From 10030672ab9ab4cd961e414b7026f78d94c6ecc9 Mon Sep 17 00:00:00 2001 From: Adam Joseph Date: Mon, 6 Jun 2022 11:26:46 -0700 Subject: [PATCH 001/132] stdenv/cross: remove now-redundant `file` nativeBuildInput on mingw Since 97c43828fb7e016b4ee8fe434bc4d5e0b8a8b4be the `file` package has been part of stdenv, and no longer needs to be listed explicitly as a build input. Let's remove the platform-specific inclusion for mingw64 as suggested by @mehmooda: https://github.com/NixOS/nixpkgs/pull/168413#issuecomment-1147370500 I traced the line removed by this commit through the `git blame`; it was initially added in this commit (and then shuffled around a few dozen times by refactorings): https://github.com/NixOS/nixpkgs/commit/8b292a1b355e8e7f6e7a2cf439ab777bdae30422 The commit message indicates that `libpng-1.6.20` was current at the time. Although there are [libpng archives](https://github.com/glennrp/libpng) available in git form, the older versions don't have their autoconfery vendored in, so I can't link to them. Fortunately the relevant bit hasn't changed since then: https://github.com/glennrp/libpng/blob/a37d4836519517bdce6cb9d956092321eca3e73b/configure#L5575 ``` mingw* | pw32*) # Base MSYS/MinGW do not provide the 'file' command needed by # func_win32_libid shell function, so use a weaker test based on 'objdump', # unless we find 'file', for example because we are cross-compiling. if ( file / ) >/dev/null 2>&1; then lt_cv_deplibs_check_method='file_magic ^x86 archive import|^x86 DLL' lt_cv_file_magic_cmd='func_win32_libid' else # Keep this pattern in sync with the one in func_win32_libid. lt_cv_deplibs_check_method='file_magic file format (pei*-i386(.*architecture: i386)?|pe-arm-wince|pe-x86-64)' lt_cv_file_magic_cmd='$OBJDUMP -f' fi ;; ``` --- pkgs/stdenv/cross/default.nix | 3 --- 1 file changed, 3 deletions(-) diff --git a/pkgs/stdenv/cross/default.nix b/pkgs/stdenv/cross/default.nix index e01ac74599ae..bf410ec0a684 100644 --- a/pkgs/stdenv/cross/default.nix +++ b/pkgs/stdenv/cross/default.nix @@ -83,9 +83,6 @@ in lib.init bootStages ++ [ (let f = p: !p.isx86 || builtins.elem p.libc [ "musl" "wasilibc" "relibc" ] || p.isiOS || p.isGenode; in f hostPlatform && !(f buildPlatform) ) buildPackages.updateAutotoolsGnuConfigScriptsHook - # without proper `file` command, libtool sometimes fails - # to recognize 64-bit DLLs - ++ lib.optional (hostPlatform.config == "x86_64-w64-mingw32") buildPackages.file ; })); }) From ae45c235fae586c6da092e3e0d56c52be1b183b3 Mon Sep 17 00:00:00 2001 From: Michal Sojka Date: Sun, 17 Jul 2022 23:44:52 +0200 Subject: [PATCH 002/132] multiple-output.sh: fix moveToOutput comment The comment suggested that "{foo,bar}" is a supported pattern, which is not true. "{foo,bar}" is only understood by brace expansion but the code performs only globbing. We replace the comment with "[abc]", which is a correct example of globbing. --- pkgs/build-support/setup-hooks/multiple-outputs.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/pkgs/build-support/setup-hooks/multiple-outputs.sh b/pkgs/build-support/setup-hooks/multiple-outputs.sh index bfa47e3b20e1..881cf6c90f48 100644 --- a/pkgs/build-support/setup-hooks/multiple-outputs.sh +++ b/pkgs/build-support/setup-hooks/multiple-outputs.sh @@ -88,7 +88,7 @@ NIX_NO_SELF_RPATH=1 # Move subpaths that match pattern $1 from under any output/ to the $2 output/ -# Beware: only globbing patterns are accepted, e.g.: * ? {foo,bar} +# Beware: only globbing patterns are accepted, e.g.: * ? [abc] # A special target "REMOVE" is allowed: moveToOutput foo REMOVE moveToOutput() { local patt="$1" From 2846812404b9948828129f9ddfe417015335b964 Mon Sep 17 00:00:00 2001 From: "R. Ryantm" Date: Fri, 14 Oct 2022 02:09:08 +0000 Subject: [PATCH 003/132] iproute2: 5.19.0 -> 6.0.0 --- pkgs/os-specific/linux/iproute/default.nix | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/pkgs/os-specific/linux/iproute/default.nix b/pkgs/os-specific/linux/iproute/default.nix index 87c5c91ecea0..89c191cb7f35 100644 --- a/pkgs/os-specific/linux/iproute/default.nix +++ b/pkgs/os-specific/linux/iproute/default.nix @@ -6,11 +6,11 @@ stdenv.mkDerivation rec { pname = "iproute2"; - version = "5.19.0"; + version = "6.0.0"; src = fetchurl { url = "mirror://kernel/linux/utils/net/${pname}/${pname}-${version}.tar.xz"; - sha256 = "JrejTWp/0vekLis5xakMthusUi0QlgZ//rGV5Wk9d5E="; + sha256 = "UjE56ecq7JljdPot50vkxT0t0FWJSIk00h/5e64ZWAo="; }; patches = [ From 2e38eee4a16e1bc2dcfd23e76585806fd4e39d64 Mon Sep 17 00:00:00 2001 From: Zhaofeng Li Date: Fri, 21 Oct 2022 18:23:37 -0600 Subject: [PATCH 004/132] graphite2: Remove libgcc It doesn't seem to be needed. --- pkgs/development/libraries/silgraphite/graphite2.nix | 5 +---- 1 file changed, 1 insertion(+), 4 deletions(-) diff --git a/pkgs/development/libraries/silgraphite/graphite2.nix b/pkgs/development/libraries/silgraphite/graphite2.nix index a29706aefc48..41c0c3217a49 100644 --- a/pkgs/development/libraries/silgraphite/graphite2.nix +++ b/pkgs/development/libraries/silgraphite/graphite2.nix @@ -5,7 +5,6 @@ , freetype , cmake , static ? stdenv.hostPlatform.isStatic -, libgcc }: stdenv.mkDerivation rec { @@ -19,9 +18,7 @@ stdenv.mkDerivation rec { }; nativeBuildInputs = [ pkg-config cmake ]; - buildInputs = [ freetype ] - # On aarch64-darwin libgcc won't even build currently, and it doesn't seem needed. - ++ lib.optionals (with stdenv; !cc.isGNU && !(isDarwin && isAarch64)) [ libgcc ]; + buildInputs = [ freetype ]; patches = lib.optionals stdenv.isDarwin [ ./macosx.patch ]; From 4a0d1650c9b020fdb0fcbf4644165f2a8c4918cb Mon Sep 17 00:00:00 2001 From: "R. Ryantm" Date: Wed, 26 Oct 2022 04:23:24 +0000 Subject: [PATCH 005/132] valgrind: 3.19.0 -> 3.20.0 --- pkgs/development/tools/analysis/valgrind/default.nix | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/pkgs/development/tools/analysis/valgrind/default.nix b/pkgs/development/tools/analysis/valgrind/default.nix index e602339303f7..25a7211ef49d 100644 --- a/pkgs/development/tools/analysis/valgrind/default.nix +++ b/pkgs/development/tools/analysis/valgrind/default.nix @@ -6,11 +6,11 @@ stdenv.mkDerivation rec { pname = "valgrind"; - version = "3.19.0"; + version = "3.20.0"; src = fetchurl { url = "https://sourceware.org/pub/${pname}/${pname}-${version}.tar.bz2"; - sha256 = "sha256-3V40SG8aSD/3vnMAzBa01rJGkJh4d8MnjXl1NNZzjwI="; + sha256 = "sha256-hTbAMdvgeNNC8SH6iBqezSBctaeOY5AFrVcAEb2588Y="; }; patches = [ From dd8a4975aa2ceec5a6cc56db4cdab33f099d5b8c Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Sandro=20J=C3=A4ckel?= Date: Fri, 14 Oct 2022 21:03:59 +0200 Subject: [PATCH 006/132] gd: remove null overwrites Overwriting packages to null is bad style --- pkgs/top-level/all-packages.nix | 2 -- 1 file changed, 2 deletions(-) diff --git a/pkgs/top-level/all-packages.nix b/pkgs/top-level/all-packages.nix index dce53cf1e09d..757bb68f6188 100644 --- a/pkgs/top-level/all-packages.nix +++ b/pkgs/top-level/all-packages.nix @@ -18662,8 +18662,6 @@ with pkgs; gd = callPackage ../development/libraries/gd { automake = automake115x; - libtiff = null; - libXpm = null; }; gdal = callPackage ../development/libraries/gdal { From ddb5ea3e6989a1c1128dc4642771dbe53a7b5293 Mon Sep 17 00:00:00 2001 From: Zhaofeng Li Date: Tue, 18 Oct 2022 03:27:24 -0600 Subject: [PATCH 007/132] gcc11: Update back to 11.3 on Darwin --- pkgs/development/compilers/gcc/11/default.nix | 24 ++++++++----------- 1 file changed, 10 insertions(+), 14 deletions(-) diff --git a/pkgs/development/compilers/gcc/11/default.nix b/pkgs/development/compilers/gcc/11/default.nix index 3b03e185dd86..edfc5c7614a0 100644 --- a/pkgs/development/compilers/gcc/11/default.nix +++ b/pkgs/development/compilers/gcc/11/default.nix @@ -47,13 +47,7 @@ with lib; with builtins; let majorVersion = "11"; - # The patch below for aarch64-darwin does not apply to 11.3.0 and an - # updated version is not available. Keep aarch64-darwin on 11.2.0 so the - # large body of packages which depend on gfortran are still functional - # until GCC 12 is the default. - # On x86_64-darwin, building libgcc suffers from some different issues with 11.3.0. - version = if stdenv.isDarwin then - "${majorVersion}.2.0" else "${majorVersion}.3.0"; + version = "${majorVersion}.3.0"; inherit (stdenv) buildPlatform hostPlatform targetPlatform; @@ -70,10 +64,14 @@ let majorVersion = "11"; ++ optional langFortran ../gfortran-driving.patch ++ optional (targetPlatform.libc == "musl" && targetPlatform.isPower) ../ppc-musl.patch - ++ optional (stdenv.isDarwin && stdenv.isAarch64) (fetchpatch { - url = "https://github.com/fxcoudert/gcc/compare/releases/gcc-11.2.0...gcc-11.2.0-arm-20211201.diff"; - sha256 = "sha256-z62s/cXuH9Kgq/oD/OiiZ8LWnX1xl1D43sONnwaEW1w="; - }) + ++ optionals stdenv.isDarwin [ + (fetchpatch { + # There are no upstream release tags in https://github.com/iains/gcc-11-branch. + # 2d280e7 is the commit from https://github.com/gcc-mirror/gcc/releases/tag/releases%2Fgcc-11.3.0 + url = "https://github.com/iains/gcc-11-branch/compare/2d280e7eafc086e9df85f50ed1a6526d6a3a204d..gcc-11.3-darwin-r2.diff"; + sha256 = "sha256-LFAXUEoYD7YeCG8V9mWanygyQOI7U5OhCRIKOVCCDAg="; + }) + ] # Obtain latest patch with ../update-mcfgthread-patches.sh ++ optional (!crossStageStatic && targetPlatform.isMinGW) ./Added-mcf-thread-model-support-from-mcfgthread.patch; @@ -93,9 +91,7 @@ stdenv.mkDerivation ({ src = fetchurl { url = "mirror://gcc/releases/gcc-${version}/gcc-${version}.tar.xz"; - sha256 = if stdenv.isDarwin - then "sha256-0I7cU2tUw3KhAQ/2YZ3SdMDxYDqkkhK6IPeqLNo2+os=" - else "sha256-tHzygYaR9bHiHfK7OMeV+sLPvWQO3i0KXhyJ4zijrDk="; + sha256 = "sha256-tHzygYaR9bHiHfK7OMeV+sLPvWQO3i0KXhyJ4zijrDk="; }; inherit patches; From 2c38b02598ff1fb6109797e02483d7fe95c78c18 Mon Sep 17 00:00:00 2001 From: Gabriel Arazas Date: Sun, 30 Oct 2022 15:28:17 +0800 Subject: [PATCH 008/132] autoconf-archive: 2022.02.11 -> 2022.09.03 --- pkgs/development/tools/misc/autoconf-archive/default.nix | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/pkgs/development/tools/misc/autoconf-archive/default.nix b/pkgs/development/tools/misc/autoconf-archive/default.nix index 318daf9e599d..9b5ca5de570f 100644 --- a/pkgs/development/tools/misc/autoconf-archive/default.nix +++ b/pkgs/development/tools/misc/autoconf-archive/default.nix @@ -2,11 +2,11 @@ stdenv.mkDerivation rec { pname = "autoconf-archive"; - version = "2022.02.11"; + version = "2022.09.03"; src = fetchurl { url = "mirror://gnu/autoconf-archive/autoconf-archive-${version}.tar.xz"; - sha256 = "sha256-eKYbYR4u61WongOY4M44e8r1f+LdU8b+QnEw93etHow="; + sha256 = "sha256-4HRU8A2MrnkHvtQtB0d5iSeAmUdoTZTDcgek1joy9CM="; }; strictDeps = true; From 8c7c33237bb551bb99ab604539d4596502fa13b7 Mon Sep 17 00:00:00 2001 From: Aaron Jheng Date: Fri, 4 Nov 2022 11:55:46 +0000 Subject: [PATCH 009/132] procps: 3.3.16 -> 3.3.17 --- pkgs/os-specific/linux/procps-ng/default.nix | 13 ++----------- 1 file changed, 2 insertions(+), 11 deletions(-) diff --git a/pkgs/os-specific/linux/procps-ng/default.nix b/pkgs/os-specific/linux/procps-ng/default.nix index 1d19d9151175..503521b9a7a1 100644 --- a/pkgs/os-specific/linux/procps-ng/default.nix +++ b/pkgs/os-specific/linux/procps-ng/default.nix @@ -1,7 +1,6 @@ { lib , stdenv , fetchurl -, fetchpatch , ncurses , pkg-config @@ -19,22 +18,14 @@ stdenv.mkDerivation rec { pname = "procps"; - version = "3.3.16"; + version = "3.3.17"; # The project's releases are on SF, but git repo on gitlab. src = fetchurl { url = "mirror://sourceforge/procps-ng/procps-ng-${version}.tar.xz"; - sha256 = "1br0g93ysqhlv13i1k4lfbimsgxnpy5rgs4lxfc9rkzdbpbaqplj"; + sha256 = "sha256-RRiz56r9NOwH0AY9JQ/UdJmbILIAIYw65W9dIRPxQbQ="; }; - patches = [ - (fetchpatch { - url = "https://gitlab.com/procps-ng/procps/-/commit/bb96fc42956c9ed926a1b958ab715f8b4a663dec.diff"; - sha256 = "0fzsb6ns3fvrszyzsz28qvbmcn135ilr4nwh2z1a0vlpl2fw961z"; - name = "sysconf-argmax-sanity.patch"; - }) - ]; - buildInputs = [ ncurses ] ++ lib.optional withSystemd systemd; nativeBuildInputs = [ pkg-config ]; From ad5aecbb6b1f0da2c1e0cfda1d4e7bcd48e051ff Mon Sep 17 00:00:00 2001 From: Vincent Bernat Date: Sun, 6 Nov 2022 12:56:47 +0100 Subject: [PATCH 010/132] llvmpackages: patch shebangs for python subpackages MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Notably, "git-clang-format" fails with: /usr/bin/env: ‘python’: No such file or directory --- pkgs/development/compilers/llvm/10/clang/default.nix | 1 + pkgs/development/compilers/llvm/11/clang/default.nix | 1 + pkgs/development/compilers/llvm/12/clang/default.nix | 1 + pkgs/development/compilers/llvm/13/clang/default.nix | 1 + pkgs/development/compilers/llvm/14/clang/default.nix | 1 + pkgs/development/compilers/llvm/5/clang/default.nix | 1 + pkgs/development/compilers/llvm/6/clang/default.nix | 1 + pkgs/development/compilers/llvm/7/clang/default.nix | 1 + pkgs/development/compilers/llvm/8/clang/default.nix | 1 + pkgs/development/compilers/llvm/9/clang/default.nix | 1 + pkgs/development/compilers/llvm/git/clang/default.nix | 1 + 11 files changed, 11 insertions(+) diff --git a/pkgs/development/compilers/llvm/10/clang/default.nix b/pkgs/development/compilers/llvm/10/clang/default.nix index 5336e4ea35a3..ae4299e4ac06 100644 --- a/pkgs/development/compilers/llvm/10/clang/default.nix +++ b/pkgs/development/compilers/llvm/10/clang/default.nix @@ -84,6 +84,7 @@ let fi mv $out/share/clang/*.py $python/share/clang rm $out/bin/c-index-test + patchShebangs $python/bin mkdir -p $dev/bin cp bin/clang-tblgen $dev/bin diff --git a/pkgs/development/compilers/llvm/11/clang/default.nix b/pkgs/development/compilers/llvm/11/clang/default.nix index 4bcdb3ca78b4..0143cb0dfb1f 100644 --- a/pkgs/development/compilers/llvm/11/clang/default.nix +++ b/pkgs/development/compilers/llvm/11/clang/default.nix @@ -89,6 +89,7 @@ let fi mv $out/share/clang/*.py $python/share/clang rm $out/bin/c-index-test + patchShebangs $python/bin mkdir -p $dev/bin cp bin/clang-tblgen $dev/bin diff --git a/pkgs/development/compilers/llvm/12/clang/default.nix b/pkgs/development/compilers/llvm/12/clang/default.nix index 0f1e160bbce8..e6b6589591c0 100644 --- a/pkgs/development/compilers/llvm/12/clang/default.nix +++ b/pkgs/development/compilers/llvm/12/clang/default.nix @@ -83,6 +83,7 @@ let fi mv $out/share/clang/*.py $python/share/clang rm $out/bin/c-index-test + patchShebangs $python/bin mkdir -p $dev/bin cp bin/clang-tblgen $dev/bin diff --git a/pkgs/development/compilers/llvm/13/clang/default.nix b/pkgs/development/compilers/llvm/13/clang/default.nix index 62b9e0470a61..8b95d68cee8e 100644 --- a/pkgs/development/compilers/llvm/13/clang/default.nix +++ b/pkgs/development/compilers/llvm/13/clang/default.nix @@ -77,6 +77,7 @@ let fi mv $out/share/clang/*.py $python/share/clang rm $out/bin/c-index-test + patchShebangs $python/bin mkdir -p $dev/bin cp bin/clang-tblgen $dev/bin diff --git a/pkgs/development/compilers/llvm/14/clang/default.nix b/pkgs/development/compilers/llvm/14/clang/default.nix index 6b775efcc039..339ea9e49c5b 100644 --- a/pkgs/development/compilers/llvm/14/clang/default.nix +++ b/pkgs/development/compilers/llvm/14/clang/default.nix @@ -80,6 +80,7 @@ let fi mv $out/share/clang/*.py $python/share/clang rm $out/bin/c-index-test + patchShebangs $python/bin mkdir -p $dev/bin cp bin/clang-tblgen $dev/bin diff --git a/pkgs/development/compilers/llvm/5/clang/default.nix b/pkgs/development/compilers/llvm/5/clang/default.nix index df3d26139866..ddef3d414cc6 100644 --- a/pkgs/development/compilers/llvm/5/clang/default.nix +++ b/pkgs/development/compilers/llvm/5/clang/default.nix @@ -77,6 +77,7 @@ let fi mv $out/share/clang/*.py $python/share/clang rm $out/bin/c-index-test + patchShebangs $python/bin mkdir -p $dev/bin cp bin/clang-tblgen $dev/bin diff --git a/pkgs/development/compilers/llvm/6/clang/default.nix b/pkgs/development/compilers/llvm/6/clang/default.nix index ee8859c159a1..835d36ae2cd7 100644 --- a/pkgs/development/compilers/llvm/6/clang/default.nix +++ b/pkgs/development/compilers/llvm/6/clang/default.nix @@ -77,6 +77,7 @@ let fi mv $out/share/clang/*.py $python/share/clang rm $out/bin/c-index-test + patchShebangs $python/bin mkdir -p $dev/bin cp bin/clang-tblgen $dev/bin diff --git a/pkgs/development/compilers/llvm/7/clang/default.nix b/pkgs/development/compilers/llvm/7/clang/default.nix index afa1669ace61..20c5d78c2666 100644 --- a/pkgs/development/compilers/llvm/7/clang/default.nix +++ b/pkgs/development/compilers/llvm/7/clang/default.nix @@ -89,6 +89,7 @@ let fi mv $out/share/clang/*.py $python/share/clang rm $out/bin/c-index-test + patchShebangs $python/bin mkdir -p $dev/bin cp bin/clang-tblgen $dev/bin diff --git a/pkgs/development/compilers/llvm/8/clang/default.nix b/pkgs/development/compilers/llvm/8/clang/default.nix index 1d6a5b7d74df..f136dcfbd596 100644 --- a/pkgs/development/compilers/llvm/8/clang/default.nix +++ b/pkgs/development/compilers/llvm/8/clang/default.nix @@ -95,6 +95,7 @@ let fi mv $out/share/clang/*.py $python/share/clang rm $out/bin/c-index-test + patchShebangs $python/bin mkdir -p $dev/bin cp bin/clang-tblgen $dev/bin diff --git a/pkgs/development/compilers/llvm/9/clang/default.nix b/pkgs/development/compilers/llvm/9/clang/default.nix index ee124b43bfce..541f394d3118 100644 --- a/pkgs/development/compilers/llvm/9/clang/default.nix +++ b/pkgs/development/compilers/llvm/9/clang/default.nix @@ -90,6 +90,7 @@ let fi mv $out/share/clang/*.py $python/share/clang rm $out/bin/c-index-test + patchShebangs $python/bin mkdir -p $dev/bin cp bin/clang-tblgen $dev/bin diff --git a/pkgs/development/compilers/llvm/git/clang/default.nix b/pkgs/development/compilers/llvm/git/clang/default.nix index 3df0e5042b8d..3e8476e56801 100644 --- a/pkgs/development/compilers/llvm/git/clang/default.nix +++ b/pkgs/development/compilers/llvm/git/clang/default.nix @@ -81,6 +81,7 @@ let fi mv $out/share/clang/*.py $python/share/clang rm $out/bin/c-index-test + patchShebangs $python/bin mkdir -p $dev/bin cp bin/clang-tblgen $dev/bin From c100d631369a4279fa99a87b8d9563a8b13d4ab8 Mon Sep 17 00:00:00 2001 From: Zane van Iperen Date: Mon, 24 Oct 2022 19:23:35 +1000 Subject: [PATCH 011/132] navidrome: depend on ffmpeg-headless explicitly --- pkgs/servers/misc/navidrome/default.nix | 4 ++-- pkgs/top-level/all-packages.nix | 4 +--- 2 files changed, 3 insertions(+), 5 deletions(-) diff --git a/pkgs/servers/misc/navidrome/default.nix b/pkgs/servers/misc/navidrome/default.nix index 0833a1ec1a64..8c63b0fb940d 100644 --- a/pkgs/servers/misc/navidrome/default.nix +++ b/pkgs/servers/misc/navidrome/default.nix @@ -4,7 +4,7 @@ , lib , pkg-config , stdenv -, ffmpeg +, ffmpeg-headless , taglib , zlib , makeWrapper @@ -54,7 +54,7 @@ buildGoModule { postFixup = lib.optionalString ffmpegSupport '' wrapProgram $out/bin/navidrome \ - --prefix PATH : ${lib.makeBinPath [ ffmpeg ]} + --prefix PATH : ${lib.makeBinPath [ ffmpeg-headless ]} ''; passthru = { diff --git a/pkgs/top-level/all-packages.nix b/pkgs/top-level/all-packages.nix index 33565644aa3b..6fd78c323b92 100644 --- a/pkgs/top-level/all-packages.nix +++ b/pkgs/top-level/all-packages.nix @@ -37934,9 +37934,7 @@ with pkgs; gpio-utils = callPackage ../os-specific/linux/kernel/gpio-utils.nix { }; - navidrome = callPackage ../servers/misc/navidrome { - ffmpeg = ffmpeg-headless; - }; + navidrome = callPackage ../servers/misc/navidrome { }; zalgo = callPackage ../tools/misc/zalgo { }; From e64d154cb0c62a4f544db05b6f37c5adaaebb7f5 Mon Sep 17 00:00:00 2001 From: Zane van Iperen Date: Mon, 24 Oct 2022 19:24:19 +1000 Subject: [PATCH 012/132] unpaper: depend on ffmpeg_5-headless explicitly --- pkgs/tools/graphics/unpaper/default.nix | 4 ++-- pkgs/top-level/all-packages.nix | 4 +--- 2 files changed, 3 insertions(+), 5 deletions(-) diff --git a/pkgs/tools/graphics/unpaper/default.nix b/pkgs/tools/graphics/unpaper/default.nix index 72c63d6cfd2c..b7fe0f6955ca 100644 --- a/pkgs/tools/graphics/unpaper/default.nix +++ b/pkgs/tools/graphics/unpaper/default.nix @@ -12,7 +12,7 @@ # runtime , buildPackages -, ffmpeg_5 +, ffmpeg_5-headless # tests , nixosTests @@ -41,7 +41,7 @@ stdenv.mkDerivation rec { ]; buildInputs = [ - ffmpeg_5 + ffmpeg_5-headless ]; passthru.tests = { diff --git a/pkgs/top-level/all-packages.nix b/pkgs/top-level/all-packages.nix index 6fd78c323b92..97b0e4695d4f 100644 --- a/pkgs/top-level/all-packages.nix +++ b/pkgs/top-level/all-packages.nix @@ -32496,9 +32496,7 @@ with pkgs; enableX11 = config.unison.enableX11 or true; }; - unpaper = callPackage ../tools/graphics/unpaper { - ffmpeg_5 = ffmpeg_5-headless; - }; + unpaper = callPackage ../tools/graphics/unpaper { }; unison-ucm = callPackage ../development/compilers/unison { }; From c4cea0389b2ece8ffaafe6cd92b0aa6a72fa4309 Mon Sep 17 00:00:00 2001 From: Zane van Iperen Date: Sun, 23 Oct 2022 11:37:54 +1000 Subject: [PATCH 013/132] nixos/no-x-libs: use headless ffmpeg variants --- nixos/modules/config/no-x-libs.nix | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/nixos/modules/config/no-x-libs.nix b/nixos/modules/config/no-x-libs.nix index 946c9bf38c47..4e1d57cc4835 100644 --- a/nixos/modules/config/no-x-libs.nix +++ b/nixos/modules/config/no-x-libs.nix @@ -30,8 +30,8 @@ with lib; beam = super.beam_nox; cairo = super.cairo.override { x11Support = false; }; dbus = super.dbus.override { x11Support = false; }; - ffmpeg_4 = super.ffmpeg_4.override { sdlSupport = false; vdpauSupport = false; }; - ffmpeg_5 = super.ffmpeg_5.override { sdlSupport = false; vdpauSupport = false; }; + ffmpeg_4 = super.ffmpeg_4-headless; + ffmpeg_5 = super.ffmpeg_5-headless; gobject-introspection = super.gobject-introspection.override { x11Support = false; }; libva = super.libva-minimal; networkmanager-fortisslvpn = super.networkmanager-fortisslvpn.override { withGnome = false; }; From 8a1506d06460138757984ec9ada9c4a60c673e15 Mon Sep 17 00:00:00 2001 From: Zane van Iperen Date: Mon, 24 Oct 2022 19:25:59 +1000 Subject: [PATCH 014/132] ffmpegthumbnailer: switch to ffmpeg-headless --- pkgs/development/libraries/ffmpegthumbnailer/default.nix | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/pkgs/development/libraries/ffmpegthumbnailer/default.nix b/pkgs/development/libraries/ffmpegthumbnailer/default.nix index bfe8f80032dd..eb1251987ad9 100644 --- a/pkgs/development/libraries/ffmpegthumbnailer/default.nix +++ b/pkgs/development/libraries/ffmpegthumbnailer/default.nix @@ -1,4 +1,4 @@ -{ fetchFromGitHub, lib, stdenv, ffmpeg, cmake, libpng, pkg-config, libjpeg +{ fetchFromGitHub, lib, stdenv, ffmpeg-headless, cmake, libpng, pkg-config, libjpeg }: stdenv.mkDerivation rec { @@ -13,7 +13,7 @@ stdenv.mkDerivation rec { }; nativeBuildInputs = [ cmake pkg-config ]; - buildInputs = [ ffmpeg libpng libjpeg ]; + buildInputs = [ ffmpeg-headless libpng libjpeg ]; cmakeFlags = [ "-DENABLE_THUMBNAILER=ON" ]; # https://github.com/dirkvdb/ffmpegthumbnailer/issues/215 From 58211b7b139e6692c4eb53057b5a75b2964433e8 Mon Sep 17 00:00:00 2001 From: Zane van Iperen Date: Tue, 8 Nov 2022 00:13:11 +1000 Subject: [PATCH 015/132] ffmpegthumbnailer: allow build on unix platforms Switching to ffmpeg-headless allows building on Darwin. --- pkgs/development/libraries/ffmpegthumbnailer/default.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/pkgs/development/libraries/ffmpegthumbnailer/default.nix b/pkgs/development/libraries/ffmpegthumbnailer/default.nix index eb1251987ad9..381bb7b2984c 100644 --- a/pkgs/development/libraries/ffmpegthumbnailer/default.nix +++ b/pkgs/development/libraries/ffmpegthumbnailer/default.nix @@ -33,7 +33,7 @@ stdenv.mkDerivation rec { This thumbnailer was designed to be as fast and lightweight as possible. The only dependencies are ffmpeg and libpng. "; - platforms = platforms.linux; + platforms = platforms.unix; license = licenses.gpl2Plus; maintainers = [ maintainers.jagajaga ]; }; From 0cf541b3dd0bd7dffdeec4b2b93a7655b5549d34 Mon Sep 17 00:00:00 2001 From: Zane van Iperen Date: Mon, 24 Oct 2022 19:28:03 +1000 Subject: [PATCH 016/132] pipewire: use ffmpeg-headless --- pkgs/top-level/all-packages.nix | 10 ++++------ 1 file changed, 4 insertions(+), 6 deletions(-) diff --git a/pkgs/top-level/all-packages.nix b/pkgs/top-level/all-packages.nix index 97b0e4695d4f..53f0b5624d9e 100644 --- a/pkgs/top-level/all-packages.nix +++ b/pkgs/top-level/all-packages.nix @@ -15875,12 +15875,10 @@ with pkgs; pipewire = callPackage ../development/libraries/pipewire { # ffmpeg depends on SDL2 which depends on pipewire by default. - # Break the cycle by disabling pipewire support in our ffmpeg. - ffmpeg = ffmpeg.override { - SDL2 = SDL2.override { - pipewireSupport = false; - }; - }; + # Break the cycle by depending on ffmpeg-headless. + # Pipewire only uses libavcodec (via an SPA plugin), which isn't + # affected by the *-headless changes. + ffmpeg = ffmpeg-headless; }; pipewire-media-session = callPackage ../development/libraries/pipewire/media-session.nix {}; From 5900f3205e1632e931bb9d18023db090e02f2055 Mon Sep 17 00:00:00 2001 From: Zane van Iperen Date: Sat, 5 Nov 2022 12:53:03 +1000 Subject: [PATCH 017/132] cyanrip: use ffmpeg-headless --- pkgs/applications/audio/cyanrip/default.nix | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/pkgs/applications/audio/cyanrip/default.nix b/pkgs/applications/audio/cyanrip/default.nix index 4f3a5a08af2e..358c769ea07c 100644 --- a/pkgs/applications/audio/cyanrip/default.nix +++ b/pkgs/applications/audio/cyanrip/default.nix @@ -4,7 +4,7 @@ , meson , ninja , pkg-config -, ffmpeg +, ffmpeg-headless , libcdio , libcdio-paranoia , libmusicbrainz5 @@ -22,7 +22,7 @@ stdenv.mkDerivation rec { }; nativeBuildInputs = [ meson ninja pkg-config ]; - buildInputs = [ ffmpeg libcdio libcdio-paranoia libmusicbrainz5 curl ]; + buildInputs = [ ffmpeg-headless libcdio libcdio-paranoia libmusicbrainz5 curl ]; meta = with lib; { homepage = "https://github.com/cyanreg/cyanrip"; From e7bce809ef956ab9b8cd58976ea511def621b07a Mon Sep 17 00:00:00 2001 From: Zane van Iperen Date: Sun, 6 Nov 2022 23:24:26 +1000 Subject: [PATCH 018/132] openjfx{11,15,17}: use ffmpeg_4-headless A quick glance at the source shows it only uses libavcodec. --- pkgs/development/compilers/openjdk/openjfx/11.nix | 4 ++-- pkgs/development/compilers/openjdk/openjfx/15.nix | 4 ++-- pkgs/development/compilers/openjdk/openjfx/17.nix | 4 ++-- 3 files changed, 6 insertions(+), 6 deletions(-) diff --git a/pkgs/development/compilers/openjdk/openjfx/11.nix b/pkgs/development/compilers/openjdk/openjfx/11.nix index 7a01486e2dd9..f67c18289134 100644 --- a/pkgs/development/compilers/openjdk/openjfx/11.nix +++ b/pkgs/development/compilers/openjdk/openjfx/11.nix @@ -1,5 +1,5 @@ { stdenv, lib, fetchurl, writeText, gradle_4, pkg-config, perl, cmake -, gperf, gtk2, gtk3, libXtst, libXxf86vm, glib, alsa-lib, ffmpeg_4, python2, ruby +, gperf, gtk2, gtk3, libXtst, libXxf86vm, glib, alsa-lib, ffmpeg_4-headless, python2, ruby , openjdk11-bootstrap }: let @@ -19,7 +19,7 @@ let sha256 = "1h7qsylr7rnwnbimqjyn3whszp9kv4h3gpicsrb3mradxc9yv194"; }; - buildInputs = [ gtk2 gtk3 libXtst libXxf86vm glib alsa-lib ffmpeg_4 ]; + buildInputs = [ gtk2 gtk3 libXtst libXxf86vm glib alsa-lib ffmpeg_4-headless ]; nativeBuildInputs = [ gradle_ perl pkg-config cmake gperf python2 ruby ]; dontUseCmakeConfigure = true; diff --git a/pkgs/development/compilers/openjdk/openjfx/15.nix b/pkgs/development/compilers/openjdk/openjfx/15.nix index 74f83fdabf1a..4ffe8abd47b9 100644 --- a/pkgs/development/compilers/openjdk/openjfx/15.nix +++ b/pkgs/development/compilers/openjdk/openjfx/15.nix @@ -1,6 +1,6 @@ { stdenv, lib, fetchFromGitHub, writeText, openjdk11_headless, gradle_5 , pkg-config, perl, cmake, gperf, gtk2, gtk3, libXtst, libXxf86vm, glib, alsa-lib -, ffmpeg_4, python3, ruby }: +, ffmpeg_4-headless, python3, ruby }: let major = "15"; @@ -21,7 +21,7 @@ let sha256 = "019glq8rhn6amy3n5jc17vi2wpf1pxpmmywvyz1ga8n09w7xscq1"; }; - buildInputs = [ gtk2 gtk3 libXtst libXxf86vm glib alsa-lib ffmpeg_4 ]; + buildInputs = [ gtk2 gtk3 libXtst libXxf86vm glib alsa-lib ffmpeg_4-headless ]; nativeBuildInputs = [ gradle_ perl pkg-config cmake gperf python3 ruby ]; dontUseCmakeConfigure = true; diff --git a/pkgs/development/compilers/openjdk/openjfx/17.nix b/pkgs/development/compilers/openjdk/openjfx/17.nix index 734f4d079ef0..1c1fb89ce8e1 100644 --- a/pkgs/development/compilers/openjdk/openjfx/17.nix +++ b/pkgs/development/compilers/openjdk/openjfx/17.nix @@ -1,6 +1,6 @@ { stdenv, lib, fetchFromGitHub, writeText, openjdk17_headless, gradle_7 , pkg-config, perl, cmake, gperf, gtk2, gtk3, libXtst, libXxf86vm, glib, alsa-lib -, ffmpeg_4, python3, ruby, icu68 }: +, ffmpeg_4-headless, python3, ruby, icu68 }: let major = "17"; @@ -21,7 +21,7 @@ let sha256 = "sha256-PSiE9KbF/4u9VyBl9PAMLGzKyGFB86/XByeh7vhL6Kw="; }; - buildInputs = [ gtk2 gtk3 libXtst libXxf86vm glib alsa-lib ffmpeg_4 icu68 ]; + buildInputs = [ gtk2 gtk3 libXtst libXxf86vm glib alsa-lib ffmpeg_4-headless icu68 ]; nativeBuildInputs = [ gradle_ perl pkg-config cmake gperf python3 ruby ]; dontUseCmakeConfigure = true; From 05a5700ae2856f1e6ef827d671a5dc1395acb525 Mon Sep 17 00:00:00 2001 From: Zane van Iperen Date: Mon, 7 Nov 2022 16:47:58 +1000 Subject: [PATCH 019/132] gst_all_1: use ffmpeg-headless gst-libav only uses ffmpeg for its (de)coders and (de)muxers. SDL, pipewire, and whatever is handled separately. Depend on ffmpeg-headless to reduce closure size. --- pkgs/top-level/all-packages.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/pkgs/top-level/all-packages.nix b/pkgs/top-level/all-packages.nix index 53f0b5624d9e..78e5c0527b12 100644 --- a/pkgs/top-level/all-packages.nix +++ b/pkgs/top-level/all-packages.nix @@ -19193,7 +19193,7 @@ with pkgs; gsettings-qt = libsForQt5.callPackage ../development/libraries/gsettings-qt { }; gst_all_1 = recurseIntoAttrs(callPackage ../development/libraries/gstreamer { - callPackage = newScope (gst_all_1 // { libav = pkgs.ffmpeg; }); + callPackage = newScope (gst_all_1 // { libav = pkgs.ffmpeg-headless; }); inherit (darwin.apple_sdk.frameworks) AudioToolbox AVFoundation Cocoa CoreFoundation CoreMedia CoreServices CoreVideo DiskArbitration Foundation IOKit MediaToolbox OpenGL VideoToolbox; }); From 24268b64b064d95131f151ee950cfa6427228915 Mon Sep 17 00:00:00 2001 From: Hraban Luyat Date: Mon, 7 Nov 2022 00:59:51 -0500 Subject: [PATCH 020/132] fetchzip: auto generate name from pname-version --- pkgs/build-support/fetchzip/default.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/pkgs/build-support/fetchzip/default.nix b/pkgs/build-support/fetchzip/default.nix index 9c08276cdb9b..8605564fc1e5 100644 --- a/pkgs/build-support/fetchzip/default.nix +++ b/pkgs/build-support/fetchzip/default.nix @@ -36,7 +36,7 @@ in fetchurl (( if (pname != "" && version != "") then { - name = "${name}-${version}"; + name = "${pname}-${version}"; inherit pname version; } else From 3f623f2b19c52fd639f3e4457cd2252ce64f446a Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Robert=20Sch=C3=BCtz?= Date: Tue, 8 Nov 2022 19:30:19 -0800 Subject: [PATCH 021/132] python310Packages.pybind11: 2.10.0 -> 2.10.1 https://github.com/pybind/pybind11/releases/tag/v2.10.1 --- pkgs/development/python-modules/pybind11/default.nix | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/pkgs/development/python-modules/pybind11/default.nix b/pkgs/development/python-modules/pybind11/default.nix index e97db8beefe0..c962e2897421 100644 --- a/pkgs/development/python-modules/pybind11/default.nix +++ b/pkgs/development/python-modules/pybind11/default.nix @@ -15,13 +15,13 @@ buildPythonPackage rec { pname = "pybind11"; - version = "2.10.0"; + version = "2.10.1"; src = fetchFromGitHub { owner = "pybind"; repo = pname; rev = "v${version}"; - hash = "sha256-/X8DZPFsNrKGbhjZ1GFOj17/NU6p4R+saCW3pLKVNeA="; + hash = "sha256-9NS0/fLW2zEmEXhI9GfNN3C/CeI5xibFHwMoUebI90U="; }; postPatch = '' From 6bf318171bcea970cbc9d2ef9033b03298c18073 Mon Sep 17 00:00:00 2001 From: Theodore Ni <3806110+tjni@users.noreply.github.com> Date: Sun, 30 Oct 2022 18:44:32 -0700 Subject: [PATCH 022/132] python3Packages.wrapt: 1.13.3 -> 1.14.1 --- pkgs/development/python-modules/wrapt/default.nix | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/pkgs/development/python-modules/wrapt/default.nix b/pkgs/development/python-modules/wrapt/default.nix index b53c52d6098a..8074cf940c9b 100644 --- a/pkgs/development/python-modules/wrapt/default.nix +++ b/pkgs/development/python-modules/wrapt/default.nix @@ -6,14 +6,14 @@ buildPythonPackage rec { pname = "wrapt"; - version = "1.13.3"; + version = "1.14.1"; format = "setuptools"; src = fetchFromGitHub { owner = "GrahamDumpleton"; repo = pname; rev = version; - hash = "sha256-kq3Ujkn4HzonzjuQfVnPNnQV+2Rnbr3ZfYmrnY3upxU="; + hash = "sha256-nXwDuNo4yZxgjnkus9bVwIZltPaSH93D+PcZMGT2nGM="; }; checkInputs = [ From 4750b447cf964857c5a495eac0ddd104563f37d9 Mon Sep 17 00:00:00 2001 From: Andrew Marshall Date: Wed, 9 Nov 2022 13:52:49 -0500 Subject: [PATCH 023/132] ruby: Do not assume gemPath Other parts of this derivation use `passthru.gemPath` already, this is the one exception. --- pkgs/development/interpreters/ruby/default.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/pkgs/development/interpreters/ruby/default.nix b/pkgs/development/interpreters/ruby/default.nix index dc7594da17d9..cd1f1ecd82d0 100644 --- a/pkgs/development/interpreters/ruby/default.nix +++ b/pkgs/development/interpreters/ruby/default.nix @@ -188,7 +188,7 @@ let '' } # Remove unnecessary external intermediate files created by gems - extMakefiles=$(find $out/lib/ruby/gems -name Makefile) + extMakefiles=$(find $out/${passthru.gemPath} -name Makefile) for makefile in $extMakefiles; do make -C "$(dirname "$makefile")" distclean done From cf5fa5eab2faeae72a1ce7e8d5edf8f079c8343e Mon Sep 17 00:00:00 2001 From: Andrew Marshall Date: Wed, 9 Nov 2022 13:36:25 -0500 Subject: [PATCH 024/132] ruby: Make reproducible Bundled gems that have native extensions have a gem_make.out file that is the build log for the native extension. That file contains random filenames. Since this file is not needed, simply remove it. With this change, ruby_3_1 build is reproducible, at least on x86_64-linux. Example `diff -ur` from `nix build --rebuild --keep-failed .#ruby_3_1`, before this change: ```diff diff -ur /nix/store/m9xczrqsh4chvg4b9z3sl4y93s0jqlbg-ruby-3.1.2/lib/ruby/gems/3.1.0/extensions/x86_64-linux/3.1.0/debug-1.4.0/gem_make.out /nix/store/m9xczrqsh4chvg4b9z3sl4y93s0jqlbg-ruby-3.1.2.check/lib/ruby/gems/3.1.0/extensions/x86_64-linux/3.1.0/debug-1.4.0/gem_make.out --- /nix/store/m9xczrqsh4chvg4b9z3sl4y93s0jqlbg-ruby-3.1.2/lib/ruby/gems/3.1.0/extensions/x86_64-linux/3.1.0/debug-1.4.0/gem_make.out 1969-12-31 19:00:01.000000000 -0500 +++ /nix/store/m9xczrqsh4chvg4b9z3sl4y93s0jqlbg-ruby-3.1.2.check/lib/ruby/gems/3.1.0/extensions/x86_64-linux/3.1.0/debug-1.4.0/gem_make.out 1969-12-31 19:00:01.000000000 -0500 @@ -3,12 +3,12 @@ creating Makefile current directory: /nix/store/m9xczrqsh4chvg4b9z3sl4y93s0jqlbg-ruby-3.1.2/lib/ruby/gems/3.1.0/gems/debug-1.4.0/ext/debug -make DESTDIR\= sitearchdir\=./.gem.20221028-31660-a79mlv sitelibdir\=./.gem.20221028-31660-a79mlv clean +make DESTDIR\= sitearchdir\=./.gem.20221109-31667-zllvs sitelibdir\=./.gem.20221109-31667-zllvs clean make[1]: Entering directory '/nix/store/m9xczrqsh4chvg4b9z3sl4y93s0jqlbg-ruby-3.1.2/lib/ruby/gems/3.1.0/gems/debug-1.4.0/ext/debug' make[1]: Leaving directory '/nix/store/m9xczrqsh4chvg4b9z3sl4y93s0jqlbg-ruby-3.1.2/lib/ruby/gems/3.1.0/gems/debug-1.4.0/ext/debug' current directory: /nix/store/m9xczrqsh4chvg4b9z3sl4y93s0jqlbg-ruby-3.1.2/lib/ruby/gems/3.1.0/gems/debug-1.4.0/ext/debug -make DESTDIR\= sitearchdir\=./.gem.20221028-31660-a79mlv sitelibdir\=./.gem.20221028-31660-a79mlv +make DESTDIR\= sitearchdir\=./.gem.20221109-31667-zllvs sitelibdir\=./.gem.20221109-31667-zllvs make[1]: Entering directory '/nix/store/m9xczrqsh4chvg4b9z3sl4y93s0jqlbg-ruby-3.1.2/lib/ruby/gems/3.1.0/gems/debug-1.4.0/ext/debug' compiling debug.c compiling iseq_collector.c @@ -16,7 +16,7 @@ make[1]: Leaving directory '/nix/store/m9xczrqsh4chvg4b9z3sl4y93s0jqlbg-ruby-3.1.2/lib/ruby/gems/3.1.0/gems/debug-1.4.0/ext/debug' current directory: /nix/store/m9xczrqsh4chvg4b9z3sl4y93s0jqlbg-ruby-3.1.2/lib/ruby/gems/3.1.0/gems/debug-1.4.0/ext/debug -make DESTDIR\= sitearchdir\=./.gem.20221028-31660-a79mlv sitelibdir\=./.gem.20221028-31660-a79mlv install +make DESTDIR\= sitearchdir\=./.gem.20221109-31667-zllvs sitelibdir\=./.gem.20221109-31667-zllvs install make[1]: Entering directory '/nix/store/m9xczrqsh4chvg4b9z3sl4y93s0jqlbg-ruby-3.1.2/lib/ruby/gems/3.1.0/gems/debug-1.4.0/ext/debug' -/nix/store/xq4g38m5ppg78z7bzfxyy2s8ii693k74-coreutils-9.1/bin/install -c -m 0755 debug.so ./.gem.20221028-31660-a79mlv/debug +/nix/store/xq4g38m5ppg78z7bzfxyy2s8ii693k74-coreutils-9.1/bin/install -c -m 0755 debug.so ./.gem.20221109-31667-zllvs/debug make[1]: Leaving directory '/nix/store/m9xczrqsh4chvg4b9z3sl4y93s0jqlbg-ruby-3.1.2/lib/ruby/gems/3.1.0/gems/debug-1.4.0/ext/debug' diff -ur /nix/store/m9xczrqsh4chvg4b9z3sl4y93s0jqlbg-ruby-3.1.2/lib/ruby/gems/3.1.0/extensions/x86_64-linux/3.1.0/rbs-2.1.0/gem_make.out /nix/store/m9xczrqsh4chvg4b9z3sl4y93s0jqlbg-ruby-3.1.2.check/lib/ruby/gems/3.1.0/extensions/x86_64-linux/3.1.0/rbs-2.1.0/gem_make.out --- /nix/store/m9xczrqsh4chvg4b9z3sl4y93s0jqlbg-ruby-3.1.2/lib/ruby/gems/3.1.0/extensions/x86_64-linux/3.1.0/rbs-2.1.0/gem_make.out 1969-12-31 19:00:01.000000000 -0500 +++ /nix/store/m9xczrqsh4chvg4b9z3sl4y93s0jqlbg-ruby-3.1.2.check/lib/ruby/gems/3.1.0/extensions/x86_64-linux/3.1.0/rbs-2.1.0/gem_make.out 1969-12-31 19:00:01.000000000 -0500 @@ -3,12 +3,12 @@ creating Makefile current directory: /nix/store/m9xczrqsh4chvg4b9z3sl4y93s0jqlbg-ruby-3.1.2/lib/ruby/gems/3.1.0/gems/rbs-2.1.0/ext/rbs_extension -make DESTDIR\= sitearchdir\=./.gem.20221028-31660-cv0bgw sitelibdir\=./.gem.20221028-31660-cv0bgw clean +make DESTDIR\= sitearchdir\=./.gem.20221109-31667-7spnp3 sitelibdir\=./.gem.20221109-31667-7spnp3 clean make[1]: Entering directory '/nix/store/m9xczrqsh4chvg4b9z3sl4y93s0jqlbg-ruby-3.1.2/lib/ruby/gems/3.1.0/gems/rbs-2.1.0/ext/rbs_extension' make[1]: Leaving directory '/nix/store/m9xczrqsh4chvg4b9z3sl4y93s0jqlbg-ruby-3.1.2/lib/ruby/gems/3.1.0/gems/rbs-2.1.0/ext/rbs_extension' current directory: /nix/store/m9xczrqsh4chvg4b9z3sl4y93s0jqlbg-ruby-3.1.2/lib/ruby/gems/3.1.0/gems/rbs-2.1.0/ext/rbs_extension -make DESTDIR\= sitearchdir\=./.gem.20221028-31660-cv0bgw sitelibdir\=./.gem.20221028-31660-cv0bgw +make DESTDIR\= sitearchdir\=./.gem.20221109-31667-7spnp3 sitelibdir\=./.gem.20221109-31667-7spnp3 make[1]: Entering directory '/nix/store/m9xczrqsh4chvg4b9z3sl4y93s0jqlbg-ruby-3.1.2/lib/ruby/gems/3.1.0/gems/rbs-2.1.0/ext/rbs_extension' compiling constants.c compiling lexer.c @@ -23,7 +23,7 @@ make[1]: Leaving directory '/nix/store/m9xczrqsh4chvg4b9z3sl4y93s0jqlbg-ruby-3.1.2/lib/ruby/gems/3.1.0/gems/rbs-2.1.0/ext/rbs_extension' current directory: /nix/store/m9xczrqsh4chvg4b9z3sl4y93s0jqlbg-ruby-3.1.2/lib/ruby/gems/3.1.0/gems/rbs-2.1.0/ext/rbs_extension -make DESTDIR\= sitearchdir\=./.gem.20221028-31660-cv0bgw sitelibdir\=./.gem.20221028-31660-cv0bgw install +make DESTDIR\= sitearchdir\=./.gem.20221109-31667-7spnp3 sitelibdir\=./.gem.20221109-31667-7spnp3 install make[1]: Entering directory '/nix/store/m9xczrqsh4chvg4b9z3sl4y93s0jqlbg-ruby-3.1.2/lib/ruby/gems/3.1.0/gems/rbs-2.1.0/ext/rbs_extension' -/nix/store/xq4g38m5ppg78z7bzfxyy2s8ii693k74-coreutils-9.1/bin/install -c -m 0755 rbs_extension.so ./.gem.20221028-31660-cv0bgw +/nix/store/xq4g38m5ppg78z7bzfxyy2s8ii693k74-coreutils-9.1/bin/install -c -m 0755 rbs_extension.so ./.gem.20221109-31667-7spnp3 make[1]: Leaving directory '/nix/store/m9xczrqsh4chvg4b9z3sl4y93s0jqlbg-ruby-3.1.2/lib/ruby/gems/3.1.0/gems/rbs-2.1.0/ext/rbs_extension' ``` --- pkgs/development/interpreters/ruby/default.nix | 1 + 1 file changed, 1 insertion(+) diff --git a/pkgs/development/interpreters/ruby/default.nix b/pkgs/development/interpreters/ruby/default.nix index cd1f1ecd82d0..c7e01ea0f94d 100644 --- a/pkgs/development/interpreters/ruby/default.nix +++ b/pkgs/development/interpreters/ruby/default.nix @@ -192,6 +192,7 @@ let for makefile in $extMakefiles; do make -C "$(dirname "$makefile")" distclean done + find "$out/${passthru.gemPath}" -name gem_make.out -delete # Bundler tries to create this directory mkdir -p $out/nix-support cat > $out/nix-support/setup-hook < Date: Thu, 10 Nov 2022 14:39:06 +0100 Subject: [PATCH 025/132] lvm2_2_02: 2.02.187 -> 2.02.188 https://github.com/lvmteam/lvm2/blob/v2_02_188/WHATS_NEW --- pkgs/os-specific/linux/lvm2/2_02.nix | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/pkgs/os-specific/linux/lvm2/2_02.nix b/pkgs/os-specific/linux/lvm2/2_02.nix index 56ab613afd24..1ca036984d6b 100644 --- a/pkgs/os-specific/linux/lvm2/2_02.nix +++ b/pkgs/os-specific/linux/lvm2/2_02.nix @@ -1,4 +1,4 @@ import ./common.nix { - version = "2.02.187"; - sha256 = "sha256-Dg1SGoY6XbJEDy4edie6grcCc65KsLvhMIUdsNWOWvE="; + version = "2.02.188"; + sha256 = "sha256-cQHosIFq135DkP7ZdJoJAhS6UgBhzQg0N4ceGeUMyb0="; } From 3454a6b4e4a4511990aeb646928dfde88e9ac9b3 Mon Sep 17 00:00:00 2001 From: ajs124 Date: Thu, 10 Nov 2022 19:13:07 +0100 Subject: [PATCH 026/132] lvm2: sha256 -> hash also add a non-mirror download url --- pkgs/os-specific/linux/lvm2/2_02.nix | 2 +- pkgs/os-specific/linux/lvm2/2_03.nix | 2 +- pkgs/os-specific/linux/lvm2/common.nix | 9 ++++++--- 3 files changed, 8 insertions(+), 5 deletions(-) diff --git a/pkgs/os-specific/linux/lvm2/2_02.nix b/pkgs/os-specific/linux/lvm2/2_02.nix index 1ca036984d6b..07d8de0b2270 100644 --- a/pkgs/os-specific/linux/lvm2/2_02.nix +++ b/pkgs/os-specific/linux/lvm2/2_02.nix @@ -1,4 +1,4 @@ import ./common.nix { version = "2.02.188"; - sha256 = "sha256-cQHosIFq135DkP7ZdJoJAhS6UgBhzQg0N4ceGeUMyb0="; + hash = "sha256-cQHosIFq135DkP7ZdJoJAhS6UgBhzQg0N4ceGeUMyb0="; } diff --git a/pkgs/os-specific/linux/lvm2/2_03.nix b/pkgs/os-specific/linux/lvm2/2_03.nix index 0cca51feab30..f8453cf4bf3d 100644 --- a/pkgs/os-specific/linux/lvm2/2_03.nix +++ b/pkgs/os-specific/linux/lvm2/2_03.nix @@ -1,4 +1,4 @@ import ./common.nix { version = "2.03.16"; - sha256 = "sha256-5mHs4VtdiNir45pMHh2y9D4YlvAZlIu5iw4V13doB4Y="; + hash = "sha256-5mHs4VtdiNir45pMHh2y9D4YlvAZlIu5iw4V13doB4Y="; } diff --git a/pkgs/os-specific/linux/lvm2/common.nix b/pkgs/os-specific/linux/lvm2/common.nix index 4cb86bf3d8b9..2e19332a9315 100644 --- a/pkgs/os-specific/linux/lvm2/common.nix +++ b/pkgs/os-specific/linux/lvm2/common.nix @@ -1,4 +1,4 @@ -{ version, sha256 }: +{ version, hash }: { lib, stdenv , fetchpatch @@ -28,8 +28,11 @@ stdenv.mkDerivation rec { inherit version; src = fetchurl { - url = "https://mirrors.kernel.org/sourceware/lvm2/LVM2.${version}.tgz"; - inherit sha256; + urls = [ + "https://mirrors.kernel.org/sourceware/lvm2/LVM2.${version}.tgz" + "ftp://sourceware.org/pub/lvm2/LVM2.${version}.tgz" + ]; + inherit hash; }; nativeBuildInputs = [ pkg-config ]; From 9b056912e09f92eec39a387d22b504cd1f8b1f0b Mon Sep 17 00:00:00 2001 From: ajs124 Date: Thu, 10 Nov 2022 19:13:27 +0100 Subject: [PATCH 027/132] lvm2: 2.03.16 -> 2.03.17 https://github.com/lvmteam/lvm2/blob/v2_03_17/WHATS_NEW --- pkgs/os-specific/linux/lvm2/2_03.nix | 4 ++-- pkgs/os-specific/linux/lvm2/common.nix | 1 + 2 files changed, 3 insertions(+), 2 deletions(-) diff --git a/pkgs/os-specific/linux/lvm2/2_03.nix b/pkgs/os-specific/linux/lvm2/2_03.nix index f8453cf4bf3d..2f48448541b3 100644 --- a/pkgs/os-specific/linux/lvm2/2_03.nix +++ b/pkgs/os-specific/linux/lvm2/2_03.nix @@ -1,4 +1,4 @@ import ./common.nix { - version = "2.03.16"; - hash = "sha256-5mHs4VtdiNir45pMHh2y9D4YlvAZlIu5iw4V13doB4Y="; + version = "2.03.17"; + hash = "sha256-cobPqWUYKMWJOJUJVGMzuNqWXfqEoaTIqz5oGkf6uuc="; } diff --git a/pkgs/os-specific/linux/lvm2/common.nix b/pkgs/os-specific/linux/lvm2/common.nix index 2e19332a9315..0ea8a97bdb2e 100644 --- a/pkgs/os-specific/linux/lvm2/common.nix +++ b/pkgs/os-specific/linux/lvm2/common.nix @@ -56,6 +56,7 @@ stdenv.mkDerivation rec { "--bindir=${placeholder "bin"}/bin" "--sbindir=${placeholder "bin"}/bin" "--libdir=${placeholder "lib"}/lib" + "--with-libexecdir=${placeholder "lib"}/libexec" ] ++ lib.optional enableCmdlib "--enable-cmdlib" ++ lib.optionals enableDmeventd [ "--enable-dmeventd" From 28ffdbd0e37d9581cabe2307c922cd98949c92dc Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Robert=20Sch=C3=BCtz?