Merge release-24.05 into staging-next-24.05

This commit is contained in:
github-actions[bot] 2024-10-28 00:18:10 +00:00 committed by GitHub
commit 1f38d7ccd4
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
16 changed files with 44 additions and 64 deletions

View File

@ -135,7 +135,19 @@ in
services.displayManager.sessionPackages = lib.optional (cfg.package != null) cfg.package;
# https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1050913
xdg.portal.config.sway.default = lib.mkDefault [ "wlr" "gtk" ];
# https://github.com/emersion/xdg-desktop-portal-wlr/blob/master/contrib/wlroots-portals.conf
# https://github.com/emersion/xdg-desktop-portal-wlr/pull/315
xdg.portal.config.sway = {
# Use xdg-desktop-portal-gtk for every portal interface...
default = "gtk";
# ... except for the ScreenCast, Screenshot and Secret
"org.freedesktop.impl.portal.ScreenCast" = "wlr";
"org.freedesktop.impl.portal.Screenshot" = "wlr";
# ignore inhibit bc gtk portal always returns as success,
# despite sway/the wlr portal not having an implementation,
# stopping firefox from using wayland idle-inhibit
"org.freedesktop.impl.portal.Inhibit" = "none";
};
}
(import ./wayland-session.nix {

View File

@ -26,5 +26,8 @@ stdenv.mkDerivation rec {
maintainers = [ lib.maintainers.viric ];
platforms = lib.platforms.unix;
mainProgram = "minidjvu";
knownVulnerabilities = [
"minidjvu is vulnerable to a number of out-of-bound read vulnerabilities, potentially causing denials of service (CVE-2017-12441, CVE-2017-12442, CVE-2017-12443, CVE-2017-12444, CVE-2017-12445)"
];
};
}

View File

@ -37,7 +37,6 @@ python3.pkgs.buildPythonApplication rec {
flask-compress
flask-session
flask-themes2
js2py
pycurl
semver
setuptools

View File

@ -42,8 +42,8 @@ let
# Please keep the version x.y.0.z and do not update to x.y.76.z because the
# source of the latter disappears much faster.
version = "8.130.0.205";
revision = "368";
version = "8.131.0.202";
revision = "370";
rpath =
lib.makeLibraryPath [
@ -103,7 +103,7 @@ let
fetchurl {
name = "skypeforlinux-${version}-${revision}.snap";
url = "https://api.snapcraft.io/api/v1/snaps/download/QRDEfjn4WJYnm0FzDKwqqRZZI77awQEV_${revision}.snap";
hash = "sha512-eDSJQndUDxSsRg9bSevWUih1iXDp3n1kU0RdRAu3GsHeRC/JJx3m4vKxP0F/Rcf2Toxd3MPG2r6Oa1Wa7upcGg==";
hash = "sha512-POCDkJe58ie78PIze6qADPIbjfFxNhLJt5z7ooHNIna6IrJoeqpFYIrRo9uosHkUURu83MfueeyYd6z0j+P/RQ==";
}
else
throw "Skype for linux is not supported on ${stdenv.hostPlatform.system}";

View File

@ -5,7 +5,7 @@
fetchFromGitHub,
alsa-utils,
copyDesktopItems,
electron_30,
electron_32,
makeDesktopItem,
makeWrapper,
nix-update-script,
@ -13,20 +13,20 @@
}:
let
electronDist = "${electron_30}/${if stdenv.isDarwin then "Applications" else "libexec/electron"}";
electronDist = "${electron_32}/${if stdenv.isDarwin then "Applications" else "libexec/electron"}";
in
buildNpmPackage rec {
pname = "teams-for-linux";
version = "1.9.5";
version = "1.11.2";
src = fetchFromGitHub {
owner = "IsmaelMartinez";
repo = "teams-for-linux";
rev = "refs/tags/v${version}";
hash = "sha256-+rEGDg+/qvjCMhGHccb4p+CKOo/65RpkFT/WnCDlCgU=";
hash = "sha256-fSZ94Px0NuxUZqc9cHE6czG/VzNsWp+UXllq7kEQvtI=";
};
npmDepsHash = "sha256-vDRFFxkIQo5qU9gmkSwUhPz4FG2XbUNkTw6SCuvMqCc=";
npmDepsHash = "sha256-MfPdOqxiMDsvxsS3yWukRokDitqWQpTpK407xVX461o=";
nativeBuildInputs = [
makeWrapper
@ -49,7 +49,7 @@ buildNpmPackage rec {
-c.npmRebuild=true \
-c.asarUnpack="**/*.node" \
-c.electronDist=electron-dist \
-c.electronVersion=${electron_30.version}
-c.electronVersion=${electron_32.version}
runHook postBuild
'';
@ -71,7 +71,7 @@ buildNpmPackage rec {
popd
# Linux needs 'aplay' for notification sounds
makeWrapper '${lib.getExe electron_30}' "$out/bin/teams-for-linux" \
makeWrapper '${lib.getExe electron_32}' "$out/bin/teams-for-linux" \
--prefix PATH : ${
lib.makeBinPath [
alsa-utils

