diff --git a/doc/contributing/submitting-changes.chapter.md b/doc/contributing/submitting-changes.chapter.md
index 44e981f12a5..13f15b929cf 100644
--- a/doc/contributing/submitting-changes.chapter.md
+++ b/doc/contributing/submitting-changes.chapter.md
@@ -68,15 +68,16 @@
Security fixes are submitted in the same way as other changes and thus the same guidelines apply.
-If the security fix comes in the form of a patch and a CVE is available, then the name of the patch should be the CVE identifier, so e.g. `CVE-2019-13636.patch` in the case of a patch that is included in the Nixpkgs tree. If a patch is fetched the name needs to be set as well, e.g.:
-
-```nix
-(fetchpatch {
- name = "CVE-2019-11068.patch";
- url = "https://gitlab.gnome.org/GNOME/libxslt/commit/e03553605b45c88f0b4b2980adfbbb8f6fca2fd6.patch";
- sha256 = "0pkpb4837km15zgg6h57bncp66d5lwrlvkr73h0lanywq7zrwhj8";
-})
-```
+- If a new version fixing the vulnerability has been released, update the package;
+- If the security fix comes in the form of a patch and a CVE is available, then add the patch to the Nixpkgs tree, and apply it to the package.
+ The name of the patch should be the CVE identifier, so e.g. `CVE-2019-13636.patch`; If a patch is fetched the name needs to be set as well, e.g.:
+ ```nix
+ (fetchpatch {
+ name = "CVE-2019-11068.patch";
+ url = "https://gitlab.gnome.org/GNOME/libxslt/commit/e03553605b45c88f0b4b2980adfbbb8f6fca2fd6.patch";
+ sha256 = "0pkpb4837km15zgg6h57bncp66d5lwrlvkr73h0lanywq7zrwhj8";
+ })
+ ```
If a security fix applies to both master and a stable release then, similar to regular changes, they are preferably delivered via master first and cherry-picked to the release branch.
diff --git a/doc/contributing/vulnerability-roundup.chapter.md b/doc/contributing/vulnerability-roundup.chapter.md
new file mode 100644
index 00000000000..d451420f981
--- /dev/null
+++ b/doc/contributing/vulnerability-roundup.chapter.md
@@ -0,0 +1,45 @@
+# Vulnerability Roundup {#chap-vulnerability-roundup}
+
+## Issues {#vulnerability-roundup-issues}
+
+Vulnerable packages in Nixpkgs are managed using issues.
+Currently opened ones can be found using the following:
+
+[github.com/NixOS/nixpkgs/issues?q=is:issue+is:open+"Vulnerability+roundup"](https://github.com/NixOS/nixpkgs/issues?q=is%3Aissue+is%3Aopen+%22Vulnerability+roundup%22)
+
+Each issue correspond to a vulnerable version of a package; As a consequence:
+
+- One issue can contain several CVEs;
+- One CVE can be shared across several issues;
+- A single package can be concerned by several issues.
+
+
+A "Vulnerability roundup" issue usually respects the following format:
+
+```txt
+,
+
+
+
+
+
+
+```
+
+Note that there can be an extra comment containing links to previously reported (and still open) issues for the same package.
+
+
+## Triaging and Fixing {#vulnerability-roundup-triaging-and-fixing}
+
+**Note**: An issue can be a "false positive" (i.e. automatically opened, but without the package it refers to being actually vulnerable).
+If you find such a "false positive", comment on the issue an explanation of why it falls into this category, linking as much information as the necessary to help maintainers double check.
+
+If you are investigating a "true positive":
+
+- Find the earliest patched version or a code patch in the CVE details;
+- Is the issue already patched (version up-to-date or patch applied manually) in Nixpkgs's `master` branch?
+ - **No**:
+ - [Submit a security fix](#submitting-changes-submitting-security-fixes);
+ - Once the fix is merged into `master`, [submit the change to the vulnerable release branch(es)](https://nixos.org/manual/nixpkgs/stable/#submitting-changes-stable-release-branches);
+ - **Yes**: [Backport the change to the vulnerable release branch(es)](https://nixos.org/manual/nixpkgs/stable/#submitting-changes-stable-release-branches).
