diff options
| author | github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com> | 2022-07-23 12:02:12 +0000 |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2022-07-23 12:02:12 +0000 |
| commit | b38a1818bcfab24ae6f9f815f28959ffd11a4371 (patch) | |
| tree | fc58eb7afa5d1a4c7bd4c244b0b09af28c862181 | |
| parent | f0365462869b14a3b4c188e5cd7f8caaa6702e03 (diff) | |
| parent | 6629a2339e11b8a63878361ead0583fb4359f886 (diff) | |
| download | nixpkgs-b38a1818bcfab24ae6f9f815f28959ffd11a4371.tar nixpkgs-b38a1818bcfab24ae6f9f815f28959ffd11a4371.tar.gz nixpkgs-b38a1818bcfab24ae6f9f815f28959ffd11a4371.tar.bz2 nixpkgs-b38a1818bcfab24ae6f9f815f28959ffd11a4371.tar.lz nixpkgs-b38a1818bcfab24ae6f9f815f28959ffd11a4371.tar.xz nixpkgs-b38a1818bcfab24ae6f9f815f28959ffd11a4371.tar.zst nixpkgs-b38a1818bcfab24ae6f9f815f28959ffd11a4371.zip | |
Merge staging-next into staging
| -rw-r--r-- | maintainers/maintainer-list.nix | 6 | ||||
| -rw-r--r-- | nixos/modules/services/continuous-integration/jenkins/job-builder.nix | 1 | ||||
| -rw-r--r-- | nixos/tests/jenkins.nix | 6 | ||||
| -rw-r--r-- | pkgs/applications/misc/gnome-frog/default.nix | 89 | ||||
| -rw-r--r-- | pkgs/applications/misc/gnome-frog/update-compatible-with-non-flatpak-env.patch | 33 | ||||
| -rw-r--r-- | pkgs/applications/virtualization/crosvm/default.nix | 9 | ||||
| -rw-r--r-- | pkgs/development/interpreters/duktape/default.nix | 13 | ||||
| -rw-r--r-- | pkgs/games/osu-lazer/default.nix | 4 | ||||
| -rw-r--r-- | pkgs/games/osu-lazer/deps.nix | 12 | ||||
| -rw-r--r-- | pkgs/servers/rainloop/default.nix | 18 | ||||
| -rw-r--r-- | pkgs/servers/rainloop/fix-cve-2022-29360.patch | 23 | ||||
| -rw-r--r-- | pkgs/tools/networking/godns/default.nix | 4 | ||||
| -rw-r--r-- | pkgs/tools/system/minijail/default.nix | 9 | ||||
| -rw-r--r-- | pkgs/top-level/all-packages.nix | 2 |
14 files changed, 197 insertions, 32 deletions
diff --git a/maintainers/maintainer-list.nix b/maintainers/maintainer-list.nix index cde1edad6a5..8b101926d85 100644 --- a/maintainers/maintainer-list.nix +++ b/maintainers/maintainer-list.nix @@ -4366,6 +4366,12 @@ githubId = 405105; name = "Dustin Frisch"; }; + foo-dogsquared = { + email = "foo.dogsquared@gmail.com"; + github = "foo-dogsquared"; + githubId = 34962634; + name = "Gabriel Arazas"; + }; forkk = { email = "forkk@forkk.net"; github = "Forkk"; diff --git a/nixos/modules/services/continuous-integration/jenkins/job-builder.nix b/nixos/modules/services/continuous-integration/jenkins/job-builder.nix index edbf31f5ca1..49b39b03d47 100644 --- a/nixos/modules/services/continuous-integration/jenkins/job-builder.nix +++ b/nixos/modules/services/continuous-integration/jenkins/job-builder.nix @@ -243,6 +243,7 @@ in { done '' + (if cfg.accessUser != "" then reloadScript else ""); serviceConfig = { + Type = "oneshot"; User = jenkinsCfg.user; RuntimeDirectory = "jenkins-job-builder"; }; diff --git a/nixos/tests/jenkins.nix b/nixos/tests/jenkins.nix index 63b5860f0d2..3f111426db3 100644 --- a/nixos/tests/jenkins.nix +++ b/nixos/tests/jenkins.nix @@ -81,7 +81,7 @@ import ./make-test-python.nix ({ pkgs, ...