diff --git a/maintainers/maintainer-list.nix b/maintainers/maintainer-list.nix index 09c65a77fde0..35ccd0b1d983 100644 --- a/maintainers/maintainer-list.nix +++ b/maintainers/maintainer-list.nix @@ -11321,10 +11321,14 @@ name = "Jos van den Oever"; }; vanilla = { - email = "neko@hydev.org"; + email = "osu_vanilla@126.com"; github = "VergeDX"; githubId = 25173827; name = "Vanilla"; + keys = [{ + longkeyid = "rsa4096/0x4DFA2BDD7305E739"; + fingerprint = "5C16 5178 7DE2 EE5A AF98 3EA3 4DFA 2BDD 7305 E739"; + }]; }; vanschelven = { email = "klaas@vanschelven.com"; diff --git a/pkgs/applications/networking/syncthing/default.nix b/pkgs/applications/networking/syncthing/default.nix index a0ab6304e34a..4b1150159a4e 100644 --- a/pkgs/applications/networking/syncthing/default.nix +++ b/pkgs/applications/networking/syncthing/default.nix @@ -4,16 +4,16 @@ let common = { stname, target, postInstall ? "" }: buildGoModule rec { pname = stname; - version = "1.18.1"; + version = "1.18.2"; src = fetchFromGitHub { owner = "syncthing"; repo = "syncthing"; rev = "v${version}"; - sha256 = "1sm4d0pjgk0spz9pddqb3i8hli10pibd5xs18mhcwrhnxj2xky1y"; + sha256 = "1r5vd501p3ydi6rr2k4cqdl3pixdr79lfwpnc90xmd1i6mlyxrma"; }; - vendorSha256 = "1qqpxm4s1s2yp1zmi4m25y1a6r7kxc5rmvfsg50jmqsfnwligpz6"; + vendorSha256 = "1v8hdr2na7bndx6q1kk0dkg1v9149gbhxcva1wq075xjl0kw21ip"; doCheck = false; diff --git a/pkgs/applications/version-management/blackbox/default.nix b/pkgs/applications/version-management/blackbox/default.nix index 5c802d8a300a..06a941de7b46 100644 --- a/pkgs/applications/version-management/blackbox/default.nix +++ b/pkgs/applications/version-management/blackbox/default.nix @@ -24,7 +24,8 @@ stdenv.mkDerivation rec { buildInputs = [ gnupg ]; - doCheck = true; + # https://github.com/NixOS/nixpkgs/issues/134445 + doCheck = !stdenv.isDarwin && stdenv.isx86_64; checkInputs = [ expect diff --git a/pkgs/applications/video/obs-studio/default.nix b/pkgs/applications/video/obs-studio/default.nix index 82040203c4f3..1d226ec8fe26 100644 --- a/pkgs/applications/video/obs-studio/default.nix +++ b/pkgs/applications/video/obs-studio/default.nix @@ -46,13 +46,13 @@ let in mkDerivation rec { pname = "obs-studio"; - version = "27.0.0"; + version = "27.0.1"; src = fetchFromGitHub { owner = "obsproject"; repo = "obs-studio"; rev = version; - sha256 = "1n71705b9lbdff3svkmgwmbhlhhxvi8ajxqb74lm07v56a5bvi6p"; + sha256 = "04fzsr9yizmxy0r7z2706crvnsnybpnv5kgfn77znknxxjacfhkn"; fetchSubmodules = true; }; diff --git a/pkgs/development/compilers/zig/default.nix b/pkgs/development/compilers/zig/default.nix index 60ca574f1ccb..385b68a79291 100644 --- a/pkgs/development/compilers/zig/default.nix +++ b/pkgs/development/compilers/zig/default.nix @@ -11,13 +11,13 @@ let in stdenv.mkDerivation rec { pname = "zig"; - version = "0.8.0"; + version = "0.8.1"; src = fetchFromGitHub { owner = "ziglang"; repo = pname; rev = version; - hash = "sha256-bILjcKX8jPl2n1HRYvYRb7jJkobwqmSJ+hHXSn9n2ag="; + hash = "sha256-zMSOH8ZWcvzHRwOgGIbLO9Q6jf1P5QL5KCMD+frp+JA="; }; nativeBuildInputs = [ @@ -51,8 +51,7 @@ stdenv.mkDerivation rec { license = licenses.mit; maintainers = with maintainers; [ andrewrk AndersonTorres ]; platforms = platforms.unix; - # See https://github.com/NixOS/nixpkgs/issues/86299 - broken = stdenv.isDarwin; + broken = stdenv.isDarwin; # See https://github.com/NixOS/nixpkgs/issues/86299 }; } diff --git a/pkgs/development/libraries/botan/2.0.nix b/pkgs/development/libraries/botan/2.0.nix index a486ba498205..113c4a27b919 100644 --- a/pkgs/development/libraries/botan/2.0.nix +++ b/pkgs/development/libraries/botan/2.0.nix @@ -1,10 +1,19 @@ -{ callPackage, ... } @ args: +{ callPackage, fetchpatch, ... } @ args: callPackage ./generic.nix (args // { baseVersion = "2.18"; - revision = "0"; - sha256 = "09z3fy31q1pvnvpy4fswrsl2aq8ksl94lbh5rl7b6nqc3qp8ar6c"; + revision = "1"; + sha256 = "0adf53drhk1hlpfih0175c9081bqpclw6p2afn51cmx849ib9izq"; postPatch = '' sed -e 's@lang_flags "@&--std=c++11 @' -i src/build-data/cc/{gcc,clang}.txt ''; + extraPatches = [ + (fetchpatch { + name = "CVE-2021-40529.patch"; + url = "https://github.com/randombit/botan/commit/9a23e4e3bc3966340531f2ff608fa9d33b5185a2.patch"; + sha256 = "1ax1n2l9zh0hk35vkkywgkhzpdk76xb9apz2wm3h9kjvjs9acr3y"; + # our source tarball doesn't include the tests + excludes = [ "src/tests/*" ]; + }) + ]; }) diff --git a/pkgs/development/libraries/botan/default.nix b/pkgs/development/libraries/botan/default.nix index c494fa25f771..d6ee9ff152f4 100644 --- a/pkgs/development/libraries/botan/default.nix +++ b/pkgs/development/libraries/botan/default.nix @@ -10,6 +10,7 @@ callPackage ./generic.nix (args // { sed -e 's@lang_flags "@&--std=c++11 @' -i src/build-data/cc/{gcc,clang}.txt ''; knownVulnerabilities = [ + "CVE-2021-40529" # https://botan.randombit.net/security.html#id1 "2020-03-24: Side channel during CBC padding" ]; diff --git a/pkgs/development/libraries/botan/generic.nix b/pkgs/development/libraries/botan/generic.nix index 3313b8c4fcd1..1384bdee9add 100644 --- a/pkgs/development/libraries/botan/generic.nix +++ b/pkgs/development/libraries/botan/generic.nix @@ -3,6 +3,7 @@ , baseVersion, revision, sha256 , sourceExtension ? "tar.xz" , extraConfigureFlags ? "" +, extraPatches ? [ ] , postPatch ? null , knownVulnerabilities ? [ ] , CoreServices @@ -22,6 +23,7 @@ stdenv.mkDerivation rec { ]; inherit sha256; }; + patches = extraPatches; inherit postPatch; buildInputs = [ python3 bzip2 zlib gmp openssl boost ] diff --git a/pkgs/development/libraries/grpc/default.nix b/pkgs/development/libraries/grpc/default.nix index f015773e2041..72c584d0fd47 100644 --- a/pkgs/development/libraries/grpc/default.nix +++ b/pkgs/development/libraries/grpc/default.nix @@ -17,13 +17,13 @@ stdenv.mkDerivation rec { pname = "grpc"; - version = "1.39.1"; # N.B: if you change this, change pythonPackages.grpcio-tools to a matching version too + version = "1.40.0"; # N.B: if you change this, change pythonPackages.grpcio-tools to a matching version too src = fetchFromGitHub { owner = "grpc"; repo = "grpc"; rev = "v${version}"; - sha256 = "1yrr04g6faphh4hwzryqrwzgcr0hqqh05x9mc3vhpzmdkrrbz4zn"; + sha256 = "08l2dyf3g3zrffy60ycid6jngvhfaghg792yrkfjcpcif5dqfd9f"; fetchSubmodules = true; }; diff --git a/pkgs/development/libraries/libspng/default.nix b/pkgs/development/libraries/libspng/default.nix new file mode 100644 index 000000000000..798a99371804 --- /dev/null +++ b/pkgs/development/libraries/libspng/default.nix @@ -0,0 +1,56 @@ +{ lib +, fetchFromGitHub +, stdenv +, zlib +, ninja +, meson +, pkg-config +, cmake +, libpng +}: + +stdenv.mkDerivation rec { + pname = "libspng"; + version = "0.7.0-rc3"; + + src = fetchFromGitHub { + owner = "randy408"; + repo = pname; + rev = "v${version}"; + sha256 = "0n91mr06sr34cqq91738251iaw21h5c4jgjpn0kqfx69ywxcl9fj"; + }; + + doCheck = true; + + mesonBuildType = "release"; + + mesonFlags = [ + # this is required to enable testing + # https://github.com/randy408/libspng/blob/bc383951e9a6e04dbc0766f6737e873e0eedb40b/tests/README.md#testing + "-Ddev_build=true" + ]; + + outputs = [ "out" "dev" ]; + + checkInputs = [ + cmake + libpng + ]; + + buildInputs = [ + pkg-config + zlib + ]; + + nativeBuildInputs = [ + ninja + meson + ]; + + meta = with lib; { + description = "Simple, modern libpng alternative"; + homepage = "https://github.com/randy408/libspng"; + license = with licenses; [ bsd2 ]; + maintainers = with maintainers; [ humancalico ]; + }; +} diff --git a/pkgs/development/python-modules/grpcio-tools/default.nix b/pkgs/development/python-modules/grpcio-tools/default.nix index 0e095126676d..eb27a5596bc2 100644 --- a/pkgs/development/python-modules/grpcio-tools/default.nix +++ b/pkgs/development/python-modules/grpcio-tools/default.nix @@ -2,11 +2,11 @@ buildPythonPackage rec { pname = "grpcio-tools"; - version = "1.39.0"; + version = "1.40.0"; src = fetchPypi { inherit pname version; - sha256 = "39dfe7415bc0d3860fdb8dd90607594b046b88b57dbe64284efa4820f951c805"; + sha256 = "d440f2bc089ff628618c536904d5bc39d0b44f7afdda4c4c1ecd15fcf385bfba"; }; outputs = [ "out" "dev" ]; diff --git a/pkgs/development/tools/htmlq/default.nix b/pkgs/development/tools/htmlq/default.nix new file mode 100644 index 000000000000..232b751c34b6 --- /dev/null +++ b/pkgs/development/tools/htmlq/default.nix @@ -0,0 +1,26 @@ +{ lib, stdenv, fetchFromGitHub, rustPlatform, Security }: + +rustPlatform.buildRustPackage rec { + pname = "htmlq"; + version = "0.2.0"; + + src = fetchFromGitHub { + owner = "mgdm"; + repo = "htmlq"; + rev = "v${version}"; + sha256 = "sha256-Q2zjrHKFWowx2yB1cdGxPnNnc8yQJz65HaX0yIqbHks="; + }; + + cargoSha256 = "sha256-pPtKPVSdEtEPmQPpNRJ4uyguDRAW0YvKgdUw5OAtbjA="; + + buildInputs = lib.optionals stdenv.isDarwin [ Security ]; + + doCheck = false; + + meta = with lib; { + description = "Like jq, but for HTML"; + homepage = "https://github.com/mgdm/htmlq"; + license = licenses.mit; + maintainers = with maintainers; [ siraben ]; + }; +} diff --git a/pkgs/development/tools/luaformatter/default.nix b/pkgs/development/tools/luaformatter/default.nix index 5fb82b0fb4c9..00d96a687a63 100644 --- a/pkgs/development/tools/luaformatter/default.nix +++ b/pkgs/development/tools/luaformatter/default.nix @@ -27,6 +27,7 @@ stdenv.mkDerivation rec { description = "Code formatter for Lua"; homepage = "https://github.com/Koihik/LuaFormatter"; license = licenses.asl20; + platforms = platforms.all; maintainers = with maintainers; [ figsoda SuperSandro2000 ]; mainProgram = "lua-format"; }; diff --git a/pkgs/development/web/nodejs/v16.nix b/pkgs/development/web/nodejs/v16.nix index 805e62be8d62..c2f1f02ee378 100644 --- a/pkgs/development/web/nodejs/v16.nix +++ b/pkgs/development/web/nodejs/v16.nix @@ -8,7 +8,7 @@ let in buildNodejs { inherit enableNpm; - version = "16.8.0"; - sha256 = "14k3njj382im3q4k6dhsxdk07gs81hw2k0nrixfvlw1964k04ydq"; + version = "16.9.0"; + sha256 = "0vv6igmnz4fkr4i8gczxxw2qgcvydkpy71w3lskah8zw1lh69rqs"; patches = [ ./disable-darwin-v8-system-instrumentation.patch ]; } diff --git a/pkgs/os-specific/linux/kernel/linux-libre.nix b/pkgs/os-specific/linux/kernel/linux-libre.nix index 3642dfe442d0..d9f8912416a5 100644 --- a/pkgs/os-specific/linux/kernel/linux-libre.nix +++ b/pkgs/os-specific/linux/kernel/linux-libre.nix @@ -1,8 +1,8 @@ { stdenv, lib, fetchsvn, linux , scripts ? fetchsvn { url = "https://www.fsfla.org/svn/fsfla/software/linux-libre/releases/branches/"; - rev = "18298"; - sha256 = "027fp6h7295cc9m5g46phqd6hixcnvihpfsyrnzvsxz6pkvjzpw4"; + rev = "18314"; + sha256 = "0fic073zafwdsw7i0j4z57a4aknk8kpgnbrxpbi181n5axdlm99k"; } , ... }: diff --git