diff options
123 files changed, 1595 insertions, 3009 deletions
diff --git a/.github/workflows/editorconfig.yml b/.github/workflows/editorconfig.yml deleted file mode 100644 index 9e8a1bd97db9..000000000000 --- a/.github/workflows/editorconfig.yml +++ /dev/null @@ -1,22 +0,0 @@ -name: actions - -on: - pull_request: - branches: - - master - -jobs: - editorconfig: - runs-on: ubuntu-latest - steps: - - uses: actions/checkout@v2 - - uses: technote-space/get-diff-action@v1.2.8 - - name: editorconfig check - env: - VERSION: "2.0.4" - OS: "linux" - ARCH: "amd64" - run: | - curl -sSf -O -L -C - https://github.com/editorconfig-checker/editorconfig-checker/releases/download/$VERSION/ec-$OS-$ARCH.tar.gz && \ - tar xzf ec-$OS-$ARCH.tar.gz && \ - ./bin/ec-$OS-$ARCH -disable-indentation ${{ env.GIT_DIFF }} diff --git a/maintainers/maintainer-list.nix b/maintainers/maintainer-list.nix index f84b8bc2ec19..3b0404f23ea8 100644 --- a/maintainers/maintainer-list.nix +++ b/maintainers/maintainer-list.nix @@ -3598,6 +3598,12 @@ githubId = 1058504; name = "José Luis Lafuente"; }; + jloyet = { + email = "ml@fatbsd.com"; + github = "fatpat"; + githubId = 822436; + name = "Jérôme Loyet"; + }; jluttine = { email = "jaakko.luttinen@iki.fi"; github = "jluttine"; @@ -5558,6 +5564,12 @@ githubId = 4368690; name = "Ratko Mladic"; }; + nilp0inter = { + email = "robertomartinezp@gmail.com"; + github = "nilp0inter"; + githubId = 1224006; + name = "Roberto Abdelkader MartÃnez Pérez"; + }; ninjatrappeur = { email = "felix@alternativebit.fr"; github = "ninjatrappeur"; @@ -6574,6 +6586,12 @@ githubId = 353885; name = "Rob Vermaas"; }; + robaca = { + email = "carsten@r0hrbach.de"; + github = "robaca"; + githubId = 580474; + name = "Carsten Rohrbach"; + }; robberer = { email = "robberer@freakmail.de"; github = "robberer"; diff --git a/nixos/doc/manual/release-notes/rl-2009.xml b/nixos/doc/manual/release-notes/rl-2009.xml index a4c2719d0445..5d2ffd262e04 100644 --- a/nixos/doc/manual/release-notes/rl-2009.xml +++ b/nixos/doc/manual/release-notes/rl-2009.xml @@ -437,6 +437,21 @@ systemd.services.nginx.serviceConfig.ReadWritePaths = [ "/var/www" ]; Default algorithm for ZRAM swap was changed to <literal>zstd</literal>. </para> </listitem> + <listitem> + <para> + The scripted networking system now uses <literal>.link</literal> files in + <literal>/etc/systemd/network</literal> to configure mac address and link MTU, + instead of the sometimes buggy <literal>network-link-*</literal> units, which + have been removed. + Bringing the interface up has been moved to the beginning of the + <literal>network-addresses-*</literal> unit. + Note this doesn't require <command>systemd-networkd</command> - it's udev that + parses <literal>.link</literal> files. + Extra care needs to be taken in the presence of <link xlink:href="https://wiki.debian.org/NetworkInterfaceNames#THE_.22PERSISTENT_NAMES.22_SCHEME">legacy udev rules</link> + to rename interfaces, as MAC Address and MTU defined in these options can only match on the original link name. + In such cases, you most likely want to create a <literal>10-*.link</literal> file through <xref linkend="opt-systemd.network.links"/> and set both name and MAC Address / MTU there. + </para> + </listitem> </itemizedlist> </section> </section> diff --git a/nixos/modules/module-list.nix b/nixos/modules/module-list.nix index 89677970dd9a..d5285cfabd78 100644 --- a/nixos/modules/module-list.nix +++ b/nixos/modules/module-list.nix @@ -415,6 +415,7 @@ ./services/misc/apache-kafka.nix ./services/misc/autofs.nix ./services/misc/autorandr.nix + ./services/misc/bazarr.nix ./services/misc/beanstalkd.nix ./services/misc/bees.nix ./services/misc/bepasty.nix @@ -847,6 +848,7 @@ ./services/web-apps/matomo.nix ./services/web-apps/moinmoin.nix ./services/web-apps/restya-board.nix + ./services/web-apps/sogo.nix ./services/web-apps/tt-rss.nix ./services/web-apps/trac.nix ./services/web-apps/trilium.nix diff --git a/nixos/modules/services/hardware/udev.nix b/nixos/modules/services/hardware/udev.nix index 168056a475e5..587b9b0234aa 100644 --- a/nixos/modules/services/hardware/udev.nix +++ b/nixos/modules/services/hardware/udev.nix @@ -83,6 +83,10 @@ let run_progs=$(grep -v '^[[:space:]]*#' $out/* | grep 'RUN+="/' | sed -e 's/.*RUN+="\([^ "]*\)[ "].*/\1/' | uniq) for i in $import_progs $run_progs; do + # if the path refers to /run/current-system/systemd, replace with config.systemd.package + if [[ $i == /run/current-system/systemd* ]]; then + i="${config.systemd.package}/''${i#/run/current-system/systemd/}" + fi if [[ ! -x $i ]]; then echo "FAIL" echo "$i is called in udev rules but is not executable or does not exist" diff --git a/nixos/modules/services/misc/bazarr.nix b/nixos/modules/services/misc/bazarr.nix new file mode 100644 index 000000000000..d3fd5b08cc84 --- /dev/null +++ b/nixos/modules/services/misc/bazarr.nix @@ -0,0 +1,76 @@ +{ config, pkgs, lib, ... }: + +with lib; + +let + cfg = config.services.bazarr; +in +{ + options = { + services.bazarr = { + enable = mkEnableOption "bazarr, a subtitle manager for Sonarr and Radarr"; + + openFirewall = mkOption { + type = types.bool; + default = false; + description = "Open ports in the firewall for the bazarr web interface."; + }; + + listenPort = mkOption { + type = types.port; + default = 6767; + description = "Port on which the bazarr web interface should listen"; + }; + + user = mkOption { + type = types.str; + default = "bazarr"; + description = "User account under which bazarr runs."; + }; + + group = mkOption { + type = types.str; + default = "bazarr"; + description = "Group under which bazarr runs."; + }; + }; + }; + + config = mkIf cfg.enable { + systemd.services.bazarr = { + description = "bazarr"; + after = [ "network.target" ]; + wantedBy = [ "multi-user.target" ]; + + serviceConfig = rec { + Type = "simple"; + User = cfg.user; + Group = cfg.group; + StateDirectory = "bazarr"; + SyslogIdentifier = "bazarr"; + ExecStart = pkgs.writeShellScript "start-bazarr" '' + ${pkgs.bazarr}/bin/bazarr \ + --config '/var/lib/${StateDirectory}' \ + --port ${toString cfg.listenPort} \ + --no-update True + ''; + Restart = "on-failure"; + }; + }; + + networking.firewall = mkIf cfg.openFirewall { + allowedTCPPorts = [ cfg.listenPort ]; + }; + + users.users = mkIf (cfg.user == "bazarr") { + bazarr = { + group = cfg.group; + home = "/var/lib/${config.systemd.services.bazarr.serviceConfig.StateDirectory}"; + }; + }; + + users.groups = mkIf (cfg.group == "bazarr") { + bazarr = {}; + }; + }; +} diff --git a/nixos/modules/services/torrent/transmission.nix b/nixos/modules/services/torrent/transmission.nix index fd28b94f7be3..e7f5aaed844e 100644 --- a/nixos/modules/services/torrent/transmission.nix +++ b/nixos/modules/services/torrent/transmission.nix @@ -11,7 +11,7 @@ let downloadDir = "${homeDir}/Downloads"; incompleteDir = "${homeDir}/.incomplete"; - settingsDir = "${homeDir}/.config/transmission-daemon"; + settingsDir = "${homeDir}/config"; settingsFile = pkgs.writeText "settings.json" (builtins.toJSON fullSettings); # for users in group "transmission" to have access to torrents @@ -20,12 +20,6 @@ let preStart = pkgs.writeScript "transmission-pre-start" '' #!${pkgs.runtimeShell} set -ex - for DIR in "${homeDir}" "${settingsDir}" "${fullSettings.download-dir}" "${fullSettings.incomplete-dir}"; do - mkdir -p "$DIR" - done - chmod 755 "${homeDir}" - chmod 700 "${settingsDir}" - chmod ${downloadDirPermissions} "${fullSettings.download-dir}" "${fullSettings.incomplete-dir}" cp -f ${settingsFile} ${settingsDir}/settings.json ''; in @@ -110,6 +104,13 @@ in }; config = mkIf cfg.enable { + systemd.tmpfiles.rules = [ + "d '${homeDir}' 0770 '${cfg.user}' '${cfg.group}' - -" + "d '${settingsDir}' 0700 '${cfg.user}' '${cfg.group}' - -" + "d '${fullSettings.download-dir}' '${downloadDirPermissions}' '${cfg.user}' '${cfg.group}' - -" + "d '${fullSettings.incomplete-dir}' '${downloadDirPermissions}' '${cfg.user}' '${cfg.group}' - -" + ]; + systemd.services.transmission = { description = "Transmission BitTorrent Service"; after = [ "network.target" ] ++ optional apparmor "apparmor.service"; diff --git a/nixos/modules/services/web-apps/sogo.nix b/nixos/modules/services/web-apps/sogo.nix new file mode 100644 index 000000000000..5f30124dd68a --- /dev/null +++ b/nixos/modules/services/web-apps/sogo.nix @@ -0,0 +1,272 @@ +{ config, pkgs, lib, ... }: with lib; let + cfg = config.services.sogo; + + preStart = pkgs.writeShellScriptBin "sogo-prestart" '' + touch /etc/sogo/sogo.conf + chown sogo:sogo /etc/sogo/sogo.conf + chmod 640 /etc/sogo/sogo.conf + + ${if (cfg.configReplaces != {}) then '' + # Insert secrets + ${concatStringsSep "\n" (mapAttrsToList (k: v: ''export ${k}="$(cat "${v}" | tr -d '\n')"'') cfg.configReplaces)} + + ${pkgs.perl}/bin/perl -p ${concatStringsSep " " (mapAttrsToList (k: v: '' -e 's/${k}/''${ENV{"${k}"}}/g;' '') cfg.configReplaces)} /etc/sogo/sogo.conf.raw > /etc/sogo/sogo.conf + '' else '' + cp /etc/sogo/sogo.conf.raw /etc/sogo/sogo.conf + ''} + ''; + +in { + options.services.sogo = with types; { + enable = mkEnableOption "SOGo groupware"; + + vhostName = mkOption { + description = "Name of the nginx vhost"; + type = str; + default = "sogo"; + }; + + timezone = mkOption { + description = "Timezone of your SOGo instance"; + type = str; + example = "America/Montreal"; + }; + + language = mkOption { + description = "Language of SOGo"; + type = str; + default = "English"; + }; + + ealarmsCredFile = mkOption { + description = "Optional path to a credentials file for email alarms"; + type = nullOr str; + default = null; + }; + + configReplaces = mkOption { + description = '' + Replacement-filepath mapping for sogo.conf. + Every key is replaced with the contents of the file specified as value. + + In the example, every occurence of LDAP_BINDPW will be replaced with the text of the + specified file. + ''; + type = attrsOf str; + default = {}; + example = { + LDAP_BINDPW = "/var/lib/secrets/sogo/ldappw"; + }; + }; + + extraConfig = mkOption { + description = "Extra sogo.conf configuration lines"; + type = lines; + default = ""; + }; + }; + + config = mkIf cfg.enable { + environment.systemPackages = [ pkgs.sogo ]; + + environment.etc."sogo/sogo.conf.raw".text = '' + { + // Mandatory parameters + SOGoTimeZone = "${cfg.timezone}"; + SOGoLanguage = "${cfg.language}"; + // Paths + WOSendMail = "/run/wrappers/bin/sendmail"; + SOGoMailSpoolPath = "/var/lib/sogo/spool"; + SOGoZipPath = "${pkgs.zip}/bin/zip"; + // Enable CSRF protection + SOGoXSRFValidationEnabled = YES; + // Remove dates from log (jornald does that) + NGLogDefaultLogEventFormatterClass = "NGLogEventFormatter"; + // Extra config + ${cfg.extraConfig} + } + ''; + + systemd.services.sogo = { + description = "SOGo groupware"; + after = [ "postgresql.service" "mysql.service" "memcached.service" "openldap.service" "dovecot2.service" ]; + wantedBy = [ "multi-user.target" ]; + restartTriggers = [ config.environment.etc."sogo/sogo.conf.raw".source ]; + + environment.LDAPTLS_CACERT = "/etc/ssl/certs/ca-certificates.crt"; + + serviceConfig = { + Type = "forking"; + ExecStartPre = "+" + preStart + "/bin/sogo-prestart"; + ExecStart = "${pkgs.sogo}/bin/sogod -WOLogFile - -WOPidFile /run/sogo/sogo.pid"; + + ProtectSystem = "strict"; + ProtectHome = true; + PrivateTmp = true; + PrivateDevices = true; + ProtectKernelTunables = true; + ProtectKernelModules = true; + ProtectControlGroups = true; + RuntimeDirectory = "sogo"; + StateDirectory = "sogo/spool"; + + User = "sogo"; + Group = "sogo"; + + CapabilityBoundingSet = ""; + NoNewPrivileges = true; + + LockPersonality = true; + RestrictRealtime = true; + PrivateMounts = true; + PrivateUsers = true; + MemoryDenyWriteExecute = true; + SystemCallFilter = "@basic-io @file-system @network-io @system-service @timer"; + SystemCallArchitectures = "native"; + RestrictAddressFamilies = "AF_UNIX AF_INET AF_INET6"; + }; + }; + + systemd.services.sogo-tmpwatch = { + description = "SOGo tmpwatch"; + + startAt = [ "hourly" ]; + script = '' + SOGOSPOOL=/var/lib/sogo/spool + + find "$SOGOSPOOL" -type f -user sogo -atime +23 -delete > /dev/null + find "$SOGOSPOOL" -mindepth 1 -type d -user sogo -empty -delete > /dev/null + ''; + + serviceConfig = { + Type = "oneshot"; + + ProtectSystem = "strict"; + ProtectHome = true; + PrivateTmp = true; + PrivateDevices = true; + ProtectKernelTunables = true; + ProtectKernelModules = true; + ProtectControlGroups = true; + StateDirectory = "sogo/spool"; + + User = "sogo"; + Group = "sogo"; + + CapabilityBoundingSet = ""; + NoNewPrivileges = true; + + LockPersonality = true; + RestrictRealtime = true; + PrivateMounts = true; + PrivateUsers = true; + PrivateNetwork = true; + SystemCallFilter = "@basic-io @file-system @system-service"; + SystemCallArchitectures = "native"; + RestrictAddressFamilies = ""; + }; + }; + + systemd.services.sogo-ealarms = { + description = "SOGo email alarms"; + + after = [ "postgresql.service" "mysqld.service" "memcached.service" "openldap.service" "dovecot2.service" "sogo.service" ]; + restartTriggers = [ config.environment.etc."sogo/sogo.conf.raw".source ]; + + startAt = [ "minutely" ]; + + serviceConfig = { + Type = "oneshot"; + ExecStart = "${pkgs.sogo}/bin/sogo-ealarms-notify${optionalString (cfg.ealarmsCredFile != null) " -p ${cfg.ealarmsCredFile}"}"; + + ProtectSystem = "strict"; + ProtectHome = true; + PrivateTmp = true; + PrivateDevices = true; + ProtectKernelTunables = true; + ProtectKernelModules = true; + ProtectControlGroups = true; + StateDirectory = "sogo/spool"; + + User = "sogo"; + Group = "sogo"; + + CapabilityBoundingSet = ""; + NoNewPrivileges = true; + + LockPersonality = true; + RestrictRealtime = true; + PrivateMounts = true; + PrivateUsers = true; + MemoryDenyWriteExecute = true; + SystemCallFilter = "@basic-io @file-system @network-io @system-service"; + SystemCallArchitectures = "native"; + RestrictAddressFamilies = "AF_UNIX AF_INET AF_INET6"; + }; + }; + + # nginx vhost + services.nginx.virtualHosts."${cfg.vhostName}" = { + locations."/".extraConfig = '' + rewrite ^ https://$server_name/SOGo; + allow all; + ''; + + # For iOS 7 + locations."/principals/".extraConfig = '' + rewrite ^ https://$server_name/SOGo/dav; + allow all; + ''; + + locations."^~/SOGo".extraConfig = '' + proxy_pass http://127.0.0.1:20000; + proxy_redirect http://127.0.0.1:20000 default; + + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_set_header Host $host; + proxy_set_header x-webobjects-server-protocol HTTP/1.0; + proxy_set_header x-webobjects-remote-host 127.0.0.1; + proxy_set_header x-webobjects-server-port $server_port; + proxy_set_header x-webobjects-server-name $server_name; + proxy_set_header x-webobjects-server-url $scheme://$host; + proxy_connect_timeout 90; + proxy_send_timeout 90; + proxy_read_timeout 90; + proxy_buffer_size 4k; + proxy_buffers 4 32k; + proxy_busy_buffers_size 64k; + proxy_temp_file_write_size 64k; + client_max_body_size 50m; + client_body_buffer_size 128k; + break; + ''; + + locations."/SOGo.woa/WebServerResources/".extraConfig = '' + alias ${pkgs.sogo}/lib/GNUstep/SOGo/WebServerResources/; + allow all; + ''; + + locations."/SOGo/WebServerResources/".extraConfig = '' + alias ${pkgs.sogo}/lib/GNUstep/SOGo/WebServerResources/; + allow all; + ''; + + locations."~ ^/SOGo/so/ControlPanel/Products/([^/]*)/Resources/(.*)$".extraConfig = '' + alias ${pkgs.sogo}/lib/GNUstep/SOGo/$1.SOGo/Resources/$2; + ''; + + locations."~ ^/SOGo/so/ControlPanel/Products/[^/]*UI/Resources/.*\\.(jpg|png|gif|css|js)$".extraConfig = '' + alias ${pkgs.sogo}/lib/GNUstep/SOGo/$1.SOGo/Resources/$2; + ''; + }; + + # User and group + users.groups.sogo = {}; + users.users.sogo = { + group = "sogo"; + isSystemUser = true; + description = "SOGo service user"; + }; + }; +} diff --git a/nixos/modules/tasks/network-interfaces-scripted.nix b/nixos/modules/tasks/network-interfaces-scripted.nix index f6fce3b1c8bb..d895c58bab03 100644 --- a/nixos/modules/tasks/network-interfaces-scripted.nix +++ b/nixos/modules/tasks/network-interfaces-scripted.nix @@ -54,7 +54,16 @@ let }; normalConfig = { - + systemd.network.links = let + createNetworkLink = i: nameValuePair "40-${i.name}" { + matchConfig.OriginalName = i.name; + linkConfig = optionalAttrs (i.macAddress != null) { + MACAddress = i.macAddress; + } // optionalAttrs (i.mtu != null) { + MTUBytes = toString i.mtu; + }; + }; + in listToAttrs (map createNetworkLink interfaces); systemd.services = let @@ -164,7 +173,6 @@ let { description = "Address configuration of ${i.name}"; wantedBy = [ "network-setup.service" - "network-link-${i.name}.service" "network.target" ]; # order before network-setup because the routes that are configured @@ -183,6 +191,8 @@ let state="/run/nixos/network/addresses/${i.name}" mkdir -p $(dirname "$state") + ip link set "${i.name}" up + ${flip concatMapStrings ips (ip: let cidr = "${ip.address}/${toString ip.prefixLength}"; @@ -237,38 +247,6 @@ let ''; }; - createNetworkLink = i: - let - deviceDependency = if (config.boot.isContainer || i.name == "lo") - then [] - else [ (subsystemDevice i.name) ]; - in - nameValuePair "network-link-${i.name}" - { description = "Link configuration of ${i.name}"; - wantedBy = [ "network-interfaces.target" ]; - before = [ "network-interfaces.target" ]; - bindsTo = deviceDependency; - after = [ "network-pre.target" ] ++ deviceDependency; - path = [ pkgs.iproute ]; - serviceConfig = { - Type = "oneshot"; - RemainAfterExit = true; - }; - script = - '' - echo "Configuring link..." - '' + optionalString (i.macAddress != null) '' - echo "setting MAC address to ${i.macAddress}..." - ip link set "${i.name}" address "${i.macAddress}" - '' + optionalString (i.mtu != null) '' - echo "setting MTU to ${toString i.mtu}..." - ip link set "${i.name}" mtu "${toString i.mtu}" - '' + '' - echo -n "bringing up interface... " - ip link set "${i.name}" up && echo "done" || (echo "failed"; exit 1) - ''; - }; - createTunDevice = i: nameValuePair "${i.name}-netdev" { description = "Virtual Network Interface ${i.name}"; bindsTo = [ "dev-net-tun.device" ]; @@ -298,7 +276,7 @@ let bindsTo = deps ++ optional v.rstp "mstpd.service"; partOf = [ "network-setup.service" ] ++ optional v.rstp "mstpd.service"; after = [ "network-pre.target" ] ++ deps ++ optional v.rstp "mstpd.service" - ++ concatMap (i: [ "network-addresses-${i}.service" "network-link-${i}.service" ]) v.interfaces; + ++ map (i: "network-addresses-${i}.service") v.interfaces; before = [ "network-setup.service" ]; serviceConfig.Type = "oneshot"; serviceConfig.RemainAfterExit = true; @@ -375,7 +353,7 @@ let createVswitchDevice = n: v: nameValuePair "${n}-netdev" (let deps = concatLists (map deviceDependency (attrNames (filterAttrs (_: config: config.type != "internal") v.interfaces))); - internalConfigs = concatMap (i: ["network-link-${i}.service" "network-addresses-${i}.service"]) (attrNames (filterAttrs (_: config: config.type == "internal") v.interfaces)); + internalConfigs = map (i: "network-addresses-${i}.service") (attrNames (filterAttrs (_: config: config.type == "internal") v.interfaces)); ofRules = pkgs.writeText "vswitch-${n}-openFlowRules" v.openFlowRules; in { description = "Open vSwitch Interface ${n}"; @@ -427,7 +405,7 @@ let bindsTo = deps; partOf = [ "network-setup.service" ]; after = [ "network-pre.target" ] ++ deps - ++ concatMap (i: [ "network-addresses-${i}.service" "network-link-${i}.service" ]) v.interfaces; + ++ map (i: "network-addresses-${i}.service") v.interfaces; before = [ "network-setup.service" ]; serviceConfig.Type = "oneshot"; serviceConfig.RemainAfterExit = true; @@ -540,7 +518,6 @@ let }); in listToAttrs ( - map createNetworkLink interfaces ++ map configureAddrs interfaces ++ map createTunDevice (filter (i: i.virtual) interfaces)) // mapAttrs' createBridgeDevice cfg.bridges diff --git a/nixos/tests/all-tests.nix b/nixos/tests/all-tests.nix index 0acded892c7a..af619ac99a32 100644 --- a/nixos/tests/all-tests.nix +++ b/nixos/tests/all-tests.nix @@ -27,6 +27,7 @@ in atd = handleTest ./atd.nix {}; avahi = handleTest ./avahi.nix {}; babeld = handleTest ./babeld.nix {}; + bazarr = handleTest ./bazarr.nix {}; bcachefs = handleTestOn ["x86_64-linux"] ./bcachefs.nix {}; # linux-4.18.2018.10.12 is unsupported on aarch64 beanstalkd = handleTest ./beanstalkd.nix {}; bees = handleTest ./bees.nix {}; @@ -292,6 +293,7 @@ in slurm = handleTest ./slurm.nix {}; smokeping = handleTest ./smokeping.nix {}; snapper = handleTest ./snapper.nix {}; + sogo = handleTest ./sogo.nix {}; solr = handleTest ./solr.nix {}; spacecookie = handleTest ./spacecookie.nix {}; spike = handleTest ./spike.nix {}; diff --git a/nixos/tests/bazarr.nix b/nixos/tests/bazarr.nix new file mode 100644 index 000000000000..b8cd8ef38b42 --- /dev/null +++ b/nixos/tests/bazarr.nix @@ -0,0 +1,26 @@ +import ./make-test-python.nix ({ lib, ... }: + +with lib; + +let + port = 42069; +in +{ + name = "bazarr"; + meta.maintainers = with maintainers; [ xwvvvvwx ]; + + nodes.machine = + { pkgs, ... }: + { + services.bazarr = { + enable = true; + listenPort = port; + }; + }; + + testScript = '' + machine.wait_for_unit("bazarr.service") + machine.wait_for_open_port("${toString port}") + machine.succeed("curl --fail http://localhost:${toString port}/") + ''; +}) diff --git a/nixos/tests/sogo.nix b/nixos/tests/sogo.nix new file mode 100644 index 000000000000..016331a9eed6 --- /dev/null +++ b/nixos/tests/sogo.nix @@ -0,0 +1,58 @@ +import ./make-test-python.nix ({ pkgs, ... }: { + name = "sogo"; + meta = with pkgs.stdenv.lib.maintainers; { + maintainers = [ ajs124 das_j ]; + }; + + nodes = { + sogo = { config, pkgs, ... }: { + services.nginx.enable = true; + + services.mysql = { + enable = true; + package = pkgs.mysql; + ensureDatabases = [ "sogo" ]; + ensureUsers = [{ + name = "sogo"; + ensurePermissions = { + "sogo.*" = "ALL PRIVILEGES"; + }; + }]; + }; + + services.sogo = { + enable = true; + timezone = "Europe/Berlin"; + extraConfig = '' + WOWorkersCount = 1; + + SOGoUserSources = ( + { + type = sql; + userPasswordAlgorithm = md5; + viewURL = "mysql://sogo@%2Frun%2Fmysqld%2Fmysqld.sock/sogo/sogo_users"; + canAuthenticate = YES; + id = users; + } + ); + + SOGoProfileURL = "mysql://sogo@%2Frun%2Fmysqld%2Fmysqld.sock/sogo/sogo_user_profile"; + OCSFolderInfoURL = "mysql://sogo@%2Frun%2Fmysqld%2Fmysqld.sock/sogo/sogo_folder_info"; + OCSSessionsFolderURL = "mysql://sogo@%2Frun%2Fmysqld%2Fmysqld.sock/sogo/sogo_sessions_folder"; + OCSEMailAlarmsFolderURL = "mysql://sogo@%2Frun%2Fmysqld%2Fmysqld.sock/sogo/sogo_alarms_folder"; + OCSStoreURL = "mysql://sogo@%2Frun%2Fmysqld%2Fmysqld.sock/sogo/sogo_store"; + OCSAclURL = "mysql://sogo@%2Frun%2Fmysqld%2Fmysqld.sock/sogo/sogo_acl"; + OCSCacheFolderURL = "mysql://sogo@%2Frun%2Fmysqld%2Fmysqld.sock/sogo/sogo_cache_folder"; + ''; + }; + }; + }; + + testScript = '' + start_all() + sogo.wait_for_unit("multi-user.target") + sogo.wait_for_open_port(20000) + sogo.wait_for_open_port(80) + sogo.succeed("curl -sSfL http://sogo/SOGo") + ''; +}) diff --git a/pkgs/applications/audio/audacity/default.nix b/pkgs/applications/audio/audacity/default.nix index 72669aa183ba..542a1f85188c 100644 --- a/pkgs/applications/audio/audacity/default.nix +++ b/pkgs/applications/audio/audacity/default.nix @@ -7,12 +7,12 @@ with stdenv.lib; stdenv.mkDerivation rec { - version = "2.4.0"; + version = "2.4.1"; pname = "audacity"; src = fetchzip { url = "https://github.com/audacity/audacity/archive/Audacity-${version}.tar.gz"; - sha256 = "1f0lbzisqaj4pr9xxsx105a9ibym2qbngalnsb7iwmcvyrpc0l6a"; + sha256 = "1xk0piv72d2xd3p7igr916fhcbrm76fhjr418k1rlqdzzg1hfljn"; }; preConfigure = /* we prefer system-wide libs */ '' diff --git a/pkgs/applications/audio/bsequencer/default.nix b/pkgs/applications/audio/bsequencer/default.nix index 674795dca20e..bb45a846b1b8 100644 --- a/pkgs/applications/audio/bsequencer/default.nix +++ b/pkgs/applications/audio/bsequencer/default.nix @@ -2,13 +2,13 @@ stdenv.mkDerivation rec { pname = "BSEQuencer"; - version = "1.4.0"; + version = "1.4.2"; src = fetchFromGitHub { owner = "sjaehn"; repo = pname; rev = "${version}"; - sha256 = "1zz1cirmx4wm4im4gjdp691f2042c8d1i8np1ns71f6kqdj9ps3k"; + sha256 = "1fz0p0ba00b7k7a8q9mxwj01jwl8xwh9a2npn00pbbdrg9zv4fdr"; }; nativeBuildInputs = [ pkgconfig ]; diff --git a/pkgs/applications/audio/goattracker/default.nix b/pkgs/applications/audio/goattracker/default.nix new file mode 100644 index 000000000000..77a04221b84b --- /dev/null +++ b/pkgs/applications/audio/goattracker/default.nix @@ -0,0 +1,69 @@ +{ stdenv +, fetchurl +, unzip +, makeDesktopItem +, imagemagick +, SDL +, isStereo ? false +}: + +with stdenv.lib; +let + pname = "goattracker" + optionalString isStereo "-stereo"; + desktopItem = makeDesktopItem { + type = "Application"; + name = pname; + desktopName = "GoatTracker 2" + optionalString isStereo " Stereo"; + genericName = "Music Tracker"; + exec = if isStereo + then "gt2stereo" + else "goattrk2"; + icon = "goattracker"; + categories = "AudioVideo;AudioVideoEditing;"; + extraEntries = "Keywords=tracker;music;"; + }; + +in stdenv.mkDerivation rec { + inherit pname; + version = if isStereo + then "2.76" # stereo + else "2.75"; # normal + + src = fetchurl { + url = "mirror://sourceforge/goattracker2/GoatTracker_${version}${optionalString isStereo "_Stereo"}.zip"; + sha256 = if isStereo + then "12cz3780x5k047jqdv69n6rjgbfiwv67z850kfl4i37lxja432l7" # stereo + else "1km97nl7qvk6qc5l5j69wncbm76hf86j47sgzgr968423g0bxxlk"; # normal + }; + sourceRoot = (if isStereo then "gt2stereo/trunk" else "goattrk2") + "/src"; + + nativeBuildInputs = [ unzip imagemagick ]; + buildInputs = [ SDL ]; + + # PREFIX gets treated as BINDIR. + makeFlags = [ "PREFIX=$(out)/bin/" ]; + + # The zip contains some build artifacts. + prePatch = "make clean"; + + # The destination does not get created automatically. + preBuild = "mkdir -p $out/bin"; + + # Other files get installed during the build phase. + installPhase = '' + convert goattrk2.bmp goattracker.png + install -Dm644 goattracker.png $out/share/icons/hicolor/32x32/apps/goattracker.png + ${desktopItem.buildCommand} + ''; + + meta = { + description = "A crossplatform music editor for creating Commodore 64 music. Uses reSID library by Dag Lem and supports alternatively HardSID & CatWeasel devices" + + optionalString isStereo " - Stereo version"; + homepage = "https://cadaver.github.io/tools.html"; + downloadPage = "https://sourceforge.net/projects/goattracker2/"; + license = licenses.gpl2Plus; + maintainers = with maintainers; [ fgaz ]; + platforms = platforms.all; + }; +} + diff --git a/pkgs/applications/audio/mopidy/iris.nix b/pkgs/applications/audio/mopidy/iris.nix index 742c63b3d83a..5cc3a957d260 100644 --- a/pkgs/applications/audio/mopidy/iris.nix +++ b/pkgs/applications/audio/mopidy/iris.nix @@ -2,11 +2,11 @@ python3Packages.buildPythonApplication rec { pname = "Mopidy-Iris"; - version = "3.47.0"; + version = "3.49.0"; src = python3Packages.fetchPypi { inherit pname version; - sha256 = "1lvq5qsnn2djwkgbadzr7rr6ik2xh8yyj0p3y3hck9pl96ms7lfv"; + sha256 = "0zddm7286iwx437gjz47m4g28s8gdcxnm2hmly9w1dzi08aa4fas"; }; propagatedBuildInputs = [ diff --git a/pkgs/applications/audio/pt2-clone/default.nix b/pkgs/applications/audio/pt2-clone/default.nix index 5284c8af6824..c50046342566 100644 --- a/pkgs/applications/audio/pt2-clone/default.nix +++ b/pkgs/applications/audio/pt2-clone/default.nix @@ -7,13 +7,13 @@ stdenv.mkDerivation rec { pname = "pt2-clone"; - version = "1.12"; + version = "1.16"; src = fetchFromGitHub { owner = "8bitbubsy"; repo = "pt2-clone"; rev = "v${version}"; - sha256 = "1y7kv889rm3nvaigcda4bglvwm799f3gp0zrivkvrg1lrlygs89f"; + sha256 = "0rbjphhyca71j22lbyx53w3n2mkdw7xflks2knfaziwdkqcfcvp2"; }; nativeBuildInputs = [ cmake ]; diff --git a/pkgs/applications/blockchains/clightning.nix b/pkgs/applications/blockchains/clightning.nix index 371bf11064de..6777e5998cef 100644 --- a/pkgs/applications/blockchains/clightning.nix +++ b/pkgs/applications/blockchains/clightning.nix @@ -4,11 +4,11 @@ with stdenv.lib; stdenv.mkDerivation rec { pname = "clightning"; - version = "0.8.2"; + version = "0.8.2.1"; src = fetchurl { url = "https://github.com/ElementsProject/lightning/releases/download/v${version}/clightning-v${version}.zip"; - sha256 = "1w5l3r3pnhnwz3x7mjgd69cw9a18fpyjwj7kmfka7cf9hdgcwp9x"; + sha256 = "02incjr59fv75q6hlrln9h4b5gq7ipd778scbz8b8dahj7x1a6i5"; }; enableParallelBuilding = true; diff --git a/pkgs/applications/editors/dit/default.nix b/pkgs/applications/editors/dit/default.nix index f973e67599c2..e89267d04c50 100644 --- a/pkgs/applications/editors/dit/default.nix +++ b/pkgs/applications/editors/dit/default.nix @@ -2,11 +2,11 @@ stdenv.mkDerivation rec { pname = "dit"; - version = "0.6"; + version = "0.7"; src = fetchurl { url = "https://hisham.hm/dit/releases/${version}/${pname}-${version}.tar.gz"; - sha256 = "0ryvm54xxkg2gcgz4r8zdxrl6j2h8mgg9nfqmdmdr31qkcj8wjsq"; + sha256 = "0cmbyzqfz2qa83cg8lpjifn34wmx34c5innw485zh4vk3c0k8wlj"; }; buildInputs = [ ncurses lua ] diff --git a/pkgs/applications/graphics/cq-editor/default.nix b/pkgs/applications/graphics/cq-editor/default.nix index a6b35b1d8ea6..a6cfd256ac58 100644 --- a/pkgs/applications/graphics/cq-editor/default.nix +++ b/pkgs/applications/graphics/cq-editor/default.nix @@ -6,13 +6,13 @@ mkDerivationWith python3Packages.buildPythonApplication rec { pname = "cq-editor"; - version = "0.1RC1"; + version = "0.1RC2"; src = fetchFromGitHub { owner = "CadQuery"; repo = "CQ-editor"; rev = version; - sha256 = "0iwcpnj15s64k16948sakvkn1lb4mqwrhmbxk3r03bczs0z33zax"; + sha256 = "0zima4pmn34s8b2axxwy6qd1f1r5ki34byq4x3rrd7n3g0hagxz5"; }; propagatedBuildInputs = with python3Packages; [ diff --git a/pkgs/applications/misc/fbmenugen/0001-Fix-paths.patch b/pkgs/applications/misc/fbmenugen/0001-Fix-paths.patch new file mode 100644 index 000000000000..b52aeafb5f36 --- /dev/null +++ b/pkgs/applications/misc/fbmenugen/0001-Fix-paths.patch @@ -0,0 +1,69 @@ +From 76c25147328d71960c70bbdd5a9396aac4a362a2 Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Jos=C3=A9=20Romildo=20Malaquias?