+- When the patch has made it into all the relevant branches (`master`, and the vulnerable releases), close the relevant issue(s).
diff --git a/doc/manual.xml b/doc/manual.xml
index 375e2394ff4..1c5a7bbcaa9 100644
--- a/doc/manual.xml
+++ b/doc/manual.xml
@@ -35,6 +35,7 @@
+
diff --git a/nixos/modules/module-list.nix b/nixos/modules/module-list.nix
index 21f421abfec..07774dd1d29 100644
--- a/nixos/modules/module-list.nix
+++ b/nixos/modules/module-list.nix
@@ -155,6 +155,7 @@
./programs/nm-applet.nix
./programs/npm.nix
./programs/oblogout.nix
+ ./programs/partition-manager.nix
./programs/plotinus.nix
./programs/proxychains.nix
./programs/qt5ct.nix
diff --git a/nixos/modules/programs/partition-manager.nix b/nixos/modules/programs/partition-manager.nix
new file mode 100644
index 00000000000..1be2f0a69a1
--- /dev/null
+++ b/nixos/modules/programs/partition-manager.nix
@@ -0,0 +1,19 @@
+{ config, lib, pkgs, ... }:
+
+with lib;
+
+{
+ meta.maintainers = [ maintainers.oxalica ];
+
+ ###### interface
+ options = {
+ programs.partition-manager.enable = mkEnableOption "KDE Partition Manager";
+ };
+
+ ###### implementation
+ config = mkIf config.programs.partition-manager.enable {
+ services.dbus.packages = [ pkgs.libsForQt5.kpmcore ];
+ # `kpmcore` need to be installed to pull in polkit actions.
+ environment.systemPackages = [ pkgs.libsForQt5.kpmcore pkgs.partition-manager ];
+ };
+}
diff --git a/nixos/modules/system/boot/systemd-lib.nix b/nixos/modules/system/boot/systemd-lib.nix
index 6051a428574..2dbf15031a0 100644
--- a/nixos/modules/system/boot/systemd-lib.nix
+++ b/nixos/modules/system/boot/systemd-lib.nix
@@ -182,18 +182,7 @@ in rec {
# upstream unit.
for i in ${toString (mapAttrsToList (n: v: v.unit) units)}; do
fn=$(basename $i/*)
-
- case $fn in
- # if file name is a template specialization, use the template's name
- *@?*.service)
- # remove @foo.service and replace it with @.service
- ofn="''${fn%@*.service}@.service"
- ;;
- *)
- ofn="$fn"
- esac
-
- if [ -e $out/$ofn ]; then
+ if [ -e $out/$fn ]; then
if [ "$(readlink -f $i/$fn)" = /dev/null ]; then
ln -sfn /dev/null $out/$fn
else
diff --git a/nixos/tests/systemd-template-override.nix b/nixos/tests/systemd-template-override.nix
deleted file mode 100644
index d8ef4a6c1c9..00000000000
--- a/nixos/tests/systemd-template-override.nix
+++ /dev/null
@@ -1,41 +0,0 @@
-import ./make-test-python.nix {
- name = "systemd-template-override";
-
- machine = { pkgs, lib, ... }: let
- touchTmp = pkgs.writeTextFile {
- name = "touch-tmp@.service";
- text = ''
- [Service]
- Type=oneshot
- ExecStart=${pkgs.coreutils}/bin/touch /tmp/%I
- '';
- destination = "/etc/systemd/system/touch-tmp@.service";
- };
- in {
- systemd.packages = [ touchTmp ];
-
- systemd.services."touch-tmp@forbidden" = {
- serviceConfig.ExecStart = [ "" ''
- ${pkgs.coreutils}/bin/true
- ''];
- };
-
- systemd.services."touch-tmp@intercept" = {
- serviceConfig.ExecStart = [ "" ''
- ${pkgs.coreutils}/bin/touch /tmp/renamed
- ''];
- };
- };
-
- testScript = ''
- machine.wait_for_unit("default.target")
-
- machine.succeed("systemctl start touch-tmp@normal")
- machine.succeed("systemctl start touch-tmp@forbbidden")
- machine.succeed("systemctl start touch-tmp@intercept")
-
- machine.succeed("[ -e /tmp/normal ]")
- machine.succeed("[ ! -e /tmp/forbidden ]")
- machine.succeed("[ -e /tmp/renamed ]")
- '';
-}
diff --git a/pkgs/applications/audio/samplv1/default.nix b/pkgs/applications/audio/samplv1/default.nix
index 4b06a99d473..8f0a4808121 100644
--- a/pkgs/applications/audio/samplv1/default.nix
+++ b/pkgs/applications/audio/samplv1/default.nix
@@ -5,11 +5,11 @@
mkDerivation rec {
pname = "samplv1";
- version = "0.9.18";
+ version = "0.9.20";
src = fetchurl {
url = "mirror://sourceforge/samplv1/${pname}-${version}.tar.gz";
- sha256 = "ePhM9OTLJp1Wa2D9Y1Dqq/69WlEhEp3ih9yNUIJU5Y4=";
+ sha256 = "sha256-9tm72lV9i/155TVweNwO2jpPsCJkh6r82g7Z1wCI1ho=";