View File

@ -14,13 +14,13 @@
}:
stdenv.mkDerivation (finalAttrs: {
pname = "vencord";
version = "1.10.2";
version = "1.10.5";
src = fetchFromGitHub {
owner = "Vendicated";
repo = "Vencord";
rev = "v${finalAttrs.version}";
hash = "sha256-rLdUEdAvYy8SDgKWUanZgmMnJ6Dg2dO5tTpGTwlQCrU=";
hash = "sha256-pzb2x5tTDT6yUNURbAok5eQWZHaxP/RUo8T0JECKHJ4=";
};
pnpmDeps = pnpm.fetchDeps {
@ -98,6 +98,7 @@ stdenv.mkDerivation (finalAttrs: {
FlafyDev
NotAShelf
Scrumplex
donteatoreo
];
};
})

View File

@ -8,7 +8,6 @@
django,
packaging,
nodejs,
js2py,
six,
}:
@ -26,9 +25,11 @@ buildPythonPackage rec {
propagatedBuildInputs = [ django ] ++ lib.optionals (pythonAtLeast "3.7") [ packaging ];
# Js2py is needed for tests but it's unmaintained and insecure
doCheck = false;
nativeCheckInputs = [
nodejs
js2py
six
];

View File

@ -30,7 +30,7 @@ buildPythonPackage rec {
"lark.grammars"
];
# Js2py is needed for tests but it's marked as insecure
# Js2py is needed for tests but it's unmaintained and insecure
doCheck = false;
meta = with lib; {

View File

@ -3,7 +3,6 @@
fetchFromGitHub,
buildPythonPackage,
pytestCheckHook,
js2py,
}:
let
@ -21,18 +20,11 @@ let
nativeCheckInputs = [
pytestCheckHook
js2py
];
# escape infinite recursion with js2py
# js2py is needed for tests but it's unmaintained and insecure
doCheck = false;
passthru.tests = {
check = pyjsparser.overridePythonAttrs (_: {
doCheck = true;
});
};
pythonImportsCheck = [ "pyjsparser" ];
meta = with lib; {

View File

@ -49,16 +49,6 @@
"sha256": "094z3wfcxqx2rbi072i5frshpy6rdvk39aahwm9nc07vc8sxxn4b",
"version": "6.1.112"
},
"6.10": {
"patch": {
"extra": "-hardened1",
"name": "linux-hardened-v6.10.12-hardened1.patch",
"sha256": "07z35f4nqj9vgj2ynq7spgckb770a0w0906m7l28i1x0kch2kr3j",
"url": "https://github.com/anthraxx/linux-hardened/releases/download/v6.10.12-hardened1/linux-hardened-v6.10.12-hardened1.patch"
},
"sha256": "1kvkwgnq5gsdqarrdg32qjrbq1dggxp1x2yy2zpsjsaq5y2mhj2j",
"version": "6.10.12"
},
"6.6": {
"patch": {
"extra": "-hardened1",

View File

@ -27,18 +27,6 @@
"version": "6.6.58",
"hash": "sha256:1nwrd017l5m4w12yrcf31y3g0l9xqm5b0fzcqdgan3ypi3jq3pz7"
},
"6.8": {
"version": "6.8.12",
"hash": "sha256:0fb0m0fv4521g63gq04d7lm6hy8169s1rykiav5bkd99s9b1kcqr"
},
"6.9": {
"version": "6.9.12",
"hash": "sha256:08ngskni7d9wi93vlwcmbdg7sb2jl1drhhzn62k9nsrg1r7crrss"
},
"6.10": {
"version": "6.10.14",
"hash": "sha256:0gj2z9ax1qv59n2mld0pg2svwi28lbq92ql98vy7crynd2ybrram"
},
"6.11": {
"version": "6.11.5",
"hash": "sha256:01rafnqal2v96dzkabz0irymq4sc9ja00ggyv1xn7yzjnyrqa527"

View File

@ -71,7 +71,7 @@
netfilter-typo-fix = {
name = "netfilter-typo-fix";
patch = fetchpatch {
url = "https://git.kernel.org/pub/scm/linux/kernel/git/netdev/net.git/patch/?id=306ed1728e8438caed30332e1ab46b28c25fe3d8";
url = "https://lore.kernel.org/netdev/20241021094536.81487-3-pablo@netfilter.org/raw";
hash = "sha256-ZGc1xAIjf+MlV02jhIWZ4jHC742+z/WpN7RenqpU7e4=";
};
};

