melf_i386 ++#ld: -melf_i386 -z noseparate-code + #readelf: -S --wide + + There are 7 section headers, starting at offset 0x[0-9a-f]+: +diff --git a/ld/testsuite/ld-linkonce/zeroeh.ld b/ld/testsuite/ld-linkonce/zeroeh.ld +index b22eaa12c9..f89855a08f 100644 +--- a/ld/testsuite/ld-linkonce/zeroeh.ld ++++ b/ld/testsuite/ld-linkonce/zeroeh.ld +@@ -2,4 +2,5 @@ SECTIONS { + .text 0xa00 : { *(.text); *(.gnu.linkonce.t.*) } + .gcc_except_table 0x2000 : { *(.gcc_except_table) } + .eh_frame 0x4000 : { *(.eh_frame) } ++ /DISCARD/ : { *(.note.gnu.property) } + } +diff --git a/ld/testsuite/ld-scripts/print-memory-usage.t b/ld/testsuite/ld-scripts/print-memory-usage.t +index 5ff057a5e3..6eda1d2dc4 100644 +--- a/ld/testsuite/ld-scripts/print-memory-usage.t ++++ b/ld/testsuite/ld-scripts/print-memory-usage.t +@@ -11,4 +11,6 @@ SECTIONS + *(.data) + *(.rw) + } ++ ++ /DISCARD/ : { *(.note.gnu.property) } + } +diff --git a/ld/testsuite/ld-scripts/size-2.t b/ld/testsuite/ld-scripts/size-2.t +index 723863995e..c3c4eddab4 100644 +--- a/ld/testsuite/ld-scripts/size-2.t ++++ b/ld/testsuite/ld-scripts/size-2.t +@@ -18,4 +18,5 @@ SECTIONS + LONG (SIZEOF (.tdata)) + LONG (SIZEOF (.tbss)) + } :image ++ /DISCARD/ : { *(.note.gnu.property) } + } +diff --git a/ld/testsuite/ld-x86-64/abs-k1om.d b/ld/testsuite/ld-x86-64/abs-k1om.d +index 2c26639fc0..6b0fde0eed 100644 +--- a/ld/testsuite/ld-x86-64/abs-k1om.d ++++ b/ld/testsuite/ld-x86-64/abs-k1om.d +@@ -2,7 +2,7 @@ + #source: ../ld-i386/abs.s + #source: ../ld-i386/zero.s + #as: --64 -march=k1om +-#ld: -m elf_k1om ++#ld: -m elf_k1om -z noseparate-code + #objdump: -rs -j .text + + .*: file format .* +diff --git a/ld/testsuite/ld-x86-64/abs-l1om.d b/ld/testsuite/ld-x86-64/abs-l1om.d +index 1fb96d44b7..f87869f9d0 100644 +--- a/ld/testsuite/ld-x86-64/abs-l1om.d ++++ b/ld/testsuite/ld-x86-64/abs-l1om.d +@@ -2,7 +2,7 @@ + #source: ../ld-i386/abs.s + #source: ../ld-i386/zero.s + #as: --64 -march=l1om +-#ld: -m elf_l1om ++#ld: -m elf_l1om -z noseparate-code + #objdump: -rs -j .text + #target: x86_64-*-linux* + +diff --git a/ld/testsuite/ld-x86-64/abs.d b/ld/testsuite/ld-x86-64/abs.d +index b24b018639..d99ab4685d 100644 +--- a/ld/testsuite/ld-x86-64/abs.d ++++ b/ld/testsuite/ld-x86-64/abs.d +@@ -1,7 +1,7 @@ + #name: Absolute non-overflowing relocs + #source: ../ld-i386/abs.s + #source: ../ld-i386/zero.s +-#ld: ++#ld: -z noseparate-code + #objdump: -rs + + .*: file format .* +diff --git a/ld/testsuite/ld-x86-64/pr12718.d b/ld/testsuite/ld-x86-64/pr12718.d +index 07d17325d0..2c503ffbaa 100644 +--- a/ld/testsuite/ld-x86-64/pr12718.d ++++ b/ld/testsuite/ld-x86-64/pr12718.d +@@ -1,6 +1,6 @@ + #name: PR ld/12718 + #as: --64 +-#ld: -melf_x86_64 ++#ld: -melf_x86_64 -z noseparate-code + #readelf: -S --wide + + There are 5 section headers, starting at offset 0x[0-9a-f]+: +diff --git a/ld/testsuite/ld-x86-64/pr12921.d b/ld/testsuite/ld-x86-64/pr12921.d +index 6fe6abee09..1162d55818 100644 +--- a/ld/testsuite/ld-x86-64/pr12921.d ++++ b/ld/testsuite/ld-x86-64/pr12921.d +@@ -1,6 +1,6 @@ + #name: PR ld/12921 + #as: --64 +-#ld: -melf_x86_64 ++#ld: -melf_x86_64 -z noseparate-code + #readelf: -S --wide + + There are 7 section headers, starting at offset 0x[0-9a-f]+: +diff --git a/ld/testsuite/lib/ld-lib.exp b/ld/testsuite/lib/ld-lib.exp +index cfbefe9028..1095091882 100644 +--- a/ld/testsuite/lib/ld-lib.exp ++++ b/ld/testsuite/lib/ld-lib.exp +@@ -1482,7 +1482,10 @@ proc run_ld_link_exec_tests { ldtests args } { + continue + } + +- if { [ string match "c++" $lang ] } { ++ if { [ string match "asm" $lang ] } { ++ set link_proc ld_link ++ set link_cmd $ld ++ } elseif { [ string match "c++" $lang ] } { + set link_proc ld_link + set link_cmd $CXX + } else { +-- +2.20.1 + diff --git a/pkgs/development/tools/misc/binutils/0001-x86-Properly-add-X86_ISA_1_NEEDED-property.patch b/pkgs/development/tools/misc/binutils/0001-x86-Properly-add-X86_ISA_1_NEEDED-property.patch new file mode 100644 index 00000000000..ca50d9a57cd --- /dev/null +++ b/pkgs/development/tools/misc/binutils/0001-x86-Properly-add-X86_ISA_1_NEEDED-property.patch @@ -0,0 +1,137 @@ +From 28a27bdbb9500797e6767f80c8128b09112aeed5 Mon Sep 17 00:00:00 2001 +From: "H.J. Lu" +Date: Sat, 11 Aug 2018 06:41:33 -0700 +Subject: [PATCH] x86: Properly add X86_ISA_1_NEEDED property + +Existing properties may be removed during property merging. We avoid +adding X86_ISA_1_NEEDED property only if existing properties won't be +removed. + +bfd/ + + PR ld/23428 + * elfxx-x86.c (_bfd_x86_elf_link_setup_gnu_properties): Don't + add X86_ISA_1_NEEDED property only if existing properties won't + be removed. + +ld/ + + PR ld/23428 + * testsuite/ld-elf/dummy.s: New file. + * testsuite/ld-elf/linux-x86.S: Add X86_FEATURE_1_AND property. + * testsuite/ld-elf/linux-x86.exp: Add dummy.s to pr23428. + +(cherry picked from commit ab9e342807d132182892de1be1a92d6e91a5c1da) +--- + bfd/elfxx-x86.c | 28 ++++++++++++++++++++++------ + ld/testsuite/ld-elf/dummy.s | 1 + + ld/testsuite/ld-elf/linux-x86.S | 28 ++++++++++++++++++++++++++++ + ld/testsuite/ld-elf/linux-x86.exp | 2 +- + 6 files changed, 66 insertions(+), 7 deletions(-) + create mode 100644 ld/testsuite/ld-elf/dummy.s + +diff --git a/bfd/elfxx-x86.c b/bfd/elfxx-x86.c +index 7ccfd25815..2d8f7b640b 100644 +--- a/bfd/elfxx-x86.c ++++ b/bfd/elfxx-x86.c +@@ -2588,7 +2588,6 @@ _bfd_x86_elf_link_setup_gnu_properties + prop->pr_kind = property_number; + } + else if (has_text +- && elf_properties (ebfd) == NULL + && elf_tdata (info->output_bfd)->o->build_id.sec == NULL + && !htab->elf.dynamic_sections_created + && !info->traditional_format +@@ -2598,11 +2597,28 @@ _bfd_x86_elf_link_setup_gnu_properties + /* If the separate code program header is needed, make sure + that the first read-only PT_LOAD segment has no code by + adding a GNU_PROPERTY_X86_ISA_1_NEEDED note. */ +- prop = _bfd_elf_get_property (ebfd, +- GNU_PROPERTY_X86_ISA_1_NEEDED, +- 4); +- prop->u.number = GNU_PROPERTY_X86_ISA_1_486; +- prop->pr_kind = property_number; ++ elf_property_list *list; ++ bfd_boolean need_property = TRUE; ++ ++ for (list = elf_properties (ebfd); list; list = list->next) ++ switch (list->property.pr_type) ++ { ++ case GNU_PROPERTY_STACK_SIZE: ++ case GNU_PROPERTY_NO_COPY_ON_PROTECTED: ++ case GNU_PROPERTY_X86_ISA_1_NEEDED: ++ /* These properties won't be removed during merging. */ ++ need_property = FALSE; ++ break; ++ } ++ ++ if (need_property) ++ { ++ prop = _bfd_elf_get_property (ebfd, ++ GNU_PROPERTY_X86_ISA_1_NEEDED, ++ 4); ++ prop->u.number = GNU_PROPERTY_X86_ISA_1_486; ++ prop->pr_kind = property_number; ++ } + } + + /* Create the GNU property note section if needed. */ +diff --git a/ld/testsuite/ld-elf/dummy.s b/ld/testsuite/ld-elf/dummy.s +new file mode 100644 +index 0000000000..403f98000d +--- /dev/null ++++ b/ld/testsuite/ld-elf/dummy.s +@@ -0,0 +1 @@ ++# Dummy +diff --git a/ld/testsuite/ld-elf/linux-x86.S b/ld/testsuite/ld-elf/linux-x86.S +index bdf40c6e01..d94abc1106 100644 +--- a/ld/testsuite/ld-elf/linux-x86.S ++++ b/ld/testsuite/ld-elf/linux-x86.S +@@ -61,3 +61,31 @@ syscall: + ret /* Return to caller. */ + .size syscall, .-syscall + .section .note.GNU-stack,"",@progbits ++ ++ .section ".note.gnu.property", "a" ++#ifdef __LP64__ ++ .p2align 3 ++#else ++ .p2align 2 ++#endif ++ .long 1f - 0f /* name length */ ++ .long 5f - 2f /* data length */ ++ .long 5 /* note type */ ++0: .asciz "GNU" /* vendor name */ ++1: ++#ifdef __LP64__ ++ .p2align 3 ++#else ++ .p2align 2 ++#endif ++2: .long 0xc0000002 /* pr_type. */ ++ .long 4f - 3f /* pr_datasz. */ ++3: ++ .long 0x2 ++4: ++#ifdef __LP64__ ++ .p2align 3 ++#else ++ .p2align 2 ++#endif ++5: +diff --git a/ld/testsuite/ld-elf/linux-x86.exp b/ld/testsuite/ld-elf/linux-x86.exp +index 36217c6fb4..f6f5a80853 100644 +--- a/ld/testsuite/ld-elf/linux-x86.exp ++++ b/ld/testsuite/ld-elf/linux-x86.exp +@@ -37,7 +37,7 @@ run_ld_link_exec_tests [list \ + "Run PR ld/23428 test" \ + "--no-dynamic-linker -z separate-code" \ + "" \ +- { linux-x86.S pr23428.c } \ ++ { linux-x86.S pr23428.c dummy.s } \ + "pr23428" \ + "pass.out" \ + "$NOPIE_CFLAGS -fno-asynchronous-unwind-tables" \ +-- +2.20.1 + diff --git a/pkgs/development/tools/misc/binutils/0001-x86-Properly-merge-GNU_PROPERTY_X86_ISA_1_USED.patch b/pkgs/development/tools/misc/binutils/0001-x86-Properly-merge-GNU_PROPERTY_X86_ISA_1_USED.patch new file mode 100644 index 00000000000..866d6db8ce2 --- /dev/null +++ b/pkgs/development/tools/misc/binutils/0001-x86-Properly-merge-GNU_PROPERTY_X86_ISA_1_USED.patch @@ -0,0 +1,583 @@ +From d55c3e36094f06bb1fb02f5eac19fdccf1d91f7e Mon Sep 17 00:00:00 2001 +From: "H.J. Lu" +Date: Wed, 8 Aug 2018 06:09:15 -0700 +Subject: [PATCH] x86: Properly merge GNU_PROPERTY_X86_ISA_1_USED +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +Without the GNU_PROPERTY_X86_ISA_1_USED property, all ISAs may be used. +If a bit in the GNU_PROPERTY_X86_ISA_1_USED property is unset, the +corresponding x86 instruction set isn’t used. When merging properties +from 2 input files and one input file doesn't have the +GNU_PROPERTY_X86_ISA_1_USED property, the output file shouldn't have +it neither. This patch removes the GNU_PROPERTY_X86_ISA_1_USED +property if an input file doesn't have it. + +This patch replaces the GNU_PROPERTY_X86_ISA_1_USED property with the +GNU_PROPERTY_X86_ISA_1_NEEDED property which is the minimum ISA +requirement. + +bfd/ + + PR ld/23486 + * elfxx-x86.c (_bfd_x86_elf_merge_gnu_properties): Remove + GNU_PROPERTY_X86_ISA_1_USED if an input file doesn't have it. + (_bfd_x86_elf_link_setup_gnu_properties): Adding the + GNU_PROPERTY_X86_ISA_1_NEEDED, instead of + GNU_PROPERTY_X86_ISA_1_USED, property. + +ld/ + + PR ld/23486 + * testsuite/ld-i386/i386.exp: Run PR ld/23486 tests. + * testsuite/ld-x86-64/x86-64.exp: Likewise. + * testsuite/ld-i386/pr23486a.d: New file. + * testsuite/ld-i386/pr23486b.d: Likewise. + * testsuite/ld-x86-64/pr23486a-x32.d: Likewise. + * testsuite/ld-x86-64/pr23486a.d: Likewise. + * testsuite/ld-x86-64/pr23486a.s: Likewise. + * testsuite/ld-x86-64/pr23486b-x32.d: Likewise. + * testsuite/ld-x86-64/pr23486b.d: Likewise. + * testsuite/ld-x86-64/pr23486b.s: Likewise. + * testsuite/ld-i386/property-3.r: Remove "x86 ISA used". + * testsuite/ld-i386/property-4.r: Likewise. + * testsuite/ld-i386/property-5.r: Likewise. + * testsuite/ld-i386/property-x86-ibt3a.d: Likewise. + * testsuite/ld-i386/property-x86-ibt3b.d: Likewise. + * testsuite/ld-i386/property-x86-shstk3a.d: Likewise. + * testsuite/ld-i386/property-x86-shstk3b.d: Likewise. + * testsuite/ld-x86-64/property-3.r: Likewise. + * testsuite/ld-x86-64/property-4.r: Likewise. + * testsuite/ld-x86-64/property-5.r: Likewise. + * testsuite/ld-x86-64/property-x86-ibt3a-x32.d: Likewise. + * testsuite/ld-x86-64/property-x86-ibt3a.d: Likewise. + * testsuite/ld-x86-64/property-x86-ibt3b-x32.d: Likewise. + * testsuite/ld-x86-64/property-x86-ibt3b.d: Likewise. + * testsuite/ld-x86-64/property-x86-shstk3a-x32.d: Likewise. + * testsuite/ld-x86-64/property-x86-shstk3a.d: Likewise. + * testsuite/ld-x86-64/property-x86-shstk3b-x32.d: Likewise. + * testsuite/ld-x86-64/property-x86-shstk3b.d: Likewise. + +(cherry picked from commit f7309df20c4e787041cedc4a6aced89c15259e54) +--- + bfd/elfxx-x86.c | 25 ++++++++++++--- + ld/testsuite/ld-i386/i386.exp | 2 ++ + ld/testsuite/ld-i386/pr23486a.d | 10 ++++++ + ld/testsuite/ld-i386/pr23486b.d | 10 ++++++ + ld/testsuite/ld-i386/property-3.r | 1 - + ld/testsuite/ld-i386/property-4.r | 1 - + ld/testsuite/ld-i386/property-5.r | 1 - + ld/testsuite/ld-i386/property-x86-ibt3a.d | 5 ++- + ld/testsuite/ld-i386/property-x86-ibt3b.d | 5 ++- + ld/testsuite/ld-i386/property-x86-shstk3a.d | 5 ++- + ld/testsuite/ld-i386/property-x86-shstk3b.d | 5 ++- + ld/testsuite/ld-x86-64/pr23486a-x32.d | 10 ++++++ + ld/testsuite/ld-x86-64/pr23486a.d | 10 ++++++ + ld/testsuite/ld-x86-64/pr23486a.s | 30 +++++++++++++++++ + ld/testsuite/ld-x86-64/pr23486b-x32.d | 10 ++++++ + ld/testsuite/ld-x86-64/pr23486b.d | 10 ++++++ + ld/testsuite/ld-x86-64/pr23486b.s | 30 +++++++++++++++++ + ld/testsuite/ld-x86-64/property-3.r | 1 - + ld/testsuite/ld-x86-64/property-4.r | 1 - + ld/testsuite/ld-x86-64/property-5.r | 1 - + .../ld-x86-64/property-x86-ibt3a-x32.d | 5 ++- + ld/testsuite/ld-x86-64/property-x86-ibt3a.d | 5 ++- + .../ld-x86-64/property-x86-ibt3b-x32.d | 5 ++- + ld/testsuite/ld-x86-64/property-x86-ibt3b.d | 5 ++- + .../ld-x86-64/property-x86-shstk3a-x32.d | 5 ++- + ld/testsuite/ld-x86-64/property-x86-shstk3a.d | 5 ++- + .../ld-x86-64/property-x86-shstk3b-x32.d | 5 ++- + ld/testsuite/ld-x86-64/property-x86-shstk3b.d | 5 ++- + ld/testsuite/ld-x86-64/x86-64.exp | 4 +++ + 31 files changed, 211 insertions(+), 47 deletions(-) + create mode 100644 ld/testsuite/ld-i386/pr23486a.d + create mode 100644 ld/testsuite/ld-i386/pr23486b.d + create mode 100644 ld/testsuite/ld-x86-64/pr23486a-x32.d + create mode 100644 ld/testsuite/ld-x86-64/pr23486a.d + create mode 100644 ld/testsuite/ld-x86-64/pr23486a.s + create mode 100644 ld/testsuite/ld-x86-64/pr23486b-x32.d + create mode 100644 ld/testsuite/ld-x86-64/pr23486b.d + create mode 100644 ld/testsuite/ld-x86-64/pr23486b.s + +--- a/bfd/elfxx-x86.c ++++ b/bfd/elfxx-x86.c +@@ -2407,12 +2407,27 @@ _bfd_x86_elf_merge_gnu_properties (struct bfd_link_info *info, + switch (pr_type) + { + case GNU_PROPERTY_X86_ISA_1_USED: ++ if (aprop == NULL || bprop == NULL) ++ { ++ /* Only one of APROP and BPROP can be NULL. */ ++ if (aprop != NULL) ++ { ++ /* Remove this property since the other input file doesn't ++ have it. */ ++ aprop->pr_kind = property_remove; ++ updated = TRUE; ++ } ++ break; ++ } ++ goto or_property; ++ + case GNU_PROPERTY_X86_ISA_1_NEEDED: + if (aprop != NULL && bprop != NULL) + { ++or_property: + number = aprop->u.number; + aprop->u.number = number | bprop->u.number; +- /* Remove the property if ISA bits are empty. */ ++ /* Remove the property if all bits are empty. */ + if (aprop->u.number == 0) + { + aprop->pr_kind = property_remove; +@@ -2428,14 +2443,14 @@ _bfd_x86_elf_merge_gnu_properties (struct bfd_link_info *info, + { + if (aprop->u.number == 0) + { +- /* Remove APROP if ISA bits are empty. */ ++ /* Remove APROP if all bits are empty. */ + aprop->pr_kind = property_remove; + updated = TRUE; + } + } + else + { +- /* Return TRUE if APROP is NULL and ISA bits of BPROP ++ /* Return TRUE if APROP is NULL and all bits of BPROP + aren't empty to indicate that BPROP should be added + to ABFD. */ + updated = bprop->u.number != 0; +@@ -2582,9 +2597,9 @@ _bfd_x86_elf_link_setup_gnu_properties + { + /* If the separate code program header is needed, make sure + that the first read-only PT_LOAD segment has no code by +- adding a GNU_PROPERTY_X86_ISA_1_USED note. */ ++ adding a GNU_PROPERTY_X86_ISA_1_NEEDED note. */ + prop = _bfd_elf_get_property (ebfd, +- GNU_PROPERTY_X86_ISA_1_USED, ++ GNU_PROPERTY_X86_ISA_1_NEEDED, + 4); + prop->u.number = GNU_PROPERTY_X86_ISA_1_486; + prop->pr_kind = property_number; +diff --git a/ld/testsuite/ld-i386/i386.exp b/ld/testsuite/ld-i386/i386.exp +index 6d794fe653..78dad02579 100644 +--- a/ld/testsuite/ld-i386/i386.exp ++++ b/ld/testsuite/ld-i386/i386.exp +@@ -462,6 +462,8 @@ run_dump_test "pr23189" + run_dump_test "pr23194" + run_dump_test "pr23372a" + run_dump_test "pr23372b" ++run_dump_test "pr23486a" ++run_dump_test "pr23486b" + + if { !