};
nativeBuildInputs = [ qttools pkg-config ];
diff --git a/pkgs/applications/networking/browsers/chromium/upstream-info.json b/pkgs/applications/networking/browsers/chromium/upstream-info.json
index 667d872ac62..da36f2de68e 100644
--- a/pkgs/applications/networking/browsers/chromium/upstream-info.json
+++ b/pkgs/applications/networking/browsers/chromium/upstream-info.json
@@ -31,15 +31,15 @@
}
},
"dev": {
- "version": "91.0.4442.4",
- "sha256": "0cmm2pimkghb6s956bkqf2k77lj69dz51nlydgkqbvw0sc8n784k",
- "sha256bin64": "1hbfx8n51p7dwwz1vbp94jdmlb96vvxrbql2af4kmvx1bmzr2ism",
+ "version": "91.0.4449.6",
+ "sha256": "1y6z7p64fi4dxyrxrnlmg0wwczgw58cinrsywhnrpl2wp2y3v6m3",
+ "sha256bin64": "1baxra0hg981awinyyvm1x46rlskjmhs2m1h0zf72l11y1jyj5vc",
"deps": {
"gn": {
- "version": "2021-02-09",
+ "version": "2021-03-12",
"url": "https://gn.googlesource.com/gn",
- "rev": "dfcbc6fed0a8352696f92d67ccad54048ad182b3",
- "sha256": "1941bzg37c4dpsk3sh6ga3696gpq6vjzpcw9rsnf6kdr9mcgdxvn"
+ "rev": "64b3b9401c1c3ed5f3c43c1cac00b91f83597ab8",
+ "sha256": "14whk4gyx21cqxy1560xm8p1mc1581dh9g7xy120g8vvcylknjlm"
}
}
},
diff --git a/pkgs/applications/networking/instant-messengers/deltachat-electron/default.nix b/pkgs/applications/networking/instant-messengers/deltachat-electron/default.nix
index c579220cdde..396dec1cd09 100644
--- a/pkgs/applications/networking/instant-messengers/deltachat-electron/default.nix
+++ b/pkgs/applications/networking/instant-messengers/deltachat-electron/default.nix
@@ -2,12 +2,12 @@
let
pname = "deltachat-electron";
- version = "1.15.2";
+ version = "1.15.3";
name = "${pname}-${version}";
src = fetchurl {
url = "https://download.delta.chat/desktop/v${version}/DeltaChat-${version}.AppImage";
- sha256 = "sha256-iw2tU8qqXWbtEdLGlW8HNBHx8F2CgnCGCBUWpM407us=";
+ sha256 = "sha256-cYb0uruuWpNr1jF5WZ48quBZRIVXiHr99mLPLKMOX5M=";
};
appimageContents = appimageTools.extract { inherit name src; };
diff --git a/pkgs/applications/networking/instant-messengers/pidgin-plugins/carbons/default.nix b/pkgs/applications/networking/instant-messengers/pidgin-plugins/carbons/default.nix
index 46f8458f153..f702a667ae1 100644
--- a/pkgs/applications/networking/instant-messengers/pidgin-plugins/carbons/default.nix
+++ b/pkgs/applications/networking/instant-messengers/pidgin-plugins/carbons/default.nix
@@ -2,13 +2,13 @@
stdenv.mkDerivation rec {
pname = "pidgin-carbons";
- version = "0.2.2";
+ version = "0.2.3";
src = fetchFromGitHub {
owner = "gkdr";
repo = "carbons";
rev = "v${version}";
- sha256 = "1aq9bwgpmbwrigq6ywf0pjkngqcm0qxncygaj1fi57npjhcjs6ln";
+ sha256 = "sha256-qiyIvmJbRmCrAi/93UxDVtO76nSdtzUVfT/sZGxxAh8=";
};
makeFlags = [ "PURPLE_PLUGIN_DIR=$(out)/lib/pidgin" ];
diff --git a/pkgs/applications/science/electronics/gtkwave/default.nix b/pkgs/applications/science/electronics/gtkwave/default.nix
index 971891a5b01..3a3994d9ad6 100644
--- a/pkgs/applications/science/electronics/gtkwave/default.nix
+++ b/pkgs/applications/science/electronics/gtkwave/default.nix
@@ -2,11 +2,11 @@
stdenv.mkDerivation rec {
pname = "gtkwave";
- version = "3.3.107";
+ version = "3.3.108";
src = fetchurl {
url = "mirror://sourceforge/gtkwave/${pname}-gtk3-${version}.tar.gz";
- sha256 = "0ma30jyc94iid3v3m8aw4i2lyiqfxkpsdvdmmaibynk400cbzivl";
+ sha256 = "sha256-LtlexZKih+Si/pH3oQpWdpzfZ6j+41Otgfx7nLMfFSQ=";
};
nativeBuildInputs = [ pkg-config wrapGAppsHook ];
diff --git a/pkgs/applications/video/clipgrab/default.nix b/pkgs/applications/video/clipgrab/default.nix
index 6db2450d136..b24ff43ac67 100644
--- a/pkgs/applications/video/clipgrab/default.nix
+++ b/pkgs/applications/video/clipgrab/default.nix
@@ -5,10 +5,10 @@
mkDerivation rec {
pname = "clipgrab";
- version = "3.9.5";
+ version = "3.9.6";
src = fetchurl {
- sha256 = "1p8pqa5s70basdm2zpmahc54shsxrr0fr7chvv425n5a9sqba4dh";
+ sha256 = "sha256-1rQu2Gh9PKSbC0tuQxLwFhzy280z4obpa+eXvDBzDW0=";
