diff options
Diffstat (limited to 'pkgs/tools')
52 files changed, 609 insertions, 317 deletions
diff --git a/pkgs/tools/X11/xdg-utils/default.nix b/pkgs/tools/X11/xdg-utils/default.nix index 3be7b2fd0ee6..3db16f067148 100644 --- a/pkgs/tools/X11/xdg-utils/default.nix +++ b/pkgs/tools/X11/xdg-utils/default.nix @@ -1,9 +1,10 @@ -{ lib, stdenv, fetchFromGitLab, fetchFromGitHub, fetchpatch -, file, libxslt, docbook_xml_dtd_412, docbook_xsl, xmlto -, w3m, gnugrep, gnused, coreutils, xset, perlPackages -, mimiSupport ? false, gawk -, bash -, glib +{ lib, stdenv, fetchFromGitLab, fetchFromGitHub, fetchpatch, writeText +# docs deps +, libxslt, docbook_xml_dtd_412, docbook_xml_dtd_43, docbook_xsl, xmlto +# runtime deps +, resholve, bash, coreutils, dbus, file, gawk, glib, gnugrep, gnused, jq, lockfileProgs, nettools, procmail, procps, xdg-user-dirs +, perl, perlPackages +, mimiSupport ? false , withXdgOpenUsePortalPatch ? true }: let @@ -15,73 +16,248 @@ let sha256 = "15gw2nyrqmdsdin8gzxihpn77grhk9l97jp7s7pr7sl4n9ya2rpj"; }; - perlPath = with perlPackages; makePerlPath [ - NetDBus XMLTwig XMLParser X11Protocol + # Required by the common desktop detection code + commonDeps = [ dbus coreutils gnugrep gnused ]; + # These are all faked because the current desktop is detected + # based on their presence, so we want them to be missing by default. + commonFakes = [ + "explorer.exe" + "gnome-default-applications-properties" + "kde-config" + "xprop" ]; + # This is still required to work around the eval trickery some scripts do + commonPrologue = "${writeText "xdg-utils-prologue" '' + export PATH=$PATH:${coreutils}/bin + ''}"; + + solutions = [ + { + scripts = [ "bin/xdg-desktop-icon" ]; + interpreter = "${bash}/bin/bash"; + inputs = commonDeps ++ [ xdg-user-dirs ]; + execer = [ + "cannot:${xdg-user-dirs}/bin/xdg-user-dir" + ]; + # These are desktop-specific, so we don't want xdg-utils to be able to + # call them when in a different setup. + fake.external = commonFakes ++ [ + "gconftool-2" # GNOME2 + ]; + keep."$KDE_SESSION_VERSION" = true; + prologue = commonPrologue; + } + + { + scripts = [ "bin/xdg-desktop-menu" ]; + interpreter = "${bash}/bin/bash"; + inputs = commonDeps ++ [ gawk ]; + fake.external = commonFakes; + keep."$KDE_SESSION_VERSION" = true; + prologue = commonPrologue; + } + + { + scripts = [ "bin/xdg-email" ]; + interpreter = "${bash}/bin/bash"; + inputs = commonDeps ++ [ gawk glib.bin "${placeholder "out"}/bin" ]; + execer = [ + "cannot:${placeholder "out"}/bin/xdg-mime" + "cannot:${placeholder "out"}/bin/xdg-open" + ]; + # These are desktop-specific, so we don't want xdg-utils to be able to + # call them when in a different setup. + fake.external = commonFakes ++ [ + "exo-open" # XFCE + "gconftool-2" # GNOME + "gio" # GNOME (new) + "gnome-open" # GNOME (very old) + "gvfs-open" # GNOME (old) + "qtxdg-mat" # LXQT + "xdg-email-hook.sh" # user-defined hook that may be available ambiently + ]; + fix."/bin/echo" = true; + keep = { + "$command" = true; + "$kreadconfig" = true; + "$THUNDERBIRD" = true; + "$utf8" = true; + }; + } + + { + scripts = [ "bin/xdg-icon-resource" ]; + interpreter = "${bash}/bin/bash"; + inputs = commonDeps; + fake.external = commonFakes; + keep."$KDE_SESSION_VERSION" = true; + prologue = commonPrologue; + } + + { + scripts = [ "bin/xdg-mime" ]; + interpreter = "${bash}/bin/bash"; + inputs = commonDeps ++ [ file gawk ]; + # These are desktop-specific, so we don't want xdg-utils to be able to + # call them when in a different setup. + fake.external = commonFakes ++ [ + "gio" # GNOME (new) + "gnomevfs-info" # GNOME (very old) + "gvfs-info" # GNOME (old) + "kde4-config" # Plasma 4 + "kfile" # KDE 3 + "kmimetypefinder" # Plasma (generic) + "kmimetypefinder5" # Plasma 5 + "ktraderclient" # KDE 3 + "ktradertest" # KDE 3 + "mimetype" # alternative tool for file, pulls in perl, avoid + "qtpaths" # Plasma + "qtxdg-mat" # LXQT + ]; + fix."/usr/bin/file" = true; + keep = { + "$KDE_SESSION_VERSION" = true; + "$KTRADER" = true; + }; + prologue = commonPrologue; + } + + { + scripts = [ "bin/xdg-open" ]; + interpreter = "${bash}/bin/bash"; + inputs = commonDeps ++ [ nettools glib.bin "${placeholder "out"}/bin" ]; + execer = [ + "cannot:${placeholder "out"}/bin/xdg-mime" + ]; + # These are desktop-specific, so we don't want xdg-utils to be able to + # call them when in a different setup. + fake.external = commonFakes ++ [ + "cygstart" # Cygwin + "dde-open" # Deepin + "enlightenment_open" # Enlightenment + "exo-open" # XFCE + "gio" # GNOME (new) + "gnome-open" # GNOME (very old) + "gvfs-open" # GNOME (old) + "kde-open" # Plasma + "kfmclient" # KDE3 + "mate-open" # MATE + "mimeopen" # alternative tool for file, pulls in perl, avoid + "open" # macOS + "pcmanfm" # LXDE + "qtxdg-mat" # LXQT + "run-mailcap" # generic + "rundll32.exe" # WSL + "wslpath" # WSL + ]; + fix."$printf" = [ "printf" ]; + keep = { + "env:$command" = true; + "$browser" = true; + "$KDE_SESSION_VERSION" = true; + }; + } + + { + scripts = [ "bin/xdg-screensaver" ]; + interpreter = "${bash}/bin/bash"; + inputs = commonDeps ++ [ lockfileProgs nettools perl procmail procps ]; + # These are desktop-specific, so we don't want xdg-utils to be able to + # call them when in a different setup. + fake.external = commonFakes ++ [ + "dcop" # KDE3 + "mate-screensaver-command" # MATE + "xautolock" # Xautolock + "xscreensaver-command" # Xscreensaver + "xset" # generic-ish X + ]; + fix."$lockfile_command" = [ "lockfile" ]; + keep = { + "$MV" = true; + "$XPROP" = true; + }; + prologue = "${writeText "xdg-screensaver-prologue" '' + export PERL5LIB=${with perlPackages; makePerlPath [ NetDBus XMLTwig XMLParser X11Protocol ]} + export PATH=$PATH:${coreutils}/bin + ''}"; + } + + { + scripts = [ "bin/xdg-settings" ]; + interpreter = "${bash}/bin/bash"; + inputs = commonDeps ++ [ jq "${placeholder "out"}/bin" ]; + execer = [ + "cannot:${placeholder "out"}/bin/xdg-mime" + ]; + # These are desktop-specific, so we don't want xdg-utils to be able to + # call them when in a different setup. + fake.external = commonFakes ++ [ + "gconftool-2" # GNOME + "kreadconfig" # Plasma (generic) + "kreadconfig5" # Plasma 5 + "kreadconfig6" # Plasma 6 + "ktradertest" # KDE3 + "kwriteconfig" # Plasma (generic) + "kwriteconfig5" # Plasma 5 + "kwriteconfig6" # Plasma 6 + "qtxdg-mat" # LXQT + ]; + keep = { + "$KDE_SESSION_VERSION" = true; + # get_browser_$handler + "$handler" = true; + }; + } + ]; in stdenv.mkDerivation rec { pname = "xdg-utils"; - version = "unstable-2022-11-06"; + version = "1.2.0"; src = fetchFromGitLab { domain = "gitlab.freedesktop.org"; owner = "xdg"; repo = "xdg-utils"; - rev = "8ae02631a9806da11b34cd6b274af02d28aee5da"; - sha256 = "sha256-WdnnAiPYbREny633FnBi5tD9hDuF8NCVVbUaAVIKTxM="; + rev = "v${version}"; + hash = "sha256-rjNIO4B9jHsBmPaugWTMqTGNpjiw0MTEmf9/ds2Mud4="; }; - patches = lib.optionals withXdgOpenUsePortalPatch [ + patches = [ + # Backport typo fix + (fetchpatch { + url = "https://gitlab.freedesktop.org/xdg/xdg-utils/-/commit/af2fe0d1dcbcd982d84ddf2bbd174afe90976ed9.patch"; + hash = "sha256-HhQk06wWkyWjSxjXet+sADKf1irswKxDA8WuOknZKRs="; + }) + # Backport docs rendering fixes + # See: https://gitlab.freedesktop.org/xdg/xdg-utils/-/merge_requests/106 + (fetchpatch { + url = "https://gitlab.freedesktop.org/xdg/xdg-utils/-/commit/403a720ad18920030418a7c3d1f2caba9ce3892d.patch"; + hash = "sha256-XxFUeyXENHCy+wplIJ5OzoU5oyA4v1bz/9qMXp1ZwsE="; + }) + (fetchpatch { + url = "https://gitlab.freedesktop.org/xdg/xdg-utils/-/commit/a137f2ba87620402aca21b14fb1d79517782dd29.patch"; + hash = "sha256-XFUAWn4uOyzgLdvupBxsO7wm6VDSzYj1SGZEM+9ouec="; + }) + ] ++ lib.optionals withXdgOpenUsePortalPatch [ # Allow forcing the use of XDG portals using NIXOS_XDG_OPEN_USE_PORTAL environment variable. # Upstream PR: https://github.com/freedesktop/xdg-utils/pull/12 ./allow-forcing-portal-use.patch - # Allow opening files when using portal with xdg-open. - # Upstream PR: https://gitlab.freedesktop.org/xdg/xdg-utils/-/merge_requests/65 - (fetchpatch { - name = "support-openfile-with-portal.patch"; - url = "https://gitlab.freedesktop.org/xdg/xdg-utils/-/commit/5cd8c38f58d9db03240f4bc67267fe3853b66ec7.diff"; - hash = "sha256-snkhxwGF9hpqEh5NGG8xixTi/ydAk5apXRtgYrVgNY8="; - }) ]; # just needed when built from git - nativeBuildInputs = [ libxslt docbook_xml_dtd_412 docbook_xsl xmlto w3m ]; + nativeBuildInputs = [ libxslt docbook_xml_dtd_412 docbook_xml_dtd_43 docbook_xsl xmlto ]; # explicitly provide a runtime shell so patchShebangs is consistent across build platforms buildInputs = [ bash ]; postInstall = lib.optionalString mimiSupport '' cp ${mimisrc}/xdg-open $out/bin/xdg-open - '' + '' - sed '2s#.