From 3b0522299a073a9a77c8e31213505dad4d7eec2c Mon Sep 17 00:00:00 2001 From: Jade Lovelace Date: Mon, 16 Jan 2023 22:28:14 -0800 Subject: [PATCH 01/19] aflplusplus: 2.64c -> 4.05c Co-authored-by: Mindavi aflplusplus: fix tests, fix clang path substitution aflplusplus: fix some small issues and detect invalid use of LLVM_BINDIR better aflplusplus: add llvmPackages bintools as buildInput Now aflplusplus can auto-detect it. aflplusplus: make qemu test work aflplusplus: disable fortify hardening, package does this itself Prevents warnings from being logged. aflplusplus: use better separators for sed aflplusplus: remove broken path check aflplusplus: python -> python3, define llvmPackages outside of pkg def aflplusplus: fix invalid qemu test path --- pkgs/tools/security/aflplusplus/default.nix | 90 +++++++--- .../security/aflplusplus/libdislocator.nix | 5 +- .../security/aflplusplus/libtokencap.nix | 4 +- pkgs/tools/security/aflplusplus/qemu.nix | 169 ++++++++++++------ pkgs/top-level/all-packages.nix | 6 +- 5 files changed, 187 insertions(+), 87 deletions(-) diff --git a/pkgs/tools/security/aflplusplus/default.nix b/pkgs/tools/security/aflplusplus/default.nix index 11b276ca05d2..08db2e37812b 100644 --- a/pkgs/tools/security/aflplusplus/default.nix +++ b/pkgs/tools/security/aflplusplus/default.nix @@ -1,6 +1,8 @@ { lib, stdenv, stdenvNoCC, fetchFromGitHub, callPackage, makeWrapper -, clang, llvm, gcc, which, libcgroup, python, perl, gmp +, clang, llvm, gcc, which, libcgroup, python3, perl, gmp , file, wine ? null, fetchpatch +, cmocka +, llvmPackages }: # wine fuzzing is only known to work for win32 binaries, and using a mixture of @@ -17,38 +19,51 @@ let libtokencap = callPackage ./libtokencap.nix { inherit aflplusplus; }; aflplusplus = stdenvNoCC.mkDerivation rec { pname = "aflplusplus"; - version = "2.65c"; + version = "4.05c"; src = fetchFromGitHub { owner = "AFLplusplus"; repo = "AFLplusplus"; rev = version; - sha256 = "1np2a3kypb2m8nyv6qnij18yzn41pl8619jzydci40br4vxial9l"; + sha256 = "sha256-c4GFOuCwIOFkwIxXtwE3VTVlWW7lS8h+GMN70fZbgDI="; }; enableParallelBuilding = true; # Note: libcgroup isn't needed for building, just for the afl-cgroup # script. nativeBuildInputs = [ makeWrapper which clang gcc ]; - buildInputs = [ llvm python gmp ] - ++ lib.optional (wine != null) python.pkgs.wrapPython; + buildInputs = [ llvm python3 gmp llvmPackages.bintools ] + ++ lib.optional (wine != null) python3.pkgs.wrapPython; + # Flag is already set by package and causes some compiler warnings. + # warning: "_FORTIFY_SOURCE" redefined + hardeningDisable = [ "fortify" ]; postPatch = '' - # Replace the CLANG_BIN variables with the correct path - substituteInPlace llvm_mode/afl-clang-fast.c \ + # Don't care about this. + rm Android.bp + + # Replace the CLANG_BIN variables with the correct path. + # Replace "gcc" and friends with full paths in afl-gcc. + # Prevents afl-gcc picking up any (possibly incorrect) gcc from the path. + # Replace LLVM_BINDIR with a non-existing path to give a hard error when it's used. + substituteInPlace src/afl-cc.c \ --replace "CLANGPP_BIN" '"${clang}/bin/clang++"' \ --replace "CLANG_BIN" '"${clang}/bin/clang"' \ - --replace 'getenv("AFL_PATH")' "(getenv(\"AFL_PATH\") ? getenv(\"AFL_PATH\") : \"$out/lib/afl\")" - - # Replace "gcc" and friends with full paths in afl-gcc - # Prevents afl-gcc picking up any (possibly incorrect) gcc from the path - substituteInPlace src/afl-gcc.c \ --replace '"gcc"' '"${gcc}/bin/gcc"' \ --replace '"g++"' '"${gcc}/bin/g++"' \ - --replace '"gcj"' '"gcj-UNSUPPORTED"' \ - --replace '"clang"' '"clang-UNSUPPORTED"' \ - --replace '"clang++"' '"clang++-UNSUPPORTED"' + --replace 'getenv("AFL_PATH")' "(getenv(\"AFL_PATH\") ? getenv(\"AFL_PATH\") : \"$out/lib/afl\")" + + substituteInPlace src/afl-ld-lto.c \ + --replace 'LLVM_BINDIR' '"/nixpkgs-patched-does-not-exist"' + + # Remove the rest of the line + sed -i 's|LLVM_BINDIR = .