= Date: Thu, 10 Nov 2022 12:34:35 -0800 Subject: [PATCH 028/132] python310Packages.pytz: 2022.2.1 -> 2022.6 --- pkgs/development/python-modules/pytz/default.nix | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/pkgs/development/python-modules/pytz/default.nix b/pkgs/development/python-modules/pytz/default.nix index 718ee964588e..79750bb2435b 100644 --- a/pkgs/development/python-modules/pytz/default.nix +++ b/pkgs/development/python-modules/pytz/default.nix @@ -2,11 +2,11 @@ buildPythonPackage rec { pname = "pytz"; - version = "2022.2.1"; + version = "2022.6"; src = fetchPypi { inherit pname version; - sha256 = "sha256-zqIhQXIE8tGiqgPdrj6GeSGXHQ128U2Hq7RBRBW73PU="; + hash = "sha256-6JUSQGt5PKOfWXG8mZzFOM4SXA5RwnlBvvRWi0YAleI="; }; checkInputs = [ unittestCheckHook ]; From 6ac6beaf83af64ab1460b935de75055c12b6c0b4 Mon Sep 17 00:00:00 2001 From: Victor Engmark Date: Sun, 30 Oct 2022 18:32:40 +1300 Subject: [PATCH 029/132] jekyll-webmention_io: init at 3.3.6 --- .../ruby-modules/with-packages/Gemfile | 1 + pkgs/top-level/ruby-packages.nix | 105 ++++++++++++++++++ 2 files changed, 106 insertions(+) diff --git a/pkgs/development/ruby-modules/with-packages/Gemfile b/pkgs/development/ruby-modules/with-packages/Gemfile index f11828cb835e..479981419801 100644 --- a/pkgs/development/ruby-modules/with-packages/Gemfile +++ b/pkgs/development/ruby-modules/with-packages/Gemfile @@ -78,6 +78,7 @@ gem 'idn-ruby' gem 'jbuilder' gem 'jekyll' gem 'jekyll-favicon' +gem 'jekyll-webmention_io' gem 'jmespath' gem 'jwt' gem 'kramdown-rfc2629' diff --git a/pkgs/top-level/ruby-packages.nix b/pkgs/top-level/ruby-packages.nix index bb25b2df7a08..d702c04dac15 100644 --- a/pkgs/top-level/ruby-packages.nix +++ b/pkgs/top-level/ruby-packages.nix @@ -1166,6 +1166,16 @@ }; version = "2.14.3"; }; + htmlbeautifier = { + groups = ["default"]; + platforms = []; + source = { + remotes = ["https://rubygems.org"]; + sha256 = "1y55dx25l3wwc025mwl6jsbcsqrm30gs2d2pxnaxg07yh22ckq4x"; + type = "gem"; + }; + version = "1.4.2"; + }; http-accept = { groups = ["default"]; platforms = []; @@ -1197,6 +1207,17 @@ }; version = "0.8.0"; }; + httparty = { + dependencies = ["multi_xml"]; + groups = ["default"]; + platforms = []; + source = { + remotes = ["https://rubygems.org"]; + sha256 = "1q42553gp8brkkrn97m7ah4yr6bqs7fsn8lg84yzx6dr6y02bj5i"; + type = "gem"; + }; + version = "0.15.7"; + }; httpclient = { groups = ["default"]; platforms = []; @@ -1238,6 +1259,16 @@ }; version = "0.1.4"; }; + ipaddr = { + groups = ["default"]; + platforms = []; + source = { + remotes = ["https://rubygems.org"]; + sha256 = "13qd34nzpgp3fxfjbvaqg3dcnfr0cgl5vjvcqy0hfllbvfcklnbq"; + type = "gem"; + }; + version = "1.2.4"; + }; jaro_winkler = { groups = ["default"]; platforms = []; @@ -1664,6 +1695,17 @@ }; version = "2.2.1"; }; + jekyll-webmention_io = { + dependencies = ["htmlbeautifier" "jekyll" "json" "openssl" "string_inflection" "uglifier" "webmention"]; + groups = ["default"]; + platforms = []; + source = { + remotes = ["https://rubygems.org"]; + sha256 = "141bj7v068s6sdz3syhzrka47w3r6r9r69a6mhfxrzfyrkwqq8a1"; + type = "gem"; + }; + version = "3.3.6"; + }; jemoji = { dependencies = ["gemoji" "html-pipeline" "jekyll"]; groups = ["default"]; @@ -1768,6 +1810,16 @@ }; version = "3.2.4"; }; + link_header = { + groups = ["default"]; + platforms = []; + source = { + remotes = ["https://rubygems.org"]; + sha256 = "1yamrdq4rywmnpdhbygnkkl9fdy249fg5r851nrkkxr97gj5rihm"; + type = "gem"; + }; + version = "0.0.8"; + }; liquid = { groups = ["default"]; platforms = []; @@ -1954,6 +2006,16 @@ }; version = "1.15.0"; }; + multi_xml = { + groups = ["default"]; + platforms = []; + source = { + remotes = ["https://rubygems.org"]; + sha256 = "0lmd4f401mvravi1i1yq7b2qjjli0yq7dfc4p1nj5nwajp7r6hyj"; + type = "gem"; + }; + version = "0.6.0"; + }; mustermann = { dependencies = ["ruby2_keywords"]; groups = ["default"]; @@ -2078,6 +2140,17 @@ }; version = "4.25.1"; }; + openssl = { + dependencies = ["ipaddr"]; + groups = ["default"]; + platforms = []; + source = { + remotes = ["https://rubygems.org"]; + sha256 = "0xx01in25q31rpxmq2qlimi44zarsp4px7046xnc6in0pa127xsk"; + type = "gem"; + }; + version = "2.2.2"; + }; optimist = { groups = ["default"]; platforms = []; @@ -3015,6 +3088,16 @@ }; version = "1.5.3"; }; + string_inflection = { + groups = ["default"]; + platforms = []; + source = { + remotes = ["https://rubygems.org"]; + sha256 = "0v57afc7rdr58xd6mayf9giifqgav3hqjr54kagi7iki3hn6vjag"; + type = "gem"; + }; + version = "0.1.2"; + }; syntax_tree = { dependencies = ["prettier_print"]; groups = ["default"]; @@ -3193,6 +3276,17 @@ }; version = "1.2.10"; }; + uglifier = { + dependencies = ["execjs"]; + groups = ["default"]; + platforms = []; + source = { + remotes = ["https://rubygems.org"]; + sha256 = "0wgh7bzy68vhv9v68061519dd8samcy8sazzz0w3k8kqpy3g4s5f"; + type = "gem"; + }; + version = "4.2.0"; + }; unf = { dependencies = ["unf_ext"]; groups = ["default"]; @@ -3234,6 +3328,17 @@ }; version = "0.2.0"; }; + webmention = { + dependencies = ["httparty" "json" "link_header" "nokogiri"]; + groups = ["default"]; + platforms = []; + source = { + remotes = ["https://rubygems.org"]; + sha256 = "1s3p572rp1aifk7xxhnwvnpxwvn9sx8hx5zm0mz0ff4lgb2y4yq4"; + type = "gem"; + }; + version = "0.1.6"; + }; webrick = { groups = ["default"]; platforms = []; From f9cb30c4e79877e44a7abeb3e45e96f1d6de2979 Mon Sep 17 00:00:00 2001 From: Mario Rodas Date: Fri, 11 Nov 2022 04:20:00 +0000 Subject: [PATCH 030/132] python310Packages.curio: 1.5 -> 1.6 https://github.com/dabeaz/curio/releases/tag/1.6 --- pkgs/development/python-modules/curio/default.nix | 8 +++++--- 1 file changed, 5 insertions(+), 3 deletions(-) diff --git a/pkgs/development/python-modules/curio/default.nix b/pkgs/development/python-modules/curio/default.nix index 7a66e4796648..931da001fe6d 100644 --- a/pkgs/development/python-modules/curio/default.nix +++ b/pkgs/development/python-modules/curio/default.nix @@ -9,12 +9,13 @@ buildPythonPackage rec { pname = "curio"; - version = "1.5"; + version = "1.6"; + format = "setuptools"; disabled = !isPy3k; src = fetchPypi { inherit pname version; - sha256 = "sha256-rwghLlkLt9qOTMOcQgEnEUlNwg1iLxYhVbopbMLjvBA="; + sha256 = "sha256-VipYbbICFrp9K+gmPeuesHnlYEj5uJBtEdX0WqgcUkc="; }; checkInputs = [ @@ -37,8 +38,9 @@ buildPythonPackage rec { pythonImportsCheck = [ "curio" ]; meta = with lib; { - homepage = "https://github.com/dabeaz/curio"; description = "Library for performing concurrent I/O with coroutines in Python"; + homepage = "https://github.com/dabeaz/curio"; + changelog = "https://github.com/dabeaz/curio/raw/${version}/CHANGES"; license = licenses.bsd3; maintainers = [ maintainers.marsam ]; }; From ddb88250e40a7a68f07130413efae0c863831125 Mon Sep 17 00:00:00 2001 From: Artturin Date: Mon, 7 Nov 2022 07:28:34 +0200 Subject: [PATCH 031/132] xorg.imake: fix cross ``` imake-aarch64-unknown-linux-gnu> checking for cpp... no imake-aarch64-unknown-linux-gnu> checking if aarch64-unknown-linux-gnu-gcc -E requires -undef... aarch64-unknown-linux-gnu-gcc: fatal error: noinput files imake-aarch64-unknown-linux-gnu> compilation terminated. imake-aarch64-unknown-linux-gnu> aarch64-unknown-linux-gnu-gcc: fatal error: no input files imake-aarch64-unknown-linux-gnu> compilation terminated. imake-aarch64-unknown-linux-gnu> aarch64-unknown-linux-gnu-gcc: fatal error: no input files imake-aarch64-unknown-linux-gnu> compilation terminated. imake-aarch64-unknown-linux-gnu> configure: error: aarch64-unknown-linux-gnu-gcc -E defines unix with or without -undef. I don't know what to do. ``` it appears that the configure script isn't checking `${ac_tool_prefix}cpp` ``` for ac_prog in cpp do # Extract the first word of "$ac_prog", so it can be a program name with args. set dummy $ac_prog; ac_word=$2 { $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 $as_echo_n "checking for $ac_word... " >&6; } if ${ac_cv_path_RAWCPP+:} false; then : ``` --- pkgs/servers/x11/xorg/overrides.nix | 2 ++ 1 file changed, 2 insertions(+) diff --git a/pkgs/servers/x11/xorg/overrides.nix b/pkgs/servers/x11/xorg/overrides.nix index baf968fe309f..a472c1983223 100644 --- a/pkgs/servers/x11/xorg/overrides.nix +++ b/pkgs/servers/x11/xorg/overrides.nix @@ -68,6 +68,8 @@ self: super: then "${tradcpp}/bin/cpp" else "gcc"}\"'"; + configureFlags = attrs.configureFlags or [] ++ [ "ac_cv_path_RAWCPP=${stdenv.cc.targetPrefix}cpp" ]; + inherit tradcpp; }); From efb9b804a7aae14aec9872650e0cf5d12acd47fe Mon Sep 17 00:00:00 2001 From: Artturin Date: Mon, 7 Nov 2022 07:36:21 +0200 Subject: [PATCH 032/132] xorg.xdm: fix cross ``` xdm-aarch64-unknown-linux-gnu> checking for cpp... no xdm-aarch64-unknown-linux-gnu> checking if aarch64-unknown-linux-gnu-gcc -E requires -undef... aarch64-unknown-linux-gnu-gcc: fatal error: noinput files xdm-aarch64-unknown-linux-gnu> compilation terminated. xdm-aarch64-unknown-linux-gnu> aarch64-unknown-linux-gnu-gcc: fatal error: no input files xdm-aarch64-unknown-linux-gnu> compilation terminated. xdm-aarch64-unknown-linux-gnu> aarch64-unknown-linux-gnu-gcc: fatal error: no input files xdm-aarch64-unknown-linux-gnu> compilation terminated. xdm-aarch64-unknown-linux-gnu> configure: error: aarch64-unknown-linux-gnu-gcc -E defines unix with or without -undef. I don't know what to do. ``` it appears that the configure script isn't checking `${ac_tool_prefix}cpp` ``` for ac_prog in cpp do # Extract the first word of "$ac_prog", so it can be a program name with args. set dummy $ac_prog; ac_word=$2 { $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 $as_echo_n "checking for $ac_word... " >&6; } if ${ac_cv_path_RAWCPP+:} false; then : ``` --- pkgs/servers/x11/xorg/overrides.nix | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/pkgs/servers/x11/xorg/overrides.nix b/pkgs/servers/x11/xorg/overrides.nix index a472c1983223..ae6f437d4a19 100644 --- a/pkgs/servers/x11/xorg/overrides.nix +++ b/pkgs/servers/x11/xorg/overrides.nix @@ -153,6 +153,11 @@ self: super: xdm = super.xdm.overrideAttrs (attrs: { buildInputs = attrs.buildInputs ++ [ libxcrypt ]; + configureFlags = attrs.configureFlags or [] ++ [ + "ac_cv_path_RAWCPP=${stdenv.cc.targetPrefix}cpp" + ] ++ lib.optionals (stdenv.buildPlatform != stdenv.hostPlatform) + # checking for /dev/urandom... configure: error: cannot check for file existence when cross compiling + [ "ac_cv_file__dev_urandom=true" "ac_cv_file__dev_random=true" ]; }); # Propagate some build inputs because of header file dependencies. From 4940c0094fa3d8337e5cd8d2ef224bcb8cf2fd85 Mon Sep 17 00:00:00 2001 From: Florian Klink Date: Fri, 11 Nov 2022 19:33:55 +0000 Subject: [PATCH 033/132] systemd: 251.7 -> 251.8 ``` git log --oneline v251.7..v251.8 ae8b249af4 test: fstab-generator: adjust PATH for fsck 03514a9f64 man: add note that network-generator is not a generator 8c8a423821 condition: Check that subsystem is enabled in ConditionSecurity=tpm2 9243b88b55 test: wait for loop device to be removed f5c2be99bc test: wait for the lodev to get properly initialized 8cfe979030 test: disable LSan in the ASan env wrapper db00a62be8 test: introduce a simple environment file for test service fd082f335e test: lower the # of mpath devices to 16 d17a45340b test: make TEST-64 a bit more ASan friendly a51cc9e578 test: don't wrap binaries built with ASan e176dca593 test: drop all LD_PRELOAD-related ASan workarounds 9fba4cdf61 test: set $ASAN_RT_PATH along with $LD_PRELOAD to the ASan runtime DSO 4fbf69fd1b semaphore: remove the Semaphore repositories recursively 6258394c1e test: wrap `ls` and `stat` to make it work w/ sanitizers in specific cases db14b371df test: create an ASan wrapper for `getent` and `su` 1027d3d633 test: always wrap useradd/userdel when running w/ ASan 65ab7b0950 Revert "Support -D_FORTIFY_SOURCE=3 by using __builtin_dynamic_object_size." f994276068 test: make TEST-63 more reliable on slower machines 68b4f10f82 test: use PBKDF2 with capped iterations instead of Argon2 1f32ec761c hashmap: use assert_se() to make clang happy 94a25aa6d5 coredump: drop an unused variable 5f09fa4d5e network: drop an unused variable a29ddb989b machine: drop an unused variable 9a71cd3bf6 sd-journal: drop an unused variable ae0537f18f ci: reenable validation of GH Actions files 6e92f64ca4 ci: temporarily disable validation of GH Action files 6cd1b11d02 cryptsetup: fix build with -Db_ndebug=true 0ab5e9fe98 test: wrap binaries using systemd DSOs when running w/ ASan 6d4ae5a7cd test: make the virt detection quiet 024ee3def9 test: check for other hypervisors as well 520be40734 test-mountpoint-util: support running on a mount namespace with another mount on /proc 2cd4aed358 test-mountpoint-util: use log_info() c7b66dbe2a test-mountpoint-util: fix NULL arg to %s 4e49c726ad test: drop redundant log message b57ef0c672 build(deps): bump meson from 0.63.2 to 0.63.3 in /.github/workflows 8c80564405 build(deps): bump ninja from 1.10.2.3 to 1.10.2.4 in /.github/workflows 70e90da84b build(deps): bump meson from 0.63.1 to 0.63.2 in /.github/workflows 489c00dee5 build(deps): bump meson from 0.63.0 to 0.63.1 in /.github/workflows 08e85ad43d build(deps): bump meson from 0.62.2 to 0.63.0 in /.github/workflows b0619c9c55 build(deps): bump meson from 0.62.0 to 0.62.2 in /.github/workflows d982169592 build(deps): bump systemd/mkosi 9d4af5fea1 mkosi: libbpf0 -> libbpf1 3abf9f08f1 mkosi: Switch to Fedora 37 18f9fbab08 mkosi: update to latest commit 5403b727a7 mkosi: Use SourceFileTransfer=mount 9744c04ffd mkosi: Drop kernel-modules-extra from Fedora config ab2f7a9b9e mkosi: install fdisk for test-loop-block 17acdca99d mkosi: Set ExtraSearchPaths=build/ by default 420e782904 mkosi: update to latest commit 43ef15c752 mkosi: add back packages removed from OpenSUSE build 9a94aa1d88 mkosi: disable isc-dhcp-server again d1785c462f mkosi: Ensure we build all features/components in mkosi 6712396da3 meson: Downgrade efi-ld warning 66309ee674 ci: Add mold to build tests 86c25ca937 ci: build with clang-15; drop clang-12 28457b030e mkosi: Drop workarounds abecb21561 mkosi: Update to latest commit d9eaf39930 mkosi: Update to latest commit 619b36b22c mkosi: Don't use InstallDirectory by default cdf3fd312a mkosi: Use mkosi.output/ as output directory by default b8a746e89b mkosi: Add package libfdisk to Ubuntu dependencies (#24211) 0e518f3639 ci: set a timeout for each mkosi stage 5e79cf977c mkosi: Update to latest edef8edf0b mkosi: Update to latest commit a0402d3ab6 mkosi: Update to latest commit 081168fa19 mkosi: Build against Fedora rawhide as well a38a0504ec mkosi: Remove usage of deprecated option names/sections 47404f1802 mkosi: Changes to allow booting with sanitizers in mkosi db1281e12e mkosi: Update Ubuntu config to 22.04 ca8dc691fe mkosi: Install xxd in images f12a6945c6 ci: limit which env variables we pass through `sudo` 7e24ac6d77 mkosi: update to latest main a46ba01e79 mkosi: Update to latest release 7ef1d71895 mkosi: Pull in fix that solves action mirror issue d3d90ae66b mkosi: Update CI to mkosi 13 9bf797be2c ci: build systemd with clang with -Dmode=release --optimization=2 9e88b3a5e1 ci: bump gcc in the "build test" workflow dcbc64db61 ci: prefer the distro llvm version if available ccd81889d4 ci: bump GH Actions to Ubuntu Jammy where applicable b8fbf21526 kernel-install/90-loaderentry: do not add multiple systemd.machine_id options fe5e692bfc tests: minor simplification in test-execute a94fe70bbe tests: make test-execute pass on openSUSE 4a65c1674b firstboot: fix segfault when --locale-messages= is passed without --locale= c3b22515b9 test: introduce sanity coverage for auxiliary utils c61e4377d7 udev: add safe guard for setting by-id symlink 2f4fdaaecc udev: drop redundant call of usb_id and assignment of ID_USB_INTERFACE_NUM 491924940f udev: first set properties based on usb subsystem 293c006789 test: further extend systemctl's sanity coverage f48e6576a2 test: add a couple of sanity tests for systemctl 3d5e379808 test: rename TEST-26-SETENV to TEST-26-SYSTEMCTL a34afc4197 namespace: Add hidepid/subset support check 2ac138a5b6 coverage: Mark _coverage__exit as noreturn 9952c228a9 parse_hwdb: allow negative value for EVDEV_ABS_ properties 7b6fa1d3e6 test: add a couple of sanity tests for journalctl cf21555d6d sd-device-monitor: dynamically allocate receive buffer ee42e84968 man: use the correct 'Markers' property name for marking units 45090f3418 core: fix memleak in GetUnitFileLinks method 7eefd2fbb7 network: forcibly reconfigure all interfaces after sleep 66fa6110ba resolved: fix typo in feature level table 2f8f1d9e4a network: skip to reassign master ifindex if already set d94f197818 resolved: fix copypasta in resolved varlink API b61fcaca1b udev: always create device symlinks for USB disks 6fc2f387af man: Add documentation for AssertCredential= (#25178) c339e8d71b man: document reboot --poweroff exception 91b8491e97 network: allow 0 for table number 3f94f03389 network: Table= also accepts table name bdd84e82e5 analyze: add --image= + --root= to --help text 23d66a03de meson: Fix build with --optimization=plain 98a45608c4 manager: allow transient units to have drop-ins 228cd82d2c manager: reformat boolean expression in unit_is_pristine() ```` --- pkgs/os-specific/linux/systemd/default.nix | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/pkgs/os-specific/linux/systemd/default.nix b/pkgs/os-specific/linux/systemd/default.nix index 47dbbb21db38..444e4b43a77c 100644 --- a/pkgs/os-specific/linux/systemd/default.nix +++ b/pkgs/os-specific/linux/systemd/default.nix @@ -122,7 +122,7 @@ assert withHomed -> withCryptsetup; let wantCurl = withRemote || withImportd; wantGcrypt = withResolved || withImportd; - version = "251.7"; + version = "251.8"; # Bump this variable on every (major) version change. See below (in the meson options list) for why. # command: @@ -139,7 +139,7 @@ stdenv.mkDerivation { owner = "systemd"; repo = "systemd-stable"; rev = "v${version}"; - sha256 = "sha256-Sa5diyNFyYtREo1xSCcufAW83ZZGZvueoDVuQ2r8wno="; + sha256 = "sha256-kao0xJwwJc4zUyaK5yxyGip4E6ADak98iVv5E8Hw0zk="; }; # On major changes, or when otherwise required, you *must* reformat the patches, From e9c35f11c2f90d80ad33854525f5a16c8d3f8cfc Mon Sep 17 00:00:00 2001 From: squalus Date: Fri, 11 Nov 2022 13:25:09 -0800 Subject: [PATCH 034/132] glib: fix cross compile Made libxslt an unconditional input. It's used for building man pages, which are enabled on cross builds. --- pkgs/development/libraries/glib/default.nix | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/pkgs/development/libraries/glib/default.nix b/pkgs/development/libraries/glib/default.nix index b38ba682a76b..5cfce3cdd19f 100644 --- a/pkgs/development/libraries/glib/default.nix +++ b/pkgs/development/libraries/glib/default.nix @@ -134,12 +134,12 @@ stdenv.mkDerivation (finalAttrs: { perl python3 gettext + libxslt + docbook_xsl ] ++ lib.optionals buildDocs [ gtk-doc - docbook_xsl docbook_xml_dtd_45 libxml2 - libxslt ]; propagatedBuildInputs = [ zlib libffi gettext libiconv ]; From aa1b96ff78b59878cee48bce2cdbc974568e8f6c Mon Sep 17 00:00:00 2001 From: Ben Wolsieffer Date: Sun, 18 Sep 2022 22:30:51 -0400 Subject: [PATCH 035/132] boost: enable cross-compiling Boost.Python Explicitly tell Boost where to find Python, so Boost.Python can build be cross- compiled. --- pkgs/development/libraries/boost/generic.nix | 12 ++++++++++-- 1 file changed, 10 insertions(+), 2 deletions(-) diff --git a/pkgs/development/libraries/boost/generic.nix b/pkgs/development/libraries/boost/generic.nix index b6ab49e4b4d9..bea3f007e631 100644 --- a/pkgs/development/libraries/boost/generic.nix +++ b/pkgs/development/libraries/boost/generic.nix @@ -207,6 +207,15 @@ stdenv.mkDerivation { $RANLIB ; EOF + '' + # b2 needs to be explicitly told how to find Python when cross-compiling + + optionalString enablePython '' + cat << EOF >> user-config.jam + using python : : ${python.interpreter} + : ${python}/include/python${python.pythonVersion} + : ${python}/lib + ; + EOF ''; NIX_CFLAGS_LINK = lib.optionalString stdenv.isDarwin @@ -229,8 +238,7 @@ stdenv.mkDerivation { "--includedir=$(dev)/include" "--libdir=$(out)/lib" "--with-bjam=b2" # prevent bootstrapping b2 in configurePhase - ] ++ optional enablePython "--with-python=${python.interpreter}" - ++ optional (toolset != null) "--with-toolset=${toolset}" + ] ++ optional (toolset != null) "--with-toolset=${toolset}" ++ [ (if stdenv.hostPlatform == stdenv.buildPlatform then "--with-icu=${icu.dev}" else "--without-icu") ]; buildPhase = '' From 3bb157ac20c479bac646186d5f2f0b9f02e14540 Mon Sep 17 00:00:00 2001 From: "R. Ryantm" Date: Sat, 12 Nov 2022 10:40:42 +0000 Subject: [PATCH 036/132] lapack-reference: 3.10.1 -> 3.11 --- pkgs/development/libraries/science/math/liblapack/default.nix | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/pkgs/development/libraries/science/math/liblapack/default.nix b/pkgs/development/libraries/science/math/liblapack/default.nix index 05470f61dd3e..c8f0b37e0659 100644 --- a/pkgs/development/libraries/science/math/liblapack/default.nix +++ b/pkgs/development/libraries/science/math/liblapack/default.nix @@ -10,13 +10,13 @@ stdenv.mkDerivation rec { pname = "liblapack"; - version = "3.10.1"; + version = "3.11"; src = fetchFromGitHub { owner = "Reference-LAPACK"; repo = "lapack"; rev = "v${version}"; - sha256 = "07wwydw72gl4fhfqcyc8sbz7ynm0i23pggyfqn0r9a29g7qh8bqs"; + sha256 = "sha256-AYD78u70y8cY19hmM/aDjQEzxO8u9lPWhCFxRe5cqXI="; }; nativeBuildInputs = [ gfortran cmake ]; From fb213161c307649ad2a1987de861ad0a48bcc097 Mon Sep 17 00:00:00 2001 From: Jan Tojnar Date: Sat, 12 Nov 2022 00:00:15 +0100 Subject: [PATCH 037/132] =?UTF-8?q?gi-docgen:=202022.1=20=E2=86=92=202022.?= =?UTF-8?q?2?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit https://gitlab.gnome.org/GNOME/gi-docgen/-/tags/2022.2 Switch to GNOME mirror and add update script. --- .../editors/gnome-builder/default.nix | 9 +----- .../tools/documentation/gi-docgen/default.nix | 30 ++++++++----------- 2 files changed, 13 insertions(+), 26 deletions(-) diff --git a/pkgs/applications/editors/gnome-builder/default.nix b/pkgs/applications/editors/gnome-builder/default.nix index 54625d75e5c5..767afbe26dea 100644 --- a/pkgs/applications/editors/gnome-builder/default.nix +++ b/pkgs/applications/editors/gnome-builder/default.nix @@ -66,14 +66,7 @@ stdenv.mkDerivation rec { nativeBuildInputs = [ desktop-file-utils - (gi-docgen.overrideAttrs (attrs: { - patches = attrs.patches ++ [ - (fetchpatch { - url = "https://gitlab.gnome.org/GNOME/gi-docgen/-/commit/f4ff4787cce962b705fb2588b31f2988c5063c13.patch"; - sha256 = "11VGFFb2PLVxnX/qUQdLPLfhGQWx4sf4apBP7R2JWjA="; - }) - ]; - })) + gi-docgen gobject-introspection meson ninja diff --git a/pkgs/development/tools/documentation/gi-docgen/default.nix b/pkgs/development/tools/documentation/gi-docgen/default.nix index 4b627782d8b5..512f7aeb7bd5 100644 --- a/pkgs/development/tools/documentation/gi-docgen/default.nix +++ b/pkgs/development/tools/documentation/gi-docgen/default.nix @@ -1,34 +1,22 @@ { lib -, fetchFromGitLab -, fetchpatch +, fetchurl , meson , ninja , python3 +, gnome }: python3.pkgs.buildPythonApplication rec { pname = "gi-docgen"; - version = "2022.1"; + version = "2022.2"; format = "other"; - src = fetchFromGitLab { - domain = "gitlab.gnome.org"; - owner = "GNOME"; - repo = pname; - rev = version; - sha256 = "35pL/2TQRVgPfAcfOGCLlSP1LIh4r95mFC+UoXQEEHo="; + src = fetchurl { + url = "mirror://gnome/sources/gi-docgen/${lib.versions.major version}/gi-docgen-${version}.tar.xz"; + sha256 = "JlQ5ENdqedYvZnEihWkqO2KnXzHQfLvupG7sfjTmOlQ="; }; - patches = [ - # Fix gnome-builder build - # https://gitlab.gnome.org/GNOME/gi-docgen/-/merge_requests/161 - (fetchpatch { - url = "https://gitlab.gnome.org/GNOME/gi-docgen/-/commit/0524047ada3e6a5572c43dd36201ebe589d08095.patch"; - sha256 = "1P+i7v1sMULOd0w8K363Mssj+tBJ2wiSmE7DlztvCbw="; - }) - ]; - depsBuildBuild = [ python3 ]; @@ -55,6 +43,12 @@ python3.pkgs.buildPythonApplication rec { --replace "${python3}" "" ''; + passthru = { + updateScript = gnome.updateScript { + packageName = "gi-docgen"; + }; + }; + meta = with lib; { description = "Documentation generator for GObject-based libraries"; homepage = "https://gitlab.gnome.org/GNOME/gi-docgen"; From 762e22d0634ae1675e6b7a3ba137ec8889e59cb9 Mon Sep 17 00:00:00 2001 From: Doron Behar Date: Sat, 12 Nov 2022 14:58:10 +0200 Subject: [PATCH 038/132] python3.pkgs.scipy: 1.9.1 -> 1.9.3 --- pkgs/development/python-modules/scipy/default.nix | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/pkgs/development/python-modules/scipy/default.nix b/pkgs/development/python-modules/scipy/default.nix index f85121a39ac3..bec9752bc445 100644 --- a/pkgs/development/python-modules/scipy/default.nix +++ b/pkgs/development/python-modules/scipy/default.nix @@ -20,12 +20,12 @@ buildPythonPackage rec { pname = "scipy"; - version = "1.9.1"; + version = "1.9.3"; format = "pyproject"; src = fetchPypi { inherit pname version; - sha256 = "sha256-JtKMRokA5tX9s30oEqtG2wzNIsY7qglQV4cfqjpJi8k="; + sha256 = "sha256-+8XAXIXBoCvnex/1kQh8g7xEV5xtK9n7eYu2TqXhoCc="; }; nativeBuildInputs = [ cython gfortran meson-python pythran pkg-config wheel ]; From 9105610435a02a0204956ecb5feb80980b7c37be Mon Sep 17 00:00:00 2001 From: Martin Weinelt Date: Sat, 12 Nov 2022 14:32:26 +0100 Subject: [PATCH 039/132] python3Packages.pillow: 9.2.0 -> 9.3.0 https://github.com/python-pillow/Pillow/blob/9.3.0/CHANGES.rst Pass through format to generic builder, updated disabled tests thereby recovering pillow-simd. --- .../python-modules/pillow-simd/default.nix | 2 ++ .../python-modules/pillow/default.nix | 5 +++-- .../python-modules/pillow/generic.nix | 17 +++++++++-------- 3 files changed, 14 insertions(+), 10 deletions(-) diff --git a/pkgs/development/python-modules/pillow-simd/default.nix b/pkgs/development/python-modules/pillow-simd/default.nix index b39a86a7fbfc..f16ef4465562 100644 --- a/pkgs/development/python-modules/pillow-simd/default.nix +++ b/pkgs/development/python-modules/pillow-simd/default.nix @@ -9,6 +9,8 @@ import ../pillow/generic.nix (rec { # check for release version on https://pypi.org/project/Pillow-SIMD/#history # does not match the latest pillow release version! version = "9.0.0.post1"; + format = "setuptools"; + disabled = !isPy3k; src = fetchFromGitHub { diff --git a/pkgs/development/python-modules/pillow/default.nix b/pkgs/development/python-modules/pillow/default.nix index 6e50be53f99d..05fe40802c5d 100644 --- a/pkgs/development/python-modules/pillow/default.nix +++ b/pkgs/development/python-modules/pillow/default.nix @@ -12,14 +12,15 @@ import ./generic.nix (rec { pname = "pillow"; - version = "9.2.0"; + version = "9.3.0"; + format = "setuptools"; disabled = pythonOlder "3.7"; src = fetchPypi { pname = "Pillow"; inherit version; - sha256 = "sha256-deY2/T4PuHJpPyPMuKX/LNV4gBJR86T2hUxqXUN9PAQ="; + hash = "sha256-yTWiKlV6VgEI14D5oPxCbddFmUDcVPqknYMknI0+dg8="; }; passthru.tests = { diff --git a/pkgs/development/python-modules/pillow/generic.nix b/pkgs/development/python-modules/pillow/generic.nix index 54f730751076..adad6038964c 100644 --- a/pkgs/development/python-modules/pillow/generic.nix +++ b/pkgs/development/python-modules/pillow/generic.nix @@ -11,7 +11,7 @@ with args; buildPythonPackage rec { - inherit pname version src meta passthru patches; + inherit pname version format src meta passthru patches; # Disable imagefont tests, because they don't work well with infinality: # https://github.com/python-pillow/Pillow/issues/1259 @@ -19,18 +19,19 @@ buildPythonPackage rec { rm Tests/test_imagefont.py ''; - # Disable darwin tests which require executables: `iconutil` and `screencapture` - disabledTests = lib.optionals stdenv.isDarwin [ - "test_grab" - "test_grabclipboard" - "test_save" + disabledTests = [ + # Code quality mismathch 9 vs 10 + "test_pyroma" # pillow-simd "test_roundtrip" "test_basic" - ] ++ lib.optionals (lib.versions.major version == "6") [ - # RuntimeError: Error setting from dictionary "test_custom_metadata" + ] ++ lib.optionals stdenv.isDarwin [ + # Disable darwin tests which require executables: `iconutil` and `screencapture` + "test_grab" + "test_grabclipboard" + "test_save" ]; propagatedBuildInputs = [ olefile ] From 9a0946a1b1fc31d24bced17af3f4181a9328d169 Mon Sep 17 00:00:00 2001 From: Fabian Affolter Date: Sat, 12 Nov 2022 14:50:17 +0100 Subject: [PATCH 040/132] python310Packages.psutil: 5.9.3 -> 5.9.4 --- pkgs/development/python-modules/psutil/default.nix | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/pkgs/development/python-modules/psutil/default.nix b/pkgs/development/python-modules/psutil/default.nix index b461bc6fdcf0..01f48e627bd2 100644 --- a/pkgs/development/python-modules/psutil/default.nix +++ b/pkgs/development/python-modules/psutil/default.nix @@ -11,14 +11,14 @@ buildPythonPackage rec { pname = "psutil"; - version = "5.9.3"; + version = "5.9.4"; format = "setuptools"; disabled = pythonOlder "3.7"; src = fetchPypi { inherit pname version; - hash = "sha256-fM/N/qT8SwoCyiwx3n/NGGvrnP+CB4AOFKtm95x3OvY="; + hash = "sha256-PX+XOetDXUsTOJRKviP0lYS95TlfJ0h9LuJa2ah3SmI="; }; buildInputs = From b40e6283a748cdee21e9cbae45be94fe66451709 Mon Sep 17 00:00:00 2001 From: "R. Ryantm" Date: Sun, 23 Oct 2022 16:59:00 +0000 Subject: [PATCH 041/132] harfbuzz: 5.2.0 -> 5.3.1 Co-Authored-By: sternenseemann --- pkgs/development/libraries/harfbuzz/default.nix | 15 +++++++++++++-- 1 file changed, 13 insertions(+), 2 deletions(-) diff --git a/pkgs/development/libraries/harfbuzz/default.nix b/pkgs/development/libraries/harfbuzz/default.nix index 0bb6546543dc..13f73a7ac1af 100644 --- a/pkgs/development/libraries/harfbuzz/default.nix +++ b/pkgs/development/libraries/harfbuzz/default.nix @@ -1,6 +1,7 @@ { lib , stdenv , fetchurl +, fetchpatch , pkg-config , glib , freetype @@ -30,7 +31,7 @@ }: let - version = "5.2.0"; + version = "5.3.1"; inherit (lib) optional optionals optionalString; mesonFeatureFlag = opt: b: "-D${opt}=${if b then "enabled" else "disabled"}"; @@ -42,9 +43,19 @@ stdenv.mkDerivation { src = fetchurl { url = "https://github.com/harfbuzz/harfbuzz/releases/download/${version}/harfbuzz-${version}.tar.xz"; - sha256 = "0b4lpkidwx0lf8slczjji652yll6g5zgmm5lmisnb4s7gf8r8nkk"; + sha256 = "sha256-Smzgl7dagSH6zEuoO1sIO/7GV/RbADzVo0JPKua0Q00="; }; + patches = [ + # Pick upstream patch for exported symbol test failing on darwin + # https://github.com/harfbuzz/harfbuzz/issues/3850 + (fetchpatch { + name = "harfbuzz-fix-check-symbol-tests-lto-and-darwin.patch"; + url = "https://github.com/harfbuzz/harfbuzz/commit/b0b7a65388da25ae3fa01e969ad6abc67eed4f49.patch"; + sha256 = "0my064r88pikw6q70hbgf6hwfkw544b9f5ai73qhn2a3c83jqn06"; + }) + ]; + postPatch = '' patchShebangs src/*.py test '' + lib.optionalString stdenv.isDarwin '' From 1487ab90a5c8462bb6dd60261e01f7d4b58dedea Mon Sep 17 00:00:00 2001 From: Fabian Affolter Date: Sat, 12 Nov 2022 17:56:15 +0100 Subject: [PATCH 042/132] python310Packages.exceptiongroup: 1.0.0 -> 1.0.1 --- pkgs/development/python-modules/exceptiongroup/default.nix | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/pkgs/development/python-modules/exceptiongroup/default.nix b/pkgs/development/python-modules/exceptiongroup/default.nix index 76c6f0e2d34e..96ce96e27f08 100644 --- a/pkgs/development/python-modules/exceptiongroup/default.nix +++ b/pkgs/development/python-modules/exceptiongroup/default.nix @@ -8,14 +8,14 @@ buildPythonPackage rec { pname = "exceptiongroup"; - version = "1.0.0"; + version = "1.0.1"; format = "flit"; disabled = pythonOlder "3.7"; src = fetchPypi { inherit pname version; - hash = "sha256-r/ur8T+26YmIw42cVlDnAVaf48HeMjPPthxfM3dGkK0="; + hash = "sha256-c4Zvf4Qu3myx2qQsSvB44gNeX3YH8OLHYsxRuzG757I="; }; nativeBuildInputs = [ From 46827e6a5b3ef3ef8cffbe6ce93ef9aba41ea05e Mon Sep 17 00:00:00 2001 From: Fabian Affolter Date: Sat, 12 Nov 2022 17:59:00 +0100 Subject: [PATCH 043/132] python310Packages.frozenlist: 1.3.1 -> 1.3.3 --- pkgs/development/python-modules/frozenlist/default.nix | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/pkgs/development/python-modules/frozenlist/default.nix b/pkgs/development/python-modules/frozenlist/default.nix index 73a5bfdb73fc..531ee2b925b2 100644 --- a/pkgs/development/python-modules/frozenlist/default.nix +++ b/pkgs/development/python-modules/frozenlist/default.nix @@ -8,7 +8,7 @@ buildPythonPackage rec { pname = "frozenlist"; - version = "1.3.1"; + version = "1.3.3"; format = "setuptools"; disabled = pythonOlder "3.7"; @@ -17,7 +17,7 @@ buildPythonPackage rec { owner = "aio-libs"; repo = pname; rev = "v${version}"; - hash = "sha256-nOzS004uduS5C8y4ig0IaYyfk+h94uTiN048X66HO+Q="; + hash = "sha256-lJWRdXvuzyvJwNSpv0+ojY4rwws3jwDtlLOqYyLPrZc="; }; nativeBuildInputs = [ From 75921c996ce1e7ffc1951f863f50f612f88d88e4 Mon Sep 17 00:00:00 2001 From: Fabian Affolter Date: Sat, 12 Nov 2022 18:13:49 +0100 Subject: [PATCH 044/132] python310Packages.httplib2: 0.20.4 -> 0.21.0 --- pkgs/development/python-modules/httplib2/default.nix | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/pkgs/development/python-modules/httplib2/default.nix b/pkgs/development/python-modules/httplib2/default.nix index 7f331c8edad4..f817d8dff2d5 100644 --- a/pkgs/development/python-modules/httplib2/default.nix +++ b/pkgs/development/python-modules/httplib2/default.nix @@ -15,14 +15,14 @@ buildPythonPackage rec { pname = "httplib2"; - version = "0.20.4"; + version = "0.21.0"; format = "setuptools"; src = fetchFromGitHub { owner = pname; repo = pname; rev = "v${version}"; - sha256 = "sha256-eLvxmG9PUX+2RB3M6oG442Wmh6c5GI/aKP/Z8Z5Ixq8="; + sha256 = "sha256-1Pl+l28J7crfO2UY/9/D019IzOHWOwjR+UvVEHICTqU="; }; propagatedBuildInputs = [ From ae0e37125b83e241763e635e29703f075d1de2b6 Mon Sep 17 00:00:00 2001 From: Fabian Affolter Date: Sat, 12 Nov 2022 18:30:14 +0100 Subject: [PATCH 045/132] python310Packages.platformdirs: 2.5.2 -> 2.5.3 --- pkgs/development/python-modules/platformdirs/default.nix | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/pkgs/development/python-modules/platformdirs/default.nix b/pkgs/development/python-modules/platformdirs/default.nix index e04b40bc1e44..e206c33d34ca 100644 --- a/pkgs/development/python-modules/platformdirs/default.nix +++ b/pkgs/development/python-modules/platformdirs/default.nix @@ -11,7 +11,7 @@ buildPythonPackage rec { pname = "platformdirs"; - version = "2.5.2"; + version = "2.5.3"; format = "pyproject"; disabled = pythonOlder "3.7"; @@ -20,7 +20,7 @@ buildPythonPackage rec { owner = pname; repo = pname; rev = version; - sha256 = "sha256-c7gGgqOUVYA6wYU4+nQsYYw4Gn+DpMoIq2nP8nEdPcg="; + sha256 = "sha256-OAvhbgmwGhElszUPksXkOgB5Dp/Wcf4s8807CcT7eyM="; }; SETUPTOOLS_SCM_PRETEND_VERSION = version; From eaab93d6389e80a72f4ba2281b72de44c4bf4496 Mon Sep 17 00:00:00 2001 From: Luna Nova Date: Fri, 21 Oct 2022 13:16:49 -0700 Subject: [PATCH 046/132] xdg-utils: add patch which adds NIXOS_XDG_OPEN_USE_PORTAL env var from https://github.com/freedesktop/xdg-utils/pull/12 --- .../xdg-utils/allow-forcing-portal-use.patch | 29 +++++++++++++++++++ pkgs/tools/X11/xdg-utils/default.nix | 9 +++++- 2 files changed, 37 insertions(+), 1 deletion(-) create mode 100644 pkgs/tools/X11/xdg-utils/allow-forcing-portal-use.patch diff --git a/pkgs/tools/X11/xdg-utils/allow-forcing-portal-use.patch b/pkgs/tools/X11/xdg-utils/allow-forcing-portal-use.patch new file mode 100644 index 000000000000..0a011c05dee9 --- /dev/null +++ b/pkgs/tools/X11/xdg-utils/allow-forcing-portal-use.patch @@ -0,0 +1,29 @@ +From 835eed6a2b975fba40c3ac18b4cf5429ba9d2836 Mon Sep 17 00:00:00 2001 +From: Luna Nova +Date: Wed, 7 Sep 2022 08:45:56 -0700 +Subject: [PATCH] xdg-open: add $XDG_OPEN_USE_PORTAL env var + +When set, the same mechanism that is used in a flatpak is used, +a dbus call to the portal. This is useful for distros with non-flatpak +wrapper or sandboxing features which require the same treatment, eg NixOS. + +See https://github.com/NixOS/nixpkgs/issues/160923 +--- + scripts/xdg-open.in | 4 ++++ + 1 file changed, 4 insertions(+) + +diff --git a/scripts/xdg-open.in b/scripts/xdg-open.in +index 8de839a..80d8fb3 100644 +--- a/scripts/xdg-open.in ++++ b/scripts/xdg-open.in +@@ -508,6 +508,10 @@ if [ x"$DE" = x"" ]; then + DE=generic + fi + ++if [ -n "$NIXOS_XDG_OPEN_USE_PORTAL" ]; then ++ DE=flatpak ++fi ++ + DEBUG 2 "Selected DE $DE" + + # sanitize BROWSER (avoid calling ourselves in particular) diff --git a/pkgs/tools/X11/xdg-utils/default.nix b/pkgs/tools/X11/xdg-utils/default.nix index 6be7e940c1f2..f54ef825fa0f 100644 --- a/pkgs/tools/X11/xdg-utils/default.nix +++ b/pkgs/tools/X11/xdg-utils/default.nix @@ -1,7 +1,8 @@ { lib, stdenv, fetchFromGitLab, fetchFromGitHub , file, libxslt, docbook_xml_dtd_412, docbook_xsl, xmlto , w3m, gnugrep, gnused, coreutils, xset, perlPackages -, mimiSupport ? false, gawk }: +, mimiSupport ? false, gawk +, withXdgOpenUsePortalPatch ? true }: let # A much better xdg-open @@ -30,6 +31,12 @@ stdenv.mkDerivation rec { sha256 = "sha256-8PtXfI8hRneEpnUvIV3M+6ACjlkx0w/NEiJFdGbbHnQ="; }; + patches = lib.optionals withXdgOpenUsePortalPatch [ + # Allow forcing the use of XDG portals using NIXOS_XDG_OPEN_USE_PORTAL environment variable. + # Upstream PR: https://github.com/freedesktop/xdg-utils/pull/12 + ./allow-forcing-portal-use.patch + ]; + # just needed when built from git nativeBuildInputs = [ libxslt docbook_xml_dtd_412 docbook_xsl xmlto w3m ]; From 7a908bec558f9b105424d9a25769c7dabd66bed4 Mon Sep 17 00:00:00 2001 From: Luna Nova Date: Fri, 21 Oct 2022 13:19:24 -0700 Subject: [PATCH 047/132] nixos/xdg/portal: add option `xdgOpenUsePortal` which sets `NIXOS_XDG_OPEN_USE_PORTAL` --- nixos/modules/config/xdg/portal.nix | 12 ++++++++++++ 1 file changed, 12 insertions(+) diff --git a/nixos/modules/config/xdg/portal.nix b/nixos/modules/config/xdg/portal.nix index e28ff74e5d80..ab6cffe499aa 100644 --- a/nixos/modules/config/xdg/portal.nix +++ b/nixos/modules/config/xdg/portal.nix @@ -61,6 +61,17 @@ in Defaults to `false` to respect its opt-in nature. ''; }; + + xdgOpenUsePortal = mkOption { + type = types.bool; + default = false; + description = lib.mdDoc '' + Sets environment variable `NIXOS_XDG_OPEN_USE_PORTAL` to `1` + This will make `xdg-open` use the portal to open programs, which resolves bugs involving + programs opening inside FHS envs or with unexpected env vars set from wrappers. + See [#160923](https://github.com/NixOS/nixpkgs/issues/160923) for more info. + ''; + }; }; config = @@ -95,6 +106,7 @@ in sessionVariables = { GTK_USE_PORTAL = mkIf cfg.gtkUsePortal "1"; + NIXOS_XDG_OPEN_USE_PORTAL = mkIf cfg.xdgOpenUsePortal "1"; XDG_DESKTOP_PORTAL_DIR = "${joinedPortals}/share/xdg-desktop-portal/portals"; }; }; From 17b70a263540b063f1fe299a0b0e99b68c7f707e Mon Sep 17 00:00:00 2001 From: Luna Nova Date: Fri, 21 Oct 2022 14:00:14 -0700 Subject: [PATCH 048/132] xdg-utils: fix missing glib dependency for xdg-open.in and xdg-email.in --- pkgs/tools/X11/xdg-utils/default.nix | 7 +++++-- 1 file changed, 5 insertions(+), 2 deletions(-) diff --git a/pkgs/tools/X11/xdg-utils/default.nix b/pkgs/tools/X11/xdg-utils/default.nix index f54ef825fa0f..53a43dde3030 100644 --- a/pkgs/tools/X11/xdg-utils/default.nix +++ b/pkgs/tools/X11/xdg-utils/default.nix @@ -2,6 +2,7 @@ , file, libxslt, docbook_xml_dtd_412, docbook_xsl, xmlto , w3m, gnugrep, gnused, coreutils, xset, perlPackages , mimiSupport ? false, gawk +, glib , withXdgOpenUsePortalPatch ? true }: let @@ -56,13 +57,15 @@ stdenv.mkDerivation rec { &#' -i "$out"/bin/* substituteInPlace $out/bin/xdg-open \ - --replace "/usr/bin/printf" "${coreutils}/bin/printf" + --replace "/usr/bin/printf" "${coreutils}/bin/printf" \ + --replace "gdbus" "${glib}/bin/gdbus" substituteInPlace $out/bin/xdg-mime \ --replace "/usr/bin/file" "${file}/bin/file" substituteInPlace $out/bin/xdg-email \ - --replace "/bin/echo" "${coreutils}/bin/echo" + --replace "/bin/echo" "${coreutils}/bin/echo" \ + --replace "gdbus" "${glib}/bin/gdbus" sed 's|\bwhich\b|type -P|g' -i "$out"/bin/* ''; From 9f4143e964bff2d96d2e2c370182b7973a226e07 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Sandro=20J=C3=A4ckel?= Date: Sat, 12 Nov 2022 19:25:14 +0100 Subject: [PATCH 049/132] stdenv: fix succeedOnFailure --- pkgs/stdenv/generic/setup.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/pkgs/stdenv/generic/setup.sh b/pkgs/stdenv/generic/setup.sh index 62f9121d73d6..c6cdb6c3df75 100644 --- a/pkgs/stdenv/generic/setup.sh +++ b/pkgs/stdenv/generic/setup.sh @@ -144,7 +144,7 @@ exitHandler() { echo "build failed with exit code $exitCode (ignored)" mkdir -p "$out/nix-support" printf "%s" "$exitCode" > "$out/nix-support/failed" - return 0 + exit 0 fi else From b662223102564762bf0f7b42e8abd496f90f5edf Mon Sep 17 00:00:00 2001 From: Fabian Affolter Date: Sat, 12 Nov 2022 23:26:52 +0100 Subject: [PATCH 050/132] python310Packages.cvelib: 1.0.0 -> 1.1.0 https://github.com/RedHatProductSecurity/cvelib/releases/tag/1.1.0 - switch to pytestCheckHook --- .../python-modules/cvelib/default.nix | 31 ++++++++++++++----- 1 file changed, 23 insertions(+), 8 deletions(-) diff --git a/pkgs/development/python-modules/cvelib/default.nix b/pkgs/development/python-modules/cvelib/default.nix index fc81da016f66..49b5c7590691 100644 --- a/pkgs/development/python-modules/cvelib/default.nix +++ b/pkgs/development/python-modules/cvelib/default.nix @@ -1,30 +1,45 @@ -{ buildPythonPackage -, fetchFromGitHub -, requests +{ lib +, buildPythonPackage , click -, lib +, fetchFromGitHub +, jsonschema +, pytestCheckHook +, pythonOlder +, requests }: buildPythonPackage rec { pname = "cvelib"; - version = "1.0.0"; + version = "1.1.0"; + format = "setuptools"; + + disabled = pythonOlder "3.7"; src = fetchFromGitHub { owner = "RedHatProductSecurity"; repo = "cvelib"; rev = "tags/${version}"; - sha256 = "sha256-KUj9Cnvl7r8NMmZvVj5CB0uZvLNK5aHcLc+NzxFrv0I="; + hash = "sha256-MZzCTUleEddIlZBRhxD8ZgaWAOFcpa5hvNuIjrBJRzk="; }; SETUPTOOLS_SCM_PRETEND_VERSION = "v${version}"; - propagatedBuildInputs = [ requests click ]; + + propagatedBuildInputs = [ + click + jsonschema + requests + ]; + + checkInputs = [ + pytestCheckHook + ]; pythonImportsCheck = [ "cvelib" ]; meta = with lib; { - description = "A library and a command line interface for the CVE Services API"; + description = "Library and a command line interface for the CVE Services API"; homepage = "https://github.com/RedHatProductSecurity/cvelib"; license = licenses.mit; maintainers = with maintainers; [ raboof ]; From dbb1aacce0bdf4b150d8853ef4177d52ae442313 Mon Sep 17 00:00:00 2001 From: Hraban Luyat Date: Sun, 13 Nov 2022 02:20:02 -0500 Subject: [PATCH 051/132] sbcl: v2.2.10 --- pkgs/development/compilers/sbcl/2.x.nix | 4 ++++ pkgs/top-level/all-packages.nix | 3 ++- 2 files changed, 6 insertions(+), 1 deletion(-) diff --git a/pkgs/development/compilers/sbcl/2.x.nix b/pkgs/development/compilers/sbcl/2.x.nix index ec12ccf17b72..578228adb5cd 100644 --- a/pkgs/development/compilers/sbcl/2.x.nix +++ b/pkgs/development/compilers/sbcl/2.x.nix @@ -53,6 +53,10 @@ let "2.2.9" = { sha256 = "sha256-fr69bSAj//cHewNy+hFx+IBSm97GEE8gmDKXwv63wXI="; }; + + "2.2.10" = { + sha256 = "sha256-jMPDqHYSI63vFEqIcwsmdQg6Oyb6FV1wz5GruTXpCDM="; + }; }; in with versionMap.