From 16f713d5378c582b87cc0aaf64b99d39a8b99334 Mon Sep 17 00:00:00 2001 From: Audrey Dutcher Date: Sun, 24 Mar 2024 12:27:46 -0700 Subject: [PATCH 01/88] rhash: Support FreeBSD by adding unreleased patches --- pkgs/tools/security/rhash/default.nix | 4 ++ pkgs/tools/security/rhash/do-link-so.patch | 22 ++++++++ pkgs/tools/security/rhash/dont-fail-ln.patch | 59 ++++++++++++++++++++ 3 files changed, 85 insertions(+) create mode 100644 pkgs/tools/security/rhash/do-link-so.patch create mode 100644 pkgs/tools/security/rhash/dont-fail-ln.patch diff --git a/pkgs/tools/security/rhash/default.nix b/pkgs/tools/security/rhash/default.nix index e789eeba05394..cdad16bb4b43c 100644 --- a/pkgs/tools/security/rhash/default.nix +++ b/pkgs/tools/security/rhash/default.nix @@ -3,6 +3,7 @@ , fetchFromGitHub , which , enableStatic ? stdenv.hostPlatform.isStatic +, gettext }: stdenv.mkDerivation rec { @@ -16,7 +17,10 @@ stdenv.mkDerivation rec { sha256 = "sha256-3CW41ULdXoID4cOgrcG2j85tgIJ/sz5hU7A83qpuxf4="; }; + patches = [ ./dont-fail-ln.patch ./do-link-so.patch ]; + nativeBuildInputs = [ which ]; + buildInputs = lib.optionals stdenv.hostPlatform.isFreeBSD [ gettext ]; # configure script is not autotools-based, doesn't support these options dontAddStaticConfigureFlags = true; diff --git a/pkgs/tools/security/rhash/do-link-so.patch b/pkgs/tools/security/rhash/do-link-so.patch new file mode 100644 index 0000000000000..d75df2d048cdb --- /dev/null +++ b/pkgs/tools/security/rhash/do-link-so.patch @@ -0,0 +1,22 @@ +From b8c91ea6551e99e10352386cd46ea26973bb4a4d Mon Sep 17 00:00:00 2001 +From: Aleksey Kravchenko +Date: Mon, 11 Sep 2023 03:49:20 +0300 +Subject: [PATCH] Fix #238: Build on Unix + +--- + librhash/Makefile | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/librhash/Makefile b/librhash/Makefile +index e8ee862..34f1263 100644 +--- a/librhash/Makefile ++++ b/librhash/Makefile +@@ -27,7 +27,7 @@ install-lib-static: $(LIBRHASH_STATIC) + install-lib-shared: $(LIBRHASH_SHARED) $(EXTRA_INSTALL_LIBSHARED) + $(INSTALL) -d $(SO_DIR) + $(INSTALL_SHARED) $(LIBRHASH_SHARED) $(SO_DIR)/ +- test "x$(LIBRHASH_SO_MAJ)" != "x$(LIBRHASH_SHARED)" || ( \ ++ test "x$(LIBRHASH_SO_MAJ)" = "x$(LIBRHASH_SHARED)" || ( \ + rm -f $(LIBDIR)/$(LIBRHASH_SO_MAJ) && \ + ln -s $(LIBRHASH_SHARED) $(LIBDIR)/$(LIBRHASH_SO_MAJ) ) + diff --git a/pkgs/tools/security/rhash/dont-fail-ln.patch b/pkgs/tools/security/rhash/dont-fail-ln.patch new file mode 100644 index 0000000000000..7703db5feb241 --- /dev/null +++ b/pkgs/tools/security/rhash/dont-fail-ln.patch @@ -0,0 +1,59 @@ +From 9ef90b958b7ae50aeeb5c269468034d73d6e2efe Mon Sep 17 00:00:00 2001 +From: Aleksey Kravchenko +Date: Mon, 31 Jul 2023 02:48:15 +0300 +Subject: [PATCH] Fix #238: Build on *BSD + +--- + configure | 3 ++- + librhash/Makefile | 8 ++++---- + 2 files changed, 6 insertions(+), 5 deletions(-) + +diff --git a/configure b/configure +index dae76d5..39ef8c1 100755 +--- a/configure ++++ b/configure +@@ -567,6 +567,7 @@ qnx() { test "$OS_LC" = "qnx"; } + sunos() { test "$OS_LC" = "sunos"; } + wine() { test "$OS_LC" = "wine"; } + win32() { cygwin || mingw32 || mingw64 || msys || wine; } ++bsd() { dragonfly || freebsd || netbsd || openbsd ; } + posix_make() { aix || bsdos || hpux || irix || qnx || sunos; } + + ##################################################################### +@@ -713,7 +714,7 @@ if win32; then + elif darwin; then + SHARED_EXT=".${RHASH_VERSION_MAJOR}.dylib" + SOLINK_EXT=".dylib" +-elif linux; then ++elif linux || bsd; then + # use the full library version for the library file extension + SHARED_EXT=".so.${RHASH_VERSION}" + fi +diff --git a/librhash/Makefile b/librhash/Makefile +index d48e06e..e8ee862 100644 +--- a/librhash/Makefile ++++ b/librhash/Makefile +@@ -27,9 +27,9 @@ install-lib-static: $(LIBRHASH_STATIC) + install-lib-shared: $(LIBRHASH_SHARED) $(EXTRA_INSTALL_LIBSHARED) + $(INSTALL) -d $(SO_DIR) + $(INSTALL_SHARED) $(LIBRHASH_SHARED) $(SO_DIR)/ +- test "x$(LIBRHASH_SO_MAJ)" != "x$(LIBRHASH_SHARED)" && \ ++ test "x$(LIBRHASH_SO_MAJ)" != "x$(LIBRHASH_SHARED)" || ( \ + rm -f $(LIBDIR)/$(LIBRHASH_SO_MAJ) && \ +- ln -s $(LIBRHASH_SHARED) $(LIBDIR)/$(LIBRHASH_SO_MAJ) ++ ln -s $(LIBRHASH_SHARED) $(LIBDIR)/$(LIBRHASH_SO_MAJ) ) + + install-implib: + $(INSTALL) -d $(LIBDIR) +@@ -175,9 +175,9 @@ $(EXPORTS_FILE): $(LIB_HEADERS) + $(LIB_HEADERS) | grep -v "$(EXPORTS_SKIP)" > $@ + + $(LIBRHASH_SOLINK): +- test "x$(LIBRHASH_SO_MAJ)" != "x$(LIBRHASH_SHARED)" && \ ++ test "x$(LIBRHASH_SO_MAJ)" = "x$(LIBRHASH_SHARED)" || ( \ + rm -f $(LIBRHASH_SO_MAJ) && \ +- ln -s $(LIBRHASH_SHARED) $(LIBRHASH_SO_MAJ) ++ ln -s $(LIBRHASH_SHARED) $(LIBRHASH_SO_MAJ) ) + rm -f $(LIBRHASH_SOLINK) + ln -s $(LIBRHASH_SO_MAJ) $(LIBRHASH_SOLINK) + From 6ce6559ad89a385fb99a1973914351793ed1f112 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Thomas=20M=C3=BChlbacher?= Date: Sat, 13 Apr 2024 19:40:13 +0200 Subject: [PATCH 02/88] polkit: upstream moved to github --- pkgs/development/libraries/polkit/default.nix | 9 ++++----- 1 file changed, 4 insertions(+), 5 deletions(-) diff --git a/pkgs/development/libraries/polkit/default.nix b/pkgs/development/libraries/polkit/default.nix index dabba056b4876..5758132044aea 100644 --- a/pkgs/development/libraries/polkit/default.nix +++ b/pkgs/development/libraries/polkit/default.nix @@ -1,6 +1,6 @@ { lib , stdenv -, fetchFromGitLab +, fetchFromGitHub , pkg-config , glib , expat @@ -43,9 +43,8 @@ stdenv.mkDerivation rec { outputs = [ "bin" "dev" "out" ]; # small man pages in $bin # Tarballs do not contain subprojects. - src = fetchFromGitLab { - domain = "gitlab.freedesktop.org"; - owner = "polkit"; + src = fetchFromGitHub { + owner = "polkit-org"; repo = "polkit"; rev = version; hash = "sha256-/kjWkh6w2FYgtYWzw3g3GlWJKKpkJ3cqwfE0iDqJctw="; @@ -175,7 +174,7 @@ stdenv.mkDerivation rec { ''; meta = with lib; { - homepage = "https://gitlab.freedesktop.org/polkit/polkit/"; + homepage = "https://github.com/polkit-org/polkit"; description = "A toolkit for defining and handling the policy that allows unprivileged processes to speak to privileged processes"; license = licenses.lgpl2Plus; platforms = platforms.linux; From 5ea359c878c6f82ed9cbcd510aaee8d23d528de0 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Thomas=20M=C3=BChlbacher?= Date: Sat, 13 Apr 2024 19:40:49 +0200 Subject: [PATCH 03/88] polkit: 123 -> 124 in the new release the meson option `systemdsystemunitdir` is broken by the new `sysusers.d` code in `meson.build`. we fix this by setting both of these pkg-config variables through environment variables. Changes: https://github.com/polkit-org/polkit/compare/123...124 --- pkgs/development/libraries/polkit/default.nix | 10 +++++++--- 1 file changed, 7 insertions(+), 3 deletions(-) diff --git a/pkgs/development/libraries/polkit/default.nix b/pkgs/development/libraries/polkit/default.nix index 5758132044aea..54c86e42ad91c 100644 --- a/pkgs/development/libraries/polkit/default.nix +++ b/pkgs/development/libraries/polkit/default.nix @@ -38,7 +38,7 @@ let in stdenv.mkDerivation rec { pname = "polkit"; - version = "123"; + version = "124"; outputs = [ "bin" "dev" "out" ]; # small man pages in $bin @@ -47,7 +47,7 @@ stdenv.mkDerivation rec { owner = "polkit-org"; repo = "polkit"; rev = version; - hash = "sha256-/kjWkh6w2FYgtYWzw3g3GlWJKKpkJ3cqwfE0iDqJctw="; + hash = "sha256-Vc9G2xK6U1cX+xW2BnKp3oS/ACbSXS/lztbFP5oJOlM="; }; patches = [ @@ -107,10 +107,14 @@ stdenv.mkDerivation rec { ])) ]; + env = { + PKG_CONFIG_SYSTEMD_SYSTEMDSYSTEMUNITDIR = "${placeholder "out"}/lib/systemd/system"; + PKG_CONFIG_SYSTEMD_SYSUSERS_DIR = "${placeholder "out"}/lib/sysusers.d"; + }; + mesonFlags = [ "--datadir=${system}/share" "--sysconfdir=/etc" - "-Dsystemdsystemunitdir=${placeholder "out"}/lib/systemd/system" "-Dpolkitd_user=polkituser" #TODO? config.ids.uids.polkituser "-Dos_type=redhat" # only affects PAM includes "-Dintrospection=${lib.boolToString withIntrospection}" From 4b8fa41e8346f39387fd49538153944c59b4a444 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Thomas=20M=C3=BChlbacher?= Date: Mon, 11 Mar 2024 21:23:35 +0100 Subject: [PATCH 04/88] polkit: move patch from archived upstream to local since the repo at gitlab.fredesktop.org is archived, it's likely safer to pull down this patch into nixpkgs directly. in case the archived repo vanishes in the future. --- ...otdir-in-Meson-generated-pkg-config-.patch | 53 +++++++++++++++++++ pkgs/development/libraries/polkit/default.nix | 6 +-- 2 files changed, 54 insertions(+), 5 deletions(-) create mode 100644 pkgs/development/libraries/polkit/0001-build-Use-datarootdir-in-Meson-generated-pkg-config-.patch diff --git a/pkgs/development/libraries/polkit/0001-build-Use-datarootdir-in-Meson-generated-pkg-config-.patch b/pkgs/development/libraries/polkit/0001-build-Use-datarootdir-in-Meson-generated-pkg-config-.patch new file mode 100644 index 0000000000000..4e38660217fef --- /dev/null +++ b/pkgs/development/libraries/polkit/0001-build-Use-datarootdir-in-Meson-generated-pkg-config-.patch @@ -0,0 +1,53 @@ +From 7ba07551dfcd4ef9a87b8f0d9eb8b91fabcb41b3 Mon Sep 17 00:00:00 2001 +From: Jan Tojnar +Date: Mon, 1 Nov 2021 14:17:17 +0100 +Subject: [PATCH] build: Use datarootdir in Meson-generated pkg-config files +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +With datadir outside of prefix (currently unsupported by Meson[1] +but a frequent occurrence in Nixpkgs), the `datadir` entry, +in the `polkit-gobject-1` pkg-config file will be an absolute path. +This will prevent changing the base directory of `policydir` +with `--define-variable=prefix=…`, which many projects use +to install policy files to their own prefix. + +Previously, this worked without changes on Nixpkgs’s part because +the pkg-config template used by Autotools contained `@datarootdir@`, +which resolves to `$(prefix)/share`[2], taking no heed of the changed datadir. + +Similar issue can happen when a distribution package redefines datadir +like Debian does/did.[3] + +This patch changes Meson-based build system to use `$(prefix)/share` +in the generated pkg-config files, mirroring Autotools. + +--- + +1. Likely to change in the future: https://github.com/mesonbuild/meson/issues/2561#issuecomment-939253717 +2. https://www.gnu.org/prep/standards/html_node/Directory-Variables.html +3. https://blogs.gnome.org/hughsie/2014/06/16/datarootdir-v-s-datadir/ +--- + src/polkit/meson.build | 5 ++--- + 1 file changed, 2 insertions(+), 3 deletions(-) + +diff --git a/src/polkit/meson.build b/src/polkit/meson.build +index 63dc1e85..c92cb70f 100644 +--- a/src/polkit/meson.build ++++ b/src/polkit/meson.build +@@ -113,9 +113,8 @@ pkg.generate( + requires: common_deps, + variables: [ + 'exec_prefix=${prefix}', +- 'datadir=' + ('${prefix}' / pk_datadir), +- 'policydir=' + ('${datadir}' / pk_actiondir), +- 'actiondir=' + ('${datadir}' / pk_actiondir), ++ 'policydir=' + ('${prefix}' / 'share' / pk_actiondir), ++ 'actiondir=' + ('${prefix}' / 'share' / pk_actiondir), + 'pkcheck_supports_uid=true', + ], + ) +-- +GitLab + diff --git a/pkgs/development/libraries/polkit/default.nix b/pkgs/development/libraries/polkit/default.nix index 54c86e42ad91c..69b2233a8559b 100644 --- a/pkgs/development/libraries/polkit/default.nix +++ b/pkgs/development/libraries/polkit/default.nix @@ -10,7 +10,6 @@ , ninja , perl , python3 -, fetchpatch , gettext , duktape , gobject-introspection @@ -53,10 +52,7 @@ stdenv.mkDerivation rec { patches = [ # Allow changing base for paths in pkg-config file as before. # https://gitlab.freedesktop.org/polkit/polkit/-/merge_requests/100 - (fetchpatch { - url = "https://gitlab.freedesktop.org/polkit/polkit/-/commit/7ba07551dfcd4ef9a87b8f0d9eb8b91fabcb41b3.patch"; - sha256 = "ebbLILncq1hAZTBMsLm+vDGw6j0iQ0crGyhzyLZQgKA="; - }) + ./0001-build-Use-datarootdir-in-Meson-generated-pkg-config-.patch ]; depsBuildBuild = [ From 21833407b4364b7266a1b234d06182f655ec6cb7 Mon Sep 17 00:00:00 2001 From: Ben Wolsieffer Date: Sat, 20 Apr 2024 15:25:07 -0400 Subject: [PATCH 05/88] pythonCatchConflictsHook: add test for multiple dependency chains Add a test where a conflicting package can be found at the end of multiple dependency chains. This is far too simple an example to demonstrate the ill effects of exponential time complexity, but does serve to demonstrate how the error output changes when each path is only visited once. --- .../python-catch-conflicts-hook-tests.nix | 42 +++++++++++++++++++ 1 file changed, 42 insertions(+) diff --git a/pkgs/development/interpreters/python/hooks/python-catch-conflicts-hook-tests.nix b/pkgs/development/interpreters/python/hooks/python-catch-conflicts-hook-tests.nix index cba1034e0963d..3890df40cb742 100644 --- a/pkgs/development/interpreters/python/hooks/python-catch-conflicts-hook-tests.nix +++ b/pkgs/development/interpreters/python/hooks/python-catch-conflicts-hook-tests.nix @@ -143,4 +143,46 @@ in { }; in expectFailure toplevel "Found duplicated packages in closure for dependency 'leaf'"; + + /* + Transitive conflict with multiple dependency chains leading to the + conflicting package. + + Test sets up this dependency tree: + + toplevel + ├── dep1 + │ └── leaf + ├── dep2 + │ └── leaf + └── dep3 + └── leaf (customized version -> conflicting) + */ + catches-conflict-multiple-chains = let + # package depending on dependency1, dependency2 and dependency3 + toplevel = generatePythonPackage { + pname = "catches-conflict-multiple-chains"; + propagatedBuildInputs = [ dep1 dep2 dep3 ]; + }; + # dep1 package depending on leaf + dep1 = generatePythonPackage { + pname = "dependency1"; + propagatedBuildInputs = [ leaf ]; + }; + # dep2 package depending on leaf + dep2 = generatePythonPackage { + pname = "dependency2"; + propagatedBuildInputs = [ leaf ]; + }; + # dep3 package depending on conflicting version of leaf + dep3 = generatePythonPackage { + pname = "dependency3"; + propagatedBuildInputs = [ (customize leaf) ]; + }; + # some leaf package + leaf = generatePythonPackage { + pname = "leaf"; + }; + in + expectFailure toplevel "Found duplicated packages in closure for dependency 'leaf'"; } From a25e43e6d7089d4655f945c9874bd6756fbb5c90 Mon Sep 17 00:00:00 2001 From: Ben Wolsieffer Date: Sat, 20 Apr 2024 14:47:00 -0400 Subject: [PATCH 06/88] pythonCatchConflictsHook: prevent exponential worst-case The hook performs a depth first search on the graph defined by propagatedBuildInputs. This traverses all paths through the graph, except for any cycles. In the worst case with a highly connected graph, this search can take exponential time. In practice, this means that in cases with long dependency chains and multiple packages depending on the same package, the hook can take several hours to run. Avoid this problem by keeping track of already visited paths and only visiting each path once. This makes the search complete in linear time. The visible effect of this change is that, if a conflict is found, only one dependency chain that leads to the conflicting package is printed, rather than all the possible dependency chains. --- .../python/catch_conflicts/catch_conflicts.py | 9 ++++++++- 1 file changed, 8 insertions(+), 1 deletion(-) diff --git a/pkgs/development/interpreters/python/catch_conflicts/catch_conflicts.py b/pkgs/development/interpreters/python/catch_conflicts/catch_conflicts.py index ad679d9f9f99e..648fec015903f 100644 --- a/pkgs/development/interpreters/python/catch_conflicts/catch_conflicts.py +++ b/pkgs/development/interpreters/python/catch_conflicts/catch_conflicts.py @@ -3,9 +3,10 @@ import collections import sys import os -from typing import Dict, List, Tuple +from typing import Dict, List, Set, Tuple do_abort: bool = False packages: Dict[str, Dict[str, List[Dict[str, List[str]]]]] = collections.defaultdict(list) +found_paths: Set[Path] = set() out_path: Path = Path(os.getenv("out")) version: Tuple[int, int] = sys.version_info site_packages_path: str = f'lib/python{version[0]}.{version[1]}/site-packages' @@ -46,6 +47,12 @@ def find_packages(store_path: Path, site_packages_path: str, parents: List[str]) site_packages: Path = (store_path / site_packages_path) propagated_build_inputs: Path = (store_path / "nix-support/propagated-build-inputs") + # only visit each path once, to avoid exponential complexity with highly + # connected dependency graphs + if store_path in found_paths: + return + found_paths.add(store_path) + # add the current package to the list if site_packages.exists(): for dist_info in site_packages.glob("*.dist-info"): From 7f14d675a7e1e2bdef3c9c1b6f83c42474715e51 Mon Sep 17 00:00:00 2001 From: Ben Wolsieffer Date: Sat, 20 Apr 2024 15:16:45 -0400 Subject: [PATCH 07/88] pythonCatchConflictsHook: cleanup due to visiting each path once Now that we only visit each path once, a few things can be simplified. We no longer have to keep a list of different dependency chains leading to a package, since only one chain will ever be found. Also, the already visited check also takes care of cycles, so the other cycle check can be removed. --- .../python/catch_conflicts/catch_conflicts.py | 20 +++++++------------ 1 file changed, 7 insertions(+), 13 deletions(-) diff --git a/pkgs/development/interpreters/python/catch_conflicts/catch_conflicts.py b/pkgs/development/interpreters/python/catch_conflicts/catch_conflicts.py index 648fec015903f..cb2bd56c71d54 100644 --- a/pkgs/development/interpreters/python/catch_conflicts/catch_conflicts.py +++ b/pkgs/development/interpreters/python/catch_conflicts/catch_conflicts.py @@ -5,7 +5,7 @@ import os from typing import Dict, List, Set, Tuple do_abort: bool = False -packages: Dict[str, Dict[str, List[Dict[str, List[str]]]]] = collections.defaultdict(list) +packages: Dict[str, Dict[str, Dict[str, List[str]]]] = collections.defaultdict(dict) found_paths: Set[Path] = set() out_path: Path = Path(os.getenv("out")) version: Tuple[int, int] = sys.version_info @@ -32,14 +32,10 @@ def describe_parents(parents: List[str]) -> str: # inserts an entry into 'packages' def add_entry(name: str, version: str, store_path: str, parents: List[str]) -> None: - if name not in packages: - packages[name] = {} - if store_path not in packages[name]: - packages[name][store_path] = [] - packages[name][store_path].append(dict( + packages[name][store_path] = dict( version=version, parents=parents, - )) + ) # transitively discover python dependencies and store them in 'packages' @@ -64,8 +60,7 @@ def find_packages(store_path: Path, site_packages_path: str, parents: List[str]) with open(propagated_build_inputs, "r") as f: build_inputs: List[str] = f.read().strip().split(" ") for build_input in build_inputs: - if build_input not in parents: - find_packages(Path(build_input), site_packages_path, parents + [build_input]) + find_packages(Path(build_input), site_packages_path, parents + [build_input]) find_packages(out_path, site_packages_path, [f"this derivation: {out_path}"]) @@ -75,10 +70,9 @@ def find_packages(store_path: Path, site_packages_path: str, parents: List[str]) if len(store_paths) > 1: do_abort = True print("Found duplicated packages in closure for dependency '{}': ".format(name)) - for store_path, candidates in store_paths.items(): - for candidate in candidates: - print(f" {name} {candidate['version']} ({store_path})") - print(describe_parents(candidate['parents'])) + for store_path, candidate in store_paths.items(): + print(f" {name} {candidate['version']} ({store_path})") + print(describe_parents(candidate['parents'])) # fail if duplicates were found if do_abort: From f9de72f24776538e7e2243f54ab46f3e3a921ab5 Mon Sep 17 00:00:00 2001 From: Ben Wolsieffer Date: Sat, 20 Apr 2024 15:28:11 -0400 Subject: [PATCH 08/88] pythonCatchConflictsHook: split propagated-build-inputs on runs of whitespace Currently, nix-support/propagated-build-inputs is parsed by splitting on a single space. This means that if this file contains multiple spaces separating two paths, the build_inputs list will end up containing an empty string. Instead, call split() with no arguments, which splits on runs of whitespace and also ignores whitespace at the beginning and end of the string, eliminating the need for strip(). --- .../interpreters/python/catch_conflicts/catch_conflicts.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/pkgs/development/interpreters/python/catch_conflicts/catch_conflicts.py b/pkgs/development/interpreters/python/catch_conflicts/catch_conflicts.py index cb2bd56c71d54..4713cfb7026e5 100644 --- a/pkgs/development/interpreters/python/catch_conflicts/catch_conflicts.py +++ b/pkgs/development/interpreters/python/catch_conflicts/catch_conflicts.py @@ -58,7 +58,7 @@ def find_packages(store_path: Path, site_packages_path: str, parents: List[str]) # recursively add dependencies if propagated_build_inputs.exists(): with open(propagated_build_inputs, "r") as f: - build_inputs: List[str] = f.read().strip().split(" ") + build_inputs: List[str] = f.read().split() for build_input in build_inputs: find_packages(Path(build_input), site_packages_path, parents + [build_input]) From fb0ddd9186170fe297e2274c01ee410d79874f9f Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?J=C3=B6rg=20Thalheim?= Date: Mon, 29 Apr 2024 12:08:52 +0200 Subject: [PATCH 09/88] libcamera: fix binary reproduciblity --- pkgs/by-name/li/libcamera/ipa-priv-key.pem | 28 ++++++++++++++++++++ pkgs/by-name/li/libcamera/package.nix | 30 ++++++++++++---------- 2 files changed, 45 insertions(+), 13 deletions(-) create mode 100644 pkgs/by-name/li/libcamera/ipa-priv-key.pem diff --git a/pkgs/by-name/li/libcamera/ipa-priv-key.pem b/pkgs/by-name/li/libcamera/ipa-priv-key.pem new file mode 100644 index 0000000000000..b5b5b17ba0d0c --- /dev/null +++ b/pkgs/by-name/li/libcamera/ipa-priv-key.pem @@ -0,0 +1,28 @@ +-----BEGIN PRIVATE KEY----- +MIIEvQIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEAAoIBAQCocmtyzPPjv+52 +JiZrpZFfaZ0eeUgugc8gV+0+2Q9GEkl/xxqjiDVg31gBO3iwQov2NmGuPbXr+vwZ +QcUqNQakmmdi22tBaTtd6hMuhu9OfbP8sIFaf0dToZRHkPgf63+WCF6w0O9enEz4 +zjW3kPa1eVRVekiYCXGML/VhN+h5WwWouNWgEOw5JH39ZuGmhsGN5XekkHtyMkwq +Vr+JodoSizhYs9VBYNA1J4PlyiS4BYr4pLiLffzPwRjcSS777x33g+nWNr1lsFxB +nDoVvVnq0E7fiXxlmCtAr/7dv0Ug5ixuNfZ9yoT0f+mfUiG/anmfodHujIm2Db37 +jvmfxaq1AgMBAAECggEAFhJKBHSY92xod0g37A55fiZFTV8oZ1mgdXU386522yBd +y5Wf5rIcBmm1axHrFjNeCgClq3JQEk/kdP3Ccy2YBXzq04/7HYrHmd5oLYZGOINt +kExjYqN/SdTH7FmxPWN66AKIP8RcvQmfZ1GDxd4DiZNQitO3S96e53bIQPkVp8Lg +GfK6LQCdOGimD00wvRoeqbV0PWGGVMfx+KvD5hxKYolyi/hNUxToD28qCAoMlMTi +yL+17q3nIYZvUmL0k7d64U+lXF8ov3cVXNJzAzFi41MXZ2Xqk3Lj+IhNweUhlOyn +fTo8QntNlirNL/XmtJ+5mPbGufE/6zsSNOf2Cyz2aQKBgQDio/tA3tFBzOz31hox +gW6NKarhp7e5R3XHQjZPmQXKq2lGCTBN+LzwCLYDa+ZWkS+cel/xSbkUFl0dopCu +7uGrSvmVAv+l1k879WHsYmLlDjJSa8WmDtVQ0SJr70X9UJmD2BivWnTnzrpZFu2A +Nv57gvebJTI4tLfAAyIfbg8gOQKBgQC+RJRv8/jVha/4sPonQYvpH0scS0Xzwca6 +xd23e+vULBpk7IVzMbVGJEDdfWXVJeAO++FSQcgTJA38nfYm2XRPZAProliLaW8o +XVhhhWbXP7Jc8BmL5zyfDaLOXNFBX2kfr/oKeOoQ+0dRDlWKlarw1SxC+RT6i2qQ +YETgXHKmXQKBgGk8mWsqy2HRZOtDqE/6eLnlciprtVy7+M14Sj21oUHVTAGwPJTH +/fs7IEEAdikWK1RuYmRoxh60r7IWDTadR35BRxjRFqILnCkMLNcVbDRN3kH1NwZ/ +dr+bDG+v4ADazx2wVu39g7Erhc3eXpOddZcmXhDVObeo+nWXPt33PeDJAoGBAJ4v ++FVnuo8Tee1Cfogat87W5KSedIcnqSjpjt+Y2MXq8PrNplnSjwrE42UCd6KRvcnX +Ykr4Q/ad+D75uYgtLMVAuv2yWPl3bCJcETnrJkh5PbqFKEgntT/rn1sA0j0OrSDa +NwFz6+64a1+ZkkcJDjjykr0Px4BSXwOv9jOuyOdFAoGADZEADOLX5y4utxboe1M0 +UnaFKGEDE6H8qdRJQ9bSvEwJI142al02CvnvqvP4cpd8rKOCRs9nSXFJFXCedTLy +ojSVfjTyJMTVJxab/c/Qugkxb/TqGfEnZF2yoTsfPYp2pXRd6DvyKlDQzlSOj933 +FrqeSe1QKapuPRsujVwLZDU= +-----END PRIVATE KEY----- diff --git a/pkgs/by-name/li/libcamera/package.nix b/pkgs/by-name/li/libcamera/package.nix index a6a0fe8fa7c35..dabf457de7432 100644 --- a/pkgs/by-name/li/libcamera/package.nix +++ b/pkgs/by-name/li/libcamera/package.nix @@ -1,7 +1,6 @@ { stdenv , fetchgit , lib -, fetchpatch , meson , ninja , pkg-config @@ -33,12 +32,24 @@ stdenv.mkDerivation rec { hash = "sha256-x0Im9m9MoACJhQKorMI34YQ+/bd62NdAPc2nWwaJAvM="; }; - outputs = [ "out" "dev" "doc" ]; + outputs = [ "out" "dev" ]; postPatch = '' patchShebangs utils/ ''; + # libcamera signs the IPA module libraries at install time, but they are then + # modified by stripping and RPATH fixup. Therefore, we need to generate the + # signatures again ourselves. For reproducibility, we use a static private key. + # + # If this is not done, libcamera will still try to load them, but it will + # isolate them in separate processes, which can cause crashes for IPA modules + # that are not designed for this (notably ipa_rpi.so). + preBuild = '' + ninja src/ipa-priv-key.pem + install -D ${./ipa-priv-key.pem} src/ipa-priv-key.pem + ''; + strictDeps = true; buildInputs = [ @@ -86,6 +97,10 @@ stdenv.mkDerivation rec { # Avoid blanket -Werror to evade build failures on less # tested compilers. "-Dwerror=false" + # Documentation breaks binary compatibility. + # Given that upstream also provides public documentation, + # we can disable it here. + "-Ddocumentation=disabled" ]; # Fixes error on a deprecated declaration @@ -94,17 +109,6 @@ stdenv.mkDerivation rec { # Silence fontconfig warnings about missing config FONTCONFIG_FILE = makeFontsConf { fontDirectories = [ ]; }; - # libcamera signs the IPA module libraries at install time, but they are then - # modified by stripping and RPATH fixup. Therefore, we need to generate the - # signatures again ourselves. - # - # If this is not done, libcamera will still try to load them, but it will - # isolate them in separate processes, which can cause crashes for IPA modules - # that are not designed for this (notably ipa_rpi.so). - postFixup = '' - ../src/ipa/ipa-sign-install.sh src/ipa-priv-key.pem $out/lib/libcamera/ipa_*.so - ''; - meta = with lib; { description = "An open source camera stack and framework for Linux, Android, and ChromeOS"; homepage = "https://libcamera.org"; From 0293a353ee6de952cb9c5449c91912d86b200509 Mon Sep 17 00:00:00 2001 From: Randy Eckenrode Date: Sun, 21 Apr 2024 20:37:15 -0400 Subject: [PATCH 10/88] apple-source-releases: always use python3Minimal Using python3Minimal avoids infinite recursions in the stdenv bootstrap on x86_64-darwin when building Python with configd support. --- pkgs/os-specific/darwin/apple-source-releases/default.nix | 6 ++---- 1 file changed, 2 insertions(+), 4 deletions(-) diff --git a/pkgs/os-specific/darwin/apple-source-releases/default.nix b/pkgs/os-specific/darwin/apple-source-releases/default.nix index 1bd574fe46a49..473a4d7ada9b2 100644 --- a/pkgs/os-specific/darwin/apple-source-releases/default.nix +++ b/pkgs/os-specific/darwin/apple-source-releases/default.nix @@ -229,7 +229,7 @@ let pname = builtins.head (lib.splitString "/" namePath); appleDerivation' = stdenv: appleDerivation'' stdenv pname version sdkName sha256; appleDerivation = appleDerivation' stdenv; - callPackage = self.newScope { inherit appleDerivation' appleDerivation; }; + callPackage = self.newScope { inherit appleDerivation' appleDerivation; python3 = pkgs.buildPackages.python3Minimal; }; in callPackage (./. + "/${namePath}"); applePackage = namePath: sdkName: sha256: let @@ -292,9 +292,7 @@ developerToolsPackages_11_3_1 // macosPackages_11_0_1 // { ppp = applePackage "ppp" "osx-10.12.6" "sha256-M1zoEjjeKIDUEP6ACbpUJk3OXjobw4g/qzUmxGdX1J0=" {}; removefile = applePackage "removefile" "osx-10.12.6" "sha256-UpNk27kGXnZss1ZXWVJU9jLz/NW63ZAZEDLhyCYoi9M=" {}; xnu = if stdenv.isx86_64 then - applePackage "xnu" "osx-10.12.6" "sha256-C8TPQlUT3RbzAy8YnZPNtr70hpaVG9Llv0h42s3NENI=" { - python3 = pkgs.buildPackages.buildPackages.python3; # TODO(@Ericson2314) this shouldn't be needed. - } + applePackage "xnu" "osx-10.12.6" "sha256-C8TPQlUT3RbzAy8YnZPNtr70hpaVG9Llv0h42s3NENI=" {} else macosPackages_11_0_1.xnu; hfs = applePackage "hfs" "osx-10.12.6" "sha256-eGi18HQFJrU5UHoBOE0LqO5gQ0xOf8+OJuAWQljfKE4=" {}; Librpcsvc = applePackage "Librpcsvc" "osx-10.11.6" "sha256-YHbGws901xONzAbo6sB5zSea4Wp0sgYUJ8YgwVfWxnE=" {}; From e26b27a23a6ce7628963632316ead52f15dbfedc Mon Sep 17 00:00:00 2001 From: Sergei Trofimovich Date: Thu, 2 May 2024 21:51:57 +0100 Subject: [PATCH 11/88] tracker: 3.7.2 -> 3.7.3 Changes: https://gitlab.gnome.org/GNOME/tracker/-/blob/3.7.3/NEWS --- pkgs/development/libraries/tracker/default.nix | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/pkgs/development/libraries/tracker/default.nix b/pkgs/development/libraries/tracker/default.nix index 67400eaee929b..da5274e0b7dfe 100644 --- a/pkgs/development/libraries/tracker/default.nix +++ b/pkgs/development/libraries/tracker/default.nix @@ -34,13 +34,13 @@ stdenv.mkDerivation (finalAttrs: { pname = "tracker"; - version = "3.7.2"; + version = "3.7.3"; outputs = [ "out" "dev" "devdoc" ]; src = fetchurl { url = with finalAttrs; "mirror://gnome/sources/${pname}/${lib.versions.majorMinor version}/${pname}-${version}.tar.xz"; - hash = "sha256-3ryqKR5Gr63Bz2olHxfvsCRAqki/9kPXjGESOAfc4A8="; + hash = "sha256-qz1KUJN+BMXteEb227mZ4pCYGUAvOJylku5rd90o0fk="; }; strictDeps = true; From e69ace568e16728dd82336c260ee48dd9e1035a4 Mon Sep 17 00:00:00 2001 From: qubitnano <146656568+qubitnano@users.noreply.github.com> Date: Fri, 3 May 2024 20:27:35 -0400 Subject: [PATCH 12/88] gdk-pixbuf: enable other loaders 2.42.11 disables several loaders by default. The meson option "others" reenables these for packages that still depend on them. --- pkgs/development/libraries/gdk-pixbuf/default.nix | 8 ++++++++ 1 file changed, 8 insertions(+) diff --git a/pkgs/development/libraries/gdk-pixbuf/default.nix b/pkgs/development/libraries/gdk-pixbuf/default.nix index a90a2c5c9f780..ea9ff1d918087 100644 --- a/pkgs/development/libraries/gdk-pixbuf/default.nix +++ b/pkgs/development/libraries/gdk-pixbuf/default.nix @@ -21,6 +21,7 @@ , buildPackages , withIntrospection ? lib.meta.availableOn stdenv.hostPlatform gobject-introspection && stdenv.hostPlatform.emulatorAvailable buildPackages , gobject-introspection +, fetchpatch }: stdenv.mkDerivation (finalAttrs: { @@ -41,6 +42,12 @@ stdenv.mkDerivation (finalAttrs: { patches = [ # Move installed tests to a separate output ./installed-tests-path.patch + # Remove post 2.42.11 + (fetchpatch { + name = "fix-meson.build-typo.patch"; + url = "https://gitlab.gnome.org/GNOME/gdk-pixbuf/-/commit/238893d8cd6f9c2616a05ab521a29651a17a38c2.patch"; + hash = "sha256-6IhdNH6hhygSXD7EJo/hoBLFeb2lJlBIHNBPTkA3Do0="; + }) ]; # gdk-pixbuf-thumbnailer is not wrapped therefore strictDeps will work @@ -79,6 +86,7 @@ stdenv.mkDerivation (finalAttrs: { "-Dgio_sniffing=false" (lib.mesonBool "gtk_doc" withIntrospection) (lib.mesonEnable "introspection" withIntrospection) + (lib.mesonEnable "others" true) ]; postPatch = '' From 9b10f90188dd7954b082026f7419b4ce024fe15c Mon Sep 17 00:00:00 2001 From: qubitnano <146656568+qubitnano@users.noreply.github.com> Date: Fri, 3 May 2024 23:50:06 -0400 Subject: [PATCH 13/88] gdk-pixbuf: disable ani loader The "others" option includes ani which is currently affected by CVE-2022-48622. Disable this by removing it from the build while allowing the other loaders to build. --- pkgs/development/libraries/gdk-pixbuf/default.nix | 3 +++ 1 file changed, 3 insertions(+) diff --git a/pkgs/development/libraries/gdk-pixbuf/default.nix b/pkgs/development/libraries/gdk-pixbuf/default.nix index ea9ff1d918087..f9fd75f1a6af9 100644 --- a/pkgs/development/libraries/gdk-pixbuf/default.nix +++ b/pkgs/development/libraries/gdk-pixbuf/default.nix @@ -101,6 +101,9 @@ stdenv.mkDerivation (finalAttrs: { substituteInPlace docs/meson.build \ --replace "dependency('gi-docgen'," "dependency('gi-docgen', native:true," \ --replace "'gi-docgen', req" "'gi-docgen', native:true, req" + + # Remove 'ani' loader until proper fix for CVE-2022-48622 + substituteInPlace meson.build --replace-fail "'ani'," "" ''; postInstall = From b7ef78ce9adba9bdc670aecba40f4670f6f90dfb Mon Sep 17 00:00:00 2001 From: linsui Date: Sat, 4 May 2024 15:32:05 +0800 Subject: [PATCH 14/88] po4a: formatting cleanup --- .../development/perl-modules/Po4a/default.nix | 69 ++++++++++++++++--- 1 file changed, 61 insertions(+), 8 deletions(-) diff --git a/pkgs/development/perl-modules/Po4a/default.nix b/pkgs/development/perl-modules/Po4a/default.nix index 38569204f5a80..e738747497058 100644 --- a/pkgs/development/perl-modules/Po4a/default.nix +++ b/pkgs/development/perl-modules/Po4a/default.nix @@ -1,15 +1,37 @@ -{ stdenv, lib, fetchurl, docbook_xsl, docbook_xsl_ns, gettext, libxslt, glibcLocales, docbook_xml_dtd_412, docbook_sgml_dtd_41, opensp, bash -, perl, buildPerlPackage, ModuleBuild, TextWrapI18N, LocaleGettext, TermReadKey, SGMLSpm, UnicodeLineBreak, PodParser, YAMLTiny -, fetchpatch, writeShellScriptBin +{ stdenv +, lib +, fetchurl +, docbook_xsl +, docbook_xsl_ns +, gettext +, libxslt +, glibcLocales +, docbook_xml_dtd_412 +, docbook_sgml_dtd_41 +, opensp +, bash +, perl +, buildPerlPackage +, ModuleBuild +, TextWrapI18N +, LocaleGettext +, SGMLSpm +, UnicodeLineBreak +, PodParser +, YAMLTiny +, fetchpatch +, writeShellScriptBin }: buildPerlPackage rec { pname = "po4a"; version = "0.62"; + src = fetchurl { url = "https://github.com/mquinson/po4a/releases/download/v${version}/po4a-${version}.tar.gz"; sha256 = "0eb510a66f59de68cf7a205342036cc9fc08b39334b91f1456421a5f3359e68b"; }; + patches = [ (fetchpatch { # make devdoc output reproducible @@ -20,25 +42,54 @@ buildPerlPackage rec { ]; strictDeps = true; + nativeBuildInputs = # the tests for the tex-format use kpsewhich -- texlive's file finding utility. # We don't want to depend on texlive here, so we replace it with a minimal # shellscript that suffices for the tests in t/fmt/tex/, i.e. it looks up # article.cls to an existing file, but doesn't find article-wrong.cls. - let kpsewhich-stub = writeShellScriptBin "kpsewhich" - ''[[ $1 = "article.cls" ]] && echo /dev/null''; + let + kpsewhich-stub = writeShellScriptBin "kpsewhich" + ''[[ $1 = "article.cls" ]] && echo /dev/null''; in - [ gettext libxslt docbook_xsl docbook_xsl_ns ModuleBuild docbook_xml_dtd_412 docbook_sgml_dtd_41 opensp kpsewhich-stub glibcLocales ]; - propagatedBuildInputs = lib.optional (!stdenv.hostPlatform.isMusl) TextWrapI18N ++ [ LocaleGettext SGMLSpm UnicodeLineBreak PodParser YAMLTiny ]; + [ + gettext + libxslt + docbook_xsl + docbook_xsl_ns + ModuleBuild + docbook_xml_dtd_412 + docbook_sgml_dtd_41 + opensp + kpsewhich-stub + glibcLocales + ]; + # TODO: TermReadKey was temporarily removed from propagatedBuildInputs to unfreeze the build + propagatedBuildInputs = lib.optionals (!stdenv.hostPlatform.isMusl) [ + TextWrapI18N + ] ++ [ + LocaleGettext + SGMLSpm + UnicodeLineBreak + PodParser + YAMLTiny + ]; + buildInputs = [ bash ]; + LC_ALL = "en_US.UTF-8"; SGML_CATALOG_FILES = "${docbook_xml_dtd_412}/xml/dtd/docbook/catalog.xml"; + preConfigure = '' touch Makefile.PL export PERL_MB_OPT="--install_base=$out --prefix=$out" ''; - buildPhase = "perl Build.PL --install_base=$out --install_path=\"lib=$out/${perl.libPrefix}\"; ./Build build"; + + buildPhase = '' + perl Build.PL --install_base=$out --install_path="lib=$out/${perl.libPrefix}" + ./Build build + ''; # Disabling tests on musl # Void linux package have investigated the failure and tracked it down to differences in gettext behavior. They decided to disable tests. @@ -53,12 +104,14 @@ buildPerlPackage rec { export SGML_CATALOG_FILES=${docbook_sgml_dtd_41}/sgml/dtd/docbook-4.1/docbook.cat ./Build test ''; + installPhase = '' ./Build install for f in $out/bin/*; do substituteInPlace $f --replace "#! /usr/bin/env perl" "#!${perl}/bin/perl" done ''; + meta = { description = "Tools for helping translation of documentation"; homepage = "https://po4a.org"; From fd7787f37c39bc23e6ef6d021e94a793b5ff5976 Mon Sep 17 00:00:00 2001 From: linsui Date: Sat, 4 May 2024 16:43:19 +0800 Subject: [PATCH 15/88] po4a: 0.62 -> 0.71 --- .../development/perl-modules/Po4a/default.nix | 24 +++++++------------ 1 file changed, 8 insertions(+), 16 deletions(-) diff --git a/pkgs/development/perl-modules/Po4a/default.nix b/pkgs/development/perl-modules/Po4a/default.nix index e738747497058..042d9a3a7d7f6 100644 --- a/pkgs/development/perl-modules/Po4a/default.nix +++ b/pkgs/development/perl-modules/Po4a/default.nix @@ -6,7 +6,7 @@ , gettext , libxslt , glibcLocales -, docbook_xml_dtd_412 +, docbook_xml_dtd_45 , docbook_sgml_dtd_41 , opensp , bash @@ -19,28 +19,19 @@ , UnicodeLineBreak , PodParser , YAMLTiny -, fetchpatch +, SyntaxKeywordTry , writeShellScriptBin }: buildPerlPackage rec { pname = "po4a"; - version = "0.62"; + version = "0.71"; src = fetchurl { url = "https://github.com/mquinson/po4a/releases/download/v${version}/po4a-${version}.tar.gz"; - sha256 = "0eb510a66f59de68cf7a205342036cc9fc08b39334b91f1456421a5f3359e68b"; + hash = "sha256-xXJAHknMEXV8bTBgkW/ftagzJR7R1K65ibZnBLzyg/k="; }; - patches = [ - (fetchpatch { - # make devdoc output reproducible - # https://github.com/mquinson/po4a/pull/387 - url = "https://github.com/mquinson/po4a/commit/df7433b58f6570558d44b6aac885c2a8f7862e51.patch"; - sha256 = "9MVkYiItR2P3PBCUc4OhEOUHQuLqTWUYtYlZ3L8miC8="; - }) - ]; - strictDeps = true; nativeBuildInputs = @@ -58,7 +49,7 @@ buildPerlPackage rec { docbook_xsl docbook_xsl_ns ModuleBuild - docbook_xml_dtd_412 + docbook_xml_dtd_45 docbook_sgml_dtd_41 opensp kpsewhich-stub @@ -74,12 +65,13 @@ buildPerlPackage rec { UnicodeLineBreak PodParser YAMLTiny + SyntaxKeywordTry ]; buildInputs = [ bash ]; LC_ALL = "en_US.UTF-8"; - SGML_CATALOG_FILES = "${docbook_xml_dtd_412}/xml/dtd/docbook/catalog.xml"; + SGML_CATALOG_FILES = "${docbook_xml_dtd_45}/xml/dtd/docbook/catalog.xml"; preConfigure = '' touch Makefile.PL @@ -115,6 +107,6 @@ buildPerlPackage rec { meta = { description = "Tools for helping translation of documentation"; homepage = "https://po4a.org"; - license = with lib.licenses; [ gpl2Only ]; + license = with lib.licenses; [ gpl2Plus ]; }; } From 16c5281a261d2011c4448cd3a1478322f168f9b6 Mon Sep 17 00:00:00 2001 From: Dmitry Bogatov Date: Mon, 1 Jan 2024 11:52:00 -0500 Subject: [PATCH 16/88] at-spi2-core: add flag to disable systemd support Instead of assuming that systemd is desired whenever it is availabe, introduce flag that allows disabling systemd. This flag is still defaults to true as long as systemd is available on the host platform. This is no-rebuild change. --- pkgs/development/libraries/at-spi2-core/default.nix | 7 +++++-- 1 file changed, 5 insertions(+), 2 deletions(-) diff --git a/pkgs/development/libraries/at-spi2-core/default.nix b/pkgs/development/libraries/at-spi2-core/default.nix index c70044308d023..4ca364ad9f8de 100644 --- a/pkgs/development/libraries/at-spi2-core/default.nix +++ b/pkgs/development/libraries/at-spi2-core/default.nix @@ -19,6 +19,7 @@ , libXext , gnome , systemd +, systemdSupport ? lib.meta.availableOn stdenv.hostPlatform systemd }: stdenv.mkDerivation rec { @@ -51,7 +52,7 @@ stdenv.mkDerivation rec { libXi # libXext is a transitive dependency of libXi libXext - ] ++ lib.optionals (lib.meta.availableOn stdenv.hostPlatform systemd) [ + ] ++ lib.optionals systemdSupport [ # libsystemd is a needed for dbus-broker support systemd ]; @@ -72,9 +73,11 @@ stdenv.mkDerivation rec { # including the entire dbus closure in libraries linked with # the at-spi2-core libraries. "-Ddbus_daemon=/run/current-system/sw/bin/dbus-daemon" - ] ++ lib.optionals stdenv.hostPlatform.isLinux [ + ] ++ lib.optionals systemdSupport [ # Same as the above, but for dbus-broker "-Ddbus_broker=/run/current-system/sw/bin/dbus-broker-launch" + ] ++ lib.optionals (!systemdSupport) [ + "-Duse_systemd=false" ]; passthru = { From 8b592066f0132a4dda9cea3e62b75068fc0c5ad1 Mon Sep 17 00:00:00 2001 From: Alyssa Ross Date: Wed, 24 Apr 2024 14:38:39 +0200 Subject: [PATCH 17/88] directfb: use POSIX basename() musl 1.2.5 no longer provides the GNU version. Upstream is dead so patching is probably our only option, but at least that means it's unlikely to break in a future release! --- pkgs/development/libraries/directfb/default.nix | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/pkgs/development/libraries/directfb/default.nix b/pkgs/development/libraries/directfb/default.nix index e7a7996d91f22..be6a2da6566c5 100644 --- a/pkgs/development/libraries/directfb/default.nix +++ b/pkgs/development/libraries/directfb/default.nix @@ -33,6 +33,13 @@ stdenv.mkDerivation rec { url = "https://git.alpinelinux.org/aports/plain/community/directfb/0002-Fix-musl-PTHREAD_RECURSIVE_MUTEX_INITIALIZER_NP-comp.patch?id=f8158258493fc0c3eb5de2302e40f4bc44ecfb09"; sha256 = "sha256-j3+mcP6hV9LKuba1GOdcM1cZfmXuJtRgx4vE484jIns="; }) + # This uses POSIX basename() while directfb expects GNU + # basename(), but the POSIX behaviour of modifying the input + # should be fine since directfb never uses the buffer afterwards. + (fetchpatch { + url = "https://git.alpinelinux.org/aports/plain/community/directfb/fix-missing-basename.patch?id=bc049ae1bcf9ef3f66cd12a6fbb7ac4e917764b1"; + hash = "sha256-BX/C8+nh2fovHx8vKXFqKzBtfiTKUcW2BUCsaDIhodc="; + }) ]; postPatch = '' From 0ff673ac5979f2989221753fc2e66251b0420994 Mon Sep 17 00:00:00 2001 From: Thomas Gerbet Date: Mon, 6 May 2024 22:23:12 +0200 Subject: [PATCH 18/88] glibc: 2.39-31 -> 2.39-52 Fixes GLIBC-SA-2024-0005 (CVE-2024-33599), GLIBC-SA-2024-0006 (CVE-2024-33600), GLIBC-SA-2024-0007 (CVE-2024-33601) and GLIBC-SA-2024-0008 (CVE-2024-33602). https://sourceware.org/git/?p=glibc.git;a=blob;f=advisories/GLIBC-SA-2024-0005;h=a59596610a0ea74d905a2452fc50283dad58e115;hb=HEAD https://sourceware.org/git?p=glibc.git;a=blob;f=advisories/GLIBC-SA-2024-0006;h=d44148d3d97bddac42450649032ebbd96b59062e;hb=HEAD https://sourceware.org/git/?p=glibc.git;a=blob;f=advisories/GLIBC-SA-2024-0007;h=b6928fa27a69e325624b1a395ecb1bbba537ad80;hb=HEAD https://sourceware.org/git/?p=glibc.git;a=blob;f=advisories/GLIBC-SA-2024-0008;h=d93e2a6f0bf084df419efadee2d1a48c4f9003d7;hb=HEAD --- .../libraries/glibc/2.39-master.patch | 1781 +++++++++++++++++ pkgs/development/libraries/glibc/common.nix | 4 +- 2 files changed, 1783 insertions(+), 2 deletions(-) diff --git a/pkgs/development/libraries/glibc/2.39-master.patch b/pkgs/development/libraries/glibc/2.39-master.patch index b1d7d60411c81..88e629981e3ce 100644 --- a/pkgs/development/libraries/glibc/2.39-master.patch +++ b/pkgs/development/libraries/glibc/2.39-master.patch @@ -9074,3 +9074,1784 @@ index 0000000000..96a8765fd5 +} + +#include + +commit e828914cf9f2fc2caa5bced0fc6a03cb78324979 +Author: Florian Weimer +Date: Tue Apr 23 21:16:32 2024 +0200 + + nptl: Fix tst-cancel30 on kernels without ppoll_time64 support + + Fall back to ppoll if ppoll_time64 fails with ENOSYS. + Fixes commit 370da8a121c3ba9eeb2f13da15fc0f21f4136b25 ("nptl: Fix + tst-cancel30 on sparc64"). + + Reviewed-by: Adhemerval Zanella + (cherry picked from commit f4724843ada64a51d66f65d3199fe431f9d4c254) + +diff --git a/sysdeps/pthread/tst-cancel30.c b/sysdeps/pthread/tst-cancel30.c +index 3030660e5f..94ad6281bc 100644 +--- a/sysdeps/pthread/tst-cancel30.c ++++ b/sysdeps/pthread/tst-cancel30.c +@@ -18,6 +18,7 @@ + License along with the GNU C Library; if not, see + . */ + ++#include + #include + #include + #include +@@ -46,13 +47,19 @@ tf (void *arg) + + /* Wait indefinitely for cancellation, which only works if asynchronous + cancellation is enabled. */ +-#if defined SYS_ppoll || defined SYS_ppoll_time64 +-# ifndef SYS_ppoll_time64 +-# define SYS_ppoll_time64 SYS_ppoll ++#ifdef SYS_ppoll_time64 ++ long int ret = syscall (SYS_ppoll_time64, NULL, 0, NULL, NULL); ++ (void) ret; ++# ifdef SYS_ppoll ++ if (ret == -1 && errno == ENOSYS) ++ syscall (SYS_ppoll, NULL, 0, NULL, NULL); + # endif +- syscall (SYS_ppoll_time64, NULL, 0, NULL, NULL); + #else ++# ifdef SYS_ppoll ++ syscall (SYS_ppoll, NULL, 0, NULL, NULL); ++# else + for (;;); ++# endif + #endif + + return 0; + +commit e701c7d761f6e5c48d8e9dd5da88cbe2e94943f4 +Author: Florian Weimer +Date: Thu Apr 25 12:56:48 2024 +0200 + + i386: ulp update for SSE2 --disable-multi-arch configurations + + (cherry picked from commit 3a3a4497421422aa854c855cbe5110ca7d598ffc) + +diff --git a/sysdeps/i386/fpu/libm-test-ulps b/sysdeps/i386/fpu/libm-test-ulps +index 84e6686eba..f2139fc172 100644 +--- a/sysdeps/i386/fpu/libm-test-ulps ++++ b/sysdeps/i386/fpu/libm-test-ulps +@@ -1232,6 +1232,7 @@ ldouble: 6 + + Function: "hypot": + double: 1 ++float: 1 + float128: 1 + ldouble: 1 + + +commit 2f8f157eb0cc7f1d8d9a3fcaa8c55bed53b092a8 +Author: H.J. Lu +Date: Tue Apr 23 13:59:50 2024 -0700 + + x86: Define MINIMUM_X86_ISA_LEVEL in config.h [BZ #31676] + + Define MINIMUM_X86_ISA_LEVEL at configure time to avoid + + /usr/bin/ld: …/build/elf/librtld.os: in function `init_cpu_features': + …/git/elf/../sysdeps/x86/cpu-features.c:1202: undefined reference to `_dl_runtime_resolve_fxsave' + /usr/bin/ld: …/build/elf/librtld.os: relocation R_X86_64_PC32 against undefined hidden symbol `_dl_runtime_resolve_fxsave' can not be used when making a shared object + /usr/bin/ld: final link failed: bad value + collect2: error: ld returned 1 exit status + + when glibc is built with -march=x86-64-v3 and configured with + --with-rtld-early-cflags=-march=x86-64, which is used to allow ld.so to + print an error message on unsupported CPUs: + + Fatal glibc error: CPU does not support x86-64-v3 + + This fixes BZ #31676. + Reviewed-by: Sunil K Pandey + + (cherry picked from commit 46c999741340ea559784c20a45077955b50aca43) + +diff --git a/config.h.in b/config.h.in +index 4d33c63a84..1e647de585 100644 +--- a/config.h.in ++++ b/config.h.in +@@ -286,6 +286,9 @@ + /* Define if x86 ISA level should be included in shared libraries. */ + #undef INCLUDE_X86_ISA_LEVEL + ++/* The x86 ISA level. 1 for baseline. Undefined on non-x86. */ ++#undef MINIMUM_X86_ISA_LEVEL ++ + /* Define if -msahf is enabled by default on x86. */ + #undef HAVE_X86_LAHF_SAHF + +diff --git a/sysdeps/x86/configure b/sysdeps/x86/configure +index 2a5421bb31..d28d9bcb29 100644 +--- a/sysdeps/x86/configure ++++ b/sysdeps/x86/configure +@@ -151,6 +151,13 @@ printf "%s\n" "$libc_cv_have_x86_isa_level" >&6; } + else + libc_cv_have_x86_isa_level=baseline + fi ++if test $libc_cv_have_x86_isa_level = baseline; then ++ printf "%s\n" "#define MINIMUM_X86_ISA_LEVEL 1" >>confdefs.h ++ ++else ++ printf "%s\n" "#define MINIMUM_X86_ISA_LEVEL $libc_cv_have_x86_isa_level" >>confdefs.h ++ ++fi + config_vars="$config_vars + have-x86-isa-level = $libc_cv_have_x86_isa_level" + config_vars="$config_vars +diff --git a/sysdeps/x86/configure.ac b/sysdeps/x86/configure.ac +index 78ff7c8f41..5b0acd03d2 100644 +--- a/sysdeps/x86/configure.ac ++++ b/sysdeps/x86/configure.ac +@@ -105,6 +105,11 @@ EOF + else + libc_cv_have_x86_isa_level=baseline + fi ++if test $libc_cv_have_x86_isa_level = baseline; then ++ AC_DEFINE_UNQUOTED(MINIMUM_X86_ISA_LEVEL, 1) ++else ++ AC_DEFINE_UNQUOTED(MINIMUM_X86_ISA_LEVEL, $libc_cv_have_x86_isa_level) ++fi + LIBC_CONFIG_VAR([have-x86-isa-level], [$libc_cv_have_x86_isa_level]) + LIBC_CONFIG_VAR([x86-isa-level-3-or-above], [3 4]) + LIBC_CONFIG_VAR([enable-x86-isa-level], [$libc_cv_include_x86_isa_level]) +diff --git a/sysdeps/x86/isa-level.h b/sysdeps/x86/isa-level.h +index 11fe1ca90c..2c7f74212b 100644 +--- a/sysdeps/x86/isa-level.h ++++ b/sysdeps/x86/isa-level.h +@@ -61,8 +61,10 @@ + # define __X86_ISA_V4 0 + #endif + +-#define MINIMUM_X86_ISA_LEVEL \ ++#ifndef MINIMUM_X86_ISA_LEVEL ++# define MINIMUM_X86_ISA_LEVEL \ + (__X86_ISA_V1 + __X86_ISA_V2 + __X86_ISA_V3 + __X86_ISA_V4) ++#endif + + /* Depending on the minimum ISA level, a feature check result can be a + compile-time constant.. */ + +commit 1263d583d2e28afb8be53f8d6922f0842036f35d +Author: Florian Weimer +Date: Thu Apr 25 15:00:45 2024 +0200 + + CVE-2024-33599: nscd: Stack-based buffer overflow in netgroup cache (bug 31677) + + Using alloca matches what other caches do. The request length is + bounded by MAXKEYLEN. + + Reviewed-by: Carlos O'Donell + (cherry picked from commit 87801a8fd06db1d654eea3e4f7626ff476a9bdaa) + +diff --git a/nscd/netgroupcache.c b/nscd/netgroupcache.c +index 0c6e46f15c..f227dc7fa2 100644 +--- a/nscd/netgroupcache.c ++++ b/nscd/netgroupcache.c +@@ -502,12 +502,13 @@ addinnetgrX (struct database_dyn *db, int fd, request_header *req, + = (struct indataset *) mempool_alloc (db, + sizeof (*dataset) + req->key_len, + 1); +- struct indataset dataset_mem; + bool cacheable = true; + if (__glibc_unlikely (dataset == NULL)) + { + cacheable = false; +- dataset = &dataset_mem; ++ /* The alloca is safe because nscd_run_worker verfies that ++ key_len is not larger than MAXKEYLEN. */ ++ dataset = alloca (sizeof (*dataset) + req->key_len); + } + + datahead_init_pos (&dataset->head, sizeof (*dataset) + req->key_len, + +commit 5a508e0b508c8ad53bd0d2fb48fd71b242626341 +Author: Florian Weimer +Date: Thu Apr 25 15:01:07 2024 +0200 + + CVE-2024-33600: nscd: Do not send missing not-found response in addgetnetgrentX (bug 31678) + + If we failed to add a not-found response to the cache, the dataset + point can be null, resulting in a null pointer dereference. + + Reviewed-by: Siddhesh Poyarekar + (cherry picked from commit 7835b00dbce53c3c87bbbb1754a95fb5e58187aa) + +diff --git a/nscd/netgroupcache.c b/nscd/netgroupcache.c +index f227dc7fa2..c18fe111f3 100644 +--- a/nscd/netgroupcache.c ++++ b/nscd/netgroupcache.c +@@ -147,7 +147,7 @@ addgetnetgrentX (struct database_dyn *db, int fd, request_header *req, + /* No such service. */ + cacheable = do_notfound (db, fd, req, key, &dataset, &total, &timeout, + &key_copy); +- goto writeout; ++ goto maybe_cache_add; + } + + memset (&data, '\0', sizeof (data)); +@@ -348,7 +348,7 @@ addgetnetgrentX (struct database_dyn *db, int fd, request_header *req, + { + cacheable = do_notfound (db, fd, req, key, &dataset, &total, &timeout, + &key_copy); +- goto writeout; ++ goto maybe_cache_add; + } + + total = buffilled; +@@ -410,14 +410,12 @@ addgetnetgrentX (struct database_dyn *db, int fd, request_header *req, + } + + if (he == NULL && fd != -1) +- { +- /* We write the dataset before inserting it to the database +- since while inserting this thread might block and so would +- unnecessarily let the receiver wait. */ +- writeout: ++ /* We write the dataset before inserting it to the database since ++ while inserting this thread might block and so would ++ unnecessarily let the receiver wait. */ + writeall (fd, &dataset->resp, dataset->head.recsize); +- } + ++ maybe_cache_add: + if (cacheable) + { + /* If necessary, we also propagate the data to disk. */ + +commit c99f886de54446cd4447db6b44be93dabbdc2f8b +Author: Florian Weimer +Date: Thu Apr 25 15:01:07 2024 +0200 + + CVE-2024-33600: nscd: Avoid null pointer crashes after notfound response (bug 31678) + + The addgetnetgrentX call in addinnetgrX may have failed to produce + a result, so the result variable in addinnetgrX can be NULL. + Use db->negtimeout as the fallback value if there is no result data; + the timeout is also overwritten below. + + Also avoid sending a second not-found response. (The client + disconnects after receiving the first response, so the data stream did + not go out of sync even without this fix.) It is still beneficial to + add the negative response to the mapping, so that the client can get + it from there in the future, instead of going through the socket. + + Reviewed-by: Siddhesh Poyarekar + (cherry picked from commit b048a482f088e53144d26a61c390bed0210f49f2) + +diff --git a/nscd/netgroupcache.c b/nscd/netgroupcache.c +index c18fe111f3..e22ffa5884 100644 +--- a/nscd/netgroupcache.c ++++ b/nscd/netgroupcache.c +@@ -511,14 +511,15 @@ addinnetgrX (struct database_dyn *db, int fd, request_header *req, + + datahead_init_pos (&dataset->head, sizeof (*dataset) + req->key_len, + sizeof (innetgroup_response_header), +- he == NULL ? 0 : dh->nreloads + 1, result->head.ttl); ++ he == NULL ? 0 : dh->nreloads + 1, ++ result == NULL ? db->negtimeout : result->head.ttl); + /* Set the notfound status and timeout based on the result from + getnetgrent. */ +- dataset->head.notfound = result->head.notfound; ++ dataset->head.notfound = result == NULL || result->head.notfound; + dataset->head.timeout = timeout; + + dataset->resp.version = NSCD_VERSION; +- dataset->resp.found = result->resp.found; ++ dataset->resp.found = result != NULL && result->resp.found; + /* Until we find a matching entry the result is 0. */ + dataset->resp.result = 0; + +@@ -566,7 +567,9 @@ addinnetgrX (struct database_dyn *db, int fd, request_header *req, + goto out; + } + +- if (he == NULL) ++ /* addgetnetgrentX may have already sent a notfound response. Do ++ not send another one. */ ++ if (he == NULL && dataset->resp.found) + { + /* We write the dataset before inserting it to the database + since while inserting this thread might block and so would + +commit a9a8d3eebb145779a18d90e3966009a1daa63cd8 +Author: Florian Weimer +Date: Thu Apr 25 15:01:07 2024 +0200 + + CVE-2024-33601, CVE-2024-33602: nscd: netgroup: Use two buffers in addgetnetgrentX (bug 31680) + + This avoids potential memory corruption when the underlying NSS + callback function does not use the buffer space to store all strings + (e.g., for constant strings). + + Instead of custom buffer management, two scratch buffers are used. + This increases stack usage somewhat. + + Scratch buffer allocation failure is handled by return -1 + (an invalid timeout value) instead of terminating the process. + This fixes bug 31679. + + Reviewed-by: Siddhesh Poyarekar + (cherry picked from commit c04a21e050d64a1193a6daab872bca2528bda44b) + +diff --git a/nscd/netgroupcache.c b/nscd/netgroupcache.c +index e22ffa5884..e8fe041846 100644 +--- a/nscd/netgroupcache.c ++++ b/nscd/netgroupcache.c +@@ -23,6 +23,7 @@ + #include + #include + #include ++#include + + #include "../nss/netgroup.h" + #include "nscd.h" +@@ -65,6 +66,16 @@ struct dataset + char strdata[0]; + }; + ++/* Send a notfound response to FD. Always returns -1 to indicate an ++ ephemeral error. */ ++static time_t ++send_notfound (int fd) ++{ ++ if (fd != -1) ++ TEMP_FAILURE_RETRY (send (fd, ¬found, sizeof (notfound), MSG_NOSIGNAL)); ++ return -1; ++} ++ + /* Sends a notfound message and prepares a notfound dataset to write to the + cache. Returns true if there was enough memory to allocate the dataset and + returns the dataset in DATASETP, total bytes to write in TOTALP and the +@@ -83,8 +94,7 @@ do_notfound (struct database_dyn *db, int fd, request_header *req, + total = sizeof (notfound); + timeout = time (NULL) + db->negtimeout; + +- if (fd != -1) +- TEMP_FAILURE_RETRY (send (fd, ¬found, total, MSG_NOSIGNAL)); ++ send_notfound (fd); + + dataset = mempool_alloc (db, sizeof (struct dataset) + req->key_len, 1); + /* If we cannot permanently store the result, so be it. */ +@@ -109,11 +119,78 @@ do_notfound (struct database_dyn *db, int fd, request_header *req, + return cacheable; + } + ++struct addgetnetgrentX_scratch ++{ ++ /* This is the result that the caller should use. It can be NULL, ++ point into buffer, or it can be in the cache. */ ++ struct dataset *dataset; ++ ++ struct scratch_buffer buffer; ++ ++ /* Used internally in addgetnetgrentX as a staging area. */ ++ struct scratch_buffer tmp; ++ ++ /* Number of bytes in buffer that are actually used. */ ++ size_t buffer_used; ++}; ++ ++static void ++addgetnetgrentX_scratch_init (struct addgetnetgrentX_scratch *scratch) ++{ ++ scratch->dataset = NULL; ++ scratch_buffer_init (&scratch->buffer); ++ scratch_buffer_init (&scratch->tmp); ++ ++ /* Reserve space for the header. */ ++ scratch->buffer_used = sizeof (struct dataset); ++ static_assert (sizeof (struct dataset) < sizeof (scratch->tmp.__space), ++ "initial buffer space"); ++ memset (scratch->tmp.data, 0, sizeof (struct dataset)); ++} ++ ++static void ++addgetnetgrentX_scratch_free (struct addgetnetgrentX_scratch *scratch) ++{ ++ scratch_buffer_free (&scratch->buffer); ++ scratch_buffer_free (&scratch->tmp); ++} ++ ++/* Copy LENGTH bytes from S into SCRATCH. Returns NULL if SCRATCH ++ could not be resized, otherwise a pointer to the copy. */ ++static char * ++addgetnetgrentX_append_n (struct addgetnetgrentX_scratch *scratch, ++ const char *s, size_t length) ++{ ++ while (true) ++ { ++ size_t remaining = scratch->buffer.length - scratch->buffer_used; ++ if (remaining >= length) ++ break; ++ if (!scratch_buffer_grow_preserve (&scratch->buffer)) ++ return NULL; ++ } ++ char *copy = scratch->buffer.data + scratch->buffer_used; ++ memcpy (copy, s, length); ++ scratch->buffer_used += length; ++ return copy; ++} ++ ++/* Copy S into SCRATCH, including its null terminator. Returns false ++ if SCRATCH could not be resized. */ ++static bool ++addgetnetgrentX_append (struct addgetnetgrentX_scratch *scratch, const char *s) ++{ ++ if (s == NULL) ++ s = ""; ++ return addgetnetgrentX_append_n (scratch, s, strlen (s) + 1) != NULL; ++} ++ ++/* Caller must initialize and free *SCRATCH. If the return value is ++ negative, this function has sent a notfound response. */ + static time_t + addgetnetgrentX (struct database_dyn *db, int fd, request_header *req, + const char *key, uid_t uid, struct hashentry *he, +- struct datahead *dh, struct dataset **resultp, +- void **tofreep) ++ struct datahead *dh, struct addgetnetgrentX_scratch *scratch) + { + if (__glibc_unlikely (debug_level > 0)) + { +@@ -132,14 +209,10 @@ addgetnetgrentX (struct database_dyn *db, int fd, request_header *req, + + char *key_copy = NULL; + struct __netgrent data; +- size_t buflen = MAX (1024, sizeof (*dataset) + req->key_len); +- size_t buffilled = sizeof (*dataset); +- char *buffer = NULL; + size_t nentries = 0; + size_t group_len = strlen (key) + 1; + struct name_list *first_needed + = alloca (sizeof (struct name_list) + group_len); +- *tofreep = NULL; + + if (netgroup_database == NULL + && !__nss_database_get (nss_database_netgroup, &netgroup_database)) +@@ -151,8 +224,6 @@ addgetnetgrentX (struct database_dyn *db, int fd, request_header *req, + } + + memset (&data, '\0', sizeof (data)); +- buffer = xmalloc (buflen); +- *tofreep = buffer; + first_needed->next = first_needed; + memcpy (first_needed->name, key, group_len); + data.needed_groups = first_needed; +@@ -195,8 +266,8 @@ addgetnetgrentX (struct database_dyn *db, int fd, request_header *req, + while (1) + { + int e; +- status = getfct.f (&data, buffer + buffilled, +- buflen - buffilled - req->key_len, &e); ++ status = getfct.f (&data, scratch->tmp.data, ++ scratch->tmp.length, &e); + if (status == NSS_STATUS_SUCCESS) + { + if (data.type == triple_val) +@@ -204,68 +275,10 @@ addgetnetgrentX (struct database_dyn *db, int fd, request_header *req, + const char *nhost = data.val.triple.host; + const char *nuser = data.val.triple.user; + const char *ndomain = data.val.triple.domain; +- +- size_t hostlen = strlen (nhost ?: "") + 1; +- size_t userlen = strlen (nuser ?: "") + 1; +- size_t domainlen = strlen (ndomain ?: "") + 1; +- +- if (nhost == NULL || nuser == NULL || ndomain == NULL +- || nhost > nuser || nuser > ndomain) +- { +- const char *last = nhost; +- if (last == NULL +- || (nuser != NULL && nuser > last)) +- last = nuser; +- if (last == NULL +- || (ndomain != NULL && ndomain > last)) +- last = ndomain; +- +- size_t bufused +- = (last == NULL +- ? buffilled +- : last + strlen (last) + 1 - buffer); +- +- /* We have to make temporary copies. */ +- size_t needed = hostlen + userlen + domainlen; +- +- if (buflen - req->key_len - bufused < needed) +- { +- buflen += MAX (buflen, 2 * needed); +- /* Save offset in the old buffer. We don't +- bother with the NULL check here since +- we'll do that later anyway. */ +- size_t nhostdiff = nhost - buffer; +- size_t nuserdiff = nuser - buffer; +- size_t ndomaindiff = ndomain - buffer; +- +- char *newbuf = xrealloc (buffer, buflen); +- /* Fix up the triplet pointers into the new +- buffer. */ +- nhost = (nhost ? newbuf + nhostdiff +- : NULL); +- nuser = (nuser ? newbuf + nuserdiff +- : NULL); +- ndomain = (ndomain ? newbuf + ndomaindiff +- : NULL); +- *tofreep = buffer = newbuf; +- } +- +- nhost = memcpy (buffer + bufused, +- nhost ?: "", hostlen); +- nuser = memcpy ((char *) nhost + hostlen, +- nuser ?: "", userlen); +- ndomain = memcpy ((char *) nuser + userlen, +- ndomain ?: "", domainlen); +- } +- +- char *wp = buffer + buffilled; +- wp = memmove (wp, nhost ?: "", hostlen); +- wp += hostlen; +- wp = memmove (wp, nuser ?: "", userlen); +- wp += userlen; +- wp = memmove (wp, ndomain ?: "", domainlen); +- wp += domainlen; +- buffilled = wp - buffer; ++ if (!