diff --git a/maintainers/maintainer-list.nix b/maintainers/maintainer-list.nix index 0f7e448b549a..0ae571f5cfa9 100644 --- a/maintainers/maintainer-list.nix +++ b/maintainers/maintainer-list.nix @@ -10507,6 +10507,13 @@ githubId = 4477729; name = "Sergey Mironov"; }; + smitop = { + name = "Smitty van Bodegom"; + email = "me@smitop.com"; + matrix = "@smitop:kde.org"; + github = "Smittyvb"; + githubId = 10530973; + }; sna = { email = "abouzahra.9@wright.edu"; github = "s-na"; diff --git a/pkgs/applications/networking/mailreaders/meli/default.nix b/pkgs/applications/networking/mailreaders/meli/default.nix index 354ab024c6d0..d0575b60653b 100644 --- a/pkgs/applications/networking/mailreaders/meli/default.nix +++ b/pkgs/applications/networking/mailreaders/meli/default.nix @@ -15,15 +15,15 @@ rustPlatform.buildRustPackage rec { pname = "meli"; - version = "alpha-0.7.1"; + version = "alpha-0.7.2"; src = fetchgit { url = "https://git.meli.delivery/meli/meli.git"; rev = version; - sha256 = "00iai2z5zydx9bw0ii0n6d7zwm5rrkj03b4ymic0ybwjahqzvyfq"; + sha256 = "sha256-cbigEJhX6vL+gHa40cxplmPsDhsqujkzQxe0Dr6+SK0="; }; - cargoSha256 = "1r54a51j91iv0ziasjygzw30vqqvqibcnwnkih5xv0ijbaly61n0"; + cargoSha256 = "sha256-ZE653OtXyZ9454bKPApmuL2kVko/hGBWEAya1L1KIoc="; cargoBuildFlags = lib.optional withNotmuch "--features=notmuch"; diff --git a/pkgs/development/compilers/tinycc/default.nix b/pkgs/development/compilers/tinycc/default.nix index bb08b113ad50..b46dee899a33 100644 --- a/pkgs/development/compilers/tinycc/default.nix +++ b/pkgs/development/compilers/tinycc/default.nix @@ -19,12 +19,15 @@ stdenv.mkDerivation rec { ''; configureFlags = [ - "--cc=cc" + "--cc=$CC" + "--ar=$AR" "--crtprefix=${lib.getLib stdenv.cc.libc}/lib" "--sysincludepaths=${lib.getDev stdenv.cc.libc}/include:{B}/include" "--libpaths=${lib.getLib stdenv.cc.libc}/lib" # build cross compilers "--enable-cross" + ] ++ lib.optionals stdenv.hostPlatform.isMusl [ + "--config-musl" ]; preConfigure = '' diff --git a/pkgs/development/libraries/libressl/CVE-2021-41581.patch b/pkgs/development/libraries/libressl/CVE-2021-41581.patch new file mode 100644 index 000000000000..244792567192 --- /dev/null +++ b/pkgs/development/libraries/libressl/CVE-2021-41581.patch @@ -0,0 +1,53 @@ +Based on upstream https://github.com/openbsd/src/commit/62ceddea5b1d64a1a362bbb7071d9e15adcde6b1 +with paths switched to apply to libressl-portable and CVS header +hunk removed. + +--- a/crypto/x509/x509_constraints.c ++++ b/crypto/x509/x509_constraints.c +@@ -339,16 +339,16 @@ + if (c == '.') + goto bad; + } +- if (wi > DOMAIN_PART_MAX_LEN) +- goto bad; + if (accept) { ++ if (wi >= DOMAIN_PART_MAX_LEN) ++ goto bad; + working[wi++] = c; + accept = 0; + continue; + } + if (candidate_local != NULL) { + /* We are looking for the domain part */ +- if (wi > DOMAIN_PART_MAX_LEN) ++ if (wi >= DOMAIN_PART_MAX_LEN) + goto bad; + working[wi++] = c; + if (i == len - 1) { +@@ -363,7 +363,7 @@ + continue; + } + /* We are looking for the local part */ +- if (wi > LOCAL_PART_MAX_LEN) ++ if (wi >= LOCAL_PART_MAX_LEN) + break; + + if (quoted) { +@@ -383,6 +383,8 @@ + */ + if (c == 9) + goto bad; ++ if (wi >= LOCAL_PART_MAX_LEN) ++ goto bad; + working[wi++] = c; + continue; /* all's good inside our quoted string */ + } +@@ -412,6 +414,8 @@ + } + if (!local_part_ok(c)) + goto bad; ++ if (wi >= LOCAL_PART_MAX_LEN) ++ goto bad; + working[wi++] = c; + } + if (candidate_local == NULL || candidate_domain == NULL) diff --git a/pkgs/development/libraries/libressl/default.nix b/pkgs/development/libraries/libressl/default.nix index fb362ebbad2f..d70672f63ac3 100644 --- a/pkgs/development/libraries/libressl/default.nix +++ b/pkgs/development/libraries/libressl/default.nix @@ -1,8 +1,16 @@ -{ stdenv, fetchurl, lib, cmake, cacert, fetchpatch +{ stdenv +, fetchurl +, lib +, cmake +, cacert +, fetchpatch , buildShared ? !stdenv.hostPlatform.isStatic }: let + ldLibPathEnvName = if stdenv.isDarwin + then "DYLD_LIBRARY_PATH" + else "LD_LIBRARY_PATH"; generic = { version, sha256, patches ? [] }: stdenv.mkDerivation rec { pname = "libressl"; @@ -42,6 +50,15 @@ let substituteInPlace ./tls/tls_config.c --replace '"/etc/ssl/cert.pem"' '"${cacert}/etc/ssl/certs/ca-bundle.crt"' ''; + doCheck = true; + preCheck = '' + export PREVIOUS_${ldLibPathEnvName}=$${ldLibPathEnvName} + export ${ldLibPathEnvName}="$${ldLibPathEnvName}:$(realpath tls/):$(realpath ssl/):$(realpath crypto/)" + ''; + postCheck = '' + export ${ldLibPathEnvName}=$PREVIOUS_${ldLibPathEnvName} + ''; + outputs = [ "bin" "dev" "out" "man" "nc" ]; postFixup = '' @@ -66,5 +83,15 @@ in { libressl_3_2 = generic { version = "3.2.5"; sha256 = "1zkwrs3b19s1ybz4q9hrb7pqsbsi8vxcs44qanfy11fkc7ynb2kr"; + patches = [ + ./CVE-2021-41581.patch + ]; + }; + libressl_3_4 = generic { + version = "3.4.0"; + sha256 = "1lhn76nd59p1dfd27b4636zj6wh3f5xsi8b3sxqnl820imsswbp5"; + patches = [ + ./CVE-2021-41581.patch + ]; }; } diff --git a/pkgs/development/libraries/qcoro/default.nix b/pkgs/development/libraries/qcoro/default.nix new file mode 100644 index 000000000000..62608e390f8b --- /dev/null +++ b/pkgs/development/libraries/qcoro/default.nix @@ -0,0 +1,38 @@ +{ lib +, mkDerivation +, fetchFromGitHub +, cmake +, libpthreadstubs +, qtbase +}: + +mkDerivation rec { + pname = "qcoro"; + version = "0.3.0"; + + src = fetchFromGitHub { + owner = "danvratil"; + repo = "qcoro"; + rev = "v${version}"; + sha256 = "09543hpy590dndmlxmcm8c58m97blhaii4wbjr655qxdanhhxgzi"; + }; + + outputs = [ "out" "dev" ]; + + nativeBuildInputs = [ + cmake + ]; + + buildInputs = [ + qtbase + libpthreadstubs + ]; + + meta = with lib; { + description = "Library for using C++20 coroutines in connection with certain asynchronous Qt actions"; + homepage = "https://github.com/danvratil/qcoro"; + license = licenses.mit; + maintainers = with maintainers; [ smitop ]; + platforms = platforms.linux; + }; +} diff --git a/pkgs/development/python-modules/libusb1/default.nix b/pkgs/development/python-modules/libusb1/default.nix index 7d921a9c8976..f1b474b960f6 100644 --- a/pkgs/development/python-modules/libusb1/default.nix +++ b/pkgs/development/python-modules/libusb1/default.nix @@ -2,11 +2,11 @@ buildPythonPackage rec { pname = "libusb1"; - version = "1.10.1"; + version = "2.0.1"; src = fetchPypi { inherit pname version; - sha256 = "8d70e5ef11a9facf304e696cc1d571c526bd9e02a8710a045b3b2567db7a54e0"; + sha256 = "d3ba82ecf7ab6a48d21dac6697e26504670cc3522b8e5941bd28fb56cf3f6c46"; }; postPatch = '' diff --git a/pkgs/top-level/all-packages.nix b/pkgs/top-level/all-packages.nix index 9b606baa75fb..9708264676ee 100644 --- a/pkgs/top-level/all-packages.nix +++ b/pkgs/top-level/all-packages.nix @@ -18686,11 +18686,12 @@ with pkgs; openvdb = callPackage ../development/libraries/openvdb {}; inherit (callPackages ../development/libraries/libressl { }) - libressl_3_2; + libressl_3_2 + libressl_3_4; # Please keep this pointed to the latest version. See also # https://discourse.nixos.org/t/nixpkgs-policy-regarding-libraries-available-in-multiple-versions/7026/2 - libressl = libressl_3_2; + libressl = libressl_3_4; boringssl = callPackage ../development/libraries/boringssl { }; @@ -32749,6 +32750,7 @@ with pkgs; wasm-pack = callPackage ../development/tools/wasm-pack { inherit (darwin.apple_sdk.frameworks) Security; + libressl = libressl_3_2; }; wavegain = callPackage ../applications/audio/wavegain { }; diff --git a/pkgs/top-level/qt5-packages.nix b/pkgs/top-level/qt5-packages.nix index a5adec5d78f6..21d11d339f3a 100644 --- a/pkgs/top-level/qt5-packages.nix +++ b/pkgs/top-level/qt5-packages.nix @@ -174,6 +174,8 @@ in (kdeFrameworks // plasmaMobileGear // plasma5 // plasma5.thirdParty // kdeGea qca-qt5 = callPackage ../development/libraries/qca-qt5 { }; + qcoro = callPackage ../development/libraries/qcoro { }; + qcsxcad = callPackage ../development/libraries/science/electronics/qcsxcad { }; qmltermwidget = callPackage ../development/libraries/qmltermwidget {