${version}; diff --git a/pkgs/top-level/all-packages.nix b/pkgs/top-level/all-packages.nix index 915bf9b60320..11071c6cf416 100644 --- a/pkgs/top-level/all-packages.nix +++ b/pkgs/top-level/all-packages.nix @@ -15241,7 +15241,8 @@ with pkgs; sbcl_2_2_4 = callPackage ../development/compilers/sbcl/2.x.nix { version = "2.2.4"; }; sbcl_2_2_6 = callPackage ../development/compilers/sbcl/2.x.nix { version = "2.2.6"; }; sbcl_2_2_9 = callPackage ../development/compilers/sbcl/2.x.nix { version = "2.2.9"; }; - sbcl = sbcl_2_2_9; + sbcl_2_2_10 = callPackage ../development/compilers/sbcl/2.x.nix { version = "2.2.10"; }; + sbcl = sbcl_2_2_10; roswell = callPackage ../development/tools/roswell { }; From d7626595e8d5ed4aa46a4e68fbaeb6a53a105403 Mon Sep 17 00:00:00 2001 From: Robert Scott Date: Sun, 13 Nov 2022 12:50:08 +0000 Subject: [PATCH 052/132] python3Packages.jpylyzer: 2.0.1 -> 2.1.0 --- .../python-modules/jpylyzer/default.nix | 33 ++++++++++++++++--- 1 file changed, 29 insertions(+), 4 deletions(-) diff --git a/pkgs/development/python-modules/jpylyzer/default.nix b/pkgs/development/python-modules/jpylyzer/default.nix index 92c78895eb62..e161b3ffc502 100644 --- a/pkgs/development/python-modules/jpylyzer/default.nix +++ b/pkgs/development/python-modules/jpylyzer/default.nix @@ -1,26 +1,51 @@ { lib +, stdenv , fetchFromGitHub , buildPythonPackage , six +, lxml , pytestCheckHook }: -buildPythonPackage rec { +let + # unclear relationship between test-files version and jpylyzer version. + # upstream appears to just always test against the latest version, so + # probably worth updating this when package is bumped. + testFiles = fetchFromGitHub { + owner = "openpreserve"; + repo = "jpylyzer-test-files"; + rev = "146cb0029b5ea9d8ef22dc6683cec8afae1cc63a"; + sha256 = "sha256-uKUau7mYXqGs4dSnXGPnPsH9k81ZCK0aPj5F9HWBMZ8="; + }; + +in buildPythonPackage rec { pname = "jpylyzer"; - version = "2.0.1"; + version = "2.1.0"; src = fetchFromGitHub { owner = "openpreserve"; repo = pname; rev = version; - sha256 = "1cd9klq83g9p4nkg7x78axqid5vcsqzggp431hcfdiixa50yjxjg"; + sha256 = "sha256-LBVOwjWC/HEvGgoi8WxEdl33M4JrfdHEj1Dk7f1NAiA="; }; propagatedBuildInputs = [ six ]; - checkInputs = [ pytestCheckHook ]; + checkInputs = [ pytestCheckHook lxml ]; + + # don't depend on testFiles on darwin as it may not be extractable due to + # weird filenames + preCheck = lib.optionalString (!stdenv.isDarwin) '' + sed -i '/^testFilesDir = /ctestFilesDir = "${testFiles}"' tests/unit/test_testfiles.py + ''; + disabledTestPaths = lib.optionals stdenv.isDarwin [ + "tests/unit/test_testfiles.py" + ]; + pythonImportsCheck = [ "jpylyzer" ]; + disallowedReferences = [ testFiles ]; + meta = with lib; { description = "JP2 (JPEG 2000 Part 1) image validator and properties extractor"; homepage = "https://jpylyzer.openpreservation.org/"; From e6f280c62b9176c0b35a35d9868bdb0069c4e973 Mon Sep 17 00:00:00 2001 From: Doron Behar Date: Sat, 12 Nov 2022 14:36:10 +0200 Subject: [PATCH 053/132] python3.pkgs.meson-python: 0.8.1 -> 0.10.0 --- pkgs/development/python-modules/meson-python/default.nix | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/pkgs/development/python-modules/meson-python/default.nix b/pkgs/development/python-modules/meson-python/default.nix index 18c00a95e856..a4d650c27f59 100644 --- a/pkgs/development/python-modules/meson-python/default.nix +++ b/pkgs/development/python-modules/meson-python/default.nix @@ -11,13 +11,13 @@ buildPythonPackage rec { pname = "meson-python"; - version = "0.8.1"; + version = "0.10.0"; format = "pyproject"; src = fetchPypi { inherit version; pname = "meson_python"; - hash = "sha256-RC8fpM9dtQ7qYRcKYFnBD6/XCXf12980QcEGzSOwXkw="; + hash = "sha256-CN0SLBB029XFW1OZOnGcynPdghY3LJEhf3pVAmD55+E="; }; nativeBuildInputs = [ From faaceef064934497da4a83820220edd8893807cf Mon Sep 17 00:00:00 2001 From: Ingo Blechschmidt Date: Sun, 13 Nov 2022 17:37:10 +0100 Subject: [PATCH 054/132] man-db: 2.10.2 -> 2.11.0 --- pkgs/tools/misc/man-db/default.nix | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/pkgs/tools/misc/man-db/default.nix b/pkgs/tools/misc/man-db/default.nix index 4c23143b103e..ba287bf45794 100644 --- a/pkgs/tools/misc/man-db/default.nix +++ b/pkgs/tools/misc/man-db/default.nix @@ -16,11 +16,11 @@ stdenv.mkDerivation rec { pname = "man-db"; - version = "2.10.2"; + version = "2.11.0"; src = fetchurl { url = "mirror://savannah/man-db/man-db-${version}.tar.xz"; - sha256 = "sha256-7peVTUkqE3MZA8nQcnubAeUIntvWlfDNtY1AWlr1UU0="; + sha256 = "sha256-QTDhpiQSgDWe9eJdrsaFUzwKGTBnSRYgKrBXnlojLFE="; }; outputs = [ "out" "doc" ]; From b7e217d3bde931544dc7e029cb932ec558d8a12f Mon Sep 17 00:00:00 2001 From: Hraban Luyat Date: Sun, 13 Nov 2022 13:37:54 -0500 Subject: [PATCH 055/132] sbcl: apply /bin/cat -> $PATH/cat patch for 2.2.10 --- pkgs/development/compilers/sbcl/2.x.nix | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/pkgs/development/compilers/sbcl/2.x.nix b/pkgs/development/compilers/sbcl/2.x.nix index 578228adb5cd..1461348828bd 100644 --- a/pkgs/development/compilers/sbcl/2.x.nix +++ b/pkgs/development/compilers/sbcl/2.x.nix @@ -103,6 +103,12 @@ stdenv.mkDerivation rec { url = "https://github.com/sbcl/sbcl/commit/f88989694200a5192fb68047d43d0500b2165f7b.patch"; sha256 = "sha256-MXEsK46RARPmB2WBPcrmZk6ArliU8DgHw73x9+/QAmk="; }) + ] ++ lib.optionals (version == "2.2.10") [ + # hard-coded /bin/cat to just ‘cat’, trusting the PATH + (fetchpatch { + url = "https://github.com/sbcl/sbcl/commit/8ed662fbfeb5dde35eb265f390b55b01f79f70c1.patch"; + sha256 = "1qwqxpk5jrp236gj12yqkqg9n51mn7yjjjm0nplk0dd5gbb99kvw"; + }) ]; postPatch = '' From d456674f5863f9e49d21c0ee76f824273b14d5e3 Mon Sep 17 00:00:00 2001 From: Martin Weinelt Date: Sun, 13 Nov 2022 20:02:03 +0100 Subject: [PATCH 056/132] libxcrypt: 4.4.30 -> 4.4.31 https://github.com/besser82/libxcrypt/releases/tag/v4.4.31 --- pkgs/development/libraries/libxcrypt/default.nix | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/pkgs/development/libraries/libxcrypt/default.nix b/pkgs/development/libraries/libxcrypt/default.nix index d4ce1f8bc735..b0484a2c1c91 100644 --- a/pkgs/development/libraries/libxcrypt/default.nix +++ b/pkgs/development/libraries/libxcrypt/default.nix @@ -2,11 +2,11 @@ stdenv.mkDerivation rec { pname = "libxcrypt"; - version = "4.4.30"; + version = "4.4.31"; src = fetchurl { url = "https://github.com/besser82/libxcrypt/releases/download/v${version}/libxcrypt-${version}.tar.xz"; - sha256 = "sha256-s2Z/C6hdqtavJGukCQ++UxY62TyLaioSV9IqeLt87ro="; + hash = "sha256-wBgbao7qg4UM/neDEZv3H9295prd3aHRV0e6Qz1cV7o="; }; outputs = [ From e2fbe408dc3680cfb52876a7f8a24b552c17fe71 Mon Sep 17 00:00:00 2001 From: Hraban Luyat Date: Sun, 13 Nov 2022 23:08:55 -0500 Subject: [PATCH 057/132] sbcl 2.2.10: nix-prefetch-url output confusion MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit I don’t get it but this works. --- pkgs/development/compilers/sbcl/2.x.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/pkgs/development/compilers/sbcl/2.x.nix b/pkgs/development/compilers/sbcl/2.x.nix index 1461348828bd..85b3881e3a15 100644 --- a/pkgs/development/compilers/sbcl/2.x.nix +++ b/pkgs/development/compilers/sbcl/2.x.nix @@ -107,7 +107,7 @@ stdenv.mkDerivation rec { # hard-coded /bin/cat to just ‘cat’, trusting the PATH (fetchpatch { url = "https://github.com/sbcl/sbcl/commit/8ed662fbfeb5dde35eb265f390b55b01f79f70c1.patch"; - sha256 = "1qwqxpk5jrp236gj12yqkqg9n51mn7yjjjm0nplk0dd5gbb99kvw"; + sha256 = "sha256-2aqb13AFdw9KMf8KQ9yj1HVxgoFWZ9xWmnoDdbRSLy4="; }) ]; From f281935aaa36fe799d306d75c0a093ad33eee434 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Robert=20Sch=C3=BCtz?= Date: Sun, 13 Nov 2022 20:53:37 -0800 Subject: [PATCH 058/132] python310Packages.twisted: 22.8.0 -> 22.10.0 fixes CVE-2022-39348 https://github.com/twisted/twisted/releases/tag/twisted-22.10.0 --- .../python-modules/twisted/default.nix | 20 +++++-------------- 1 file changed, 5 insertions(+), 15 deletions(-) diff --git a/pkgs/development/python-modules/twisted/default.nix b/pkgs/development/python-modules/twisted/default.nix index fae5ef8cf103..9b0f39e050e2 100644 --- a/pkgs/development/python-modules/twisted/default.nix +++ b/pkgs/development/python-modules/twisted/default.nix @@ -16,6 +16,7 @@ , glibcLocales , h2 , hyperlink +, hypothesis , idna , incremental , priority @@ -45,7 +46,7 @@ buildPythonPackage rec { pname = "twisted"; - version = "22.8.0"; + version = "22.10.0"; format = "setuptools"; disabled = pythonOlder "3.6"; @@ -54,17 +55,9 @@ buildPythonPackage rec { pname = "Twisted"; inherit version; extension = "tar.gz"; - hash = "sha256-5bYN458tHaFT++GHTYhf4/y9sh/MRG+nWaU+j8NRO+0="; + hash = "sha256-Mqy9QKlPX0bntCwQm/riswIlCUVWF4Oot6BZBI8tTTE="; }; - patches = [ - (fetchpatch { - name = "fix-test_openFileDescriptors.patch"; - url = "https://github.com/twisted/twisted/commit/47f47634940141466177261b20bb43c300531e38.patch"; - hash = "sha256-wacnF166PnZHXJEqTlPZUdDILJIVHOcnC2a34SQumvs="; - }) - ]; - __darwinAllowLocalNetworking = true; propagatedBuildInputs = [ @@ -128,6 +121,7 @@ buildPythonPackage rec { checkInputs = [ git glibcLocales + hypothesis pyhamcrest ] ++ passthru.optional-dependencies.conch @@ -169,11 +163,7 @@ buildPythonPackage rec { meta = with lib; { homepage = "https://github.com/twisted/twisted"; - description = "Twisted, an event-driven networking engine written in Python"; - longDescription = '' - Twisted is an event-driven networking engine written in Python - and licensed under the MIT license. - ''; + description = "Asynchronous networking framework written in Python"; license = licenses.mit; maintainers = with maintainers; [ SuperSandro2000 ]; }; From 19c5ad8058d5423140fcd6c77584b4eadc38c6f2 Mon Sep 17 00:00:00 2001 From: Doron Behar Date: Sun, 13 Nov 2022 09:10:49 +0200 Subject: [PATCH 059/132] python3.pkgs.pybind11: don't build tests if not needed Fixes cross compilation as well. --- pkgs/development/python-modules/pybind11/default.nix | 8 +++++++- 1 file changed, 7 insertions(+), 1 deletion(-) diff --git a/pkgs/development/python-modules/pybind11/default.nix b/pkgs/development/python-modules/pybind11/default.nix index e97db8beefe0..94175714c5f7 100644 --- a/pkgs/development/python-modules/pybind11/default.nix +++ b/pkgs/development/python-modules/pybind11/default.nix @@ -33,10 +33,16 @@ buildPythonPackage rec { dontUseCmakeBuildDir = true; + # Don't build tests if not needed, read the doInstallCheck value at runtime + preConfigure = '' + if [ -n "$doInstallCheck" ]; then + cmakeFlagsArray+=("-DBUILD_TESTING=ON") + fi + ''; + cmakeFlags = [ "-DBoost_INCLUDE_DIR=${lib.getDev boost}/include" "-DEIGEN3_INCLUDE_DIR=${lib.getDev eigen}/include/eigen3" - "-DBUILD_TESTING=on" "-DPYTHON_EXECUTABLE:FILEPATH=${python.pythonForBuild.interpreter}" ] ++ lib.optionals (python.isPy3k && !stdenv.cc.isClang) [ "-DPYBIND11_CXX_STANDARD=-std=c++17" From 4ebd36707e861e39f3f6b1865615f09a0598cb8c Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?J=C3=B6rg=20Thalheim?= Date: Mon, 14 Nov 2022 10:06:57 +0100 Subject: [PATCH 060/132] iana-etc: 20220915 -> 20221107 --- pkgs/data/misc/iana-etc/default.nix | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/pkgs/data/misc/iana-etc/default.nix b/pkgs/data/misc/iana-etc/default.nix index 19331f458def..a5c5fd88a0a2 100644 --- a/pkgs/data/misc/iana-etc/default.nix +++ b/pkgs/data/misc/iana-etc/default.nix @@ -2,11 +2,11 @@ stdenvNoCC.mkDerivation rec { pname = "iana-etc"; - version = "20220915"; + version = "20221107"; src = fetchzip { url = "https://github.com/Mic92/iana-etc/releases/download/${version}/iana-etc-${version}.tar.gz"; - sha256 = "sha256-gBaM5YEK2XA42S7ELwjQChie/wYgo6n8dt2WEg3Pdns="; + sha256 = "sha256-vucC9MfpCCPyST21n09QDrj3z3MzKdBGo/ONUQvuxxQ="; }; installPhase = '' From f74e68b70a4f79d8f8ed76424ede069751a610f7 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?J=C3=B6rg=20Thalheim?= Date: Mon, 14 Nov 2022 13:01:02 +0100 Subject: [PATCH 061/132] systemd: configure as release build Without this we enable some assertions and checks that we don't want in production code: https://github.com/systemd/systemd/blob/09cd639a59fec13d80ac8fce2d671d088d8cca9f/docs/HACKING.md#developer-and-release-modes Fixes https://github.com/NixOS/nixpkgs/issues/201058 --- pkgs/os-specific/linux/systemd/default.nix | 1 + 1 file changed, 1 insertion(+) diff --git a/pkgs/os-specific/linux/systemd/default.nix b/pkgs/os-specific/linux/systemd/default.nix index 444e4b43a77c..9d27f7e23b02 100644 --- a/pkgs/os-specific/linux/systemd/default.nix +++ b/pkgs/os-specific/linux/systemd/default.nix @@ -406,6 +406,7 @@ stdenv.mkDerivation { # https://github.com/systemd/systemd/blob/60e930fc3e6eb8a36fbc184773119eb8d2f30364/NEWS#L258-L266 "-Dtime-epoch=${releaseTimestamp}" + "-Dmode=release" "-Ddbuspolicydir=${placeholder "out"}/share/dbus-1/system.d" "-Ddbussessionservicedir=${placeholder "out"}/share/dbus-1/services" "-Ddbussystemservicedir=${placeholder "out"}/share/dbus-1/system-services" From 51518a5fd34ca9eb5e7aa203f89023b91f029028 Mon Sep 17 00:00:00 2001 From: Robert Hensing Date: Mon, 14 Nov 2022 19:03:35 +0100 Subject: [PATCH 062/132] stdenv.tests: Add succeedOnFailure --- pkgs/stdenv/generic/default.nix | 5 +++++ pkgs/stdenv/tests/succeedOnFailure.nix | 14 ++++++++++++++ 2 files changed, 19 insertions(+) create mode 100644 pkgs/stdenv/tests/succeedOnFailure.nix diff --git a/pkgs/stdenv/generic/default.nix b/pkgs/stdenv/generic/default.nix index 4fa9ad6de2ee..81255726284b 100644 --- a/pkgs/stdenv/generic/default.nix +++ b/pkgs/stdenv/generic/default.nix @@ -175,6 +175,11 @@ let # without running any commands. Because this will also skip `shopt -s extglob` # commands and extglob affects the Bash parser, we enable extglob always. shellDryRun = "${stdenv.shell} -n -O extglob"; + + tests = { + succeedOnFailure = import ../tests/succeedOnFailure.nix { inherit stdenv; }; + }; + passthru.tests = lib.warn "Use `stdenv.tests` instead. `passthru` is a `mkDerivation` detail." stdenv.tests; } # Propagate any extra attributes. For instance, we use this to diff --git a/pkgs/stdenv/tests/succeedOnFailure.nix b/pkgs/stdenv/tests/succeedOnFailure.nix new file mode 100644 index 000000000000..fef7f1786997 --- /dev/null +++ b/pkgs/stdenv/tests/succeedOnFailure.nix @@ -0,0 +1,14 @@ +{ stdenv }: + +stdenv.mkDerivation { + name = "stdenv-test-succeedOnFailure"; + + succeedOnFailure = true; + + passAsFile = [ "buildCommand" ]; + buildCommand = '' + mkdir $out + echo foo > $out/foo + exit 1 + ''; +} From f930ba6aba43853d1f1733a9718585c6c80d890d Mon Sep 17 00:00:00 2001 From: Jan Tojnar Date: Mon, 14 Nov 2022 19:45:40 +0100 Subject: [PATCH 063/132] webkitgtk: Bind NixOS directories to sandbox last MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Since https://github.com/WebKit/WebKit/commit/31ac354cbeecf866f9a38f7b2f8f59f7975d3f6a, bubblewrap gets called the following way on NixOS system, when it has `share/fonts` in `environment.pathsToLink`: $ bwrap --ro-bind /nix/store /nix/store --ro-bind /run/current-system /run/current-system --ro-bind-try /run/current-system/sw/share/fonts /run/current-system/sw/share/fonts -- $(realpath $(which true)) bwrap: Can't mkdir parents for /run/current-system/sw/share/fonts: No such file or directory It fails because `/run/current-system/sw` is a symlink so bubblewrap is not be able to add another mountpoint inside. Ideally, we would remove the `/run/current-system/sw` bind mount and mount only specific subdirectories we need, like the fonts. Unfortunately, it is not clear what else is needed. For example, in the past, Pipewire’s Jack module was loaded from `/run/current-system/sw/lib` https://github.com/NixOS/nixpkgs/commit/756e60344fd83427148d8acf416c63573404a2e9 So, for now, let’s keep the and mount and move the binding of NixOS directories to the end. Adding bindings starting at leaves and moving to root should be fine. While at it, let’s also make the binding of `/run/current-system` conditional since it will not be available outside of NixOS. Fixes: https://github.com/NixOS/nixpkgs/issues/197085 --- .../webkitgtk/fix-bubblewrap-paths.patch | 29 ++++++++++--------- 1 file changed, 15 insertions(+), 14 deletions(-) diff --git a/pkgs/development/libraries/webkitgtk/fix-bubblewrap-paths.patch b/pkgs/development/libraries/webkitgtk/fix-bubblewrap-paths.patch index d502958f4f1a..9be2d74af1bd 100644 --- a/pkgs/development/libraries/webkitgtk/fix-bubblewrap-paths.patch +++ b/pkgs/development/libraries/webkitgtk/fix-bubblewrap-paths.patch @@ -1,16 +1,17 @@ -diff -ru old/webkitgtk-2.26.0/Source/WebKit/UIProcess/Launcher/glib/BubblewrapLauncher.cpp webkitgtk-2.26.0/Source/WebKit/UIProcess/Launcher/glib/BubblewrapLauncher.cpp ---- old/webkitgtk-2.26.0/Source/WebKit/UIProcess/Launcher/glib/BubblewrapLauncher.cpp 2019-09-09 04:47:07.000000000 -0400 -+++ webkitgtk-2.26.0/Source/WebKit/UIProcess/Launcher/glib/BubblewrapLauncher.cpp 2019-09-20 21:14:10.537921173 -0400 -@@ -724,6 +724,12 @@ - "--ro-bind-try", "/usr/local/lib64", "/usr/local/lib64", +diff --git a/Source/WebKit/UIProcess/Launcher/glib/BubblewrapLauncher.cpp b/Source/WebKit/UIProcess/Launcher/glib/BubblewrapLauncher.cpp +index 0a201fe176..fa3690c12a 100644 +--- a/Source/WebKit/UIProcess/Launcher/glib/BubblewrapLauncher.cpp ++++ b/Source/WebKit/UIProcess/Launcher/glib/BubblewrapLauncher.cpp +@@ -819,6 +819,12 @@ GRefPtr bubblewrapSpawn(GSubprocessLauncher* launcher, const Proces + sandboxArgs.append("--unshare-ipc"); + } - "--ro-bind-try", PKGLIBEXECDIR, PKGLIBEXECDIR, ++ // Nix Directories ++ sandboxArgs.appendVector(Vector({ "--ro-bind", "@storeDir@", "@storeDir@" })); ++ sandboxArgs.appendVector(Vector({ "--ro-bind-try", "/run/current-system", "/run/current-system" })); ++ sandboxArgs.appendVector(Vector({ "--ro-bind-try", "@driverLink@/lib", "@driverLink@/lib" })); ++ sandboxArgs.appendVector(Vector({ "--ro-bind-try", "@driverLink@/share", "@driverLink@/share" })); + -+ // Nix Directories -+ "--ro-bind", "@storeDir@", "@storeDir@", -+ "--ro-bind", "/run/current-system", "/run/current-system", -+ "--ro-bind-try", "@driverLink@/lib", "@driverLink@/lib", -+ "--ro-bind-try", "@driverLink@/share", "@driverLink@/share", - }; - // We would have to parse ld config files for more info. - bindPathVar(sandboxArgs, "LD_LIBRARY_PATH"); + #if ENABLE(DEVELOPER_MODE) + const char* execDirectory = g_getenv("WEBKIT_EXEC_PATH"); + if (execDirectory) { From eea038cc8f7f32b5f88229bf046a13e6ed2338d4 Mon Sep 17 00:00:00 2001 From: Theodore Ni <3806110+tjni@users.noreply.github.com> Date: Sat, 5 Nov 2022 02:24:02 -0700 Subject: [PATCH 064/132] rustc: 1.64.0 -> 1.65.0 https://github.com/rust-lang/rust/releases/tag/1.65.0 --- .../compilers/rust/{1_64.nix => 1_65.nix} | 32 +++++++++---------- pkgs/top-level/all-packages.nix | 8 ++--- 2 files changed, 20 insertions(+), 20 deletions(-) rename pkgs/development/compilers/rust/{1_64.nix => 1_65.nix} (56%) diff --git a/pkgs/development/compilers/rust/1_64.nix b/pkgs/development/compilers/rust/1_65.nix similarity index 56% rename from pkgs/development/compilers/rust/1_64.nix rename to pkgs/development/compilers/rust/1_65.nix index f93123fcd70a..5b2397b5de48 100644 --- a/pkgs/development/compilers/rust/1_64.nix +++ b/pkgs/development/compilers/rust/1_65.nix @@ -20,8 +20,8 @@ } @ args: import ./default.nix { - rustcVersion = "1.64.0"; - rustcSha256 = "sha256-s82fSB4aKQG/bzgI0wxpzE6oDZPEzE4u1SJYsYA4EgU="; + rustcVersion = "1.65.0"; + rustcSha256 = "sha256-WCi7Z/Z36r+MOEAgWCsM56+IThyEOJSE9/jQDdgsADg="; llvmSharedForBuild = pkgsBuildBuild.llvmPackages_14.libllvm.override { enableSharedLibraries = true; }; llvmSharedForHost = pkgsBuildHost.llvmPackages_14.libllvm.override { enableSharedLibraries = true; }; @@ -37,25 +37,25 @@ import ./default.nix { # Note: the version MUST be one version prior to the version we're # building - bootstrapVersion = "1.63.0"; + bootstrapVersion = "1.64.0"; # fetch hashes by running `print-hashes.sh ${bootstrapVersion}` bootstrapHashes = { - i686-unknown-linux-gnu = "6ac6ca18f119e099749d67c6dc25ce3f70542b43cc05062d5138fc1052e44c54"; - x86_64-unknown-linux-gnu = "536bcf16807a4ff49b7b29af6e573a2f1821055bfad72c275c60e56edc693984"; - x86_64-unknown-linux-musl = "4516f1fa2a0d9ec9176cc734e5faaa0a3d439bd49f75553a484b6c3c6d7905ab"; - arm-unknown-linux-gnueabihf = "8847d8482e1d5ec962e092a63c95618dc7e17a079a9bf58bec1da39cac0ba4ce"; - armv7-unknown-linux-gnueabihf = "d9227bf6d93f49889c698d35adc7ab3e042988740b9d9d9c81fb54fc0f854474"; - aarch64-unknown-linux-gnu = "26745b57500da293a8147122a5998926301350a610c164f053107cbe026d3a51"; - aarch64-unknown-linux-musl = "8fee65f2bd7e010259763939cbef8ed0794773ec8959c5ef90273cf39dcba180"; - x86_64-apple-darwin = "37f76a45b8616e764c2663850758ce822c730e96af60168a46b818f528c1467d"; - aarch64-apple-darwin = "25c3f43459da9b8683292999c3522d88980b0ca3244fe830f5a87a8092aac5a6"; - powerpc64le-unknown-linux-gnu = "781662048caa48b78540c2fb22f0aa7c06d6d8e81aede0f6ef900c11428056cf"; - riscv64gc-unknown-linux-gnu = "a7f398b45229c5cca833f75421c32897174e365fbbdf78e19b87612736c918aa"; - mips64el-unknown-linux-gnuabi64 = "19f04c576c9d6b171acba65cfe44edcbcf6134a75a853d2f1538fdb2128ec654"; + i686-unknown-linux-gnu = "177b4f95c8cdaa34bb29e69950cbfe236e123757078af4792779c43ee3818199"; + x86_64-unknown-linux-gnu = "a893977f238291370ab96726a74b6b9ae854dc75fbf5730954d901a93843bf9b"; + x86_64-unknown-linux-musl = "d5c4293a8fe1b34d857bec4124229c39711f8759aa2f6108c8b6c22a308f96bb"; + arm-unknown-linux-gnueabihf = "0d7c9c746f7b98f1f99e4cf720f9a32b2f5cdf22cb1d9f677b41c1dca62f14f8"; + armv7-unknown-linux-gnueabihf = "0be29740f565ca8835ba260691274585733a7f4130ec872bfa37654a08013828"; + aarch64-unknown-linux-gnu = "7d8860572431bd4ee1b9cd0cd77cf7ff29fdd5b91ed7c92a820f872de6ced558"; + aarch64-unknown-linux-musl = "9e7cfd960fb8ad3e1f51ef667c56032d3d4d9d9f573a06bbcf65a7c7a96ab430"; + x86_64-apple-darwin = "b6003d49fb857ff8dc105a3ccba98b851cd3e7d874005acb92284fd1113adc0d"; + aarch64-apple-darwin = "e1a37dc5991304716e260144311fd291d8fb514042e45c244c582b3454477038"; + powerpc64le-unknown-linux-gnu = "9d4591033eac22093d107991a68fffccea087b26bb54115d46cc544fbf5ef66c"; + riscv64gc-unknown-linux-gnu = "f63981d9c1057cb20cf30871757d42475a1cd0c187b3dcce5fabb0cce0f80c5b"; + mips64el-unknown-linux-gnuabi64 = "47488e4c53cca5c99b5837474a880f6c2368a7fe8368560dd8077bddb94959b5"; }; - selectRustPackage = pkgs: pkgs.rust_1_64; + selectRustPackage = pkgs: pkgs.rust_1_65; rustcPatches = [ ]; diff --git a/pkgs/top-level/all-packages.nix b/pkgs/top-level/all-packages.nix index d81cb564c149..c76f58b85f12 100644 --- a/pkgs/top-level/all-packages.nix +++ b/pkgs/top-level/all-packages.nix @@ -14969,11 +14969,11 @@ with pkgs; inherit (darwin) apple_sdk; }; - rust_1_64 = callPackage ../development/compilers/rust/1_64.nix { + rust_1_65 = callPackage ../development/compilers/rust/1_65.nix { inherit (darwin.apple_sdk.frameworks) CoreFoundation Security SystemConfiguration; llvm_14 = llvmPackages_14.libllvm; }; - rust = rust_1_64; + rust = rust_1_65; mrustc = callPackage ../development/compilers/mrustc { }; mrustc-minicargo = callPackage ../development/compilers/mrustc/minicargo.nix { }; @@ -14982,8 +14982,8 @@ with pkgs; openssl = openssl_1_1; }; - rustPackages_1_64 = rust_1_64.packages.stable; - rustPackages = rustPackages_1_64; + rustPackages_1_65 = rust_1_65.packages.stable; + rustPackages = rustPackages_1_65; inherit (rustPackages) cargo clippy rustc rustPlatform; From 6bd5e60a4072a06621f722c724375cd8e2b54d26 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Fabi=C3=A1n=20Heredia=20Montiel?= Date: Tue, 15 Nov 2022 13:35:40 -0600 Subject: [PATCH 065/132] =?UTF-8?q?openjdk17:=2017.0.4+8=20=E2=86=92=2017.?= =?UTF-8?q?0.5+8?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- pkgs/development/compilers/openjdk/17.nix | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/pkgs/development/compilers/openjdk/17.nix b/pkgs/development/compilers/openjdk/17.nix index f49ef7bf553d..bc92b1393fdb 100644 --- a/pkgs/development/compilers/openjdk/17.nix +++ b/pkgs/development/compilers/openjdk/17.nix @@ -11,7 +11,7 @@ let version = { feature = "17"; - interim = ".0.4"; + interim = ".0.5"; build = "8"; }; @@ -23,7 +23,7 @@ let owner = "openjdk"; repo = "jdk${version.feature}u"; rev = "jdk-${version.feature}${version.interim}+${version.build}"; - sha256 = "drbljLz82ZyK29lIDLPqCkwqpBdgU/7zCTZ0ceeb1SI="; + sha256 = "sha256-2k1Mm36ds6MZheZVsLvXkoqQG4zYeIRWzbP1aZ72Vqs="; }; nativeBuildInputs = [ pkg-config autoconf unzip ]; @@ -55,8 +55,8 @@ let # Patch borrowed from Alpine to fix build errors with musl libc and recent gcc. # This is applied anywhere to prevent patchrot. (fetchurl { - url = "https://git.alpinelinux.org/aports/plain/community/openjdk17/FixNullPtrCast.patch?id=6f97cb0ae4dff6588dae5868c2522aea96c99d2c"; - sha256 = "sha256-giOmMInwLH0Ei9H7ETsrrzQU09I6+dn8KpPrKb7zn8I="; + url = "https://git.alpinelinux.org/aports/plain/community/openjdk17/FixNullPtrCast.patch?id=41e78a067953e0b13d062d632bae6c4f8028d91c"; + sha256 = "sha256-LzmSew51+DyqqGyyMw2fbXeBluCiCYsS1nCjt9hX6zo="; }) ] ++ lib.optionals (!headless && enableGnome2) [ ./swing-use-gtk-jdk13.patch From 24d02f17a94fefd007afa64f6ab17b5c08a3a444 Mon Sep 17 00:00:00 2001 From: Michael Weiss Date: Tue, 15 Nov 2022 22:33:50 +0100 Subject: [PATCH 066/132] wayland-protocols: 1.27 -> 1.29 Release announcements: - 1.28: https://lists.freedesktop.org/archives/wayland-devel/2022-November/042490.html - 1.29: https://lists.freedesktop.org/archives/wayland-devel/2022-November/042499.html --- pkgs/development/libraries/wayland/protocols.nix | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/pkgs/development/libraries/wayland/protocols.nix b/pkgs/development/libraries/wayland/protocols.nix index 34b5d4ff3c6e..1bd4e47e3827 100644 --- a/pkgs/development/libraries/wayland/protocols.nix +++ b/pkgs/development/libraries/wayland/protocols.nix @@ -6,13 +6,13 @@ stdenv.mkDerivation rec { pname = "wayland-protocols"; - version = "1.27"; + version = "1.29"; doCheck = stdenv.hostPlatform == stdenv.buildPlatform; src = fetchurl { url = "https://gitlab.freedesktop.org/wayland/${pname}/-/releases/${version}/downloads/${pname}-${version}.tar.xz"; - hash = "sha256-kEbxCkJdTioAlloDrPtrP7V1pWUDrHLCuGghxpZTN1w="; + hash = "sha256-4l6at1rHNnBN3v6S6PmshzC+q29WTbYvetaVu6T/ntg="; }; postPatch = lib.optionalString doCheck '' From 1613432da81fa351bbef257f713b344bc19dedab Mon Sep 17 00:00:00 2001 From: Michael Weiss Date: Tue, 15 Nov 2022 22:46:09 +0100 Subject: [PATCH 067/132] libdrm: 2.4.113 -> 2.4.114 --- pkgs/development/libraries/libdrm/default.nix | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/pkgs/development/libraries/libdrm/default.nix b/pkgs/development/libraries/libdrm/default.nix index 354b73f80507..c96bc4e41afc 100644 --- a/pkgs/development/libraries/libdrm/default.nix +++ b/pkgs/development/libraries/libdrm/default.nix @@ -5,11 +5,11 @@ stdenv.mkDerivation rec { pname = "libdrm"; - version = "2.4.113"; + version = "2.4.114"; src = fetchurl { url = "https://dri.freedesktop.org/${pname}/${pname}-${version}.tar.xz"; - sha256 = "sha256-f9frKWf2O+tGBvItUOJ32ZNIDQXvdd2Iqb2OZ3Mj5eE="; + sha256 = "sha256-MEnPhDpH0S5e7vvDvjSW14L6CfQjRr8Lfe/j0eWY0CY="; }; outputs = [ "out" "dev" "bin" ]; From 48f69ab38dfd142af8dc3b4bb98768548dcac002 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Sandro=20J=C3=A4ckel?= Date: Wed, 16 Nov 2022 02:55:36 +0100 Subject: [PATCH 068/132] python3Packages.jsonschema: 4.16.0 -> 4.17.0 --- pkgs/development/python-modules/jsonschema/default.nix | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/pkgs/development/python-modules/jsonschema/default.nix b/pkgs/development/python-modules/jsonschema/default.nix index 536389fb3b10..69dba8bd472e 100644 --- a/pkgs/development/python-modules/jsonschema/default.nix +++ b/pkgs/development/python-modules/jsonschema/default.nix @@ -15,14 +15,14 @@ buildPythonPackage rec { pname = "jsonschema"; - version = "4.16.0"; + version = "4.17.0"; format = "pyproject"; disabled = pythonOlder "3.7"; src = fetchPypi { inherit pname version; - sha256 = "sha256-FlBZ8Hbv9pcbrlt0L8App7TvP5vPBMFOR3anYF3hSyM="; + sha256 = "sha256-W/zyvKFqCHreF+ArKC00r3zNdJ73YkHn+b18DLipQk0="; }; postPatch = '' From a30aa05f56052bb84d448426dc8e23ab1ccd7102 Mon Sep 17 00:00:00 2001 From: Theodore Ni <3806110+tjni@users.noreply.github.com> Date: Tue, 15 Nov 2022 19:32:27 -0800 Subject: [PATCH 069/132] synth: apply patch to fix on rust 1.65 --- pkgs/tools/misc/synth/default.nix | 10 ++++++++++ 1 file changed, 10 insertions(+) diff --git a/pkgs/tools/misc/synth/default.nix b/pkgs/tools/misc/synth/default.nix index 8be135c59d28..a0d0d509f6bb 100644 --- a/pkgs/tools/misc/synth/default.nix +++ b/pkgs/tools/misc/synth/default.nix @@ -1,6 +1,7 @@ { lib , rustPlatform , fetchFromGitHub +, fetchpatch , stdenv , AppKit , Security @@ -19,6 +20,15 @@ rustPlatform.buildRustPackage rec { cargoSha256 = "sha256-COy8szsYKEzjtRBH8063ug5BkMv3qpc3i2RNb+n4I04="; + patches = [ + # https://github.com/shuttle-hq/synth/pull/391 + (fetchpatch { + name = "fix-for-rust-1.65.patch"; + url = "https://github.com/shuttle-hq/synth/commit/c69b9b5c72441a51d09fc977de16b09a60eeecd3.patch"; + hash = "sha256-uRCf+rEYTRgYPyrAbcXNEwpB92tzN8oYgv+/TyJaoHo="; + }) + ]; + buildInputs = lib.optionals stdenv.isDarwin [ AppKit Security From 359e6f8fd98b64c111d7e096e1faaba1a370102d Mon Sep 17 00:00:00 2001 From: Theodore Ni <3806110+tjni@users.noreply.github.com> Date: Sun, 13 Nov 2022 08:00:11 -0800 Subject: [PATCH 070/132] python310Packages.rich: 12.5.1 -> 12.6.0 --- pkgs/development/python-modules/rich/default.nix | 10 ++-------- 1 file changed, 2 insertions(+), 8 deletions(-) diff --git a/pkgs/development/python-modules/rich/default.nix b/pkgs/development/python-modules/rich/default.nix index c2cd935c651f..4f87364cfe20 100644 --- a/pkgs/development/python-modules/rich/default.nix +++ b/pkgs/development/python-modules/rich/default.nix @@ -1,5 +1,4 @@ { lib -, stdenv , buildPythonPackage , fetchFromGitHub , pythonOlder @@ -19,7 +18,7 @@ buildPythonPackage rec { pname = "rich"; - version = "12.5.1"; + version = "12.6.0"; format = "pyproject"; disabled = pythonOlder "3.6"; @@ -27,7 +26,7 @@ buildPythonPackage rec { owner = "Textualize"; repo = pname; rev = "v${version}"; - sha256 = "sha256-FjzvFx+A4DS2XeKBZ2DGRqudvH22AUSQJnIxKs2O0AU="; + hash = "sha256-g3tXftEoBCJ1pMdLyDBXQvY9haGMQkuY1/UBOtUqrLE="; }; nativeBuildInputs = [ poetry-core ]; @@ -45,11 +44,6 @@ buildPythonPackage rec { pytestCheckHook ]; - disabledTests = lib.optionals stdenv.isDarwin [ - # darwin console duplicates 3 of 4 lines - "test_rich_console_ex" - ]; - pythonImportsCheck = [ "rich" ]; passthru.tests = { From c865c8c4a8f73c31427aab8eca16b675af8efc4d Mon Sep 17 00:00:00 2001 From: sternenseemann Date: Wed, 16 Nov 2022 13:22:23 +0100 Subject: [PATCH 071/132] python3Packages.zopfli: 0.2.1 -> 0.2.2 https://github.com/fonttools/py-zopfli/releases/tag/v0.2.2 --- pkgs/development/python-modules/zopfli/default.nix | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/pkgs/development/python-modules/zopfli/default.nix b/pkgs/development/python-modules/zopfli/default.nix index dc2b14bdc62b..87bb1511e448 100644 --- a/pkgs/development/python-modules/zopfli/default.nix +++ b/pkgs/development/python-modules/zopfli/default.nix @@ -2,16 +2,18 @@ buildPythonPackage rec { pname = "zopfli"; - version = "0.2.1"; + version = "0.2.2"; disabled = pythonOlder "3.7"; src = fetchPypi { inherit pname version; - sha256 = "1ipjkcgdbplsrhr31ypk48px8cax4cm9gcjj7yrcrhg20ql3s9p5"; + sha256 = "1z1akqx3fjnwa75insch9p08hafikqdvqkj6mxv1k6fr81sxnj9d"; extension = "zip"; }; + format = "pyproject"; + nativeBuildInputs = [ setuptools-scm ]; buildInputs = [ zopfli ]; From a56ecf201e0f11663e9d992f2598b50878233a4e Mon Sep 17 00:00:00 2001 From: David Baynard Date: Fri, 11 Nov 2022 15:24:06 +0000 Subject: [PATCH 072/132] trustme: Fix enabled tests on darwin MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit As indicated in #175875, `pyopenssl` does not support aarch64-darwin. In #115226, the only test that required `pyopenssl` was disabled on `aarch64-darwin` — but unfortunately the package doesn’t build. This commit makes two changes. 1. The `pyopenssl` dependency is no longer pulled in on `aarch64-darwin`. The derivation is no longer marked broken. 2. The test suite is patched so that `OpenSSL.SSL` is no longer imported; this was only used by the disabled test. As a result the test suite runs (and succeeds). --- pkgs/development/python-modules/trustme/default.nix | 8 +++++++- 1 file changed, 7 insertions(+), 1 deletion(-) diff --git a/pkgs/development/python-modules/trustme/default.nix b/pkgs/development/python-modules/trustme/default.nix index 103878ccac69..d49f52fde3a6 100644 --- a/pkgs/development/python-modules/trustme/default.nix +++ b/pkgs/development/python-modules/trustme/default.nix @@ -21,9 +21,10 @@ buildPythonPackage rec { }; checkInputs = [ - pyopenssl service-identity pytestCheckHook + ] ++ lib.optionals (!stdenv.isDarwin && !stdenv.isAarch64) [ + pyopenssl ]; propagatedBuildInputs = [ @@ -39,6 +40,11 @@ buildPythonPackage rec { "test_pyopenssl_end_to_end" ]; + postPatch = lib.optionalString (stdenv.isDarwin && stdenv.isAarch64) '' + substituteInPlace "tests/test_trustme.py" \ + --replace "import OpenSSL.SSL" "" + ''; + # Some of the tests use localhost networking. __darwinAllowLocalNetworking = true; From 6925777fe4c1c1581045e0e7b3f83cf01a955d87 Mon Sep 17 00:00:00 2001 From: Will Fancher Date: Wed, 9 Nov 2022 19:29:15 -0500 Subject: [PATCH 073/132] systemd: 251.8 -> 252.1 --- ...ts-for-uninitialised-encrypted-devic.patch | 12 +++++----- ...on-t-try-to-unmount-nix-or-nix-store.patch | 4 ++-- .../systemd/0003-Fix-NixOS-containers.patch | 6 ++--- ...004-Look-for-fsck-in-the-right-place.patch | 4 ++-- ...some-NixOS-specific-unit-directories.patch | 2 +- ...f-a-useless-message-in-user-sessions.patch | 4 ++-- ...d-timedated-disable-methods-that-cha.patch | 22 +++++++++---------- ...e-usr-share-zoneinfo-to-etc-zoneinfo.patch | 22 +++++++++---------- ...calectl-use-etc-X11-xkb-for-list-x11.patch | 4 ++-- ...te-statedir-and-don-t-touch-prefixdi.patch | 4 ++-- ...2-add-rootprefix-to-lookup-dir-paths.patch | 4 ++-- ...-execute-scripts-in-etc-systemd-syst.patch | 21 +++++++++--------- ...ecute-scripts-in-etc-systemd-system-.patch | 4 ++-- ...-placeholder-for-DEFAULT_PATH_NORMAL.patch | 2 +- ...-environment-when-calling-generators.patch | 4 ++-- ...018-core-don-t-taint-on-unmerged-usr.patch | 4 ++-- pkgs/os-specific/linux/systemd/default.nix | 6 ++--- 17 files changed, 64 insertions(+), 65 deletions(-) diff --git a/pkgs/os-specific/linux/systemd/0001-Start-device-units-for-uninitialised-encrypted-devic.patch b/pkgs/os-specific/linux/systemd/0001-Start-device-units-for-uninitialised-encrypted-devic.patch index 2699c38440ce..a5cb7ba6bf78 100644 --- a/pkgs/os-specific/linux/systemd/0001-Start-device-units-for-uninitialised-encrypted-devic.patch +++ b/pkgs/os-specific/linux/systemd/0001-Start-device-units-for-uninitialised-encrypted-devic.patch @@ -13,17 +13,17 @@ unit. (However, this ignores the fsck unit, so it's not perfect...) 1 file changed, 4 deletions(-) diff --git a/rules.d/99-systemd.rules.in b/rules.d/99-systemd.rules.in -index 25b8a590a6..d18999ea87 100644 +index 3dbba1f850..40d367d1c8 100644 --- a/rules.d/99-systemd.rules.in +++ b/rules.d/99-systemd.rules.in -@@ -17,10 +17,6 @@ SUBSYSTEM=="ubi", TAG+="systemd" - SUBSYSTEM=="block", TAG+="systemd" +@@ -20,10 +20,6 @@ SUBSYSTEM=="block", TAG+="systemd" + SUBSYSTEM=="block", ENV{DM_SUSPENDED}=="1", IMPORT{db}="SYSTEMD_READY", GOTO="systemd_end" SUBSYSTEM=="block", ACTION=="add", ENV{DM_UDEV_DISABLE_OTHER_RULES_FLAG}=="1", ENV{SYSTEMD_READY}="0" -# Ignore encrypted devices with no identified superblock on it, since -# we are probably still calling mke2fs or mkswap on it. -SUBSYSTEM=="block", ENV{DM_UUID}=="CRYPT-*", ENV{ID_PART_TABLE_TYPE}=="", ENV{ID_FS_USAGE}=="", ENV{SYSTEMD_READY}="0" - - # add symlink to GPT root disk - SUBSYSTEM=="block", ENV{ID_PART_GPT_AUTO_ROOT}=="1", ENV{ID_FS_TYPE}!="crypto_LUKS", SYMLINK+="gpt-auto-root" - SUBSYSTEM=="block", ENV{ID_PART_GPT_AUTO_ROOT}=="1", ENV{ID_FS_TYPE}=="crypto_LUKS", SYMLINK+="gpt-auto-root-luks" + # Explicitly set SYSTEMD_READY=1 for DM devices that don't have it set yet, so that we always have something to import above + SUBSYSTEM=="block", ENV{DM_UUID}=="?*", ENV{SYSTEMD_READY}=="", ENV{SYSTEMD_READY}="1" + diff --git a/pkgs/os-specific/linux/systemd/0002-Don-t-try-to-unmount-nix-or-nix-store.patch b/pkgs/os-specific/linux/systemd/0002-Don-t-try-to-unmount-nix-or-nix-store.patch index f46480d32feb..42a580695811 100644 --- a/pkgs/os-specific/linux/systemd/0002-Don-t-try-to-unmount-nix-or-nix-store.patch +++ b/pkgs/os-specific/linux/systemd/0002-Don-t-try-to-unmount-nix-or-nix-store.patch @@ -25,10 +25,10 @@ index f683f05981..5a04c2c2a6 100644 "/etc")) return true; diff --git a/src/shutdown/umount.c b/src/shutdown/umount.c -index 820aa8e286..653e43053d 100644 +index e650b82170..5d0d41aa28 100644 --- a/src/shutdown/umount.c +++ b/src/shutdown/umount.c -@@ -518,6 +518,8 @@ static int delete_md(MountPoint *m) { +@@ -522,6 +522,8 @@ static int delete_md(MountPoint *m) { static bool nonunmountable_path(const char *path) { return path_equal(path, "/") diff --git a/pkgs/os-specific/linux/systemd/0003-Fix-NixOS-containers.patch b/pkgs/os-specific/linux/systemd/0003-Fix-NixOS-containers.patch index a669350dbed8..8cc2e22d7615 100644 --- a/pkgs/os-specific/linux/systemd/0003-Fix-NixOS-containers.patch +++ b/pkgs/os-specific/linux/systemd/0003-Fix-NixOS-containers.patch @@ -10,10 +10,10 @@ container, so checking early whether it exists will fail. 1 file changed, 2 insertions(+) diff --git a/src/nspawn/nspawn.c b/src/nspawn/nspawn.c -index 4ce80bba70..bb149192bd 100644 +index 01a67b5553..86dd2cea84 100644 --- a/src/nspawn/nspawn.c +++ b/src/nspawn/nspawn.c -@@ -5651,6 +5651,7 @@ static int run(int argc, char *argv[]) { +@@ -5636,6 +5636,7 @@ static int run(int argc, char *argv[]) { goto finish; } } else { @@ -21,7 +21,7 @@ index 4ce80bba70..bb149192bd 100644 _cleanup_free_ char *p = NULL; if (arg_pivot_root_new) -@@ -5665,6 +5666,7 @@ static int run(int argc, char *argv[]) { +@@ -5650,6 +5651,7 @@ static int run(int argc, char *argv[]) { "Directory %s doesn't look like it has an OS tree (/usr/ directory is missing). Refusing.", arg_directory); goto finish; } diff --git a/pkgs/os-specific/linux/systemd/0004-Look-for-fsck-in-the-right-place.patch b/pkgs/os-specific/linux/systemd/0004-Look-for-fsck-in-the-right-place.patch index dfaf53e4a314..431e79a55d50 100644 --- a/pkgs/os-specific/linux/systemd/0004-Look-for-fsck-in-the-right-place.patch +++ b/pkgs/os-specific/linux/systemd/0004-Look-for-fsck-in-the-right-place.patch @@ -8,10 +8,10 @@ Subject: [PATCH] Look for fsck in the right place 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/fsck/fsck.c b/src/fsck/fsck.c -index 745d01ff50..dd4eef45c3 100644 +index 595434ab57..374a4e6c76 100644 --- a/src/fsck/fsck.c +++ b/src/fsck/fsck.c -@@ -368,7 +368,7 @@ static int run(int argc, char *argv[]) { +@@ -373,7 +373,7 @@ static int run(int argc, char *argv[]) { } else dash_c[0] = 0; diff --git a/pkgs/os-specific/linux/systemd/0005-Add-some-NixOS-specific-unit-directories.patch b/pkgs/os-specific/linux/systemd/0005-Add-some-NixOS-specific-unit-directories.patch index 8a06e2cf69cb..081615774c75 100644 --- a/pkgs/os-specific/linux/systemd/0005-Add-some-NixOS-specific-unit-directories.patch +++ b/pkgs/os-specific/linux/systemd/0005-Add-some-NixOS-specific-unit-directories.patch @@ -14,7 +14,7 @@ Also, remove /usr and /lib as these don't exist on NixOS. 2 files changed, 6 insertions(+), 19 deletions(-) diff --git a/src/basic/path-lookup.c b/src/basic/path-lookup.c -index 1f4331a8bf..4b9a8ae26e 100644 +index 36f386254b..a968d28dfc 100644 --- a/src/basic/path-lookup.c +++ b/src/basic/path-lookup.c @@ -92,11 +92,7 @@ int xdg_user_data_dir(char **ret, const char *suffix) { diff --git a/pkgs/os-specific/linux/systemd/0006-Get-rid-of-a-useless-message-in-user-sessions.patch b/pkgs/os-specific/linux/systemd/0006-Get-rid-of-a-useless-message-in-user-sessions.patch index c06f12550261..9b5afcaba9d4 100644 --- a/pkgs/os-specific/linux/systemd/0006-Get-rid-of-a-useless-message-in-user-sessions.patch +++ b/pkgs/os-specific/linux/systemd/0006-Get-rid-of-a-useless-message-in-user-sessions.patch @@ -13,10 +13,10 @@ in containers. 