diff --git a/.github/CODEOWNERS b/.github/CODEOWNERS index 6521a59e6443..4dc415ea597e 100644 --- a/.github/CODEOWNERS +++ b/.github/CODEOWNERS @@ -162,7 +162,7 @@ nixos/modules/installer/tools/nix-fallback-paths.nix @NixOS/nix-team @raitobeza # C compilers /pkgs/development/compilers/gcc -/pkgs/development/compilers/llvm @RossComputerGuy +/pkgs/development/compilers/llvm @alyssais @RossComputerGuy /pkgs/development/compilers/emscripten @raitobezarius /doc/languages-frameworks/emscripten.section.md @raitobezarius diff --git a/pkgs/applications/video/vdr/softhddevice/default.nix b/pkgs/applications/video/vdr/softhddevice/default.nix index afce9a79d0ab..612731acdcc1 100644 --- a/pkgs/applications/video/vdr/softhddevice/default.nix +++ b/pkgs/applications/video/vdr/softhddevice/default.nix @@ -14,12 +14,12 @@ }: stdenv.mkDerivation rec { pname = "vdr-softhddevice"; - version = "2.3.7"; + version = "2.3.8"; src = fetchFromGitHub { owner = "ua0lnj"; repo = "vdr-plugin-softhddevice"; - sha256 = "sha256-gn1Z3pw8f0Tpo8Ot0hP9+p/KbK/EGOInE34BCH3aVp0="; + sha256 = "sha256-/eNPhkrLpxXeX/5EitMJUgZCPy1Ked3oKuMdD6OuEYc="; rev = "v${version}"; }; diff --git a/pkgs/build-support/fetchurl/default.nix b/pkgs/build-support/fetchurl/default.nix index a9c2c7c46d14..2901501afaab 100644 --- a/pkgs/build-support/fetchurl/default.nix +++ b/pkgs/build-support/fetchurl/default.nix @@ -164,7 +164,8 @@ stdenvNoCC.mkDerivation (( # New-style output content requirements. inherit (hash_) outputHashAlgo outputHash; - SSL_CERT_FILE = if (hash_.outputHash == "" || hash_.outputHash == lib.fakeSha256 || hash_.outputHash == lib.fakeSha512 || hash_.outputHash == lib.fakeHash) + # Disable TLS verification only when we know the hash and no credentials are needed to access the ressource + SSL_CERT_FILE = if (hash_.outputHash == "" || hash_.outputHash == lib.fakeSha256 || hash_.outputHash == lib.fakeSha512 || hash_.outputHash == lib.fakeHash || netrcPhase != null) then "${cacert}/etc/ssl/certs/ca-bundle.crt" else "/no-cert-file.crt"; diff --git a/pkgs/by-name/ca/cargo-shear/package.nix b/pkgs/by-name/ca/cargo-shear/package.nix index 9ff861190d04..8eaa8247089e 100644 --- a/pkgs/by-name/ca/cargo-shear/package.nix +++ b/pkgs/by-name/ca/cargo-shear/package.nix @@ -6,7 +6,7 @@ cargo-shear, }: let - version = "1.1.2"; + version = "1.1.3"; in rustPlatform.buildRustPackage { pname = "cargo-shear"; @@ -16,10 +16,10 @@ rustPlatform.buildRustPackage { owner = "Boshen"; repo = "cargo-shear"; rev = "v${version}"; - hash = "sha256-JnQrQBx9VuXI0wj1mMLfl15lxC85f1kUBucgC3Q8F0c="; + hash = "sha256-xKO/57yvHSGzjWyDPu1DmI9eeDESyFgMschqK+OLUMs="; }; - cargoHash = "sha256-iFcW9REkEolrDDbEwoepUSO79OgUdsLUhSkk12y4yxk="; + cargoHash = "sha256-lwPD46irkBg+Xg9/d07Q6BPk2rzKYkj3114EiMbbd+U="; # https://github.com/Boshen/cargo-shear/blob/a0535415a3ea94c86642f39f343f91af5cdc3829/src/lib.rs#L20-L23 SHEAR_VERSION = version; diff --git a/pkgs/by-name/ko/koboldcpp/package.nix b/pkgs/by-name/ko/koboldcpp/package.nix index 