*|LLVM_BINDIR = |' utils/aflpp_driver/GNUmakefile + substituteInPlace utils/aflpp_driver/GNUmakefile \ + --replace 'LLVM_BINDIR = ' 'LLVM_BINDIR = ${clang}/bin/' + + substituteInPlace GNUmakefile.llvm \ + --replace "\$(LLVM_BINDIR)/clang" "${clang}/bin/clang" ''; env.NIX_CFLAGS_COMPILE = toString [ @@ -56,15 +71,19 @@ let "-Wno-error=use-after-free" ]; - makeFlags = [ "PREFIX=$(out)" ]; + makeFlags = [ + "PREFIX=$(out)" + "USE_BINDIR=0" + ]; buildPhase = '' + runHook preBuild + common="$makeFlags -j$NIX_BUILD_CORES" - make all $common - make radamsa $common - make -C gcc_plugin CC=${gcc}/bin/gcc CXX=${gcc}/bin/g++ $common - make -C llvm_mode $common + make distrib $common make -C qemu_mode/libcompcov $common make -C qemu_mode/unsigaction $common + + runHook postBuild ''; postInstall = '' @@ -75,7 +94,7 @@ let cp qemu_mode/unsigaction/unsigaction*.so $out/lib/afl/ # Install the custom QEMU emulator for binary blob fuzzing. - cp ${aflplusplus-qemu}/bin/${qemu-exe-name} $out/bin/afl-qemu-trace + ln -s ${aflplusplus-qemu}/bin/${qemu-exe-name} $out/bin/afl-qemu-trace # give user a convenient way of accessing libcompconv.so, libdislocator.so, libtokencap.so cat > $out/bin/get-afl-qemu-libcompcov-so < $out/bin/get-libdislocator-so < all.patch - ''; + src = fetchFromGitHub { + owner = "AFLplusplus"; + repo = "qemuafl"; + rev = "a8af9cbde71e333ce72a46f15e655d0b82ed0939"; + sha256 = "sha256-veT9Vne9arB1kbQDAKGZ/skse5C5KNAiMBj2JWkS4tQ="; + fetchSubmodules = true; + }; nativeBuildInputs = [ - python3 perl pkg-config flex bison autoconf texinfo + python3 + perl + pkg-config + flex + bison + meson + texinfo + ninja ]; buildInputs = [ - zlib glib pixman libuuid + zlib + glib + pixman + libuuid ]; enableParallelBuilding = true; - patches = [ - # patches extracted from aflplusplus source - "../all.patch" - # nix-specific patches to make installation more well-behaved - ./qemu-no-etc-install.patch - ]; + dontUseMesonConfigure = true; # meson's configurePhase isn't compatible with qemu build + preBuild = "cd build"; + preConfigure = '' + # this script isn't marked as executable b/c it's indirectly used by meson. Needed to patch its shebang + chmod +x ./scripts/shaderinclude.pl + patchShebangs . + ''; configureFlags = - [ "--disable-system" - "--enable-linux-user" - "--disable-gtk" - "--disable-sdl" - "--disable-vnc" - "--disable-kvm" - "--target-list=${cpuTarget}" - "--enable-pie" + [ + "--target-list=${stdenv.hostPlatform.uname.processor}-linux-user" "--sysconfdir=/etc" "--localstatedir=/var" + "--meson=meson" + "--disable-system" + "--enable-linux-user" + "--enable-pie" + "--audio-drv-list=" + "--disable-blobs" + "--disable-bochs" + "--disable-brlapi" + "--disable-bsd-user" + "--disable-bzip2" + "--disable-cap-ng" + "--disable-cloop" + "--disable-curl" + "--disable-curses" + "--disable-dmg" + "--disable-fdt" + "--disable-gcrypt" + "--disable-glusterfs" + "--disable-gnutls" + "--disable-gtk" + "--disable-guest-agent" + "--disable-iconv" + "--disable-libiscsi" + "--disable-libnfs" + "--disable-libssh" + "--disable-libusb" + "--disable-linux-aio" + "--disable-live-block-migration" + "--disable-lzo" + "--disable-nettle" + "--disable-numa" + "--disable-opengl" + "--disable-parallels" + "--disable-plugins" + "--disable-qcow1" + "--disable-qed" + "--disable-rbd" + "--disable-rdma" + "--disable-replication" + "--disable-sdl" + "--disable-seccomp" + "--disable-sheepdog" + "--disable-smartcard" + "--disable-snappy" + "--disable-spice" + "--disable-system" + "--disable-tools" + "--disable-tpm" + "--disable-usb-redir" + "--disable-vde" + "--disable-vdi" + "--disable-vhost-crypto" + "--disable-vhost-kernel" + "--disable-vhost-net" + "--disable-vhost-scsi" + "--disable-vhost-user" + "--disable-vhost-vdpa" + "--disable-vhost-vsock" + "--disable-virglrenderer" + "--disable-virtfs" + "--disable-vnc" + "--disable-vnc-jpeg" + "--disable-vnc-png" + "--disable-vnc-sasl" + "--disable-vte" + "--disable-vvfat" + "--disable-xen" + "--disable-xen-pci-passthrough" + "--disable-xfsctl" + "--without-default-devices" ]; meta = with lib; { - homepage = "https://www.qemu.org/"; + homepage = "https://github.com/AFLplusplus/qemuafl"; description = "Fork of QEMU with AFL++ instrumentation support"; license = licenses.gpl2Plus; maintainers = with maintainers; [ ris ]; diff --git a/pkgs/top-level/all-packages.nix b/pkgs/top-level/all-packages.nix index 