(addgetnetgrentX_append (scratch, nhost) ++ && addgetnetgrentX_append (scratch, nuser) ++ && addgetnetgrentX_append (scratch, ndomain))) ++ return send_notfound (fd); + ++nentries; + } + else +@@ -317,8 +330,8 @@ addgetnetgrentX (struct database_dyn *db, int fd, request_header *req, + } + else if (status == NSS_STATUS_TRYAGAIN && e == ERANGE) + { +- buflen *= 2; +- *tofreep = buffer = xrealloc (buffer, buflen); ++ if (!scratch_buffer_grow (&scratch->tmp)) ++ return send_notfound (fd); + } + else if (status == NSS_STATUS_RETURN + || status == NSS_STATUS_NOTFOUND +@@ -351,10 +364,17 @@ addgetnetgrentX (struct database_dyn *db, int fd, request_header *req, + goto maybe_cache_add; + } + +- total = buffilled; ++ /* Capture the result size without the key appended. */ ++ total = scratch->buffer_used; ++ ++ /* Make a copy of the key. The scratch buffer must not move after ++ this point. */ ++ key_copy = addgetnetgrentX_append_n (scratch, key, req->key_len); ++ if (key_copy == NULL) ++ return send_notfound (fd); + + /* Fill in the dataset. */ +- dataset = (struct dataset *) buffer; ++ dataset = scratch->buffer.data; + timeout = datahead_init_pos (&dataset->head, total + req->key_len, + total - offsetof (struct dataset, resp), + he == NULL ? 0 : dh->nreloads + 1, +@@ -363,11 +383,7 @@ addgetnetgrentX (struct database_dyn *db, int fd, request_header *req, + dataset->resp.version = NSCD_VERSION; + dataset->resp.found = 1; + dataset->resp.nresults = nentries; +- dataset->resp.result_len = buffilled - sizeof (*dataset); +- +- assert (buflen - buffilled >= req->key_len); +- key_copy = memcpy (buffer + buffilled, key, req->key_len); +- buffilled += req->key_len; ++ dataset->resp.result_len = total - sizeof (*dataset); + + /* Now we can determine whether on refill we have to create a new + record or not. */ +@@ -398,7 +414,7 @@ addgetnetgrentX (struct database_dyn *db, int fd, request_header *req, + if (__glibc_likely (newp != NULL)) + { + /* Adjust pointer into the memory block. */ +- key_copy = (char *) newp + (key_copy - buffer); ++ key_copy = (char *) newp + (key_copy - (char *) dataset); + + dataset = memcpy (newp, dataset, total + req->key_len); + cacheable = true; +@@ -439,7 +455,7 @@ addgetnetgrentX (struct database_dyn *db, int fd, request_header *req, + } + + out: +- *resultp = dataset; ++ scratch->dataset = dataset; + + return timeout; + } +@@ -460,6 +476,9 @@ addinnetgrX (struct database_dyn *db, int fd, request_header *req, + if (user != NULL) + key = strchr (key, '\0') + 1; + const char *domain = *key++ ? key : NULL; ++ struct addgetnetgrentX_scratch scratch; ++ ++ addgetnetgrentX_scratch_init (&scratch); + + if (__glibc_unlikely (debug_level > 0)) + { +@@ -475,12 +494,8 @@ addinnetgrX (struct database_dyn *db, int fd, request_header *req, + group, group_len, + db, uid); + time_t timeout; +- void *tofree; + if (result != NULL) +- { +- timeout = result->head.timeout; +- tofree = NULL; +- } ++ timeout = result->head.timeout; + else + { + request_header req_get = +@@ -489,7 +504,10 @@ addinnetgrX (struct database_dyn *db, int fd, request_header *req, + .key_len = group_len + }; + timeout = addgetnetgrentX (db, -1, &req_get, group, uid, NULL, NULL, +- &result, &tofree); ++ &scratch); ++ result = scratch.dataset; ++ if (timeout < 0) ++ goto out; + } + + struct indataset +@@ -603,7 +621,7 @@ addinnetgrX (struct database_dyn *db, int fd, request_header *req, + } + + out: +- free (tofree); ++ addgetnetgrentX_scratch_free (&scratch); + return timeout; + } + +@@ -613,11 +631,12 @@ addgetnetgrentX_ignore (struct database_dyn *db, int fd, request_header *req, + const char *key, uid_t uid, struct hashentry *he, + struct datahead *dh) + { +- struct dataset *ignore; +- void *tofree; +- time_t timeout = addgetnetgrentX (db, fd, req, key, uid, he, dh, +- &ignore, &tofree); +- free (tofree); ++ struct addgetnetgrentX_scratch scratch; ++ addgetnetgrentX_scratch_init (&scratch); ++ time_t timeout = addgetnetgrentX (db, fd, req, key, uid, he, dh, &scratch); ++ addgetnetgrentX_scratch_free (&scratch); ++ if (timeout < 0) ++ timeout = 0; + return timeout; + } + +@@ -661,5 +680,9 @@ readdinnetgr (struct database_dyn *db, struct hashentry *he, + .key_len = he->len + }; + +- return addinnetgrX (db, -1, &req, db->data + he->key, he->owner, he, dh); ++ int timeout = addinnetgrX (db, -1, &req, db->data + he->key, he->owner, ++ he, dh); ++ if (timeout < 0) ++ timeout = 0; ++ return timeout; + } + +commit fd658f026f25cf59e8db243bc3b3e09cd5a20ba0 +Author: H.J. Lu +Date: Thu Apr 25 08:06:52 2024 -0700 + + elf: Also compile dl-misc.os with $(rtld-early-cflags) + + Also compile dl-misc.os with $(rtld-early-cflags) to avoid + + Program received signal SIGILL, Illegal instruction. + 0x00007ffff7fd36ea in _dl_strtoul (nptr=nptr@entry=0x7fffffffe2c9 "2", + endptr=endptr@entry=0x7fffffffd728) at dl-misc.c:156 + 156 bool positive = true; + (gdb) bt + #0 0x00007ffff7fd36ea in _dl_strtoul (nptr=nptr@entry=0x7fffffffe2c9 "2", + endptr=endptr@entry=0x7fffffffd728) at dl-misc.c:156 + #1 0x00007ffff7fdb1a9 in tunable_initialize ( + cur=cur@entry=0x7ffff7ffbc00 , + strval=strval@entry=0x7fffffffe2c9 "2", len=len@entry=1) + at dl-tunables.c:131 + #2 0x00007ffff7fdb3a2 in parse_tunables (valstring=) + at dl-tunables.c:258 + #3 0x00007ffff7fdb5d9 in __GI___tunables_init (envp=0x7fffffffdd58) + at dl-tunables.c:288 + #4 0x00007ffff7fe44c3 in _dl_sysdep_start ( + start_argptr=start_argptr@entry=0x7fffffffdcb0, + dl_main=dl_main@entry=0x7ffff7fe5f80 ) + at ../sysdeps/unix/sysv/linux/dl-sysdep.c:110 + #5 0x00007ffff7fe5cae in _dl_start_final (arg=0x7fffffffdcb0) at rtld.c:494 + #6 _dl_start (arg=0x7fffffffdcb0) at rtld.c:581 + #7 0x00007ffff7fe4b38 in _start () + (gdb) + + when setting GLIBC_TUNABLES in glibc compiled with APX. + Reviewed-by: Florian Weimer + + (cherry picked from commit 049b7684c912dd32b67b1b15b0f43bf07d5f512e) + +diff --git a/elf/Makefile b/elf/Makefile +index 69aa423c4b..a50a988e73 100644 +--- a/elf/Makefile ++++ b/elf/Makefile +@@ -170,6 +170,7 @@ CFLAGS-.op += $(call elide-stack-protector,.op,$(elide-routines.os)) + CFLAGS-.os += $(call elide-stack-protector,.os,$(all-rtld-routines)) + + # Add the requested compiler flags to the early startup code. ++CFLAGS-dl-misc.os += $(rtld-early-cflags) + CFLAGS-dl-printf.os += $(rtld-early-cflags) + CFLAGS-dl-setup_hash.os += $(rtld-early-cflags) + CFLAGS-dl-sysdep.os += $(rtld-early-cflags) + +commit 9831f98c266a8d56d1bf729b709c08e40375540c +Author: Florian Weimer +Date: Fri Apr 19 14:38:17 2024 +0200 + + login: Check default sizes of structs utmp, utmpx, lastlog + + The default is for ports with a 64-bit time_t. + Ports with a 32-bit time_t or with __WORDSIZE_TIME64_COMPAT32=1 + need to override it. + + Reviewed-by: Adhemerval Zanella + (cherry picked from commit 4d4da5aab936504b2d3eca3146e109630d9093c4) + +diff --git a/login/Makefile b/login/Makefile +index 1e22008a61..b26ac42bfc 100644 +--- a/login/Makefile ++++ b/login/Makefile +@@ -44,7 +44,7 @@ subdir-dirs = programs + vpath %.c programs + + tests := tst-utmp tst-utmpx tst-grantpt tst-ptsname tst-getlogin tst-updwtmpx \ +- tst-pututxline-lockfail tst-pututxline-cache ++ tst-pututxline-lockfail tst-pututxline-cache tst-utmp-size + + # Empty compatibility library for old binaries. + extra-libs := libutil +diff --git a/login/tst-utmp-size.c b/login/tst-utmp-size.c +new file mode 100644 +index 0000000000..1b7f7ff042 +--- /dev/null ++++ b/login/tst-utmp-size.c +@@ -0,0 +1,33 @@ ++/* Check expected sizes of struct utmp, struct utmpx, struct lastlog. ++ Copyright (C) 2024 Free Software Foundation, Inc. ++ This file is part of the GNU C Library. ++ ++ The GNU C Library is free software; you can redistribute it and/or ++ modify it under the terms of the GNU Lesser General Public ++ License as published by the Free Software Foundation; either ++ version 2.1 of the License, or (at your option) any later version. ++ ++ The GNU C Library is distributed in the hope that it will be useful, ++ but WITHOUT ANY WARRANTY; without even the implied warranty of ++ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU ++ Lesser General Public License for more details. ++ ++ You should have received a copy of the GNU Lesser General Public ++ License along with the GNU C Library; if not, see ++ . */ ++ ++#include ++#include ++#include ++ ++static int ++do_test (void) ++{ ++ _Static_assert (sizeof (struct utmp) == UTMP_SIZE, "struct utmp size"); ++ _Static_assert (sizeof (struct utmpx) == UTMP_SIZE, "struct utmpx size"); ++ _Static_assert (sizeof (struct lastlog) == LASTLOG_SIZE, ++ "struct lastlog size"); ++ return 0; ++} ++ ++#include +diff --git a/sysdeps/arc/utmp-size.h b/sysdeps/arc/utmp-size.h +new file mode 100644 +index 0000000000..a247fcd3da +--- /dev/null ++++ b/sysdeps/arc/utmp-size.h +@@ -0,0 +1,3 @@ ++/* arc has less padding than other architectures with 64-bit time_t. */ ++#define UTMP_SIZE 392 ++#define LASTLOG_SIZE 296 +diff --git a/sysdeps/arm/utmp-size.h b/sysdeps/arm/utmp-size.h +new file mode 100644 +index 0000000000..8f21ebe1b6 +--- /dev/null ++++ b/sysdeps/arm/utmp-size.h +@@ -0,0 +1,2 @@ ++#define UTMP_SIZE 384 ++#define LASTLOG_SIZE 292 +diff --git a/sysdeps/csky/utmp-size.h b/sysdeps/csky/utmp-size.h +new file mode 100644 +index 0000000000..8f21ebe1b6 +--- /dev/null ++++ b/sysdeps/csky/utmp-size.h +@@ -0,0 +1,2 @@ ++#define UTMP_SIZE 384 ++#define LASTLOG_SIZE 292 +diff --git a/sysdeps/generic/utmp-size.h b/sysdeps/generic/utmp-size.h +new file mode 100644 +index 0000000000..89dbe878b0 +--- /dev/null ++++ b/sysdeps/generic/utmp-size.h +@@ -0,0 +1,23 @@ ++/* Expected sizes of utmp-related structures stored in files. 64-bit version. ++ Copyright (C) 2024 Free Software Foundation, Inc. ++ This file is part of the GNU C Library. ++ ++ The GNU C Library is free software; you can redistribute it and/or ++ modify it under the terms of the GNU Lesser General Public ++ License as published by the Free Software Foundation; either ++ version 2.1 of the License, or (at your option) any later version. ++ ++ The GNU C Library is distributed in the hope that it will be useful, ++ but WITHOUT ANY WARRANTY; without even the implied warranty of ++ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU ++ Lesser General Public License for more details. ++ ++ You should have received a copy of the GNU Lesser General Public ++ License along with the GNU C Library; if not, see ++ . */ ++ ++/* Expected size, in bytes, of struct utmp and struct utmpx. */ ++#define UTMP_SIZE 400 ++ ++/* Expected size, in bytes, of struct lastlog. */ ++#define LASTLOG_SIZE 296 +diff --git a/sysdeps/hppa/utmp-size.h b/sysdeps/hppa/utmp-size.h +new file mode 100644 +index 0000000000..8f21ebe1b6 +--- /dev/null ++++ b/sysdeps/hppa/utmp-size.h +@@ -0,0 +1,2 @@ ++#define UTMP_SIZE 384 ++#define LASTLOG_SIZE 292 +diff --git a/sysdeps/m68k/utmp-size.h b/sysdeps/m68k/utmp-size.h +new file mode 100644 +index 0000000000..5946685819 +--- /dev/null ++++ b/sysdeps/m68k/utmp-size.h +@@ -0,0 +1,3 @@ ++/* m68k has 2-byte alignment. */ ++#define UTMP_SIZE 382 ++#define LASTLOG_SIZE 292 +diff --git a/sysdeps/microblaze/utmp-size.h b/sysdeps/microblaze/utmp-size.h +new file mode 100644 +index 0000000000..8f21ebe1b6 +--- /dev/null ++++ b/sysdeps/microblaze/utmp-size.h +@@ -0,0 +1,2 @@ ++#define UTMP_SIZE 384 ++#define LASTLOG_SIZE 292 +diff --git a/sysdeps/mips/utmp-size.h b/sysdeps/mips/utmp-size.h +new file mode 100644 +index 0000000000..8f21ebe1b6 +--- /dev/null ++++ b/sysdeps/mips/utmp-size.h +@@ -0,0 +1,2 @@ ++#define UTMP_SIZE 384 ++#define LASTLOG_SIZE 292 +diff --git a/sysdeps/nios2/utmp-size.h b/sysdeps/nios2/utmp-size.h +new file mode 100644 +index 0000000000..8f21ebe1b6 +--- /dev/null ++++ b/sysdeps/nios2/utmp-size.h +@@ -0,0 +1,2 @@ ++#define UTMP_SIZE 384 ++#define LASTLOG_SIZE 292 +diff --git a/sysdeps/or1k/utmp-size.h b/sysdeps/or1k/utmp-size.h +new file mode 100644 +index 0000000000..6b3653aa4d +--- /dev/null ++++ b/sysdeps/or1k/utmp-size.h +@@ -0,0 +1,3 @@ ++/* or1k has less padding than other architectures with 64-bit time_t. */ ++#define UTMP_SIZE 392 ++#define LASTLOG_SIZE 296 +diff --git a/sysdeps/powerpc/utmp-size.h b/sysdeps/powerpc/utmp-size.h +new file mode 100644 +index 0000000000..8f21ebe1b6 +--- /dev/null ++++ b/sysdeps/powerpc/utmp-size.h +@@ -0,0 +1,2 @@ ++#define UTMP_SIZE 384 ++#define LASTLOG_SIZE 292 +diff --git a/sysdeps/riscv/utmp-size.h b/sysdeps/riscv/utmp-size.h +new file mode 100644 +index 0000000000..8f21ebe1b6 +--- /dev/null ++++ b/sysdeps/riscv/utmp-size.h +@@ -0,0 +1,2 @@ ++#define UTMP_SIZE 384 ++#define LASTLOG_SIZE 292 +diff --git a/sysdeps/sh/utmp-size.h b/sysdeps/sh/utmp-size.h +new file mode 100644 +index 0000000000..8f21ebe1b6 +--- /dev/null ++++ b/sysdeps/sh/utmp-size.h +@@ -0,0 +1,2 @@ ++#define UTMP_SIZE 384 ++#define LASTLOG_SIZE 292 +diff --git a/sysdeps/sparc/utmp-size.h b/sysdeps/sparc/utmp-size.h +new file mode 100644 +index 0000000000..8f21ebe1b6 +--- /dev/null ++++ b/sysdeps/sparc/utmp-size.h +@@ -0,0 +1,2 @@ ++#define UTMP_SIZE 384 ++#define LASTLOG_SIZE 292 +diff --git a/sysdeps/x86/utmp-size.h b/sysdeps/x86/utmp-size.h +new file mode 100644 +index 0000000000..8f21ebe1b6 +--- /dev/null ++++ b/sysdeps/x86/utmp-size.h +@@ -0,0 +1,2 @@ ++#define UTMP_SIZE 384 ++#define LASTLOG_SIZE 292 + +commit 836d43b98973e0845b739ff5d3aad3af09dc7d0f +Author: Florian Weimer +Date: Fri Apr 19 14:38:17 2024 +0200 + + login: structs utmp, utmpx, lastlog _TIME_BITS independence (bug 30701) + + These structs describe file formats under /var/log, and should not + depend on the definition of _TIME_BITS. This is achieved by + defining __WORDSIZE_TIME64_COMPAT32 to 1 on 32-bit ports that + support 32-bit time_t values (where __time_t is 32 bits). + + Reviewed-by: Adhemerval Zanella + (cherry picked from commit 9abdae94c7454c45e02e97e4ed1eb1b1915d13d8) + +diff --git a/bits/wordsize.h b/bits/wordsize.h +index 14edae3a11..53013a9275 100644 +--- a/bits/wordsize.h ++++ b/bits/wordsize.h +@@ -21,7 +21,9 @@ + #define __WORDSIZE32_PTRDIFF_LONG + + /* Set to 1 in order to force time types to be 32 bits instead of 64 bits in +- struct lastlog and struct utmp{,x} on 64-bit ports. This may be done in ++ struct lastlog and struct utmp{,x}. This may be done in + order to make 64-bit ports compatible with 32-bit ports. Set to 0 for +- 64-bit ports where the time types are 64-bits or for any 32-bit ports. */ ++ 64-bit ports where the time types are 64-bits and new 32-bit ports ++ where time_t is 64 bits, and there is no companion architecture with ++ 32-bit time_t. */ + #define __WORDSIZE_TIME64_COMPAT32 +diff --git a/login/Makefile b/login/Makefile +index b26ac42bfc..f91190e3dc 100644 +--- a/login/Makefile ++++ b/login/Makefile +@@ -44,7 +44,9 @@ subdir-dirs = programs + vpath %.c programs + + tests := tst-utmp tst-utmpx tst-grantpt tst-ptsname tst-getlogin tst-updwtmpx \ +- tst-pututxline-lockfail tst-pututxline-cache tst-utmp-size ++ tst-pututxline-lockfail tst-pututxline-cache tst-utmp-size tst-utmp-size-64 ++ ++CFLAGS-tst-utmp-size-64.c += -D_FILE_OFFSET_BITS=64 -D_TIME_BITS=64 + + # Empty compatibility library for old binaries. + extra-libs := libutil +diff --git a/login/tst-utmp-size-64.c b/login/tst-utmp-size-64.c +new file mode 100644 +index 0000000000..7a581a4c12 +--- /dev/null ++++ b/login/tst-utmp-size-64.c +@@ -0,0 +1,2 @@ ++/* The on-disk layout must not change in time64 mode. */ ++#include "tst-utmp-size.c" +diff --git a/sysdeps/arm/bits/wordsize.h b/sysdeps/arm/bits/wordsize.h +new file mode 100644 +index 0000000000..6ecbfe7c86 +--- /dev/null ++++ b/sysdeps/arm/bits/wordsize.h +@@ -0,0 +1,21 @@ ++/* Copyright (C) 1999-2024 Free Software Foundation, Inc. ++ This file is part of the GNU C Library. ++ ++ The GNU C Library is free software; you can redistribute it and/or ++ modify it under the terms of the GNU Lesser General Public ++ License as published by the Free Software Foundation; either ++ version 2.1 of the License, or (at your option) any later version. ++ ++ The GNU C Library is distributed in the hope that it will be useful, ++ but WITHOUT ANY WARRANTY; without even the implied warranty of ++ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU ++ Lesser General Public License for more details. ++ ++ You should have received a copy of the GNU Lesser General Public ++ License along with the GNU C Library; if not, see ++ . */ ++ ++#define __WORDSIZE 32 ++#define __WORDSIZE_TIME64_COMPAT32 1 ++#define __WORDSIZE32_SIZE_ULONG 0 ++#define __WORDSIZE32_PTRDIFF_LONG 0 +diff --git a/sysdeps/csky/bits/wordsize.h b/sysdeps/csky/bits/wordsize.h +new file mode 100644 +index 0000000000..6ecbfe7c86 +--- /dev/null ++++ b/sysdeps/csky/bits/wordsize.h +@@ -0,0 +1,21 @@ ++/* Copyright (C) 1999-2024 Free Software Foundation, Inc. ++ This file is part of the GNU C Library. ++ ++ The GNU C Library is free software; you can redistribute it and/or ++ modify it under the terms of the GNU Lesser General Public ++ License as published by the Free Software Foundation; either ++ version 2.1 of the License, or (at your option) any later version. ++ ++ The GNU C Library is distributed in the hope that it will be useful, ++ but WITHOUT ANY WARRANTY; without even the implied warranty of ++ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU ++ Lesser General Public License for more details. ++ ++ You should have received a copy of the GNU Lesser General Public ++ License along with the GNU C Library; if not, see ++ . */ ++ ++#define __WORDSIZE 32 ++#define __WORDSIZE_TIME64_COMPAT32 1 ++#define __WORDSIZE32_SIZE_ULONG 0 ++#define __WORDSIZE32_PTRDIFF_LONG 0 +diff --git a/sysdeps/m68k/bits/wordsize.h b/sysdeps/m68k/bits/wordsize.h +new file mode 100644 +index 0000000000..6ecbfe7c86 +--- /dev/null ++++ b/sysdeps/m68k/bits/wordsize.h +@@ -0,0 +1,21 @@ ++/* Copyright (C) 1999-2024 Free Software Foundation, Inc. ++ This file is part of the GNU C Library. ++ ++ The GNU C Library is free software; you can redistribute it and/or ++ modify it under the terms of the GNU Lesser General Public ++ License as published by the Free Software Foundation; either ++ version 2.1 of the License, or (at your option) any later version. ++ ++ The GNU C Library is distributed in the hope that it will be useful, ++ but WITHOUT ANY WARRANTY; without even the implied warranty of ++ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU ++ Lesser General Public License for more details. ++ ++ You should have received a copy of the GNU Lesser General Public ++ License along with the GNU C Library; if not, see ++ . */ ++ ++#define __WORDSIZE 32 ++#define __WORDSIZE_TIME64_COMPAT32 1 ++#define __WORDSIZE32_SIZE_ULONG 0 ++#define __WORDSIZE32_PTRDIFF_LONG 0 +diff --git a/sysdeps/microblaze/bits/wordsize.h b/sysdeps/microblaze/bits/wordsize.h +new file mode 100644 +index 0000000000..6ecbfe7c86 +--- /dev/null ++++ b/sysdeps/microblaze/bits/wordsize.h +@@ -0,0 +1,21 @@ ++/* Copyright (C) 1999-2024 Free Software Foundation, Inc. ++ This file is part of the GNU C Library. ++ ++ The GNU C Library is free software; you can redistribute it and/or ++ modify it under the terms of the GNU Lesser General Public ++ License as published by the Free Software Foundation; either ++ version 2.1 of the License, or (at your option) any later version. ++ ++ The GNU C Library is distributed in the hope that it will be useful, ++ but WITHOUT ANY WARRANTY; without even the implied warranty of ++ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU ++ Lesser General Public License for more details. ++ ++ You should have received a copy of the GNU Lesser General Public ++ License along with the GNU C Library; if not, see ++ . */ ++ ++#define __WORDSIZE 32 ++#define __WORDSIZE_TIME64_COMPAT32 1 ++#define __WORDSIZE32_SIZE_ULONG 0 ++#define __WORDSIZE32_PTRDIFF_LONG 0 +diff --git a/sysdeps/mips/bits/wordsize.h b/sysdeps/mips/bits/wordsize.h +index 57f0f2a22f..30dd3fd85d 100644 +--- a/sysdeps/mips/bits/wordsize.h ++++ b/sysdeps/mips/bits/wordsize.h +@@ -19,11 +19,7 @@ + + #define __WORDSIZE _MIPS_SZPTR + +-#if _MIPS_SIM == _ABI64 +-# define __WORDSIZE_TIME64_COMPAT32 1 +-#else +-# define __WORDSIZE_TIME64_COMPAT32 0 +-#endif ++#define __WORDSIZE_TIME64_COMPAT32 1 + + #if __WORDSIZE == 32 + #define __WORDSIZE32_SIZE_ULONG 0 +diff --git a/sysdeps/nios2/bits/wordsize.h b/sysdeps/nios2/bits/wordsize.h +new file mode 100644 +index 0000000000..6ecbfe7c86 +--- /dev/null ++++ b/sysdeps/nios2/bits/wordsize.h +@@ -0,0 +1,21 @@ ++/* Copyright (C) 1999-2024 Free Software Foundation, Inc. ++ This file is part of the GNU C Library. ++ ++ The GNU C Library is free software; you can redistribute it and/or ++ modify it under the terms of the GNU Lesser General Public ++ License as published by the Free Software Foundation; either ++ version 2.1 of the License, or (at your option) any later version. ++ ++ The GNU C Library is distributed in the hope that it will be useful, ++ but WITHOUT ANY WARRANTY; without even the implied warranty of ++ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU ++ Lesser General Public License for more details. ++ ++ You should have received a copy of the GNU Lesser General Public ++ License along with the GNU C Library; if not, see ++ . */ ++ ++#define __WORDSIZE 32 ++#define __WORDSIZE_TIME64_COMPAT32 1 ++#define __WORDSIZE32_SIZE_ULONG 0 ++#define __WORDSIZE32_PTRDIFF_LONG 0 +diff --git a/sysdeps/powerpc/powerpc32/bits/wordsize.h b/sysdeps/powerpc/powerpc32/bits/wordsize.h +index 04ca9debf0..6993fb6b29 100644 +--- a/sysdeps/powerpc/powerpc32/bits/wordsize.h ++++ b/sysdeps/powerpc/powerpc32/bits/wordsize.h +@@ -2,10 +2,9 @@ + + #if defined __powerpc64__ + # define __WORDSIZE 64 +-# define __WORDSIZE_TIME64_COMPAT32 1 + #else + # define __WORDSIZE 32 +-# define __WORDSIZE_TIME64_COMPAT32 0 + # define __WORDSIZE32_SIZE_ULONG 0 + # define __WORDSIZE32_PTRDIFF_LONG 0 + #endif ++#define __WORDSIZE_TIME64_COMPAT32 1 +diff --git a/sysdeps/powerpc/powerpc64/bits/wordsize.h b/sysdeps/powerpc/powerpc64/bits/wordsize.h +index 04ca9debf0..6993fb6b29 100644 +--- a/sysdeps/powerpc/powerpc64/bits/wordsize.h ++++ b/sysdeps/powerpc/powerpc64/bits/wordsize.h +@@ -2,10 +2,9 @@ + + #if defined __powerpc64__ + # define __WORDSIZE 64 +-# define __WORDSIZE_TIME64_COMPAT32 1 + #else + # define __WORDSIZE 32 +-# define __WORDSIZE_TIME64_COMPAT32 0 + # define __WORDSIZE32_SIZE_ULONG 0 + # define __WORDSIZE32_PTRDIFF_LONG 0 + #endif ++#define __WORDSIZE_TIME64_COMPAT32 1 +diff --git a/sysdeps/sh/bits/wordsize.h b/sysdeps/sh/bits/wordsize.h +new file mode 100644 +index 0000000000..6ecbfe7c86 +--- /dev/null ++++ b/sysdeps/sh/bits/wordsize.h +@@ -0,0 +1,21 @@ ++/* Copyright (C) 1999-2024 Free Software Foundation, Inc. ++ This file is part of the GNU C Library. ++ ++ The GNU C Library is free software; you can redistribute it and/or ++ modify it under the terms of the GNU Lesser General Public ++ License as published by the Free Software Foundation; either ++ version 2.1 of the License, or (at your option) any later version. ++ ++ The GNU C Library is distributed in the hope that it will be useful, ++ but WITHOUT ANY WARRANTY; without even the implied warranty of ++ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU ++ Lesser General Public License for more details. ++ ++ You should have received a copy of the GNU Lesser General Public ++ License along with the GNU C Library; if not, see ++ . */ ++ ++#define __WORDSIZE 32 ++#define __WORDSIZE_TIME64_COMPAT32 1 ++#define __WORDSIZE32_SIZE_ULONG 0 ++#define __WORDSIZE32_PTRDIFF_LONG 0 +diff --git a/sysdeps/sparc/sparc32/bits/wordsize.h b/sysdeps/sparc/sparc32/bits/wordsize.h +index 4bbd2e63b4..a2e79e0fa9 100644 +--- a/sysdeps/sparc/sparc32/bits/wordsize.h ++++ b/sysdeps/sparc/sparc32/bits/wordsize.h +@@ -1,6 +1,6 @@ + /* Determine the wordsize from the preprocessor defines. */ + + #define __WORDSIZE 32 +-#define __WORDSIZE_TIME64_COMPAT32 0 ++#define __WORDSIZE_TIME64_COMPAT32 1 + #define __WORDSIZE32_SIZE_ULONG 0 + #define __WORDSIZE32_PTRDIFF_LONG 0 +diff --git a/sysdeps/sparc/sparc64/bits/wordsize.h b/sysdeps/sparc/sparc64/bits/wordsize.h +index 2f66f10d72..ea103e5970 100644 +--- a/sysdeps/sparc/sparc64/bits/wordsize.h ++++ b/sysdeps/sparc/sparc64/bits/wordsize.h +@@ -2,10 +2,9 @@ + + #if defined __arch64__ || defined __sparcv9 + # define __WORDSIZE 64 +-# define __WORDSIZE_TIME64_COMPAT32 1 + #else + # define __WORDSIZE 32 +-# define __WORDSIZE_TIME64_COMPAT32 0 + # define __WORDSIZE32_SIZE_ULONG 0 + # define __WORDSIZE32_PTRDIFF_LONG 0 + #endif ++#define __WORDSIZE_TIME64_COMPAT32 1 +diff --git a/sysdeps/unix/sysv/linux/hppa/bits/wordsize.h b/sysdeps/unix/sysv/linux/hppa/bits/wordsize.h +new file mode 100644 +index 0000000000..6ecbfe7c86 +--- /dev/null ++++ b/sysdeps/unix/sysv/linux/hppa/bits/wordsize.h +@@ -0,0 +1,21 @@ ++/* Copyright (C) 1999-2024 Free Software Foundation, Inc. ++ This file is part of the GNU C Library. ++ ++ The GNU C Library is free software; you can redistribute it and/or ++ modify it under the terms of the GNU Lesser General Public ++ License as published by the Free Software Foundation; either ++ version 2.1 of the License, or (at your option) any later version. ++ ++ The GNU C Library is distributed in the hope that it will be useful, ++ but WITHOUT ANY WARRANTY; without even the implied warranty of ++ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU ++ Lesser General Public License for more details. ++ ++ You should have received a copy of the GNU Lesser General Public ++ License along with the GNU C Library; if not, see ++ . */ ++ ++#define __WORDSIZE 32 ++#define __WORDSIZE_TIME64_COMPAT32 1 ++#define __WORDSIZE32_SIZE_ULONG 0 ++#define __WORDSIZE32_PTRDIFF_LONG 0 +diff --git a/sysdeps/unix/sysv/linux/powerpc/bits/wordsize.h b/sysdeps/unix/sysv/linux/powerpc/bits/wordsize.h +index 04ca9debf0..6993fb6b29 100644 +--- a/sysdeps/unix/sysv/linux/powerpc/bits/wordsize.h ++++ b/sysdeps/unix/sysv/linux/powerpc/bits/wordsize.h +@@ -2,10 +2,9 @@ + + #if defined __powerpc64__ + # define __WORDSIZE 64 +-# define __WORDSIZE_TIME64_COMPAT32 1 + #else + # define __WORDSIZE 32 +-# define __WORDSIZE_TIME64_COMPAT32 0 + # define __WORDSIZE32_SIZE_ULONG 0 + # define __WORDSIZE32_PTRDIFF_LONG 0 + #endif ++#define __WORDSIZE_TIME64_COMPAT32 1 +diff --git a/sysdeps/unix/sysv/linux/sparc/bits/wordsize.h b/sysdeps/unix/sysv/linux/sparc/bits/wordsize.h +index 7562875ee2..ea103e5970 100644 +--- a/sysdeps/unix/sysv/linux/sparc/bits/wordsize.h ++++ b/sysdeps/unix/sysv/linux/sparc/bits/wordsize.h +@@ -2,10 +2,9 @@ + + #if defined __arch64__ || defined __sparcv9 + # define __WORDSIZE 64 +-# define __WORDSIZE_TIME64_COMPAT32 1 + #else + # define __WORDSIZE 32 + # define __WORDSIZE32_SIZE_ULONG 0 + # define __WORDSIZE32_PTRDIFF_LONG 0 +-# define __WORDSIZE_TIME64_COMPAT32 0 + #endif ++#define __WORDSIZE_TIME64_COMPAT32 1 +diff --git a/sysdeps/x86/bits/wordsize.h b/sysdeps/x86/bits/wordsize.h +index 70f652bca1..3f40aa76f9 100644 +--- a/sysdeps/x86/bits/wordsize.h ++++ b/sysdeps/x86/bits/wordsize.h +@@ -8,10 +8,9 @@ + #define __WORDSIZE32_PTRDIFF_LONG 0 + #endif + ++#define __WORDSIZE_TIME64_COMPAT32 1 ++ + #ifdef __x86_64__ +-# define __WORDSIZE_TIME64_COMPAT32 1 + /* Both x86-64 and x32 use the 64-bit system call interface. */ + # define __SYSCALL_WORDSIZE 64 +-#else +-# define __WORDSIZE_TIME64_COMPAT32 0 + #endif + +commit acc56074b0a5127631a64640aef1b7c5c103ebd8 +Author: Florian Weimer +Date: Thu May 2 17:06:19 2024 +0200 + + nscd: Use time_t for return type of addgetnetgrentX + + Using int may give false results for future dates (timeouts after the + year 2028). + + Fixes commit 04a21e050d64a1193a6daab872bca2528bda44b ("CVE-2024-33601, + CVE-2024-33602: nscd: netgroup: Use two buffers in addgetnetgrentX + (bug 31680)"). + + Reviewed-by: Carlos O'Donell + (cherry picked from commit 4bbca1a44691a6e9adcee5c6798a707b626bc331) + +diff --git a/nscd/netgroupcache.c b/nscd/netgroupcache.c +index e8fe041846..01d554af9c 100644 +--- a/nscd/netgroupcache.c ++++ b/nscd/netgroupcache.c +@@ -680,8 +680,8 @@ readdinnetgr (struct database_dyn *db, struct hashentry *he, + .key_len = he->len + }; + +- int timeout = addinnetgrX (db, -1, &req, db->data + he->key, he->owner, +- he, dh); ++ time_t timeout = addinnetgrX (db, -1, &req, db->data + he->key, he->owner, ++ he, dh); + if (timeout < 0) + timeout = 0; + return timeout; + +commit 273a835fe7c685cc54266bb8b502787bad5e9bae +Author: Carlos O'Donell +Date: Tue Apr 23 13:30:37 2024 -0400 + + time: Allow later version licensing. + + The FSF's Licensing and Compliance Lab noted a discrepancy in the + licensing of several files in the glibc package. + + When timespect_get.c was impelemented the license did not include + the standard ", or (at your option) any later version." text. + + Change the license in timespec_get.c and all copied files to match + the expected license. + + This change was previously approved in principle by the FSF in + RT ticket #1316403. And a similar instance was fixed in + commit 46703efa02f6ddebce5ee54c92f7c32598de0de6. + + (cherry picked from commit 91695ee4598b39d181ab8df579b888a8863c4cab) + +diff --git a/sysdeps/unix/sysv/linux/timespec_get.c b/sysdeps/unix/sysv/linux/timespec_get.c +index c6e5e66289..778d1e3354 100644 +--- a/sysdeps/unix/sysv/linux/timespec_get.c ++++ b/sysdeps/unix/sysv/linux/timespec_get.c +@@ -5,7 +5,7 @@ + The GNU C Library is free software; you can redistribute it and/or + modify it under the terms of the GNU Lesser General Public + License as published by the Free Software Foundation; either +- version 2.1 of the License. ++ version 2.1 of the License, or (at your option) any later version. + + The GNU C Library is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of +diff --git a/sysdeps/unix/sysv/linux/timespec_getres.c