= <malaquias@gmail.com> +Date: Wed, 20 May 2020 14:19:07 -0300 +Subject: [PATCH] Fix paths + +--- + fbmenugen | 14 ++++++-------- + 1 file changed, 6 insertions(+), 8 deletions(-) + +diff --git a/fbmenugen b/fbmenugen +index 46a18dc..0c8eb08 100755 +--- a/fbmenugen ++++ b/fbmenugen +@@ -214,9 +214,7 @@ my %CONFIG = ( + + #<<< + desktop_files_paths => [ +- '/usr/share/applications', +- '/usr/local/share/applications', +- '/usr/share/applications/kde4', ++ '/run/current-system/sw/share/applications', + "$home_dir/.local/share/applications", + ], + #>>> +@@ -232,7 +230,7 @@ my %CONFIG = ( + force_icon_size => 0, + generic_fallback => 0, + locale_support => 1, +- use_gtk3 => 0, ++ use_gtk3 => 1, + + VERSION => $version, + ); +@@ -252,7 +250,7 @@ if (not -e $config_file) { + } + + if (not -e $schema_file) { +- if (-e (my $etc_schema_file = "/etc/xdg/$pkgname/schema.pl")) { ++ if (-e (my $etc_schema_file = "@fbmenugen@/etc/xdg/$pkgname/schema.pl")) { + require File::Copy; + File::Copy::copy($etc_schema_file, $schema_file) + or warn "$0: can't copy file `$etc_schema_file' to `$schema_file': $!\n"; +@@ -570,7 +568,7 @@ EXIT + $generated_menu .= begin_category(@{$schema->{fluxbox}}) . <<"FOOTER"; + [config] (Configure) + [submenu] (System Styles) {Choose a style...} +- [stylesdir] (/usr/share/fluxbox/styles) ++ [stylesdir] (@fluxbox@/share/fluxbox/styles) + [end] + [submenu] (User Styles) {Choose a style...} + [stylesdir] (~/.fluxbox/styles) +@@ -580,12 +578,12 @@ EXIT + [exec] (Screenshot - JPG) {import screenshot.jpg && display -resize 50% screenshot.jpg} + [exec] (Screenshot - PNG) {import screenshot.png && display -resize 50% screenshot.png} + [exec] (Run) {fbrun} +- [exec] (Regen Menu) {fluxbox-generate_menu} ++ [exec] (Regen Menu) {@fluxbox@/bin/fluxbox-generate_menu} + [end] + [commanddialog] (Fluxbox Command) + [reconfig] (Reload config) + [restart] (Restart) +- [exec] (About) {(fluxbox -v; fluxbox -info | sed 1d) | xmessage -file - -center} ++ [exec] (About) {(@fluxbox@/bin/fluxbox -v; @fluxbox@/bin/fluxbox -info | @gnused@/bin/sed 1d) | @xmessage@/bin/xmessage -file - -center} + [separator] + [exit] (Exit) + [end] +-- +2.26.2 + diff --git a/pkgs/applications/misc/fbmenugen/default.nix b/pkgs/applications/misc/fbmenugen/default.nix new file mode 100644 index 000000000000..fcf8191d3b70 --- /dev/null +++ b/pkgs/applications/misc/fbmenugen/default.nix @@ -0,0 +1,75 @@ +{ stdenv +, fetchFromGitHub +, fluxbox +, gnused +, makeWrapper +, perlPackages +, substituteAll +, xorg +, wrapGAppsHook +}: + +perlPackages.buildPerlPackage rec { + pname = "fbmenugen"; + version = "2020-05-20"; + + src = fetchFromGitHub { + owner = "trizen"; + repo = pname; + rev = "ed9a680546edbb5b05086971b6a9f42a37cb485f"; + sha256 = "1fikdl08a0s8d6k1ls1pzmw2rcwkfbbczsjfx6lr12ngd2bz222h"; + }; + + patches = [ + (substituteAll { + src = ./0001-Fix-paths.patch; + xmessage = xorg.xmessage; + inherit fluxbox gnused; + }) + ]; + + outputs = [ "out" ]; + + nativeBuildInputs = [ + makeWrapper + wrapGAppsHook + ]; + + buildInputs = [ + fluxbox + gnused + perlPackages.DataDump + perlPackages.FileDesktopEntry + perlPackages.Gtk3 + perlPackages.LinuxDesktopFiles + perlPackages.perl + xorg.xmessage + ]; + + dontConfigure = true; + + dontBuild = true; + + postPatch = '' + substituteInPlace fbmenugen --subst-var-by fbmenugen $out + ''; + + installPhase = '' + runHook preInstall + install -D -t $out/bin ${pname} + install -D -t $out/etc/xdg/${pname} schema.pl + runHook postInstall + ''; + + postFixup = '' + wrapProgram "$out/bin/${pname}" --prefix PERL5LIB : "$PERL5LIB" + ''; + + meta = with stdenv.lib; { + homepage = "https://github.com/trizen/fbmenugen"; + description = "Simple menu generator for the Fluxbox Window Manager"; + license = licenses.gpl3; + platforms = platforms.linux; + maintainers = [ maintainers.romildo ]; + }; +} diff --git a/pkgs/applications/misc/fetchmail/default.nix b/pkgs/applications/misc/fetchmail/default.nix index 1b892c7f536c..c1104eb0a570 100644 --- a/pkgs/applications/misc/fetchmail/default.nix +++ b/pkgs/applications/misc/fetchmail/default.nix @@ -1,7 +1,7 @@ { stdenv, fetchurl, openssl }: let - version = "6.4.4"; + version = "6.4.5"; in stdenv.mkDerivation { pname = "fetchmail"; @@ -9,7 +9,7 @@ stdenv.mkDerivation { src = fetchurl { url = "mirror://sourceforge/fetchmail/fetchmail-${version}.tar.xz"; - sha256 = "1smbydwfjq29a2l44g6mgj0cd412fz40gbq6vq0klm7pmgd606si"; + sha256 = "073bjh8qbvww7f5gbd6pq640qspi7dc6cjndvm0h2jcl0a90c3yk"; }; buildInputs = [ openssl ]; diff --git a/pkgs/applications/misc/jekyll/basic/Gemfile.lock b/pkgs/applications/misc/jekyll/basic/Gemfile.lock index 9e244fb44b86..7bef929bea1f 100644 --- a/pkgs/applications/misc/jekyll/basic/Gemfile.lock +++ b/pkgs/applications/misc/jekyll/basic/Gemfile.lock @@ -1,7 +1,7 @@ GEM remote: https://rubygems.org/ specs: - activesupport (6.0.3) + activesupport (6.0.3.1) concurrent-ruby (~> 1.0, >= 1.0.2) i18n (>= 0.7, < 2) minitest (~> 5.1) @@ -66,7 +66,7 @@ GEM rb-inotify (~> 0.9, >= 0.9.10) mercenary (0.3.6) mini_portile2 (2.4.0) - minitest (5.14.0) + minitest (5.14.1) nokogiri (1.10.9) mini_portile2 (~> 2.4.0) pathutil (0.16.2) @@ -76,7 +76,7 @@ GEM rb-inotify (0.10.1) ffi (~> 1.0) rexml (3.2.4) - rouge (3.18.0) + rouge (3.19.0) safe_yaml (1.0.5) sassc (2.3.0) ffi (~> 1.9) diff --git a/pkgs/applications/misc/jekyll/basic/gemset.nix b/pkgs/applications/misc/jekyll/basic/gemset.nix index a02ec1f16c45..3faa3dde82c9 100644 --- a/pkgs/applications/misc/jekyll/basic/gemset.nix +++ b/pkgs/applications/misc/jekyll/basic/gemset.nix @@ -5,10 +5,10 @@ platforms = []; source = { remotes = ["https://rubygems.org"]; - sha256 = "0shh34xx9ygxb57s8mag8l22klvjfnk1c4jbjvchk16r6z0ps326"; + sha256 = "1l29n9n38c9lpy5smh26r7fy7jp2bpjqlzhxgsr79cv7xpwlrbhs"; type = "gem"; }; - version = "6.0.3"; + version = "6.0.3.1"; }; addressable = { dependencies = ["public_suffix"]; @@ -280,10 +280,10 @@ platforms = []; source = { remotes = ["https://rubygems.org"]; - sha256 = "0g73x65hmjph8dg1h3rkzfg7ys3ffxm35hj35grw75fixmq53qyz"; + sha256 = "09bz9nsznxgaf06cx3b5z71glgl0hdw469gqx3w7bqijgrb55p5g"; type = "gem"; }; - version = "5.14.0"; + version = "5.14.1"; }; nokogiri = { dependencies = ["mini_portile2"]; @@ -353,10 +353,10 @@ platforms = []; source = { remotes = ["https://rubygems.org"]; - sha256 = "1n9h0ls2a2zq0bcsw31wxci1wdxb8s3vglfadxpcs6b04vkf6nqq"; + sha256 = "102rc07d78k5bkl0s9nd1gw6wz0w0zcvg4g5sl7z9xxi4r793c35"; type = "gem"; }; - version = "3.18.0"; + version = "3.19.0"; }; safe_yaml = { groups = ["default"]; diff --git a/pkgs/applications/misc/jekyll/full/Gemfile.lock b/pkgs/applications/misc/jekyll/full/Gemfile.lock index d5588438ae67..5f956f406fdc 100644 --- a/pkgs/applications/misc/jekyll/full/Gemfile.lock +++ b/pkgs/applications/misc/jekyll/full/Gemfile.lock @@ -1,7 +1,7 @@ GEM remote: https://rubygems.org/ specs: - activesupport (6.0.3) + activesupport (6.0.3.1) concurrent-ruby (~> 1.0, >= 1.0.2) i18n (>= 0.7, < 2) minitest (~> 5.1) @@ -93,9 +93,9 @@ GEM mercenary (0.3.6) mime-types (3.3.1) mime-types-data (~> 3.2015) - mime-types-data (3.2020.0425) + mime-types-data (3.2020.0512) mini_portile2 (2.4.0) - minitest (5.14.0) + minitest (5.14.1) multipart-post (2.1.1) nokogiri (1.10.9) mini_portile2 (~> 2.4.0) @@ -110,7 +110,7 @@ GEM ffi (~> 1.0) rdoc (6.2.1) rexml (3.2.4) - rouge (3.18.0) + rouge (3.19.0) safe_yaml (1.0.5) sassc (2.3.0) ffi (~> 1.9) diff --git a/pkgs/applications/misc/jekyll/full/gemset.nix b/pkgs/applications/misc/jekyll/full/gemset.nix index 8c2b1ffaf954..04844b473105 100644 --- a/pkgs/applications/misc/jekyll/full/gemset.nix +++ b/pkgs/applications/misc/jekyll/full/gemset.nix @@ -5,10 +5,10 @@ platforms = []; source = { remotes = ["https://rubygems.org"]; - sha256 = "0shh34xx9ygxb57s8mag8l22klvjfnk1c4jbjvchk16r6z0ps326"; + sha256 = "1l29n9n38c9lpy5smh26r7fy7jp2bpjqlzhxgsr79cv7xpwlrbhs"; type = "gem"; }; - version = "6.0.3"; + version = "6.0.3.1"; }; addressable = { dependencies = ["public_suffix"]; @@ -478,10 +478,10 @@ platforms = []; source = { remotes = ["https://rubygems.org"]; - sha256 = "1zin0q26wc5p7zb7glpwary7ms60s676vcq987yv22jgm6hnlwlh"; + sha256 = "1z75svngyhsglx0y2f9rnil2j08f9ab54b3l95bpgz67zq2if753"; type = "gem"; }; - version = "3.2020.0425"; + version = "3.2020.0512"; }; mini_portile2 = { groups = ["default"]; @@ -498,10 +498,10 @@ platforms = []; source = { remotes = ["https://rubygems.org"]; - sha256 = "0g73x65hmjph8dg1h3rkzfg7ys3ffxm35hj35grw75fixmq53qyz"; + sha256 = "09bz9nsznxgaf06cx3b5z71glgl0hdw469gqx3w7bqijgrb55p5g"; type = "gem"; }; - version = "5.14.0"; + version = "5.14.1"; }; multipart-post = { groups = ["default"]; @@ -602,10 +602,10 @@ platforms = []; source = { remotes = ["https://rubygems.org"]; - sha256 = "1n9h0ls2a2zq0bcsw31wxci1wdxb8s3vglfadxpcs6b04vkf6nqq"; + sha256 = "102rc07d78k5bkl0s9nd1gw6wz0w0zcvg4g5sl7z9xxi4r793c35"; type = "gem"; }; - version = "3.18.0"; + version = "3.19.0"; }; safe_yaml = { groups = ["default"]; diff --git a/pkgs/applications/misc/syncthingtray/default.nix b/pkgs/applications/misc/syncthingtray/default.nix index 01d1891dd738..7af90535530e 100644 --- a/pkgs/applications/misc/syncthingtray/default.nix +++ b/pkgs/applications/misc/syncthingtray/default.nix @@ -39,6 +39,12 @@ mkDerivation rec { nativeBuildInputs = [ cmake qttools ]; + # No tests are available by upstream, but we test --help anyway + doInstallCheck = true; + installCheckPhase = '' + $out/bin/syncthingtray --help | grep ${version} + ''; + cmakeFlags = [ # See https://github.com/Martchus/syncthingtray/issues/42 "-DQT_PLUGIN_DIR:STRING=${placeholder "out"}/lib/qt-5" diff --git a/pkgs/applications/networking/instant-messengers/riot/riot-desktop-package.json b/pkgs/applications/networking/instant-messengers/riot/riot-desktop-package.json index cb72b09d4bf2..959b99e68f63 100644 --- a/pkgs/applications/networking/instant-messengers/riot/riot-desktop-package.json +++ b/pkgs/applications/networking/instant-messengers/riot/riot-desktop-package.json @@ -2,7 +2,7 @@ "name": "riot-desktop", "productName": "Riot", "main": "src/electron-main.js", - "version": "1.6.1", + "version": "1.6.2", "description": "A feature-rich client for Matrix.org", "author": "New Vector Ltd.", "repository": { diff --git a/pkgs/applications/networking/instant-messengers/riot/riot-desktop.nix b/pkgs/applications/networking/instant-messengers/riot/riot-desktop.nix index 03263471c79c..e5b815e7c884 100644 --- a/pkgs/applications/networking/instant-messengers/riot/riot-desktop.nix +++ b/pkgs/applications/networking/instant-messengers/riot/riot-desktop.nix @@ -8,12 +8,12 @@ let executableName = "riot-desktop"; - version = "1.6.1"; + version = "1.6.2"; src = fetchFromGitHub { owner = "vector-im"; repo = "riot-desktop"; rev = "v${version}"; - sha256 = "05mhapcgr1802c27428m8wkmw8qis1akv4m7z3m0l89wgv4kh6za"; + sha256 = "1anmch9z3na7rphxb0p9cnk55388z22iwfnfjhmjps1ii5wx4rls"; }; electron = electron_7; diff --git a/pkgs/applications/networking/instant-messengers/riot/riot-web.nix b/pkgs/applications/networking/instant-messengers/riot/riot-web.nix index fe693ed1fe92..e61237dbb699 100644 --- a/pkgs/applications/networking/instant-messengers/riot/riot-web.nix +++ b/pkgs/applications/networking/instant-messengers/riot/riot-web.nix @@ -12,11 +12,11 @@ let in stdenv.mkDerivation rec { pname = "riot-web"; - version = "1.6.1"; + version = "1.6.2"; src = fetchurl { url = "https://github.com/vector-im/riot-web/releases/download/v${version}/riot-v${version}.tar.gz"; - sha256 = "0mqb9y38vnngwz38qgdn24mspmk6zh4v1j778ppban034ga0almv"; + sha256 = "1cyjw3x9yh96cn84r95zziwxgifkmzd5kdf4l69b7mwnqcr78dp0"; }; installPhase = '' diff --git a/pkgs/applications/networking/scaleft/default.nix b/pkgs/applications/networking/scaleft/default.nix new file mode 100644 index 000000000000..991780bd8206 --- /dev/null +++ b/pkgs/applications/networking/scaleft/default.nix @@ -0,0 +1,41 @@ +{ stdenv, fetchurl, rpmextract, patchelf, bash }: + +stdenv.mkDerivation rec { + pname = "scaleft"; + version = "1.41.0"; + + src = + fetchurl { + url = "http://pkg.scaleft.com/rpm/scaleft-client-tools-${version}-1.x86_64.rpm"; + sha256 = "a9a2f60cc85167a1098f44b35efd755b8155f0b88da8572e96ace767e7933c4d"; + }; + + nativeBuildInputs = [ patchelf rpmextract ]; + + libPath = + stdenv.lib.makeLibraryPath + [ stdenv.cc stdenv.cc.cc.lib ]; + + buildCommand = '' + mkdir -p $out/bin/ + cd $out + rpmextract $src + patchelf \ + --set-interpreter $(cat $NIX_CC/nix-support/dynamic-linker) \ + usr/bin/sft + patchelf \ + --set-rpath ${libPath} \ + usr/bin/sft + ln -s $out/usr/bin/sft $out/bin/sft + chmod +x $out/bin/sft + patchShebangs $out + ''; + + meta = with stdenv.lib; { + description = "ScaleFT provides Zero Trust software which you can use to secure your internal servers and services"; + homepage = "https://www.scaleft.com"; + license = licenses.unfree; + maintainers = with maintainers; [ jloyet ]; + platforms = [ "x86_64-linux" ]; + }; +} diff --git a/pkgs/applications/radio/urh/default.nix b/pkgs/applications/radio/urh/default.nix index d75572e5e570..730b679ba61e 100644 --- a/pkgs/applications/radio/urh/default.nix +++ b/pkgs/applications/radio/urh/default.nix @@ -5,13 +5,13 @@ python3Packages.buildPythonApplication rec { pname = "urh"; - version = "2.8.7"; + version = "2.8.8"; src = fetchFromGitHub { owner = "jopohl"; repo = pname; rev = "v${version}"; - sha256 = "1grak0vzlzqvg8bqaalyamwvkyzlmj9nbczqp6jcdf6w2vnbzhph"; + sha256 = "0knymy85n9kxj364jpxjc4v9c238b00nl40rafi1ripkqx36bsfv"; }; nativeBuildInputs = [ qt5.wrapQtAppsHook ]; diff --git a/pkgs/applications/science/math/clp/default.nix b/pkgs/applications/science/math/clp/default.nix index 5e770cec13b3..97ef3dd7543f 100644 --- a/pkgs/applications/science/math/clp/default.nix +++ b/pkgs/applications/science/math/clp/default.nix @@ -1,11 +1,11 @@ { stdenv, fetchurl, zlib }: stdenv.mkDerivation rec { - version = "1.17.5"; + version = "1.17.6"; pname = "clp"; src = fetchurl { url = "https://www.coin-or.org/download/source/Clp/Clp-${version}.tgz"; - sha256 = "0y5wg4lfffy5vh8gc20v68pmmv241ndi2jgm9pgvk39b00bzkaa9"; + sha256 = "0ap1f0lxppa6pnbc4bg7ih7a96avwaki482nig8w5fr3vg9wvkzr"; }; propagatedBuildInputs = [ zlib ]; diff --git a/pkgs/applications/version-management/git-repo/default.nix b/pkgs/applications/version-management/git-repo/default.nix index 9488bb8ff78a..eb3f95a354f4 100644 --- a/pkgs/applications/version-management/git-repo/default.nix +++ b/pkgs/applications/version-management/git-repo/default.nix @@ -4,13 +4,13 @@ stdenv.mkDerivation rec { pname = "git-repo"; - version = "2.7"; + version = "2.8"; src = fetchFromGitHub { owner = "android"; repo = "tools_repo"; rev = "v${version}"; - sha256 = "19wn16m9sy8fv31zl90av5la60l5hsf5fvvfpgiy0470rkagvz6j"; + sha256 = "00sahddplisg55zpjz4v4sc7zqbh3apx36xv77g55nabwz7han8d"; }; patches = [ ./import-ssl-module.patch ]; diff --git a/pkgs/applications/version-management/gitkraken/default.nix b/pkgs/applications/version-management/gitkraken/default.nix index c5ee8f39443f..88f8df4e2547 100644 --- a/pkgs/applications/version-management/gitkraken/default.nix +++ b/pkgs/applications/version-management/gitkraken/default.nix @@ -13,11 +13,11 @@ let in stdenv.mkDerivation rec { pname = "gitkraken"; - version = "6.6.0"; + version = "7.0.0"; src = fetchzip { url = "https://release.axocdn.com/linux/GitKraken-v${version}.tar.gz"; - sha256 = "1k94dyynsnm90mp7q9h6baq6q9zi539b1qszf3mqvd5i0id9kjcw"; + sha256 = "0ws1gb7fgy72s6hxkf9g16x565m58k1cdzx9ldcdghfffimz4cqx"; }; dontBuild = true; diff --git a/pkgs/applications/video/webcamoid/default.nix b/pkgs/applications/video/webcamoid/default.nix new file mode 100644 index 000000000000..41304c21ac30 --- /dev/null +++ b/pkgs/applications/video/webcamoid/default.nix @@ -0,0 +1,40 @@ +{ stdenv, fetchFromGitHub, pkgconfig, libxcb, mkDerivation, qmake +, qtbase, qtdeclarative, qtquickcontrols, qtquickcontrols2 +, ffmpeg-full, gstreamer, gst_all_1, libpulseaudio, alsaLib, jack2 +, v4l-utils }: +mkDerivation rec { + pname = "webcamoid"; + version = "8.7.1"; + + src = fetchFromGitHub { + sha256 = "1d8g7mq0wf0ycds87xpdhr3zkljgjmb94n3ak9kkxj2fqp9242d2"; + rev = version; + repo = "webcamoid"; + owner = "webcamoid"; + }; + + buildInputs = [ + libxcb + qtbase qtdeclarative qtquickcontrols qtquickcontrols2 + ffmpeg-full + gstreamer gst_all_1.gst-plugins-base + alsaLib libpulseaudio jack2 + v4l-utils + ]; + + nativeBuildInputs = [ pkgconfig qmake ]; + + qmakeFlags = [ + "Webcamoid.pro" + "INSTALLQMLDIR=${placeholder "out"}/lib/qt/qml" + ]; + + meta = with stdenv.lib; { + description = "Webcam Capture Software"; + longDescription = "Webcamoid is a full featured and multiplatform webcam suite."; + homepage = "https://github.com/webcamoid/webcamoid/"; + license = [ licenses.gpl3Plus ]; + platforms = platforms.linux; + maintainers = with maintainers; [ robaca ]; + }; +} diff --git a/pkgs/applications/virtualization/podman/default.nix b/pkgs/applications/virtualization/podman/default.nix index eb7b65d9e2b2..3ed029e55fb4 100644 --- a/pkgs/applications/virtualization/podman/default.nix +++ b/pkgs/applications/virtualization/podman/default.nix @@ -16,13 +16,13 @@ buildGoModule rec { pname = "podman"; - version = "1.9.2"; + version = "1.9.3"; src = fetchFromGitHub { owner = "containers"; repo = "libpod"; rev = "v${version}"; - sha256 = "0jvqzn1q52z6aka98d2i3dyn2i8xld7xvmi2zfxgm9g53wdgi2g2"; + sha256 = "0gbp12xn1vliyawkw2w2bpn6b5h2cm41g3nj72vk4jyhis0igq1s"; }; vendorSha256 = null; diff --git a/pkgs/applications/virtualization/x11docker/default.nix b/pkgs/applications/virtualization/x11docker/default.nix index 7ef91e6f6094..cbaa0a579926 100644 --- a/pkgs/applications/virtualization/x11docker/default.nix +++ b/pkgs/applications/virtualization/x11docker/default.nix @@ -1,12 +1,12 @@ { stdenv, fetchFromGitHub, makeWrapper, nx-libs, xorg, getopt, gnugrep, gawk, ps, mount, iproute }: stdenv.mkDerivation rec { pname = "x11docker"; - version = "6.6.1"; + version = "6.6.2"; src = fetchFromGitHub { owner = "mviereck"; repo = "x11docker"; rev = "v${version}"; - sha256 = "0p1ypgy45ngxxjczd986pkfh4cn5bs45cwzlfv9fm2p58fkx3aar"; + sha256 = "1skdgr2hipd7yx9c7r7nr3914gm9cm1xj6h3qdsa9f92xxm3aml1"; }; nativeBuildInputs = [ makeWrapper ]; diff --git a/pkgs/applications/window-managers/dwm/dwm-status.nix b/pkgs/applications/window-managers/dwm/dwm-status.nix index 568258ee2c40..176c2a0ddff9 100644 --- a/pkgs/applications/window-managers/dwm/dwm-status.nix +++ b/pkgs/applications/window-managers/dwm/dwm-status.nix @@ -9,19 +9,19 @@ in rustPlatform.buildRustPackage rec { pname = "dwm-status"; - version = "1.6.4"; + version = "1.7.0"; src = fetchFromGitHub { owner = "Gerschtli"; repo = "dwm-status"; rev = version; - sha256 = "05dhd2gy7ysrnchdimrdd7jvzs1db9fyrk4ci7850jhrgavfd7c4"; + sha256 = "1a3dpawxgi8d2a6w5jzvzm5q13rvqd656ris8mz77gj6f8qp7ddl"; }; nativeBuildInputs = [ makeWrapper pkgconfig ]; buildInputs = [ dbus gdk-pixbuf libnotify xorg.libX11 ]; - cargoSha256 = "0zkbps8vsjcvy7x0sgb07kacszi57dlyq8j6ia6yy0jyqnvlaqa7"; + cargoSha256 = "12b6fdhj13axhwf854n071dpiycg73g4kvl7igk1qn7l3gqwsfqn"; postInstall = lib.optionalString (bins != []) '' wrapProgram $out/bin/dwm-status --prefix "PATH" : "${stdenv.lib.makeBinPath bins}" diff --git a/pkgs/desktops/gnome-3/core/evince/default.nix b/pkgs/desktops/gnome-3/core/evince/default.nix index 2852c816e4b5..88e5d78c4c34 100644 --- a/pkgs/desktops/gnome-3/core/evince/default.nix +++ b/pkgs/desktops/gnome-3/core/evince/default.nix @@ -43,13 +43,13 @@ stdenv.mkDerivation rec { pname = "evince"; - version = "3.36.0"; + version = "3.36.1"; outputs = [ "out" "dev" "devdoc" ]; src = fetchurl { url = "mirror://gnome/sources/evince/${stdenv.lib.versions.majorMinor version}/${pname}-${version}.tar.xz"; - sha256 = "1a7v534sqbg7rlrvg9x1rffdf6p9n37blp3wix6anyfl6i99n7c5"; + sha256 = "1msbb66lasikpfjpkwsvi7h22hqmk275850ilpdqwbd0b39vzf4c"; }; postPatch = '' diff --git a/pkgs/desktops/gnome-3/misc/gnome-applets/default.nix b/pkgs/desktops/gnome-3/misc/gnome-applets/default.nix index bc2afb519799..ef87571e038b 100644 --- a/pkgs/desktops/gnome-3/misc/gnome-applets/default.nix +++ b/pkgs/desktops/gnome-3/misc/gnome-applets/default.nix @@ -24,13 +24,13 @@ let pname = "gnome-applets"; - version = "3.36.2"; + version = "3.36.3"; in stdenv.mkDerivation rec { name = "${pname}-${version}"; src = fetchurl { url = "mirror://gnome/sources/${pname}/${stdenv.lib.versions.majorMinor version}/${name}.tar.xz"; - sha256 = "1hlblnajjkvlcd45lxfdxscx7j51nwyvri5jci6ylgpaxlwwm1s8"; + sha256 = "02jwh5yxka2mnzdqnr55lfijplvscy97isv7lqx1zvsi2p7hy38m"; }; nativeBuildInputs = [ diff --git a/pkgs/desktops/gnustep/libobjc2/default.nix b/pkgs/desktops/gnustep/libobjc2/default.nix index 10c10c33a956..0124e91a9b7c 100644 --- a/pkgs/desktops/gnustep/libobjc2/default.nix +++ b/pkgs/desktops/gnustep/libobjc2/default.nix @@ -2,13 +2,13 @@ stdenv.mkDerivation rec { pname = "libobjc2"; - version = "2.0"; + version = "1.9"; src = fetchFromGitHub { owner = "gnustep"; repo = "libobjc2"; rev = "v${version}"; - sha256 = "1b4h0a4pqr8j6300qr2wmi33r7ysvp705gs0ypx69hbmifln0mlf"; + sha256 = "00pscl3ly3rv6alf9vk70kxnnxq2rfgpc1ylcv6cgjs9jxdnrqmn"; }; nativeBuildInputs = [ cmake ]; diff --git a/pkgs/desktops/lxqt/libfm-qt/default.nix b/pkgs/desktops/lxqt/libfm-qt/default.nix index ba83f0e3167a..fc97906ab7d2 100644 --- a/pkgs/desktops/lxqt/libfm-qt/default.nix +++ b/pkgs/desktops/lxqt/libfm-qt/default.nix @@ -16,13 +16,13 @@ mkDerivation rec { pname = "libfm-qt"; - version = "0.15.0"; + version = "0.15.1"; src = fetchFromGitHub { owner = "lxqt"; repo = "libfm-qt"; rev = version; - sha256 = "0isshh627zr69kdmjxsy75i1nh95ky2wfhgy90g8j4zijpkdrd3l"; + sha256 = "1gjxml6c9m3xn094zbr9835sr4749dpxk4nc0ap9lg27qim63gx3"; }; nativeBuildInputs = [ diff --git a/pkgs/desktops/lxqt/lxqt-archiver/default.nix b/pkgs/desktops/lxqt/lxqt-archiver/default.nix index ae772272c4b2..93e5ffec2a0a 100644 --- a/pkgs/desktops/lxqt/lxqt-archiver/default.nix +++ b/pkgs/desktops/lxqt/lxqt-archiver/default.nix @@ -14,13 +14,13 @@ mkDerivation rec { pname = "lxqt-archiver"; - version = "0.1.1"; + version = "0.2.0"; src = fetchFromGitHub { owner = "lxqt"; repo = "lxqt-archiver"; rev = version; - sha256 = "0c0y8sy12laqyanvy6mmnpjvy1yb8k3241pbxhc3nyl5zrq3hzdh"; + sha256 = "1cip2dbvxbdlx1axz5sn4mwigwvfxb1q14byn09crv71adyfprw5"; }; nativeBuildInputs = [ diff --git a/pkgs/desktops/lxqt/pcmanfm-qt/default.nix b/pkgs/desktops/lxqt/pcmanfm-qt/default.nix index f5a5b18cfc05..7465eefc3c32 100644 --- a/pkgs/desktops/lxqt/pcmanfm-qt/default.nix +++ b/pkgs/desktops/lxqt/pcmanfm-qt/default.nix @@ -15,13 +15,13 @@ mkDerivation rec { pname = "pcmanfm-qt"; - version = "0.15.0"; + version = "0.15.1"; src = fetchFromGitHub { owner = "lxqt"; repo = pname; rev = version; - sha256 = "16zwd2jfrmsnzfpywirkrpyilq1jj99liwvg77l20b1dbql9dc0q"; + sha256 = "12rzcv5n4s299c8787islkn4xcjb9bbrj12mxcd5ii91jq39aii4"; }; nativeBuildInputs = [ diff --git a/pkgs/development/interpreters/python/pypy/default.nix b/pkgs/development/interpreters/python/pypy/default.nix index e782eb2fdeea..e5828fdd3740 100644 --- a/pkgs/development/interpreters/python/pypy/default.nix +++ b/pkgs/development/interpreters/python/pypy/default.nix @@ -53,6 +53,10 @@ in with passthru; stdenv.mkDerivation rec { hardeningDisable = optional stdenv.isi686 "pic"; + # Remove bootstrap python from closure + dontPatchShebangs = true; + disallowedReferences = [ python ]; + C_INCLUDE_PATH = makeSearchPathOutput "dev" "include" buildInputs; LIBRARY_PATH = makeLibraryPath buildInputs; LD_LIBRARY_PATH = makeLibraryPath (filter (x : x.outPath != stdenv.cc.libc.outPath or "") buildInputs); diff --git a/pkgs/development/libraries/gensio/default.nix b/pkgs/development/libraries/gensio/default.nix index 20e2f6905ce8..684bad14dda5 100644 --- a/pkgs/development/libraries/gensio/default.nix +++ b/pkgs/development/libraries/gensio/default.nix @@ -2,13 +2,13 @@ stdenv.mkDerivation rec { pname = "gensio"; - version = "1.3.3"; + version = "2.0.5"; src = fetchFromGitHub { owner = "cminyard"; repo = "${pname}"; rev = "v${version}"; - sha256 = "04yrm3kg8m77kh6z0b9yw4h43fm0d54wnyrd8lp5ddn487kawm5g"; + sha256 = "1j6c6vmnip24pxafk29y312vif1xlryymv7aaxgqp9ca3s91nlrf"; }; configureFlags = [ diff --git a/pkgs/development/libraries/goffice/default.nix b/pkgs/development/libraries/goffice/default.nix index f41fa73a6ef4..308a4db28006 100644 --- a/pkgs/development/libraries/goffice/default.nix +++ b/pkgs/development/libraries/goffice/default.nix @@ -3,13 +3,13 @@ stdenv.mkDerivation rec { pname = "goffice"; - version = "0.10.46"; + version = "0.10.47"; outputs = [ "out" "dev" "devdoc" ]; src = fetchurl { url = "mirror://gnome/sources/${pname}/${stdenv.lib.versions.majorMinor version}/${pname}-${version}.tar.xz"; - sha256 = "058d6d3a40e1f60525682ec6b857c441d5deb50d0d30a76804f9f36f865a13a9"; + sha256 = "0xmigfdzvmlpa0fw79mf3xwchmxc8rlidryn5syv8bz7msmrb215"; }; nativeBuildInputs = [ pkgconfig intltool ]; diff --git a/pkgs/development/libraries/ldb/default.nix b/pkgs/development/libraries/ldb/default.nix index 702738fdfc04..33a9974211f6 100644 --- a/pkgs/development/libraries/ldb/default.nix +++ b/pkgs/development/libraries/ldb/default.nix @@ -16,11 +16,11 @@ stdenv.mkDerivation rec { pname = "ldb"; - version = "2.1.2"; + version = "2.1.3"; src = fetchurl { url = "mirror://samba/ldb/${pname}-${version}.tar.gz"; - sha256 = "0x6yr14znp42b92i7br4wxfjri6i689dsifzz9kbyzvn558a16b4"; + sha256 = "0xkps414ndb87abla7dlv44ndnfg5r5vwgmkm3ngcq9knbv1x6w7"; }; outputs = [ "out" "dev" ]; diff --git a/pkgs/development/libraries/opendht/default.nix b/pkgs/development/libraries/opendht/default.nix index 82cfb5c3d068..a62138e8ccf4 100644 --- a/pkgs/development/libraries/opendht/default.nix +++ b/pkgs/development/libraries/opendht/default.nix @@ -5,13 +5,13 @@ stdenv.mkDerivation rec { pname = "opendht"; - version = "2.0.0"; + version = "2.1.1"; src = fetchFromGitHub { owner = "savoirfairelinux"; repo = "opendht"; rev = version; - sha256 = "1q1fwk8wwk9r6bp0indpr60ql668lsk16ykslacyhrh7kg97kvhr"; + sha256 = "10sbiwjljxi0a1q3xakmf6v02x3yf38ljvjpql70q4rqggqj9zhh"; }; nativeBuildInputs = diff --git a/pkgs/development/libraries/openldap/default.nix b/pkgs/development/libraries/openldap/default.nix index b5adc78c7ce0..a4274f064e56 100644 --- a/pkgs/development/libraries/openldap/default.nix +++ b/pkgs/development/libraries/openldap/default.nix @@ -19,7 +19,11 @@ stdenv.mkDerivation rec { # Disable install stripping as it breaks cross-compiling. # We strip binaries anyway in fixupPhase. - makeFlags= [ "STRIP=" ]; + makeFlags= [ + "STRIP=" + "prefix=$(out)" + "moduledir=$(out)/lib/modules" + ] ++ stdenv.lib.optionals stdenv.isDarwin [ "CC=cc" ]; configureFlags = [ "--enable-overlays" @@ -35,9 +39,18 @@ stdenv.mkDerivation rec { ++ stdenv.lib.optional (cyrus_sasl == null) "--without-cyrus-sasl" ++ stdenv.lib.optional stdenv.isFreeBSD "--with-pic"; + postBuild = '' + make $makeFlags -C contrib/slapd-modules/passwd/sha2 + make $makeFlags -C contrib/slapd-modules/passwd/pbkdf2 + ''; + doCheck = false; # needs a running LDAP server - installFlags = [ "sysconfdir=$(out)/etc" "localstatedir=$(out)/var" ]; + installFlags = [ + "sysconfdir=$(out)/etc" + "localstatedir=$(out)/var" + "moduledir=$(out)/lib/modules" + ]; # 1. Fixup broken libtool # 2. Libraries left in the build location confuse `patchelf --shrink-rpath` @@ -51,9 +64,12 @@ stdenv.mkDerivation rec { rm -rf $out/var rm -r libraries/*/.libs + rm -r contrib/slapd-modules/passwd/*/.libs ''; postInstall = '' + make $installFlags install -C contrib/slapd-modules/passwd/sha2 + make $installFlags install -C contrib/slapd-modules/passwd/pbkdf2 chmod +x "$out"/lib/*.