1dd37af855d5..c9d1df3e63d4 100644 --- a/pkgs/top-level/all-packages.nix +++ b/pkgs/top-level/all-packages.nix @@ -1394,9 +1394,9 @@ with pkgs; }; aflplusplus = callPackage ../tools/security/aflplusplus { - clang = clang_9; - llvm = llvm_9; - python = python3; + clang = clang_14; + llvm = llvm_14; + llvmPackages = llvmPackages_14; wine = null; }; From 3d4b845beba39d24df946b7bf6e7326507ba621f Mon Sep 17 00:00:00 2001 From: Alyssa Ross Date: Tue, 6 Jun 2023 11:30:34 +0000 Subject: [PATCH 02/19] qemu: 8.0.0 -> 8.0.2 --- pkgs/applications/virtualization/qemu/default.nix | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/pkgs/applications/virtualization/qemu/default.nix b/pkgs/applications/virtualization/qemu/default.nix index b4288cb7d7b5..46bbb4314cb7 100644 --- a/pkgs/applications/virtualization/qemu/default.nix +++ b/pkgs/applications/virtualization/qemu/default.nix @@ -48,11 +48,11 @@ stdenv.mkDerivation rec { + lib.optionalString xenSupport "-xen" + lib.optionalString hostCpuOnly "-host-cpu-only" + lib.optionalString nixosTestRunner "-for-vm-tests"; - version = "8.0.0"; + version = "8.0.2"; src = fetchurl { url = "https://download.qemu.org/qemu-${version}.tar.xz"; - sha256 = "u2DwNBUxGB1sw5ad0ZoBPQQnqH+RgZOXDZrbkRMeVtA="; + sha256 = "8GCr1DX75nlBJeLDmFaP/Dz6VABCWWkHqLGO3KNM9qU="; }; depsBuildBuild = [ buildPackages.stdenv.cc ] From 49cacc1dcd63e0621a55a503dca36eef31ee49d9 Mon Sep 17 00:00:00 2001 From: Weijia Wang <9713184+wegank@users.noreply.github.com> Date: Mon, 5 Jun 2023 14:18:55 +0300 Subject: [PATCH 03/19] glfw3: drop libGL on darwin --- pkgs/development/libraries/glfw/3.x.nix | 6 +++--- pkgs/top-level/all-packages.nix | 2 +- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/pkgs/development/libraries/glfw/3.x.nix b/pkgs/development/libraries/glfw/3.x.nix index 1b97bb108a79..15c5e7d9ca58 100644 --- a/pkgs/development/libraries/glfw/3.x.nix +++ b/pkgs/development/libraries/glfw/3.x.nix @@ -1,6 +1,6 @@ { stdenv, lib, fetchFromGitHub, cmake , libGL, libXrandr, libXinerama, libXcursor, libX11, libXi, libXext -, Cocoa, Kernel, fixDarwinDylibNames +, Carbon, Cocoa, Kernel, OpenGL, fixDarwinDylibNames , waylandSupport ? false, extra-cmake-modules, wayland , wayland-protocols, libxkbcommon }: @@ -19,7 +19,7 @@ stdenv.mkDerivation rec { # Fix linkage issues on X11 (https://github.com/NixOS/nixpkgs/issues/142583) patches = lib.optional (!waylandSupport) ./x11.patch; - propagatedBuildInputs = [ libGL ]; + propagatedBuildInputs = [ (if stdenv.isDarwin then OpenGL else libGL) ]; nativeBuildInputs = [ cmake ] ++ lib.optional stdenv.isDarwin fixDarwinDylibNames @@ -29,7 +29,7 @@ stdenv.mkDerivation rec { if waylandSupport then [ wayland wayland-protocols libxkbcommon ] else [ libX11 libXrandr libXinerama libXcursor libXi libXext ] - ++ lib.optionals stdenv.isDarwin [ Cocoa Kernel ]; + ++ lib.optionals stdenv.isDarwin [ Carbon Cocoa Kernel ]; cmakeFlags = [ "-DBUILD_SHARED_LIBS=ON" diff --git a/pkgs/top-level/all-packages.nix b/pkgs/top-level/all-packages.nix index 349550028226..a359a04a3e79 100644 --- a/pkgs/top-level/all-packages.nix +++ b/pkgs/top-level/all-packages.nix @@ -20737,7 +20737,7 @@ with pkgs; }; glfw2 = callPackage ../development/libraries/glfw/2.x.nix { }; glfw3 = callPackage ../development/libraries/glfw/3.x.nix { - inherit (darwin.apple_sdk.frameworks) Cocoa Kernel; + inherit (darwin.apple_sdk.frameworks) Carbon Cocoa Kernel OpenGL; }; glibc = callPackage ../development/libraries/glibc { From 24f8a54893c76b87d0de4eb16e6c95aae151aa63 Mon Sep 17 00:00:00 2001 From: Rick van Schijndel Date: Tue, 6 Jun 2023 22:56:19 +0200 Subject: [PATCH 04/19] aflplusplus: 4.05c -> 4.06c Changelog: https://github.com/AFLplusplus/AFLplusplus/releases/tag/4.06c Also update to llvm 15, and update the qemu that's used for aflplusplus. --- pkgs/tools/security/aflplusplus/default.nix | 4 ++-- pkgs/tools/security/aflplusplus/qemu.nix | 4 ++-- pkgs/top-level/all-packages.nix | 6 +++--- 3 files changed, 7 insertions(+), 7 deletions(-) diff --git a/pkgs/tools/security/aflplusplus/default.nix b/pkgs/tools/security/aflplusplus/default.nix index 08db2e37812b..6102eb0b3f39 100644 --- a/pkgs/tools/security/aflplusplus/default.nix +++ b/pkgs/tools/security/aflplusplus/default.nix @@ -19,13 +19,13 @@ let libtokencap = callPackage ./libtokencap.nix { inherit aflplusplus; }; aflplusplus = stdenvNoCC.mkDerivation rec { pname = "aflplusplus"; - version = "4.05c"; + version = "4.06c"; src = fetchFromGitHub { owner = "AFLplusplus"; repo = "AFLplusplus"; rev = version; - sha256 = "sha256-c4GFOuCwIOFkwIxXtwE3VTVlWW7lS8h+GMN70fZbgDI="; + sha256 = "sha256-Gb1nYDBnwLS+m8e1UD0WLIrnp8KRgliGQVvQD22JXrQ="; }; enableParallelBuilding = true; diff --git a/pkgs/tools/security/aflplusplus/qemu.nix b/pkgs/tools/security/aflplusplus/qemu.nix index 107db2d75bc3..6be5afb54dc3 100644 --- a/pkgs/tools/security/aflplusplus/qemu.nix +++ b/pkgs/tools/security/aflplusplus/qemu.nix @@ -30,8 +30,8 @@ stdenv.mkDerivation { src = fetchFromGitHub { owner = "AFLplusplus"; repo = "qemuafl"; - rev = "a8af9cbde71e333ce72a46f15e655d0b82ed0939"; - sha256 = "sha256-veT9Vne9arB1kbQDAKGZ/skse5C5KNAiMBj2JWkS4tQ="; + rev = "0569eff8a12dec73642b96757f6b5b51a618a03a"; + sha256 = "sha256-nYWHyRfOH2p9znRxjxsiyw11uZuMBiuJfEc7FHM5X7M="; fetchSubmodules = true; }; diff --git a/pkgs/top-level/all-packages.nix b/pkgs/top-level/all-packages.nix index c9d1df3e63d4..ecaf207cb4d2 100644 --- a/pkgs/top-level/all-packages.nix +++ b/pkgs/top-level/all-packages.nix @@ -1394,9 +1394,9 @@ with pkgs; }; aflplusplus = callPackage ../tools/security/aflplusplus { - clang = clang_14; - llvm = llvm_14; - llvmPackages = llvmPackages_14; + clang = clang_15; + llvm = llvm_15; + llvmPackages = llvmPackages_15; wine = null; }; From f5e7c1c4741dbf8760fd8be6e0bc3af849727d9b Mon Sep 17 00:00:00 2001 From: Justin Bedo Date: Thu, 8 Jun 2023 09:21:23 +1000 Subject: [PATCH 05/19] rPackages.data_table: add required pkg-config dependency --- pkgs/development/r-modules/default.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/pkgs/development/r-modules/default.nix b/pkgs/development/r-modules/default.nix index 3ba79111d7cf..3bdbf494c0b9 100644 --- a/pkgs/development/r-modules/default.nix +++ b/pkgs/development/r-modules/default.nix @@ -327,7 +327,7 @@ let chebpol = [ pkgs.fftw.dev ]; ChemmineOB = with pkgs; [ openbabel pkg-config ]; curl = [ pkgs.curl.dev ]; - data_table = [ pkgs.zlib.dev ] ++ lib.optional stdenv.isDarwin pkgs.llvmPackages.openmp; + data_table = with pkgs; [ pkg-config zlib.dev ] ++ lib.optional stdenv.isDarwin pkgs.llvmPackages.openmp; devEMF = with pkgs; [ xorg.libXft.dev ]; diversitree = with pkgs; [ gsl fftw ]; exactextractr = [ pkgs.geos ]; From 504b16b10ea225f0b2c1236669c786f1781eab26 Mon Sep 17 00:00:00 2001 From: Nick Cao Date: Thu, 8 Jun 2023 19:42:36 +0800 Subject: [PATCH 06/19] postfix: 3.8.0 -> 3.8.1 --- pkgs/servers/mail/postfix/default.nix | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/pkgs/servers/mail/postfix/default.nix b/pkgs/servers/mail/postfix/default.nix index 3f37b1b35292..e801dcbe7ba4 100644 --- a/pkgs/servers/mail/postfix/default.nix +++ b/pkgs/servers/mail/postfix/default.nix @@ -25,11 +25,11 @@ let in stdenv.mkDerivation rec { pname = "postfix"; - version = "3.8.0"; + version = "3.8.1"; src = fetchurl { url = "http://cdn.postfix.johnriley.me/mirrors/postfix-release/official/${pname}-${version}.tar.gz"; - hash = "sha256-o62AKb0sawxXZHeg93v50sC3YcuqDvv+9Hlp7+purek="; + hash = "sha256-VOG//e0wMoKKcN4iwqGpTRwJf8RRPg/b/P2/O/9rcJI="; }; nativeBuildInputs = [ makeWrapper m4 ]; From 08139a76264623b824174fe4d1629e6f1283a812 Mon Sep 17 00:00:00 2001 From: Maximilian Bosch Date: Thu, 8 Jun 2023 14:00:36 +0200 Subject: [PATCH 07/19] grafana: 9.5.2 -> 9.5.3 Fixes CVE-2023-2801 & CVE-2023-2183 ChangeLog: https://github.com/grafana/grafana/releases/tag/v9.5.3 Security advisory: https://grafana.com/blog/2023/06/06/grafana-security-release-new-grafana-versions-with-security-fixes-for-cve-2023-2183-and-cve-2023-2801/ --- pkgs/servers/monitoring/grafana/default.nix | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/pkgs/servers/monitoring/grafana/default.nix b/pkgs/servers/monitoring/grafana/default.nix index d4ccb37bf56f..33590dd04f3f 100644 --- a/pkgs/servers/monitoring/grafana/default.nix +++ b/pkgs/servers/monitoring/grafana/default.nix @@ -2,7 +2,7 @@ buildGoModule rec { pname = "grafana"; - version = "9.5.2"; + version = "9.5.3"; excludedPackages = [ "alert_webhook_listener" "clean-swagger" "release_publisher" "slow_proxy" "slow_proxy_mac" "macaron" "devenv" ]; @@ -10,12 +10,12 @@ buildGoModule rec { rev = "v${version}"; owner = "grafana"; repo = "grafana"; - hash = "sha256-4Gt5VwKD6YkxNSKxvfGjakXF4jF9aoaFZ+dXy/GsDaU="; + hash = "sha256-b9FkyDEidM7n+eY9IlZT9vysphe4CW5vGXYn9M5BIJM="; }; srcStatic = fetchurl { url = "https://dl.grafana.com/oss/release/grafana-${version}.linux-amd64.tar.gz"; - hash = "sha256-xY600pasxP/+XbbbX4U3zp8R837/46+uJ9zQWva5Or8="; + hash = "sha256-PfdRPMQrEaTwg9wWeyJo6I9HuQX6sxl1JbT9CTixnyc="; }; vendorHash = "sha256-E9Qdsk691+laPrQQnYBIwxAIbXh7wxB0G2e/Vp+4x98="; From c05f72e9babe0cdd4eaea15e1f42ca6afa8b5996 Mon Sep 17 00:00:00 2001 From: rnhmjoj Date: Thu, 8 Jun 2023 16:36:24 +0200 Subject: [PATCH 08/19] rxvt-unicode: 9.30 -> 9.31 --- .../terminal-emulators/rxvt-unicode/default.nix | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/pkgs/applications/terminal-emulators/rxvt-unicode/default.nix b/pkgs/applications/terminal-emulators/rxvt-unicode/default.nix index ede0638e7a04..47cd84d94825 100644 --- a/pkgs/applications/terminal-emulators/rxvt-unicode/default.nix +++ b/pkgs/applications/terminal-emulators/rxvt-unicode/default.nix @@ -1,5 +1,5 @@ { lib, stdenv, fetchurl, fetchpatch, makeDesktopItem -, libX11, libXt, libXft, libXrender +, libX11, libXt, libXft, libXrender, libXext , ncurses, fontconfig, freetype , pkg-config, gdk-pixbuf, perl , libptytty @@ -12,7 +12,7 @@ let pname = "rxvt-unicode"; - version = "9.30"; + version = "9.31"; description = "A clone of the well-known terminal emulator rxvt"; desktopItem = makeDesktopItem { @@ -41,7 +41,7 @@ stdenv.mkDerivation { src = fetchurl { url = "http://dist.schmorp.de/rxvt-unicode/Attic/rxvt-unicode-${version}.tar.bz2"; - sha256 = "0badnkjsn3zps24r5iggj8k5v4f00npc77wqg92pcn1q5z8r677y"; + sha256 = "qqE/y8FJ/g8/OR+TMnlYD3Spb9MS1u0GuP8DwtRmcug="; }; nativeBuildInputs = [ pkg-config ]; @@ -49,7 +49,7 @@ stdenv.mkDerivation { [ libX11 libXt libXft ncurses # required to build the terminfo file fontconfig freetype libXrender libptytty - ] ++ optional perlSupport perl + ] ++ optionals perlSupport [ perl libXext ] ++ optional gdkPixbufSupport gdk-pixbuf; outputs = [ "out" "terminfo" ]; From 337bc2233cf7c7bfb124cb04b98bc44116188d71 Mon Sep 17 00:00:00 2001 From: Weijia Wang <9713184+wegank@users.noreply.github.com> Date: Thu, 8 Jun 2023 17:48:23 +0300 Subject: [PATCH 09/19] dirdiff: add darwin support --- pkgs/tools/text/dirdiff/default.nix | 7 ++++++- pkgs/top-level/all-packages.nix | 5 +---- 2 files changed, 7 insertions(+), 5 deletions(-) diff --git a/pkgs/tools/text/dirdiff/default.nix b/pkgs/tools/text/dirdiff/default.nix index 3577242fc0e9..437743e66ef6 100644 --- a/pkgs/tools/text/dirdiff/default.nix +++ b/pkgs/tools/text/dirdiff/default.nix @@ -23,6 +23,11 @@ stdenv.mkDerivation rec { done ''; + env = { + NIX_CFLAGS_COMPILE = "-DUSE_INTERP_RESULT"; + NIX_LDFLAGS = "-ltcl"; + }; + # If we don't create the directories ourselves, then 'make install' creates # files named 'bin' and 'lib'. preInstall = '' @@ -54,6 +59,6 @@ stdenv.mkDerivation rec { homepage = "https://www.samba.org/ftp/paulus/"; license = licenses.gpl2Plus; maintainers = with maintainers; [ khumba ]; - platforms = platforms.linux; + platforms = platforms.unix; }; } diff --git a/pkgs/top-level/all-packages.nix b/pkgs/top-level/all-packages.nix index 68f9f4b56ff2..c70f157e220c 100644 --- a/pkgs/top-level/all-packages.nix +++ b/pkgs/top-level/all-packages.nix @@ -6944,10 +6944,7 @@ with pkgs; dsp = callPackage ../tools/audio/dsp { }; - dirdiff = callPackage ../tools/text/dirdiff { - tcl = tcl-8_5; - tk = tk-8_5; - }; + dirdiff = callPackage ../tools/text/dirdiff { }; dwdiff = callPackage ../applications/misc/dwdiff { }; From e8ef1bad1bffa4a6353260d3297a241a58cb95cb Mon Sep 17 00:00:00 2001 From: Weijia Wang <9713184+wegank@users.noreply.github.com> Date: Thu, 8 Jun 2023 18:04:58 +0300 Subject: [PATCH 10/19] alpine: unpin tcl-8_5 --- pkgs/top-level/all-packages.nix | 4 +--- 1 file changed, 1 insertion(+), 3 deletions(-) diff --git a/pkgs/top-level/all-packages.nix b/pkgs/top-level/all-packages.nix index 68f9f4b56ff2..2cd8c4293d25 100644 --- a/pkgs/top-level/all-packages.nix +++ b/pkgs/top-level/all-packages.nix @@ -29352,9 +29352,7 @@ with pkgs; alot = callPackage ../applications/networking/mailreaders/alot { }; - alpine = callPackage ../applications/networking/mailreaders/alpine { - tcl = tcl-8_5; - }; + alpine = callPackage ../applications/networking/mailreaders/alpine { }; msgviewer = callPackage ../applications/networking/mailreaders/msgviewer { }; From 0828a6612d9815febf9fb4e92c567acac7fec284 Mon Sep 17 00:00:00 2001 From: Weijia Wang <9713184+wegank@users.noreply.github.com> Date: Thu, 8 Jun 2023 18:07:38 +0300 Subject: [PATCH 11/19] rrdtool: unpin tcl-8_5 --- pkgs/tools/misc/rrdtool/default.nix | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/pkgs/tools/misc/rrdtool/default.nix b/pkgs/tools/misc/rrdtool/default.nix index b03cd4a9a7e6..58070c3b1b1c 100644 --- a/pkgs/tools/misc/rrdtool/default.nix +++ b/pkgs/tools/misc/rrdtool/default.nix @@ -1,5 +1,5 @@ { fetchurl, lib, stdenv, gettext, perl, pkg-config, libxml2, pango, cairo, groff -, tcl-8_5, darwin }: +, tcl, darwin }: perl.pkgs.toPerlModule (stdenv.mkDerivation rec { pname = "rrdtool"; @@ -13,7 +13,7 @@ perl.pkgs.toPerlModule (stdenv.mkDerivation rec { nativeBuildInputs = [ pkg-config ]; buildInputs = [ gettext perl libxml2 pango cairo groff ] - ++ lib.optionals stdenv.isDarwin [ tcl-8_5 darwin.apple_sdk.frameworks.ApplicationServices ]; + ++ lib.optionals stdenv.isDarwin [ tcl darwin.apple_sdk.frameworks.ApplicationServices ]; postInstall = '' # for munin and rrdtool support From 8369ba89a06d231ec5a583584d8584107d224fab Mon Sep 17 00:00:00 2001 From: QJoly Date: Thu, 8 Jun 2023 17:21:07 +0200 Subject: [PATCH 12/19] kubetail: 1.6.16 -> 1.6.18 --- pkgs/applications/networking/cluster/kubetail/default.nix | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/pkgs/applications/networking/cluster/kubetail/default.nix b/pkgs/applications/networking/cluster/kubetail/default.nix index dbf32808f941..c7858cf994d3 100644 --- a/pkgs/applications/networking/cluster/kubetail/default.nix +++ b/pkgs/applications/networking/cluster/kubetail/default.nix @@ -2,13 +2,13 @@ stdenv.mkDerivation rec { pname = "kubetail"; - version = "1.6.16"; + version = "1.6.18"; src = fetchFromGitHub { owner = "johanhaleby"; repo = "kubetail"; rev = version; - sha256 = "sha256-kkbhhAaiKP01LR7F5JVMgy6Ujji8JDc+Aaho1vft3XQ="; + sha256 = "sha256-Gde5thEpMX3h0e1eoC8SeDdkZfa02CmQf3ELLMeEWGU="; }; nativeBuildInputs = [ installShellFiles makeWrapper ]; @@ -29,7 +29,7 @@ stdenv.mkDerivation rec { ''; homepage = "https://github.com/johanhaleby/kubetail"; license = licenses.asl20; - maintainers = with maintainers; [ kalbasit ]; + maintainers = with maintainers; [ kalbasit qjoly ]; platforms = platforms.all; }; } From 7c99d4b1dc320e0c79bcbe447dbebb086f607989 Mon Sep 17 00:00:00 2001 From: QJoly Date: Thu, 8 Jun 2023 17:29:04 +0200 Subject: [PATCH 13/19] driftctl: 0.38.2 -> 0.39.0 --- pkgs/applications/networking/cluster/driftctl/default.nix | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/pkgs/applications/networking/cluster/driftctl/default.nix b/pkgs/applications/networking/cluster/driftctl/default.nix index c90c93f20624..4104c40bf045 100644 --- a/pkgs/applications/networking/cluster/driftctl/default.nix +++ b/pkgs/applications/networking/cluster/driftctl/default.nix @@ -2,16 +2,16 @@ buildGoModule rec { pname = "driftctl"; - version = "0.38.2"; + version = "0.39.0"; src = fetchFromGitHub { owner = "snyk"; repo = "driftctl"; rev = "v${version}"; - sha256 = "sha256-PPzoZypTP3yrgU50Uv7yBNCc2nAa84quCTWjxyq9h/c="; + sha256 = "sha256-1i5x05q0Mo3E3ExM9qONRtQCH3nO7pXyNqOaAtz7qYE="; }; - vendorHash = "sha256-XVEXWBVqYoAlK4DP0GdWqJDcLy9WxCaUdNbVESJ9zoM="; + vendorHash = "sha256-H/+LORl7Bjy1NshjtWDzj13YCrlQQgtBr4+Rz/rxQkY="; nativeBuildInputs = [ installShellFiles ]; @@ -51,6 +51,6 @@ buildGoModule rec { and fills in the missing piece in your DevSecOps toolbox. ''; license = licenses.asl20; - maintainers = with maintainers; [ kaction jk ]; + maintainers = with maintainers; [ kaction jk qjoly ]; }; } From 389cbc1e22697a0cc48d2cc43d635ae167d815c6 Mon Sep 17 00:00:00 2001 From: rnhmjoj Date: Thu, 8 Jun 2023 18:25:37 +0200 Subject: [PATCH 14/19] qutebrowser: 2.5.3 -> 2.5.4 --- pkgs/applications/networking/browsers/qutebrowser/default.nix | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/pkgs/applications/networking/browsers/qutebrowser/default.nix b/pkgs/applications/networking/browsers/qutebrowser/default.nix index b6e06da9876d..47721f183412 100644 --- a/pkgs/applications/networking/browsers/qutebrowser/default.nix +++ b/pkgs/applications/networking/browsers/qutebrowser/default.nix @@ -38,7 +38,7 @@ buildPythonApplication = if isQt6 then python3Packages.buildPythonApplication else mkDerivationWith python3Packages.buildPythonApplication; pname = "qutebrowser"; - version = if isQt6 then "unstable-2023-04-18" else "2.5.3"; + version = if isQt6 then "unstable-2023-04-18" else "2.5.4"; in assert withMediaPlayback -> gst_all_1 != null; @@ -60,7 +60,7 @@ buildPythonApplication { # the release tarballs are different from the git checkout! else fetchurl { url = "https://github.com/qutebrowser/qutebrowser/releases/download/v${version}/${pname}-${version}.tar.gz"; - hash = "sha256-hF7yJDTQIztUcZJae20HVhfGlLprvz6GWrgpSwLJ14E="; + hash = "sha256-pGCyICUn5CpnDCbSJdn6ZBfQkswfFvOpXnvJXdicGrE="; }; # Needs tox From a754690981b3eb0c09460c2bcbf14331db18a352 Mon Sep 17 00:00:00 2001 From: geri1701 Date: Thu, 8 Jun 2023 20:06:22 +0200 Subject: [PATCH 15/19] amdgpu_top: 0.1.8 -> 0.1.9 --- pkgs/tools/system/amdgpu_top/Cargo.lock | 11 +++++++---- pkgs/tools/system/amdgpu_top/default.nix | 4 ++-- 2 files changed, 9 insertions(+), 6 deletions(-) diff --git a/pkgs/tools/system/amdgpu_top/Cargo.lock b/pkgs/tools/system/amdgpu_top/Cargo.lock index 296f2e77cf63..3b0788defce7 100644 --- a/pkgs/tools/system/amdgpu_top/Cargo.lock +++ b/pkgs/tools/system/amdgpu_top/Cargo.lock @@ -38,7 +38,7 @@ dependencies = [ [[package]] name = "amdgpu_top" -version = "0.1.8" +version = "0.1.9" dependencies = [ "amdgpu_top_gui", "amdgpu_top_json", @@ -896,7 +896,7 @@ checksum = "e2abad23fbc42b3700f2f279844dc832adb2b2eb069b2df918f455c4e18cc646" [[package]] name = "libamdgpu_top" -version = "0.1.7" +version = "0.1.9" dependencies = [ "anyhow", "libdrm_amdgpu_sys", @@ -910,9 +910,12 @@ checksum = "3304a64d199bb964be99741b7a14d26972741915b3649639149b2479bb46f4b5" [[package]] name = "libdrm_amdgpu_sys" -version = "0.1.2" +version = "0.1.4" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "a57f94df94d4505d89064895cd70d0ac0adb70fd9cac7a14bf53f3ce78785c4a" +checksum = "fbba2720dc87ad23aaa9bbfb7f8cc25a826edfbe0fcfbb99fec1774ad1fb81a0" +dependencies = [ + "libc", +] [[package]] name = "libloading" diff --git a/pkgs/tools/system/amdgpu_top/default.nix b/pkgs/tools/system/amdgpu_top/default.nix index 25f2f8d9769c..f6397fa28ce1 100644 --- a/pkgs/tools/system/amdgpu_top/default.nix +++ b/pkgs/tools/system/amdgpu_top/default.nix @@ -14,13 +14,13 @@ rustPlatform.buildRustPackage rec { pname = "amdgpu_top"; - version = "0.1.8"; + version = "0.1.9"; src = fetchFromGitHub { owner = "Umio-Yasuno"; repo = pname; rev = "v${version}"; - hash = "sha256-QsoOqkRtIwkLn7zg4hggGLNzyjdneYYs0XfQMdIEcCM="; + hash = "sha256-RR+YK8LyrPz7Pfv8moSOPei+56088lhoz8HxoB6+0B8="; }; cargoLock.lockFile = ./Cargo.lock; From 5be7d1d23898b0ad7acd142ec13552a98f9a1ebf Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=D0=94=D0=B0=D0=BC=D1=98=D0=B0=D0=BD=20=D0=93=D0=B5=D0=BE?= =?UTF-8?q?=D1=80=D0=B3=D0=B8=D0=B5=D0=B2=D1=81=D0=BA=D0=B8?