# The .tar.bz2 "Download" link is a binary blob, the source is the .tar.gz!
url = "https://download.clipgrab.org/${pname}-${version}.tar.gz";
};
diff --git a/pkgs/development/libraries/cutelyst/default.nix b/pkgs/development/libraries/cutelyst/default.nix
index 80ec1986f8c..9f7d020feaf 100644
--- a/pkgs/development/libraries/cutelyst/default.nix
+++ b/pkgs/development/libraries/cutelyst/default.nix
@@ -4,13 +4,13 @@
stdenv.mkDerivation rec {
pname = "cutelyst";
- version = "2.14.0";
+ version = "2.14.2";
src = fetchFromGitHub {
owner = "cutelyst";
repo = "cutelyst";
rev = "v${version}";
- sha256 = "sha256-RidUZqDnzRrgW/7LVF+BF01zNcf1cJ/kS7OF/t1Q65c=";
+ sha256 = "sha256-JUffOeUTeaZvEssP5hfSGipeRuQ7FzLF4bOizCFhe5o=";
};
nativeBuildInputs = [ cmake pkg-config wrapQtAppsHook ];
diff --git a/pkgs/development/libraries/kpmcore/default.nix b/pkgs/development/libraries/kpmcore/default.nix
index 315a38197a1..c3621d37587 100644
--- a/pkgs/development/libraries/kpmcore/default.nix
+++ b/pkgs/development/libraries/kpmcore/default.nix
@@ -1,25 +1,38 @@
-{ stdenv, lib, fetchurl, extra-cmake-modules
-, qtbase, kio
-, libatasmart, parted
-, util-linux }:
+{ stdenv, lib, fetchurl, fetchpatch, extra-cmake-modules
+, qca-qt5, kauth, kio, polkit-qt, qtbase
+, util-linux
+}:
stdenv.mkDerivation rec {
pname = "kpmcore";
- version = "3.3.0";
+ # NOTE: When changing this version, also change the version of `partition-manager`.
+ version = "4.2.0";
src = fetchurl {
url = "mirror://kde/stable/${pname}/${version}/src/${pname}-${version}.tar.xz";
- sha256 = "0s6v0jfrhjg31ri5p6h9n4w29jvasf5dj954j3vfpzl91lygmmmq";
+ hash = "sha256-MvW0CqvFZtzcJlya6DIpzorPbKJai6fxt7nKsKpJn54=";
};
+ patches = [
+ # Fix build with `kcoreaddons` >= 5.77.0
+ (fetchpatch {
+ url = "https://github.com/KDE/kpmcore/commit/07e5a3ac2858e6d38cc698e0f740e7a693e9f302.patch";
+ sha256 = "sha256-LYzea888euo2HXM+acWaylSw28iwzOdZBvPBt/gjP1s=";
+ })
+ # Fix crash when `fstab` omits mount options.
+ (fetchpatch {
+ url = "https://github.com/KDE/kpmcore/commit/eea84fb60525803a789e55bb168afb968464c130.patch";
+ sha256 = "sha256-NJ3PvyRC6SKNSOlhJPrDDjepuw7IlAoufPgvml3fap0=";
+ })
+ ];
+
buildInputs = [
- qtbase
- libatasmart
- parted # we only need the library
-
+ qca-qt5
+ kauth
kio
+ polkit-qt
- util-linux # needs blkid (note that this is not provided by util-linux-compat)
+ util-linux # Needs blkid in configure script (note that this is not provided by util-linux-compat)
];
nativeBuildInputs = [ extra-cmake-modules ];
@@ -27,8 +40,11 @@ stdenv.mkDerivation rec {
dontWrapQtApps = true;
meta = with lib; {
- maintainers = with lib.maintainers; [ peterhoeg ];
+ description = "KDE Partition Manager core library";
+ homepage = "https://invent.kde.org/system/kpmcore";
+ license = with licenses; [ cc-by-40 cc0 gpl3Plus mit ];
+ maintainers = with maintainers; [ peterhoeg oxalica ];
# The build requires at least Qt 5.14:
- broken = lib.versionOlder qtbase.version "5.14";
+ broken = versionOlder qtbase.version "5.14";
};
}
diff --git a/pkgs/development/ocaml-modules/bitstring/default.nix b/pkgs/development/ocaml-modules/bitstring/default.nix
index 583017d9dde..12ed4ae787d 100644
--- a/pkgs/development/ocaml-modules/bitstring/default.nix
+++ b/pkgs/development/ocaml-modules/bitstring/default.nix
@@ -2,7 +2,7 @@
buildDunePackage rec {
pname = "bitstring";
- version = "4.0.1";
+ version = "4.1.0";
useDune2 = true;
@@ -10,7 +10,7 @@ buildDunePackage rec {
owner = "xguerin";
repo = pname;
rev = "v${version}";
- sha256 = "1z7jmgljvp52lvn3ml2cp6gssxqp4sikwyjf6ym97cycbcw0fjjm";
+ sha256 = "0mghsl8b2zd2676mh1r9142hymhvzy9cw8kgkjmirxkn56wbf56b";
};
propagatedBuildInputs = [ stdlib-shims ];
diff --git a/pkgs/development/ocaml-modules/bitstring/ppx.nix b/pkgs/development/ocaml-modules/bitstring/ppx.nix
index ee0a8c51f73..4d391d3458d 100644
--- a/pkgs/development/ocaml-modules/bitstring/ppx.nix