6b4a942fd484..85053dc716ce 100644 --- a/pkgs/by-name/ko/koboldcpp/package.nix +++ b/pkgs/by-name/ko/koboldcpp/package.nix @@ -53,13 +53,13 @@ let in effectiveStdenv.mkDerivation (finalAttrs: { pname = "koboldcpp"; - version = "1.74"; + version = "1.75.2"; src = fetchFromGitHub { owner = "LostRuins"; repo = "koboldcpp"; rev = "refs/tags/v${finalAttrs.version}"; - hash = "sha256-tGG1+EGlCUmFpx/axijonOXydurwFxqjuoeDwHxC+pc="; + hash = "sha256-olMlYzde97RSx0OmDULSOFlM3imUq3AVxQdXyYBPd3Q="; }; enableParallelBuilding = true; diff --git a/pkgs/by-name/le/lefthook/package.nix b/pkgs/by-name/le/lefthook/package.nix index 3d4fc68dbef9..531b0d681555 100644 --- a/pkgs/by-name/le/lefthook/package.nix +++ b/pkgs/by-name/le/lefthook/package.nix @@ -6,7 +6,7 @@ let pname = "lefthook"; - version = "1.7.15"; + version = "1.7.16"; in buildGoModule { inherit pname version; @@ -15,7 +15,7 @@ buildGoModule { owner = "evilmartians"; repo = "lefthook"; rev = "v${version}"; - hash = "sha256-N79unpeeOwcdHJo9IbsGa/gmTyg+QQCJF599cshV3sc="; + hash = "sha256-SAFrtiSISW5QhFq9fow0CA5qvBY1RIfzZGvvfhOqxbY="; }; vendorHash = "sha256-rJdtax3r5Nwew+ptY4kIAUtxqPguwrFMMRk78zrZUcU="; diff --git a/pkgs/by-name/pi/pixelorama/package.nix b/pkgs/by-name/pi/pixelorama/package.nix index 889306ddd673..22eb4f3854ed 100644 --- a/pkgs/by-name/pi/pixelorama/package.nix +++ b/pkgs/by-name/pi/pixelorama/package.nix @@ -32,13 +32,13 @@ let in stdenv.mkDerivation (finalAttrs: { pname = "pixelorama"; - version = "1.0.2"; + version = "1.0.3"; src = fetchFromGitHub { owner = "Orama-Interactive"; repo = "Pixelorama"; rev = "v${finalAttrs.version}"; - hash = "sha256-rFXUy6fvGKmB+aaNgiI+NNRG0xlj1migdetnU4iVDDQ="; + hash = "sha256-IMHv5pOLxj7sqRtWmddziCiOX3T20bcMp2+ZzyhcIFg="; }; strictDeps = true; diff --git a/pkgs/by-name/ra/railway/package.nix b/pkgs/by-name/ra/railway/package.nix index df8b8e7224a5..2e7cf3d90e05 100644 --- a/pkgs/by-name/ra/railway/package.nix +++ b/pkgs/by-name/ra/railway/package.nix @@ -12,16 +12,16 @@ let in rustPlatform.buildRustPackage rec { pname = "railway"; - version = "3.14.0"; + version = "3.14.1"; src = fetchFromGitHub { owner = "railwayapp"; repo = "cli"; rev = "v${version}"; - hash = "sha256-W9p987yn04Ije6JXFndHXB4rENGBTIiRmCh6fDhXJ4I="; + hash = "sha256-w52PzDRApKuRgJLYxY8ikqNOo6rC0kLCKWh8tgFzcIY="; }; - cargoHash = "sha256-/Lot/Cxg/BUp4MFp6VkJHR7jy7mUe7qwJDhPS8kOeUk="; + cargoHash = "sha256-6VjloZ8s5LqyYPz1uMwdkwvHIhXjmifjd46PIx5d8xQ="; nativeBuildInputs = [ pkg-config ]; diff --git a/pkgs/by-name/sh/shotcut/package.nix b/pkgs/by-name/sh/shotcut/package.nix index 811f34bf6d46..09bcb4447aed 100644 --- a/pkgs/by-name/sh/shotcut/package.nix +++ b/pkgs/by-name/sh/shotcut/package.nix @@ -18,13 +18,13 @@ }: stdenv.mkDerivation (finalAttrs: { pname = "shotcut"; - version = "24.08.29"; + version = "24.09.13"; src = fetchFromGitHub { owner = "mltframework"; repo = "shotcut"; rev = "v${finalAttrs.version}"; - hash = "sha256-iWXq9IdXfARe9h3Habe0rr0ohdxBARiwg5g7F53bhRg="; + hash = "sha256-hYpb3ZCRXd07KQVZ3xpNeEJY5HFLNDsqpPJp3b9UXtE="; }; nativeBuildInputs = [ diff --git a/pkgs/by-name/zs/zsh-wd/package.nix b/pkgs/by-name/zs/zsh-wd/package.nix index e59b17a67e49..4a80ec499e89 100644 --- a/pkgs/by-name/zs/zsh-wd/package.nix +++ b/pkgs/by-name/zs/zsh-wd/package.nix @@ -2,13 +2,13 @@ stdenvNoCC.mkDerivation rec { pname = "wd"; - version = "0.8.0"; + version = "0.9.0"; src = fetchFromGitHub { owner = "mfaerevaag"; repo = "wd"; rev = "v${version}"; - hash = "sha256-rHHCnHa0/t2ij+6rExgvNt2EFBnkgs6l7oE6zL+xc58="; + hash = "sha256-8gL0+SZwVCQRokcYwSljDHtSusYY79/T9hqJGgAK1EU="; }; nativeBuildInputs = [ installShellFiles ]; diff --git a/pkgs/development/libraries/arpa2common/default.nix b/pkgs/development/libraries/arpa2common/default.nix index fc7a897f0d14..77f9694e69a9 100644 --- a/pkgs/development/libraries/arpa2common/default.nix +++ b/pkgs/development/libraries/arpa2common/default.nix @@ -1,29 +1,39 @@ -{ lib -, stdenv -, fetchFromGitLab -, cmake +{ + lib, + stdenv, + fetchFromGitLab, + fetchpatch, + cmake, -, arpa2cm -, doxygen -, e2fsprogs -, graphviz -, lmdb -, openssl -, pkg-config -, ragel + arpa2cm, + doxygen, + e2fsprogs, + graphviz, + libsodium, + lmdb, + openssl, + pkg-config, + ragel, }: -stdenv.mkDerivation rec { +stdenv.mkDerivation (finalAttrs: { pname = "arpa2common"; - version = "2.2.18"; + version = "2.6.2"; src = fetchFromGitLab { owner = "arpa2"; - repo = pname; - rev = "v${version}"; - hash = "sha256-UpAVyDXCe07ZwjD307t6G9f/Nny4QYXxGxft1KsiYYg="; + repo = "arpa2common"; + rev = "v${finalAttrs.version}"; + hash = "sha256-eWfWaO6URCK2FWQ+NYAoeCONkovgsVDPSRQVCGFnW3s="; }; + patches = [ + (fetchpatch { + url = "https://gitlab.com/arpa2/arpa2common/-/commit/13ea82df60b87a5367db00a8c6f3502e8ecb7298.patch"; + hash = "sha256-V9Dhr6PeArqXnuXmFuDjcirlGl7xovq7VQZsrbbMFSk="; + }) + ]; + nativeBuildInputs = [ cmake arpa2cm @@ -34,17 +44,15 @@ stdenv.mkDerivation rec { propagatedBuildInputs = [ e2fsprogs + libsodium lmdb openssl ragel ]; - # the project uses single argument `printf` throughout the program - hardeningDisable = [ "format" ]; - meta = { - description = - "ARPA2 ID and ACL libraries and other core data structures for ARPA2"; + changelog = "https://gitlab.com/arpa2/arpa2common/-/blob/v${finalAttrs.version}/CHANGES"; + description = "ARPA2 ID and ACL libraries and other core data structures for ARPA2"; longDescription = '' The ARPA2 Common Library package offers elementary services that can benefit many software packages. They are designed to be easy to @@ -53,8 +61,13 @@ stdenv.mkDerivation rec { liberate users. ''; homepage = "https://gitlab.com/arpa2/arpa2common"; - license = with lib.licenses; [ bsd2 cc-by-sa-40 cc0 isc ]; + license = with lib.licenses; [ + bsd2 + cc-by-sa-40 + cc0 + isc + ]; maintainers = with lib.maintainers; [ fufexan ]; platforms = lib.platforms.linux; }; -} +}) diff --git a/pkgs/development/ocaml-modules/uucd/default.nix b/pkgs/development/ocaml-modules/uucd/default.nix index 847868032ca1..d350071304c0 100644 --- a/pkgs/development/ocaml-modules/uucd/default.nix +++ b/pkgs/development/ocaml-modules/uucd/default.nix @@ -6,11 +6,11 @@ let in stdenv.mkDerivation rec { name = "ocaml-${pname}-${version}"; - version = "15.1.0"; + version = "16.0.0"; src = fetchurl { url = "${webpage}/releases/${pname}-${version}.tbz"; - hash = "sha256-HIANZ5SDJcytlpw/W9Ae2eFTutrutJj2PgJCfByobfI="; + hash = "sha256-VVGPG6ZjchUqo8xMCJRahqCCF5WheDBpK1stuts+orM="; }; nativeBuildInputs = [ ocaml findlib ocamlbuild topkg ]; diff --git a/pkgs/development/python-modules/aiostreammagic/default.nix b/pkgs/development/python-modules/aiostreammagic/default.nix index 76ebb24f5c85..fdee19ddc1f8 100644 --- a/pkgs/development/python-modules/aiostreammagic/default.nix +++ b/pkgs/development/python-modules/aiostreammagic/default.nix @@ -13,7 +13,7 @@ buildPythonPackage rec { pname = "aiostreammagic"; - version = "2.3.1"; + version = "2.4.0"; pyproject = true; disabled = pythonOlder "3.11"; @@ -22,7 +22,7 @@ buildPythonPackage rec { owner = "noahhusby"; repo = "aiostreammagic"; rev = "refs/tags/${version}"; - hash = "sha256-IMCs4EgOign56mThQ3ljnHs7/lt5874Ni1kavkHnKws="; + hash = "sha256-TWGDviQ1SYLlzuIsot7JgB5XIEZES54ERJ3tv7+9DNc="; }; pythonRelaxDeps = [ "websockets" ]; diff --git a/pkgs/development/python-modules/fastcore/default.nix b/pkgs/development/python-modules/fastcore/default.nix index b91cc2f548ab..0aacc52e3f76 100644 --- a/pkgs/development/python-modules/fastcore/default.nix +++ b/pkgs/development/python-modules/fastcore/default.nix @@ -9,7 +9,7 @@ buildPythonPackage rec { pname = "fastcore"; - version = "1.7.8"; + version = "1.7.9"; pyproject = true; disabled = pythonOlder "3.8"; @@ -18,7 +18,7 @@ buildPythonPackage rec { owner = "fastai"; repo = "fastcore"; rev = "refs/tags/${version}"; - hash = "sha256-pBmtNrXincaOBADKgTaq7OmcrFlz6q7HROsUSRN0w8k="; + hash = "sha256-OGqd+pLM3THcPD3JtccjH6sgpVEhcNVnGbIbyMFfqTU="; }; build-system = [ setuptools ]; diff --git a/pkgs/development/python-modules/svg-py/default.nix b/pkgs/development/python-modules/svg-py/default.nix index b59d23c539a0..30396791e876 100644 --- a/pkgs/development/python-modules/svg-py/default.nix +++ b/pkgs/development/python-modules/svg-py/default.nix @@ -10,7 +10,7 @@ buildPythonPackage rec { pname = "svg-py"; - version = "1.4.3"; + version = "1.5.0"; pyproject = true; disabled = pythonOlder "3.7"; @@ -19,7 +19,7 @@ buildPythonPackage rec { owner = "orsinium-labs"; repo = "svg.py"; rev = "refs/tags/${version}"; - hash = "sha256-rnxznJM3ihuEJrD3ba6uMdGMozIrLw/QyGzA3JPygH4="; + hash = "sha256-Lxzk3IVCD4PG36Pozz2crccwxCAAAM2QfS4rgwbjs6g="; }; nativeBuildInputs = [ flit-core ]; diff --git a/pkgs/development/python-modules/tencentcloud-sdk-python/default.nix b/pkgs/development/python-modules/tencentcloud-sdk-python/default.nix index cb1b5724f800..94d272b429d7 100644 --- a/pkgs/development/python-modules/tencentcloud-sdk-python/default.nix +++ b/pkgs/development/python-modules/tencentcloud-sdk-python/default.nix @@ -10,7 +10,7 @@ buildPythonPackage rec { pname = "tencentcloud-sdk-python"; - version = "3.0.1235"; + version = "3.0.1237"; pyproject = true; disabled = pythonOlder "3.9"; @@ -19,7 +19,7 @@ buildPythonPackage rec { owner = "TencentCloud"; repo = "tencentcloud-sdk-python"; rev = "refs/tags/${version}"; - hash = "sha256-OiifyoM9rMnLK3B/xdC/0grSLUKH1IZh4CDI1Yur3/8="; + hash = "sha256-5pzdj+Es0JunISOCID5KJ+cR42EjD+c0Pt/B9dVJw2k="; }; build-system = [ setuptools ]; diff --git a/pkgs/development/tools/jql/default.nix b/pkgs/development/tools/jql/default.nix index 8bb3b03a6fcc..b9add5050a74 100644 --- a/pkgs/development/tools/jql/default.nix +++ b/pkgs/development/tools/jql/default.nix @@ -5,16 +5,16 @@ rustPlatform.buildRustPackage rec { pname = "jql"; - version = "7.1.13"; + version = "7.2.0"; src = fetchFromGitHub { owner = "yamafaktory"; repo = pname; rev = "jql-v${version}"; - hash = "sha256-JJV/r64TQecj2Sa/sjxaddiVFCGmtjEn+wfobUbN1OU="; + hash = "sha256-UyZ7unIbKRn/5WsoYxkHWQ5k0Tb5NcC+UGpiyvpShBo="; }; - cargoHash = "sha256-w3MF4FcBCq5gQnhVVlcXOeGH4r2cA6kWwIzGVeLY5zg="; + cargoHash = "sha256-gJQsap31twigZT5n5w7oHATdNf0DfqoNfdS7cMU/hiA="; meta = with lib; { description = "JSON Query Language CLI tool built with Rust"; diff --git a/pkgs/development/tools/rust/cargo-chef/default.nix b/pkgs/development/tools/rust/cargo-chef/default.nix index 50025c628f10..b307704c76fb 100644 --- a/pkgs/development/tools/rust/cargo-chef/default.nix +++ b/pkgs/development/tools/rust/cargo-chef/default.nix @@ -2,14 +2,14 @@ rustPlatform.buildRustPackage rec { pname = "cargo-chef"; - version = "0.1.67"; + version = "0.1.68"; src = fetchCrate { inherit pname version; - hash = "sha256-5bvA3lss+F2Wx0SSx5KRCmpERdIXUkUhFP+zRn8aZH0="; + hash = "sha256-NTFrNSEIzHppwOOjI3VadjhdV6EgGUmJzyX5JmTsJoI="; }; - cargoHash = "sha256-EIpi1k5GffGCk+fzHSW32T+ZLkRfswnEGZdER95TyBk="; + cargoHash = "sha256-DoIkK/tj3AYt0vm7u7f4SmgOKbdQZv3ZunMFT68+37E="; meta = with lib; { description = "Cargo-subcommand to speed up Rust Docker builds using Docker layer caching"; diff --git a/pkgs/os-specific/linux/kernel/hardened/patches.json b/pkgs/os-specific/linux/kernel/hardened/patches.json index 62f1fcdda20c..dc3b43a4d19f 100644 --- a/pkgs/os-specific/linux/kernel/hardened/patches.json +++ b/pkgs/os-specific/linux/kernel/hardened/patches.json @@ -1,82 +1,62 @@ { - "4.19": { - "patch": { - "extra": "-hardened1", - "name": "linux-hardened-4.19.315-hardened1.patch", - "sha256": "1w17mwsv618pw5bkahmz6in0i5zjjxd3d14gggafqdd3dgfr1h8q", - "url": "https://github.com/anthraxx/linux-hardened/releases/download/4.19.315-hardened1/linux-hardened-4.19.315-hardened1.patch" - }, - "sha256": "1j1j8awy0237jp2r211qpa305c10y7rlcbkxkzdvzbgyhwy4spkc", - "version": "4.19.315" - }, "5.10": { "patch": { "extra": "-hardened1", - "name": "linux-hardened-5.10.218-hardened1.patch", - "sha256": "1ah4pznha17ngg3w7l0j74h4910gjv8qj503adrap7plvapf82m4", - "url": "https://github.com/anthraxx/linux-hardened/releases/download/5.10.218-hardened1/linux-hardened-5