#\ - sed() { ${gnused}/bin/sed "$@"; }\ - grep() { ${gnugrep}/bin/grep "$@"; }\ - egrep() { ${gnugrep}/bin/egrep "$@"; }\ - file() { ${file}/bin/file "$@"; }\ - awk() { ${gawk}/bin/awk "$@"; }\ - xset() { ${xset}/bin/xset "$@"; }\ - perl() { PERL5LIB=${perlPath} ${perlPackages.perl}/bin/perl "$@"; }\ - mimetype() { ${perlPackages.FileMimeInfo}/bin/mimetype "$@"; }\ - PATH=$PATH:'$out'/bin:${coreutils}/bin\ - &#' -i "$out"/bin/* - - substituteInPlace $out/bin/xdg-open \ - --replace "/usr/bin/printf" "${coreutils}/bin/printf" \ - --replace "gdbus" "${glib}/bin/gdbus" \ - --replace "mimeopen" "${perlPackages.FileMimeInfo}/bin/mimeopen" - - substituteInPlace $out/bin/xdg-mime \ - --replace "/usr/bin/file" "${file}/bin/file" - - substituteInPlace $out/bin/xdg-email \ - --replace "/bin/echo" "${coreutils}/bin/echo" \ - --replace "gdbus" "${glib}/bin/gdbus" - - sed 's|\bwhich\b|type -P|g' -i "$out"/bin/* ''; + preFixup = lib.concatStringsSep "\n" (map (resholve.phraseSolution "xdg-utils-resholved") solutions); + meta = with lib; { homepage = "https://www.freedesktop.org/wiki/Software/xdg-utils/"; description = "A set of command line tools that assist applications with a variety of desktop integration tasks"; diff --git a/pkgs/tools/admin/ansible/lint.nix b/pkgs/tools/admin/ansible/lint.nix index 24d595e4b51a..9e99a11777dd 100644 --- a/pkgs/tools/admin/ansible/lint.nix +++ b/pkgs/tools/admin/ansible/lint.nix @@ -6,12 +6,12 @@ python3.pkgs.buildPythonApplication rec { pname = "ansible-lint"; - version = "6.22.2"; + version = "24.2.0"; format = "pyproject"; src = fetchPypi { inherit pname version; - hash = "sha256-L0Cf6Y762mHan4q3zfNKW2feQ+EzjO4GGfXVH0+LFd0="; + hash = "sha256-a8XWJz8zcR7G03Df5f2+l6ZLTDbCp6GaJJQBMm6wNhY="; }; postPatch = '' diff --git a/pkgs/tools/admin/qovery-cli/default.nix b/pkgs/tools/admin/qovery-cli/default.nix index c3323e599ec1..199d33a8b323 100644 --- a/pkgs/tools/admin/qovery-cli/default.nix +++ b/pkgs/tools/admin/qovery-cli/default.nix @@ -8,16 +8,16 @@ buildGoModule rec { pname = "qovery-cli"; - version = "0.83.0"; + version = "0.83.1"; src = fetchFromGitHub { owner = "Qovery"; repo = "qovery-cli"; rev = "refs/tags/v${version}"; - hash = "sha256-S2Is+fzPnn2OD10J73r5DZRIVksCfEKb/c4K3Qe2P2M="; + hash = "sha256-nsPXohmOkWeYYfJWgkwJmy6ulpH+Bnag7hyuS4JZLro="; }; - vendorHash = "sha256-HwDdThBUH2k7OodohJTt4zLArAxFh4p3xRZS3zhzidM="; + vendorHash = "sha256-XG0dOEpu+NoQmklsukxev1gc2OsZc7fLEkv0AGwkh7o="; nativeBuildInputs = [ installShellFiles diff --git a/pkgs/tools/archivers/cpio/default.nix b/pkgs/tools/archivers/cpio/default.nix index 4116a0b3e4ca..5b65a580fa67 100644 --- a/pkgs/tools/archivers/cpio/default.nix +++ b/pkgs/tools/archivers/cpio/default.nix @@ -1,7 +1,6 @@ { lib , stdenv , fetchurl -, fetchpatch , autoreconfHook # for passthru.tests @@ -13,22 +12,13 @@ stdenv.mkDerivation rec { pname = "cpio"; - version = "2.14"; + version = "2.15"; src = fetchurl { url = "mirror://gnu/cpio/cpio-${version}.tar.bz2"; - sha256 = "/NwV1g9yZ6b8fvzWudt7bIlmxPL7u5ZMJNQTNv0/LBI="; + hash = "sha256-k3YQuXwymh7JJoVT+3gAN7z/8Nz/6XJevE/ZwaqQdds="; }; - patches = [ - # Pull upstream fix for clang-16 and gcc-14. - (fetchpatch { - name = "major-decl.patch"; - url = "https://git.savannah.gnu.org/cgit/cpio.git/patch/?id=8179be21e664cedb2e9d238cc2f6d04965e97275"; - hash = "sha256-k5Xiv3xuPU8kPT6D9B6p+V8SK55ybFgrIIPDgHuorpM="; - }) - ]; - nativeBuildInputs = [ autoreconfHook ]; separateDebugInfo = true; diff --git a/pkgs/tools/archivers/unrar/default.nix b/pkgs/tools/archivers/unrar/default.nix index 9350a6fd1eed..8b4f46088b2d 100644 --- a/pkgs/tools/archivers/unrar/default.nix +++ b/pkgs/tools/archivers/unrar/default.nix @@ -55,7 +55,7 @@ stdenv.mkDerivation (finalAttrs: { homepage = "https://www.rarlab.com/"; license = licenses.unfreeRedistributable; mainProgram = "unrar"; - maintainers = with maintainers; [ ehmry wegank ]; + maintainers = with maintainers; [ wegank ]; platforms = platforms.all; }; }) diff --git a/pkgs/tools/archivers/zip/buffer-overflow-on-utf8-rh-bug-2165653.patch b/pkgs/tools/archivers/zip/buffer-overflow-on-utf8-rh-bug-2165653.patch new file mode 100644 index 000000000000..2ee3fff0db54 --- /dev/null +++ b/pkgs/tools/archivers/zip/buffer-overflow-on-utf8-rh-bug-2165653.patch @@ -0,0 +1,12 @@ +diff -urp zip30/fileio.c zip30/fileio.c +--- zip30/fileio.c 2008-05-29 03:13:24.000000000 +0300 ++++ zip30/fileio.c 2023-05-02 12:19:50.488314853 +0300 +@@ -3502,7 +3502,7 @@ zwchar *local_to_wide_string(local_strin + if ((wc_string = (wchar_t *)malloc((wsize + 1) * sizeof(wchar_t))) == NULL) { + ZIPERR(ZE_MEM, "local_to_wide_string"); + } +- wsize = mbstowcs(wc_string, local_string, strlen(local_string) + 1); ++ wsize = mbstowcs(wc_string, local_string, wsize + 1); + wc_string[wsize] = (wchar_t) 0; + + /* in case wchar_t is not zwchar */ diff --git a/pkgs/tools/archivers/zip/default.nix b/pkgs/tools/archivers/zip/default.nix index 1ac615a3d90f..1d75040c7784 100644 --- a/pkgs/tools/archivers/zip/default.nix +++ b/pkgs/tools/archivers/zip/default.nix @@ -33,6 +33,9 @@ stdenv.mkDerivation rec { ./fix-memset-detection.patch # Implicit declaration of `closedir` and `opendir` cause dirent detection to fail with clang 16. ./fix-implicit-declarations.patch + # Buffer overflow on Unicode characters in path names + # https://bugzilla.redhat.com/show_bug.cgi?id=2165653 + ./buffer-overflow-on-utf8-rh-bug-2165653.patch ] ++ lib.optionals (enableNLS && !stdenv.isCygwin) [ ./natspec-gentoo.patch.bz2 ]; buildInputs = lib.optional enableNLS libnatspec diff --git a/pkgs/tools/audio/openai-whisper-cpp/default.nix b/pkgs/tools/audio/openai-whisper-cpp/default.nix index e2fd352422a8..191aae946e21 100644 --- a/pkgs/tools/audio/openai-whisper-cpp/default.nix +++ b/pkgs/tools/audio/openai-whisper-cpp/default.nix @@ -4,6 +4,7 @@ , SDL2 , makeWrapper , wget +, which , Accelerate , CoreGraphics , CoreML @@ -39,6 +40,7 @@ effectiveStdenv.mkDerivation (finalAttrs: { patches = [ ./download-models.patch ]; nativeBuildInputs = [ + which makeWrapper ] ++ lib.optionals cudaSupport ( with cudaPackages ;[ cuda_nvcc @@ -60,6 +62,7 @@ effectiveStdenv.mkDerivation (finalAttrs: { # A temporary hack for reducing the closure size, remove once cudaPackages # have stopped using lndir: https://github.com/NixOS/nixpkgs/issues/271792 + cuda_cccl.dev # provides nv/target cuda_cudart.dev cuda_cudart.lib cuda_cudart.static diff --git a/pkgs/tools/backup/sigtop/default.nix b/pkgs/tools/backup/sigtop/default.nix index ce6c7fde8d6d..4d437dd21302 100644 --- a/pkgs/tools/backup/sigtop/default.nix +++ b/pkgs/tools/backup/sigtop/default.nix @@ -2,16 +2,16 @@ buildGoModule rec { name = "sigtop"; - version = "0.8.0"; + version = "0.9.0"; src = fetchFromGitHub { owner = "tbvdm"; repo = "sigtop"; rev = "v${version}"; - sha256 = "sha256-vFs6/b2ypwMXDgmkZDgfKPqW0GRh9A2t4QQvkUdhYQw="; + sha256 = "sha256-+TV3mlFW3SxgLyXyOPWKhMdkPf/ZTK2/EMWaZHC82YM="; }; - vendorHash = "sha256-H43XOupVicLpYfkWNjArpSxQWcFqh9h2Zb6zGZ5xtfs="; + vendorHash = "sha256-kkRmyWYrWDq96fECe2YMsDjRZPX2K0jKFitMJycaVVA="; makeFlags = [ "PREFIX=\${out}" diff --git a/pkgs/tools/compression/plzip/default.nix b/pkgs/tools/compression/plzip/default.nix deleted file mode 100644 index 310ae2074973..000000000000 --- a/pkgs/tools/compression/plzip/default.nix +++ /dev/null @@ -1,26 +0,0 @@ -{ lib, stdenv, fetchurl, lzip, lzlib, texinfo }: - -stdenv.mkDerivation rec { - pname = "plzip"; - version = "1.10"; - outputs = [ "out" "man" "info" ]; - - src = fetchurl { - url = "mirror://savannah/lzip/plzip/plzip-${version}.tar.lz"; - sha256 = "62f16a67be0dabf0da7fd1cb7889fe5bfae3140cea6cafa1c39e7e35a5b3c661"; - }; - - nativeBuildInputs = [ lzip texinfo ]; - buildInputs = [ lzlib ]; - - enableParallelBuilding = true; - - meta = with lib; { - homepage = "https://www.nongnu.org/lzip/plzip.html"; - description = "A massively parallel lossless data compressor based on the lzlib compression library"; - license = licenses.gpl2Plus; - platforms = platforms.all; - maintainers = with maintainers; [ _360ied ]; - mainProgram = "plzip"; - }; -} diff --git a/pkgs/tools/compression/xz/default.nix b/pkgs/tools/compression/xz/default.nix index e8e0ae2439f2..9e195a0aa7db 100644 --- a/pkgs/tools/compression/xz/default.nix +++ b/pkgs/tools/compression/xz/default.nix @@ -10,11 +10,11 @@ stdenv.mkDerivation rec { pname = "xz"; - version = "5.4.5"; + version = "5.4.6"; src = fetchurl { - url = "https://tukaani.org/xz/xz-${version}.tar.bz2"; - sha256 = "sha256-jM9f/4aMAG8pUi44b7TGobZkY/vKZaTPw8S9WW6JXnk="; + url = "https://github.com/tukaani-project/xz/releases/download/v${version}/xz-${version}.tar.bz2"; + sha256 = "sha256-kThRsnTo4dMXgeyUnxwj6NvPDs9uc6JDbcIXad0+b0k="; }; strictDeps = true; diff --git a/pkgs/tools/filesystems/juicefs/default.nix b/pkgs/tools/filesystems/juicefs/default.nix index 00f45c332cbe..6f6dd4101597 100644 --- a/pkgs/tools/filesystems/juicefs/default.nix +++ b/pkgs/tools/filesystems/juicefs/default.nix @@ -6,16 +6,16 @@ buildGoModule rec { pname = "juicefs"; - version = "1.1.1"; + version = "1.1.2"; src = fetchFromGitHub { owner = "juicedata"; repo = pname; rev = "v${version}"; - sha256 = "sha256-dMzBgwd5tVxE6OFHf6QTZfoqgL/t2pX+OgI6Pki6PG8="; + sha256 = "sha256-Sf68N5ZKveKM6xZEqF7Ah0KGgOx1cGZpJ2lYkUlgpI0="; }; - vendorHash = "sha256-orq03bwN1cbwHoZFXz92tcA2F0oivGR/C5EJDAPA+pk="; + vendorHash = "sha256-ofUo/3EQPhXPNeD/3to5oFir/3eAaf9WBHR4DOzcxBQ="; ldflags = [ "-s" "-w" ]; diff --git a/pkgs/tools/graphics/amber/default.nix b/pkgs/tools/graphics/amber/default.nix index c6b4a2c22293..9c9a43a49be4 100644 --- a/pkgs/tools/graphics/amber/default.nix +++ b/pkgs/tools/graphics/amber/default.nix @@ -3,9 +3,11 @@ , cmake , pkg-config , cctools +, makeWrapper , python3 , vulkan-headers , vulkan-loader +, vulkan-validation-layers }: let glslang = fetchFromGitHub { @@ -32,27 +34,27 @@ let spirv-headers = fetchFromGitHub { owner = "KhronosGroup"; repo = "SPIRV-Headers"; - rev = "b42ba6d92faf6b4938e6f22ddd186dbdacc98d78"; - hash = "sha256-ks9JCj5rj+Xu++7z5RiHDkU3/sFXhcScw8dATfB/ot0="; + rev = "d13b52222c39a7e9a401b44646f0ca3a640fbd47"; + hash = "sha256-bjiWGSmpEbydXtCLP8fRZfPBvdCzBoJxKXTx3BroQbg="; }; spirv-tools = fetchFromGitHub { owner = "KhronosGroup"; repo = "SPIRV-Tools"; - rev = "a73e724359a274d7cf4f4248eba5be1e7764fbfd"; - hash = "sha256-vooJHtgVRlBNkQG4hulYOxIgHH4GMhXw7N4OEbkKJvU="; + rev = "d87f61605b3647fbceae9aaa922fce0031afdc63"; + hash = "sha256-lB2i6wjehIFDOQdIPUvCy3zzcnJSsR5vNawPhGmb0es="; }; in stdenv.mkDerivation rec { pname = "amber"; - version = "unstable-2022-04-21"; + version = "unstable-2023-09-02"; src = fetchFromGitHub { owner = "google"; repo = pname; - rev = "8b145a6c89dcdb4ec28173339dd176fb7b6f43ed"; - hash = "sha256-+xFYlUs13khT6r475eJJ+XS875h2sb+YbJ8ZN4MOSAA="; + rev = "8e90b2d2f532bcd4a80069e3f37a9698209a21bc"; + hash = "sha256-LuNCND/NXoNbbTWv7RYQUkq2QXL1qXR27uHwFIz0DXg="; }; buildInputs = [ @@ -62,6 +64,7 @@ stdenv.mkDerivation rec { nativeBuildInputs = [ cmake + makeWrapper pkg-config python3 ] ++ lib.optionals stdenv.isDarwin [ @@ -69,7 +72,7 @@ stdenv.mkDerivation rec { ]; # Tests are disabled so we do not have to pull in googletest and more dependencies - cmakeFlags = [ "-DAMBER_SKIP_TESTS=ON" ]; + cmakeFlags = [ "-DAMBER_SKIP_TESTS=ON" "-DAMBER_DISABLE_WERROR=ON" ]; prePatch = '' cp -r ${glslang}/ third_party/glslang @@ -79,14 +82,14 @@ stdenv.mkDerivation rec { cp -r ${spirv-headers}/ third_party/spirv-headers chmod u+w -R third_party - substituteInPlace CMakeLists.txt \ - --replace "-Werror" "" substituteInPlace tools/update_build_version.py \ --replace "not os.path.exists(directory)" "True" ''; installPhase = '' install -Dm755 -t $out/bin amber image_diff + wrapProgram $out/bin/amber \ + --suffix VK_LAYER_PATH : ${vulkan-validation-layers}/share/vulkan/explicit_layer.d ''; meta = with lib; { diff --git a/pkgs/tools/misc/cyberchef/default.nix b/pkgs/tools/misc/cyberchef/default.nix index d549590a3e67..caa1f693f368 100644 --- a/pkgs/tools/misc/cyberchef/default.nix +++ b/pkgs/tools/misc/cyberchef/default.nix @@ -5,11 +5,11 @@ stdenv.mkDerivation rec { pname = "cyberchef"; - version = "10.6.0"; + version = "10.7.0"; src = fetchzip { url = "https://github.com/gchq/CyberChef/releases/download/v${version}/CyberChef_v${version}.zip"; - sha256 = "sha256-vJ2NbD0SqUd5HKkjaZXPxn48xC1vMS95dnmp+u2W1SM="; + sha256 = "sha256-/miIdPP00vIh3Em8BFDoxkYFpgU4Vty4V5RiCgqOKPo="; stripRoot = false; }; diff --git a/pkgs/tools/misc/dust/default.nix b/pkgs/tools/misc/dust/default.nix deleted file mode 100644 index c3994f05b6a4..000000000000 --- a/pkgs/tools/misc/dust/default.nix +++ /dev/null @@ -1,39 +0,0 @@ -{ stdenv, lib, fetchFromGitHub, rustPlatform, AppKit, installShellFiles }: - -rustPlatform.buildRustPackage rec { - pname = "du-dust"; - version = "0.9.0"; - - src = fetchFromGitHub { - owner = "bootandy"; - repo = "dust"; - rev = "v${version}"; - sha256 = "sha256-5X7gRMTUrG6ecZnwExBTadOJo/HByohTMDsgxFmp1HM="; - # Remove unicode file names which leads to different checksums on HFS+ - # vs. other filesystems because of unicode normalisation. - postFetch = '' - rm -r $out/tests/test_dir_unicode/ - ''; - }; - - cargoHash = "sha256-uc7jbA8HqsH1bSJgbnUVT/f7F7kZJ4Jf3yyFvseH7no="; - - nativeBuildInputs = [ installShellFiles ]; - - buildInputs = lib.optionals stdenv.isDarwin [ AppKit ]; - - doCheck = false; - - postInstall = '' - installManPage man-page/dust.1 - installShellCompletion completions/dust.