b/sysdeps/unix/sysv/linux/timespec_getres.c +index 5acebe2a2c..2eef9e512c 100644 +--- a/sysdeps/unix/sysv/linux/timespec_getres.c ++++ b/sysdeps/unix/sysv/linux/timespec_getres.c +@@ -5,7 +5,7 @@ + The GNU C Library is free software; you can redistribute it and/or + modify it under the terms of the GNU Lesser General Public + License as published by the Free Software Foundation; either +- version 2.1 of the License. ++ version 2.1 of the License, or (at your option) any later version. + + The GNU C Library is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of +diff --git a/time/timespec_get.c b/time/timespec_get.c +index b031e42ca2..26a044bca6 100644 +--- a/time/timespec_get.c ++++ b/time/timespec_get.c +@@ -4,7 +4,7 @@ + The GNU C Library is free software; you can redistribute it and/or + modify it under the terms of the GNU Lesser General Public + License as published by the Free Software Foundation; either +- version 2.1 of the License. ++ version 2.1 of the License, or (at your option) any later version. + + The GNU C Library is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of +diff --git a/time/timespec_getres.c b/time/timespec_getres.c +index edb397507c..2e18b8bcac 100644 +--- a/time/timespec_getres.c ++++ b/time/timespec_getres.c +@@ -5,7 +5,7 @@ + The GNU C Library is free software; you can redistribute it and/or + modify it under the terms of the GNU Lesser General Public + License as published by the Free Software Foundation; either +- version 2.1 of the License. ++ version 2.1 of the License, or (at your option) any later version. + + The GNU C Library is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + +commit 3148714ab61ad61281bae5a30f530d637034ac3b +Author: Gabi Falk +Date: Tue Apr 30 20:05:02 2024 +0000 + + i586: Fix multiple definitions of __memcpy_chk and __mempcpy_chk + + /home/bmg/install/compilers/x86_64-linux-gnu/lib/gcc/x86_64-glibc-linux-gnu/13.2.1/../../../../x86_64-glibc-linux-gnu/bin/ld: /home/bmg/build/glibcs/i586-linux-gnu/glibc/libc.a(memcpy_chk.o): in function `__memcpy_chk': + /home/bmg/src/glibc/debug/../sysdeps/i386/memcpy_chk.S:29: multiple definition of `__memcpy_chk';/home/bmg/build/glibcs/i586-linux-gnu/glibc/libc.a(memcpy.o):/home/bmg/src/glibc/string/../sysdeps/i386/i586/memcpy.S:31: first defined here /home/bmg/install/compilers/x86_64-linux-gnu/lib/gcc/x86_64-glibc-linux-gnu/13.2.1/../../../../x86_64-glibc-linux-gnu/bin/ld: /home/bmg/build/glibcs/i586-linux-gnu/glibc/libc.a(mempcpy_chk.o): in function `__mempcpy_chk': /home/bmg/src/glibc/debug/../sysdeps/i386/mempcpy_chk.S:28: multiple definition of `__mempcpy_chk'; /home/bmg/build/glibcs/i586-linux-gnu/glibc/libc.a(mempcpy.o):/home/bmg/src/glibc/string/../sysdeps/i386/i586/memcpy.S:31: first defined here + + After this change, the static library built for i586, regardless of PIC + options, contains implementations of these functions respectively from + sysdeps/i386/memcpy_chk.S and sysdeps/i386/mempcpy_chk.S. This ensures + that memcpy and mempcpy won't pull in __chk_fail and the routines it + calls. + + Reported-by: Florian Weimer + Signed-off-by: Gabi Falk + Reviewed-by: H.J. Lu + Reviewed-by: Dmitry V. Levin + (cherry picked from commit 789894a2f554d4503ecb2f13b2b4e93e43414f33) + +diff --git a/sysdeps/i386/i586/memcpy.S b/sysdeps/i386/i586/memcpy.S +index 3e26f112d6..79856d498a 100644 +--- a/sysdeps/i386/i586/memcpy.S ++++ b/sysdeps/i386/i586/memcpy.S +@@ -26,7 +26,7 @@ + #define LEN SRC+4 + + .text +-#if defined PIC && IS_IN (libc) ++#if defined SHARED && IS_IN (libc) + ENTRY (__memcpy_chk) + movl 12(%esp), %eax + cmpl %eax, 16(%esp) + +commit ad92c483a4bd34db1cfb3eb625212ea64848244f +Author: Gabi Falk +Date: Tue Apr 30 20:05:03 2024 +0000 + + i686: Fix multiple definitions of __memmove_chk and __memset_chk + + Commit c73c96a4a1af1326df7f96eec58209e1e04066d8 updated memcpy.S and + mempcpy.S, but omitted memmove.S and memset.S. As a result, the static + library built as PIC, whether with or without multiarch support, + contains two definitions for each of the __memmove_chk and __memset_chk + symbols. + + /usr/lib/gcc/i686-pc-linux-gnu/14/../../../../i686-pc-linux-gnu/bin/ld: /usr/lib/gcc/i686-pc-linux-gnu/14/../../../../lib/libc.a(memset-ia32.o): in function `__memset_chk': + /var/tmp/portage/sys-libs/glibc-2.39-r3/work/glibc-2.39/string/../sysdeps/i386/i686/memset.S:32: multiple definition of `__memset_chk'; /usr/lib/gcc/i686-pc-linux-gnu/14/../../../../lib/libc.a(memset_chk.o):/var/tmp/portage/sys-libs/glibc-2.39-r3/work/glibc-2.39/debug/../sysdeps/i386/i686/multiarch/memset_chk.c:24: first defined here + + After this change, regardless of PIC options, the static library, built + for i686 with multiarch contains implementations of these functions + respectively from debug/memmove_chk.c and debug/memset_chk.c, and + without multiarch contains implementations of these functions + respectively from sysdeps/i386/memmove_chk.S and + sysdeps/i386/memset_chk.S. This ensures that memmove and memset won't + pull in __chk_fail and the routines it calls. + + Reported-by: Sam James + Tested-by: Sam James + Fixes: c73c96a4a1 ("i686: Fix build with --disable-multiarch") + Signed-off-by: Gabi Falk + Reviewed-by: H.J. Lu + Reviewed-by: Dmitry V. Levin + (cherry picked from commit 5a2cf833f5772d6c37c7adac388dd9af9cc1c4b9) + +diff --git a/sysdeps/i386/i686/memmove.S b/sysdeps/i386/i686/memmove.S +index f230359ad6..effd958120 100644 +--- a/sysdeps/i386/i686/memmove.S ++++ b/sysdeps/i386/i686/memmove.S +@@ -29,7 +29,7 @@ + #define SRC DEST+4 + #define LEN SRC+4 + +-#if defined PIC && IS_IN (libc) ++#if defined SHARED && IS_IN (libc) + ENTRY_CHK (__memmove_chk) + movl 12(%esp), %eax + cmpl %eax, 16(%esp) +diff --git a/sysdeps/i386/i686/memset.S b/sysdeps/i386/i686/memset.S +index f02f5a6df7..ab06771ea0 100644 +--- a/sysdeps/i386/i686/memset.S ++++ b/sysdeps/i386/i686/memset.S +@@ -27,7 +27,7 @@ + #define LEN CHR+4 + + .text +-#if defined PIC && IS_IN (libc) ++#if defined SHARED && IS_IN (libc) + ENTRY_CHK (__memset_chk) + movl 12(%esp), %eax + cmpl %eax, 16(%esp) + +commit ff110b2591f0bdeccd121c3726af19c62d6fb184 +Author: Gabi Falk +Date: Tue Apr 30 20:05:04 2024 +0000 + + Add a test to check for duplicate definitions in the static library + + This change follows two previous fixes addressing multiple definitions + of __memcpy_chk and __mempcpy_chk functions on i586, and __memmove_chk + and __memset_chk functions on i686. The test is intended to prevent + such issues from occurring in the future. + + Signed-off-by: Gabi Falk + Reviewed-by: H.J. Lu + Reviewed-by: Dmitry V. Levin + (cherry picked from commit ded2e0753e9c46debeb2e0d26c5e560d2581d314) + +diff --git a/Makefile b/Makefile +index 7052b46df8..2e351c0321 100644 +--- a/Makefile ++++ b/Makefile +@@ -577,6 +577,13 @@ $(objpfx)lint-makefiles.out: scripts/lint-makefiles.sh + $(SHELL) $< "$(PYTHON)" `pwd` > $@ ; \ + $(evaluate-test) + ++# Link libc.a as a whole to verify that it does not contain multiple ++# definitions of any symbols. ++tests-special += $(objpfx)link-static-libc.out ++$(objpfx)link-static-libc.out: ++ $(LINK.o) $(whole-archive) -r $(objpfx)libc.a -o /dev/null > $@ 2>&1; \ ++ $(evaluate-test) ++ + # Print test summary for tests in $1 .sum file; + # $2 is optional test identifier. + # Fail if there are unexpected failures in the test results. + +commit fa616ea3730cb42046d19f28d611be0bc390af7c +Author: Sam James +Date: Sat May 4 13:28:13 2024 +0100 + + Revert "Add a test to check for duplicate definitions in the static library" + + This reverts commit ff110b2591f0bdeccd121c3726af19c62d6fb184. + + I had the wrong cherry-pick reference (the commit content is right; it's + just referring to a base that isn't upstream), but let's revert and reapply + for clarity. + + Signed-off-by: Sam James + +diff --git a/Makefile b/Makefile +index 2e351c0321..7052b46df8 100644 +--- a/Makefile ++++ b/Makefile +@@ -577,13 +577,6 @@ $(objpfx)lint-makefiles.out: scripts/lint-makefiles.sh + $(SHELL) $< "$(PYTHON)" `pwd` > $@ ; \ + $(evaluate-test) + +-# Link libc.a as a whole to verify that it does not contain multiple +-# definitions of any symbols. +-tests-special += $(objpfx)link-static-libc.out +-$(objpfx)link-static-libc.out: +- $(LINK.o) $(whole-archive) -r $(objpfx)libc.a -o /dev/null > $@ 2>&1; \ +- $(evaluate-test) +- + # Print test summary for tests in $1 .sum file; + # $2 is optional test identifier. + # Fail if there are unexpected failures in the test results. + +commit c16871e662cd0f3370173d916864b19e69f1bc9a +Author: Sam James +Date: Sat May 4 13:28:51 2024 +0100 + + Revert "i686: Fix multiple definitions of __memmove_chk and __memset_chk" + + This reverts commit ad92c483a4bd34db1cfb3eb625212ea64848244f. + + I had the wrong cherry-pick reference (the commit content is right; it's + just referring to a base that isn't upstream), but let's revert and reapply + for clarity. + + Signed-off-by: Sam James + +diff --git a/sysdeps/i386/i686/memmove.S b/sysdeps/i386/i686/memmove.S +index effd958120..f230359ad6 100644 +--- a/sysdeps/i386/i686/memmove.S ++++ b/sysdeps/i386/i686/memmove.S +@@ -29,7 +29,7 @@ + #define SRC DEST+4 + #define LEN SRC+4 + +-#if defined SHARED && IS_IN (libc) ++#if defined PIC && IS_IN (libc) + ENTRY_CHK (__memmove_chk) + movl 12(%esp), %eax + cmpl %eax, 16(%esp) +diff --git a/sysdeps/i386/i686/memset.S b/sysdeps/i386/i686/memset.S +index ab06771ea0..f02f5a6df7 100644 +--- a/sysdeps/i386/i686/memset.S ++++ b/sysdeps/i386/i686/memset.S +@@ -27,7 +27,7 @@ + #define LEN CHR+4 + + .text +-#if defined SHARED && IS_IN (libc) ++#if defined PIC && IS_IN (libc) + ENTRY_CHK (__memset_chk) + movl 12(%esp), %eax + cmpl %eax, 16(%esp) + +commit 5141d4d83c17406f0eaea3e345ef2b52e10f386e +Author: Sam James +Date: Sat May 4 13:28:54 2024 +0100 + + Revert "i586: Fix multiple definitions of __memcpy_chk and __mempcpy_chk" + + This reverts commit 3148714ab61ad61281bae5a30f530d637034ac3b. + + I had the wrong cherry-pick reference (the commit content is right; it's + just referring to a base that isn't upstream), but let's revert and reapply + for clarity. + + Signed-off-by: Sam James + +diff --git a/sysdeps/i386/i586/memcpy.S b/sysdeps/i386/i586/memcpy.S +index 79856d498a..3e26f112d6 100644 +--- a/sysdeps/i386/i586/memcpy.S ++++ b/sysdeps/i386/i586/memcpy.S +@@ -26,7 +26,7 @@ + #define LEN SRC+4 + + .text +-#if defined SHARED && IS_IN (libc) ++#if defined PIC && IS_IN (libc) + ENTRY (__memcpy_chk) + movl 12(%esp), %eax + cmpl %eax, 16(%esp) + +commit 8323a83abd73446dc434aceff66219712c09140b +Author: Gabi Falk +Date: Tue Apr 30 20:05:02 2024 +0000 + + i586: Fix multiple definitions of __memcpy_chk and __mempcpy_chk + + /home/bmg/install/compilers/x86_64-linux-gnu/lib/gcc/x86_64-glibc-linux-gnu/13.2.1/../../../../x86_64-glibc-linux-gnu/bin/ld: /home/bmg/build/glibcs/i586-linux-gnu/glibc/libc.a(memcpy_chk.o): in function `__memcpy_chk': + /home/bmg/src/glibc/debug/../sysdeps/i386/memcpy_chk.S:29: multiple definition of `__memcpy_chk';/home/bmg/build/glibcs/i586-linux-gnu/glibc/libc.a(memcpy.o):/home/bmg/src/glibc/string/../sysdeps/i386/i586/memcpy.S:31: first defined here /home/bmg/install/compilers/x86_64-linux-gnu/lib/gcc/x86_64-glibc-linux-gnu/13.2.1/../../../../x86_64-glibc-linux-gnu/bin/ld: /home/bmg/build/glibcs/i586-linux-gnu/glibc/libc.a(mempcpy_chk.o): in function `__mempcpy_chk': /home/bmg/src/glibc/debug/../sysdeps/i386/mempcpy_chk.S:28: multiple definition of `__mempcpy_chk'; /home/bmg/build/glibcs/i586-linux-gnu/glibc/libc.a(mempcpy.o):/home/bmg/src/glibc/string/../sysdeps/i386/i586/memcpy.S:31: first defined here + + After this change, the static library built for i586, regardless of PIC + options, contains implementations of these functions respectively from + sysdeps/i386/memcpy_chk.S and sysdeps/i386/mempcpy_chk.S. This ensures + that memcpy and mempcpy won't pull in __chk_fail and the routines it + calls. + + Reported-by: Florian Weimer + Signed-off-by: Gabi Falk + Reviewed-by: H.J. Lu + Reviewed-by: Dmitry V. Levin + (cherry picked from commit 0fdf4ba48ccce5abf567340b0ab8fa8ed8a9bc6e) + +diff --git a/sysdeps/i386/i586/memcpy.S b/sysdeps/i386/i586/memcpy.S +index 3e26f112d6..79856d498a 100644 +--- a/sysdeps/i386/i586/memcpy.S ++++ b/sysdeps/i386/i586/memcpy.S +@@ -26,7 +26,7 @@ + #define LEN SRC+4 + + .text +-#if defined PIC && IS_IN (libc) ++#if defined SHARED && IS_IN (libc) + ENTRY (__memcpy_chk) + movl 12(%esp), %eax + cmpl %eax, 16(%esp) + +commit 8b005d7869debac4d5cd67f65e49a0fad89da9ad +Author: Gabi Falk +Date: Tue Apr 30 20:05:03 2024 +0000 + + i686: Fix multiple definitions of __memmove_chk and __memset_chk + + Commit c73c96a4a1af1326df7f96eec58209e1e04066d8 updated memcpy.S and + mempcpy.S, but omitted memmove.S and memset.S. As a result, the static + library built as PIC, whether with or without multiarch support, + contains two definitions for each of the __memmove_chk and __memset_chk + symbols. + + /usr/lib/gcc/i686-pc-linux-gnu/14/../../../../i686-pc-linux-gnu/bin/ld: /usr/lib/gcc/i686-pc-linux-gnu/14/../../../../lib/libc.a(memset-ia32.o): in function `__memset_chk': + /var/tmp/portage/sys-libs/glibc-2.39-r3/work/glibc-2.39/string/../sysdeps/i386/i686/memset.S:32: multiple definition of `__memset_chk'; /usr/lib/gcc/i686-pc-linux-gnu/14/../../../../lib/libc.a(memset_chk.o):/var/tmp/portage/sys-libs/glibc-2.39-r3/work/glibc-2.39/debug/../sysdeps/i386/i686/multiarch/memset_chk.c:24: first defined here + + After this change, regardless of PIC options, the static library, built + for i686 with multiarch contains implementations of these functions + respectively from debug/memmove_chk.c and debug/memset_chk.c, and + without multiarch contains implementations of these functions + respectively from sysdeps/i386/memmove_chk.S and + sysdeps/i386/memset_chk.S. This ensures that memmove and memset won't + pull in __chk_fail and the routines it calls. + + Reported-by: Sam James + Tested-by: Sam James + Fixes: c73c96a4a1 ("i686: Fix build with --disable-multiarch") + Signed-off-by: Gabi Falk + Reviewed-by: H.J. Lu + Reviewed-by: Dmitry V. Levin + (cherry picked from commit 5a2cf833f5772d6c37c7adac388dd9af9cc1c4b9) + +diff --git a/sysdeps/i386/i686/memmove.S b/sysdeps/i386/i686/memmove.S +index f230359ad6..effd958120 100644 +--- a/sysdeps/i386/i686/memmove.S ++++ b/sysdeps/i386/i686/memmove.S +@@ -29,7 +29,7 @@ + #define SRC DEST+4 + #define LEN SRC+4 + +-#if defined PIC && IS_IN (libc) ++#if defined SHARED && IS_IN (libc) + ENTRY_CHK (__memmove_chk) + movl 12(%esp), %eax + cmpl %eax, 16(%esp) +diff --git a/sysdeps/i386/i686/memset.S b/sysdeps/i386/i686/memset.S +index f02f5a6df7..ab06771ea0 100644 +--- a/sysdeps/i386/i686/memset.S ++++ b/sysdeps/i386/i686/memset.S +@@ -27,7 +27,7 @@ + #define LEN CHR+4 + + .text +-#if defined PIC && IS_IN (libc) ++#if defined SHARED && IS_IN (libc) + ENTRY_CHK (__memset_chk) + movl 12(%esp), %eax + cmpl %eax, 16(%esp) + +commit f8e462342189525e4605cf233b8f798d1c7f398d +Author: Gabi Falk +Date: Tue Apr 30 20:05:04 2024 +0000 + + Add a test to check for duplicate definitions in the static library + + This change follows two previous fixes addressing multiple definitions + of __memcpy_chk and __mempcpy_chk functions on i586, and __memmove_chk + and __memset_chk functions on i686. The test is intended to prevent + such issues from occurring in the future. + + Signed-off-by: Gabi Falk + Reviewed-by: H.J. Lu + Reviewed-by: Dmitry V. Levin + (cherry picked from commit ded2e0753e9c46debeb2e0d26c5e560d2581d314) + +diff --git a/Makefile b/Makefile +index 7052b46df8..2e351c0321 100644 +--- a/Makefile ++++ b/Makefile +@@ -577,6 +577,13 @@ $(objpfx)lint-makefiles.out: scripts/lint-makefiles.sh + $(SHELL) $< "$(PYTHON)" `pwd` > $@ ; \ + $(evaluate-test) + ++# Link libc.a as a whole to verify that it does not contain multiple ++# definitions of any symbols. ++tests-special += $(objpfx)link-static-libc.out ++$(objpfx)link-static-libc.out: ++ $(LINK.o) $(whole-archive) -r $(objpfx)libc.a -o /dev/null > $@ 2>&1; \ ++ $(evaluate-test) ++ + # Print test summary for tests in $1 .sum file; + # $2 is optional test identifier. + # Fail if there are unexpected failures in the test results. diff --git a/pkgs/development/libraries/glibc/common.nix b/pkgs/development/libraries/glibc/common.nix index 7418abaa1ba5c..1dde7c44bd47d 100644 --- a/pkgs/development/libraries/glibc/common.nix +++ b/pkgs/development/libraries/glibc/common.nix @@ -44,7 +44,7 @@ let version = "2.39"; - patchSuffix = "-31"; + patchSuffix = "-52"; sha256 = "sha256-93vUfPgXDFc2Wue/hmlsEYrbOxINMlnGTFAtPcHi2SY="; in @@ -60,7 +60,7 @@ stdenv.mkDerivation ({ [ /* No tarballs for stable upstream branch, only https://sourceware.org/git/glibc.git and using git would complicate bootstrapping. $ git fetch --all -p && git checkout origin/release/2.39/master && git describe - glibc-2.39-31-g31da30f23c + glibc-2.39-52-gf8e4623421 $ git show --minimal --reverse glibc-2.39.. ':!ADVISORIES' > 2.39-master.patch To compare the archive contents zdiff can be used. From 6234b3e818ccbcf22fafeef17584e88f8298c4e3 Mon Sep 17 00:00:00 2001 From: Audrey Dutcher Date: Sun, 28 Apr 2024 11:33:36 -0700 Subject: [PATCH 19/88] zlib: link with --undefined-version on lld --- pkgs/development/libraries/zlib/default.nix | 13 ++++++++++--- 1 file changed, 10 insertions(+), 3 deletions(-) diff --git a/pkgs/development/libraries/zlib/default.nix b/pkgs/development/libraries/zlib/default.nix index 687fb3598444e..23795b6aab40d 100644 --- a/pkgs/development/libraries/zlib/default.nix +++ b/pkgs/development/libraries/zlib/default.nix @@ -101,9 +101,16 @@ stdenv.mkDerivation (finalAttrs: { ln -s zlib1.dll $out/bin/libz.dll ''; - # As zlib takes part in the stdenv building, we don't want references - # to the bootstrap-tools libgcc (as uses to happen on arm/mips) - env.NIX_CFLAGS_COMPILE = lib.optionalString (!stdenv.hostPlatform.isDarwin) "-static-libgcc"; + env = lib.optionalAttrs (!stdenv.hostPlatform.isDarwin) { + # As zlib takes part in the stdenv building, we don't want references + # to the bootstrap-tools libgcc (as uses to happen on arm/mips) + NIX_CFLAGS_COMPILE = "-static-libgcc"; + } // lib.optionalAttrs (stdenv.hostPlatform.linker == "lld") { + # lld 16 enables --no-undefined-version by defualt + # This makes configure think it can't build dynamic libraries + # this may be removed when a version is packaged with https://github.com/madler/zlib/issues/960 fixed + NIX_LDFLAGS = "--undefined-version"; + }; # We don't strip on static cross-compilation because of reports that native # stripping corrupted the target library; see commit 12e960f5 for the report. From 57bdbabed57431940bafd22371c910c187213ea2 Mon Sep 17 00:00:00 2001 From: Alyssa Ross Date: Mon, 6 May 2024 17:39:15 +0200 Subject: [PATCH 20/88] util-linux: 2.39.3 -> 2.40.1 Fixes: CVE-2024-28085 --- pkgs/os-specific/linux/util-linux/default.nix | 10 ++++++---- 1 file changed, 6 insertions(+), 4 deletions(-) diff --git a/pkgs/os-specific/linux/util-linux/default.nix b/pkgs/os-specific/linux/util-linux/default.nix index ba989b41a6cac..642480b670c71 100644 --- a/pkgs/os-specific/linux/util-linux/default.nix +++ b/pkgs/os-specific/linux/util-linux/default.nix @@ -2,6 +2,7 @@ , capabilitiesSupport ? stdenv.isLinux , libcap_ng , libxcrypt +, sqlite , ncursesSupport ? true , ncurses , pamSupport ? true @@ -20,11 +21,11 @@ stdenv.mkDerivation rec { pname = "util-linux" + lib.optionalString (!nlsSupport && !ncursesSupport && !systemdSupport) "-minimal"; - version = "2.39.3"; + version = "2.40.1"; src = fetchurl { url = "mirror://kernel/linux/utils/util-linux/v${lib.versions.majorMinor version}/util-linux-${version}.tar.xz"; - hash = "sha256-e2YF5I0aSfQ8xLTPxZ8xPQ3VQC+kC5aBC9Vy4Wff7Q8="; + hash = "sha256-WeZ2qlPMtEtsOfD/4BqPonSJHJG+8UdHUvrZJGHe8k8="; }; patches = [ @@ -40,7 +41,7 @@ stdenv.mkDerivation rec { separateDebugInfo = true; postPatch = '' - patchShebangs tests/run.sh + patchShebangs tests/run.sh tools/all_syscalls substituteInPlace sys-utils/eject.c \ --replace "/bin/umount" "$bin/bin/umount" @@ -59,6 +60,7 @@ stdenv.mkDerivation rec { "--enable-fs-paths-default=/run/wrappers/bin:/run/current-system/sw/bin:/sbin" "--disable-makeinstall-setuid" "--disable-makeinstall-chown" "--disable-su" # provided by shadow + "--with-tmpfilesdir=${placeholder "out"}/lib/tmpfiles.d" (lib.enableFeature writeSupport "write") (lib.enableFeature nlsSupport "nls") (lib.withFeature ncursesSupport "ncursesw") @@ -80,7 +82,7 @@ stdenv.mkDerivation rec { nativeBuildInputs = [ pkg-config installShellFiles ] ++ lib.optionals translateManpages [ po4a ]; - buildInputs = [ zlib libxcrypt ] + buildInputs = [ zlib libxcrypt sqlite ] ++ lib.optionals pamSupport [ pam ] ++ lib.optionals capabilitiesSupport [ libcap_ng ] ++ lib.optionals ncursesSupport [ ncurses ] From 234502f34803c2630d97a55c2d5b98b1108192fc Mon Sep 17 00:00:00 2001 From: Alyssa Ross Date: Tue, 7 May 2024 15:42:18 +0200 Subject: [PATCH 21/88] libmbim: remove unused systemd dependency This was originally a dependency on udev, from back when libmbim used udev rather than directly interacting with sysfs. It was converted from udev to systemd in 005c3cffc15c ("libmbim: 1.16.2 -> 1.18.0"), presumably just because at the time udev was considered to be a deprecated alias for systemd, because the libmbim source code from that time doesn't mention systemd. Nowadays, neither udev or systemd is mentioned in the libmbim source code, except that it installs some udev rules of its own. --- pkgs/development/libraries/libmbim/default.nix | 1 - 1 file changed, 1 deletion(-) diff --git a/pkgs/development/libraries/libmbim/default.nix b/pkgs/development/libraries/libmbim/default.nix index 8ceb1b3b03bf3..dfb1c93bb6fb4 100644 --- a/pkgs/development/libraries/libmbim/default.nix +++ b/pkgs/development/libraries/libmbim/default.nix @@ -52,7 +52,6 @@ stdenv.mkDerivation rec { buildInputs = [ glib - systemd bash-completion bash ]; From ea424909106ddedfffbef2526cf04dad2f6b9137 Mon Sep 17 00:00:00 2001 From: Arthur Gautier Date: Tue, 7 May 2024 10:18:33 -0700 Subject: [PATCH 22/88] tpm2-tss: 4.1.0 -> 4.1.1 --- pkgs/development/libraries/tpm2-tss/default.nix | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/pkgs/development/libraries/tpm2-tss/default.nix b/pkgs/development/libraries/tpm2-tss/default.nix index 3fa8800abfa54..354ab06d26b23 100644 --- a/pkgs/development/libraries/tpm2-tss/default.nix +++ b/pkgs/development/libraries/tpm2-tss/default.nix @@ -15,13 +15,13 @@ in stdenv.mkDerivation rec { pname = "tpm2-tss"; - version = "4.1.0"; + version = "4.1.1"; src = fetchFromGitHub { owner = "tpm2-software"; repo = pname; rev = version; - hash = "sha256-cQdIPQNZzy5CisWw5yifPXC7FqaZxj4VKWpvtPOffE8="; + hash = "sha256-paqTQ7DQI0Nd8q0qUPRa2UZ/oE5nrVEq5KUiG8hRXuQ="; }; outputs = [ "out" "man" "dev" ]; From 8ea6b8dcacecd3b6565978c552c8148f8ce19d77 Mon Sep 17 00:00:00 2001 From: Alyssa Ross Date: Tue, 7 May 2024 20:06:21 +0200 Subject: [PATCH 23/88] libmbim: remove unused systemd input Oops. Fixes: 234502f34803 ("libmbim: remove unused systemd dependency") --- pkgs/development/libraries/libmbim/default.nix | 1 - 1 file changed, 1 deletion(-) diff --git a/pkgs/development/libraries/libmbim/default.nix b/pkgs/development/libraries/libmbim/default.nix index dfb1c93bb6fb4..ee4acc094e668 100644 --- a/pkgs/development/libraries/libmbim/default.nix +++ b/pkgs/development/libraries/libmbim/default.nix @@ -7,7 +7,6 @@ , glib , python3 , help2man -, systemd , bash-completion , bash , buildPackages From f05f40d64fefa2ff1308f8b28677875f963accf3 Mon Sep 17 00:00:00 2001 From: Stig Palmquist Date: Tue, 7 May 2024 23:12:15 +0200 Subject: [PATCH 24/88] python3Packages.python-jose: add patches for CVE-2024-33663 and CVE-2024-33664 --- .../python-modules/python-jose/default.nix | 14 ++++++++++++++ 1 file changed, 14 insertions(+) diff --git a/pkgs/development/python-modules/python-jose/default.nix b/pkgs/development/python-modules/python-jose/default.nix index 9739e5bf7f65e..82600b4d3e59e 100644 --- a/pkgs/development/python-modules/python-jose/default.nix +++ b/pkgs/development/python-modules/python-jose/default.nix @@ -1,6 +1,7 @@ { lib , buildPythonPackage , fetchFromGitHub +, fetchpatch # build-system , setuptools @@ -31,6 +32,19 @@ buildPythonPackage rec { hash = "sha256-6VGC6M5oyGCOiXcYp6mpyhL+JlcYZKIqOQU9Sm/TkKM="; }; + patches = [ + (fetchpatch { + name = "CVE-2024-33663.patch"; + url = "https://build.opensuse.org/public/source/openSUSE:Factory/python-python-jose/CVE-2024-33663.patch?rev=36cd8815411620042f56a3b81599b341"; + hash = "sha256-uxOCa7Lg82zY2nuHzw6CbcymCKUodITrFU3lLY1XMFU="; + }) + (fetchpatch { + name = "CVE-2024-33664.patch"; + url = "https://build.opensuse.org/public/source/openSUSE:Factory/python-python-jose/CVE-2024-33664.patch?rev=36cd8815411620042f56a3b81599b341"; + hash = "sha256-wx/U1T7t7TloP+dMXxGxEVB3bMC7e6epmN8RE8FKksM="; + }) + ]; + postPatch = '' substituteInPlace setup.py \ --replace '"pytest-runner",' "" From ff0e3078532c0ebf4320c18d03ef471c5c112771 Mon Sep 17 00:00:00 2001 From: "R. Ryantm" Date: Wed, 8 May 2024 02:01:53 +0000 Subject: [PATCH 25/88] go: 1.22.2 -> 1.22.3 --- pkgs/development/compilers/go/1.22.nix | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/pkgs/development/compilers/go/1.22.nix b/pkgs/development/compilers/go/1.22.nix index 6a3cfd39203d5..c0103090b3314 100644 --- a/pkgs/development/compilers/go/1.22.nix +++ b/pkgs/development/compilers/go/1.22.nix @@ -47,11 +47,11 @@ let in stdenv.mkDerivation (finalAttrs: { pname = "go"; - version = "1.22.2"; + version = "1.22.3"; src = fetchurl { url = "https://go.dev/dl/go${finalAttrs.version}.src.tar.gz"; - hash = "sha256-N06oKyiexzjpaCZ8rFnH1f8YD5SSJQJUeEsgROkN9ak="; + hash = "sha256-gGSO80+QMZPXKlnA3/AZ9fmK4MmqE63gsOy/+ZGnb2g="; }; strictDeps = true; From ff8042515983b75db625af3454f3faa2a5f9ffa9 Mon Sep 17 00:00:00 2001 From: Alyssa Ross Date: Tue, 7 May 2024 15:33:54 +0200 Subject: [PATCH 26/88] pkgsStatic.libgudev: fix build --- pkgs/development/libraries/libgudev/default.nix | 17 ++++++++++++----- 1 file changed, 12 insertions(+), 5 deletions(-) diff --git a/pkgs/development/libraries/libgudev/default.nix b/pkgs/development/libraries/libgudev/default.nix index 99ca086792fb0..0da42d832f056 100644 --- a/pkgs/development/libraries/libgudev/default.nix +++ b/pkgs/development/libraries/libgudev/default.nix @@ -6,11 +6,13 @@ , ninja , udev , glib +, glibcLocales +, umockdev , gnome , vala , gobject-introspection -, glibcLocales -, umockdev +, buildPackages +, withIntrospection ? lib.meta.availableOn stdenv.hostPlatform gobject-introspection && stdenv.hostPlatform.emulatorAvailable buildPackages }: stdenv.mkDerivation (finalAttrs: { @@ -42,9 +44,10 @@ stdenv.mkDerivation (finalAttrs: { pkg-config meson ninja - vala glib # for glib-mkenums needed during the build + ] ++ lib.optionals withIntrospection [ gobject-introspection + vala ]; buildInputs = [ @@ -57,8 +60,12 @@ stdenv.mkDerivation (finalAttrs: { umockdev ]; - doCheck = true; - mesonFlags = lib.optional (!finalAttrs.finalPackage.doCheck) "-Dtests=disabled"; + doCheck = withIntrospection; + mesonFlags = [ + (lib.mesonEnable "introspection" withIntrospection) + (lib.mesonEnable "vapi" withIntrospection) + (lib.mesonEnable "tests" finalAttrs.finalPackage.doCheck) + ]; passthru = { updateScript = gnome.updateScript { From 2b3d191a28dc8ba81adae4ccfa8e2d93c9c89f35 Mon Sep 17 00:00:00 2001 From: Alyssa Ross Date: Wed, 8 May 2024 10:54:33 +0200 Subject: [PATCH 27/88] libndp: fix cross compilation to musl Assume that malloc works properly if cross compiling. --- pkgs/development/libraries/libndp/default.nix | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/pkgs/development/libraries/libndp/default.nix b/pkgs/development/libraries/libndp/default.nix index b04b22da12369..436045da89fb2 100644 --- a/pkgs/development/libraries/libndp/default.nix +++ b/pkgs/development/libraries/libndp/default.nix @@ -11,6 +11,10 @@ stdenv.mkDerivation rec { nativeBuildInputs = [ autoreconfHook ]; + configureFlags = lib.optionals (stdenv.hostPlatform != stdenv.buildPlatform) [ + "ac_cv_func_malloc_0_nonnull=yes" + ]; + meta = with lib; { homepage = "http://libndp.org/"; description = "Library for Neighbor Discovery Protocol"; From 0a1e4ef429073cee7ef975258b7170910f817280 Mon Sep 17 00:00:00 2001 From: K900 Date: Thu, 9 May 2024 13:16:44 +0300 Subject: [PATCH 28/88] pipewire: 1.0.5 -> 1.0.6 Diff: https://gitlab.freedesktop.org/pipewire/pipewire/-/compare/1.0.5...1.0.6 Changelog: https://gitlab.freedesktop.org/pipewire/pipewire/-/releases/1.0.6 --- pkgs/development/libraries/pipewire/default.nix | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/pkgs/development/libraries/pipewire/default.nix b/pkgs/development/libraries/pipewire/default.nix index 48f2dec6b89bc..d052898d0d82c 100644 --- a/pkgs/development/libraries/pipewire/default.nix +++ b/pkgs/development/libraries/pipewire/default.nix @@ -76,7 +76,7 @@ assert ldacbtSupport -> bluezSupport; stdenv.mkDerivation(finalAttrs: { pname = "pipewire"; - version = "1.0.5"; + version = "1.0.6"; outputs = [ "out" @@ -92,7 +92,7 @@ stdenv.mkDerivation(finalAttrs: { owner = "pipewire"; repo = "pipewire"; rev = finalAttrs.version; - sha256 = "sha256-lgrwN83eywMKdsm0ig9QATDt3U5RboJ4kyILE+ts9Ts="; + sha256 = "sha256-JrKSsYCMNRHHh92Sn/03Bq2gPaXNYTqmwaLXkE0axdA="; }; patches = [ From 68c889daa000c7ba5fefe507aed70dbd61e76bce Mon Sep 17 00:00:00 2001 From: Leona Maroni Date: Wed, 8 May 2024 00:04:29 +0200 Subject: [PATCH 29/88] glib: 2.80.0 -> 2.80.2 https://gitlab.gnome.org/GNOME/glib/-/compare/2.80.0...2.80.1 https://gitlab.gnome.org/GNOME/glib/-/blob/2.80.1/NEWS CVE-2024-34397 --- pkgs/development/libraries/glib/default.nix | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/pkgs/development/libraries/glib/default.nix b/pkgs/development/libraries/glib/default.nix index d5202e113764a..f7117bbe8bb43 100644 --- a/pkgs/development/libraries/glib/default.nix +++ b/pkgs/development/libraries/glib/default.nix @@ -57,11 +57,11 @@ in stdenv.mkDerivation (finalAttrs: { pname = "glib"; - version = "2.80.0"; + version = "2.80.2"; src = fetchurl { url = "mirror://gnome/sources/glib/${lib.versions.majorMinor finalAttrs.version}/glib-${finalAttrs.version}.tar.xz"; - hash = "sha256-giipL5KkEhYLE5rmi2NFvSjyRDSnta8VDr4h/1h6Vh0="; + hash = "sha256-uc+296W9WzEjj9XVbfImst2l6jdhFHW/ifag+UAP6L0="; }; patches = lib.optionals stdenv.isDarwin [ @@ -236,7 +236,7 @@ stdenv.mkDerivation (finalAttrs: { done # Cannot be in postInstall, otherwise _multioutDocs hook in preFixup will move right back. - moveToOutput "share/doc/glib-2.0" "$devdoc" + moveToOutput "share/doc" "$devdoc" ''; nativeCheckInputs = [ tzdata desktop-file-utils shared-mime-info ]; From f6f3c69442370d5191b1e862dc61a635e2d38ab1 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Fabi=C3=A1n=20Heredia=20Montiel?