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/src/core/manager.c b/src/core/manager.c -index 296b759959..71ef7f27b4 100644 +index a59afafb58..d9e7d77913 100644 --- a/src/core/manager.c +++ b/src/core/manager.c -@@ -1428,7 +1428,8 @@ static unsigned manager_dispatch_stop_when_bound_queue(Manager *m) { +@@ -1432,7 +1432,8 @@ static unsigned manager_dispatch_stop_when_bound_queue(Manager *m) { if (!unit_is_bound_by_inactive(u, &culprit)) continue; diff --git a/pkgs/os-specific/linux/systemd/0007-hostnamed-localed-timedated-disable-methods-that-cha.patch b/pkgs/os-specific/linux/systemd/0007-hostnamed-localed-timedated-disable-methods-that-cha.patch index 174cca335b8e..f23d805fdac3 100644 --- a/pkgs/os-specific/linux/systemd/0007-hostnamed-localed-timedated-disable-methods-that-cha.patch +++ b/pkgs/os-specific/linux/systemd/0007-hostnamed-localed-timedated-disable-methods-that-cha.patch @@ -11,10 +11,10 @@ Subject: [PATCH] hostnamed, localed, timedated: disable methods that change 3 files changed, 25 insertions(+) diff --git a/src/hostname/hostnamed.c b/src/hostname/hostnamed.c -index 5f09e6d0eb..46bef3b59d 100644 +index 486b093062..580e933f14 100644 --- a/src/hostname/hostnamed.c +++ b/src/hostname/hostnamed.c -@@ -910,6 +910,9 @@ static int method_set_static_hostname(sd_bus_message *m, void *userdata, sd_bus_ +@@ -906,6 +906,9 @@ static int method_set_static_hostname(sd_bus_message *m, void *userdata, sd_bus_ if (r < 0) return r; @@ -24,7 +24,7 @@ index 5f09e6d0eb..46bef3b59d 100644 name = empty_to_null(name); context_read_etc_hostname(c); -@@ -973,6 +976,9 @@ static int set_machine_info(Context *c, sd_bus_message *m, int prop, sd_bus_mess +@@ -969,6 +972,9 @@ static int set_machine_info(Context *c, sd_bus_message *m, int prop, sd_bus_mess if (r < 0) return r; @@ -35,10 +35,10 @@ index 5f09e6d0eb..46bef3b59d 100644 context_read_machine_info(c); diff --git a/src/locale/localed.c b/src/locale/localed.c -index 89bf9c6fba..af2f37a4ca 100644 +index 7aa47f18c2..0a8ef68931 100644 --- a/src/locale/localed.c +++ b/src/locale/localed.c -@@ -359,6 +359,9 @@ static int method_set_locale(sd_bus_message *m, void *userdata, sd_bus_error *er +@@ -309,6 +309,9 @@ static int method_set_locale(sd_bus_message *m, void *userdata, sd_bus_error *er if (r < 0) return r; @@ -48,7 +48,7 @@ index 89bf9c6fba..af2f37a4ca 100644 use_localegen = locale_gen_check_available(); /* If single locale without variable name is provided, then we assume it is LANG=. */ -@@ -484,6 +487,9 @@ static int method_set_vc_keyboard(sd_bus_message *m, void *userdata, sd_bus_erro +@@ -423,6 +426,9 @@ static int method_set_vc_keyboard(sd_bus_message *m, void *userdata, sd_bus_erro if (r < 0) return r; @@ -58,7 +58,7 @@ index 89bf9c6fba..af2f37a4ca 100644 keymap = empty_to_null(keymap); keymap_toggle = empty_to_null(keymap_toggle); -@@ -664,6 +670,9 @@ static int method_set_x11_keyboard(sd_bus_message *m, void *userdata, sd_bus_err +@@ -602,6 +608,9 @@ static int method_set_x11_keyboard(sd_bus_message *m, void *userdata, sd_bus_err if (r < 0) return r; @@ -69,10 +69,10 @@ index 89bf9c6fba..af2f37a4ca 100644 model = empty_to_null(model); variant = empty_to_null(variant); diff --git a/src/timedate/timedated.c b/src/timedate/timedated.c -index 9ca5d37b75..e41d8d73df 100644 +index 373574cc06..6dbf73eb42 100644 --- a/src/timedate/timedated.c +++ b/src/timedate/timedated.c -@@ -669,6 +669,10 @@ static int method_set_timezone(sd_bus_message *m, void *userdata, sd_bus_error * +@@ -665,6 +665,10 @@ static int method_set_timezone(sd_bus_message *m, void *userdata, sd_bus_error * if (r < 0) return r; @@ -83,7 +83,7 @@ index 9ca5d37b75..e41d8d73df 100644 if (!timezone_is_valid(z, LOG_DEBUG)) return sd_bus_error_setf(error, SD_BUS_ERROR_INVALID_ARGS, "Invalid or not installed time zone '%s'", z); -@@ -748,6 +752,9 @@ static int method_set_local_rtc(sd_bus_message *m, void *userdata, sd_bus_error +@@ -743,6 +747,9 @@ static int method_set_local_rtc(sd_bus_message *m, void *userdata, sd_bus_error if (r < 0) return r; @@ -93,7 +93,7 @@ index 9ca5d37b75..e41d8d73df 100644 if (lrtc == c->local_rtc && !fix_system) return sd_bus_reply_method_return(m, NULL); -@@ -930,6 +937,9 @@ static int method_set_ntp(sd_bus_message *m, void *userdata, sd_bus_error *error +@@ -923,6 +930,9 @@ static int method_set_ntp(sd_bus_message *m, void *userdata, sd_bus_error *error if (r < 0) return r; diff --git a/pkgs/os-specific/linux/systemd/0009-Change-usr-share-zoneinfo-to-etc-zoneinfo.patch b/pkgs/os-specific/linux/systemd/0009-Change-usr-share-zoneinfo-to-etc-zoneinfo.patch index 106eba2bed83..cc40140b284b 100644 --- a/pkgs/os-specific/linux/systemd/0009-Change-usr-share-zoneinfo-to-etc-zoneinfo.patch +++ b/pkgs/os-specific/linux/systemd/0009-Change-usr-share-zoneinfo-to-etc-zoneinfo.patch @@ -35,10 +35,10 @@ index e486474c44..5f373d0723 100644 Etc/UTC. The resulting link should lead to the corresponding binary diff --git a/src/basic/time-util.c b/src/basic/time-util.c -index 0ad8de4b9a..b794c6c7d0 100644 +index 71b2f67350..465f1c0b15 100644 --- a/src/basic/time-util.c +++ b/src/basic/time-util.c -@@ -1281,7 +1281,7 @@ static int get_timezones_from_zone1970_tab(char ***ret) { +@@ -1280,7 +1280,7 @@ static int get_timezones_from_zone1970_tab(char ***ret) { assert(ret); @@ -47,7 +47,7 @@ index 0ad8de4b9a..b794c6c7d0 100644 if (!f) return -errno; -@@ -1320,7 +1320,7 @@ static int get_timezones_from_tzdata_zi(char ***ret) { +@@ -1319,7 +1319,7 @@ static int get_timezones_from_tzdata_zi(char ***ret) { _cleanup_strv_free_ char **zones = NULL; int r; @@ -56,7 +56,7 @@ index 0ad8de4b9a..b794c6c7d0 100644 if (!f) return -errno; -@@ -1433,7 +1433,7 @@ int verify_timezone(const char *name, int log_level) { +@@ -1431,7 +1431,7 @@ int verify_timezone(const char *name, int log_level) { if (p - name >= PATH_MAX) return -ENAMETOOLONG; @@ -65,7 +65,7 @@ index 0ad8de4b9a..b794c6c7d0 100644 fd = open(t, O_RDONLY|O_CLOEXEC); if (fd < 0) -@@ -1491,7 +1491,7 @@ int get_timezone(char **ret) { +@@ -1489,7 +1489,7 @@ int get_timezone(char **ret) { if (r < 0) return r; /* returns EINVAL if not a symlink */ @@ -75,10 +75,10 @@ index 0ad8de4b9a..b794c6c7d0 100644 return -EINVAL; diff --git a/src/firstboot/firstboot.c b/src/firstboot/firstboot.c -index 39160182ef..8dcc3307c8 100644 +index 065ee896cd..1b260416c8 100644 --- a/src/firstboot/firstboot.c +++ b/src/firstboot/firstboot.c -@@ -494,7 +494,7 @@ static int process_timezone(void) { +@@ -510,7 +510,7 @@ static int process_timezone(void) { if (isempty(arg_timezone)) return 0; @@ -86,12 +86,12 @@ index 39160182ef..8dcc3307c8 100644 + e = strjoina("zoneinfo/", arg_timezone); (void) mkdir_parents(etc_localtime, 0755); - if (symlink(e, etc_localtime) < 0) + r = symlink_atomic(e, etc_localtime); diff --git a/src/nspawn/nspawn.c b/src/nspawn/nspawn.c -index bb149192bd..08751ed944 100644 +index 86dd2cea84..4e5f03669d 100644 --- a/src/nspawn/nspawn.c +++ b/src/nspawn/nspawn.c -@@ -1901,8 +1901,8 @@ int userns_mkdir(const char *root, const char *path, mode_t mode, uid_t uid, gid +@@ -1905,8 +1905,8 @@ int userns_mkdir(const char *root, const char *path, mode_t mode, uid_t uid, gid static const char *timezone_from_path(const char *path) { return PATH_STARTSWITH_SET( path, @@ -103,7 +103,7 @@ index bb149192bd..08751ed944 100644 static bool etc_writable(void) { diff --git a/src/timedate/timedated.c b/src/timedate/timedated.c -index e41d8d73df..ff1a384b3b 100644 +index 6dbf73eb42..a36dd459d2 100644 --- a/src/timedate/timedated.c +++ b/src/timedate/timedated.c @@ -282,7 +282,7 @@ static int context_read_data(Context *c) { diff --git a/pkgs/os-specific/linux/systemd/0010-localectl-use-etc-X11-xkb-for-list-x11.patch b/pkgs/os-specific/linux/systemd/0010-localectl-use-etc-X11-xkb-for-list-x11.patch index a3315a1e657a..4f652d45a42c 100644 --- a/pkgs/os-specific/linux/systemd/0010-localectl-use-etc-X11-xkb-for-list-x11.patch +++ b/pkgs/os-specific/linux/systemd/0010-localectl-use-etc-X11-xkb-for-list-x11.patch @@ -10,10 +10,10 @@ NixOS has an option to link the xkb data files to /etc/X11, but not to 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/locale/localectl.c b/src/locale/localectl.c -index 661d54c27d..e98b578531 100644 +index c23f1fa3f6..ad2eba82ad 100644 --- a/src/locale/localectl.c +++ b/src/locale/localectl.c -@@ -277,7 +277,7 @@ static int list_x11_keymaps(int argc, char **argv, void *userdata) { +@@ -299,7 +299,7 @@ static int list_x11_keymaps(int argc, char **argv, void *userdata) { } state = NONE, look_for; int r; diff --git a/pkgs/os-specific/linux/systemd/0011-build-don-t-create-statedir-and-don-t-touch-prefixdi.patch b/pkgs/os-specific/linux/systemd/0011-build-don-t-create-statedir-and-don-t-touch-prefixdi.patch index 75d113d00339..eabb80c39fa8 100644 --- a/pkgs/os-specific/linux/systemd/0011-build-don-t-create-statedir-and-don-t-touch-prefixdi.patch +++ b/pkgs/os-specific/linux/systemd/0011-build-don-t-create-statedir-and-don-t-touch-prefixdi.patch @@ -8,10 +8,10 @@ Subject: [PATCH] build: don't create statedir and don't touch prefixdir 1 file changed, 3 deletions(-) diff --git a/meson.build b/meson.build -index 9c170acc0a..818b7a3eb5 100644 +index 76ad51d3fb..839dcef437 100644 --- a/meson.build +++ b/meson.build -@@ -3928,9 +3928,6 @@ install_data('LICENSE.GPL2', +@@ -4067,9 +4067,6 @@ install_data('LICENSE.GPL2', install_subdir('LICENSES', install_dir : docdir) diff --git a/pkgs/os-specific/linux/systemd/0012-add-rootprefix-to-lookup-dir-paths.patch b/pkgs/os-specific/linux/systemd/0012-add-rootprefix-to-lookup-dir-paths.patch index c1659ae8a78a..32ee37d78fa1 100644 --- a/pkgs/os-specific/linux/systemd/0012-add-rootprefix-to-lookup-dir-paths.patch +++ b/pkgs/os-specific/linux/systemd/0012-add-rootprefix-to-lookup-dir-paths.patch @@ -12,10 +12,10 @@ files that I might have missed. 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/src/basic/def.h b/src/basic/def.h -index 0a1ae023a3..cc00ff6c68 100644 +index 2b4de29021..1bd61dc45f 100644 --- a/src/basic/def.h +++ b/src/basic/def.h -@@ -39,13 +39,15 @@ +@@ -44,13 +44,15 @@ "/run/" n "\0" \ "/usr/local/lib/" n "\0" \ "/usr/lib/" n "\0" \ diff --git a/pkgs/os-specific/linux/systemd/0013-systemd-shutdown-execute-scripts-in-etc-systemd-syst.patch b/pkgs/os-specific/linux/systemd/0013-systemd-shutdown-execute-scripts-in-etc-systemd-syst.patch index 4add87267ddb..78d1e48f6cf7 100644 --- a/pkgs/os-specific/linux/systemd/0013-systemd-shutdown-execute-scripts-in-etc-systemd-syst.patch +++ b/pkgs/os-specific/linux/systemd/0013-systemd-shutdown-execute-scripts-in-etc-systemd-syst.patch @@ -6,19 +6,18 @@ Subject: [PATCH] systemd-shutdown: execute scripts in This is needed for NixOS to use such scripts as systemd directory is immutable. --- - src/shutdown/shutdown.c | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) + src/shutdown/shutdown.c | 1 + + 1 file changed, 1 insertion(+) diff --git a/src/shutdown/shutdown.c b/src/shutdown/shutdown.c -index 2c3cbec02c..1b876203c6 100644 +index dcee0f9006..24b03d6948 100644 --- a/src/shutdown/shutdown.c +++ b/src/shutdown/shutdown.c -@@ -335,7 +335,7 @@ int main(int argc, char *argv[]) { +@@ -334,6 +334,7 @@ static void init_watchdog(void) { + int main(int argc, char *argv[]) { + static const char* const dirs[] = { + SYSTEM_SHUTDOWN_PATH, ++ "/etc/systemd/system-shutdown", + NULL + }; _cleanup_free_ char *cgroup = NULL; - char *arguments[3]; - int cmd, r, umount_log_level = LOG_INFO; -- static const char* const dirs[] = {SYSTEM_SHUTDOWN_PATH, NULL}; -+ static const char* const dirs[] = {SYSTEM_SHUTDOWN_PATH, "/etc/systemd/system-shutdown", NULL}; - - /* The log target defaults to console, but the original systemd process will pass its log target in through a - * command line argument, which will override this default. Also, ensure we'll never log to the journal or diff --git a/pkgs/os-specific/linux/systemd/0014-systemd-sleep-execute-scripts-in-etc-systemd-system-.patch b/pkgs/os-specific/linux/systemd/0014-systemd-sleep-execute-scripts-in-etc-systemd-system-.patch index 22e2bc8e5300..b496dde75619 100644 --- a/pkgs/os-specific/linux/systemd/0014-systemd-sleep-execute-scripts-in-etc-systemd-system-.patch +++ b/pkgs/os-specific/linux/systemd/0014-systemd-sleep-execute-scripts-in-etc-systemd-system-.patch @@ -9,10 +9,10 @@ This is needed for NixOS to use such scripts as systemd directory is immutable. 1 file changed, 1 insertion(+) diff --git a/src/sleep/sleep.c b/src/sleep/sleep.c -index 65e391d02a..28af2f8bf5 100644 +index 3461d3e45f..d7d0ec2a7a 100644 --- a/src/sleep/sleep.c +++ b/src/sleep/sleep.c -@@ -180,6 +180,7 @@ static int execute( +@@ -184,6 +184,7 @@ static int execute( }; static const char* const dirs[] = { SYSTEM_SLEEP_PATH, diff --git a/pkgs/os-specific/linux/systemd/0015-path-util.h-add-placeholder-for-DEFAULT_PATH_NORMAL.patch b/pkgs/os-specific/linux/systemd/0015-path-util.h-add-placeholder-for-DEFAULT_PATH_NORMAL.patch index 653f3beea965..06efb13ff6f2 100644 --- a/pkgs/os-specific/linux/systemd/0015-path-util.h-add-placeholder-for-DEFAULT_PATH_NORMAL.patch +++ b/pkgs/os-specific/linux/systemd/0015-path-util.h-add-placeholder-for-DEFAULT_PATH_NORMAL.patch @@ -10,7 +10,7 @@ systemd itself uses extensively. 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/src/basic/path-util.h b/src/basic/path-util.h -index 553aa4fb58..46294f4bb1 100644 +index 22d3632e6e..1e8bbb242b 100644 --- a/src/basic/path-util.h +++ b/src/basic/path-util.h @@ -24,11 +24,11 @@ diff --git a/pkgs/os-specific/linux/systemd/0017-inherit-systemd-environment-when-calling-generators.patch b/pkgs/os-specific/linux/systemd/0017-inherit-systemd-environment-when-calling-generators.patch index f4925437aa58..eaebb623d922 100644 --- a/pkgs/os-specific/linux/systemd/0017-inherit-systemd-environment-when-calling-generators.patch +++ b/pkgs/os-specific/linux/systemd/0017-inherit-systemd-environment-when-calling-generators.patch @@ -16,10 +16,10 @@ executables that are being called from managers. 1 file changed, 8 insertions(+) diff --git a/src/core/manager.c b/src/core/manager.c -index 71ef7f27b4..33ded94a7c 100644 +index d9e7d77913..ba3ce14bf0 100644 --- a/src/core/manager.c +++ b/src/core/manager.c -@@ -3704,9 +3704,17 @@ static int build_generator_environment(Manager *m, char ***ret) { +@@ -3693,9 +3693,17 @@ static int build_generator_environment(Manager *m, char ***ret) { * adjust generated units to that. Let's pass down some bits of information that are easy for us to * determine (but a bit harder for generator scripts to determine), as environment variables. */ diff --git a/pkgs/os-specific/linux/systemd/0018-core-don-t-taint-on-unmerged-usr.patch b/pkgs/os-specific/linux/systemd/0018-core-don-t-taint-on-unmerged-usr.patch index 1cd3c2105e1a..d40bdbde8ef1 100644 --- a/pkgs/os-specific/linux/systemd/0018-core-don-t-taint-on-unmerged-usr.patch +++ b/pkgs/os-specific/linux/systemd/0018-core-don-t-taint-on-unmerged-usr.patch @@ -17,10 +17,10 @@ See also: https://github.com/systemd/systemd/issues/24191 1 file changed, 4 deletions(-) diff --git a/src/core/manager.c b/src/core/manager.c -index 33ded94a7c..8847479799 100644 +index ba3ce14bf0..03bf66ff74 100644 --- a/src/core/manager.c +++ b/src/core/manager.c -@@ -4488,10 +4488,6 @@ char* manager_taint_string(const Manager *m) { +@@ -4493,10 +4493,6 @@ char* manager_taint_string(const Manager *m) { if (m->taint_usr) stage[n++] = "split-usr"; diff --git a/pkgs/os-specific/linux/systemd/default.nix b/pkgs/os-specific/linux/systemd/default.nix index 9d27f7e23b02..7c57d9edf601 100644 --- a/pkgs/os-specific/linux/systemd/default.nix +++ b/pkgs/os-specific/linux/systemd/default.nix @@ -122,13 +122,13 @@ assert withHomed -> withCryptsetup; let wantCurl = withRemote || withImportd; wantGcrypt = withResolved || withImportd; - version = "251.8"; + version = "252.1"; # Bump this variable on every (major) version change. See below (in the meson options list) for why. # command: # $ curl -s https://api.github.com/repos/systemd/systemd/releases/latest | \ # jq '.created_at|strptime("%Y-%m-%dT%H:%M:%SZ")|mktime' - releaseTimestamp = "1653143108"; + releaseTimestamp = "1667246393"; in stdenv.mkDerivation { inherit pname version; @@ -139,7 +139,7 @@ stdenv.mkDerivation { owner = "systemd"; repo = "systemd-stable"; rev = "v${version}"; - sha256 = "sha256-kao0xJwwJc4zUyaK5yxyGip4E6ADak98iVv5E8Hw0zk="; + hash = "sha256-G43qbNF7znTITSM78sOL0qi8nqaA7qIhmiqP/rZKjXY="; }; # On major changes, or when otherwise required, you *must* reformat the patches, From fe5f1a422aa70970aafebf27e89628fcdb7db67f Mon Sep 17 00:00:00 2001 From: Aaron Jheng Date: Thu, 17 Nov 2022 12:05:53 +0000 Subject: [PATCH 074/132] sysstat: 12.6.0 -> 12.6.1 --- pkgs/os-specific/linux/sysstat/default.nix | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/pkgs/os-specific/linux/sysstat/default.nix b/pkgs/os-specific/linux/sysstat/default.nix index 1ba0e083703d..582667c0c7da 100644 --- a/pkgs/os-specific/linux/sysstat/default.nix +++ b/pkgs/os-specific/linux/sysstat/default.nix @@ -2,11 +2,11 @@ stdenv.mkDerivation rec { pname = "sysstat"; - version = "12.6.0"; + version = "12.6.1"; src = fetchurl { url = "http://pagesperso-orange.fr/sebastien.godard/sysstat-${version}.tar.xz"; - sha256 = "sha256-aZ/ZSINtd/mtBUH9Xc91zSUF+dpOwU32aShq0EfCPZc="; + hash = "sha256-GP9aThSeJWjkM4Vjf3JDf+a6/MEyKpPRPRmB6UZKA0I="; }; buildInputs = [ gettext ]; From b9b269f6e6c82d0d2a5016c1d4ffb01a0f76d08c Mon Sep 17 00:00:00 2001 From: Theodore Ni <3806110+tjni@users.noreply.github.com> Date: Wed, 16 Nov 2022 18:55:52 -0800 Subject: [PATCH 075/132] python310Packages.asttokens: 2.0.8 -> 2.1.0 --- pkgs/development/python-modules/asttokens/default.nix | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/pkgs/development/python-modules/asttokens/default.nix b/pkgs/development/python-modules/asttokens/default.nix index 4a07d2ac96ec..f45c5e7aff33 100644 --- a/pkgs/development/python-modules/asttokens/default.nix +++ b/pkgs/development/python-modules/asttokens/default.nix @@ -9,11 +9,12 @@ buildPythonPackage rec { pname = "asttokens"; - version = "2.0.8"; + version = "2.1.0"; + format = "pyproject"; src = fetchPypi { inherit pname version; - sha256 = "sha256-xh4WJG7Pss3ilYQGtMjrwEPJ5tc6qoPJQWc7NeXTp2s="; + hash = "sha256-SqdkAaFRyMxXLZBqrXrqKoQXgINKGdeA9DIcD+G1RjU="; }; nativeBuildInputs = [ From 11563bf92fc8ea48ecdb5157b92854395e190d8b Mon Sep 17 00:00:00 2001 From: Anthony Roussel Date: Thu, 17 Nov 2022 20:21:44 +0100 Subject: [PATCH 076/132] bundler: 2.3.25 -> 2.3.26 --- pkgs/development/ruby-modules/bundler/default.nix | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/pkgs/development/ruby-modules/bundler/default.nix b/pkgs/development/ruby-modules/bundler/default.nix index 5ba3503d9861..f75d0a65074d 100644 --- a/pkgs/development/ruby-modules/bundler/default.nix +++ b/pkgs/development/ruby-modules/bundler/default.nix @@ -4,8 +4,8 @@ buildRubyGem rec { inherit ruby; name = "${gemName}-${version}"; gemName = "bundler"; - version = "2.3.25"; - source.sha256 = "sha256-/YHsRjXEGJtm/QeJU31cs4s4ELcHZfbh6C3aFbl1ka0="; + version = "2.3.26"; + source.sha256 = "sha256-HuU832HnKK2Cxtv/Bs/NhVHVQi6I6GID8OLb6a6Zngk="; dontPatchShebangs = true; passthru.updateScript = writeScript "gem-update-script" '' From 86b196f1553cd3307e28e1ce8e98a6f417b6d5e2 Mon Sep 17 00:00:00 2001 From: Anthony Roussel Date: Thu, 17 Nov 2022 20:24:36 +0100 Subject: [PATCH 077/132] bundler: add meta.changelog --- pkgs/development/ruby-modules/bundler/default.nix | 1 + 1 file changed, 1 insertion(+) diff --git a/pkgs/development/ruby-modules/bundler/default.nix b/pkgs/development/ruby-modules/bundler/default.nix index f75d0a65074d..35b93abda490 100644 --- a/pkgs/development/ruby-modules/bundler/default.nix +++ b/pkgs/development/ruby-modules/bundler/default.nix @@ -25,6 +25,7 @@ buildRubyGem rec { meta = with lib; { description = "Manage your Ruby application's gem dependencies"; homepage = "https://bundler.io"; + changelog = "https://github.com/rubygems/rubygems/blob/bundler-v${version}/bundler/CHANGELOG.md"; license = licenses.mit; maintainers = with maintainers; [anthonyroussel]; }; From 72c16839ea42806f2b2e0df7b2865b5e362ce77d Mon Sep 17 00:00:00 2001 From: Sergei Trofimovich Date: Thu, 17 Nov 2022 21:17:09 +0000 Subject: [PATCH 078/132] mpfr: 4.1.0 -> 4.1.1 Changes: https://www.mpfr.org/mpfr-4.1.0/#fixed While at it added trivial updater script. --- pkgs/development/libraries/mpfr/default.nix | 27 ++++++++++++++++++--- 1 file changed, 23 insertions(+), 4 deletions(-) diff --git a/pkgs/development/libraries/mpfr/default.nix b/pkgs/development/libraries/mpfr/default.nix index bf1625cf2f9f..76d2c9e0ece9 100644 --- a/pkgs/development/libraries/mpfr/default.nix +++ b/pkgs/development/libraries/mpfr/default.nix @@ -1,4 +1,9 @@ -{ lib, stdenv, fetchurl, gmp }: +{ lib +, stdenv +, fetchurl +, gmp +, writeScript +}: # Note: this package is used for bootstrapping fetchurl, and thus # cannot use fetchpatch! All mutable patches (generated by GitHub or @@ -6,15 +11,15 @@ # files. stdenv.mkDerivation rec { - version = "4.1.0"; + version = "4.1.1"; pname = "mpfr"; src = fetchurl { urls = [ - #"https://www.mpfr.org/${name}/${name}.tar.xz" + "https://www.mpfr.org/${pname}-${version}/${pname}-${version}.tar.xz" "mirror://gnu/mpfr/${pname}-${version}.tar.xz" ]; - sha256 = "0zwaanakrqjf84lfr5hfsdr7hncwv9wj0mchlr7cmxigfgqs760c"; + hash = "sha256-/9GVvVZ9uv/DuYsj/QCq0FN2gMmJYXHkT+P/eeKKwz0="; }; outputs = [ "out" "dev" "doc" "info" ]; @@ -31,6 +36,20 @@ stdenv.mkDerivation rec { enableParallelBuilding = true; + passthru = { + updateScript = writeScript "update-mpfr" '' + #!/usr/bin/env nix-shell + #!nix-shell -i bash -p curl pcre common-updater-scripts + + set -eu -o pipefail + + # Expect the text in format of 'GNU MPFR version 4.1.1' + new_version="$(curl -s https://www.mpfr.org/mpfr-current/ | + pcregrep -o1 'GNU MPFR version ([0-9.]+)')" + update-source-version ${pname} "$new_version" + ''; + }; + meta = { homepage = "https://www.mpfr.org/"; description = "Library for multiple-precision floating-point arithmetic"; From 606ea22b7e5953dd15bd53c4fc5c97b1bc36cc38 Mon Sep 17 00:00:00 2001 From: zowoq <59103226+zowoq@users.noreply.github.com> Date: Thu, 17 Nov 2022 06:54:48 +1000 Subject: [PATCH 079/132] sqlite: 3.39.4 -> 3.40.0 https://www.sqlite.org/releaselog/3_40_0.html --- pkgs/development/libraries/sqlite/default.nix | 4 ++-- pkgs/development/libraries/sqlite/tools.nix | 4 ++-- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/pkgs/development/libraries/sqlite/default.nix b/pkgs/development/libraries/sqlite/default.nix index 085e330bed48..5f13456a47d6 100644 --- a/pkgs/development/libraries/sqlite/default.nix +++ b/pkgs/development/libraries/sqlite/default.nix @@ -17,13 +17,13 @@ in stdenv.mkDerivation rec { pname = "sqlite${optionalString interactive "-interactive"}"; - version = "3.39.4"; + version = "3.40.0"; # nixpkgs-update: no auto update # NB! Make sure to update ./tools.nix src (in the same directory). src = fetchurl { url = "https://sqlite.org/2022/sqlite-autoconf-${archiveVersion version}.tar.gz"; - sha256 = "sha256-8x1EW0jmfihM8gZxfMFwq2PL5P1/eagnk7dyKF54/bs="; + sha256 = "sha256-AzNVIHbScAx1NSJW6Rx4v1zWJJFYm6DGmu0KgYaJgOc="; }; outputs = [ "bin" "dev" "out" ]; diff --git a/pkgs/development/libraries/sqlite/tools.nix b/pkgs/development/libraries/sqlite/tools.nix index 4467f38b0479..1b7fca210faf 100644 --- a/pkgs/development/libraries/sqlite/tools.nix +++ b/pkgs/development/libraries/sqlite/tools.nix @@ -4,12 +4,12 @@ let archiveVersion = import ./archive-version.nix lib; mkTool = { pname, makeTarget, description, homepage, mainProgram }: stdenv.mkDerivation rec { inherit pname; - version = "3.39.4"; + version = "3.40.0"; # nixpkgs-update: no auto update src = assert version == sqlite.version; fetchurl { url = "https://sqlite.org/2022/sqlite-src-${archiveVersion version}.zip"; - sha256 = "sha256-AtlsbM+BGrm2ORnvcX9+UqRQxCDga9Ep+0g81ww7O7o="; + sha256 = "sha256-SFUIKBQgUSk+F5/8aoUg9vv9guHNyni5N5L3ZsyJuOI="; }; nativeBuildInputs = [ unzip ]; From b6c1fc2b90e2207043e16a495688265d6f9539ae Mon Sep 17 00:00:00 2001 From: Iavael <905853+iavael@users.noreply.github.com> Date: Thu, 17 Nov 2022 12:19:47 +0000 Subject: [PATCH 080/132] jdupes: apply some critical unreleased fixes from upstream --- pkgs/tools/misc/jdupes/default.nix | 10 ++++++++++ 1 file changed, 10 insertions(+) diff --git a/pkgs/tools/misc/jdupes/default.nix b/pkgs/tools/misc/jdupes/default.nix index 71806dcb8d1b..72970d2dc9b4 100644 --- a/pkgs/tools/misc/jdupes/default.nix +++ b/pkgs/tools/misc/jdupes/default.nix @@ -21,6 +21,16 @@ stdenv.mkDerivation rec { url = "https://github.com/jbruchon/jdupes/commit/8f5b06109b44a9e4316f9445da3044590a6c63e2.patch"; sha256 = "0saq92v0mm5g979chr062psvwp3i3z23mgqrcliq4m07lvwc7i3s"; }) + (fetchpatch { + name = "linux-header-ioctl.patch"; + url = "https://github.com/jbruchon/jdupes/commit/0d4d98f51c99999d2c6dbbb89d554af551b5b69b.patch"; + sha256 = "sha256-lyuZeRp0Laa8I9nDl1HGdlKa59OvGRQJnRg2fTWv7mQ="; + }) + (fetchpatch { + name = "darwin-apfs-comp.patch"; + url = "https://github.com/jbruchon/jdupes/commit/517b7035945eacd82323392b13bc17b044bcc89d.patch"; + sha256 = "sha256-lvOab6tyEyKUtik3JBdIs5SHpVjcQEDfN7n2bfUszBw="; + }) ]; dontConfigure = true; From 1b3d8a0dc893d5382f00958bb0f7407b71bb68cf Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Vladim=C3=ADr=20=C4=8Cun=C3=A1t?= Date: Fri, 18 Nov 2022 21:21:25 +0100 Subject: [PATCH 081/132] Revert "python3Packages.scipy: pull an upstream patch" This reverts commit a14bb81af78688a3a455db5273400ce13fceb862. The patch apparently is included in src since 762e22d0634ae1 (from PR #200846) --- pkgs/development/python-modules/scipy/default.nix | 8 -------- 1 file changed, 8 deletions(-) diff --git a/pkgs/development/python-modules/scipy/default.nix b/pkgs/development/python-modules/scipy/default.nix index d19e4f471ea4..bec9752bc445 100644 --- a/pkgs/development/python-modules/scipy/default.nix +++ b/pkgs/development/python-modules/scipy/default.nix @@ -1,7 +1,6 @@ { lib , stdenv , fetchPypi -, fetchpatch , python , pythonOlder , buildPythonPackage @@ -29,13 +28,6 @@ buildPythonPackage rec { sha256 = "sha256-+8XAXIXBoCvnex/1kQh8g7xEV5xtK9n7eYu2TqXhoCc="; }; - patches = [ - (fetchpatch { - url = "https://github.com/scipy/scipy/commit/318d8c6d16fdf000be8637e9917989729f2c8ce7.diff"; - sha256 = "sha256-Zfb9GYP0r9MDJ91hSzMN1r4eNilajPThNIvZmDzFEXo="; - }) - ]; - nativeBuildInputs = [ cython gfortran meson-python pythran pkg-config wheel ]; buildInputs = [ From c0374c59e0bce036b341917b636abb9643da1c66 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?J=C3=B6rg=20Thalheim?= Date: Fri, 18 Nov 2022 10:44:04 +0100 Subject: [PATCH 082/132] libxcrypt: 4.4.31 -> 4.4.33 https://github.com/besser82/libxcrypt/releases/tag/v4.4.32 https://github.com/besser82/libxcrypt/releases/tag/v4.4.33 --- pkgs/development/libraries/libxcrypt/default.nix | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/pkgs/development/libraries/libxcrypt/default.nix b/pkgs/development/libraries/libxcrypt/default.nix index b0484a2c1c91..0ed76055db21 100644 --- a/pkgs/development/libraries/libxcrypt/default.nix +++ b/pkgs/development/libraries/libxcrypt/default.nix @@ -2,11 +2,11 @@ stdenv.mkDerivation rec { pname = "libxcrypt"; - version = "4.4.31"; + version = "4.4.33"; src = fetchurl { url = "https://github.com/besser82/libxcrypt/releases/download/v${version}/libxcrypt-${version}.tar.xz"; - hash = "sha256-wBgbao7qg4UM/neDEZv3H9295prd3aHRV0e6Qz1cV7o="; + hash = "sha256-6HrPnGUsVzpHE9VYIVn5jzBdVu1fdUzmT1fUGU1rOm8="; }; outputs = [ From 40655660032852e0ab88ec6164c53e5c6329a9ed Mon Sep 17 00:00:00 2001 From: Chuang Zhu Date: Sat, 19 Nov 2022 12:45:23 +0800 Subject: [PATCH 083/132] glslang: fix broken paths in output cmake files --- pkgs/development/compilers/glslang/default.nix | 15 +++++++++++++++ 1 file changed, 15 insertions(+) diff --git a/pkgs/development/compilers/glslang/default.nix b/pkgs/development/compilers/glslang/default.nix index dddf7a2b63d5..d93f647f8462 100644 --- a/pkgs/development/compilers/glslang/default.nix +++ b/pkgs/development/compilers/glslang/default.nix @@ -1,5 +1,6 @@ { lib, stdenv , fetchFromGitHub +, fetchpatch , bison , cmake , jq @@ -26,6 +27,20 @@ stdenv.mkDerivation rec { nativeBuildInputs = [ cmake python3 bison jq ]; + patches = [ + # https://github.com/NixOS/nixpkgs/pull/201747 + (fetchpatch { + name = "Fix-locations-of-cmake-files-in-side-compat-shims.patch"; + url = "https://github.com/KhronosGroup/glslang/commit/88fd417b0bb7d91755961c70e846d274c182f2b0.patch"; + hash = "sha256-rjeaPX5Ieem6zkICNvPd2SjvvLzG5wBERZfDLZEJsAk="; + }) + (fetchpatch { + name = "Use-CMAKE_INSTALL_FULL_LIBDIR-in-compat-cmake-files.patch"; + url = "https://github.com/KhronosGroup/glslang/commit/7627bd89583c5aafb8b38c81c15494019271fabf.patch"; + hash = "sha256-1Dwhn78PG4gAGgEwTXpC+mkZRyvy8sTIsEvihXFeNaQ="; + }) + ]; + postPatch = '' cp --no-preserve=mode -r "${spirv-tools.src}" External/spirv-tools ln -s "${spirv-headers.src}" External/spirv-tools/external/spirv-headers From ddd1e56610607ceec26054fee2afb8421678b1c3 Mon Sep 17 00:00:00 2001 From: MidAutumnMoon Date: Sat, 19 Nov 2022 12:06:58 +0800 Subject: [PATCH 084/132] libyuv: fix libyuv.so not linking against libjpeg --- pkgs/development/libraries/libyuv/default.nix | 4 +++- .../libyuv/link-library-against-libjpeg.patch | 11 +++++++++++ 2 files changed, 14 insertions(+), 1 deletion(-) create mode 100644 pkgs/development/libraries/libyuv/link-library-against-libjpeg.patch diff --git a/pkgs/development/libraries/libyuv/default.nix b/pkgs/development/libraries/libyuv/default.nix index d0d692ed9815..f4415b51f810 100644 --- a/pkgs/development/libraries/libyuv/default.nix +++ b/pkgs/development/libraries/libyuv/default.nix @@ -24,7 +24,9 @@ stdenv.mkDerivation rec { buildInputs = [ libjpeg ]; - NIX_CFLAGS_LINK = lib.optional stdenv.isDarwin "-ljpeg"; + patches = [ + ./link-library-against-libjpeg.patch + ]; meta = with lib; { homepage = "https://chromium.googlesource.com/libyuv/libyuv"; diff --git a/pkgs/development/libraries/libyuv/link-library-against-libjpeg.patch b/pkgs/development/libraries/libyuv/link-library-against-libjpeg.patch new file mode 100644 index 000000000000..d0f3d2968462 --- /dev/null +++ b/pkgs/development/libraries/libyuv/link-library-against-libjpeg.patch @@ -0,0 +1,11 @@ +diff --git a/CMakeLists.txt b/CMakeLists.txt +index 636531ee..af1b0e4e 100644 +--- a/CMakeLists.txt ++++ b/CMakeLists.txt +@@ -39,6 +39,7 @@ INCLUDE ( FindJPEG ) + if (JPEG_FOUND) + include_directories( ${JPEG_INCLUDE_DIR} ) + target_link_libraries( yuvconvert ${JPEG_LIBRARY} ) ++ target_link_libraries( ${ly_lib_shared} ${JPEG_LIBRARY} ) + add_definitions( -DHAVE_JPEG ) + endif() From ca95ee0977881c30b6abb516580e0478c795f7b4 Mon Sep 17 00:00:00 2001 From: Sergei Trofimovich Date: Sat, 19 Nov 2022 16:49:53 +0000 Subject: [PATCH 085/132] glibc: backport make-4.4 fix Not updating the whole snapshot as unrelated patches break some of timezone-related tests: https://github.com/NixOS/nixpkgs/pull/201805#issuecomment-1320917345 Let's unblock `make-4.4` first. --- .../libraries/glibc/2.35-make-4.4.patch | 66 +++++++++++++++++++ pkgs/development/libraries/glibc/common.nix | 3 + 2 files changed, 69 insertions(+) create mode 100644 pkgs/development/libraries/glibc/2.35-make-4.4.patch diff --git a/pkgs/development/libraries/glibc/2.35-make-4.4.patch b/pkgs/development/libraries/glibc/2.35-make-4.4.patch new file mode 100644 index 000000000000..346c141d3b36 --- /dev/null +++ b/pkgs/development/libraries/glibc/2.35-make-4.4.patch @@ -0,0 +1,66 @@ +https://sourceware.org/git/?p=glibc.git;a=commitdiff;h=2d7ed98add14f75041499ac189696c9bd3d757fe +--- a/Makeconfig ++++ b/Makeconfig +@@ -43,6 +43,22 @@ else + $(error objdir must be defined by the build-directory Makefile) + endif + ++# Did we request 'make -s' run? "yes" or "no". ++# Starting from make-4.4 MAKEFLAGS now contains long ++# options like '--shuffle'. To detect presence of 's' ++# we pick first word with short options. Long options ++# are guaranteed to come after whitespace. We use '-' ++# prefix to always have a word before long options ++# even if no short options were passed. ++# Typical MAKEFLAGS values to watch for: ++# "rs --shuffle=42" (silent) ++# " --shuffle" (not silent) ++ifeq ($(findstring s, $(firstword -$(MAKEFLAGS))),) ++silent-make := no ++else ++silent-make := yes ++endif ++ + # Root of the sysdeps tree. + sysdep_dir := $(..)sysdeps + export sysdep_dir := $(sysdep_dir) +@@ -917,7 +933,7 @@ endif + # umpteen zillion filenames along with it (we use `...' instead) + # but we don't want this echoing done when the user has said + # he doesn't want to see commands echoed by using -s. +-ifneq "$(findstring s,$(MAKEFLAGS))" "" # if -s ++ifeq ($(silent-make),yes) # if -s + +cmdecho := echo >/dev/null + else # not -s + +cmdecho := echo +--- a/Makerules ++++ b/Makerules +@@ -794,7 +794,7 @@ endif + # Maximize efficiency by minimizing the number of rules. + .SUFFIXES: # Clear the suffix list. We don't use suffix rules. + # Don't define any builtin rules. +-MAKEFLAGS := $(MAKEFLAGS)r ++MAKEFLAGS := $(MAKEFLAGS) -r + + # Generic rule for making directories. + %/: +@@ -811,7 +811,7 @@ MAKEFLAGS := $(MAKEFLAGS)r + .PRECIOUS: $(foreach l,$(libtypes),$(patsubst %,$(common-objpfx)$l,c)) + + # Use the verbose option of ar and tar when not running silently. +-ifeq "$(findstring s,$(MAKEFLAGS))" "" # if not -s ++ifeq ($(silent-make),no) # if not -s + verbose := v + else # -s + verbose := +--- a/elf/rtld-Rules ++++ b/elf/rtld-Rules +@@ -52,7 +52,7 @@ $(objpfx)rtld-libc.a: $(foreach dir,$(rtld-subdirs),\ + mv -f $@T $@ + + # Use the verbose option of ar and tar when not running silently. +-ifeq "$(findstring s,$(MAKEFLAGS))" "" # if not -s ++ifeq ($(silent-make),no) # if not -s + verbose := v + else # -s + verbose := diff --git a/pkgs/development/libraries/glibc/common.nix b/pkgs/development/libraries/glibc/common.nix index 83cde0774949..ad2a8ae7ab64 100644 --- a/pkgs/development/libraries/glibc/common.nix +++ b/pkgs/development/libraries/glibc/common.nix @@ -72,6 +72,9 @@ stdenv.mkDerivation ({ */ ./2.35-master.patch.gz + /* Can be removed after next snapshot update or release update. */ + ./2.35-make-4.4.patch + /* Allow NixOS and Nix to handle the locale-archive. */ ./nix-locale-archive.patch From 7312b9ad2fc50010e6e952170512f31816b96e22 Mon Sep 17 00:00:00 2001 From: Fabian Affolter Date: Sun, 20 Nov 2022 01:06:42 +0100 Subject: [PATCH 086/132] python310Packages.simplejson: 3.17.6 -> 3.18.0 https://github.com/simplejson/simplejson/releases/tag/v3.18.0 --- pkgs/development/python-modules/simplejson/default.nix | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/pkgs/development/python-modules/simplejson/default.nix b/pkgs/development/python-modules/simplejson/default.nix index 74530b3fb830..0f691bb1bfb9 100644 --- a/pkgs/development/python-modules/simplejson/default.nix +++ b/pkgs/development/python-modules/simplejson/default.nix @@ -7,13 +7,13 @@ buildPythonPackage rec { pname = "simplejson"; - version = "3.17.6"; + version = "3.18.0"; src = fetchFromGitHub { owner = pname; repo = pname; rev = "refs/tags/v${version}"; - sha256 = "1irlp5sakbdfcf717qmrx0r9rjlmwk0vza6zm3y55d32zw5c1cxg"; + sha256 = "sha256-X1lD/kCbKDPPgpr2deoVbC5LADqBlNZHvDg7206E9ZE="; }; checkInputs = [ From e835141b0921c5024616097a9bd120346e8cb6bf Mon Sep 17 00:00:00 2001 From: Weijia Wang <9713184+wegank@users.noreply.github.com> Date: Sun, 20 Nov 2022 07:14:38 +0100 Subject: [PATCH 087/132] librsvg: enable vala on darwin (#200567) Co-authored-by: Sandro --- pkgs/development/libraries/librsvg/default.nix | 5 +---- 1 file changed, 1 insertion(+), 4 deletions(-) diff --git a/pkgs/development/libraries/librsvg/default.nix b/pkgs/development/libraries/librsvg/default.nix index 1d2954eb74fc..6b174a7dfa4d 100644 --- a/pkgs/development/libraries/librsvg/default.nix +++ b/pkgs/development/libraries/librsvg/default.nix @@ -87,10 +87,7 @@ stdenv.mkDerivation rec { configureFlags = [ (lib.enableFeature withIntrospection "introspection") - - # Vapi does not build on MacOS. - # https://github.com/NixOS/nixpkgs/pull/117081#issuecomment-827782004 - (lib.enableFeature (withIntrospection && !stdenv.isDarwin) "vala") + (lib.enableFeature withIntrospection "vala") "--enable-always-build-tests" ] ++ lib.optional stdenv.isDarwin "--disable-Bsymbolic" From ca213228f063bb8d64feb2660fbae57e6b4700d3 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?J=C3=B6rg=20Thalheim?= Date: Sat, 19 Nov 2022 10:32:17 +0100 Subject: [PATCH 088/132] libvterm: fix cross compilation --- .../libraries/libvterm/default.nix | 21 +++++++++++++------ 1 file changed, 15 insertions(+), 6 deletions(-) diff --git a/pkgs/development/libraries/libvterm/default.nix b/pkgs/development/libraries/libvterm/default.nix index 066dcb4f34f4..f1e217f2b3e5 100644 --- a/pkgs/development/libraries/libvterm/default.nix +++ b/pkgs/development/libraries/libvterm/default.nix @@ -9,17 +9,26 @@ stdenv.mkDerivation rec { sha256 = "10gaqygmmwp0cwk3j8qflri5caf8vl3f7pwfl2svw5whv8wkn0k2"; }; - patchPhase = '' - sed -i -e s@/usr@$out@ -e /ldconfig/d Makefile + preInstall = '' + mkdir -p $out/include $out/lib ''; - preInstall = '' - mkdir -p $out/include - mkdir -p $out/lib + postPatch = '' + substituteInPlace Makefile \ + --replace "gcc" "${stdenv.cc.targetPrefix}cc" \ + --replace "ldconfig" "" \ + --replace "/usr" "$out" + + makeFlagsArray+=("PKG_CFG=`${stdenv.cc.targetPrefix}pkg-config --cflags glib-2.0`") ''; + # For headers + propagatedBuildInputs = [ glib ]; + + strictDeps = true; + nativeBuildInputs = [ pkg-config ]; - buildInputs = [ glib ncurses ]; + buildInputs = [ ncurses ]; meta = with lib; { homepage = "http://libvterm.sourceforge.net/"; From e2ba7e6e9220e86114759ecbc4cdd23470757666 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?J=C3=B6rg=20Thalheim?= Date: Sat, 19 Nov 2022 10:38:15 +0100 Subject: [PATCH 089/132] libvterm-neovim: fix cross compilation --- pkgs/development/libraries/libvterm-neovim/default.nix | 7 +++++-- 1 file changed, 5 insertions(+), 2 deletions(-) diff --git a/pkgs/development/libraries/libvterm-neovim/default.nix b/pkgs/development/libraries/libvterm-neovim/default.nix index 1f1973b10274..ca16063cca6b 100644 --- a/pkgs/development/libraries/libvterm-neovim/default.nix +++ b/pkgs/development/libraries/libvterm-neovim/default.nix @@ -17,8 +17,11 @@ stdenv.mkDerivation rec { nativeBuildInputs = [ perl libtool ]; - makeFlags = [ "PREFIX=$(out)" ] - ++ lib.optional stdenv.isDarwin "LIBTOOL=${libtool}/bin/libtool"; + makeFlags = [ + "CC=${stdenv.cc.targetPrefix}cc" + "LIBTOOL=${libtool}/bin/libtool" + "PREFIX=$(out)" + ]; enableParallelBuilding = true; From f7944fddae69c86674273db33c6692c66b7c3a1b Mon Sep 17 00:00:00 2001 From: figsoda Date: Sun, 20 Nov 2022 13:53:00 -0500 Subject: [PATCH 090/132] synth: 0.6.8 -> 0.6.9 --- pkgs/tools/misc/synth/default.nix | 16 +++------------- 1 file changed, 3 insertions(+), 13 deletions(-) diff --git a/pkgs/tools/misc/synth/default.nix b/pkgs/tools/misc/synth/default.nix index a0d0d509f6bb..92e4e8531f9a 100644 --- a/pkgs/tools/misc/synth/default.nix +++ b/pkgs/tools/misc/synth/default.nix @@ -1,7 +1,6 @@ { lib , rustPlatform , fetchFromGitHub -, fetchpatch , stdenv , AppKit , Security @@ -9,25 +8,16 @@ rustPlatform.buildRustPackage rec { pname = "synth"; - version = "0.6.8"; + version = "0.6.9"; src = fetchFromGitHub { owner = "shuttle-hq"; repo = pname; rev = "v${version}"; - sha256 = "sha256-siAm6Uq8Y+RexNrkL7nTw/f/v0LkUgqTUhAtJiy9QnE="; + sha256 = "sha256-/z2VEfeCCuffxlMh4WOpYkMSAgmh+sbx3ajcD5d4DdE="; }; - cargoSha256 = "sha256-COy8szsYKEzjtRBH8063ug5BkMv3qpc3i2RNb+n4I04="; - - patches = [ - # https://github.com/shuttle-hq/synth/pull/391 - (fetchpatch { - name = "fix-for-rust-1.65.patch"; - url = "https://github.com/shuttle-hq/synth/commit/c69b9b5c72441a51d09fc977de16b09a60eeecd3.patch"; - hash = "sha256-uRCf+rEYTRgYPyrAbcXNEwpB92tzN8oYgv+/TyJaoHo="; - }) - ]; + cargoSha256 = "sha256-i2Pp9sfTBth3DtrQ99Vw+KLnGECrkqtlRNAKiwSWf48="; buildInputs = lib.optionals stdenv.isDarwin [ AppKit From 085c646bbbea83a4e006f4465a442933bcfdb5e8 Mon Sep 17 00:00:00 2001 From: misuzu Date: Sun, 20 Nov 2022 21:42:47 +0200 Subject: [PATCH 091/132] python3Packages.orjson: 3.8.1 -> 3.8.2 --- pkgs/development/python-modules/orjson/default.nix | 12 +++--------- 1 file changed, 3 insertions(+), 9 deletions(-) diff --git a/pkgs/development/python-modules/orjson/default.nix b/pkgs/development/python-modules/orjson/default.nix index 98e3ede7fb92..2e3faed87f2b 100644 --- a/pkgs/development/python-modules/orjson/default.nix +++ b/pkgs/development/python-modules/orjson/default.nix @@ -16,20 +16,20 @@ buildPythonPackage rec { pname = "orjson"; - version = "3.8.1"; + version = "3.8.2"; disabled = pythonOlder "3.7"; src = fetchFromGitHub { owner = "ijl"; repo = pname; rev = version; - hash = "sha256-3U27JuKMsMla3BKbbpO0uXesGHYaVQs8MwtQvumkksY="; + hash = "sha256-jiyYCjZ6c62zmm4Ge9KbEI8/PtPunu79HVODyoHFdSg="; }; cargoDeps = rustPlatform.fetchCargoTarball { inherit src; name = "${pname}-${version}"; - hash = "sha256-QXguyDxQHW9Fd3Nhmi5JzSxZQuk3HGPhhh/RGuOTZNY"; + hash = "sha256-z1B0oSp37OGJ21Q57UUfmSRfUWLftiiBayN9y6yKNyg="; }; format = "pyproject"; @@ -52,12 +52,6 @@ buildPythonPackage rec { xxhash ]; - disabledTests = lib.optionals (stdenv.is32bit) [ - # integer overflow on 32bit - "test_numpy_array_d1_intp" - "test_numpy_array_d1_uintp" - ]; - pythonImportsCheck = [ pname ]; meta = with lib; { From d0e0bababe8d010a8abac3c1c2372f5ec42a3905 Mon Sep 17 00:00:00 2001 From: Theodore Ni <3806110+tjni@users.noreply.github.com> Date: Sun, 13 Nov 2022 08:51:34 -0800 Subject: [PATCH 092/132] python310Packages.astroid: 2.11.7 -> 2.12.12 --- .../python-modules/astroid/default.nix | 20 ++++++------------- 1 file changed, 6 insertions(+), 14 deletions(-) diff --git a/pkgs/development/python-modules/astroid/default.nix b/pkgs/development/python-modules/astroid/default.nix index 6cde2e755030..9cacef4ac79a 100644 --- a/pkgs/development/python-modules/astroid/default.nix +++ b/pkgs/development/python-modules/astroid/default.nix @@ -1,12 +1,10 @@ { lib , buildPythonPackage , fetchFromGitHub -, pythonAtLeast , pythonOlder , isPyPy , lazy-object-proxy , setuptools -, setuptools-scm , typing-extensions , typed-ast , pylint @@ -16,26 +14,24 @@ buildPythonPackage rec { pname = "astroid"; - version = "2.11.7"; # Check whether the version is compatible with pylint + version = "2.12.12"; # Check whether the version is compatible with pylint + format = "pyproject"; - disabled = pythonOlder "3.6.2"; + disabled = pythonOlder "3.7.2"; src = fetchFromGitHub { owner = "PyCQA"; repo = pname; rev = "v${version}"; - sha256 = "sha256-HpniGxKf+daMh/sxP9T9UriYRrUFWqk7kDa8r+EqtVI="; + hash = "sha256-FN/bBAxx9p1iAB3WXIZyyKv/zse7xtXzslclADMbouA="; }; - SETUPTOOLS_SCM_PRETEND_VERSION = version; - nativeBuildInputs = [ - setuptools-scm + setuptools ]; propagatedBuildInputs = [ lazy-object-proxy - setuptools wrapt ] ++ lib.optionals (pythonOlder "3.10") [ typing-extensions @@ -45,11 +41,7 @@ buildPythonPackage rec { checkInputs = [ pytestCheckHook - ]; - - disabledTests = [ - # AssertionError: Lists differ: ['ABC[16 chars]yBase', 'Final', 'Generic', 'MyProtocol', 'Protocol', 'object'] != ['ABC[16 chars]yBase', 'Final', 'Generic', 'MyProtocol', 'object'] - "test_mro_typing_extensions" + typing-extensions ]; passthru.tests = { From 89527266969961de64df67d372afbed07a03c816 Mon Sep 17 00:00:00 2001 From: Theodore Ni <3806110+tjni@users.noreply.github.com> Date: Sun, 13 Nov 2022 12:02:29 -0800 Subject: [PATCH 093/132] python310Packages.pylint: 2.14.5 -> 2.15.5 --- .../python-modules/pylint/default.nix | 24 ++++++++++++++++--- 1 file changed, 21 insertions(+), 3 deletions(-) diff --git a/pkgs/development/python-modules/pylint/default.nix b/pkgs/development/python-modules/pylint/default.nix index 3bc20493dd64..6c98fdf83a16 100644 --- a/pkgs/development/python-modules/pylint/default.nix +++ b/pkgs/development/python-modules/pylint/default.nix @@ -2,6 +2,7 @@ , lib , buildPythonPackage , fetchFromGitHub +, fetchpatch , pythonOlder , installShellFiles , astroid @@ -9,6 +10,8 @@ , isort , mccabe , platformdirs +, requests +, setuptools , tomli , tomlkit , typing-extensions @@ -20,8 +23,8 @@ buildPythonPackage rec { pname = "pylint"; - version = "2.14.5"; - format = "setuptools"; + version = "2.15.5"; + format = "pyproject"; disabled = pythonOlder "3.7.2"; @@ -29,11 +32,25 @@ buildPythonPackage rec { owner = "PyCQA"; repo = pname; rev = "v${version}"; - sha256 = "sha256-JTFGplqIA6WavwzKOkrm1rHBKNRrplBPvAdEkb/fTlI="; + hash = "sha256-dchzwMaUhHB1TqcaMZO9tCZ4KA5I1T+tdkGOxikm5AY="; }; + patches = [ + (fetchpatch { + name = "fix-dummy-plugin-tests.patch"; + url = "https://github.com/PyCQA/pylint/commit/e75089bae209d1b9ca72903c0d65530b02f67fdf.patch"; + hash = "sha256-4ErlCMLTI5xIu1dCvcJsvo03dwcgLLbFFQ5M7DFdL3o="; + }) + (fetchpatch { + name = "fix-pythonpath-tests.patch"; + url = "https://github.com/PyCQA/pylint/commit/6725f761f2ac7a853e315790b496a2eb4d926694.patch"; + hash = "sha256-Xaeub7uUaC07BBuusA6+neGiXFWWfVNBkGXmYJe7ot4="; + }) + ]; + nativeBuildInputs = [ installShellFiles + setuptools ]; propagatedBuildInputs = [ @@ -61,6 +78,7 @@ buildPythonPackage rec { pytest-timeout pytest-xdist pytestCheckHook + requests typing-extensions ]; From cb56c35264c62906b11718b31fa18446e3d2da76 Mon Sep 17 00:00:00 2001 From: Theodore Ni <3806110+tjni@users.noreply.github.com> Date: Mon, 14 Nov 2022 08:36:36 -0800 Subject: [PATCH 094/132] z3, python310Packages.deal-solver: pass python dependencies Z3 Python bindings import pkg_resources, which comes from setuptools. deal-solver used to pick this up from astroid, but the latest version of astroid removed this. Instead, let's pass this dependency explicitly from the Z3 derivation. --- pkgs/development/python-modules/deal-solver/default.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/pkgs/development/python-modules/deal-solver/default.nix b/pkgs/development/python-modules/deal-solver/default.nix index f762ec0ca0ec..c7241d50146f 100644 --- a/pkgs/development/python-modules/deal-solver/default.nix +++ b/pkgs/development/python-modules/deal-solver/default.nix @@ -41,7 +41,7 @@ buildPythonPackage rec { propagatedBuildInputs = [ z3 astroid - ]; + ] ++ z3.requiredPythonModules; checkInputs = [ pytestCheckHook From 9a4cba4233c87a2a883b631f6aa97d68dca972d9 Mon Sep 17 00:00:00 2001 From: Robert Scott Date: Sun, 20 Nov 2022 23:51:17 +0000 Subject: [PATCH 095/132] libtiff: add patch for CVE-2022-3970 --- pkgs/development/libraries/libtiff/default.nix | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/pkgs/development/libraries/libtiff/default.nix b/pkgs/development/libraries/libtiff/default.nix index 82f3b97f6f05..ffed49235286 100644 --- a/pkgs/development/libraries/libtiff/default.nix +++ b/pkgs/development/libraries/libtiff/default.nix @@ -57,6 +57,11 @@ stdenv.mkDerivation rec { url = "https://gitlab.com/libtiff/libtiff/-/commit/cfbb883bf6ea7bedcb04177cc4e52d304522fdff.patch"; sha256 = "sha256-SLq2+JaDEUOPZ5mY4GPB6uwhQOG5cD4qyL5o9i8CVVs="; }) + (fetchpatch { + name = "CVE-2022-3970.patch"; + url = "https://gitlab.com/libtiff/libtiff/-/commit/227500897dfb07fb7d27f7aa570050e62617e3be.patch"; + sha256 = "sha256-pgItgS+UhMjoSjkDJH5y7iGFZ+yxWKqlL7BdT2mFcH0="; + }) ]; postPatch = '' From 9afbff9b31cf50b85a8c2d1ffe2e8e713eaa4092 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Sandro=20J=C3=A4ckel?