{bash,fish} --zsh completions/_dust - ''; - - meta = with lib; { - description = "du + rust = dust. Like du but more intuitive"; - homepage = "https://github.com/bootandy/dust"; - license = licenses.asl20; - maintainers = with maintainers; [ infinisil ]; - mainProgram = "dust"; - }; -} diff --git a/pkgs/tools/misc/gotify-desktop/default.nix b/pkgs/tools/misc/gotify-desktop/default.nix index f9ebbff548e9..409179461ef0 100644 --- a/pkgs/tools/misc/gotify-desktop/default.nix +++ b/pkgs/tools/misc/gotify-desktop/default.nix @@ -2,16 +2,16 @@ rustPlatform.buildRustPackage rec { pname = "gotify-desktop"; - version = "1.3.3"; + version = "1.3.4"; src = fetchFromGitHub { owner = "desbma"; repo = pname; rev = version; - sha256 = "sha256-vyOXZQ2X/LT/saBxcEbD96U34ufxjcWTHAobGI3bAE4="; + sha256 = "sha256-TuqzwmKB48xcdzrAr7MvDA9JChobraESQZPKoy24mPE="; }; - cargoHash = "sha256-MNxHJ1iirHj78wq6ChDjr6mQS0UmHPjVMs1EPFZyTV0="; + cargoHash = "sha256-vg3al+eH9Q4D/T56jwWBlBT4IhuggiEVBl8WoZmUS2Y="; nativeBuildInputs = [ pkg-config ]; diff --git a/pkgs/tools/misc/hdfview/default.nix b/pkgs/tools/misc/hdfview/default.nix index b74e64386eb0..23995e65859a 100644 --- a/pkgs/tools/misc/hdfview/default.nix +++ b/pkgs/tools/misc/hdfview/default.nix @@ -67,7 +67,7 @@ stdenv.mkDerivation rec { meta = { description = "A visual tool for browsing and editing HDF4 and HDF5 files"; license = lib.licenses.free; # BSD-like - homepage = "https://portal.hdfgroup.org/display/HDFVIEW/HDFView"; + homepage = "https://www.hdfgroup.org/downloads/hdfview"; platforms = lib.platforms.linux ++ lib.platforms.darwin; maintainers = with lib.maintainers; [ jiegec ]; mainProgram = "HDFView"; diff --git a/pkgs/tools/misc/hid-tools/default.nix b/pkgs/tools/misc/hid-tools/default.nix index dcba7fb10532..82c61caf020a 100644 --- a/pkgs/tools/misc/hid-tools/default.nix +++ b/pkgs/tools/misc/hid-tools/default.nix @@ -5,24 +5,30 @@ python3.pkgs.buildPythonPackage rec { pname = "hid-tools"; - version = "0.4"; + version = "0.7"; - format = "setuptools"; + format = "pyproject"; src = fetchFromGitLab { domain = "gitlab.freedesktop.org"; owner = "libevdev"; repo = "hid-tools"; rev = version; - hash = "sha256-pxU1BvB+rjc5sptafMGnWi+vWPNDyCyUv8gTWg6z5hU="; + hash = "sha256-h880jJcZDc9pIPf+nr30wu2i9y3saAKFZpooJ4MF67E="; }; + nativeBuildInputs = with python3.pkgs; [ + hatchling + pypandoc + ]; + propagatedBuildInputs = with python3.pkgs; [ libevdev parse pyyaml click pyudev + typing-extensions ]; nativeCheckInputs = with python3.pkgs; [ @@ -30,8 +36,14 @@ python3.pkgs.buildPythonPackage rec { ]; # Tests require /dev/uhid + # https://gitlab.freedesktop.org/libevdev/hid-tools/-/issues/18#note_166353 doCheck = false; + postPatch = '' + substituteInPlace pyproject.toml \ + --replace-fail "pypandoc_binary" "pypandoc" + ''; + meta = with lib; { description = "Python scripts to manipulate HID data"; homepage = "https://gitlab.freedesktop.org/libevdev/hid-tools"; diff --git a/pkgs/tools/misc/infracost/default.nix b/pkgs/tools/misc/infracost/default.nix index 2ed332b58fbd..ddec6c3c5d89 100644 --- a/pkgs/tools/misc/infracost/default.nix +++ b/pkgs/tools/misc/infracost/default.nix @@ -2,13 +2,13 @@ buildGoModule rec { pname = "infracost"; - version = "0.10.32"; + version = "0.10.33"; src = fetchFromGitHub { owner = "infracost"; rev = "v${version}"; repo = "infracost"; - sha256 = "sha256-/GXT8ptoE6AjW0yTyQ8oLFqok59hIu+bOoE8FpdrOrY="; + sha256 = "sha256-zIAf6lD9XFmrAgvVmIY+tXLn4FmkkdimjVCWasK7OCc="; }; vendorHash = "sha256-ji9TpUcq0aUAn5vV5dnaC15i0Uli2Qsz/BrOKB3/Rl4="; diff --git a/pkgs/tools/misc/ipxe/default.nix b/pkgs/tools/misc/ipxe/default.nix index aa0c74b114b5..2c1b16d29925 100644 --- a/pkgs/tools/misc/ipxe/default.nix +++ b/pkgs/tools/misc/ipxe/default.nix @@ -107,7 +107,6 @@ stdenv.mkDerivation rec { { description = "Network boot firmware"; homepage = "https://ipxe.org/"; license = licenses.gpl2Only; - maintainers = with maintainers; [ ehmry ]; platforms = platforms.linux; }; } diff --git a/pkgs/tools/misc/mise/default.nix b/pkgs/tools/misc/mise/default.nix index 7202526e54cd..c26ffdb8b801 100644 --- a/pkgs/tools/misc/mise/default.nix +++ b/pkgs/tools/misc/mise/default.nix @@ -17,16 +17,16 @@ rustPlatform.buildRustPackage rec { pname = "mise"; - version = "2024.2.4"; + version = "2024.2.5"; src = fetchFromGitHub { owner = "jdx"; repo = "mise"; rev = "v${version}"; - hash = "sha256-SBfnfEY2ostzVWUWPB1f381XnzcNpkqeV+L9xRcRYaw="; + hash = "sha256-dShe8h1aRDZPwzCKAhJag5xfylYqWJuCiB9A4afV8g0="; }; - cargoHash = "sha256-Q63h6ln1uswyvAhWlKhMLJGCZRJCbY3Rovu+jJ1O+0c="; + cargoHash = "sha256-3yV26WZid5e7H9UsAaKLjSvL1MSQ+M5BjBR5Mt701Io="; nativeBuildInputs = [ installShellFiles pkg-config ]; buildInputs = [ openssl ] ++ lib.optionals stdenv.isDarwin [ Security SystemConfiguration ]; diff --git a/pkgs/tools/misc/moar/default.nix b/pkgs/tools/misc/moar/default.nix index e5d949a2e4a6..9d34700d13f6 100644 --- a/pkgs/tools/misc/moar/default.nix +++ b/pkgs/tools/misc/moar/default.nix @@ -2,13 +2,13 @@ buildGoModule rec { pname = "moar"; - version = "1.23.0"; + version = "1.23.4"; src = fetchFromGitHub { owner = "walles"; repo = pname; rev = "v${version}"; - hash = "sha256-tnFJKHrK1QlACYsiLlc5EX3du4H+nekEaeV+7wUsx48="; + hash = "sha256-gttx2AQMSaU7JE/UwZsUwsgTbUmkQKvCzlt+TuTGP0A="; }; vendorHash = "sha256-1u/2OlMX2FuZaxWnpU4n5r/4xKe+rK++GoCJiSq/BdE="; diff --git a/pkgs/tools/misc/mongodb-compass/default.nix b/pkgs/tools/misc/mongodb-compass/default.nix index 6c1c2b81f90c..0109ac49cc26 100644 --- a/pkgs/tools/misc/mongodb-compass/default.nix +++ b/pkgs/tools/misc/mongodb-compass/default.nix @@ -33,7 +33,7 @@ xorg, }: let - version = "1.41.0"; + version = "1.42.0"; rpath = lib.makeLibraryPath [ alsa-lib @@ -82,7 +82,7 @@ let if stdenv.hostPlatform.system == "x86_64-linux" then fetchurl { url = "https://downloads.mongodb.com/compass/mongodb-compass_${version}_amd64.deb"; - sha256 = "sha256-uVIN2oSpaRSeJK1bhjzMqSMmnQm+1i6xsw1RWjmsvGY="; + sha256 = "sha256-Y4ULngeAFljjQG9KTWhU/fIEXBUqbEx2qSakYYnOJoQ="; } else throw "MongoDB compass is not supported on ${stdenv.hostPlatform.system}"; diff --git a/pkgs/tools/misc/plantuml/default.nix b/pkgs/tools/misc/plantuml/default.nix index 24f8187aadd9..79e742989cac 100644 --- a/pkgs/tools/misc/plantuml/default.nix +++ b/pkgs/tools/misc/plantuml/default.nix @@ -1,12 +1,12 @@ { lib, stdenv, fetchurl, makeWrapper, jre, graphviz }: stdenv.mkDerivation rec { - version = "1.2024.0"; + version = "1.2024.1"; pname = "plantuml"; src = fetchurl { url = "https://github.com/plantuml/plantuml/releases/download/v${version}/plantuml-pdf-${version}.jar"; - sha256 = "sha256-jpO4BhOyTS9y2e9d3AK911HDQa04zhPeFGyhz1FJN+Q="; + sha256 = "sha256-lXo8eU6IX4JQFfhNUM2h6fi0HkShiwLsjMRTNbwLYwk="; }; nativeBuildInputs = [ makeWrapper ]; diff --git a/pkgs/tools/misc/wasm-tools/default.nix b/pkgs/tools/misc/wasm-tools/default.nix index 1906fb318efe..40c39024b0bb 100644 --- a/pkgs/tools/misc/wasm-tools/default.nix +++ b/pkgs/tools/misc/wasm-tools/default.nix @@ -5,19 +5,19 @@ rustPlatform.buildRustPackage rec { pname = "wasm-tools"; - version = "1.0.57"; + version = "1.0.58"; src = fetchFromGitHub { owner = "bytecodealliance"; repo = pname; rev = "${pname}-${version}"; - hash = "sha256-3syV4zPoSJtMiogmRu90pYTwNw2T/dRKFWczYI2J1r0="; + hash = "sha256-9IvfQqX65VvjvgyVC0Pn/uJa9EaFh2Y/ciDS+/0RvE4="; fetchSubmodules = true; }; # Disable cargo-auditable until https://github.com/rust-secure-code/cargo-auditable/issues/124 is solved. auditable = false; - cargoHash = "sha256-w1BVh7/L4+CXTgjkQKzbzgqw3XE49hYrkWtaNmcfDi4="; + cargoHash = "sha256-JtIpBHX2ShGb/gaNefkGYzH4ltz2U7v8LwD/IBrfTgw="; cargoBuildFlags = [ "--package" "wasm-tools" ]; cargoTestFlags = [ "--all" ]; diff --git a/pkgs/tools/networking/curl/configure-ipv6-autodetect.diff b/pkgs/tools/networking/curl/configure-ipv6-autodetect.diff deleted file mode 100644 index 9797d2c16d11..000000000000 --- a/pkgs/tools/networking/curl/configure-ipv6-autodetect.diff +++ /dev/null @@ -1,46 +0,0 @@ -diff --git a/configure b/configure -index 04d1de1..5de1b41 100755 ---- a/configure -+++ b/configure -@@ -24949,15 +24949,12 @@ else $as_nop - # include <netinet/in6.h> - #endif - #endif --#include <stdlib.h> /* for exit() */ --main() -+ -+int main(void) - { - struct sockaddr_in6 s; - (void)s; -- if (socket(AF_INET6, SOCK_STREAM, 0) < 0) -- exit(1); -- else -- exit(0); -+ return socket(AF_INET6, SOCK_STREAM, 0) < 0; - } - - -diff --git a/configure.ac b/configure.ac -index 2d71c83..bd38dd9 100644 ---- a/configure.ac -+++ b/configure.ac -@@ -1679,15 +1679,12 @@ AS_HELP_STRING([--disable-ipv6],[Disable IPv6 support]), - # include <netinet/in6.h> - #endif - #endif --#include <stdlib.h> /* for exit() */ --main() -+ -+int main(void) - { - struct sockaddr_in6 s; - (void)s; -- if (socket(AF_INET6, SOCK_STREAM, 0) < 0) -- exit(1); -- else -- exit(0); -+ return socket(AF_INET6, SOCK_STREAM, 0) < 0; - } - ]]) - ], diff --git a/pkgs/tools/networking/curl/default.nix b/pkgs/tools/networking/curl/default.nix index d7d78cea11b7..c2438f1b5777 100644 --- a/pkgs/tools/networking/curl/default.nix +++ b/pkgs/tools/networking/curl/default.nix @@ -33,6 +33,7 @@ , haskellPackages , ocamlPackages , phpExtensions +, pkgsStatic , python3 , tests , testers @@ -48,21 +49,19 @@ assert !