+++ b/pkgs/development/ocaml-modules/bitstring/ppx.nix
@@ -3,6 +3,10 @@
, ounit
}:
+if !lib.versionAtLeast ppxlib.version "0.18.0"
+then throw "ppx_bitstring is not available with ppxlib-${ppxlib.version}"
+else
+
buildDunePackage rec {
pname = "ppx_bitstring";
inherit (bitstring) version useDune2 src;
diff --git a/pkgs/development/ocaml-modules/ppx_import/default.nix b/pkgs/development/ocaml-modules/ppx_import/default.nix
index b5651a8cec2..4ad26ff0862 100644
--- a/pkgs/development/ocaml-modules/ppx_import/default.nix
+++ b/pkgs/development/ocaml-modules/ppx_import/default.nix
@@ -1,27 +1,28 @@
-{ lib, fetchurl, buildDunePackage, ocaml
-, ounit, ppx_deriving, ppx_tools_versioned
-, ppxlib, ocaml-migrate-parsetree
+{ lib, fetchurl, buildDunePackage
+, ppx_tools_versioned
+, ocaml-migrate-parsetree
+, ounit, ppx_deriving, ppxlib
}:
buildDunePackage rec {
pname = "ppx_import";
- version = "1.7.1";
+ version = "1.8.0";
useDune2 = true;
minimumOCamlVersion = "4.04";
src = fetchurl {
- url = "https://github.com/ocaml-ppx/ppx_import/releases/download/v${version}/ppx_import-v${version}.tbz";
- sha256 = "16dyxfb7syz659rqa7yq36ny5vzl7gkqd7f4m6qm2zkjc1gc8j4v";
+ url = "https://github.com/ocaml-ppx/ppx_import/releases/download/v${version}/ppx_import-${version}.tbz";
+ sha256 = "0zqcj70yyp4ik4jc6jz3qs2xhb94vxc6yq9ij0d5cyak28klc3gv";
};
propagatedBuildInputs = [
- ppxlib ppx_tools_versioned ocaml-migrate-parsetree
+ ppx_tools_versioned ocaml-migrate-parsetree
];
doCheck = true;
- checkInputs = [ ounit ppx_deriving ];
+ checkInputs = [ ounit ppx_deriving ppxlib ];
meta = {
description = "A syntax extension that allows to pull in types or signatures from other compiled interface files";
diff --git a/pkgs/development/python-modules/databricks-cli/default.nix b/pkgs/development/python-modules/databricks-cli/default.nix
index 54cec0f98ad..547b9a3af7a 100644
--- a/pkgs/development/python-modules/databricks-cli/default.nix
+++ b/pkgs/development/python-modules/databricks-cli/default.nix
@@ -9,11 +9,11 @@
buildPythonPackage rec {
pname = "databricks-cli";
- version = "0.14.2";
+ version = "0.14.3";
src = fetchPypi {
inherit pname version;
- sha256 = "9e956f0efb7aad100d9963f223db986392cf2dc3e9922f2f83e55d372e84ef16";
+ sha256 = "bdf89a3917a3f8f8b99163e38d40e66dc478c7408954747f145cd09816b05e2c";
};
checkInputs = [
diff --git a/pkgs/development/python-modules/gradient/default.nix b/pkgs/development/python-modules/gradient/default.nix
index 05a590e52fe..c74501c621e 100644
--- a/pkgs/development/python-modules/gradient/default.nix
+++ b/pkgs/development/python-modules/gradient/default.nix
@@ -7,11 +7,11 @@
buildPythonPackage rec {
pname = "gradient";
- version = "1.4.2";
+ version = "1.4.3";
src = fetchPypi {
inherit pname version;
- sha256 = "2ed10db306d4c8632b7d04d71d44a04331a6e80e5ebab7296a98e67e8a50fb71";
+ sha256 = "a8fa91669c97440049132119019e90d0a9cf09e96352cf43c7c6ca244894bd4e";
};
postPatch = ''
diff --git a/pkgs/development/python-modules/jenkins-job-builder/default.nix b/pkgs/development/python-modules/jenkins-job-builder/default.nix
index 7d4f6dd9363..3ae6bf84ae4 100644
--- a/pkgs/development/python-modules/jenkins-job-builder/default.nix
+++ b/pkgs/development/python-modules/jenkins-job-builder/default.nix
@@ -10,11 +10,11 @@
buildPythonPackage rec {
pname = "jenkins-job-builder";
- version = "3.8.0";
+ version = "3.9.0";
src = fetchPypi {
inherit pname version;
- sha256 = "sha256-uRyeRP1y3GS7tXb0kHLBi7+trJRme/Ke3xgOY+LqZ6k=";
+ sha256 = "4a53e146843d567c375c2e61e70a840d75a412402fd78c1dd3da5642a6aaa375";
};
postPatch = ''
diff --git a/pkgs/development/tools/misc/cproto/default.nix b/pkgs/development/tools/misc/cproto/default.nix
index 5ee1a64f2c2..84890f16623 100644
--- a/pkgs/development/tools/misc/cproto/default.nix
+++ b/pkgs/development/tools/misc/cproto/default.nix
@@ -2,7 +2,7 @@
stdenv.mkDerivation rec {
pname = "cproto";
- version = "4.7q";
+ version = "4.7r";