View File

@ -10,14 +10,14 @@
}:
buildGoModule rec {
version = "3.1.1";
version = "3.1.2";
pname = "grafana-loki";
src = fetchFromGitHub {
owner = "grafana";
repo = "loki";
rev = "v${version}";
hash = "sha256-QOokLht/nIzQAzXQuJv5M4QTQD0Zhzf9+Q0ILl2Mds0=";
hash = "sha256-Dq+Pf2z+hLNA3M6uIMdpW+QmBOP9f1lLOrXVWDUT1ho=";
};
vendorHash = null;

View File

@ -30,11 +30,11 @@ let
in
stdenv.mkDerivation rec {
pname = "tor";
version = "0.4.8.11";
version = "0.4.8.13";
src = fetchurl {
url = "https://dist.torproject.org/${pname}-${version}.tar.gz";
sha256 = "sha256-jyvfkOYzgHgSNap9YE4VlXDyg+zuZ0Zwhz2LtwUsjgc=";
sha256 = "sha256-m68mw4eiggs5QtpXIUbm63fCvGaGKvYpfNAqB05vuig=";
};
outputs = [ "out" "geoip" ];

View File

@ -35369,7 +35369,7 @@ with pkgs;
webcord = callPackage ../by-name/we/webcord/package.nix { electron = electron_30; };
webcord-vencord = callPackage ../by-name/we/webcord-vencord/package.nix { electron = electron_30; };
webcord-vencord = callPackage ../by-name/we/webcord-vencord/package.nix { electron = electron_31; };
webex = callPackage ../applications/networking/instant-messengers/webex { };

View File

@ -53,7 +53,7 @@ let
broken = kernel.meta.broken;
};
};
kernelPatches = kernel.kernelPatches ++ [
kernelPatches = lib.filter ({ name ? null, ... }: name != "netfilter-typo-fix") kernel.kernelPatches ++ [
kernelPatches.hardened.${kernel.meta.branch}
];
isHardened = true;
@ -195,14 +195,6 @@ in {
];
};
linux_6_10 = callPackage ../os-specific/linux/kernel/mainline.nix {
branch = "6.10";
kernelPatches = [
kernelPatches.bridge_stp_helper
kernelPatches.request_key_helper
];
};
linux_6_11 = callPackage ../os-specific/linux/kernel/mainline.nix {
branch = "6.11";
kernelPatches = [
@ -290,6 +282,7 @@ in {
linux_6_7 = throw "linux 6.7 was removed because it has reached its end of life upstream";
linux_6_8 = throw "linux 6.8 was removed because it has reached its end of life upstream";
linux_6_9 = throw "linux 6.9 was removed because it has reached its end of life upstream";
linux_6_10 = throw "linux 6.10 was removed because it has reached its end of life upstream";
linux_xanmod_tt = throw "linux_xanmod_tt was removed because upstream no longer offers this option";
@ -299,6 +292,7 @@ in {
linux_6_7_hardened = throw "linux 6.7 was removed because it has reached its end of life upstream";
linux_6_8_hardened = throw "linux 6.8 was removed because it has reached its end of life upstream";
linux_6_9_hardened = throw "linux 6.9 was removed because it has reached its end of life upstream";
linux_6_10_hardened = throw "linux 6.9 was removed because it has reached its end of life upstream";
}));
/* Linux kernel modules are inherently tied to a specific kernel. So
rather than provide specific instances of those packages for a
@ -627,7 +621,6 @@ in {
linux_5_15 = recurseIntoAttrs (packagesFor kernels.linux_5_15);
linux_6_1 = recurseIntoAttrs (packagesFor kernels.linux_6_1);
linux_6_6 = recurseIntoAttrs (packagesFor kernels.linux_6_6);
linux_6_10 = recurseIntoAttrs (packagesFor kernels.linux_6_10);
linux_6_11 = recurseIntoAttrs (packagesFor kernels.linux_6_11);
__attrsFailEvaluation = true;
} // lib.optionalAttrs config.allowAliases {
@ -643,6 +636,7 @@ in {
linux_6_7 = throw "linux 6.7 was removed because it reached its end of life upstream"; # Added 2024-04-04
linux_6_8 = throw "linux 6.8 was removed because it reached its end of life upstream"; # Added 2024-08-02
linux_6_9 = throw "linux 6.9 was removed because it reached its end of life upstream"; # Added 2024-08-02
linux_6_10 = throw "linux 6.10 was removed because it reached its end of life upstream"; # Added 2024-10-23
};
rtPackages = {