((lib.count (x: x) [ gnutlsSupport opensslSupport wolfsslSupport rustlsS stdenv.mkDerivation (finalAttrs: { pname = "curl"; - version = "8.5.0"; + version = "8.6.0"; src = fetchurl { urls = [ "https://curl.haxx.se/download/curl-${finalAttrs.version}.tar.xz" "https://github.com/curl/curl/releases/download/curl-${builtins.replaceStrings [ "." ] [ "_" ] finalAttrs.version}/curl-${finalAttrs.version}.tar.xz" ]; - hash = "sha256-QquNueINgpCjtjPn+7POwV2zTfZf0QFe+KweRyN1Dus="; + hash = "sha256-PM1V2Rr5UWU534BiX4GMc03G8uz5utozx2dl6ZEh2xU="; }; - patches = [ - # fix ipv6 autodetect compile error in configure script - # remove once https://github.com/curl/curl/pull/12607 released (8.6.0) - ./configure-ipv6-autodetect.diff - ]; + postPatch = '' + patchShebangs scripts + ''; outputs = [ "bin" "dev" "out" "man" "devdoc" ]; separateDebugInfo = stdenv.isLinux; @@ -104,6 +103,11 @@ stdenv.mkDerivation (finalAttrs: { preConfigure = '' sed -e 's|/usr/bin|/no-such-path|g' -i.bak configure rm src/tool_hugehelp.c + '' + lib.optionalString (pslSupport && stdenv.hostPlatform.isStatic) '' + # curl doesn't understand that libpsl2 has deps because it doesn't use + # pkg-config. + # https://github.com/curl/curl/pull/12919 + configureFlagsArray+=("LIBS=-lidn2 -lunistring") ''; configureFlags = [ @@ -120,6 +124,7 @@ stdenv.mkDerivation (finalAttrs: { (lib.withFeature rtmpSupport "librtmp") (lib.withFeature rustlsSupport "rustls") (lib.withFeature zstdSupport "zstd") + (lib.withFeature pslSupport "libpsl") (lib.withFeatureAs brotliSupport "brotli" (lib.getDev brotli)) (lib.withFeatureAs gnutlsSupport "gnutls" (lib.getDev gnutls)) (lib.withFeatureAs idnSupport "libidn2" (lib.getDev libidn2)) @@ -180,7 +185,6 @@ stdenv.mkDerivation (finalAttrs: { inherit opensslSupport openssl; tests = { withCheck = finalAttrs.finalPackage.overrideAttrs (_: { doCheck = true; }); - fetchpatch = tests.fetchpatch.simple.override { fetchpatch = (fetchpatch.override { fetchurl = useThisCurl fetchurl; }) // { version = 1; }; }; curlpp = useThisCurl curlpp; coeurl = useThisCurl coeurl; haskell-curl = useThisCurl haskellPackages.curl; @@ -192,6 +196,9 @@ stdenv.mkDerivation (finalAttrs: { # nginx-http3 = useThisCurl nixosTests.nginx-http3; nginx-http3 = nixosTests.nginx-http3; pkg-config = testers.testMetaPkgConfig finalAttrs.finalPackage; + static = pkgsStatic.curl; + } // lib.optionalAttrs (!stdenv.isDarwin) { + fetchpatch = tests.fetchpatch.simple.override { fetchpatch = (fetchpatch.override { fetchurl = useThisCurl fetchurl; }) // { version = 1; }; }; }; }; diff --git a/pkgs/tools/networking/dhcpcd/default.nix b/pkgs/tools/networking/dhcpcd/default.nix index 0350a4989262..9d4dc1cd7c2c 100644 --- a/pkgs/tools/networking/dhcpcd/default.nix +++ b/pkgs/tools/networking/dhcpcd/default.nix @@ -11,13 +11,13 @@ stdenv.mkDerivation rec { pname = "dhcpcd"; - version = "10.0.3"; + version = "10.0.6"; src = fetchFromGitHub { owner = "NetworkConfiguration"; repo = "dhcpcd"; rev = "v${version}"; - sha256 = "sha256-NXLOfSPGHiRDSagaT+37TAn9XtdcG4+wP9AvyGJi4Dc="; + sha256 = "sha256-tNC5XCA8dShaTIff15mQz8v+YK9sZkRNLCX5qnlpxx4="; }; nativeBuildInputs = [ pkg-config ]; @@ -26,7 +26,7 @@ stdenv.mkDerivation rec { runtimeShellPackage # So patchShebangs finds a bash suitable for the installed scripts ]; - prePatch = '' + postPatch = '' substituteInPlace hooks/dhcpcd-run-hooks.in --replace /bin/sh ${runtimeShell} ''; diff --git a/pkgs/tools/networking/openapi-generator-cli/default.nix b/pkgs/tools/networking/openapi-generator-cli/default.nix index e9572bf45960..ec6e4f28ab95 100644 --- a/pkgs/tools/networking/openapi-generator-cli/default.nix +++ b/pkgs/tools/networking/openapi-generator-cli/default.nix @@ -1,7 +1,7 @@ { callPackage, lib, stdenv, fetchurl, jre, makeWrapper }: let this = stdenv.mkDerivation (finalAttrs: { - version = "7.2.0"; + version = "7.3.0"; pname = "openapi-generator-cli"; jarfilename = "${finalAttrs.pname}-${finalAttrs.version}.jar"; @@ -12,7 +12,7 @@ let this = stdenv.mkDerivation (finalAttrs: { src = fetchurl { url = "mirror://maven/org/openapitools/${finalAttrs.pname}/${finalAttrs.version}/${finalAttrs.jarfilename}"; - sha256 = "sha256-HPDIDeEsD9yFlCicGeQUtAIQjvELjdC/2hlTFRNBq10="; + sha256 = "sha256-h5wVNAp1oZp+cg78JCwyI+DkIHsGlNbRzqXH3YfPHM4="; }; dontUnpack = true; diff --git a/pkgs/tools/networking/proxify/default.nix b/pkgs/tools/networking/proxify/default.nix index 19c9828ea84a..3702c0dc5a28 100644 --- a/pkgs/tools/networking/proxify/default.nix +++ b/pkgs/tools/networking/proxify/default.nix @@ -5,16 +5,16 @@ buildGoModule rec { pname = "proxify"; - version = "0.0.12"; + version = "0.0.13"; src = fetchFromGitHub { owner = "projectdiscovery"; repo = "proxify"; rev = "refs/tags/v${version}"; - hash = "sha256-j2FuyoTCc9mcoI683xZkMCL6QXy0dGEheNaormlgUvY="; + hash = "sha256-5sicN/Z26nkxtU/6vDkEMBxyRNHIP7hQ+BvzHuQqBhw="; }; - vendorHash = "sha256-kPj3KBi8Mbsj4BW7Vf1w4mW8EN07FuqgFhAkkLCl8Bc="; + vendorHash = "sha256-90wNln2C5/K1WfX8rv6kKQpHMpxW3hv5zpZpCSHy8ys="; meta = with lib; { description = "Proxy tool for HTTP/HTTPS traffic capture"; diff --git a/pkgs/tools/package-management/dnf5/default.nix b/pkgs/tools/package-management/dnf5/default.nix index 31a19b542e70..a5b7e8f4f813 100644 --- a/pkgs/tools/package-management/dnf5/default.nix +++ b/pkgs/tools/package-management/dnf5/default.nix @@ -30,7 +30,7 @@ stdenv.mkDerivation (finalAttrs: { pname = "dnf5"; - version = "5.1.10"; + version = "5.1.12"; outputs = [ "out" "man" ]; @@ -38,7 +38,7 @@ stdenv.mkDerivation (finalAttrs: { owner = "rpm-software-management"; repo = "dnf5"; rev = finalAttrs.version; - hash = "sha256-u+UiiCl67VtIedW4kn3fycafkgBVsFFkWQcN3NXQKl4="; + hash = "sha256-AzyFc+fBQyyCNzr8ulMEtFEotdUzStsyYOv9ppcIBw4="; }; nativeBuildInputs = [ diff --git a/pkgs/tools/package-management/libdnf/default.nix b/pkgs/tools/package-management/libdnf/default.nix index e7ecfc9c94db..9bce8a919db4 100644 --- a/pkgs/tools/package-management/libdnf/default.nix +++ b/pkgs/tools/package-management/libdnf/default.nix @@ -24,7 +24,7 @@ stdenv.mkDerivation rec { pname = "libdnf"; - version = "0.72.0"; + version = "0.73.0"; outputs = [ "out" "dev" "py" ]; @@ -32,7 +32,7 @@ stdenv.mkDerivation rec { owner = "rpm-software-management"; repo = pname; rev = "refs/tags/${version}"; - hash = "sha256-Ou7cXJz4g8cx2KjeX+IFRA2m158PGKcb9jCXFuAOKqU="; + hash = "sha256-zduxlroqo7aeQYhiTWmEK47YG/ll8hLH/d3xtXdcYhk="; }; nativeBuildInputs = [ diff --git a/pkgs/tools/package-management/nix/patches/boehmgc-coroutine-sp-fallback.patch b/pkgs/tools/package-management/nix/patches/boehmgc-coroutine-sp-fallback.patch index e4e2b3858ad5..578bd325d56b 100644 --- a/pkgs/tools/package-management/nix/patches/boehmgc-coroutine-sp-fallback.patch +++ b/pkgs/tools/package-management/nix/patches/boehmgc-coroutine-sp-fallback.patch @@ -1,8 +1,8 @@ diff --git a/pthread_stop_world.c b/pthread_stop_world.c -index b5d71e62..aed7b0bf 100644 +index 2b45489..0e6d8ef 100644 --- a/pthread_stop_world.c +++ b/pthread_stop_world.c -@@ -768,6 +768,8 @@ STATIC void GC_restart_handler(int sig) +@@ -776,6 +776,8 @@ STATIC void GC_restart_handler(int sig) /* world is stopped. Should not fail if it isn't. */ GC_INNER void GC_push_all_stacks(void) { @@ -11,10 +11,10 @@ index b5d71e62..aed7b0bf 100644 GC_bool found_me = FALSE; size_t nthreads = 0; int i; -@@ -851,6 +853,31 @@ GC_INNER void GC_push_all_stacks(void) - hi = p->altstack + p->altstack_size; +@@ -868,6 +870,31 @@ GC_INNER void GC_push_all_stacks(void) + hi = p->altstack + p->altstack_size; + # endif /* FIXME: Need to scan the normal stack too, but how ? */ - /* FIXME: Assume stack grows down */ + } else { + if (pthread_getattr_np(p->id, &pattr)) { + ABORT("GC_push_all_stacks: pthread_getattr_np failed!"); @@ -41,5 +41,5 @@ index b5d71e62..aed7b0bf 100644 + #error "STACK_GROWS_UP not supported in boost_coroutine2 (as of june 2021), so we don't support it in Nix." + #endif } - GC_push_all_stack_sections(lo, hi, traced_stack_sect); - # ifdef STACK_GROWS_UP + # ifdef STACKPTR_CORRECTOR_AVAILABLE + if (GC_sp_corrector != 0) diff --git a/pkgs/tools/security/bitwarden-directory-connector/default.nix b/pkgs/tools/security/bitwarden-directory-connector/default.nix new file mode 100644 index 000000000000..7f46b444b2e9 --- /dev/null +++ b/pkgs/tools/security/bitwarden-directory-connector/default.nix @@ -0,0 +1,103 @@ +{ + lib, + buildNpmPackage, + electron, + fetchFromGitHub, + buildPackages, + python3, + pkg-config, + libsecret, + nodejs_18, +}: + +let + common = { name, npmBuildScript, installPhase }: buildNpmPackage rec { + pname = name; + version = "2023.10.0"; + nodejs = nodejs_18; + + src = fetchFromGitHub { + owner = "bitwarden"; + repo = "directory-connector"; + rev = "v${version}"; + hash = "sha256-PlOtTh+rpTxAv8ajHBDHZuL7yeeLVpbAfKEDPQlejIg="; + }; + + postPatch = '' + ${lib.getExe buildPackages.jq} 'del(.scripts.preinstall)' package.json > package.json.tmp + mv -f package.json{.tmp,} + + substituteInPlace electron-builder.json \ + --replace-fail '"afterSign": "scripts/notarize.js",' "" \ + --replace-fail "AppImage" "dir" + ''; + + npmDepsHash = "sha256-jBAWWY12qeX2EDhUvT3TQpnQvYXRsIilRrXGpVzxYvw="; + + env.ELECTRON_SKIP_BINARY_DOWNLOAD = "1"; + + makeCacheWritable = true; + inherit npmBuildScript installPhase; + + buildInputs = [ + libsecret + ]; + + nativeBuildInputs = [ + python3 + pkg-config + ]; + + meta = with lib; { + description = "LDAP connector for Bitwarden"; + homepage = "https://github.com/bitwarden/directory-connector"; + license = licenses.gpl3Only; + maintainers = with maintainers; [ Silver-Golden SuperSandro2000 ]; + platforms = platforms.linux; + mainProgram = name; + }; + }; +in { + bitwarden-directory-connector = common { + name = "bitwarden-directory-connector"; + npmBuildScript = "build:dist"; + installPhase = '' + runHook preInstall + + npm exec electron-builder -- \ + --dir \ + -c.electronDist=${electron}/libexec/electron \ + -c.electronVersion=${electron.version} \ + -c.npmRebuild=false + + mkdir -p $out/share/bitwarden-directory-connector $out/bin + cp -r dist/*-unpacked/{locales,resources{,.pak}} $out/share/bitwarden-directory-connector + + makeWrapper ${lib.getExe electron} $out/bin/bitwarden-directory-connector \ + --add-flags $out/share/bitwarden-directory-connector/resources/app.asar \ + --add-flags "\''${NIXOS_OZONE_WL:+\''${WAYLAND_DISPLAY:+--ozone-platform-hint=auto --enable-features=WaylandWindowDecorations}}" \ + --set-default ELECTRON_IS_DEV 0 \ + --inherit-argv0 + + runHook postInstall + ''; + }; + + bitwarden-directory-connector-cli = common { + name = "bitwarden-directory-connector-cli"; + npmBuildScript = "build:cli:prod"; + installPhase = '' + runHook preInstall + + mkdir -p $out/libexec/bitwarden-directory-connector + cp -R build-cli node_modules $out/libexec/bitwarden-directory-connector + + # needs to be wrapped with nodejs so that it can be executed + chmod +x $out/libexec/bitwarden-directory-connector/build-cli/bwdc.js + mkdir -p $out/bin + ln -s $out/libexec/bitwarden-directory-connector/build-cli/bwdc.js $out/bin/bitwarden-directory-connector-cli + + runHook postInstall + ''; + }; +} diff --git a/pkgs/tools/security/bitwarden/default.nix b/pkgs/tools/security/bitwarden/default.nix index 56d0cf676330..5ed43dc6b3b6 100644 --- a/pkgs/tools/security/bitwarden/default.nix +++ b/pkgs/tools/security/bitwarden/default.nix @@ -3,7 +3,7 @@ , cargo , copyDesktopItems , dbus -, electron_27 +, electron_28 , fetchFromGitHub , fetchpatch2 , glib @@ -27,16 +27,16 @@ let description = "A secure and free password manager for all of your devices"; icon = "bitwarden"; - electron = electron_27; + electron = electron_28; in buildNpmPackage rec { pname = "bitwarden"; - version = "2024.1.0"; + version = "2024.2.0"; src = fetchFromGitHub { owner = "bitwarden"; repo = "clients"; rev = "desktop-v${version}"; - hash = "sha256-lDDy1b1yfw3nZrwEEkpvh6xYucgn20XHsGACc45eb2w="; + hash = "sha256-nCjcwe+7Riml/J0hAVv/t6/oHIDPhwFD5A3iQ/LNR5Y="; }; patches = [ @@ -52,7 +52,7 @@ in buildNpmPackage rec { makeCacheWritable = true; npmFlags = [ "--legacy-peer-deps" ]; npmWorkspace = "apps/desktop"; - npmDepsHash = "sha256-RR8Ua41D9SXymiPuabOnIab3byu8DR63rOfdeTaQpy4="; + npmDepsHash = "sha256-GJl9pVwFWEg9yku9IXLcu2XMJZz+ZoQOxCf1TrW715Y="; cargoDeps = rustPlatform.fetchCargoTarball { name = "${pname}-${version}"; @@ -68,7 +68,7 @@ in buildNpmPackage rec { patches; patchFlags = [ "-p4" ]; sourceRoot = "${src.name}/${cargoRoot}"; - hash = "sha256-EiJjIWiyu8MvX3Tj0Fkeh0T0El5kdCko2maiY6kkPPA="; + hash = "sha256-KJUz5hvdsurnohUWRZedXvuWMnLtR0dcdTeHtJGrZBs="; }; cargoRoot = "apps/desktop/desktop_native"; diff --git a/pkgs/tools/security/bkcrack/default.nix b/pkgs/tools/security/bkcrack/default.nix index 6345cbdc9602..afc18759c78d 100644 --- a/pkgs/tools/security/bkcrack/default.nix +++ b/pkgs/tools/security/bkcrack/default.nix @@ -2,33 +2,43 @@ , stdenv , fetchFromGitHub , cmake +, nix-update-script }: -stdenv.mkDerivation rec { +stdenv.mkDerivation (finalAttrs: { pname = "bkcrack"; - version = "1.6.0"; + version = "1.6.1"; src = fetchFromGitHub { owner = "kimci86"; - repo = pname; - rev = "v${version}"; - hash = "sha256-VfPRX9lOPyen8CujiBtTCbD5e7xd9X2OQ1uZ6JWKwtY="; + repo = "bkcrack"; + rev = "v${finalAttrs.version}"; + hash = "sha256-x7JK7+DcD2uSWZRTJQPGCcF2mHBlu6FwYUbuYzbvD+s="; }; + passthru.updateScript = nix-update-script { }; + nativeBuildInputs = [ cmake ]; + cmakeFlags = [ + "-DBKCRACK_BUILD_TESTING=${if finalAttrs.doCheck then "ON" else "OFF"}" + ]; + postInstall = '' - mkdir -p $out/bin $out/share/licenses/bkcrack + mkdir -p $out/bin $out/share/doc/bkcrack $out/share/licenses/bkcrack mv $out/bkcrack $out/bin/ mv $out/license.txt $out/share/licenses/bkcrack - rm -r $out/example $out/tools $out/readme.md + mv $out/example $out/tools $out/readme.md $out/share/doc/bkcrack ''; + doCheck = true; + meta = with lib; { description = "Crack legacy zip encryption with Biham and Kocher's known plaintext attack"; homepage = "https://github.com/kimci86/bkcrack"; license = licenses.zlib; platforms = platforms.unix; maintainers = with maintainers; [ erdnaxe ]; + mainProgram = "bkcrack"; }; -} +}) diff --git a/pkgs/tools/security/cfripper/default.nix b/pkgs/tools/security/cfripper/default.nix index 080fc8ae3e32..5e13a2df14c8 100644 --- a/pkgs/tools/security/cfripper/default.nix +++ b/pkgs/tools/security/cfripper/default.nix @@ -5,15 +5,25 @@ python3.pkgs.buildPythonApplication rec { pname = "cfripper"; - version = "1.15.2"; + version = "1.15.3"; + pyproject = true; src = fetchFromGitHub { owner = "Skyscanner"; - repo = pname; - rev = "refs/tags/${version}"; + repo = "cfripper"; + rev = "refs/tags/v${version}"; hash = "sha256-SmD3Dq5LicPRe3lWFsq4zqM/yDZ1LsgRwSUA5/RbN9I="; }; + postPatch = '' + substituteInPlace setup.py \ + --replace "pluggy~=0.13.1" "pluggy" \ + ''; + + nativeBuildInputs = with python3.pkgs; [ + setuptools + ]; + propagatedBuildInputs = with python3.pkgs; [ boto3 cfn-flip @@ -30,13 +40,6 @@ python3.pkgs.buildPythonApplication rec { pytestCheckHook ]; - postPatch = '' - substituteInPlace setup.py \ - --replace "click~=7.1.1" "click" \ - --replace "pluggy~=0.13.1" "pluggy" \ - --replace "pydash~=4.7.6" "pydash" - ''; - disabledTestPaths = [ # Tests are failing "tests/test_boto3_client.py" @@ -55,6 +58,7 @@ python3.pkgs.buildPythonApplication rec { meta = with lib; { description = "Tool for analysing CloudFormation templates"; homepage = "https://github.com/Skyscanner/cfripper"; + changelog = "https://github.com/Skyscanner/cfripper/releases/tag/v${version}"; license = with licenses; [ asl20 ]; maintainers = with maintainers; [ fab ]; }; diff --git a/pkgs/tools/security/cloudfox/default.nix b/pkgs/tools/security/cloudfox/default.nix index 07b6a546dc2f..48d28257d9f4 100644 --- a/pkgs/tools/security/cloudfox/default.nix +++ b/pkgs/tools/security/cloudfox/default.nix @@ -5,13 +5,13 @@ buildGoModule rec { pname = "cloudfox"; - version = "1.13.2"; + version = "1.13.3"; src = fetchFromGitHub { owner = "BishopFox"; repo = pname; rev = "refs/tags/v${version}"; - hash = "sha256-kklFn8HDMwsOjS0KDrWznGazE7RZtk0crxYEE3RuH8s="; + hash = "sha256-Sq3ARcAK1EFbK6Y+pSCg8ayhVmnEmVQWF0eAiVhJNPs="; }; vendorHash = "sha256-qPIMmyKTmZEmxlLLftRMnBXvo22WFROYlCAAsAb7jDg="; diff --git a/pkgs/tools/security/cnquery/default.nix b/pkgs/tools/security/cnquery/default.nix index bc008a877e56..b418d4a79a04 100644 --- a/pkgs/tools/security/cnquery/default.nix +++ b/pkgs/tools/security/cnquery/default.nix @@ -5,18 +5,18 @@ buildGoModule rec { pname = "cnquery"; - version = "10.1.4"; + version = "10.2.0"; src = fetchFromGitHub { owner = "mondoohq"; repo = "cnquery"; rev = "v${version}"; - hash = "sha256-JQg1tQs+WojtSweA+tP37LqKH8l+CkTEwvoTjKwg3S0="; + hash = "sha256-bz4a4+mgssrRBthkN87aYxlZV6as2uocFvBKrKLmy8A="; }; subPackages = [ "apps/cnquery" ]; - vendorHash = "sha256-+tKz2Zy+tmqOVj9NoYe5lfqmzgBxVkNJOh4/9o9XfmY="; + vendorHash = "sha256-vq6R2FgvoET8SLTpktGLoFzZHqnmizDp0fWU7kqlLgU="; meta = with lib; { description = "cloud-native, graph-based asset inventory"; diff --git a/pkgs/tools/security/gnupg/24.nix b/pkgs/tools/security/gnupg/24.nix index 49beed63b53a..95a6d9c0fa5f 100644 --- a/pkgs/tools/security/gnupg/24.nix +++ b/pkgs/tools/security/gnupg/24.nix @@ -13,11 +13,11 @@ assert guiSupport -> enableMinimal == false; stdenv.mkDerivation rec { pname = "gnupg"; - version = "2.4.3"; + version = "2.4.4"; src = fetchurl { url = "mirror://gnupg/gnupg/${pname}-${version}.tar.bz2"; - hash = "sha256-onGubXMvb02AwlitnuiN2clMj9wzw+RTKMTXwSa9IZ0="; + hash = "sha256-Z+vgFsqQ+naIzmejh+vYLGJh6ViX23sj3yT/M1voW8Y="; }; depsBuildBuild = [ buildPackages.stdenv.cc ]; diff --git a/pkgs/tools/security/osv-scanner/default.nix b/pkgs/tools/security/osv-scanner/default.nix index 2ce9241d18ac..26dfe919c428 100644 --- a/pkgs/tools/security/osv-scanner/default.nix +++ b/pkgs/tools/security/osv-scanner/default.nix @@ -6,16 +6,16 @@ }: buildGoModule rec { pname = "osv-scanner"; - version = "1.6.1"; + version = "1.6.2"; src = fetchFromGitHub { owner = "google"; repo = pname; rev = "v${version}"; - hash = "sha256-ddzdOk2sHNzjCM4cLJY+H9h13MjamlC1RYcnOcDGV4M="; + hash = "sha256-/V0zn4Aic6tBJw23YJWkyeCZXf/ehIZlKWd9TZXe40Y="; }; - vendorHash = "sha256-9cE4UcQipJYwQDZA4jlcV68BBTgft7oRVlngg/PAmWI="; + vendorHash = "sha256-wIXc0YYTdcnUBNbypVwZJ/RNTmaeMteEujmgs5WJ1g0="; subPackages = [ "cmd/osv-scanner" diff --git a/pkgs/tools/security/pcsclite/default.nix b/pkgs/tools/security/pcsclite/default.nix index 08a4b5b08d02..2b55b76b6654 100644 --- a/pkgs/tools/security/pcsclite/default.nix +++ b/pkgs/tools/security/pcsclite/default.nix @@ -21,7 +21,7 @@ stdenv.mkDerivation (finalAttrs: { inherit pname; version = "2.0.1"; - outputs = [ "bin" "out" "dev" "doc" "man" ]; + outputs = [ "out" "lib" "dev" "doc" "man" ]; src = fetchFromGitLab { domain = "salsa.debian.org"; @@ -39,13 +39,21 @@ stdenv.mkDerivation (finalAttrs: { (lib.enableFeature polkitSupport "polkit") ] ++ lib.optionals stdenv.isLinux [ "--enable-ipcdir=/run/pcscd" - "--with-systemdsystemunitdir=${placeholder "bin"}/lib/systemd/system" + "--with-systemdsystemunitdir=${placeholder "out"}/lib/systemd/system" ]; makeFlags = [ "POLICY_DIR=$(out)/share/polkit-1/actions" ]; + # disable building pcsc-wirecheck{,-gen} when cross compiling + # see also: https://github.com/LudovicRousseau/PCSC/issues/25 + postPatch = lib.optionalString (!stdenv.buildPlatform.canExecute stdenv.hostPlatform) '' + substituteInPlace src/Makefile.am \ + --replace "noinst_PROGRAMS = testpcsc pcsc-wirecheck pcsc-wirecheck-gen" \ + "noinst_PROGRAMS = testpcsc" + ''; + postInstall = '' # pcsc-spy is a debugging utility and it drags python into the closure moveToOutput bin/pcsc-spy "$dev" diff --git a/pkgs/tools/security/quark-engine/default.nix b/pkgs/tools/security/quark-engine/default.nix index f89cb35f3029..980842f1b809 100644 --- a/pkgs/tools/security/quark-engine/default.nix +++ b/pkgs/tools/security/quark-engine/default.nix @@ -6,16 +6,20 @@ python3.pkgs.buildPythonApplication rec { pname = "quark-engine"; - version = "23.12.1"; - format = "setuptools"; + version = "24.2.1"; + pyproject = true; src = fetchFromGitHub { owner = pname; repo = pname; rev = "refs/tags/v${version}"; - sha256 = "sha256-NeJGkqGpg2uOsz10gEYz/nzh21DhXSU4RgQtI1brASQ="; + sha256 = "sha256-77yfysmFEneVOiejoCooi1buqEM/Ljv5xqjKv17DFWE="; }; + nativeBuildInputs = with python3.pkgs; [ + setuptools + ]; + propagatedBuildInputs = with python3.pkgs; [ androguard click diff --git a/pkgs/tools/security/tor/torsocks-gethostbyaddr-darwin.patch b/pkgs/tools/security/tor/torsocks-gethostbyaddr-darwin.patch new file mode 100644 index 000000000000..d7d834271a94 --- /dev/null +++ b/pkgs/tools/security/tor/torsocks-gethostbyaddr-darwin.patch @@ -0,0 +1,33 @@ +diff --git a/tests/test_dns.c b/tests/test_dns.c +index 7e07663..acf095c 100644 +--- a/tests/test_dns.c ++++ b/tests/test_dns.c +@@ -76,6 +76,8 @@ static void test_gethostbyname(const struct test_host *host) + return; + } + ++#ifdef __linux__ ++ + static void test_gethostbyaddr_r_failed(void) + { + int result; +@@ -129,6 +131,8 @@ static void test_gethostbyaddr_r(const struct test_host *host) + ok(1, "Resolved address"); + } + ++#endif ++ + static void test_gethostbyaddr(const struct test_host *host) + { + struct hostent *he; +@@ -199,8 +203,10 @@ int main(int argc, char **argv) + test_getaddrinfo(&tor_check); + test_gethostbyname(&tor_dir_auth1); + test_gethostbyaddr(&tor_dir_auth2); ++#ifdef __linux__ + test_gethostbyaddr_r(&tor_dir_auth2); + test_gethostbyaddr_r_failed(); ++#endif + test_getaddrinfo(&tor_localhost); + + end: diff --git a/pkgs/tools/security/tor/torsocks.nix b/pkgs/tools/security/tor/torsocks.nix index 16eeca0ffad7..6c5be8fcc7bd 100644 --- a/pkgs/tools/security/tor/torsocks.nix +++ b/pkgs/tools/security/tor/torsocks.nix @@ -1,22 +1,39 @@ -{ lib, stdenv, fetchgit, fetchurl, autoreconfHook, libcap }: +{ lib +, stdenv +, fetchFromGitLab +, fetchpatch +, autoreconfHook +, libcap +}: stdenv.mkDerivation rec { pname = "torsocks"; - version = "2.3.0"; + version = "2.4.0"; - src = fetchgit { - url = "https://git.torproject.org/torsocks.git"; - rev = "refs/tags/v${version}"; - sha256 = "0x0wpcigf22sjxg7bm0xzqihmsrz51hl4v8xf91qi4qnmr4ny1hb"; + src = fetchFromGitLab { + domain = "gitlab.torproject.org"; + group = "tpo"; + owner = "core"; + repo = "torsocks"; + rev = "v${version}"; + sha256 = "sha256-ocJkoF9LMLC84ukFrm5pzjp/1gaXqDz8lzr9TdG+f88="; }; - nativeBuildInputs = [ autoreconfHook ]; - - patches = lib.optional stdenv.isDarwin - (fetchurl { - url = "https://trac.torproject.org/projects/tor/raw-attachment/ticket/28538/0001-Fix-macros-for-accept4-2.patch"; - sha256 = "97881f0b59b3512acc4acb58a0d6dfc840d7633ead2f400fad70dda9b2ba30b0"; - }); + patches = [ + # fix compatibility with C99 + # https://gitlab.torproject.org/tpo/core/torsocks/-/merge_requests/9 + (fetchpatch { + url = "https://gitlab.torproject.org/tpo/core/torsocks/-/commit/1171bf2fd4e7a0cab02cf5fca59090b65af9cd29.patch"; + hash = "sha256-qu5/0fy72+02QI0cVE/6YrR1kPuJxsZfG8XeODqVOPY="; + }) + # tsocks_libc_accept4 only exists on Linux, use tsocks_libc_accept on other platforms + (fetchpatch { + url = "https://gitlab.torproject.org/tpo/core/torsocks/uploads/eeec9833512850306a42a0890d283d77/0001-Fix-macros-for-accept4-2.patch"; + hash = "sha256-XWi8+UFB8XgBFSl5QDJ+hLu/dH4CvAwYbeZz7KB10Bs="; + }) + # no gethostbyaddr_r on darwin + ./torsocks-gethostbyaddr-darwin.patch + ]; postPatch = '' # Patch torify_app() @@ -29,12 +46,14 @@ stdenv.mkDerivation rec { src/bin/torsocks.in ''; + nativeBuildInputs = [ autoreconfHook ]; + doInstallCheck = true; installCheckTarget = "check-recursive"; meta = { description = "Wrapper to safely torify applications"; - homepage = "https://github.com/dgoulet/torsocks"; + homepage = "https://gitlab.torproject.org/tpo/core/torsocks"; license = lib.licenses.gpl2; platforms = lib.platforms.unix; maintainers = with lib.maintainers; [ thoughtpolice ]; diff --git a/pkgs/tools/security/trufflehog/default.nix b/pkgs/tools/security/trufflehog/default.nix index 0e064ae788ce..cfb6fb85b82b 100644 --- a/pkgs/tools/security/trufflehog/default.nix +++ b/pkgs/tools/security/trufflehog/default.nix @@ -7,16 +7,16 @@ buildGoModule rec { pname = "trufflehog"; - version = "3.67.4"; + version = "3.67.5"; src = fetchFromGitHub { owner = "trufflesecurity"; repo = "trufflehog"; rev = "refs/tags/v${version}"; - hash = "sha256-SdOXHsd10nKD8Am5v3WUrptsHbUOe07i1bNwrHhWKpM="; + hash = "sha256-163tIYqWUvfbN4Vh+nqQ98nHHFwEg0esJplBB5ivqOY="; }; - vendorHash = "sha256-tYW6MP1ayF6ExM1XQVA6AeRzXNdqzQLeYIqo85jKLz4="; + vendorHash = "sha256-Kp78cAg3zpxZkJlVAvaxbq6GvUH/4HTH6Xz9EIo9tc0="; ldflags = [ "-s" diff --git a/pkgs/tools/security/yara/default.nix b/pkgs/tools/security/yara/default.nix index 83f772d48410..946a424ca681 100644 --- a/pkgs/tools/security/yara/default.nix +++ b/pkgs/tools/security/yara/default.nix @@ -1,5 +1,6 @@ { lib, stdenv , fetchFromGitHub +, fetchpatch , autoreconfHook , pcre , pkg-config @@ -24,6 +25,15 @@ stdenv.mkDerivation rec { hash = "sha256-axHFy7YwLhhww+lh+ORyW6YG+T385msysIHK5SMyhMk="; }; + # FIXME: make unconditional on staging + patches = lib.optionals (!stdenv.hostPlatform.isGnu && !stdenv.hostPlatform.isDarwin) [ + (fetchpatch { + name = "musl.patch"; + url = "https://github.com/VirusTotal/yara/commit/515ed861cf30e154b14a69ffd46c347fb81df72f.patch"; + hash = "sha256-2scnUyz0SSkNRlsVQapPgI1ATIPXEogqtxbimYYq4Jo="; + }) + ]; + nativeBuildInputs = [ autoreconfHook pkg-config diff --git a/pkgs/tools/system/amtterm/default.nix b/pkgs/tools/system/amtterm/default.nix index eb6ec1765f68..6ec57c253e89 100644 --- a/pkgs/tools/system/amtterm/default.nix +++ b/pkgs/tools/system/amtterm/default.nix @@ -22,7 +22,6 @@ stdenv.mkDerivation (finalAttrs: { { description = "Intel AMTĀ® SoL client + tools"; homepage = "https://www.kraxel.org/cgit/amtterm/"; license = licenses.gpl2; - maintainers = [ maintainers.ehmry ]; platforms = platforms.linux; }; }) diff --git a/pkgs/tools/system/efivar/default.nix b/pkgs/tools/system/efivar/default.nix index 8507c7c7cec0..9ddb83ca5e36 100644 --- a/pkgs/tools/system/efivar/default.nix +++ b/pkgs/tools/system/efivar/default.nix @@ -29,6 +29,13 @@ stdenv.mkDerivation rec { url = "https://github.com/rhboot/efivar/commit/cece3ffd5be2f8641eb694513f2b73e5eb97ffd3.patch"; sha256 = "7/E0gboU0A45/BY6jGPLuvds6qKtNjzpgKgdNTaVaZQ="; }) + + # Fix build against gcc-13: https://github.com/rhboot/efivar/pull/242 + (fetchpatch { + name = "gcc-13.patch"; + url = "https://github.com/rhboot/efivar/commit/52fece47d4f3ebd588bd85598bfc7a0142365f7e.patch"; + hash = "sha256-tOmxbY7kD6kzbBZ2RhQ5gCCpHtu+2gRNa7VUAWdCKu0="; + }) ]; nativeBuildInputs = [ pkg-config mandoc ]; diff --git a/pkgs/tools/system/netdata/go.d.plugin.nix b/pkgs/tools/system/netdata/go.d.plugin.nix index c741d1d62beb..ce53b278a9bd 100644 --- a/pkgs/tools/system/netdata/go.d.plugin.nix +++ b/pkgs/tools/system/netdata/go.d.plugin.nix @@ -2,16 +2,16 @@ buildGoModule rec { pname = "netdata-go-plugins"; - version = "0.58.0"; + version = "0.58.1"; src = fetchFromGitHub { owner = "netdata"; repo = "go.d.plugin"; rev = "v${version}"; - hash = "sha256-XZBF0uNXTo5UcBuhMVznij+QGhHM06j5J2xflZf40kI="; + hash = "sha256-zzHm98jec7MXnzVsrLlYIk+ILA3Ei43853dM1LdFz5c="; }; - vendorHash = "sha256-bdW6ZDMYVFGWD7KEDU2kaoccgwbOPl7ADnZ1npGBLAc="; + vendorHash = "sha256-eb+GRFhfWxDkfH4x2VF3ogyT5z4OcIoqHtEVJ1tGsdA="; doCheck = false; diff --git a/pkgs/tools/text/frogmouth/default.nix b/pkgs/tools/text/frogmouth/default.nix index 9ec9134c661e..68d63dc7aa5f 100644 --- a/pkgs/tools/text/frogmouth/default.nix +++ b/pkgs/tools/text/frogmouth/default.nix @@ -15,13 +15,6 @@ python3.pkgs.buildPythonApplication rec { hash = "sha256-0fcCON/M9JklE7X9aRfzTkEFG4ckJqLoQlYCSrWHHGQ="; }; - # Per <https://github.com/srstevenson/xdg-base-dirs/tree/6.0.0#xdg-base-dirs>, the package is - # renamed from `xdg` to `xdg_base_dirs`, but upstream isn't amenable to performing that rename. - # See <https://github.com/Textualize/frogmouth/pull/59>. So this is a minimal fix. - postUnpack = '' - sed -i -e "s,from xdg import,from xdg_base_dirs import," $sourceRoot/frogmouth/data/{config,data_directory}.py - ''; - nativeBuildInputs = [ python3.pkgs.poetry-core python3.pkgs.pythonRelaxDepsHook @@ -31,13 +24,12 @@ python3.pkgs.buildPythonApplication rec { httpx textual typing-extensions - xdg-base-dirs + xdg ]; pythonRelaxDeps = [ "httpx" "textual" - "xdg-base-dirs" ]; pythonImportsCheck = [ "frogmouth" ]; diff --git a/pkgs/tools/text/grip-search/default.nix b/pkgs/tools/text/grip-search/default.nix index 57f0139dbc98..dd272af06bf3 100644 --- a/pkgs/tools/text/grip-search/default.nix +++ b/pkgs/tools/text/grip-search/default.nix @@ -1,4 +1,4 @@ -{ lib, stdenv, fetchFromGitHub, boost, pkg-config, cmake, catch2 }: +{ lib, stdenv, fetchFromGitHub, fetchpatch, boost, pkg-config, cmake, catch2 }: stdenv.mkDerivation rec { pname = "grip-search"; @@ -17,8 +17,17 @@ stdenv.mkDerivation rec { buildInputs = [ boost ]; - patchPhase = '' - substituteInPlace src/general/config.h --replace "CUSTOM-BUILD" "${version}" + patches = [ + # Can be removed after this upstream PR gets merged: https://github.com/sc0ty/grip/pull/6 + (fetchpatch { + name = "include-cstdint.patch"; + url = "https://github.com/sc0ty/grip/commit/da37b3c805306ee4ea617ce3f1487b8ee9876e50.patch"; + hash = "sha256-Xh++oDn5qn5NPgng7gfeCkO5FN9OmW+8fGhDLpAJfR8="; + }) + ]; + + postPatch = '' + substituteInPlace src/general/config.h --replace-fail "CUSTOM-BUILD" "${version}" ''; meta = with lib; { |