From e95b84e6a19d42cd8632933d1cf88cfd43f96ab0 Mon Sep 17 00:00:00 2001 From: Thomas Gerbet Date: Tue, 26 Jan 2021 18:24:29 +0100 Subject: [PATCH 01/15] net-snmp: 5.8 -> 5.9 Fixes CVE-2019-20892. --- .../monitoring/net-snmp/0002-autoconf-version.patch | 7 ------- pkgs/servers/monitoring/net-snmp/default.nix | 8 ++++---- 2 files changed, 4 insertions(+), 11 deletions(-) delete mode 100644 pkgs/servers/monitoring/net-snmp/0002-autoconf-version.patch diff --git a/pkgs/servers/monitoring/net-snmp/0002-autoconf-version.patch b/pkgs/servers/monitoring/net-snmp/0002-autoconf-version.patch deleted file mode 100644 index 0ebb1751d6b..00000000000 --- a/pkgs/servers/monitoring/net-snmp/0002-autoconf-version.patch +++ /dev/null @@ -1,7 +0,0 @@ -diff --git a/dist/autoconf-version b/dist/autoconf-version -index 264f2ce..5e1b8b0 100644 ---- a/dist/autoconf-version -+++ b/dist/autoconf-version -@@ -1 +1 @@ --2.68 -+2.69 diff --git a/pkgs/servers/monitoring/net-snmp/default.nix b/pkgs/servers/monitoring/net-snmp/default.nix index 524bba52739..8f354d4bb46 100644 --- a/pkgs/servers/monitoring/net-snmp/default.nix +++ b/pkgs/servers/monitoring/net-snmp/default.nix @@ -2,11 +2,12 @@ , file, openssl, perl, perlPackages, unzip, nettools, ncurses }: stdenv.mkDerivation rec { - name = "net-snmp-5.8"; + pname = "net-snmp"; + version = "5.9"; src = fetchurl { - url = "mirror://sourceforge/net-snmp/${name}.tar.gz"; - sha256 = "1pvajzj9gmj56dmwix0ywmkmy2pglh6nny646hkm7ghfhh03bz5j"; + url = "mirror://sourceforge/net-snmp/${pname}-${version}.tar.gz"; + sha256 = "0wb0vyafpspw3mcifkjjmf17r1r80kjvslycscb8nvaxz1k3lc04"; }; patches = @@ -17,7 +18,6 @@ stdenv.mkDerivation rec { in [ (fetchAlpinePatch "fix-includes.patch" "0zpkbb6k366qpq4dax5wknwprhwnhighcp402mlm7950d39zfa3m") (fetchAlpinePatch "netsnmp-swinst-crash.patch" "0gh164wy6zfiwiszh58fsvr25k0ns14r3099664qykgpmickkqid") - ./0002-autoconf-version.patch ]; outputs = [ "bin" "out" "dev" "lib" ]; From 363d54afb9e77fc49559187b0e52bb1082423fcc Mon Sep 17 00:00:00 2001 From: "R. RyanTM" Date: Fri, 29 Jan 2021 03:24:50 +0000 Subject: [PATCH 02/15] gomplate: 3.8.0 -> 3.9.0 --- pkgs/development/tools/gomplate/default.nix | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/pkgs/development/tools/gomplate/default.nix b/pkgs/development/tools/gomplate/default.nix index 0f2c9558174..45602a05352 100644 --- a/pkgs/development/tools/gomplate/default.nix +++ b/pkgs/development/tools/gomplate/default.nix @@ -2,17 +2,17 @@ buildGoModule rec { pname = "gomplate"; - version = "3.8.0"; + version = "3.9.0"; owner = "hairyhenderson"; rev = "v${version}"; src = fetchFromGitHub { inherit owner rev; repo = pname; - sha256 = "058shbrhpd8ghdj5qa6n7mf1bh8qvpmiv3yjj39jys359zhin06n"; + sha256 = "sha256-liy8cqn+hWoTOHchCY1LLu23tNvz7eGA+AN0d0APjC4="; }; - vendorSha256 = "0wqz3anxlzb0ds6xmpnaxq5rjgcmzkzrdqhnkfkjq32b7mj9mks3"; + vendorSha256 = "sha256-Ph9z/Tom7O7V7yZ/On+etty+Bl653HiY/J3d3yfweeQ="; # some tests require network access postPatch = '' From 2daee780a07e145b14aa466928bec08e00857822 Mon Sep 17 00:00:00 2001 From: Tyson Whitehead Date: Fri, 29 Jan 2021 10:58:26 -0500 Subject: [PATCH 03/15] libav: libvpx >= 1.8 drops some formats --- pkgs/development/libraries/libav/default.nix | 1 + .../libraries/libav/vpx-12.3-libvpx-1.8.patch | 46 +++++++++++++++++++ 2 files changed, 47 insertions(+) create mode 100644 pkgs/development/libraries/libav/vpx-12.3-libvpx-1.8.patch diff --git a/pkgs/development/libraries/libav/default.nix b/pkgs/development/libraries/libav/default.nix index 51aa634e408..93d6e0d209c 100644 --- a/pkgs/development/libraries/libav/default.nix +++ b/pkgs/development/libraries/libav/default.nix @@ -43,6 +43,7 @@ let patches = [] ++ optional (vpxSupport && hasPrefix "0.8." version) ./vpxenc-0.8.17-libvpx-1.5.patch + ++ optional (vpxSupport && hasPrefix "12." version) ./vpx-12.3-libvpx-1.8.patch ; postPatch = '' diff --git a/pkgs/development/libraries/libav/vpx-12.3-libvpx-1.8.patch b/pkgs/development/libraries/libav/vpx-12.3-libvpx-1.8.patch new file mode 100644 index 00000000000..8f8e5003284 --- /dev/null +++ b/pkgs/development/libraries/libav/vpx-12.3-libvpx-1.8.patch @@ -0,0 +1,46 @@ +--- libav/libavcodec/libvpx.c.orig 2018-02-12 21:25:59 UTC ++++ libav/libavcodec/libvpx.c +@@ -25,6 +25,7 @@ + enum AVPixelFormat ff_vpx_imgfmt_to_pixfmt(vpx_img_fmt_t img) + { + switch (img) { ++#if VPX_IMAGE_ABI_VERSION < 5 + case VPX_IMG_FMT_RGB24: return AV_PIX_FMT_RGB24; + case VPX_IMG_FMT_RGB565: return AV_PIX_FMT_RGB565BE; + case VPX_IMG_FMT_RGB555: return AV_PIX_FMT_RGB555BE; +@@ -36,10 +37,13 @@ enum AVPixelFormat ff_vpx_imgfmt_to_pixfmt(vpx_img_fmt + case VPX_IMG_FMT_ARGB_LE: return AV_PIX_FMT_BGRA; + case VPX_IMG_FMT_RGB565_LE: return AV_PIX_FMT_RGB565LE; + case VPX_IMG_FMT_RGB555_LE: return AV_PIX_FMT_RGB555LE; ++#endif + case VPX_IMG_FMT_I420: return AV_PIX_FMT_YUV420P; + case VPX_IMG_FMT_I422: return AV_PIX_FMT_YUV422P; + case VPX_IMG_FMT_I444: return AV_PIX_FMT_YUV444P; ++#if VPX_IMAGE_ABI_VERSION < 5 + case VPX_IMG_FMT_444A: return AV_PIX_FMT_YUVA444P; ++#endif + #if VPX_IMAGE_ABI_VERSION >= 3 + case VPX_IMG_FMT_I440: return AV_PIX_FMT_YUV440P; + case VPX_IMG_FMT_I42016: return AV_PIX_FMT_YUV420P16BE; +@@ -53,6 +57,7 @@ enum AVPixelFormat ff_vpx_imgfmt_to_pixfmt(vpx_img_fmt + vpx_img_fmt_t ff_vpx_pixfmt_to_imgfmt(enum AVPixelFormat pix) + { + switch (pix) { ++#if VPX_IMAGE_ABI_VERSION < 5 + case AV_PIX_FMT_RGB24: return VPX_IMG_FMT_RGB24; + case AV_PIX_FMT_RGB565BE: return VPX_IMG_FMT_RGB565; + case AV_PIX_FMT_RGB555BE: return VPX_IMG_FMT_RGB555; +@@ -64,10 +69,13 @@ vpx_img_fmt_t ff_vpx_pixfmt_to_imgfmt(enum AVPixelForm + case AV_PIX_FMT_BGRA: return VPX_IMG_FMT_ARGB_LE; + case AV_PIX_FMT_RGB565LE: return VPX_IMG_FMT_RGB565_LE; + case AV_PIX_FMT_RGB555LE: return VPX_IMG_FMT_RGB555_LE; ++#endif + case AV_PIX_FMT_YUV420P: return VPX_IMG_FMT_I420; + case AV_PIX_FMT_YUV422P: return VPX_IMG_FMT_I422; + case AV_PIX_FMT_YUV444P: return VPX_IMG_FMT_I444; ++#if VPX_IMAGE_ABI_VERSION < 5 + case AV_PIX_FMT_YUVA444P: return VPX_IMG_FMT_444A; ++#endif + #if VPX_IMAGE_ABI_VERSION >= 3 + case AV_PIX_FMT_YUV440P: return VPX_IMG_FMT_I440; + case AV_PIX_FMT_YUV420P16BE: return VPX_IMG_FMT_I42016; From 197ff9434b5cbf9d8b23492de97be3229fe8c111 Mon Sep 17 00:00:00 2001 From: zowoq <59103226+zowoq@users.noreply.github.com> Date: Sat, 30 Jan 2021 10:52:52 +1000 Subject: [PATCH 04/15] buildah: 1.19.2 -> 1.19.3 https://github.com/containers/buildah/releases/tag/v1.19.3 --- pkgs/development/tools/buildah/default.nix | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/pkgs/development/tools/buildah/default.nix b/pkgs/development/tools/buildah/default.nix index 5c80cbe096e..18d41d6f740 100644 --- a/pkgs/development/tools/buildah/default.nix +++ b/pkgs/development/tools/buildah/default.nix @@ -14,13 +14,13 @@ buildGoModule rec { pname = "buildah"; - version = "1.19.2"; + version = "1.19.3"; src = fetchFromGitHub { owner = "containers"; repo = "buildah"; rev = "v${version}"; - sha256 = "1gak5m4n4bfji1hcv8y5lj1m8a39rars8igqxdr89d2i45dkpbx0"; + sha256 = "sha256-mHr+FuDMxLA5Y7BNbDN75mdHVP6Ah1/S5vXg6cC/dcE="; }; outputs = [ "out" "man" ]; From 32fc8b9134c5fd56851ba1845f04d17484ea7170 Mon Sep 17 00:00:00 2001 From: Ben Siraphob Date: Sat, 30 Jan 2021 09:42:34 +0700 Subject: [PATCH 05/15] pkgs/development: stdenv.lib -> lib in node-composition files Future updates to these files should generate them with node2nix 1.9.0 which removes stdenv.lib from the generated Nix. --- .../cluster/spacegun/node-composition.nix | 2 +- .../elm/packages/node-composition.nix | 2 +- .../compilers/elm/packages/node-env.nix | 46 +++++++++---------- .../misc/google-clasp/google-clasp.nix | 2 +- .../development/node-packages/composition.nix | 2 +- pkgs/development/node-packages/node-env.nix | 46 +++++++++---------- .../web/newman/node-composition.nix | 2 +- pkgs/development/web/newman/node-env.nix | 46 +++++++++---------- pkgs/development/web/remarkjs/nodepkgs.nix | 2 +- pkgs/misc/base16-builder/node-packages.nix | 2 +- .../node-composition.nix | 2 +- .../web-apps/cryptpad/node-packages.nix | 2 +- .../web-apps/whitebophir/node-packages.nix | 2 +- pkgs/servers/zigbee2mqtt/node.nix | 2 +- .../ldgallery/viewer/node-composition.nix | 2 +- pkgs/tools/networking/airfield/node.nix | 2 +- pkgs/tools/package-management/nixui/nixui.nix | 2 +- 17 files changed, 83 insertions(+), 83 deletions(-) diff --git a/pkgs/applications/networking/cluster/spacegun/node-composition.nix b/pkgs/applications/networking/cluster/spacegun/node-composition.nix index 89b805fc153..4e8a9d958f9 100644 --- a/pkgs/applications/networking/cluster/spacegun/node-composition.nix +++ b/pkgs/applications/networking/cluster/spacegun/node-composition.nix @@ -6,7 +6,7 @@ let nodeEnv = import ../../../../development/node-packages/node-env.nix { - inherit (pkgs) stdenv python2 util-linux runCommand writeTextFile; + inherit (pkgs) lib stdenv python2 util-linux runCommand writeTextFile; inherit nodejs; libtool = if pkgs.stdenv.isDarwin then pkgs.darwin.cctools else null; }; diff --git a/pkgs/development/compilers/elm/packages/node-composition.nix b/pkgs/development/compilers/elm/packages/node-composition.nix index c43e7cc7f25..f6cfb2cd2e4 100644 --- a/pkgs/development/compilers/elm/packages/node-composition.nix +++ b/pkgs/development/compilers/elm/packages/node-composition.nix @@ -6,7 +6,7 @@ let nodeEnv = import ./node-env.nix { - inherit (pkgs) stdenv python2 utillinux runCommand writeTextFile; + inherit (pkgs) lib stdenv python2 utillinux runCommand writeTextFile; inherit nodejs; libtool = if pkgs.stdenv.isDarwin then pkgs.darwin.cctools else null; }; diff --git a/pkgs/development/compilers/elm/packages/node-env.nix b/pkgs/development/compilers/elm/packages/node-env.nix index e1abf530493..759fa71c5aa 100644 --- a/pkgs/development/compilers/elm/packages/node-env.nix +++ b/pkgs/development/compilers/elm/packages/node-env.nix @@ -1,6 +1,6 @@ # This file originates from node2nix -{stdenv, nodejs, python2, utillinux, libtool, runCommand, writeTextFile}: +{lib, stdenv, nodejs, python2, utillinux, libtool, runCommand, writeTextFile}: let python = if nodejs ? python then nodejs.python else python2; @@ -38,8 +38,8 @@ let }; includeDependencies = {dependencies}: - stdenv.lib.optionalString (dependencies != []) - (stdenv.lib.concatMapStrings (dependency: + lib.optionalString (dependencies != []) + (lib.concatMapStrings (dependency: '' # Bundle the dependencies of the package mkdir -p node_modules @@ -100,7 +100,7 @@ let cd "$DIR/${packageName}" ${includeDependencies { inherit dependencies; }} cd .. - ${stdenv.lib.optionalString (builtins.substring 0 1 packageName == "@") "cd .."} + ${lib.optionalString (builtins.substring 0 1 packageName == "@") "cd .."} ''; pinpointDependencies = {dependencies, production}: @@ -161,12 +161,12 @@ let '' node ${pinpointDependenciesFromPackageJSON} ${if production then "production" else "development"} - ${stdenv.lib.optionalString (dependencies != []) + ${lib.optionalString (dependencies != []) '' if [ -d node_modules ] then cd node_modules - ${stdenv.lib.concatMapStrings (dependency: pinpointDependenciesOfPackage dependency) dependencies} + ${lib.concatMapStrings (dependency: pinpointDependenciesOfPackage dependency) dependencies} cd .. fi ''} @@ -183,7 +183,7 @@ let cd "${packageName}" ${pinpointDependencies { inherit dependencies production; }} cd .. - ${stdenv.lib.optionalString (builtins.substring 0 1 packageName == "@") "cd .."} + ${lib.optionalString (builtins.substring 0 1 packageName == "@") "cd .."} fi ''; @@ -344,8 +344,8 @@ let cd "${packageName}" runHook preRebuild - ${stdenv.lib.optionalString bypassCache '' - ${stdenv.lib.optionalString reconstructLock '' + ${lib.optionalString bypassCache '' + ${lib.optionalString reconstructLock '' if [ -f package-lock.json ] then echo "WARNING: Reconstruct lock option enabled, but a lock file already exists!" @@ -361,14 +361,14 @@ let node ${addIntegrityFieldsScript} ''} - npm ${forceOfflineFlag} --nodedir=${nodeSources} ${npmFlags} ${stdenv.lib.optionalString production "--production"} rebuild + npm ${forceOfflineFlag} --nodedir=${nodeSources} ${npmFlags} ${lib.optionalString production "--production"} rebuild if [ "''${dontNpmInstall-}" != "1" ] then # NPM tries to download packages even when they already exist if npm-shrinkwrap is used. rm -f npm-shrinkwrap.json - npm ${forceOfflineFlag} --nodedir=${nodeSources} ${npmFlags} ${stdenv.lib.optionalString production "--production"} install + npm ${forceOfflineFlag} --nodedir=${nodeSources} ${npmFlags} ${lib.optionalString production "--production"} install fi ''; @@ -396,8 +396,8 @@ let stdenv.mkDerivation ({ name = "node_${name}-${version}"; buildInputs = [ tarWrapper python nodejs ] - ++ stdenv.lib.optional (stdenv.isLinux) utillinux - ++ stdenv.lib.optional (stdenv.isDarwin) libtool + ++ lib.optional (stdenv.isLinux) utillinux + ++ lib.optional (stdenv.isDarwin) libtool ++ buildInputs; inherit nodejs; @@ -470,8 +470,8 @@ let name = "node-dependencies-${name}-${version}"; buildInputs = [ tarWrapper python nodejs ] - ++ stdenv.lib.optional (stdenv.isLinux) utillinux - ++ stdenv.lib.optional (stdenv.isDarwin) libtool + ++ lib.optional (stdenv.isLinux) utillinux + ++ lib.optional (stdenv.isDarwin) libtool ++ buildInputs; inherit dontStrip; # Stripping may fail a build for some package deployments @@ -491,7 +491,7 @@ let # Create fake package.json to make the npm commands work properly cp ${src}/package.json . chmod 644 package.json - ${stdenv.lib.optionalString bypassCache '' + ${lib.optionalString bypassCache '' if [ -f ${src}/package-lock.json ] then cp ${src}/package-lock.json . @@ -500,13 +500,13 @@ let # Go to the parent folder to make sure that all packages are pinpointed cd .. - ${stdenv.lib.optionalString (builtins.substring 0 1 packageName == "@") "cd .."} + ${lib.optionalString (builtins.substring 0 1 packageName == "@") "cd .."} ${prepareAndInvokeNPM { inherit packageName bypassCache reconstructLock npmFlags production; }} # Expose the executables that were installed cd .. - ${stdenv.lib.optionalString (builtins.substring 0 1 packageName == "@") "cd .."} + ${lib.optionalString (builtins.substring 0 1 packageName == "@") "cd .."} mv ${packageName} lib ln -s $out/lib/node_modules/.bin $out/bin @@ -516,7 +516,7 @@ let stdenv.mkDerivation { name = "node-shell-${name}-${version}"; - buildInputs = [ python nodejs ] ++ stdenv.lib.optional (stdenv.isLinux) utillinux ++ buildInputs; + buildInputs = [ python nodejs ] ++ lib.optional (stdenv.isLinux) utillinux ++ buildInputs; buildCommand = '' mkdir -p $out/bin cat > $out/bin/shell < $out/bin/shell < $out/bin/shell < Date: Sat, 30 Jan 2021 01:36:03 +0000 Subject: [PATCH 06/15] gpsprune: 20 -> 20.1 --- pkgs/applications/misc/gpsprune/default.nix | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/pkgs/applications/misc/gpsprune/default.nix b/pkgs/applications/misc/gpsprune/default.nix index 2348384abd0..f413f526774 100644 --- a/pkgs/applications/misc/gpsprune/default.nix +++ b/pkgs/applications/misc/gpsprune/default.nix @@ -2,11 +2,11 @@ stdenv.mkDerivation rec { pname = "gpsprune"; - version = "20"; + version = "20.1"; src = fetchurl { url = "https://activityworkshop.net/software/gpsprune/gpsprune_${version}.jar"; - sha256 = "1i9p6h98azgradrrkcwx18zwz4c6zkxp4bfykpa2imi1z3ry5q2b"; + sha256 = "sha256-NU2AhqMVxjPyCocjZg5dzwHpTgAIBluMqdKqn4lnknM="; }; nativeBuildInputs = [ makeWrapper ]; From 2726b2f79b68f5c89fa99d75976d69bff9f977b5 Mon Sep 17 00:00:00 2001 From: "R. RyanTM" Date: Sat, 30 Jan 2021 01:54:07 -0800 Subject: [PATCH 07/15] kmymoney: 5.1.0 -> 5.1.1 (#111280) --- pkgs/applications/office/kmymoney/default.nix | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/pkgs/applications/office/kmymoney/default.nix b/pkgs/applications/office/kmymoney/default.nix index 093d20906a4..1d8a214c818 100644 --- a/pkgs/applications/office/kmymoney/default.nix +++ b/pkgs/applications/office/kmymoney/default.nix @@ -15,11 +15,11 @@ stdenv.mkDerivation rec { pname = "kmymoney"; - version = "5.1.0"; + version = "5.1.1"; src = fetchurl { url = "mirror://kde/stable/kmymoney/${version}/src/${pname}-${version}.tar.xz"; - sha256 = "0l8kywq77yaf1bqgdqswrai9ws6a2l11drg0wgyi7f8js7qnif9d"; + sha256 = "sha256-33ufeOhZb5nSgpXKc4cI8GVe4Fd4nf2SHHsbq5ZXgpg="; }; # Hidden dependency that wasn't included in CMakeLists.txt: From 68889745cb52f4854adb87140489191f14848b7a Mon Sep 17 00:00:00 2001 From: Thomas Gerbet Date: Wed, 27 Jan 2021 19:08:20 +0100 Subject: [PATCH 08/15] libqb: 0.17.2 -> 2.0.2 Fixes CVE-2019-12779. --- pkgs/development/libraries/libqb/default.nix | 19 ++++++++++++------- 1 file changed, 12 insertions(+), 7 deletions(-) diff --git a/pkgs/development/libraries/libqb/default.nix b/pkgs/development/libraries/libqb/default.nix index 3f0a9a28d19..f5f255b111f 100644 --- a/pkgs/development/libraries/libqb/default.nix +++ b/pkgs/development/libraries/libqb/default.nix @@ -1,19 +1,24 @@ -{ lib, stdenv, fetchurl, pkg-config }: +{ lib, stdenv, fetchFromGitHub, autoreconfHook, pkg-config, libxml2 }: stdenv.mkDerivation rec { - name = "libqb-0.17.2"; + pname = "libqb"; + version = "2.0.2"; - src = fetchurl { - url = "https://fedorahosted.org/releases/q/u/quarterback/${name}.tar.xz"; - sha256 = "1zpl45p3n6dn1jgbsrrmccrmv2mvp8aqmnl0qxfjf7ymkrj9qhcs"; + src = fetchFromGitHub { + owner = "ClusterLabs"; + repo = pname; + rev = "v${version}"; + sha256 = "1gpfcz84igqncky09hdibxmzapzl37y8914avgq89rsizynj1wsm"; }; - nativeBuildInputs = [ pkg-config ]; + nativeBuildInputs = [ autoreconfHook pkg-config ]; + + buildInputs = [ libxml2 ]; meta = with lib; { homepage = "https://github.com/clusterlabs/libqb"; description = "A library providing high performance logging, tracing, ipc, and poll"; - license = licenses.lgpl21; + license = licenses.lgpl21Plus; platforms = platforms.unix; }; } From a03847e69695607b15956e09b3ab2f9c2425383b Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Robert=20Sch=C3=BCtz?