From c8ac1ce19ededa2f28da4319b779efb2c56f9d43 Mon Sep 17 00:00:00 2001 From: Martin Weinelt Date: Tue, 30 Mar 2021 02:20:31 +0200 Subject: [PATCH 1/8] edk2: 202011 -> 202102 Fixes: CVE-2021-28210, CVE-2021-28211 --- pkgs/development/compilers/edk2/default.nix | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/pkgs/development/compilers/edk2/default.nix b/pkgs/development/compilers/edk2/default.nix index 51e0842d4be..9d1abc11af1 100644 --- a/pkgs/development/compilers/edk2/default.nix +++ b/pkgs/development/compilers/edk2/default.nix @@ -37,13 +37,13 @@ buildType = if stdenv.isDarwin then edk2 = buildStdenv.mkDerivation { pname = "edk2"; - version = "202011"; + version = "202102"; # submodules src = fetchgit { url = "https://github.com/tianocore/edk2"; rev = "edk2-stable${edk2.version}"; - sha256 = "1fvlz1z075jr6smq9qa0asy6fxga1gljcfd0764ypzy1mw963c9s"; + sha256 = "1292hfbqz4wyikdf6glqdy80n9zpy54gnfngqnyv05908hww6h82"; }; buildInputs = [ libuuid pythonEnv ]; From 2e9e1e0f6f364dfde89fcfbb1750ee2c798183e3 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Bastian=20K=C3=B6cher?= Date: Sun, 11 Apr 2021 10:37:30 +0200 Subject: [PATCH 2/8] lorri: 1.3.1 -> 1.4.0 --- pkgs/tools/misc/lorri/default.nix | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/pkgs/tools/misc/lorri/default.nix b/pkgs/tools/misc/lorri/default.nix index 9635b6b4238..c544bbd03a1 100644 --- a/pkgs/tools/misc/lorri/default.nix +++ b/pkgs/tools/misc/lorri/default.nix @@ -12,10 +12,10 @@ let # Run `eval $(nix-build -A lorri.updater)` after updating the revision! - version = "1.3.1"; - gitRev = "df83b9b175fecc8ec8b02096c5cfe2db3d00b92e"; - sha256 = "1df6p0b482vhymw3z7gimc441jr7aix9lhdbcm5wjvw9f276016f"; - cargoSha256 = "1f9b2h3zakw7qmlnc4rqhxnw80sl5h4mj8cghr82iacxwqz499ql"; + version = "1.4.0"; + gitRev = "fee4ffac9ee16fc921d413789cc059b043f2db3d"; + sha256 = "sha256:0ix0k85ywlvkxsampajkq521d290gb0n60qwhnk6j0sc55yn558h"; + cargoSha256 = "sha256:1ngn4wnyh6cjnyg7mb48zvng0zn5fcn8s75y88nh91xq9x1bi2d9"; in (rustPlatform.buildRustPackage rec { pname = "lorri"; From 6667b38ed9b9edbf0762454b57ffc16deeee6eb9 Mon Sep 17 00:00:00 2001 From: "R. RyanTM" Date: Sun, 11 Apr 2021 11:50:19 +0000 Subject: [PATCH 3/8] libsForQt5.mlt: 6.24.0 -> 6.24.0 --- pkgs/development/libraries/mlt/default.nix | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/pkgs/development/libraries/mlt/default.nix b/pkgs/development/libraries/mlt/default.nix index b45c2d92b2f..021dc1c3d95 100644 --- a/pkgs/development/libraries/mlt/default.nix +++ b/pkgs/development/libraries/mlt/default.nix @@ -6,13 +6,13 @@ stdenv.mkDerivation rec { pname = "mlt"; - version = "6.24.0"; + version = "6.26.0"; src = fetchFromGitHub { owner = "mltframework"; repo = "mlt"; rev = "v${version}"; - sha256 = "1my43ica2qax2622307dv4gn3w8hkchy643i9pq8r9yh2hd4pvs9"; + sha256 = "FPXROiX7A6oB1VMipw3slyhk7q4fO6m9amohnC67lnA="; }; buildInputs = [ From 0050708bd5fe71021b050372c8cd884671b8b7e2 Mon Sep 17 00:00:00 2001 From: "R. RyanTM" Date: Sun, 11 