{so,dylib} ''; diff --git a/pkgs/development/libraries/pcl/default.nix b/pkgs/development/libraries/pcl/default.nix index 81da7332d0f4..506c78aca8a5 100644 --- a/pkgs/development/libraries/pcl/default.nix +++ b/pkgs/development/libraries/pcl/default.nix @@ -4,13 +4,13 @@ }: stdenv.mkDerivation rec { - name = "pcl-1.10.1"; + name = "pcl-1.11.0"; src = fetchFromGitHub { owner = "PointCloudLibrary"; repo = "pcl"; rev = name; - sha256 = "1i4zfcikvdl5z1s3lh0n46fgi42s9vbki4hfmy7656hamajfai0v"; + sha256 = "0nr3j71gh1v8x6wjr7a7xyr0438sw7vf621a5kbw4lmsxbj55k8g"; }; enableParallelBuilding = true; diff --git a/pkgs/development/libraries/physics/fastjet/default.nix b/pkgs/development/libraries/physics/fastjet/default.nix index 3dfbaa96d31b..b854fa88cd67 100644 --- a/pkgs/development/libraries/physics/fastjet/default.nix +++ b/pkgs/development/libraries/physics/fastjet/default.nix @@ -2,11 +2,11 @@ stdenv.mkDerivation rec { pname = "fastjet"; - version = "3.3.3"; + version = "3.3.4"; src = fetchurl { url = "http://fastjet.fr/repo/fastjet-${version}.tar.gz"; - sha256 = "0avkgn19plq593p872hirr0yj2vgjvsi88w68ngarbp55hla1c1h"; + sha256 = "00zwvmnp2j79z95n9lgnq67q02bqfgirqla8j9y6jd8k3r052as3"; }; buildInputs = [ python2 ]; diff --git a/pkgs/development/libraries/sope/default.nix b/pkgs/development/libraries/sope/default.nix new file mode 100644 index 000000000000..9d0b3bf76b36 --- /dev/null +++ b/pkgs/development/libraries/sope/default.nix @@ -0,0 +1,46 @@ +{ gnustep, lib, fetchFromGitHub , libxml2, openssl_1_1 +, openldap, mysql, libmysqlclient, postgresql }: with lib; gnustep.stdenv.mkDerivation rec { + pname = "sope"; + version = "4.3.2"; + + src = fetchFromGitHub { + owner = "inverse-inc"; + repo = pname; + rev = "SOPE-${version}"; + sha256 = "0ny1ihx38gd25w8f3dfybyswvyjfljvb2fhfmkajgg6hhjrkfar2"; + }; + + nativeBuildInputs = [ gnustep.make ]; + buildInputs = flatten ([ gnustep.base libxml2 openssl_1_1 ] + ++ optional (openldap != null) openldap + ++ optionals (mysql != null) [ libmysqlclient mysql ] + ++ optional (postgresql != null) postgresql); + + postPatch = '' + # Exclude NIX_ variables + sed -i 's/grep GNUSTEP_/grep ^GNUSTEP_/g' configure + ''; + + preConfigure = '' + export DESTDIR="$out" + ''; + + configureFlags = [ "--prefix=" "--disable-debug" "--enable-xml" "--with-ssl=ssl" ] + ++ optional (openldap != null) "--enable-openldap" + ++ optional (mysql != null) "--enable-mysql" + ++ optional (postgresql != null) "--enable-postgresql"; + + # Yes, this is ugly. + preFixup = '' + cp -rlPa $out/nix/store/*/* $out + rm -rf $out/nix/store + ''; + + meta = { + description = "SOPE is an extensive set of frameworks which form a complete Web application server environment"; + license = licenses.publicDomain; + homepage = "https://github.com/inverse-inc/sope"; + platforms = platforms.linux; + maintainers = with maintainers; [ ajs124 das_j ]; + }; +} diff --git a/pkgs/development/mobile/cocoapods/Gemfile-beta.lock b/pkgs/development/mobile/cocoapods/Gemfile-beta.lock index 355608ca02e5..5ccf07de2f53 100644 --- a/pkgs/development/mobile/cocoapods/Gemfile-beta.lock +++ b/pkgs/development/mobile/cocoapods/Gemfile-beta.lock @@ -2,20 +2,20 @@ GEM remote: https://rubygems.org/ specs: CFPropertyList (3.0.2) - activesupport (4.2.11.1) + activesupport (4.2.11.3) i18n (~> 0.7) minitest (~> 5.1) thread_safe (~> 0.3, >= 0.3.4) tzinfo (~> 1.1) - algoliasearch (1.27.1) + algoliasearch (1.27.2) httpclient (~> 2.8, >= 2.8.3) json (>= 1.5.1) atomos (0.1.3) claide (1.0.3) - cocoapods (1.9.1) + cocoapods (1.9.2) activesupport (>= 4.0.2, < 5) claide (>= 1.0.2, < 2.0) - cocoapods-core (= 1.9.1) + cocoapods-core (= 1.9.2) cocoapods-deintegrate (>= 1.0.3, < 2.0) cocoapods-downloader (>= 1.2.2, < 2.0) cocoapods-plugins (>= 1.0.0, < 2.0) @@ -31,7 +31,7 @@ GEM nap (~> 1.0) ruby-macho (~> 1.4) xcodeproj (>= 1.14.0, < 2.0) - cocoapods-core (1.9.1) + cocoapods-core (1.9.2) activesupport (>= 4.0.2, < 6) algoliasearch (~> 1.0) concurrent-ruby (~> 1.1) @@ -45,10 +45,10 @@ GEM nap cocoapods-search (1.0.0) cocoapods-stats (1.1.0) - cocoapods-trunk (1.4.1) + cocoapods-trunk (1.5.0) nap (>= 0.8, < 2.0) netrc (~> 0.11) - cocoapods-try (1.1.0) + cocoapods-try (1.2.0) colored2 (3.1.2) concurrent-ruby (1.1.6) escape (0.0.4) @@ -62,18 +62,18 @@ GEM i18n (0.9.5) concurrent-ruby (~> 1.0) json (2.3.0) - minitest (5.14.0) + minitest (5.14.1) molinillo (0.6.6) nanaimo (0.2.6) nap (1.1.0) netrc (0.11.0) ruby-macho (1.4.0) thread_safe (0.3.6) - typhoeus (1.3.1) + typhoeus (1.4.0) ethon (>= 0.9.0) - tzinfo (1.2.6) + tzinfo (1.2.7) thread_safe (~> 0.1) - xcodeproj (1.15.0) + xcodeproj (1.16.0) CFPropertyList (>= 2.3.3, < 4.0) atomos (~> 0.1.3) claide (>= 1.0.2, < 2.0) @@ -87,4 +87,4 @@ DEPENDENCIES cocoapods (>= 1.7.0.beta.1)! BUNDLED WITH - 1.17.3 + 2.1.4 diff --git a/pkgs/development/mobile/cocoapods/Gemfile.lock b/pkgs/development/mobile/cocoapods/Gemfile.lock index b8db94ca06af..1c77634cbfb4 100644 --- a/pkgs/development/mobile/cocoapods/Gemfile.lock +++ b/pkgs/development/mobile/cocoapods/Gemfile.lock @@ -2,20 +2,20 @@ GEM remote: https://rubygems.org/ specs: CFPropertyList (3.0.2) - activesupport (4.2.11.1) + activesupport (4.2.11.3) i18n (~> 0.7) minitest (~> 5.1) thread_safe (~> 0.3, >= 0.3.4) tzinfo (~> 1.1) - algoliasearch (1.27.1) + algoliasearch (1.27.2) httpclient (~> 2.8, >= 2.8.3) json (>= 1.5.1) atomos (0.1.3) claide (1.0.3) - cocoapods (1.9.1) + cocoapods (1.9.2) activesupport (>= 4.0.2, < 5) claide (>= 1.0.2, < 2.0) - cocoapods-core (= 1.9.1) + cocoapods-core (= 1.9.2) cocoapods-deintegrate (>= 1.0.3, < 2.0) cocoapods-downloader (>= 1.2.2, < 2.0) cocoapods-plugins (>= 1.0.0, < 2.0) @@ -31,7 +31,7 @@ GEM nap (~> 1.0) ruby-macho (~> 1.4) xcodeproj (>= 1.14.0, < 2.0) - cocoapods-core (1.9.1) + cocoapods-core (1.9.2) activesupport (>= 4.0.2, < 6) algoliasearch (~> 1.0) concurrent-ruby (~> 1.1) @@ -45,10 +45,10 @@ GEM nap cocoapods-search (1.0.0) cocoapods-stats (1.1.0) - cocoapods-trunk (1.4.1) + cocoapods-trunk (1.5.0) nap (>= 0.8, < 2.0) netrc (~> 0.11) - cocoapods-try (1.1.0) + cocoapods-try (1.2.0) colored2 (3.1.2) concurrent-ruby (1.1.6) escape (0.0.4) @@ -62,18 +62,18 @@ GEM i18n (0.9.5) concurrent-ruby (~> 1.0) json (2.3.0) - minitest (5.14.0) + minitest (5.14.1) molinillo (0.6.6) nanaimo (0.2.6) nap (1.1.0) netrc (0.11.0) ruby-macho (1.4.0) thread_safe (0.3.6) - typhoeus (1.3.1) + typhoeus (1.4.0) ethon (>= 0.9.0) - tzinfo (1.2.6) + tzinfo (1.2.7) thread_safe (~> 0.1) - xcodeproj (1.15.0) + xcodeproj (1.16.0) CFPropertyList (>= 2.3.3, < 4.0) atomos (~> 0.1.3) claide (>= 1.0.2, < 2.0) diff --git a/pkgs/development/mobile/cocoapods/gemset-beta.nix b/pkgs/development/mobile/cocoapods/gemset-beta.nix index 1a5912b89e8e..521531292629 100644 --- a/pkgs/development/mobile/cocoapods/gemset-beta.nix +++ b/pkgs/development/mobile/cocoapods/gemset-beta.nix @@ -5,10 +5,10 @@ platforms = []; source = { remotes = ["https://rubygems.org"]; - sha256 = "1vbq7a805bfvyik2q3kl9s3r418f5qzvysqbz2cwy4hr7m2q4ir6"; + sha256 = "0wp36wi3r3dscmcr0q6sbz13hr5h911c24ar7zrmmcy7p32ial2i"; type = "gem"; }; - version = "4.2.11.1"; + version = "4.2.11.3"; }; algoliasearch = { dependencies = ["httpclient" "json"]; @@ -16,10 +16,10 @@ platforms = []; source = { remotes = ["https://rubygems.org"]; - sha256 = "1ayg8j3819ay2d8618jv32ca16fh8qsgjsiq9j32yd016c170nkj"; + sha256 = "1b3xk42ry6dlsqn379p884zdi4iyra67xh45rwl6vcrwmrnbq7f0"; type = "gem"; }; - version = "1.27.1"; + version = "1.27.2"; }; atomos = { groups = ["default"]; @@ -57,10 +57,10 @@ platforms = []; source = { remotes = ["https://rubygems.org"]; - sha256 = "0wxr81qy4jsbxl066nlfp8zlqk31i6fsmd7f01xmi9bv04990hrs"; + sha256 = "0zxr5din9m8zf3mynywn4qmk3af9f5anx189i4md19c1iinkbb36"; type = "gem"; }; - version = "1.9.1"; + version = "1.9.2"; }; cocoapods-core = { dependencies = ["activesupport" "algoliasearch" "concurrent-ruby" "fuzzy_match" "nap" "netrc" "typhoeus"]; @@ -68,10 +68,10 @@ platforms = []; source = { remotes = ["https://rubygems.org"]; - sha256 = "0c1679fkyp06dwsh93r0ldzly9vc74g0br4jdngwvdl4g0j4fyzc"; + sha256 = "13qhkglivmmiv0j88l4d8anw66zdy89lg1qqk4vpvavsm7s7ls6p"; type = "gem"; }; - version = "1.9.1"; + version = "1.9.2"; }; cocoapods-deintegrate = { groups = ["default"]; @@ -130,20 +130,20 @@ platforms = []; source = { remotes = ["https://rubygems.org"]; - sha256 = "0vrwsgaq3nf7v3pwksgqy0mhswrp3ipczrc96vl3ii2pcc9ilwkw"; + sha256 = "12c6028bmdwrbqcb49mr5qj1p3vcijnjqbsbzywfx1isp44j9mv5"; type = "gem"; }; - version = "1.4.1"; + version = "1.5.0"; }; cocoapods-try = { groups = ["default"]; platforms = []; source = { remotes = ["https://rubygems.org"]; - sha256 = "1gf2zjmcjhh9psq15yfy82wz5jnlihf5bcw79f8hlv4cnqyspncj"; + sha256 = "1znyp625rql37ivb5rk9fk9564cmax8icxfr041ysivpdrn98nql"; type = "gem"; }; - version = "1.1.0"; + version = "1.2.0"; }; colored2 = { groups = ["default"]; @@ -262,10 +262,10 @@ platforms = []; source = { remotes = ["https://rubygems.org"]; - sha256 = "0g73x65hmjph8dg1h3rkzfg7ys3ffxm35hj35grw75fixmq53qyz"; + sha256 = "09bz9nsznxgaf06cx3b5z71glgl0hdw469gqx3w7bqijgrb55p5g"; type = "gem"; }; - version = "5.14.0"; + version = "5.14.1"; }; molinillo = { groups = ["default"]; @@ -333,10 +333,10 @@ platforms = []; source = { remotes = ["https://rubygems.org"]; - sha256 = "0cni8b1idcp0dk8kybmxydadhfpaj3lbs99w5kjibv8bsmip2zi5"; + sha256 = "1m22yrkmbj81rzhlny81j427qdvz57yk5wbcf3km0nf3bl6qiygz"; type = "gem"; }; - version = "1.3.1"; + version = "1.4.0"; }; tzinfo = { dependencies = ["thread_safe"]; @@ -344,10 +344,10 @@ platforms = []; source = { remotes = ["https://rubygems.org"]; - sha256 = "04f18jdv6z3zn3va50rqq35nj3izjpb72fnf21ixm7vanq6nc4fp"; + sha256 = "1i3jh086w1kbdj3k5l60lc3nwbanmzdf8yjj3mlrx9b2gjjxhi9r"; type = "gem"; }; - version = "1.2.6"; + version = "1.2.7"; }; xcodeproj = { dependencies = ["CFPropertyList" "atomos" "claide" "colored2" "nanaimo"]; @@ -355,9 +355,9 @@ platforms = []; source = { remotes = ["https://rubygems.org"]; - sha256 = "1ldb1jckfzkk9c74nv500z0q936nn25fn5mywzwrh7sjwgkaxp5z"; + sha256 = "1bkk8y6lzd86w9yx72hd1nil3fkk5f0v3il9vm554gzpl6dhc2bi"; type = "gem"; }; - version = "1.15.0"; + version = "1.16.0"; }; } \ No newline at end of file diff --git a/pkgs/development/mobile/cocoapods/gemset.nix b/pkgs/development/mobile/cocoapods/gemset.nix index 4d4979d56206..9c0ed2d5fa26 100644 --- a/pkgs/development/mobile/cocoapods/gemset.nix +++ b/pkgs/development/mobile/cocoapods/gemset.nix @@ -5,10 +5,10 @@ platforms = []; source = { remotes = ["https://rubygems.org"]; - sha256 = "1vbq7a805bfvyik2q3kl9s3r418f5qzvysqbz2cwy4hr7m2q4ir6"; + sha256 = "0wp36wi3r3dscmcr0q6sbz13hr5h911c24ar7zrmmcy7p32ial2i"; type = "gem"; }; - version = "4.2.11.1"; + version = "4.2.11.3"; }; algoliasearch = { dependencies = ["httpclient" "json"]; @@ -16,10 +16,10 @@ platforms = []; source = { remotes = ["https://rubygems.org"]; - sha256 = "1ayg8j3819ay2d8618jv32ca16fh8qsgjsiq9j32yd016c170nkj"; + sha256 = "1b3xk42ry6dlsqn379p884zdi4iyra67xh45rwl6vcrwmrnbq7f0"; type = "gem"; }; - version = "1.27.1"; + version = "1.27.2"; }; atomos = { source = { @@ -55,10 +55,10 @@ platforms = []; source = { remotes = ["https://rubygems.org"]; - sha256 = "0wxr81qy4jsbxl066nlfp8zlqk31i6fsmd7f01xmi9bv04990hrs"; + sha256 = "0zxr5din9m8zf3mynywn4qmk3af9f5anx189i4md19c1iinkbb36"; type = "gem"; }; - version = "1.9.1"; + version = "1.9.2"; }; cocoapods-core = { dependencies = ["activesupport" "algoliasearch" "concurrent-ruby" "fuzzy_match" "nap" "netrc" "typhoeus"]; @@ -66,10 +66,10 @@ platforms = []; source = { remotes = ["https://rubygems.org"]; - sha256 = "0c1679fkyp06dwsh93r0ldzly9vc74g0br4jdngwvdl4g0j4fyzc"; + sha256 = "13qhkglivmmiv0j88l4d8anw66zdy89lg1qqk4vpvavsm7s7ls6p"; type = "gem"; }; - version = "1.9.1"; + version = "1.9.2"; }; cocoapods-deintegrate = { groups = ["default"]; @@ -124,18 +124,20 @@ platforms = []; source = { remotes = ["https://rubygems.org"]; - sha256 = "0vrwsgaq3nf7v3pwksgqy0mhswrp3ipczrc96vl3ii2pcc9ilwkw"; + sha256 = "12c6028bmdwrbqcb49mr5qj1p3vcijnjqbsbzywfx1isp44j9mv5"; type = "gem"; }; - version = "1.4.1"; + version = "1.5.0"; }; cocoapods-try = { + groups = ["default"]; + platforms = []; source = { remotes = ["https://rubygems.org"]; - sha256 = "1gf2zjmcjhh9psq15yfy82wz5jnlihf5bcw79f8hlv4cnqyspncj"; + sha256 = "1znyp625rql37ivb5rk9fk9564cmax8icxfr041ysivpdrn98nql"; type = "gem"; }; - version = "1.1.0"; + version = "1.2.0"; }; colored2 = { source = { @@ -244,10 +246,10 @@ platforms = []; source = { remotes = ["https://rubygems.org"]; - sha256 = "0g73x65hmjph8dg1h3rkzfg7ys3ffxm35hj35grw75fixmq53qyz"; + sha256 = "09bz9nsznxgaf06cx3b5z71glgl0hdw469gqx3w7bqijgrb55p5g"; type = "gem"; }; - version = "5.14.0"; + version = "5.14.1"; }; molinillo = { source = { @@ -305,10 +307,10 @@ platforms = []; source = { remotes = ["https://rubygems.org"]; - sha256 = "0cni8b1idcp0dk8kybmxydadhfpaj3lbs99w5kjibv8bsmip2zi5"; + sha256 = "1m22yrkmbj81rzhlny81j427qdvz57yk5wbcf3km0nf3bl6qiygz"; type = "gem"; }; - version = "1.3.1"; + version = "1.4.0"; }; tzinfo = { dependencies = ["thread_safe"]; @@ -316,10 +318,10 @@ platforms = []; source = { remotes = ["https://rubygems.org"]; - sha256 = "04f18jdv6z3zn3va50rqq35nj3izjpb72fnf21ixm7vanq6nc4fp"; + sha256 = "1i3jh086w1kbdj3k5l60lc3nwbanmzdf8yjj3mlrx9b2gjjxhi9r"; type = "gem"; }; - version = "1.2.6"; + version = "1.2.7"; }; xcodeproj = { dependencies = ["CFPropertyList" "atomos" "claide" "colored2" "nanaimo"]; @@ -327,9 +329,9 @@ platforms = []; source = { remotes = ["https://rubygems.org"]; - sha256 = "1ldb1jckfzkk9c74nv500z0q936nn25fn5mywzwrh7sjwgkaxp5z"; + sha256 = "1bkk8y6lzd86w9yx72hd1nil3fkk5f0v3il9vm554gzpl6dhc2bi"; type = "gem"; }; - version = "1.15.0"; + version = "1.16.0"; }; } \ No newline at end of file diff --git a/pkgs/development/ocaml-modules/ocaml-migrate-parsetree/default.nix b/pkgs/development/ocaml-modules/ocaml-migrate-parsetree/default.nix index f633d17252cd..bcd0a519899c 100644 --- a/pkgs/development/ocaml-modules/ocaml-migrate-parsetree/default.nix +++ b/pkgs/development/ocaml-modules/ocaml-migrate-parsetree/default.nix @@ -2,13 +2,13 @@ buildDunePackage rec { pname = "ocaml-migrate-parsetree"; - version = "1.5.0"; + version = "1.7.3"; src = fetchFromGitHub { owner = "ocaml-ppx"; repo = pname; rev = "v${version}"; - sha256 = "0ms7nx7x16nkbm9rln3sycbzg6ad8swz8jw6bjndrill8bg3fipv"; + sha256 = "0336vz0galjnsazbmkxjwdv1qvdqsx2rgrvp778xgq2fzasz45cx"; }; propagatedBuildInputs = [ ppx_derivers result ]; diff --git a/pkgs/development/ocaml-modules/ppxfind/default.nix b/pkgs/development/ocaml-modules/ppxfind/default.nix index 75d1e57765e9..1008dfe62a9a 100644 --- a/pkgs/development/ocaml-modules/ppxfind/default.nix +++ b/pkgs/development/ocaml-modules/ppxfind/default.nix @@ -2,13 +2,14 @@ buildDunePackage (rec { pname = "ppxfind"; - version = "1.3"; + version = "1.4"; src = fetchurl { url = "https://github.com/diml/ppxfind/releases/download/${version}/ppxfind-${version}.tbz"; - sha256 = "1r4jp0516378js62ss50a9s8ql2pm8lfdd3mnk214hp7s0kb17fl"; + sha256 = "0wa9vcrc26kirc2cqqs6kmarbi8gqy3dgdfiv9y7nzsgy1liqacq"; }; minimumOCamlVersion = "4.03"; + useDune2 = true; buildInputs = [ ocaml-migrate-parsetree ]; diff --git a/pkgs/development/python-modules/braintree/default.nix b/pkgs/development/python-modules/braintree/default.nix index f4d09ca5e5ed..8e8c89e7f59e 100644 --- a/pkgs/development/python-modules/braintree/default.nix +++ b/pkgs/development/python-modules/braintree/default.nix @@ -6,11 +6,11 @@ buildPythonPackage rec { pname = "braintree"; - version = "4.0.0"; + version = "4.1.0"; src = fetchPypi { inherit pname version; - sha256 = "1m8z0ig40xmgcnmf508nflyy1w4qmff4kqxarrpg7rvsfj4pjsmh"; + sha256 = "1fqh1bdkk3g222vbrmw3ab4r4mmd1k4x2jayshnqpbspszcqzcdq"; }; propagatedBuildInputs = [ requests ]; diff --git a/pkgs/development/python-modules/cadquery/default.nix b/pkgs/development/python-modules/cadquery/default.nix index 6f3632f743be..886224d16918 100644 --- a/pkgs/development/python-modules/cadquery/default.nix +++ b/pkgs/development/python-modules/cadquery/default.nix @@ -2,6 +2,7 @@ , buildPythonPackage , isPy3k , pythonOlder + , pythonAtLeast , fetchFromGitHub , pyparsing , opencascade @@ -16,9 +17,12 @@ , libGLU , libX11 , six + , pytest + , makeFontsConf + , freefont_ttf }: -let +let pythonocc-core-cadquery = stdenv.mkDerivation { pname = "pythonocc-core-cadquery"; version = "0.18.2"; @@ -31,7 +35,7 @@ let sha256 = "07zmiiw74dyj4v0ar5vqkvk30wzcpjjzbi04nsdk5mnlzslmyi6c"; }; - nativeBuildInputs = [ + nativeBuildInputs = [ cmake swig ninja @@ -63,27 +67,34 @@ let in buildPythonPackage rec { pname = "cadquery"; - version = "2.0RC0"; - + version = "2.0"; + src = fetchFromGitHub { owner = "CadQuery"; repo = pname; rev = version; - sha256 = "1xgd00rih0gjcnlrf9s6r5a7ypjkzgf2xij2b6436i76h89wmir3"; + sha256 = "1n63b6cjjrdwdfmwq0zx1xabjnhndk9mgfkm4w7z9ardcfpvg84l"; }; - + buildInputs = [ opencascade ]; - + propagatedBuildInputs = [ pyparsing pythonocc-core-cadquery ]; - - # Build errors on 2.7 and >=3.8 (officially only supports 3.6 and 3.7). - disabled = !(isPy3k && (pythonOlder "3.8")); - + + FONTCONFIG_FILE = makeFontsConf { + fontDirectories = [ freefont_ttf ]; + }; + + checkInputs = [ + pytest + ]; + + disabled = pythonOlder "3.6" || pythonAtLeast "3.8"; + meta = with lib; { description = "Parametric scripting language for creating and traversing CAD models"; homepage = "https://github.com/CadQuery/cadquery"; diff --git a/pkgs/development/python-modules/cloudflare/default.nix b/pkgs/development/python-modules/cloudflare/default.nix index 02454b74efa9..802235d674b9 100644 --- a/pkgs/development/python-modules/cloudflare/default.nix +++ b/pkgs/development/python-modules/cloudflare/default.nix @@ -9,11 +9,11 @@ buildPythonPackage rec { pname = "cloudflare"; - version = "2.6.5"; + version = "2.7.1"; src = fetchPypi { inherit pname version; - sha256 = "4463d5f2927338384169315f34c2a8ac0840075b59489f8d1d773b91caba6c39"; + sha256 = "0w8ihj9gram2d4wkbki8f6gr8hsd950b3wzfi1qqqm17lqfk8k7h"; }; propagatedBuildInputs = [ diff --git a/pkgs/development/python-modules/pysnooper/default.nix b/pkgs/development/python-modules/pysnooper/default.nix index 347daa6cec0c..61e1de20acf9 100644 --- a/pkgs/development/python-modules/pysnooper/default.nix +++ b/pkgs/development/python-modules/pysnooper/default.nix @@ -1,26 +1,24 @@ { lib , buildPythonPackage , fetchPypi -, python-toolbox , pytest , isPy27 }: buildPythonPackage rec { - version = "0.3.0"; + version = "0.4.1"; pname = "pysnooper"; src = fetchPypi { inherit version; pname = "PySnooper"; - sha256 = "14vcxrzfmfhsmdck1cb56a6lbfga15qfhlkap9mh47fgspcq8xkx"; + sha256 = "1xngly13x3ylwwcdml2ns8skpxip2myzavp3b9ff2dpqaalf0hdl"; }; # test dependency python-toolbox fails with py27 doCheck = !isPy27; checkInputs = [ - python-toolbox pytest ]; diff --git a/pkgs/development/python-modules/python-toolbox/default.nix b/pkgs/development/python-modules/python-toolbox/default.nix index 57085b04cf92..bdf09fdf2c79 100644 --- a/pkgs/development/python-modules/python-toolbox/default.nix +++ b/pkgs/development/python-modules/python-toolbox/default.nix @@ -4,10 +4,11 @@ , fetchFromGitHub , isPy27 , nose +, pytest }: buildPythonPackage rec { - version = "0.9.4"; + version = "1.0.10"; pname = "python_toolbox"; disabled = isPy27; @@ -15,12 +16,12 @@ buildPythonPackage rec { owner = "cool-RR"; repo = pname; rev = version; - sha256 = "1qy2sfqfrkgxixmd22v5lkrdykdfiymsd2s3xa7ndlvg084cgj6r"; + sha256 = "1hpls1hwisdjx1g15cq052bdn9fvh43r120llws8bvgvj9ivnaha"; }; checkInputs = [ docutils - nose + pytest ]; meta = with lib; { diff --git a/pkgs/development/tools/analysis/hopper/default.nix b/pkgs/development/tools/analysis/hopper/default.nix index d854065d601e..8a265d89849d 100644 --- a/pkgs/development/tools/analysis/hopper/default.nix +++ b/pkgs/development/tools/analysis/hopper/default.nix @@ -12,12 +12,12 @@ }: stdenv.mkDerivation rec { pname = "hopper"; - version = "4.5.25"; + version = "4.5.27"; rev = "v${lib.versions.major version}"; src = fetchurl { url = "https://d2ap6ypl1xbe4k.cloudfront.net/Hopper-${rev}-${version}-Linux.pkg.tar.xz"; - sha256 = "1xv4q41kz7a4cqkkdfgwaw2kgi81z62r9l7hmm8qmsnnlbk4xd5j"; + sha256 = "1c0lyj20kvb6ljf7zk6hzs70bl5fwnmyiv6w3hhr079bgn4fq4m0"; }; sourceRoot = "."; diff --git a/pkgs/development/tools/build-managers/bmake/default.nix b/pkgs/development/tools/build-managers/bmake/default.nix index 7550068274c5..499ef7a19b31 100644 --- a/pkgs/development/tools/build-managers/bmake/default.nix +++ b/pkgs/development/tools/build-managers/bmake/default.nix @@ -4,11 +4,11 @@ stdenv.mkDerivation rec { pname = "bmake"; - version = "20200402"; + version = "20200506"; src = fetchurl { url = "http://www.crufty.net/ftp/pub/sjg/${pname}-${version}.tar.gz"; - sha256 = "0a49pfmbqb3g1h2r2vwbcb4hdyygq1g9n5y7qab37slfml2g45fg"; + sha256 = "1qiq6lvlg2hqiq03slv4vzv3bn4cr3w95r3i6m5fa4hgn2dkrhqa"; }; nativeBuildInputs = [ getopt ]; diff --git a/pkgs/development/tools/flyway/default.nix b/pkgs/development/tools/flyway/default.nix index 2d639467910d..6018d6306745 100644 --- a/pkgs/development/tools/flyway/default.nix +++ b/pkgs/development/tools/flyway/default.nix @@ -1,13 +1,13 @@ { stdenv, fetchurl, jre_headless, makeWrapper }: let - version = "6.4.1"; + version = "6.4.2"; in stdenv.mkDerivation { pname = "flyway"; inherit version; src = fetchurl { url = "https://repo1.maven.org/maven2/org/flywaydb/flyway-commandline/${version}/flyway-commandline-${version}.tar.gz"; - sha256 = "00vm2p4xn8jnldjxcj0djpjjx2hppq0ii8367abhbswq7xfhy2d2"; + sha256 = "1m5i7mw3ml2iaqy09h8nmykn602rwkjfgh2mrmc1gss9q3klj1r8"; }; nativeBuildInputs = [ makeWrapper ]; dontBuild = true; diff --git a/pkgs/development/tools/java/cfr/default.nix b/pkgs/development/tools/java/cfr/default.nix index 09684ea9986e..ce1501fa4dd5 100644 --- a/pkgs/development/tools/java/cfr/default.nix +++ b/pkgs/development/tools/java/cfr/default.nix @@ -2,11 +2,11 @@ stdenv.mkDerivation rec { pname = "cfr"; - version = "0.149"; + version = "0.150"; src = fetchurl { url = "http://www.benf.org/other/cfr/cfr_${version}.jar"; - sha256 = "1jksjr1345wj42nfad7k6skvpg5qsm4xgjdwzb90zhn27ddkns6v"; + sha256 = "09lq21phnhr374wb8gj355jsqj8c4m5m818r3pbr8f8zpaamjxfj"; }; nativeBuildInputs = [ makeWrapper ]; diff --git a/pkgs/development/tools/misc/tockloader/default.nix b/pkgs/development/tools/misc/tockloader/default.nix new file mode 100644 index 000000000000..18c5393a6b7b --- /dev/null +++ b/pkgs/development/tools/misc/tockloader/default.nix @@ -0,0 +1,27 @@ +{ lib, python3Packages }: + +python3Packages.buildPythonApplication rec { + pname = "tockloader"; + version = "1.4.0"; + + src = python3Packages.fetchPypi { + inherit pname version; + sha256 = "0l8mvlqzyq2bfb6g5zhgv2ndgyyrmpww2l7f2snbli73g6x5j2g2"; + }; + + propagatedBuildInputs = with python3Packages; [ + argcomplete + colorama + crcmod + pytoml + pyserial + ]; + + meta = with lib; { + homepage = "https://github.com/tock/tockloader"; + license = licenses.mit; + description = "Tool for programming Tock onto hardware boards."; + maintainers = with maintainers; [ hexa ]; + }; +} + diff --git a/pkgs/development/tools/rshell/default.nix b/pkgs/development/tools/rshell/default.nix index 5087b811ac01..4e3e12a8eeb1 100644 --- a/pkgs/development/tools/rshell/default.nix +++ b/pkgs/development/tools/rshell/default.nix @@ -2,11 +2,11 @@ buildPythonApplication rec { pname = "rshell"; - version = "0.0.27"; + version = "0.0.28"; src = fetchPypi { inherit pname version; - sha256 = "15pm60jfmr5nms43nrh5jlpz4lxxfhaahznfcys6nc4g80r2fwr2"; + sha256 = "1crnlv0khplpibl9mj3flrgp877pnr1xz6hnnsi6hk3kfbc6p3nj"; }; propagatedBuildInputs = [ pyserial pyudev ]; diff --git a/pkgs/development/tools/scalafmt/default.nix b/pkgs/development/tools/scalafmt/default.nix index 89970c7dc983..0905c27d4c1c 100644 --- a/pkgs/development/tools/scalafmt/default.nix +++ b/pkgs/development/tools/scalafmt/default.nix @@ -2,7 +2,7 @@ let baseName = "scalafmt"; - version = "2.5.1"; + version = "2.5.2"; deps = stdenv.mkDerivation { name = "${baseName}-deps-${version}"; buildCommand = '' @@ -13,7 +13,7 @@ let ''; outputHashMode = "recursive"; outputHashAlgo = "sha256"; - outputHash = "113dn10y0q8d2agr0g4cnx5fzdxjcz67i9089j86nn5i76wilm5s"; + outputHash = "14sfpzhd7r8srl9qyrdfqwmgrircqsgrr5hwvg8h1vaiwakq7m00"; }; in stdenv.mkDerivation { diff --git a/pkgs/development/tools/selenium/chromedriver/default.nix b/pkgs/development/tools/selenium/chromedriver/default.nix index 29ed96b778ad..8aad3230003e 100644 --- a/pkgs/development/tools/selenium/chromedriver/default.nix +++ b/pkgs/development/tools/selenium/chromedriver/default.nix @@ -6,12 +6,12 @@ let allSpecs = { x86_64-linux = { system = "linux64"; - sha256 = "1mqsangjindfqgvjxgmpgfrcd8a2lqmwl587l0ip0p5wwz8yq5wi"; + sha256 = "149p43zaz45malmff1274r2bwjcyjwsdickivk3pd0mvnjbfid2r"; }; x86_64-darwin = { system = "mac64"; - sha256 = "18ydf2bk5aiin3yffb9z8215idz65nkhgxq0mmlvwb8gwsdvnwi1"; + sha256 = "1xpyqxpsz3r653ls67s6alv4g2vr4lxf29gyxc162ikywyrx80nr"; }; }; @@ -28,7 +28,7 @@ let in stdenv.mkDerivation rec { pname = "chromedriver"; - version = "81.0.4044.69"; + version = "83.0.4103.39"; src = fetchurl { url = "https://chromedriver.storage.googleapis.com/${version}/chromedriver_${spec.system}.zip"; diff --git a/pkgs/games/dwarf-fortress/lazy-pack.nix b/pkgs/games/dwarf-fortress/lazy-pack.nix index e5cfe6da1718..03aa5d54304f 100644 --- a/pkgs/games/dwarf-fortress/lazy-pack.nix +++ b/pkgs/games/dwarf-fortress/lazy-pack.nix @@ -16,6 +16,7 @@ , enableTruetype ? true , enableFPS ? false , enableTextMode ? false +, enableSound ? true }: with lib; @@ -32,7 +33,7 @@ buildEnv { paths = [ (dwarf-fortress.override { inherit enableDFHack enableTWBT enableSoundSense enableStoneSense theme - enableIntro enableTruetype enableFPS enableTextMode; + enableIntro enableTruetype enableFPS enableTextMode enableSound; })] ++ lib.optional enableDwarfTherapist dwarf-therapist ++ lib.optional enableLegendsBrowser legends-browser; diff --git a/pkgs/games/dwarf-fortress/wrapper/default.nix b/pkgs/games/dwarf-fortress/wrapper/default.nix index 31b21c5a4351..79b63e3ce9ee 100644 --- a/pkgs/games/dwarf-fortress/wrapper/default.nix +++ b/pkgs/games/dwarf-fortress/wrapper/default.nix @@ -12,6 +12,7 @@ , enableTruetype ? true , enableFPS ? false , enableTextMode ? false +, enableSound ? true }: let @@ -67,7 +68,8 @@ let substituteInPlace $out/data/init/init.txt \ --replace '[INTRO:YES]' '[INTRO:${unBool enableIntro}]' \ --replace '[TRUETYPE:YES]' '[TRUETYPE:${unBool enableTruetype}]' \ - --replace '[FPS:NO]' '[FPS:${unBool enableFPS}]' + --replace '[FPS:NO]' '[FPS:${unBool enableFPS}]' \ + --replace '[SOUND:YES]' '[SOUND:${unBool enableSound}]' '')); env = buildEnv { diff --git a/pkgs/games/linux-steam-integration/default.nix b/pkgs/games/linux-steam-integration/default.nix deleted file mode 100644 index 2a814f30a5f3..000000000000 --- a/pkgs/games/linux-steam-integration/default.nix +++ /dev/null @@ -1,81 +0,0 @@ -{ stdenv, fetchFromGitHub, meson, ninja, pkgconfig, git, gtk, gettext, - gcc_multi, libressl, gnome3, steam }: - -let - version = "0.7.3"; - -in stdenv.mkDerivation { - pname = "linux-steam-integration"; - inherit version; - - src = fetchFromGitHub { - owner = "clearlinux"; - repo = "linux-steam-integration"; - rev = "v${version}"; - sha256 = "0brv3swx8h170ycxksb31sf5jvj85csfpx7gjlf6yrfz7jw2j6vp"; - fetchSubmodules = true; - }; - - nativeBuildInputs = [ meson ninja pkgconfig git gettext gcc_multi ]; - buildInputs = [ gtk libressl ]; - - # Patch lib paths (AUDIT_PATH and REDIRECT_PATH) in shim.c - # Patch path to lsi-steam in lsi-steam.desktop - # Patch path to zenity in lsi.c - postPatch = '' - substituteInPlace src/shim/shim.c --replace "/usr/" $out - substituteInPlace data/lsi-steam.desktop --replace "/usr/" $out - substituteInPlace src/lsi/lsi.c --replace zenity ${gnome3.zenity}/bin/zenity - substituteInPlace data/lsi-settings.desktop.in \ - --replace "Name=Linux Steam Integration" "Name=Linux Steam Integration Settings" - ''; - - configurePhase = '' - # Configure 64bit things - meson build \ - -Dwith-shim=co-exist \ - -Dwith-frontend=true \ - -Dwith-steam-binary=${steam}/bin/steam \ - -Dwith-new-libcxx-abi=true \ - -Dwith-libressl-mode=native \ - --prefix / \ - --libexecdir lib \ - --libdir lib \ - --bindir bin - - # Configure 32bit things - CC="gcc -m32" CXX="g++ -m32" meson build32 \ - -Dwith-shim=none \ - -Dwith-libressl-mode=native \ - --prefix / \ - --libexecdir lib32 \ - --libdir lib32 - ''; - - buildPhase = '' - # Build 64bit things - ninja -C build - - # Build 32bit things - ninja -C build32 - ''; - - installPhase = '' - DESTDIR="$out" ninja -C build install - DESTDIR="$out" ninja -C build32 install - ''; - - meta = with stdenv.lib; { - description = "Steam wrapper to improve compability and performance"; - longDescription = '' - Linux Steam Integration is a helper system to make the Steam Client and - Steam games run better on Linux. In a nutshell, LSI automatically applies - various workarounds to get games working, and fixes long standing bugs in - both games and the client - ''; - homepage = "https://github.com/clearlinux/linux-steam-integration"; - license = licenses.lgpl21; - maintainers = [ maintainers.etu ]; - platforms = [ "x86_64-linux" ]; - }; -} diff --git