= Date: Fri, 29 Jan 2021 23:42:04 +0100 Subject: [PATCH 09/15] limesurvey: mark as insecure --- pkgs/servers/limesurvey/default.nix | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/pkgs/servers/limesurvey/default.nix b/pkgs/servers/limesurvey/default.nix index 261285341c4..e71ff33e2f9 100644 --- a/pkgs/servers/limesurvey/default.nix +++ b/pkgs/servers/limesurvey/default.nix @@ -37,5 +37,10 @@ stdenv.mkDerivation rec { homepage = "https://www.limesurvey.org"; maintainers = with maintainers; [offline]; platforms = with platforms; unix; + knownVulnerabilities = [ + # https://github.com/LimeSurvey/LimeSurvey/blob/3.x-LTS/docs/release_notes.txt + "Unauthorized access to statistics of a survey with certain permission configurations" + "Persistent XSS in browse response" + ]; }; } From fce29131f5ed81d3072d14086def4b29d52f4ea7 Mon Sep 17 00:00:00 2001 From: "Aaron L. Zeng" Date: Sun, 24 Jan 2021 13:27:28 -0500 Subject: [PATCH 10/15] maintainers: add bcc32 --- maintainers/maintainer-list.nix | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/maintainers/maintainer-list.nix b/maintainers/maintainer-list.nix index 464c6256542..0e81fcc8288 100644 --- a/maintainers/maintainer-list.nix +++ b/maintainers/maintainer-list.nix @@ -1036,6 +1036,12 @@ githubId = 1015044; name = "Brandon Carrell"; }; + bcc32 = { + email = "me@bcc32.com"; + github = "bcc32"; + githubId = 1239097; + name = "Aaron Zeng"; + }; bcdarwin = { email = "bcdarwin@gmail.com"; github = "bcdarwin"; From f58c4e236f92df8d7887ce3450a3989f80ae1f6c Mon Sep 17 00:00:00 2001 From: "Aaron L. Zeng" Date: Sun, 24 Jan 2021 13:28:12 -0500 Subject: [PATCH 11/15] ocamlPackages.postgresql: init at 4.6.3 --- .../ocaml-modules/postgresql/default.nix | 24 +++++++++++++++++++ pkgs/top-level/ocaml-packages.nix | 4 ++++ 2 files changed, 28 insertions(+) create mode 100644 pkgs/development/ocaml-modules/postgresql/default.nix diff --git a/pkgs/development/ocaml-modules/postgresql/default.nix b/pkgs/development/ocaml-modules/postgresql/default.nix new file mode 100644 index 00000000000..82875dbd8b3 --- /dev/null +++ b/pkgs/development/ocaml-modules/postgresql/default.nix @@ -0,0 +1,24 @@ +{ lib, fetchFromGitHub, buildDunePackage, postgresql }: + +buildDunePackage rec { + pname = "postgresql"; + version = "4.6.3"; + + minimumOCamlVersion = "4.08"; + + src = fetchFromGitHub { + owner = "mmottl"; + repo = "postgresql-ocaml"; + rev = version; + sha256 = "0fd96qqwkwjhv6pawk4wivwncszkif0sq05f0g5gd28jzwrsvpqr"; + }; + + buildInputs = [ postgresql ]; + + meta = { + description = "Bindings to the PostgreSQL library"; + license = lib.licenses.lgpl21Plus; + maintainers = with lib.maintainers; [ bcc32 ]; + homepage = "https://mmottl.github.io/postgresql-ocaml"; + }; +} diff --git a/pkgs/top-level/ocaml-packages.nix b/pkgs/top-level/ocaml-packages.nix index c3734ad9408..2dd4d6a0942 100644 --- a/pkgs/top-level/ocaml-packages.nix +++ b/pkgs/top-level/ocaml-packages.nix @@ -873,6 +873,10 @@ let posix-types = callPackage ../development/ocaml-modules/posix/types.nix { }; + postgresql = callPackage ../development/ocaml-modules/postgresql { + inherit (pkgs) postgresql; + }; + ppx_bitstring = callPackage ../development/ocaml-modules/bitstring/ppx.nix { }; ppxfind = callPackage ../development/ocaml-modules/ppxfind { }; From 5b13986979cd15a31c9cc963a17715f32ca3fd80 Mon Sep 17 00:00:00 2001 From: "Aaron L. Zeng" Date: Sat, 23 Jan 2021 22:22:59 -0500 Subject: [PATCH 12/15] ocamlPackages.mariadb: init at 1.1.4 --- .../ocaml-modules/mariadb/default.nix | 26 +++++++++++++++++++ pkgs/top-level/ocaml-packages.nix | 4 +++ 2 files changed, 30 insertions(+) create mode 100644 pkgs/development/ocaml-modules/mariadb/default.nix diff --git a/pkgs/development/ocaml-modules/mariadb/default.nix