src = fetchurl {
urls = [
@@ -10,7 +10,7 @@ stdenv.mkDerivation rec {
# No version listings and apparently no versioned tarball over http(s).
"ftp://ftp.invisible-island.net/cproto/cproto-${version}.tgz"
];
- sha256 = "138n5j6lkanbbdcs63irzxny4nfgp0zk66z621xjbnybf920svpk";
+ sha256 = "sha256-bgRg2yVZXHobUz8AUaV4ZKBkp2KjP+2oXbDXmPTUX8U=";
};
# patch made by Joe Khoobyar copied from gentoo bugs
diff --git a/pkgs/games/cbonsai/default.nix b/pkgs/games/cbonsai/default.nix
index 9e318b92fa9..c817b5d36b5 100644
--- a/pkgs/games/cbonsai/default.nix
+++ b/pkgs/games/cbonsai/default.nix
@@ -1,14 +1,14 @@
{ stdenv, lib, fetchFromGitLab, ncurses, pkg-config, nix-update-script }:
stdenv.mkDerivation rec {
- version = "1.0.1";
+ version = "1.0.4";
pname = "cbonsai";
src = fetchFromGitLab {
owner = "jallbrit";
repo = pname;
rev = "v${version}";
- sha256 = "sha256-UTjbc0kGHOQse4sZF94p4LAwMk9vsZg1QHq8iuDcTDk=";
+ sha256 = "sha256-5yyvisExf4Minyr1ApJQ2SoctfjhdU6kEbgBGgHDtCg=";
};
nativeBuildInputs = [ pkg-config ];
diff --git a/pkgs/os-specific/linux/pax-utils/default.nix b/pkgs/os-specific/linux/pax-utils/default.nix
index f69b2bd7fce..40159cd2acd 100644
--- a/pkgs/os-specific/linux/pax-utils/default.nix
+++ b/pkgs/os-specific/linux/pax-utils/default.nix
@@ -2,11 +2,11 @@
stdenv.mkDerivation rec {
pname = "pax-utils";
- version = "1.2.6";
+ version = "1.2.8";
src = fetchurl {
url = "http://distfiles.gentoo.org/distfiles/${pname}-${version}.tar.xz";
- sha256 = "08bzvgv1z3371sqf7zlm9i0b1y3wdymj2dqdvzvf192k3nix4hlp";
+ sha256 = "sha256-urTIhG4dLMNmnPqSMdIdszWEHX1Y+eGc0Jn+bOYmsVc=";
};
makeFlags = [ "PREFIX=$(out)" ];
diff --git a/pkgs/servers/matterbridge/default.nix b/pkgs/servers/matterbridge/default.nix
index 6d12ac84d90..4235c7e26b1 100644
--- a/pkgs/servers/matterbridge/default.nix
+++ b/pkgs/servers/matterbridge/default.nix
@@ -2,7 +2,7 @@
buildGoModule rec {
pname = "matterbridge";
- version = "1.21.0";
+ version = "1.22.0";
vendorSha256 = null;
@@ -10,7 +10,7 @@ buildGoModule rec {
src = fetchurl {
url = "https://github.com/42wim/matterbridge/archive/v${version}.tar.gz";
- sha256 = "sha256-ehn6KdPpDpfdyWCVfLuZLq2dDmZXc6InlnovqNsdG6Y=";
+ sha256 = "sha256-jwatqxQh4t4tgNiOEjS9vxIM+9XtnH8QNch887+xDnI=";
};
meta = with lib; {
diff --git a/pkgs/servers/mattermost/default.nix b/pkgs/servers/mattermost/default.nix
index f63f76efaba..6a7ba06df88 100644
--- a/pkgs/servers/mattermost/default.nix
+++ b/pkgs/servers/mattermost/default.nix
@@ -1,7 +1,7 @@
{ lib, stdenv, fetchurl, fetchFromGitHub, buildGoPackage, buildEnv }:
let
- version = "5.25.3";
+ version = "5.32.1";
mattermost-server = buildGoPackage rec {
pname = "mattermost-server";
@@ -11,7 +11,7 @@ let
owner = "mattermost";
repo = "mattermost-server";
rev = "v${version}";
- sha256 = "03xcwlbb9ff5whsdn2m3kqskxpwpfciikjjndbhksc8k8963z07j";