Apr 2021 14:58:37 +0000 Subject: [PATCH 4/8] rssguard: 3.9.0 -> 3.9.1 --- pkgs/applications/networking/feedreaders/rssguard/default.nix | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/pkgs/applications/networking/feedreaders/rssguard/default.nix b/pkgs/applications/networking/feedreaders/rssguard/default.nix index 1438d61f999..7e13408d04d 100644 --- a/pkgs/applications/networking/feedreaders/rssguard/default.nix +++ b/pkgs/applications/networking/feedreaders/rssguard/default.nix @@ -2,13 +2,13 @@ stdenv.mkDerivation rec { pname = "rssguard"; - version = "3.9.0"; + version = "3.9.1"; src = fetchFromGitHub { owner = "martinrotter"; repo = pname; rev = version; - sha256 = "sha256-pprWJIYAFYSTPhWVCW4dz3GWeAS53Vo8UXiyQ56Mwjo="; + sha256 = "sha256-zSnSCbBNySc5GQSm0O8NztCKNqdNs6bGNWL/RkmGsUw="; }; buildInputs = [ qtwebengine qttools ]; From 13c28f4f95f83867af0ef45c1cde0e33cf83e044 Mon Sep 17 00:00:00 2001 From: Peter Simons Date: Mon, 12 Apr 2021 10:40:58 +0200 Subject: [PATCH 5/8] esniper: drop broken and unmaintained package Closes https://github.com/NixOS/nixpkgs/issues/116479. --- .../networking/esniper/default.nix | 31 ------------------- .../networking/esniper/find-ca-bundle.patch | 26 ---------------- pkgs/top-level/aliases.nix | 1 + pkgs/top-level/all-packages.nix | 2 -- 4 files changed, 1 insertion(+), 59 deletions(-) delete mode 100644 pkgs/applications/networking/esniper/default.nix delete mode 100644 pkgs/applications/networking/esniper/find-ca-bundle.patch diff --git a/pkgs/applications/networking/esniper/default.nix b/pkgs/applications/networking/esniper/default.nix deleted file mode 100644 index 97b0b1f192b..00000000000 --- a/pkgs/applications/networking/esniper/default.nix +++ /dev/null @@ -1,31 +0,0 @@ -{ lib, stdenv, fetchgit, openssl, curl, coreutils, gawk, bash, which }: - -stdenv.mkDerivation { - name = "esniper-2.35.0-21-g6379846"; - - src = fetchgit { - url = "https://git.code.sf.net/p/esniper/git"; - rev = "637984623984ef36782d52d8968df7fae7bbb0a7"; - sha256 = "1md3fzs0k88f6mgvrj1yrh96mn0qlca2p6vfqj6dnpyb8pjjwp8w"; - }; - - buildInputs = [ openssl curl ]; - - # Add support for CURL_CA_BUNDLE variable. - # Fix . - patches = [ ./find-ca-bundle.patch ]; - - postInstall = '' - sed <"frontends/snipe" >"$out/bin/snipe" \ - -e "2i export PATH=\"$out/bin:${lib.makeBinPath [ coreutils gawk bash which ]}:\$PATH\"" - chmod 555 "$out/bin/snipe" - ''; - - meta = with lib; { - description = "Simple, lightweight tool for sniping eBay auctions"; - homepage = "http://esniper.sourceforge.net"; - license = licenses.gpl2; - maintainers = with maintainers; [ lovek323 peti ]; - platforms = platforms.all; - }; -} diff --git a/pkgs/applications/networking/esniper/find-ca-bundle.patch b/pkgs/applications/networking/esniper/find-ca-bundle.patch deleted file mode 100644 index e4df272a0c9..00000000000 --- a/pkgs/applications/networking/esniper/find-ca-bundle.patch +++ /dev/null @@ -1,26 +0,0 @@ -diff -ubr '--exclude=*.o' esniper-2-27-0-orig/http.c