b/pkgs/development/ocaml-modules/mariadb/default.nix new file mode 100644 index 00000000000..ed3e5999b41 --- /dev/null +++ b/pkgs/development/ocaml-modules/mariadb/default.nix @@ -0,0 +1,26 @@ +{ stdenv, lib, fetchFromGitHub, buildOasisPackage +, ctypes, mariadb, libmysqlclient }: + +buildOasisPackage rec { + pname = "mariadb"; + version = "1.1.4"; + + minimumOCamlVersion = "4.07.0"; + + src = fetchFromGitHub { + owner = "andrenth"; + repo = "ocaml-mariadb"; + rev = version; + sha256 = "1rxqvxr6sv4x2hsi05qm9jz0asaq969m71db4ckl672rcql1kwbr"; + }; + + buildInputs = [ mariadb libmysqlclient ]; + propagatedBuildInputs = [ ctypes ]; + + meta = { + description = "OCaml bindings for MariaDB"; + license = lib.licenses.mit; + maintainers = with lib.maintainers; [ bcc32 ]; + homepage = "https://github.com/andrenth/ocaml-mariadb"; + }; +} diff --git a/pkgs/top-level/ocaml-packages.nix b/pkgs/top-level/ocaml-packages.nix index 2dd4d6a0942..1c987133167 100644 --- a/pkgs/top-level/ocaml-packages.nix +++ b/pkgs/top-level/ocaml-packages.nix @@ -564,6 +564,10 @@ let magick = callPackage ../development/ocaml-modules/magick { }; + mariadb = callPackage ../development/ocaml-modules/mariadb { + inherit (pkgs) mariadb; + }; + markup = callPackage ../development/ocaml-modules/markup { }; mdx = callPackage ../development/ocaml-modules/mdx { }; From 1b6764da4e600e66c896a6746ceaa038a40a8f2b Mon Sep 17 00:00:00 2001 From: "Aaron L. Zeng" Date: Sat, 23 Jan 2021 22:25:21 -0500 Subject: [PATCH 13/15] ocamlPackages.caqti*: init at 1.3.0 Except for caqti-type-calendar, whose most recent version number is 1.2.0. --- .../development/ocaml-modules/caqti/async.nix | 11 ++++++++ .../ocaml-modules/caqti/default.nix | 26 +++++++++++++++++++ .../ocaml-modules/caqti/driver-mariadb.nix | 13 ++++++++++ .../ocaml-modules/caqti/driver-postgresql.nix | 13 ++++++++++ .../ocaml-modules/caqti/driver-sqlite3.nix | 13 ++++++++++ .../ocaml-modules/caqti/dynload.nix | 13 ++++++++++ pkgs/development/ocaml-modules/caqti/lwt.nix | 11 ++++++++ .../ocaml-modules/caqti/type-calendar.nix | 14 ++++++++++ pkgs/top-level/ocaml-packages.nix | 16 ++++++++++++ 9 files changed, 130 insertions(+) create mode 100644 pkgs/development/ocaml-modules/caqti/async.nix create mode 100644 pkgs/development/ocaml-modules/caqti/default.nix create mode 100644 pkgs/development/ocaml-modules/caqti/driver-mariadb.nix create mode 100644 pkgs/development/ocaml-modules/caqti/driver-postgresql.nix create mode 100644 pkgs/development/ocaml-modules/caqti/driver-sqlite3.nix create mode 100644 pkgs/development/ocaml-modules/caqti/dynload.nix create mode 100644 pkgs/development/ocaml-modules/caqti/lwt.nix create mode 100644 pkgs/development/ocaml-modules/caqti/type-calendar.nix diff --git a/pkgs/development/ocaml-modules/caqti/async.nix b/pkgs/development/ocaml-modules/caqti/async.nix new file mode 100644 index 00000000000..0e0da6a94bb --- /dev/null +++ b/pkgs/development/ocaml-modules/caqti/async.nix @@ -0,0 +1,11 @@ +{ lib, buildDunePackage, async_kernel, async_unix, caqti, core_kernel }: + +buildDunePackage { + pname = "caqti-async"; + useDune2 = true; + inherit (caqti) version src; + + propagatedBuildInputs = [ async_kernel async_unix caqti core_kernel ]; + + meta = caqti.meta // { description = "Async support for Caqti"; }; +} diff --git a/pkgs/development/ocaml-modules/caqti/default.nix b/pkgs/development/ocaml-modules/caqti/default.nix new file mode 100644 index 00000000000..6df0af597c2 --- /dev/null +++ b/pkgs/development/ocaml-modules/caqti/default.nix @@ -0,0 +1,26 @@ +{ lib, fetchFromGitHub, buildDunePackage, cppo, logs, ptime, uri }: + +buildDunePackage rec { + pname = "caqti"; + version = "1.3.0"; + useDune2 = true; + + minimumOCamlVersion = "4.04"; + + src = fetchFromGitHub { + owner = "paurkedal"; + repo = "ocaml-${pname}"; + rev = "v${version}"; + sha256 = "1ksjchfjnh059wvd95my1sv9b0ild0dfaiynbf2xsaz7zg1y4xmw"; + }; + + buildInputs = [ cppo ]; + propagatedBuildInputs = [ logs ptime uri ]; + + meta = { + description = "Unified interface to relational database libraries"; + license = "LGPL-3.0-or-later WITH OCaml-LGPL-linking-exception"; + maintainers = with lib.maintainers; [ bcc32 ]; + homepage = "https://github.com/paurkedal/ocaml-caqti"; + }; +} diff --git a/pkgs/development/ocaml-modules/caqti/driver-mariadb.nix b/pkgs/development/ocaml-modules/caqti/driver-mariadb.nix