Merge master into staging-next

2025-01-23 21:33:49 +00:00 · 2022-09-07 06:23:01 +00:00 · 2022-09-07 06:23:01 +00:00 · 1d119425b8
commit 1d119425b8
parent 4c9b88fa70 ac38775244
12 changed files with 117 additions and 32 deletions
--- a/pkgs/applications/version-management/gitea/default.nix
+++ b/pkgs/applications/version-management/gitea/default.nix
@ -14,12 +14,12 @@

 buildGoPackage rec {
  pname = "gitea";
-  version = "1.17.1";
+  version = "1.17.2";

  # not fetching directly from the git repo, because that lacks several vendor files for the web UI
  src = fetchurl {
    url = "https://github.com/go-gitea/gitea/releases/download/v${version}/gitea-src-${version}.tar.gz";
-    sha256 = "sha256-ttfhsIiCl5VcqfK7ap/CA7bqXxrc4cTVIX+M2S4YanY=";
+    sha256 = "sha256-pDg+HC3dbWf0RxoLvBtIOaFauP1pUYBOG+Q9cinh3lg=";
  };

  patches = [
--- a/pkgs/desktops/cinnamon/bulky/default.nix
+++ b/pkgs/desktops/cinnamon/bulky/default.nix
@ -13,13 +13,13 @@

 stdenv.mkDerivation rec {
  pname = "bulky";
-  version = "2.4";
+  version = "2.5";

  src = fetchFromGitHub {
    owner = "linuxmint";
    repo = "bulky";
    rev = version;
-    hash = "sha256-ynPorkhT/LUkFGNRG6JLDYaQjNPm2vMzthvl0wr7J/M=";
+    hash = "sha256-WgpB/oMA3w7KO7KmkGXsl92siFGQo3Y4mLvMLTi54k8=";
  };

  nativeBuildInputs = [
--- a/pkgs/desktops/cinnamon/cinnamon-common/default.nix
+++ b/pkgs/desktops/cinnamon/cinnamon-common/default.nix
@ -54,13 +54,13 @@

 stdenv.mkDerivation rec {
  pname = "cinnamon-common";
-  version = "5.4.11";
+  version = "5.4.12";

  src = fetchFromGitHub {
    owner = "linuxmint";
    repo = "cinnamon";
    rev = version;
-    hash = "sha256-3uQ4t+WXauCM3jV44pSz1yqLxXwLBWv7xMvP7ug3AY0=";
+    hash = "sha256-uyQZXri3V3dKnowB97QlPWboZz1neblyvCuSacsPROg=";
  };

  patches = [
--- a/pkgs/desktops/cinnamon/cinnamon-control-center/default.nix
+++ b/pkgs/desktops/cinnamon/cinnamon-control-center/default.nix
@ -36,13 +36,13 @@

 stdenv.mkDerivation rec {
  pname = "cinnamon-control-center";
-  version = "5.4.6";
+  version = "5.4.7";

  src = fetchFromGitHub {
    owner = "linuxmint";
    repo = pname;
    rev = version;
-    hash = "sha256-8BDmQT/xDnpwR2YC0TGaqWPnZ61IBmVvft2Mcf6YN+A=";
+    hash = "sha256-38n1QCygkBq+wOLwui1oF6MtDWxAFWxp5U1omSVtbro=";
  };

  buildInputs = [
--- a/pkgs/desktops/cinnamon/muffin/default.nix
+++ b/pkgs/desktops/cinnamon/muffin/default.nix
@ -35,7 +35,7 @@

 stdenv.mkDerivation rec {
  pname = "muffin";
-  version = "5.4.6";
+  version = "5.4.7";

  outputs = [ "out" "dev" "man" ];

@ -50,7 +50,7 @@ stdenv.mkDerivation rec {
    owner = "linuxmint";
    repo = pname;
    rev = version;
-    hash = "sha256-xTpL+o7gFvu8VNbCb8c0Y0Z8ncqb9y2qTiXP3rHAz+M=";
+    hash = "sha256-Zx6au1FXLgK8PRmkh8jaGJ3Zh0YYFj2zmbxhgXAFgDg=";
  };

  nativeBuildInputs = [
--- a/pkgs/desktops/cinnamon/warpinator/default.nix
+++ b/pkgs/desktops/cinnamon/warpinator/default.nix
@ -14,7 +14,7 @@

 python3.pkgs.buildPythonApplication rec  {
  pname = "warpinator";
-  version = "1.2.13";
+  version = "1.2.14";

  format = "other";