([istarget "i?86-*-linux*"] + || [istarget "i?86-*-gnu*"] +diff --git a/ld/testsuite/ld-i386/pr23486a.d b/ld/testsuite/ld-i386/pr23486a.d +new file mode 100644 +index 0000000000..41a6dcf7d5 +--- /dev/null ++++ b/ld/testsuite/ld-i386/pr23486a.d +@@ -0,0 +1,10 @@ ++#source: ../ld-x86-64/pr23486a.s ++#source: ../ld-x86-64/pr23486b.s ++#as: --32 ++#ld: -r -m elf_i386 ++#readelf: -n ++ ++Displaying notes found in: .note.gnu.property ++ Owner Data size Description ++ GNU 0x0000000c NT_GNU_PROPERTY_TYPE_0 ++ Properties: x86 ISA needed: i486, 586 +diff --git a/ld/testsuite/ld-i386/pr23486b.d b/ld/testsuite/ld-i386/pr23486b.d +new file mode 100644 +index 0000000000..08019b7274 +--- /dev/null ++++ b/ld/testsuite/ld-i386/pr23486b.d +@@ -0,0 +1,10 @@ ++#source: ../ld-x86-64/pr23486b.s ++#source: ../ld-x86-64/pr23486a.s ++#as: --32 ++#ld: -r -m elf_i386 ++#readelf: -n ++ ++Displaying notes found in: .note.gnu.property ++ Owner Data size Description ++ GNU 0x0000000c NT_GNU_PROPERTY_TYPE_0 ++ Properties: x86 ISA needed: i486, 586 +diff --git a/ld/testsuite/ld-i386/property-3.r b/ld/testsuite/ld-i386/property-3.r +index 0ed91f5922..d03203c1e5 100644 +--- a/ld/testsuite/ld-i386/property-3.r ++++ b/ld/testsuite/ld-i386/property-3.r +@@ -3,6 +3,5 @@ Displaying notes found in: .note.gnu.property + Owner Data size Description + GNU 0x[0-9a-f]+ NT_GNU_PROPERTY_TYPE_0 + Properties: stack size: 0x800000 +- x86 ISA used: 586, SSE + x86 ISA needed: i486, 586 + #pass +diff --git a/ld/testsuite/ld-i386/property-4.r b/ld/testsuite/ld-i386/property-4.r +index cb2bc15d9a..da295eb6c7 100644 +--- a/ld/testsuite/ld-i386/property-4.r ++++ b/ld/testsuite/ld-i386/property-4.r +@@ -3,6 +3,5 @@ Displaying notes found in: .note.gnu.property + Owner Data size Description + GNU 0x[0-9a-f]+ NT_GNU_PROPERTY_TYPE_0 + Properties: stack size: 0x800000 +- x86 ISA used: i486, 586, SSE + x86 ISA needed: i486, 586, SSE + #pass +diff --git a/ld/testsuite/ld-i386/property-5.r b/ld/testsuite/ld-i386/property-5.r +index 552965058c..e4141594b3 100644 +--- a/ld/testsuite/ld-i386/property-5.r ++++ b/ld/testsuite/ld-i386/property-5.r +@@ -3,6 +3,5 @@ Displaying notes found in: .note.gnu.property + Owner Data size Description + GNU 0x[0-9a-f]+ NT_GNU_PROPERTY_TYPE_0 + Properties: stack size: 0x900000 +- x86 ISA used: i486, 586, SSE + x86 ISA needed: i486, 586, SSE + #pass +diff --git a/ld/testsuite/ld-i386/property-x86-ibt3a.d b/ld/testsuite/ld-i386/property-x86-ibt3a.d +index 4bb35b00fb..0aedea1614 100644 +--- a/ld/testsuite/ld-i386/property-x86-ibt3a.d ++++ b/ld/testsuite/ld-i386/property-x86-ibt3a.d +@@ -6,6 +6,5 @@ + + Displaying notes found in: .note.gnu.property + Owner Data size Description +- GNU 0x00000018 NT_GNU_PROPERTY_TYPE_0 +- Properties: x86 ISA used: i486, 586, SSE2, SSE3 +- x86 ISA needed: 586, SSE, SSE3, SSE4_1 ++ GNU 0x0000000c NT_GNU_PROPERTY_TYPE_0 ++ Properties: x86 ISA needed: 586, SSE, SSE3, SSE4_1 +diff --git a/ld/testsuite/ld-i386/property-x86-ibt3b.d b/ld/testsuite/ld-i386/property-x86-ibt3b.d +index 418d58a8f7..bd69ac6478 100644 +--- a/ld/testsuite/ld-i386/property-x86-ibt3b.d ++++ b/ld/testsuite/ld-i386/property-x86-ibt3b.d +@@ -6,6 +6,5 @@ + + Displaying notes found in: .note.gnu.property + Owner Data size Description +- GNU 0x00000018 NT_GNU_PROPERTY_TYPE_0 +- Properties: x86 ISA used: i486, 586, SSE2, SSE3 +- x86 ISA needed: 586, SSE, SSE3, SSE4_1 ++ GNU 0x0000000c NT_GNU_PROPERTY_TYPE_0 ++ Properties: x86 ISA needed: 586, SSE, SSE3, SSE4_1 +diff --git a/ld/testsuite/ld-i386/property-x86-shstk3a.d b/ld/testsuite/ld-i386/property-x86-shstk3a.d +index e261038f60..76d2a39f2c 100644 +--- a/ld/testsuite/ld-i386/property-x86-shstk3a.d ++++ b/ld/testsuite/ld-i386/property-x86-shstk3a.d +@@ -6,6 +6,5 @@ + + Displaying notes found in: .note.gnu.property + Owner Data size Description +- GNU 0x00000018 NT_GNU_PROPERTY_TYPE_0 +- Properties: x86 ISA used: i486, 586, SSE2, SSE3 +- x86 ISA needed: 586, SSE, SSE3, SSE4_1 ++ GNU 0x0000000c NT_GNU_PROPERTY_TYPE_0 ++ Properties: x86 ISA needed: 586, SSE, SSE3, SSE4_1 +diff --git a/ld/testsuite/ld-i386/property-x86-shstk3b.d b/ld/testsuite/ld-i386/property-x86-shstk3b.d +index 25f3d2361e..e770ecffa5 100644 +--- a/ld/testsuite/ld-i386/property-x86-shstk3b.d ++++ b/ld/testsuite/ld-i386/property-x86-shstk3b.d +@@ -6,6 +6,5 @@ + + Displaying notes found in: .note.gnu.property + Owner Data size Description +- GNU 0x00000018 NT_GNU_PROPERTY_TYPE_0 +- Properties: x86 ISA used: i486, 586, SSE2, SSE3 +- x86 ISA needed: 586, SSE, SSE3, SSE4_1 ++ GNU 0x0000000c NT_GNU_PROPERTY_TYPE_0 ++ Properties: x86 ISA needed: 586, SSE, SSE3, SSE4_1 +diff --git a/ld/testsuite/ld-x86-64/pr23486a-x32.d b/ld/testsuite/ld-x86-64/pr23486a-x32.d +new file mode 100644 +index 0000000000..6d9fa68cdb +--- /dev/null ++++ b/ld/testsuite/ld-x86-64/pr23486a-x32.d +@@ -0,0 +1,10 @@ ++#source: pr23486a.s ++#source: pr23486b.s ++#as: --x32 ++#ld: -r -m elf32_x86_64 ++#readelf: -n ++ ++Displaying notes found in: .note.gnu.property ++ Owner Data size Description ++ GNU 0x0000000c NT_GNU_PROPERTY_TYPE_0 ++ Properties: x86 ISA needed: i486, 586 +diff --git a/ld/testsuite/ld-x86-64/pr23486a.d b/ld/testsuite/ld-x86-64/pr23486a.d +new file mode 100644 +index 0000000000..dc2b7bf760 +--- /dev/null ++++ b/ld/testsuite/ld-x86-64/pr23486a.d +@@ -0,0 +1,10 @@ ++#source: pr23486a.s ++#source: pr23486b.s ++#as: --64 -defsym __64_bit__=1 ++#ld: -r -m elf_x86_64 ++#readelf: -n ++ ++Displaying notes found in: .note.gnu.property ++ Owner Data size Description ++ GNU 0x00000010 NT_GNU_PROPERTY_TYPE_0 ++ Properties: x86 ISA needed: i486, 586 +diff --git a/ld/testsuite/ld-x86-64/pr23486a.s b/ld/testsuite/ld-x86-64/pr23486a.s +new file mode 100644 +index 0000000000..a07d0c7ced +--- /dev/null ++++ b/ld/testsuite/ld-x86-64/pr23486a.s +@@ -0,0 +1,30 @@ ++ .section ".note.gnu.property", "a" ++.ifdef __64_bit__ ++ .p2align 3 ++.else ++ .p2align 2 ++.endif ++ .long 1f - 0f /* name length. */ ++ .long 4f - 1f /* data length. */ ++ /* NT_GNU_PROPERTY_TYPE_0 */ ++ .long 5 /* note type. */ ++0: ++ .asciz "GNU" /* vendor name. */ ++1: ++.ifdef __64_bit__ ++ .p2align 3 ++.else ++ .p2align 2 ++.endif ++ /* GNU_PROPERTY_X86_ISA_1_USED */ ++ .long 0xc0000000 /* pr_type. */ ++ .long 3f - 2f /* pr_datasz. */ ++2: ++ .long 0xa ++3: ++.ifdef __64_bit__ ++ .p2align 3 ++.else ++ .p2align 2 ++.endif ++4: +diff --git a/ld/testsuite/ld-x86-64/pr23486b-x32.d b/ld/testsuite/ld-x86-64/pr23486b-x32.d +new file mode 100644 +index 0000000000..0445e69d82 +--- /dev/null ++++ b/ld/testsuite/ld-x86-64/pr23486b-x32.d +@@ -0,0 +1,10 @@ ++#source: pr23486b.s ++#source: pr23486a.s ++#as: --x32 ++#ld: -r -m elf32_x86_64 ++#readelf: -n ++ ++Displaying notes found in: .note.gnu.property ++ Owner Data size Description ++ GNU 0x0000000c NT_GNU_PROPERTY_TYPE_0 ++ Properties: x86 ISA needed: i486, 586 +diff --git a/ld/testsuite/ld-x86-64/pr23486b.d b/ld/testsuite/ld-x86-64/pr23486b.d +new file mode 100644 +index 0000000000..dc2b7bf760 +--- /dev/null ++++ b/ld/testsuite/ld-x86-64/pr23486b.d +@@ -0,0 +1,10 @@ ++#source: pr23486a.s ++#source: pr23486b.s ++#as: --64 -defsym __64_bit__=1 ++#ld: -r -m elf_x86_64 ++#readelf: -n ++ ++Displaying notes found in: .note.gnu.property ++ Owner Data size Description ++ GNU 0x00000010 NT_GNU_PROPERTY_TYPE_0 ++ Properties: x86 ISA needed: i486, 586 +diff --git a/ld/testsuite/ld-x86-64/pr23486b.s b/ld/testsuite/ld-x86-64/pr23486b.s +new file mode 100644 +index 0000000000..c5167eeb65 +--- /dev/null ++++ b/ld/testsuite/ld-x86-64/pr23486b.s +@@ -0,0 +1,30 @@ ++ .section ".note.gnu.property", "a" ++.ifdef __64_bit__ ++ .p2align 3 ++.else ++ .p2align 2 ++.endif ++ .long 1f - 0f /* name length. */ ++ .long 4f - 1f /* data length. */ ++ /* NT_GNU_PROPERTY_TYPE_0 */ ++ .long 5 /* note type. */ ++0: ++ .asciz "GNU" /* vendor name. */ ++1: ++.ifdef __64_bit__ ++ .p2align 3 ++.else ++ .p2align 2 ++.endif ++ /* GNU_PROPERTY_X86_ISA_1_NEEDED */ ++ .long 0xc0000001 /* pr_type. */ ++ .long 3f - 2f /* pr_datasz. */ ++2: ++ .long 0x3 ++3: ++.ifdef __64_bit__ ++ .p2align 3 ++.else ++ .p2align 2 ++.endif ++4: +diff --git a/ld/testsuite/ld-x86-64/property-3.r b/ld/testsuite/ld-x86-64/property-3.r +index 0ed91f5922..d03203c1e5 100644 +--- a/ld/testsuite/ld-x86-64/property-3.r ++++ b/ld/testsuite/ld-x86-64/property-3.r +@@ -3,6 +3,5 @@ Displaying notes found in: .note.gnu.property + Owner Data size Description + GNU 0x[0-9a-f]+ NT_GNU_PROPERTY_TYPE_0 + Properties: stack size: 0x800000 +- x86 ISA used: 586, SSE + x86 ISA needed: i486, 586 + #pass +diff --git a/ld/testsuite/ld-x86-64/property-4.r b/ld/testsuite/ld-x86-64/property-4.r +index cb2bc15d9a..da295eb6c7 100644 +--- a/ld/testsuite/ld-x86-64/property-4.r ++++ b/ld/testsuite/ld-x86-64/property-4.r +@@ -3,6 +3,5 @@ Displaying notes found in: .note.gnu.property + Owner Data size Description + GNU 0x[0-9a-f]+ NT_GNU_PROPERTY_TYPE_0 + Properties: stack size: 0x800000 +- x86 ISA used: i486, 586, SSE + x86 ISA needed: i486, 586, SSE + #pass +diff --git a/ld/testsuite/ld-x86-64/property-5.r b/ld/testsuite/ld-x86-64/property-5.r +index 552965058c..e4141594b3 100644 +--- a/ld/testsuite/ld-x86-64/property-5.r ++++ b/ld/testsuite/ld-x86-64/property-5.r +@@ -3,6 +3,5 @@ Displaying notes found in: .note.gnu.property + Owner Data size Description + GNU 0x[0-9a-f]+ NT_GNU_PROPERTY_TYPE_0 + Properties: stack size: 0x900000 +- x86 ISA used: i486, 586, SSE + x86 ISA needed: i486, 586, SSE + #pass +diff --git a/ld/testsuite/ld-x86-64/property-x86-ibt3a-x32.d b/ld/testsuite/ld-x86-64/property-x86-ibt3a-x32.d +index 011426f5a4..4cec728dc7 100644 +--- a/ld/testsuite/ld-x86-64/property-x86-ibt3a-x32.d ++++ b/ld/testsuite/ld-x86-64/property-x86-ibt3a-x32.d +@@ -6,6 +6,5 @@ + + Displaying notes found in: .note.gnu.property + Owner Data size Description +- GNU 0x00000018 NT_GNU_PROPERTY_TYPE_0 +- Properties: x86 ISA used: 586, SSE, SSE3, SSE4_1 +- x86 ISA needed: i486, 586, SSE2, SSE3 ++ GNU 0x0000000c NT_GNU_PROPERTY_TYPE_0 ++ Properties: x86 ISA needed: i486, 586, SSE2, SSE3 +diff --git a/ld/testsuite/ld-x86-64/property-x86-ibt3a.d b/ld/testsuite/ld-x86-64/property-x86-ibt3a.d +index 1b4229a037..a8df49a351 100644 +--- a/ld/testsuite/ld-x86-64/property-x86-ibt3a.d ++++ b/ld/testsuite/ld-x86-64/property-x86-ibt3a.d +@@ -6,6 +6,5 @@ + + Displaying notes found in: .note.gnu.property + Owner Data size Description +- GNU 0x00000020 NT_GNU_PROPERTY_TYPE_0 +- Properties: x86 ISA used: 586, SSE, SSE3, SSE4_1 +- x86 ISA needed: i486, 586, SSE2, SSE3 ++ GNU 0x00000010 NT_GNU_PROPERTY_TYPE_0 ++ Properties: x86 ISA needed: i486, 586, SSE2, SSE3 +diff --git a/ld/testsuite/ld-x86-64/property-x86-ibt3b-x32.d b/ld/testsuite/ld-x86-64/property-x86-ibt3b-x32.d +index 290ed6abf1..c112626711 100644 +--- a/ld/testsuite/ld-x86-64/property-x86-ibt3b-x32.d ++++ b/ld/testsuite/ld-x86-64/property-x86-ibt3b-x32.d +@@ -6,6 +6,5 @@ + + Displaying notes found in: .note.gnu.property + Owner Data size Description +- GNU 0x00000018 NT_GNU_PROPERTY_TYPE_0 +- Properties: x86 ISA used: 586, SSE, SSE3, SSE4_1 +- x86 ISA needed: i486, 