= Date: Mon, 21 Nov 2022 02:49:28 +0100 Subject: [PATCH 096/132] python310Packages.protobuf: remove unused pyext --- pkgs/development/python-modules/protobuf/default.nix | 3 --- 1 file changed, 3 deletions(-) diff --git a/pkgs/development/python-modules/protobuf/default.nix b/pkgs/development/python-modules/protobuf/default.nix index 7034ef322ab5..4061edfc5ae4 100644 --- a/pkgs/development/python-modules/protobuf/default.nix +++ b/pkgs/development/python-modules/protobuf/default.nix @@ -2,7 +2,6 @@ , lib , buildPythonPackage , protobuf -, pyext , isPyPy }: @@ -31,8 +30,6 @@ buildPythonPackage { fi ''; - nativeBuildInputs = [ pyext ]; - buildInputs = [ protobuf ]; propagatedNativeBuildInputs = [ From 435fc65e74c0f62eed8e7bd3f42dea6f42560c0e Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Sandro=20J=C3=A4ckel?= Date: Mon, 21 Nov 2022 02:49:38 +0100 Subject: [PATCH 097/132] python310Packages.pyext: remove unmaintained and unused package --- .../python-modules/pyext/default.nix | 24 ------------------- pkgs/top-level/aliases.nix | 1 + pkgs/top-level/python-packages.nix | 2 -- 3 files changed, 1 insertion(+), 26 deletions(-) delete mode 100644 pkgs/development/python-modules/pyext/default.nix diff --git a/pkgs/development/python-modules/pyext/default.nix b/pkgs/development/python-modules/pyext/default.nix deleted file mode 100644 index eb88bf785860..000000000000 --- a/pkgs/development/python-modules/pyext/default.nix +++ /dev/null @@ -1,24 +0,0 @@ -{ lib, buildPythonPackage, fetchFromGitHub }: - -buildPythonPackage { - pname = "pyext"; - version = "0.8"; - - # Latest release not on Pypi or tagged since 2015 - src = fetchFromGitHub { - owner = "kirbyfan64"; - repo = "PyExt"; - rev = "1e018b12752ceb279f11aee123ed773d63dcec7e"; - sha256 = "16km897ng6lgjs39hv83xragdxh0mhyw6ds0qkm21cyci1k5m1vm"; - }; - - # Has no test suite - doCheck = false; - - meta = with lib; { - description = "Simple Python extensions"; - homepage = "https://github.com/kirbyfan64/PyExt"; - license = licenses.mit; - maintainers = with maintainers; [ edwtjo ]; - }; -} diff --git a/pkgs/top-level/aliases.nix b/pkgs/top-level/aliases.nix index 239794471469..057d3ae3ffe2 100644 --- a/pkgs/top-level/aliases.nix +++ b/pkgs/top-level/aliases.nix @@ -1228,6 +1228,7 @@ mapAliases ({ pyMAILt = throw "pyMAILt has been removed from nixpkgs as it is unmaintained and python2-only"; pybind11 = throw "pybind11 was removed because pythonPackages.pybind11 for the appropriate version of Python should be used"; # Added 2021-05-14 pybitmessage = throw "pybitmessage was removed from nixpkgs as it is stuck on python2"; # Added 2022-01-01 + pyext = throw "pyext was removed because it does not support python 3.11, is upstream unmaintained and was unused"; # Added 2022-11-21 pygmentex = texlive.bin.pygmentex; # Added 2019-12-15 pyload = throw "pyload has been removed from nixpkgs, as it was unmaintained"; # Added 2021-03-21 pynagsystemd = throw "pynagsystemd was removed as it was unmaintained and incompatible with recent systemd versions. Instead use its fork check_systemd"; # Added 2020-10-24 diff --git a/pkgs/top-level/python-packages.nix b/pkgs/top-level/python-packages.nix index e53cc1f64213..91ea3941b4bf 100644 --- a/pkgs/top-level/python-packages.nix +++ b/pkgs/top-level/python-packages.nix @@ -7785,8 +7785,6 @@ self: super: with self; { pyexcel-xls = callPackage ../development/python-modules/pyexcel-xls { }; - pyext = callPackage ../development/python-modules/pyext { }; - pyezviz = callPackage ../development/python-modules/pyezviz { }; pyface = callPackage ../development/python-modules/pyface { }; From 867c3f3cb63ec9556e012f5c006179d081b39b85 Mon Sep 17 00:00:00 2001 From: Theodore Ni <3806110+tjni@users.noreply.github.com> Date: Wed, 16 Nov 2022 00:03:30 -0800 Subject: [PATCH 098/132] python310Packages.rsa: update and fix tests --- .../python-modules/rsa/default.nix | 43 +++++++++++++------ 1 file changed, 29 insertions(+), 14 deletions(-) diff --git a/pkgs/development/python-modules/rsa/default.nix b/pkgs/development/python-modules/rsa/default.nix index 0a70f8d8b088..74953fa66aad 100644 --- a/pkgs/development/python-modules/rsa/default.nix +++ b/pkgs/development/python-modules/rsa/default.nix @@ -1,36 +1,51 @@ { lib , buildPythonPackage -, fetchPypi -, unittest2 +, fetchFromGitHub +, poetry-core , pyasn1 -, mock -, isPy3k +, pytestCheckHook , pythonOlder }: buildPythonPackage rec { pname = "rsa"; version = "4.9"; + format = "pyproject"; - src = fetchPypi { - inherit pname version; - sha256 = "sha256-44RkpJxshdfxNRsBJmYUh6fgoUpQ8WdexQ6zTU8g7yE="; + disabled = pythonOlder "3.6"; + + src = fetchFromGitHub { + owner = "sybrenstuvel"; + repo = "python-rsa"; + rev = "version-${version}"; + hash = "sha256-PwaRe+ICy0UoguXSMSh3PFl5R+YAhJwNdNN9isadlJY="; }; - checkInputs = [ unittest2 mock ]; - propagatedBuildInputs = [ pyasn1 ]; - - preConfigure = lib.optionalString (isPy3k && pythonOlder "3.7") '' + preConfigure = lib.optionalString (pythonOlder "3.7") '' substituteInPlace setup.py --replace "open('README.md')" "open('README.md',encoding='utf-8')" ''; - # No tests in archive - doCheck = false; + nativeBuildInputs = [ + poetry-core + ]; + + propagatedBuildInputs = [ pyasn1 ]; + + preCheck = '' + sed -i '/addopts/d' tox.ini + ''; + + checkInputs = [ + pytestCheckHook + ]; + + disabledTestPaths = [ + "tests/test_mypy.py" + ]; meta = with lib; { homepage = "https://stuvel.eu/rsa"; license = licenses.asl20; description = "A pure-Python RSA implementation"; }; - } From 89987638fa594ae5520435de94293a65e92e8916 Mon Sep 17 00:00:00 2001 From: Theodore Ni <3806110+tjni@users.noreply.github.com> Date: Sat, 19 Nov 2022 04:30:16 -0800 Subject: [PATCH 099/132] subunit, python310Packages.subunit: 1.4.0 -> 1.4.2 --- .../development/libraries/subunit/default.nix | 4 +- .../python-modules/subunit/default.nix | 44 +++++++++++++------ 2 files changed, 32 insertions(+), 16 deletions(-) diff --git a/pkgs/development/libraries/subunit/default.nix b/pkgs/development/libraries/subunit/default.nix index 9cc61d200086..61c30ebcf033 100644 --- a/pkgs/development/libraries/subunit/default.nix +++ b/pkgs/development/libraries/subunit/default.nix @@ -4,11 +4,11 @@ stdenv.mkDerivation rec { pname = "subunit"; - version = "1.4.0"; + version = "1.4.2"; src = fetchurl { url = "https://launchpad.net/subunit/trunk/${version}/+download/${pname}-${version}.tar.gz"; - sha256 = "1h7i5ifcx20qkya24j11nbwa829klw7dvnlljdgivgvcx6b20y80"; + hash = "sha256-hlOOv6kIC97w7ICVsuXeWrsUbVu3tCSzEVKUHXYG2dI="; }; nativeBuildInputs = [ pkg-config ]; diff --git a/pkgs/development/python-modules/subunit/default.nix b/pkgs/development/python-modules/subunit/default.nix index 704a4cb924ac..6f79bf563b80 100644 --- a/pkgs/development/python-modules/subunit/default.nix +++ b/pkgs/development/python-modules/subunit/default.nix @@ -9,30 +9,46 @@ # python dependencies , fixtures , hypothesis -, pytest +, pytestCheckHook +, setuptools , testscenarios , testtools -, unittest2 }: buildPythonPackage { inherit (subunit) name src meta; + format = "pyproject"; + + disabled = pythonOlder "3.6"; + + postPatch = '' + substituteInPlace setup.py \ + --replace "version=VERSION" 'version="${subunit.version}"' + ''; + + nativeBuildInputs = [ + pkg-config + setuptools + ]; - nativeBuildInputs = [ pkg-config ]; buildInputs = [ check cppunit ]; propagatedBuildInputs = [ testtools ]; - checkInputs = [ testscenarios hypothesis fixtures pytest unittest2 ]; + checkInputs = [ + testscenarios + hypothesis + fixtures + pytestCheckHook + ]; - # requires unittest2, which no longer supported in 3.10 - doCheck = pythonOlder "3.10"; - # ignore tests which call shell code, or call methods which haven't been implemented - checkPhase = '' - pytest python/subunit \ - --ignore=python/subunit/tests/test_{output_filter,test_protocol{,2}}.py - ''; + pytestFlagsArray = [ + "python/subunit" + ]; - postPatch = '' - sed -i 's/version=VERSION/version="${subunit.version}"/' setup.py - ''; + disabledTestPaths = [ + # these tests require testtools and don't work with pytest + "python/subunit/tests/test_output_filter.py" + "python/subunit/tests/test_test_protocol.py" + "python/subunit/tests/test_test_protocol2.py" + ]; } From 2d5805c332bee620254b98d7b70a62b1fa26183c Mon Sep 17 00:00:00 2001 From: Chris Montgomery Date: Mon, 21 Nov 2022 00:19:24 -0500 Subject: [PATCH 100/132] iosevka-bin: 16.3.6 -> 16.4.0 --- pkgs/data/fonts/iosevka/bin.nix | 2 +- pkgs/data/fonts/iosevka/variants.nix | 184 +++++++++++++-------------- 2 files changed, 93 insertions(+), 93 deletions(-) diff --git a/pkgs/data/fonts/iosevka/bin.nix b/pkgs/data/fonts/iosevka/bin.nix index d7f107b78428..5544e846475b 100644 --- a/pkgs/data/fonts/iosevka/bin.nix +++ b/pkgs/data/fonts/iosevka/bin.nix @@ -11,7 +11,7 @@ let (builtins.attrNames (builtins.removeAttrs variantHashes [ "iosevka" ])); in stdenv.mkDerivation rec { pname = "${name}-bin"; - version = "16.3.6"; + version = "16.4.0"; src = fetchurl { url = "https://github.com/be5invis/Iosevka/releases/download/v${version}/ttc-${name}-${version}.zip"; diff --git a/pkgs/data/fonts/iosevka/variants.nix b/pkgs/data/fonts/iosevka/variants.nix index e5d7447ed59a..ff64990d6528 100644 --- a/pkgs/data/fonts/iosevka/variants.nix +++ b/pkgs/data/fonts/iosevka/variants.nix @@ -1,95 +1,95 @@ # This file was autogenerated. DO NOT EDIT! { - iosevka = "1xjpzif2v3p78abny74wwrrcq05hahvk4rf0swhbjhsv7j1ycmnf"; - iosevka-aile = "1m1naxhf6ksasd3fq5npikgm8yv60salnhvb9b50rmyw6as2hmyb"; - iosevka-curly = "0xdb8ymcg0kmdcj7jhr3pqfyv6cw9ab1f1rgs0cvn6g97n4ag2yq"; - iosevka-curly-slab = "0396zjh043qv1j10f7m2pbibfyfkc6361rzjjgdqyvjhj0qh3wsi"; - iosevka-etoile = "0d89q4d8fvcl2130v45v873g31vvcd051wk461lid1mdmydvfs9d"; - iosevka-slab = "0jgsg1rnkx8mrcp74qbkc7dazlkh9wzyb6gn51yvwzv2gs2sj69m"; - iosevka-ss01 = "16c3kh3ynmwm0r83gv1swv2z4bhdm78a91hkdczzkngbzaa0mxhg"; - iosevka-ss02 = "1xmylqgh0972p1cz2vshlgnjpfg20k7x5alirjhpsvyj8n1v7jsx"; - iosevka-ss03 = "1qw2rwwhw4yd2s0876xp3z5kxxgf5x125vwy83wbcgca9hx7b1cw"; - iosevka-ss04 = "1nlw7na37rx9lk9g3b01v2wipglcj0lszyyk0s6j2g8cdmvcdqap"; - iosevka-ss05 = "1b3ckxpw28ail62x8g06rs6fn4gba7xfpnk2qaf8fl0lhvjyv0kf"; - iosevka-ss06 = "0ifrzd1kxhflf2kxbfsshp9chpiidx6nvvblws11276qz7qir9lq"; - iosevka-ss07 = "0bm2n688i8f40awi8k1jj8p6pz45p230pp7brlps99ljjq7ipqcb"; - iosevka-ss08 = "0qqhfcr9xmfr24rp4xq3xy8zld5l2pnqwbd801ljv6qy3zza9xhk"; - iosevka-ss09 = "0dgpzjnab2fwp2jns5fvgzh4n8w0qhxzx1fhxw4b5c99n5bnim07"; - iosevka-ss10 = "1nz8an3ar3lw3zfdyck1xh17hdkqdpg8rmwih4wxz93hpp5xhrbv"; - iosevka-ss11 = "1wmxs075ymvyzl9r687xh32iqp3xsaakdfh01m1iwpyglspyr8y0"; - iosevka-ss12 = "0c7abkq0ylzqv8ssizby5g6lnibqyiw2pfmyk8cccx9pq1ihr1jq"; - iosevka-ss13 = "0xalbmkgyj30a9y4wzqpcc8ix64jdll1sm972fc35ln8134m7fzl"; - iosevka-ss14 = "1638n30hhqv0rm2q1gqvj36knjn2n6jry6dz1xfczlaqm956395v"; - iosevka-ss15 = "05blb6va180fk4iw3ldgq17w11gqi0jflmcdgzjzxw5pxs8j1qwp"; - iosevka-ss16 = "1qgfrc5kj0x7yc77aqswy5668ymnxw9gw5rp71r4j5778wmslr5s"; - iosevka-ss17 = "03226nda56dhbia3nf5p603zz04avh5j1x24qz9z3irhqg4rn0js"; - iosevka-ss18 = "17vyf3msafgdhqhhby4qrn8p5pxdmvxwfgf44vx41iy860q89avh"; - sgr-iosevka = "0vxfkhx77b9hf63an7wzpgldlj6pbs27i65qsq45n869cyvzd9ga"; - sgr-iosevka-aile = "1iqxc42hc6398a61k84ibmjkl328sza9q3l81s04iav4kkrjd0g6"; - sgr-iosevka-curly = "0ww4h12xfpa8yxjxhgs3m819024vz6isw8gq88spj07p2w4jx4mp"; - sgr-iosevka-curly-slab = "1my79s02hhi803rakwia61c2rkpgzf6zw6xhzw6n1jkmjj1r77a7"; - sgr-iosevka-etoile = "0rp1fk156s2mxibyak8pzw871p33pjdizi2ix9ppxqdb2zyn64xd"; - sgr-iosevka-fixed = "0rldw2gq22hf2hy0brf03g12vw4rh8h5ascccsc6mljzzgwy6wir"; - sgr-iosevka-fixed-curly = "1sal7i1kybfgxfhr1c90rmjal8zhh4cbf6xqzs6zrz3zxhp1zj30"; - sgr-iosevka-fixed-curly-slab = "0spkivcqg4nzkd7r3gvym1v87d8r7cd353sw8sbllq9a93axcffs"; - sgr-iosevka-fixed-slab = "1kpzcsjdk74fbr16iqz7xm10arg8kmcnpv54xxn23h4xbxx6qy5z"; - sgr-iosevka-fixed-ss01 = "0j7kzcy7rwjqhl9hlhpbm4495b5ifl0kl9jh58nc0r17c3vfhhxq"; - sgr-iosevka-fixed-ss02 = "1lx6gx2qr82nzphxyd38xj50mrhn9y2c0lq2c1n6iq7zig7yybn6"; - sgr-iosevka-fixed-ss03 = "0clpiaa12mxksvbyrxahq56nh0dmn3y5x0dclx8clh7v39z652s6"; - sgr-iosevka-fixed-ss04 = "1lvr6vs6qbmkrgkzw5jvp3a3ib681y9784mwv25il5z7q6imlnng"; - sgr-iosevka-fixed-ss05 = "0bxqcd18657pvf6j64rhwvgpq6frqdhp65r8rb90bwfv12yqxrw7"; - sgr-iosevka-fixed-ss06 = "1fz1zvbvkyj04c8qh2xwshcnwswnzldvi6y7c1qzbfm357xsjblg"; - sgr-iosevka-fixed-ss07 = "01ndbbchf4azc4n8w26snd1l6078zxc8xzxy2vbw7vby3lify2i1"; - sgr-iosevka-fixed-ss08 = "1rv1rywpk53nf6kyc5wjsjf9j2aj1bzlr4gwk5s6m63klr7q10wx"; - sgr-iosevka-fixed-ss09 = "10rv346mjg12rihix0rr97vi5y63j4ia0q24rbs0546g4g309k6w"; - sgr-iosevka-fixed-ss10 = "0ry6abyjaq6dy39mkvzqglzrrpbgwfcq2lxy5j9kncjcwx72mpin"; - sgr-iosevka-fixed-ss11 = "0nq997c81pxjkgsr1gvkbaapv4qkqpf5w5pixhdkc22g2fp68w6s"; - sgr-iosevka-fixed-ss12 = "1v7irhjrf31mlj3h0v1bxnl1x187555zdrrv2fhycn7700im5pj2"; - sgr-iosevka-fixed-ss13 = "17m1fjlvh279wc1n2m7fhmrn3a8b2rqrnj34vps67f1m7bafh1yz"; - sgr-iosevka-fixed-ss14 = "1sm9z1zad7war4066rj5mdmc0qhl03bjq7wir01na42bw464yz2a"; - sgr-iosevka-fixed-ss15 = "0xsgjz0225vdzw5b9x8333anmshpva1w5kw7g6m0m2m21n3kvpc8"; - sgr-iosevka-fixed-ss16 = "1z5h9s9vqmmdjzkv6jzd2rxzkrdbchcbbdxilgvh0nkicpz7h1f6"; - sgr-iosevka-fixed-ss17 = "06va44pbrbp3yrpb6k58c5vkyrfjbl1sm2jhbpih0vxcpmqa209k"; - sgr-iosevka-fixed-ss18 = "03plkqbjmpbz200k062s5j9a42717fzi37c6d0jjmhqlyr62j478"; - sgr-iosevka-slab = "0xf2wzd5679j3csd5br4yfyh1m8vmijf42871szxbq85mw8k1q6f"; - sgr-iosevka-ss01 = "1v4cifbn4icgsnzvxqyg2sqza5m2378bmcqmw511cbkhrgzr15ff"; - sgr-iosevka-ss02 = "1d91qzbzlkwj0f9nfd4jvvy2lq0dy70w6dzkgggb75xm6rwn0251"; - sgr-iosevka-ss03 = "0praj6n5i1ahxnp3zji3jffvvzhpb1382inzihlgrbysjna4cqkv"; - sgr-iosevka-ss04 = "1lxifnvb61ad8v53cnj4zi4m1jnlh4gk1w6kk5w04yd0z749hyx1"; - sgr-iosevka-ss05 = "1a446rhyn69ss20ybf9mqy55i4ajq2jpwppmn6srfnrjx63706w6"; - sgr-iosevka-ss06 = "112k2gyv6r9ircw2rnrgsijw9v1fs64p5737ww6540kg8xrpz1kx"; - sgr-iosevka-ss07 = "0alc313vgf9649xgynq8h6d006phw9mbijn2m4qjzgjkw4v28xh8"; - sgr-iosevka-ss08 = "1c1xfj3jryfcgzmqyfmcz7nafhh5jzj7glcdaifviddbbdj5xi88"; - sgr-iosevka-ss09 = "1fw4qnn22fvz42mfbl1gwr4bwv53xjy0dqd7c6sy7886gxmkr04y"; - sgr-iosevka-ss10 = "1m62m1xb6xb9vwpgicag8vw817r8qf6gq6mv7kr18fs0mqv4h8sh"; - sgr-iosevka-ss11 = "0xa5wy6qnk9fgkm3yb0scwkhfxg59hchimzfzrbgvfylsdpq527y"; - sgr-iosevka-ss12 = "0c49wjypsxjgkm9s1py58lx8rybb3kzm6z3xysvmffqhyx4h03xa"; - sgr-iosevka-ss13 = "1hr0fbmhjq5ngp4hdm7zjxk3wggbk2yhx50byvbm39056v3pxbym"; - sgr-iosevka-ss14 = "0ibqdh2ddz9rv8icbfvba6jj5pcpi7l7kjkwsqx0081wqv1c3jxk"; - sgr-iosevka-ss15 = "004ibn5hrgcby93h2kz248x5qmz4xbirih1k3ic0xqda23yyqq7j"; - sgr-iosevka-ss16 = "1mad0yiwknl9f7z6c52fv12ngdgwr1yic74ssbzk529vrqmafwy1"; - sgr-iosevka-ss17 = "1igrbzw63jailzgqlv72h1iv3lz33qd3z9s0hv92w2kh2ig7q6kf"; - sgr-iosevka-ss18 = "0nsq4hg8mmnzi8dgdn0km03x72ja1vk7g7kbzr7m148kb1p4x5vv"; - sgr-iosevka-term = "1ax6i21cf4w8gwhml0rwvb3yk9hlhkjfn1pyjyglajnsbh8z4r3w"; - sgr-iosevka-term-curly = "0y7jkqddqkc2cnmgfsrq29c7id070y8gxj664q81k6alivpj62rs"; - sgr-iosevka-term-curly-slab = "021m8lmxss1qms0slsc83l78njvnjjyniarrkx95x9vpqs2dym0h"; - sgr-iosevka-term-slab = "0qkxy91hvxa36bz8q1wwf31qn18b2zvyabkpsjnv6yhpzimz4wm0"; - sgr-iosevka-term-ss01 = "0sxm07qr1l64n0p5f7dnssgi545i73gdahm18iyvijwqcvxg83rn"; - sgr-iosevka-term-ss02 = "0zlzvxbf2p27g7p5g19ixa5vf77fxd0b7bqky9pfzf72wpwd89jd"; - sgr-iosevka-term-ss03 = "09qd2np8z224h2z7yyqfz7csxdbr11kc4v9p8z4qnb8k8wg5akz9"; - sgr-iosevka-term-ss04 = "0jr5bk9x3nb9841nxlsl3wjwdy5si8g4rwh5axm5g5hwjxr29x8z"; - sgr-iosevka-term-ss05 = "1w41g52b2b5qzkhai3wk3fvsa5qi8h70wmbq0shq954gqzrlchnp"; - sgr-iosevka-term-ss06 = "0hmsq5jpnb9605scvh89wqdvyxsypm74aqwz8zsyn7siwfkhh3hc"; - sgr-iosevka-term-ss07 = "06spijbyw6dzwc73gzi9r14af9g47js0p94ddn54aq3sw2d1c9jq"; - sgr-iosevka-term-ss08 = "1yrr7lknz0h126gr6srxzfs4npl7vv8v32b2hzkixqzf1pfjv3mr"; - sgr-iosevka-term-ss09 = "1lf04m0f3l2pw1rm3klfynainxma8fs5x2zv9vgjd1vr07si0c5n"; - sgr-iosevka-term-ss10 = "1p9p3gpfd353jq1aab5dh16ppzx2qjii8x8hvaqnmhy1a1ip15jg"; - sgr-iosevka-term-ss11 = "1x1n5fjya6a01m0cwcdcf6xlynzgk2413axkr4p5glmqad7w82h8"; - sgr-iosevka-term-ss12 = "07bxpw4bsxbwsrjvbw3n6kj1bkvr9a730zp509zjzg72dy6i96ca"; - sgr-iosevka-term-ss13 = "1mw0nfknzk4qcf9nsg9904389li6sbpvgn48iydrk4bzyr41qza1"; - sgr-iosevka-term-ss14 = "13pvn4kkl4yz1hkrl04ifqbk9x7lym1i7w3d6nh8l3ch3783sjha"; - sgr-iosevka-term-ss15 = "1hqrn050qx5iljfbflzpzl4nl21jnnlih53kj9ik3scwb76pkfal"; - sgr-iosevka-term-ss16 = "1svj0wq7j0kzn4pnyn5lkd5sni3k6vv78r943zc6dlxrs7vbkljp"; - sgr-iosevka-term-ss17 = "0qmzpxgsibf8c0k6hzq7ps1gd0mb050z3dsjmjjammh0cwflax6p"; - sgr-iosevka-term-ss18 = "0qss7kz6mwzaxlff4m1lylf0a8sy65l7z6my7k6kif9iiy2595wx"; + iosevka = "07v98pr0anqbxn1yc55245k5ixxzfk2wmfq67zhz84aa18viqhbc"; + iosevka-aile = "03y0xijb7c0kampm3gjb69mv8hikhsgqhlw1w3zfcjhr2vc62g6q"; + iosevka-curly = "1i31zj0j8npgx7wn2qibih48s76qjxakz14sa2hgx908p8xyfwq5"; + iosevka-curly-slab = "1xijhk5vbgs3c89a7g9cfjqjqv801gimjja4wqpvaficab692jh2"; + iosevka-etoile = "1rqagk6gyja15fa4m107ylbjwbhn811gbl9lbr9yzashw4drjpp9"; + iosevka-slab = "063qk1d75l1jq7gdwzqxd7j8j56g7da0aagsqm0lvwl217l7x48b"; + iosevka-ss01 = "0rjbyfmm46ffslf0glvn5yrsxiaznj3bk53si5jhnipphqw11r9v"; + iosevka-ss02 = "0sgpaqzcp4zpk96xr2nz04sfg026ph4glkkzky7z1245z12lzdlc"; + iosevka-ss03 = "01wjv069mmyjw9mk9hkcj4d23f0lgwdy91j21lcja6gybawly5g6"; + iosevka-ss04 = "0j2qjly3z8vr8z62g2dlj1i6cpx5mlzfvng41x8hxq23j9gfr2y6"; + iosevka-ss05 = "1aimq0mm749mai3ykh6975ya8ng402ddkzb1hhxz3nnm8v6cwd27"; + iosevka-ss06 = "1yd882vj4l0qhz67nbba61nyplg9psyr3hnvknvkmr2wnj723dbm"; + iosevka-ss07 = "09x54z8lzg85akfdc95k6gyka77qgmz3fnhq2ji01apshf8hc751"; + iosevka-ss08 = "1lmsgcc5q68wm2hs0h35s374bql7rl8r5yp7z17vrjz2qwp3n7b4"; + iosevka-ss09 = "1p5f2885b18xgxbl63g5zphr2kz52swdpm98d0rcwr60bkqkf79l"; + iosevka-ss10 = "0kmc0fxyi1imndw88wsdfg6nhvijprrxc2d6nmgvnalnwrx95d33"; + iosevka-ss11 = "15k64sn23jh2plwwqsvplc04099xv9w16fmmzxzz9vd4js8j4245"; + iosevka-ss12 = "10y5ll8256h61ycgyjrysfaki9h93va271qgam0b5bjl0v9vhdlk"; + iosevka-ss13 = "1lv9w2yiqy09sggbzd17vx8nn8vh1qv7yn9rsnwcq95xqd4dpw60"; + iosevka-ss14 = "1pb53ahx5jig7a6yjb4kwpcgbpdbxans25p3amiswy7xyklhw3la"; + iosevka-ss15 = "1jax0zx17k8mzp7489fd1bprvh79ww4ghcy6vhih2nbg18kzxsqc"; + iosevka-ss16 = "0s3xq3ijrd8b51myh779hf5cvwvxvxz8xx9gxksnbzh1pml9zz1a"; + iosevka-ss17 = "1mnw0lh65yj936p3shsayq6k31s708cqb60qys82hcwas5bacidr"; + iosevka-ss18 = "1jyywvp9j6rj21v99psbwsr8xrfzfvq76z54hw0acb3j5mhl7s4r"; + sgr-iosevka = "1p2n8q6nj9f8nibb7zzy60ck0sp2cg6lz1z3inizs5i9lpnr8mx3"; + sgr-iosevka-aile = "1nxysymkc273cmk00b44bky63lm73dl3p9yai8lcn14lv1apdjg6"; + sgr-iosevka-curly = "0bwlalijphm1aykv8j652lp9p1xl4jj4gmc26ag8s13gmbx6gxhy"; + sgr-iosevka-curly-slab = "11d3biggpk6r0pa7k7ig8sgxmjw80b723ass3pqxns13y3krm8il"; + sgr-iosevka-etoile = "0lspbn81bajdc905wafqmfp8cjlw6q6xlvry1alq7y7ng19vm5dh"; + sgr-iosevka-fixed = "1zzqi09pafma9fj9603ixhygwa2aayzk27xda2yzhixiw11wxz33"; + sgr-iosevka-fixed-curly = "1j07rqa1495dr0s2ppcypycclmzgpbpl0yibkd7f1mlzl629gk38"; + sgr-iosevka-fixed-curly-slab = "1wlq2qdl3nx8q6a39dc3sv6h2gr8v3bhswgvgavbr7m2q6jcss8g"; + sgr-iosevka-fixed-slab = "1m20f9zc4q2rv16yl5pfvx4l2031783ixv4k6vhnzwqkvqqrk9dg"; + sgr-iosevka-fixed-ss01 = "1c7ldr1h2bgl6w8ggwbsifad7n3mincwplfiam4w4n56xkn19qdx"; + sgr-iosevka-fixed-ss02 = "1hck8rcja59c0jgl62dk9i5xrixxihd3mzcma6yqqsxadgvf6cc5"; + sgr-iosevka-fixed-ss03 = "1qck9qdanfwl1jgbjmyzvv52dgxa46gw9h6ygn3pp34pgbgj6lnd"; + sgr-iosevka-fixed-ss04 = "1d3gv5zcs66qjazxwig2kw6nlwqzvn3pmnpbwif65xd5hlqs1m3c"; + sgr-iosevka-fixed-ss05 = "1l335c8fnh3ijhx7bl2wpa8k1vnjskhrlhcg7k04z9jhjcyagr9f"; + sgr-iosevka-fixed-ss06 = "06zm8yr6n17b6vmic9ngv3iv7jvnps0bazvdi8y38r371gwp4af9"; + sgr-iosevka-fixed-ss07 = "0ambs05hjxvx6v905wzqk8wjl8a8yrd216fm8sy23wr8vkm7zrca"; + sgr-iosevka-fixed-ss08 = "10zgxj5p50hzbczh33mq1qw708srwcwp615ajfmmx0b86qgxmfqw"; + sgr-iosevka-fixed-ss09 = "1k0hd06lislhzvgd5vz7sra9pbwnl7nv0cxzmxglmlskafcls7zb"; + sgr-iosevka-fixed-ss10 = "0bgkfk31fd60w7x1nzy6x3p7gi2d72z7cf8f5av54rnamw4a4hnq"; + sgr-iosevka-fixed-ss11 = "0vsv9plkcmynrj6s75kbb57kkfpxay4k90nlimgb3s1z7d17az0a"; + sgr-iosevka-fixed-ss12 = "040bpjhgjii0s19ilfrvg1261ssk4n9xyynw61cbn65rh2dpfdcl"; + sgr-iosevka-fixed-ss13 = "0bmmfpynl5j74i71b0cyi9vyrrb6d5axz3frsg48q8pwqac2vkx7"; + sgr-iosevka-fixed-ss14 = "1bqfbv4rcvcpbrzsg2zpk870yq2a6j7ishsgc6p9xsqfblnw1p6a"; + sgr-iosevka-fixed-ss15 = "1rhks1drqs0yx2sbcdqyq9lvxrh11adqisw7pxncgm6flcgkhx29"; + sgr-iosevka-fixed-ss16 = "14kkdvmj2gpyxs5dcbfyghidbqaz147r114xi42yhl4fpsdppkrk"; + sgr-iosevka-fixed-ss17 = "0csd2ag4h8cdngscbmhj5kh1rlj022pmg8ig758hxp25ddmb2h8l"; + sgr-iosevka-fixed-ss18 = "0hpkzzx35a1nmspb2k7gg5z9kp00i4hd4k1nni4jg661mgvilldp"; + sgr-iosevka-slab = "1y8csc7kgm2xipa6s2jy0ibgb4j9pj6wxpjlxyad3ssbsqf5yfvc"; + sgr-iosevka-ss01 = "0hq5s1ajqfmq6y3l189h2xjkawayq10sjwpcmzkbf4565qifinm6"; + sgr-iosevka-ss02 = "0921izv9x38zziw8vfha4aqvvdb5g926gycg6rl2rxfymjsg2f1m"; + sgr-iosevka-ss03 = "0c9sfswgf4rgmwbsm4wwyfaqk7brp0dmw76krzylbppcyzsczjbr"; + sgr-iosevka-ss04 = "0ic7g811156cwkrsizjd5f051k964lpr216nrd15ap06viar4vk4"; + sgr-iosevka-ss05 = "0hxpi57xzxw03qr9ss2mrpl4p479v14c15y9iqjflb478qdicxg0"; + sgr-iosevka-ss06 = "04ny0vyr0sayfymaxgsqfnvqsx1afsh9fjdpcfna5vpl661ljnsf"; + sgr-iosevka-ss07 = "10s8vhcikk6xrvyjmzjq7k4b81cf9i71c6dhsrnwxvn732dx5awl"; + sgr-iosevka-ss08 = "0ji3gsf26xji6qfx99azhxj816q7bhpzqdxh43ncs86snl86g9xf"; + sgr-iosevka-ss09 = "0c1n399v3vf68q165mn26qc0cnbi5yfvvkxwxp1inl7vdsgzhslw"; + sgr-iosevka-ss10 = "07g2zbpgd8zbb2zyqk9kfb9s1hd94wmx1ijaf9fh6c6sby2wgssk"; + sgr-iosevka-ss11 = "0kfiln8w5gim2swyk80k2bnvnyr853imgp91z2v330hdllca99ra"; + sgr-iosevka-ss12 = "01kljfahn4ljss2rd66srp2lwj94fvkigpzk315zd21qxyy4wfl2"; + sgr-iosevka-ss13 = "0bgxfrpfn4yh6852155qj0j7zfsrf14rg4gc3ffidmszhindllcc"; + sgr-iosevka-ss14 = "04qldb75h61wca2pzkmks3amcq6q3n0dhjva0b5v1dg0y6qzs2c9"; + sgr-iosevka-ss15 = "1344wgx2nx1a7aphi06xkl6niij5cqlnnydbb6la0k75invyz2i6"; + sgr-iosevka-ss16 = "1apkrdmhz69vdbjhr88288qyqz4pfya11fj4gpxkb3hk01dbkwzs"; + sgr-iosevka-ss17 = "0mba09669408icz6p944pivfb0m99pirapmml1d1glni0xj4mndd"; + sgr-iosevka-ss18 = "0j463s8is0w0rvgqn63mxhf3wcx0r5a7q4zs6621f3xigqvbhkdm"; + sgr-iosevka-term = "034p2llrz2ffm5aslxg1ah8l0bj6kr9lx53yi1hg61cnx18z3yx0"; + sgr-iosevka-term-curly = "0zixih0y7ksav7qxswysijfdnnj1jjb74znz0bkb0f7cviaa6w2i"; + sgr-iosevka-term-curly-slab = "1vsz17s0yp3v01054342plc62pag3mx7xs5jb8llx729zc5qzpd7"; + sgr-iosevka-term-slab = "04bsgvzyjy2d0jndzxb2d0pv6sfr9gm3ryv94va65rxv3fc0mj73"; + sgr-iosevka-term-ss01 = "12hfzalx076gh9kskfxvgr9b3w8i3kk2lhbcsj417vsn5nx48grq"; + sgr-iosevka-term-ss02 = "15chkrw65nyfl9vd23y12cqvsn4sddrnf3zmxy0jval5paz8hnx3"; + sgr-iosevka-term-ss03 = "0ivxs8pdpbx1lcmfm1r6qkvzsx82swwi7xn4ja92rh8zix9i78bv"; + sgr-iosevka-term-ss04 = "08zfbmq6cvc7jzkindyvx7mlfvyhhicdxqm4pyblgb9xfh6vvk0k"; + sgr-iosevka-term-ss05 = "0c8mbjbkw6a5hpxshr20qsrwp0chwnxxijm3sqaf28hg2ka79qhg"; + sgr-iosevka-term-ss06 = "1ymdi01cl9v86qlcl0ka9v1p9ry129wqjmsjy1i60ld579yy8x05"; + sgr-iosevka-term-ss07 = "09qqjmn7iaykl08pdd4qj57z12npap246y8c0kp3rvwjdyh3p7y1"; + sgr-iosevka-term-ss08 = "10qca50vbwb5fa509jrb3w63dxk6ny7i7ffdmyiz1slv418jjjha"; + sgr-iosevka-term-ss09 = "0chhlxql7j1b0nfa6pnw3dfrjv6wij8wsl0i2xf5ar52rgzr2s95"; + sgr-iosevka-term-ss10 = "1z6za3sdaf793vma9d70a38rlb47nzqj08pnp6jqir2fifdsvzl1"; + sgr-iosevka-term-ss11 = "1midlf29xqli721gv195gy6mjmp9w8nq8kc1ly2d62spq3lhqmqw"; + sgr-iosevka-term-ss12 = "0bagnqg4r0a76p32d3yg8j6raxwzc7wbhx5kv7habpbinhq96ink"; + sgr-iosevka-term-ss13 = "0wj3gx4h4r99whfsnqja8j3a737b8firn5sga6320qm33szzgh69"; + sgr-iosevka-term-ss14 = "0zsmy58w23355laqjs9xh76i4bz80yha65yaj44ssrsz1h0f9bpn"; + sgr-iosevka-term-ss15 = "1yp9kywi00lykwj2wwvwvw4qblaw1549lj0ahrhrhljnijjc1zmb"; + sgr-iosevka-term-ss16 = "12c8i4gwshxj3mnzz7ycprwlmc5nhfc9dvg1wwcvc59xvdphpgzc"; + sgr-iosevka-term-ss17 = "0fiji4hbb9cbssx3whvjhsvm7zi1chrnrp46q01627z4nzw2s5a7"; + sgr-iosevka-term-ss18 = "0hmdpzffywgdls5qy38sq04jfsx9ym56lypb6fiwjvppgn8vkcgl"; } From 0f49483ded4e5a55be0034e0927ff326322fc670 Mon Sep 17 00:00:00 2001 From: Chris Montgomery Date: Wed, 16 Nov 2022 14:11:50 -0500 Subject: [PATCH 101/132] maintainers: add @montchr --- maintainers/maintainer-list.nix | 9 +++++++++ 1 file changed, 9 insertions(+) diff --git a/maintainers/maintainer-list.nix b/maintainers/maintainer-list.nix index 33d6bcd382f3..e4844d491d9e 100644 --- a/maintainers/maintainer-list.nix +++ b/maintainers/maintainer-list.nix @@ -9344,6 +9344,15 @@ githubId = 249317; name = "montag451"; }; + montchr = { + name = "Chris Montgomery"; + email = "chris@cdom.io"; + github = "montchr"; + githubId = 1757914; + keys = [{ + fingerprint = "6460 4147 C434 F65E C306 A21F 135E EDD0 F719 34F3"; + }]; + }; moosingin3space = { email = "moosingin3space@gmail.com"; github = "moosingin3space"; From 4cb7fffa6e8823563c2f4408201b57af5b9aa9ef Mon Sep 17 00:00:00 2001 From: Chris Montgomery Date: Mon, 21 Nov 2022 00:00:35 -0500 Subject: [PATCH 102/132] iosevka-bin: add @montchr as maintainer --- pkgs/data/fonts/iosevka/bin.nix | 1 + 1 file changed, 1 insertion(+) diff --git a/pkgs/data/fonts/iosevka/bin.nix b/pkgs/data/fonts/iosevka/bin.nix index 5544e846475b..0eabedc7c0bb 100644 --- a/pkgs/data/fonts/iosevka/bin.nix +++ b/pkgs/data/fonts/iosevka/bin.nix @@ -34,6 +34,7 @@ in stdenv.mkDerivation rec { inherit (iosevka.meta) homepage downloadPage description license platforms; maintainers = with lib.maintainers; [ cstrahan + montchr ]; }; From 1996190b651a63f08d9942805658aa153440c1c3 Mon Sep 17 00:00:00 2001 From: ajs124 Date: Mon, 21 Nov 2022 00:41:11 +0100 Subject: [PATCH 103/132] openssl_legacy: init openssl_3, but with a openssl.cnf that enables legacy ciphers this way we can migrate away from openssl_1_1, while not breaking applications relying on deprecated stuff --- .../libraries/openssl/3.0/legacy.cnf | 395 ++++++++++++++++++ .../development/libraries/openssl/default.nix | 4 + pkgs/top-level/all-packages.nix | 4 + 3 files changed, 403 insertions(+) create mode 100644 pkgs/development/libraries/openssl/3.0/legacy.cnf diff --git a/pkgs/development/libraries/openssl/3.0/legacy.cnf b/pkgs/development/libraries/openssl/3.0/legacy.cnf new file mode 100644 index 000000000000..a6485a8c3796 --- /dev/null +++ b/pkgs/development/libraries/openssl/3.0/legacy.cnf @@ -0,0 +1,395 @@ +# Taken from OpenSSL 3.0.7 and modified according to: https://wiki.openssl.org/index.php/OpenSSL_3.0#Programming_in_OpenSSL_3.0 +# +# OpenSSL example configuration file. +# See doc/man5/config.pod for more info. +# +# This is mostly being used for generation of certificate requests, +# but may be used for auto loading of providers + +# Note that you can include other files from the main configuration +# file using the .include directive. +#.include filename + +# This definition stops the following lines choking if HOME isn't +# defined. +HOME = . + + # Use this in order to automatically load providers. +openssl_conf = openssl_init + +# Comment out the next line to ignore configuration errors +config_diagnostics = 1 + +# Extra OBJECT IDENTIFIER info: +# oid_file = $ENV::HOME/.oid +oid_section = new_oids + +# To use this configuration file with the "-extfile" option of the +# "openssl x509" utility, name here the section containing the +# X.509v3 extensions to use: +# extensions = +# (Alternatively, use a configuration file that has only +# X.509v3 extensions in its main [= default] section.) + +[ new_oids ] +# We can add new OIDs in here for use by 'ca', 'req' and 'ts'. +# Add a simple OID like this: +# testoid1=1.2.3.4 +# Or use config file substitution like this: +# testoid2=${testoid1}.5.6 + +# Policies used by the TSA examples. +tsa_policy1 = 1.2.3.4.1 +tsa_policy2 = 1.2.3.4.5.6 +tsa_policy3 = 1.2.3.4.5.7 + +# For FIPS +# Optionally include a file that is generated by the OpenSSL fipsinstall +# application. This file contains configuration data required by the OpenSSL +# fips provider. It contains a named section e.g. [fips_sect] which is +# referenced from the [provider_sect] below. +# Refer to the OpenSSL security policy for more information. +# .include fipsmodule.cnf + +[openssl_init] +providers = provider_sect + +# List of providers to load +[provider_sect] +default = default_sect +legacy = legacy_sect + +# The fips section name should match the section name inside the +# included fipsmodule.cnf. +# fips = fips_sect + +# If no providers are activated explicitly, the default one is activated implicitly. +# See man 7 OSSL_PROVIDER-default for more details. +# +# If you add a section explicitly activating any other provider(s), you most +# probably need to explicitly activate the default provider, otherwise it +# becomes unavailable in openssl. As a consequence applications depending on +# OpenSSL may not work correctly which could lead to significant system +# problems including inability to remotely access the system. +[default_sect] +activate = 1 + +[legacy_sect] +activate = 1 + +#################################################################### +[ ca ] +default_ca = CA_default # The default ca section + +#################################################################### +[ CA_default ] + +dir = ./demoCA # Where everything is kept +certs = $dir/certs # Where the issued certs are kept +crl_dir = $dir/crl # Where the issued crl are kept +database = $dir/index.txt # database index file. +#unique_subject = no # Set to 'no' to allow creation of + # several certs with same subject. +new_certs_dir = $dir/newcerts # default place for new certs. + +certificate = $dir/cacert.pem # The CA certificate +serial = $dir/serial # The current serial number +crlnumber = $dir/crlnumber # the current crl number + # must be commented out to leave a V1 CRL +crl = $dir/crl.pem # The current CRL +private_key = $dir/private/cakey.pem# The private key + +x509_extensions = usr_cert # The extensions to add to the cert + +# Comment out the following two lines for the "traditional" +# (and highly broken) format. +name_opt = ca_default # Subject Name options +cert_opt = ca_default # Certificate field options + +# Extension copying option: use with caution. +# copy_extensions = copy + +# Extensions to add to a CRL. Note: Netscape communicator chokes on V2 CRLs +# so this is commented out by default to leave a V1 CRL. +# crlnumber must also be commented out to leave a V1 CRL. +# crl_extensions = crl_ext + +default_days = 365 # how long to certify for +default_crl_days= 30 # how long before next CRL +default_md = default # use public key default MD +preserve = no # keep passed DN ordering + +# A few difference way of specifying how similar the request should look +# For type CA, the listed attributes must be the same, and the optional +# and supplied fields are just that :-) +policy = policy_match + +# For the CA policy +[ policy_match ] +countryName = match +stateOrProvinceName = match +organizationName = match +organizationalUnitName = optional +commonName = supplied +emailAddress = optional + +# For the 'anything' policy +# At this point in time, you must list all acceptable 'object' +# types. +[ policy_anything ] +countryName = optional +stateOrProvinceName = optional +localityName = optional +organizationName = optional +organizationalUnitName = optional +commonName = supplied +emailAddress = optional + +#################################################################### +[ req ] +default_bits = 2048 +default_keyfile = privkey.pem +distinguished_name = req_distinguished_name +attributes = req_attributes +x509_extensions = v3_ca # The extensions to add to the self signed cert + +# Passwords for private keys if not present they will be prompted for +# input_password = secret +# output_password = secret + +# This sets a mask for permitted string types. There are several options. +# default: PrintableString, T61String, BMPString. +# pkix : PrintableString, BMPString (PKIX recommendation before 2004) +# utf8only: only UTF8Strings (PKIX recommendation after 2004). +# nombstr : PrintableString, T61String (no BMPStrings or UTF8Strings). +# MASK:XXXX a literal mask value. +# WARNING: ancient versions of Netscape crash on BMPStrings or UTF8Strings. +string_mask = utf8only + +# req_extensions = v3_req # The extensions to add to a certificate request + +[ req_distinguished_name ] +countryName = Country Name (2 letter code) +countryName_default = AU +countryName_min = 2 +countryName_max = 2 + +stateOrProvinceName = State or Province Name (full name) +stateOrProvinceName_default = Some-State + +localityName = Locality Name (eg, city) + +0.organizationName = Organization Name (eg, company) +0.organizationName_default = Internet Widgits Pty Ltd + +# we can do this but it is not needed normally :-) +#1.organizationName = Second Organization Name (eg, company) +#1.organizationName_default = World Wide Web Pty Ltd + +organizationalUnitName = Organizational Unit Name (eg, section) +#organizationalUnitName_default = + +commonName = Common Name (e.g. server FQDN or YOUR name) +commonName_max = 64 + +emailAddress = Email Address +emailAddress_max = 64 + +# SET-ex3 = SET extension number 3 + +[ req_attributes ] +challengePassword = A challenge password +challengePassword_min = 4 +challengePassword_max = 20 + +unstructuredName = An optional company name + +[ usr_cert ] + +# These extensions are added when 'ca' signs a request. + +# This goes against PKIX guidelines but some CAs do it and some software +# requires this to avoid interpreting an end user certificate as a CA. + +basicConstraints=CA:FALSE + +# This is typical in keyUsage for a client certificate. +# keyUsage = nonRepudiation, digitalSignature, keyEncipherment + +# PKIX recommendations harmless if included in all certificates. +subjectKeyIdentifier=hash +authorityKeyIdentifier=keyid,issuer + +# This stuff is for subjectAltName and issuerAltname. +# Import the email address. +# subjectAltName=email:copy +# An alternative to produce certificates that aren't +# deprecated according to PKIX. +# subjectAltName=email:move + +# Copy subject details +# issuerAltName=issuer:copy + +# This is required for TSA certificates. +# extendedKeyUsage = critical,timeStamping + +[ v3_req ] + +# Extensions to add to a certificate request + +basicConstraints = CA:FALSE +keyUsage = nonRepudiation, digitalSignature, keyEncipherment + +[ v3_ca ] + + +# Extensions for a typical CA + + +# PKIX recommendation. + +subjectKeyIdentifier=hash + +authorityKeyIdentifier=keyid:always,issuer + +basicConstraints = critical,CA:true + +# Key usage: this is typical for a CA certificate. However since it will +# prevent it being used as an test self-signed certificate it is best +# left out by default. +# keyUsage = cRLSign, keyCertSign + +# Include email address in subject alt name: another PKIX recommendation +# subjectAltName=email:copy +# Copy issuer details +# issuerAltName=issuer:copy + +# DER hex encoding of an extension: beware experts only! +# obj=DER:02:03 +# Where 'obj' is a standard or added object +# You can even override a supported extension: +# basicConstraints= critical, DER:30:03:01:01:FF + +[ crl_ext ] + +# CRL extensions. +# Only issuerAltName and authorityKeyIdentifier make any sense in a CRL. + +# issuerAltName=issuer:copy +authorityKeyIdentifier=keyid:always + +[ proxy_cert_ext ] +# These extensions should be added when creating a proxy certificate + +# This goes against PKIX guidelines but some CAs do it and some software +# requires this to avoid interpreting an end user certificate as a CA. + +basicConstraints=CA:FALSE + +# This is typical in keyUsage for a client certificate. +# keyUsage = nonRepudiation, digitalSignature, keyEncipherment + +# PKIX recommendations harmless if included in all certificates. +subjectKeyIdentifier=hash +authorityKeyIdentifier=keyid,issuer + +# This stuff is for subjectAltName and issuerAltname. +# Import the email address. +# subjectAltName=email:copy +# An alternative to produce certificates that aren't +# deprecated according to PKIX. +# subjectAltName=email:move + +# Copy subject details +# issuerAltName=issuer:copy + +# This really needs to be in place for it to be a proxy certificate. +proxyCertInfo=critical,language:id-ppl-anyLanguage,pathlen:3,policy:foo + +#################################################################### +[ tsa ] + +default_tsa = tsa_config1 # the default TSA section + +[ tsa_config1 ] + +# These are used by the TSA reply generation only. +dir = ./demoCA # TSA root directory +serial = $dir/tsaserial # The current serial number (mandatory) +crypto_device = builtin # OpenSSL engine to use for signing +signer_cert = $dir/tsacert.pem # The TSA signing certificate + # (optional) +certs = $dir/cacert.pem # Certificate chain to include in reply + # (optional) +signer_key = $dir/private/tsakey.pem # The TSA private key (optional) +signer_digest = sha256 # Signing digest to use. (Optional) +default_policy = tsa_policy1 # Policy if request did not specify it + # (optional) +other_policies = tsa_policy2, tsa_policy3 # acceptable policies (optional) +digests = sha1, sha256, sha384, sha512 # Acceptable message digests (mandatory) +accuracy = secs:1, millisecs:500, microsecs:100 # (optional) +clock_precision_digits = 0 # number of digits after dot. (optional) +ordering = yes # Is ordering defined for timestamps? + # (optional, default: no) +tsa_name = yes # Must the TSA name be included in the reply? + # (optional, default: no) +ess_cert_id_chain = no # Must the ESS cert id chain be included? + # (optional, default: no) +ess_cert_id_alg = sha1 # algorithm to compute certificate + # identifier (optional, default: sha1) + +[insta] # CMP using Insta Demo CA +# Message transfer +server = pki.certificate.fi:8700 +# proxy = # set this as far as needed, e.g., http://192.168.1.1:8080 +# tls_use = 0 +path = pkix/ + +# Server authentication +recipient = "/C=FI/O=Insta Demo/CN=Insta Demo CA" # or set srvcert or issuer +ignore_keyusage = 1 # potentially needed quirk +unprotected_errors = 1 # potentially needed quirk +extracertsout = insta.extracerts.pem + +# Client authentication +ref = 3078 # user identification +secret = pass:insta # can be used for both client and server side + +# Generic message options +cmd = ir # default operation, can be overridden on cmd line with, e.g., kur + +# Certificate enrollment +subject = "/CN=openssl-cmp-test" +newkey = insta.priv.pem +out_trusted = insta.ca.crt +certout = insta.cert.pem + +[pbm] # Password-based protection for Insta CA +# Server and client authentication +ref = $insta::ref # 3078 +secret = $insta::secret # pass:insta + +[signature] # Signature-based protection for Insta CA +# Server authentication +trusted = insta.ca.crt # does not include keyUsage digitalSignature + +# Client authentication +secret = # disable PBM +key = $insta::newkey # insta.priv.pem +cert = $insta::certout # insta.cert.pem + +[ir] +cmd = ir + +[cr] +cmd = cr + +[kur] +# Certificate update +cmd = kur +oldcert = $insta::certout # insta.cert.pem + +[rr] +# Certificate revocation +cmd = rr +oldcert = $insta::certout # insta.cert.pem diff --git a/pkgs/development/libraries/openssl/default.nix b/pkgs/development/libraries/openssl/default.nix index 9acbca259c65..9bc8a1eb7a9c 100644 --- a/pkgs/development/libraries/openssl/default.nix +++ b/pkgs/development/libraries/openssl/default.nix @@ -7,6 +7,8 @@ # This will cause c_rehash to refer to perl via the environment, but otherwise # will produce a perfectly functional openssl binary and library. , withPerl ? stdenv.hostPlatform == stdenv.buildPlatform +# path to openssl.cnf file. will be placed in $etc/etc/ssl/openssl.cnf to replace the default +, conf ? null , removeReferencesTo }: @@ -192,6 +194,8 @@ let rm -r $etc/etc/ssl/misc rmdir $etc/etc/ssl/{certs,private} + + ${lib.optionalString (conf != null) "cat ${conf} > $etc/etc/ssl/openssl.cnf"} ''; postFixup = lib.optionalString (!stdenv.hostPlatform.isWindows) '' diff --git a/pkgs/top-level/all-packages.nix b/pkgs/top-level/all-packages.nix index 178f6713fce5..93a81518e77c 100644 --- a/pkgs/top-level/all-packages.nix +++ b/pkgs/top-level/all-packages.nix @@ -21745,6 +21745,10 @@ with pkgs; openssl = openssl_3; + openssl_legacy = openssl.override { + conf = ../development/libraries/openssl/3.0/legacy.cnf; + }; + inherit (callPackages ../development/libraries/openssl { }) openssl_1_1 openssl_3; From f06f950183ee5e124486b2bb64bf6ef0fcdfed1e Mon Sep 17 00:00:00 2001 From: ajs124 Date: Mon, 21 Nov 2022 01:49:25 +0100 Subject: [PATCH 104/132] Revert "Revert "python3: pin to openssl_1_1"" This reverts commit 017fd895276dc0e45e9a596b1aa1ad199bfc7c4d. --- .../interpreters/python/cpython/default.nix | 13 +++++++++---- 1 file changed, 9 insertions(+), 4 deletions(-) diff --git a/pkgs/development/interpreters/python/cpython/default.nix b/pkgs/development/interpreters/python/cpython/default.nix index e84b4918afb8..424258167150 100644 --- a/pkgs/development/interpreters/python/cpython/default.nix +++ b/pkgs/development/interpreters/python/cpython/default.nix @@ -7,6 +7,7 @@ , mailcap, mimetypesSupport ? true , ncurses , openssl +, openssl_1_1 , readline , sqlite , tcl ? null, tk ? null, tix ? null, libX11 ? null, xorgproto ? null, x11Support ? false @@ -76,6 +77,10 @@ assert lib.assertMsg (reproducibleBuild -> (!rebuildBytecode)) with lib; let + # cpython does support/build with openssl 3.0, but some libraries using the ssl module seem to have issues with it + # null check for Minimal + openssl' = if openssl != null then openssl_1_1 else null; + buildPackages = pkgsBuildHost; inherit (passthru) pythonForBuild; @@ -116,7 +121,7 @@ let ]; buildInputs = filter (p: p != null) ([ - zlib bzip2 expat xz libffi gdbm sqlite readline ncurses openssl ] + zlib bzip2 expat xz libffi gdbm sqlite readline ncurses openssl' ] ++ optionals x11Support [ tcl tk libX11 xorgproto ] ++ optionals (bluezSupport && stdenv.isLinux) [ bluez ] ++ optionals stdenv.isDarwin [ configd ]) @@ -322,8 +327,8 @@ in with passthru; stdenv.mkDerivation { "--with-threads" ] ++ optionals (sqlite != null && isPy3k) [ "--enable-loadable-sqlite-extensions" - ] ++ optionals (openssl != null) [ - "--with-openssl=${openssl.dev}" + ] ++ optionals (openssl' != null) [ + "--with-openssl=${openssl'.dev}" ] ++ optionals (stdenv.hostPlatform != stdenv.buildPlatform) [ "ac_cv_buggy_getaddrinfo=no" # Assume little-endian IEEE 754 floating point when cross compiling @@ -488,7 +493,7 @@ in with passthru; stdenv.mkDerivation { # Enforce that we don't have references to the OpenSSL -dev package, which we # explicitly specify in our configure flags above. disallowedReferences = - lib.optionals (openssl != null && !static) [ openssl.dev ] + lib.optionals (openssl' != null && !static) [ openssl'.dev ] ++ lib.optionals (stdenv.hostPlatform != stdenv.buildPlatform) [ # Ensure we don't have references to build-time packages. # These typically end up in shebangs. From 2b3c729654525b10e1af6a6779c2912e551edd9b Mon Sep 17 00:00:00 2001 From: ajs124 Date: Mon, 21 Nov 2022 01:50:53 +0100 Subject: [PATCH 105/132] python3: use openssl_legacy --- pkgs/development/interpreters/python/cpython/default.nix | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/pkgs/development/interpreters/python/cpython/default.nix b/pkgs/development/interpreters/python/cpython/default.nix index 424258167150..8fbcd7027ae9 100644 --- a/pkgs/development/interpreters/python/cpython/default.nix +++ b/pkgs/development/interpreters/python/cpython/default.nix @@ -7,7 +7,7 @@ , mailcap, mimetypesSupport ? true , ncurses , openssl -, openssl_1_1 +, openssl_legacy , readline , sqlite , tcl ? null, tk ? null, tix ? null, libX11 ? null, xorgproto ? null, x11Support ? false @@ -77,9 +77,9 @@ assert lib.assertMsg (reproducibleBuild -> (!rebuildBytecode)) with lib; let - # cpython does support/build with openssl 3.0, but some libraries using the ssl module seem to have issues with it + # some python packages need legacy ciphers, so we're using openssl 3, but with that config # null check for Minimal - openssl' = if openssl != null then openssl_1_1 else null; + openssl' = if openssl != null then openssl_legacy else null; buildPackages = pkgsBuildHost; inherit (passthru) pythonForBuild; From 578b6d336f28f48c762d0d90d2db56791ba031df Mon Sep 17 00:00:00 2001 From: ajs124 Date: Mon, 21 Nov 2022 01:51:21 +0100 Subject: [PATCH 106/132] Revert "openldap: disable failing test" This reverts commit 66e6f6f8522001975334b9a27538fc0d8b1adfe4. --- pkgs/development/libraries/openldap/default.nix | 2 -- 1 file changed, 2 deletions(-) diff --git a/pkgs/development/libraries/openldap/default.nix b/pkgs/development/libraries/openldap/default.nix index 5db0a7c8bfa9..97a84356f818 100644 --- a/pkgs/development/libraries/openldap/default.nix +++ b/pkgs/development/libraries/openldap/default.nix @@ -92,8 +92,6 @@ stdenv.mkDerivation rec { preCheck = '' substituteInPlace tests/scripts/all \ --replace "/bin/rm" "rm" - # fails saying "SASL(-1): generic failure: internal error: failed to init cipher 'rc4'" - rm tests/scripts/test076-authid-rewrite ''; doCheck = true; From ff4dcc5559fee6f139c4e8c951888b98563f1194 Mon Sep 17 00:00:00 2001 From: ajs124 Date: Mon, 21 Nov 2022 01:52:51 +0100 Subject: [PATCH 107/132] openldap: use openssl_legacy --- pkgs/top-level/all-packages.nix | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/pkgs/top-level/all-packages.nix b/pkgs/top-level/all-packages.nix index 93a81518e77c..dd5015c224e8 100644 --- a/pkgs/top-level/all-packages.nix +++ b/pkgs/top-level/all-packages.nix @@ -21689,7 +21689,9 @@ with pkgs; openexrid-unstable = callPackage ../development/libraries/openexrid-unstable { }; - openldap = callPackage ../development/libraries/openldap { }; + openldap = callPackage ../development/libraries/openldap { + openssl = openssl_legacy; + }; opencolorio = darwin.apple_sdk_11_0.callPackage ../development/libraries/opencolorio { inherit (darwin.apple_sdk_11_0.frameworks) Carbon GLUT Cocoa; From 82fe3d27fbe6faa9b2523f3162dbbfcb50903aa6 Mon Sep 17 00:00:00 2001 From: toonn Date: Sat, 29 Oct 2022 16:07:26 +0200 Subject: [PATCH 108/132] rsync: 3.2.6 -> 3.2.7 --- pkgs/applications/networking/sync/rsync/default.nix | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/pkgs/applications/networking/sync/rsync/default.nix b/pkgs/applications/networking/sync/rsync/default.nix index f172a7fc420b..52ff6a5c108a 100644 --- a/pkgs/applications/networking/sync/rsync/default.nix +++ b/pkgs/applications/networking/sync/rsync/default.nix @@ -20,12 +20,12 @@ stdenv.mkDerivation rec { pname = "rsync"; - version = "3.2.6"; + version = "3.2.7"; src = fetchurl { # signed with key 0048 C8B0 26D4 C96F 0E58 9C2F 6C85 9FB1 4B96 A8C5 url = "mirror://samba/rsync/src/rsync-${version}.tar.gz"; - sha256 = "sha256-+zNlurJ4N9Qf6vQulnxXvTpHvI8Qdlo2ce/Wo4NUVNM="; + sha256 = "sha256-Tn2dP27RCHjFjF+3JKZ9rPS2qsc0CxPkiPstxBNG8rs="; }; nativeBuildInputs = [ perl ]; From 304d0412a8ed30821f5a3b738adcc7a4a94af7bd Mon Sep 17 00:00:00 2001 From: Louis Bettens Date: Sat, 19 Nov 2022 09:59:34 +0100 Subject: [PATCH 109/132] python3Packages.cryptography: 38.0.1 -> 38.0.3 --- pkgs/development/python-modules/cryptography/default.nix | 6 +++--- pkgs/development/python-modules/cryptography/vectors.nix | 2 +- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/pkgs/development/python-modules/cryptography/default.nix b/pkgs/development/python-modules/cryptography/default.nix index c80e9a119941..0bbc30cd23c2 100644 --- a/pkgs/development/python-modules/cryptography/default.nix +++ b/pkgs/development/python-modules/cryptography/default.nix @@ -27,19 +27,19 @@ let in buildPythonPackage rec { pname = "cryptography"; - version = "38.0.1"; # Also update the hash in vectors.nix + version = "38.0.3"; # Also update the hash in vectors.nix disabled = pythonOlder "3.6"; src = fetchPypi { inherit pname version; - hash = "sha256-HbPYB6FJMfoxf5ZDVpXZ7Dhr57hLYYzGHPpdCLCuM9c="; + hash = "sha256-v75u4ZYVsHqYsdIofWpgc/c0c1tJ7kWxEyTYXvxNXL0="; }; cargoDeps = rustPlatform.fetchCargoTarball { inherit src; sourceRoot = "${pname}-${version}/${cargoRoot}"; name = "${pname}-${version}"; - hash = "sha256-o8l13fnfEUvUdDasq3LxSPArozRHKVsZfQg9DNR6M6Q="; + hash = "sha256-lzHLW1N4hZj+nn08NZiPVM/X+SEcIsuZDjEOy0OOkSc="; }; cargoRoot = "src/rust"; diff --git a/pkgs/development/python-modules/cryptography/vectors.nix b/pkgs/development/python-modules/cryptography/vectors.nix index 7f33c6cb84f3..f4573a79d102 100644 --- a/pkgs/development/python-modules/cryptography/vectors.nix +++ b/pkgs/development/python-modules/cryptography/vectors.nix @@ -8,7 +8,7 @@ buildPythonPackage rec { src = fetchPypi { pname = "cryptography_vectors"; inherit version; - hash = "sha256-BDH9EHwfutA3dwSnBRlFs7ORFp/dxPb6C9TtxrbiNd0="; + hash = "sha256-HNr9QvU0jXfk5+R5Gu/R9isWvVUqAnSvyTRlM/4y6SU="; }; # No tests included From 40d493c5fbe1755c3bda076134e22b1bfdbdbc5a Mon Sep 17 00:00:00 2001 From: Artturin Date: Mon, 21 Nov 2022 20:29:12 +0200 Subject: [PATCH 110/132] gobject-introspection: use overrideAttrs in the wrapper this way we preserve all the attributes gobject-introspection: use buildCommand and eval fixupPhase --- .../gobject-introspection/wrapper.nix | 128 +++++++++--------- 1 file changed, 63 insertions(+), 65 deletions(-) diff --git a/pkgs/development/libraries/gobject-introspection/wrapper.nix b/pkgs/development/libraries/gobject-introspection/wrapper.nix index d59cbe6faffa..6ac3224b2d56 100644 --- a/pkgs/development/libraries/gobject-introspection/wrapper.nix +++ b/pkgs/development/libraries/gobject-introspection/wrapper.nix @@ -30,78 +30,76 @@ in # wrap both pkgsCrossX.buildPackages.gobject-introspection and {pkgs,pkgsSomethingExecutableOnBuildSystem).buildPackages.gobject-introspection if (!stdenv.hostPlatform.canExecute stdenv.targetPlatform) && stdenv.targetPlatform.emulatorAvailable buildPackages then - stdenv.mkDerivation - (builtins.removeAttrs overridenUnwrappedGir.drvAttrs [ "name" ] # so we can get a fresh name generated from the pname - // { + overridenUnwrappedGir.overrideAttrs + (previousAttrs: + { - inherit (overridenUnwrappedGir) meta; + pname = "gobject-introspection-wrapped"; + passthru = previousAttrs.passthru // { + unwrapped = overridenUnwrappedGir; + }; + dontStrip = true; + depsTargetTargetPropagated = [ overridenTargetUnwrappedGir ]; + buildCommand = '' + eval fixupPhase + ${lib.concatMapStrings (output: '' + mkdir -p ${"$" + "${output}"} + ${lib.getExe buildPackages.xorg.lndir} ${overridenUnwrappedGir.