+ sha256 = "BssrTfkIxUbXYXIfz9i+5b4rEYSzBim+/riK78m8Bxo=";
};
goPackagePath = "github.com/mattermost/mattermost-server";
@@ -29,7 +29,7 @@ let
src = fetchurl {
url = "https://releases.mattermost.com/${version}/mattermost-${version}-linux-amd64.tar.gz";
- sha256 = "1p1qxzrd6rj1i43vj18ysknrw2v02s7llx94nrdd5lk10ayzmg63";
+ sha256 = "kRerl3fYRTrotj86AIFSor3GpjhABkCmego1ms9HmkQ=";
};
installPhase = ''
diff --git a/pkgs/servers/monitoring/grafana/default.nix b/pkgs/servers/monitoring/grafana/default.nix
index dc7ca728f2c..9bf10165e00 100644
--- a/pkgs/servers/monitoring/grafana/default.nix
+++ b/pkgs/servers/monitoring/grafana/default.nix
@@ -2,7 +2,7 @@
buildGoModule rec {
pname = "grafana";
- version = "7.4.3";
+ version = "7.4.5";
excludedPackages = [ "release_publisher" ];
@@ -10,15 +10,15 @@ buildGoModule rec {
rev = "v${version}";
owner = "grafana";
repo = "grafana";
- sha256 = "sha256-FPQa6q1ks9Lpod5sI29YBnGZvVRU12hTiw6GR85/mEs=";
+ sha256 = "10pnwd4d19ry7w2x46acc3j8gjn73b45fzc579gz1hc8hx2b3s0s";
};
srcStatic = fetchurl {
url = "https://dl.grafana.com/oss/release/grafana-${version}.linux-amd64.tar.gz";
- sha256 = "sha256-idbG+K9NVnNhEB0f7DfP7iaEnHMf59ieQtYnmT6CvVM=";
+ sha256 = "1x9jx3ww37cn6r6cn6gqlavmllxydks23vm8w4934bv8zppj1zwz";
};
- vendorSha256 = "sha256-LL+EkDZbbaNo/fPMGlPsB8jgBYHoe6SdkBbQoW5y4EU=";
+ vendorSha256 = "0ig0f9pa3l0nj2fs8yz8h42y1j07xi9imk7kzmla6vav6s889grc";
postPatch = ''
substituteInPlace pkg/cmd/grafana-server/main.go \
diff --git a/pkgs/tools/misc/nncp/default.nix b/pkgs/tools/misc/nncp/default.nix
index 4469f130b58..4c03172d9af 100644
--- a/pkgs/tools/misc/nncp/default.nix
+++ b/pkgs/tools/misc/nncp/default.nix
@@ -1,6 +1,7 @@
{ lib, stdenv
, go
, fetchurl
+, redo-apenwarr
, curl
, perl
, genericUpdater
@@ -9,24 +10,33 @@
stdenv.mkDerivation rec {
pname = "nncp";
- version = "5.3.3";
+ version = "6.2.0";
src = fetchurl {
url = "http://www.nncpgo.org/download/${pname}-${version}.tar.xz";
- sha256 = "1l35ndzrvpfim29jn1p0bwmc8w892z44nsrdnay28k229r9dhz3h";
+ sha256 = "1zj0v82zqigcxhpc50mvafvi1ihs92ck35vjfrwb7wzzd7nysb17";
};
- nativeBuildInputs = [ go ];
+ nativeBuildInputs = [ go redo-apenwarr ];
- preConfigure = ''
+ buildPhase = ''
+ runHook preBuild
export GOCACHE=$PWD/.cache
+ export CFGPATH=/etc/nncp.hjson
+ export SENDMAIL=sendmail # default value for generated config file
+ redo ''${enableParallelBuilding:+-j''${NIX_BUILD_CORES}}
+ runHook postBuild
'';
- makeFlags = [
- "PREFIX=${placeholder "out"}"
- "CFGPATH=/etc/nncp.hjson"
- "SENDMAIL=/run/wrappers/bin/sendmail"
- ];
+ installPhase = ''
+ runHook preInstall
+ export PREFIX=$out
+ rm -f INSTALL # work around case insensitivity
+ redo install
+ runHook postInstall
+ '';
+
+ enableParallelBuilding = true;
passthru.updateScript = genericUpdater {
inherit pname version;
@@ -54,7 +64,7 @@ stdenv.mkDerivation rec {
transmission exists.