586, SSE2, SSE3 ++ GNU 0x0000000c NT_GNU_PROPERTY_TYPE_0 ++ Properties: x86 ISA needed: i486, 586, SSE2, SSE3 +diff --git a/ld/testsuite/ld-x86-64/property-x86-ibt3b.d b/ld/testsuite/ld-x86-64/property-x86-ibt3b.d +index 1142e03272..f10dffdc2c 100644 +--- a/ld/testsuite/ld-x86-64/property-x86-ibt3b.d ++++ b/ld/testsuite/ld-x86-64/property-x86-ibt3b.d +@@ -6,6 +6,5 @@ + + Displaying notes found in: .note.gnu.property + Owner Data size Description +- GNU 0x00000020 NT_GNU_PROPERTY_TYPE_0 +- Properties: x86 ISA used: 586, SSE, SSE3, SSE4_1 +- x86 ISA needed: i486, 586, SSE2, SSE3 ++ GNU 0x00000010 NT_GNU_PROPERTY_TYPE_0 ++ Properties: x86 ISA needed: i486, 586, SSE2, SSE3 +diff --git a/ld/testsuite/ld-x86-64/property-x86-shstk3a-x32.d b/ld/testsuite/ld-x86-64/property-x86-shstk3a-x32.d +index 819542d181..0147a3c7b6 100644 +--- a/ld/testsuite/ld-x86-64/property-x86-shstk3a-x32.d ++++ b/ld/testsuite/ld-x86-64/property-x86-shstk3a-x32.d +@@ -6,6 +6,5 @@ + + Displaying notes found in: .note.gnu.property + Owner Data size Description +- GNU 0x00000018 NT_GNU_PROPERTY_TYPE_0 +- Properties: x86 ISA used: 586, SSE, SSE3, SSE4_1 +- x86 ISA needed: i486, 586, SSE2, SSE3 ++ GNU 0x0000000c NT_GNU_PROPERTY_TYPE_0 ++ Properties: x86 ISA needed: i486, 586, SSE2, SSE3 +diff --git a/ld/testsuite/ld-x86-64/property-x86-shstk3a.d b/ld/testsuite/ld-x86-64/property-x86-shstk3a.d +index 4c5d0e0a18..1f8c2dc929 100644 +--- a/ld/testsuite/ld-x86-64/property-x86-shstk3a.d ++++ b/ld/testsuite/ld-x86-64/property-x86-shstk3a.d +@@ -6,6 +6,5 @@ + + Displaying notes found in: .note.gnu.property + Owner Data size Description +- GNU 0x00000020 NT_GNU_PROPERTY_TYPE_0 +- Properties: x86 ISA used: 586, SSE, SSE3, SSE4_1 +- x86 ISA needed: i486, 586, SSE2, SSE3 ++ GNU 0x00000010 NT_GNU_PROPERTY_TYPE_0 ++ Properties: x86 ISA needed: i486, 586, SSE2, SSE3 +diff --git a/ld/testsuite/ld-x86-64/property-x86-shstk3b-x32.d b/ld/testsuite/ld-x86-64/property-x86-shstk3b-x32.d +index ba181e0bc5..7ca2539ca5 100644 +--- a/ld/testsuite/ld-x86-64/property-x86-shstk3b-x32.d ++++ b/ld/testsuite/ld-x86-64/property-x86-shstk3b-x32.d +@@ -6,6 +6,5 @@ + + Displaying notes found in: .note.gnu.property + Owner Data size Description +- GNU 0x00000018 NT_GNU_PROPERTY_TYPE_0 +- Properties: x86 ISA used: 586, SSE, SSE3, SSE4_1 +- x86 ISA needed: i486, 586, SSE2, SSE3 ++ GNU 0x0000000c NT_GNU_PROPERTY_TYPE_0 ++ Properties: x86 ISA needed: i486, 586, SSE2, SSE3 +diff --git a/ld/testsuite/ld-x86-64/property-x86-shstk3b.d b/ld/testsuite/ld-x86-64/property-x86-shstk3b.d +index 5216f385dd..f66a40e449 100644 +--- a/ld/testsuite/ld-x86-64/property-x86-shstk3b.d ++++ b/ld/testsuite/ld-x86-64/property-x86-shstk3b.d +@@ -6,6 +6,5 @@ + + Displaying notes found in: .note.gnu.property + Owner Data size Description +- GNU 0x00000020 NT_GNU_PROPERTY_TYPE_0 +- Properties: x86 ISA used: 586, SSE, SSE3, SSE4_1 +- x86 ISA needed: i486, 586, SSE2, SSE3 ++ GNU 0x00000010 NT_GNU_PROPERTY_TYPE_0 ++ Properties: x86 ISA needed: i486, 586, SSE2, SSE3 +diff --git a/ld/testsuite/ld-x86-64/x86-64.exp b/ld/testsuite/ld-x86-64/x86-64.exp +index 6edb9e86f4..ae21e554ad 100644 +--- a/ld/testsuite/ld-x86-64/x86-64.exp ++++ b/ld/testsuite/ld-x86-64/x86-64.exp +@@ -403,6 +403,10 @@ run_dump_test "pr23372a" + run_dump_test "pr23372a-x32" + run_dump_test "pr23372b" + run_dump_test "pr23372b-x32" ++run_dump_test "pr23486a" ++run_dump_test "pr23486a-x32" ++run_dump_test "pr23486b" ++run_dump_test "pr23486b-x32" + + if { ![istarget "x86_64-*-linux*"] && ![istarget "x86_64-*-nacl*"]} { + return +-- +2.20.1 + diff --git a/pkgs/development/tools/misc/binutils/default.nix b/pkgs/development/tools/misc/binutils/default.nix index ebbddbb2190..cd05ea354ca 100644 --- a/pkgs/development/tools/misc/binutils/default.nix +++ b/pkgs/development/tools/misc/binutils/default.nix @@ -8,13 +8,15 @@ , bison ? null , flex , texinfo -, perl }: let reuseLibs = enableShared && withAllTargets; - version = "2.34"; + # Remove gold-symbol-visibility patch when updating, the proper fix + # is now upstream. + # https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;a=commitdiff;h=330b90b5ffbbc20c5de6ae6c7f60c40fab2e7a4f;hp=99181ccac0fc7d82e7dabb05dc7466e91f1645d3 + version = "2.31.1"; basename = "binutils"; # The targetPrefix prepended to binary names to allow multiple binuntils on the # PATH to both be usable. @@ -29,7 +31,7 @@ let # HACK to ensure that we preserve source from bootstrap binutils to not rebuild LLVM normal-src = stdenv.__bootPackages.binutils-unwrapped.src or (fetchurl { url = "mirror://gnu/binutils/${basename}-${version}.tar.bz2"; - sha256 = "1rin1f5c7wm4n3piky6xilcrpf2s0n3dd5vqq8irrxkcic3i1w49"; + sha256 = "1l34hn1zkmhr1wcrgf0d4z7r3najxnw3cx2y2fk7v55zjlk3ik7z"; }); in @@ -62,6 +64,16 @@ stdenv.mkDerivation { # cross-compiling. ./always-search-rpath.patch + ] ++ lib.optionals (!stdenv.targetPlatform.isVc4) + [ + # https://sourceware.org/bugzilla/show_bug.cgi?id=22868 + ./gold-symbol-visibility.patch + + # https://sourceware.org/bugzilla/show_bug.cgi?id=23428 + # un-break features so linking against musl doesn't produce crash-only binaries + ./0001-x86-Add-a-GNU_PROPERTY_X86_ISA_1_USED-note-if-needed.patch + ./0001-x86-Properly-merge-GNU_PROPERTY_X86_ISA_1_USED.patch + ./0001-x86-Properly-add-X86_ISA_1_NEEDED-property.patch ] ++ lib.optional stdenv.targetPlatform.isiOS ./support-ios.patch; outputs = [ "out" "info" "man" ]; @@ -69,11 +81,9 @@ stdenv.mkDerivation { depsBuildBuild = [ buildPackages.stdenv.cc ]; nativeBuildInputs = [ bison - perl - texinfo ] ++ (lib.optionals stdenv.targetPlatform.isiOS [ autoreconfHook - ]) ++ lib.optionals stdenv.targetPlatform.isVc4 [ flex ]; + ]) ++ lib.optionals stdenv.targetPlatform.isVc4 [ texinfo flex ]; buildInputs = [ zlib gettext ]; inherit noSysDirs; diff --git a/pkgs/development/tools/misc/binutils/gold-symbol-visibility.patch b/pkgs/development/tools/misc/binutils/gold-symbol-visibility.patch new file mode 100644 index 00000000000..0fb05a482d1 --- /dev/null +++ b/pkgs/development/tools/misc/binutils/gold-symbol-visibility.patch @@ -0,0 +1,79 @@ +commit 8564af037f5c4c6d2744a89497691359205b2bbc +Author: Shea Levy +Date: Mon Mar 19 10:52:40 2018 -0400 + + Revert "Allow multiply-defined absolute symbols when they have the same value." + + This reverts commit 5dc824ed42cd173c1525f5abc76f4091f11a4dbc. + +diff --git a/gold/ChangeLog-2017 b/gold/ChangeLog-2017 +index b2a47710b5..d7ca1b48c0 100644 +--- a/gold/ChangeLog-2017 ++++ b/gold/ChangeLog-2017 +@@ -114,11 +114,6 @@ + (localedir): Define as @localedir@. + (gnulocaledir, gettextsrcdir): Use @datarootdir@. + +-2017-11-28 Cary Coutant +- +- * resolve.cc (Symbol_table::resolve): Allow multiply-defined absolute +- symbols when they have the same value. +- + 2017-11-28 Cary Coutant + + * object.h (class Sized_relobj_file): Remove discarded_eh_frame_shndx_. +diff --git a/gold/resolve.cc b/gold/resolve.cc +index 4a5784cf8b..803576bfed 100644 +--- a/gold/resolve.cc ++++ b/gold/resolve.cc +@@ -247,28 +247,18 @@ Symbol_table::resolve(Sized_symbol* to, + Object* object, const char* version, + bool is_default_version) + { +- bool to_is_ordinary; +- const unsigned int to_shndx = to->shndx(&to_is_ordinary); +- + // It's possible for a symbol to be defined in an object file + // using .symver to give it a version, and for there to also be + // a linker script giving that symbol the same version. We + // don't want to give a multiple-definition error for this + // harmless redefinition. ++ bool to_is_ordinary; + if (to->source() == Symbol::FROM_OBJECT + && to->object() == object +- && to->is_defined() + && is_ordinary ++ && to->is_defined() ++ && to->shndx(&to_is_ordinary) == st_shndx + && to_is_ordinary +- && to_shndx == st_shndx +- && to->value() == sym.get_st_value()) +- return; +- +- // Likewise for an absolute symbol defined twice with the same value. +- if (!is_ordinary +- && st_shndx == elfcpp::SHN_ABS +- && !to_is_ordinary +- && to_shndx == elfcpp::SHN_ABS + && to->value() == sym.get_st_value()) + return; + +@@ -360,8 +350,8 @@ Symbol_table::resolve(Sized_symbol* to, + && (sym.get_st_bind() == elfcpp::STB_WEAK + || to->binding() == elfcpp::STB_WEAK) + && orig_st_shndx != elfcpp::SHN_UNDEF ++ && to->shndx(&to_is_ordinary) != elfcpp::SHN_UNDEF + && to_is_ordinary +- && to_shndx != elfcpp::SHN_UNDEF + && sym.get_st_size() != 0 // Ignore weird 0-sized symbols. + && to->symsize() != 0 + && (sym.get_st_type() != to->type() +@@ -372,7 +362,7 @@ Symbol_table::resolve(Sized_symbol* to, + { + Symbol_location fromloc + = { object, orig_st_shndx, static_cast(sym.get_st_value()) }; +- Symbol_location toloc = { to->object(), to_shndx, ++ Symbol_location toloc = { to->object(), to->shndx(&to_is_ordinary), + static_cast(to->value()) }; + this->candidate_odr_violations_[to->name()].insert(fromloc); + this->candidate_odr_violations_[to->name()].insert(toloc); diff --git a/pkgs/development/tools/misc/binutils/no-plugins.patch b/pkgs/development/tools/misc/binutils/no-plugins.patch index 68cf51b7dd3..9624b7976b7 100644 --- a/pkgs/development/tools/misc/binutils/no-plugins.patch +++ b/pkgs/development/tools/misc/binutils/no-plugins.patch @@ -1,21 +1,19 @@ -diff --git a/bfd/plugin.c b/bfd/plugin.c -index 537ab60311..bfe7957f96 100644 ---- a/bfd/plugin.c -+++ b/bfd/plugin.c -@@ -386,6 +386,7 @@ load_plugin (bfd *abfd) +diff -ru binutils-2.27-orig/bfd/plugin.c binutils-2.27/bfd/plugin.c +--- binutils-2.27-orig/bfd/plugin.c 2016-10-14 17:46:30.791315555 +0200 ++++ binutils-2.27/bfd/plugin.c 2016-10-14 17:46:38.583298765 +0200 +@@ -333,6 +333,7 @@ if (plugin_program_name == NULL) return found; +#if 0 - /* Try not to search the same dir twice, by looking at st_dev and - st_ino for the dir. If we are on a file system that always sets - st_ino to zero or the actual st_ino is zero we might waste some -@@ -437,7 +438,7 @@ load_plugin (bfd *abfd) - if (found) - break; - } -- + plugin_dir = concat (BINDIR, "/../lib/bfd-plugins", NULL); + p = make_relative_prefix (plugin_program_name, + BINDIR, +@@ -364,6 +365,7 @@ + free (p); + if (d) + closedir (d); +#endif + return found; } - From 5c2b59d63afe75d6735790ca9232a1445091bf53 Mon Sep 17 00:00:00 2001 From: Frederik Rietdijk Date: Sat, 23 May 2020 10:20:28 +0200 Subject: [PATCH 100/101] Revert "Revert "Revert "libbfd: fix build""" Reverting this change again because we're going back to binutils 2.31. https://github.com/NixOS/nixpkgs/pull/86954#issuecomment-633006128 This reverts commit ade7faea7214fbb7d0879804e59b3fb9a61d6268. --- .../build-components-separately.patch | 38 +++++++++++++------ 1 file changed, 26 insertions(+), 12 deletions(-) diff --git a/pkgs/development/tools/misc/binutils/build-components-separately.patch b/pkgs/development/tools/misc/binutils/build-components-separately.patch index 38fa4934a28..d3cd0d2131c 100644 --- a/pkgs/development/tools/misc/binutils/build-components-separately.patch +++ b/pkgs/development/tools/misc/binutils/build-components-separately.patch @@ -1,8 +1,19 @@ +From bc09a9236f67e710d545ac11bcdac7b55dbcc1a0 Mon Sep 17 00:00:00 2001 +From: John Ericson +Date: Thu, 12 Oct 2017 11:16:57 -0400 +Subject: [PATCH] Build components separately + +--- + bfd/configure.ac | 18 +++--------------- + opcodes/Makefile.am | 17 +++++++++++++---- + opcodes/configure.ac | 45 ++++++--------------------------------------- + 3 files changed, 22 insertions(+), 58 deletions(-) + diff --git a/bfd/configure.ac b/bfd/configure.ac -index c5bfbd5d..45ad4c26 100644 +index 9a183c1628..8728837384 100644 --- a/bfd/configure.ac +++ b/bfd/configure.ac -@@ -278,31 +278,19 @@ AC_CACHE_CHECK(linker --as-needed support, bfd_cv_ld_as_needed, +@@ -241,31 +241,19 @@ AC_CACHE_CHECK(linker --as-needed support, bfd_cv_ld_as_needed, LT_LIB_M @@ -22,26 +33,26 @@ index c5bfbd5d..45ad4c26 100644 - SHARED_LIBADD="-L`pwd`/../libiberty/pic -liberty" - fi - + # More hacks to build DLLs on Windows. case "${host}" in - # More hacks to build DLLs on Windows. *-*-cygwin*) SHARED_LDFLAGS="-no-undefined" - SHARED_LIBADD="-L`pwd`/../libiberty -liberty -L`pwd`/../intl -lintl -lcygwin -lkernel32" + SHARED_LIBADD="-liberty -lintl -lcygwin -lkernel32" ;; - # Use built-in libintl on macOS, since it is not provided by libc. - *-*-darwin*) + # Hack to build or1k-src on OSX + or1k*-*-darwin*) - SHARED_LIBADD="-L`pwd`/../libiberty/pic -L`pwd`/../intl -liberty -lintl" + SHARED_LIBADD="-liberty -lintl" ;; esac diff --git a/opcodes/Makefile.am b/opcodes/Makefile.am -index 4f06074a..6836c589 100644 +index 925e7ff651..47b395c195 100644 --- a/opcodes/Makefile.am +++ b/opcodes/Makefile.am -@@ -51,7 +51,7 @@ libopcodes_la_LDFLAGS += -rpath $(rpath_bfdlibdir) +@@ -52,7 +52,7 @@ libopcodes_la_LDFLAGS += -rpath $(rpath_bfdlibdir) endif # This is where bfd.h lives. @@ -50,7 +61,7 @@ index 4f06074a..6836c589 100644 BUILD_LIBS = @BUILD_LIBS@ BUILD_LIB_DEPS = @BUILD_LIB_DEPS@ -@@ -301,7 +301,7 @@ OFILES = @BFD_MACHINES@ +@@ -303,7 +303,7 @@ OFILES = @BFD_MACHINES@ # development.sh is used to determine -Werror default. CONFIG_STATUS_DEPENDENCIES = $(BFDDIR)/development.sh @@ -59,7 +70,7 @@ index 4f06074a..6836c589 100644 disassemble.lo: disassemble.c if am__fastdepCC -@@ -322,12 +322,21 @@ libopcodes_la_SOURCES = dis-buf.c disassemble.c dis-init.c +@@ -324,12 +324,21 @@ libopcodes_la_SOURCES = dis-buf.c disassemble.c dis-init.c # old version of libbfd, or to pick up libbfd for the wrong architecture # if host != build. So for building with shared libraries we use a # hardcoded path to libbfd.so instead of relying on the entries in libbfd.la. @@ -84,10 +95,10 @@ index 4f06074a..6836c589 100644 # the build directory so that we don't have to convert all the # programs that use libopcodes.a simultaneously. This is a hack which diff --git a/opcodes/configure.ac b/opcodes/configure.ac -index 00be9c88..6e589ae4 100644 +index b9f5eb8a4f..ef2c2152b7 100644 --- a/opcodes/configure.ac +++ b/opcodes/configure.ac -@@ -86,6 +86,7 @@ AC_PROG_INSTALL +@@ -89,6 +89,7 @@ AC_PROG_INSTALL AC_CHECK_HEADERS(string.h strings.h stdlib.h limits.h) ACX_HEADER_STRING @@ -95,7 +106,7 @@ index 00be9c88..6e589ae4 100644 AC_CHECK_DECLS([basename, stpcpy]) -@@ -137,61 +138,27 @@ AC_CACHE_CHECK(linker --as-needed support, bfd_cv_ld_as_needed, +@@ -134,61 +135,27 @@ AC_CACHE_CHECK(linker --as-needed support, bfd_cv_ld_as_needed, LT_LIB_M @@ -162,3 +173,6 @@ index 00be9c88..6e589ae4 100644 ;; esac +-- +2.14.2 + From 1a095f7f5040e7e74edb771c4fd069c71b2d5209 Mon Sep 17 00:00:00 2001 From: Martin Weinelt Date: Sat, 23 May 2020 10:21:30 +0200 Subject: [PATCH 101/101] fastd: v18 -> v19 (#88630) --- pkgs/tools/networking/fastd/default.nix | 21 +++++++++++++-------- 1 file changed, 13 insertions(+), 8 deletions(-) diff --git a/pkgs/tools/networking/fastd/default.nix b/pkgs/tools/networking/fastd/default.nix index 2bf1d8e5d2c..8c9a877b8f1 100644 --- a/pkgs/tools/networking/fastd/default.nix +++ b/pkgs/tools/networking/fastd/default.nix @@ -1,14 +1,15 @@ -{ stdenv, fetchgit, cmake, bison, pkgconfig -, libuecc, libsodium, libcap, json_c }: +{ stdenv, fetchFromGitHub, cmake, bison, pkgconfig +, libuecc, libsodium, libcap, json_c, openssl }: stdenv.mkDerivation rec { - version = "18"; pname = "fastd"; + version = "19"; - src = fetchgit { - url = "git://git.universe-factory.net/fastd"; - rev = "refs/tags/v${version}"; - sha256 = "0c9v3igv3812b3jr7jk75a2np658yy00b3i4kpbpdjgvqzc1jrq8"; + src = fetchFromGitHub { + owner = "Neoraider"; + repo = "fastd"; + rev = "v${version}"; + sha256 = "1h3whjvy2n2cyvbkbg4y1z9vlrn790spzbdhj4glwp93xcykhz5i"; }; postPatch = '' @@ -17,7 +18,11 @@ stdenv.mkDerivation rec { ''; nativeBuildInputs = [ pkgconfig bison cmake ]; - buildInputs = [ libuecc libsodium libcap json_c ]; + buildInputs = [ libuecc libsodium libcap json_c openssl ]; + + cmakeFlags = [ + "-DENABLE_OPENSSL=true" + ]; enableParallelBuilding = true;