a/pkgs/games/nottetris2/default.nix b/pkgs/games/nottetris2/default.nix new file mode 100644 index 000000000000..dde35e4fe320 --- /dev/null +++ b/pkgs/games/nottetris2/default.nix @@ -0,0 +1,51 @@ +{ stdenv, fetchFromGitHub, zip, love_0_7, makeWrapper, makeDesktopItem }: + +let + pname = "nottetris2"; + version = "2.0"; + + desktopItem = makeDesktopItem { + name = "nottetris2"; + exec = pname; + comment = "It's like tetris, but it's not"; + desktopName = "nottetris2"; + genericName = "nottetris2"; + categories = "Game"; + }; + +in + +stdenv.mkDerivation { + inherit pname version; + + src = fetchFromGitHub { + owner = "Stabyourself"; + repo = pname; + rev = "v${version}"; + sha256 = "17iabh6rr8jim70n96rbhif4xq02g2kppscm8l339yqx6mhb64hs"; + }; + + nativeBuildInputs = [ zip ]; + buildInputs = [ love_0_7 makeWrapper ]; + + phases = [ "unpackPhase" "installPhase" ]; + + installPhase = + '' + mkdir -p $out/bin $out/share/games/lovegames $out/share/applications + zip -9 -r ${pname}.love ./* + mv ${pname}.love $out/share/games/lovegames/${pname}.love + makeWrapper ${love_0_7}/bin/love $out/bin/${pname} --add-flags $out/share/games/lovegames/${pname}.love + ln -s ${desktopItem}/share/applications/* $out/share/applications/ + chmod +x $out/bin/${pname} + ''; + + meta = with stdenv.lib; { + description = "It's like Tetris, but it's not"; + platforms = platforms.linux; + license = licenses.wtfpl; + maintainers = with maintainers; [ yorickvp ]; + downloadPage = "https://stabyourself.net/nottetris2/"; + }; + +} diff --git a/pkgs/os-specific/linux/kernel/hardened/patches.json b/pkgs/os-specific/linux/kernel/hardened/patches.json index 19517fd9ea30..dd3d08a50e81 100644 --- a/pkgs/os-specific/linux/kernel/hardened/patches.json +++ b/pkgs/os-specific/linux/kernel/hardened/patches.json @@ -1,18 +1,18 @@ { "4.14": { - "name": "linux-hardened-4.14.180.a.patch", - "sha256": "0rpk5lq947i4v48d6jv75rgwpncayr4agc3f2iich3hlkh5p72p3", - "url": "https://github.com/anthraxx/linux-hardened/releases/download/4.14.180.a/linux-hardened-4.14.180.a.patch" + "name": "linux-hardened-4.14.181.a.patch", + "sha256": "1rssvfhz10h7sqfi0ari1rsmm4h60v6bfj8fvb0yx6sxsvg7phd7", + "url": "https://github.com/anthraxx/linux-hardened/releases/download/4.14.181.a/linux-hardened-4.14.181.a.patch" }, "4.19": { - "name": "linux-hardened-4.19.123.a.patch", - "sha256": "12z4f0nph23110dpk0c8av9bjr8q9qhmyzzj2chrscfwybmld76h", - "url": "https://github.com/anthraxx/linux-hardened/releases/download/4.19.123.a/linux-hardened-4.19.123.a.patch" + "name": "linux-hardened-4.19.124.a.patch", + "sha256": "0g4kp112iarkyjw6qfdkc7j10d60jak7rlw2c1m537mb1a3zz7qm", + "url": "https://github.com/anthraxx/linux-hardened/releases/download/4.19.124.a/linux-hardened-4.19.124.a.patch" }, "5.4": { - "name": "linux-hardened-5.4.41.a.patch", - "sha256": "0rbp0radqcs2bqapp9k0hvafxn3wlzkc50wnw1145w76mkvpc91y", - "url": "https://github.com/anthraxx/linux-hardened/releases/download/5.4.41.a/linux-hardened-5.4.41.a.patch" + "name": "linux-hardened-5.4.42.a.patch", + "sha256": "1i066nk101banphs9gbcbvmyrhcvf83xf449rs6vxanb0yhwvqvn", + "url": "https://github.com/anthraxx/linux-hardened/releases/download/5.4.42.a/linux-hardened-5.4.42.a.patch" }, "5.5": { "name": "linux-hardened-5.5.19.a.patch", @@ -20,8 +20,8 @@ "url": "https://github.com/anthraxx/linux-hardened/releases/download/5.5.19.a/linux-hardened-5.5.19.a.patch" }, "5.6": { - "name": "linux-hardened-5.6.13.a.patch", - "sha256": "1z1f15h0wpajkiaqagnx8r25vmabkpc69rzn2h0p3k6z72l6iri5", - "url": "https://github.com/anthraxx/linux-hardened/releases/download/5.6.13.a/linux-hardened-5.6.13.a.patch" + "name": "linux-hardened-5.6.14.a.patch", + "sha256": "1hnlhlssa2gwmww6j17768gn2fbw2f3v8c0cs423lg14r7plkv44", + "url": "https://github.com/anthraxx/linux-hardened/releases/download/5.6.14.a/linux-hardened-5.6.14.a.patch" } } diff --git a/pkgs/os-specific/linux/kernel/linux-5.5.nix b/pkgs/os-specific/linux/kernel/linux-5.5.nix deleted file mode 100644 index 96a349d985c9..000000000000 --- a/pkgs/os-specific/linux/kernel/linux-5.5.nix +++ /dev/null @@ -1,18 +0,0 @@ -{ stdenv, buildPackages, fetchurl, perl, buildLinux, modDirVersionArg ? null, ... } @ args: - -with stdenv.lib; - -buildLinux (args // rec { - version = "5.5.19"; - - # modDirVersion needs to be x.y.z, will automatically add .0 if needed - modDirVersion = if (modDirVersionArg == null) then concatStringsSep "." (take 3 (splitVersion "${version}.0")) else modDirVersionArg; - - # branchVersion needs to be x.y - extraMeta.branch = versions.majorMinor version; - - src = fetchurl { - url = "mirror://kernel/linux/kernel/v5.x/linux-${version}.tar.xz"; - sha256 = "1sqiw9d25sqqzdh04dd722i7ff6kchj869jp4l8zalpvf51k6j0l"; - }; -} // (args.argsOverride or {})) diff --git a/pkgs/servers/atlassian/confluence.nix b/pkgs/servers/atlassian/confluence.nix index d8410c87b766..81f8422bb04e 100644 --- a/pkgs/servers/atlassian/confluence.nix +++ b/pkgs/servers/atlassian/confluence.nix @@ -8,11 +8,11 @@ assert withMysql -> (mysql_jdbc != null); stdenvNoCC.mkDerivation rec { pname = "atlassian-confluence"; - version = "7.3.4"; + version = "7.4.0"; src = fetchurl { url = "https://product-downloads.atlassian.com/software/confluence/downloads/${pname}-${version}.tar.gz"; - sha256 = "13d0vnsvyl8cjdxnp2w284814bnqgbksl8mq7lkjms1x083mhnzi"; + sha256 = "1spykb8f24dlzrcyj01nv1ra278j0b6bxbnvrcnp6yr2s69cjwd0"; }; buildPhase = '' diff --git a/pkgs/servers/bazarr/default.nix b/pkgs/servers/bazarr/default.nix new file mode 100644 index 000000000000..075b5e584477 --- /dev/null +++ b/pkgs/servers/bazarr/default.nix @@ -0,0 +1,35 @@ +{ stdenv, lib, fetchurl, makeWrapper, python3, nixosTests }: + +stdenv.mkDerivation rec { + pname = "bazarr"; + version = "0.8.4.4"; + + src = fetchurl { + url = "https://github.com/morpheus65535/bazarr/archive/v${version}.tar.gz"; + sha256 = "09qpy5fyyidi45968qg37cighfh3rgwsi8pfz4fk5fp2v1xq23yg"; + }; + + nativeBuildInputs = [ makeWrapper ]; + + installPhase = '' + mkdir -p $out/src + cp -r * $out/src + + mkdir -p $out/bin + makeWrapper "${(python3.withPackages (ps: [ps.lxml])).interpreter}" \ + $out/bin/bazarr \ + --add-flags "$out/src/bazarr.py" \ + ''; + + passthru.tests = { + smoke-test = nixosTests.bazarr; + }; + + meta = with lib; { + description = "Subtitle manager for Sonarr and Radarr"; + homepage = "https://www.bazarr.media/"; + license = licenses.gpl3; + maintainers = with maintainers; [ xwvvvvwx ]; + platforms = platforms.all; + }; +} diff --git a/pkgs/servers/documize-community/default.nix b/pkgs/servers/documize-community/default.nix index 4c09d7f1eeb4..9a6580353fc2 100644 --- a/pkgs/servers/documize-community/default.nix +++ b/pkgs/servers/documize-community/default.nix @@ -2,15 +2,13 @@ buildGoModule rec { pname = "documize-community"; - version = "3.7.0"; - - patches = [ ./vendor.patch ]; + version = "3.8.0"; src = fetchFromGitHub { owner = "documize"; repo = "community"; rev = "v${version}"; - sha256 = "1pcldf9lqvpb2h2a3kr3mahj2v1jasjwrszj6czjmkyml7x2sz7c"; + sha256 = "0jrqab0c2nnw8632g1f6zll3dycn7xyk01ycmn969i5qxx70am50"; }; vendorSha256 = null; diff --git a/pkgs/servers/documize-community/vendor.patch b/pkgs/servers/documize-community/vendor.patch deleted file mode 100644 index 82146981f321..000000000000 --- a/pkgs/servers/documize-community/vendor.patch +++ /dev/null @@ -1,2392 +0,0 @@ -diff --git a/vendor/github.com/microcosm-cc/bluemonday/.coveralls.yml b/vendor/github.com/microcosm-cc/bluemonday/.coveralls.yml -new file mode 100644 -index 00000000..e0c87602 ---- /dev/null -+++ b/vendor/github.com/microcosm-cc/bluemonday/.coveralls.yml -@@ -0,0 +1 @@ -+repo_token: x2wlA1x0X8CK45ybWpZRCVRB4g7vtkhaw -diff --git a/vendor/github.com/microcosm-cc/bluemonday/.travis.yml b/vendor/github.com/microcosm-cc/bluemonday/.travis.yml -new file mode 100644 -index 00000000..4f666461 ---- /dev/null -+++ b/vendor/github.com/microcosm-cc/bluemonday/.travis.yml -@@ -0,0 +1,22 @@ -+language: go -+go: -+ - 1.1.x -+ - 1.2.x -+ - 1.3.x -+ - 1.4.x -+ - 1.5.x -+ - 1.6.x -+ - 1.7.x -+ - 1.8.x -+ - 1.9.x -+ - 1.10.x -+ - 1.11.x -+ - tip -+matrix: -+ allow_failures: -+ - go: tip -+ fast_finish: true -+install: -+ - go get . -+script: -+ - go test -v ./... -diff --git a/vendor/github.com/microcosm-cc/bluemonday/CONTRIBUTING.md b/vendor/github.com/microcosm-cc/bluemonday/CONTRIBUTING.md -new file mode 100644 -index 00000000..d2b12302 ---- /dev/null -+++ b/vendor/github.com/microcosm-cc/bluemonday/CONTRIBUTING.md -@@ -0,0 +1,51 @@ -+# Contributing to bluemonday -+ -+Third-party patches are essential for keeping bluemonday secure and offering the features developers want. However there are a few guidelines that we need contributors to follow so that we can maintain the quality of work that developers who use bluemonday expect. -+ -+## Getting Started -+ -+* Make sure you have a [Github account](https://github.com/signup/free) -+ -+## Guidelines -+ -+1. Do not vendor dependencies. As a security package, were we to vendor dependencies the projects that then vendor bluemonday may not receive the latest security updates to the dependencies. By not vendoring dependencies the project that implements bluemonday will vendor the latest version of any dependent packages. Vendoring is a project problem, not a package problem. bluemonday will be tested against the latest version of dependencies periodically and during any PR/merge. -+ -+## Submitting an Issue -+ -+* Submit a ticket for your issue, assuming one does not already exist -+* Clearly describe the issue including the steps to reproduce (with sample input and output) if it is a bug -+ -+If you are reporting a security flaw, you may expect that we will provide the code to fix it for you. Otherwise you may want to submit a pull request to ensure the resolution is applied sooner rather than later: -+ -+* Fork the repository on Github -+* Issue a pull request containing code to resolve the issue -+ -+## Submitting a Pull Request -+ -+* Submit a ticket for your issue, assuming one does not already exist -+* Describe the reason for the pull request and if applicable show some example inputs and outputs to demonstrate what the patch does -+* Fork the repository on Github -+* Before submitting the pull request you should -+ 1. Include tests for your patch, 1 test should encapsulate the entire patch and should refer to the Github issue -+ 1. If you have added new exposed/public functionality, you should ensure it is documented appropriately -+ 1. If you have added new exposed/public functionality, you should consider demonstrating how to use it within one of the helpers or shipped policies if appropriate or within a test if modifying a helper or policy is not appropriate -+ 1. Run all of the tests `go test -v ./...` or `make test` and ensure all tests pass -+ 1. Run gofmt `gofmt -w ./$*` or `make fmt` -+ 1. Run vet `go tool vet *.go` or `make vet` and resolve any issues -+ 1. Install golint using `go get -u github.com/golang/lint/golint` and run vet `golint *.go` or `make lint` and resolve every warning -+* When submitting the pull request you should -+ 1. Note the issue(s) it resolves, i.e. `Closes #6` in the pull request comment to close issue #6 when the pull request is accepted -+ -+Once you have submitted a pull request, we *may* merge it without changes. If we have any comments or feedback, or need you to make changes to your pull request we will update the Github pull request or the associated issue. We expect responses from you within two weeks, and we may close the pull request is there is no activity. -+ -+### Contributor Licence Agreement -+ -+We haven't gone for the formal "Sign a Contributor Licence Agreement" thing that projects like [puppet](https://cla.puppetlabs.com/), [Mojito](https://developer.yahoo.com/cocktails/mojito/cla/) and companies like [Google](http://code.google.com/legal/individual-cla-v1.0.html) are using. -+ -+But we do need to know that we can accept and merge your contributions, so for now the act of contributing a pull request should be considered equivalent to agreeing to a contributor licence agreement, specifically: -+ -+You accept that the act of submitting code to the bluemonday project is to grant a copyright licence to the project that is perpetual, worldwide, non-exclusive, no-charge, royalty free and irrevocable. -+ -+You accept that all who comply with the licence of the project (BSD 3-clause) are permitted to use your contributions to the project. -+ -+You accept, and by submitting code do declare, that you have the legal right to grant such a licence to the project and that each of the contributions is your own original creation. -diff --git a/vendor/github.com/microcosm-cc/bluemonday/CREDITS.md b/vendor/github.com/microcosm-cc/bluemonday/CREDITS.md -new file mode 100644 -index 00000000..b98873f3 ---- /dev/null -+++ b/vendor/github.com/microcosm-cc/bluemonday/CREDITS.md -@@ -0,0 +1,6 @@ -+1. Andrew Krasichkov @buglloc https://github.com/buglloc -+1. John Graham-Cumming http://jgc.org/ -+1. Mike Samuel mikesamuel@gmail.com -+1. Dmitri Shuralyov shurcooL@gmail.com -+1. https://github.com/opennota -+1. https://github.com/Gufran -\ No newline at end of file -diff --git a/vendor/github.com/microcosm-cc/bluemonday/LICENSE.md b/vendor/github.com/microcosm-cc/bluemonday/LICENSE.md -new file mode 100644 -index 00000000..f822458e ---- /dev/null -+++ b/vendor/github.com/microcosm-cc/bluemonday/LICENSE.md -@@ -0,0 +1,28 @@ -+Copyright (c) 2014, David Kitchen <david@buro9.com> -+ -+All rights reserved. -+ -+Redistribution and use in source and binary forms, with or without -+modification, are permitted provided that the following conditions are met: -+ -+* Redistributions of source code must retain the above copyright notice, this -+ list of conditions and the following disclaimer. -+ -+* Redistributions in binary form must reproduce the above copyright notice, -+ this list of conditions and the following disclaimer in the documentation -+ and/or other materials provided with the distribution. -+ -+* Neither the name of the organisation (Microcosm) nor the names of its -+ contributors may be used to endorse or promote products derived from -+ this software without specific prior written permission. -+ -+THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" -+AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE -+IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE -+DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE -+FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL -+DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR -+SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER -+CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, -+OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE -+OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. -diff --git a/vendor/github.com/microcosm-cc/bluemonday/Makefile b/vendor/github.com/microcosm-cc/bluemonday/Makefile -new file mode 100644 -index 00000000..b15dc74f ---- /dev/null -+++ b/vendor/github.com/microcosm-cc/bluemonday/Makefile -@@ -0,0 +1,42 @@ -+# Targets: -+# -+# all: Builds the code locally after testing -+# -+# fmt: Formats the source files -+# build: Builds the code locally -+# vet: Vets the code -+# lint: Runs lint over the code (you do not need to fix everything) -+# test: Runs the tests -+# cover: Gives you the URL to a nice test coverage report -+# -+# install: Builds, tests and installs the code locally -+ -+.PHONY: all fmt build vet lint test cover install -+ -+# The first target is always the default action if `make` is called without -+# args we build and install into $GOPATH so that it can just be run -+ -+all: fmt vet test install -+ -+fmt: -+ @gofmt -s -w ./$* -+ -+build: -+ @go build -+ -+vet: -+ @go vet *.go -+ -+lint: -+ @golint *.go -+ -+test: -+ @go test -v ./... -+ -+cover: COVERAGE_FILE := coverage.out -+cover: -+ @go test -coverprofile=$(COVERAGE_FILE) && \ -+ cover -html=$(COVERAGE_FILE) && rm $(COVERAGE_FILE) -+ -+install: -+ @go install ./... -diff --git a/vendor/github.com/microcosm-cc/bluemonday/README.md b/vendor/github.com/microcosm-cc/bluemonday/README.md -new file mode 100644 -index 00000000..ce679c10 ---- /dev/null -+++ b/vendor/github.com/microcosm-cc/bluemonday/README.md -@@ -0,0 +1,350 @@ -+# bluemonday [](https://travis-ci.org/microcosm-cc/bluemonday) [](https://godoc.org/github.com/microcosm-cc/bluemonday) [](https://sourcegraph.com/github.com/microcosm-cc/bluemonday?badge) -+ -+bluemonday is a HTML sanitizer implemented in Go. It is fast and highly configurable. -+ -+bluemonday takes untrusted user generated content as an input, and will return HTML that has been sanitised against a whitelist of approved HTML elements and attributes so that you can safely include the content in your web page. -+ -+If you accept user generated content, and your server uses Go, you **need** bluemonday. -+ -+The default policy for user generated content (`bluemonday.UGCPolicy().Sanitize()`) turns this: -+```html -+Hello <STYLE>.XSS{background-image:url("javascript:alert('XSS')");}</STYLE><A CLASS=XSS></A>World -+``` -+ -+Into a harmless: -+```html -+Hello World -+``` -+ -+And it turns this: -+```html -+<a href="javascript:alert('XSS1')" onmouseover="alert('XSS2')">XSS<a> -+``` -+ -+Into this: -+```html -+XSS -+``` -+ -+Whilst still allowing this: -+```html -+<a href="http://www.google.com/"> -+ <img src="https://ssl.gstatic.com/accounts/ui/logo_2x.png"/> -+</a> -+``` -+ -+To pass through mostly unaltered (it gained a rel="nofollow" which is a good thing for user generated content): -+```html -+<a href="http://www.google.com/" rel="nofollow"> -+ <img src="https://ssl.gstatic.com/accounts/ui/logo_2x.png"/> -+</a> -+``` -+ -+It protects sites from [XSS](http://en.wikipedia.org/wiki/Cross-site_scripting) attacks. There are many [vectors for an XSS attack](https://www.owasp.org/index.php/XSS_Filter_Evasion_Cheat_Sheet) and the best way to mitigate the risk is to sanitize user input against a known safe list of HTML elements and attributes. -+ -+You should **always** run bluemonday **after** any other processing. -+ -+If you use [blackfriday](https://github.com/russross/blackfriday) or [Pandoc](http://johnmacfarlane.net/pandoc/) then bluemonday should be run after these steps. This ensures that no insecure HTML is introduced later in your process. -+ -+bluemonday is heavily inspired by both the [OWASP Java HTML Sanitizer](https://code.google.com/p/owasp-java-html-sanitizer/) and the [HTML Purifier](http://htmlpurifier.org/). -+ -+## Technical Summary -+ -+Whitelist based, you need to either build a policy describing the HTML elements and attributes to permit (and the `regexp` patterns of attributes), or use one of the supplied policies representing good defaults. -+ -+The policy containing the whitelist is applied using a fast non-validating, forward only, token-based parser implemented in the [Go net/html library](https://godoc.org/golang.org/x/net/html) by the core Go team. -+ -+We expect to be supplied with well-formatted HTML (closing elements for every applicable open element, nested correctly) and so we do not focus on repairing badly nested or incomplete HTML. We focus on simply ensuring that whatever elements do exist are described in the policy whitelist and that attributes and links are safe for use on your web page. [GIGO](http://en.wikipedia.org/wiki/Garbage_in,_garbage_out) does apply and if you feed it bad HTML bluemonday is not tasked with figuring out how to make it good again. -+ -+### Supported Go Versions -+ -+bluemonday is tested against Go 1.1, 1.2, 1.3, 1.4, 1.5, 1.6, 1.7, 1.8, 1.9, and tip. -+ -+We do not support Go 1.0 as we depend on `golang.org/x/net/html` which includes a reference to `io.ErrNoProgress` which did not exist in Go 1.0. -+ -+## Is it production ready? -+ -+*Yes* -+ -+We are using bluemonday in production having migrated from the widely used and heavily field tested OWASP Java HTML Sanitizer. -+ -+We are passing our extensive test suite (including AntiSamy tests as well as tests for any issues raised). Check for any [unresolved issues](https://github.com/microcosm-cc/bluemonday/issues?page=1&state=open) to see whether anything may be a blocker for you. -+ -+We invite pull requests and issues to help us ensure we are offering comprehensive protection against various attacks via user generated content. -+ -+## Usage -+ -+Install in your `${GOPATH}` using `go get -u github.com/microcosm-cc/bluemonday` -+ -+Then call it: -+```go -+package main -+ -+import ( -+ "fmt" -+ -+ "github.com/microcosm-cc/bluemonday" -+) -+ -+func main() { -+ // Do this once for each unique policy, and use the policy for the life of the program -+ // Policy creation/editing is not safe to use in multiple goroutines -+ p := bluemonday.UGCPolicy() -+ -+ // The policy can then be used to sanitize lots of input and it is safe to use the policy in multiple goroutines -+ html := p.Sanitize( -+ `<a onblur="alert(secret)" href="http://www.google.com">Google</a>`, -+ ) -+ -+ // Output: -+ // <a href="http://www.google.com" rel="nofollow">Google</a> -+ fmt.Println(html) -+} -+``` -+ -+We offer three ways to call Sanitize: -+```go -+p.Sanitize(string) string -+p.SanitizeBytes([]byte) []byte -+p.SanitizeReader(io.Reader) bytes.Buffer -+``` -+ -+If you are obsessed about performance, `p.SanitizeReader(r).Bytes()` will return a `[]byte` without performing any unnecessary casting of the inputs or outputs. Though the difference is so negligible you should never need to care. -+ -+You can build your own policies: -+```go -+package main -+ -+import ( -+ "fmt" -+ -+ "github.com/microcosm-cc/bluemonday" -+) -+ -+func main() { -+ p := bluemonday.NewPolicy() -+ -+ // Require URLs to be parseable by net/url.Parse and either: -+ // mailto: http:// or https:// -+ p.AllowStandardURLs() -+ -+ // We only allow <p> and <a href=""> -+ p.AllowAttrs("href").OnElements("a") -+ p.AllowElements("p") -+ -+ html := p.Sanitize( -+ `<a onblur="alert(secret)" href="http://www.google.com">Google</a>`, -+ ) -+ -+ // Output: -+ // <a href="http://www.google.com">Google</a> -+ fmt.Println(html) -+} -+``` -+ -+We ship two default policies: -+ -+1. `bluemonday.StrictPolicy()` which can be thought of as equivalent to stripping all HTML elements and their attributes as it has nothing on its whitelist. An example usage scenario would be blog post titles where HTML tags are not expected at all and if they are then the elements *and* the content of the elements should be stripped. This is a *very* strict policy. -+2. `bluemonday.UGCPolicy()` which allows a broad selection of HTML elements and attributes that are safe for user generated content. Note that this policy does *not* whitelist iframes, object, embed, styles, script, etc. An example usage scenario would be blog post bodies where a variety of formatting is expected along with the potential for TABLEs and IMGs. -+ -+## Policy Building -+ -+The essence of building a policy is to determine which HTML elements and attributes are considered safe for your scenario. OWASP provide an [XSS prevention cheat sheet](https://www.owasp.org/index.php/XSS_(Cross_Site_Scripting)_Prevention_Cheat_Sheet) to help explain the risks, but essentially: -+ -+1. Avoid anything other than the standard HTML elements -+1. Avoid `script`, `style`, `iframe`, `object`, `embed`, `base` elements that allow code to be executed by the client or third party content to be included that can execute code -+1. Avoid anything other than plain HTML attributes with values matched to a regexp -+ -+Basically, you should be able to describe what HTML is fine for your scenario. If you do not have confidence that you can describe your policy please consider using one of the shipped policies such as `bluemonday.UGCPolicy()`. -+ -+To create a new policy: -+```go -+p := bluemonday.NewPolicy() -+``` -+ -+To add elements to a policy either add just the elements: -+```go -+p.AllowElements("b", "strong") -+``` -+ -+Or add elements as a virtue of adding an attribute: -+```go -+// Not the recommended pattern, see the recommendation on using .Matching() below -+p.AllowAttrs("nowrap").OnElements("td", "th") -+``` -+ -+Attributes can either be added to all elements: -+```go -+p.AllowAttrs("dir").Matching(regexp.MustCompile("(?i)rtl|ltr")).Globally() -+``` -+ -+Or attributes can be added to specific elements: -+```go -+// Not the recommended pattern, see the recommendation on using .Matching() below -+p.AllowAttrs("value").OnElements("li") -+``` -+ -+It is **always** recommended that an attribute be made to match a pattern. XSS in HTML attributes is very easy otherwise: -+```go -+// \p{L} matches unicode letters, \p{N} matches unicode numbers -+p.AllowAttrs("title").Matching(regexp.MustCompile(`[\p{L}\p{N}\s\-_',:\[\]!\./\\\(\)&]*`)).Globally() -+``` -+ -+You can stop at any time and call .Sanitize(): -+```go -+// string htmlIn passed in from a HTTP POST -+htmlOut := p.Sanitize(htmlIn) -+``` -+ -+And you can take any existing policy and extend it: -+```go -+p := bluemonday.UGCPolicy() -+p.AllowElements("fieldset", "select", "option") -+``` -+ -+### Links -+ -+Links are difficult beasts to sanitise safely and also one of the biggest attack vectors for malicious content. -+ -+It is possible to do this: -+```go -+p.AllowAttrs("href").Matching(regexp.MustCompile(`(?i)mailto|https?