diff options
Diffstat (limited to 'pkgs')
42 files changed, 266 insertions, 213 deletions
diff --git a/pkgs/build-support/alternatives/blas/default.nix b/pkgs/build-support/alternatives/blas/default.nix index 9e1aacfaf82..5ebbc737e11 100644 --- a/pkgs/build-support/alternatives/blas/default.nix +++ b/pkgs/build-support/alternatives/blas/default.nix @@ -70,7 +70,7 @@ stdenv.mkDerivation { exit 1 fi - nm -an "$libblas" | cut -f3 -d' ' > symbols + $NM -an "$libblas" | cut -f3 -d' ' > symbols for symbol in ${toString blasFortranSymbols}; do grep -q "^$symbol_$" symbols || { echo "$symbol" was not found in "$libblas"; exit 1; } done diff --git a/pkgs/build-support/cc-wrapper/default.nix b/pkgs/build-support/cc-wrapper/default.nix index 4f3680f2197..6ee287e287b 100644 --- a/pkgs/build-support/cc-wrapper/default.nix +++ b/pkgs/build-support/cc-wrapper/default.nix @@ -209,6 +209,7 @@ stdenv.mkDerivation { wrap ${targetPrefix}gfortran $wrapper $ccPath/${targetPrefix}gfortran ln -sv ${targetPrefix}gfortran $out/bin/${targetPrefix}g77 ln -sv ${targetPrefix}gfortran $out/bin/${targetPrefix}f77 + export named_fc=${targetPrefix}gfortran '' + optionalString cc.langJava or false '' @@ -227,8 +228,8 @@ stdenv.mkDerivation { setupHooks = [ ../setup-hooks/role.bash - ./setup-hook.sh - ]; + ] ++ stdenv.lib.optional (cc.langC or true) ./setup-hook.sh + ++ stdenv.lib.optional (cc.langFortran or false) ./fortran-hook.sh; postFixup = # Ensure flags files exists, as some other programs cat them. (That these diff --git a/pkgs/build-support/cc-wrapper/fortran-hook.sh b/pkgs/build-support/cc-wrapper/fortran-hook.sh new file mode 100644 index 00000000000..d72f314c01c --- /dev/null +++ b/pkgs/build-support/cc-wrapper/fortran-hook.sh @@ -0,0 +1,11 @@ +getTargetRole +getTargetRoleWrapper + +export FC${role_post}=@named_fc@ + +# If unset, assume the default hardening flags. +# These are different for fortran. +: ${NIX_HARDENING_ENABLE="stackprotector pic strictoverflow relro bindnow"} +export NIX_HARDENING_ENABLE + +unset -v role_post diff --git a/pkgs/desktops/gnome-3/core/gnome-desktop/default.nix b/pkgs/desktops/gnome-3/core/gnome-desktop/default.nix index 2e89e6b9c27..e558eb66d40 100644 --- a/pkgs/desktops/gnome-3/core/gnome-desktop/default.nix +++ b/pkgs/desktops/gnome-3/core/gnome-desktop/default.nix @@ -4,13 +4,13 @@ stdenv.mkDerivation rec { pname = "gnome-desktop"; - version = "3.36.4"; + version = "3.36.5"; outputs = [ "out" "dev" "devdoc" ]; src = fetchurl { url = "mirror://gnome/sources/gnome-desktop/${stdenv.lib.versions.majorMinor version}/${pname}-${version}.tar.xz"; - sha256 = "1ilv49qkppbbag5728iswg1jhhqx9hbj7j8k8wccnbyaq54bsyq0"; + sha256 = "0lxpgb199hn37vq822qg9g43pwixbki3x5lkazqa77qhjhlj98gf"; }; nativeBuildInputs = [ diff --git a/pkgs/development/compilers/go/1.14.nix b/pkgs/development/compilers/go/1.14.nix index d9fc67cf46e..0bf972ff80f 100644 --- a/pkgs/development/compilers/go/1.14.nix +++ b/pkgs/development/compilers/go/1.14.nix @@ -31,11 +31,11 @@ in stdenv.mkDerivation rec { pname = "go"; - version = "1.14.6"; + version = "1.14.7"; src = fetchurl { url = "https://dl.google.com/go/go${version}.src.tar.gz"; - sha256 = "02acr52bxfjlr3m11576gdwn8hjv1pr2pffcis913m0m31w9vz3k"; + sha256 = "1qrhdjdzi1knchk1wmlaqgkqhxkq2niw14b931rhqrk36m1r4hq6"; }; # perl is used for testing go vet diff --git a/pkgs/development/compilers/rust/1_45.nix b/pkgs/development/compilers/rust/1_45.nix index c72292679e5..1a634d3f51e 100644 --- a/pkgs/development/compilers/rust/1_45.nix +++ b/pkgs/development/compilers/rust/1_45.nix @@ -16,8 +16,8 @@ } @ args: import ./default.nix { - rustcVersion = "1.45.0"; - rustcSha256 = "0z6dh0yd3fcm3qh960wi4s6fa6pxz9mh77psycsqfkkx5kqra15s"; + rustcVersion = "1.45.2"; + rustcSha256 = "0273a1g3f59plyi1n0azf21qjzwml1yqdnj5z472crz37qggr8xp"; # Note: the version MUST be one version prior to the version we're # building diff --git a/pkgs/development/interpreters/python/cpython/2.7/CVE-2019-20907.patch b/pkgs/development/interpreters/python/cpython/2.7/CVE-2019-20907.patch new file mode 100644 index 00000000000..cf67ae2b51b --- /dev/null +++ b/pkgs/development/interpreters/python/cpython/2.7/CVE-2019-20907.patch @@ -0,0 +1,24 @@ +From 5a8d121a1f3ef5ad7c105ee378cc79a3eac0c7d4 Mon Sep 17 00:00:00 2001 +From: Rishi <rishi_devan@mail.com> +Date: Wed, 15 Jul 2020 13:51:00 +0200 +Subject: [PATCH] bpo-39017: Avoid infinite loop in the tarfile module + (GH-21454) + +Avoid infinite loop when reading specially crafted TAR files using the tarfile module +(CVE-2019-20907). +--- + Lib/tarfile.py | 2 ++ + +diff --git a/Lib/tarfile.py b/Lib/tarfile.py +index e2b60532f6..6769066cab 100755 +--- a/Lib/tarfile.py ++++ b/Lib/tarfile.py +@@ -1249,6 +1249,8 @@ class TarInfo(object): + + length, keyword = match.groups() + length = int(length) ++ if length == 0: ++ raise InvalidHeaderError("invalid header") + value = buf[match.end(2) + 1:match.start(1) + length - 1] + + # Normally, we could just use "utf-8" as the encoding and "strict" diff --git a/pkgs/development/interpreters/python/cpython/2.7/default.nix b/pkgs/development/interpreters/python/cpython/2.7/default.nix index 62aae7b2212..2cfaa69a4c8 100644 --- a/pkgs/development/interpreters/python/cpython/2.7/default.nix +++ b/pkgs/development/interpreters/python/cpython/2.7/default.nix @@ -90,6 +90,9 @@ let # Backport from CPython 3.8 of a good list of tests to run for PGO. ./profile-task.patch + + # Patch