= Date: Wed, 8 May 2024 17:21:23 -0600 Subject: [PATCH 30/88] =?UTF-8?q?mesa:=2024.0.6=20=E2=86=92=2024.0.7?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit https://docs.mesa3d.org/relnotes/24.0.7.html --- pkgs/development/libraries/mesa/default.nix | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/pkgs/development/libraries/mesa/default.nix b/pkgs/development/libraries/mesa/default.nix index d27707d91e889..c6c00279d59f5 100644 --- a/pkgs/development/libraries/mesa/default.nix +++ b/pkgs/development/libraries/mesa/default.nix @@ -111,8 +111,8 @@ # nix build .#mesa .#pkgsi686Linux.mesa .#pkgsCross.aarch64-multiplatform.mesa .#pkgsMusl.mesa let - version = "24.0.6"; - hash = "sha256-i3qS2+ZGjBjyODcAE1tf6d6DbN8MyP19uuPHEQI31gQ="; + version = "24.0.7"; + hash = "sha256-dFRCXx7UpvG1sQfhZyswyIsi6g7+oACuLH2W25P2wmo="; # Release calendar: https://www.mesa3d.org/release-calendar.html # Release frequency: https://www.mesa3d.org/releasing.html#schedule From 8128cdff479e3bd89ae9ff4326eb4b5e4f5a1440 Mon Sep 17 00:00:00 2001 From: Friedrich Altheide <11352905+FriedrichAltheide@users.noreply.github.com> Date: Fri, 10 May 2024 09:00:41 +0200 Subject: [PATCH 31/88] systemd: 255.4 -> 255.6 --- pkgs/os-specific/linux/systemd/default.nix | 14 ++------------ 1 file changed, 2 insertions(+), 12 deletions(-) diff --git a/pkgs/os-specific/linux/systemd/default.nix b/pkgs/os-specific/linux/systemd/default.nix index 9cdc5dcd9d44d..7b85aefccfcc7 100644 --- a/pkgs/os-specific/linux/systemd/default.nix +++ b/pkgs/os-specific/linux/systemd/default.nix @@ -5,7 +5,6 @@ , nixosTests , pkgsCross , fetchFromGitHub -, fetchpatch , fetchzip , buildPackages , makeBinaryWrapper @@ -180,7 +179,7 @@ assert withBootloader -> withEfi; let wantCurl = withRemote || withImportd; wantGcrypt = withResolved || withImportd; - version = "255.4"; + version = "255.6"; # Use the command below to update `releaseTimestamp` on every (major) version # change. More details in the commentary at mesonFlags. @@ -198,7 +197,7 @@ stdenv.mkDerivation (finalAttrs: { owner = "systemd"; repo = "systemd-stable"; rev = "v${version}"; - hash = "sha256-P1mKq+ythrv8MU7y2CuNtEx6qCDacugzfsPRZL+NPys="; + hash = "sha256-ah0678iNfy0c5NhHhjn0roY6RoM8OE0hWyEt+qEGKRQ="; }; # On major changes, or when otherwise required, you *must* : @@ -229,15 +228,6 @@ stdenv.mkDerivation (finalAttrs: { ./0017-meson.build-do-not-create-systemdstatedir.patch ] ++ lib.optional (stdenv.hostPlatform.isLinux && stdenv.hostPlatform.isGnu) [ ./0018-timesyncd-disable-NSCD-when-DNSSEC-validation-is-dis.patch - ] ++ lib.optional (stdenv.hostPlatform.isPower || stdenv.hostPlatform.isRiscV || stdenv.hostPlatform.isMips) [ - # Fixed upstream and included in the main and stable branches. Can be dropped - # when bumping to >= v255.5. - # https://github.com/systemd/systemd/issues/30448 - # https://github.com/NixOS/nixpkgs/pull/282607 - (fetchpatch { - url = "https://github.com/systemd/systemd/commit/8040fa55a1cbc34dede3205a902095ecd26c21e3.patch"; - sha256 = "0c6z7bsndbkb8m130jnjpsl138sfv3q171726n5vkyl2n9ihnavk"; - }) ] ++ lib.optional stdenv.hostPlatform.isMusl ( let oe-core = fetchzip { From 51be8cec20cccaea8558437b6f84624b499cada2 Mon Sep 17 00:00:00 2001 From: Alyssa Ross Date: Fri, 10 May 2024 11:49:27 +0200 Subject: [PATCH 32/88] systemd: fix disabling seccomp Fixes cross-compiling systemdMinimal for riscv32-linux. --- pkgs/os-specific/linux/systemd/default.nix | 1 + 1 file changed, 1 insertion(+) diff --git a/pkgs/os-specific/linux/systemd/default.nix b/pkgs/os-specific/linux/systemd/default.nix index 9cdc5dcd9d44d..631ff5a70bd85 100644 --- a/pkgs/os-specific/linux/systemd/default.nix +++ b/pkgs/os-specific/linux/systemd/default.nix @@ -599,6 +599,7 @@ stdenv.mkDerivation (finalAttrs: { (lib.mesonEnable "libiptc" withIptables) (lib.mesonEnable "repart" withRepart) (lib.mesonEnable "sysupdate" withSysupdate) + (lib.mesonEnable "seccomp" withLibseccomp) (lib.mesonEnable "selinux" withSelinux) (lib.mesonEnable "tpm2" withTpm2Tss) (lib.mesonEnable "pcre2" withPCRE2) From 6ffea0de4c13c1987adec5e06f369514c1b15eb2 Mon Sep 17 00:00:00 2001 From: Alyssa Ross Date: Fri, 10 May 2024 16:55:27 +0200 Subject: [PATCH 33/88] python3Packages.dbus-python: fix cross Looks for dbus-run-session when tests are enabled, which is only provided through nativeCheckInputs (or buildInputs when not cross compiling). Fixes: 275ba0f1cb37 ("python311Packages.dbus-python: 1.2.18 -> 1.3.2") --- pkgs/development/python-modules/dbus-python/default.nix | 8 ++++++-- 1 file changed, 6 insertions(+), 2 deletions(-) diff --git a/pkgs/development/python-modules/dbus-python/default.nix b/pkgs/development/python-modules/dbus-python/default.nix index 4e6f67f0a8ec9..033c52d7c41de 100644 --- a/pkgs/development/python-modules/dbus-python/default.nix +++ b/pkgs/development/python-modules/dbus-python/default.nix @@ -15,7 +15,7 @@ , dbus-glib }: -buildPythonPackage rec { +lib.fix (finalPackage: buildPythonPackage rec { pname = "dbus-python"; version = "1.3.2"; pyproject = true; @@ -67,6 +67,10 @@ buildPythonPackage rec { "-Cbuild-dir=_meson-build" ]; + mesonFlags = [ + (lib.mesonBool "tests" finalPackage.doInstallCheck) + ]; + # workaround bug in meson-python # https://github.com/mesonbuild/meson-python/issues/240 postInstall = '' @@ -98,4 +102,4 @@ buildPythonPackage rec { platforms = dbus.meta.platforms; maintainers = with maintainers; [ ]; }; -} +}) From 3c03811683fecb816d2b8eb01e918f83956c7220 Mon Sep 17 00:00:00 2001 From: Peter Waller Date: Sat, 27 Apr 2024 11:41:46 +0100 Subject: [PATCH 34/88] llvmPackages_*.libcxx: include libcxxabi within libcxx Key test case: nixpkgs#pkgsStatic.pkgsLLVM.ncurses Prior to this patch, this fails with errors such as: ``` error: undefined symbol: __cxa_throw ``` I think this is a reasonable solution because in #292043, libcxxabi was 'merged into libcxx', however, the commit message suggests that only dynamic linking was accounted for, because it says: ``` * linux/freebsd `libc++.so` is a linker script `LINK(libc++.so.1, -lc++abi)` making `-lc++` sufficient. ``` Whereas, I found that if I tried linking a "hello world" C++ program with a static hostPlatform, it failed unless -lc++abi was passed. Signed-off-by: Peter Waller --- .../compilers/llvm/common/libcxx/default.nix | 31 +++++++++++++++++++ pkgs/test/cc-wrapper/default.nix | 11 +++++++ 2 files changed, 42 insertions(+) diff --git a/pkgs/development/compilers/llvm/common/libcxx/default.nix b/pkgs/development/compilers/llvm/common/libcxx/default.nix index 0e91f50551c55..5b4c2ca56ae1a 100644 --- a/pkgs/development/compilers/llvm/common/libcxx/default.nix +++ b/pkgs/development/compilers/llvm/common/libcxx/default.nix @@ -67,6 +67,12 @@ let cxxCMakeFlags = [ "-DLIBCXX_CXX_ABI=${cxxabiName}" + ] ++ lib.optionals (cxxabi == null && lib.versionAtLeast release_version "16") [ + # Note: llvm < 16 doesn't support this flag (or it's broken); handled in postInstall instead. + # Include libc++abi symbols within libc++.a for static linking libc++; + # dynamic linking includes them through libc++.so being a linker script + # which includes both shared objects. + "-DLIBCXX_STATICALLY_LINK_ABI_IN_STATIC_LIBRARY=ON" ] ++ lib.optionals (cxxabi != null) [ "-DLIBCXX_CXX_ABI_INCLUDE_PATHS=${lib.getDev cxxabi}/include" ] ++ lib.optionals (stdenv.hostPlatform.isMusl || stdenv.hostPlatform.isWasi) [ @@ -126,6 +132,31 @@ stdenv.mkDerivation (rec { postInstall = lib.optionalString (cxxabi != null) '' lndir ${lib.getDev cxxabi}/include $dev/include/c++/v1 lndir ${lib.getLib cxxabi}/lib $out/lib + libcxxabi=$out/lib/lib${cxxabi.libName}.a + '' + # LIBCXX_STATICALLY_LINK_ABI_IN_STATIC_LIBRARY=ON doesn't work for LLVM < 16 or + # external cxxabi libraries so merge libc++abi.a into libc++.a ourselves. + + # GNU binutils emits objects in LIFO order in MRI scripts so after the merge + # the objects are in reversed order so a second MRI script is required so the + # objects in the archive are listed in proper order (libc++.a, libc++abi.a) + + lib.optionalString (cxxabi != null || lib.versionOlder release_version "16") '' + libcxxabi=''${libcxxabi-$out/lib/libc++abi.a} + if [[ -f $out/lib/libc++.a && -e $libcxxabi ]]; then + $AR -M <&2 || echo "failed" >&2 ''} + # Test that linking libc++ works, and statically. + ${lib.optionalString isCxx '' + echo "checking whether can link with libc++... " >&2 + NIX_DEBUG=1 $CXX ${./cxx-main.cc} -c -o cxx-main.o + NIX_DEBUG=1 $CC cxx-main.o -lc++ -o cxx-main + NIX_DEBUG=1 $CC cxx-main.o ${lib.getLib stdenv.cc.libcxx}/lib/libc++.a -o cxx-main-static + ${emulator} ./cxx-main + ${emulator} ./cxx-main-static + rm cxx-main{,-static,.o} + ''} + ${lib.optionalString (stdenv.isDarwin && stdenv.cc.isClang) '' echo "checking whether compiler can build with CoreFoundation.framework... " >&2 mkdir -p foo/lib From e1b9b3e251e61e8c0bb7e2da6b55257b42a34757 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?J=C3=B6rg=20Thalheim?= Date: Wed, 1 May 2024 09:25:39 +0200 Subject: [PATCH 35/88] element-desktop: fix cross build --- .../instant-messengers/element/keytar/default.nix | 13 ++++++++++++- .../instant-messengers/element/seshat/default.nix | 4 ++-- 2 files changed, 14 insertions(+), 3 deletions(-) diff --git a/pkgs/applications/networking/instant-messengers/element/keytar/default.nix b/pkgs/applications/networking/instant-messengers/element/keytar/default.nix index 84196371be3af..d43894e08239a 100644 --- a/pkgs/applications/networking/instant-messengers/element/keytar/default.nix +++ b/pkgs/applications/networking/instant-messengers/element/keytar/default.nix @@ -1,4 +1,4 @@ -{ lib, stdenv, fetchFromGitHub, nodejs, python3, callPackage, removeReferencesTo +{ lib, stdenv, fetchFromGitHub, nodejs, python3, removeReferencesTo , pkg-config, libsecret, xcbuild, Security, AppKit, fetchNpmDeps, npmHooks }: let @@ -31,6 +31,17 @@ in stdenv.mkDerivation rec { doCheck = false; + postPatch = lib.optionalString (stdenv.hostPlatform != stdenv.buildPlatform) '' + pkg-config() { "''${PKG_CONFIG}" "$@"; } + export -f pkg-config + ''; + + # https://nodejs.org/api/os.html#osarch + npmFlagsArray = [ "--arch=${if stdenv.hostPlatform.parsed.cpu.name == "i686" then "ia32" + else if stdenv.hostPlatform.parsed.cpu.name == "x86_64" then "x64" + else if stdenv.hostPlatform.parsed.cpu.name == "aarch64" then "arm64" + else stdenv.hostPlatform.parsed.cpu.name}" ]; + installPhase = '' runHook preInstall shopt -s extglob diff --git a/pkgs/applications/networking/instant-messengers/element/seshat/default.nix b/pkgs/applications/networking/instant-messengers/element/seshat/default.nix index ed6b5ebe72a65..c1c9a57d43569 100644 --- a/pkgs/applications/networking/instant-messengers/element/seshat/default.nix +++ b/pkgs/applications/networking/instant-messengers/element/seshat/default.nix @@ -1,4 +1,4 @@ -{ lib, stdenv, rustPlatform, fetchFromGitHub, callPackage, sqlcipher, nodejs, python3, yarn, fixup-yarn-lock, CoreServices, fetchYarnDeps, removeReferencesTo }: +{ lib, stdenv, rustPlatform, fetchFromGitHub, rust, sqlcipher, nodejs, python3, yarn, fixup-yarn-lock, CoreServices, fetchYarnDeps, removeReferencesTo }: let pinData = lib.importJSON ./pin.json; @@ -36,7 +36,7 @@ in rustPlatform.buildRustPackage rec { fixup-yarn-lock yarn.lock yarn install --offline --frozen-lockfile --ignore-platform --ignore-scripts --no-progress --non-interactive patchShebangs node_modules/ - node_modules/.bin/neon build --release + node_modules/.bin/neon build --release -- --target ${rust.toRustTargetSpec stdenv.hostPlatform} -Z unstable-options --out-dir target/release runHook postBuild ''; From 2fe65e94c1d09047ed0d65fef82891c5aea8a4f0 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?J=C3=B6rg=20Thalheim?= Date: Wed, 1 May 2024 11:23:08 +0200 Subject: [PATCH 36/88] electron: fix cross compilation --- .../networking/browsers/chromium/common.nix | 11 ++++++++++- 1 file changed, 10 insertions(+), 1 deletion(-) diff --git a/pkgs/applications/networking/browsers/chromium/common.nix b/pkgs/applications/networking/browsers/chromium/common.nix index 20e987facdc3c..5770456f177fa 100644 --- a/pkgs/applications/networking/browsers/chromium/common.nix +++ b/pkgs/applications/networking/browsers/chromium/common.nix @@ -20,6 +20,7 @@ , pkgsBuildHost # configurePhase: , gnChromium +, symlinkJoin # Build inputs: , libpng @@ -360,6 +361,14 @@ let ${ungoogler}/utils/domain_substitution.py apply -r ${ungoogler}/domain_regex.list -f ${ungoogler}/domain_substitution.list -c ./ungoogled-domsubcache.tar.gz . ''; + llvmCcAndBintools = symlinkJoin { + name = "llvmCcAndBintools"; + paths = [ + pkgsBuildTarget.${llvmPackages_attrName}.llvm + pkgsBuildTarget.${llvmPackages_attrName}.stdenv.cc + ]; + }; + gnFlags = mkGnFlags ({ # Main build and toolchain settings: # Create an official and optimized release build (only official builds @@ -426,7 +435,7 @@ let rtc_use_pipewire = true; # Disable PGO because the profile data requires a newer compiler version (LLVM 14 isn't sufficient): chrome_pgo_phase = 0; - clang_base_path = "${pkgsBuildTarget.${llvmPackages_attrName}.stdenv.cc}"; + clang_base_path = "${llvmCcAndBintools}"; use_qt = false; # To fix the build as we don't provide libffi_pic.a # (ld.lld: error: unable to find library -l:libffi_pic.a): From 8df62b078d46adec7da4daf8ab6b4132082283a1 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?J=C3=B6rg=20Thalheim?= Date: Wed, 8 May 2024 10:35:18 +0000 Subject: [PATCH 37/88] python3.pkgs.dbus-python: fix cross build --- pkgs/development/python-modules/dbus-python/default.nix | 1 + 1 file changed, 1 insertion(+) diff --git a/pkgs/development/python-modules/dbus-python/default.nix b/pkgs/development/python-modules/dbus-python/default.nix index 4e6f67f0a8ec9..9b7656993c59a 100644 --- a/pkgs/development/python-modules/dbus-python/default.nix +++ b/pkgs/development/python-modules/dbus-python/default.nix @@ -52,6 +52,7 @@ buildPythonPackage rec { ''; nativeBuildInputs = [ + dbus # build systems checks for `dbus-run-session` in PATH meson meson-python pkg-config From 533ec49f1f2c7fab771a9f50419c2f453cbeaf6d Mon Sep 17 00:00:00 2001 From: Samuel Evans-Powell Date: Sat, 11 May 2024 15:38:43 +0800 Subject: [PATCH 38/88] gnu-config: 2023-09-19 -> 2024-01-01 --- pkgs/development/libraries/gnu-config/default.nix | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/pkgs/development/libraries/gnu-config/default.nix b/pkgs/development/libraries/gnu-config/default.nix index 0315f39c60592..9fa5247cb489b 100644 --- a/pkgs/development/libraries/gnu-config/default.nix +++ b/pkgs/development/libraries/gnu-config/default.nix @@ -6,22 +6,22 @@ # files. let - rev = "28ea239c53a2d5d8800c472bc2452eaa16e37af2"; + rev = "948ae97ca5703224bd3eada06b7a69f40dd15a02"; # Don't use fetchgit as this is needed during Aarch64 bootstrapping configGuess = fetchurl { name = "config.guess-${builtins.substring 0 7 rev}"; url = "https://git.savannah.gnu.org/cgit/config.git/plain/config.guess?id=${rev}"; - hash = "sha256-7CV3YUJSMm+InfHel7mkV8A6mpSBEEhWPCEaRElti6M="; + hash = "sha256-ZByuPAx0xJNU0+3gCfP+vYD+vhUBp3wdn6yNQsxFtss="; }; configSub = fetchurl { name = "config.sub-${builtins.substring 0 7 rev}"; url = "https://git.savannah.gnu.org/cgit/config.git/plain/config.sub?id=${rev}"; - hash = "sha256-Rlxf5nx9NrcugIgScWRF1NONS5RzTKjTaoY50SMjh4s="; + hash = "sha256-/jovMvuv9XhIcyVJ9I2YP9ZSYCTsLw9ancdcL0NZo6Y="; }; in stdenv.mkDerivation { pname = "gnu-config"; - version = "2023-09-19"; + version = "2024-01-01"; unpackPhase = '' runHook preUnpack From d450529c1db479caeb34dc6014831481dabe2da4 Mon Sep 17 00:00:00 2001 From: Dominique Martinet Date: Sat, 11 May 2024 18:17:25 +0900 Subject: [PATCH 39/88] libbpf: 1.4.1 -> 1.4.2 --- pkgs/os-specific/linux/libbpf/default.nix | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/pkgs/os-specific/linux/libbpf/default.nix b/pkgs/os-specific/linux/libbpf/default.nix index e910835ea0d7d..6a0ee908347ca 100644 --- a/pkgs/os-specific/linux/libbpf/default.nix +++ b/pkgs/os-specific/linux/libbpf/default.nix @@ -14,13 +14,13 @@ stdenv.mkDerivation rec { pname = "libbpf"; - version = "1.4.1"; + version = "1.4.2"; src = fetchFromGitHub { owner = "libbpf"; repo = "libbpf"; rev = "v${version}"; - sha256 = "sha256-dAyUBcOItDZNe2xBWoegCAmOnTugc1C7+k/hj20icJA="; + sha256 = "sha256-PlGr/qZbKnaY37wikdmX/iYtP11WHShn1I7vACUgLG0="; }; nativeBuildInputs = [ pkg-config ]; From 4fc3b0b3a4c75f91d87a811b9bd07ee7eee1b1bd Mon Sep 17 00:00:00 2001 From: Alyssa Ross Date: Sat, 11 May 2024 11:37:02 +0200 Subject: [PATCH 40/88] pkgsStatic.xorg.libpciaccess: mark unsupported --- pkgs/servers/x11/xorg/overrides.nix | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/pkgs/servers/x11/xorg/overrides.nix b/pkgs/servers/x11/xorg/overrides.nix index 246709dd1c1cd..a6d7d7e6a7f0c 100644 --- a/pkgs/servers/x11/xorg/overrides.nix +++ b/pkgs/servers/x11/xorg/overrides.nix @@ -422,6 +422,10 @@ self: super: # https://gitlab.freedesktop.org/xorg/lib/libpciaccess/-/blob/master/configure.ac#L108-114 platforms = lib.fold (os: ps: ps ++ lib.platforms.${os}) [] [ "cygwin" "freebsd" "linux" "netbsd" "openbsd" "illumos" ]; + badPlatforms = [ + # mandatory shared library + lib.systems.inspect.platformPatterns.isStatic + ]; }; }); From ef0e3af8ef3710f623f3ef18e41aa7e7cc1c35a0 Mon Sep 17 00:00:00 2001 From: Alyssa Ross Date: Sat, 11 May 2024 11:37:08 +0200 Subject: [PATCH 41/88] pkgsStatic.libdrm: fix build Not having Intel support is certainly not ideal, but it's better than nothing. --- pkgs/development/libraries/libdrm/default.nix | 7 +++++-- 1 file changed, 5 insertions(+), 2 deletions(-) diff --git a/pkgs/development/libraries/libdrm/default.nix b/pkgs/development/libraries/libdrm/default.nix index 8d8a932f4994e..8791203881468 100644 --- a/pkgs/development/libraries/libdrm/default.nix +++ b/pkgs/development/libraries/libdrm/default.nix @@ -1,5 +1,6 @@ { stdenv, lib, fetchurl, pkg-config, meson, ninja, docutils -, libpthreadstubs, libpciaccess +, libpthreadstubs +, withIntel ? lib.meta.availableOn stdenv.hostPlatform libpciaccess, libpciaccess , withValgrind ? lib.meta.availableOn stdenv.hostPlatform valgrind-light, valgrind-light , gitUpdater }: @@ -16,12 +17,14 @@ stdenv.mkDerivation rec { outputs = [ "out" "dev" "bin" ]; nativeBuildInputs = [ pkg-config meson ninja docutils ]; - buildInputs = [ libpthreadstubs libpciaccess ] + buildInputs = [ libpthreadstubs ] + ++ lib.optional withIntel libpciaccess ++ lib.optional withValgrind valgrind-light; mesonFlags = [ "-Dinstall-test-programs=true" "-Dcairo-tests=disabled" + (lib.mesonEnable "intel" withIntel) (lib.mesonEnable "omap" stdenv.hostPlatform.isLinux) (lib.mesonEnable "valgrind" withValgrind) ] ++ lib.optionals stdenv.hostPlatform.isAarch [ From db5ed5d7fb8eb88ba74a50b8fca9e868298b1b5d Mon Sep 17 00:00:00 2001 From: Alyssa Ross Date: Sat, 11 May 2024 11:59:58 +0200 Subject: [PATCH 42/88] pipewire: fix enableSystemd option Setting enableSystemd to false did not disable systemd, because on most Linux configurations, udev is an alias for systemd, so Pipewire would still find libsystemd, and link e.g. libpipewire-module-protocol-native against it. With libsystemd actually not available in the build environment, we need to set -Dsystemd=disabled, which should also avoid this unintended automatic systemd linkage in future. Additionally, since udev was always an input, there was no point also providing an eudev input. udev is an alias for a udev implementation appropriate for the platform (systemd, libudev-zero, or in future libudev-devd). eudev can still be used using an override: pipewire.override { enableSystemd = false; udev = eudev; } So with this change, setting enableSystemd to false will disable systemd-specific functionality in pipewire, but it will use systemd's udev implementation (which might as well just be a more up to date version of eudev), which matches the behaviour of other enableSystemd/systemdSupport options in Nixpkgs, and in the case where even systemd's udev implementation is for some reason too much, that's configurable as well. --- pkgs/development/libraries/pipewire/default.nix | 5 ++--- 1 file changed, 2 insertions(+), 3 deletions(-) diff --git a/pkgs/development/libraries/pipewire/default.nix b/pkgs/development/libraries/pipewire/default.nix index 48f2dec6b89bc..a4f3f80fbf3fe 100644 --- a/pkgs/development/libraries/pipewire/default.nix +++ b/pkgs/development/libraries/pipewire/default.nix @@ -4,7 +4,6 @@ , python3 , meson , ninja -, eudev , systemd , enableSystemd ? true , pkg-config @@ -125,8 +124,7 @@ stdenv.mkDerivation(finalAttrs: { lilv ncurses readline - udev - ] ++ (if enableSystemd then [ systemd ] else [ eudev ]) + ] ++ (if enableSystemd then [ systemd ] else [ udev ]) ++ (if lib.meta.availableOn stdenv.hostPlatform webrtc-audio-processing_1 then [ webrtc-audio-processing_1 ] else [ webrtc-audio-processing ]) ++ lib.optionals gstreamerSupport [ gst_all_1.gst-plugins-base gst_all_1.gstreamer ] ++ lib.optionals libcameraSupport [ libcamera ] @@ -159,6 +157,7 @@ stdenv.mkDerivation(finalAttrs: { (lib.mesonEnable "libpulse" pulseTunnelSupport) (lib.mesonEnable "avahi" zeroconfSupport) (lib.mesonEnable "gstreamer" gstreamerSupport) + (lib.mesonEnable "systemd" enableSystemd) (lib.mesonEnable "systemd-system-service" enableSystemd) (lib.mesonEnable "udev" (!enableSystemd)) (lib.mesonEnable "ffmpeg" ffmpegSupport) From c69eb60b61b6df79642830b72beeff8f12933f98 Mon Sep 17 00:00:00 2001 From: Maximilian Bosch Date: Sat, 11 May 2024 18:08:50 +0200 Subject: [PATCH 43/88] postgresql_12: 12.18 -> 12.19 Announcement: https://www.postgresql.org/about/news/postgresql-163-157-1412-1315-and-1219-released-2858/ --- pkgs/servers/sql/postgresql/12.nix | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/pkgs/servers/sql/postgresql/12.nix b/pkgs/servers/sql/postgresql/12.nix index d29fc7683048f..74098e91f2eb2 100644 --- a/pkgs/servers/sql/postgresql/12.nix +++ b/pkgs/servers/sql/postgresql/12.nix @@ -1,4 +1,4 @@ import ./generic.nix { - version = "12.18"; - hash = "sha256-T5kZcl2UHOmGjgf+HtHTqGdIWZtIM4ZUdYOSi3TDkYo="; + version = "12.19"; + hash = "sha256-YX495Swi6CL09X0B1bIkBQPhmKnsyvWYqFEQm9GOb7s="; } From 3b6b7fda094507634cc9d6c06421d68eef6e246b Mon Sep 17 00:00:00 2001 From: Maximilian Bosch Date: Fri, 10 May 2024 12:34:30 +0200 Subject: [PATCH 44/88] postgresql_13: 13.14 -> 13.15 Accouncement: https://www.postgresql.org/about/news/postgresql-163-157-1412-1315-and-1219-released-2858/ --- pkgs/servers/sql/postgresql/13.nix | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/pkgs/servers/sql/postgresql/13.nix b/pkgs/servers/sql/postgresql/13.nix index c81e15bc7f685..6347ad1572168 100644 --- a/pkgs/servers/sql/postgresql/13.nix +++ b/pkgs/servers/sql/postgresql/13.nix @@ -1,6 +1,6 @@ import ./generic.nix { - version = "13.14"; - hash = "sha256-uN8HhVGJiWC9UA3F04oXfpkFN234H+fytmChQH+mpe0="; + version = "13.15"; + hash = "sha256-Qu3UFURtM7jCQr520a0FdTGyJksuhpOTObcHXG5OySU="; muslPatches = { disable-test-collate-icu-utf8 = { url = "https://git.alpinelinux.org/aports/plain/main/postgresql13/disable-test-collate.icu.utf8.patch?id=69faa146ec9fff3b981511068f17f9e629d4688b"; From 90fdcc61127f1325512451c61d606ef349b825fa Mon Sep 17 00:00:00 2001 From: Maximilian Bosch Date: Fri, 10 May 2024 12:34:53 +0200 Subject: [PATCH 45/88] postgresql_14: 14.11 -> 14.12, fix CVE-2024-4317 Announcement: https://www.postgresql.org/about/news/postgresql-163-157-1412-1315-and-1219-released-2858/ --- pkgs/servers/sql/postgresql/14.nix | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/pkgs/servers/sql/postgresql/14.nix b/pkgs/servers/sql/postgresql/14.nix index c96ddd3ddc808..1b4827bcb7324 100644 --- a/pkgs/servers/sql/postgresql/14.nix +++ b/pkgs/servers/sql/postgresql/14.nix @@ -1,6 +1,6 @@ import ./generic.nix { - version = "14.11"; - hash = "sha256-pnC9fc4i3K1Cl7JhE2s7HUoJpvVBcZViqhTKY78paKg="; + version = "14.12"; + hash = "sha256-YRjQj53cwb2Dzyt8x007WDvc7C835iRaisADuPqoCSM="; muslPatches = { disable-test-collate-icu-utf8 = { url = "https://git.alpinelinux.org/aports/plain/main/postgresql14/disable-test-collate.icu.utf8.patch?id=56999e6d0265ceff5c5239f85fdd33e146f06cb7"; From 1f657f2ce9532d0e72dfc347208a188752a51345 Mon Sep 17 00:00:00 2001 From: Maximilian Bosch Date: Fri, 10 May 2024 12:35:27 +0200 Subject: [PATCH 46/88] postgresql_15: 15.6 -> 15.7, fix CVE-2024-4317 Announcement: https://www.postgresql.org/about/news/postgresql-163-157-1412-1315-and-1219-released-2858/ --- pkgs/servers/sql/postgresql/15.nix | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/pkgs/servers/sql/postgresql/15.nix b/pkgs/servers/sql/postgresql/15.nix index 00dfc0cbbc19d..a9bde7fd0e673 100644 --- a/pkgs/servers/sql/postgresql/15.nix +++ b/pkgs/servers/sql/postgresql/15.nix @@ -1,4 +1,4 @@ import ./generic.nix { - version = "15.6"; - hash = "sha256-hFUUbtnGnJOlfelUrq0DAsr60DXCskIXXWqh4X68svs="; + version = "15.7"; + hash = "sha256-pG/klIWrY4Xjnau7tlT10wSSBvds1pXiJCaHKVIJmPc="; } From 0616f7a44f81f64154ae85e5db0a5c4068f6c1a6 Mon Sep 17 00:00:00 2001 From: Maximilian Bosch Date: Fri, 10 May 2024 12:35:43 +0200 Subject: [PATCH 47/88] postgresql_16: 16.2 -> 16.3, fix CVE-2024-4317 Announcement: https://www.postgresql.org/about/news/postgresql-163-157-1412-1315-and-1219-released-2858/ --- pkgs/servers/sql/postgresql/16.nix | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/pkgs/servers/sql/postgresql/16.nix b/pkgs/servers/sql/postgresql/16.nix index cdc37b7c62f5f..c964fc5800c85 100644 --- a/pkgs/servers/sql/postgresql/16.nix +++ b/pkgs/servers/sql/postgresql/16.nix @@ -1,4 +1,4 @@ import ./generic.nix { - version = "16.2"; - hash = "sha256-RG6IKU28LJCFq0twYaZG+mBLS+wDUh1epnHC5a2bKVI="; + version = "16.3"; + hash = "sha256-Mxlj1dPcTK9CFqBJ+kC2bWvLjHMGFYWUEblRh2TmBYU="; } From 3ad254b1c4cb547740550f1bf7f19232b197db86 Mon Sep 17 00:00:00 2001 From: Maximilian Bosch Date: Sat, 11 May 2024 18:23:38 +0200 Subject: [PATCH 48/88] postgresql: drop obsolete musl checkPhase fix --- pkgs/servers/sql/postgresql/generic.nix | 12 ------------ 1 file changed, 12 deletions(-) diff --git a/pkgs/servers/sql/postgresql/generic.nix b/pkgs/servers/sql/postgresql/generic.nix index 705407a932560..294d9a86305d3 100644 --- a/pkgs/servers/sql/postgresql/generic.nix +++ b/pkgs/servers/sql/postgresql/generic.nix @@ -198,18 +198,6 @@ let # autodetection doesn't seem to able to find this, but it's there. checkTarget = "check"; - # TODO: Remove after the next set of minor releases on May 9th 2024 - preCheck = - # On musl, comment skip the following tests, because they break due to - # ! ERROR: could not load library "/build/postgresql-11.5/tmp_install/nix/store/...-postgresql-11.5-lib/lib/libpqwalreceiver.so": Error loading shared library libpq.so.5: No such file or directory (needed by /build/postgresql-11.5/tmp_install/nix/store/...