.10.218-hardened1.patch" + "name": "linux-hardened-v5.10.226-hardened1.patch", + "sha256": "1vxcr0f3ikkg10wcvq76djxzmhlc6h5fv34xf8vm48wfi7ryajbk", + "url": "https://github.com/anthraxx/linux-hardened/releases/download/v5.10.226-hardened1/linux-hardened-v5.10.226-hardened1.patch" }, - "sha256": "1mmj5hwm5i16gc1y4nzr1cs882vi6vrihrincdcivv63x11v4dlw", - "version": "5.10.218" + "sha256": "19hwwl5sbya65mch7fwmji2cli9b8796zjqbmkybjrarg1j9m8gn", + "version": "5.10.226" }, "5.15": { "patch": { "extra": "-hardened1", - "name": "linux-hardened-5.15.160-hardened1.patch", - "sha256": "1r10ylx886rslsmrixlijjm4crhwzkl3wj6kpyn2344qik1gxpqr", - "url": "https://github.com/anthraxx/linux-hardened/releases/download/5.15.160-hardened1/linux-hardened-5.15.160-hardened1.patch" + "name": "linux-hardened-v5.15.167-hardened1.patch", + "sha256": "1mwww490bf5i1njzyprnamfn8n471r94klgn7wghwi2f5vsn6j9g", + "url": "https://github.com/anthraxx/linux-hardened/releases/download/v5.15.167-hardened1/linux-hardened-v5.15.167-hardened1.patch" }, - "sha256": "018v19a7rhzc4szybzzn86jlnk42x7jm6xkadfd2d3xq6f7727pl", - "version": "5.15.160" + "sha256": "0c6s6l5sz9ibws7bymb393ww0z9i3amsk1yx0bahipz3xhc1yxdi", + "version": "5.15.167" }, "5.4": { "patch": { "extra": "-hardened1", - "name": "linux-hardened-5.4.277-hardened1.patch", - "sha256": "1zjw5wl8lj69j402qm8dg3m4dxgq3ppx2jyz8jks976vyhh8fsg4", - "url": "https://github.com/anthraxx/linux-hardened/releases/download/5.4.277-hardened1/linux-hardened-5.4.277-hardened1.patch" + "name": "linux-hardened-v5.4.284-hardened1.patch", + "sha256": "1skqaq90bigrxg0w075nssqbdq868ii62r8asx0m6wcvd5cl50af", + "url": "https://github.com/anthraxx/linux-hardened/releases/download/v5.4.284-hardened1/linux-hardened-v5.4.284-hardened1.patch" }, - "sha256": "0l8zq3k07hdprfpvw69ykkf2pdg8wiv28xz733yxsjcfb0l5n7vy", - "version": "5.4.277" + "sha256": "0axkwfhvq3w2072xjqww476qa3rjglxyqmf72mlp9b5ymswil8kp", + "version": "5.4.284" }, "6.1": { "patch": { "extra": "-hardened1", - "name": "linux-hardened-6.1.92-hardened1.patch", - "sha256": "0cw87ygmisi823y3f7xrck12b6zh3mq1qmb7lcmr3hg6w3xskmn3", - "url": "https://github.com/anthraxx/linux-hardened/releases/download/6.1.92-hardened1/linux-hardened-6.1.92-hardened1.patch" + "name": "linux-hardened-v6.1.110-hardened1.patch", + "sha256": "1v43n3h9d3y3xjjyf6r8n7a3fh3zpqw4f925bn2z5vwzblmg4bhf", + "url": "https://github.com/anthraxx/linux-hardened/releases/download/v6.1.110-hardened1/linux-hardened-v6.1.110-hardened1.patch" }, - "sha256": "1j9n8gk76nn4gw42iba5zgghr360gb9n1mslr5dyv76wpwkz86ch", - "version": "6.1.92" + "sha256": "0slgvwldjdyi5vzhgriamkmrj4p942yacclgcw29331gfjs39gly", + "version": "6.1.110" + }, + "6.10": { + "patch": { + "extra": "-hardened1", + "name": "linux-hardened-v6.10.10-hardened1.patch", + "sha256": "13hlk1qd9inq711bz2sw4rq6r2lcagdl7mwxkx6rq8iimic758f2", + "url": "https://github.com/anthraxx/linux-hardened/releases/download/v6.10.10-hardened1/linux-hardened-v6.10.10-hardened1.patch" + }, + "sha256": "1kcvh1g3p1sj4