is likely to go away in the next release (if there is any) + ./CVE-2019-20907.patch ] ++ optionals (x11Support && stdenv.isDarwin) [ ./use-correct-tcl-tk-on-darwin.patch ] ++ optionals stdenv.isLinux [ diff --git a/pkgs/development/interpreters/python/cpython/default.nix b/pkgs/development/interpreters/python/cpython/default.nix index 4a8d4ab4bfb..b25d613eb7f 100644 --- a/pkgs/development/interpreters/python/cpython/default.nix +++ b/pkgs/development/interpreters/python/cpython/default.nix @@ -156,6 +156,8 @@ in with passthru; stdenv.mkDerivation { ]; postPatch = '' + substituteInPlace Lib/subprocess.py \ + --replace "'/bin/sh'" "'${bash}/bin/sh'" '' + optionalString (x11Support && (tix != null)) '' substituteInPlace "Lib/tkinter/tix.py" --replace "os.environ.get('TIX_LIBRARY')" "os.environ.get('TIX_LIBRARY') or '${tix}/lib'" ''; @@ -289,6 +291,13 @@ in with passthru; stdenv.mkDerivation { find $out -name "*.py" | ${pythonForBuildInterpreter} -OO -m compileall -q -f -x "lib2to3" -i - '' + optionalString stripBytecode '' find $out -type d -name __pycache__ -print0 | xargs -0 -I {} rm -rf "{}" + '' + '' + # *strip* shebang from libpython gdb script - it should be dual-syntax and + # interpretable by whatever python the gdb in question is using, which may + # not even match the major version of this python. doing this after the + # bytecode compilations for the same reason. + mkdir -p $out/share/gdb + sed '/^#!/d' Tools/gdb/libpython.py > $out/share/gdb/libpython.py ''; preFixup = stdenv.lib.optionalString (stdenv.hostPlatform != stdenv.buildPlatform) '' @@ -306,6 +315,8 @@ in with passthru; stdenv.mkDerivation { pythonForBuild buildPackages.bash ]; + separateDebugInfo = true; + inherit passthru; enableParallelBuilding = true; diff --git a/pkgs/development/libraries/check/default.nix b/pkgs/development/libraries/check/default.nix index e98fa465e0b..be000e457c4 100644 --- a/pkgs/development/libraries/check/default.nix +++ b/pkgs/development/libraries/check/default.nix @@ -4,11 +4,11 @@ stdenv.mkDerivation rec { pname = "check"; - version = "0.15.0"; + version = "0.15.2"; src = fetchurl { url = "https://github.com/libcheck/check/releases/download/${version}/check-${version}.tar.gz"; - sha256 = "0q5cs6rqbq8a1m9ij3dxnsjcs31mvg0b2i77g0iykqd6iz3f78mf"; + sha256 = "02m25y9m46pb6n46s51av62kpd936lkfv3b13kfpckgvmh5lxpm8"; }; # Test can randomly fail: https://hydra.nixos.org/build/7243912 diff --git a/pkgs/development/libraries/ffmpeg/generic.nix b/pkgs/development/libraries/ffmpeg/generic.nix index 5b98884c1fc..d763fb51354 100644 --- a/pkgs/development/libraries/ffmpeg/generic.nix +++ b/pkgs/development/libraries/ffmpeg/generic.nix @@ -126,6 +126,7 @@ stdenv.mkDerivation rec { # Docs (ifMinVer "0.6" "--disable-doc") # External Libraries + "--enable-libass" "--enable-bzlib" "--enable-gnutls" (ifMinVer "1.0" "--enable-fontconfig") diff --git a/pkgs/development/libraries/ilmbase/cross.patch b/pkgs/development/libraries/ilmbase/cross.patch deleted file mode 100644 index 207a440a0d8..00000000000 --- a/pkgs/development/libraries/ilmbase/cross.patch +++ /dev/null @@ -1,35 +0,0 @@ -From: Helmut Grohne <> -Subject: compile build tools with the build architecture compiler - -Patch-Source: https://github.com/openexr/openexr/issues/221 - -Index: ilmbase-2.2.0/configure.ac -=================================================================== ---- ilmbase-2.2.0.orig/configure.ac -+++ ilmbase-2.2.0/configure.ac -@@ -28,6 +28,7 @@ - AC_PROG_LN_S - AC_PROG_LIBTOOL - AC_PROG_MAKE_SET -+AX_PROG_CXX_FOR_BUILD - - dnl - dnl PKGCONFIG preparations -Index: ilmbase-2.2.0/Half/Makefile.am -=================================================================== ---- ilmbase-2.2.0.orig/Half/Makefile.am -+++ ilmbase-2.2.0/Half/Makefile.am -@@ -17,9 +17,11 @@ - - CLEANFILES = eLut eLut.h toFloat toFloat.h - --eLut_SOURCES = eLut.cpp -+eLut$(EXEEXT): eLut.cpp -+ $(CXX_FOR_BUILD) $(CXXFLAGS_FOR_BUILD) $< -o $@ - --toFloat_SOURCES = toFloat.cpp -+toFloat$(EXEEXT): toFloat.cpp -+ $(CXX_FOR_BUILD) $(CXXFLAGS_FOR_BUILD) $< -o $@ - - eLut.h: eLut - ./eLut > eLut.h diff --git a/pkgs/development/libraries/ilmbase/default.nix b/pkgs/development/libraries/ilmbase/default.nix index ac78257b74a..68bd677cf77 100644 --- a/pkgs/development/libraries/ilmbase/default.nix +++ b/pkgs/development/libraries/ilmbase/default.nix @@ -2,7 +2,6 @@ , lib , buildPackages , cmake -, libtool , openexr }: @@ -12,26 +11,23 @@ stdenv.mkDerivation rec { # the project no longer provides separate tarballs. We may even want to merge # the ilmbase package into openexr in the future. - src = openexr.src; - - sourceRoot = "source/IlmBase"; + inherit (openexr) src patches; outputs = [ "out" "dev" ]; - nativeBuildInputs = [ cmake libtool ]; + nativeBuildInputs = [ cmake ]; depsBuildBuild = [ buildPackages.stdenv.cc ]; - patches = [ - ./cross.patch - ] ++ lib.optionals (stdenv.hostPlatform.isLinux && stdenv.hostPlatform.libc != "glibc") [ - openexr.non_glibc_fpstate_patch # see description of this patch in `openexr` - ]; - # fails 1 out of 1 tests with # "lt-ImathTest: testBoxAlgo.cpp:892: void {anonymous}::boxMatrixTransform(): Assertion `b21 == b2' failed" # at least on i686. spooky! doCheck = stdenv.isx86_64; + preConfigure = '' + # Need to cd after patches for openexr patches to apply. + cd IlmBase + ''; + meta = with stdenv.lib; { description = " A library for 2D/3D vectors and matrices and other mathematical