-postgresql-11.5-lib/lib/libpqwalreceiver.so) - # See also here: - # https://git.alpinelinux.org/aports/tree/main/postgresql/disable-broken-tests.patch?id=6d7d32c12e073a57a9e5946e55f4c1fbb68bd442 - if stdenv'.hostPlatform.isMusl then '' - substituteInPlace src/test/regress/parallel_schedule \ - --replace "subscription" "" \ - --replace "object_address" "" - '' else null; - disallowedReferences = [ stdenv'.cc ]; passthru = let From 4230c04c74490357bb0af56a833a74e7180100d3 Mon Sep 17 00:00:00 2001 From: Robert Scott Date: Sat, 11 May 2024 18:56:21 +0100 Subject: [PATCH 49/88] ffmpeg_5: add patch for CVE-2024-31585 --- pkgs/development/libraries/ffmpeg/generic.nix | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/pkgs/development/libraries/ffmpeg/generic.nix b/pkgs/development/libraries/ffmpeg/generic.nix index 92a28d8a7705b..85ebd8a56f747 100644 --- a/pkgs/development/libraries/ffmpeg/generic.nix +++ b/pkgs/development/libraries/ffmpeg/generic.nix @@ -427,6 +427,11 @@ stdenv.mkDerivation (finalAttrs: { url = "https://git.ffmpeg.org/gitweb/ffmpeg.git/patch/75b1a555a70c178a9166629e43ec2f6250219eb2"; hash = "sha256-+2kzfPJf5piim+DqEgDuVEEX5HLwRsxq0dWONJ4ACrU="; } + { + name = "5.x-CVE-2024-31585.patch"; + url = "https://git.ffmpeg.org/gitweb/ffmpeg.git/patch/8711cea3841fc385cccb1e7255176479e865cd4d"; + hash = "sha256-WT+ly/l04yM/tRVbhkESA3sDDjwvtd/Cg2y8tQo4ApI="; + } ]) ++ (lib.optionals (lib.versionAtLeast version "6.1" && lib.versionOlder version "6.2") [ { # this can be removed post 6.1 From ff06e7d5e91d9416a1c5147deb53f49992285682 Mon Sep 17 00:00:00 2001 From: Robert Scott Date: Sat, 11 May 2024 19:22:08 +0100 Subject: [PATCH 50/88] ffmpeg, ffmpeg_5: add patches for CVE-2024-31582 --- pkgs/development/libraries/ffmpeg/generic.nix | 10 ++++++++++ 1 file changed, 10 insertions(+) diff --git a/pkgs/development/libraries/ffmpeg/generic.nix b/pkgs/development/libraries/ffmpeg/generic.nix index 85ebd8a56f747..4209c05ce9228 100644 --- a/pkgs/development/libraries/ffmpeg/generic.nix +++ b/pkgs/development/libraries/ffmpeg/generic.nix @@ -432,6 +432,11 @@ stdenv.mkDerivation (finalAttrs: { url = "https://git.ffmpeg.org/gitweb/ffmpeg.git/patch/8711cea3841fc385cccb1e7255176479e865cd4d"; hash = "sha256-WT+ly/l04yM/tRVbhkESA3sDDjwvtd/Cg2y8tQo4ApI="; } + { + name = "CVE-2024-31582.patch"; + url = "https://git.ffmpeg.org/gitweb/ffmpeg.git/patch/99debe5f823f45a482e1dc08de35879aa9c74bd2"; + hash = "sha256-+CQ9FXR6Vr/AmsbXFiCUXZcxKj1s8nInEdke/Oc/kUA="; + } ]) ++ (lib.optionals (lib.versionAtLeast version "6.1" && lib.versionOlder version "6.2") [ { # this can be removed post 6.1 @@ -444,6 +449,11 @@ stdenv.mkDerivation (finalAttrs: { url = "https://git.ffmpeg.org/gitweb/ffmpeg.git/patch/e06ce6d2b45edac4a2df04f304e18d4727417d24"; hash = "sha256-73mlX1rdJrguw7OXaSItfHtI7gflDrFj+7SepVvvUIg="; } + { + name = "CVE-2024-31582.patch"; + url = "https://git.ffmpeg.org/gitweb/ffmpeg.git/patch/99debe5f823f45a482e1dc08de35879aa9c74bd2"; + hash = "sha256-+CQ9FXR6Vr/AmsbXFiCUXZcxKj1s8nInEdke/Oc/kUA="; + } ]) ++ (lib.optionals (lib.versionAtLeast version "7.0") [ { From c23f9d58ffa775eb60c2b4cc69a732ec805a22a3 Mon Sep 17 00:00:00 2001 From: Robert Scott Date: Sat, 11 May 2024 19:24:53 +0100 Subject: [PATCH 51/88] ffmpeg, ffmpeg_5: add patches for CVE-2024-31578 --- pkgs/development/libraries/ffmpeg/generic.nix | 10 ++++++++++ 1 file changed, 10 insertions(+) diff --git a/pkgs/development/libraries/ffmpeg/generic.nix b/pkgs/development/libraries/ffmpeg/generic.nix index 4209c05ce9228..55f6709c1361c 100644 --- a/pkgs/development/libraries/ffmpeg/generic.nix +++ b/pkgs/development/libraries/ffmpeg/generic.nix @@ -437,6 +437,11 @@ stdenv.mkDerivation (finalAttrs: { url = "https://git.ffmpeg.org/gitweb/ffmpeg.git/patch/99debe5f823f45a482e1dc08de35879aa9c74bd2"; hash = "sha256-+CQ9FXR6Vr/AmsbXFiCUXZcxKj1s8nInEdke/Oc/kUA="; } + { + name = "CVE-2024-31578.patch"; + url = "https://git.ffmpeg.org/gitweb/ffmpeg.git/patch/3bb00c0a420c3ce83c6fafee30270d69622ccad7"; + hash = "sha256-oZMZysBA+/gwaGEM1yvI+8wCadXWE7qLRL6Emap3b8Q="; + } ]) ++ (lib.optionals (lib.versionAtLeast version "6.1" && lib.versionOlder version "6.2") [ { # this can be removed post 6.1 @@ -454,6 +459,11 @@ stdenv.mkDerivation (finalAttrs: { url = "https://git.ffmpeg.org/gitweb/ffmpeg.git/patch/99debe5f823f45a482e1dc08de35879aa9c74bd2"; hash = "sha256-+CQ9FXR6Vr/AmsbXFiCUXZcxKj1s8nInEdke/Oc/kUA="; } + { + name = "CVE-2024-31578.patch"; + url = "https://git.ffmpeg.org/gitweb/ffmpeg.git/patch/3bb00c0a420c3ce83c6fafee30270d69622ccad7"; + hash = "sha256-oZMZysBA+/gwaGEM1yvI+8wCadXWE7qLRL6Emap3b8Q="; + } ]) ++ (lib.optionals (lib.versionAtLeast version "7.0") [ { From f7836b17f1b0872afedb27e29af071a10117ed61 Mon Sep 17 00:00:00 2001 From: Sergei Trofimovich Date: Sat, 11 May 2024 21:45:53 +0100 Subject: [PATCH 52/88] libjpeg: 3.0.2 -> 3.0.3 Changes: https://github.com/libjpeg-turbo/libjpeg-turbo/releases/tag/3.0.3 --- ...01-Compile-transupp.c-as-part-of-the-library.patch | 2 +- pkgs/development/libraries/libjpeg-turbo/default.nix | 11 ++--------- 2 files changed, 3 insertions(+), 10 deletions(-) diff --git a/pkgs/development/libraries/libjpeg-turbo/0001-Compile-transupp.c-as-part-of-the-library.patch b/pkgs/development/libraries/libjpeg-turbo/0001-Compile-transupp.c-as-part-of-the-library.patch index 7753150180642..552914a51cd5b 100644 --- a/pkgs/development/libraries/libjpeg-turbo/0001-Compile-transupp.c-as-part-of-the-library.patch +++ b/pkgs/development/libraries/libjpeg-turbo/0001-Compile-transupp.c-as-part-of-the-library.patch @@ -26,7 +26,7 @@ index adb0ca45..46fc16dd 100644 ${CMAKE_CURRENT_SOURCE_DIR}/jerror.h ${CMAKE_CURRENT_SOURCE_DIR}/jmorecfg.h - ${CMAKE_CURRENT_SOURCE_DIR}/jpeglib.h + ${CMAKE_CURRENT_SOURCE_DIR}/jpeglib.h ${CMAKE_CURRENT_SOURCE_DIR}/transupp.h - DESTINATION ${CMAKE_INSTALL_INCLUDEDIR}) + DESTINATION ${CMAKE_INSTALL_INCLUDEDIR} COMPONENT include) include(cmakescripts/BuildPackages.cmake) -- diff --git a/pkgs/development/libraries/libjpeg-turbo/default.nix b/pkgs/development/libraries/libjpeg-turbo/default.nix index a34a60b11bf15..2a32bbfd7c467 100644 --- a/pkgs/development/libraries/libjpeg-turbo/default.nix +++ b/pkgs/development/libraries/libjpeg-turbo/default.nix @@ -1,7 +1,6 @@ { lib , stdenv , fetchFromGitHub -, fetchpatch , cmake , nasm , openjdk @@ -33,22 +32,16 @@ assert !(enableJpeg7 && enableJpeg8); # pick only one or none, not both stdenv.mkDerivation (finalAttrs: { pname = "libjpeg-turbo"; - version = "3.0.2"; + version = "3.0.3"; src = fetchFromGitHub { owner = "libjpeg-turbo"; repo = "libjpeg-turbo"; rev = finalAttrs.version; - hash = "sha256-xHjd0WHN50b75wdWPHUwfmJGsiWKmj+zA59UwakIo74="; + hash = "sha256-w2wJaVf4sjJ9pPPqc9R4TE6Q6Yl0U6+fI5KLpQKwEXI="; }; patches = [ - (fetchpatch { - name = "CMAKE_CROSSCOMPILING_EMULATOR=env-fix.patch"; - url = "https://github.com/libjpeg-turbo/libjpeg-turbo/compare/36c51dd3eb60ebde3ca77d3cfa7df3422f1aaaf1..b6ee1016abbc55116304ad396cf88aa19391e10a.patch"; - hash = "sha256-dNwXicvZEsG02TBaM5nYMlZ+VczT/Dfx6ZM/6huZpwE="; - }) - # This is needed by freeimage ./0001-Compile-transupp.c-as-part-of-the-library.patch ] ++ lib.optionals (!stdenv.hostPlatform.isMinGW) [ From 8e36cb36eaa3f74f697655c563585fe3b9be9228 Mon Sep 17 00:00:00 2001 From: natsukium Date: Sun, 12 May 2024 11:35:25 +0900 Subject: [PATCH 53/88] python311Packages.ipython: 8.23.0 -> 8.24.0 Diff: https://github.com/ipython/ipython/compare/8.23.0...8.24.0 Changelog: https://github.com/ipython/ipython/blob/8.24.0/docs/source/whatsnew/version8.rst --- pkgs/development/python-modules/ipython/default.nix | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/pkgs/development/python-modules/ipython/default.nix b/pkgs/development/python-modules/ipython/default.nix index 577b78804907f..d9d7fda28c99a 100644 --- a/pkgs/development/python-modules/ipython/default.nix +++ b/pkgs/development/python-modules/ipython/default.nix @@ -41,13 +41,13 @@ buildPythonPackage rec { pname = "ipython"; - version = "8.23.0"; + version = "8.24.0"; pyproject = true; disabled = pythonOlder "3.10"; src = fetchPypi { inherit pname version; - hash = "sha256-dGjtr09t4+G5EuV/ZsJB5v08cJny7CE24jnhQugAJ00="; + hash = "sha256-AQ2z+KcopXi7ZB/dBsBjufuOlqlGTGOuxjEPvLXoBQE="; }; build-system = [ From c96779791a59a2b29a4005c94ca065f93bf58d1f Mon Sep 17 00:00:00 2001 From: Martin Joerg Date: Sun, 12 May 2024 10:42:48 +0200 Subject: [PATCH 54/88] python311Packages.werkzeug: 3.0.2 -> 3.0.3 https://werkzeug.palletsprojects.com/en/3.0.x/changes/#version-3-0-3 https://github.com/pallets/werkzeug/compare/3.0.2...3.0.3 fixes https://nvd.nist.gov/vuln/detail/CVE-2024-34069 --- .../python-modules/werkzeug/default.nix | 14 ++++++++------ 1 file changed, 8 insertions(+), 6 deletions(-) diff --git a/pkgs/development/python-modules/werkzeug/default.nix b/pkgs/development/python-modules/werkzeug/default.nix index 80ed4c53539a9..66dca4c90bcb4 100644 --- a/pkgs/development/python-modules/werkzeug/default.nix +++ b/pkgs/development/python-modules/werkzeug/default.nix @@ -28,14 +28,14 @@ buildPythonPackage rec { pname = "werkzeug"; - version = "3.0.2"; + version = "3.0.3"; format = "pyproject"; disabled = pythonOlder "3.8"; src = fetchPypi { inherit pname version; - hash = "sha256-45tkWmrJKCJYjns5ppLngockzq4LDXAu+WcB+Q5wEo0="; + hash = "sha256-CX5b/anwq6jaa4VFFG3vSB0Gqn0yZudEjizM9n3YvRg="; }; nativeBuildInputs = [ @@ -63,6 +63,8 @@ buildPythonPackage rec { greenlet ] ++ lib.flatten (builtins.attrValues passthru.optional-dependencies); + pythonImportsCheck = [ "werkzeug" ]; + disabledTests = lib.optionals stdenv.isDarwin [ "test_get_machine_id" ]; @@ -82,8 +84,8 @@ buildPythonPackage rec { inherit moto sentry-sdk; }; - meta = with lib; { - changelog = "https://werkzeug.palletsprojects.com/en/${versions.majorMinor version}.x/changes/#version-${replaceStrings [ "." ] [ "-" ] version}"; + meta = { + changelog = "https://werkzeug.palletsprojects.com/en/${lib.versions.majorMinor version}.x/changes/#version-${lib.replaceStrings [ "." ] [ "-" ] version}"; homepage = "https://palletsprojects.com/p/werkzeug/"; description = "The comprehensive WSGI web application library"; longDescription = '' @@ -92,7 +94,7 @@ buildPythonPackage rec { applications and has become one of the most advanced WSGI utility libraries. ''; - license = licenses.bsd3; - maintainers = with maintainers; [ ]; + license = lib.licenses.bsd3; + maintainers = [ ]; }; } From 7587ff8d1a5ad6ea85a00e8c550216ecd328c3be Mon Sep 17 00:00:00 2001 From: Martin Weinelt Date: Sun, 12 May 2024 14:24:22 +0200 Subject: [PATCH 55/88] python3Packages.shouldbe: drop Unavailable on all python version and unmaintained. --- .../python-modules/gssapi/default.nix | 2 -- .../python-modules/shouldbe/default.nix | 30 ------------------- pkgs/top-level/python-aliases.nix | 1 + pkgs/top-level/python-packages.nix | 2 -- 4 files changed, 1 insertion(+), 34 deletions(-) delete mode 100644 pkgs/development/python-modules/shouldbe/default.nix diff --git a/pkgs/development/python-modules/gssapi/default.nix b/pkgs/development/python-modules/gssapi/default.nix index 8ca5f8ebc6f7c..4b08e8b466584 100644 --- a/pkgs/development/python-modules/gssapi/default.nix +++ b/pkgs/development/python-modules/gssapi/default.nix @@ -9,7 +9,6 @@ , krb5 , GSS , parameterized -, shouldbe , cython , python , k5test @@ -56,7 +55,6 @@ buildPythonPackage rec { k5test nose parameterized - shouldbe six ]; diff --git a/pkgs/development/python-modules/shouldbe/default.nix b/pkgs/development/python-modules/shouldbe/default.nix deleted file mode 100644 index 0c03d6d58d420..0000000000000 --- a/pkgs/development/python-modules/shouldbe/default.nix +++ /dev/null @@ -1,30 +0,0 @@ -{ lib -, buildPythonPackage -, pythonAtLeast -, fetchPypi -, nose -, forbiddenfruit -}: - -buildPythonPackage rec { - version = "0.1.2"; - format = "setuptools"; - pname = "shouldbe"; - # incompatible, https://github.com/DirectXMan12/should_be/issues/4 - disabled = pythonAtLeast "3.8"; - - src = fetchPypi { - inherit pname version; - sha256 = "16zbvjxf71dl4yfbgcr6idyim3mdrfvix1dv8b95p0s9z07372pj"; - }; - - nativeCheckInputs = [ nose ]; - propagatedBuildInputs = [ forbiddenfruit ]; - - meta = with lib; { - description = "Python Assertion Helpers inspired by Shouldly"; - homepage = "https://pypi.python.org/pypi/shouldbe/"; - license = licenses.mit; - }; - -} diff --git a/pkgs/top-level/python-aliases.nix b/pkgs/top-level/python-aliases.nix index 6e544c12d213a..9a99ced1ea029 100644 --- a/pkgs/top-level/python-aliases.nix +++ b/pkgs/top-level/python-aliases.nix @@ -472,6 +472,7 @@ mapAliases ({ setuptools_scm = setuptools-scm; # added 2021-06-03 setuptoolsTrial = setuptools-trial; # added 2023-11-11 sharkiqpy = sharkiq; # added 2022-05-21 + shouldbe = throw "shouldbe was removed, because it was disabled on all python version since 3.8 and last updated in 2019."; # added 2024-05-12 sip_4 = sip4; # added 2024-01-07 ssh-mitm = throw "ssh-mitm was removed in favor of the top-level ssh-mitm"; # added 2023-05-09 smart_open = smart-open; # added 2021-03-14 diff --git a/pkgs/top-level/python-packages.nix b/pkgs/top-level/python-packages.nix index 0c71baad6a6cb..58369488b7b4d 100644 --- a/pkgs/top-level/python-packages.nix +++ b/pkgs/top-level/python-packages.nix @@ -13864,8 +13864,6 @@ self: super: with self; { shortuuid = callPackage ../development/python-modules/shortuuid { }; - shouldbe = callPackage ../development/python-modules/shouldbe { }; - should-dsl = callPackage ../development/python-modules/should-dsl { }; show-in-file-manager = callPackage ../development/python-modules/show-in-file-manager { }; From 99e1d2c38a857eb2e282ea57844cd4087661e885 Mon Sep 17 00:00:00 2001 From: Martin Weinelt Date: Sun, 12 May 2024 14:38:09 +0200 Subject: [PATCH 56/88] python312Packages.gssapi: test with pytest, use pep517 builder --- .../python-modules/gssapi/default.nix | 49 ++++++++++--------- 1 file changed, 25 insertions(+), 24 deletions(-) diff --git a/pkgs/development/python-modules/gssapi/default.nix b/pkgs/development/python-modules/gssapi/default.nix index 4b08e8b466584..90d8b4810d431 100644 --- a/pkgs/development/python-modules/gssapi/default.nix +++ b/pkgs/development/python-modules/gssapi/default.nix @@ -3,21 +3,29 @@ , buildPythonPackage , pythonOlder , fetchFromGitHub -, six -, decorator -, nose + +# build-system +, cython , krb5 +, setuptools + +# dependencies +, decorator + +# native dependencies , GSS + +# tests , parameterized -, cython -, python , k5test +, pytestCheckHook }: buildPythonPackage rec { pname = "gssapi"; version = "1.8.3"; - format = "setuptools"; + pyproject = true; + disabled = pythonOlder "3.6"; src = fetchFromGitHub { @@ -27,7 +35,6 @@ buildPythonPackage rec { hash = "sha256-H1JfdvxJvX5dmC9aTqIOkjAqFEL44KoUXEhoYj2uRY8="; }; - # It's used to locate headers postPatch = '' substituteInPlace setup.py \ --replace 'get_output(f"{kc} gssapi --prefix")' '"${lib.getDev krb5}"' @@ -37,14 +44,14 @@ buildPythonPackage rec { GSSAPI_SUPPORT_DETECT = "false"; }; - nativeBuildInputs = [ + build-system = [ cython krb5 + setuptools ]; - propagatedBuildInputs = [ + dependencies = [ decorator - six ]; buildInputs = lib.optionals stdenv.isDarwin [ @@ -53,25 +60,19 @@ buildPythonPackage rec { nativeCheckInputs = [ k5test - nose parameterized - six + pytestCheckHook ]; - doCheck = pythonOlder "3.8" # `shouldbe` not available - && !stdenv.isDarwin; # many failures on darwin - - # skip tests which fail possibly due to be an upstream issue (see - # https://github.com/pythongssapi/python-gssapi/issues/220) - checkPhase = '' - # some tests don't respond to being disabled through nosetests -x - echo $'\ndel CredsTestCase.test_add_with_impersonate' >> gssapi/tests/test_high_level.py - echo $'\ndel TestBaseUtilities.test_acquire_creds_impersonate_name' >> gssapi/tests/test_raw.py - echo $'\ndel TestBaseUtilities.test_add_cred_impersonate_name' >> gssapi/tests/test_raw.py + preCheck = '' + mv gssapi/tests $TMPDIR/ + pushd $TMPDIR + ''; - export PYTHONPATH="$out/${python.sitePackages}:$PYTHONPATH" - nosetests -e 'ext_test_\d.*' + postCheck = '' + popd ''; + pythonImportsCheck = [ "gssapi" ]; meta = with lib; { From d2f1139b7f0ded69beba91c21c4a3297b7a8f722 Mon Sep 17 00:00:00 2001 From: Sergei Trofimovich Date: Sun, 12 May 2024 20:11:34 +0100 Subject: [PATCH 57/88] whois: 5.5.22 -> 5.5.23 Changes: https://github.com/rfc1036/whois/compare/v5.5.22...v5.5.23 --- pkgs/tools/networking/whois/default.nix | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/pkgs/tools/networking/whois/default.nix b/pkgs/tools/networking/whois/default.nix index 4b7d7b778c0a0..9855a948783af 100644 --- a/pkgs/tools/networking/whois/default.nix +++ b/pkgs/tools/networking/whois/default.nix @@ -1,14 +1,14 @@ { lib, stdenv, fetchFromGitHub, fetchpatch, perl, gettext, pkg-config, libidn2, libiconv }: stdenv.mkDerivation rec { - version = "5.5.22"; + version = "5.5.23"; pname = "whois"; src = fetchFromGitHub { owner = "rfc1036"; repo = "whois"; rev = "v${version}"; - hash = "sha256-5ogHgGODqEUQ5ggoevpfSmJ8GvWImm0ufjnpcbcX7rk="; + hash = "sha256-c/Mx2HXAj6mHH8rElG7+F94sSrVSL1N9HZBvaMWUjlw="; }; patches = [ From 2e13f1685977cd4573970a1e12db540445caa5cc Mon Sep 17 00:00:00 2001 From: Alyssa Ross Date: Tue, 7 May 2024 19:35:20 +0200 Subject: [PATCH 58/88] modemmanager: run tests again MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit When we switched modemmanager from autotools to meson, this wasn't updated, so it no longer found a Makefile and silently stopped running the tests. Fixes: 233dac2934f6 ("modemmanager: 1.18.12 → 1.20.4") --- pkgs/tools/networking/modemmanager/default.nix | 15 ++++++++++++--- 1 file changed, 12 insertions(+), 3 deletions(-) diff --git a/pkgs/tools/networking/modemmanager/default.nix b/pkgs/tools/networking/modemmanager/default.nix index 64d61f0e323ca..da31fb41f0556 100644 --- a/pkgs/tools/networking/modemmanager/default.nix +++ b/pkgs/tools/networking/modemmanager/default.nix @@ -1,6 +1,7 @@ { lib , stdenv , fetchFromGitLab +, fetchpatch , glib , udev , libgudev @@ -38,6 +39,12 @@ stdenv.mkDerivation rec { # Since /etc is the domain of NixOS, not Nix, we cannot install files there. # But these are just placeholders so we do not need to install them at all. ./no-dummy-dirs-in-sysconfdir.patch + + (fetchpatch { + name = "GI_TYPELIB_PATH.patch"; + url = "https://gitlab.freedesktop.org/mobile-broadband/ModemManager/-/commit/daa829287894273879799a383ed4dc373c6111b0.patch"; + hash = "sha256-tPQokiZO2SpTlX8xMlkWjP1AIXgoLHW3rJwnmG33z/k="; + }) ]; strictDeps = true; @@ -89,14 +96,16 @@ stdenv.mkDerivation rec { # In Nixpkgs g-ir-scanner is patched to produce absolute paths, and # that interferes with ModemManager's tests, causing them to try to # load libraries from the install path, which doesn't usually exist - # when `make check' is run. So to work around that, we run it as an + # when `meson test' is run. So to work around that, we run it as an # install check instead, when those paths will have been created. doInstallCheck = true; - preInstallCheck = '' + installCheckPhase = '' + runHook preInstallCheck export G_TEST_DBUS_DAEMON="${dbus}/bin/dbus-daemon" patchShebangs tools/tests/test-wrapper.sh + mesonCheckPhase + runHook postInstallCheck ''; - installCheckTarget = "check"; meta = with lib; { description = "WWAN modem manager, part of NetworkManager"; From 3605676da26e447b2b75308b737ff35f0985573d Mon Sep 17 00:00:00 2001 From: Alyssa Ross Date: Tue, 7 May 2024 19:53:51 +0200 Subject: [PATCH 59/88] modemmanager: remove unused udev input This is only used to determine the default value of udevdir, which we set explicitly. --- pkgs/tools/networking/modemmanager/default.nix | 2 -- 1 file changed, 2 deletions(-) diff --git a/pkgs/tools/networking/modemmanager/default.nix b/pkgs/tools/networking/modemmanager/default.nix index da31fb41f0556..d432b590c5c3f 100644 --- a/pkgs/tools/networking/modemmanager/default.nix +++ b/pkgs/tools/networking/modemmanager/default.nix @@ -3,7 +3,6 @@ , fetchFromGitLab , fetchpatch , glib -, udev , libgudev , polkit , ppp @@ -62,7 +61,6 @@ stdenv.mkDerivation rec { buildInputs = [ glib - udev libgudev polkit ppp From dc5d2c6221259e729b33d1d817de95eb5e1d6530 Mon Sep 17 00:00:00 2001 From: Joachim Ernst Date: Wed, 8 May 2024 21:36:45 +0200 Subject: [PATCH 60/88] unbound: 1.19.3 -> 1.20.0 --- pkgs/tools/networking/unbound/default.nix | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/pkgs/tools/networking/unbound/default.nix b/pkgs/tools/networking/unbound/default.nix index 45c794a532eb3..1a9025a4a9078 100644 --- a/pkgs/tools/networking/unbound/default.nix +++ b/pkgs/tools/networking/unbound/default.nix @@ -50,11 +50,11 @@ stdenv.mkDerivation (finalAttrs: { pname = "unbound"; - version = "1.19.3"; + version = "1.20.0"; src = fetchurl { url = "https://nlnetlabs.nl/downloads/unbound/unbound-${finalAttrs.version}.tar.gz"; - hash = "sha256-OuMivn3C+DFgPksDkUNVM61YYcIyLjSnYAap+2XrVrk="; + hash = "sha256-VrTO7TNjlSIAD9lndVdt34eCuzYXYQcV1/Hnd8XsHb8="; }; outputs = [ "out" "lib" "man" ]; # "dev" would only split ~20 kB From f22cbdca656529ec1543eb5cb148a98b66ac6acf Mon Sep 17 00:00:00 2001 From: Joachim Ernst Date: Wed, 8 May 2024 22:04:45 +0200 Subject: [PATCH 61/88] unbound: migrate to by-name --- .../unbound/default.nix => by-name/un/unbound/package.nix} | 0 pkgs/top-level/all-packages.nix | 2 -- 2 files changed, 2 deletions(-) rename pkgs/{tools/networking/unbound/default.nix => by-name/un/unbound/package.nix} (100%) diff --git a/pkgs/tools/networking/unbound/default.nix b/pkgs/by-name/un/unbound/package.nix similarity index 100% rename from pkgs/tools/networking/unbound/default.nix rename to pkgs/by-name/un/unbound/package.nix diff --git a/pkgs/top-level/all-packages.nix b/pkgs/top-level/all-packages.nix index 4f133b168a9fb..3e80054958ed8 100644 --- a/pkgs/top-level/all-packages.nix +++ b/pkgs/top-level/all-packages.nix @@ -14449,8 +14449,6 @@ with pkgs; unclutter-xfixes = callPackage ../tools/misc/unclutter-xfixes { }; - unbound = callPackage ../tools/networking/unbound { }; - unbound-with-systemd = unbound.override { withSystemd = true; }; From bccc97cd9b56cd19b7b3f3ad99674ff4d742d31c Mon Sep 17 00:00:00 2001 From: "R. Ryantm" Date: Mon, 13 May 2024 17:15:34 +0000 Subject: [PATCH 62/88] libxml2: 2.12.6 -> 2.12.7 --- pkgs/development/libraries/libxml2/default.nix | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/pkgs/development/libraries/libxml2/default.nix b/pkgs/development/libraries/libxml2/default.nix index 1cca2d9222dbb..d2e614b331a1a 100644 --- a/pkgs/development/libraries/libxml2/default.nix +++ b/pkgs/development/libraries/libxml2/default.nix @@ -25,7 +25,7 @@ stdenv.mkDerivation (finalAttrs: rec { pname = "libxml2"; - version = "2.12.6"; + version = "2.12.7"; outputs = [ "bin" "dev" "out" "doc" ] ++ lib.optional pythonSupport "py" @@ -34,7 +34,7 @@ stdenv.mkDerivation (finalAttrs: rec { src = fetchurl { url = "mirror://gnome/sources/libxml2/${lib.versions.majorMinor version}/libxml2-${version}.tar.xz"; - hash = "sha256-iJxZOogaPbX92WzJMYyH3zTrZI7fxFgnKtRv1gc1P7s="; + hash = "sha256-JK54/xNjqXPm2L66lBp5RdoqwFbhm1OVautpJ/1s+1Y="; }; strictDeps = true; From 4d045a7de8c674a71a7a1c2c6b5ac5cb19c3f607 Mon Sep 17 00:00:00 2001 From: Robert Scott Date: Tue, 14 May 2024 22:16:58 +0100 Subject: [PATCH 63/88] libaom: don't disable runtime cpu detection on aarch64-darwin it seems to both work and be necessary now if we don't want to run into illegal instructions --- pkgs/development/libraries/libaom/default.nix | 3 --- 1 file changed, 3 deletions(-) diff --git a/pkgs/development/libraries/libaom/default.nix b/pkgs/development/libraries/libaom/default.nix index 474b1664fbe9d..16a9e872aae8f 100644 --- a/pkgs/development/libraries/libaom/default.nix +++ b/pkgs/development/libraries/libaom/default.nix @@ -47,9 +47,6 @@ stdenv.mkDerivation rec { "-DENABLE_TESTS=OFF" ] ++ lib.optionals enableVmaf [ "-DCONFIG_TUNE_VMAF=1" - ] ++ lib.optionals (stdenv.isDarwin && stdenv.isAarch64) [ - # CPU detection isn't supported on Darwin and breaks the aarch64-darwin build: - "-DCONFIG_RUNTIME_CPU_DETECT=0" ] ++ lib.optionals (isCross && !stdenv.hostPlatform.isx86) [ "-DCMAKE_ASM_COMPILER=${stdenv.cc.targetPrefix}as" ] ++ lib.optionals stdenv.isAarch32 [ From 3130575f4f78e0b73cb34c7a57d4030d7f139d0b Mon Sep 17 00:00:00 2001 From: edef Date: Wed, 15 May 2024 00:52:37 +0000 Subject: [PATCH 64/88] git: 2.44.0 -> 2.44.1 CVE-2024-32002, CVE-2024-32004, CVE-2024-32465, CVE-2024-32020, CVE-2024-32021 --- pkgs/applications/version-management/git/default.nix | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/pkgs/applications/version-management/git/default.nix b/pkgs/applications/version-management/git/default.nix index 8f57c97230fbd..375908863a2ab 100644 --- a/pkgs/applications/version-management/git/default.nix +++ b/pkgs/applications/version-management/git/default.nix @@ -29,7 +29,7 @@ assert sendEmailSupport -> perlSupport; assert svnSupport -> perlSupport; let - version = "2.44.0"; + version = "2.44.1"; svn = subversionClient.override { perlBindings = perlSupport; }; gitwebPerlLibs = with perlPackages; [ CGI HTMLParser CGIFast FCGI FCGIProcManager HTMLTagCloud ]; in @@ -42,7 +42,7 @@ stdenv.mkDerivation (finalAttrs: { src = fetchurl { url = "https://www.kernel.org/pub/software/scm/git/git-${version}.tar.xz"; - hash = "sha256-41hzjctbXqNAzpAKABXAOuhugE5/9k5HqkYx3e5oHeM="; + hash = "sha256-e2CmJMD3AJoWuFYlBiGq/c3YXrjUS7AgYXtlJbhyYeQ="; }; outputs = [ "out" ] ++ lib.optional withManual "doc"; From 62623162cdcb4c5eab975accbcfc8c0ad8bc9a13 Mon Sep 17 00:00:00 2001 From: K900 Date: Wed, 15 May 2024 07:59:06 +0300 Subject: [PATCH 65/88] glslang: 14.1.0 -> 14.2.0 Diff: https://github.com/KhronosGroup/glslang/compare/14.1.0...14.2.0 --- pkgs/development/compilers/glslang/default.nix | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/pkgs/development/compilers/glslang/default.nix b/pkgs/development/compilers/glslang/default.nix index 1f84487239d24..91dfb296318cc 100644 --- a/pkgs/development/compilers/glslang/default.nix +++ b/pkgs/development/compilers/glslang/default.nix @@ -9,13 +9,13 @@ }: stdenv.mkDerivation rec { pname = "glslang"; - version = "14.1.0"; + version = "14.2.0"; src = fetchFromGitHub { owner = "KhronosGroup"; repo = "glslang"; rev = version; - hash = "sha256-trm5bR3/2w+oQppHQBB+b6l0N0sLjTk5+rRGDfnGb+8="; + hash = "sha256-B6jVCeoFjd2H6+7tIses+Kj8DgHS6E2dkVzQAIzDHEc="; }; # These get set at all-packages, keep onto them for child drvs From a6f3cc62f7cb3335c9c7e0c38c462da8abe6bdad Mon Sep 17 00:00:00 2001 From: K900 Date: Wed, 15 May 2024 07:59:09 +0300 Subject: [PATCH 66/88] vulkan-headers: 1.3.280.0 -> 1.3.283.0 Diff: https://github.com/KhronosGroup/Vulkan-Headers/compare/vulkan-sdk-1.3.280.0...vulkan-sdk-1.3.283.0 --- pkgs/development/libraries/vulkan-headers/default.nix | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/pkgs/development/libraries/vulkan-headers/default.nix b/pkgs/development/libraries/vulkan-headers/default.nix index 5793905a75a14..cd9dbec032087 100644 --- a/pkgs/development/libraries/vulkan-headers/default.nix +++ b/pkgs/development/libraries/vulkan-headers/default.nix @@ -1,7 +1,7 @@ { lib, stdenv, fetchFromGitHub, cmake }: stdenv.mkDerivation rec { pname = "vulkan-headers"; - version = "1.3.280.0"; + version = "1.3.283.0"; nativeBuildInputs = [ cmake ]; @@ -9,7 +9,7 @@ stdenv.mkDerivation rec { owner = "KhronosGroup"; repo = "Vulkan-Headers"; rev = "vulkan-sdk-${version}"; - hash = "sha256-EnKiCtH6rh3ACQgokSSfp4FPFluMZW0dheP8IEzZtY4="; + hash = "sha256-DpbTYlEJPtyf/m9QEI8fdAm1Hw8MpFd+iCd7WB2gp/M="; }; passthru.updateScript = ./update.sh; From 5ba3b41faeb2a75221b0c06851b5982eb0e28a25 Mon Sep 17 00:00:00 2001 From: K900 Date: Wed, 15 May 2024 07:59:12 +0300 Subject: [PATCH 67/88] vulkan-loader: 1.3.280.0 -> 1.3.283.0 Diff: https://github.com/KhronosGroup/Vulkan-Loader/compare/vulkan-sdk-1.3.280.0...vulkan-sdk-1.3.283.0 --- pkgs/development/libraries/vulkan-loader/default.nix | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/pkgs/development/libraries/vulkan-loader/default.nix b/pkgs/development/libraries/vulkan-loader/default.nix index f36a01e1a67ff..023bba6ee8e87 100644 --- a/pkgs/development/libraries/vulkan-loader/default.nix +++ b/pkgs/development/libraries/vulkan-loader/default.nix @@ -4,13 +4,13 @@ stdenv.mkDerivation (finalAttrs: { pname = "vulkan-loader"; - version = "1.3.280.0"; + version = "1.3.283.0"; src = fetchFromGitHub { owner = "KhronosGroup"; repo = "Vulkan-Loader"; rev = "vulkan-sdk-${finalAttrs.version}"; - hash = "sha256-zkJSPshRaZRDiBvLJbJo8l1MX10KXYZniqtNTNnokT4="; + hash = "sha256-pe4WYbfB20yRI5Pg+RxgmQcmdXsSoRxbBkQ3DdAL8r4="; }; patches = [ ./fix-pkgconfig.patch ]; From bbfb3a5c0b56b731d1b93fd463a3a5e945b15bbe Mon Sep 17 00:00:00 2001 From: K900 Date: Wed, 15 May 2024 07:59:16 +0300 Subject: [PATCH 68/88] vulkan-validation-layers: 1.3.280.0 -> 1.3.283.0 Diff: https://github.com/KhronosGroup/Vulkan-ValidationLayers/compare/vulkan-sdk-1.3.280.0...vulkan-sdk-1.3.283.0 --- pkgs/development/tools/vulkan-validation-layers/default.nix | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/pkgs/development/tools/vulkan-validation-layers/default.nix b/pkgs/development/tools/vulkan-validation-layers/default.nix index c40a6bbb6e78f..78552a7f2c685 100644 --- a/pkgs/development/tools/vulkan-validation-layers/default.nix +++ b/pkgs/development/tools/vulkan-validation-layers/default.nix @@ -23,13 +23,13 @@ let in stdenv.mkDerivation rec { pname = "vulkan-validation-layers"; - version = "1.3.280.0"; + version = "1.3.283.0"; src = fetchFromGitHub { owner = "KhronosGroup"; repo = "Vulkan-ValidationLayers"; rev = "vulkan-sdk-${version}"; - hash = "sha256-jBiVbLRbAZEEU8ZYg9Ehx4b5hDJoi7+LnN++zKLSzvA="; + hash = "sha256-OT9VfGg3+NBVV6SCGZ+Hu9FAxGJXXT45yvt2sHDIFTA="; }; nativeBuildInputs = [ From a17bfb3d7ff67bc6136cb7a54a62d4fc5e934a7e Mon Sep 17 00:00:00 2001 From: K900 Date: Wed, 15 May 2024 07:59:18 +0300 Subject: [PATCH 69/88] vulkan-tools: 1.3.280.0 -> 1.3.283.0 Diff: https://github.com/KhronosGroup/Vulkan-Tools/compare/vulkan-sdk-1.3.280.0...vulkan-sdk-1.3.283.0 --- pkgs/tools/graphics/vulkan-tools/default.nix | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/pkgs/tools/graphics/vulkan-tools/default.nix b/pkgs/tools/graphics/vulkan-tools/default.nix index 95423b68d6b90..b507ed416c126 100644 --- a/pkgs/tools/graphics/vulkan-tools/default.nix +++ b/pkgs/tools/graphics/vulkan-tools/default.nix @@ -24,13 +24,13 @@ stdenv.mkDerivation rec { pname = "vulkan-tools"; - version = "1.3.280.0"; + version = "1.3.283.0"; src = fetchFromGitHub { owner = "KhronosGroup"; repo = "Vulkan-Tools"; rev = "vulkan-sdk-${version}"; - hash = "sha256-v6Piz1nvNffopz5FVRkgJ1pXj63jCWTyNopkpjcBFXA="; + hash = "sha256-IAlqFCenv5e70XyLSYh2fE84JZQFJwg+YKTGaK7ShKA="; }; nativeBuildInputs = [ From 72fb6fbfcacfb51ab25b8588a99cdb376754a158 Mon Sep 17 00:00:00 2001 From: K900 Date: Wed, 15 May 2024 07:59:21 +0300 Subject: [PATCH 70/88] vulkan-tools-lunarg: 1.3.280.0 -> 1.3.283.0 Diff: https://github.com/LunarG/VulkanTools/compare/vulkan-sdk-1.3.280.0...vulkan-sdk-1.3.283.0 --- pkgs/tools/graphics/vulkan-tools-lunarg/default.nix | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/pkgs/tools/graphics/vulkan-tools-lunarg/default.nix b/pkgs/tools/graphics/vulkan-tools-lunarg/default.nix index 6ac7ac411185d..afe23265572df 100644 --- a/pkgs/tools/graphics/vulkan-tools-lunarg/default.nix +++ b/pkgs/tools/graphics/vulkan-tools-lunarg/default.nix @@ -26,13 +26,13 @@ stdenv.mkDerivation rec { pname = "vulkan-tools-lunarg"; - version = "1.3.280.0"; + version = "1.3.283.0"; src = fetchFromGitHub { owner = "LunarG"; repo = "VulkanTools"; rev = "vulkan-sdk-${version}"; - hash = "sha256-tp5b7/1lDF9oe/AsiqhVCvYY8p9UguGAgIkLS/hIhfQ="; + hash = "sha256-kRioHGrk6zsBIsnvusq6usAQqxQmCMmGk+O3ckkGEG4="; }; nativeBuildInputs = [ cmake python3 jq which pkg-config libsForQt5.qt5.wrapQtAppsHook ]; From d85a738fbb50eb1fc8d2752419cfdb3fbd13ac48 Mon Sep 17 00:00:00 2001 From: K900 Date: Wed, 15 May 2024 07:59:23 +0300 Subject: [PATCH 71/88] vulkan-extension-layer: 1.3.280.0 -> 1.3.283.0 Diff: https://github.com/KhronosGroup/Vulkan-ExtensionLayer/compare/vulkan-sdk-1.3.280.0...vulkan-sdk-1.3.283.0 --- pkgs/tools/graphics/vulkan-extension-layer/default.nix | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/pkgs/tools/graphics/vulkan-extension-layer/default.nix