} : { in '' start_all() - master.wait_for_unit("jenkins") + master.wait_for_unit("default.target") assert "Authentication required" in master.succeed("curl http://localhost:8080") @@ -96,8 +96,6 @@ import ./make-test-python.nix ({ pkgs, ...} : { with subtest("jobs are declarative"): # Check that jobs are created on disk. - master.wait_for_unit("jenkins-job-builder") - master.wait_until_fails("systemctl is-active jenkins-job-builder") master.wait_until_succeeds("test -f /var/lib/jenkins/jobs/job-1/config.xml") master.wait_until_succeeds("test -f /var/lib/jenkins/jobs/folder-1/config.xml") master.wait_until_succeeds("test -f /var/lib/jenkins/jobs/folder-1/jobs/job-2/config.xml") @@ -115,8 +113,6 @@ import ./make-test-python.nix ({ pkgs, ...} : { ) # Check that jobs are removed from disk. - master.wait_for_unit("jenkins-job-builder") - master.wait_until_fails("systemctl is-active jenkins-job-builder") master.wait_until_fails("test -f /var/lib/jenkins/jobs/job-1/config.xml") master.wait_until_fails("test -f /var/lib/jenkins/jobs/folder-1/config.xml") master.wait_until_fails("test -f /var/lib/jenkins/jobs/folder-1/jobs/job-2/config.xml") diff --git a/pkgs/applications/misc/gnome-frog/default.nix b/pkgs/applications/misc/gnome-frog/default.nix new file mode 100644 index 00000000000..0d8a658f3ea --- /dev/null +++ b/pkgs/applications/misc/gnome-frog/default.nix @@ -0,0 +1,89 @@ +{ stdenv +, lib +, fetchFromGitHub +, python3Packages +, wrapGAppsHook4 +, gtk4 +, meson +, ninja +, pkg-config +, appstream-glib +, desktop-file-utils +, glib +, gobject-introspection +, libnotify +, libadwaita +, libportal +, gettext +, librsvg +, tesseract5 +, zbar +}: + +python3Packages.buildPythonApplication rec { + pname = "gnome-frog"; + version = "1.1.3"; + + src = fetchFromGitHub { + owner = "TenderOwl"; + repo = "Frog"; + rev = version; + sha256 = "sha256-yOjfiGJUU25zb/4WprPU59yDAMpttS3jREp1kB5mXUE="; + }; + + format = "other"; + + patches = [ ./update-compatible-with-non-flatpak-env.patch ]; + postPatch = '' + chmod +x ./build-aux/meson/postinstall.py + patchShebangs ./build-aux/meson/postinstall.py + substituteInPlace ./build-aux/meson/postinstall.py \ + --replace "gtk-update-icon-cache" "gtk4-update-icon-cache" + substituteInPlace ./frog/language_manager.py --subst-var out + ''; + + nativeBuildInputs = [ + appstream-glib + desktop-file-utils + gettext + meson + ninja + pkg-config + glib + wrapGAppsHook4 + ]; + + buildInputs = [ + librsvg + gobject-introspection + libnotify + libadwaita + libportal + zbar + tesseract5 + ]; + + propagatedBuildInputs = with python3Packages; [ + pygobject3 + pillow + pytesseract + pyzbar + ]; + + # This is to prevent double-wrapping the package. We'll let + # Python do it by adding certain arguments inside of the + # wrapper instead. + dontWrapGApps = true; + preFixup = '' + makeWrapperArgs+=("''${gappsWrapperArgs[@]}") + ''; + + meta = with lib; { + homepage = "https://getfrog.app/"; + description = + "Intuitive text extraction tool (OCR) for GNOME desktop"; + license = licenses.mit; + maintainers = with maintainers; [ foo-dogsquared ]; + platforms = platforms.linux; + }; +} diff --git a/pkgs/applications/misc/gnome-frog/update-compatible-with-non-flatpak-env.patch b/pkgs/applications/misc/gnome-frog/update-compatible-with-non-flatpak-env.patch new file mode 100644 index 00000000000..aac9b4f76fd --- /dev/null +++ b/pkgs/applications/misc/gnome-frog/update-compatible-with-non-flatpak-env.patch @@ -0,0 +1,33 @@ +diff --git a/frog/config.py b/frog/config.py +index 9837755..b73e4e3 100644 +--- a/frog/config.py ++++ b/frog/config.py +@@ -30,10 +30,14 @@ import os + APP_ID = "com.github.tenderowl.frog" + RESOURCE_PREFIX = "/com/github/tenderowl/frog" + ++# This is based from the XDG Base Directory specification. ++if not os.getenv('XDG_DATA_HOME'): ++ os.environ['XDG_DATA_HOME'] = os.path.expanduser("~/.local/share") ++ + if not os.path.exists(os.path.join(os.environ['XDG_DATA_HOME'], 'tessdata')): + os.mkdir(os.path.join(os.environ['XDG_DATA_HOME'], 'tessdata')) + + tessdata_url = "https://github.com/tesseract-ocr/tessdata/raw/main/" + tessdata_best_url = "https://github.com/tesseract-ocr/tessdata_best/raw/main/" + tessdata_dir = os.path.join(os.environ['XDG_DATA_HOME'], 'tessdata') +-tessdata_config = f'--tessdata-dir {tessdata_dir} –psm 6' ++tessdata_config = f'–-psm 6 --tessdata-dir {tessdata_dir}' +diff --git a/frog/language_manager.py b/frog/language_manager.py +index 5752be6..4f6a908 100644 +--- a/frog/language_manager.py ++++ b/frog/language_manager.py +@@ -156,7 +156,7 @@ class LanguageManager(GObject.GObject): + os.mkdir(tessdata_dir) + + dest_path = os.path.join(tessdata_dir, 'eng.traineddata') +- source_path = pathlib.Path('/app/share/appdata/eng.traineddata') ++ source_path = pathlib.Path('@out@/share/appdata/eng.traineddata') + if os.path.exists(dest_path): + return + diff --git a/pkgs/applications/virtualization/crosvm/default.nix b/pkgs/applications/virtualization/crosvm/default.nix index d71443c9b38..8309b856936 100644 --- a/pkgs/applications/virtualization/crosvm/default.nix +++ b/pkgs/applications/virtualization/crosvm/default.nix @@ -1,5 +1,6 @@ { stdenv, lib, rustPlatform, fetchgit -, pkg-config, wayland-scanner, libcap, minijail, wayland, wayland-protocols +, pkg-config, wayland-scanner +, libcap, libdrm, libepoxy, minijail, virglrenderer, wayland, wayland-protocols , linux }: @@ -30,7 +31,9 @@ in nativeBuildInputs = [ pkg-config wayland-scanner ]; - buildInputs = [ libcap minijail wayland wayland-protocols ]; + buildInputs = [ + libcap libdrm libepoxy minijail virglrenderer wayland wayland-protocols + ]; postPatch = '' cp ${./Cargo.lock} Cargo.lock @@ -42,6 +45,8 @@ in export DEFAULT_SECCOMP_POLICY_DIR=$out/share/policy ''; + buildFeatures = [ "default" "virgl_renderer" "virgl_renderer_next" ]; + postInstall = '' mkdir -p $out/share/policy/ cp seccomp/${arch}/* $out/share/policy/ diff --git a/pkgs/development/interpreters/duktape/default.nix b/pkgs/development/interpreters/duktape/default.nix index 3d52eda7660..c296d013e3d 100644 --- a/pkgs/development/interpreters/duktape/default.nix +++ b/pkgs/development/interpreters/duktape/default.nix @@ -8,20 +8,16 @@ stdenv.mkDerivation rec { sha256 = "sha256-kPjS+otVZ8aJmDDd7ywD88J5YLEayiIvoXqnrGE8KJA="; }; + # https://github.com/svaarala/duktape/issues/2464 + LDFLAGS = [ "-lm" ]; + nativeBuildInputs = [ validatePkgConfig ]; - postPatch = '' - substituteInPlace Makefile.sharedlibrary \ - --replace 'gcc' '${stdenv.cc.targetPrefix}cc' \ - --replace 'g++' '${stdenv.cc.targetPrefix}c++' - substituteInPlace Makefile.cmdline \ - --replace 'gcc' '${stdenv.cc.targetPrefix}cc' \ - --replace 'g++' '${stdenv.cc.targetPrefix}c++' - ''; buildPhase = '' make -f Makefile.sharedlibrary make -f Makefile.cmdline ''; + installPhase = '' install -d $out/bin install -m755 duk $out/bin/ @@ -30,6 +26,7 @@ stdenv.mkDerivation rec { make -f Makefile.sharedlibrary install INSTALL_PREFIX=$out substituteAll ${./duktape.pc.in} $out/lib/pkgconfig/duktape.pc ''; + enableParallelBuilding = true; meta = with lib; { diff --git a/pkgs/games/osu-lazer/default.nix b/pkgs/games/osu-lazer/default.nix index 6fa7029f37a..262df2e853a 100644 --- a/pkgs/games/osu-lazer/default.nix +++ b/pkgs/games/osu-lazer/default.nix @@ -14,13 +14,13 @@ buildDotnetModule rec { pname = "osu-lazer"; - version = "2022.719.0"; + version = "2022.723.0"; src = fetchFromGitHub { owner = "ppy"; repo = "osu"; rev = version; - sha256 = "sha256-SSKiXIj02VCTHDLgQMV0vZyKUoUv2c4KOfEJJ2NOLjY="; + sha256 = "sha256-j3NxT/WCOCSB62JUO8hYCRUoF+GL1QAdaUaynY7aGj8="; }; projectFile = "osu.Desktop/osu.Desktop.csproj"; diff --git a/pkgs/games/osu-lazer/deps.nix b/pkgs/games/osu-lazer/deps.nix index a2370f1e204..52c3b6f7a92 100644 --- a/pkgs/games/osu-lazer/deps.nix +++ b/pkgs/games/osu-lazer/deps.nix @@ -142,14 +142,14 @@ (fetchNuGet { pname = "NuGet.Protocol"; version = "5.11.0"; sha256 = "041pva6ykc5h6az7bb87mkg32c95cvxlixgspnd34zbdldr4ypdb"; }) (fetchNuGet { pname = "NuGet.Versioning"; version = "5.11.0"; sha256 = "041351n1rbyqpfxqyxbvjgfrcbbawymbq96givz5pvdbabvyf5vq"; }) (fetchNuGet { pname = "NUnit"; version = "3.13.3"; sha256 = "0wdzfkygqnr73s6lpxg5b1pwaqz9f414fxpvpdmf72bvh4jaqzv6"; }) - (fetchNuGet { pname = "OpenTabletDriver"; version = "0.6.0.2"; sha256 = "0blwfs1cacxq0vs6fy7zjnsny8qdsr5jlxix3icmphyqgz0g4g39"; }) - (fetchNuGet { pname = "OpenTabletDriver.Configurations"; version = "0.6.0.2"; sha256 = "18q6gjayqrwk6n1kf359z94z8zyb3yz4hr1dpgglk51sq6wi2z84"; }) - (fetchNuGet { pname = "OpenTabletDriver.Native"; version = "0.6.0.2"; sha256 = "12hf4v8j8asc9wlywpykajb8yrzx10w6h11qbykckmrfxvz8pc0a"; }) - (fetchNuGet { pname = "OpenTabletDriver.Plugin"; version = "0.6.0.2"; sha256 = "0z2n5jysw06zp2cxmfqddbg3g88jdm1irr2hv04q8valq0plaq5c"; }) + (fetchNuGet { pname = "OpenTabletDriver"; version = "0.6.0.4"; sha256 = "1fk0029b1183pxd6qvzkmy8byx5dhjka3f8x20sd7drbzvqpn6am"; }) + (fetchNuGet { pname = "OpenTabletDriver.Configurations"; version = "0.6.0.4"; sha256 = "0ahxg4mckzljav5y9g7c1795wgyx2banysg5l7ix3xrl4xmjfmp3"; }) + (fetchNuGet { pname = "OpenTabletDriver.Native"; version = "0.6.0.4"; sha256 = "1zz9afqbaif6sl7gzayl0ww9jhysi4q06jicmx4g35yk82w07vzn"; }) + (fetchNuGet { pname = "OpenTabletDriver.Plugin"; version = "0.6.0.4"; sha256 = "0lim2aqw42c1cc73fbbw0h41wcwaxa5d89srzalgg8dpi3bds1mp"; }) (fetchNuGet { pname = "ppy.LocalisationAnalyser"; version = "2022.607.0"; sha256 = "07rf10lpnly9d8wf7mwys3jsr4kh0rkf86rjck1hmb73b8524jq9"; }) - (fetchNuGet { pname = "ppy.osu.Framework"; version = "2022.719.0"; sha256 = "1rm72pm1m1nrfla2m3943nm85aj2i32rx4ikggm97fm74018cjsx"; }) + (fetchNuGet { pname = "ppy.osu.Framework"; version = "2022.722.0"; sha256 = "1ps8cfny35hyairw32bjz3cvkdhqch27yfzz83zbv6rdbk687zjq"; }) (fetchNuGet { pname = "ppy.osu.Framework.NativeLibs"; version = "2022.525.0"; sha256 = "1zsqj3xng06bb46vg79xx35n2dsh3crqg951r1ga2gxqzgzy4nk0"; }) - (fetchNuGet { pname = "ppy.osu.Game.Resources"; version = "2022.716.0"; sha256 = "03g70lsxad0xrrii4d1qh8xb1q4983hn7raydwihvm15pqwv9741"; }) + (fetchNuGet { pname = "ppy.osu.Game.Resources"; version = "2022.722.0"; sha256 = "0ilzm9cfvhzxwlv1irzcsbwnm3p5qjbc3hzh5ss992s0y5v6xray"; }) (fetchNuGet { pname = "ppy.osuTK.NS20"; version = "1.0.192"; sha256 = "0k6nlsxdl6qa5kbn66nbxh5x43hkgpnz8h3zjlbr5siqdjcrvcvg"; }) (fetchNuGet { pname = "ppy.SDL2-CS"; version = "1.0.563-alpha"; sha256 = "09bk81nibfwicjmy8bg4h14myp3x0a7yz4axwdfnk33pj5dsn953"; }) (fetchNuGet { pname = "Realm"; version = "10.14.0"; sha256 = "0pbnqp2z27lm6i8j8pbb2500gyyv8gb73kskv49ympvpa09mzcrv"; }) diff --git a/pkgs/servers/rainloop/default.nix b/pkgs/servers/rainloop/default.nix index bc1f0905c6b..1c7c76b2bd4 100644 --- a/pkgs/servers/rainloop/default.nix +++ b/pkgs/servers/rainloop/default.nix @@ -1,10 +1,10 @@ -{ lib, stdenv, fetchurl, unzip, pkgs, dataPath ? "/var/lib/rainloop" }: let +{ lib, stdenv, fetchurl, unzip, writeText, dos2unix, dataPath ? "/var/lib/rainloop" }: let common = { edition, sha256 }: stdenv.mkDerivation (rec { pname = "rainloop${lib.optionalString (edition != "") "-${edition}"}"; version = "1.16.0"; - nativeBuildInputs = [ unzip ]; + nativeBuildInputs = [ unzip dos2unix ]; unpackPhase = '' mkdir rainloop @@ -16,7 +16,19 @@ sha256 = sha256; }; - includeScript = pkgs.writeText "include.php" '' + prePatch = '' + dos2unix ./rainloop/rainloop/v/1.16.0/app/libraries/MailSo/Base/HtmlUtils.php + ''; + + patches = [ + ./fix-cve-2022-29360.patch + ]; + + postPatch = '' + unix2dos ./rainloop/rainloop/v/1.16.0/app/libraries/MailSo/Base/HtmlUtils.php + ''; + + includeScript = writeText "include.php" '' <?php /** diff --git a/pkgs/servers/rainloop/fix-cve-2022-29360.patch b/pkgs/servers/rainloop/fix-cve-2022-29360.patch new file mode 100644 index 00000000000..5ee7ad1103d --- /dev/null +++ b/pkgs/servers/rainloop/fix-cve-2022-29360.patch @@ -0,0 +1,23 @@ +Fetched from https://blog.sonarsource.com/rainloop-emails-at-risk-due-to-code-flaw/ + +--- a/rainloop/rainloop/v/1.16.0/app/libraries/MailSo/Base/HtmlUtils.php ++++ b/rainloop/rainloop/v/1.16.0/app/libraries/MailSo/Base/HtmlUtils.php +@@ -239,7 +239,8 @@ class HtmlUtils + $oWrapHtml->setAttribute($sKey, $sValue); + } + +- $oWrapDom = $oDom->createElement('div', '___xxx___'); ++ $rand_str = base64_encode(random_bytes(32)); ++ $oWrapDom = $oDom->createElement('div', $rand_str); + $oWrapDom->setAttribute('data-x-div-type', 'body'); + foreach ($aBodylAttrs as $sKey => $sValue) + { +@@ -250,7 +251,7 @@ class HtmlUtils + + $sWrp = $oDom->saveHTML($oWrapHtml); + +- $sResult = \str_replace('___xxx___', $sResult, $sWrp); ++ $sResult = \str_replace($rand_str, $sResult, $sWrp); + } + + $sResult = \str_replace(\MailSo\Base\HtmlUtils::$KOS, ':', $sResult); diff --git a/pkgs/tools/networking/godns/default.nix b/pkgs/tools/networking/godns/default.nix index 2c73a6ea9d6..1451e85c391 100644 --- a/pkgs/tools/networking/godns/default.nix +++ b/pkgs/tools/networking/godns/default.nix @@ -2,13 +2,13 @@ buildGoModule rec { pname = "godns"; - version = "2.8.4"; + version = "2.8.5"; src = fetchFromGitHub { owner = "TimothyYe"; repo = "godns"; rev = "v${version}"; - sha256 = "sha256-P3jmpyk53+N/7BhPfLmCiXOoGJv35eZcvrxGqejYin8="; + sha256 = "sha256-RqJ3AfnHKA6qJhio7SMvJlcKBec7/fDz5s2ucqOkQWE="; }; vendorSha256 = "sha256-PGqknRGtN0XRGPnAsWzQrlJZG5BzQIhlSysGefkxysE="; diff --git a/pkgs/tools/system/minijail/default.nix b/pkgs/tools/system/minijail/default.nix index 01873cb86aa..bf2c6adf76a 100644 --- a/pkgs/tools/system/minijail/default.nix +++ b/pkgs/tools/system/minijail/default.nix @@ -11,24 +11,24 @@ in stdenv.mkDerivation rec { pname = "minijail"; - version = "17"; + version = "18"; src = fetchFromGitiles { url = "https://android.googlesource.com/platform/external/minijail"; rev = "linux-v${version}"; - sha256 = "1j65h50wa39m6qvgnh1pf59fv9jdsdbc6a6c1na7y0rgljxhmdzv"; + sha256 = "sha256-OpwzISZ5iZNQvJAX7UJJ4gELEaVfcQgY9cqMM0YvBzc="; }; nativeBuildInputs = lib.optional (stdenv.buildPlatform != stdenv.hostPlatform) qemu; buildInputs = [ libcap ]; - makeFlags = [ "LIBDIR=$(out)/lib" ]; + makeFlags = [ "ECHO=echo" "LIBDIR=$(out)/lib" ]; dumpConstantsFlags = lib.optional (stdenv.hostPlatform.libc == "glibc") "LDFLAGS=-L${glibc.static}/lib"; postPatch = '' - substituteInPlace common.mk --replace /bin/echo echo + substituteInPlace Makefile --replace /bin/echo echo patchShebangs platform2_preinstall.sh ''; @@ -55,6 +55,7 @@ stdenv.mkDerivation rec { meta = with lib; { homepage = "https://android.googlesource.com/platform/external/minijail/"; description = "Sandboxing library and application using Linux namespaces and capabilities"; + changelog = "https://android.googlesource.com/platform/external/minijail/+/refs/tags/linux-v${version}"; license = licenses.bsd3; maintainers = with maintainers; [ pcarrier qyliss ]; platforms = platforms.linux; diff --git a/pkgs/top-level/all-packages.nix b/pkgs/top-level/all-packages.nix index 4eef51c847a..7bb328ba9f1 100644 --- a/pkgs/top-level/all-packages.nix +++ b/pkgs/top-level/all-packages.nix @@ -6705,6 +6705,8 @@ with pkgs; gnome-feeds = callPackage ../applications/networking/feedreaders/gnome-feeds {}; + gnome-frog = callPackage ../applications/misc/gnome-frog { }; + gnome-keysign = callPackage ../tools/security/gnome-keysign { }; gnome-secrets = callPackage ../applications/misc/gnome-secrets { }; |