objects, functions and data types for computer graphics"; homepage = "https://www.openexr.com/"; diff --git a/pkgs/development/libraries/imlib2/default.nix b/pkgs/development/libraries/imlib2/default.nix index 36b1063531e..458b3d29d52 100644 --- a/pkgs/development/libraries/imlib2/default.nix +++ b/pkgs/development/libraries/imlib2/default.nix @@ -12,11 +12,11 @@ let in stdenv.mkDerivation rec { pname = "imlib2"; - version = "1.6.1"; + version = "1.7.0"; src = fetchurl { url = "mirror://sourceforge/enlightenment/${pname}-${version}.tar.bz2"; - sha256 = "0v8n3dswx7rxqfd0q03xwc7j2w1mv8lv18rdxv487a1xw5vklfad"; + sha256 = "0zdk4afdrrr1539f2q15zja19j4wwfmpswzws2ffgflcnhywlxhr"; }; buildInputs = [ diff --git a/pkgs/development/libraries/libbytesize/default.nix b/pkgs/development/libraries/libbytesize/default.nix index ec14b2a6091..c93a59d462f 100644 --- a/pkgs/development/libraries/libbytesize/default.nix +++ b/pkgs/development/libraries/libbytesize/default.nix @@ -4,7 +4,7 @@ }: let - version = "2.3"; + version = "2.4"; in stdenv.mkDerivation rec { pname = "libbytesize"; inherit version; @@ -13,7 +13,7 @@ in stdenv.mkDerivation rec { owner = "storaged-project"; repo = "libbytesize"; rev = version; - sha256 = "1nrlmn63k0ix1yzn8v4lni5n5b4c0b6w9f33p1ig113ymmdvcc0h"; + sha256 = "1kq0hnw2yxjdmcrwvgp0x4j1arkka23k8vp2l6nqcw9lc15x18fp"; }; outputs = [ "out" "dev" "devdoc" ]; diff --git a/pkgs/development/libraries/libevdev/default.nix b/pkgs/development/libraries/libevdev/default.nix index c769006e0bf..fdd5e20640a 100644 --- a/pkgs/development/libraries/libevdev/default.nix +++ b/pkgs/development/libraries/libevdev/default.nix @@ -2,22 +2,13 @@ stdenv.mkDerivation rec { pname = "libevdev"; - version = "1.9.0"; + version = "1.9.1"; src = fetchurl { url = "https://www.freedesktop.org/software/${pname}/${pname}-${version}.tar.xz"; - sha256 = "17pb5375njb1r05xmk0r57a2j986ihglh2n5nqcylbag4rj8mqg7"; + sha256 = "1jvsphdrs1i54ccjcn6ll26jy42am7h28lbsvwa6pmxgqm43qq7m"; }; - patches = [ - # Fix libevdev-python tests on aarch64 - # https://gitlab.freedesktop.org/libevdev/libevdev/merge_requests/63 - (fetchpatch { - url = "https://gitlab.freedesktop.org/libevdev/libevdev/commit/66113fe84f62bab3a672a336eb10b255d2aa5ce7.patch"; - sha256 = "gZKr/P+/OqU69IGslP8CQlcGuyzA/ulcm+nGwHdis58="; - }) - ]; - nativeBuildInputs = [ python3 ]; meta = with stdenv.lib; { diff --git a/pkgs/development/libraries/libinput/default.nix b/pkgs/development/libraries/libinput/default.nix index cb8009011b6..576a2fec921 100644 --- a/pkgs/development/libraries/libinput/default.nix +++ b/pkgs/development/libraries/libinput/default.nix @@ -27,11 +27,11 @@ in with stdenv.lib; stdenv.mkDerivation rec { pname = "libinput"; - version = "1.15.6"; + version = "1.16.1"; src = fetchurl { url = "https://www.freedesktop.org/software/libinput/${pname}-${version}.tar.xz"; - sha256 = "073z61dw46cyq0635a5n1mw7hw4qdgr58gbwwb3ds5v3d8hymvdf"; + sha256 = "e6fRru3RUWi7IdF+nmKKocJ5V5Y6Qjo/6jk4pQF1hTk="; }; outputs = [ "bin" "out" "dev" ]; diff --git a/pkgs/development/libraries/libipt/default.nix b/pkgs/development/libraries/libipt/default.nix index cb4db488dc4..79ae927fc24 100644 --- a/pkgs/development/libraries/libipt/default.nix +++ b/pkgs/development/libraries/libipt/default.nix @@ -2,13 +2,13 @@ stdenv.mkDerivation rec { pname = "libipt"; - version = "2.0.1"; + version = "2.0.2"; src = fetchFromGitHub { owner = "intel"; repo = "libipt"; rev = "v${version}"; - sha256 = "19y1lk5z1rf8xmr08m8zrpjkgr5as83b96xyaxwn67m2wz58mpmh"; + sha256 = "095agnk7r2sq5yas6c1ri8fmsl55n4l5hkl6j5l397p9nxvxvrkc"; }; nativeBuildInputs = [ cmake ]; diff --git a/pkgs/development/libraries/libmbim/default.nix b/pkgs/development/libraries/libmbim/default.nix index 0cc911fbd01..0e9a3784f38 100644 --- a/pkgs/development/libraries/libmbim/default.nix +++ b/pkgs/development/libraries/libmbim/default.nix @@ -10,11 +10,11 @@ stdenv.mkDerivation rec { pname = "libmbim"; - version = "1.24.0"; + version = "1.24.2"; src = fetchurl { url = "https://www.freedesktop.org/software/libmbim/${pname}-${version}.tar.xz"; - sha256 = "15hi1vq327drgi6h4dsi74lb7wg0sxd7mipa3irh5zgc7gn5qj9x"; + sha256 = "1r41d4yddp8rgccxrkz9vg5lbrj3dr5vy71d8igrr147k44qq69j"; }; outputs = [ "out" "dev" "man" ]; diff --git a/pkgs/development/libraries/libqmi/default.nix b/pkgs/development/libraries/libqmi/default.nix index e577b403823..e8db7501534 100644 --- a/pkgs/development/libraries/libqmi/default.nix +++ b/pkgs/development/libraries/libqmi/default.nix @@ -2,11 +2,11 @@ stdenv.mkDerivation rec { pname = "libqmi"; - version = "1.26.0"; + version = "1.26.2"; src = fetchurl { url = "https://www.freedesktop.org/software/libqmi/${pname}-${version}.tar.xz"; - sha256 = "0h3fzmjlla7ib9wn4rv98bm40y2k28jcl29da4hjwyaqmvh2j13z"; + sha256 = "00vvvfq74awg6mk0si1cdv79f6z6wqx11h47nl78a1h7zsr6fd0k"; }; outputs = [ "out" "dev" "devdoc" ]; diff --git a/pkgs/development/libraries/libuv/default.nix b/pkgs/development/libraries/libuv/default.nix index aca345e6bbf..cf73a64f675 100644 --- a/pkgs/development/libraries/libuv/default.nix +++ b/pkgs/development/libraries/libuv/default.nix @@ -18,7 +18,7 @@ stdenv.mkDerivation rec { "getaddrinfo_fail" "getaddrinfo_fail_sync" "threadpool_multiple_event_loops" # times out on slow machines "get_passwd" # passed on NixOS but failed on other Linuxes - "tcp_writealot" # times out sometimes + "tcp_writealot" "udp_multicast_join" "udp_multicast_join6" # times