diff --git a/maintainers/scripts/copy-tarballs.pl b/maintainers/scripts/copy-tarballs.pl index 59696a4432d..6a08eb88bf8 100755 --- a/maintainers/scripts/copy-tarballs.pl +++ b/maintainers/scripts/copy-tarballs.pl @@ -165,6 +165,20 @@ elsif (defined $expr) { my $hash = $fetch->{hash}; my $name = $fetch->{name}; + if ($hash =~ /^([a-z0-9]+)-([A-Za-z0-9+\/=]+)$/) { + $algo = $1; + $hash = `nix hash to-base16 $hash` or die; + chomp $hash; + } + + next unless $algo =~ /^[a-z0-9]+$/; + + # Convert non-SRI base-64 to base-16. + if ($hash =~ /^[A-Za-z0-9+\/=]+$/) { + $hash = `nix hash to-base16 --type '$algo' $hash` or die; + chomp $hash; + } + if (defined $ENV{DEBUG}) { print "$url $algo $hash\n"; next; @@ -184,7 +198,7 @@ elsif (defined $expr) { my $storePath = makeFixedOutputPath(0, $algo, $hash, $name); - print STDERR "mirroring $url ($storePath)...\n"; + print STDERR "mirroring $url ($storePath, $algo, $hash)...\n"; if ($dryRun) { $mirrored++; diff --git a/pkgs/applications/misc/hugo/default.nix b/pkgs/applications/misc/hugo/default.nix index b8ea6b83b90..bf5fe070cbf 100644 --- a/pkgs/applications/misc/hugo/default.nix +++ b/pkgs/applications/misc/hugo/default.nix @@ -2,16 +2,16 @@ buildGoModule rec { pname = "hugo"; - version = "0.83.1"; + version = "0.84.1"; src = fetchFromGitHub { owner = "gohugoio"; repo = pname; rev = "v${version}"; - sha256 = "sha256-c9T3a6J78uLumBTy/DgE4gbxCmEXVGKd9JyF9dyrL6g="; + sha256 = "sha256-ULZa0tepq00v2VHDR3+aYYvRfbxYKcjcltRgRmbVmRA="; }; - vendorSha256 = "sha256-ddCyMmZ5RIZWzT2RYNnSW795oR7PIRudl3QTjsXtBGk="; + vendorSha256 = "sha256-jY/g92ON5OxjuZzPHJNduXYMgPU8/0ioAYvp4iqjGnU="; doCheck = false; diff --git a/pkgs/applications/misc/taskwarrior/default.nix b/pkgs/applications/misc/taskwarrior/default.nix index ee781c75e69..812c9b72f99 100644 --- a/pkgs/applications/misc/taskwarrior/default.nix +++ b/pkgs/applications/misc/taskwarrior/default.nix @@ -6,7 +6,7 @@ stdenv.mkDerivation rec { srcs = [ (fetchurl { - url = " https://github.com/GothenburgBitFactory/taskwarrior/releases/download/v${version}/${sourceRoot}.tar.gz"; + url = "https://github.com/GothenburgBitFactory/taskwarrior/releases/download/v${version}/${sourceRoot}.tar.gz"; sha256 = "0fwnxshhlha21hlgg5z1ad01w13zm1hlmncs274y5n8i15gdfhvj"; }) (fetchurl { diff --git a/pkgs/applications/virtualization/qemu/default.nix b/pkgs/applications/virtualization/qemu/default.nix index 0a9de4eb10a..f5783c436f9 100644 --- a/pkgs/applications/virtualization/qemu/default.nix +++ b/pkgs/applications/virtualization/qemu/default.nix @@ -86,6 +86,16 @@ stdenv.mkDerivation rec { patches = [ ./fix-qemu-ga.patch ./9p-ignore-noatime.patch + (fetchpatch { + name = "CVE-2021-3545.patch"; + url = "https://gitlab.com/qemu-project/qemu/-/commit/121841b25d72d13f8cad554363138c360f1250ea.patch"; + sha256 = "13dgfd8dmxcalh2nvb68iv0kyv4xxrvpdqdxf1h3bjr4451glag1"; + }) + (fetchpatch { + name = "CVE-2021-3546.patch"; + url = "https://gitlab.com/qemu-project/qemu/-/commit/9f22893adcb02580aee5968f32baa2cd109b3ec2.patch"; + sha256 = "1vkhm9vl671y4cra60b6704339qk1h5dyyb3dfvmvpsvfyh2pm7n"; + }) ] ++ optional nixosTestRunner ./force-uid0-on-9p.patch ++ optionals stdenv.hostPlatform.isMusl [ (fetchpatch { diff --git a/pkgs/development/python-modules/warrant/default.nix b/pkgs/development/python-modules/warrant/default.nix index a4bbee43d01..8da1cf55b54 100644 --- a/pkgs/development/python-modules/warrant/default.nix +++ b/pkgs/development/python-modules/warrant/default.nix @@ -17,7 +17,7 @@ buildPythonPackage { patches = [ (fetchpatch { name = "fix-pip10-compat.patch"; - url = " https://github.com/capless/warrant/commit/ae17d17d9888b9218a8facf6f6ad0bf4adae9a12.patch"; + url = "https://github.com/capless/warrant/commit/ae17d17d9888b9218a8facf6f6ad0bf4adae9a12.patch"; sha256 = "1lvqi2qfa3kxdz05ab2lc7xnd3piyvvnz9kla2jl4pchi876z17c"; }) ];