${output}} ${"$" + "${output}"} + '') overridenUnwrappedGir.outputs} + + cp $dev/bin/g-ir-compiler $dev/bin/.g-ir-compiler-wrapped + cp $dev/bin/g-ir-scanner $dev/bin/.g-ir-scanner-wrapped + + ( + rm "$dev/bin/g-ir-compiler" + rm "$dev/bin/g-ir-scanner" + export bash="${buildPackages.bash}" + export emulator=${lib.escapeShellArg (stdenv.targetPlatform.emulator buildPackages)} + export emulatorwrapper="$dev/bin/g-ir-scanner-qemuwrapper" + export buildlddtree="${buildPackages.pax-utils}/bin/lddtree" + + export targetgir="${lib.getDev overridenTargetUnwrappedGir}" + + substituteAll "${./wrappers/g-ir-compiler.sh}" "$dev/bin/g-ir-compiler" + substituteAll "${./wrappers/g-ir-scanner.sh}" "$dev/bin/g-ir-scanner" + substituteAll "${./wrappers/g-ir-scanner-lddwrapper.sh}" "$dev/bin/g-ir-scanner-lddwrapper" + substituteAll "${./wrappers/g-ir-scanner-qemuwrapper.sh}" "$dev/bin/g-ir-scanner-qemuwrapper" + chmod +x $dev/bin/g-ir-compiler + chmod +x $dev/bin/g-ir-scanner* + ) + '' + # when cross-compiling and using the wrapper then when a package looks up the g_ir_X + # variable with pkg-config they'll get the host version which can't be run + # override the variable to use the absolute path to g_ir_X in PATH which can be run + + '' + cat >> $dev/nix-support/setup-hook <<-'EOF' + override-pkg-config-gir-variables() { + PKG_CONFIG_GOBJECT_INTROSPECTION_1_0_G_IR_SCANNER="$(type -p g-ir-scanner)" + PKG_CONFIG_GOBJECT_INTROSPECTION_1_0_G_IR_COMPILER="$(type -p g-ir-compiler)" + PKG_CONFIG_GOBJECT_INTROSPECTION_1_0_G_IR_GENERATE="$(type -p g-ir-generate)" + export PKG_CONFIG_GOBJECT_INTROSPECTION_1_0_G_IR_SCANNER + export PKG_CONFIG_GOBJECT_INTROSPECTION_1_0_G_IR_COMPILER + export PKG_CONFIG_GOBJECT_INTROSPECTION_1_0_G_IR_GENERATE + } + + preConfigureHooks+=(override-pkg-config-gir-variables) + EOF + ''; + }) +else + overridenUnwrappedGir.overrideAttrs (previousAttrs: + { pname = "gobject-introspection-wrapped"; - passthru = overridenUnwrappedGir.passthru // { + passthru = previousAttrs.passthru // { unwrapped = overridenUnwrappedGir; }; - phases = [ "fixupPhase" ]; # don't remove, it is valid to set phases here. dontStrip = true; depsTargetTargetPropagated = [ overridenTargetUnwrappedGir ]; - postFixup = '' + buildCommand = '' + eval fixupPhase ${lib.concatMapStrings (output: '' mkdir -p ${"$" + "${output}"} - ${lib.getExe buildPackages.xorg.lndir} ${gobject-introspection-unwrapped.${output}} ${"$" + "${output}"} - '') gobject-introspection-unwrapped.outputs} - - cp $dev/bin/g-ir-compiler $dev/bin/.g-ir-compiler-wrapped - cp $dev/bin/g-ir-scanner $dev/bin/.g-ir-scanner-wrapped - - ( - rm "$dev/bin/g-ir-compiler" - rm "$dev/bin/g-ir-scanner" - export bash="${buildPackages.bash}" - export emulator=${lib.escapeShellArg (stdenv.targetPlatform.emulator buildPackages)} - export emulatorwrapper="$dev/bin/g-ir-scanner-qemuwrapper" - export buildlddtree="${buildPackages.pax-utils}/bin/lddtree" - - export targetgir="${lib.getDev overridenTargetUnwrappedGir}" - - substituteAll "${./wrappers/g-ir-compiler.sh}" "$dev/bin/g-ir-compiler" - substituteAll "${./wrappers/g-ir-scanner.sh}" "$dev/bin/g-ir-scanner" - substituteAll "${./wrappers/g-ir-scanner-lddwrapper.sh}" "$dev/bin/g-ir-scanner-lddwrapper" - substituteAll "${./wrappers/g-ir-scanner-qemuwrapper.sh}" "$dev/bin/g-ir-scanner-qemuwrapper" - chmod +x $dev/bin/g-ir-compiler - chmod +x $dev/bin/g-ir-scanner* - ) - '' - # when cross-compiling and using the wrapper then when a package looks up the g_ir_X - # variable with pkg-config they'll get the host version which can't be run - # override the variable to use the absolute path to g_ir_X in PATH which can be run - + '' - cat >> $dev/nix-support/setup-hook <<-'EOF' - override-pkg-config-gir-variables() { - PKG_CONFIG_GOBJECT_INTROSPECTION_1_0_G_IR_SCANNER="$(type -p g-ir-scanner)" - PKG_CONFIG_GOBJECT_INTROSPECTION_1_0_G_IR_COMPILER="$(type -p g-ir-compiler)" - PKG_CONFIG_GOBJECT_INTROSPECTION_1_0_G_IR_GENERATE="$(type -p g-ir-generate)" - export PKG_CONFIG_GOBJECT_INTROSPECTION_1_0_G_IR_SCANNER - export PKG_CONFIG_GOBJECT_INTROSPECTION_1_0_G_IR_COMPILER - export PKG_CONFIG_GOBJECT_INTROSPECTION_1_0_G_IR_GENERATE - } - - preConfigureHooks+=(override-pkg-config-gir-variables) - EOF + ${lib.getExe buildPackages.xorg.lndir} ${overridenUnwrappedGir.${output}} ${"$" + "${output}"} + '') overridenUnwrappedGir.outputs} ''; }) -else - stdenv.mkDerivation (builtins.removeAttrs overridenUnwrappedGir.drvAttrs [ "name" ] # so we can get a fresh name generated from the pname - // { - inherit (overridenUnwrappedGir) meta; - pname = "gobject-introspection-wrapped"; - passthru = overridenUnwrappedGir.passthru // { - unwrapped = overridenUnwrappedGir; - }; - phases = [ "fixupPhase" ]; # don't remove, it is valid to set phases here. - dontStrip = true; - depsTargetTargetPropagated = [ overridenTargetUnwrappedGir ]; - postFixup = '' - ${lib.concatMapStrings (output: '' - mkdir -p ${"$" + "${output}"} - ${lib.getExe buildPackages.xorg.lndir} ${gobject-introspection-unwrapped.${output}} ${"$" + "${output}"} - '') gobject-introspection-unwrapped.outputs} - ''; - }) From 559ae3789ada45b17c5894a028966e1686a85d6d Mon Sep 17 00:00:00 2001 From: Jean-Paul Calderone Date: Mon, 21 Nov 2022 14:03:28 -0500 Subject: [PATCH 111/132] findutils: Fix the build on Android by disabling hardening This fixes many instances of: ``` error: use of undeclared identifier '__USE_FORTIFY_LEVEL' ``` --- pkgs/tools/misc/findutils/default.nix | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/pkgs/tools/misc/findutils/default.nix b/pkgs/tools/misc/findutils/default.nix index 3c3b15962a7b..62f39492437e 100644 --- a/pkgs/tools/misc/findutils/default.nix +++ b/pkgs/tools/misc/findutils/default.nix @@ -60,6 +60,11 @@ stdenv.mkDerivation rec { enableParallelBuilding = true; + # bionic libc is super weird and has issues with fortify outside of its own libc, check this comment: + # https://github.com/NixOS/nixpkgs/pull/192630#discussion_r978985593 + # or you can check libc/include/sys/cdefs.h in bionic source code + hardeningDisable = lib.optional (stdenv.hostPlatform.libc == "bionic") "fortify"; + meta = { homepage = "https://www.gnu.org/software/findutils/"; description = "GNU Find Utilities, the basic directory searching utilities of the GNU operating system"; From 67f11a2185dba0851c520e617526b65d82fb8c5b Mon Sep 17 00:00:00 2001 From: Josh Channings Date: Mon, 14 Nov 2022 01:31:26 +0000 Subject: [PATCH 112/132] libcxx: Link libc++.dylib to matching libc++abi.dylib Same adjustment as made for libc++abi in #185766, for the same reason: the unamended dylib links to the libc++abi in the build stdenv, which is the wrong version. Tested on Darwin with LLVM 14 stdenv, but the phase is added to all versions, including 11 - so this will cause a mass rebuild. See: https://github.com/NixOS/nixpkgs/pull/185766 --- .../compilers/llvm/10/libcxx/default.nix | 14 ++++++++++++++ .../compilers/llvm/11/libcxx/default.nix | 14 ++++++++++++++ .../compilers/llvm/12/libcxx/default.nix | 14 ++++++++++++++ .../compilers/llvm/13/libcxx/default.nix | 14 ++++++++++++++ .../compilers/llvm/14/libcxx/default.nix | 14 ++++++++++++++ .../compilers/llvm/5/libcxx/default.nix | 14 ++++++++++++++ .../compilers/llvm/6/libcxx/default.nix | 14 ++++++++++++++ .../compilers/llvm/7/libcxx/default.nix | 14 ++++++++++++++ .../compilers/llvm/8/libcxx/default.nix | 14 ++++++++++++++ .../compilers/llvm/9/libcxx/default.nix | 14 ++++++++++++++ .../compilers/llvm/git/libcxx/default.nix | 14 ++++++++++++++ 11 files changed, 154 insertions(+) diff --git a/pkgs/development/compilers/llvm/10/libcxx/default.nix b/pkgs/development/compilers/llvm/10/libcxx/default.nix index 6a4e645bb300..bf3ddeb58c30 100644 --- a/pkgs/development/compilers/llvm/10/libcxx/default.nix +++ b/pkgs/development/compilers/llvm/10/libcxx/default.nix @@ -51,6 +51,20 @@ stdenv.mkDerivation { "-DLIBCXX_ENABLE_EXCEPTIONS=OFF" ] ++ lib.optional (!enableShared) "-DLIBCXX_ENABLE_SHARED=OFF"; + preInstall = lib.optionalString (stdenv.isDarwin) '' + for file in lib/*.dylib; do + if [ -L "$file" ]; then continue; fi + + baseName=$(basename $(otool -D $file | tail -n 1)) + installName="$out/lib/$baseName" + abiName=$(echo "$baseName" | sed -e 's/libc++/libc++abi/') + + for other in $(otool -L $file | awk '$1 ~ "/libc\\+\\+abi" { print $1 }'); do + ${stdenv.cc.targetPrefix}install_name_tool -change $other ${libcxxabi}/lib/$abiName $file + done + done + ''; + passthru = { isLLVM = true; }; diff --git a/pkgs/development/compilers/llvm/11/libcxx/default.nix b/pkgs/development/compilers/llvm/11/libcxx/default.nix index 2a83b36fc425..135fed03beef 100644 --- a/pkgs/development/compilers/llvm/11/libcxx/default.nix +++ b/pkgs/development/compilers/llvm/11/libcxx/default.nix @@ -67,6 +67,20 @@ stdenv.mkDerivation { stdenv.hostPlatform != stdenv.buildPlatform ) "-DCMAKE_SYSTEM_VERSION=20.1.0"; + preInstall = lib.optionalString (stdenv.isDarwin) '' + for file in lib/*.dylib; do + if [ -L "$file" ]; then continue; fi + + baseName=$(basename $(otool -D $file | tail -n 1)) + installName="$out/lib/$baseName" + abiName=$(echo "$baseName" | sed -e 's/libc++/libc++abi/') + + for other in $(otool -L $file | awk '$1 ~ "/libc\\+\\+abi" { print $1 }'); do + ${stdenv.cc.targetPrefix}install_name_tool -change $other ${libcxxabi}/lib/$abiName $file + done + done + ''; + passthru = { isLLVM = true; }; diff --git a/pkgs/development/compilers/llvm/12/libcxx/default.nix b/pkgs/development/compilers/llvm/12/libcxx/default.nix index 1386d3680f91..fdd1690310c5 100644 --- a/pkgs/development/compilers/llvm/12/libcxx/default.nix +++ b/pkgs/development/compilers/llvm/12/libcxx/default.nix @@ -42,6 +42,20 @@ stdenv.mkDerivation { "-DLIBCXX_ENABLE_EXCEPTIONS=OFF" ] ++ lib.optional (!enableShared) "-DLIBCXX_ENABLE_SHARED=OFF"; + preInstall = lib.optionalString (stdenv.isDarwin) '' + for file in lib/*.dylib; do + if [ -L "$file" ]; then continue; fi + + baseName=$(basename $(otool -D $file | tail -n 1)) + installName="$out/lib/$baseName" + abiName=$(echo "$baseName" | sed -e 's/libc++/libc++abi/') + + for other in $(otool -L $file | awk '$1 ~ "/libc\\+\\+abi" { print $1 }'); do + ${stdenv.cc.targetPrefix}install_name_tool -change $other ${libcxxabi}/lib/$abiName $file + done + done + ''; + passthru = { isLLVM = true; }; diff --git a/pkgs/development/compilers/llvm/13/libcxx/default.nix b/pkgs/development/compilers/llvm/13/libcxx/default.nix index 0ce73ed97af6..664e593d3de7 100644 --- a/pkgs/development/compilers/llvm/13/libcxx/default.nix +++ b/pkgs/development/compilers/llvm/13/libcxx/default.nix @@ -46,6 +46,20 @@ stdenv.mkDerivation rec { buildFlags = lib.optional headersOnly "generate-cxx-headers"; installTargets = lib.optional headersOnly "install-cxx-headers"; + preInstall = lib.optionalString (stdenv.isDarwin && !headersOnly) '' + for file in lib/*.dylib; do + if [ -L "$file" ]; then continue; fi + + baseName=$(basename $(otool -D $file | tail -n 1)) + installName="$out/lib/$baseName" + abiName=$(echo "$baseName" | sed -e 's/libc++/libc++abi/') + + for other in $(otool -L $file | awk '$1 ~ "/libc\\+\\+abi" { print $1 }'); do + ${stdenv.cc.targetPrefix}install_name_tool -change $other ${libcxxabi}/lib/$abiName $file + done + done + ''; + # At this point, cxxabi headers would be installed in the dev output, which # prevents moveToOutput from doing its job later in the build process. postInstall = lib.optionalString (!headersOnly) '' diff --git a/pkgs/development/compilers/llvm/14/libcxx/default.nix b/pkgs/development/compilers/llvm/14/libcxx/default.nix index 0a684782d490..a637cdbab770 100644 --- a/pkgs/development/compilers/llvm/14/libcxx/default.nix +++ b/pkgs/development/compilers/llvm/14/libcxx/default.nix @@ -62,6 +62,20 @@ stdenv.mkDerivation rec { buildFlags = lib.optional headersOnly "generate-cxx-headers"; installTargets = lib.optional headersOnly "install-cxx-headers"; + preInstall = lib.optionalString (stdenv.isDarwin && !headersOnly) '' + for file in lib/*.dylib; do + if [ -L "$file" ]; then continue; fi + + baseName=$(basename $(otool -D $file | tail -n 1)) + installName="$out/lib/$baseName" + abiName=$(echo "$baseName" | sed -e 's/libc++/libc++abi/') + + for other in $(otool -L $file | awk '$1 ~ "/libc\\+\\+abi" { print $1 }'); do + ${stdenv.cc.targetPrefix}install_name_tool -change $other ${libcxxabi}/lib/$abiName $file + done + done + ''; + passthru = { isLLVM = true; }; diff --git a/pkgs/development/compilers/llvm/5/libcxx/default.nix b/pkgs/development/compilers/llvm/5/libcxx/default.nix index 44026fba187b..f0ed61a153f7 100644 --- a/pkgs/development/compilers/llvm/5/libcxx/default.nix +++ b/pkgs/development/compilers/llvm/5/libcxx/default.nix @@ -41,6 +41,20 @@ stdenv.mkDerivation { "-DLIBCXX_CXX_ABI=libcxxabi" ] ++ lib.optional stdenv.hostPlatform.isMusl "-DLIBCXX_HAS_MUSL_LIBC=1"; + preInstall = lib.optionalString (stdenv.isDarwin) '' + for file in lib/*.dylib; do + if [ -L "$file" ]; then continue; fi + + baseName=$(basename $(otool -D $file | tail -n 1)) + installName="$out/lib/$baseName" + abiName=$(echo "$baseName" | sed -e 's/libc++/libc++abi/') + + for other in $(otool -L $file | awk '$1 ~ "/libc\\+\\+abi" { print $1 }'); do + ${stdenv.cc.targetPrefix}install_name_tool -change $other ${libcxxabi}/lib/$abiName $file + done + done + ''; + passthru = { isLLVM = true; }; diff --git a/pkgs/development/compilers/llvm/6/libcxx/default.nix b/pkgs/development/compilers/llvm/6/libcxx/default.nix index 7077081c5917..1eb3b121d500 100644 --- a/pkgs/development/compilers/llvm/6/libcxx/default.nix +++ b/pkgs/development/compilers/llvm/6/libcxx/default.nix @@ -47,6 +47,20 @@ stdenv.mkDerivation { "-DLIBCXX_CXX_ABI=libcxxabi" ] ++ lib.optional stdenv.hostPlatform.isMusl "-DLIBCXX_HAS_MUSL_LIBC=1"; + preInstall = lib.optionalString (stdenv.isDarwin) '' + for file in lib/*.dylib; do + if [ -L "$file" ]; then continue; fi + + baseName=$(basename $(otool -D $file | tail -n 1)) + installName="$out/lib/$baseName" + abiName=$(echo "$baseName" | sed -e 's/libc++/libc++abi/') + + for other in $(otool -L $file | awk '$1 ~ "/libc\\+\\+abi" { print $1 }'); do + ${stdenv.cc.targetPrefix}install_name_tool -change $other ${libcxxabi}/lib/$abiName $file + done + done + ''; + passthru = { isLLVM = true; }; diff --git a/pkgs/development/compilers/llvm/7/libcxx/default.nix b/pkgs/development/compilers/llvm/7/libcxx/default.nix index 07d84432d422..b163ceb09f9e 100644 --- a/pkgs/development/compilers/llvm/7/libcxx/default.nix +++ b/pkgs/development/compilers/llvm/7/libcxx/default.nix @@ -52,6 +52,20 @@ stdenv.mkDerivation { ++ lib.optional (stdenv.hostPlatform.useLLVM or false) "-DLIBCXX_USE_COMPILER_RT=ON" ++ lib.optional (!enableShared) "-DLIBCXX_ENABLE_SHARED=OFF" ; + preInstall = lib.optionalString (stdenv.isDarwin) '' + for file in lib/*.dylib; do + if [ -L "$file" ]; then continue; fi + + baseName=$(basename $(otool -D $file | tail -n 1)) + installName="$out/lib/$baseName" + abiName=$(echo "$baseName" | sed -e 's/libc++/libc++abi/') + + for other in $(otool -L $file | awk '$1 ~ "/libc\\+\\+abi" { print $1 }'); do + ${stdenv.cc.targetPrefix}install_name_tool -change $other ${libcxxabi}/lib/$abiName $file + done + done + ''; + passthru = { isLLVM = true; }; diff --git a/pkgs/development/compilers/llvm/8/libcxx/default.nix b/pkgs/development/compilers/llvm/8/libcxx/default.nix index 536801129218..db6059e2ea27 100644 --- a/pkgs/development/compilers/llvm/8/libcxx/default.nix +++ b/pkgs/development/compilers/llvm/8/libcxx/default.nix @@ -55,6 +55,20 @@ stdenv.mkDerivation { "-DLIBCXX_ENABLE_EXCEPTIONS=OFF" ] ++ lib.optional (!enableShared) "-DLIBCXX_ENABLE_SHARED=OFF"; + preInstall = lib.optionalString (stdenv.isDarwin) '' + for file in lib/*.dylib; do + if [ -L "$file" ]; then continue; fi + + baseName=$(basename $(otool -D $file | tail -n 1)) + installName="$out/lib/$baseName" + abiName=$(echo "$baseName" | sed -e 's/libc++/libc++abi/') + + for other in $(otool -L $file | awk '$1 ~ "/libc\\+\\+abi" { print $1 }'); do + ${stdenv.cc.targetPrefix}install_name_tool -change $other ${libcxxabi}/lib/$abiName $file + done + done + ''; + passthru = { isLLVM = true; }; diff --git a/pkgs/development/compilers/llvm/9/libcxx/default.nix b/pkgs/development/compilers/llvm/9/libcxx/default.nix index 31a00ba54859..6682ec6799b2 100644 --- a/pkgs/development/compilers/llvm/9/libcxx/default.nix +++ b/pkgs/development/compilers/llvm/9/libcxx/default.nix @@ -51,6 +51,20 @@ stdenv.mkDerivation { "-DLIBCXX_ENABLE_EXCEPTIONS=OFF" ] ++ lib.optional (!enableShared) "-DLIBCXX_ENABLE_SHARED=OFF"; + preInstall = lib.optionalString (stdenv.isDarwin) '' + for file in lib/*.dylib; do + if [ -L "$file" ]; then continue; fi + + baseName=$(basename $(otool -D $file | tail -n 1)) + installName="$out/lib/$baseName" + abiName=$(echo "$baseName" | sed -e 's/libc++/libc++abi/') + + for other in $(otool -L $file | awk '$1 ~ "/libc\\+\\+abi" { print $1 }'); do + ${stdenv.cc.targetPrefix}install_name_tool -change $other ${libcxxabi}/lib/$abiName $file + done + done + ''; + passthru = { isLLVM = true; }; diff --git a/pkgs/development/compilers/llvm/git/libcxx/default.nix b/pkgs/development/compilers/llvm/git/libcxx/default.nix index 5e1f875bf338..f06459258def 100644 --- a/pkgs/development/compilers/llvm/git/libcxx/default.nix +++ b/pkgs/development/compilers/llvm/git/libcxx/default.nix @@ -76,6 +76,20 @@ stdenv.mkDerivation rec { buildFlags = lib.optional headersOnly "generate-cxx-headers"; installTargets = lib.optional headersOnly "install-cxx-headers"; + preInstall = lib.optionalString (stdenv.isDarwin && !headersOnly) '' + for file in lib/*.dylib; do + if [ -L "$file" ]; then continue; fi + + baseName=$(basename $(otool -D $file | tail -n 1)) + installName="$out/lib/$baseName" + abiName=$(echo "$baseName" | sed -e 's/libc++/libc++abi/') + + for other in $(otool -L $file | awk '$1 ~ "/libc\\+\\+abi" { print $1 }'); do + ${stdenv.cc.targetPrefix}install_name_tool -change $other ${libcxxabi}/lib/$abiName $file + done + done + ''; + passthru = { isLLVM = true; }; From 252ea6511df5327518b65043d6813684813c067a Mon Sep 17 00:00:00 2001 From: Josh Channings Date: Tue, 15 Nov 2022 01:54:14 +0000 Subject: [PATCH 113/132] libcxxabi: Skip dylib fixups for version symlinks Apart from being a no-op, this seems to cause the install to make a copy, rather than keeping the symlinks intact. --- pkgs/development/compilers/llvm/10/libcxxabi/default.nix | 2 ++ pkgs/development/compilers/llvm/11/libcxxabi/default.nix | 2 ++ pkgs/development/compilers/llvm/12/libcxxabi/default.nix | 2 ++ pkgs/development/compilers/llvm/13/libcxxabi/default.nix | 2 ++ pkgs/development/compilers/llvm/14/libcxxabi/default.nix | 2 ++ pkgs/development/compilers/llvm/5/libcxxabi/default.nix | 2 ++ pkgs/development/compilers/llvm/6/libcxxabi/default.nix | 2 ++ pkgs/development/compilers/llvm/7/libcxxabi/default.nix | 2 ++ pkgs/development/compilers/llvm/8/libcxxabi/default.nix | 2 ++ pkgs/development/compilers/llvm/9/libcxxabi/default.nix | 2 ++ pkgs/development/compilers/llvm/git/libcxxabi/default.nix | 2 ++ 11 files changed, 22 insertions(+) diff --git a/pkgs/development/compilers/llvm/10/libcxxabi/default.nix b/pkgs/development/compilers/llvm/10/libcxxabi/default.nix index b046e627d831..0af20699a1dd 100644 --- a/pkgs/development/compilers/llvm/10/libcxxabi/default.nix +++ b/pkgs/development/compilers/llvm/10/libcxxabi/default.nix @@ -42,6 +42,8 @@ stdenv.mkDerivation { preInstall = lib.optionalString stdenv.isDarwin '' for file in lib/*.dylib; do + if [ -L "$file" ]; then continue; fi + # Fix up the install name. Preserve the basename, just replace the path. installName="$out/lib/$(basename $(otool -D $file | tail -n 1))" diff --git a/pkgs/development/compilers/llvm/11/libcxxabi/default.nix b/pkgs/development/compilers/llvm/11/libcxxabi/default.nix index 6b5cf85d1ec3..ee410440d500 100644 --- a/pkgs/development/compilers/llvm/11/libcxxabi/default.nix +++ b/pkgs/development/compilers/llvm/11/libcxxabi/default.nix @@ -46,6 +46,8 @@ stdenv.mkDerivation { preInstall = lib.optionalString stdenv.isDarwin '' for file in lib/*.dylib; do + if [ -L "$file" ]; then continue; fi + # Fix up the install name. Preserve the basename, just replace the path. installName="$out/lib/$(basename $(otool -D $file | tail -n 1))" diff --git a/pkgs/development/compilers/llvm/12/libcxxabi/default.nix b/pkgs/development/compilers/llvm/12/libcxxabi/default.nix index 3d9a92d9305d..8d3558a71fe4 100644 --- a/pkgs/development/compilers/llvm/12/libcxxabi/default.nix +++ b/pkgs/development/compilers/llvm/12/libcxxabi/default.nix @@ -44,6 +44,8 @@ stdenv.mkDerivation { preInstall = lib.optionalString stdenv.isDarwin '' for file in lib/*.dylib; do + if [ -L "$file" ]; then continue; fi + # Fix up the install name. Preserve the basename, just replace the path. installName="$out/lib/$(basename $(otool -D $file | tail -n 1))" diff --git a/pkgs/development/compilers/llvm/13/libcxxabi/default.nix b/pkgs/development/compilers/llvm/13/libcxxabi/default.nix index 9043c6bff25b..a744bb514800 100644 --- a/pkgs/development/compilers/llvm/13/libcxxabi/default.nix +++ b/pkgs/development/compilers/llvm/13/libcxxabi/default.nix @@ -41,6 +41,8 @@ stdenv.mkDerivation rec { preInstall = lib.optionalString stdenv.isDarwin '' for file in lib/*.dylib; do + if [ -L "$file" ]; then continue; fi + # Fix up the install name. Preserve the basename, just replace the path. installName="$out/lib/$(basename $(otool -D $file | tail -n 1))" diff --git a/pkgs/development/compilers/llvm/14/libcxxabi/default.nix b/pkgs/development/compilers/llvm/14/libcxxabi/default.nix index 26f4c4dba8e4..731038e86710 100644 --- a/pkgs/development/compilers/llvm/14/libcxxabi/default.nix +++ b/pkgs/development/compilers/llvm/14/libcxxabi/default.nix @@ -52,6 +52,8 @@ stdenv.mkDerivation rec { installPhase = if stdenv.isDarwin then '' for file in lib/*.dylib; do + if [ -L "$file" ]; then continue; fi + # Fix up the install name. Preserve the basename, just replace the path. installName="$out/lib/$(basename $(otool -D $file | tail -n 1))" diff --git a/pkgs/development/compilers/llvm/5/libcxxabi/default.nix b/pkgs/development/compilers/llvm/5/libcxxabi/default.nix index 925c8947ccf5..ef47fb62e7bc 100644 --- a/pkgs/development/compilers/llvm/5/libcxxabi/default.nix +++ b/pkgs/development/compilers/llvm/5/libcxxabi/default.nix @@ -27,6 +27,8 @@ stdenv.mkDerivation { preInstall = lib.optionalString stdenv.isDarwin '' for file in lib/*.dylib; do + if [ -L "$file" ]; then continue; fi + # Fix up the install name. Preserve the basename, just replace the path. installName="$out/lib/$(basename $(otool -D $file | tail -n 1))" diff --git a/pkgs/development/compilers/llvm/6/libcxxabi/default.nix b/pkgs/development/compilers/llvm/6/libcxxabi/default.nix index 3371a8ba1a15..38e47f8c25fe 100644 --- a/pkgs/development/compilers/llvm/6/libcxxabi/default.nix +++ b/pkgs/development/compilers/llvm/6/libcxxabi/default.nix @@ -27,6 +27,8 @@ stdenv.mkDerivation { preInstall = lib.optionalString stdenv.isDarwin '' for file in lib/*.dylib; do + if [ -L "$file" ]; then continue; fi + # Fix up the install name. Preserve the basename, just replace the path. installName="$out/lib/$(basename $(otool -D $file | tail -n 1))" diff --git a/pkgs/development/compilers/llvm/7/libcxxabi/default.nix b/pkgs/development/compilers/llvm/7/libcxxabi/default.nix index 8be9690f5f40..693ceda0e32c 100644 --- a/pkgs/development/compilers/llvm/7/libcxxabi/default.nix +++ b/pkgs/development/compilers/llvm/7/libcxxabi/default.nix @@ -46,6 +46,8 @@ stdenv.mkDerivation { preInstall = lib.optionalString stdenv.isDarwin '' for file in lib/*.dylib; do + if [ -L "$file" ]; then continue; fi + # Fix up the install name. Preserve the basename, just replace the path. installName="$out/lib/$(basename $(otool -D $file | tail -n 1))" diff --git a/pkgs/development/compilers/llvm/8/libcxxabi/default.nix b/pkgs/development/compilers/llvm/8/libcxxabi/default.nix index 6b4de0786b98..040b32d0d04f 100644 --- a/pkgs/development/compilers/llvm/8/libcxxabi/default.nix +++ b/pkgs/development/compilers/llvm/8/libcxxabi/default.nix @@ -42,6 +42,8 @@ stdenv.mkDerivation { preInstall = lib.optionalString stdenv.isDarwin '' for file in lib/*.dylib; do + if [ -L "$file" ]; then continue; fi + # Fix up the install name. Preserve the basename, just replace the path. installName="$out/lib/$(basename $(otool -D $file | tail -n 1))" diff --git a/pkgs/development/compilers/llvm/9/libcxxabi/default.nix b/pkgs/development/compilers/llvm/9/libcxxabi/default.nix index b7c0c2b0475a..adb2f859da7e 100644 --- a/pkgs/development/compilers/llvm/9/libcxxabi/default.nix +++ b/pkgs/development/compilers/llvm/9/libcxxabi/default.nix @@ -42,6 +42,8 @@ stdenv.mkDerivation { preInstall = lib.optionalString stdenv.isDarwin '' for file in lib/*.dylib; do + if [ -L "$file" ]; then continue; fi + # Fix up the install name. Preserve the basename, just replace the path. installName="$out/lib/$(basename $(otool -D $file | tail -n 1))" diff --git a/pkgs/development/compilers/llvm/git/libcxxabi/default.nix b/pkgs/development/compilers/llvm/git/libcxxabi/default.nix index 42a811e131b8..24335c697cd1 100644 --- a/pkgs/development/compilers/llvm/git/libcxxabi/default.nix +++ b/pkgs/development/compilers/llvm/git/libcxxabi/default.nix @@ -70,6 +70,8 @@ stdenv.mkDerivation rec { preInstall = lib.optionalString stdenv.isDarwin '' for file in lib/*.dylib; do + if [ -L "$file" ]; then continue; fi + # Fix up the install name. Preserve the basename, just replace the path. installName="$out/lib/$(basename $(otool -D $file | tail -n 1))" From 2252245f9228f460542166450631d2bc6c534d0f Mon Sep 17 00:00:00 2001 From: Josh Channings Date: Tue, 22 Nov 2022 21:37:47 +0000 Subject: [PATCH 114/132] llvm: Find otool bin from targetPrefix This is to fix the stdenvBootstrapTools issue where otool & others are not available in PATH, but only under the targetPrefix. --- pkgs/development/compilers/llvm/10/libcxx/default.nix | 4 ++-- pkgs/development/compilers/llvm/10/libcxxabi/default.nix | 4 ++-- pkgs/development/compilers/llvm/11/libcxx/default.nix | 4 ++-- pkgs/development/compilers/llvm/11/libcxxabi/default.nix | 4 ++-- pkgs/development/compilers/llvm/12/libcxx/default.nix | 4 ++-- pkgs/development/compilers/llvm/12/libcxxabi/default.nix | 4 ++-- pkgs/development/compilers/llvm/13/libcxx/default.nix | 4 ++-- pkgs/development/compilers/llvm/13/libcxxabi/default.nix | 4 ++-- pkgs/development/compilers/llvm/14/libcxx/default.nix | 4 ++-- pkgs/development/compilers/llvm/14/libcxxabi/default.nix | 4 ++-- pkgs/development/compilers/llvm/5/libcxx/default.nix | 4 ++-- pkgs/development/compilers/llvm/5/libcxxabi/default.nix | 4 ++-- pkgs/development/compilers/llvm/6/libcxx/default.nix | 4 ++-- pkgs/development/compilers/llvm/6/libcxxabi/default.nix | 4 ++-- pkgs/development/compilers/llvm/7/libcxx/default.nix | 4 ++-- pkgs/development/compilers/llvm/7/libcxxabi/default.nix | 4 ++-- pkgs/development/compilers/llvm/8/libcxx/default.nix | 4 ++-- pkgs/development/compilers/llvm/8/libcxxabi/default.nix | 4 ++-- pkgs/development/compilers/llvm/9/libcxx/default.nix | 4 ++-- pkgs/development/compilers/llvm/9/libcxxabi/default.nix | 4 ++-- pkgs/development/compilers/llvm/git/libcxx/default.nix | 4 ++-- pkgs/development/compilers/llvm/git/libcxxabi/default.nix | 4 ++-- 22 files changed, 44 insertions(+), 44 deletions(-) diff --git a/pkgs/development/compilers/llvm/10/libcxx/default.nix b/pkgs/development/compilers/llvm/10/libcxx/default.nix index bf3ddeb58c30..0c0f535f7433 100644 --- a/pkgs/development/compilers/llvm/10/libcxx/default.nix +++ b/pkgs/development/compilers/llvm/10/libcxx/default.nix @@ -55,11 +55,11 @@ stdenv.mkDerivation { for file in lib/*.dylib; do if [ -L "$file" ]; then continue; fi - baseName=$(basename $(otool -D $file | tail -n 1)) + baseName=$(basename $(${stdenv.cc.targetPrefix}otool -D $file | tail -n 1)) installName="$out/lib/$baseName" abiName=$(echo "$baseName" | sed -e 's/libc++/libc++abi/') - for other in $(otool -L $file | awk '$1 ~ "/libc\\+\\+abi" { print $1 }'); do + for other in $(${stdenv.cc.targetPrefix}otool -L $file | awk '$1 ~ "/libc\\+\\+abi" { print $1 }'); do ${stdenv.cc.targetPrefix}install_name_tool -change $other ${libcxxabi}/lib/$abiName $file done done diff --git a/pkgs/development/compilers/llvm/10/libcxxabi/default.nix b/pkgs/development/compilers/llvm/10/libcxxabi/default.nix index 0af20699a1dd..d62422fc9a12 100644 --- a/pkgs/development/compilers/llvm/10/libcxxabi/default.nix +++ b/pkgs/development/compilers/llvm/10/libcxxabi/default.nix @@ -45,7 +45,7 @@ stdenv.mkDerivation { if [ -L "$file" ]; then continue; fi # Fix up the install name. Preserve the basename, just replace the path. - installName="$out/lib/$(basename $(otool -D $file | tail -n 1))" + installName="$out/lib/$(basename $(${stdenv.cc.targetPrefix}otool -D $file | tail -n 1))" # this should be done in CMake, but having trouble figuring out # the magic combination of necessary CMake variables @@ -56,7 +56,7 @@ stdenv.mkDerivation { # cc-wrapper passes '-lc++abi' to all c++ link steps, but that causes # libcxxabi to sometimes link against a different version of itself. # Here we simply make that second reference point to ourselves. - for other in $(otool -L $file | awk '$1 ~ "/libc\\+\\+abi" { print $1 }'); do + for other in $(${stdenv.cc.targetPrefix}otool -L $file | awk '$1 ~ "/libc\\+\\+abi" { print $1 }'); do ${stdenv.cc.targetPrefix}install_name_tool -change $other $installName $file done done diff --git a/pkgs/development/compilers/llvm/11/libcxx/default.nix b/pkgs/development/compilers/llvm/11/libcxx/default.nix index 135fed03beef..237bbd4e0610 100644 --- a/pkgs/development/compilers/llvm/11/libcxx/default.nix +++ b/pkgs/development/compilers/llvm/11/libcxx/default.nix @@ -71,11 +71,11 @@ stdenv.mkDerivation { for file in lib/*.dylib; do if [ -L "$file" ]; then continue; fi - baseName=$(basename $(otool -D $file | tail -n 1)) + baseName=$(basename $(${stdenv.cc.targetPrefix}otool -D $file | tail -n 1)) installName="$out/lib/$baseName" abiName=$(echo "$baseName" | sed -e 's/libc++/libc++abi/') - for other in $(otool -L $file | awk '$1 ~ "/libc\\+\\+abi" { print $1 }'); do + for other in $(${stdenv.cc.targetPrefix}otool -L $file | awk '$1 ~ "/libc\\+\\+abi" { print $1 }'); do ${stdenv.cc.targetPrefix}install_name_tool -change $other ${libcxxabi}/lib/$abiName $file done done diff --git a/pkgs/development/compilers/llvm/11/libcxxabi/default.nix b/pkgs/development/compilers/llvm/11/libcxxabi/default.nix index ee410440d500..ed0efe28a170 100644 --- a/pkgs/development/compilers/llvm/11/libcxxabi/default.nix +++ b/pkgs/development/compilers/llvm/11/libcxxabi/default.nix @@ -49,7 +49,7 @@ stdenv.mkDerivation { if [ -L "$file" ]; then continue; fi # Fix up the install name. Preserve the basename, just replace the path. - installName="$out/lib/$(basename $(otool -D $file | tail -n 1))" + installName="$out/lib/$(basename $(${stdenv.cc.targetPrefix}otool -D $file | tail -n 1))" # this should be done in CMake, but having trouble figuring out # the magic combination of necessary CMake variables @@ -60,7 +60,7 @@ stdenv.mkDerivation { # cc-wrapper passes '-lc++abi' to all c++ link steps, but that causes # libcxxabi to sometimes link against a different version of itself. # Here we simply make that second reference point to ourselves. - for other in $(otool -L $file | awk '$1 ~ "/libc\\+\\+abi" { print $1 }'); do + for other in $(${stdenv.cc.targetPrefix}otool -L $file | awk '$1 ~ "/libc\\+\\+abi" { print $1 }'); do ${stdenv.cc.targetPrefix}install_name_tool -change $other $installName $file done done diff --git a/pkgs/development/compilers/llvm/12/libcxx/default.nix b/pkgs/development/compilers/llvm/12/libcxx/default.nix index fdd1690310c5..ef90eedb38c9 100644 --- a/pkgs/development/compilers/llvm/12/libcxx/default.nix +++ b/pkgs/development/compilers/llvm/12/libcxx/default.nix @@ -46,11 +46,11 @@ stdenv.mkDerivation { for file in lib/*.dylib; do if [ -L "$file" ]; then continue; fi - baseName=$(basename $(otool -D $file | tail -n 1)) + baseName=$(basename $(${stdenv.cc.targetPrefix}otool -D $file | tail -n 1)) installName="$out/lib/$baseName" abiName=$(echo "$baseName" | sed -e 's/libc++/libc++abi/') - for other in $(otool -L $file | awk '$1 ~ "/libc\\+\\+abi" { print $1 }'); do + for other in $(${stdenv.cc.targetPrefix}otool -L $file | awk '$1 ~ "/libc\\+\\+abi" { print $1 }'); do ${stdenv.cc.targetPrefix}install_name_tool -change $other ${libcxxabi}/lib/$abiName $file done done diff --git a/pkgs/development/compilers/llvm/12/libcxxabi/default.nix b/pkgs/development/compilers/llvm/12/libcxxabi/default.nix index 8d3558a71fe4..41c559a52ee8 100644 --- a/pkgs/development/compilers/llvm/12/libcxxabi/default.nix +++ b/pkgs/development/compilers/llvm/12/libcxxabi/default.nix @@ -47,7 +47,7 @@ stdenv.mkDerivation { if [ -L "$file" ]; then continue; fi # Fix up the install name. Preserve the basename, just replace the path. - installName="$out/lib/$(basename $(otool -D $file | tail -n 1))" + installName="$out/lib/$(basename $(${stdenv.cc.targetPrefix}otool -D $file | tail -n 1))" # this should be done in CMake, but having trouble figuring out # the magic combination of necessary CMake variables @@ -58,7 +58,7 @@ stdenv.mkDerivation { # cc-wrapper passes '-lc++abi' to all c++ link steps, but that causes # libcxxabi to sometimes link against a different version of itself. # Here we simply make that second reference point to ourselves. - for other in $(otool -L $file | awk '$1 ~ "/libc\\+\\+abi" { print $1 }'); do + for other in $(${stdenv.cc.targetPrefix}otool -L $file | awk '$1 ~ "/libc\\+\\+abi" { print $1 }'); do ${stdenv.cc.targetPrefix}install_name_tool -change $other $installName $file done done diff --git a/pkgs/development/compilers/llvm/13/libcxx/default.nix b/pkgs/development/compilers/llvm/13/libcxx/default.nix index 664e593d3de7..f6b76901de3f 100644 --- a/pkgs/development/compilers/llvm/13/libcxx/default.nix +++ b/pkgs/development/compilers/llvm/13/libcxx/default.nix @@ -50,11 +50,11 @@ stdenv.mkDerivation rec { for file in lib/*.dylib; do if [ -L "$file" ]; then continue; fi - baseName=$(basename $(otool -D $file | tail -n 1)) + baseName=$(basename $(${stdenv.cc.targetPrefix}otool -D $file | tail -n 1)) installName="$out/lib/$baseName" abiName=$(echo "$baseName" | sed -e 's/libc++/libc++abi/') - for other in $(otool -L $file | awk '$1 ~ "/libc\\+\\+abi" { print $1 }'); do + for other in $(${stdenv.cc.targetPrefix}otool -L $file | awk '$1 ~ "/libc\\+\\+abi" { print $1 }'); do ${stdenv.cc.targetPrefix}install_name_tool -change $other ${libcxxabi}/lib/$abiName $file done done diff --git a/pkgs/development/compilers/llvm/13/libcxxabi/default.nix b/pkgs/development/compilers/llvm/13/libcxxabi/default.nix index a744bb514800..bced2ccb789f 100644 --- a/pkgs/development/compilers/llvm/13/libcxxabi/default.nix +++ b/pkgs/development/compilers/llvm/13/libcxxabi/default.nix @@ -44,7 +44,7 @@ stdenv.mkDerivation rec { if [ -L "$file" ]; then continue; fi # Fix up the install name. Preserve the basename, just replace the path. - installName="$out/lib/$(basename $(otool -D $file | tail -n 1))" + installName="$out/lib/$(basename $(${stdenv.cc.targetPrefix}otool -D $file | tail -n 1))" # this should be done in CMake, but having trouble figuring out # the magic combination of necessary CMake variables @@ -55,7 +55,7 @@ stdenv.mkDerivation rec { # cc-wrapper passes '-lc++abi' to all c++ link steps, but that causes # libcxxabi to sometimes link against a different version of itself. # Here we simply make that second reference point to ourselves. - for other in $(otool -L $file | awk '$1 ~ "/libc\\+\\+abi" { print $1 }'); do + for other in $(${stdenv.cc.targetPrefix}otool -L $file | awk '$1 ~ "/libc\\+\\+abi" { print $1 }'); do ${stdenv.cc.targetPrefix}install_name_tool -change $other $installName $file done done diff --git a/pkgs/development/compilers/llvm/14/libcxx/default.nix b/pkgs/development/compilers/llvm/14/libcxx/default.nix index a637cdbab770..c623d41f92f6 100644 --- a/pkgs/development/compilers/llvm/14/libcxx/default.nix +++ b/pkgs/development/compilers/llvm/14/libcxx/default.nix @@ -66,11 +66,11 @@ stdenv.mkDerivation rec { for file in lib/*.dylib; do if [ -L "$file" ]; then continue; fi - baseName=$(basename $(otool -D $file | tail -n 1)) + baseName=$(basename $(${stdenv.cc.targetPrefix}otool -D $file | tail -n 1)) installName="$out/lib/$baseName" abiName=$(echo "$baseName" | sed -e 's/libc++/libc++abi/') - for other in $(otool -L $file | awk '$1 ~ "/libc\\+\\+abi" { print $1 }'); do + for other in $(${stdenv.cc.targetPrefix}otool -L $file | awk '$1 ~ "/libc\\+\\+abi" { print $1 }'); do ${stdenv.cc.targetPrefix}install_name_tool -change $other ${libcxxabi}/lib/$abiName $file done done diff --git a/pkgs/development/compilers/llvm/14/libcxxabi/default.nix b/pkgs/development/compilers/llvm/14/libcxxabi/default.nix index 731038e86710..3be2f964abcd 100644 --- a/pkgs/development/compilers/llvm/14/libcxxabi/default.nix +++ b/pkgs/development/compilers/llvm/14/libcxxabi/default.nix @@ -55,7 +55,7 @@ stdenv.mkDerivation rec { if [ -L "$file" ]; then continue; fi # Fix up the install name. Preserve the basename, just replace the path. - installName="$out/lib/$(basename $(otool -D $file | tail -n 1))" + installName="$out/lib/$(basename $(${stdenv.cc.targetPrefix}otool -D $file | tail -n 1))" # this should be done in CMake, but having trouble figuring out # the magic combination of necessary CMake variables @@ -66,7 +66,7 @@ stdenv.mkDerivation rec { # cc-wrapper passes '-lc++abi' to all c++ link steps, but that causes # libcxxabi to sometimes link against a different version of itself. # Here we simply make that second reference point to ourselves. - for other in $(otool -L $file | awk '$1 ~ "/libc\\+\\+abi" { print $1 }'); do + for other in $(${stdenv.cc.targetPrefix}otool -L $file | awk '$1 ~ "/libc\\+\\+abi" { print $1 }'); do ${stdenv.cc.targetPrefix}install_name_tool -change $other $installName $file done done diff --git a/pkgs/development/compilers/llvm/5/libcxx/default.nix b/pkgs/development/compilers/llvm/5/libcxx/default.nix index f0ed61a153f7..a5a86fcab4d0 100644 --- a/pkgs/development/compilers/llvm/5/libcxx/default.nix +++ b/pkgs/development/compilers/llvm/5/libcxx/default.nix @@ -45,11 +45,11 @@ stdenv.mkDerivation { for file in lib/*.dylib; do if [ -L "$file" ]; then continue; fi - baseName=$(basename $(otool -D $file | tail -n 1)) + baseName=$(basename $(${stdenv.cc.targetPrefix}otool -D $file | tail -n 1)) installName="$out/lib/$baseName" abiName=$(echo "$baseName" | sed -e 's/libc++/libc++abi/') - for other in $(otool -L $file | awk '$1 ~ "/libc\\+\\+abi" { print $1 }'); do + for other in $(${stdenv.cc.targetPrefix}otool -L $file | awk '$1 ~ "/libc\\+\\+abi" { print $1 }'); do ${stdenv.cc.targetPrefix}install_name_tool -change $other ${libcxxabi}/lib/$abiName $file done done diff --git a/pkgs/development/compilers/llvm/5/libcxxabi/default.nix b/pkgs/development/compilers/llvm/5/libcxxabi/default.nix index ef47fb62e7bc..97077ac77112 100644 --- a/pkgs/development/compilers/llvm/5/libcxxabi/default.nix +++ b/pkgs/development/compilers/llvm/5/libcxxabi/default.nix @@ -30,7 +30,7 @@ stdenv.mkDerivation { if [ -L "$file" ]; then continue; fi # Fix up the install name. Preserve the basename, just replace the path. - installName="$out/lib/$(basename $(otool -D $file | tail -n 1))" + installName="$out/lib/$(basename $(${stdenv.cc.targetPrefix}otool -D $file | tail -n 1))" # this should be done in CMake, but having trouble figuring out # the magic combination of necessary CMake variables @@ -41,7 +41,7 @@ stdenv.mkDerivation { # cc-wrapper passes '-lc++abi' to all c++ link steps, but that causes # libcxxabi to sometimes link against a different version of itself. # Here we simply make that second reference point to ourselves. - for other in $(otool -L $file | awk '$1 ~ "/libc\\+\\+abi" { print $1 }'); do + for other in $(${stdenv.cc.targetPrefix}otool -L $file | awk '$1 ~ "/libc\\+\\+abi" { print $1 }'); do ${stdenv.cc.targetPrefix}install_name_tool -change $other $installName $file done done diff --git a/pkgs/development/compilers/llvm/6/libcxx/default.nix b/pkgs/development/compilers/llvm/6/libcxx/default.nix index 1eb3b121d500..a6e723753ef8 100644 --- a/pkgs/development/compilers/llvm/6/libcxx/default.nix +++ b/pkgs/development/compilers/llvm/6/libcxx/default.nix @@ -51,11 +51,11 @@ stdenv.mkDerivation { for file in lib/*.dylib; do if [ -L "$file" ]; then continue; fi - baseName=$(basename $(otool -D $file | tail -n 1)) + baseName=$(basename $(${stdenv.cc.targetPrefix}otool -D $file | tail -n 1)) installName="$out/lib/$baseName" abiName=$(echo "$baseName" | sed -e 's/libc++/libc++abi/') - for other in $(otool -L $file | awk '$1 ~ "/libc\\+\\+abi" { print $1 }'); do + for other in $(${stdenv.cc.targetPrefix}otool -L $file | awk '$1 ~ "/libc\\+\\+abi" { print $1 }'); do ${stdenv.cc.targetPrefix}install_name_tool -change $other ${libcxxabi}/lib/$abiName $file done done diff --git a/pkgs/development/compilers/llvm/6/libcxxabi/default.nix b/pkgs/development/compilers/llvm/6/libcxxabi/default.nix index 38e47f8c25fe..aea126b31d9f 100644 --- a/pkgs/development/compilers/llvm/6/libcxxabi/default.nix +++ b/pkgs/development/compilers/llvm/6/libcxxabi/default.nix @@ -30,7 +30,7 @@ stdenv.mkDerivation { if [ -L "$file" ]; then continue; fi # Fix up the install name. Preserve the basename, just replace the path. - installName="$out/lib/$(basename $(otool -D $file | tail -n 1))" + installName="$out/lib/$(basename $(${stdenv.cc.targetPrefix}otool -D $file | tail -n 1))" # this should be done in CMake, but having trouble figuring out # the magic combination of necessary CMake variables @@ -41,7 +41,7 @@ stdenv.mkDerivation { # cc-wrapper passes '-lc++abi' to all c++ link steps, but that causes # libcxxabi to sometimes link against a different version of itself. # Here we simply make that second reference point to ourselves. - for other in $(otool -L $file | awk '$1 ~ "/libc\\+\\+abi" { print $1 }'); do + for other in $(${stdenv.cc.targetPrefix}otool -L $file | awk '$1 ~ "/libc\\+\\+abi" { print $1 }'); do ${stdenv.cc.targetPrefix}install_name_tool -change $other $installName $file done done diff --git a/pkgs/development/compilers/llvm/7/libcxx/default.nix b/pkgs/development/compilers/llvm/7/libcxx/default.nix index b163ceb09f9e..145f0df8837c 100644 --- a/pkgs/development/compilers/llvm/7/libcxx/default.nix +++ b/pkgs/development/compilers/llvm/7/libcxx/default.nix @@ -56,11 +56,11 @@ stdenv.mkDerivation { for file in lib/*.dylib; do if [ -L "$file" ]; then continue; fi - baseName=$(basename $(otool -D $file | tail -n 1)) + baseName=$(basename $(${stdenv.cc.targetPrefix}otool -D $file | tail -n 1)) installName="$out/lib/$baseName" abiName=$(echo "$baseName" | sed -e 's/libc++/libc++abi/') - for other in $(otool -L $file | awk '$1 ~ "/libc\\+\\+abi" { print $1 }'); do + for other in $(${stdenv.cc.targetPrefix}otool -L $file | awk '$1 ~ "/libc\\+\\+abi" { print $1 }'); do ${stdenv.cc.targetPrefix}install_name_tool -change $other ${libcxxabi}/lib/$abiName $file done done diff --git a/pkgs/development/compilers/llvm/7/libcxxabi/default.nix b/pkgs/development/compilers/llvm/7/libcxxabi/default.nix index 693ceda0e32c..d6f90634cd0b 100644 --- a/pkgs/development/compilers/llvm/7/libcxxabi/default.nix +++ b/pkgs/development/compilers/llvm/7/libcxxabi/default.nix @@ -49,7 +49,7 @@ stdenv.mkDerivation { if [ -L "$file" ]; then continue; fi # Fix up the install name. Preserve the basename, just replace the path. - installName="$out/lib/$(basename $(otool -D $file | tail -n 1))" + installName="$out/lib/$(basename $(${stdenv.cc.targetPrefix}otool -D $file | tail -n 1))" # this should be done in CMake, but having trouble figuring out # the magic combination of necessary CMake variables @@ -60,7 +60,7 @@ stdenv.mkDerivation { # cc-wrapper passes '-lc++abi' to all c++ link steps, but that causes # libcxxabi to sometimes link against a different version of itself. # Here we simply make that second reference point to ourselves. - for other in $(otool -L $file | awk '$1 ~ "/libc\\+\\+abi" { print $1 }'); do + for other in $(${stdenv.cc.targetPrefix}otool -L $file | awk '$1 ~ "/libc\\+\\+abi" { print $1 }'); do ${stdenv.cc.targetPrefix}install_name_tool -change $other $installName $file done done diff --git a/pkgs/development/compilers/llvm/8/libcxx/default.nix b/pkgs/development/compilers/llvm/8/libcxx/default.nix index db6059e2ea27..4a078ac9cda3 100644 --- a/pkgs/development/compilers/llvm/8/libcxx/default.nix +++ b/pkgs/development/compilers/llvm/8/libcxx/default.nix @@ -59,11 +59,11 @@ stdenv.mkDerivation { for file in lib/*.dylib; do if [ -L "$file" ]; then continue; fi - baseName=$(basename $(otool -D $file | tail -n 1)) + baseName=$(basename $(${stdenv.cc.targetPrefix}otool -D $file | tail -n 1)) installName="$out/lib/$baseName" abiName=$(echo "$baseName" | sed -e 's/libc++/libc++abi/') - for other in $(otool -L $file | awk '$1 ~ "/libc\\+\\+abi" { print $1 }'); do + for other in $(${stdenv.cc.targetPrefix}otool -L $file | awk '$1 ~ "/libc\\+\\+abi" { print $1 }'); do ${stdenv.cc.targetPrefix}install_name_tool -change $other ${libcxxabi}/lib/$abiName $file done done diff --git a/pkgs/development/compilers/llvm/8/libcxxabi/default.nix b/pkgs/development/compilers/llvm/8/libcxxabi/default.nix index 040b32d0d04f..ab2d46f40a47 100644 --- a/pkgs/development/compilers/llvm/8/libcxxabi/default.nix +++ b/pkgs/development/compilers/llvm/8/libcxxabi/default.nix @@ -45,7 +45,7 @@ stdenv.mkDerivation { if [ -L "$file" ]; then continue; fi # Fix up the install name. Preserve the basename, just replace the path. - installName="$out/lib/$(basename $(otool -D $file | tail -n 1))" + installName="$out/lib/$(basename $(${stdenv.cc.targetPrefix}otool -D $file | tail -n 1))" # this should be done in CMake, but having trouble figuring out # the magic combination of necessary CMake variables @@ -56,7 +56,7 @@ stdenv.mkDerivation { # cc-wrapper passes '-lc++abi' to all c++ link steps, but that causes # libcxxabi to sometimes link against a different version of itself. # Here we simply make that second reference point to ourselves. - for other in $(otool -L $file | awk '$1 ~ "/libc\\+\\+abi" { print $1 }'); do + for other in $(${stdenv.cc.targetPrefix}otool -L $file | awk '$1 ~ "/libc\\+\\+abi" { print $1 }'); do ${stdenv.cc.targetPrefix}install_name_tool -change $other $installName $file done done diff --git a/pkgs/development/compilers/llvm/9/libcxx/default.nix b/pkgs/development/compilers/llvm/9/libcxx/default.nix index 6682ec6799b2..65441c359d60 100644 --- a/pkgs/development/compilers/llvm/9/libcxx/default.nix +++ b/pkgs/development/compilers/llvm/9/libcxx/default.nix @@ -55,11 +55,11 @@ stdenv.mkDerivation { for file in lib/*.dylib; do if [ -L "$file" ]; then continue; fi - baseName=$(basename $(otool -D $file | tail -n 1)) + baseName=$(basename $(${stdenv.cc.targetPrefix}otool -D $file | tail -n 1)) installName="$out/lib/$baseName" abiName=$(echo "$baseName" | sed -e 's/libc++/libc++abi/') - for other in $(otool -L $file | awk '$1 ~ "/libc\\+\\+abi" { print $1 }'); do + for other in $(${stdenv.cc.targetPrefix}otool -L $file | awk '$1 ~ "/libc\\+\\+abi" { print $1 }'); do ${stdenv.cc.targetPrefix}install_name_tool -change $other ${libcxxabi}/lib/$abiName $file done done diff --git a/pkgs/development/compilers/llvm/9/libcxxabi/default.nix b/pkgs/development/compilers/llvm/9/libcxxabi/default.nix index adb2f859da7e..cfd1c32abd00 100644 --- a/pkgs/development/compilers/llvm/9/libcxxabi/default.nix +++ b/pkgs/development/compilers/llvm/9/libcxxabi/default.nix @@ -45,7 +45,7 @@ stdenv.mkDerivation { if [ -L "$file" ]; then continue; fi # Fix up the install name. Preserve the basename, just replace the path. - installName="$out/lib/$(basename $(otool -D $file | tail -n 1))" + installName="$out/lib/$(basename $(${stdenv.cc.targetPrefix}otool -D $file | tail -n 1))" # this should be done in CMake, but having trouble figuring out # the magic combination of necessary CMake variables @@ -56,7 +56,7 @@ stdenv.mkDerivation { # cc-wrapper passes '-lc++abi' to all c++ link steps, but that causes # libcxxabi to sometimes link against a different version of itself. # Here we simply make that second reference point to ourselves. - for other in $(otool -L $file | awk '$1 ~ "/libc\\+\\+abi" { print $1 }'); do + for other in $(${stdenv.cc.targetPrefix}otool -L $file | awk '$1 ~ "/libc\\+\\+abi" { print $1 }'); do ${stdenv.cc.targetPrefix}install_name_tool -change $other $installName $file done done diff --git a/pkgs/development/compilers/llvm/git/libcxx/default.nix b/pkgs/development/compilers/llvm/git/libcxx/default.nix index f06459258def..95e32041037a 100644 --- a/pkgs/development/compilers/llvm/git/libcxx/default.nix +++ b/pkgs/development/compilers/llvm/git/libcxx/default.nix @@ -80,11 +80,11 @@ stdenv.mkDerivation rec { for file in lib/*.dylib; do if [ -L "$file" ]; then continue; fi - baseName=$(basename $(otool -D $file | tail -n 1)) + baseName=$(basename $(${stdenv.cc.targetPrefix}otool -D $file | tail -n 1)) installName="$out/lib/$baseName" abiName=$(echo "$baseName" | sed -e 's/libc++/libc++abi/') - for other in $(otool -L $file | awk '$1 ~ "/libc\\+\\+abi" { print $1 }'); do + for other in $(${stdenv.cc.targetPrefix}otool -L $file | awk '$1 ~ "/libc\\+\\+abi" { print $1 }'); do ${stdenv.cc.targetPrefix}install_name_tool -change $other ${libcxxabi}/lib/$abiName $file done done diff --git a/pkgs/development/compilers/llvm/git/libcxxabi/default.nix b/pkgs/development/compilers/llvm/git/libcxxabi/default.nix index 24335c697cd1..804acd6c7451 100644 --- a/pkgs/development/compilers/llvm/git/libcxxabi/default.nix +++ b/pkgs/development/compilers/llvm/git/libcxxabi/default.nix @@ -73,7 +73,7 @@ stdenv.mkDerivation rec { if [ -L "$file" ]; then continue; fi # Fix up the install name. Preserve the basename, just replace the path. - installName="$out/lib/$(basename $(otool -D $file | tail -n 1))" + installName="$out/lib/$(basename $(${stdenv.cc.targetPrefix}otool -D $file | tail -n 1))" # this should be done in CMake, but having trouble figuring out # the magic combination of necessary CMake variables @@ -84,7 +84,7 @@ stdenv.mkDerivation rec { # cc-wrapper passes '-lc++abi' to all c++ link steps, but that causes # libcxxabi to sometimes link against a different version of itself. # Here we simply make that second reference point to ourselves. - for other in $(otool -L $file | awk '$1 ~ "/libc\\+\\+abi" { print $1 }'); do + for other in $(${stdenv.cc.targetPrefix}otool -L $file | awk '$1 ~ "/libc\\+\\+abi" { print $1 }'); do ${stdenv.cc.targetPrefix}install_name_tool -change $other $installName $file done done From a7517380b5c5505f7ea6e8b517a09eea255fb87a Mon Sep 17 00:00:00 2001 From: Michael Weiss Date: Wed, 23 Nov 2022 20:24:41 +0100 Subject: [PATCH 115/132] wayland-protocols: 1.29 -> 1.30 Release announcement: https://lists.freedesktop.org/archives/wayland-devel/2022-November/042517.html --- pkgs/development/libraries/wayland/protocols.nix | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/pkgs/development/libraries/wayland/protocols.nix b/pkgs/development/libraries/wayland/protocols.nix index 1bd4e47e3827..d9257b7dec6f 100644 --- a/pkgs/development/libraries/wayland/protocols.nix +++ b/pkgs/development/libraries/wayland/protocols.nix @@ -6,13 +6,13 @@ stdenv.mkDerivation rec { pname = "wayland-protocols"; - version = "1.29"; + version = "1.30"; doCheck = stdenv.hostPlatform == stdenv.buildPlatform; src = fetchurl { url = "https://gitlab.freedesktop.org/wayland/${pname}/-/releases/${version}/downloads/${pname}-${version}.tar.xz"; - hash = "sha256-4l6at1rHNnBN3v6S6PmshzC+q29WTbYvetaVu6T/ntg="; + hash = "sha256-PBSY+2X9K4CwN21+h88hXmrpV7LM26XaRaRIcYgxvGA="; }; postPatch = lib.optionalString doCheck '' From d7a9f5f001ea6a93389453d4e071ab340603fff0 Mon Sep 17 00:00:00 2001 From: Alyssa Ross Date: Wed, 23 Nov 2022 11:04:19 +0000 Subject: [PATCH 116/132] tracker: backport fixes for SQLite 3.40 --- pkgs/development/libraries/tracker/default.nix | 9 +++++++++ 1 file changed, 9 insertions(+) diff --git a/pkgs/development/libraries/tracker/default.nix b/pkgs/development/libraries/tracker/default.nix index 40744f987c8e..0b145cb1d905 100644 --- a/pkgs/development/libraries/tracker/default.nix +++ b/pkgs/development/libraries/tracker/default.nix @@ -1,6 +1,7 @@ { stdenv , lib , fetchurl +, fetchpatch , gettext , meson , ninja @@ -38,6 +39,14 @@ stdenv.mkDerivation rec { sha256 = "6p1BqfucK0KtgPwsgjJ7XHE9WUyWmwnhpJvmP7dPT64="; }; + patches = [ + # Backport compatibility fix for newer SQLite. + (fetchpatch { + url = "https://gitlab.gnome.org/GNOME/tracker/-/merge_requests/552.patch"; + sha256 = "1pmhhj47dbn654vb6a0kh5h6hw71lvaqxr141r60zrv5zx7m3sh9"; + }) + ]; + postPatch = '' patchShebangs utils/data-generators/cc/generate ''; From 0cf7fb8f055d27f599b7e6d597009bf1cece5983 Mon Sep 17 00:00:00 2001 From: rnhmjoj Date: Wed, 23 Nov 2022 15:46:00 +0100 Subject: [PATCH 117/132] pythonPackages.pip: make package reproducible This fixes #201146 by removing the vendored Windows PE binaries. --- pkgs/development/python-modules/pip/default.nix | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/pkgs/development/python-modules/pip/default.nix b/pkgs/development/python-modules/pip/default.nix index 1287ec7017e3..5c24679a9cb3 100644 --- a/pkgs/development/python-modules/pip/default.nix +++ b/pkgs/development/python-modules/pip/default.nix @@ -27,6 +27,12 @@ buildPythonPackage rec { nativeBuildInputs = [ bootstrapped-pip ]; + postPatch = '' + # Remove vendored Windows PE binaries + # Note: These are unused but make the package unreproducible. + find -type f -name '*.exe' -delete + ''; + # pip detects that we already have bootstrapped_pip "installed", so we need # to force it a little. pipInstallFlags = [ "--ignore-installed" ]; From 416f7b44321e4ff50f29abd9968bd23a1d08f80e Mon Sep 17 00:00:00 2001 From: rnhmjoj Date: Wed, 23 Nov 2022 17:05:45 +0100 Subject: [PATCH 118/132] pythonPackages.bootstrapped-pip: inherit pip postPatch --- pkgs/development/python-modules/bootstrapped-pip/default.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/pkgs/development/python-modules/bootstrapped-pip/default.nix b/pkgs/development/python-modules/bootstrapped-pip/default.nix index b2846e3a13a1..812ff1a64cb6 100644 --- a/pkgs/development/python-modules/bootstrapped-pip/default.nix +++ b/pkgs/development/python-modules/bootstrapped-pip/default.nix @@ -24,7 +24,7 @@ stdenv.mkDerivation rec { postPatch = '' mkdir -p $out/bin - ''; + '' + pip.postPatch; nativeBuildInputs = [ makeWrapper unzip ]; buildInputs = [ python ]; From dc3614605fc435c06d159db8fd69c381f4b50578 Mon Sep 17 00:00:00 2001 From: Aaron Jheng Date: Thu, 24 Nov 2022 03:22:47 +0000 Subject: [PATCH 119/132] graphviz: 7.0.0 -> 7.0.2 --- pkgs/tools/graphics/graphviz/default.nix | 19 ++++--------------- 1 file changed, 4 insertions(+), 15 deletions(-) diff --git a/pkgs/tools/graphics/graphviz/default.nix b/pkgs/tools/graphics/graphviz/default.nix index aaf42193ce7d..98d2c63d1bfd 100644 --- a/pkgs/tools/graphics/graphviz/default.nix +++ b/pkgs/tools/graphics/graphviz/default.nix @@ -30,13 +30,13 @@ let in stdenv.mkDerivation rec { pname = "graphviz"; - version = "7.0.0"; + version = "7.0.2"; src = fetchFromGitLab { owner = "graphviz"; repo = "graphviz"; rev = version; - sha256 = "sha256-n+g4XNTSbCXOoL7JIE6uP9AZJj3YDfTG9EcmUA+r8hY="; + hash = "sha256-iCpIKTGXZ1R3mbpbwv5ztdtjY7p9/NsJlA6u5lfpgdY="; }; nativeBuildInputs = [ @@ -65,26 +65,15 @@ stdenv.mkDerivation rec { configureFlags = [ "--with-ltdl-lib=${libtool.lib}/lib" "--with-ltdl-include=${libtool}/include" - ] ++ lib.optional (xorg == null) "--without-x"; + ] ++ optional (xorg == null) "--without-x"; enableParallelBuilding = true; - CPPFLAGS = lib.optionalString (withXorg && stdenv.isDarwin) + CPPFLAGS = optionalString (withXorg && stdenv.isDarwin) "-I${cairo.dev}/include/cairo"; - # '' - # substituteInPlace rtest/rtest.sh \ - # --replace "/bin/ksh" "${mksh}/bin/mksh" - # ''; - doCheck = false; # fails with "Graphviz test suite requires ksh93" which is not in nixpkgs - postPatch = '' - for f in $(find . -name Makefile.in); do - substituteInPlace $f --replace "-lstdc++" "-lc++" - done - ''; - preAutoreconf = "./autogen.sh"; postFixup = optionalString withXorg '' From a774e052e6c00a979ca5d7f525a39b861c9c6d3b Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Sandro=20J=C3=A4ckel?= Date: Fri, 25 Nov 2022 19:34:36 +0100 Subject: [PATCH 120/132] hunspell: fix hash --- pkgs/development/libraries/hunspell/default.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/pkgs/development/libraries/hunspell/default.nix b/pkgs/development/libraries/hunspell/default.nix index 8b82af586704..66441a911607 100644 --- a/pkgs/development/libraries/hunspell/default.nix +++ b/pkgs/development/libraries/hunspell/default.nix @@ -8,7 +8,7 @@ stdenv.mkDerivation rec { owner = "hunspell"; repo = "hunspell"; rev = "v${version}"; - sha256 = "sha256-YSJztik0QTZFNR8k8Xu1hakyE16NziDavYVkEUCbtGM="; + sha256 = "sha256-J1kgNUElRO63mtU62qU7asf7hht9oyplMIO9I/E6BPU="; }; outputs = [ "bin" "dev" "out" "man" ]; From 7227dfb7d8fd9daf6479c8e08c69ddf768eea1a3 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Vladim=C3=ADr=20=C4=8Cun=C3=A1t?= Date: Sun, 27 Nov 2022 18:15:02 +0100 Subject: [PATCH 121/132] man-db: 2.11.0 -> 2.11.1 https://gitlab.com/man-db/man-db/-/blob/2.11.1/NEWS.md --- pkgs/tools/misc/man-db/default.nix | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/pkgs/tools/misc/man-db/default.nix b/pkgs/tools/misc/man-db/default.nix index ba287bf45794..13246255d7ac 100644 --- a/pkgs/tools/misc/man-db/default.nix +++ b/pkgs/tools/misc/man-db/default.nix @@ -16,11 +16,11 @@ stdenv.mkDerivation rec { pname = "man-db"; - version = "2.11.0"; + version = "2.11.1"; src = fetchurl { url = "mirror://savannah/man-db/man-db-${version}.tar.xz"; - sha256 = "sha256-QTDhpiQSgDWe9eJdrsaFUzwKGTBnSRYgKrBXnlojLFE="; + sha256 = "sha256-LquqUlE0mEfenJ5DxjTZhsvMb4dkLR2cuGCOwYSHtsw="; }; outputs = [ "out" "doc" ]; From e7d9b0b19dcf8aad5905992bda555e376931378e Mon Sep 17 00:00:00 2001 From: Thiago Kenji Okada Date: Sun, 27 Nov 2022 22:37:25 +0000 Subject: [PATCH 122/132] python27: add patches for known security issues Add patches from Arch Linux package (that itself source its patches from Gentoo) to the following known security issues in Python 2.7: - CVE-2020-26116 - CVE-2020-27619 - CVE-2020-8492 This should cover all security issues currently listed in https://www.activestate.com/products/python/python-2-end-of-life-security-updates/. --- .../python/cpython/2.7/CVE-2020-26116.patch | 93 ++++++++ .../python/cpython/2.7/CVE-2020-27619.patch | 73 ++++++ .../python/cpython/2.7/CVE-2020-8492.patch | 213 ++++++++++++++++++ .../python/cpython/2.7/default.nix | 7 +- 4 files changed, 383 insertions(+), 3 deletions(-) create mode 100644 pkgs/development/interpreters/python/cpython/2.7/CVE-2020-26116.patch create mode 100644 pkgs/development/interpreters/python/cpython/2.7/CVE-2020-27619.patch create mode 100644 pkgs/development/interpreters/python/cpython/2.7/CVE-2020-8492.patch diff --git a/pkgs/development/interpreters/python/cpython/2.7/CVE-2020-26116.patch b/pkgs/development/interpreters/python/cpython/2.7/CVE-2020-26116.patch new file mode 100644 index 000000000000..8f57119601ab --- /dev/null +++ b/pkgs/development/interpreters/python/cpython/2.7/CVE-2020-26116.patch @@ -0,0 +1,93 @@ +From 138e2caeb4827ccfd1eaff2cf63afb79dfeeb3c4 Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Micha=C5=82=20G=C3=B3rny?= +Date: Thu, 10 Sep 2020 13:39:48 +0200 +Subject: [PATCH 03/36] bpo-39603: Prevent header injection in http methods + (GH-18485) (GH-21539) + +reject control chars in http method in http.client.putrequest to prevent http header injection +(cherry picked from commit 8ca8a2e8fb068863c1138f07e3098478ef8be12e) + +Co-authored-by: AMIR <31338382+amiremohamadi@users.noreply.github.com> + +[rebased for py2.7] +--- + Lib/httplib.py | 17 +++++++++++++++++ + Lib/test/test_httplib.py | 20 ++++++++++++++++++++ + 2 files changed, 37 insertions(+) + +diff --git a/Lib/httplib.py b/Lib/httplib.py +index fcc4152aaf..81a08d5d71 100644 +--- a/Lib/httplib.py ++++ b/Lib/httplib.py +@@ -257,6 +257,10 @@ _contains_disallowed_url_pchar_re = re.compile('[\x00-\x20\x7f-\xff]') + # _is_allowed_url_pchars_re = re.compile(r"^[/!$&'()*+,;=:@%a-zA-Z0-9._~-]+$") + # We are more lenient for assumed real world compatibility purposes. + ++# These characters are not allowed within HTTP method names ++# to prevent http header injection. ++_contains_disallowed_method_pchar_re = re.compile('[\x00-\x1f]') ++ + # We always set the Content-Length header for these methods because some + # servers will otherwise respond with a 411 + _METHODS_EXPECTING_BODY = {'PATCH', 'POST', 'PUT'} +@@ -935,6 +939,8 @@ class HTTPConnection: + else: + raise CannotSendRequest() + ++ self._validate_method(method) ++ + # Save the method for use later in the response phase + self._method = method + +@@ -1020,6 +1026,17 @@ class HTTPConnection: + # On Python 2, request is already encoded (default) + return request + ++ def _validate_method(self, method): ++ """Validate a method name for putrequest.""" ++ # prevent http header injection ++ match = _contains_disallowed_method_pchar_re.search(method) ++ if match: ++ msg = ( ++ "method can't contain control characters. {method!r} " ++ "(found at least {matched!r})" ++ ).format(matched=match.group(), method=method) ++ raise ValueError(msg) ++ + def _validate_path(self, url): + """Validate a url for putrequest.""" + # Prevent CVE-2019-9740. +diff --git a/Lib/test/test_httplib.py b/Lib/test/test_httplib.py +index d8a57f7353..e20a0986dc 100644 +--- a/Lib/test/test_httplib.py ++++ b/Lib/test/test_httplib.py +@@ -384,6 +384,26 @@ class HeaderTests(TestCase): + with self.assertRaisesRegexp(ValueError, 'Invalid header'): + conn.putheader(name, value) + ++ def test_invalid_method_names(self): ++ methods = ( ++ 'GET\r', ++ 'POST\n', ++ 'PUT\n\r', ++ 'POST\nValue', ++ 'POST\nHOST:abc', ++ 'GET\nrHost:abc\n', ++ 'POST\rRemainder:\r', ++ 'GET\rHOST:\n', ++ '\nPUT' ++ ) ++ ++ for method in methods: ++ with self.assertRaisesRegexp( ++ ValueError, "method can't contain control characters"): ++ conn = httplib.HTTPConnection('example.com') ++ conn.sock = FakeSocket(None) ++ conn.request(method=method, url="/") ++ + + class BasicTest(TestCase): + def test_status_lines(self): +-- +2.38.1 + diff --git a/pkgs/development/interpreters/python/cpython/2.7/CVE-2020-27619.patch b/pkgs/development/interpreters/python/cpython/2.7/CVE-2020-27619.patch new file mode 100644 index 000000000000..9705b59c6b4e --- /dev/null +++ b/pkgs/development/interpreters/python/cpython/2.7/CVE-2020-27619.patch @@ -0,0 +1,73 @@ +From 6a6c4240fa1e628dbcca09fdde39aea4d8eb6138 Mon Sep 17 00:00:00 2001 +From: "Miss Skeleton (bot)" <31488909+miss-islington@users.noreply.github.com> +Date: Mon, 19 Oct 2020 21:46:10 -0700 +Subject: [PATCH 05/36] bpo-41944: No longer call eval() on content received + via HTTP in the CJK codec tests (GH-22566) (GH-22579) +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +(cherry picked from commit 2ef5caa58febc8968e670e39e3d37cf8eef3cab8) + +Co-authored-by: Serhiy Storchaka + +Rebased for Python 2.7 by Michał Górny +--- + Lib/test/multibytecodec_support.py | 23 +++++++------------ + .../2020-10-05-17-43-46.bpo-41944.rf1dYb.rst | 1 + + 2 files changed, 9 insertions(+), 15 deletions(-) + create mode 100644 Misc/NEWS.d/next/Tests/2020-10-05-17-43-46.bpo-41944.rf1dYb.rst + +diff --git a/Lib/test/multibytecodec_support.py b/Lib/test/multibytecodec_support.py +index 5b2329b6d8..b7d7a3aba7 100644 +--- a/Lib/test/multibytecodec_support.py ++++ b/Lib/test/multibytecodec_support.py +@@ -279,30 +279,23 @@ class TestBase_Mapping(unittest.TestCase): + self._test_mapping_file_plain() + + def _test_mapping_file_plain(self): +- _unichr = lambda c: eval("u'\\U%08x'" % int(c, 16)) +- unichrs = lambda s: u''.join(_unichr(c) for c in s.split('+')) ++ def unichrs(s): ++ return ''.join(chr(int(x, 16)) for x in s.split('+')) ++ + urt_wa = {} + + with self.open_mapping_file() as f: + for line in f: + if not line: + break +- data = line.split('#')[0].strip().split() ++ data = line.split('#')[0].split() + if len(data) != 2: + continue + +- csetval = eval(data[0]) +- if csetval <= 0x7F: +- csetch = chr(csetval & 0xff) +- elif csetval >= 0x1000000: +- csetch = chr(csetval >> 24) + chr((csetval >> 16) & 0xff) + \ +- chr((csetval >> 8) & 0xff) + chr(csetval & 0xff) +- elif csetval >= 0x10000: +- csetch = chr(csetval >> 16) + \ +- chr((csetval >> 8) & 0xff) + chr(csetval & 0xff) +- elif csetval >= 0x100: +- csetch = chr(csetval >> 8) + chr(csetval & 0xff) +- else: ++ if data[0][:2] != '0x': ++ self.fail("Invalid line: {line!r}".format(line=line)) ++ csetch = bytes.fromhex(data[0][2:]) ++ if len(csetch) == 1 and 0x80 <= csetch[0]: + continue + + unich = unichrs(data[1]) +diff --git a/Misc/NEWS.d/next/Tests/2020-10-05-17-43-46.bpo-41944.rf1dYb.rst b/Misc/NEWS.d/next/Tests/2020-10-05-17-43-46.bpo-41944.rf1dYb.rst +new file mode 100644 +index 0000000000..4f9782f1c8 +--- /dev/null ++++ b/Misc/NEWS.d/next/Tests/2020-10-05-17-43-46.bpo-41944.rf1dYb.rst +@@ -0,0 +1 @@ ++Tests for CJK codecs no longer call ``eval()`` on content received via HTTP. +-- +2.38.1 + diff --git a/pkgs/development/interpreters/python/cpython/2.7/CVE-2020-8492.patch b/pkgs/development/interpreters/python/cpython/2.7/CVE-2020-8492.patch new file mode 100644 index 000000000000..de21686b4edf --- /dev/null +++ b/pkgs/development/interpreters/python/cpython/2.7/CVE-2020-8492.patch @@ -0,0 +1,213 @@ +From 2273e65e11dd0234f2f51ebaef61fc6e848d4059 Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Micha=C5=82=20G=C3=B3rny?= +Date: Thu, 10 Sep 2020 13:35:39 +0200 +Subject: [PATCH 02/36] bpo-39503: CVE-2020-8492: Fix AbstractBasicAuthHandler + (GH-18284) (GH-19304) + +The AbstractBasicAuthHandler class of the urllib.request module uses +an inefficient regular expression which can be exploited by an +attacker to cause a denial of service. Fix the regex to prevent the +catastrophic backtracking. Vulnerability reported by Ben Caller +and Matt Schwager. + +AbstractBasicAuthHandler of urllib.request now parses all +WWW-Authenticate HTTP headers and accepts multiple challenges per +header: use the realm of the first Basic challenge. + +Co-Authored-By: Serhiy Storchaka +(cherry picked from commit 0b297d4ff1c0e4480ad33acae793fbaf4bf015b4) + +[rebased for py2.7] +--- + Lib/test/test_urllib2.py | 81 ++++++++++++++++++++++++++-------------- + Lib/urllib2.py | 60 +++++++++++++++++++++++------ + 2 files changed, 101 insertions(+), 40 deletions(-) + +diff --git a/Lib/test/test_urllib2.py b/Lib/test/test_urllib2.py +index 20a0f58143..0adbb13c43 100644 +--- a/Lib/test/test_urllib2.py ++++ b/Lib/test/test_urllib2.py +@@ -1128,42 +1128,67 @@ class HandlerTests(unittest.TestCase): + self.assertEqual(req.get_host(), "proxy.example.com:3128") + self.assertEqual(req.get_header("Proxy-authorization"),"FooBar") + +- def test_basic_auth(self, quote_char='"'): ++ def check_basic_auth(self, headers, realm): + opener = OpenerDirector() + password_manager = MockPasswordManager() + auth_handler = urllib2.HTTPBasicAuthHandler(password_manager) +- realm = "ACME Widget Store" +- http_handler = MockHTTPHandler( +- 401, 'WWW-Authenticate: Basic realm=%s%s%s\r\n\r\n' % +- (quote_char, realm, quote_char) ) ++ body = '\r\n'.join(headers) + '\r\n\r\n' ++ http_handler = MockHTTPHandler(401, body) + opener.add_handler(auth_handler) + opener.add_handler(http_handler) + self._test_basic_auth(opener, auth_handler, "Authorization", + realm, http_handler, password_manager, + "http://acme.example.com/protected", +- "http://acme.example.com/protected" +- ) +- +- def test_basic_auth_with_single_quoted_realm(self): +- self.test_basic_auth(quote_char="'") +- +- def test_basic_auth_with_unquoted_realm(self): +- opener = OpenerDirector() +- password_manager = MockPasswordManager() +- auth_handler = urllib2.HTTPBasicAuthHandler(password_manager) +- realm = "ACME Widget Store" +- http_handler = MockHTTPHandler( +- 401, 'WWW-Authenticate: Basic realm=%s\r\n\r\n' % realm) +- opener.add_handler(auth_handler) +- opener.add_handler(http_handler) +- msg = "Basic Auth Realm was unquoted" +- with test_support.check_warnings((msg, UserWarning)): +- self._test_basic_auth(opener, auth_handler, "Authorization", +- realm, http_handler, password_manager, +- "http://acme.example.com/protected", +- "http://acme.example.com/protected" +- ) +- ++ "http://acme.example.com/protected") ++ ++ def test_basic_auth(self): ++ realm = "realm2@example.com" ++ realm2 = "realm2@example.com" ++ basic = 'Basic realm="{realm}"'.format(realm=realm) ++ basic2 = 'Basic realm="{realm2}"'.format(realm2=realm2) ++ other_no_realm = 'Otherscheme xxx' ++ digest = ('Digest realm="{realm2}", ' ++ 'qop="auth, auth-int", ' ++ 'nonce="dcd98b7102dd2f0e8b11d0f600bfb0c093", ' ++ 'opaque="5ccc069c403ebaf9f0171e9517f40e41"' ++ .format(realm2=realm2)) ++ for realm_str in ( ++ # test "quote" and 'quote' ++ 'Basic realm="{realm}"'.format(realm=realm), ++ "Basic realm='{realm}'".format(realm=realm), ++ ++ # charset is ignored ++ 'Basic realm="{realm}", charset="UTF-8"'.format(realm=realm), ++ ++ # Multiple challenges per header ++ ', '.join((basic, basic2)), ++ ', '.join((basic, other_no_realm)), ++ ', '.join((other_no_realm, basic)), ++ ', '.join((basic, digest)), ++ ', '.join((digest, basic)), ++ ): ++ headers = ['WWW-Authenticate: {realm_str}' ++ .format(realm_str=realm_str)] ++ self.check_basic_auth(headers, realm) ++ ++ # no quote: expect a warning ++ with test_support.check_warnings(("Basic Auth Realm was unquoted", ++ UserWarning)): ++ headers = ['WWW-Authenticate: Basic realm={realm}' ++ .format(realm=realm)] ++ self.check_basic_auth(headers, realm) ++ ++ # Multiple headers: one challenge per header. ++ # Use the first Basic realm. ++ for challenges in ( ++ [basic, basic2], ++ [basic, digest], ++ [digest, basic], ++ ): ++ headers = ['WWW-Authenticate: {challenge}' ++ .format(challenge=challenge) ++ for challenge in challenges] ++ self.check_basic_auth(headers, realm) + + def test_proxy_basic_auth(self): + opener = OpenerDirector() +diff --git a/Lib/urllib2.py b/Lib/urllib2.py +index 8b634ada37..b2d1fad6f2 100644 +--- a/Lib/urllib2.py ++++ b/Lib/urllib2.py +@@ -856,8 +856,15 @@ class AbstractBasicAuthHandler: + + # allow for double- and single-quoted realm values + # (single quotes are a violation of the RFC, but appear in the wild) +- rx = re.compile('(?:.*,)*[ \t]*([^ \t]+)[ \t]+' +- 'realm=(["\']?)([^"\']*)\\2', re.I) ++ rx = re.compile('(?:^|,)' # start of the string or ',' ++ '[ \t]*' # optional whitespaces ++ '([^ \t]+)' # scheme like "Basic" ++ '[ \t]+' # mandatory whitespaces ++ # realm=xxx ++ # realm='xxx' ++ # realm="xxx" ++ 'realm=(["\']?)([^"\']*)\\2', ++ re.I) + + # XXX could pre-emptively send auth info already accepted (RFC 2617, + # end of section 2, and section 1.2 immediately after "credentials" +@@ -869,23 +876,52 @@ class AbstractBasicAuthHandler: + self.passwd = password_mgr + self.add_password = self.passwd.add_password + ++ def _parse_realm(self, header): ++ # parse WWW-Authenticate header: accept multiple challenges per header ++ found_challenge = False ++ for mo in AbstractBasicAuthHandler.rx.finditer(header): ++ scheme, quote, realm = mo.groups() ++ if quote not in ['"', "'"]: ++ warnings.warn("Basic Auth Realm was unquoted", ++ UserWarning, 3) ++ ++ yield (scheme, realm) ++ ++ found_challenge = True ++ ++ if not found_challenge: ++ if header: ++ scheme = header.split()[0] ++ else: ++ scheme = '' ++ yield (scheme, None) + + def http_error_auth_reqed(self, authreq, host, req, headers): + # host may be an authority (without userinfo) or a URL with an + # authority +- # XXX could be multiple headers +- authreq = headers.get(authreq, None) ++ headers = headers.getheaders(authreq) ++ if not headers: ++ # no header found ++ return + +- if authreq: +- mo = AbstractBasicAuthHandler.rx.search(authreq) +- if mo: +- scheme, quote, realm = mo.groups() +- if quote not in ['"', "'"]: +- warnings.warn("Basic Auth Realm was unquoted", +- UserWarning, 2) +- if scheme.lower() == 'basic': ++ unsupported = None ++ for header in headers: ++ for scheme, realm in self._parse_realm(header): ++ if scheme.lower() != 'basic': ++ unsupported = scheme ++ continue ++ ++ if realm is not None: ++ # Use the first matching Basic challenge. ++ # Ignore following challenges even if they use the Basic ++ # scheme. + return self.retry_http_basic_auth(host, req, realm) + ++ if unsupported is not None: ++ raise ValueError("AbstractBasicAuthHandler does not " ++ "support the following scheme: %r" ++ % (scheme,)) ++ + def retry_http_basic_auth(self, host, req, realm): + user, pw = self.passwd.find_user_password(realm, host) + if pw is not None: +-- +2.38.1 + diff --git a/pkgs/development/interpreters/python/cpython/2.7/default.nix b/pkgs/development/interpreters/python/cpython/2.7/default.nix index 25446f5fca89..25bb60916911 100644 --- a/pkgs/development/interpreters/python/cpython/2.7/default.nix +++ b/pkgs/development/interpreters/python/cpython/2.7/default.nix @@ -120,11 +120,12 @@ let # Backport from CPython 3.8 of a good list of tests to run for PGO. ./profile-task.patch - # Patch is likely to go away in the next release (if there is any) + # https://www.activestate.com/products/python/python-2-end-of-life-security-updates/ ./CVE-2019-20907.patch - + ./CVE-2020-8492.patch + ./CVE-2020-26116.patch + ./CVE-2020-27619.patch ./CVE-2021-3177.patch - ./CVE-2021-23336.patch # The workaround is for unittests on Win64, which we don't support. From caf8e0091d294c6f343e792a138d0397ffcf0919 Mon Sep 17 00:00:00 2001 From: Rouven Czerwinski Date: Mon, 28 Nov 2022 07:33:45 +0100 Subject: [PATCH 123/132] meta: 22.2.3 -> 22.2.4 https://docs.mesa3d.org/relnotes/22.2.4.html --- pkgs/development/libraries/mesa/default.nix | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/pkgs/development/libraries/mesa/default.nix b/pkgs/development/libraries/mesa/default.nix index 54c1e8acf041..bcc34905a23f 100644 --- a/pkgs/development/libraries/mesa/default.nix +++ b/pkgs/development/libraries/mesa/default.nix @@ -37,7 +37,7 @@ with lib; let # Release calendar: https://www.mesa3d.org/release-calendar.html # Release frequency: https://www.mesa3d.org/releasing.html#schedule - version = "22.2.3"; + version = "22.2.4"; branch = versions.major version; self = stdenv.mkDerivation { @@ -52,7 +52,7 @@ self = stdenv.mkDerivation { "ftp://ftp.freedesktop.org/pub/mesa/${version}/mesa-${version}.tar.xz" "ftp://ftp.freedesktop.org/pub/mesa/older-versions/${branch}.x/${version}/mesa-${version}.tar.xz" ]; - sha256 = "ee7d026f7b1991dbae0861d359b671145c3a86f2a731353b885d2ea2d5c098d6"; + sha256 = "sha256-ZddrU8pce0YBng6OW0FN5F0v7NP81xcH9sO8dpHJ96s="; }; # TODO: From 14334cb68316f32552b750a6afaf7cb92bfbf4fc Mon Sep 17 00:00:00 2001 From: Thiago Kenji Okada Date: Mon, 28 Nov 2022 09:36:45 +0000 Subject: [PATCH 124/132] python27: switch to ActiveState's fork for Python 2 ActiveState is a company that is maintaining a fork of Python 2 to fixes its security issues. Their support is paid, however the code is open-source. See the details here: https://www.activestate.com/products/python/python-2-end-of-life-security-updates/ This enable us to drop a bunch of CVE's patches for Python 2.7 and also it should be easier to maintain, since we can just bump the version once ActiveState tags a new version. --- .../python/cpython/2.7/CVE-2019-20907.patch | 24 -- .../python/cpython/2.7/CVE-2020-26116.patch | 93 ----- .../python/cpython/2.7/CVE-2020-27619.patch | 73 ---- .../python/cpython/2.7/CVE-2020-8492.patch | 213 ---------- .../python/cpython/2.7/CVE-2021-23336.patch | 390 ------------------ .../python/cpython/2.7/CVE-2021-3177.patch | 181 -------- .../python/cpython/2.7/default.nix | 16 +- .../interpreters/python/default.nix | 4 +- 8 files changed, 7 insertions(+), 987 deletions(-) delete mode 100644 pkgs/development/interpreters/python/cpython/2.7/CVE-2019-20907.patch delete mode 100644 pkgs/development/interpreters/python/cpython/2.7/CVE-2020-26116.patch delete mode 100644 pkgs/development/interpreters/python/cpython/2.7/CVE-2020-27619.patch delete mode 100644 pkgs/development/interpreters/python/cpython/2.7/CVE-2020-8492.patch delete mode 100644 pkgs/development/interpreters/python/cpython/2.7/CVE-2021-23336.patch delete mode 100644 pkgs/development/interpreters/python/cpython/2.7/CVE-2021-3177.patch diff --git a/pkgs/development/interpreters/python/cpython/2.7/CVE-2019-20907.patch b/pkgs/development/interpreters/python/cpython/2.7/CVE-2019-20907.patch deleted file mode 100644 index cf67ae2b51be..000000000000 --- a/pkgs/development/interpreters/python/cpython/2.7/CVE-2019-20907.patch +++ /dev/null @@ -1,24 +0,0 @@ -From 5a8d121a1f3ef5ad7c105ee378cc79a3eac0c7d4 Mon Sep 17 00:00:00 2001 -From: Rishi -Date: Wed, 15 Jul 2020 13:51:00 +0200 -Subject: [PATCH] bpo-39017: Avoid infinite loop in the tarfile module - (GH-21454) - -Avoid infinite loop when reading specially crafted TAR files using the tarfile module -(CVE-2019-20907). ---- - Lib/tarfile.py | 2 ++ - -diff --git a/Lib/tarfile.py b/Lib/tarfile.py -index e2b60532f6..6769066cab 100755 ---- a/Lib/tarfile.py -+++ b/Lib/tarfile.py -@@ -1249,6 +1249,8 @@ class TarInfo(object): - - length, keyword = match.groups() - length = int(length) -+ if length == 0: -+ raise InvalidHeaderError("invalid header") - value = buf[match.end(2) + 1:match.start(1) + length - 1] - - # Normally, we could just use "utf-8" as the encoding and "strict" diff --git a/pkgs/development/interpreters/python/cpython/2.7/CVE-2020-26116.patch b/pkgs/development/interpreters/python/cpython/2.7/CVE-2020-26116.patch deleted file mode 100644 index 8f57119601ab..000000000000 --- a/pkgs/development/interpreters/python/cpython/2.7/CVE-2020-26116.patch +++ /dev/null @@ -1,93 +0,0 @@ -From 138e2caeb4827ccfd1eaff2cf63afb79dfeeb3c4 Mon Sep 17 00:00:00 2001 -From: =?UTF-8?q?Micha=C5=82=20G=C3=B3rny?= -Date: Thu, 10 Sep 2020 13:39:48 +0200 -Subject: [PATCH 03/36] bpo-39603: Prevent header injection in http methods - (GH-18485) (GH-21539) - -reject control chars in http method in http.client.putrequest to prevent http header injection -(cherry picked from commit 8ca8a2e8fb068863c1138f07e3098478ef8be12e) - -Co-authored-by: AMIR <31338382+amiremohamadi@users.noreply.github.com> - -[rebased for py2.7] ---- - Lib/httplib.py | 17 +++++++++++++++++ - Lib/test/test_httplib.py | 20 ++++++++++++++++++++ - 2 files changed, 37 insertions(+) - -diff --git a/Lib/httplib.py b/Lib/httplib.py -index fcc4152aaf..81a08d5d71 100644 ---- a/Lib/httplib.py -+++ b/Lib/httplib.py -@@ -257,6 +257,10 @@ _contains_disallowed_url_pchar_re = re.compile('[\x00-\x20\x7f-\xff]') - # _is_allowed_url_pchars_re = re.compile(r"^[/!$&'()*+,;=:@%a-zA-Z0-9._~-]+$") - # We are more lenient for assumed real world compatibility purposes. - -+# These characters are not allowed within HTTP method names -+# to prevent http header injection. -+_contains_disallowed_method_pchar_re = re.compile('[\x00-\x1f]') -+ - # We always set the Content-Length header for these methods because some - # servers will otherwise respond with a 411 - _METHODS_EXPECTING_BODY = {'PATCH', 'POST', 'PUT'} -@@ -935,6 +939,8 @@ class HTTPConnection: - else: - raise CannotSendRequest() - -+ self._validate_method(method) -+ - # Save the method for use later in the response phase - self._method = method - -@@ -1020,6 +1026,17 @@ class HTTPConnection: - # On Python 2, request is already encoded (default) - return request - -+ def _validate_method(self, method): -+ """Validate a method name for putrequest.""" -+ # prevent http header injection -+ match = _contains_disallowed_method_pchar_re.search(method) -+ if match: -+ msg = ( -+ "method can't contain control characters. {method!r} " -+ "(found at least {matched!r})" -+ ).format(matched=match.group(), method=method) -+ raise ValueError(msg) -+ - def _validate_path(self, url): - """Validate a url for putrequest.""" - # Prevent CVE-2019-9740. -diff --git a/Lib/test/test_httplib.py b/Lib/test/test_httplib.py -index d8a57f7353..e20a0986dc 100644 ---- a/Lib/test/test_httplib.py -+++ b/Lib/test/test_httplib.py -@@ -384,6 +384,26 @@ class HeaderTests(TestCase): - with self.assertRaisesRegexp(ValueError, 'Invalid header'): - conn.putheader(name, value) - -+ def test_invalid_method_names(self): -+ methods = ( -+ 'GET\r', -+ 'POST\n', -+ 'PUT\n\r', -+ 'POST\nValue', -+ 'POST\nHOST:abc', -+ 'GET\nrHost:abc\n', -+ 'POST\rRemainder:\r', -+ 'GET\rHOST:\n', -+ '\nPUT' -+ ) -+ -+ for method in methods: -+ with self.assertRaisesRegexp( -+ ValueError, "method can't contain control characters"): -+ conn = httplib.HTTPConnection('example.com') -+ conn.sock = FakeSocket(None) -+ conn.request(method=method, url="/") -+ - - class BasicTest(TestCase): - def test_status_lines(self): --- -2.38.1 - diff --git a/pkgs/development/interpreters/python/cpython/2.7/CVE-2020-27619.patch b/pkgs/development/interpreters/python/cpython/2.7/CVE-2020-27619.patch deleted file mode 100644 index 9705b59c6b4e..000000000000 --- a/pkgs/development/interpreters/python/cpython/2.7/CVE-2020-27619.patch +++ /dev/null @@ -1,73 +0,0 @@ -From 6a6c4240fa1e628dbcca09fdde39aea4d8eb6138 Mon Sep 17 00:00:00 2001 -From: "Miss Skeleton (bot)" <31488909+miss-islington@users.noreply.github.com> -Date: Mon, 19 Oct 2020 21:46:10 -0700 -Subject: [PATCH 05/36] bpo-41944: No longer call eval() on content received - via HTTP in the CJK codec tests (GH-22566) (GH-22579) -MIME-Version: 1.0 -Content-Type: text/plain; charset=UTF-8 -Content-Transfer-Encoding: 8bit - -(cherry picked from commit 2ef5caa58febc8968e670e39e3d37cf8eef3cab8) - -Co-authored-by: Serhiy Storchaka - -Rebased for Python 2.7 by Michał Górny ---- - Lib/test/multibytecodec_support.py | 23 +++++++------------ - .../2020-10-05-17-43-46.bpo-41944.rf1dYb.rst | 1 + - 2 files changed, 9 insertions(+), 15 deletions(-) - create mode 100644 Misc/NEWS.d/next/Tests/2020-10-05-17-43-46.bpo-41944.rf1dYb.rst - -diff --git a/Lib/test/multibytecodec_support.py b/Lib/test/multibytecodec_support.py -index 5b2329b6d8..b7d7a3aba7 100644 ---- a/Lib/test/multibytecodec_support.py -+++ b/Lib/test/multibytecodec_support.py -@@ -279,30 +279,23 @@ class TestBase_Mapping(unittest.TestCase): - self._test_mapping_file_plain() - - def _test_mapping_file_plain(self): -- _unichr = lambda c: eval("u'\\U%08x'" % int(c, 16)) -- unichrs = lambda s: u''.join(_unichr(c) for c in s.split('+')) -+ def unichrs(s): -+ return ''.join(chr(int(x, 16)) for x in s.split('+')) -+ - urt_wa = {} - - with self.open_mapping_file() as f: - for line in f: - if not line: - break -- data = line.split('#')[0].strip().split() -+ data = line.split('#')[0].split() - if len(data) != 2: - continue - -- csetval = eval(data[0]) -- if csetval <= 0x7F: -- csetch = chr(csetval & 0xff) -- elif csetval >= 0x1000000: -- csetch = chr(csetval >> 24) + chr((csetval >> 16) & 0xff) + \ -- chr((csetval >> 8) & 0xff) + chr(csetval & 0xff) -- elif csetval >= 0x10000: -- csetch = chr(csetval >> 16) + \ -- chr((csetval >> 8) & 0xff) + chr(csetval & 0xff) -- elif csetval >= 0x100: -- csetch = chr(csetval >> 8) + chr(csetval & 0xff) -- else: -+ if data[0][:2] != '0x': -+ self.fail("Invalid line: {line!r}".format(line=line)) -+ csetch = bytes.fromhex(data[0][2:]) -+ if len(csetch) == 1 and 0x80 <= csetch[0]: - continue - - unich = unichrs(data[1]) -diff --git a/Misc/NEWS.d/next/Tests/2020-10-05-17-43-46.bpo-41944.rf1dYb.rst b/Misc/NEWS.d/next/Tests/2020-10-05-17-43-46.bpo-41944.rf1dYb.rst -new file mode 100644 -index 0000000000..4f9782f1c8 ---- /dev/null -+++ b/Misc/NEWS.d/next/Tests/2020-10-05-17-43-46.bpo-41944.rf1dYb.rst -@@ -0,0 +1 @@ -+Tests for CJK codecs no longer call ``eval()`` on content received via HTTP. --- -2.38.1 - diff --git a/pkgs/development/interpreters/python/cpython/2.7/CVE-2020-8492.patch b/pkgs/development/interpreters/python/cpython/2.7/CVE-2020-8492.patch deleted file mode 100644 index de21686b4edf..000000000000 --- a/pkgs/development/interpreters/python/cpython/2.7/CVE-2020-8492.patch +++ /dev/null @@ -1,213 +0,0 @@ -From 2273e65e11dd0234f2f51ebaef61fc6e848d4059 Mon Sep 17 00:00:00 2001 -From: =?UTF-8?q?Micha=C5=82=20G=C3=B3rny?