b/pkgs/tools/graphics/vulkan-extension-layer/default.nix index 7d5273b4c30c0..6f5961de851d1 100644 --- a/pkgs/tools/graphics/vulkan-extension-layer/default.nix +++ b/pkgs/tools/graphics/vulkan-extension-layer/default.nix @@ -2,13 +2,13 @@ stdenv.mkDerivation rec { pname = "vulkan-extension-layer"; - version = "1.3.280.0"; + version = "1.3.283.0"; src = fetchFromGitHub { owner = "KhronosGroup"; repo = "Vulkan-ExtensionLayer"; rev = "vulkan-sdk-${version}"; - hash = "sha256-THy2/hZacOI6IUPFk8cckpBKM4W3pFFeeEwSTVoMDQo="; + hash = "sha256-ClmCYJD9GRtM0XgbZqbW1OY1ukP8+FifneaXUjvNGQ4="; }; nativeBuildInputs = [ cmake pkg-config jq ]; From fb7aed3fffd5e6f14995e1fdcd5146ce53b5c2a8 Mon Sep 17 00:00:00 2001 From: K900 Date: Wed, 15 May 2024 07:59:26 +0300 Subject: [PATCH 72/88] vulkan-utility-libraries: 1.3.280.0 -> 1.3.283.0 Diff: https://github.com/KhronosGroup/Vulkan-Utility-Libraries/compare/vulkan-sdk-1.3.280.0...vulkan-sdk-1.3.283.0 --- .../libraries/vulkan-utility-libraries/default.nix | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/pkgs/development/libraries/vulkan-utility-libraries/default.nix b/pkgs/development/libraries/vulkan-utility-libraries/default.nix index c2c49671b0781..81793528e84de 100644 --- a/pkgs/development/libraries/vulkan-utility-libraries/default.nix +++ b/pkgs/development/libraries/vulkan-utility-libraries/default.nix @@ -2,13 +2,13 @@ stdenv.mkDerivation (finalAttrs: { pname = "vulkan-utility-libraries"; - version = "1.3.280.0"; + version = "1.3.283.0"; src = fetchFromGitHub { owner = "KhronosGroup"; repo = "Vulkan-Utility-Libraries"; rev = "vulkan-sdk-${finalAttrs.version}"; - hash = "sha256-mCD9/bpWUXRVJ+OyOqG0tXTgFuptIlcG6UR/RiNV1Z0="; + hash = "sha256-oQC//4RHJjSncQtHPVsYnpLYtXfxSSJdbUBf8clevDI="; }; nativeBuildInputs = [ cmake python3 ]; From fb98282b40a8e87b1680de1d6658e46ec5fcae26 Mon Sep 17 00:00:00 2001 From: K900 Date: Wed, 15 May 2024 07:59:28 +0300 Subject: [PATCH 73/88] vulkan-volk: 1.3.280.0 -> 1.3.283.0 Diff: https://github.com/zeux/volk/compare/vulkan-sdk-1.3.280.0...vulkan-sdk-1.3.283.0 --- pkgs/by-name/vu/vulkan-volk/package.nix | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/pkgs/by-name/vu/vulkan-volk/package.nix b/pkgs/by-name/vu/vulkan-volk/package.nix index a659f9a1c6da7..d65002027a174 100644 --- a/pkgs/by-name/vu/vulkan-volk/package.nix +++ b/pkgs/by-name/vu/vulkan-volk/package.nix @@ -2,13 +2,13 @@ stdenv.mkDerivation (finalAttrs: { pname = "volk"; - version = "1.3.280.0"; + version = "1.3.283.0"; src = fetchFromGitHub { owner = "zeux"; repo = "volk"; rev = "vulkan-sdk-${finalAttrs.version}"; - hash = "sha256-e4TLGRqn0taYeiRVxc9WevURjO5dsVq3RpOwZBGDknQ="; + hash = "sha256-AoUStYeSTu6YmdyKgx0n3O+p3asb39GU6HSHgOhhFhQ="; }; nativeBuildInputs = [ cmake ]; From 7a4be713424c8cc9372939e42d6ccfa1e3f35e72 Mon Sep 17 00:00:00 2001 From: K900 Date: Wed, 15 May 2024 07:59:30 +0300 Subject: [PATCH 74/88] spirv-headers: 1.3.280.0 -> 1.3.283.0 Diff: https://github.com/KhronosGroup/SPIRV-Headers/compare/vulkan-sdk-1.3.280.0...vulkan-sdk-1.3.283.0 --- pkgs/development/libraries/spirv-headers/default.nix | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/pkgs/development/libraries/spirv-headers/default.nix b/pkgs/development/libraries/spirv-headers/default.nix index 655233362e150..31efd76209a38 100644 --- a/pkgs/development/libraries/spirv-headers/default.nix +++ b/pkgs/development/libraries/spirv-headers/default.nix @@ -2,13 +2,13 @@ stdenv.mkDerivation rec { pname = "spirv-headers"; - version = "1.3.280.0"; + version = "1.3.283.0"; src = fetchFromGitHub { owner = "KhronosGroup"; repo = "SPIRV-Headers"; rev = "vulkan-sdk-${version}"; - hash = "sha256-kyOAwe4R0FmeA9IIJF2eoZR+7g9LiGKaZ7FuIfkrXJ4="; + hash = "sha256-CAmDDqeMVKNdV/91VQYAKyCc+e+H99PRYZzt5WjswBI="; }; nativeBuildInputs = [ cmake ]; From 5f747957b1bcedc9ad2fcd42d4443783bddf9612 Mon Sep 17 00:00:00 2001 From: K900 Date: Wed, 15 May 2024 07:59:34 +0300 Subject: [PATCH 75/88] spirv-cross: 1.3.280.0 -> 1.3.283.0 Diff: https://github.com/KhronosGroup/SPIRV-Cross/compare/vulkan-sdk-1.3.280.0...vulkan-sdk-1.3.283.0 Changelog: https://github.com/KhronosGroup/SPIRV-Cross/releases/tag/1.3.283.0 --- pkgs/tools/graphics/spirv-cross/default.nix | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/pkgs/tools/graphics/spirv-cross/default.nix b/pkgs/tools/graphics/spirv-cross/default.nix index 5f970916049c6..7624c10dcdcf3 100644 --- a/pkgs/tools/graphics/spirv-cross/default.nix +++ b/pkgs/tools/graphics/spirv-cross/default.nix @@ -2,13 +2,13 @@ stdenv.mkDerivation (finalAttrs: { pname = "spirv-cross"; - version = "1.3.280.0"; + version = "1.3.283.0"; src = fetchFromGitHub { owner = "KhronosGroup"; repo = "SPIRV-Cross"; rev = "vulkan-sdk-${finalAttrs.version}"; - hash = "sha256-jWTTUHUvUyF5Vern3QXZo96Yvp7/T1WQjt3OpvJczsw="; + hash = "sha256-UEXKzx1NXCInOnI96Z1hfrpyoWdb3BOGEKstX1gVzIo="; }; nativeBuildInputs = [ cmake python3 ]; From 097b4c8ae9812c0d121a77b11d0cdbca5cc7a9ae Mon Sep 17 00:00:00 2001 From: K900 Date: Wed, 15 May 2024 07:59:38 +0300 Subject: [PATCH 76/88] spirv-tools: 1.3.280.0 -> 1.3.283.0 Diff: https://github.com/KhronosGroup/SPIRV-Tools/compare/vulkan-sdk-1.3.280.0...vulkan-sdk-1.3.283.0 --- pkgs/development/tools/spirv-tools/default.nix | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/pkgs/development/tools/spirv-tools/default.nix b/pkgs/development/tools/spirv-tools/default.nix index dcf124e151afa..0cd2a13d5e97d 100644 --- a/pkgs/development/tools/spirv-tools/default.nix +++ b/pkgs/development/tools/spirv-tools/default.nix @@ -2,13 +2,13 @@ stdenv.mkDerivation rec { pname = "spirv-tools"; - version = "1.3.280.0"; + version = "1.3.283.0"; src = fetchFromGitHub { owner = "KhronosGroup"; repo = "SPIRV-Tools"; rev = "vulkan-sdk-${version}"; - hash = "sha256-WnlFr9M7OI4unCIxfmSkvcLqZFKhW4Qkbb4+xp8lSOo="; + hash = "sha256-at3krE0torhjg7G+NkX0/ewc26Sg/1t2xW7wghAAuZo="; }; # The cmake options are sufficient for turning on static building, but not From cb4678361a0cf41a886153ae23075bf6ba902071 Mon Sep 17 00:00:00 2001 From: Florian Brandes Date: Tue, 14 May 2024 22:03:13 +0200 Subject: [PATCH 77/88] gnutls: fix an upstream regression in RSA certificates The update to 3.8.5 involved adding a feature to conditionally disable RSAES-PKCS1-v1.5 [1]. It was intended to be turned on by default [2], but failed [3]. Therefore it is disabled, which in turn throws a new error: "Fatal error: The encryption algorithm is not supported". (error 113). This can have severe implications, as for example Lets Encrypt signed RSA certificates aren't trusted anymore. This commit fetches the upstream patch, which hasn't been included in 3.8.5 [1]: https://gitlab.com/gnutls/gnutls/-/merge_requests/1828 [2]: https://gitlab.com/gnutls/gnutls/-/merge_requests/1828/diffs#cd5a2ba3b145c1bd292e027ef84c618b6b7fb895_267_274 [3]: https://gitlab.com/gnutls/gnutls/-/issues/1540 Signed-off-by: Florian Brandes --- pkgs/development/libraries/gnutls/default.nix | 10 ++++++++++ 1 file changed, 10 insertions(+) diff --git a/pkgs/development/libraries/gnutls/default.nix b/pkgs/development/libraries/gnutls/default.nix index 13bdb921ef71d..b527c0d3c3331 100644 --- a/pkgs/development/libraries/gnutls/default.nix +++ b/pkgs/development/libraries/gnutls/default.nix @@ -85,6 +85,16 @@ stdenv.mkDerivation rec { revert = true; hash = "sha256-r/+Gmwqy0Yc1LHL/PdPLXlErUBC5JxquLzCBAN3LuRM="; }) + # Makes the system-wide configuration for RSAES-PKCS1-v1_5 actually apply + # and makes it enabled by default when the config file is missing + # Without this an error 113 is thrown when using some RSA certificates + # see https://gitlab.com/gnutls/gnutls/-/issues/1540 + # "This is pretty sever[e], since it breaks on letsencrypt-issued RSA keys." (comment from above issue) + (fetchpatch2 { + name = "fix-rsaes-pkcs1-v1_5-system-wide-configuration.patch"; + url = "https://gitlab.com/gnutls/gnutls/-/commit/2d73d945c4b1dfcf8d2328c4d23187d62ffaab2d.diff"; + hash = "sha256-2aWcLff9jzJnY+XSqCIaK/zdwSLwkNlfDeMlWyRShN8="; + }) ]; # Skip some tests: From 3f60325bf1044e5e8cbb1f348c292500c92b395a Mon Sep 17 00:00:00 2001 From: Randy Eckenrode Date: Wed, 15 May 2024 20:05:45 -0400 Subject: [PATCH 78/88] darwin.moltenvk: 1.2.8 -> 1.2.9 https://github.com/KhronosGroup/MoltenVK/releases/tag/v1.2.9 --- pkgs/os-specific/darwin/moltenvk/default.nix | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/pkgs/os-specific/darwin/moltenvk/default.nix b/pkgs/os-specific/darwin/moltenvk/default.nix index 1324bdeb7f217..323096fd5c9ed 100644 --- a/pkgs/os-specific/darwin/moltenvk/default.nix +++ b/pkgs/os-specific/darwin/moltenvk/default.nix @@ -28,7 +28,7 @@ let in stdenv.mkDerivation (finalAttrs: { pname = "MoltenVK"; - version = "1.2.8"; + version = "1.2.9"; buildInputs = [ AppKit @@ -56,7 +56,7 @@ stdenv.mkDerivation (finalAttrs: { owner = "KhronosGroup"; repo = "MoltenVK"; rev = "v${finalAttrs.version}"; - hash = "sha256-nsNN2iCSjXzfarSdaNmeNbfDliUBMQMsb0rXEENWJqw="; + hash = "sha256-9k7NMw2M6IqCUQNBekzDaS6VYAOKwPmuCfJkENQ7oiI="; }; postPatch = '' From ee776dd5df012280b004b025c92c9a7d0c229cd1 Mon Sep 17 00:00:00 2001 From: Florian Klink Date: Wed, 15 May 2024 17:30:22 +0200 Subject: [PATCH 79/88] Pick #311675: fix: systemd build flag combinations (cherry picked from commit 3a4faefddfe09fe565bd02d4c6beaa49d771ca96) --- pkgs/os-specific/linux/systemd/default.nix | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/pkgs/os-specific/linux/systemd/default.nix b/pkgs/os-specific/linux/systemd/default.nix index 640baee9de7bc..a0f019c610dc9 100644 --- a/pkgs/os-specific/linux/systemd/default.nix +++ b/pkgs/os-specific/linux/systemd/default.nix @@ -552,7 +552,7 @@ stdenv.mkDerivation (finalAttrs: { (lib.mesonEnable "zlib" withCompression) # NSS - (lib.mesonEnable "nss-mymachines" withNss) + (lib.mesonEnable "nss-mymachines" (withNss && withMachined)) (lib.mesonEnable "nss-resolve" withNss) (lib.mesonBool "nss-myhostname" withNss) (lib.mesonBool "nss-systemd" withNss) @@ -564,7 +564,7 @@ stdenv.mkDerivation (finalAttrs: { # FIDO2 (lib.mesonEnable "libfido2" withFido2) - (lib.mesonEnable "openssl" withFido2) + (lib.mesonEnable "openssl" (withHomed || withFido2 || withSysupdate)) # Password Quality (lib.mesonEnable "pwquality" withPasswordQuality) From 9ca1cf51be5407ef7c8c165a72a9ce0965bfe2c7 Mon Sep 17 00:00:00 2001 From: Martin Weinelt Date: Thu, 16 May 2024 22:04:08 +0200 Subject: [PATCH 80/88] python312Packages.tqdm: 4.66.2 -> 4.66.4 https://tqdm.github.io/releases/#v4664-2024-05-02 Fixes: CVE-2024-34062 --- pkgs/development/python-modules/tqdm/default.nix | 9 ++------- 1 file changed, 2 insertions(+), 7 deletions(-) diff --git a/pkgs/development/python-modules/tqdm/default.nix b/pkgs/development/python-modules/tqdm/default.nix index 4f3ff0f1545c2..85fd2091d69b9 100644 --- a/pkgs/development/python-modules/tqdm/default.nix +++ b/pkgs/development/python-modules/tqdm/default.nix @@ -1,8 +1,6 @@ { lib -, stdenv , buildPythonPackage , fetchPypi -, pythonOlder , setuptools , setuptools-scm , wheel @@ -17,12 +15,12 @@ buildPythonPackage rec { pname = "tqdm"; - version = "4.66.2"; + version = "4.66.4"; format = "pyproject"; src = fetchPypi { inherit pname version; - hash = "sha256-bNUs3w/vDg9UMpnPyW/skNe4p+iHRfQR7DPrRNXtNTE="; + hash = "sha256-5Nk2yd6HJ5KPO+YHlZDpfZq/6NOaWQvmeOtZGf/Bhrs="; }; nativeBuildInputs = [ @@ -31,9 +29,6 @@ buildPythonPackage rec { wheel ]; - # https://github.com/tqdm/tqdm/issues/1537 - doCheck = pythonOlder "3.12"; - nativeCheckInputs = [ pytestCheckHook pytest-asyncio From cb8fa2b758f8b3f5b7dfacf46d877ef1635938ea Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Vladim=C3=ADr=20=C4=8Cun=C3=A1t?= Date: Fri, 17 May 2024 17:35:26 +0200 Subject: [PATCH 81/88] util-linux: try to fix parallel build failures Difficult to know if these actually fix it, since it only happens sometimes. Link: https://github.com/NixOS/nixpkgs/pull/309805#issuecomment-2109348209 Link: https://lore.kernel.org/util-linux/87le4c1zm4.fsf@alyssa.is/ vcunat edit: only apply on some platforms for now, balancing fixes and the amount of rebuild work on Hydra. The rest is picked from PR #311988 --- pkgs/os-specific/linux/util-linux/default.nix | 23 +++++++++++++++++-- 1 file changed, 21 insertions(+), 2 deletions(-) diff --git a/pkgs/os-specific/linux/util-linux/default.nix b/pkgs/os-specific/linux/util-linux/default.nix index 642480b670c71..4f957dfcc1675 100644 --- a/pkgs/os-specific/linux/util-linux/default.nix +++ b/pkgs/os-specific/linux/util-linux/default.nix @@ -1,4 +1,5 @@ -{ lib, stdenv, fetchurl, pkg-config, zlib, shadow +{ lib, stdenv, fetchurl, fetchpatch, autoreconfHook, gtk-doc, pkg-config +, zlib, shadow , capabilitiesSupport ? stdenv.isLinux , libcap_ng , libxcrypt @@ -18,7 +19,11 @@ , memstreamHook , gitUpdater }: - +let + # Temporarily avoid applying the patches on systems where already we have binaries + # (in particular x86_64-linux and aarch64-linux) as the package is a huge rebuild there. + avoidRebuild = stdenv.isLinux && stdenv.is64bit; +in stdenv.mkDerivation rec { pname = "util-linux" + lib.optionalString (!nlsSupport && !ncursesSupport && !systemdSupport) "-minimal"; version = "2.40.1"; @@ -30,6 +35,19 @@ stdenv.mkDerivation rec { patches = [ ./rtcwake-search-PATH-for-shutdown.patch + ] ++ lib.optionals (!avoidRebuild) [ + # Backports of patches that hopefully fix an intermittent parallel + # build failure. + (fetchpatch { + name = "pam_lastlog2:-drop-duplicate-assignment-pam_lastlog2_la_LDFLAGS.patch"; + url = "https://git.kernel.org/pub/scm/utils/util-linux/util-linux.git/patch/?id=290748729dc3edf9ea1c680c8954441a5e367a44"; + hash = "sha256-Hi+SrT8UovZyCWf6Jc7s3dc6YLyfOfgqohOEnc7aJq4="; + }) + (fetchpatch { + name = "libuuid:-drop-duplicate-assignment-liuuid_la_LDFLAGS"; + url = "https://git.kernel.org/pub/scm/utils/util-linux/util-linux.git/patch/?id=597e8b246ae31366514ead6cca240a09fe5e1528"; + hash = "sha256-QCx3MD/57x2tV1SlJ79EYyxafhaEH4UC+Dt24DA6P8I="; + }) ]; # We separate some of the utilities into their own outputs. This @@ -80,6 +98,7 @@ stdenv.mkDerivation rec { ]; nativeBuildInputs = [ pkg-config installShellFiles ] + ++ lib.optionals (!avoidRebuild) [ autoreconfHook gtk-doc ] ++ lib.optionals translateManpages [ po4a ]; buildInputs = [ zlib libxcrypt sqlite ] From e8130af3b850229a0fd98798c272fe66e97d5132 Mon Sep 17 00:00:00 2001 From: Weijia Wang <9713184+wegank@users.noreply.github.com> Date: Fri, 17 May 2024 18:52:10 +0200 Subject: [PATCH 82/88] rawtherapee: fix build --- pkgs/applications/graphics/rawtherapee/default.nix | 9 +++++++++ 1 file changed, 9 insertions(+) diff --git a/pkgs/applications/graphics/rawtherapee/default.nix b/pkgs/applications/graphics/rawtherapee/default.nix index bf84ac1df11be..f4d340bcc8868 100644 --- a/pkgs/applications/graphics/rawtherapee/default.nix +++ b/pkgs/applications/graphics/rawtherapee/default.nix @@ -1,6 +1,7 @@ { lib , stdenv , fetchFromGitHub +, fetchurl , cmake , pkg-config , wrapGAppsHook3 @@ -37,6 +38,14 @@ stdenv.mkDerivation rec { forceFetchGit = true; }; + # https://github.com/Beep6581/RawTherapee/issues/7074 + patches = [ + (fetchurl { + url = "https://github.com/termux-user-repository/tur/raw/c7b7648b5611cd1bc41a48a1ca6f3c4f71e253c5/tur/rawtherapee/0002-libjpeg-turbo-3.0.3.patch"; + hash = "sha256-IaRMrwZd4KQTGjKd1S4su6b9E+Jt7Y0cZiDAkZ8dXHw="; + }) + ]; + postPatch = '' echo "set(HG_VERSION ${version})" > ReleaseInfo.cmake substituteInPlace tools/osx/Info.plist.in rtgui/config.h.in \ From 0cccca4926ffecdf2a6a8b9009b8e4b1055d7175 Mon Sep 17 00:00:00 2001 From: Matt Moriarity Date: Sun, 19 May 2024 11:38:47 -0600 Subject: [PATCH 83/88] kf5: 5.115 -> 5.116 --- .../libraries/kde-frameworks/fetch.sh | 2 +- .../libraries/kde-frameworks/srcs.nix | 664 +++++++++--------- 2 files changed, 333 insertions(+), 333 deletions(-) diff --git a/pkgs/development/libraries/kde-frameworks/fetch.sh b/pkgs/development/libraries/kde-frameworks/fetch.sh index 358803e37355d..256d90e6ac7e1 100644 --- a/pkgs/development/libraries/kde-frameworks/fetch.sh +++ b/pkgs/development/libraries/kde-frameworks/fetch.sh @@ -1 +1 @@ -WGET_ARGS=( https://download.kde.org/stable/frameworks/5.115/ -A '*.tar.xz' ) +WGET_ARGS=( https://download.kde.org/stable/frameworks/5.116/ -A '*.tar.xz' ) diff --git a/pkgs/development/libraries/kde-frameworks/srcs.nix b/pkgs/development/libraries/kde-frameworks/srcs.nix index 713e43920e7c9..320ad4796e9f6 100644 --- a/pkgs/development/libraries/kde-frameworks/srcs.nix +++ b/pkgs/development/libraries/kde-frameworks/srcs.nix @@ -4,667 +4,667 @@ { attica = { - version = "5.115.0"; + version = "5.116.0"; src = fetchurl { - url = "${mirror}/stable/frameworks/5.115/attica-5.115.0.tar.xz"; - sha256 = "0n54m7sx2nagplr6ps9b3cvwy6cg0yqrba5xl90j1gg4ya14j1db"; - name = "attica-5.115.0.tar.xz"; + url = "${mirror}/stable/frameworks/5.116/attica-5.116.0.tar.xz"; + sha256 = "1shzs985fimd15w2d9cxpcbq7by33v05hb00rp79k6cqvp20f4b8"; + name = "attica-5.116.0.tar.xz"; }; }; baloo = { - version = "5.115.0"; + version = "5.116.0"; src = fetchurl { - url = "${mirror}/stable/frameworks/5.115/baloo-5.115.0.tar.xz"; - sha256 = "0261a7c81pavnq27ww5q5z8acpl18zr2nnfm2wx2zcy4xww21jwm"; - name = "baloo-5.115.0.tar.xz"; + url = "${mirror}/stable/frameworks/5.116/baloo-5.116.0.tar.xz"; + sha256 = "0g33rjvri7xj336zs8mwvrj8ldfpbhjjnmz4a5q2m2hwww0rmxbf"; + name = "baloo-5.116.0.tar.xz"; }; }; bluez-qt = { - version = "5.115.0"; + version = "5.116.0"; src = fetchurl { - url = "${mirror}/stable/frameworks/5.115/bluez-qt-5.115.0.tar.xz"; - sha256 = "18b4pjjgr9fbmdyacz8p078j6wm5vk5lkx18jikhrgkm84ad6zxx"; - name = "bluez-qt-5.115.0.tar.xz"; + url = "${mirror}/stable/frameworks/5.116/bluez-qt-5.116.0.tar.xz"; + sha256 = "09wn0dp3f1a3zw8zfnvwi181zz8izdpwsm3ka7ncpx44d46r1aqv"; + name = "bluez-qt-5.116.0.tar.xz"; }; }; breeze-icons = { - version = "5.115.0"; + version = "5.116.0"; src = fetchurl { - url = "${mirror}/stable/frameworks/5.115/breeze-icons-5.115.0.tar.xz"; - sha256 = "1f89dw05mfmlir8dvabnvxwszq1wqnrrgb7yw54wh7cnxah8gz64"; - name = "breeze-icons-5.115.0.tar.xz"; + url = "${mirror}/stable/frameworks/5.116/breeze-icons-5.116.0.tar.xz"; + sha256 = "1lpkbfvpyxqbdv6l9ywck6gri9xhikwam5d3005cw1jn2g8glhdx"; + name = "breeze-icons-5.116.0.tar.xz"; }; }; extra-cmake-modules = { - version = "5.115.0"; + version = "5.116.0"; src = fetchurl { - url = "${mirror}/stable/frameworks/5.115/extra-cmake-modules-5.115.0.tar.xz"; - sha256 = "1vj5rsq029qjp1by9cal715yza180lcxv1m0jn4nnljplbv3agpf"; - name = "extra-cmake-modules-5.115.0.tar.xz"; + url = "${mirror}/stable/frameworks/5.116/extra-cmake-modules-5.116.0.tar.xz"; + sha256 = "026d4c5vmv1cjj8qgbjbzpvyhmjwmlinadsxhhgify7ldqdd3xp8"; + name = "extra-cmake-modules-5.116.0.tar.xz"; }; }; frameworkintegration = { - version = "5.115.0"; + version = "5.116.0"; src = fetchurl { - url = "${mirror}/stable/frameworks/5.115/frameworkintegration-5.115.0.tar.xz"; - sha256 = "0vk3j6ivwk2y9jik54jxa4wm1c9179yrapia979a48zi5ibrlabf"; - name = "frameworkintegration-5.115.0.tar.xz"; + url = "${mirror}/stable/frameworks/5.116/frameworkintegration-5.116.0.tar.xz"; + sha256 = "1hz2bpshk1ccjzins7d0g674dzbf1gz0zzm58yk4a1np6i5yww1g"; + name = "frameworkintegration-5.116.0.tar.xz"; }; }; kactivities = { - version = "5.115.0"; + version = "5.116.0"; src = fetchurl { - url = "${mirror}/stable/frameworks/5.115/kactivities-5.115.0.tar.xz"; - sha256 = "06wxmg085czrx2cyds7gwgdksvy5nchyshkgr2lxck20asjgn5p0"; - name = "kactivities-5.115.0.tar.xz"; + url = "${mirror}/stable/frameworks/5.116/kactivities-5.116.0.tar.xz"; + sha256 = "0zbjs4sysfaf6zsdnfmkbpxsc2bg5ncnhkzfn1dyhrsqk68lwz3s"; + name = "kactivities-5.116.0.tar.xz"; }; }; kactivities-stats = { - version = "5.115.0"; + version = "5.116.0"; src = fetchurl { - url = "${mirror}/stable/frameworks/5.115/kactivities-stats-5.115.0.tar.xz"; - sha256 = "0rp6j4nr4y5ijf4khsha98pvp8zy6fzjzhdjyj9z67jjpb045sd4"; - name = "kactivities-stats-5.115.0.tar.xz"; + url = "${mirror}/stable/frameworks/5.116/kactivities-stats-5.116.0.tar.xz"; + sha256 = "1sswyynpkmbnr0w3as5yk3hpzafl3wrcxyhfga3gkxjw8q1f2jr4"; + name = "kactivities-stats-5.116.0.tar.xz"; }; }; kapidox = { - version = "5.115.0"; + version = "5.116.0"; src = fetchurl { - url = "${mirror}/stable/frameworks/5.115/kapidox-5.115.0.tar.xz"; - sha256 = "0kp1z0cz60d6sb2wcqa3wawvqqijjyndyn21l2lrrdfz256m5fil"; - name = "kapidox-5.115.0.tar.xz"; + url = "${mirror}/stable/frameworks/5.116/kapidox-5.116.0.tar.xz"; + sha256 = "0ypp7g8zbyvjb8mihg9pqis9ljqx693z4j6bwr467j7h654q9qyq"; + name = "kapidox-5.116.0.tar.xz"; }; }; karchive = { - version = "5.115.0"; + version = "5.116.0"; src = fetchurl { - url = "${mirror}/stable/frameworks/5.115/karchive-5.115.0.tar.xz"; - sha256 = "0xdlsqkxsn3jjkbklhyys8sbbygg5f5qnfls5f0gk8gcig2m36g8"; - name = "karchive-5.115.0.tar.xz"; + url = "${mirror}/stable/frameworks/5.116/karchive-5.116.0.tar.xz"; + sha256 = "02m3vvw58qsgmaps184xwy97bg4pgjl4i1gjwzn66h5qf34y6qqn"; + name = "karchive-5.116.0.tar.xz"; }; }; kauth = { - version = "5.115.0"; + version = "5.116.0"; src = fetchurl { - url = "${mirror}/stable/frameworks/5.115/kauth-5.115.0.tar.xz"; - sha256 = "18jsygwkd4irdsz2lpdmsnjpj3dcz9fzajknl5z4csn6xxmzbaak"; - name = "kauth-5.115.0.tar.xz"; + url = "${mirror}/stable/frameworks/5.116/kauth-5.116.0.tar.xz"; + sha256 = "1x0zd6lqv855jkihxpzhxs732qiva31kzjah9hf2j6xaq0dfxqdc"; + name = "kauth-5.116.0.tar.xz"; }; }; kbookmarks = { - version = "5.115.0"; + version = "5.116.0"; src = fetchurl { - url = "${mirror}/stable/frameworks/5.115/kbookmarks-5.115.0.tar.xz"; - sha256 = "1h6yihcc0jczi51imw4a3zvyglvvzaksc1yjam44via84nli2kqn"; - name = "kbookmarks-5.115.0.tar.xz"; + url = "${mirror}/stable/frameworks/5.116/kbookmarks-5.116.0.tar.xz"; + sha256 = "01cg6qsfjr59ncrxwmiid36cpzynjwxgfydgk23j29bk9gjml2jl"; + name = "kbookmarks-5.116.0.tar.xz"; }; }; kcalendarcore = { - version = "5.115.0"; + version = "5.116.0"; src = fetchurl { - url = "${mirror}/stable/frameworks/5.115/kcalendarcore-5.115.0.tar.xz"; - sha256 = "18sl7yg8xsnba6aar7q1w31jsxsmhz9d4hv67m1w86qv8wn8gn2r"; - name = "kcalendarcore-5.115.0.tar.xz"; + url = "${mirror}/stable/frameworks/5.116/kcalendarcore-5.116.0.tar.xz"; + sha256 = "0g5576snwfxf8ap447b26q3kiy9siq63aj29xbkiq2vj7acylmrg"; + name = "kcalendarcore-5.116.0.tar.xz"; }; }; kcmutils = { - version = "5.115.0"; + version = "5.116.0"; src = fetchurl { - url = "${mirror}/stable/frameworks/5.115/kcmutils-5.115.0.tar.xz"; - sha256 = "07jx2yc820d9xj5pcywx7nwccm5f1r7wjgqvjr6l3d9irjpm54q3"; - name = "kcmutils-5.115.0.tar.xz"; + url = "${mirror}/stable/frameworks/5.116/kcmutils-5.116.0.tar.xz"; + sha256 = "06aw308wv3fyl1g60n1i2hxx74f0isdsfwwzidsjk79danyqsa4i"; + name = "kcmutils-5.116.0.tar.xz"; }; }; kcodecs = { - version = "5.115.0"; + version = "5.116.0"; src = fetchurl { - url = "${mirror}/stable/frameworks/5.115/kcodecs-5.115.0.tar.xz"; - sha256 = "1gq4335w4bxz0al7diql5mlam7vgvvwdvm0iy3hqr6czk135wf4l"; - name = "kcodecs-5.115.0.tar.xz"; + url = "${mirror}/stable/frameworks/5.116/kcodecs-5.116.0.tar.xz"; + sha256 = "03k8scmswxhx7bng5fh3niq84gqzksb19sf6ah4bdz6aj4pd52d4"; + name = "kcodecs-5.116.0.tar.xz"; }; }; kcompletion = { - version = "5.115.0"; + version = "5.116.0"; src = fetchurl { - url = "${mirror}/stable/frameworks/5.115/kcompletion-5.115.0.tar.xz"; - sha256 = "1iqdf67mcmf1vq0z2c13gzvrssywrp8nqa4lwshwi2amag4sad5i"; - name = "kcompletion-5.115.0.tar.xz"; + url = "${mirror}/stable/frameworks/5.116/kcompletion-5.116.0.tar.xz"; + sha256 = "1sh9gpbi65mbs8bszrxh7a9ifgcr7z5jrhsac3670905a6mdmfjj"; + name = "kcompletion-5.116.0.tar.xz"; }; }; kconfig = { - version = "5.115.0"; + version = "5.116.0"; src = fetchurl { - url = "${mirror}/stable/frameworks/5.115/kconfig-5.115.0.tar.xz"; - sha256 = "04l6g2qy2qc3ykwvx2gbikgsh9n3rnz05m72n47lmianvwm2nsdx"; - name = "kconfig-5.115.0.tar.xz"; + url = "${mirror}/stable/frameworks/5.116/kconfig-5.116.0.tar.xz"; + sha256 = "03j7cw0c05rpxrnblrc5ziq7vy1v193l5gj9bix1dakkj9hf6p9c"; + name = "kconfig-5.116.0.tar.xz"; }; }; kconfigwidgets = { - version = "5.115.0"; + version = "5.116.0"; src = fetchurl { - url = "${mirror}/stable/frameworks/5.115/kconfigwidgets-5.115.0.tar.xz"; - sha256 = "0nwmgva1zwfbr36slhziq4a84nhh4swckm6ajcg6imksv41k5nwd"; - name = "kconfigwidgets-5.115.0.tar.xz"; + url = "${mirror}/stable/frameworks/5.116/kconfigwidgets-5.116.0.tar.xz"; + sha256 = "1f65ayyyadiajf7xgf7369rly2yzigh6gqlb0nkgg8cp2bq9fmp4"; + name = "kconfigwidgets-5.116.0.tar.xz"; }; }; kcontacts = { - version = "5.115.0"; + version = "5.116.0"; src = fetchurl { - url = "${mirror}/stable/frameworks/5.115/kcontacts-5.115.0.tar.xz"; - sha256 = "1xwp77nzcjxrk97mqzyfc5b1zvv9s76fvhv6fb8wnmm80l21w7r7"; - name = "kcontacts-5.115.0.tar.xz"; + url = "${mirror}/stable/frameworks/5.116/kcontacts-5.116.0.tar.xz"; + sha256 = "1jxlar0n0jjwd287ly8d3fcb3f73ay79b70mk4j3dxsjizngs1zi"; + name = "kcontacts-5.116.0.tar.xz"; }; }; kcoreaddons = { - version = "5.115.0"; + version = "5.116.0"; src = fetchurl { - url = "${mirror}/stable/frameworks/5.115/kcoreaddons-5.115.0.tar.xz"; - sha256 = "1jcriqndsbi1jpvb3pn2hs9cnq66v9qgpilsa7lqvnp9wg9y3l4c"; - name = "kcoreaddons-5.115.0.tar.xz"; + url = "${mirror}/stable/frameworks/5.116/kcoreaddons-5.116.0.tar.xz"; + sha256 = "0x1inzglgpz2z2w25bp46hzjv74gp3vyd3i911xczz7wd30b9yyy"; + name = "kcoreaddons-5.116.0.tar.xz"; }; }; kcrash = { - version = "5.115.0"; + version = "5.116.0"; src = fetchurl { - url = "${mirror}/stable/frameworks/5.115/kcrash-5.115.0.tar.xz"; - sha256 = "1b83dvmflvjiqhjz6i1b007ah4sg85d57mmz3m9zdyjicfygbsmj"; - name = "kcrash-5.115.0.tar.xz"; + url = "${mirror}/stable/frameworks/5.116/kcrash-5.116.0.tar.xz"; + sha256 = "0rg8g50y44gq3hjl5fc36siyyq3czd2zrf4c70fspk33svwldlw1"; + name = "kcrash-5.116.0.tar.xz"; }; }; kdav = { - version = "5.115.0"; + version = "5.116.0"; src = fetchurl { - url = "${mirror}/stable/frameworks/5.115/kdav-5.115.0.tar.xz"; - sha256 = "02aqs24q4skh6ngm7bhkqqa3l1xf9bgxdr95v9mgc20hyavy22pv"; - name = "kdav-5.115.0.tar.xz"; + url = "${mirror}/stable/frameworks/5.116/kdav-5.116.0.tar.xz"; + sha256 = "1lqvllgni9f5j68149cbx2g2ydzlm06cx1rdzs59sh0phjzfshn6"; + name = "kdav-5.116.0.tar.xz"; }; }; kdbusaddons = { - version = "5.115.0"; + version = "5.116.0"; src = fetchurl { - url = "${mirror}/stable/frameworks/5.115/kdbusaddons-5.115.0.tar.xz"; - sha256 = "0x4vsw43irxy00mvda7kah0d3nrs1vgbimz6d9d2a8rzkf61vizc"; - name = "kdbusaddons-5.115.0.tar.xz"; + url = "${mirror}/stable/frameworks/5.116/kdbusaddons-5.116.0.tar.xz"; + sha256 = "0mlfphk8knbvpyns3ixd8da9zjvsms29mv5z2xgif9y20i5kmdq3"; + name = "kdbusaddons-5.116.0.tar.xz"; }; }; kdeclarative = { - version = "5.115.0"; + version = "5.116.0"; src = fetchurl { - url = "${mirror}/stable/frameworks/5.115/kdeclarative-5.115.0.tar.xz"; - sha256 = "0i530dij27g0w8rcqq81bml2dpacgd2czsjcx1dzf9i2x83arv36"; - name = "kdeclarative-5.115.0.tar.xz"; + url = "${mirror}/stable/frameworks/5.116/kdeclarative-5.116.0.tar.xz"; + sha256 = "0py5x9ia8p7ngk1q3nqwqi1b9zv6jdxc23qam8xyqbfjqcm9qzwy"; + name = "kdeclarative-5.116.0.tar.xz"; }; }; kded = { - version = "5.115.0"; + version = "5.116.0"; src = fetchurl { - url = "${mirror}/stable/frameworks/5.115/kded-5.115.0.tar.xz"; - sha256 = "1cr3mx5lkhp4zsr85n0cl5m9p1zgmwlvapdpyb161z5k6402mhla"; - name = "kded-5.115.0.tar.xz"; + url = "${mirror}/stable/frameworks/5.116/kded-5.116.0.tar.xz"; + sha256 = "0gd0dy748zw12xksk7xmv1xkra2g9s3av4d0i1d7dbb6z1ap5djw"; + name = "kded-5.116.0.tar.xz"; }; }; kdelibs4support = { - version = "5.115.0"; + version = "5.116.0"; src = fetchurl { - url = "${mirror}/stable/frameworks/5.115/portingAids/kdelibs4support-5.115.0.tar.xz"; - sha256 = "051ga7jn18nwiybvvrkkfrw9csgi35g9wd4gajkzykq4r4bgm8kj"; - name = "kdelibs4support-5.115.0.tar.xz"; + url = "${mirror}/stable/frameworks/5.116/portingAids/kdelibs4support-5.116.0.tar.xz"; + sha256 = "1r6120fd4i0nvl0d8i2xb7wsr3gp0i6r0qns2ql2c47b8v8mv4gd"; + name = "kdelibs4support-5.116.0.tar.xz"; }; }; kdesignerplugin = { - version = "5.115.0"; + version = "5.116.0"; src = fetchurl { - url = "${mirror}/stable/frameworks/5.115/portingAids/kdesignerplugin-5.115.0.tar.xz"; - sha256 = "1s788wz6i3ngk44a0fy9cp0vvidgp5f4yid470v85jfkpm1nxv50"; - name = "kdesignerplugin-5.115.0.tar.xz"; + url = "${mirror}/stable/frameworks/5.116/portingAids/kdesignerplugin-5.116.0.tar.xz"; + sha256 = "0pkkpa2rxqx4rlvg70v70yddhc9ivhhdpk3pp64h87g5ia24zkz3"; + name = "kdesignerplugin-5.116.0.tar.xz"; }; }; kdesu = { - version = "5.115.0"; + version = "5.116.0"; src = fetchurl { - url = "${mirror}/stable/frameworks/5.115/kdesu-5.115.0.tar.xz"; - sha256 = "0qlbd7q69pdqc46ydpmn63sxac1lf9v0rllkj5ir49607fbbgqh3"; - name = "kdesu-5.115.0.tar.xz"; + url = "${mirror}/stable/frameworks/5.116/kdesu-5.116.0.tar.xz"; + sha256 = "1jyqw384h8259zma86bz0pjmqzd0mm2p9nlmpk53zqljzy2cij81"; + name = "kdesu-5.116.0.tar.xz"; }; }; kdewebkit = { - version = "5.115.0"; + version = "5.116.0"; src = fetchurl { - url = "${mirror}/stable/frameworks/5.115/portingAids/kdewebkit-5.115.0.tar.xz"; - sha256 = "039wcylnz1wx26r4d5bppzx51gknv3fj2xvw1mb5d29036dp9q1h"; - name = "kdewebkit-5.115.0.tar.xz"; + url = "${mirror}/stable/frameworks/5.116/portingAids/kdewebkit-5.116.0.tar.xz"; + sha256 = "0s7399kbndcz80hyckh02diinh1gbp7nndllwz05vwarq4jvm1cx"; + name = "kdewebkit-5.116.0.tar.xz"; }; }; kdnssd = { - version = "5.115.0"; + version = "5.116.0"; src = fetchurl { - url = "${mirror}/stable/frameworks/5.115/kdnssd-5.115.0.tar.xz"; - sha256 = "1psjrvxnaw2r9fh2kikpbw71scch0b7vjdiwv0a8mhyr6g163qxj"; - name = "kdnssd-5.115.0.tar.xz"; + url = "${mirror}/stable/frameworks/5.116/kdnssd-5.116.0.tar.xz"; + sha256 = "1z2xyir6xvyyq3j48wmra3zka6hlpjr2rnfc4gbijl0aazv6srrm"; + name = "kdnssd-5.116.0.tar.xz"; }; }; kdoctools = { - version = "5.115.0"; + version = "5.116.0"; src = fetchurl { - url = "${mirror}/stable/frameworks/5.115/kdoctools-5.115.0.tar.xz"; - sha256 = "0hz25yfz64qabmd9gw8344ljzi8658483a3194rlbbswyw80ksai"; - name = "kdoctools-5.115.0.tar.xz"; + url = "${mirror}/stable/frameworks/5.116/kdoctools-5.116.0.tar.xz"; + sha256 = "1cvb39ggc79fpfa84rshm6vl10h0avn2rf6qxaxb41r9887ad81n"; + name = "kdoctools-5.116.0.tar.xz"; }; }; kemoticons = { - version = "5.115.0"; + version = "5.116.0"; src = fetchurl { - url = "${mirror}/stable/frameworks/5.115/kemoticons-5.115.0.tar.xz"; - sha256 = "163p3mbmhzd0pzggh13kj0qrl7bid84pabb8p59w42f3rhzdv3fb"; - name = "kemoticons-5.115.0.tar.xz"; + url = "${mirror}/stable/frameworks/5.116/kemoticons-5.116.0.tar.xz"; + sha256 = "0lv8cb7h7v4fbf8vyrsf9kygnhjxznf5sj92nv5is5gy0wdk8qxc"; + name = "kemoticons-5.116.0.tar.xz"; }; }; kfilemetadata = { - version = "5.115.0"; + version = "5.116.0"; src = fetchurl { - url = "${mirror}/stable/frameworks/5.115/kfilemetadata-5.115.0.tar.xz"; - sha256 = "03694d8sn0c5629llw6ikpcs0x7gj4nd08c6jh4zca4g0v3hxzgy"; - name = "kfilemetadata-5.115.0.tar.xz"; + url = "${mirror}/stable/frameworks/5.116/kfilemetadata-5.116.0.tar.xz"; + sha256 = "13yfcy02rmhrhf8lxv7smk1n9rg1ywsh60hwzm94b8hq9a62qp0r"; + name = "kfilemetadata-5.116.0.tar.xz"; }; }; kglobalaccel = { - version = "5.115.0"; + version = "5.116.0"; src = fetchurl { - url = "${mirror}/stable/frameworks/5.115/kglobalaccel-5.115.0.tar.xz"; - sha256 = "1hxcd6pbymmq7z8bwbhyykgd3r54gkwzlvg896ix9phdgm2dacy5"; - name = "kglobalaccel-5.115.0.tar.xz"; + url = "${mirror}/stable/frameworks/5.116/kglobalaccel-5.116.0.tar.xz"; + sha256 = "0rlqclaq4szzqa2kz7c9ad81rm0b2byr806l5v0xz968h8jampzn"; + name = "kglobalaccel-5.116.0.tar.xz"; }; }; kguiaddons = { - version = "5.115.0"; + version = "5.116.0"; src = fetchurl { - url = "${mirror}/stable/frameworks/5.115/kguiaddons-5.115.0.tar.xz"; - sha256 = "0qpj7yvvxv8dswmg8m4jgd6hk2r5m3702cvhgagqyb0qx8vdlvag"; - name = "kguiaddons-5.115.0.tar.xz"; + url = "${mirror}/stable/frameworks/5.116/kguiaddons-5.116.0.tar.xz"; + sha256 = "1rpw6glgchf7qs4rh7jxy9sas73708yllba1q880gdicn1nda42w"; + name = "kguiaddons-5.116.0.tar.xz"; }; }; kholidays = { - version = "5.115.0"; + version = "5.116.0"; src = fetchurl { - url = "${mirror}/stable/frameworks/5.115/kholidays-5.115.0.tar.xz"; - sha256 = "1921nr4k758v4ci7rz1napsg6y2spv8z00qqjrqmka0grwrdgw6d"; - name = "kholidays-5.115.0.tar.xz"; + url = "${mirror}/stable/frameworks/5.116/kholidays-5.116.0.tar.xz"; + sha256 = "1h7x2ldi94zbclas4kyga4bvnp1gk0k84fv9015rl25x9nga33w9"; + name = "kholidays-5.116.0.tar.xz"; }; }; khtml = { - version = "5.115.0"; + version = "5.116.0"; src = fetchurl { - url = "${mirror}/stable/frameworks/5.115/portingAids/khtml-5.115.0.tar.xz"; - sha256 = "0q6gx0xwq98cdqby4k4cgfqm4m7n915mfanf5vlhalld01jrjakl"; - name = "khtml-5.115.0.tar.xz"; + url = "${mirror}/stable/frameworks/5.116/portingAids/khtml-5.116.0.tar.xz"; + sha256 = "13nc5dcj536xyd87prla30mpbzsyjnylb34a979qn7qvpr0zn8c9"; + name = "khtml-5.116.0.tar.xz"; }; }; ki18n = { - version = "5.115.1"; + version = "5.116.0"; src = fetchurl { - url = "${mirror}/stable/frameworks/5.115/ki18n-5.115.1.tar.xz"; - sha256 = "0x40z8jkr7bvn4fjnqrdqf0914286zbxpcn7bdqg2rqr982ksdvy"; - name = "ki18n-5.115.1.tar.xz"; + url = "${mirror}/stable/frameworks/5.116/ki18n-5.116.0.tar.xz"; + sha256 = "1kbb3rq85hbw1h5bd1w9cmdgz8bdg47w9b133ha41qlhh1i50clk"; + name = "ki18n-5.116.0.tar.xz"; }; }; kiconthemes = { - version = "5.115.0"; + version = "5.116.0"; src = fetchurl { - url = "${mirror}/stable/frameworks/5.115/kiconthemes-5.115.0.tar.xz"; - sha256 = "0bwxf4491hi0qz000ymajshhzxnqvq4a1bdb7mmvzf3byx5i69b9"; - name = "kiconthemes-5.115.0.tar.xz"; + url = "${mirror}/stable/frameworks/5.116/kiconthemes-5.116.0.tar.xz"; + sha256 = "0q859zbjys7lajwpgl78ji4dif7cxdxirqb8b6f7k7bk53ignvly"; + name = "kiconthemes-5.116.0.tar.xz"; }; }; kidletime = { - version = "5.115.0"; + version = "5.116.0"; src = fetchurl { - url = "${mirror}/stable/frameworks/5.115/kidletime-5.115.0.tar.xz"; - sha256 = "0mmf6ybs4ajhkphdxwxnwyf3d3skjz88g2cqwvgbq3bldam2k04x"; - name = "kidletime-5.115.0.tar.xz"; + url = "${mirror}/stable/frameworks/5.116/kidletime-5.116.0.tar.xz"; + sha256 = "15s9nxpkqy3i182xk82bpl92iaqcilsckja7301854fw6ppl8vvh"; + name = "kidletime-5.116.0.tar.xz"; }; }; kimageformats = { - version = "5.115.0"; + version = "5.116.0"; src = fetchurl { - url = "${mirror}/stable/frameworks/5.115/kimageformats-5.115.0.tar.xz"; - sha256 = "10vjmbhy6p4vks5wmrn91vjdi3sykjil4kp1ph88nszqcq6h4qcz"; - name = "kimageformats-5.115.0.tar.xz"; + url = "${mirror}/stable/frameworks/5.116/kimageformats-5.116.0.tar.xz"; + sha256 = "174g32s3m7irzv2h3lk7bmp3yfc7zrmp7lmp02n3m5ppbv6rn4bw"; + name = "kimageformats-5.116.0.tar.xz"; }; }; kinit = { - version = "5.115.0"; + version = "5.116.0"; src = fetchurl { - url = "${mirror}/stable/frameworks/5.115/kinit-5.115.0.tar.xz"; - sha256 = "1bbxcbd6g1jhh5c2i127xzn77q3a4ia2180kymc6wyiqa3z7vj3q"; - name = "kinit-5.115.0.tar.xz"; + url = "${mirror}/stable/frameworks/5.116/kinit-5.116.0.tar.xz"; + sha256 = "0b5w7pk7wbyzix2jvn3yk89f9r620wrx55v3cgvj4p83c73ar974"; + name = "kinit-5.116.0.tar.xz"; }; }; kio = { - version = "5.115.0"; + version = "5.116.0"; src = fetchurl { - url = "${mirror}/stable/frameworks/5.115/kio-5.115.0.tar.xz"; - sha256 = "02zrixb73ranj08xk14m5pa198w54h3c3dqhvgrwwgw8b9xkhlqg"; - name = "kio-5.115.0.tar.xz"; + url = "${mirror}/stable/frameworks/5.116/kio-5.116.0.tar.xz"; + sha256 = "0nhins85cqlr3xz4xi0g54rshagphin3pjjx2qxs0fcwcpb1kdzg"; + name = "kio-5.116.0.tar.xz"; }; }; kirigami2 = { - version = "5.115.0"; + version = "5.116.0"; src = fetchurl { - url = "${mirror}/stable/frameworks/5.115/kirigami2-5.115.0.tar.xz"; - sha256 = "1fd2q08a40xy5rv297q7084hbkgfkyq05k8y9gpk77460px45qhm"; - name = "kirigami2-5.115.0.tar.xz"; + url = "${mirror}/stable/frameworks/5.116/kirigami2-5.116.0.tar.xz"; + sha256 = "1q69b1qd2qs9hpwgw0y0ig93ag41l50dghribsnqhi0c9aklsn4b"; + name = "kirigami2-5.116.0.tar.xz"; }; }; kitemmodels = { - version = "5.115.0"; + version = "5.116.0"; src = fetchurl { - url = "${mirror}/stable/frameworks/5.115/kitemmodels-5.115.0.tar.xz"; - sha256 = "037gd15y93m4rcjxc6r4y5l3mgalyg6ryib837jcv0dv825x3ypz"; - name = "kitemmodels-5.115.0.tar.xz"; + url = "${mirror}/stable/frameworks/5.116/kitemmodels-5.116.0.tar.xz"; + sha256 = "1wcznkj24553spkl202zwifk6hgrvdd60j3y47jp2m6zpadywz2k"; + name = "kitemmodels-5.116.0.tar.xz"; }; }; kitemviews = { - version = "5.115.0"; + version = "5.116.0"; src = fetchurl { - url = "${mirror}/stable/frameworks/5.115/kitemviews-5.115.0.tar.xz"; - sha256 = "1nb58pz1xhg7nyxjb22w6j60cjf34qpwqbg5ycy6n4n5wp15nbkf"; - name = "kitemviews-5.115.0.tar.xz"; + url = "${mirror}/stable/frameworks/5.116/kitemviews-5.116.0.tar.xz"; + sha256 = "1sq1kvqb9g0gzlyfyix9xsjq6wl2i1s3mfqkpdc0rdns13sgn3kc"; + name = "kitemviews-5.116.0.tar.xz"; }; }; kjobwidgets = { - version = "5.115.0"; + version = "5.116.0"; src = fetchurl { - url = "${mirror}/stable/frameworks/5.115/kjobwidgets-5.115.0.tar.xz"; - sha256 = "0q9h9sz7xwv0zdvszqmfwq3zv0w12gci88jprwp5gk09sgl7pqyf"; - name = "kjobwidgets-5.115.0.tar.xz"; + url = "${mirror}/stable/frameworks/5.116/kjobwidgets-5.116.0.tar.xz"; + sha256 = "11xy7n2sz340wili21ia92ihfq76irh8c7db8x1qsgqq09ypzhza"; + name = "kjobwidgets-5.116.0.tar.xz"; }; }; kjs = { - version = "5.115.0"; + version = "5.116.0"; src = fetchurl { - url = "${mirror}/stable/frameworks/5.115/portingAids/kjs-5.115.0.tar.xz"; - sha256 = "0ch42gwl9py7bcrx8liryp2w2sz6c46c7r6m44xg8sjqf00f1x4w"; - name = "kjs-5.115.0.tar.xz"; + url = "${mirror}/stable/frameworks/5.116/portingAids/kjs-5.116.0.tar.xz"; + sha256 = "1dz1v5gizjywp452q98r4ka6iafa3b3c24ck8jv1xcym64zg7d4z"; + name = "kjs-5.116.0.tar.xz"; }; }; kjsembed = { - version = "5.115.0"; + version = "5.116.0"; src = fetchurl { - url = "${mirror}/stable/frameworks/5.115/portingAids/kjsembed-5.115.0.tar.xz"; - sha256 = "0l9i7rjjbdllzbcxb1wmg8vspcjy5jiai87kkqhy873yrhfsrbpn"; - name = "kjsembed-5.115.0.tar.xz"; + url = "${mirror}/stable/frameworks/5.116/portingAids/kjsembed-5.116.0.tar.xz"; + sha256 = "0zlc10q8kj6daajhhb07d40jpkwpjd9v5f4ifynahvix85lbl92k"; + name = "kjsembed-5.116.0.tar.xz"; }; }; kmediaplayer = { - version = "5.115.0"; + version = "5.116.0"; src = fetchurl { - url = "${mirror}/stable/frameworks/5.115/portingAids/kmediaplayer-5.115.0.tar.xz"; - sha256 = "1ydadms12xhjxkm5c7shk7ssw327nkv3qlg5rn9bbzq35nc79llm"; - name = "kmediaplayer-5.115.0.tar.xz"; + url = "${mirror}/stable/frameworks/5.116/portingAids/kmediaplayer-5.116.0.tar.xz"; + sha256 = "04zb2dvc8l7l2h093yydndphkjv98yffqyimj5vn97dd2r75346d"; + name = "kmediaplayer-5.116.0.tar.xz"; }; }; knewstuff = { - version = "5.115.0"; + version = "5.116.0"; src = fetchurl { - url = "${mirror}/stable/frameworks/5.115/knewstuff-5.115.0.tar.xz"; - sha256 = "1zqwblssr03kdk9swsc4jqmzgfyixrhby05mb0df07hdh29938cb"; - name = "knewstuff-5.115.0.tar.xz"; + url = "${mirror}/stable/frameworks/5.116/knewstuff-5.116.0.tar.xz"; + sha256 = "02n7429ldkyyzbk9rbr9h4ss80zhc3vnir29q2yksyhcyqkkjc42"; + name = "knewstuff-5.116.0.tar.xz"; }; }; knotifications = { - version = "5.115.0"; + version = "5.116.0"; src = fetchurl { - url = "${mirror}/stable/frameworks/5.115/knotifications-5.115.0.tar.xz"; - sha256 = "0hh6ay8nfm1ak6w74wdhwixxjdpywg7qrckf694hjmxvpgzp30pv"; - name = "knotifications-5.115.0.tar.xz"; + url = "${mirror}/stable/frameworks/5.116/knotifications-5.116.0.tar.xz"; + sha256 = "0jxld7f82psa48r0n9qv1cks6w1vd6krjnyb4mw68vgm38030na8"; + name = "knotifications-5.116.0.tar.xz"; }; }; knotifyconfig = { - version = "5.115.0"; + version = "5.116.0"; src = fetchurl { - url = "${mirror}/stable/frameworks/5.115/knotifyconfig-5.115.0.tar.xz"; - sha256 = "1mh8phfixddi1h06kd42xfmdxgd2g9cqq8d1h9kp2vw5g4i9hiq5"; - name = "knotifyconfig-5.115.0.tar.xz"; + url = "${mirror}/stable/frameworks/5.116/knotifyconfig-5.116.0.tar.xz"; + sha256 = "0zwrcdl565nlzf6q2zljq6xn8929frrhqr8jlmb6kcv5i93yals0"; + name = "knotifyconfig-5.116.0.tar.xz"; }; }; kpackage = { - version = "5.115.0"; + version = "5.116.0"; src = fetchurl { - url = "${mirror}/stable/frameworks/5.115/kpackage-5.115.0.tar.xz"; - sha256 = "0zbw8akrhx4g8sdlbh02qjwbxg0mzk7nbs5isrhi3s34xhzqg03y"; - name = "kpackage-5.115.0.tar.xz"; + url = "${mirror}/stable/frameworks/5.116/kpackage-5.116.0.tar.xz"; + sha256 = "1gpixfkyaflmzk8lkxnknydm4x6w5339yrgs2n9g229bqy2v21ap"; + name = "kpackage-5.116.0.tar.xz"; }; }; kparts = { - version = "5.115.0"; + version = "5.116.0"; src = fetchurl { - url = "${mirror}/stable/frameworks/5.115/kparts-5.115.0.tar.xz"; - sha256 = "153xrci1fp7y4iby8d8izx70572h2rj8psf3xbpx6hqqsxwk7bd2"; - name = "kparts-5.115.0.tar.xz"; + url = "${mirror}/stable/frameworks/5.116/kparts-5.116.0.tar.xz"; + sha256 = "0czrlqh5cxnj1mlbz839c7hifhnpzl476d92lv4hxji50wnjlfqr"; + name = "kparts-5.116.0.tar.xz"; }; }; kpeople = { - version = "5.115.0"; + version = "5.116.0"; src = fetchurl { - url = "${mirror}/stable/frameworks/5.115/kpeople-5.115.0.tar.xz"; - sha256 = "0bvijsd14r153x2fjjk8slznwdxlxb4s3vwdfbimhp8vxln83hdq"; - name = "kpeople-5.115.0.tar.xz"; + url = "${mirror}/stable/frameworks/5.116/kpeople-5.116.0.tar.xz"; + sha256 = "1w369xwvwhqizbyd2hhpqfy3i6zfnsmwvhvk6ib5xckf44gi8zbl"; + name = "kpeople-5.116.0.tar.xz"; }; }; kplotting = { - version = "5.115.0"; + version = "5.116.0"; src = fetchurl { - url = "${mirror}/stable/frameworks/5.115/kplotting-5.115.0.tar.xz"; - sha256 = "1wz1y32y2lfhjbwz9lz721w1rdlwqb19qfg2zkj15j64m5s5qvl3"; - name = "kplotting-5.115.0.tar.xz"; + url = "${mirror}/stable/frameworks/5.116/kplotting-5.116.0.tar.xz"; + sha256 = "0yg55dvhh41xq14gwpdyxhm75ci1dmm4gac1x2jxdnfmrkr06dxw"; + name = "kplotting-5.116.0.tar.xz"; }; }; kpty = { - version = "5.115.0"; + version = "5.116.0"; src = fetchurl { - url = "${mirror}/stable/frameworks/5.115/kpty-5.115.0.tar.xz"; - sha256 = "06alh2i1j2k07rdxdm6rx1ajvd1355sz4nh1ba0a0vr6ic306k44"; - name = "kpty-5.115.0.tar.xz"; + url = "${mirror}/stable/frameworks/5.116/kpty-5.116.0.tar.xz"; + sha256 = "0c26y3c4kkkyk5vlg6vkwb90yddcxbzqcg80034wfragahi66kxd"; + name = "kpty-5.116.0.tar.xz"; }; }; kquickcharts = { - version = "5.115.0"; + version = "5.116.0"; src = fetchurl { - url = "${mirror}/stable/frameworks/5.115/kquickcharts-5.115.0.tar.xz"; - sha256 = "1fv64m86s5srcdqf37blhz3fdf7zx1z4l3xm0cc6f0xgwhfdhy5a"; - name = "kquickcharts-5.115.0.tar.xz"; + url = "${mirror}/stable/frameworks/5.116/kquickcharts-5.116.0.tar.xz"; + sha256 = "1bd20kpypji6053fwn5a1b41rjf7r1b3wk85swb0xlmm2kji236j"; + name = "kquickcharts-5.116.0.tar.xz"; }; }; kross = { - version = "5.115.0"; + version = "5.116.0"; src = fetchurl { - url = "${mirror}/stable/frameworks/5.115/portingAids/kross-5.115.0.tar.xz"; - sha256 = "0vqb4kbxlncj90n93akz4m3svhbx4p16mpzaxb9xsc8y8bl2fvz2"; - name = "kross-5.115.0.tar.xz"; + url = "${mirror}/stable/frameworks/5.116/portingAids/kross-5.116.0.tar.xz"; + sha256 = "0kxyck1996vs36jx7fd18gmgsxrqh81hfyckd8hxvvsjf61qbjcn"; + name = "kross-5.116.0.tar.xz"; }; }; krunner = { - version = "5.115.0"; + version = "5.116.0"; src = fetchurl { - url = "${mirror}/stable/frameworks/5.115/krunner-5.115.0.tar.xz"; - sha256 = "0agsqs3x218jwmn1237bh70w50l99xyxn1w75md31v6sxszkkqhm"; - name = "krunner-5.115.0.tar.xz"; + url = "${mirror}/stable/frameworks/5.116/krunner-5.116.0.tar.xz"; + sha256 = "0h889a4bj7vqhvy9hkqxd9v437zly73phyav10gv5b2l8fgb4zxq"; + name = "krunner-5.116.0.tar.xz"; }; }; kservice = { - version = "5.115.0"; + version = "5.116.0"; src = fetchurl { - url = "${mirror}/stable/frameworks/5.115/kservice-5.115.0.tar.xz"; - sha256 = "1zayvj1f95azan48l1mhs9zm8rm7f4s20gpn61qqfn5abvxq7jwv"; - name = "kservice-5.115.0.tar.xz"; + url = "${mirror}/stable/frameworks/5.116/kservice-5.116.0.tar.xz"; + sha256 = "0sd8yj9a1ja97c515g9shjqyzdz0jd7rn3r06g5659nh2z1w5dsj"; + name = "kservice-5.116.0.tar.xz"; }; }; ktexteditor = { - version = "5.115.0"; + version = "5.116.0"; src = fetchurl { - url = "${mirror}/stable/frameworks/5.115/ktexteditor-5.115.0.tar.xz"; - sha256 = "1hxnwbpwf0bsfxn0g0yd6d2n5i0rf60871n9yyzxn6i7hzbprxll"; - name = "ktexteditor-5.115.0.tar.xz"; + url = "${mirror}/stable/frameworks/5.116/ktexteditor-5.116.0.tar.xz"; + sha256 = "0rph5nwp7d02xicjxrqpbz3kjb9kqqa40pp1w81fnq8jgln3hhh5"; + name = "ktexteditor-5.116.0.tar.xz"; }; }; ktextwidgets = { - version = "5.115.0"; + version = "5.116.0"; src = fetchurl { - url = "${mirror}/stable/frameworks/5.115/ktextwidgets-5.115.0.tar.xz"; - sha256 = "13lxlc8g6hjk9vnyan12z9fjgzgj50ddf2bz6d2p18y01j68hj33"; - name = "ktextwidgets-5.115.0.tar.xz"; + url = "${mirror}/stable/frameworks/5.116/ktextwidgets-5.116.0.tar.xz"; + sha256 = "0lkm27g1dc6vmyjz7jaiqh2z1cfgvzlnk58wcs2bkny05i87x01l"; + name = "ktextwidgets-5.116.0.tar.xz"; }; }; kunitconversion = { - version = "5.115.0"; + version = "5.116.0"; src = fetchurl { - url = "${mirror}/stable/frameworks/5.115/kunitconversion-5.115.0.tar.xz"; - sha256 = "0x4fjsh4ms1qnlrsyrlhrkkl56wdmbcq6sqc2pldzxks6f5yp2cz"; - name = "kunitconversion-5.115.0.tar.xz"; + url = "${mirror}/stable/frameworks/5.116/kunitconversion-5.116.0.tar.xz"; + sha256 = "150w7b2dpgd0kl3nxygni1kvlai5n3xxc1qinkjvcmvyl8lrns7g"; + name = "kunitconversion-5.116.0.tar.xz"; }; }; kwallet = { - version = "5.115.0"; + version = "5.116.0"; src = fetchurl { - url = "${mirror}/stable/frameworks/5.115/kwallet-5.115.0.tar.xz"; - sha256 = "0gggxbhck1s7sqrhq1px22jiyikprf5rm4h30wlwjh4lr0hzrczj"; - name = "kwallet-5.115.0.tar.xz"; + url = "${mirror}/stable/frameworks/5.116/kwallet-5.116.0.tar.xz"; + sha256 = "12s4rnybadpcjmw3dvdn68vm369h1yk7yp7mv736mj1brdg8pkhy"; + name = "kwallet-5.116.0.tar.xz"; }; }; kwayland = { - version = "5.115.0"; + version = "5.116.0"; src = fetchurl { - url = "${mirror}/stable/frameworks/5.115/kwayland-5.115.0.tar.xz"; - sha256 = "0g34nihnim0a20fbsc0fxnpp4wxm8dhw5h8kdp6cm8airvci5d87"; - name = "kwayland-5.115.0.tar.xz"; + url = "${mirror}/stable/frameworks/5.116/kwayland-5.116.0.tar.xz"; + sha256 = "1n5fq0gppx6rzgzkkskd077jygzj7cindb7zwr35yvbg5l69gdc8"; + name = "kwayland-5.116.0.tar.xz"; }; }; kwidgetsaddons = { - version = "5.115.0"; + version = "5.116.0"; src = fetchurl { - url = "${mirror}/stable/frameworks/5.115/kwidgetsaddons-5.115.0.tar.xz"; - sha256 = "0mdfp15iv2mqrkwbq2b3g653y4k5gs2s2mx2xg822bnfcx2q8ng3"; - name = "kwidgetsaddons-5.115.0.tar.xz"; + url = "${mirror}/stable/frameworks/5.116/kwidgetsaddons-5.116.0.tar.xz"; + sha256 = "0rcm27wra9s7kzlk67y0f57l0rnh5vb9c2w39h6yjq37y5af1qd8"; + name = "kwidgetsaddons-5.116.0.tar.xz"; }; }; kwindowsystem = { - version = "5.115.0"; + version = "5.116.0"; src = fetchurl { - url = "${mirror}/stable/frameworks/5.115/kwindowsystem-5.115.0.tar.xz"; - sha256 = "0lsz6pxmkgvpmq76a30wg4p4bj8id6wivnsxncsfag7vnlcnp870"; - name = "kwindowsystem-5.115.0.tar.xz"; + url = "${mirror}/stable/frameworks/5.116/kwindowsystem-5.116.0.tar.xz"; + sha256 = "0d2kxcpcvpzv07ldd1kb5gjclhmn6gcn5ms0bd8f5g9gflrpdjby"; + name = "kwindowsystem-5.116.0.tar.xz"; }; }; kxmlgui = { - version = "5.115.0"; + version = "5.116.0"; src = fetchurl { - url = "${mirror}/stable/frameworks/5.115/kxmlgui-5.115.0.tar.xz"; - sha256 = "0gbqndnc1w0fjkpazg5p565izb9p5dwsgnhi6n00y8a4shi2swbb"; - name = "kxmlgui-5.115.0.tar.xz"; + url = "${mirror}/stable/frameworks/5.116/kxmlgui-5.116.0.tar.xz"; + sha256 = "0h3s3jcmn4pzcfxs4hywrgk92dd5hfx9hzyy14f03c0dafi6crb3"; + name = "kxmlgui-5.116.0.tar.xz"; }; }; kxmlrpcclient = { - version = "5.115.0"; + version = "5.116.0"; src = fetchurl { - url = "${mirror}/stable/frameworks/5.115/portingAids/kxmlrpcclient-5.115.0.tar.xz"; - sha256 = "021j52d62z2lc1hqqw8dhcn7acxmrzn1m643586m06bi2rfgsx40"; - name = "kxmlrpcclient-5.115.0.tar.xz"; + url = "${mirror}/stable/frameworks/5.116/portingAids/kxmlrpcclient-5.116.0.tar.xz"; + sha256 = "01svkfj8dgbpf673siamczyznp8gfi2b7s5z48z80s7x884wj11p"; + name = "kxmlrpcclient-5.116.0.tar.xz"; }; }; modemmanager-qt = { - version = "5.115.0"; + version = "5.116.0"; src = fetchurl { - url = "${mirror}/stable/frameworks/5.115/modemmanager-qt-5.115.0.tar.xz"; - sha256 = "14ahzp2vn7xdhk9wcxfccn80a3ca6a652g1y0whp0szy0pnpajx0"; - name = "modemmanager-qt-5.115.0.tar.xz"; + url = "${mirror}/stable/frameworks/5.116/modemmanager-qt-5.116.0.tar.xz"; + sha256 = "103g27fjp8p8fks7gixr75ll0jmvmbyv6j0gyrfpby56yd8m6186"; + name = "modemmanager-qt-5.116.0.tar.xz"; }; }; networkmanager-qt = { - version = "5.115.0"; + version = "5.116.0"; src = fetchurl { - url = "${mirror}/stable/frameworks/5.115/networkmanager-qt-5.115.0.tar.xz"; - sha256 = "0ygbvbdrxrb1nblgddkwsmvskg48y7ri816w9hbi3wxhjniag4hx"; - name = "networkmanager-qt-5.115.0.tar.xz"; + url = "${mirror}/stable/frameworks/5.116/networkmanager-qt-5.116.0.tar.xz"; + sha256 = "0s8vc3qqx76f70vql77hb3nxkn6b3hvzdm6bgcpnnxqhw6j80khb"; + name = "networkmanager-qt-5.116.0.tar.xz"; }; }; oxygen-icons = { - version = "5.115.0"; + version = "5.116.0"; src = fetchurl { - url = "${mirror}/stable/frameworks/5.115/oxygen-icons-5.115.0.tar.xz"; - sha256 = "1f54wqz2ypi9qca9rrac3d0rnzzxay1x8cl2zdar2lk4qas304qj"; - name = "oxygen-icons-5.115.0.tar.xz"; + url = "${mirror}/stable/frameworks/5.116/oxygen-icons-5.116.0.tar.xz"; + sha256 = "1dcxny00aa0fwc1zbidrfr85apsm3smxb6xrs4n0fm3vav4wm0zw"; + name = "oxygen-icons-5.116.0.tar.xz"; }; }; plasma-framework = { - version = "5.115.0"; + version = "5.116.0"; src = fetchurl { - url = "${mirror}/stable/frameworks/5.115/plasma-framework-5.115.0.tar.xz"; - sha256 = "1xqijqn7a92abp4zk1f8glbrhk4y3jpzblildxq6nix626xk0vrc"; - name = "plasma-framework-5.115.0.tar.xz"; + url = "${mirror}/stable/frameworks/5.116/plasma-framework-5.116.0.tar.xz"; + sha256 = "0kwza2n9vbzf9p9dq7j448ynlfgg65918fvxw1n209zmlm6jr4vy"; + name = "plasma-framework-5.116.0.tar.xz"; }; }; prison = { - version = "5.115.0"; + version = "5.116.0"; src = fetchurl { - url = "${mirror}/stable/frameworks/5.115/prison-5.115.0.tar.xz"; - sha256 = "1pkk8azcwadiqcmd3g61v076f928dz2037gf5kb46dibpa8gqr49"; - name = "prison-5.115.0.tar.xz"; + url = "${mirror}/stable/frameworks/5.116/prison-5.116.0.tar.xz"; + sha256 = "0wpla7daz0whiprg0cgjava1gg3yhx923lp990hq6qmyl4bkd7ys"; + name = "prison-5.116.0.tar.xz"; }; }; purpose = { - version = "5.115.0"; + version = "5.116.0"; src = fetchurl { - url = "${mirror}/stable/frameworks/5.115/purpose-5.115.0.tar.xz"; - sha256 = "03z0vq8h2244mmsj1nkjwkk71dhsisx7aw497i09y7hypggaa1ms"; - name = "purpose-5.115.0.tar.xz"; + url = "${mirror}/stable/frameworks/5.116/purpose-5.116.0.tar.xz"; + sha256 = "1g0xip1khclinx3vb835krdsj66jllgbx1fka8d9f55n68d6rmk2"; + name = "purpose-5.116.0.tar.xz"; }; }; qqc2-desktop-style = { - version = "5.115.0"; + version = "5.116.0"; src = fetchurl { - url = "${mirror}/stable/frameworks/5.115/qqc2-desktop-style-5.115.0.tar.xz"; - sha256 = "001pnzchm5h73h10p4nbv11gp71n9wnkvr2mxn96qmqw3976aisq"; - name = "qqc2-desktop-style-5.115.0.tar.xz"; + url = "${mirror}/stable/frameworks/5.116/qqc2-desktop-style-5.116.0.tar.xz"; + sha256 = "06rd7xzwxfbglz89cma2dy4czfks6ibymmhzq2s8rhs5mx8n6yyg"; + name = "qqc2-desktop-style-5.116.0.tar.xz"; }; }; solid = { - version = "5.115.0"; + version = "5.116.0"; src = fetchurl { - url = "${mirror}/stable/frameworks/5.115/solid-5.115.0.tar.xz"; - sha256 = "0yrxfzj2qgm8pc7jqgpxdkbc2p7c2zm6fg3mwdvbh9zgl3vcd8d7"; - name = "solid-5.115.0.tar.xz"; + url = "${mirror}/stable/frameworks/5.116/solid-5.116.0.tar.xz"; + sha256 = "04359x7rhhl68xcrspxywxywb900dvlkna5fb442npwiqaxdxhy6"; + name = "solid-5.116.0.tar.xz"; }; }; sonnet = { - version = "5.115.0"; + version = "5.116.0"; src = fetchurl { - url = "${mirror}/stable/frameworks/5.115/sonnet-5.115.0.tar.xz"; - sha256 = "054ra5kvmwv6f21cf3fd7x4z0sfar7hm4vi33rn6hzsh0b7q4qfy"; - name = "sonnet-5.115.0.tar.xz"; + url = "${mirror}/stable/frameworks/5.116/sonnet-5.116.0.tar.xz"; + sha256 = "0jja3wxk4h62ik5pkf0i5v9012d0qjaljyaab2a9g0j2wy070hcq"; + name = "sonnet-5.116.0.tar.xz"; }; }; syndication = { - version = "5.115.0"; + version = "5.116.0"; src = fetchurl { - url = "${mirror}/stable/frameworks/5.115/syndication-5.115.0.tar.xz"; - sha256 = "0imr1n0jc0lc0jr5r2r7yzbniq6wbmzlsf8l85d8sinb2d1wgdhv"; - name = "syndication-5.115.0.tar.xz"; + url = "${mirror}/stable/frameworks/5.116/syndication-5.116.0.tar.xz"; + sha256 = "03aw9l5n5c11iqn069r21pvs4vx0nvqpcl0rzqhr5j0asj9qbmvl"; + name = "syndication-5.116.0.tar.xz"; }; }; syntax-highlighting = { - version = "5.115.0"; + version = "5.116.0"; src = fetchurl { - url = "${mirror}/stable/frameworks/5.115/syntax-highlighting-5.115.0.tar.xz"; - sha256 = "02nyyb9x53mnzc2bxdwswz3cjsn6alf2k4hmgaw26c14mhcsf8h6"; - name = "syntax-highlighting-5.115.0.tar.xz"; + url = "${mirror}/stable/frameworks/5.116/syntax-highlighting-5.116.0.tar.xz"; + sha256 = "19zs3n6cn83rjs0bpyrn6f5r75qcflavf8rb1c2wxj8dpp7cm33g"; + name = "syntax-highlighting-5.116.0.tar.xz"; }; }; threadweaver = { - version = "5.115.0"; + version = "5.116.0"; src = fetchurl { - url = "${mirror}/stable/frameworks/5.115/threadweaver-5.115.0.tar.xz"; - sha256 = "1f2fs946scr34kvrb5qrw5mg2id25lwysd3q45wkigxmymc8dl4z"; - name = "threadweaver-5.115.0.tar.xz"; + url = "${mirror}/stable/frameworks/5.116/threadweaver-5.116.0.tar.xz"; + sha256 = "1q7ax3dhsayz35j0l9pdmarkwfyyy1dsy2crdf5xz8pr5mjxq8wp"; + name = "threadweaver-5.116.0.tar.xz"; }; }; } From fa8ec6702a3ee117c98d5519b6b054b0f75c6e9b Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Vladim=C3=ADr=20=C4=8Cun=C3=A1t?= Date: Mon, 20 May 2024 08:35:34 +0200 Subject: [PATCH 84/88] util-linux: 2.40.1 -> 2.39.4 (except 64-bit linux for now) We're running into multiple issues, so let's be conservative. In particular, this commit should fix *-darwin builds. /cc PR #309805 as this is kind-of reverting it (partially for now) --- pkgs/os-specific/linux/util-linux/default.nix | 20 ++++--------------- 1 file changed, 4 insertions(+), 16 deletions(-) diff --git a/pkgs/os-specific/linux/util-linux/default.nix b/pkgs/os-specific/linux/util-linux/default.nix index 4f957dfcc1675..41b022496273c 100644 --- a/pkgs/os-specific/linux/util-linux/default.nix +++ b/pkgs/os-specific/linux/util-linux/default.nix @@ -26,28 +26,17 @@ let in stdenv.mkDerivation rec { pname = "util-linux" + lib.optionalString (!nlsSupport && !ncursesSupport && !systemdSupport) "-minimal"; - version = "2.40.1"; + version = if avoidRebuild then "2.40.1" else "2.39.4"; src = fetchurl { url = "mirror://kernel/linux/utils/util-linux/v${lib.versions.majorMinor version}/util-linux-${version}.tar.xz"; - hash = "sha256-WeZ2qlPMtEtsOfD/4BqPonSJHJG+8UdHUvrZJGHe8k8="; + hash = if avoidRebuild + then "sha256-WeZ2qlPMtEtsOfD/4BqPonSJHJG+8UdHUvrZJGHe8k8=" + else "sha256-bE+HI9r9QcOdk+y/FlCfyIwzzVvTJ3iArlodl6AU/Q4="; }; patches = [ ./rtcwake-search-PATH-for-shutdown.patch - ] ++ lib.optionals (!avoidRebuild) [ - # Backports of patches that hopefully fix an intermittent parallel - # build failure. - (fetchpatch { - name = "pam_lastlog2:-drop-duplicate-assignment-pam_lastlog2_la_LDFLAGS.patch"; - url = "https://git.kernel.org/pub/scm/utils/util-linux/util-linux.git/patch/?id=290748729dc3edf9ea1c680c8954441a5e367a44"; - hash = "sha256-Hi+SrT8UovZyCWf6Jc7s3dc6YLyfOfgqohOEnc7aJq4="; - }) - (fetchpatch { - name = "libuuid:-drop-duplicate-assignment-liuuid_la_LDFLAGS"; - url = "https://git.kernel.org/pub/scm/utils/util-linux/util-linux.git/patch/?id=597e8b246ae31366514ead6cca240a09fe5e1528"; - hash = "sha256-QCx3MD/57x2tV1SlJ79EYyxafhaEH4UC+Dt24DA6P8I="; - }) ]; # We separate some of the utilities into their own outputs. This @@ -98,7 +87,6 @@ stdenv.mkDerivation rec { ]; nativeBuildInputs = [ pkg-config installShellFiles ] - ++ lib.optionals (!avoidRebuild) [ autoreconfHook gtk-doc ] ++ lib.optionals translateManpages [ po4a ]; buildInputs = [ zlib libxcrypt sqlite ] From 15d8d27bd66a336e2a26537448d87cfe2d025b7a Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Vladim=C3=ADr=20=C4=8Cun=C3=A1t?= Date: Mon, 20 May 2024 11:46:27 +0200 Subject: [PATCH 85/88] util-linux: also downgrade static builds already We need this now to fix nixStatic build: https://hydra.nixos.org/build/259722977 /cc PR #309805 --- pkgs/os-specific/linux/util-linux/default.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/pkgs/os-specific/linux/util-linux/default.nix b/pkgs/os-specific/linux/util-linux/default.nix index 41b022496273c..ef3614bce02ef 100644 --- a/pkgs/os-specific/linux/util-linux/default.nix +++ b/pkgs/os-specific/linux/util-linux/default.nix @@ -22,7 +22,7 @@ let # Temporarily avoid applying the patches on systems where already we have binaries # (in particular x86_64-linux and aarch64-linux) as the package is a huge rebuild there. - avoidRebuild = stdenv.isLinux && stdenv.is64bit; + avoidRebuild = with stdenv.hostPlatform; isLinux && is64bit && !isStatic; in stdenv.mkDerivation rec { pname = "util-linux" + lib.optionalString (!nlsSupport && !ncursesSupport && !systemdSupport) "-minimal"; From dffc52ce3f122be58777b8fa9ce24a77ff5b2c78 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Vladim=C3=ADr=20=C4=8Cun=C3=A1t?= Date: Tue, 21 May 2024 07:42:57 +0200 Subject: [PATCH 86/88] libmodulemd: fix build after glib update from PR #309952 --- pkgs/development/libraries/libmodulemd/default.nix | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/pkgs/development/libraries/libmodulemd/default.nix b/pkgs/development/libraries/libmodulemd/default.nix index 93e7eb9933fc8..7011f30bcf9d5 100644 --- a/pkgs/development/libraries/libmodulemd/default.nix +++ b/pkgs/development/libraries/libmodulemd/default.nix @@ -40,6 +40,11 @@ stdenv.mkDerivation rec { url = "https://github.com/fedora-modularity/libmodulemd/commit/29c339a31b1c753dcdef041e5c2e0e600e48b59d.patch"; hash = "sha256-uniHrQdbcXlJk2hq106SgV/E330LfxDc07E4FbOMLr0="; }) + # Adapt to GLib 2.80.1 documentation + (fetchpatch2 { + url = "https://github.com/fedora-modularity/libmodulemd/commit/f3336199b4e69af3305f156abc7533bed9e9a762.patch"; + hash = "sha256-Rvg+/KTKiEBXVEK7tlcTDf53HkaW462g/rg1rHPzaZA="; + }) ]; nativeBuildInputs = [ From 723dfb272774b45adbbff59431eef87c4f9b0194 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Vladim=C3=ADr=20=C4=8Cun=C3=A1t?= Date: Tue, 21 May 2024 08:11:58 +0200 Subject: [PATCH 87/88] rawtherapee: switch to patch version merged upstream --- pkgs/applications/graphics/rawtherapee/default.nix | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/pkgs/applications/graphics/rawtherapee/default.nix b/pkgs/applications/graphics/rawtherapee/default.nix index f4d340bcc8868..14c3a0dc7ef2d 100644 --- a/pkgs/applications/graphics/rawtherapee/default.nix +++ b/pkgs/applications/graphics/rawtherapee/default.nix @@ -41,8 +41,8 @@ stdenv.mkDerivation rec { # https://github.com/Beep6581/RawTherapee/issues/7074 patches = [ (fetchurl { - url = "https://github.com/termux-user-repository/tur/raw/c7b7648b5611cd1bc41a48a1ca6f3c4f71e253c5/tur/rawtherapee/0002-libjpeg-turbo-3.0.3.patch"; - hash = "sha256-IaRMrwZd4KQTGjKd1S4su6b9E+Jt7Y0cZiDAkZ8dXHw="; + url = "https://github.com/Beep6581/RawTherapee/commit/6b9f45c69c1ddfc3607d3d9c1206dcf1def30295.diff"; + hash = "sha256-3Rti9HV8N1ueUm5B9qxEZL7Lb9bBb+iy2AGKMpJ9YOM="; }) ]; From 9d5ff613e55f231a122982d033624c6c0f178f51 Mon Sep 17 00:00:00 2001 From: K900 Date: Tue, 21 May 2024 10:04:47 +0300 Subject: [PATCH 88/88] perlPackages: fix wine-staging build on i686 Something something cflags I guess? --- pkgs/top-level/perl-packages.nix | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/pkgs/top-level/perl-packages.nix b/pkgs/top-level/perl-packages.nix index acce6d00aac08..1650193caccdf 100644 --- a/pkgs/top-level/perl-packages.nix +++ b/pkgs/top-level/perl-packages.nix @@ -23770,7 +23770,7 @@ with self; { }; buildInputs = [ Test2Suite ]; propagatedBuildInputs = [ XSParseKeyword ]; - perlPreHook = lib.optionalString stdenv.isDarwin "export LD=$CC"; + perlPreHook = lib.optionalString (stdenv.isi686 || stdenv.isDarwin) "export LD=$CC"; meta = { description = "A try/catch/finally syntax for perl"; license = with lib.licenses; [ artistic1 gpl1Plus ]; @@ -28944,7 +28944,7 @@ with self; { hash = "sha256-JQDEeGnPXKjGHdI8Z7rav2a48e+14nkgdlfBzmk+IR4="; }; buildInputs = [ ExtUtilsCChecker Test2Suite ]; - perlPreHook = lib.optionalString stdenv.isDarwin "export LD=$CC"; + perlPreHook = lib.optionalString (stdenv.isi686 || stdenv.isDarwin) "export LD=$CC"; meta = { description = "XS functions to assist in parsing keyword syntax"; license = with lib.licenses; [ artistic1 gpl1Plus ];