@ -22,7 +22,7 @@ python3.pkgs.buildPythonApplication rec  {
    owner = "linuxmint";
    repo = pname;
    rev = version;
-    hash = "sha256-iLImyfUsfn+mWrgMv5NnbOvvOlJnwJG4Btx1wwlgTeM=";
+    hash = "sha256-0OmrviDti843c+nvpt7ennSrso0PD7eZOJ94JiWJT58=";
  };

  nativeBuildInputs = [
--- a/pkgs/desktops/cinnamon/xapp/default.nix
+++ b/pkgs/desktops/cinnamon/xapp/default.nix
@ -1,5 +1,4 @@
 { fetchFromGitHub
-, fetchpatch
 , glib
 , gobject-introspection
 , gtk3
@ -23,24 +22,15 @@

 stdenv.mkDerivation rec {
  pname = "xapp";
-  version = "2.2.14";
+  version = "2.2.15";

  outputs = [ "out" "dev" ];

-  patches = [
-    # Add missing gio-unix-2.0 dependency, can be removed on next update
-    # https://github.com/linuxmint/xapp/pull/156
-    (fetchpatch {
-      url = "https://github.com/linuxmint/xapp/commit/052081f75d1c1212aeb6a913772723c81607bcb3.patch";
-      sha256 = "sha256-VL70Y1FIa7lQ/zKjEx0GhaU1QRu4z6Yu400/bDbgZgM=";
-    })
-  ];
-
  src = fetchFromGitHub {
    owner = "linuxmint";
    repo = pname;
    rev = version;
-    hash = "sha256-BebsS7y/hRQSc4rYOIWJ+sSJ5fLZaCpNAE48JnviUUc=";
+    hash = "sha256-X/exXQY/v+TU8HnnquleP21tCYR9h7t43AIw4tTKVOY=";
  };

  nativeBuildInputs = [
--- a/pkgs/development/tools/sumneko-lua-language-server/default.nix
+++ b/pkgs/development/tools/sumneko-lua-language-server/default.nix
@ -4,13 +4,13 @@ let
 in
 stdenv.mkDerivation rec {
  pname = "sumneko-lua-language-server";
-  version = "3.5.3";
+  version = "3.5.4";

  src = fetchFromGitHub {
    owner = "sumneko";
    repo = "lua-language-server";
    rev = version;
-    sha256 = "sha256-K/B+THEgM6pzW+VOc8pgtH+3zpWEgocEdTsuO0APoT0=";
+    sha256 = "sha256-Tj+9UQoVzsiEq0JF7BjT41Mks+8dAV2Op/zceRmWU/k=";
    fetchSubmodules = true;
  };

--- a/pkgs/tools/networking/iwgtk/default.nix
+++ b/pkgs/tools/networking/iwgtk/default.nix
@ -1,21 +1,38 @@
-{ fetchFromGitHub, gtk3, lib, pkg-config, stdenv }:
+{ lib
+, stdenv
+, fetchFromGitHub
+, meson
+, ninja
+, pkg-config
+, scdoc
+, wrapGAppsHook
+, gtk4
+, qrencode
+}:

 stdenv.mkDerivation rec {
  pname = "iwgtk";
-  version = "0.4";
+  version = "0.8";

  src = fetchFromGitHub {
    owner = "j-lentz";
    repo = pname;
    rev = "v${version}";
-    sha256 = "129h7vq9b1r9a5c79hk8d06bj8lgzrnhq55x54hqri9c471jjh0s";
+    sha256 = "sha256-89rzDxalZtQkwAKS6hKPVY87kOWPySwDeZrPs2rGs/k=";
  };

-  nativeBuildInputs = [ pkg-config ];
+  # patch systemd service to pass necessary environments and use absolute paths
+  patches = [ ./systemd-service.patch ];

-  buildInputs = [ gtk3 ];
+  nativeBuildInputs = [ meson ninja pkg-config scdoc wrapGAppsHook ];