q34ylcmm43824f97z4k695lcxnzp7pbnlsyg1z6", + "version": "6.10.10" }, "6.6": { "patch": { "extra": "-hardened1", - "name": "linux-hardened-6.6.32-hardened1.patch", - "sha256": "19362a6lxs3cnaw19jvda7n791y95lfgn9ki4wmaxnw2qbpi0bgg", - "url": "https://github.com/anthraxx/linux-hardened/releases/download/6.6.32-hardened1/linux-hardened-6.6.32-hardened1.patch" + "name": "linux-hardened-v6.6.51-hardened1.patch", + "sha256": "03m82lylflnk466ixz3dywnj7scp6ynif4qhbx67ak3f0n44f738", + "url": "https://github.com/anthraxx/linux-hardened/releases/download/v6.6.51-hardened1/linux-hardened-v6.6.51-hardened1.patch" }, - "sha256": "1qbc8dqmk2xs1cz968rysw5xvhq3lj8g0pxp48fr2qbzy3m29a5a", - "version": "6.6.32" - }, - "6.8": { - "patch": { - "extra": "-hardened1", - "name": "linux-hardened-6.8.11-hardened1.patch", - "sha256": "08i03dmri9h6jxcjd9g6s7pv0spqi3f4fgch1ars68cgngikvbpq", - "url": "https://github.com/anthraxx/linux-hardened/releases/download/6.8.11-hardened1/linux-hardened-6.8.11-hardened1.patch" - }, - "sha256": "1di8kr596sf68sm61kp5rz6bn3sb0q5ag1qc5hm8f9dpyq4wv3dp", - "version": "6.8.11" - }, - "6.9": { - "patch": { - "extra": "-hardened1", - "name": "linux-hardened-6.9.2-hardened1.patch", - "sha256": "0ph1m0pnlqrhvddz2mjgcwvs0ddcpzigz8kgi9zi063qinlfbm3q", - "url": "https://github.com/anthraxx/linux-hardened/releases/download/6.9.2-hardened1/linux-hardened-6.9.2-hardened1.patch" - }, - "sha256": "1yg5j284y1gz7zwxjz2abvlnas259m1y1vzd9lmcqqar5kgmnv6l", - "version": "6.9.2" + "sha256": "1cq8l3n12gnk6kgms5c7v71l199ip8lc9fpx7s8w8y88cla9l30w", + "version": "6.6.51" } } diff --git a/pkgs/os-specific/linux/kernel/hardened/update.py b/pkgs/os-specific/linux/kernel/hardened/update.py index 8b46137afb37..0603812124be 100755 --- a/pkgs/os-specific/linux/kernel/hardened/update.py +++ b/pkgs/os-specific/linux/kernel/hardened/update.py @@ -145,7 +145,7 @@ def fetch_patch(*, name: str, release_info: ReleaseInfo) -> Optional[Patch]: if not sig_ok: return None - kernel_ver = re.sub(r"(.*)(-hardened[\d]+)$", r'\1', release_info.release.tag_name) + kernel_ver = re.sub(r"v?(.*)(-hardened[\d]+)$", r'\1', release_info.release.tag_name) major = kernel_ver.split('.')[0] sha256_kernel, _ = nix_prefetch_url(f"mirror://kernel/linux/kernel/v{major}.x/linux-{kernel_ver}.tar.xz") @@ -157,8 +157,11 @@ def fetch_patch(*, name: str, release_info: ReleaseInfo) -> Optional[Patch]: def parse_version(version_str: str) -> Version: + # There have been two variants v6.10[..] and 6.10[..], drop the v + version_str_without_v = version_str[1:] if not version_str[0].isdigit() else version_str version: Version = [] - for component in re.split(r'\.|\-', version_str): + + for component in re.split(r'\.