`)).OnElements("a") -+``` -+ -+But that will not protect you as the regular expression is insufficient in this case to have prevented a malformed value doing something unexpected. -+ -+We provide some additional global options for safely working with links. -+ -+`RequireParseableURLs` will ensure that URLs are parseable by Go's `net/url` package: -+```go -+p.RequireParseableURLs(true) -+``` -+ -+If you have enabled parseable URLs then the following option will `AllowRelativeURLs`. By default this is disabled (bluemonday is a whitelist tool... you need to explicitly tell us to permit things) and when disabled it will prevent all local and scheme relative URLs (i.e. `href="localpage.html"`, `href="../home.html"` and even `href="//www.google.com"` are relative): -+```go -+p.AllowRelativeURLs(true) -+``` -+ -+If you have enabled parseable URLs then you can whitelist the schemes (commonly called protocol when thinking of `http` and `https`) that are permitted. Bear in mind that allowing relative URLs in the above option will allow for a blank scheme: -+```go -+p.AllowURLSchemes("mailto", "http", "https") -+``` -+ -+Regardless of whether you have enabled parseable URLs, you can force all URLs to have a rel="nofollow" attribute. This will be added if it does not exist, but only when the `href` is valid: -+```go -+// This applies to "a" "area" "link" elements that have a "href" attribute -+p.RequireNoFollowOnLinks(true) -+``` -+ -+We provide a convenience method that applies all of the above, but you will still need to whitelist the linkable elements for the URL rules to be applied to: -+```go -+p.AllowStandardURLs() -+p.AllowAttrs("cite").OnElements("blockquote", "q") -+p.AllowAttrs("href").OnElements("a", "area") -+p.AllowAttrs("src").OnElements("img") -+``` -+ -+An additional complexity regarding links is the data URI as defined in [RFC2397](http://tools.ietf.org/html/rfc2397). The data URI allows for images to be served inline using this format: -+ -+```html -+<img src="data:image/webp;base64,UklGRh4AAABXRUJQVlA4TBEAAAAvAAAAAAfQ//73v/+BiOh/AAA="> -+``` -+ -+We have provided a helper to verify the mimetype followed by base64 content of data URIs links: -+ -+```go -+p.AllowDataURIImages() -+``` -+ -+That helper will enable GIF, JPEG, PNG and WEBP images. -+ -+It should be noted that there is a potential [security](http://palizine.plynt.com/issues/2010Oct/bypass-xss-filters/) [risk](https://capec.mitre.org/data/definitions/244.html) with the use of data URI links. You should only enable data URI links if you already trust the content. -+ -+We also have some features to help deal with user generated content: -+```go -+p.AddTargetBlankToFullyQualifiedLinks(true) -+``` -+ -+This will ensure that anchor `<a href="" />` links that are fully qualified (the href destination includes a host name) will get `target="_blank"` added to them. -+ -+Additionally any link that has `target="_blank"` after the policy has been applied will also have the `rel` attribute adjusted to add `noopener`. This means a link may start like `<a href="//host/path"/>` and will end up as `<a href="//host/path" rel="noopener" target="_blank">`. It is important to note that the addition of `noopener` is a security feature and not an issue. There is an unfortunate feature to browsers that a browser window opened as a result of `target="_blank"` can still control the opener (your web page) and this protects against that. The background to this can be found here: [https://dev.to/ben/the-targetblank-vulnerability-by-example](https://dev.to/ben/the-targetblank-vulnerability-by-example) -+ -+### Policy Building Helpers -+ -+We also bundle some helpers to simplify policy building: -+```go -+ -+// Permits the "dir", "id", "lang", "title" attributes globally -+p.AllowStandardAttributes() -+ -+// Permits the "img" element and its standard attributes -+p.AllowImages() -+ -+// Permits ordered and unordered lists, and also definition lists -+p.AllowLists() -+ -+// Permits HTML tables and all applicable elements and non-styling attributes -+p.AllowTables() -+``` -+ -+### Invalid Instructions -+ -+The following are invalid: -+```go -+// This does not say where the attributes are allowed, you need to add -+// .Globally() or .OnElements(...) -+// This will be ignored without error. -+p.AllowAttrs("value") -+ -+// This does not say where the attributes are allowed, you need to add -+// .Globally() or .OnElements(...) -+// This will be ignored without error. -+p.AllowAttrs( -+ "type", -+).Matching( -+ regexp.MustCompile("(?i)^(circle|disc|square|a|A|i|I|1)$"), -+) -+``` -+ -+Both examples exhibit the same issue, they declare attributes but do not then specify whether they are whitelisted globally or only on specific elements (and which elements). Attributes belong to one or more elements, and the policy needs to declare this. -+ -+## Limitations -+ -+We are not yet including any tools to help whitelist and sanitize CSS. Which means that unless you wish to do the heavy lifting in a single regular expression (inadvisable), **you should not allow the "style" attribute anywhere**. -+ -+It is not the job of bluemonday to fix your bad HTML, it is merely the job of bluemonday to prevent malicious HTML getting through. If you have mismatched HTML elements, or non-conforming nesting of elements, those will remain. But if you have well-structured HTML bluemonday will not break it. -+ -+## TODO -+ -+* Add support for CSS sanitisation to allow some CSS properties based on a whitelist, possibly using the [Gorilla CSS3 scanner](http://www.gorillatoolkit.org/pkg/css/scanner) - PRs welcome so long as testing covers XSS and demonstrates safety first -+* Investigate whether devs want to blacklist elements and attributes. This would allow devs to take an existing policy (such as the `bluemonday.UGCPolicy()` ) that encapsulates 90% of what they're looking for but does more than they need, and to remove the extra things they do not want to make it 100% what they want -+* Investigate whether devs want a validating HTML mode, in which the HTML elements are not just transformed into a balanced tree (every start tag has a closing tag at the correct depth) but also that elements and character data appear only in their allowed context (i.e. that a `table` element isn't a descendent of a `caption`, that `colgroup`, `thead`, `tbody`, `tfoot` and `tr` are permitted, and that character data is not permitted) -+ -+## Development -+ -+If you have cloned this repo you will probably need the dependency: -+ -+`go get golang.org/x/net/html` -+ -+Gophers can use their familiar tools: -+ -+`go build` -+ -+`go test` -+ -+I personally use a Makefile as it spares typing the same args over and over whilst providing consistency for those of us who jump from language to language and enjoy just typing `make` in a project directory and watch magic happen. -+ -+`make` will build, vet, test and install the library. -+ -+`make clean` will remove the library from a *single* `${GOPATH}/pkg` directory tree -+ -+`make test` will run the tests -+ -+`make cover` will run the tests and *open a browser window* with the coverage report -+ -+`make lint` will run golint (install via `go get github.com/golang/lint/golint`) -+ -+## Long term goals -+ -+1. Open the code to adversarial peer review similar to the [Attack Review Ground Rules](https://code.google.com/p/owasp-java-html-sanitizer/wiki/AttackReviewGroundRules) -+1. Raise funds and pay for an external security review -diff --git a/vendor/github.com/microcosm-cc/bluemonday/doc.go b/vendor/github.com/microcosm-cc/bluemonday/doc.go -new file mode 100644 -index 00000000..71dab608 ---- /dev/null -+++ b/vendor/github.com/microcosm-cc/bluemonday/doc.go -@@ -0,0 +1,104 @@ -+// Copyright (c) 2014, David Kitchen <david@buro9.com> -+// -+// All rights reserved. -+// -+// Redistribution and use in source and binary forms, with or without -+// modification, are permitted provided that the following conditions are met: -+// -+// * Redistributions of source code must retain the above copyright notice, this -+// list of conditions and the following disclaimer. -+// -+// * Redistributions in binary form must reproduce the above copyright notice, -+// this list of conditions and the following disclaimer in the documentation -+// and/or other materials provided with the distribution. -+// -+// * Neither the name of the organisation (Microcosm) nor the names of its -+// contributors may be used to endorse or promote products derived from -+// this software without specific prior written permission. -+// -+// THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" -+// AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE -+// IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE -+// DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE -+// FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL -+// DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR -+// SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER -+// CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, -+// OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE -+// OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. -+ -+/* -+Package bluemonday provides a way of describing a whitelist of HTML elements -+and attributes as a policy, and for that policy to be applied to untrusted -+strings from users that may contain markup. All elements and attributes not on -+the whitelist will be stripped. -+ -+The default bluemonday.UGCPolicy().Sanitize() turns this: -+ -+ Hello <STYLE>.XSS{background-image:url("javascript:alert('XSS')");}</STYLE><A CLASS=XSS></A>World -+ -+Into the more harmless: -+ -+ Hello World -+ -+And it turns this: -+ -+ <a href="javascript:alert('XSS1')" onmouseover="alert('XSS2')">XSS<a> -+ -+Into this: -+ -+ XSS -+ -+Whilst still allowing this: -+ -+ <a href="http://www.google.com/"> -+ <img src="https://ssl.gstatic.com/accounts/ui/logo_2x.png"/> -+ </a> -+ -+To pass through mostly unaltered (it gained a rel="nofollow"): -+ -+ <a href="http://www.google.com/" rel="nofollow"> -+ <img src="https://ssl.gstatic.com/accounts/ui/logo_2x.png"/> -+ </a> -+ -+The primary purpose of bluemonday is to take potentially unsafe user generated -+content (from things like Markdown, HTML WYSIWYG tools, etc) and make it safe -+for you to put on your website. -+ -+It protects sites against XSS (http://en.wikipedia.org/wiki/Cross-site_scripting) -+and other malicious content that a user interface may deliver. There are many -+vectors for an XSS attack (https://www.owasp.org/index.php/XSS_Filter_Evasion_Cheat_Sheet) -+and the safest thing to do is to sanitize user input against a known safe list -+of HTML elements and attributes. -+ -+Note: You should always run bluemonday after any other processing. -+ -+If you use blackfriday (https://github.com/russross/blackfriday) or -+Pandoc (http://johnmacfarlane.net/pandoc/) then bluemonday should be run after -+these steps. This ensures that no insecure HTML is introduced later in your -+process. -+ -+bluemonday is heavily inspired by both the OWASP Java HTML Sanitizer -+(https://code.google.com/p/owasp-java-html-sanitizer/) and the HTML Purifier -+(http://htmlpurifier.org/). -+ -+We ship two default policies, one is bluemonday.StrictPolicy() and can be -+thought of as equivalent to stripping all HTML elements and their attributes as -+it has nothing on its whitelist. -+ -+The other is bluemonday.UGCPolicy() and allows a broad selection of HTML -+elements and attributes that are safe for user generated content. Note that -+this policy does not whitelist iframes, object, embed, styles, script, etc. -+ -+The essence of building a policy is to determine which HTML elements and -+attributes are considered safe for your scenario. OWASP provide an XSS -+prevention cheat sheet ( https://www.google.com/search?q=xss+prevention+cheat+sheet ) -+to help explain the risks, but essentially: -+ -+ 1. Avoid whitelisting anything other than plain HTML elements -+ 2. Avoid whitelisting `script`, `style`, `iframe`, `object`, `embed`, `base` -+ elements -+ 3. Avoid whitelisting anything other than plain HTML elements with simple -+ values that you can match to a regexp -+*/ -+package bluemonday -diff --git a/vendor/github.com/microcosm-cc/bluemonday/go.mod b/vendor/github.com/microcosm-cc/bluemonday/go.mod -new file mode 100644 -index 00000000..fa8453c5 ---- /dev/null -+++ b/vendor/github.com/microcosm-cc/bluemonday/go.mod -@@ -0,0 +1,5 @@ -+module github.com/microcosm-cc/bluemonday -+ -+go 1.9 -+ -+require golang.org/x/net v0.0.0-20181220203305-927f97764cc3 -diff --git a/vendor/github.com/microcosm-cc/bluemonday/go.sum b/vendor/github.com/microcosm-cc/bluemonday/go.sum -new file mode 100644 -index 00000000..bee241d1 ---- /dev/null -+++ b/vendor/github.com/microcosm-cc/bluemonday/go.sum -@@ -0,0 +1,2 @@ -+golang.org/x/net v0.0.0-20181220203305-927f97764cc3 h1:eH6Eip3UpmR+yM/qI9Ijluzb1bNv/cAU/n+6l8tRSis= -+golang.org/x/net v0.0.0-20181220203305-927f97764cc3/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= -diff --git a/vendor/github.com/microcosm-cc/bluemonday/helpers.go b/vendor/github.com/microcosm-cc/bluemonday/helpers.go -new file mode 100644 -index 00000000..dfa5868d ---- /dev/null -+++ b/vendor/github.com/microcosm-cc/bluemonday/helpers.go -@@ -0,0 +1,297 @@ -+// Copyright (c) 2014, David Kitchen <david@buro9.com> -+// -+// All rights reserved. -+// -+// Redistribution and use in source and binary forms, with or without -+// modification, are permitted provided that the following conditions are met: -+// -+// * Redistributions of source code must retain the above copyright notice, this -+// list of conditions and the following disclaimer. -+// -+// * Redistributions in binary form must reproduce the above copyright notice, -+// this list of conditions and the following disclaimer in the documentation -+// and/or other materials provided with the distribution. -+// -+// * Neither the name of the organisation (Microcosm) nor the names of its -+// contributors may be used to endorse or promote products derived from -+// this software without specific prior written permission. -+// -+// THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" -+// AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE -+// IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE -+// DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE -+// FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL -+// DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR -+// SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER -+// CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, -+// OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE -+// OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. -+ -+package bluemonday -+ -+import ( -+ "encoding/base64" -+ "net/url" -+ "regexp" -+) -+ -+// A selection of regular expressions that can be used as .Matching() rules on -+// HTML attributes. -+var ( -+ // CellAlign handles the `align` attribute -+ // https://developer.mozilla.org/en-US/docs/Web/HTML/Element/td#attr-align -+ CellAlign = regexp.MustCompile(`(?i)^(center|justify|left|right|char)$`) -+ -+ // CellVerticalAlign handles the `valign` attribute -+ // https://developer.mozilla.org/en-US/docs/Web/HTML/Element/td#attr-valign -+ CellVerticalAlign = regexp.MustCompile(`(?i)^(baseline|bottom|middle|top)$`) -+ -+ // Direction handles the `dir` attribute -+ // https://developer.mozilla.org/en-US/docs/Web/HTML/Element/bdo#attr-dir -+ Direction = regexp.MustCompile(`(?i)^(rtl|ltr)$`) -+ -+ // ImageAlign handles the `align` attribute on the `image` tag -+ // http://www.w3.org/MarkUp/Test/Img/imgtest.html -+ ImageAlign = regexp.MustCompile( -+ `(?i)^(left|right|top|texttop|middle|absmiddle|baseline|bottom|absbottom)$`, -+ ) -+ -+ // Integer describes whole positive integers (including 0) used in places -+ // like td.colspan -+ // https://developer.mozilla.org/en-US/docs/Web/HTML/Element/td#attr-colspan -+ Integer = regexp.MustCompile(`^[0-9]+$`) -+ -+ // ISO8601 according to the W3 group is only a subset of the ISO8601 -+ // standard: http://www.w3.org/TR/NOTE-datetime -+ // -+ // Used in places like time.datetime -+ // https://developer.mozilla.org/en-US/docs/Web/HTML/Element/time#attr-datetime -+ // -+ // Matches patterns: -+ // Year: -+ // YYYY (eg 1997) -+ // Year and month: -+ // YYYY-MM (eg 1997-07) -+ // Complete date: -+ // YYYY-MM-DD (eg 1997-07-16) -+ // Complete date plus hours and minutes: -+ // YYYY-MM-DDThh:mmTZD (eg 1997-07-16T19:20+01:00) -+ // Complete date plus hours, minutes and seconds: -+ // YYYY-MM-DDThh:mm:ssTZD (eg 1997-07-16T19:20:30+01:00) -+ // Complete date plus hours, minutes, seconds and a decimal fraction of a -+ // second -+ // YYYY-MM-DDThh:mm:ss.sTZD (eg 1997-07-16T19:20:30.45+01:00) -+ ISO8601 = regexp.MustCompile( -+ `^[0-9]{4}(-[0-9]{2}(-[0-9]{2}([ T][0-9]{2}(:[0-9]{2}){1,2}(.[0-9]{1,6})` + -+ `?Z?([\+-][0-9]{2}:[0-9]{2})?)?)?)?$`, -+ ) -+ -+ // ListType encapsulates the common value as well as the latest spec -+ // values for lists -+ // https://developer.mozilla.org/en-US/docs/Web/HTML/Element/ol#attr-type -+ ListType = regexp.MustCompile(`(?i)^(circle|disc|square|a|A|i|I|1)$`) -+ -+ // SpaceSeparatedTokens is used in places like `a.rel` and the common attribute -+ // `class` which both contain space delimited lists of data tokens -+ // http://www.w3.org/TR/html-markup/datatypes.html#common.data.tokens-def -+ // Regexp: \p{L} matches unicode letters, \p{N} matches unicode numbers -+ SpaceSeparatedTokens = regexp.MustCompile(`^([\s\p{L}\p{N}_-]+)$`) -+ -+ // Number is a double value used on HTML5 meter and progress elements -+ // http://www.whatwg.org/specs/web-apps/current-work/multipage/the-button-element.html#the-meter-element -+ Number = regexp.MustCompile(`^[-+]?[0-9]*\.?[0-9]+([eE][-+]?[0-9]+)?$`) -+ -+ // NumberOrPercent is used predominantly as units of measurement in width -+ // and height attributes -+ // https://developer.mozilla.org/en-US/docs/Web/HTML/Element/img#attr-height -+ NumberOrPercent = regexp.MustCompile(`^[0-9]+[%]?$`) -+ -+ // Paragraph of text in an attribute such as *.'title', img.alt, etc -+ // https://developer.mozilla.org/en-US/docs/Web/HTML/Global_attributes#attr-title -+ // Note that we are not allowing chars that could close tags like '>' -+ Paragraph = regexp.MustCompile(`^[\p{L}\p{N}\s\-_',\[\]!\./\\\(\)]*$`) -+ -+ // dataURIImagePrefix is used by AllowDataURIImages to define the acceptable -+ // prefix of data URIs that contain common web image formats. -+ // -+ // This is not exported as it's not useful by itself, and only has value -+ // within the AllowDataURIImages func -+ dataURIImagePrefix = regexp.MustCompile( -+ `^image/(gif|jpeg|png|webp);base64,`, -+ ) -+) -+ -+// AllowStandardURLs is a convenience function that will enable rel="nofollow" -+// on "a", "area" and "link" (if you have allowed those elements) and will -+// ensure that the URL values are parseable and either relative or belong to the -+// "mailto", "http", or "https" schemes -+func (p *Policy) AllowStandardURLs() { -+ // URLs must be parseable by net/url.Parse() -+ p.RequireParseableURLs(true) -+ -+ // !url.IsAbs() is permitted -+ p.AllowRelativeURLs(true) -+ -+ // Most common URL schemes only -+ p.AllowURLSchemes("mailto", "http", "https") -+ -+ // For all anchors we will add rel="nofollow" if it does not already exist -+ // This applies to "a" "area" "link" -+ p.RequireNoFollowOnLinks(true) -+} -+ -+// AllowStandardAttributes will enable "id", "title" and the language specific -+// attributes "dir" and "lang" on all elements that are whitelisted -+func (p *Policy) AllowStandardAttributes() { -+ // "dir" "lang" are permitted as both language attributes affect charsets -+ // and direction of text. -+ p.AllowAttrs("dir").Matching(Direction).Globally() -+ p.AllowAttrs( -+ "lang", -+ ).Matching(regexp.MustCompile(`[a-zA-Z]{2,20}`)).Globally() -+ -+ // "id" is permitted. This is pretty much as some HTML elements require this -+ // to work well ("dfn" is an example of a "id" being value) -+ // This does create a risk that JavaScript and CSS within your web page -+ // might identify the wrong elements. Ensure that you select things -+ // accurately -+ p.AllowAttrs("id").Matching( -+ regexp.MustCompile(`[a-zA-Z0-9\:\-_\.]+`), -+ ).Globally() -+ -+ // "title" is permitted as it improves accessibility. -+ p.AllowAttrs("title").Matching(Paragraph).Globally() -+} -+ -+// AllowStyling presently enables the class attribute globally. -+// -+// Note: When bluemonday ships a CSS parser and we can safely sanitise that, -+// this will also allow sanitized styling of elements via the style attribute. -+func (p *Policy) AllowStyling() { -+ -+ // "class" is permitted globally -+ p.AllowAttrs("class").Matching(SpaceSeparatedTokens).Globally() -+} -+ -+// AllowImages enables the img element and some popular attributes. It will also -+// ensure that URL values are parseable. This helper does not enable data URI -+// images, for that you should also use the AllowDataURIImages() helper. -+func (p *Policy) AllowImages() { -+ -+ // "img" is permitted -+ p.AllowAttrs("align").Matching(ImageAlign).OnElements("img") -+ p.AllowAttrs("alt").Matching(Paragraph).OnElements("img") -+ p.AllowAttrs("height", "width").Matching(NumberOrPercent).OnElements("img") -+ -+ // Standard URLs enabled -+ p.AllowStandardURLs() -+ p.AllowAttrs("src").OnElements("img") -+} -+ -+// AllowDataURIImages permits the use of inline images defined in RFC2397 -+// http://tools.ietf.org/html/rfc2397 -+// http://en.wikipedia.org/wiki/Data_URI_scheme -+// -+// Images must have a mimetype matching: -+// image/gif -+// image/jpeg -+// image/png -+// image/webp -+// -+// NOTE: There is a potential security risk to allowing data URIs and you should -+// only permit them on content you already trust. -+// http://palizine.plynt.com/issues/2010Oct/bypass-xss-filters/ -+// https://capec.mitre.org/data/definitions/244.html -+func (p *Policy) AllowDataURIImages() { -+ -+ // URLs must be parseable by net/url.Parse() -+ p.RequireParseableURLs(true) -+ -+ // Supply a function to validate images contained within data URI -+ p.AllowURLSchemeWithCustomPolicy( -+ "data", -+ func(url *url.URL) (allowUrl bool) { -+ if url.RawQuery != "" || url.Fragment != "" { -+ return false -+ } -+ -+ matched := dataURIImagePrefix.FindString(url.Opaque) -+ if matched == "" { -+ return false -+ } -+ -+ _, err := base64.StdEncoding.DecodeString(url.Opaque[len(matched):]) -+ if err != nil { -+ return false -+ } -+ -+ return true -+ }, -+ ) -+} -+ -+// AllowLists will enabled ordered and unordered lists, as well as definition -+// lists -+func (p *Policy) AllowLists() { -+ // "ol" "ul" are permitted -+ p.AllowAttrs("type").Matching(ListType).OnElements("ol", "ul") -+ -+ // "li" is permitted -+ p.AllowAttrs("type").Matching(ListType).OnElements("li") -+ p.AllowAttrs("value").Matching(Integer).OnElements("li") -+ -+ // "dl" "dt" "dd" are permitted -+ p.AllowElements("dl", "dt", "dd") -+} -+ -+// AllowTables will enable a rich set of elements and attributes to describe -+// HTML tables -+func (p *Policy) AllowTables() { -+ -+ // "table" is permitted -+ p.AllowAttrs("height", "width").Matching(NumberOrPercent).OnElements("table") -+ p.AllowAttrs("summary").Matching(Paragraph).OnElements("table") -+ -+ // "caption" is permitted -+ p.AllowElements("caption") -+ -+ // "col" "colgroup" are permitted -+ p.AllowAttrs("align").Matching(CellAlign).OnElements("col", "colgroup") -+ p.AllowAttrs("height", "width").Matching( -+ NumberOrPercent, -+ ).OnElements("col", "colgroup") -+ p.AllowAttrs("span").Matching(Integer).OnElements("colgroup", "col") -+ p.AllowAttrs("valign").Matching( -+ CellVerticalAlign, -+ ).OnElements("col", "colgroup") -+ -+ // "thead" "tr" are permitted -+ p.AllowAttrs("align").Matching(CellAlign).OnElements("thead", "tr") -+ p.AllowAttrs("valign").Matching(CellVerticalAlign).OnElements("thead", "tr") -+ -+ // "td" "th" are permitted -+ p.AllowAttrs("abbr").Matching(Paragraph).OnElements("td", "th") -+ p.AllowAttrs("align").Matching(CellAlign).OnElements("td", "th") -+ p.AllowAttrs("colspan", "rowspan").Matching(Integer).OnElements("td", "th") -+ p.AllowAttrs("headers").Matching( -+ SpaceSeparatedTokens, -+ ).OnElements("td", "th") -+ p.AllowAttrs("height", "width").Matching( -+ NumberOrPercent, -+ ).OnElements("td", "th") -+ p.AllowAttrs( -+ "scope", -+ ).Matching( -+ regexp.MustCompile(`(?i)(?:row|col)(?:group)?`), -+ ).OnElements("td", "th") -+ p.AllowAttrs("valign").Matching(CellVerticalAlign).OnElements("td", "th") -+ p.AllowAttrs("nowrap").Matching( -+ regexp.MustCompile(`(?i)|nowrap`), -+ ).OnElements("td", "th") -+ -+ // "tbody" "tfoot" -+ p.AllowAttrs("align").Matching(CellAlign).OnElements("tbody", "tfoot") -+ p.AllowAttrs("valign").Matching( -+ CellVerticalAlign, -+ ).OnElements("tbody", "tfoot") -+} -diff --git a/vendor/github.com/microcosm-cc/bluemonday/policies.go b/vendor/github.com/microcosm-cc/bluemonday/policies.go -new file mode 100644 -index 00000000..570bba88 ---- /dev/null -+++ b/vendor/github.com/microcosm-cc/bluemonday/policies.go -@@ -0,0 +1,253 @@ -+// Copyright (c) 2014, David Kitchen <david@buro9.com> -+// -+// All rights reserved. -+// -+// Redistribution and use in source and binary forms, with or without -+// modification, are permitted provided that the following conditions are met: -+// -+// * Redistributions of source code must retain the above copyright notice, this -+// list of conditions and the following disclaimer. -+// -+// * Redistributions in binary form must reproduce the above copyright notice, -+// this list of conditions and the following disclaimer in the documentation -+// and/or other materials provided with the distribution. -+// -+// * Neither the name of the organisation (Microcosm) nor the names of its -+// contributors may be used to endorse or promote products derived from -+// this software without specific prior written permission. -+// -+// THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" -+// AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE -+// IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE -+// DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE -+// FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL -+// DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR -+// SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER -+// CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, -+// OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE -+// OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. -+ -+package bluemonday -+ -+import ( -+ "regexp" -+) -+ -+// StrictPolicy returns an empty policy, which will effectively strip all HTML -+// elements and their attributes from a document. -+func StrictPolicy() *Policy { -+ return NewPolicy() -+} -+ -+// StripTagsPolicy is DEPRECATED. Use StrictPolicy instead. -+func StripTagsPolicy() *Policy { -+ return StrictPolicy() -+} -+ -+// UGCPolicy returns a policy aimed at user generated content that is a result -+// of HTML WYSIWYG tools and Markdown conversions. -+// -+// This is expected to be a fairly rich document where as much markup as -+// possible should be retained. Markdown permits raw HTML so we are basically -+// providing a policy to sanitise HTML5 documents safely but with the -+// least intrusion on the formatting expectations of the user. -+func UGCPolicy() *Policy { -+ -+ p := NewPolicy() -+ -+ /////////////////////// -+ // Global attributes // -+ /////////////////////// -+ -+ // "class" is not permitted as we are not allowing users to style their own -+ // content -+ -+ p.AllowStandardAttributes() -+ -+ ////////////////////////////// -+ // Global URL format policy // -+ ////////////////////////////// -+ -+ p.AllowStandardURLs() -+ -+ //////////////////////////////// -+ // Declarations and structure // -+ //////////////////////////////// -+ -+ // "xml" "xslt" "DOCTYPE" "html" "head" are not permitted as we are -+ // expecting user generated content to be a fragment of HTML and not a full -+ // document. -+ -+ ////////////////////////// -+ // Sectioning root tags // -+ ////////////////////////// -+ -+ // "article" and "aside" are permitted and takes no attributes -+ p.AllowElements("article", "aside") -+ -+ // "body" is not permitted as we are expecting user generated content to be a fragment -+ // of HTML and not a full document. -+ -+ // "details" is permitted, including the "open" attribute which can either -+ // be blank or the value "open". -+ p.AllowAttrs( -+ "open", -+ ).Matching(regexp.MustCompile(`(?i)^(|open)$`)).OnElements("details") -+ -+ // "fieldset" is not permitted as we are not allowing forms to be created. -+ -+ // "figure" is permitted and takes no attributes -+ p.AllowElements("figure") -+ -+ // "nav" is not permitted as it is assumed that the site (and not the user) -+ // has defined navigation elements -+ -+ // "section" is permitted and takes no attributes -+ p.AllowElements("section") -+ -+ // "summary" is permitted and takes no attributes -+ p.AllowElements("summary") -+ -+ ////////////////////////// -+ // Headings and footers // -+ ////////////////////////// -+ -+ // "footer" is not permitted as we expect user content to be a fragment and -+ // not structural to this extent -+ -+ // "h1" through "h6" are permitted and take no attributes -+ p.AllowElements("h1", "h2", "h3", "h4", "h5", "h6") -+ -+ // "header" is not permitted as we expect user content to be a fragment and -+ // not structural to this extent -+ -+ // "hgroup" is permitted and takes no attributes -+ p.AllowElements("hgroup") -+ -+ ///////////////////////////////////// -+ // Content grouping and separating // -+ ///////////////////////////////////// -+ -+ // "blockquote" is permitted, including the "cite" attribute which must be -+ // a standard URL. -+ p.AllowAttrs("cite").OnElements("blockquote") -+ -+ // "br" "div" "hr" "p" "span" "wbr" are permitted and take no attributes -+ p.AllowElements("br", "div", "hr", "p", "span", "wbr") -+ -+ /////////// -+ // Links // -+ /////////// -+ -+ // "a" is permitted -+ p.AllowAttrs("href").OnElements("a") -+ -+ // "area" is permitted along with the attributes that map image maps work -+ p.AllowAttrs("name").Matching( -+ regexp.MustCompile(`^([\p{L}\p{N}_-]+)$`), -+ ).OnElements("map") -+ p.AllowAttrs("alt").Matching(Paragraph).OnElements("area") -+ p.AllowAttrs("coords").Matching( -+ regexp.MustCompile(`^([0-9]+,)+[0-9]+$`), -+ ).OnElements("area") -+ p.AllowAttrs("href").OnElements("area") -+ p.AllowAttrs("rel").Matching(SpaceSeparatedTokens).OnElements("area") -+ p.AllowAttrs("shape").Matching( -+ regexp.MustCompile(`(?i)^(default|circle|rect|poly)$`), -+ ).OnElements("area") -+ p.AllowAttrs("usemap").Matching( -+ regexp.MustCompile(`(?i)^#[\p{L}\p{N}_-]+$`), -+ ).OnElements("img") -+ -+ // "link" is not permitted -+ -+ ///////////////////// -+ // Phrase elements // -+ ///////////////////// -+ -+ // The following are all inline phrasing elements -+ p.AllowElements("abbr", "acronym", "cite", "code", "dfn", "em", -+ "figcaption", "mark", "s", "samp", "strong", "sub", "sup", "var") -+ -+ // "q" is permitted and "cite" is a URL and handled by URL policies -+ p.AllowAttrs("cite").OnElements("q") -+ -+ // "time" is permitted -+ p.AllowAttrs("datetime").Matching(ISO8601).OnElements("time") -+ -+ //////////////////// -+ // Style elements // -+ //////////////////// -+ -+ // block and inline elements that impart no semantic meaning but style the -+ // document -+ p.AllowElements("b", "i", "pre", "small", "strike", "tt", "u") -+ -+ // "style" is not permitted as we are not yet sanitising CSS and it is an -+ // XSS attack vector -+ -+ ////////////////////// -+ // HTML5 Formatting // -+ ////////////////////// -+ -+ // "bdi" "bdo" are permitted -+ p.AllowAttrs("dir").Matching(Direction).OnElements("bdi", "bdo") -+ -+ // "rp" "rt" "ruby" are permitted -+ p.AllowElements("rp", "rt", "ruby") -+ -+ /////////////////////////// -+ // HTML5 Change tracking // -+ /////////////////////////// -+ -+ // "del" "ins" are permitted -+ p.AllowAttrs("cite").Matching(Paragraph).OnElements("del", "ins") -+ p.AllowAttrs("datetime").Matching(ISO8601).OnElements("del", "ins") -+ -+ /////////// -+ // Lists // -+ /////////// -+ -+ p.AllowLists() -+ -+ //////////// -+ // Tables // -+ //////////// -+ -+ p.AllowTables() -+ -+ /////////// -+ // Forms // -+ /////////// -+ -+ // By and large, forms are not permitted. However there are some form -+ // elements that can be used to present data, and we do permit those -+ // -+ // "button" "fieldset" "input" "keygen" "label" "output" "select" "datalist" -+ // "textarea" "optgroup" "option" are all not permitted -+ -+ // "meter" is permitted -+ p.AllowAttrs( -+ "value", -+ "min", -+ "max", -+ "low", -+ "high", -+ "optimum", -+ ).Matching(Number).OnElements("meter") -+ -+ // "progress" is permitted -+ p.AllowAttrs("value", "max").Matching(Number).OnElements("progress") -+ -+ ////////////////////// -+ // Embedded content // -+ ////////////////////// -+ -+ // Vast majority not permitted -+ // "audio" "canvas" "embed" "iframe" "object" "param" "source" "svg" "track" -+ // "video" are all not permitted -+ -+ p.AllowImages() -+ -+ return p -+} -diff --git a/vendor/github.com/microcosm-cc/bluemonday/policy.go b/vendor/github.com/microcosm-cc/bluemonday/policy.go -new file mode 100644 -index 00000000..f61d98f5 ---- /dev/null -+++ b/vendor/github.com/microcosm-cc/bluemonday/policy.go -@@ -0,0 +1,552 @@ -+// Copyright (c) 2014, David Kitchen <david@buro9.com> -+// -+// All rights reserved. -+// -+// Redistribution and use in source and binary forms, with or without -+// modification, are permitted provided that the following conditions are met: -+// -+// * Redistributions of source code must retain the above copyright notice, this -+// list of conditions and the following disclaimer. -+// -+// * Redistributions in binary form must reproduce the above copyright notice, -+// this list of conditions and the following disclaimer in the documentation -+// and/or other materials provided with the distribution. -+// -+// * Neither the name of the organisation (Microcosm) nor the names of its -+// contributors may be used to endorse or promote products derived from -+// this software without specific prior written permission. -+// -+// THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" -+// AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE -+// IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE -+// DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE -+// FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL -+// DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR -+// SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER -+// CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, -+// OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE -+// OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. -+ -+package bluemonday -+ -+import ( -+ "net/url" -+ "regexp" -+ "strings" -+) -+ -+// Policy encapsulates the whitelist of HTML elements and attributes that will -+// be applied to the sanitised HTML. -+// -+// You should use bluemonday.NewPolicy() to create a blank policy as the -+// unexported fields contain maps that need to be initialized. -+type Policy struct { -+ -+ // Declares whether the maps have been initialized, used as a cheap check to -+ // ensure that those using Policy{} directly won't cause nil pointer -+ // exceptions -+ initialized bool -+ -+ // If true then we add spaces when stripping tags, specifically the closing -+ // tag is replaced by a space character. -+ addSpaces bool -+ -+ // When true, add rel="nofollow" to HTML anchors -+ requireNoFollow bool -+ -+ // When true, add rel="nofollow" to HTML anchors -+ // Will add for href="http://foo" -+ // Will skip for href="/foo" or href="foo" -+ requireNoFollowFullyQualifiedLinks bool -+ -+ // When true add target="_blank" to fully qualified links -+ // Will add for href="http://foo" -+ // Will skip for href="/foo" or href="foo" -+ addTargetBlankToFullyQualifiedLinks bool -+ -+ // When true, URLs must be parseable by "net/url" url.Parse() -+ requireParseableURLs bool -+ -+ // When true, u, _ := url.Parse("url"); !u.IsAbs() is permitted -+ allowRelativeURLs bool -+ -+ // When true, allow data attributes. -+ allowDataAttributes bool -+ -+ // map[htmlElementName]map[htmlAttributeName]attrPolicy -+ elsAndAttrs map[string]map[string]attrPolicy -+ -+ // map[htmlAttributeName]attrPolicy -+ globalAttrs map[string]attrPolicy -+ -+ // If urlPolicy is nil, all URLs with matching schema are allowed. -+ // Otherwise, only the URLs with matching schema and urlPolicy(url) -+ // returning true are allowed. -+ allowURLSchemes map[string]urlPolicy -+ -+ // If an element has had all attributes removed as a result of a policy -+ // being applied, then the element would be removed from the output. -+ // -+ // However some elements are valid and have strong layout meaning without -+ // any attributes, i.e. <table>. To prevent those being removed we maintain -+ // a list of elements that are allowed to have no attributes and that will -+ // be maintained in the output HTML. -+ setOfElementsAllowedWithoutAttrs map[string]struct{} -+ -+ setOfElementsToSkipContent map[string]struct{} -+} -+ -+type attrPolicy struct { -+ -+ // optional pattern to match, when not nil the regexp needs to match -+ // otherwise the attribute is removed -+ regexp *regexp.Regexp -+} -+ -+type attrPolicyBuilder struct { -+ p *Policy -+ -+ attrNames []string -+ regexp *regexp.Regexp -+ allowEmpty bool -+} -+ -+type urlPolicy func(url *url.URL) (allowUrl bool) -+ -+// init initializes the maps if this has not been done already -+func (p *Policy) init() { -+ if !p.initialized { -+ p.elsAndAttrs = make(map[string]map[string]attrPolicy) -+ p.globalAttrs = make(map[string]attrPolicy) -+ p.allowURLSchemes = make(map[string]urlPolicy) -+ p.setOfElementsAllowedWithoutAttrs = make(map[string]struct{}) -+ p.setOfElementsToSkipContent = make(map[string]struct{}) -+ p.initialized = true -+ } -+} -+ -+// NewPolicy returns a blank policy with nothing whitelisted or permitted. This -+// is the recommended way to start building a policy and you should now use -+// AllowAttrs() and/or AllowElements() to construct the whitelist of HTML -+// elements and attributes. -+func NewPolicy() *Policy { -+ -+ p := Policy{} -+ -+ p.addDefaultElementsWithoutAttrs() -+ p.addDefaultSkipElementContent() -+ -+ return &p -+} -+ -+// AllowAttrs takes a range of HTML attribute names and returns an -+// attribute policy builder that allows you to specify the pattern and scope of -+// the whitelisted attribute. -+// -+// The attribute policy is only added to the core policy when either Globally() -+// or OnElements(...) are called. -+func (p *Policy) AllowAttrs(attrNames ...string) *attrPolicyBuilder { -+ -+ p.init() -+ -+ abp := attrPolicyBuilder{ -+ p: p, -+ allowEmpty: false, -+ } -+ -+ for _, attrName := range attrNames { -+ abp.attrNames = append(abp.attrNames, strings.ToLower(attrName)) -+ } -+ -+ return &abp -+} -+ -+// AllowDataAttributes whitelists all data attributes. We can't specify the name -+// of each attribute exactly as they are customized. -+// -+// NOTE: These values are not sanitized and applications that evaluate or process -+// them without checking and verification of the input may be at risk if this option -+// is enabled. This is a 'caveat emptor' option and the person enabling this option -+// needs to fully understand the potential impact with regards to whatever application -+// will be consuming the sanitized HTML afterwards, i.e. if you know you put a link in a -+// data attribute and use that to automatically load some new window then you're giving -+// the author of a HTML fragment the means to open a malicious destination automatically. -+// Use with care! -+func (p *Policy) AllowDataAttributes() { -+ p.allowDataAttributes = true -+} -+ -+// AllowNoAttrs says that attributes on element are optional. -+// -+// The attribute policy is only added to the core policy when OnElements(...) -+// are called. -+func (p *Policy) AllowNoAttrs() *attrPolicyBuilder { -+ -+ p.init() -+ -+ abp := attrPolicyBuilder{ -+ p: p, -+ allowEmpty: true, -+ } -+ return &abp -+} -+ -+// AllowNoAttrs says that attributes on element are optional. -+// -+// The attribute policy is only added to the core policy when OnElements(...) -+// are called. -+func (abp *attrPolicyBuilder) AllowNoAttrs() *attrPolicyBuilder { -+ -+ abp.allowEmpty = true -+ -+ return abp -+} -+ -+// Matching allows a regular expression to be applied to a nascent attribute -+// policy, and returns the attribute policy. Calling this more than once will -+// replace the existing regexp. -+func (abp *attrPolicyBuilder) Matching(regex *regexp.Regexp) *attrPolicyBuilder { -+ -+ abp.regexp = regex -+ -+ return abp -+} -+ -+// OnElements will bind an attribute policy to a given range of HTML elements -+// and return the updated policy -+func (abp *attrPolicyBuilder) OnElements(elements ...string) *Policy { -+ -+ for _, element := range elements { -+ element = strings.ToLower(element) -+ -+ for _, attr := range abp.attrNames { -+ -+ if _, ok := abp.p.elsAndAttrs[element]; !ok { -+ abp.p.elsAndAttrs[element] = make(map[string]attrPolicy) -+ } -+ -+ ap := attrPolicy{} -+ if abp.regexp != nil { -+ ap.regexp = abp.regexp -+ } -+ -+ abp.p.elsAndAttrs[element][attr] = ap -+ } -+ -+ if abp.allowEmpty { -+ abp.p.setOfElementsAllowedWithoutAttrs[element] = struct{}{} -+ -+ if _, ok := abp.p.elsAndAttrs[element]; !ok { -+ abp.p.elsAndAttrs[element] = make(map[string]attrPolicy) -+ } -+ } -+ } -+ -+ return abp.p -+} -+ -+// Globally will bind an attribute policy to all HTML elements and return the -+// updated policy -+func (abp *attrPolicyBuilder) Globally() *Policy { -+ -+ for _, attr := range abp.attrNames { -+ if _, ok := abp.p.globalAttrs[attr]; !ok { -+ abp.p.globalAttrs[attr] = attrPolicy{} -+ } -+ -+ ap := attrPolicy{} -+ if abp.regexp != nil { -+ ap.regexp = abp.regexp -+ } -+ -+ abp.p.globalAttrs[attr] = ap -+ } -+ -+ return abp.p -+} -+ -+// AllowElements will append HTML elements to the whitelist without applying an -+// attribute policy to those elements (the elements are permitted -+// sans-attributes) -+func (p *Policy) AllowElements(names ...string) *Policy { -+ p.init() -+ -+ for _, element := range names { -+ element = strings.ToLower(element) -+ -+ if _, ok := p.elsAndAttrs[element]; !ok { -+ p.elsAndAttrs[element] = make(map[string]attrPolicy) -+ } -+ } -+ -+ return p -+} -+ -+// RequireNoFollowOnLinks will result in all <a> tags having a rel="nofollow" -+// added to them if one does not already exist -+// -+// Note: This requires p.RequireParseableURLs(true) and will enable it. -+func (p *Policy) RequireNoFollowOnLinks(require bool) *Policy { -+ -+ p.requireNoFollow = require -+ p.requireParseableURLs = true -+ -+ return p -+} -+ -+// RequireNoFollowOnFullyQualifiedLinks will result in all <a> tags that point -+// to a non-local destination (i.e. starts with a protocol and has a host) -+// having a rel="nofollow" added to them if one does not already exist -+// -+// Note: This requires p.RequireParseableURLs(true) and will enable it. -+func (p *Policy) RequireNoFollowOnFullyQualifiedLinks(require bool) *Policy { -+ -+ p.requireNoFollowFullyQualifiedLinks = require -+ p.requireParseableURLs = true -+ -+ return p -+} -+ -+// AddTargetBlankToFullyQualifiedLinks will result in all <a> tags that point -+// to a non-local destination (i.e. starts with a protocol and has a host) -+// having a target="_blank" added to them if one does not already exist -+// -+// Note: This requires p.RequireParseableURLs(true) and will enable it. -+func (p *Policy) AddTargetBlankToFullyQualifiedLinks(require bool) *Policy { -+ -+ p.addTargetBlankToFullyQualifiedLinks = require -+ p.requireParseableURLs = true -+ -+ return p -+} -+ -+// RequireParseableURLs will result in all URLs requiring that they be parseable -+// by "net/url" url.Parse() -+// This applies to: -+// - a.href -+// - area.href -+// - blockquote.cite -+// - img.src -+// - link.href -+// - script.src -+func (p *Policy) RequireParseableURLs(require bool) *Policy { -+ -+ p.requireParseableURLs = require -+ -+ return p -+} -+ -+// AllowRelativeURLs enables RequireParseableURLs and then permits URLs that -+// are parseable, have no schema information and url.IsAbs() returns false -+// This permits local URLs -+func (p *Policy) AllowRelativeURLs(require bool) *Policy { -+ -+ p.RequireParseableURLs(true) -+ p.allowRelativeURLs = require -+ -+ return p -+} -+ -+// AllowURLSchemes will append URL schemes to the whitelist -+// Example: p.AllowURLSchemes("mailto", "http", "https") -+func (p *Policy) AllowURLSchemes(schemes ...string) *Policy { -+ p.init() -+ -+ p.RequireParseableURLs(true) -+ -+ for _, scheme := range schemes { -+ scheme = strings.ToLower(scheme) -+ -+ // Allow all URLs with matching scheme. -+ p.allowURLSchemes[scheme] = nil -+ } -+ -+ return p -+} -+ -+// AllowURLSchemeWithCustomPolicy will append URL schemes with -+// a custom URL policy to the whitelist. -+// Only the URLs with matching schema and urlPolicy(url) -+// returning true will be allowed. -+func (p *Policy) AllowURLSchemeWithCustomPolicy( -+ scheme string, -+ urlPolicy func(url *url.URL) (allowUrl bool), -+) *Policy { -+ -+ p.init() -+ -+ p.RequireParseableURLs(true) -+ -+ scheme = strings.ToLower(scheme) -+ -+ p.allowURLSchemes[scheme] = urlPolicy -+ -+ return p -+} -+ -+// AddSpaceWhenStrippingTag states whether to add a single space " " when -+// removing tags that are not whitelisted by the policy. -+// -+// This is useful if you expect to strip tags in dense markup and may lose the -+// value of whitespace. -+// -+// For example: "<p>Hello</p><p>World</p>"" would be sanitized to "HelloWorld" -+// with the default value of false, but you may wish to sanitize this to -+// " Hello World " by setting AddSpaceWhenStrippingTag to true as this would -+// retain the intent of the text. -+func (p *Policy) AddSpaceWhenStrippingTag(allow bool) *Policy { -+ -+ p.addSpaces = allow -+ -+ return p -+} -+ -+// SkipElementsContent adds the HTML elements whose tags is needed to be removed -+// with its content. -+func (p *Policy) SkipElementsContent(names ...string) *Policy { -+ -+ p.init() -+ -+ for _, element := range names { -+ element = strings.ToLower(element) -+ -+ if _, ok := p.setOfElementsToSkipContent[element]; !ok { -+ p.setOfElementsToSkipContent[element] = struct{}{} -+ } -+ } -+ -+ return p -+} -+ -+// AllowElementsContent marks the HTML elements whose content should be -+// retained after removing the tag. -+func (p *Policy) AllowElementsContent(names ...string) *Policy { -+ -+ p.init() -+ -+ for _, element := range names { -+ delete(p.setOfElementsToSkipContent, strings.ToLower(element)) -+ } -+ -+ return p -+} -+ -+// addDefaultElementsWithoutAttrs adds the HTML elements that we know are valid -+// without any attributes to an internal map. -+// i.e. we know that <table> is valid, but <bdo> isn't valid as the "dir" attr -+// is mandatory -+func (p *Policy) addDefaultElementsWithoutAttrs() { -+ p.init() -+ -+ p.setOfElementsAllowedWithoutAttrs["abbr"] = struct{}{} -+ p.setOfElementsAllowedWithoutAttrs["acronym"] = struct{}{} -+ p.setOfElementsAllowedWithoutAttrs["address"] = struct{}{} -+ p.setOfElementsAllowedWithoutAttrs["article"] = struct{}{} -+ p.setOfElementsAllowedWithoutAttrs["aside"] = struct{}{} -+ p.setOfElementsAllowedWithoutAttrs["audio"] = struct{}{} -+ p.setOfElementsAllowedWithoutAttrs["b"] = struct{}{} -+ p.setOfElementsAllowedWithoutAttrs["bdi"] = struct{}{} -+ p.setOfElementsAllowedWithoutAttrs["blockquote"] = struct{}{} -+ p.setOfElementsAllowedWithoutAttrs["body"] = struct{}{} -+ p.setOfElementsAllowedWithoutAttrs["br"] = struct{}{} -+ p.setOfElementsAllowedWithoutAttrs["button"] = struct{}{} -+ p.setOfElementsAllowedWithoutAttrs["canvas"] = struct{}{} -+ p.setOfElementsAllowedWithoutAttrs["caption"] = struct{}{} -+ p.setOfElementsAllowedWithoutAttrs["center"] = struct{}{} -+ p.setOfElementsAllowedWithoutAttrs["cite"] = struct{}{} -+ p.setOfElementsAllowedWithoutAttrs["code"] = struct{}{} -+ p.setOfElementsAllowedWithoutAttrs["col"] = struct{}{} -+ p.setOfElementsAllowedWithoutAttrs["colgroup"] = struct{}{} -+ p.setOfElementsAllowedWithoutAttrs["datalist"] = struct{}{} -+ p.setOfElementsAllowedWithoutAttrs["dd"] = struct{}{} -+ p.setOfElementsAllowedWithoutAttrs["del"] = struct{}{} -+ p.setOfElementsAllowedWithoutAttrs["details"] = struct{}{} -+ p.setOfElementsAllowedWithoutAttrs["dfn"] = struct{}{} -+ p.setOfElementsAllowedWithoutAttrs["div"] = struct{}{} -+ p.setOfElementsAllowedWithoutAttrs["dl"] = struct{}{} -+ p.setOfElementsAllowedWithoutAttrs["dt"] = struct{}{} -+ p.setOfElementsAllowedWithoutAttrs["em"] = struct{}{} -+ p.setOfElementsAllowedWithoutAttrs["fieldset"] = struct{}{} -+ p.setOfElementsAllowedWithoutAttrs["figcaption"] = struct{}{} -+ p.setOfElementsAllowedWithoutAttrs["figure"] = struct{}{} -+ p.setOfElementsAllowedWithoutAttrs["footer"] = struct{}{} -+ p.setOfElementsAllowedWithoutAttrs["h1"] = struct{}{} -+ p.setOfElementsAllowedWithoutAttrs["h2"] = struct{}{} -+ p.setOfElementsAllowedWithoutAttrs["h3"] = struct{}{} -+ p.setOfElementsAllowedWithoutAttrs["h4"] = struct{}{} -+ p.setOfElementsAllowedWithoutAttrs["h5"] = struct{}{} -+ p.setOfElementsAllowedWithoutAttrs["h6"] = struct{}{} -+ p.setOfElementsAllowedWithoutAttrs["head"] = struct{}{} -+ p.setOfElementsAllowedWithoutAttrs["header"] = struct{}{} -+ p.setOfElementsAllowedWithoutAttrs["hgroup"] = struct{}{} -+ p.setOfElementsAllowedWithoutAttrs["hr"] = struct{}{} -+ p.setOfElementsAllowedWithoutAttrs["html"] = struct{}{} -+ p.setOfElementsAllowedWithoutAttrs["i"] = struct{}{} -+ p.setOfElementsAllowedWithoutAttrs["ins"] = struct{}{} -+ p.setOfElementsAllowedWithoutAttrs["kbd"] = struct{}{} -+ p.setOfElementsAllowedWithoutAttrs["li"] = struct{}{} -+ p.setOfElementsAllowedWithoutAttrs["mark"] = struct{}{} -+ p.setOfElementsAllowedWithoutAttrs["marquee"] = struct{}{} -+ p.setOfElementsAllowedWithoutAttrs["nav"] = struct{}{} -+ p.setOfElementsAllowedWithoutAttrs["ol"] = struct{}{} -+ p.setOfElementsAllowedWithoutAttrs["optgroup"] = struct{}{} -+ p.setOfElementsAllowedWithoutAttrs["option"] = struct{}{} -+ p.setOfElementsAllowedWithoutAttrs["p"] = struct{}{} -+ p.setOfElementsAllowedWithoutAttrs["pre"] = struct{}{} -+ p.setOfElementsAllowedWithoutAttrs["q"] = struct{}{} -+ p.setOfElementsAllowedWithoutAttrs["rp"] = struct{}{} -+ p.setOfElementsAllowedWithoutAttrs["rt"] = struct{}{} -+ p.setOfElementsAllowedWithoutAttrs["ruby"] = struct{}{} -+ p.setOfElementsAllowedWithoutAttrs["s"] = struct{}{} -+ p.setOfElementsAllowedWithoutAttrs["samp"] = struct{}{} -+ p.setOfElementsAllowedWithoutAttrs["script"] = struct{}{} -+ p.setOfElementsAllowedWithoutAttrs["section"] = struct{}{} -+ p.setOfElementsAllowedWithoutAttrs["select"] = struct{}{} -+ p.setOfElementsAllowedWithoutAttrs["small"] = struct{}{} -+ p.setOfElementsAllowedWithoutAttrs["span"] = struct{}{} -+ p.setOfElementsAllowedWithoutAttrs["strike"] = struct{}{} -+ p.setOfElementsAllowedWithoutAttrs["strong"] = struct{}{} -+ p.setOfElementsAllowedWithoutAttrs["style"] = struct{}{} -+ p.setOfElementsAllowedWithoutAttrs["sub"] = struct{}{} -+ p.setOfElementsAllowedWithoutAttrs["summary"] = struct{}{} -+ p.setOfElementsAllowedWithoutAttrs["sup"] = struct{}{} -+ p.setOfElementsAllowedWithoutAttrs["svg"] = struct{}{} -+ p.setOfElementsAllowedWithoutAttrs["table"] = struct{}{} -+ p.setOfElementsAllowedWithoutAttrs["tbody"] = struct{}{} -+ p.setOfElementsAllowedWithoutAttrs["td"] = struct{}{} -+ p.setOfElementsAllowedWithoutAttrs["textarea"] = struct{}{} -+ p.setOfElementsAllowedWithoutAttrs["tfoot"] = struct{}{} -+ p.setOfElementsAllowedWithoutAttrs["th"] = struct{}{} -+ p.setOfElementsAllowedWithoutAttrs["thead"] = struct{}{} -+ p.setOfElementsAllowedWithoutAttrs["title"] = struct{}{} -+ p.setOfElementsAllowedWithoutAttrs["time"] = struct{}{} -+ p.setOfElementsAllowedWithoutAttrs["tr"] = struct{}{} -+ p.setOfElementsAllowedWithoutAttrs["tt"] = struct{}{} -+ p.setOfElementsAllowedWithoutAttrs["u"] = struct{}{} -+ p.setOfElementsAllowedWithoutAttrs["ul"] = struct{}{} -+ p.setOfElementsAllowedWithoutAttrs["var"] = struct{}{} -+ p.setOfElementsAllowedWithoutAttrs["video"] = struct{}{} -+ p.setOfElementsAllowedWithoutAttrs["wbr"] = struct{}{} -+ -+} -+ -+// addDefaultSkipElementContent adds the HTML elements that we should skip -+// rendering the character content of, if the element itself is not allowed. -+// This is all character data that the end user would not normally see. -+// i.e. if we exclude a <script> tag then we shouldn't render the JavaScript or -+// anything else until we encounter the closing </script> tag. -+func (p *Policy) addDefaultSkipElementContent() { -+ p.init() -+ -+ p.setOfElementsToSkipContent["frame"] = struct{}{} -+ p.setOfElementsToSkipContent["frameset"] = struct{}{} -+ p.setOfElementsToSkipContent["iframe"] = struct{}{} -+ p.setOfElementsToSkipContent["noembed"] = struct{}{} -+ p.setOfElementsToSkipContent["noframes"] = struct{}{} -+ p.setOfElementsToSkipContent["noscript"] = struct{}{} -+ p.setOfElementsToSkipContent["nostyle"] = struct{}{} -+ p.setOfElementsToSkipContent["object"] = struct{}{} -+ p.setOfElementsToSkipContent["script"] = struct{}{} -+ p.setOfElementsToSkipContent["style"] = struct{}{} -+ p.setOfElementsToSkipContent["title"] = struct{}{} -+} -diff --git a/vendor/github.com/microcosm-cc/bluemonday/sanitize.go b/vendor/github.com/microcosm-cc/bluemonday/sanitize.go -new file mode 100644 -index 00000000..65ed89b7 ---- /dev/null -+++ b/vendor/github.com/microcosm-cc/bluemonday/sanitize.go -@@ -0,0 +1,581 @@ -+// Copyright (c) 2014, David Kitchen <david@buro9.com> -+// -+// All rights reserved. -+// -+// Redistribution and use in source and binary forms, with or without -+// modification, are permitted provided that the following conditions are met: -+// -+// * Redistributions of source code must retain the above copyright notice, this -+// list of conditions and the following disclaimer. -+// -+// * Redistributions in binary form must reproduce the above copyright notice, -+// this list of conditions and the following disclaimer in the documentation -+// and/or other materials provided with the distribution. -+// -+// * Neither the name of the organisation (Microcosm) nor the names of its -+// contributors may be used to endorse or promote products derived from -+// this software without specific prior written permission. -+// -+// THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" -+// AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE -+// IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE -+// DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE -+// FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL -+// DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR -+// SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER -+// CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, -+// OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE -+// OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. -+ -+package bluemonday -+ -+import ( -+ "bytes" -+ "io" -+ "net/url" -+ "regexp" -+ "strings" -+ -+ "golang.org/x/net/html" -+) -+ -+var ( -+ dataAttribute = regexp.MustCompile("^data-.+") -+ dataAttributeXMLPrefix = regexp.MustCompile("^xml.+") -+ dataAttributeInvalidChars = regexp.MustCompile("[A-Z;]+") -+) -+ -+// Sanitize takes a string that contains a HTML fragment or document and applies -+// the given policy whitelist. -+// -+// It returns a HTML string that has been sanitized by the policy or an empty -+// string if an error has occurred (most likely as a consequence of extremely -+// malformed input) -+func (p *Policy) Sanitize(s string) string { -+ if strings.TrimSpace(s) == "" { -+ return s -+ } -+ -+ return p.sanitize(strings.NewReader(s)).String() -+} -+ -+// SanitizeBytes takes a []byte that contains a HTML fragment or document and applies -+// the given policy whitelist. -+// -+// It returns a []byte containing the HTML that has been sanitized by the policy -+// or an empty []byte if an error has occurred (most likely as a consequence of -+// extremely malformed input) -+func (p *Policy) SanitizeBytes(b []byte) []byte { -+ if len(bytes.TrimSpace(b)) == 0 { -+ return b -+ } -+ -+ return p.sanitize(bytes.NewReader(b)).Bytes() -+} -+ -+// SanitizeReader takes an io.Reader that contains a HTML fragment or document -+// and applies the given policy whitelist. -+// -+// It returns a bytes.Buffer containing the HTML that has been sanitized by the -+// policy. Errors during sanitization will merely return an empty result. -+func (p *Policy) SanitizeReader(r io.Reader) *bytes.Buffer { -+ return p.sanitize(r) -+} -+ -+// Performs the actual sanitization process. -+func (p *Policy) sanitize(r io.Reader) *bytes.Buffer { -+ -+ // It is possible that the developer has created the policy via: -+ // p := bluemonday.Policy{} -+ // rather than: -+ // p := bluemonday.NewPolicy() -+ // If this is the case, and if they haven't yet triggered an action that -+ // would initiliaze the maps, then we need to do that. -+ p.init() -+ -+ var ( -+ buff bytes.Buffer -+ skipElementContent bool -+ skippingElementsCount int64 -+ skipClosingTag bool -+ closingTagToSkipStack []string -+ mostRecentlyStartedToken string -+ ) -+ -+ tokenizer := html.NewTokenizer(r) -+ for { -+ if tokenizer.Next() == html.ErrorToken { -+ err := tokenizer.Err() -+ if err == io.EOF { -+ // End of input means end of processing -+ return &buff -+ } -+ -+ // Raw tokenizer error -+ return &bytes.Buffer{} -+ } -+ -+ token := tokenizer.Token() -+ switch token.Type { -+ case html.DoctypeToken: -+ -+ // DocType is not handled as there is no safe parsing mechanism -+ // provided by golang.org/x/net/html for the content, and this can -+ // be misused to insert HTML tags that are not then sanitized -+ // -+ // One might wish to recursively sanitize here using the same policy -+ // but I will need to do some further testing before considering -+ // this. -+ -+ case html.CommentToken: -+ -+ // Comments are ignored by default -+ -+ case html.StartTagToken: -+ -+ mostRecentlyStartedToken = token.Data -+ -+ aps, ok := p.elsAndAttrs[token.Data] -+ if !ok { -+ if _, ok := p.setOfElementsToSkipContent[token.Data]; ok { -+ skipElementContent = true -+ skippingElementsCount++ -+ } -+ if p.addSpaces { -+ buff.WriteString(" ") -+ } -+ break -+ } -+ -+ if len(token.Attr) != 0 { -+ token.Attr = p.sanitizeAttrs(token.Data, token.Attr, aps) -+ } -+ -+ if len(token.Attr) == 0 { -+ if !p.allowNoAttrs(token.Data) { -+ skipClosingTag = true -+ closingTagToSkipStack = append(closingTagToSkipStack, token.Data) -+ if p.addSpaces { -+ buff.WriteString(" ") -+ } -+ break -+ } -+ } -+ -+ if !skipElementContent { -+ buff.WriteString(token.String()) -+ } -+ -+ case html.EndTagToken: -+ -+ if mostRecentlyStartedToken == token.Data { -+ mostRecentlyStartedToken = "" -+ } -+ -+ if skipClosingTag && closingTagToSkipStack[len(closingTagToSkipStack)-1] == token.Data { -+ closingTagToSkipStack = closingTagToSkipStack[:len(closingTagToSkipStack)-1] -+ if len(closingTagToSkipStack) == 0 { -+ skipClosingTag = false -+ } -+ if p.addSpaces { -+ buff.WriteString(" ") -+ } -+ break -+ } -+ -+ if _, ok := p.elsAndAttrs[token.Data]; !ok { -+ if _, ok := p.setOfElementsToSkipContent[token.Data]; ok { -+ skippingElementsCount-- -+ if skippingElementsCount == 0 { -+ skipElementContent = false -+ } -+ } -+ if p.addSpaces { -+ buff.WriteString(" ") -+ } -+ break -+ } -+ -+ if !skipElementContent { -+ buff.WriteString(token.String()) -+ } -+ -+ case html.SelfClosingTagToken: -+ -+ aps, ok := p.elsAndAttrs[token.Data] -+ if !ok { -+ if p.addSpaces { -+ buff.WriteString(" ") -+ } -+ break -+ } -+ -+ if len(token.Attr) != 0 { -+ token.Attr = p.sanitizeAttrs(token.Data, token.Attr, aps) -+ } -+ -+ if len(token.Attr) == 0 && !p.allowNoAttrs(token.Data) { -+ if p.addSpaces { -+ buff.WriteString(" ") -+ } -+ break -+ } -+ -+ if !skipElementContent { -+ buff.WriteString(token.String()) -+ } -+ -+ case html.TextToken: -+ -+ if !skipElementContent { -+ switch mostRecentlyStartedToken { -+ case "script": -+ // not encouraged, but if a policy allows JavaScript we -+ // should not HTML escape it as that would break the output -+ buff.WriteString(token.Data) -+ case "style": -+ // not encouraged, but if a policy allows CSS styles we -+ // should not HTML escape it as that would break the output -+ buff.WriteString(token.Data) -+ default: -+ // HTML escape the text -+ buff.WriteString(token.String()) -+ } -+ } -+ default: -+ // A token that didn't exist in the html package when we wrote this -+ return &bytes.Buffer{} -+ } -+ } -+} -+ -+// sanitizeAttrs takes a set of element attribute policies and the global -+// attribute policies and applies them to the []html.Attribute returning a set -+// of html.Attributes that match the policies -+func (p *Policy) sanitizeAttrs( -+ elementName string, -+ attrs []html.Attribute, -+ aps map[string]attrPolicy, -+) []html.Attribute { -+ -+ if len(attrs) == 0 { -+ return attrs -+ } -+ -+ // Builds a new attribute slice based on the whether the attribute has been -+ // whitelisted explicitly or globally. -+ cleanAttrs := []html.Attribute{} -+ for _, htmlAttr := range attrs { -+ if p.allowDataAttributes { -+ // If we see a data