out sometimes ] ++ stdenv.lib.optionals stdenv.isDarwin [ # Sometimes: timeout (no output), failed uv_listen. Someone # should report these failures to libuv team. There tests should diff --git a/pkgs/development/libraries/mesa/default.nix b/pkgs/development/libraries/mesa/default.nix index ee0094b263c..f972e3f79a7 100644 --- a/pkgs/development/libraries/mesa/default.nix +++ b/pkgs/development/libraries/mesa/default.nix @@ -32,7 +32,7 @@ with stdenv.lib; let # Release calendar: https://www.mesa3d.org/release-calendar.html # Release frequency: https://www.mesa3d.org/releasing.html#schedule - version = "20.1.4"; + version = "20.1.5"; branch = versions.major version; in @@ -47,7 +47,7 @@ stdenv.mkDerivation { "ftp://ftp.freedesktop.org/pub/mesa/${version}/mesa-${version}.tar.xz" "ftp://ftp.freedesktop.org/pub/mesa/older-versions/${branch}.x/${version}/mesa-${version}.tar.xz" ]; - sha256 = "1zlrczmmkcy42w332rfmlicihlnrxmkrnkpb21sl98725cf2f038"; + sha256 = "16y609zavqqhvxb55c06zwkg986qp6znvn7qjg4axw8bdqg8dhgs"; }; prePatch = "patchShebangs ."; diff --git a/pkgs/development/libraries/openexr/default.nix b/pkgs/development/libraries/openexr/default.nix index a1f5183da90..b33b284f45c 100644 --- a/pkgs/development/libraries/openexr/default.nix +++ b/pkgs/development/libraries/openexr/default.nix @@ -6,51 +6,31 @@ , ilmbase , fetchpatch , cmake -, libtool }: -let - non_glibc_fpstate_patch = - # Fix ilmbase/openexr using glibc-only fpstate. - # Found via https://git.alpinelinux.org/aports/tree/community/openexr/10-musl-_fpstate.patch?id=80d9611b7b8e406a554c6f511137e03ff26acbae, - # TODO Remove when https://github.com/AcademySoftwareFoundation/openexr/pull/798 is merged and available. - # Remove it from `ilmbase` as well then. - (fetchpatch { - name = "ilmbase-musl-_fpstate.patch.patch"; - url = "https://raw.githubusercontent.com/void-linux/void-packages/80bbc168faa25448bd3399f4df331b836e74b85c/srcpkgs/ilmbase/patches/musl-_fpstate.patch"; - sha256 = "0appzbs9pd6dia5pzxmrs9ww35shlxi329ks6lchwzw4f2a81arz"; - }); -in - stdenv.mkDerivation rec { pname = "openexr"; - version = "2.4.1"; + version = "2.5.3"; + + outputs = [ "bin" "dev" "out" "doc" ]; src = fetchFromGitHub { owner = "AcademySoftwareFoundation"; repo = "openexr"; rev = "v${version}"; - sha256 = "020gyl8zv83ag6gbcchmqiyx9rh2jca7j8n52zx1gk4rck7kwc01"; + sha256 = "xyYdRrwAYdnRZmErIK0tZspguqtrXvixO5+6nMDoOh8="; }; - outputs = [ "bin" "dev" "out" "doc" ]; - nativeBuildInputs = [ cmake libtool ]; - propagatedBuildInputs = [ ilmbase zlib ]; - - postPatch = - if (stdenv.hostPlatform.isLinux && stdenv.hostPlatform.libc != "glibc") - then - '' - patch -p0 < ${non_glibc_fpstate_patch} - '' - else null; # `null` avoids rebuild on glibc - - enableParallelBuilding = true; + patches = [ + # Fix pkg-config paths + (fetchpatch { + url = "https://github.com/AcademySoftwareFoundation/openexr/commit/6442fb71a86c09fb0a8118b6dbd93bcec4883a3c.patch"; + sha256 = "bwD5WTKPT4DjOJDnPXIvT5hJJkH0b71Vo7qupWO9nPA="; + }) + ]; - passthru = { - # So that ilmbase (sharing the same source code) can re-use this patch. - inherit non_glibc_fpstate_patch; - }; + nativeBuildInputs = [ cmake ]; + propagatedBuildInputs = [ ilmbase zlib ]; meta = with stdenv.lib; { description = "A high dynamic-range (HDR) image file format"; diff --git a/pkgs/development/libraries/qt-5/modules/qtdeclarative.nix b/pkgs/development/libraries/qt-5/modules/qtdeclarative.nix index b611282294c..c22857a6dc6 100644 --- a/pkgs/development/libraries/qt-5/modules/qtdeclarative.nix +++ b/pkgs/development/libraries/qt-5/modules/qtdeclarative.nix @@ -1,4 +1,4 @@ -{ qtModule, lib, python3, qtbase, qtsvg }: +{ qtModule, lib, fetchpatch, python3, qtbase, qtsvg }: with lib; @@ -23,4 +23,12 @@ qtModule { "bin/qmlscene" "bin/qmltestrunner" ]; + patches = + # https://mail.kde.org/pipermail/kde-distro-packagers/2020-June/000419.html + lib.optional (lib.versionAtLeast qtbase.version "5.14.2") + (fetchpatch { + url = "https://codereview.qt-project.org/gitweb?p=qt/qtdeclarative.git;a=patch;h=3e47ac319b0f53c43cc02a8356c2dec4f0daeef4"; + sha256 = "0wvncg7047q73nm0svc6kb14sigwk7sc53r4778kn033aj0qqszj"; + name = "qtdeclarative-QQuickItemView-fix-max-extent.patch"; + }); } diff --git a/pkgs/development/libraries/science/math/arpack/default.nix b/pkgs/development/libraries/science/math/arpack/default.nix index 0829557d0f3..02d51f0c419 100644 --- a/pkgs/development/libraries/science/math/arpack/default.nix +++ b/pkgs/development/libraries/science/math/arpack/default.nix @@ -31,7 +31,7 @@ stdenv.mkDerivation { ]; preCheck = if stdenv.isDarwin then '' - export DYLD_LIBRARY_PATH=$DYLD_LIBRARY_PATH''${DYLD_LIBRARY_PATH:+:}`pwd`/lib + export DYLD_LIBRARY_PATH=$DYLD_LIBRARY_PATH''${DYLD_LIBRARY_PATH:+:}`pwd`/lib:${blas}/lib:${lapack}/lib '' else '' export LD_LIBRARY_PATH=$LD_LIBRARY_PATH''${LD_LIBRARY_PATH:+:}`pwd`/lib '' + '' diff --git a/pkgs/development/libraries/x265/default.nix b/pkgs/development/libraries/x265/default.nix index cfa19e5419f..ae3392aeb12 100644 --- a/pkgs/development/libraries/x265/default.nix +++ b/pkgs/development/libraries/x265/default.nix @@ -1,7 +1,6 @@ { stdenv, fetchurl, fetchpatch, cmake, nasm, numactl , numaSupport ? stdenv.hostPlatform.isLinux && (stdenv.hostPlatform.isx86 || stdenv.hostPlatform.isAarch64) # Enabled by default on NUMA platforms , debugSupport ? false # Run-time sanity checks (debugging) -, highbitdepthSupport ? false # false=8bits