= Date: Thu, 8 Jun 2023 21:00:50 +0200 Subject: [PATCH 16/19] go2tv: 1.14.1 -> 1.15.0 * New Logo! * Added relative time and end time next to the slider bar * Various fixes and API improvements * Fix Android 13 issue where device discovery is not working https://github.com/alexballas/go2tv/releases/tag/v1.15.0 --- pkgs/applications/video/go2tv/default.nix | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/pkgs/applications/video/go2tv/default.nix b/pkgs/applications/video/go2tv/default.nix index 7d64d9788980..fb0db20990e4 100644 --- a/pkgs/applications/video/go2tv/default.nix +++ b/pkgs/applications/video/go2tv/default.nix @@ -14,13 +14,13 @@ buildGoModule rec { pname = "go2tv" + lib.optionalString (!withGui) "-lite"; - version = "1.14.1"; + version = "1.15.0"; src = fetchFromGitHub { owner = "alexballas"; repo = "go2tv"; rev = "v${version}"; - sha256 = "sha256-t+T3zerFvEdMYoe8GYSCGgwiXw528Lrs/EjPsXr6I98="; + sha256 = "sha256-5GOhTDlUpzInMm8hVcBjbf1CXRw2GQITRtj6UaxYHtE="; }; vendorHash = null; From 0f77f645aaa85fbe00b3adab2bbb21bb3d06cc38 Mon Sep 17 00:00:00 2001 From: Fabian Affolter Date: Thu, 8 Jun 2023 21:03:23 +0200 Subject: [PATCH 17/19] python311Packages.token-bucket: remove pytest-runner - add changelog to meta --- .../python-modules/token-bucket/default.nix | 16 ++++++++++------ 1 file changed, 10 insertions(+), 6 deletions(-) diff --git a/pkgs/development/python-modules/token-bucket/default.nix b/pkgs/development/python-modules/token-bucket/default.nix index d11db6d03131..497d10d84fe8 100644 --- a/pkgs/development/python-modules/token-bucket/default.nix +++ b/pkgs/development/python-modules/token-bucket/default.nix @@ -2,8 +2,8 @@ , stdenv , buildPythonPackage , fetchFromGitHub -, pytest-runner , pytestCheckHook +, pythonOlder }: buildPythonPackage rec { @@ -11,16 +11,19 @@ buildPythonPackage rec { version = "0.3.0"; format = "setuptools"; + disabled = pythonOlder "3.7"; + src = fetchFromGitHub { owner = "falconry"; repo = pname; - rev = version; - sha256 = "0a703y2d09kvv2l9vq7vc97l4pi2wwq1f2hq783mbw2238jymb3m"; + rev = "refs/tags/${version}"; + hash = "sha256-dazqJRpC8FUHOhgKFzDnIl5CT2L74J2o2Hsm0IQf4Cg="; }; - nativeBuildInputs = [ - pytest-runner - ]; + postPatch = '' + substituteInPlace setup.py \ + --replace "'pytest-runner'" "" + ''; nativeCheckInputs = [ pytestCheckHook @@ -31,6 +34,7 @@ buildPythonPackage rec { meta = with lib; { description = "Token Bucket Implementation for Python Web Apps"; homepage = "https://github.com/falconry/token-bucket"; + changelog = "https://github.com/falconry/token-bucket/releases/tag/${version}"; license = licenses.asl20; maintainers = with maintainers; [ hexa ]; }; From f3f38a2130f2096b8da76e233765c1ca4e2b7862 Mon Sep 17 00:00:00 2001 From: Martin Weinelt Date: Thu, 8 Jun 2023 21:30:37 +0200 Subject: [PATCH 18/19] python310Packages.ansible-core: provide passlib Required for crypt on darwin. --- pkgs/development/python-modules/ansible/core.nix | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/pkgs/development/python-modules/ansible/core.nix b/pkgs/development/python-modules/ansible/core.nix index 6b960b8c6b92..0e4aef282a27 100644 --- a/pkgs/development/python-modules/ansible/core.nix +++ b/pkgs/development/python-modules/ansible/core.nix @@ -1,5 +1,4 @@ { lib -, callPackage , buildPythonPackage , fetchPypi , installShellFiles @@ -11,6 +10,7 @@ , ncclient , packaging , paramiko +, passlib , pexpect , psutil , pycrypto @@ -50,6 +50,7 @@ buildPythonPackage rec { cryptography jinja2 packaging + passlib pyyaml resolvelib # This library is a PITA, since ansible requires a very old version of it # optional dependencies From c793615ab8398f145f15211b59e0a201770ffcfc Mon Sep 17 00:00:00 2001 From: Fabian Affolter Date: Thu, 8 Jun 2023 21:41:31 +0200 Subject: [PATCH 19/19] checkov: 2.3.283 -> 2.3.285 Diff: https://github.com/bridgecrewio/checkov/compare/refs/tags/2.3.283...2.3.285 Changelog: https://github.com/bridgecrewio/checkov/releases/tag/2.3.285 --- pkgs/development/tools/analysis/checkov/default.nix | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/pkgs/development/tools/analysis/checkov/default.nix b/pkgs/development/tools/analysis/checkov/default.nix index 8fa16e31c036..a10b051952aa 100644 --- a/pkgs/development/tools/analysis/checkov/default.nix +++ b/pkgs/development/tools/analysis/checkov/default.nix @@ -22,14 +22,14 @@ with py.pkgs; buildPythonApplication rec { pname = "checkov"; - version = "2.3.283"; + version = "2.3.285"; format = "setuptools"; src = fetchFromGitHub { owner = "bridgecrewio"; repo = pname; rev = "refs/tags/${version}"; - hash = "sha256-2NiDCzbZR82wQeRRTeKLx6FZe25k4wmzACCWNUJG+yI="; + hash = "sha256-e451r8md6HOOhEIsjFitQ0IGacQ6bhA/jBFmaz/zVv8="; }; patches = [