new file mode 100644 index 00000000000..5f4f681540e --- /dev/null +++ b/pkgs/development/ocaml-modules/caqti/driver-mariadb.nix @@ -0,0 +1,13 @@ +{ lib, buildDunePackage, caqti, mariadb }: + +buildDunePackage { + pname = "caqti-driver-mariadb"; + useDune2 = true; + inherit (caqti) version src; + + propagatedBuildInputs = [ caqti mariadb ]; + + meta = caqti.meta // { + description = "MariaDB driver for Caqti using C bindings"; + }; +} diff --git a/pkgs/development/ocaml-modules/caqti/driver-postgresql.nix b/pkgs/development/ocaml-modules/caqti/driver-postgresql.nix new file mode 100644 index 00000000000..a1b427a5edf --- /dev/null +++ b/pkgs/development/ocaml-modules/caqti/driver-postgresql.nix @@ -0,0 +1,13 @@ +{ lib, buildDunePackage, caqti, postgresql }: + +buildDunePackage { + pname = "caqti-driver-postgresql"; + useDune2 = true; + inherit (caqti) version src; + + propagatedBuildInputs = [ caqti postgresql ]; + + meta = caqti.meta // { + description = "PostgreSQL driver for Caqti based on C bindings"; + }; +} diff --git a/pkgs/development/ocaml-modules/caqti/driver-sqlite3.nix b/pkgs/development/ocaml-modules/caqti/driver-sqlite3.nix new file mode 100644 index 00000000000..5282ba5ef50 --- /dev/null +++ b/pkgs/development/ocaml-modules/caqti/driver-sqlite3.nix @@ -0,0 +1,13 @@ +{ lib, buildDunePackage, caqti, ocaml_sqlite3 }: + +buildDunePackage { + pname = "caqti-driver-sqlite3"; + useDune2 = true; + inherit (caqti) version src; + + propagatedBuildInputs = [ caqti ocaml_sqlite3 ]; + + meta = caqti.meta // { + description = "Sqlite3 driver for Caqti using C bindings"; + }; +} diff --git a/pkgs/development/ocaml-modules/caqti/dynload.nix b/pkgs/development/ocaml-modules/caqti/dynload.nix new file mode 100644 index 00000000000..6ed86683728 --- /dev/null +++ b/pkgs/development/ocaml-modules/caqti/dynload.nix @@ -0,0 +1,13 @@ +{ lib, buildDunePackage, caqti }: + +buildDunePackage { + pname = "caqti-dynload"; + useDune2 = true; + inherit (caqti) version src; + + propagatedBuildInputs = [ caqti ]; + + meta = caqti.meta // { + description = "Dynamic linking of Caqti drivers using findlib.dynload"; + }; +} diff --git a/pkgs/development/ocaml-modules/caqti/lwt.nix b/pkgs/development/ocaml-modules/caqti/lwt.nix new file mode 100644 index 00000000000..f02fa377f80 --- /dev/null +++ b/pkgs/development/ocaml-modules/caqti/lwt.nix @@ -0,0 +1,11 @@ +{ lib, buildDunePackage, caqti, logs, lwt }: + +buildDunePackage { + pname = "caqti-lwt"; + useDune2 = true; + inherit (caqti) version src; + + propagatedBuildInputs = [ caqti logs lwt ]; + + meta = caqti.meta // { description = "Lwt support for Caqti"; }; +} diff --git a/pkgs/development/ocaml-modules/caqti/type-calendar.nix b/pkgs/development/ocaml-modules/caqti/type-calendar.nix new file mode 100644 index 00000000000..d2050e2cf47 --- /dev/null +++ b/pkgs/development/ocaml-modules/caqti/type-calendar.nix @@ -0,0 +1,14 @@ +{ lib, buildDunePackage, calendar, caqti }: + +buildDunePackage { + pname = "caqti-type-calendar"; + version = "1.2.0"; + useDune2 = true; + inherit (caqti) src; + + propagatedBuildInputs = [ calendar caqti ]; + + meta = caqti.meta // { + description = "Date and time field types using the calendar library"; + }; +} diff --git a/pkgs/top-level/ocaml-packages.nix b/pkgs/top-level/ocaml-packages.nix index 1c987133167..37e95baac9f 100644 --- a/pkgs/top-level/ocaml-packages.nix +++ b/pkgs/top-level/ocaml-packages.nix @@ -130,6 +130,22 @@ let cairo2 = callPackage ../development/ocaml-modules/cairo2 { }; + caqti = callPackage ../development/ocaml-modules/caqti { }; + + caqti-async = callPackage ../development/ocaml-modules/caqti/async.nix { }; + + caqti-driver-mariadb = callPackage ../development/ocaml-modules/caqti/driver-mariadb.nix { }; + + caqti-driver-postgresql = callPackage ../development/ocaml-modules/caqti/driver-postgresql.nix { }; + + caqti-driver-sqlite3 = callPackage ../development/ocaml-modules/caqti/driver-sqlite3.nix { }; + + caqti-dynload = callPackage ../development/ocaml-modules/caqti/dynload.nix { }; + + caqti-lwt = callPackage ../development/ocaml-modules/caqti/lwt.nix { }; + + caqti-type-calendar = callPackage ../development/ocaml-modules/caqti/type-calendar.nix { }; + cfstream = callPackage ../development/ocaml-modules/cfstream { }; charInfo_width = callPackage ../development/ocaml-modules/charInfo_width { }; From d6d4228b39b7bd71ea64f597359612ff9557f4f8 Mon Sep 17 00:00:00 2001 From: Michael Weiss Date: Fri, 29 Jan 2021 13:14:37 +0100 Subject: [PATCH 14/15] chromiumBeta: Backport a patch to fix the build The build was failing with: In file included from ../../third_party/blink/renderer/modules/webcodecs/audio_encoder.cc:7: In file included from ../../media/audio/audio_opus_encoder.h:16: gen/shim_headers/opus_shim/third_party/opus/src/include/opus.h:5:10: error: 'opus.h' file not found with include; use "quotes" instead #include ^~~~~~~~ "opus.h" [...] fatal error: too many errors emitted, stopping now [-ferror-limit=] 20 errors generated. [42272/44233] CXX obj/third_party/blink/renderer/modules/webcodecs/webcodecs/decoder_template.oo[K Note: This also fixes the ungoogled-chromium channel name in versionRange. --- .../networking/browsers/chromium/common.nix | 10 +++++++--- 1 file changed, 7 insertions(+), 3 deletions(-) diff --git a/pkgs/applications/networking/browsers/chromium/common.nix b/pkgs/applications/networking/browsers/chromium/common.nix index acf1e6a7ee6..7d54db22fa8 100644 --- a/pkgs/applications/networking/browsers/chromium/common.nix +++ b/pkgs/applications/networking/browsers/chromium/common.nix @@ -106,7 +106,7 @@ let versionRange = min-version: upto-version: let inherit (upstream-info) version; result = versionAtLeast version min-version && versionOlder version upto-version; - ungoogled-version = (importJSON ./upstream-info.json).ungoogled.version; + ungoogled-version = (importJSON ./upstream-info.json).ungoogled-chromium.version; in if versionAtLeast ungoogled-version upto-version then warn "chromium: ungoogled version ${ungoogled-version} is newer than a patchset bounded at ${upto-version}. You can safely delete it." result @@ -152,8 +152,12 @@ let patches = [ ./patches/no-build-timestamps.patch # Optional patch to use SOURCE_DATE_EPOCH in compute_build_timestamp.py (should be upstreamed) ./patches/widevine-79.patch # For bundling Widevine (DRM), might be replaceable via bundle_widevine_cdm=true in gnFlags - # ++ optional (versionRange "68" "72") ( githubPatch "" "0000000000000000000000000000000000000000000000000000000000000000" ) - ]; + # ++ optional (versionRange "68" "72") (githubPatch "" "0000000000000000000000000000000000000000000000000000000000000000") + ] ++ optional (versionRange "89" "90") (githubPatch + # To fix the build of chromiumBeta: + "b5b80df7dafba8cafa4c6c0ba2153dfda467dfc9" # add dependency on opus in webcodecs + "1r4wmwaxz5xbffmj5wspv2xj8s32j9p6jnwimjmalqg3al2ba64x" + ); postPatch = '' # remove unused third-party From 1d8c7f5499d922b3f6574cf3214ca81d94e2c637 Mon Sep 17 00:00:00 2001 From: Orivej Desh Date: Sat, 30 Jan 2021 11:28:36 +0000 Subject: [PATCH 15/15] python3Packages.pebble: init at 4.6.0 (#111276) --- .../python-modules/pebble/default.nix | 24 +++++++++++++++++++ pkgs/top-level/python-packages.nix | 2 ++ 2 files changed, 26 insertions(+) create mode 100644 pkgs/development/python-modules/pebble/default.nix diff --git a/pkgs/development/python-modules/pebble/default.nix b/pkgs/development/python-modules/pebble/default.nix new file mode 100644 index 00000000000..68aa1ba9707 --- /dev/null +++ b/pkgs/development/python-modules/pebble/default.nix @@ -0,0 +1,24 @@ +{ lib, buildPythonPackage, isPy27, fetchPypi, pytestCheckHook }: + +buildPythonPackage rec { + pname = "pebble"; + version = "4.6.0"; + disabled = isPy27; + + src = fetchPypi { + pname = "Pebble"; + inherit version; + sha256 = "0a595f7mrf89xlck9b2x83bqybc9zd9jxkl0sa5cf19vax18rg8h"; + }; + + checkInputs = [ + pytestCheckHook + ]; + + meta = with lib; { + description = "API to manage threads and processes within an application"; + homepage = "https://github.com/noxdafox/pebble"; + license = licenses.lgpl3Plus; + maintainers = with maintainers; [ orivej ]; + }; +} diff --git a/pkgs/top-level/python-packages.nix b/pkgs/top-level/python-packages.nix index e2bf63d4764..0e91c6972f0 100644 --- a/pkgs/top-level/python-packages.nix +++ b/pkgs/top-level/python-packages.nix @@ -4749,6 +4749,8 @@ in { pdoc3 = callPackage ../development/python-modules/pdoc3 { }; + pebble = callPackage ../development/python-modules/pebble { }; + pecan = callPackage ../development/python-modules/pecan { }; peewee = callPackage ../development/python-modules/peewee { };