attribute, let it through. -+ if isDataAttribute(htmlAttr.Key) { -+ cleanAttrs = append(cleanAttrs, htmlAttr) -+ continue -+ } -+ } -+ // Is there an element specific attribute policy that applies? -+ if ap, ok := aps[htmlAttr.Key]; ok { -+ if ap.regexp != nil { -+ if ap.regexp.MatchString(htmlAttr.Val) { -+ cleanAttrs = append(cleanAttrs, htmlAttr) -+ continue -+ } -+ } else { -+ cleanAttrs = append(cleanAttrs, htmlAttr) -+ continue -+ } -+ } -+ -+ // Is there a global attribute policy that applies? -+ if ap, ok := p.globalAttrs[htmlAttr.Key]; ok { -+ -+ if ap.regexp != nil { -+ if ap.regexp.MatchString(htmlAttr.Val) { -+ cleanAttrs = append(cleanAttrs, htmlAttr) -+ } -+ } else { -+ cleanAttrs = append(cleanAttrs, htmlAttr) -+ } -+ } -+ } -+ -+ if len(cleanAttrs) == 0 { -+ // If nothing was allowed, let's get out of here -+ return cleanAttrs -+ } -+ // cleanAttrs now contains the attributes that are permitted -+ -+ if linkable(elementName) { -+ if p.requireParseableURLs { -+ // Ensure URLs are parseable: -+ // - a.href -+ // - area.href -+ // - link.href -+ // - blockquote.cite -+ // - q.cite -+ // - img.src -+ // - script.src -+ tmpAttrs := []html.Attribute{} -+ for _, htmlAttr := range cleanAttrs { -+ switch elementName { -+ case "a", "area", "link": -+ if htmlAttr.Key == "href" { -+ if u, ok := p.validURL(htmlAttr.Val); ok { -+ htmlAttr.Val = u -+ tmpAttrs = append(tmpAttrs, htmlAttr) -+ } -+ break -+ } -+ tmpAttrs = append(tmpAttrs, htmlAttr) -+ case "blockquote", "q": -+ if htmlAttr.Key == "cite" { -+ if u, ok := p.validURL(htmlAttr.Val); ok { -+ htmlAttr.Val = u -+ tmpAttrs = append(tmpAttrs, htmlAttr) -+ } -+ break -+ } -+ tmpAttrs = append(tmpAttrs, htmlAttr) -+ case "img", "script": -+ if htmlAttr.Key == "src" { -+ if u, ok := p.validURL(htmlAttr.Val); ok { -+ htmlAttr.Val = u -+ tmpAttrs = append(tmpAttrs, htmlAttr) -+ } -+ break -+ } -+ tmpAttrs = append(tmpAttrs, htmlAttr) -+ default: -+ tmpAttrs = append(tmpAttrs, htmlAttr) -+ } -+ } -+ cleanAttrs = tmpAttrs -+ } -+ -+ if (p.requireNoFollow || -+ p.requireNoFollowFullyQualifiedLinks || -+ p.addTargetBlankToFullyQualifiedLinks) && -+ len(cleanAttrs) > 0 { -+ -+ // Add rel="nofollow" if a "href" exists -+ switch elementName { -+ case "a", "area", "link": -+ var hrefFound bool -+ var externalLink bool -+ for _, htmlAttr := range cleanAttrs { -+ if htmlAttr.Key == "href" { -+ hrefFound = true -+ -+ u, err := url.Parse(htmlAttr.Val) -+ if err != nil { -+ continue -+ } -+ if u.Host != "" { -+ externalLink = true -+ } -+ -+ continue -+ } -+ } -+ -+ if hrefFound { -+ var ( -+ noFollowFound bool -+ targetBlankFound bool -+ ) -+ -+ addNoFollow := (p.requireNoFollow || -+ externalLink && p.requireNoFollowFullyQualifiedLinks) -+ -+ addTargetBlank := (externalLink && -+ p.addTargetBlankToFullyQualifiedLinks) -+ -+ tmpAttrs := []html.Attribute{} -+ for _, htmlAttr := range cleanAttrs { -+ -+ var appended bool -+ if htmlAttr.Key == "rel" && addNoFollow { -+ -+ if strings.Contains(htmlAttr.Val, "nofollow") { -+ noFollowFound = true -+ tmpAttrs = append(tmpAttrs, htmlAttr) -+ appended = true -+ } else { -+ htmlAttr.Val += " nofollow" -+ noFollowFound = true -+ tmpAttrs = append(tmpAttrs, htmlAttr) -+ appended = true -+ } -+ } -+ -+ if elementName == "a" && htmlAttr.Key == "target" { -+ if htmlAttr.Val == "_blank" { -+ targetBlankFound = true -+ } -+ if addTargetBlank && !targetBlankFound { -+ htmlAttr.Val = "_blank" -+ targetBlankFound = true -+ tmpAttrs = append(tmpAttrs, htmlAttr) -+ appended = true -+ } -+ } -+ -+ if !appended { -+ tmpAttrs = append(tmpAttrs, htmlAttr) -+ } -+ } -+ if noFollowFound || targetBlankFound { -+ cleanAttrs = tmpAttrs -+ } -+ -+ if addNoFollow && !noFollowFound { -+ rel := html.Attribute{} -+ rel.Key = "rel" -+ rel.Val = "nofollow" -+ cleanAttrs = append(cleanAttrs, rel) -+ } -+ -+ if elementName == "a" && addTargetBlank && !targetBlankFound { -+ rel := html.Attribute{} -+ rel.Key = "target" -+ rel.Val = "_blank" -+ targetBlankFound = true -+ cleanAttrs = append(cleanAttrs, rel) -+ } -+ -+ if targetBlankFound { -+ // target="_blank" has a security risk that allows the -+ // opened window/tab to issue JavaScript calls against -+ // window.opener, which in effect allow the destination -+ // of the link to control the source: -+ // https://dev.to/ben/the-targetblank-vulnerability-by-example -+ // -+ // To mitigate this risk, we need to add a specific rel -+ // attribute if it is not already present. -+ // rel="noopener" -+ // -+ // Unfortunately this is processing the rel twice (we -+ // already looked at it earlier ^^) as we cannot be sure -+ // of the ordering of the href and rel, and whether we -+ // have fully satisfied that we need to do this. This -+ // double processing only happens *if* target="_blank" -+ // is true. -+ var noOpenerAdded bool -+ tmpAttrs := []html.Attribute{} -+ for _, htmlAttr := range cleanAttrs { -+ var appended bool -+ if htmlAttr.Key == "rel" { -+ if strings.Contains(htmlAttr.Val, "noopener") { -+ noOpenerAdded = true -+ tmpAttrs = append(tmpAttrs, htmlAttr) -+ } else { -+ htmlAttr.Val += " noopener" -+ noOpenerAdded = true -+ tmpAttrs = append(tmpAttrs, htmlAttr) -+ } -+ -+ appended = true -+ } -+ if !appended { -+ tmpAttrs = append(tmpAttrs, htmlAttr) -+ } -+ } -+ if noOpenerAdded { -+ cleanAttrs = tmpAttrs -+ } else { -+ // rel attr was not found, or else noopener would -+ // have been added already -+ rel := html.Attribute{} -+ rel.Key = "rel" -+ rel.Val = "noopener" -+ cleanAttrs = append(cleanAttrs, rel) -+ } -+ -+ } -+ } -+ default: -+ } -+ } -+ } -+ -+ return cleanAttrs -+} -+ -+func (p *Policy) allowNoAttrs(elementName string) bool { -+ _, ok := p.setOfElementsAllowedWithoutAttrs[elementName] -+ return ok -+} -+ -+func (p *Policy) validURL(rawurl string) (string, bool) { -+ if p.requireParseableURLs { -+ // URLs are valid if when space is trimmed the URL is valid -+ rawurl = strings.TrimSpace(rawurl) -+ -+ // URLs cannot contain whitespace, unless it is a data-uri -+ if (strings.Contains(rawurl, " ") || -+ strings.Contains(rawurl, "\t") || -+ strings.Contains(rawurl, "\n")) && -+ !strings.HasPrefix(rawurl, `data:`) { -+ return "", false -+ } -+ -+ // URLs are valid if they parse -+ u, err := url.Parse(rawurl) -+ if err != nil { -+ return "", false -+ } -+ -+ if u.Scheme != "" { -+ -+ urlPolicy, ok := p.allowURLSchemes[u.Scheme] -+ if !ok { -+ return "", false -+ -+ } -+ -+ if urlPolicy == nil || urlPolicy(u) == true { -+ return u.String(), true -+ } -+ -+ return "", false -+ } -+ -+ if p.allowRelativeURLs { -+ if u.String() != "" { -+ return u.String(), true -+ } -+ } -+ -+ return "", false -+ } -+ -+ return rawurl, true -+} -+ -+func linkable(elementName string) bool { -+ switch elementName { -+ case "a", "area", "blockquote", "img", "link", "script": -+ return true -+ default: -+ return false -+ } -+} -+ -+func isDataAttribute(val string) bool { -+ if !dataAttribute.MatchString(val) { -+ return false -+ } -+ rest := strings.Split(val, "data-") -+ if len(rest) == 1 { -+ return false -+ } -+ // data-xml* is invalid. -+ if dataAttributeXMLPrefix.MatchString(rest[1]) { -+ return false -+ } -+ // no uppercase or semi-colons allowed. -+ if dataAttributeInvalidChars.MatchString(rest[1]) { -+ return false -+ } -+ return true -+} -diff --git a/vendor/modules.txt b/vendor/modules.txt -index 0bae0d5d..ff6a5d78 100644 ---- a/vendor/modules.txt -+++ b/vendor/modules.txt -@@ -49,6 +49,8 @@ github.com/lib/pq/oid - github.com/lib/pq/scram - # github.com/mb0/diff v0.0.0-20131118162322-d8d9a906c24d - github.com/mb0/diff -+# github.com/microcosm-cc/bluemonday v1.0.2 -+github.com/microcosm-cc/bluemonday - # github.com/nu7hatch/gouuid v0.0.0-20131221200532-179d4d0c4d8d - github.com/nu7hatch/gouuid - # github.com/pkg/errors v0.8.0 diff --git a/pkgs/servers/etcd/3.4.nix b/pkgs/servers/etcd/3.4.nix index 4ceb9451b73f..699ec033d3f3 100644 --- a/pkgs/servers/etcd/3.4.nix +++ b/pkgs/servers/etcd/3.4.nix @@ -2,15 +2,18 @@ buildGoModule rec { pname = "etcd"; - version = "3.4.8"; + version = "3.4.9"; - vendorSha256 = null; + #vendorSha256 = null; revert to `null` for > 3.4.9 + + vendorSha256 = "1fhrycl8m8ddb7mwasbyfiwrl4d9lfdk7zd3mxb7ahkipdp2c94z"; + deleteVendor = true; src = fetchFromGitHub { owner = "etcd-io"; repo = "etcd"; rev = "v${version}"; - sha256 = "0kx36kq6a7i3cja3wp9mwbnar752pz8c0n2fcvwyzi6l6ph6alx7"; + sha256 = "16l4wmnm7mkhpb2vzf6xnhhyx6lj8xx3z6x1bfs05idajnrw824p"; }; buildPhase = '' diff --git a/pkgs/servers/etcd/default.nix b/pkgs/servers/etcd/default.nix index 19e2f720e520..4c0df659f3ed 100644 --- a/pkgs/servers/etcd/default.nix +++ b/pkgs/servers/etcd/default.nix @@ -2,7 +2,7 @@ buildGoPackage rec { pname = "etcd"; - version = "3.3.21"; + version = "3.3.22"; goPackagePath = "github.com/coreos/etcd"; @@ -10,7 +10,7 @@ buildGoPackage rec { owner = "etcd-io"; repo = "etcd"; rev = "v${version}"; - sha256 = "1xrhkynach3c7wsfac6zlpi5n1hy3y75vyimvw2zl7ryhm00413s"; + sha256 = "1rd390qfx9k20j9gh1wp1g9ygc571f2kv1dg2wvqij3kwydhymcj"; }; buildPhase = '' diff --git a/pkgs/servers/home-assistant/cli.nix b/pkgs/servers/home-assistant/cli.nix index 17e5559821ed..6b7758dd5e13 100644 --- a/pkgs/servers/home-assistant/cli.nix +++ b/pkgs/servers/home-assistant/cli.nix @@ -2,11 +2,11 @@ python3.pkgs.buildPythonApplication rec { pname = "homeassistant-cli"; - version = "0.8.0"; + version = "0.9.1"; src = python3.pkgs.fetchPypi { inherit pname version; - sha256 = "0qq42b2a0rlrzaxwf3zqks5gzgv0hf4pz4yjjl6ldnizw8fcj40n"; + sha256 = "1a31ky2p5w8byf0bjgma6xi328jj690qqksm3dwbi3v8dpqvghgf"; }; postPatch = '' diff --git a/pkgs/servers/kapow/default.nix b/pkgs/servers/kapow/default.nix new file mode 100644 index 000000000000..1990dba381da --- /dev/null +++ b/pkgs/servers/kapow/default.nix @@ -0,0 +1,26 @@ +{ stdenv, buildGoModule, fetchFromGitHub }: + +buildGoModule rec { + pname = "kapow"; + version = "0.5.3"; + + goPackagePath = "github.com/BBVA/kapow"; + + subPackages = [ "." ]; + + src = fetchFromGitHub { + owner = "BBVA"; + repo = pname; + rev = "v${version}"; + sha256 = "0m5b9lvg5d908d27khyx9p3567pap1b2mxl8fk7cxhb51r89jypj"; + }; + + vendorSha256 = "159s46rhg67mgglaxgddx3k8kssl0cqiq8yjdqgjhhxppf16r7dy"; + + meta = with stdenv.lib; { + homepage = "https://github.com/BBVA/kapow"; + description = "Expose command-line tools over HTTP"; + license = licenses.asl20; + maintainers = with maintainers; [ nilp0inter ]; + }; +} diff --git a/pkgs/servers/mautrix-whatsapp/default.nix b/pkgs/servers/mautrix-whatsapp/default.nix index dea3d7b1b238..1ee491acebef 100644 --- a/pkgs/servers/mautrix-whatsapp/default.nix +++ b/pkgs/servers/mautrix-whatsapp/default.nix @@ -1,32 +1,19 @@ -{ stdenv, buildGoModule, fetchFromGitHub }: +{ stdenv, buildGoModule, fetchFromGitHub, olm }: -let -webp = fetchFromGitHub { - owner = "chai2010"; - repo = "webp"; - rev = "19c584e49a98c31e2138c82fd0108435cd80d182"; - sha256 = "1bqf1ifsfw5dwvnc9vl3dhp775qv5hgl34219lvnja0bj6pq5zks"; -}; -in buildGoModule { pname = "mautrix-whatsapp-unstable"; - version = "2020-04-21-1"; + version = "2020-05-21"; src = fetchFromGitHub { owner = "tulir"; repo = "mautrix-whatsapp"; - rev = "e0aea74abf090bc9dc499332b28bf03640c162f8"; - sha256 = "1gayjyh0x0axc1xak38zkdhvx6fy8pwlniqsirqy2mwcgkkll9i5"; + rev = "b4949eec5982643502bb9787cf5e2872a78807c1"; + sha256 = "1hjqxqfza6r7fsxr4fgwhfdwjzligxk416692xi4pavd5krfxxmd"; }; - vendorSha256 = "0j397zyjs7v5q2jjd3l0wz4lh1fh45whgxjp7cwgc332ch9j2010"; + buildInputs = [ olm ]; - overrideModAttrs = (_: { - postBuild = '' - rm -r vendor/github.com/chai2010/webp - cp -r --reflink=auto ${webp} vendor/github.com/chai2010/webp - ''; - }); + vendorSha256 = "0ix65b48cpx6vkqmjizzij7zl8h2kjkfsa0s42vnmjdlmsv7yn42"; meta = with stdenv.lib; { homepage = "https://github.com/tulir/mautrix-whatsapp"; @@ -34,4 +21,4 @@ buildGoModule { license = licenses.agpl3; maintainers = with maintainers; [ vskilet ma27 ]; }; -} \ No newline at end of file +} diff --git a/pkgs/servers/memcached/default.nix b/pkgs/servers/memcached/default.nix index fb284970af06..58276ff8632d 100644 --- a/pkgs/servers/memcached/default.nix +++ b/pkgs/servers/memcached/default.nix @@ -1,12 +1,12 @@ {stdenv, fetchurl, cyrus_sasl, libevent, nixosTests }: stdenv.mkDerivation rec { - version = "1.6.5"; + version = "1.6.6"; pname = "memcached"; src = fetchurl { url = "https://memcached.org/files/${pname}-${version}.tar.gz"; - sha256 = "1pr7igk7ic9wc2yax26wy3ar223vilf2qyzrknz36g61dxqa6k8z"; + sha256 = "1xrj7vy05nc6bky4wnrmrbxfibvk5vq4dp2fwk4jk4amzbn0x3wh"; }; configureFlags = [ diff --git a/pkgs/servers/openafs/1.8/module.nix b/pkgs/servers/openafs/1.8/module.nix index 4aecc851b860..d998784b3faa 100644 --- a/pkgs/servers/openafs/1.8/module.nix +++ b/pkgs/servers/openafs/1.8/module.nix @@ -1,7 +1,9 @@ { stdenv, fetchurl, which, autoconf, automake, flex, yacc , kernel, glibc, perl, libtool_2, kerberos, fetchpatch }: -with (import ./srcs.nix { inherit fetchurl; }); +with (import ./srcs.nix { + inherit fetchurl; +}); let modDestDir = "$out/lib/modules/${kernel.modDirVersion}/extra/openafs"; @@ -16,6 +18,22 @@ in stdenv.mkDerivation { buildInputs = [ kerberos ]; + patches = [ + # openafs 5.6 patches, included in the next release + (fetchpatch { + url = "https://github.com/openafs/openafs/commit/34f1689b7288688550119638ee9959e453fde414.patch"; + sha256 = "0rxjqzr8c5ajlk8wrhgjc1qp1934qiriqdi0qxsnk4gj5ibbk4d5"; + }) + (fetchpatch { + url = "https://github.com/openafs/openafs/commit/355ea43f0d1b7feae1b3af58bc33af12838db7c3.patch"; + sha256 = "1f9xn8ql6vnxglpj3dvi30sj8vkncazjab2rc13hbw48nvsvcnhm"; + }) + (fetchpatch { + url = "https://github.com/openafs/openafs/commit/17d38e31e6f2e237a7fb4dfb46841060296310b6.patch"; + sha256 = "14dydxfm0f5fvnj0kmvgm3bgh0ajhh04i3l7l0hr9cpmwl7vrlcg"; + }) + ]; + hardeningDisable = [ "pic" ]; configureFlags = [ diff --git a/pkgs/servers/samba/4.x.nix b/pkgs/servers/samba/4.x.nix index 300d341cf880..0aae779106a5 100644 --- a/pkgs/servers/samba/4.x.nix +++ b/pkgs/servers/samba/4.x.nix @@ -24,6 +24,7 @@ , libtasn1 , tdb , cmocka +, nixosTests , enableLDAP ? false, openldap , enablePrinting ? false, cups @@ -42,11 +43,11 @@ with stdenv.lib; stdenv.mkDerivation rec { pname = "samba"; - version = "4.12.2"; + version = "4.12.3"; src = fetchurl { url = "mirror://samba/pub/samba/stable/${pname}-${version}.tar.gz"; - sha256 = "0l514s2xhsy1lspzgvibbzs80zi84zxr2wx4d40hq85yb2lg5434"; + sha256 = "09w7aap1cjc41ayhaksm1igc7p7gl40fad4a1l6q4ds9a2jbrb9z"; }; outputs = [ "out" "dev" "man" ]; @@ -148,6 +149,10 @@ stdenv.mkDerivation rec { find $out -type f -name \*.so -exec $SHELL -c "$SCRIPT" \; ''; + passthru = { + tests.samba = nixosTests.samba; + }; + meta = with stdenv.lib; { homepage = "https://www.samba.org"; description = "The standard Windows interoperability suite of programs for Linux and Unix"; diff --git a/pkgs/servers/ser2net/default.nix b/pkgs/servers/ser2net/default.nix index e18d96013e40..bbfb0315d9ef 100644 --- a/pkgs/servers/ser2net/default.nix +++ b/pkgs/servers/ser2net/default.nix @@ -1,17 +1,17 @@ -{ stdenv, lib, fetchFromGitHub, gensio, libyaml, autoreconfHook }: +{ stdenv, lib, fetchFromGitHub, gensio, libyaml, autoreconfHook, pkgconfig }: stdenv.mkDerivation rec { pname = "ser2net"; - version = "4.1.1"; + version = "4.1.8"; src = fetchFromGitHub { owner = "cminyard"; repo = "${pname}"; rev = "v${version}"; - sha256 = "1zl68mmd7pp10cjv1jk8rs2dlbwvzskyb58qvc7ph7vc6957lfhc"; + sha256 = "0xxxxlfi4wln2l86ybdsc42qcj37mnac2s2baj6s7mqri8alaa14"; }; - buildInputs = [ autoreconfHook gensio libyaml ]; + buildInputs = [ pkgconfig autoreconfHook gensio libyaml ]; meta = with lib; { description = "Serial to network connection server"; diff --git a/pkgs/servers/sql/postgresql/ext/pg_partman.nix b/pkgs/servers/sql/postgresql/ext/pg_partman.nix index 314e9275c8c3..9a289919558c 100644 --- a/pkgs/servers/sql/postgresql/ext/pg_partman.nix +++ b/pkgs/servers/sql/postgresql/ext/pg_partman.nix @@ -2,7 +2,7 @@ stdenv.mkDerivation rec { pname = "pg_partman"; - version = "4.3.1"; + version = "4.4.0"; buildInputs = [ postgresql ]; @@ -10,7 +10,7 @@ stdenv.mkDerivation rec { owner = "pgpartman"; repo = pname; rev = "refs/tags/v${version}"; - sha256 = "12mfydlva05dczjhrw14xq9zr0hqqyszlwivvq2zj9h1p9agm7fn"; + sha256 = "0wr2nivp0b8vk355rnv4bygiashq98q9zhfgdbxzhm7bgxd01rk2"; }; installPhase = '' diff --git a/pkgs/servers/web-apps/moodle/default.nix b/pkgs/servers/web-apps/moodle/default.nix index 98bd8e0027f4..62de7620c5e4 100644 --- a/pkgs/servers/web-apps/moodle/default.nix +++ b/pkgs/servers/web-apps/moodle/default.nix @@ -1,7 +1,7 @@ { stdenv, fetchurl, writeText }: let - version = "3.8.2"; + version = "3.8.3"; stableVersion = builtins.substring 0 2 (builtins.replaceStrings ["."] [""] version); in @@ -11,7 +11,7 @@ stdenv.mkDerivation rec { src = fetchurl { url = "https://download.moodle.org/stable${stableVersion}/${pname}-${version}.tgz"; - sha256 = "134vxsbslk7sfalmgcp744aygaxz2k080d14j8nkivk9zhplds53"; + sha256 = "1anjv4gvbb6833j04a1b4aaysnl4h0x96sr1hhm4nm5kq2fimjd1"; }; phpConfig = writeText "config.php" '' diff --git a/pkgs/servers/web-apps/sogo/default.nix b/pkgs/servers/web-apps/sogo/default.nix new file mode 100644 index 000000000000..3e78b5d9d436 --- /dev/null +++ b/pkgs/servers/web-apps/sogo/default.nix @@ -0,0 +1,76 @@ +{ gnustep, lib, fetchFromGitHub, fetchpatch, makeWrapper, python2, lndir +, openssl_1_1, openldap, sope, libmemcached, curl }: with lib; gnustep.stdenv.mkDerivation rec { + pname = "SOGo"; + version = "4.3.2"; + + src = fetchFromGitHub { + owner = "inverse-inc"; + repo = pname; + rev = "SOGo-${version}"; + sha256 = "1xxad23a8zy6w850x5nrrf54db0x73lc9drmc5kpfk870fk2lmr0"; + }; + + nativeBuildInputs = [ gnustep.make makeWrapper python2 ]; + buildInputs = [ gnustep.base sope openssl_1_1 libmemcached (curl.override { openssl = openssl_1_1; }) ] + ++ optional (openldap != null) openldap; + + patches = [ + # TODO: take a closer look at other patches in https://sources.debian.org/patches/sogo/ and https://github.com/Skrupellos/sogo-patches + (fetchpatch { + url = "https://sources.debian.org/data/main/s/sogo/4.3.0-1/debian/patches/0005-Remove-build-date.patch"; + sha256 = "0lrh3bkfj3r0brahfkyb0g7zx7r2jjd5cxzjl43nqla0fs09wsh8"; + }) + ]; + + postPatch = '' + # Exclude NIX_ variables + sed -i 's/grep GNUSTEP_/grep ^GNUSTEP_/g' configure + + # Disable argument verification because $out is not a GNUStep prefix + sed -i 's/^validateArgs$//g' configure + + # Patch exception-generating python scripts + patchShebangs . + + # Move all GNUStep makefiles to a common directory + mkdir -p makefiles + cp -r {${gnustep.make},${sope}}/share/GNUstep/Makefiles/* makefiles + + # Modify the search path for GNUStep makefiles + find . -type f -name GNUmakefile -exec sed -i "s:\\$.GNUSTEP_MAKEFILES.:$PWD/makefiles:g" {} + + ''; + + configureFlags = [ "--disable-debug" "--with-ssl=ssl" ]; + + preFixup = '' + # Create gnustep.conf + mkdir -p $out/share/GNUstep + cp ${gnustep.make}/etc/GNUstep/GNUstep.conf $out/share/GNUstep/ + sed -i "s:${gnustep.make}:$out:g" $out/share/GNUstep/GNUstep.conf + + # Link in GNUstep base + ${lndir}/bin/lndir ${gnustep.base}/lib/GNUstep/ $out/lib/GNUstep/ + + # Link in sope + ${lndir}/bin/lndir ${sope}/ $out/ + + # sbin fixup + mkdir -p $out/bin + mv $out/sbin/* $out/bin + rmdir $out/sbin + + # Make sogo find its files + for bin in $out/bin/*; do + wrapProgram $bin --prefix LD_LIBRARY_PATH : $out/lib/sogo --prefix GNUSTEP_CONFIG_FILE : $out/share/GNUstep/GNUstep.conf + done + ''; + + meta = { + description = "SOGo is a very fast and scalable modern collaboration suite (groupware)"; + license = with licenses; [ gpl2 lgpl21 ]; + homepage = "https://sogo.nu/"; + platforms = platforms.linux; + maintainers = with maintainers; [ ajs124 das_j ]; + }; +} + diff --git a/pkgs/shells/mksh/default.nix b/pkgs/shells/mksh/default.nix index 682d88dbfbd5..7abf75c70f49 100644 --- a/pkgs/shells/mksh/default.nix +++ b/pkgs/shells/mksh/default.nix @@ -2,14 +2,14 @@ stdenv.mkDerivation rec { pname = "mksh"; - version = "59"; + version = "59b"; src = fetchurl { urls = [ "https://www.mirbsd.org/MirOS/dist/mir/mksh/mksh-R${version}.tgz" "http://pub.allbsd.org/MirOS/dist/mir/mksh/mksh-R${version}.tgz" ]; - sha256 = "1flhsdfksvv9gmfkgjwgdia1irv53g9abmq3y22s5a5ycyx2hajr"; + sha256 = "1rp0farbylypyiaald2hw5avg5w3m8x7cjnxxyyihzvfb2lx2zlh"; }; dontConfigure = true; diff --git a/pkgs/shells/zsh/oh-my-zsh/default.nix b/pkgs/shells/zsh/oh-my-zsh/default.nix index 9ff9e11e2e2e..dce9b82d026d 100644 --- a/pkgs/shells/zsh/oh-my-zsh/default.nix +++ b/pkgs/shells/zsh/oh-my-zsh/default.nix @@ -4,13 +4,13 @@ { stdenv, fetchgit }: stdenv.mkDerivation rec { - version = "2020-05-20"; + version = "2020-05-21"; pname = "oh-my-zsh"; - rev = "cfdd3c8dd87cd22281ec5d964ecb915bc9ad7e92"; + rev = "b721053c87b4662c65452117a8db35af0154a29d"; src = fetchgit { inherit rev; url = "https://github.com/ohmyzsh/ohmyzsh"; - sha256 = "018r9aq5s0lc5k8i8jp8w9qgp56acj4rmk9n43nfakr6ivhyjwmd"; + sha256 = "02y6mhvsxamsvfx2bcdrfbbl7g8v1cq8qycjbffn4w3d6aprq5c6"; }; pathsToLink = [ "/share/oh-my-zsh" ]; diff --git a/pkgs/tools/filesystems/bindfs/default.nix b/pkgs/tools/filesystems/bindfs/default.nix index bf6c68072aa2..f8968260ce79 100644 --- a/pkgs/tools/filesystems/bindfs/default.nix +++ b/pkgs/tools/filesystems/bindfs/default.nix @@ -1,12 +1,12 @@ { stdenv, fetchurl, fuse, pkgconfig }: stdenv.mkDerivation rec { - version = "1.14.5"; + version = "1.14.7"; pname = "bindfs"; src = fetchurl { url = "https://bindfs.org/downloads/${pname}-${version}.tar.gz"; - sha256 = "173c5fcnfbnlw5a437r2x899ax77j3wp8gg8gffhryahcgyn1abq"; + sha256 = "1lbqyc9vpgck05n0q3qsvsr34142iv721z6iwxhc5j98370ff9i8"; }; dontStrip = true; diff --git a/pkgs/tools/filesystems/glusterfs/default.nix b/pkgs/tools/filesystems/glusterfs/default.nix index f02fec85a5b1..44880638e65d 100644 --- a/pkgs/tools/filesystems/glusterfs/default.nix +++ b/pkgs/tools/filesystems/glusterfs/default.nix @@ -15,10 +15,10 @@ let # The command # find /nix/store/...-glusterfs-.../ -name '*.py' -executable # can help with finding new Python scripts. - version = "7.5"; + version = "7.6"; name="${baseName}-${version}"; url="https://github.com/gluster/glusterfs/archive/v${version}.tar.gz"; - sha256 = "1zahld2v1y920i0p25zcn15a593g3bl5sgnmhkdmn7kvk7mx4p93"; + sha256 = "0zdcv2jk8dp67id8ic30mkn97ccp07jf20g7v09a5k31pw9aqyih"; }; buildInputs = [ diff --git a/pkgs/tools/filesystems/moosefs/default.nix b/pkgs/tools/filesystems/moosefs/default.nix index 4a912d3b42c2..af09cafe1dea 100644 --- a/pkgs/tools/filesystems/moosefs/default.nix +++ b/pkgs/tools/filesystems/moosefs/default.nix @@ -10,13 +10,13 @@ stdenv.mkDerivation rec { pname = "moosefs"; - version = "3.0.112"; + version = "3.0.113"; src = fetchFromGitHub { owner = pname; repo = pname; rev = "v${version}"; - sha256 = "04ymwg9r9x9gqjwy9jbjv7zzfgwal0xlfy6z5bwl27m2ys6l5k4a"; + sha256 = "0h3dhj6lznbkvmkr21w58avl9fa4pgj73fv0lkzcagksyyh5l0n9"; }; nativeBuildInputs = [ pkgconfig makeWrapper ]; diff --git a/pkgs/tools/filesystems/snapraid/default.nix b/pkgs/tools/filesystems/snapraid/default.nix index db9afedad96e..1cb9ccd873e7 100644 --- a/pkgs/tools/filesystems/snapraid/default.nix +++ b/pkgs/tools/filesystems/snapraid/default.nix @@ -2,13 +2,13 @@ stdenv.mkDerivation rec { pname = "snapraid"; - version = "11.3"; + version = "11.4"; src = fetchFromGitHub { owner = "amadvance"; repo = "snapraid"; rev = "v${version}"; - sha256 = "08rwz55njkr1w794y3hs8nxc11vzbv4drds9wgxpf6ps8qf9q49f"; + sha256 = "1mhinc9wny4a1xdrbksdl58kfrsh1cxp79zcgsl99gnyw47r22jy"; }; VERSION = version; diff --git a/pkgs/tools/graphics/spirv-cross/default.nix b/pkgs/tools/graphics/spirv-cross/default.nix index 57b447b1ad79..3ca698f1c54a 100644 --- a/pkgs/tools/graphics/spirv-cross/default.nix +++ b/pkgs/tools/graphics/spirv-cross/default.nix @@ -2,13 +2,13 @@ stdenv.mkDerivation rec { pname = "spirv-cross"; - version = "2020-04-03"; + version = "2020-05-19"; src = fetchFromGitHub { owner = "KhronosGroup"; repo = "SPIRV-Cross"; rev = version; - sha256 = "0489s29kqgq20clxqg22y299yxz23p0yjh87yhka705hm9skx4sa"; + sha256 = "0zyijp9zx9wbd4i5lwjap7n793iz6yjkf27la60dsffxl75yy9pd"; }; nativeBuildInputs = [ cmake python3 ]; diff --git a/pkgs/tools/graphics/zbar/default.nix b/pkgs/tools/graphics/zbar/default.nix index dc109440274f..229d3f3cdbdb 100644 --- a/pkgs/tools/graphics/zbar/default.nix +++ b/pkgs/tools/graphics/zbar/default.nix @@ -20,7 +20,7 @@ stdenv.mkDerivation rec { pname = "zbar"; - version = "0.23"; + version = "0.23.1"; outputs = [ "out" "lib" "dev" "doc" "man" ]; @@ -28,7 +28,7 @@ stdenv.mkDerivation rec { owner = "mchehab"; repo = "zbar"; rev = version; - sha256 = "0hlxakpyjg4q9hp7yp3har1n78341b4knwyll28hn48vykg28pza"; + sha256 = "0l4nxha8k18iqzrbqpgca49lrf1gigy3kpbzl3ldw2lw8alwy8x2"; }; nativeBuildInputs = [ diff --git a/pkgs/tools/misc/goaccess/default.nix b/pkgs/tools/misc/goaccess/default.nix index b9fdac6cba3b..1906c9d56656 100644 --- a/pkgs/tools/misc/goaccess/default.nix +++ b/pkgs/tools/misc/goaccess/default.nix @@ -1,12 +1,12 @@ { stdenv, fetchurl, pkgconfig, ncurses, glib, libmaxminddb }: stdenv.mkDerivation rec { - version = "1.3"; + version = "1.4"; pname = "goaccess"; src = fetchurl { url = "https://tar.goaccess.io/goaccess-${version}.tar.gz"; - sha256 = "16vv3pj7pbraq173wlxa89jjsd279004j4kgzlrsk1dz4if5qxwc"; + sha256 = "1gkpjg39f3afdwm9128jqjsfap07p8s027czzlnxfmi5hpzvkyz8"; }; configureFlags = [ diff --git a/pkgs/tools/misc/plantuml/default.nix b/pkgs/tools/misc/plantuml/default.nix index df76ddf2662c..09dba27a1efe 100644 --- a/pkgs/tools/misc/plantuml/default.nix +++ b/pkgs/tools/misc/plantuml/default.nix @@ -1,12 +1,12 @@ { stdenv, fetchurl, makeWrapper, jre, graphviz }: stdenv.mkDerivation rec { - version = "1.2020.8"; + version = "1.2020.10"; pname = "plantuml"; src = fetchurl { url = "mirror://sourceforge/project/plantuml/${version}/plantuml.