esniper-2-27-0-patched/http.c ---- esniper-2-27-0-orig/http.c 2012-02-06 22:04:06.000000000 +0100 -+++ esniper-2-27-0-patched/http.c 2012-07-27 10:54:20.893054646 +0200 -@@ -200,6 +200,9 @@ - int - initCurlStuff(void) - { -+ /* Path to OpenSSL bundle file. */ -+ const char *ssl_capath=NULL; -+ - /* list for custom headers */ - struct curl_slist *slist=NULL; - -@@ -241,6 +244,12 @@ - if ((curlrc = curl_easy_setopt(easyhandle, CURLOPT_COOKIEFILE, ""))) - return initCurlStuffFailed(); - -+ /* If the environment variable CURL_CA_BUNDLE is set, pass through its -+ * contents to curl. */ -+ if ((ssl_capath = getenv("CURL_CA_BUNDLE"))) -+ if ((curlrc = curl_easy_setopt(easyhandle, CURLOPT_CAINFO, ssl_capath))) -+ return initCurlStuffFailed(); -+ - slist = curl_slist_append(slist, "Accept: text/*"); - slist = curl_slist_append(slist, "Accept-Language: en"); - slist = curl_slist_append(slist, "Accept-Charset: iso-8859-1,*,utf-8"); diff --git a/pkgs/top-level/aliases.nix b/pkgs/top-level/aliases.nix index c1ec9f9d114..f9e470aaac0 100644 --- a/pkgs/top-level/aliases.nix +++ b/pkgs/top-level/aliases.nix @@ -179,6 +179,7 @@ mapAliases ({ emacsPackages = emacs.pkgs; # added 2020-12-18 emby = throw "The Emby derivation has been removed, see jellyfin instead for a free software fork."; # added 2019-05-01 enblendenfuse = enblend-enfuse; # 2015-09-30 + esniper = throw "esniper has been removed because upstream no longer maintains it (and it no longer works)"; # added 2021-04-12 evolution_data_server = evolution-data-server; # added 2018-02-25 etcdctl = etcd; # added 2018-04-25 exfat-utils = exfat; # 2015-09-11 diff --git a/pkgs/top-level/all-packages.nix b/pkgs/top-level/all-packages.nix index 6bca83b0bbc..5b99669220f 100644 --- a/pkgs/top-level/all-packages.nix +++ b/pkgs/top-level/all-packages.nix @@ -22580,8 +22580,6 @@ in espeakedit = callPackage ../applications/audio/espeak/edit.nix { }; - esniper = callPackage ../applications/networking/esniper { }; - eteroj.lv2 = libsForQt5.callPackage ../applications/audio/eteroj.lv2 { }; etebase-server = with python3Packages; toPythonApplication etebase-server; From 7f35119b94cf38f3931ed43c5e7a9a0929623a57 Mon Sep 17 00:00:00 2001 From: Roman Volosatovs Date: Sat, 10 Apr 2021 22:49:08 +0200 Subject: [PATCH 6/8] go_2-dev: 2020-12-08 -> 2021-03-22 --- pkgs/development/compilers/go/2-dev.nix | 10 +++--- .../compilers/go/ssl-cert-file-2-dev.patch | 35 ++++++++++++------- 2 files changed, 27 insertions(+), 18 deletions(-) diff --git a/pkgs/development/compilers/go/2-dev.nix b/pkgs/development/compilers/go/2-dev.nix index 2bdf6a4950c..21347cbd65a 100644 --- a/pkgs/development/compilers/go/2-dev.nix +++ b/pkgs/development/compilers/go/2-dev.nix @@ -39,12 +39,12 @@ in stdenv.mkDerivation rec { pname = "go2-unstable"; - version = "2020-12-08"; + version = "2021-03-22"; src = fetchgit { url = https://go.googlesource.com/go; - rev = "abe4d3dce12252ed09216eaa67b7dab8c8922537"; - sha256 = "sha256:1d46w8426148q81fvrifx9glgn402jvf29n44i8j8g1pvzkfckh6"; + rev = "a4b4db4cdeefb7b4ea5adb09073dd123846b3588"; + sha256 = "sha256:1wqqnywcrfazydi5wcg04s6zgsfh4m879vxfgacgrnigd23ynhvr"; }; # perl is used for testing go vet @@ -154,7 +154,7 @@ stdenv.mkDerivation rec { ./creds-test.patch ./go-1.9-skip-flaky-19608.patch ./go-1.9-skip-flaky-20072.patch - ./skip-external-network-tests-1.15.patch + ./skip-external-network-tests-1.16.patch ./skip-nohup-tests.patch ./skip-cgo-tests-1.15.patch ] ++ [ @@ -188,7 +188,7 @@ stdenv.mkDerivation rec { null; GOARM = toString (lib.intersectLists [(stdenv.hostPlatform.parsed.cpu.version or "")] ["5" "6" "7"]); - GO386 = 387; # from Arch: don't assume sse2 on i686 + GO386 = "softfloat"; # from Arch: don't assume sse2 on i686 CGO_ENABLED = 1; # Hopefully avoids test timeouts on Hydra GO_TEST_TIMEOUT_SCALE = 3; diff --git a/pkgs/development/compilers/go/ssl-cert-file-2-dev.patch b/pkgs/development/compilers/go/ssl-cert-file-2-dev.patch index 6146880f7a0..a5be2685998 100644 --- a/pkgs/development/compilers/go/ssl-cert-file-2-dev.patch +++ b/pkgs/development/compilers/go/ssl-cert-file-2-dev.patch @@ -1,8 +1,8 @@ -diff --git a/src/crypto/x509/root_darwin_amd64.go b/src/crypto/x509/root_darwin_amd64.go -index ce88de025e..258ecc45d1 100644 ---- a/src/crypto/x509/root_darwin_amd64.go -+++ b/src/crypto/x509/root_darwin_amd64.go -@@ -10,6 +10,7 @@ import ( +diff --git a/src/crypto/x509/root_darwin.go b/src/crypto/x509/root_darwin.go +index 05593bb105..a6a11eeec1 100644 +--- a/src/crypto/x509/root_darwin.go ++++ b/src/crypto/x509/root_darwin.go +@@ -11,6 +11,7 @@ import ( "bytes" macOS "crypto/x509/internal/macos" "fmt" @@ -10,9 +10,9 @@ index ce88de025e..258ecc45d1 100644 "os" "strings" ) -@@ -25,6 +26,14 @@ func (c *Certificate) systemVerify(opts *VerifyOptions) (chains [][]*Certificate - var loadSystemRootsWithCgo func() (*CertPool, error) - +@@ -22,6 +23,14 @@ func (c *Certificate) systemVerify(opts *VerifyOptions) (chains [][]*Certificate + } + func loadSystemRoots() (*CertPool, error) { + if file := os.Getenv("NIX_SSL_CERT_FILE"); file != "" { + data, err := ioutil.ReadFile(file) @@ -24,13 +24,21 @@ index ce88de025e..258ecc45d1 100644 + } var trustedRoots []*Certificate untrustedRoots := make(map[string]bool) - + diff --git a/src/crypto/x509/root_unix.go b/src/crypto/x509/root_unix.go -index b48e618a65..195c1ff25a 100644 +index dede825edd..ffb3caf4a4 100644 --- a/src/crypto/x509/root_unix.go +++ b/src/crypto/x509/root_unix.go -@@ -42,6 +42,13 @@ func (c *Certificate) systemVerify(opts *VerifyOptions) (chains [][]*Certificate - +@@ -9,6 +9,7 @@ package x509 + + import ( + "io/fs" ++ "io/ioutil" + "os" + "path/filepath" + "strings" +@@ -32,6 +33,13 @@ func (c *Certificate) systemVerify(opts *VerifyOptions) (chains [][]*Certificate + func loadSystemRoots() (*CertPool, error) { roots := NewCertPool() + if file := os.Getenv("NIX_SSL_CERT_FILE"); file != "" { @@ -40,6 +48,7 @@ index b48e618a65..195c1ff25a 100644 + return roots, nil + } + } - + files := certFiles if f := os.Getenv(certFileEnv); f != "" { + From a1c0d6ddbcb6d307d44b158d1056d15ad2bd05d0 Mon Sep 17 00:00:00 2001 From: "R. RyanTM" Date: Sat, 10 Apr 2021 07:34:42 +0000 Subject: [PATCH 7/8] cri-tools: 1.20.0 -> 1.21.0 --- pkgs/tools/virtualization/cri-tools/default.nix | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/pkgs/tools/virtualization/cri-tools/default.nix b/pkgs/tools/virtualization/cri-tools/default.nix index 6e29a5a8d83..637ff51317f 100644 --- a/pkgs/tools/virtualization/cri-tools/default.nix +++ b/pkgs/tools/virtualization/cri-tools/default.nix @@ -6,13 +6,13 @@ buildGoModule rec { pname = "cri-tools"; - version = "1.20.0"; + version = "1.21.0"; src = fetchFromGitHub { owner = "kubernetes-sigs"; repo = pname; rev = "v${version}"; - sha256 = "sha256-fU3g0m2drUsa2Jyz+QYXi4xWTOLINGsDw3dKcesAkkE="; + sha256 = "sha256-chU7qNapmM4Gm8lYcdUreg1ZP93UM0LpIEk+w5cutlg="; }; vendorSha256 = null; From c87714a0404511cb13a156ec8eda1b455fe754c1 Mon Sep 17 00:00:00 2001 From: Vincent Laporte Date: Mon, 5 Apr 2021 15:17:16 +0200 Subject: [PATCH 8/8] =?UTF-8?q?coqPackages.stdpp:=201.4.0=20=E2=86=92=201.?= =?UTF-8?q?5.0?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit coqPackages.iris: 3.3.0 → 3.4.0 --- pkgs/development/coq-modules/iris/default.nix | 6 +++++- pkgs/development/coq-modules/stdpp/default.nix | 6 +++++- 2 files changed, 10 insertions(+), 2 deletions(-) diff --git a/pkgs/development/coq-modules/iris/default.nix b/pkgs/development/coq-modules/iris/default.nix index b46383fa167..d2d9870f320 100644 --- a/pkgs/development/coq-modules/iris/default.nix +++ b/pkgs/development/coq-modules/iris/default.nix @@ -5,7 +5,11 @@ with lib; mkCoqDerivation rec { domain = "gitlab.mpi-sws.org"; owner = "iris"; inherit version; - defaultVersion = if versions.range "8.9" "8.12" coq.coq-version then "3.3.0" else null; + defaultVersion = with versions; switch coq.coq-version [ + { case = isGe "8.11"; out = "3.4.0"; } + { case = range "8.9" "8.11"; out = "3.3.0"; } + ] null; + release."3.4.0".sha256 = "0vdc2mdqn5jjd6yz028c0c6blzrvpl0c7apx6xas7ll60136slrb"; release."3.3.0".sha256 = "0az4gkp5m8sq0p73dlh0r7ckkzhk7zkg5bndw01bdsy5ywj0vilp"; releaseRev = v: "iris-${v}"; diff --git a/pkgs/development/coq-modules/stdpp/default.nix b/pkgs/development/coq-modules/stdpp/default.nix index 2caafa9cc55..604a3f48f87 100644 --- a/pkgs/development/coq-modules/stdpp/default.nix +++ b/pkgs/development/coq-modules/stdpp/default.nix @@ -5,7 +5,11 @@ with lib; mkCoqDerivation rec { inherit version; domain = "gitlab.mpi-sws.org"; owner = "iris"; - defaultVersion = if versions.range "8.8" "8.12" coq.coq-version then "1.4.0" else null; + defaultVersion = with versions; switch coq.coq-version [ + { case = isGe "8.11"; out = "1.5.0"; } + { case = range "8.8" "8.11"; out = "1.4.0"; } + ] null; + release."1.5.0".sha256 = "1ym0fy620imah89p8b6rii8clx2vmnwcrbwxl3630h24k42092nf"; release."1.4.0".sha256 = "1m6c7ibwc99jd4cv14v3r327spnfvdf3x2mnq51f9rz99rffk68r"; releaseRev = v: "coq-stdpp-${v}";