per channel, true=10/12bits per channel , werrorSupport ? false # Warnings as errors , ppaSupport ? false # PPA profiling instrumentation , vtuneSupport ? false # Vtune profiling instrumentation @@ -13,10 +12,17 @@ let mkFlag = optSet: flag: if optSet then "-D${flag}=ON" else "-D${flag}=OFF"; inherit (stdenv) is64bit; -in -stdenv.mkDerivation rec { - pname = "x265"; + cmakeFlagsAll = [ + "-DSTATIC_LINK_CRT=OFF" + (mkFlag debugSupport "CHECKED_BUILD") + (mkFlag ppaSupport "ENABLE_PPA") + (mkFlag vtuneSupport "ENABLE_VTUNE") + (mkFlag custatsSupport "DETAILED_CU_STATS") + (mkFlag unittestsSupport "ENABLE_TESTS") + (mkFlag werrorSupport "WARNINGS_AS_ERRORS") + ]; + version = "3.2"; src = fetchurl { @@ -27,8 +33,6 @@ stdenv.mkDerivation rec { sha256 = "0fqkhfhr22gzavxn60cpnj3agwdf5afivszxf3haj5k1sny7jk9n"; }; - enableParallelBuilding = true; - patches = [ # Fix build on ARM (#406) (fetchpatch { @@ -37,22 +41,54 @@ stdenv.mkDerivation rec { }) ]; + buildLib = has12Bit: stdenv.mkDerivation rec { + name = "libx265-${if has12Bit then "12" else "10"}-${version}"; + inherit src patches; + enableParallelBuilding = true; + + postPatch = '' + sed -i 's/unknown/${version}/g' source/cmake/version.cmake + ''; + + cmakeLibFlags = [ + "-DENABLE_CLI=OFF" + "-DENABLE_SHARED=OFF" + "-DENABLE_HDR10_PLUS=ON" + "-DEXPORT_C_API=OFF" + "-DHIGH_BIT_DEPTH=ON" + ]; + cmakeFlags = [(mkFlag has12Bit "MAIN12")] ++ cmakeLibFlags ++ cmakeFlagsAll; + + preConfigure = '' + cd source + ''; + + nativeBuildInputs = [cmake nasm] ++ stdenv.lib.optional numaSupport numactl; + }; + + libx265-10 = buildLib false; + libx265-12 = buildLib true; +in + +stdenv.mkDerivation rec { + pname = "x265"; + inherit version src patches; + + enableParallelBuilding = true; + postPatch = '' sed -i 's/unknown/${version}/g' source/cmake/version.cmake ''; cmakeFlags = [ - (mkFlag debugSupport "CHECKED_BUILD") - "-DSTATIC_LINK_CRT=OFF" - (mkFlag (highbitdepthSupport && is64bit) "HIGH_BIT_DEPTH") - (mkFlag werrorSupport "WARNINGS_AS_ERRORS") - (mkFlag ppaSupport "ENABLE_PPA") - (mkFlag vtuneSupport "ENABLE_VTUNE") - (mkFlag custatsSupport "DETAILED_CU_STATS") "-DENABLE_SHARED=ON" + "-DHIGH_BIT_DEPTH=OFF" + "-DENABLE_HDR10_PLUS=OFF" + "-DEXTRA_LIB=${libx265-10}/lib/libx265.a;${libx265-12}/lib/libx265.a" + "-DLINKED_10BIT=ON" + "-DLINKED_12BIT=ON" (mkFlag cliSupport "ENABLE_CLI") - (mkFlag unittestsSupport "ENABLE_TESTS") - ]; + ] ++ cmakeFlagsAll; preConfigure = '' cd source diff --git a/pkgs/development/python-modules/numpy/default.nix b/pkgs/development/python-modules/numpy/default.nix index 4501eafe7bd..98ba0b5c688 100644 --- a/pkgs/development/python-modules/numpy/default.nix +++ b/pkgs/development/python-modules/numpy/default.nix @@ -3,6 +3,7 @@ , python , buildPythonPackage , gfortran +, hypothesis , pytest , blas , lapack @@ -67,6 +68,8 @@ in buildPythonPackage rec { doCheck = !isPyPy; # numpy 1.16+ hits a bug in pypy's ctypes, using either numpy or pypy HEAD fixes this (https://github.com/numpy/numpy/issues/13807) + checkInputs = [ hypothesis ]; + checkPhase = '' runHook preCheck pushd dist diff --git a/pkgs/development/tools/build-managers/cmake/default.nix b/pkgs/development/tools/build-managers/cmake/default.nix index 0b296f023ad..be9645453e3 100644 --- a/pkgs/development/tools/build-managers/cmake/default.nix +++ b/pkgs/development/tools/build-managers/cmake/default.nix @@ -1,4 +1,4 @@ -{ stdenv, lib, fetchurl, pkgconfig +{ stdenv, lib, fetchurl, pkgconfig, fetchpatch , bzip2, curl, expat, libarchive, xz, zlib, libuv, rhash , buildPackages # darwin attributes @@ -19,12 +19,12 @@ stdenv.mkDerivation rec { + lib.optionalString useNcurses "-cursesUI" + lib.optionalString withQt5 "-qt5UI" + lib.optionalString useQt4 "-qt4UI"; - version = "3.18.0"; + version = "3.18.1"; src = fetchurl { url = "${meta.homepage}files/v${lib.versions.majorMinor version}/cmake-${version}.tar.gz"; # compare with https://cmake.org/files/v${lib.versions.majorMinor version}/cmake-${version}-SHA-256.txt - sha256 = "0aby67jn3i0rqhj6cvpm0f7idw3dl7jayaqxa9hkk9w2jk5zzd43"; + sha256 = "0215srmc9l7ygwdpfms8yx0wbd96qgz2d58ykmdiarvysf5k7qy0"; }; patches = [ @@ -37,6 +37,12 @@ stdenv.mkDerivation rec { # Derived from https://github.com/libuv/libuv/commit/1a5d4f08238dd532c3718e210078de1186a5920d ./libuv-application-services.patch + # TODO: Remove this patch for a regression once CMake 3.18.2 is out: + (fetchpatch { # PCH: Avoid Apple-specific architecture flags on other platforms + url = "https://gitlab.kitware.com/cmake/cmake/-/commit/70ce1ad64a04a244bb1c03753da0752c61fc3a37.patch"; + sha256 = "0jcdgv48j0dd4nlhyy3j0s3h6bcbrq2yg1mdhpgfqrb2y3p91fky"; + }) + ] ++ lib.optional stdenv.isCygwin ./3.2.2-cygwin.patch; outputs = [ "out" ]; diff --git a/pkgs/development/tools/build-managers/cmake/setup-hook.sh b/pkgs/development/tools/build-managers/cmake/setup-hook.sh index 73f24a9a205..6ae560c5645 100755 --- a/pkgs/development/tools/build-managers/cmake/setup-hook.sh +++ b/pkgs/development/tools/build-managers/cmake/setup-hook.sh @@ -77,7 +77,7 @@ cmakeConfigurePhase() { fi # The argument sometimes contains garbage or variable interpolation. # When that is the case, let’s fall back to the derivation name. - if [[ -z "$shareDocName" ]] || echo "$shareDocName" | grep -q '[^a-zA-Z0-9_-+]'; then + if [[ -z "$shareDocName" ]] || echo "$shareDocName" | grep -q '[^a-zA-Z0-9_+-]'; then if [[ -n "${pname-}" ]]; then shareDocName="$pname" else