2 files changed, 3 insertions, 68 deletions
diff --git a/pkgs/development/tools/buf/buf-tests-dont-use-file-transport.patch b/pkgs/development/tools/buf/buf-tests-dont-use-file-transport.patch
deleted file mode 100644
index a26f41d7197..00000000000
--- a/pkgs/development/tools/buf/buf-tests-dont-use-file-transport.patch
+++ /dev/null
@@ -1,51 +0,0 @@
-commit e9219b88de5ed37af337ee2d2e71e7ec7c0aad1b
-Author: Robbert van Ginkel <rvanginkel@buf.build>
-Date:   Thu Oct 20 16:43:28 2022 -0400
-
-    Fix git unit test by using fake git server rather than file:// (#1518)
-    
-    More recent versions of git fix a CVE by disabling some usage of the
-    `file://` transport, see
-    https://github.blog/2022-10-18-git-security-vulnerabilities-announced/#cve-2022-39253.
-    We were using this transport in tests.
-    
-    Instead, use https://git-scm.com/docs/git-http-backend to serve up this
-    repository locally so we don't have to use the file protocol. This
-    should be a more accurate tests, since we mostly expect submodules to
-    come from servers.
-
-diff --git a/private/pkg/git/git_test.go b/private/pkg/git/git_test.go
-index 7b77b6cd..7132054e 100644
---- a/private/pkg/git/git_test.go
-+++ b/private/pkg/git/git_test.go
-@@ -17,6 +17,8 @@ package git
- import (
- 	"context"
- 	"errors"
-+	"net/http/cgi"
-+	"net/http/httptest"
- 	"os"
- 	"os/exec"
- 	"path/filepath"
-@@ -213,6 +215,21 @@ func createGitDirs(
- 	runCommand(ctx, t, container, runner, "git", "-C", submodulePath, "add", "test.proto")
- 	runCommand(ctx, t, container, runner, "git", "-C", submodulePath, "commit", "-m", "commit 0")
- 
-+	gitExecPath, err := command.RunStdout(ctx, container, runner, "git", "--exec-path")
-+	require.NoError(t, err)
-+	t.Log(filepath.Join(string(gitExecPath), "git-http-backend"))
-+	// https://git-scm.com/docs/git-http-backend#_description
-+	f, err := os.Create(filepath.Join(submodulePath, ".git", "git-daemon-export-ok"))
-+	require.NoError(t, err)
-+	require.NoError(t, f.Close())
-+	server := httptest.NewServer(&cgi.Handler{
-+		Path: filepath.Join(strings.TrimSpace(string(gitExecPath)), "git-http-backend"),
-+		Dir:  submodulePath,
-+		Env:  []string{"GIT_PROJECT_ROOT=" + submodulePath},
-+	})
-+	t.Cleanup(server.Close)
-+	submodulePath = server.URL
-+
- 	originPath := filepath.Join(tmpDir, "origin")
- 	require.NoError(t, os.MkdirAll(originPath, 0777))
- 	runCommand(ctx, t, container, runner, "git", "-C", originPath, "init")
diff --git a/pkgs/development/tools/buf/default.nix b/pkgs/development/tools/buf/default.nix
index 5acd05013fa..75b75c0158e 100644
--- a/pkgs/development/tools/buf/default.nix
+++ b/pkgs/development/tools/buf/default.nix
@@ -1,7 +1,6 @@
 { lib
 , buildGoModule
 , fetchFromGitHub
-, fetchpatch
 , protobuf
 , git
 , testers
@@ -11,35 +10,22 @@
 
 buildGoModule rec {
   pname = "buf";
-  version = "1.9.0";
+  version = "1.11.0";
 
   src = fetchFromGitHub {
     owner = "bufbuild";
     repo = pname;
     rev = "v${version}";
-    sha256 = "sha256-KnG1FUdC8xpW/wI4E8+RzO0StKF+N7Wx1jTWNm4302M=";
+    hash = "sha256-h32G6skJ2vWay2iwoqkvBFlzafwHVilYKHVtZES3RvE=";
   };
 
-  vendorSha256 = "sha256-e/hkJoQ1GkSl4mhhgYVB4POult87DzWOXRLGyDVP+M0=";
+  vendorHash = "sha256-Hjr/SZK9dVID+VP7KFZkFmJn+te7cmI2ARu2l7wTzLg=";
 
   patches = [
     # Skip a test that requires networking to be available to work.
     ./skip_test_requiring_network.patch
     # Skip TestWorkspaceGit which requires .git and commits.
     ./skip_test_requiring_dotgit.patch
-    # Remove reliance of tests on file protocol which is disabled in git by default now
-    # Rebased upstream change https://github.com/bufbuild/buf/commit/bcaa77f8bbb8f6c198154c7c8d53596da4506dab
-    ./buf-tests-dont-use-file-transport.patch
-    # Make TestCyclicImport tests deterministic (see https://github.com/bufbuild/buf/pull/1551)
-    (fetchpatch {
-      url = "https://github.com/bufbuild/buf/commit/75b5ef4c84f5953002dff95a1c66cb82b0e3b06f.patch";
-      sha256 = "sha256-pKF3VXkzttsTTT2r/Z37ug9nnu8gRdkfmv/aTOhAJpw=";
-    })
-    # Make TestDuplicateSyntheticOneofs check deterministic (see https://github.com/bufbuild/buf/pull/1579)
-    (fetchpatch {
-      url = "https://github.com/bufbuild/buf/commit/9e72aa314e6f02b36793caa5f6068394cbdcb98c.patch";
-      sha256 = "sha256-6NEF3sP1EQ6cQxkH2xRyHxAD0OrXBlQQa05rLK998wo=";
-    })
   ];
 
   nativeBuildInputs = [ installShellFiles ];