|\-', version_str_without_v): try: version.append(int(component)) except ValueError: @@ -227,7 +230,7 @@ for release in repo.get_releases(): # It's not reliable to exit earlier because not every kernel minor may # have hardened patches, hence the naive search below. i += 1 - if i > 500: + if i > 100: break version = parse_version(release.tag_name) diff --git a/pkgs/os-specific/linux/kernel/kernels-org.json b/pkgs/os-specific/linux/kernel/kernels-org.json index ba862f9551c7..2eb28ea42025 100644 --- a/pkgs/os-specific/linux/kernel/kernels-org.json +++ b/pkgs/os-specific/linux/kernel/kernels-org.json @@ -19,22 +19,10 @@ "version": "5.4.284", "hash": "sha256:0axkwfhvq3w2072xjqww476qa3rjglxyqmf72mlp9b5ymswil8kp" }, - "4.19": { - "version": "4.19.322", - "hash": "sha256:0qj106lj554y1kdqj8kwyf7pk9bvrrpgz6s8zyh7d61mk7wws9sf" - }, "6.6": { "version": "6.6.52", "hash": "sha256:1f5l6y7abscm01dr740fzvq8r756ar854n0i299smm4rhcsap48m" }, - "6.8": { - "version": "6.8.12", - "hash": "sha256:0fb0m0fv4521g63gq04d7lm6hy8169s1rykiav5bkd99s9b1kcqr" - }, - "6.9": { - "version": "6.9.12", - "hash": "sha256:08ngskni7d9wi93vlwcmbdg7sb2jl1drhhzn62k9nsrg1r7crrss" - }, "6.10": { "version": "6.10.11", "hash": "sha256:15ihkbsj0idwzbvhynjm3kcnkk0alf3xipip8ngib1f1z13a0kgv" diff --git a/pkgs/tools/networking/wget/default.nix b/pkgs/tools/networking/wget/default.nix index 0fbdd80332be..f2681f2a39fa 100644 --- a/pkgs/tools/networking/wget/default.nix +++ b/pkgs/tools/networking/wget/default.nix @@ -40,6 +40,7 @@ stdenv.mkDerivation rec { "--without-included-regex" ]; + __darwinAllowLocalNetworking = true; doCheck = true; preCheck = '' patchShebangs tests fuzz diff --git a/pkgs/tools/security/ssh-to-age/default.nix b/pkgs/tools/security/ssh-to-age/default.nix index 4cf19ea2dafe..b65ba77ff2c1 100644 --- a/pkgs/tools/security/ssh-to-age/default.nix +++ b/pkgs/tools/security/ssh-to-age/default.nix @@ -2,16 +2,16 @@ buildGoModule rec { pname = "ssh-to-age"; - version = "1.1.8"; + version = "1.1.9"; src = fetchFromGitHub { owner = "Mic92"; repo = "ssh-to-age"; rev = version; - sha256 = "sha256-wGtNaejzAOgOuYDEKz6xMCaoaHsiDuQZj0KKpcejphE="; + sha256 = "sha256-cEEFz/iVhvfo8CffC9wkIRnF26xL+roaqKsLmUgfUiA="; }; - vendorHash = "sha256-w/REcFeH58DTQwgotxSBVR4y7aQ9rBDX2U0A4vJno7s="; + vendorHash = "sha256-FH+etKil0oiiB5tvDYS2nu1HG4yZTWZuRhtYnbq4Os4="; checkPhase = '' runHook preCheck diff --git a/pkgs/top-level/linux-kernels.nix b/pkgs/top-level/linux-kernels.nix index 9ce08e4cdbc0..3c00a5693a58 100644 --- a/pkgs/top-level/linux-kernels.nix +++ b/pkgs/top-level/linux-kernels.nix @@ -26,6 +26,10 @@ let linux = kernel; }; + markBroken = drv: drv.overrideAttrs ({ meta ? {}, ... }: { + meta = meta // { broken = true; }; + }); + # Hardened Linux hardenedKernelFor = kernel': overrides: let @@ -259,10 +263,10 @@ in { linux_hardened = hardenedKernelFor packageAliases.linux_default.kernel { }; - linux_5_4_hardened = hardenedKernelFor kernels.linux_5_4 { + linux_5_4_hardened = markBroken (hardenedKernelFor kernels.linux_5_4 { stdenv = gcc10Stdenv; buildPackages = buildPackages // { stdenv = buildPackages.gcc10Stdenv; }; - }; + }); linux_5_10_hardened = hardenedKernelFor kernels.linux_5_10 { }; linux_5_15_hardened = hardenedKernelFor kernels.linux_5_15 { }; linux_6_1_hardened = hardenedKernelFor kernels.linux_6_1 { };