a/pkgs/servers/sql/postgresql/ext/pgvector.nix b/pkgs/servers/sql/postgresql/ext/pgvector.nix index 53dfee7d0326..2c67b65d7609 100644 --- a/pkgs/servers/sql/postgresql/ext/pgvector.nix +++ b/pkgs/servers/sql/postgresql/ext/pgvector.nix @@ -2,13 +2,13 @@ stdenv.mkDerivation rec { pname = "pgvector"; - version = "0.1.7"; + version = "0.1.8"; src = fetchFromGitHub { owner = "ankane"; repo = pname; rev = "v${version}"; - sha256 = "07m1nn640by5q22q2s1nlmjp14q5ffbyib28kjzlss0mq8acb439"; + sha256 = "0kq28k96y5r0k6nhz78c3frqzhf8d1af54dqbpayn7fgvdl0vlm2"; }; buildInputs = [ postgresql ]; diff --git a/pkgs/tools/misc/etcher/default.nix b/pkgs/tools/misc/etcher/default.nix index 6834179cfe9a..1e5fefaf6451 100644 --- a/pkgs/tools/misc/etcher/default.nix +++ b/pkgs/tools/misc/etcher/default.nix @@ -10,7 +10,7 @@ let sha256 = { - "x86_64-linux" = "sha256-FRZTUOlOK1bIbrHdR9yQv45zMhby3tWbMPpaPPq3L9s="; + "x86_64-linux" = "sha256-Tasynkzyy8UIalQn6qhIuPWDflf4pL76D2czgEijrPw="; "i686-linux" = "0z6y45sz086njpywg7f0jn6n02qynb1qbi889g2kcgwbfjvmcpm1"; }."${stdenv.system}"; @@ -25,7 +25,7 @@ in stdenv.mkDerivation rec { pname = "etcher"; - version = "1.5.121"; + version = "1.5.122"; src = fetchurl { url = "https://github.com/balena-io/etcher/releases/download/v${version}/balena-etcher-electron_${version}_${arch}.deb"; diff --git a/pkgs/tools/virtualization/linode-cli/default.nix b/pkgs/tools/virtualization/linode-cli/default.nix index c815f6fcf6d5..e5f98df3f010 100644 --- a/pkgs/tools/virtualization/linode-cli/default.nix +++ b/pkgs/tools/virtualization/linode-cli/default.nix @@ -22,13 +22,13 @@ in buildPythonApplication rec { pname = "linode-cli"; - version = "5.8.1"; + version = "5.8.2"; src = fetchFromGitHub { owner = "linode"; repo = pname; rev = version; - sha256 = "19lfnwgm09gxk0mcikwl7v4hw2ai2k9lkdjlalz8fsswf81my7h6"; + sha256 = "sha256-JlWbhElgRDeFMjtPPy7Sk69SMlpQYfnZ3AjAfl2SRyI="; }; # remove need for git history diff --git a/pkgs/top-level/all-packages.nix b/pkgs/top-level/all-packages.nix index d63f6a48f489..b633ea970b18 100644 --- a/pkgs/top-level/all-packages.nix +++ b/pkgs/top-level/all-packages.nix @@ -5979,6 +5979,10 @@ with pkgs; html-proofer = callPackage ../tools/misc/html-proofer { }; + htmlq = callPackage ../development/tools/htmlq { + inherit (pkgs.darwin.apple_sdk.frameworks) Security; + }; + htpdate = callPackage ../tools/networking/htpdate { }; http-prompt = callPackage ../tools/networking/http-prompt { }; @@ -14184,7 +14188,7 @@ with pkgs; luaformatter = callPackage ../development/tools/luaformatter (lib.optionalAttrs stdenv.isDarwin { - stdenv = overrideCC stdenv llvmPackages_latest.clang; + stdenv = overrideCC stdenv llvmPackages_9.clang; }); malt = callPackage ../development/tools/profiling/malt {}; @@ -17433,6 +17437,8 @@ with pkgs; libspiro = callPackage ../development/libraries/libspiro {}; + libspng = callPackage ../development/libraries/libspng { }; + libssh = callPackage ../development/libraries/libssh { }; libssh2 = callPackage ../development/libraries/libssh2 { }; @@ -21284,6 +21290,9 @@ with pkgs; linuxPackages_5_10_hardened = linuxKernel.packages.linux_5_10_hardened; linux_5_10_hardened = linuxKernel.kernels.linux_5_10_hardened; + linuxPackages_5_13_hardened = recurseIntoAttrs (hardenedLinuxPackagesFor pkgs.linux_5_13 { }); + linux_5_13_hardened = linuxPackages_5_13_hardened.kernel; + # Hardkernel (Odroid) kernels. linuxPackages_hardkernel_latest = linuxKernel.packageAliases.linux_hardkernel_latest; linux_hardkernel_latest = linuxPackages_hardkernel_latest.kernel;