${version}.jar"; - sha256 = "0xkv8d31dc0dchr40zzgmjw2wyh4i5vxwdk3fhqpw0pk2frxwc1w"; + sha256 = "00azasannh77ns3wpy6yrlw77pgq89frx0f4c7gk1gqiqjavsvdy"; }; nativeBuildInputs = [ makeWrapper ]; diff --git a/pkgs/tools/misc/pspg/default.nix b/pkgs/tools/misc/pspg/default.nix index 1bb7f9582c42..fa8404615f9f 100644 --- a/pkgs/tools/misc/pspg/default.nix +++ b/pkgs/tools/misc/pspg/default.nix @@ -2,13 +2,13 @@ stdenv.mkDerivation rec { pname = "pspg"; - version = "3.0.7"; + version = "3.1.1"; src = fetchFromGitHub { owner = "okbob"; repo = pname; rev = version; - sha256 = "10w47hbi6y92imzh1rlwkh5bfj1pnlkfxhbi8lhmy6ggxa62xmf7"; + sha256 = "1hs1cixk1jcx8br81c4drm1b56hwcq6jiww0ywrpdna475jv5vvw"; }; nativeBuildInputs = [ pkgconfig ]; diff --git a/pkgs/tools/misc/tmux-xpanes/default.nix b/pkgs/tools/misc/tmux-xpanes/default.nix index 06e7980167a2..6e41eba73590 100644 --- a/pkgs/tools/misc/tmux-xpanes/default.nix +++ b/pkgs/tools/misc/tmux-xpanes/default.nix @@ -2,13 +2,13 @@ stdenv.mkDerivation rec { pname = "tmux-xpanes"; - version = "4.1.1"; + version = "4.1.2"; src = fetchFromGitHub { owner = "greymd"; repo = pname; rev = "v${version}"; - sha256 = "13q02vdk229chgbn547wwv29cj4njvz02lmw840g8qmwh73qb2pi"; + sha256 = "0vm5mi6dqdbg0b5qh4r8sr1plpc00jryd8a2qxpp3a72cigjvvf0"; }; buildInputs = [ openssl perl ]; diff --git a/pkgs/tools/networking/corerad/default.nix b/pkgs/tools/networking/corerad/default.nix index eef345c8db65..a4eb50d0c773 100644 --- a/pkgs/tools/networking/corerad/default.nix +++ b/pkgs/tools/networking/corerad/default.nix @@ -2,25 +2,23 @@ buildGoModule rec { pname = "corerad"; - version = "0.2.4"; + version = "0.2.5"; src = fetchFromGitHub { owner = "mdlayher"; repo = "corerad"; rev = "v${version}"; - sha256 = "1r9kvz1ylrnfc7y5c4knqhx6xngh1p8j1axb8bd7h7p51c4i7jz2"; + sha256 = "0fi9wgv5aj3ds3r5qjyi4pxnd56psrpdy2sz84jd0sz2w48x4k4p"; }; - vendorSha256 = "0ncwf197dx6mqzg69mnyp0iyad585izmydm0yj8ikd0y8ngpx7a3"; + vendorSha256 = "11r3vpimhik7y09gwb3p6pl0yf53hpaw24ry4a833fw8060rqp3q"; buildFlagsArray = '' -ldflags= - -X github.com/mdlayher/corerad/internal/build.linkTimestamp=1589133047 + -X github.com/mdlayher/corerad/internal/build.linkTimestamp=1590182656 -X github.com/mdlayher/corerad/internal/build.linkVersion=v${version} ''; - deleteVendor = true; - meta = with stdenv.lib; { homepage = "https://github.com/mdlayher/corerad"; description = "CoreRAD extensible and observable IPv6 NDP RA daemon"; diff --git a/pkgs/tools/networking/fastd/default.nix b/pkgs/tools/networking/fastd/default.nix index 2bf1d8e5d2c9..8c9a877b8f1e 100644 --- a/pkgs/tools/networking/fastd/default.nix +++ b/pkgs/tools/networking/fastd/default.nix @@ -1,14 +1,15 @@ -{ stdenv, fetchgit, cmake, bison, pkgconfig -, libuecc, libsodium, libcap, json_c }: +{ stdenv, fetchFromGitHub, cmake, bison, pkgconfig +, libuecc, libsodium, libcap, json_c, openssl }: stdenv.mkDerivation rec { - version = "18"; pname = "fastd"; + version = "19"; - src = fetchgit { - url = "git://git.universe-factory.net/fastd"; - rev = "refs/tags/v${version}"; - sha256 = "0c9v3igv3812b3jr7jk75a2np658yy00b3i4kpbpdjgvqzc1jrq8"; + src = fetchFromGitHub { + owner = "Neoraider"; + repo = "fastd"; + rev = "v${version}"; + sha256 = "1h3whjvy2n2cyvbkbg4y1z9vlrn790spzbdhj4glwp93xcykhz5i"; }; postPatch = '' @@ -17,7 +18,11 @@ stdenv.mkDerivation rec { ''; nativeBuildInputs = [ pkgconfig bison cmake ]; - buildInputs = [ libuecc libsodium libcap json_c ]; + buildInputs = [ libuecc libsodium libcap json_c openssl ]; + + cmakeFlags = [ + "-DENABLE_OPENSSL=true" + ]; enableParallelBuilding = true; diff --git a/pkgs/tools/nix/cached-nix-shell/default.nix b/pkgs/tools/nix/cached-nix-shell/default.nix index 03f6bc2b1171..2db9ee6d9b3f 100644 --- a/pkgs/tools/nix/cached-nix-shell/default.nix +++ b/pkgs/tools/nix/cached-nix-shell/default.nix @@ -1,25 +1,25 @@ { stdenv, fetchFromGitHub, openssl, pkgconfig, ronn, rustPlatform }: -let +let blake3-src = fetchFromGitHub { owner = "BLAKE3-team"; repo = "BLAKE3"; - rev = "0.3.1"; - sha256 = "0wkxx2w56hsng28p8zpndsy288ix4s5qg6xqjzgjz53fbyk46hda"; + rev = "0.3.3"; + sha256 = "0av41ld0gqf3g60gcllpz59nqlr7r62v99mgfq9gs0p8diw5gi7x"; }; in rustPlatform.buildRustPackage rec { pname = "cached-nix-shell"; - version = "0.1.2"; + version = "0.1.3"; src = fetchFromGitHub { owner = "xzfc"; repo = pname; rev = "v${version}"; - sha256 = "0pzwknpc4qrh9pv5z0xvldql2dkj9ddksvaci86a4f8cnd86p2l6"; + sha256 = "1ni671wr2lrvyz6myaz3v4llrjvq4jc1ygw1m7rvnadzyf3va3lw"; }; - cargoSha256 = "1n88gcnrfdrk025hb54igc83cn5vlv8n6ndyx1ydmzhd95vhbznf"; + cargoSha256 = "19i39b1yqdf81ql4psr3nfah6ci2mw3ljkv740clqmz088j2av8g"; # The BLAKE3 C library is intended to be built by the project depending on it # rather than as a standalone library. diff --git a/pkgs/tools/security/duo-unix/default.nix b/pkgs/tools/security/duo-unix/default.nix index 2cf9b92745fd..2c3a7a441afd 100644 --- a/pkgs/tools/security/duo-unix/default.nix +++ b/pkgs/tools/security/duo-unix/default.nix @@ -2,11 +2,11 @@ stdenv.mkDerivation rec { pname = "duo-unix"; - version = "1.11.3"; + version = "1.11.4"; src = fetchurl { url = "https://dl.duosecurity.com/duo_unix-${version}.tar.gz"; - sha256 = "097i2dsnbndpnyc4nx1j76qkx1bxwwlxnzmp1h3j4raghddgiq0g"; + sha256 = "1hqklf6jzrxn5hgh69bbl6962hwwgf06dlrb0ry7n5iy8w8imnsg"; }; buildInputs = [ pam openssl zlib ]; diff --git a/pkgs/tools/security/metasploit/Gemfile b/pkgs/tools/security/metasploit/Gemfile index 3924e6919d37..457c6249ca00 100644 --- a/pkgs/tools/security/metasploit/Gemfile +++ b/pkgs/tools/security/metasploit/Gemfile @@ -1,4 +1,4 @@ # frozen_string_literal: true source "https://rubygems.org" -gem "metasploit-framework", git: "https://github.com/rapid7/metasploit-framework", ref: "refs/tags/5.0.74" +gem "metasploit-framework", git: "https://github.com/rapid7/metasploit-framework", ref: "refs/tags/5.0.90" diff --git a/pkgs/tools/security/metasploit/Gemfile.lock b/pkgs/tools/security/metasploit/Gemfile.lock index 17d160c8dcb0..7142983f98cc 100644 --- a/pkgs/tools/security/metasploit/Gemfile.lock +++ b/pkgs/tools/security/metasploit/Gemfile.lock @@ -1,9 +1,9 @@ GIT remote: https://github.com/rapid7/metasploit-framework - revision: 22104a154544b3ee57d3ce98a490c4b42a4a8776 - ref: refs/tags/5.0.74 + revision: 592eedc5584953fb94b01a9aae48ec04d2cf153a + ref: refs/tags/5.0.90 specs: - metasploit-framework (5.0.74) + metasploit-framework (5.0.90) actionpack (~> 4.2.6) activerecord (~> 4.2.6) activesupport (~> 4.2.6) @@ -13,27 +13,30 @@ GIT bcrypt (= 3.1.12) bcrypt_pbkdf bit-struct + bson concurrent-ruby (= 1.0.5) dnsruby ed25519 em-http-request eventmachine faker - faraday (<= 0.17.0) + faraday faye-websocket filesize + hrr_rb_ssh (= 0.3.0.pre2) jsobfu json metasm metasploit-concern (~> 2.0.0) metasploit-credential (~> 3.0.0) metasploit-model (~> 2.0.4) - metasploit-payloads (= 1.3.84) + metasploit-payloads (= 1.4.2) metasploit_data_models (~> 3.0.10) - metasploit_payloads-mettle (= 0.5.16) + metasploit_payloads-mettle (= 0.5.21) mqtt msgpack nessus_rest + net-ldap net-ssh network_interface nexpose @@ -87,27 +90,27 @@ GEM remote: https://rubygems.org/ specs: Ascii85 (1.0.3) - actionpack (4.2.11.1) - actionview (= 4.2.11.1) - activesupport (= 4.2.11.1) + actionpack (4.2.11.3) + actionview (= 4.2.11.3) + activesupport (= 4.2.11.3) rack (~> 1.6) rack-test (~> 0.6.2) rails-dom-testing (~> 1.0, >= 1.0.5) rails-html-sanitizer (~> 1.0, >= 1.0.2) - actionview (4.2.11.1) - activesupport (= 4.2.11.1) + actionview (4.2.11.3) + activesupport (= 4.2.11.3) builder (~> 3.1) erubis (~> 2.7.0) rails-dom-testing (~> 1.0, >= 1.0.5) rails-html-sanitizer (~> 1.0, >= 1.0.3) - activemodel (4.2.11.1) - activesupport (= 4.2.11.1) + activemodel (4.2.11.3) + activesupport (= 4.2.11.3) builder (~> 3.1) - activerecord (4.2.11.1) - activemodel (= 4.2.11.1) - activesupport (= 4.2.11.1) + activerecord (4.2.11.3) + activemodel (= 4.2.11.3) + activesupport (= 4.2.11.3) arel (~> 6.0) - activesupport (4.2.11.1) + activesupport (4.2.11.3) i18n (~> 0.7) minitest (~> 5.1) thread_safe (~> 0.3, >= 0.3.4) @@ -118,32 +121,33 @@ GEM arel (6.0.4) arel-helpers (2.11.0) activerecord (>= 3.1.0, < 7) - aws-eventstream (1.0.3) - aws-partitions (1.274.0) - aws-sdk-core (3.90.1) - aws-eventstream (~> 1.0, >= 1.0.2) + aws-eventstream (1.1.0) + aws-partitions (1.319.0) + aws-sdk-core (3.96.1) + aws-eventstream (~> 1, >= 1.0.2) aws-partitions (~> 1, >= 1.239.0) aws-sigv4 (~> 1.1) jmespath (~> 1.0) - aws-sdk-ec2 (1.144.0) + aws-sdk-ec2 (1.162.0) aws-sdk-core (~> 3, >= 3.71.0) aws-sigv4 (~> 1.1) - aws-sdk-iam (1.33.0) + aws-sdk-iam (1.37.0) aws-sdk-core (~> 3, >= 3.71.0) aws-sigv4 (~> 1.1) - aws-sdk-kms (1.29.0) + aws-sdk-kms (1.31.0) aws-sdk-core (~> 3, >= 3.71.0) aws-sigv4 (~> 1.1) - aws-sdk-s3 (1.60.2) - aws-sdk-core (~> 3, >= 3.83.0) + aws-sdk-s3 (1.66.0) + aws-sdk-core (~> 3, >= 3.96.1) aws-sdk-kms (~> 1) aws-sigv4 (~> 1.1) - aws-sigv4 (1.1.0) + aws-sigv4 (1.1.3) aws-eventstream (~> 1.0, >= 1.0.2) bcrypt (3.1.12) bcrypt_pbkdf (1.0.1) - bindata (2.4.4) + bindata (2.4.7) bit-struct (0.16) + bson (4.8.2) builder (3.2.4) concurrent-ruby (1.0.5) cookiejar (0.3.3) @@ -164,13 +168,15 @@ GEM eventmachine (1.2.7) faker (2.2.1) i18n (>= 0.8) - faraday (0.17.0) + faraday (1.0.1) multipart-post (>= 1.2, < 3) faye-websocket (0.10.9) eventmachine (>= 0.12.0) websocket-driver (>= 0.5.1) filesize (0.2.0) hashery (2.1.2) + hrr_rb_ssh (0.3.0.pre2) + ed25519 (~> 1.2) http_parser.rb (0.6.0) i18n (0.9.5) concurrent-ruby (~> 1.0) @@ -178,7 +184,7 @@ GEM jsobfu (0.4.2) rkelly-remix json (2.3.0) - loofah (2.4.0) + loofah (2.5.0) crass (~> 1.0.2) nokogiri (>= 1.5.9) metasm (1.0.4) @@ -200,7 +206,7 @@ GEM activemodel (~> 4.2.6) activesupport (~> 4.2.6) railties (~> 4.2.6) - metasploit-payloads (1.3.84) + metasploit-payloads (1.4.2) metasploit_data_models (3.0.10) activerecord (~> 4.2.6) activesupport (~> 4.2.6) @@ -211,19 +217,20 @@ GEM postgres_ext railties (~> 4.2.6) recog (~> 2.0) - metasploit_payloads-mettle (0.5.16) + metasploit_payloads-mettle (0.5.21) mini_portile2 (2.4.0) - minitest (5.14.0) + minitest (5.14.1) mqtt (0.5.0) msgpack (1.3.3) multipart-post (2.1.1) nessus_rest (0.1.6) - net-ssh (5.2.0) + net-ldap (0.16.2) + net-ssh (6.0.2) network_interface (0.0.2) nexpose (7.2.1) - nokogiri (1.10.8) + nokogiri (1.10.9) mini_portile2 (~> 2.4.0) - octokit (4.16.0) + octokit (4.18.0) faraday (>= 0.9) sawyer (~> 0.8.0, >= 0.5.3) openssl-ccm (1.2.2) @@ -244,7 +251,7 @@ GEM activerecord (~> 4.0) arel (>= 4.0.1) pg_array_parser (~> 0.0.9) - public_suffix (4.0.3) + public_suffix (4.0.5) rack (1.6.13) rack-protection (1.5.5) rack @@ -258,14 +265,14 @@ GEM rails-deprecated_sanitizer (>= 1.0.1) rails-html-sanitizer (1.3.0) loofah (~> 2.3) - railties (4.2.11.1) - actionpack (= 4.2.11.1) - activesupport (= 4.2.11.1) + railties (4.2.11.3) + actionpack (= 4.2.11.3) + activesupport (= 4.2.11.3) rake (>= 0.8.7) thor (>= 0.18.1, < 2.0) rake (13.0.1) rb-readline (0.5.5) - recog (2.3.6) + recog (2.3.7) nokogiri redcarpet (3.5.0) rex-arch (0.1.13) @@ -281,7 +288,7 @@ GEM metasm rex-arch rex-text - rex-exploitation (0.1.22) + rex-exploitation (0.1.24) jsobfu metasm rex-arch @@ -294,9 +301,10 @@ GEM rex-arch rex-ole (0.1.6) rex-text - rex-powershell (0.1.86) + rex-powershell (0.1.87) rex-random_identifier rex-text + ruby-rc4 rex-random_identifier (0.1.4) rex-text rex-registry (0.1.3) @@ -304,14 +312,14 @@ GEM metasm rex-core rex-text - rex-socket (0.1.21) + rex-socket (0.1.23) rex-core rex-sslscan (0.1.5) rex-core rex-socket rex-text rex-struct2 (0.1.2) - rex-text (0.2.24) + rex-text (0.2.26) rex-zip (0.1.3) rex-text rkelly-remix (0.0.7) @@ -322,7 +330,7 @@ GEM rubyntlm windows_error rubyntlm (0.6.2) - rubyzip (2.2.0) + rubyzip (2.3.0) sawyer (0.8.2) addressable (>= 2.3.5) faraday (> 0.8, < 2.0) @@ -340,9 +348,9 @@ GEM thread_safe (0.3.6) tilt (2.0.10) ttfunk (1.6.2.1) - tzinfo (1.2.6) + tzinfo (1.2.7) thread_safe (~> 0.1) - tzinfo-data (1.2019.3) + tzinfo-data (1.2020.1) tzinfo (>= 1.0.0) warden (1.2.7) rack (>= 1.0) diff --git a/pkgs/tools/security/metasploit/default.nix b/pkgs/tools/security/metasploit/default.nix index 54da89a99b55..cc3d26fbee0b 100644 --- a/pkgs/tools/security/metasploit/default.nix +++ b/pkgs/tools/security/metasploit/default.nix @@ -17,13 +17,13 @@ let }; in stdenv.mkDerivation rec { pname = "metasploit-framework"; - version = "5.0.74"; + version = "5.0.90"; src = fetchFromGitHub { owner = "rapid7"; repo = "metasploit-framework"; rev = version; - sha256 = "1ml4d6xfaxyv1mamc2qldd39db92qkic8660f8clabi9f1k0ghpp"; + sha256 = "1z3m8pvf1r8rz0snfkr9svhgjl2xn2qjgf8qswszzplsccqx1rss"; }; buildInputs = [ makeWrapper ]; diff --git a/pkgs/tools/security/metasploit/gemset.nix b/pkgs/tools/security/metasploit/gemset.nix index a35aa958a1df..cd3b2a336bda 100644 --- a/pkgs/tools/security/metasploit/gemset.nix +++ b/pkgs/tools/security/metasploit/gemset.nix @@ -4,50 +4,50 @@ platforms = []; source = { remotes = ["https://rubygems.org"]; - sha256 = "0rmldsk3a4lwxk0lrp6x1nz1v1r2xmbm3300l4ghgfygv3grdwjh"; + sha256 = "1955wx9m2g776sinamanzlk1jx2dzd34ci3sk22xicp0rmglps37"; type = "gem"; }; - version = "4.2.11.1"; + version = "4.2.11.3"; }; actionview = { groups = ["default"]; platforms = []; source = { remotes = ["https://rubygems.org"]; - sha256 = "0x7vjn8q6blzyf7j3kwg0ciy7vnfh28bjdkd1mp9k4ghp9jn0g9p"; + sha256 = "0glnaq3jx4m9q6vn55xqlsg8dbflqzm99fgsl9fl267mc2mz3qrv"; type = "gem"; }; - version = "4.2.11.1"; + version = "4.2.11.3"; }; activemodel = { groups = ["default"]; platforms = []; source = { remotes = ["https://rubygems.org"]; - sha256 = "1c1x0rd6wnk1f0gsmxs6x3gx7yf6fs9qqkdv7r4hlbcdd849in33"; + sha256 = "1z3777xsm82i7ggkg74mg21sqz8m5dfl8ykjm7xcrhd2nj843fcp"; type = "gem"; }; - version = "4.2.11.1"; + version = "4.2.11.3"; }; activerecord = { groups = ["default"]; platforms = []; source = { remotes = ["https://rubygems.org"]; - sha256 = "07ixiwi0zzs9skqarvpfamsnay7npfswymrn28ngxaf8hi279q5p"; + sha256 = "1fpw9vyf2frkxkc6jbq9g78lhhflwz04j89qxj4krvmlq12q8v6d"; type = "gem"; }; - version = "4.2.11.1"; + version = "4.2.11.3"; }; activesupport = { groups = ["default"]; platforms = []; source = { remotes = ["https://rubygems.org"]; - sha256 = "1vbq7a805bfvyik2q3kl9s3r418f5qzvysqbz2cwy4hr7m2q4ir6"; + sha256 = "0wp36wi3r3dscmcr0q6sbz13hr5h911c24ar7zrmmcy7p32ial2i"; type = "gem"; }; - version = "4.2.11.1"; + version = "4.2.11.3"; }; addressable = { groups = ["default"]; @@ -104,80 +104,80 @@ platforms = []; source = { remotes = ["https://rubygems.org"]; - sha256 = "100g77a5ixg4p5zwq77f28n2pdkk0y481f7v83qrlmnj22318qq6"; + sha256 = "0r0pn66yqrdkrfdin7qdim0yj2x75miyg4wp6mijckhzhrjb7cv5"; type = "gem"; }; - version = "1.0.3"; + version = "1.1.0"; }; aws-partitions = { groups = ["default"]; platforms = []; source = { remotes = ["https://rubygems.org"]; - sha256 = "1k2dpn0xznksh5y9bq9gbvbych06pzyswsdak7bz8nlkbsgf38x3"; + sha256 = "11gr3pkd0cq034jdmvmi32sb99hkh91qjrpvc6jchi4lsaiaiqgc"; type = "gem"; }; - version = "1.274.0"; + version = "1.319.0"; }; aws-sdk-core = { groups = ["default"]; platforms = []; source = { remotes = ["https://rubygems.org"]; - sha256 = "1q7f9jkpmpppj31kh3wnzybkphq4piy8ays3vld0zsibfjs9iw7i"; + sha256 = "0jdnzynjrpp2jyg8vrbfbaad16k8ni1520xah1z2ckl5779x9fi6"; type = "gem"; }; - version = "3.90.1"; + version = "3.96.1"; }; aws-sdk-ec2 = { groups = ["default"]; platforms = []; source = { remotes = ["https://rubygems.org"]; - sha256 = "1wnql5rzwkn97w4l3pq6k97grqdci1qs7h132pnd6lc3bx62v4h5"; + sha256 = "0xp9kp90ixk1ywd0d8ssbk8dl5kxqnz942yr2qq00m7fd60pihh7"; type = "gem"; }; - version = "1.144.0"; + version = "1.162.0"; }; aws-sdk-iam = { groups = ["default"]; platforms = []; source = { remotes = ["https://rubygems.org"]; - sha256 = "0s78ssjcp974v7r1znrgk78bqz23jhws4gy1nm659z5390zsn1fz"; + sha256 = "09l3g5a2r7gnc6pwln409b9ahwcs6xpnjx2qaj70cbllanyxbw0c"; type = "gem"; }; - version = "1.33.0"; + version = "1.37.0"; }; aws-sdk-kms = { groups = ["default"]; platforms = []; source = { remotes = ["https://rubygems.org"]; - sha256 = "191qnrpg9qhwj24pisha28fwqx30sqkj75ibgpqcf4q389l3a2gw"; + sha256 = "1czxr6yi8p9gma4dwgygp1jn0i289hwa2vw69kzfscgbn118c3mm"; type = "gem"; }; - version = "1.29.0"; + version = "1.31.0"; }; aws-sdk-s3 = { groups = ["default"]; platforms = []; source = { remotes = ["https://rubygems.org"]; - sha256 = "1pblkq7rw465w08hs2xy6v7w10x9n004hk43yqzswqxirki68ldz"; + sha256 = "1x1d1azxwanvm0d7qppw41x5nx2zv0bcz41yk9vqi5lvr7apaq13"; type = "gem"; }; - version = "1.60.2"; + version = "1.66.0"; }; aws-sigv4 = { groups = ["default"]; platforms = []; source = { remotes = ["https://rubygems.org"]; - sha256 = "1dfc8i5cxjwlvi4b665lbpbwvks8a6wfy3vfmwr3pjdmxwdmc2cs"; + sha256 = "0kysxyw1zkvggbmcj4xnscdh15kxli8mx07hv447h74g9x02drsd"; type = "gem"; }; - version = "1.1.0"; + version = "1.1.3"; }; bcrypt = { groups = ["default"]; @@ -204,10 +204,10 @@ platforms = []; source = { remotes = ["https://rubygems.org"]; - sha256 = "0kz42nvxnk1j9cj0i8lcnhprcgdqsqska92g6l19ziadydfk2gqy"; + sha256 = "033vd169q751qn3zrsv8j5f80k6wg5yhsy8z3clds6py4vqm6xl8"; type = "gem"; }; - version = "2.4.4"; + version = "2.4.7"; }; bit-struct = { groups = ["default"]; @@ -219,6 +219,16 @@ }; version = "0.16"; }; + bson = { + groups = ["default"]; + platforms = []; + source = { + remotes = ["https://rubygems.org"]; + sha256 = "06h8sk2wl7pgrwl15xb1bd6l9ws8sz006rf9cy6n6q7g0iwdalkh"; + type = "gem"; + }; + version = "4.8.2"; + }; builder = { groups = ["default"]; platforms = []; @@ -344,10 +354,10 @@ platforms = []; source = { remotes = ["https://rubygems.org"]; - sha256 = "0jk2bar4x6miq2cr73lv0lsbmw4cymiljvp29xb85jifsb3ba6az"; + sha256 = "0wwks9652xwgjm7yszcq5xr960pjypc07ivwzbjzpvy9zh2fw6iq"; type = "gem"; }; - version = "0.17.0"; + version = "1.0.1"; }; faye-websocket = { groups = ["default"]; @@ -379,6 +389,16 @@ }; version = "2.1.2"; }; + hrr_rb_ssh = { + groups = ["default"]; + platforms = []; + source = { + remotes = ["https://rubygems.org"]; + sha256 = "066dj9sw5p8aa54vqc1bw7a8nfpf5rggrjyxqw2ccyxp10964qkz"; + type = "gem"; + }; + version = "0.3.0.pre2"; + }; "http_parser.rb" = { groups = ["default"]; platforms = []; @@ -434,10 +454,10 @@ platforms = []; source = { remotes = ["https://rubygems.org"]; - sha256 = "1g7ps9m3s14cajhxrfgbzahv9i3gy47s4hqrv3mpybpj5cyr0srn"; + sha256 = "0jk9fgn5ayzbqvzqm11gbkqvas77zdbpkvynlylyiwynclgrn040"; type = "gem"; }; - version = "2.4.0"; + version = "2.5.0"; }; metasm = { groups = ["default"]; @@ -474,12 +494,12 @@ platforms = []; source = { fetchSubmodules = false; - rev = "22104a154544b3ee57d3ce98a490c4b42a4a8776"; - sha256 = "1ml4d6xfaxyv1mamc2qldd39db92qkic8660f8clabi9f1k0ghpp"; + rev = "592eedc5584953fb94b01a9aae48ec04d2cf153a"; + sha256 = "1z3m8pvf1r8rz0snfkr9svhgjl2xn2qjgf8qswszzplsccqx1rss"; type = "git"; url = "https://github.com/rapid7/metasploit-framework"; }; - version = "5.0.74"; + version = "5.0.90"; }; metasploit-model = { groups = ["default"]; @@ -496,10 +516,10 @@ platforms = []; source = { remotes = ["https://rubygems.org"]; - sha256 = "1wz72w5a34r6jcgbl97ha3zhl8d28r974clcp99qj5sg71k280c0"; + sha256 = "1kddir54jnzl64nsawnvkzdabnmqncq9vav49i1cfschnf4cxc4g"; type = "gem"; }; - version = "1.3.84"; + version = "1.4.2"; }; metasploit_data_models = { groups = ["default"]; @@ -516,10 +536,10 @@ platforms = []; source = { remotes = ["https://rubygems.org"]; - sha256 = "1x2rgs2r16m8z87j5z78vp49xvr2sr4dxjgbi6d0nxrlr52pd8yf"; + sha256 = "1419z6z0j69zdlkfx3kqgqygsm0ysigwccgn82z5lz82i16krhca"; type = "gem"; }; - version = "0.5.16"; + version = "0.5.21"; }; mini_portile2 = { groups = ["default"]; @@ -536,10 +556,10 @@ platforms = []; source = { remotes = ["https://rubygems.org"]; - sha256 = "0g73x65hmjph8dg1h3rkzfg7ys3ffxm35hj35grw75fixmq53qyz"; + sha256 = "09bz9nsznxgaf06cx3b5z71glgl0hdw469gqx3w7bqijgrb55p5g"; type = "gem"; }; - version = "5.14.0"; + version = "5.14.1"; }; mqtt = { groups = ["default"]; @@ -581,15 +601,25 @@ }; version = "0.1.6"; }; + net-ldap = { + groups = ["default"]; + platforms = []; + source = { + remotes = ["https://rubygems.org"]; + sha256 = "1vzfhivjfr9q65hkln7xig3qcba6fw9y4kb4384fpm7d7ww0b7xg"; + type = "gem"; + }; + version = "0.16.2"; + }; net-ssh = { groups = ["default"]; platforms = []; source = { remotes = ["https://rubygems.org"]; - sha256 = "101wd2px9lady54aqmkibvy4j62zk32w0rjz4vnigyg974fsga40"; + sha256 = "0kf4am0mz8mwqhif4iqh5yz9pcbbmja5w707j00sfsgrq19nxqld"; type = "gem"; }; - version = "5.2.0"; + version = "6.0.2"; }; network_interface = { groups = ["default"]; @@ -616,20 +646,20 @@ platforms = []; source = { remotes = ["https://rubygems.org"]; - sha256 = "1yi8j8hwrlc3rg5v3w52gxndmwifyk7m732q9yfbal0qajqbh1h8"; + sha256 = "12j76d0bp608932xkzmfi638c7aqah57l437q8494znzbj610qnm"; type = "gem"; }; - version = "1.10.8"; + version = "1.10.9"; }; octokit = { groups = ["default"]; platforms = []; source = { remotes = ["https://rubygems.org"]; - sha256 = "06kx258qa5k24q5pv8i4daaw3g57gif6p5k5h3gndj3q2jk6vhkn"; + sha256 = "0zvfr9njmj5svi39fcsi2b0g7pcxb0vamw9dlyas8bg814jlzhi6"; type = "gem"; }; - version = "4.16.0"; + version = "4.18.0"; }; openssl-ccm = { groups = ["default"]; @@ -726,10 +756,10 @@ platforms = []; source = { remotes = ["https://rubygems.org"]; - sha256 = "1c6kq6s13idl2036b5lch8r7390f8w82cal8hcp4ml76fm2vdac7"; + sha256 = "0vywld400fzi17cszwrchrzcqys4qm6sshbv73wy5mwcixmrgg7g"; type = "gem"; }; - version = "4.0.3"; + version = "4.0.5"; }; rack = { groups = ["default"]; @@ -796,10 +826,10 @@ platforms = []; source = { remotes = ["https://rubygems.org"]; - sha256 = "1bjf21z9maiiazc1if56nnh9xmgbkcqlpznv34f40a1hsvgk1d1m"; + sha256 = "12f7g5iw1gqjwl2rvfmbgxipds5c475ggalw6qskzzrx9vyc2fpk"; type = "gem"; }; - version = "4.2.11.1"; + version = "4.2.11.3"; }; rake = { groups = ["default"]; @@ -826,10 +856,10 @@ platforms = []; source = { remotes = ["https://rubygems.org"]; - sha256 = "0kw753vq5m5m8pzn1avafzz757gdzzsv7ck94y6d8n4jzqa50isv"; + sha256 = "1j65iary8qkgyrjc3vnjd7dbyjs2bsz2hcg7ndibjk623faxb1wk"; type = "gem"; }; - version = "2.3.6"; + version = "2.3.7"; }; redcarpet = { groups = ["default"]; @@ -886,10 +916,10 @@ platforms = []; source = { remotes = ["https://rubygems.org"]; - sha256 = "16anprj4pc4pi2yb1y6b7c8nrqgpk49g40wy1384snmii24jiwyx"; + sha256 = "0inrf2vahmpxhjf84i8ak2b7gcirsrjrmb1rnvvqqr9kl0xw5xm3"; type = "gem"; }; - version = "0.1.22"; + version = "0.1.24"; }; rex-java = { groups = ["default"]; @@ -936,10 +966,10 @@ platforms = []; source = { remotes = ["https://rubygems.org"]; - sha256 = "150nmpgrvpd6hyx9cghah8dxpcfb1h7inpcwmz7ijpir60zxxfdj"; + sha256 = "11wi8dpb2s8bvkqhbf80g16nyj2hscs3vz31ffzl1g0g6imcs0dl"; type = "gem"; }; - version = "0.1.86"; + version = "0.1.87"; }; rex-random_identifier = { groups = ["default"]; @@ -976,10 +1006,10 @@ platforms = []; source = { remotes = ["https://rubygems.org"]; - sha256 = "0jkmff92ga9qd9gg13cd6s99qcdmr5n354l9br70j784mpyl9apb"; + sha256 = "07vm17w791vdpr23aqp45kqsjbqgwpqj92a535h6n4fckxgzhg94"; type = "gem"; }; - version = "0.1.21"; + version = "0.1.23"; }; rex-sslscan = { groups = ["default"]; @@ -1006,10 +1036,10 @@ platforms = []; source = { remotes = ["https://rubygems.org"]; - sha256 = "0wjrp4n7j2ifdgqc6z8z4jbz9gr7g5m5h35b7vx4k9cbaq9b5zxw"; + sha256 = "17m5zwca15qsd7mqqhi2q530iwsrb7wkqh8qff7pxjxwlxbvsrxx"; type = "gem"; }; - version = "0.2.24"; + version = "0.2.26"; }; rex-zip = { groups = ["default"]; @@ -1076,10 +1106,10 @@ platforms = []; source = { remotes = ["https://rubygems.org"]; - sha256 = "13b15icwx0c8zzjfzf7bmqq9ynilw0dy8ydgjb199nqzp93p6wqv"; + sha256 = "0590m2pr9i209pp5z4mx0nb1961ishdiqb28995hw1nln1d1b5ji"; type = "gem"; }; - version = "2.2.0"; + version = "2.3.0"; }; sawyer = { groups = ["default"]; @@ -1176,20 +1206,20 @@ platforms = []; source = { remotes = ["https://rubygems.org"]; - sha256 = "04f18jdv6z3zn3va50rqq35nj3izjpb72fnf21ixm7vanq6nc4fp"; + sha256 = "1i3jh086w1kbdj3k5l60lc3nwbanmzdf8yjj3mlrx9b2gjjxhi9r"; type = "gem"; }; - version = "1.2.6"; + version = "1.2.7"; }; tzinfo-data = { groups = ["default"]; platforms = []; source = { remotes = ["https://rubygems.org"]; - sha256 = "17fbf05qhcxp8anmp7k5wnafw3ypy607h5ybnqg92dqgh4b1c3yi"; + sha256 = "1kjywciambyhlkc8ijp3kkx4r24pi9zs7plmxw003mxr6mrhah1w"; type = "gem"; }; - version = "1.2019.3"; + version = "1.2020.1"; }; warden = { groups = ["default"]; diff --git a/pkgs/tools/security/metasploit/shell.nix b/pkgs/tools/security/metasploit/shell.nix index cd7a01214c6a..e4bae57b6866 100644 --- a/pkgs/tools/security/metasploit/shell.nix +++ b/pkgs/tools/security/metasploit/shell.nix @@ -3,14 +3,15 @@ with import <nixpkgs> {}; stdenv.mkDerivation { name = "env"; buildInputs = [ - ruby.devEnv + bundix git - sqlite + libiconv libpcap - postgresql libxml2 libxslt - pkgconfig - bundix + pkg-config + postgresql + ruby.devEnv + sqlite ]; } diff --git a/pkgs/tools/security/vault/default.nix b/pkgs/tools/security/vault/default.nix index 515b5884999e..e1b6ef808605 100644 --- a/pkgs/tools/security/vault/default.nix +++ b/pkgs/tools/security/vault/default.nix @@ -2,13 +2,13 @@ buildGoPackage rec { pname = "vault"; - version = "1.4.1"; + version = "1.4.2"; src = fetchFromGitHub { owner = "hashicorp"; repo = "vault"; rev = "v${version}"; - sha256 = "0fbbvihvlzh95rrk65bwxfcam6y57q0yffq8dzvcbm3i0ap7ndar"; + sha256 = "0aschysngs6f50plqkqbnhgl6zryd0bpypr50zd45cgww7jvvqd4"; }; goPackagePath = "github.com/hashicorp/vault"; diff --git a/pkgs/tools/system/freeipmi/default.nix b/pkgs/tools/system/freeipmi/default.nix index e51f554ea0fa..35fb630d2380 100644 --- a/pkgs/tools/system/freeipmi/default.nix +++ b/pkgs/tools/system/freeipmi/default.nix @@ -1,12 +1,12 @@ { fetchurl, stdenv, libgcrypt, readline, libgpgerror }: stdenv.mkDerivation rec { - version = "1.6.4"; + version = "1.6.5"; pname = "freeipmi"; src = fetchurl { url = "mirror://gnu/freeipmi/${pname}-${version}.tar.gz"; - sha256 = "0g0s4iwx0ng4rv7hp5cc3kkx4drahsc89981gwjblf04lfavppv5"; + sha256 = "1ncf1s84752xaq07h36wrxa5ww1167s2bizkww0igxv8djyddwk1"; }; buildInputs = [ libgcrypt readline libgpgerror ]; diff --git a/pkgs/tools/system/zenith/cargo-lock.patch b/pkgs/tools/system/zenith/cargo-lock.patch deleted file mode 100644 index 023480767b02..000000000000 --- a/pkgs/tools/system/zenith/cargo-lock.patch +++ /dev/null @@ -1,13 +0,0 @@ -diff --git a/Cargo.lock b/Cargo.lock -index 3f4eec6..64b1a6a 100644 ---- a/Cargo.lock -+++ b/Cargo.lock -@@ -1297,7 +1297,7 @@ checksum = "712e227841d057c1ee1cd2fb22fa7e5a5461ae8e48fa2ca79ec42cfc1931183f" - - [[package]] - name = "zenith" --version = "0.8.0" -+version = "0.8.2" - dependencies = [ - "battery", - "bincode", diff --git a/pkgs/tools/system/zenith/default.nix b/pkgs/tools/system/zenith/default.nix index cdaf3a0f8ebb..b7912f44cdd6 100644 --- a/pkgs/tools/system/zenith/default.nix +++ b/pkgs/tools/system/zenith/default.nix @@ -2,17 +2,16 @@ rustPlatform.buildRustPackage rec { pname = "zenith"; - version = "0.8.2"; + version = "0.9.0"; src = fetchFromGitHub { owner = "bvaisvil"; repo = pname; rev = version; - sha256 = "1s1l4nq4bsvi54i603faann8cp1409qa2ka7id0m38b3li8z2984"; + sha256 = "1yfbr8zmcy7zp9s9cqv7qypj2vvhpq09r0398gr7ckjk6v70hhfg"; }; - cargoPatches = [ ./cargo-lock.patch ]; - cargoSha256 = "0h6k7yf4hpfxnad46iv8gp3v3zc4x4p9yab40gr8xv8r1syf9f6g"; + cargoSha256 = "1l4cjcpfghis983y31s54fzjppdnh3wa4anwi7bdsbyvqz3n3ywj"; buildInputs = stdenv.lib.optionals stdenv.isDarwin [ IOKit ]; diff --git a/pkgs/top-level/aliases.nix b/pkgs/top-level/aliases.nix index 1ef754ccba00..5eb7c2011832 100644 --- a/pkgs/top-level/aliases.nix +++ b/pkgs/top-level/aliases.nix @@ -266,6 +266,7 @@ mapAliases ({ linuxPackages_testing_hardened = throw "linuxPackages_testing_hardened has been removed, please use linuxPackages_latest_hardened"; linux_testing_hardened = throw "linux_testing_hardened has been removed, please use linux_latest_hardened"; + linux-steam-integration = throw "linux-steam-integration has been removed, as the upstream project has been abandoned"; # added 2020-05-22 loadcaffe = throw "loadcaffe has been removed, as the upstream project has been abandoned"; # added 2020-03-28 lttngTools = lttng-tools; # added 2014-07-31 lttngUst = lttng-ust; # added 2014-07-31 diff --git a/pkgs/top-level/all-packages.nix b/pkgs/top-level/all-packages.nix index 6ff526349638..02a3f8ff8903 100644 --- a/pkgs/top-level/all-packages.nix +++ b/pkgs/top-level/all-packages.nix @@ -816,6 +816,8 @@ in bashcards = callPackage ../tools/misc/bashcards { }; + bazarr = callPackage ../servers/bazarr { }; + bcachefs-tools = callPackage ../tools/filesystems/bcachefs-tools { }; bitwarden = callPackage ../tools/security/bitwarden { }; @@ -3825,6 +3827,12 @@ in # rename to upower-notify? go-upower-notify = callPackage ../tools/misc/upower-notify { }; + goattracker = callPackage ../applications/audio/goattracker { }; + + goattracker-stereo = callPackage ../applications/audio/goattracker { + isStereo = true; + }; + google-app-engine-go-sdk = callPackage ../development/tools/google-app-engine-go-sdk { }; google-authenticator = callPackage ../os-specific/linux/google-authenticator { }; @@ -14612,6 +14620,8 @@ in sonic = callPackage ../development/libraries/sonic { }; + sope = callPackage ../development/libraries/sope { }; + soprano = callPackage ../development/libraries/soprano { }; soqt = callPackage ../development/libraries/soqt { }; @@ -15662,6 +15672,8 @@ in jetty = callPackage ../servers/http/jetty { }; + kapow = callPackage ../servers/kapow { }; + keycloak = callPackage ../servers/keycloak { }; knot-dns = callPackage ../servers/dns/knot-dns { }; @@ -16220,6 +16232,8 @@ in smcroute = callPackage ../servers/smcroute { }; + sogo = callPackage ../servers/web-apps/sogo { }; + spawn_fcgi = callPackage ../servers/http/spawn-fcgi { }; spring-boot-cli = callPackage ../development/tools/spring-boot-cli { }; @@ -16822,14 +16836,6 @@ in ]; }; - linux_5_5 = callPackage ../os-specific/linux/kernel/linux-5.5.nix { - kernelPatches = [ - kernelPatches.bridge_stp_helper - kernelPatches.request_key_helper - kernelPatches.export_kernel_fpu_functions."5.3" - ]; - }; - linux_5_6 = callPackage ../os-specific/linux/kernel/linux-5.6.nix { kernelPatches = [ kernelPatches.bridge_stp_helper @@ -17060,7 +17066,6 @@ in linuxPackages_4_14 = recurseIntoAttrs (linuxPackagesFor pkgs.linux_4_14); linuxPackages_4_19 = recurseIntoAttrs (linuxPackagesFor pkgs.linux_4_19); linuxPackages_5_4 = recurseIntoAttrs (linuxPackagesFor pkgs.linux_5_4); - linuxPackages_5_5 = recurseIntoAttrs (linuxPackagesFor pkgs.linux_5_5); linuxPackages_5_6 = recurseIntoAttrs (linuxPackagesFor pkgs.linux_5_6); # When adding to this list: @@ -19351,6 +19356,8 @@ in fasttext = callPackage ../applications/science/machine-learning/fasttext { }; + fbmenugen = callPackage ../applications/misc/fbmenugen { }; + fbpanel = callPackage ../applications/window-managers/fbpanel { }; fbreader = callPackage ../applications/misc/fbreader { @@ -22613,6 +22620,8 @@ in wayvnc = callPackage ../applications/networking/remote/wayvnc { }; + webcamoid = libsForQt5.callPackage ../applications/video/webcamoid { }; + webmacs = libsForQt5.callPackage ../applications/networking/browsers/webmacs {}; webtorrent_desktop = callPackage ../applications/video/webtorrent_desktop {}; @@ -23744,6 +23753,8 @@ in newtonwars = callPackage ../games/newtonwars { }; + nottetris2 = callPackage ../games/nottetris2 { }; + nudoku = callPackage ../games/nudoku { }; nxengine-evo = callPackage ../games/nxengine-evo { }; @@ -23893,6 +23904,8 @@ in sauerbraten = callPackage ../games/sauerbraten {}; + scaleft = callPackage ../applications/networking/scaleft { }; + scaleway-cli = callPackage ../tools/admin/scaleway-cli { }; scid = callPackage ../games/scid { @@ -23969,10 +23982,6 @@ in steamcmd = steamPackages.steamcmd; - linux-steam-integration = callPackage ../games/linux-steam-integration { - gtk = pkgs.gtk3; - }; - protontricks = callPackage ../tools/package-management/protontricks { inherit (python3Packages) buildPythonApplication pytest setuptools_scm vdf; inherit (gnome3) zenity; @@ -24031,6 +24040,8 @@ in tinyfugue = callPackage ../games/tinyfugue { }; + tockloader = callPackage ../development/tools/misc/tockloader { }; + tome2 = callPackage ../games/tome2 { }; tome4 = callPackage ../games/tome4 { }; |