= -Date: Thu, 10 Sep 2020 13:35:39 +0200 -Subject: [PATCH 02/36] bpo-39503: CVE-2020-8492: Fix AbstractBasicAuthHandler - (GH-18284) (GH-19304) - -The AbstractBasicAuthHandler class of the urllib.request module uses -an inefficient regular expression which can be exploited by an -attacker to cause a denial of service. Fix the regex to prevent the -catastrophic backtracking. Vulnerability reported by Ben Caller -and Matt Schwager. - -AbstractBasicAuthHandler of urllib.request now parses all -WWW-Authenticate HTTP headers and accepts multiple challenges per -header: use the realm of the first Basic challenge. - -Co-Authored-By: Serhiy Storchaka -(cherry picked from commit 0b297d4ff1c0e4480ad33acae793fbaf4bf015b4) - -[rebased for py2.7] ---- - Lib/test/test_urllib2.py | 81 ++++++++++++++++++++++++++-------------- - Lib/urllib2.py | 60 +++++++++++++++++++++++------ - 2 files changed, 101 insertions(+), 40 deletions(-) - -diff --git a/Lib/test/test_urllib2.py b/Lib/test/test_urllib2.py -index 20a0f58143..0adbb13c43 100644 ---- a/Lib/test/test_urllib2.py -+++ b/Lib/test/test_urllib2.py -@@ -1128,42 +1128,67 @@ class HandlerTests(unittest.TestCase): - self.assertEqual(req.get_host(), "proxy.example.com:3128") - self.assertEqual(req.get_header("Proxy-authorization"),"FooBar") - -- def test_basic_auth(self, quote_char='"'): -+ def check_basic_auth(self, headers, realm): - opener = OpenerDirector() - password_manager = MockPasswordManager() - auth_handler = urllib2.HTTPBasicAuthHandler(password_manager) -- realm = "ACME Widget Store" -- http_handler = MockHTTPHandler( -- 401, 'WWW-Authenticate: Basic realm=%s%s%s\r\n\r\n' % -- (quote_char, realm, quote_char) ) -+ body = '\r\n'.join(headers) + '\r\n\r\n' -+ http_handler = MockHTTPHandler(401, body) - opener.add_handler(auth_handler) - opener.add_handler(http_handler) - self._test_basic_auth(opener, auth_handler, "Authorization", - realm, http_handler, password_manager, - "http://acme.example.com/protected", -- "http://acme.example.com/protected" -- ) -- -- def test_basic_auth_with_single_quoted_realm(self): -- self.test_basic_auth(quote_char="'") -- -- def test_basic_auth_with_unquoted_realm(self): -- opener = OpenerDirector() -- password_manager = MockPasswordManager() -- auth_handler = urllib2.HTTPBasicAuthHandler(password_manager) -- realm = "ACME Widget Store" -- http_handler = MockHTTPHandler( -- 401, 'WWW-Authenticate: Basic realm=%s\r\n\r\n' % realm) -- opener.add_handler(auth_handler) -- opener.add_handler(http_handler) -- msg = "Basic Auth Realm was unquoted" -- with test_support.check_warnings((msg, UserWarning)): -- self._test_basic_auth(opener, auth_handler, "Authorization", -- realm, http_handler, password_manager, -- "http://acme.example.com/protected", -- "http://acme.example.com/protected" -- ) -- -+ "http://acme.example.com/protected") -+ -+ def test_basic_auth(self): -+ realm = "realm2@example.com" -+ realm2 = "realm2@example.com" -+ basic = 'Basic realm="{realm}"'.format(realm=realm) -+ basic2 = 'Basic realm="{realm2}"'.format(realm2=realm2) -+ other_no_realm = 'Otherscheme xxx' -+ digest = ('Digest realm="{realm2}", ' -+ 'qop="auth, auth-int", ' -+ 'nonce="dcd98b7102dd2f0e8b11d0f600bfb0c093", ' -+ 'opaque="5ccc069c403ebaf9f0171e9517f40e41"' -+ .format(realm2=realm2)) -+ for realm_str in ( -+ # test "quote" and 'quote' -+ 'Basic realm="{realm}"'.format(realm=realm), -+ "Basic realm='{realm}'".format(realm=realm), -+ -+ # charset is ignored -+ 'Basic realm="{realm}", charset="UTF-8"'.format(realm=realm), -+ -+ # Multiple challenges per header -+ ', '.join((basic, basic2)), -+ ', '.join((basic, other_no_realm)), -+ ', '.join((other_no_realm, basic)), -+ ', '.join((basic, digest)), -+ ', '.join((digest, basic)), -+ ): -+ headers = ['WWW-Authenticate: {realm_str}' -+ .format(realm_str=realm_str)] -+ self.check_basic_auth(headers, realm) -+ -+ # no quote: expect a warning -+ with test_support.check_warnings(("Basic Auth Realm was unquoted", -+ UserWarning)): -+ headers = ['WWW-Authenticate: Basic realm={realm}' -+ .format(realm=realm)] -+ self.check_basic_auth(headers, realm) -+ -+ # Multiple headers: one challenge per header. -+ # Use the first Basic realm. -+ for challenges in ( -+ [basic, basic2], -+ [basic, digest], -+ [digest, basic], -+ ): -+ headers = ['WWW-Authenticate: {challenge}' -+ .format(challenge=challenge) -+ for challenge in challenges] -+ self.check_basic_auth(headers, realm) - - def test_proxy_basic_auth(self): - opener = OpenerDirector() -diff --git a/Lib/urllib2.py b/Lib/urllib2.py -index 8b634ada37..b2d1fad6f2 100644 ---- a/Lib/urllib2.py -+++ b/Lib/urllib2.py -@@ -856,8 +856,15 @@ class AbstractBasicAuthHandler: - - # allow for double- and single-quoted realm values - # (single quotes are a violation of the RFC, but appear in the wild) -- rx = re.compile('(?:.*,)*[ \t]*([^ \t]+)[ \t]+' -- 'realm=(["\']?)([^"\']*)\\2', re.I) -+ rx = re.compile('(?:^|,)' # start of the string or ',' -+ '[ \t]*' # optional whitespaces -+ '([^ \t]+)' # scheme like "Basic" -+ '[ \t]+' # mandatory whitespaces -+ # realm=xxx -+ # realm='xxx' -+ # realm="xxx" -+ 'realm=(["\']?)([^"\']*)\\2', -+ re.I) - - # XXX could pre-emptively send auth info already accepted (RFC 2617, - # end of section 2, and section 1.2 immediately after "credentials" -@@ -869,23 +876,52 @@ class AbstractBasicAuthHandler: - self.passwd = password_mgr - self.add_password = self.passwd.add_password - -+ def _parse_realm(self, header): -+ # parse WWW-Authenticate header: accept multiple challenges per header -+ found_challenge = False -+ for mo in AbstractBasicAuthHandler.rx.finditer(header): -+ scheme, quote, realm = mo.groups() -+ if quote not in ['"', "'"]: -+ warnings.warn("Basic Auth Realm was unquoted", -+ UserWarning, 3) -+ -+ yield (scheme, realm) -+ -+ found_challenge = True -+ -+ if not found_challenge: -+ if header: -+ scheme = header.split()[0] -+ else: -+ scheme = '' -+ yield (scheme, None) - - def http_error_auth_reqed(self, authreq, host, req, headers): - # host may be an authority (without userinfo) or a URL with an - # authority -- # XXX could be multiple headers -- authreq = headers.get(authreq, None) -+ headers = headers.getheaders(authreq) -+ if not headers: -+ # no header found -+ return - -- if authreq: -- mo = AbstractBasicAuthHandler.rx.search(authreq) -- if mo: -- scheme, quote, realm = mo.groups() -- if quote not in ['"', "'"]: -- warnings.warn("Basic Auth Realm was unquoted", -- UserWarning, 2) -- if scheme.lower() == 'basic': -+ unsupported = None -+ for header in headers: -+ for scheme, realm in self._parse_realm(header): -+ if scheme.lower() != 'basic': -+ unsupported = scheme -+ continue -+ -+ if realm is not None: -+ # Use the first matching Basic challenge. -+ # Ignore following challenges even if they use the Basic -+ # scheme. - return self.retry_http_basic_auth(host, req, realm) - -+ if unsupported is not None: -+ raise ValueError("AbstractBasicAuthHandler does not " -+ "support the following scheme: %r" -+ % (scheme,)) -+ - def retry_http_basic_auth(self, host, req, realm): - user, pw = self.passwd.find_user_password(realm, host) - if pw is not None: --- -2.38.1 - diff --git a/pkgs/development/interpreters/python/cpython/2.7/CVE-2021-23336.patch b/pkgs/development/interpreters/python/cpython/2.7/CVE-2021-23336.patch deleted file mode 100644 index 760d0e7eed8e..000000000000 --- a/pkgs/development/interpreters/python/cpython/2.7/CVE-2021-23336.patch +++ /dev/null @@ -1,390 +0,0 @@ -From e7b005c05dbdbce967a409abd71641281a8604bf Mon Sep 17 00:00:00 2001 -From: Senthil Kumaran -Date: Mon, 15 Feb 2021 11:16:43 -0800 -Subject: [PATCH 24/26] [3.6] bpo-42967: only use '&' as a query string - separator (GH-24297) (GH-24532) -MIME-Version: 1.0 -Content-Type: text/plain; charset=UTF-8 -Content-Transfer-Encoding: 8bit - -bpo-42967: [security] Address a web cache-poisoning issue reported in -urllib.parse.parse_qsl(). - -urllib.parse will only us "&" as query string separator by default -instead of both ";" and "&" as allowed in earlier versions. An optional -argument seperator with default value "&" is added to specify the -separator. - -Co-authored-by: Éric Araujo -Co-authored-by: Ken Jin <28750310+Fidget-Spinner@users.noreply.github.com> -Co-authored-by: Adam Goldschmidt - -Rebased for Python 2.7 by Michał Górny ---- - Doc/library/cgi.rst | 7 +++- - Doc/library/urlparse.rst | 23 ++++++++++- - Lib/cgi.py | 20 +++++++--- - Lib/test/test_cgi.py | 29 +++++++++++--- - Lib/test/test_urlparse.py | 38 +++++++++---------- - Lib/urlparse.py | 22 ++++++++--- - .../2021-02-14-15-59-16.bpo-42967.YApqDS.rst | 1 + - 7 files changed, 100 insertions(+), 40 deletions(-) - create mode 100644 Misc/NEWS.d/next/Security/2021-02-14-15-59-16.bpo-42967.YApqDS.rst - -diff --git a/Doc/library/cgi.rst b/Doc/library/cgi.rst -index ecd62c8c01..b85cdd8b61 100644 ---- a/Doc/library/cgi.rst -+++ b/Doc/library/cgi.rst -@@ -285,10 +285,10 @@ These are useful if you want more control, or if you want to employ some of the - algorithms implemented in this module in other circumstances. - - --.. function:: parse(fp[, environ[, keep_blank_values[, strict_parsing]]]) -+.. function:: parse(fp[, environ[, keep_blank_values[, strict_parsing]]], separator="&") - - Parse a query in the environment or from a file (the file defaults to -- ``sys.stdin`` and environment defaults to ``os.environ``). The *keep_blank_values* and *strict_parsing* parameters are -+ ``sys.stdin`` and environment defaults to ``os.environ``). The *keep_blank_values*, *strict_parsing* and *separator* parameters are - passed to :func:`urlparse.parse_qs` unchanged. - - -@@ -316,6 +316,9 @@ algorithms implemented in this module in other circumstances. - Note that this does not parse nested multipart parts --- use - :class:`FieldStorage` for that. - -+ .. versionchanged:: 3.6.13 -+ Added the *separator* parameter. -+ - - .. function:: parse_header(string) - -diff --git a/Doc/library/urlparse.rst b/Doc/library/urlparse.rst -index 0989c88c30..2f8e4c5a44 100644 ---- a/Doc/library/urlparse.rst -+++ b/Doc/library/urlparse.rst -@@ -136,7 +136,7 @@ The :mod:`urlparse` module defines the following functions: - now raise :exc:`ValueError`. - - --.. function:: parse_qs(qs[, keep_blank_values[, strict_parsing[, max_num_fields]]]) -+.. function:: parse_qs(qs[, keep_blank_values[, strict_parsing[, max_num_fields]]], separator='&') - - Parse a query string given as a string argument (data of type - :mimetype:`application/x-www-form-urlencoded`). Data are returned as a -@@ -157,6 +157,9 @@ The :mod:`urlparse` module defines the following functions: - read. If set, then throws a :exc:`ValueError` if there are more than - *max_num_fields* fields read. - -+ The optional argument *separator* is the symbol to use for separating the -+ query arguments. It defaults to ``&``. -+ - Use the :func:`urllib.urlencode` function to convert such dictionaries into - query strings. - -@@ -166,7 +169,14 @@ The :mod:`urlparse` module defines the following functions: - .. versionchanged:: 2.7.16 - Added *max_num_fields* parameter. - --.. function:: parse_qsl(qs[, keep_blank_values[, strict_parsing[, max_num_fields]]]) -+ .. versionchanged:: 2.7.18-gentoo -+ Added *separator* parameter with the default value of ``&``. Earlier -+ Python versions allowed using both ``;`` and ``&`` as query parameter -+ separator. This has been changed to allow only a single separator key, -+ with ``&`` as the default separator. -+ -+ -+.. function:: parse_qsl(qs[, keep_blank_values[, strict_parsing[, max_num_fields]]], separator='&') - - Parse a query string given as a string argument (data of type - :mimetype:`application/x-www-form-urlencoded`). Data are returned as a list of -@@ -186,6 +196,9 @@ The :mod:`urlparse` module defines the following functions: - read. If set, then throws a :exc:`ValueError` if there are more than - *max_num_fields* fields read. - -+ The optional argument *separator* is the symbol to use for separating the -+ query arguments. It defaults to ``&``. -+ - Use the :func:`urllib.urlencode` function to convert such lists of pairs into - query strings. - -@@ -195,6 +208,12 @@ The :mod:`urlparse` module defines the following functions: - .. versionchanged:: 2.7.16 - Added *max_num_fields* parameter. - -+ .. versionchanged:: 2.7.18-gentoo -+ Added *separator* parameter with the default value of ``&``. Earlier -+ Python versions allowed using both ``;`` and ``&`` as query parameter -+ separator. This has been changed to allow only a single separator key, -+ with ``&`` as the default separator. -+ - .. function:: urlunparse(parts) - - Construct a URL from a tuple as returned by ``urlparse()``. The *parts* argument -diff --git a/Lib/cgi.py b/Lib/cgi.py -index 5b903e0347..9d0848b6b1 100755 ---- a/Lib/cgi.py -+++ b/Lib/cgi.py -@@ -121,7 +121,8 @@ log = initlog # The current logging function - # 0 ==> unlimited input - maxlen = 0 - --def parse(fp=None, environ=os.environ, keep_blank_values=0, strict_parsing=0): -+def parse(fp=None, environ=os.environ, keep_blank_values=0, -+ strict_parsing=0, separator='&'): - """Parse a query in the environment or from a file (default stdin) - - Arguments, all optional: -@@ -140,6 +141,9 @@ def parse(fp=None, environ=os.environ, keep_blank_values=0, strict_parsing=0): - strict_parsing: flag indicating what to do with parsing errors. - If false (the default), errors are silently ignored. - If true, errors raise a ValueError exception. -+ -+ separator: str. The symbol to use for separating the query arguments. -+ Defaults to &. - """ - if fp is None: - fp = sys.stdin -@@ -171,7 +175,8 @@ def parse(fp=None, environ=os.environ, keep_blank_values=0, strict_parsing=0): - else: - qs = "" - environ['QUERY_STRING'] = qs # XXX Shouldn't, really -- return urlparse.parse_qs(qs, keep_blank_values, strict_parsing) -+ return urlparse.parse_qs(qs, keep_blank_values, strict_parsing, -+ separator=separator) - - - # parse query string function called from urlparse, -@@ -395,7 +400,7 @@ class FieldStorage: - - def __init__(self, fp=None, headers=None, outerboundary="", - environ=os.environ, keep_blank_values=0, strict_parsing=0, -- max_num_fields=None): -+ max_num_fields=None, separator='&'): - """Constructor. Read multipart/* until last part. - - Arguments, all optional: -@@ -430,6 +435,7 @@ class FieldStorage: - self.keep_blank_values = keep_blank_values - self.strict_parsing = strict_parsing - self.max_num_fields = max_num_fields -+ self.separator = separator - if 'REQUEST_METHOD' in environ: - method = environ['REQUEST_METHOD'].upper() - self.qs_on_post = None -@@ -613,7 +619,8 @@ class FieldStorage: - if self.qs_on_post: - qs += '&' + self.qs_on_post - query = urlparse.parse_qsl(qs, self.keep_blank_values, -- self.strict_parsing, self.max_num_fields) -+ self.strict_parsing, self.max_num_fields, -+ separator=self.separator) - self.list = [MiniFieldStorage(key, value) for key, value in query] - self.skip_lines() - -@@ -629,7 +636,8 @@ class FieldStorage: - query = urlparse.parse_qsl(self.qs_on_post, - self.keep_blank_values, - self.strict_parsing, -- self.max_num_fields) -+ self.max_num_fields, -+ separator=self.separator) - self.list.extend(MiniFieldStorage(key, value) - for key, value in query) - FieldStorageClass = None -@@ -649,7 +657,7 @@ class FieldStorage: - headers = rfc822.Message(self.fp) - part = klass(self.fp, headers, ib, - environ, keep_blank_values, strict_parsing, -- max_num_fields) -+ max_num_fields, separator=self.separator) - - if max_num_fields is not None: - max_num_fields -= 1 -diff --git a/Lib/test/test_cgi.py b/Lib/test/test_cgi.py -index 743c2afbd4..f414faa23b 100644 ---- a/Lib/test/test_cgi.py -+++ b/Lib/test/test_cgi.py -@@ -61,12 +61,9 @@ parse_strict_test_cases = [ - ("", ValueError("bad query field: ''")), - ("&", ValueError("bad query field: ''")), - ("&&", ValueError("bad query field: ''")), -- (";", ValueError("bad query field: ''")), -- (";&;", ValueError("bad query field: ''")), - # Should the next few really be valid? - ("=", {}), - ("=&=", {}), -- ("=;=", {}), - # This rest seem to make sense - ("=a", {'': ['a']}), - ("&=a", ValueError("bad query field: ''")), -@@ -81,8 +78,6 @@ parse_strict_test_cases = [ - ("a=a+b&b=b+c", {'a': ['a b'], 'b': ['b c']}), - ("a=a+b&a=b+a", {'a': ['a b', 'b a']}), - ("x=1&y=2.0&z=2-3.%2b0", {'x': ['1'], 'y': ['2.0'], 'z': ['2-3.+0']}), -- ("x=1;y=2.0&z=2-3.%2b0", {'x': ['1'], 'y': ['2.0'], 'z': ['2-3.+0']}), -- ("x=1;y=2.0;z=2-3.%2b0", {'x': ['1'], 'y': ['2.0'], 'z': ['2-3.+0']}), - ("Hbc5161168c542333633315dee1182227:key_store_seqid=400006&cuyer=r&view=bustomer&order_id=0bb2e248638833d48cb7fed300000f1b&expire=964546263&lobale=en-US&kid=130003.300038&ss=env", - {'Hbc5161168c542333633315dee1182227:key_store_seqid': ['400006'], - 'cuyer': ['r'], -@@ -188,6 +183,30 @@ class CgiTests(unittest.TestCase): - self.assertEqual(expect[k], v) - self.assertItemsEqual(expect.values(), d.values()) - -+ def test_separator(self): -+ parse_semicolon = [ -+ ("x=1;y=2.0", {'x': ['1'], 'y': ['2.0']}), -+ ("x=1;y=2.0;z=2-3.%2b0", {'x': ['1'], 'y': ['2.0'], 'z': ['2-3.+0']}), -+ (";", ValueError("bad query field: ''")), -+ (";;", ValueError("bad query field: ''")), -+ ("=;a", ValueError("bad query field: 'a'")), -+ (";b=a", ValueError("bad query field: ''")), -+ ("b;=a", ValueError("bad query field: 'b'")), -+ ("a=a+b;b=b+c", {'a': ['a b'], 'b': ['b c']}), -+ ("a=a+b;a=b+a", {'a': ['a b', 'b a']}), -+ ] -+ for orig, expect in parse_semicolon: -+ env = {'QUERY_STRING': orig} -+ fs = cgi.FieldStorage(separator=';', environ=env) -+ if isinstance(expect, dict): -+ for key in expect.keys(): -+ expect_val = expect[key] -+ self.assertIn(key, fs) -+ if len(expect_val) > 1: -+ self.assertEqual(fs.getvalue(key), expect_val) -+ else: -+ self.assertEqual(fs.getvalue(key), expect_val[0]) -+ - def test_log(self): - cgi.log("Testing") - -diff --git a/Lib/test/test_urlparse.py b/Lib/test/test_urlparse.py -index 86c4a0595c..0b2107339a 100644 ---- a/Lib/test/test_urlparse.py -+++ b/Lib/test/test_urlparse.py -@@ -24,16 +24,20 @@ parse_qsl_test_cases = [ - ("&a=b", [('a', 'b')]), - ("a=a+b&b=b+c", [('a', 'a b'), ('b', 'b c')]), - ("a=1&a=2", [('a', '1'), ('a', '2')]), -- (";", []), -- (";;", []), -- (";a=b", [('a', 'b')]), -- ("a=a+b;b=b+c", [('a', 'a b'), ('b', 'b c')]), -- ("a=1;a=2", [('a', '1'), ('a', '2')]), -- (b";", []), -- (b";;", []), -- (b";a=b", [(b'a', b'b')]), -- (b"a=a+b;b=b+c", [(b'a', b'a b'), (b'b', b'b c')]), -- (b"a=1;a=2", [(b'a', b'1'), (b'a', b'2')]), -+ (b"", []), -+ (b"&", []), -+ (b"&&", []), -+ (b"=", [(b'', b'')]), -+ (b"=a", [(b'', b'a')]), -+ (b"a", [(b'a', b'')]), -+ (b"a=", [(b'a', b'')]), -+ (b"&a=b", [(b'a', b'b')]), -+ (b"a=a+b&b=b+c", [(b'a', b'a b'), (b'b', b'b c')]), -+ (b"a=1&a=2", [(b'a', b'1'), (b'a', b'2')]), -+ (";a=b", [(';a', 'b')]), -+ ("a=a+b;b=b+c", [('a', 'a b;b=b c')]), -+ (b";a=b", [(b';a', b'b')]), -+ (b"a=a+b;b=b+c", [(b'a', b'a b;b=b c')]), - ] - - parse_qs_test_cases = [ -@@ -57,16 +61,10 @@ parse_qs_test_cases = [ - (b"&a=b", {b'a': [b'b']}), - (b"a=a+b&b=b+c", {b'a': [b'a b'], b'b': [b'b c']}), - (b"a=1&a=2", {b'a': [b'1', b'2']}), -- (";", {}), -- (";;", {}), -- (";a=b", {'a': ['b']}), -- ("a=a+b;b=b+c", {'a': ['a b'], 'b': ['b c']}), -- ("a=1;a=2", {'a': ['1', '2']}), -- (b";", {}), -- (b";;", {}), -- (b";a=b", {b'a': [b'b']}), -- (b"a=a+b;b=b+c", {b'a': [b'a b'], b'b': [b'b c']}), -- (b"a=1;a=2", {b'a': [b'1', b'2']}), -+ (";a=b", {';a': ['b']}), -+ ("a=a+b;b=b+c", {'a': ['a b;b=b c']}), -+ (b";a=b", {b';a': [b'b']}), -+ (b"a=a+b;b=b+c", {b'a':[ b'a b;b=b c']}), - ] - - class UrlParseTestCase(unittest.TestCase): -diff --git a/Lib/urlparse.py b/Lib/urlparse.py -index 798b467b60..6c32727fce 100644 ---- a/Lib/urlparse.py -+++ b/Lib/urlparse.py -@@ -382,7 +382,8 @@ def unquote(s): - append(item) - return ''.join(res) - --def parse_qs(qs, keep_blank_values=0, strict_parsing=0, max_num_fields=None): -+def parse_qs(qs, keep_blank_values=0, strict_parsing=0, max_num_fields=None, -+ separator='&'): - """Parse a query given as a string argument. - - Arguments: -@@ -402,17 +403,22 @@ def parse_qs(qs, keep_blank_values=0, strict_parsing=0, max_num_fields=None): - - max_num_fields: int. If set, then throws a ValueError if there - are more than n fields read by parse_qsl(). -+ -+ separator: str. The symbol to use for separating the query arguments. -+ Defaults to &. -+ - """ - dict = {} - for name, value in parse_qsl(qs, keep_blank_values, strict_parsing, -- max_num_fields): -+ max_num_fields, separator=separator): - if name in dict: - dict[name].append(value) - else: - dict[name] = [value] - return dict - --def parse_qsl(qs, keep_blank_values=0, strict_parsing=0, max_num_fields=None): -+def parse_qsl(qs, keep_blank_values=0, strict_parsing=0, max_num_fields=None, -+ separator='&'): - """Parse a query given as a string argument. - - Arguments: -@@ -432,17 +438,23 @@ def parse_qsl(qs, keep_blank_values=0, strict_parsing=0, max_num_fields=None): - max_num_fields: int. If set, then throws a ValueError if there - are more than n fields read by parse_qsl(). - -+ separator: str. The symbol to use for separating the query arguments. -+ Defaults to &. -+ - Returns a list, as G-d intended. - """ -+ if not separator or (not isinstance(separator, (str, bytes))): -+ raise ValueError("Separator must be of type string or bytes.") -+ - # If max_num_fields is defined then check that the number of fields - # is less than max_num_fields. This prevents a memory exhaustion DOS - # attack via post bodies with many fields. - if max_num_fields is not None: -- num_fields = 1 + qs.count('&') + qs.count(';') -+ num_fields = 1 + qs.count(separator) - if max_num_fields < num_fields: - raise ValueError('Max number of fields exceeded') - -- pairs = [s2 for s1 in qs.split('&') for s2 in s1.split(';')] -+ pairs = [s1 for s1 in qs.split(separator)] - r = [] - for name_value in pairs: - if not name_value and not strict_parsing: -diff --git a/Misc/NEWS.d/next/Security/2021-02-14-15-59-16.bpo-42967.YApqDS.rst b/Misc/NEWS.d/next/Security/2021-02-14-15-59-16.bpo-42967.YApqDS.rst -new file mode 100644 -index 0000000000..f08489b414 ---- /dev/null -+++ b/Misc/NEWS.d/next/Security/2021-02-14-15-59-16.bpo-42967.YApqDS.rst -@@ -0,0 +1 @@ -+Fix web cache poisoning vulnerability by defaulting the query args separator to ``&``, and allowing the user to choose a custom separator. --- -2.31.1 - diff --git a/pkgs/development/interpreters/python/cpython/2.7/CVE-2021-3177.patch b/pkgs/development/interpreters/python/cpython/2.7/CVE-2021-3177.patch deleted file mode 100644 index 6c0ae468461f..000000000000 --- a/pkgs/development/interpreters/python/cpython/2.7/CVE-2021-3177.patch +++ /dev/null @@ -1,181 +0,0 @@ -From fab838b2ee7cfb9037c24f0f18dfe01aa379b3f7 Mon Sep 17 00:00:00 2001 -From: Benjamin Peterson -Date: Mon, 18 Jan 2021 15:11:46 -0600 -Subject: [3.6] closes bpo-42938: Replace snprintf with Python unicode - formatting in ctypes param reprs. (GH-24250) -MIME-Version: 1.0 -Content-Type: text/plain; charset=UTF-8 -Content-Transfer-Encoding: 8bit - -(cherry picked from commit 916610ef90a0d0761f08747f7b0905541f0977c7) - -Co-authored-by: Benjamin Peterson -Rebased for Python 2.7 by Michał Górny ---- - Lib/ctypes/test/test_parameters.py | 43 +++++++++++++++++++ - .../2021-01-18-09-27-31.bpo-42938.4Zn4Mp.rst | 2 + - Modules/_ctypes/callproc.c | 49 +++++++++++----------- - 3 files changed, 69 insertions(+), 25 deletions(-) - create mode 100644 Misc/NEWS.d/next/Security/2021-01-18-09-27-31.bpo-42938.4Zn4Mp.rst - -diff --git a/Lib/ctypes/test/test_parameters.py b/Lib/ctypes/test/test_parameters.py -index 23c1b6e225..3456882ccb 100644 ---- a/Lib/ctypes/test/test_parameters.py -+++ b/Lib/ctypes/test/test_parameters.py -@@ -206,6 +206,49 @@ class SimpleTypesTestCase(unittest.TestCase): - with self.assertRaises(ZeroDivisionError): - WorseStruct().__setstate__({}, b'foo') - -+ def test_parameter_repr(self): -+ from ctypes import ( -+ c_bool, -+ c_char, -+ c_wchar, -+ c_byte, -+ c_ubyte, -+ c_short, -+ c_ushort, -+ c_int, -+ c_uint, -+ c_long, -+ c_ulong, -+ c_longlong, -+ c_ulonglong, -+ c_float, -+ c_double, -+ c_longdouble, -+ c_char_p, -+ c_wchar_p, -+ c_void_p, -+ ) -+ self.assertRegexpMatches(repr(c_bool.from_param(True)), r"^$") -+ self.assertEqual(repr(c_char.from_param('a')), "") -+ self.assertRegexpMatches(repr(c_wchar.from_param('a')), r"^$") -+ self.assertEqual(repr(c_byte.from_param(98)), "") -+ self.assertEqual(repr(c_ubyte.from_param(98)), "") -+ self.assertEqual(repr(c_short.from_param(511)), "") -+ self.assertEqual(repr(c_ushort.from_param(511)), "") -+ self.assertRegexpMatches(repr(c_int.from_param(20000)), r"^$") -+ self.assertRegexpMatches(repr(c_uint.from_param(20000)), r"^$") -+ self.assertRegexpMatches(repr(c_long.from_param(20000)), r"^$") -+ self.assertRegexpMatches(repr(c_ulong.from_param(20000)), r"^$") -+ self.assertRegexpMatches(repr(c_longlong.from_param(20000)), r"^$") -+ self.assertRegexpMatches(repr(c_ulonglong.from_param(20000)), r"^$") -+ self.assertEqual(repr(c_float.from_param(1.5)), "") -+ self.assertEqual(repr(c_double.from_param(1.5)), "") -+ self.assertEqual(repr(c_double.from_param(1e300)), "") -+ self.assertRegexpMatches(repr(c_longdouble.from_param(1.5)), r"^$") -+ self.assertRegexpMatches(repr(c_char_p.from_param(b'hihi')), "^$") -+ self.assertRegexpMatches(repr(c_wchar_p.from_param('hihi')), "^$") -+ self.assertRegexpMatches(repr(c_void_p.from_param(0x12)), r"^$") -+ - ################################################################ - - if __name__ == '__main__': -diff --git a/Misc/NEWS.d/next/Security/2021-01-18-09-27-31.bpo-42938.4Zn4Mp.rst b/Misc/NEWS.d/next/Security/2021-01-18-09-27-31.bpo-42938.4Zn4Mp.rst -new file mode 100644 -index 0000000000..7df65a156f ---- /dev/null -+++ b/Misc/NEWS.d/next/Security/2021-01-18-09-27-31.bpo-42938.4Zn4Mp.rst -@@ -0,0 +1,2 @@ -+Avoid static buffers when computing the repr of :class:`ctypes.c_double` and -+:class:`ctypes.c_longdouble` values. -diff --git a/Modules/_ctypes/callproc.c b/Modules/_ctypes/callproc.c -index 066fefc0cc..421addf353 100644 ---- a/Modules/_ctypes/callproc.c -+++ b/Modules/_ctypes/callproc.c -@@ -460,50 +460,51 @@ PyCArg_dealloc(PyCArgObject *self) - static PyObject * - PyCArg_repr(PyCArgObject *self) - { -- char buffer[256]; - switch(self->tag) { - case 'b': - case 'B': -- sprintf(buffer, "", -+ return PyString_FromFormat("", - self->tag, self->value.b); -- break; - case 'h': - case 'H': -- sprintf(buffer, "", -+ return PyString_FromFormat("", - self->tag, self->value.h); -- break; - case 'i': - case 'I': -- sprintf(buffer, "", -+ return PyString_FromFormat("", - self->tag, self->value.i); -- break; - case 'l': - case 'L': -- sprintf(buffer, "", -+ return PyString_FromFormat("", - self->tag, self->value.l); -- break; - - #ifdef HAVE_LONG_LONG - case 'q': - case 'Q': -- sprintf(buffer, -+ return PyString_FromFormat( - "", - self->tag, self->value.q); -- break; - #endif - case 'd': -- sprintf(buffer, "", -- self->tag, self->value.d); -- break; -- case 'f': -- sprintf(buffer, "", -- self->tag, self->value.f); -- break; -- -+ case 'f': { -+ PyObject *f = PyFloat_FromDouble((self->tag == 'f') ? self->value.f : self->value.d); -+ if (f == NULL) { -+ return NULL; -+ } -+ PyObject *r = PyObject_Repr(f); -+ if (r == NULL) { -+ Py_DECREF(f); -+ return NULL; -+ } -+ PyObject *result = PyString_FromFormat( -+ "", self->tag, PyString_AsString(r)); -+ Py_DECREF(r); -+ Py_DECREF(f); -+ return result; -+ } - case 'c': -- sprintf(buffer, "", -+ return PyString_FromFormat("", - self->tag, self->value.c); -- break; - - /* Hm, are these 'z' and 'Z' codes useful at all? - Shouldn't they be replaced by the functionality of c_string -@@ -512,16 +513,14 @@ PyCArg_repr(PyCArgObject *self) - case 'z': - case 'Z': - case 'P': -- sprintf(buffer, "", -+ return PyString_FromFormat("", - self->tag, self->value.p); - break; - - default: -- sprintf(buffer, "", -+ return PyString_FromFormat("", - self->tag, self); -- break; - } -- return PyString_FromString(buffer); - } - - static PyMemberDef PyCArgType_members[] = { --- -cgit v1.2.3 - diff --git a/pkgs/development/interpreters/python/cpython/2.7/default.nix b/pkgs/development/interpreters/python/cpython/2.7/default.nix index 85995327fa8e..6e231c928eca 100644 --- a/pkgs/development/interpreters/python/cpython/2.7/default.nix +++ b/pkgs/development/interpreters/python/cpython/2.7/default.nix @@ -1,4 +1,4 @@ -{ lib, stdenv, fetchurl, fetchpatch +{ lib, stdenv, fetchFromGitHub, fetchpatch , bzip2 , expat , libffi @@ -79,8 +79,10 @@ let version = with sourceVersion; "${major}.${minor}.${patch}${suffix}"; - src = fetchurl { - url = with sourceVersion; "https://www.python.org/ftp/python/${major}.${minor}.${patch}/Python-${version}.tar.xz"; + src = fetchFromGitHub { + owner = "ActiveState"; + repo = "cpython"; + rev = "v${version}"; inherit sha256; }; @@ -119,14 +121,6 @@ let # Backport from CPython 3.8 of a good list of tests to run for PGO. ./profile-task.patch - # https://www.activestate.com/products/python/python-2-end-of-life-security-updates/ - ./CVE-2019-20907.patch - ./CVE-2020-8492.patch - ./CVE-2020-26116.patch - ./CVE-2020-27619.patch - ./CVE-2021-3177.patch - ./CVE-2021-23336.patch - # The workaround is for unittests on Win64, which we don't support. # It does break aarch64-darwin, which we do support. See: # * https://bugs.python.org/issue35523 diff --git a/pkgs/development/interpreters/python/default.nix b/pkgs/development/interpreters/python/default.nix index 12f9c50535d0..903dae38ac12 100644 --- a/pkgs/development/interpreters/python/default.nix +++ b/pkgs/development/interpreters/python/default.nix @@ -145,9 +145,9 @@ in { major = "2"; minor = "7"; patch = "18"; - suffix = ""; + suffix = ".5"; # ActiveState's Python 2 extended support }; - sha256 = "0hzgxl94hnflis0d6m4szjx0b52gah7wpmcg5g00q7am6xwhwb5n"; + sha256 = "sha256-f5A0go0mUEv8cXuXo0ZRNfGwNPjnDhP7KqhkETOoqsw="; inherit (darwin) configd; inherit passthruFun; }; From b3d02fb8b5c6b822faaeb22afbb9fefabf38982f Mon Sep 17 00:00:00 2001 From: Thiago Kenji Okada Date: Mon, 28 Nov 2022 09:40:52 +0000 Subject: [PATCH 125/132] python27: add thiagokokada as maintainer --- pkgs/development/interpreters/python/cpython/2.7/default.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/pkgs/development/interpreters/python/cpython/2.7/default.nix b/pkgs/development/interpreters/python/cpython/2.7/default.nix index 6e231c928eca..ebbae7381b01 100644 --- a/pkgs/development/interpreters/python/cpython/2.7/default.nix +++ b/pkgs/development/interpreters/python/cpython/2.7/default.nix @@ -329,7 +329,7 @@ in with passthru; stdenv.mkDerivation ({ ''; license = lib.licenses.psfl; platforms = lib.platforms.all; - maintainers = with lib.maintainers; [ fridh ]; + maintainers = with lib.maintainers; [ fridh thiagokokada ]; # Higher priority than Python 3.x so that `/bin/python` points to `/bin/python2` # in case both 2 and 3 are installed. priority = -100; From d345fb25003313c0af43f867c9b5660fdfcae59a Mon Sep 17 00:00:00 2001 From: Thiago Kenji Okada Date: Mon, 28 Nov 2022 11:42:27 +0000 Subject: [PATCH 126/132] python27: fix CVE-2021-3733 --- .../interpreters/python/cpython/2.7/default.nix | 9 +++++++++ 1 file changed, 9 insertions(+) diff --git a/pkgs/development/interpreters/python/cpython/2.7/default.nix b/pkgs/development/interpreters/python/cpython/2.7/default.nix index ebbae7381b01..684088186a0a 100644 --- a/pkgs/development/interpreters/python/cpython/2.7/default.nix +++ b/pkgs/development/interpreters/python/cpython/2.7/default.nix @@ -79,6 +79,8 @@ let version = with sourceVersion; "${major}.${minor}.${patch}${suffix}"; + # ActiveState is a fork of cpython that includes fixes for security + # issues after its EOL src = fetchFromGitHub { owner = "ActiveState"; repo = "cpython"; @@ -121,6 +123,13 @@ let # Backport from CPython 3.8 of a good list of tests to run for PGO. ./profile-task.patch + # remove once 2.7.18.6 is released + (fetchpatch { + name = "CVE-2021-3733.patch"; + url = "https://github.com/ActiveState/cpython/commit/eeb7fe50450f08a782921f3229abed2f23e7b2d7.patch"; + sha256 = "sha256-ch4cMoFythDmyvlVxOAVw3Ow4PPWVDq5o9c1qox2824="; + }) + # The workaround is for unittests on Win64, which we don't support. # It does break aarch64-darwin, which we do support. See: # * https://bugs.python.org/issue35523 From bed5e75287ba700d2b9a3faa748e0eea1b0ebb69 Mon Sep 17 00:00:00 2001 From: Sergei Trofimovich Date: Mon, 28 Nov 2022 19:35:28 +0000 Subject: [PATCH 127/132] julia: backport test tweak for mpfr-4.1.1 Without the change `julia` test fails on `staging-next` as: Error in testset MPFR_jll: Test Failed at /build/julia-1.8.3/usr/share/julia/stdlib/v1.8/MPFR_jll/test/runtests.jl:7 Expression: vn == v"4.1.0" Evaluated: v"4.1.1" == v"4.1.0" ERROR: LoadError: Test run finished with errors --- pkgs/development/compilers/julia/1.8.nix | 10 ++++++++++ 1 file changed, 10 insertions(+) diff --git a/pkgs/development/compilers/julia/1.8.nix b/pkgs/development/compilers/julia/1.8.nix index f8b0daa1ace7..1c614103bdec 100644 --- a/pkgs/development/compilers/julia/1.8.nix +++ b/pkgs/development/compilers/julia/1.8.nix @@ -1,6 +1,7 @@ { lib , stdenv , fetchurl +, fetchpatch , which , python3 , gfortran @@ -40,6 +41,15 @@ stdenv.mkDerivation rec { path = name: "https://raw.githubusercontent.com/archlinux/svntogit-community/6fd126d089d44fdc875c363488a7c7435a223cec/trunk/${name}"; in [ + # Pull upstream fix to fix tests mpfr-4.1.1 + # https://github.com/JuliaLang/julia/pull/47659 + (fetchpatch { + name = "mfr-4.1.1.patch"; + url = "https://github.com/JuliaLang/julia/commit/59965205ccbdffb4e25e1b60f651ca9df79230a4.patch"; + hash = "sha256-QJ5wxZMhz+or8BqcYv/5fNSTxDAvdSizTYqt7630kcw="; + includes = [ "stdlib/MPFR_jll/test/runtests.jl" ]; + }) + (fetchurl { url = path "julia-hardcoded-libs.patch"; sha256 = "sha256-kppSpVA7bRohd0wXDs4Jgct9ocHnpbeiiSz7ElFom1U="; From 42740da241e6cdf251cadf3fa44ad6b284f13600 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Bastian=20K=C3=B6cher?= Date: Tue, 29 Nov 2022 11:25:31 +0100 Subject: [PATCH 128/132] python310Packages.trustme: Fix tests on aarch64 --- pkgs/development/python-modules/trustme/default.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/pkgs/development/python-modules/trustme/default.nix b/pkgs/development/python-modules/trustme/default.nix index d49f52fde3a6..fb145ac9a99a 100644 --- a/pkgs/development/python-modules/trustme/default.nix +++ b/pkgs/development/python-modules/trustme/default.nix @@ -23,7 +23,7 @@ buildPythonPackage rec { checkInputs = [ service-identity pytestCheckHook - ] ++ lib.optionals (!stdenv.isDarwin && !stdenv.isAarch64) [ + ] ++ lib.optionals (!stdenv.isDarwin || !stdenv.isAarch64) [ pyopenssl ]; From 5b3321b4e829887e08c5c49dd1e4fc1b38d6b588 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Fabi=C3=A1n=20Heredia=20Montiel?= Date: Wed, 28 Sep 2022 19:13:54 -0500 Subject: [PATCH 129/132] =?UTF-8?q?jetbrains.jdk:=2017.0.3-b469.37=20?= =?UTF-8?q?=E2=86=92=2017.0.5-b653.14?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- pkgs/development/compilers/jetbrains-jdk/default.nix | 7 ++----- 1 file changed, 2 insertions(+), 5 deletions(-) diff --git a/pkgs/development/compilers/jetbrains-jdk/default.nix b/pkgs/development/compilers/jetbrains-jdk/default.nix index 8f7896aa6bfa..2a436dda06af 100644 --- a/pkgs/development/compilers/jetbrains-jdk/default.nix +++ b/pkgs/development/compilers/jetbrains-jdk/default.nix @@ -7,16 +7,13 @@ openjdk17.overrideAttrs (oldAttrs: rec { pname = "jetbrains-jdk"; - version = "17.0.3-b469.37"; + version = "17.0.5-b653.14"; src = fetchFromGitHub { owner = "JetBrains"; repo = "JetBrainsRuntime"; rev = "jb${version}"; - hash = - # Upstream issue: https://github.com/JetBrains/JetBrainsRuntime/issues/163 - if stdenv.isDarwin then "sha256-ExRvjs53rIuhUx4oCgAqu1Av3CNAgmE1ZlN0srEh3XM=" - else "sha256-O+OIDRJcIsb/vhO2+SYuYdUYWYTGkBcQ9cHTExLIFDE="; + hash = "sha256-7Nx7Y12oMfs4zeQMSfnUaDCW1xJYMEkcoTapSpmVCfU="; }; meta = with lib; { From 9cbe4d60b1d0836dcbb02ac61750fc8ee34ab2f4 Mon Sep 17 00:00:00 2001 From: Yureka Date: Sat, 3 Dec 2022 12:27:39 +0100 Subject: [PATCH 130/132] pkgsMusl.procps: fix build (#204212) --- pkgs/os-specific/linux/procps-ng/default.nix | 11 +++++++++++ 1 file changed, 11 insertions(+) diff --git a/pkgs/os-specific/linux/procps-ng/default.nix b/pkgs/os-specific/linux/procps-ng/default.nix index 781d9d548712..c87c337e61c3 100644 --- a/pkgs/os-specific/linux/procps-ng/default.nix +++ b/pkgs/os-specific/linux/procps-ng/default.nix @@ -3,6 +3,7 @@ , fetchurl , ncurses , pkg-config +, fetchpatch # `ps` with systemd support is able to properly report different # attributes like unit name, so we want to have it on linux. @@ -26,6 +27,16 @@ stdenv.mkDerivation rec { sha256 = "sha256-RRiz56r9NOwH0AY9JQ/UdJmbILIAIYw65W9dIRPxQbQ="; }; + patches = lib.optionals stdenv.hostPlatform.isMusl [ + # NOTE: Starting from 4.x we will not need a patch anymore, but need to add + # "--disable-w" to configureFlags instead to prevent the utmp errors + (fetchpatch { + name = "musl-fix-includes.patch"; + url = "https://git.alpinelinux.org/aports/plain/main/procps/musl-fixes.patch?id=37cb5b6ef194db66d9ed07c8ecab59bca3b91215"; + sha256 = "sha256-DphAvESmVg1U3bJABU95R++QD34odStCl82EF0vmht0="; + }) + ]; + buildInputs = [ ncurses ] ++ lib.optional withSystemd systemd; nativeBuildInputs = [ pkg-config ]; From a705dca58f5aebc65beb95ae5cf38b0cf27dbde5 Mon Sep 17 00:00:00 2001 From: Martin Weinelt Date: Sun, 4 Dec 2022 14:09:57 +0100 Subject: [PATCH 131/132] python3Packages.twisted: disable failing tests on aarch64-darwin They all fail for the same reason: ``` [ERROR] Traceback (most recent call last): File "/nix/store/xz6krlmwsc15z96p7hgcvssmx848hvq0-python3.10-twisted-22.10.0/lib/python3.10/site-packages/twisted/internet/test/test_posixbase.py", line 55, in tearDown self.assertEqual( File "/nix/store/xz6krlmwsc15z96p7hgcvssmx848hvq0-python3.10-twisted-22.10.0/lib/python3.10/site-packages/twisted/trial/_synctest.py", line 441, in assertEqual super().assertEqual(first, second, msg) File "/nix/store/70c1n7i4c90dn4iys0myy30yfxmlsza7-python3-3.10.8/lib/python3.10/unittest/case.py", line 845, in assertEqual assertion_func(first, second, msg=msg) File "/nix/store/70c1n7i4c90dn4iys0myy30yfxmlsza7-python3-3.10.8/lib/python3.10/unittest/case.py", line 838, in _baseAssertEqual raise self.failureException(msg) twisted.trial.unittest.FailTest: 3 != 0 : Warnings found at the end of the test: [{'message': 'unclosed event loop <_UnixSelectorEventLoop running=False closed=False debug=False>', 'category': , 'filename': '/nix/store/70c1n7i4c90dn4iys0myy30yfxmlsza7-python3-3.10.8/lib/python3.10/asyncio/base_events.py', 'lineno': 688}, {'message': 'unclosed event loop <_UnixSelectorEventLoop running=False closed=False debug=False>', 'category': , 'filename': '/nix/store/70c1n7i4c90dn4iys0myy30yfxmlsza7-python3-3.10.8/lib/python3.10/asyncio/base_events.py', 'lineno': 688}, {'message': 'unclosed event loop <_UnixSelectorEventLoop running=False closed=False debug=False>', 'category': , 'filename': '/nix/store/70c1n7i4c90dn4iys0myy30yfxmlsza7-python3-3.10.8/lib/python3.10/asyncio/base_events.py', 'lineno': 688}] twisted.internet.test.test_posixbase.PosixReactorBaseTests.test_removeAllSkipsInternalReaders ``` --- pkgs/development/python-modules/twisted/default.nix | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/pkgs/development/python-modules/twisted/default.nix b/pkgs/development/python-modules/twisted/default.nix index 9b0f39e050e2..86e009d55c40 100644 --- a/pkgs/development/python-modules/twisted/default.nix +++ b/pkgs/development/python-modules/twisted/default.nix @@ -109,6 +109,11 @@ buildPythonPackage rec { '' + lib.optionalString (stdenv.isAarch64 && stdenv.isDarwin) '' echo 'AbortConnectionTests_AsyncioSelectorReactorTests.test_fullWriteBufferAfterByteExchange.skip = "Timeout after 120 seconds"' >> src/twisted/internet/test/test_tcp.py echo 'AbortConnectionTests_AsyncioSelectorReactorTests.test_resumeProducingAbort.skip = "Timeout after 120 seconds"' >> src/twisted/internet/test/test_tcp.py + + echo 'PosixReactorBaseTests.test_removeAllSkipsInternalReaders.skip = "Fails due to unclosed event loop"' >> src/twisted/internet/test/test_posixbase.py + echo 'PosixReactorBaseTests.test_wakerIsInternalReader.skip = "Fails due to unclosed event loop"' >> src/twisted/internet/test/test_posixbase.py + + echo 'TCPPortTests.test_connectionLostFailed.skip = "Fails due to unclosed event loop"' >> src/twisted/internet/test/test_posixbase.py ''; # Generate Twisted's plug-in cache. Twisted users must do it as well. See From c1e0845d84a0442eacb06c5748461af06eef17d7 Mon Sep 17 00:00:00 2001 From: Theodore Ni <3806110+tjni@users.noreply.github.com> Date: Sun, 4 Dec 2022 15:34:24 -0800 Subject: [PATCH 132/132] openldap: try to fix test error --- pkgs/development/libraries/openldap/default.nix | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/pkgs/development/libraries/openldap/default.nix b/pkgs/development/libraries/openldap/default.nix index 97a84356f818..ad4654d88b3e 100644 --- a/pkgs/development/libraries/openldap/default.nix +++ b/pkgs/development/libraries/openldap/default.nix @@ -38,7 +38,9 @@ stdenv.mkDerivation rec { ]; buildInputs = [ - cyrus_sasl + (cyrus_sasl.override { + inherit openssl; + }) db libsodium libtool