-  makeFlags = [ "prefix=$(out)" ];
+  buildInputs = [ gtk4 qrencode ];
+
+  postInstall = ''
+    mv $out/share/lib/systemd $out/share
+    rmdir $out/share/lib
+    substituteInPlace $out/share/systemd/user/iwgtk.service --subst-var out
+  '';

  meta = with lib; {
    description = "Lightweight, graphical wifi management utility for Linux";
--- a/pkgs/tools/networking/iwgtk/systemd-service.patch
+++ b/pkgs/tools/networking/iwgtk/systemd-service.patch
@ -0,0 +1,12 @@
+--- a/misc/iwgtk.service
+++ b/misc/iwgtk.service
+@@ -6,7 +6,8 @@ PartOf=graphical-session.target
+ After=graphical-session.target
+ 
+ [Service]
+-ExecStart=iwgtk -i
+ExecStart=@out@/bin/iwgtk -i
+PassEnvironment=DISPLAY XAUTHORITY
+ Restart=on-failure
+ 
+ [Install]
--- a/pkgs/tools/security/govulncheck/default.nix
+++ b/pkgs/tools/security/govulncheck/default.nix
@ -0,0 +1,64 @@
+{ lib, buildGoModule, fetchFromGitHub }:
+
+buildGoModule rec {
+  pname = "govulncheck";
+  version = "unstable-2022-09-02";
+
+  src = fetchFromGitHub {
+    owner = "golang";
+    repo = "vuln";
+    rev = "27dd78d2ca392c1738e54efe513a2ecb7bf46000";
+    sha256 = "sha256-G35y1V4W1nLZ+QGvIQwER9whBIBDFUVptrHx78orcI0=";
+  };
+
+  vendorSha256 = "sha256-9FH9nq5cEyhMxrrvfQAOWZ4aThMsU0HwlI+0W0uVHZ4=";
+
+  subPackages = [ "cmd/govulncheck" ];
+
+  preCheck = ''
+    # test all paths
+    unset subPackages
+
+    # remove test that calls checks.bash
+    # the header check and misspell gets upset at the vendor dir
+    rm all_test.go
+
+    # remove tests that generally have "inconsistent vendoring" issues
+    # - tries to builds govulncheck again
+    rm cmd/govulncheck/main_command_118_test.go
+    # - does go builds of example go files
+    rm vulncheck/binary_test.go
+    # - just have resolution issues
+    rm vulncheck/{source,vulncheck}_test.go
+  '';
+
+  ldflags = [ "-s" "-w" ];
+
+  meta = with lib; {
+    homepage = "https://pkg.go.dev/golang.org/x/vuln/cmd/govulncheck";
+    description = "The database client and tools for the Go vulnerability database, also known as vuln";
+    longDescription = ''
+      Govulncheck reports known vulnerabilities that affect Go code. It uses
+      static analysis of source code or a binary's symbol table to narrow down
+      reports to only those that could affect the application.
+
+      By default, govulncheck makes requests to the Go vulnerability database at
+      https://vuln.go.dev. Requests to the vulnerability database contain only
+      module paths, not code or other properties of your program. See
+      https://vuln.go.dev/privacy.html for more. Set the GOVULNDB environment
+      variable to specify a different database, which must implement the
+      specification at https://go.dev/security/vuln/database.
+
+      Govulncheck looks for vulnerabilities in Go programs using a specific
+      build configuration. For analyzing source code, that configuration is the
+      operating system, architecture, and Go version specified by GOOS, GOARCH,
+      and the “go” command found on the PATH. For binaries, the build
+      configuration is the one used to build the binary. Note that different
+      build configurations may have different known vulnerabilities. For
+      example, a dependency with a Windows-specific vulnerability will not be
+      reported for a Linux build.
+    '';
+    license = with licenses; [ bsd3 ];
+    maintainers = with maintainers; [ jk ];
+  };
+}
--- a/pkgs/top-level/all-packages.nix
+++ b/pkgs/top-level/all-packages.nix
@ -464,6 +464,8 @@ with pkgs;

  gojq = callPackage ../development/tools/gojq { };

+  govulncheck = callPackage ../tools/security/govulncheck { };
+
  gpick = callPackage ../tools/misc/gpick { };

  hwatch = callPackage ../tools/misc/hwatch { };