diff --git a/pkgs/development/tools/documentation/doxygen/default.nix b/pkgs/development/tools/documentation/doxygen/default.nix index a8e5f179916..772b654df93 100644 --- a/pkgs/development/tools/documentation/doxygen/default.nix +++ b/pkgs/development/tools/documentation/doxygen/default.nix @@ -2,14 +2,14 @@ stdenv.mkDerivation rec { - name = "doxygen-1.8.18"; + name = "doxygen-1.8.19"; src = fetchurl { urls = [ "mirror://sourceforge/doxygen/${name}.src.tar.gz" # faster, with https, etc. "http://doxygen.nl/files/${name}.src.tar.gz" ]; - sha256 = "0mh6s1ri1fs5yb27m0avnjsbcxpchgb9aaprq4bd3lj6vjg3s5qq"; + sha256 = "1lvqfw2yzba588c5ggl8yhw7aw4xkk44mrghsd9yqlajc48x25dc"; }; nativeBuildInputs = [ diff --git a/pkgs/development/tools/parsing/bison/default.nix b/pkgs/development/tools/parsing/bison/default.nix index 357c8ea17cf..ca422f931da 100644 --- a/pkgs/development/tools/parsing/bison/default.nix +++ b/pkgs/development/tools/parsing/bison/default.nix @@ -7,11 +7,11 @@ stdenv.mkDerivation rec { pname = "bison"; - version = "3.6.4"; + version = "3.7.1"; src = fetchurl { url = "mirror://gnu/${pname}/${pname}-${version}.tar.gz"; - sha256 = "1s8kmfhg7a58vm65fc977ckp8zspy8diayrcjhs3cgrqnmjdx0w1"; + sha256 = "04vx6sah3bnr3a5n9knw306sb3y41pjfl7k9ihbsimghkj1m5n8x"; }; nativeBuildInputs = [ m4 perl ] ++ stdenv.lib.optional stdenv.isSunOS help2man; diff --git a/pkgs/os-specific/linux/iproute/default.nix b/pkgs/os-specific/linux/iproute/default.nix index 3ac79464ac4..a9fcf455ee4 100644 --- a/pkgs/os-specific/linux/iproute/default.nix +++ b/pkgs/os-specific/linux/iproute/default.nix @@ -5,16 +5,19 @@ stdenv.mkDerivation rec { pname = "iproute2"; - version = "5.7.0"; + version = "5.8.0"; src = fetchurl { url = "mirror://kernel/linux/utils/net/${pname}/${pname}-${version}.tar.xz"; - sha256 = "088gs56iqhdlpw1iqjwrss4zxd4zbl2wl8s2implrrdajjxcfpbj"; + sha256 = "0vk4vickrpahdhl3zazr2qn2bf99v5549ncirjpwiy4h0a4izkfg"; }; preConfigure = '' # Don't try to create /var/lib/arpd: sed -e '/ARPDDIR/d' -i Makefile + # TODO: Drop temporary version fix for 5.8 (53159d81) once 5.9 is out: + substituteInPlace include/version.h \ + --replace "v5.7.0-77-gb687d1067169" "5.8.0" ''; outputs = [ "out" "dev" ]; diff --git a/pkgs/os-specific/linux/kernel/linux-5.8.nix b/pkgs/os-specific/linux/kernel/linux-5.8.nix new file mode 100644 index 00000000000..a7b929740d2 --- /dev/null +++ b/pkgs/os-specific/linux/kernel/linux-5.8.nix @@ -0,0 +1,18 @@ +{ stdenv, buildPackages, fetchurl, perl, buildLinux, modDirVersionArg ? null, ... } @ args: + +with stdenv.lib; + +buildLinux (args // rec { + version = "5.8"; + + # modDirVersion needs to be x.y.z, will automatically add .0 if needed + modDirVersion = if (modDirVersionArg == null) then concatStringsSep "." (take 3 (splitVersion "${version}.0")) else modDirVersionArg; + + # branchVersion needs to be x.y + extraMeta.branch = versions.majorMinor version; + + src = fetchurl { + url = "mirror://kernel/linux/kernel/v5.x/linux-${version}.tar.xz"; + sha256 = "1xgibkwb1yfl6qdlbxyagai0qc1pk5ark7giz1512hh6ma353xz7"; + }; +} // (args.argsOverride or {})) diff --git a/pkgs/os-specific/linux/systemd/cryptsetup-generator.nix b/pkgs/os-specific/linux/systemd/cryptsetup-generator.nix deleted file mode 100644 index 3fd8ff07f42..00000000000 --- a/pkgs/os-specific/linux/systemd/cryptsetup-generator.nix +++ /dev/null @@ -1,34 +0,0 @@ -{ systemd, cryptsetup }: - -systemd.overrideAttrs (p: { - version = p.version; - name = "systemd-cryptsetup-generator-${p.version}"; - - buildInputs = p.buildInputs ++ [ cryptsetup ]; - outputs = [ "out" ]; - - buildPhase = '' - ninja systemd-cryptsetup systemd-cryptsetup-generator - ''; - - # As ninja install is not used here, the rpath needs to be manually fixed. - # Otherwise the resulting binary doesn't properly link against systemd-shared.so - postFixup = '' - for prog in `find $out -type f -executable`; do - (patchelf --print-needed $prog | grep 'libsystemd-shared-.*\.so' > /dev/null) && ( - patchelf --set-rpath `patchelf --print-rpath $prog`:"$out/lib/systemd" $prog - ) || true - done - # test it's OK - "$out"/lib/systemd/systemd-cryptsetup - ''; - - installPhase = '' - mkdir -p $out/lib/systemd/ - cp systemd-cryptsetup $out/lib/systemd/systemd-cryptsetup - cp src/shared/*.so $out/lib/systemd/ - - mkdir -p $out/lib/systemd/system-generators/ - cp systemd-cryptsetup-generator $out/lib/systemd/system-generators/systemd-cryptsetup-generator - ''; -}) diff --git a/pkgs/os-specific/linux/systemd/default.nix b/pkgs/os-specific/linux/systemd/default.nix index a76156a985c..c0163dcafe6 100644 --- a/pkgs/os-specific/linux/systemd/default.nix +++ b/pkgs/os-specific/linux/systemd/default.nix @@ -1,5 +1,5 @@ -{ stdenv, lib, fetchFromGitHub, fetchpatch, pkgconfig, intltool, gperf, libcap -, curl, kmod, gnupg, gnutar, xz, pam, acl, libuuid, m4, utillinux, libffi +{ stdenv, lib, fetchFromGitHub, pkgconfig, intltool, gperf, libcap +, curl, kmod, gnupg, gnutar, xz, pam, acl, libuuid, m4, e2fsprogs, utillinux, libffi , glib, kbd, libxslt, coreutils, libgcrypt, libgpgerror, libidn2, libapparmor , audit, lz4, bzip2, pcre2 , linuxHeaders ? stdenv.cc.libc.linuxHeaders @@ -9,6 +9,7 @@ , patchelf , substituteAll , getent +, cryptsetup, lvm2 , buildPackages , perl , withSelinux ? false, libselinux @@ -30,8 +31,9 @@ let gnupg-minimal = gnupg.override { zlib = null; bzip2 = null; }; + in stdenv.mkDerivation { - version = "245.6"; + version = "245.7"; pname = "systemd"; # When updating, use https://github.com/systemd/systemd-stable tree, not the development one! @@ -39,8 +41,8 @@ in stdenv.mkDerivation { src = fetchFromGitHub { owner = "systemd"; repo = "systemd-stable"; - rev = "aa0cb635f1f6a4d9b50ed2cca7782f3f751be933"; - sha256 = "191f0r1g946bsqxky00z78wygsxi9pld11y2q4374bshnpsff2ll"; + rev = "1e6233ed07f7af08550fffa7a885cac1ac67a2c3"; + sha256 = "1hd5kc3mm7mg4i7hhi82wg4cpg4fpi2k6hzjq9sv07pkn2lw390w"; }; patches = [ @@ -89,7 +91,7 @@ in stdenv.mkDerivation { ]; buildInputs = [ linuxHeaders libcap curl.dev kmod xz pam acl - /* cryptsetup */ libuuid glib libgcrypt libgpgerror libidn2 + cryptsetup libuuid glib libgcrypt libgpgerror libidn2 pcre2 ] ++ stdenv.lib.optional withKexectools kexectools ++ stdenv.lib.optional withLibseccomp libseccomp ++ @@ -176,12 +178,28 @@ in stdenv.mkDerivation { export LC_ALL="en_US.UTF-8"; # FIXME: patch this in systemd properly (and send upstream). # already fixed in f00929ad622c978f8ad83590a15a765b4beecac9: (u)mount - for i in src/remount-fs/remount-fs.c src/core/mount.c src/core/swap.c src/fsck/fsck.c units/emergency.service.in units/rescue.service.in src/journal/cat.c src/shutdown/shutdown.c src/nspawn/nspawn.c src/shared/generator.c units/systemd-logind.service.in units/systemd-nspawn@.service.in; do + for i in \ + src/core/mount.c \ + src/core/swap.c \ + src/cryptsetup/cryptsetup-generator.c \ + src/fsck/fsck.c \ + src/journal/cat.c \ + src/nspawn/nspawn.c \ + src/remount-fs/remount-fs.c \ + src/shared/generator.c \ + src/shutdown/shutdown.c \ + units/emergency.service.in \ + units/rescue.service.in \ + units/systemd-logind.service.in \ + units/systemd-nspawn@.service.in; \ + do test -e $i substituteInPlace $i \ --replace /usr/bin/getent ${getent}/bin/getent \ + --replace /sbin/mkswap ${lib.getBin utillinux}/sbin/mkswap \ --replace /sbin/swapon ${lib.getBin utillinux}/sbin/swapon \ --replace /sbin/swapoff ${lib.getBin utillinux}/sbin/swapoff \ + --replace /sbin/mke2fs ${lib.getBin e2fsprogs}/sbin/mke2fs \ --replace /sbin/fsck ${lib.getBin utillinux}/sbin/fsck \ --replace /bin/echo ${coreutils}/bin/echo \ --replace /bin/cat ${coreutils}/bin/cat \ diff --git a/pkgs/servers/sql/postgresql/default.nix b/pkgs/servers/sql/postgresql/default.nix index 2b440f78e99..e759a62c2eb 100644 --- a/pkgs/servers/sql/postgresql/default.nix +++ b/pkgs/servers/sql/postgresql/default.nix @@ -182,41 +182,41 @@ let in self: { postgresql_9_5 = self.callPackage generic { - version = "9.5.22"; + version = "9.5.23"; psqlSchema = "9.5"; - sha256 = "03v4d4nr9f86y0i1j5jmvfan5w8y4ga1mar59lhcnj3jl5q58ma8"; + sha256 = "0rl31jc3kg2wq6hazyd297gnmx3cibjvivllbsivii2m6dzgl573"; this = self.postgresql_9_5; inherit self; }; postgresql_9_6 = self.callPackage generic { - version = "9.6.18"; + version = "9.6.19"; psqlSchema = "9.6"; - sha256 = "16crr2a1sl97aiacqzd0bk56yl1abq6blc0c6qpx5rl5ny1c4zji"; + sha256 = "1c2wnl5bbpjs1s1rpzvlnzsqlpb0p823zw7s38nhpgnxrja3myb1"; this = self.postgresql_9_6; inherit self; }; postgresql_10 = self.callPackage generic { - version = "10.13"; + version = "10.14"; psqlSchema = "10.0"; # should be 10, but changing it is invasive - sha256 = "1qal0yp7a90yzya7hl56gsmw5fvacplrdhpn7h9gnbyr1i2iyw2d"; + sha256 = "0fxj30jvwq5pqpbj97vhlxgmn2ah59a78s9jyjr7vxyqj7sdh71q"; this = self.postgresql_10; inherit self; }; postgresql_11 = self.callPackage generic { - version = "11.8"; + version = "11.9"; psqlSchema = "11.1"; # should be 11, but changing it is invasive - sha256 = "1qksqyayxmnccmbapg3ajsw9pjgqva0inxjhx64rqd6ckhrg9wpa"; + sha256 = "0db6pfphc5rp12abnkvv2l9pbl7bdyf3hhiwj8ghjwh35skqlq9m"; this = self.postgresql_11; inherit self; }; postgresql_12 = self.callPackage generic { - version = "12.3"; + version = "12.4"; psqlSchema = "12"; - sha256 = "0hfg3n7rlz96579cj3z1dh2idl15rh3wfvn8jl31jj4h2yk69vcl"; + sha256 = "1k06wryy8p4s1fim9qafcjlak3f58l0wqaqnrccr9x9j5jz3zsdy"; this = self.postgresql_12; inherit self; }; diff --git a/pkgs/tools/compression/zstd/default.nix b/pkgs/tools/compression/zstd/default.nix index 9c9f91f9c19..8ce434741a5 100644 --- a/pkgs/tools/compression/zstd/default.nix +++ b/pkgs/tools/compression/zstd/default.nix @@ -1,4 +1,4 @@ -{ stdenv, fetchFromGitHub, fetchpatch, cmake, gnugrep +{ stdenv, fetchFromGitHub, fetchpatch, cmake, bash, gnugrep , fixDarwinDylibNames , file , legacySupport ? false @@ -18,6 +18,7 @@ stdenv.mkDerivation rec { nativeBuildInputs = [ cmake ] ++ stdenv.lib.optional stdenv.isDarwin fixDarwinDylibNames; + buildInputs = [ bash ]; patches = [ ./playtests-darwin.patch @@ -29,11 +30,7 @@ stdenv.mkDerivation rec { # work fine, and I'm not sure how to write the condition. ++ stdenv.lib.optional stdenv.hostPlatform.isWindows ./mcfgthreads-no-pthread.patch; - postPatch = - # Patch shebangs for playTests - '' - patchShebangs programs/zstdgrep - '' + stdenv.lib.optionalString (!static) '' + postPatch = stdenv.lib.optionalString (!static) '' substituteInPlace build/cmake/CMakeLists.txt \ --replace 'message(SEND_ERROR "You need to build static library to build tests")' "" substituteInPlace build/cmake/tests/CMakeLists.txt \ @@ -60,6 +57,8 @@ stdenv.mkDerivation rec { doCheck = true; checkPhase = '' runHook preCheck + # Patch shebangs for playTests + patchShebangs ../programs/zstdgrep ctest -R playTests # The only relatively fast test. runHook postCheck ''; diff --git a/pkgs/tools/networking/radsecproxy/default.nix