'';
homepage = "http://www.nncpgo.org/";
- license = licenses.gpl3;
+ license = licenses.gpl3Only;
platforms = platforms.all;
maintainers = [ maintainers.woffs ];
};
diff --git a/pkgs/tools/misc/partition-manager/default.nix b/pkgs/tools/misc/partition-manager/default.nix
index 845c0fec921..064590ef979 100644
--- a/pkgs/tools/misc/partition-manager/default.nix
+++ b/pkgs/tools/misc/partition-manager/default.nix
@@ -1,30 +1,66 @@
-{ mkDerivation, fetchurl, lib
+{ mkDerivation, fetchurl, lib, makeWrapper
, extra-cmake-modules, kdoctools, wrapGAppsHook, wrapQtAppsHook
, kconfig, kcrash, kinit, kpmcore
-, eject, libatasmart , util-linux, qtbase
+, cryptsetup, lvm2, mdadm, smartmontools, systemdMinimal, util-linux
+, btrfs-progs, dosfstools, e2fsprogs, exfat, f2fs-tools, fatresize, hfsprogs
+, jfsutils, nilfs-utils, ntfs3g, reiser4progs, reiserfsprogs, udftools, xfsprogs, zfs
}:
let
- pname = "partitionmanager";
+ # External programs are resolved by `partition-manager` and then
+ # invoked by `kpmcore_externalcommand` from `kpmcore` as root.
+ # So these packages should be in PATH of `partition-manager`.
+ # https://github.com/KDE/kpmcore/blob/06f15334ecfbe871730a90dbe2b694ba060ee998/src/util/externalcommand_whitelist.h
+ runtimeDeps = lib.makeBinPath [
+ cryptsetup
+ lvm2
+ mdadm
+ smartmontools
+ systemdMinimal
+ util-linux
+
+ btrfs-progs
+ dosfstools
+ e2fsprogs
+ exfat
+ f2fs-tools
+ fatresize
+ hfsprogs
+ jfsutils
+ nilfs-utils
+ ntfs3g
+ reiser4progs
+ reiserfsprogs
+ udftools
+ xfsprogs
+ zfs
+
+ # FIXME: Missing command: tune.exfat hfsck hformat fsck.nilfs2 {fsck,mkfs,debugfs,tunefs}.ocfs2
+ ];
+
in mkDerivation rec {
- name = "${pname}-${version}";
- version = "3.3.1";
+ pname = "partitionmanager";
+ # NOTE: When changing this version, also change the version of `kpmcore`.
+ version = "4.2.0";
src = fetchurl {
- url = "mirror://kde/stable/${pname}/${version}/src/${name}.tar.xz";
- sha256 = "0jhggb4xksb0k0mj752n6pz0xmccnbzlp984xydqbz3hkigra1si";
+ url = "mirror://kde/stable/${pname}/${version}/src/${pname}-${version}.tar.xz";
+ hash = "sha256-6Qlt1c47Eek6TkWWBzTyBZYJ1jfhtwsC9X5q5h6IhPg=";
};
- nativeBuildInputs = [ extra-cmake-modules kdoctools wrapGAppsHook wrapQtAppsHook ];
+ nativeBuildInputs = [ extra-cmake-modules kdoctools wrapGAppsHook wrapQtAppsHook makeWrapper ];
- # refer to kpmcore for the use of eject
- buildInputs = [ eject libatasmart util-linux ];
propagatedBuildInputs = [ kconfig kcrash kinit kpmcore ];
+ postFixup = ''
+ wrapProgram $out/bin/partitionmanager \
+ --prefix PATH : "${runtimeDeps}"
+ '';
+
meta = with lib; {
description = "KDE Partition Manager";
- license = licenses.gpl2;
+ license = with licenses; [ cc-by-40 cc0 gpl3Plus lgpl3Plus mit ];
homepage = "https://www.kde.org/applications/system/kdepartitionmanager/";
- maintainers = with maintainers; [ peterhoeg ];
+ maintainers = with maintainers; [ peterhoeg oxalica ];
};
}
diff --git a/pkgs/top-level/ocaml-packages.nix b/pkgs/top-level/ocaml-packages.nix
index 8b4b56d57a4..fd8165085f0 100644
--- a/pkgs/top-level/ocaml-packages.nix
+++ b/pkgs/top-level/ocaml-packages.nix
@@ -929,7 +929,9 @@ let
ppx_bap = callPackage ../development/ocaml-modules/ppx_bap { };
- ppx_bitstring = callPackage ../development/ocaml-modules/bitstring/ppx.nix { };
+ ppx_bitstring = callPackage ../development/ocaml-modules/bitstring/ppx.nix {
+ ppxlib = ppxlib.override { version = "0.22.0"; };
+ };
ppxfind = callPackage ../development/ocaml-modules/ppxfind { };