b/pkgs/tools/networking/radsecproxy/default.nix index ab5ff481ec7..e2a0c900c52 100644 --- a/pkgs/tools/networking/radsecproxy/default.nix +++ b/pkgs/tools/networking/radsecproxy/default.nix @@ -2,13 +2,13 @@ stdenv.mkDerivation rec { pname = "radsecproxy"; - version = "1.8.1"; + version = "1.8.2"; src = fetchFromGitHub { owner = pname; repo = pname; rev = version; - sha256 = "12pvwd7v3iswki3riycxaiiqxingg4bqnkwc5ay3j4n2kzynr1qg"; + sha256 = "1g7q128cip1dac9jad58rd96afx4xz7x7vsiv0af8iyq2ivqvs2m"; }; nativeBuildInputs = [ autoreconfHook ]; diff --git a/pkgs/tools/security/gnupg/22.nix b/pkgs/tools/security/gnupg/22.nix index 7c095cffa31..3a99c8eb3f2 100644 --- a/pkgs/tools/security/gnupg/22.nix +++ b/pkgs/tools/security/gnupg/22.nix @@ -16,11 +16,11 @@ assert guiSupport -> pinentry != null && enableMinimal == false; stdenv.mkDerivation rec { pname = "gnupg"; - version = "2.2.20"; + version = "2.2.21"; src = fetchurl { url = "mirror://gnupg/gnupg/${pname}-${version}.tar.bz2"; - sha256 = "0c6a4v9p6qzhsw1pfcwc459bxpc8hma0w9z8iqb9khvligack9q4"; + sha256 = "1v3nirp9m7yxjkkcdixibckl379pdyr3mdx8b1k379szzdw35s31"; }; depsBuildBuild = [ buildPackages.stdenv.cc ]; @@ -38,8 +38,10 @@ stdenv.mkDerivation rec { ./accept-subkeys-with-a-good-revocation-but-no-self-sig.patch ]; postPatch = '' - sed -i 's,hkps://hkps.pool.sks-keyservers.net,hkps://keys.openpgp.org,g' \ - configure doc/dirmngr.texi doc/gnupg.info-1 + sed -i 's,hkps://hkps.pool.sks-keyservers.net,hkps://keys.openpgp.org,g' configure doc/dirmngr.texi doc/gnupg.info-1 + # Fix broken SOURCE_DATE_EPOCH usage - remove on the next upstream update + sed -i 's/$SOURCE_DATE_EPOCH/''${SOURCE_DATE_EPOCH}/' doc/Makefile.am + sed -i 's/$SOURCE_DATE_EPOCH/''${SOURCE_DATE_EPOCH}/' doc/Makefile.in '' + stdenv.lib.optionalString ( stdenv.isLinux && pcsclite != null) '' sed -i 's,"libpcsclite\.so[^"]*","${stdenv.lib.getLib pcsclite}/lib/libpcsclite.so",g' scd/scdaemon.c ''; #" fix Emacs syntax highlighting :-( diff --git a/pkgs/tools/security/rhash/default.nix b/pkgs/tools/security/rhash/default.nix index 863b03a117c..394dd89484f 100644 --- a/pkgs/tools/security/rhash/default.nix +++ b/pkgs/tools/security/rhash/default.nix @@ -1,14 +1,14 @@ { stdenv, fetchFromGitHub, which }: stdenv.mkDerivation rec { - version = "1.3.9"; + version = "1.4.0"; pname = "rhash"; src = fetchFromGitHub { owner = "rhash"; repo = "RHash"; rev = "v${version}"; - sha256 = "06i49x1l21h2q7pfnf4crbmjyg8b9ad0qs10ywyyn5sjpi0c21wq"; + sha256 = "18zgr1bjzz8v6rckz2q2hx9f2ssbv8qfwclzpbyjaz0c1c9lqqar"; }; nativeBuildInputs = [ which ]; diff --git a/pkgs/top-level/aliases.nix b/pkgs/top-level/aliases.nix index cdfc97f2652..54c8948f4a5 100644 --- a/pkgs/top-level/aliases.nix +++ b/pkgs/top-level/aliases.nix @@ -562,6 +562,7 @@ mapAliases ({ sup = throw "deprecated in 2019-09-10: abandoned by upstream"; swfdec = throw "swfdec has been removed as broken and unmaintained."; # added 2020-08-23 system_config_printer = system-config-printer; # added 2016-01-03 + systemd-cryptsetup-generator = throw "systemd-cryptsetup-generator is now included in the systemd package"; # added 2020-07-12 systemd_with_lvm2 = throw "obsolete, enabled by default via the lvm module"; # added 2020-07-12 systool = sysfsutils; # added 2018-04-25 tahoelafs = tahoe-lafs; # added 2018-03-26 diff --git a/pkgs/top-level/all-packages.nix b/pkgs/top-level/all-packages.nix index f6e18db7c0f..7f2704a0fc6 100644 --- a/pkgs/top-level/all-packages.nix +++ b/pkgs/top-level/all-packages.nix @@ -17159,7 +17159,11 @@ in criu = callPackage ../os-specific/linux/criu { }; - cryptsetup = callPackage ../os-specific/linux/cryptsetup { }; + cryptsetup = callPackage ../os-specific/linux/cryptsetup { + # cryptsetup only really needs the devmapper component of cryptsetup + # but itself is used as a library in systemd (=udev) + lvm2 = lvm2.override { udev = null; }; + }; cramfsprogs = callPackage ../os-specific/linux/cramfsprogs { }; @@ -17504,6 +17508,14 @@ in ]; }; + linux_5_8 = callPackage ../os-specific/linux/kernel/linux-5.8.nix { + kernelPatches = [ + kernelPatches.bridge_stp_helper + kernelPatches.request_key_helper + kernelPatches.export_kernel_fpu_functions."5.3" + ]; + }; + linux_testing = callPackage ../os-specific/linux/kernel/linux-testing.nix { kernelPatches = [ kernelPatches.bridge_stp_helper @@ -17729,7 +17741,7 @@ in # Update this when adding the newest kernel major version! # And update linux_latest_for_hardened below if the patches are already available - linuxPackages_latest = linuxPackages_5_7; + linuxPackages_latest = linuxPackages_5_8; linux_latest = linuxPackages_latest.kernel; # Build the kernel modules for the some of the kernels. @@ -17744,6 +17756,7 @@ in linuxPackages_4_19 = recurseIntoAttrs (linuxPackagesFor pkgs.linux_4_19); linuxPackages_5_4 = recurseIntoAttrs (linuxPackagesFor pkgs.linux_5_4); linuxPackages_5_7 = recurseIntoAttrs (linuxPackagesFor pkgs.linux_5_7); + linuxPackages_5_8 = recurseIntoAttrs (linuxPackagesFor pkgs.linux_5_8); # When adding to this list: # - Update linuxPackages_latest to the latest version @@ -18236,9 +18249,6 @@ in }; udev = systemd; # TODO: move to aliases.nix - # standalone cryptsetup generator for systemd - systemd-cryptsetup-generator = callPackage ../os-specific/linux/systemd/cryptsetup-generator.nix { }; - systemd-wait = callPackage ../os-specific/linux/systemd-wait { }; sysvinit = callPackage ../os-specific/linux/sysvinit { }; |