diff options
Diffstat (limited to 'pkgs/tools')
-rw-r--r-- | pkgs/tools/X11/xdg-utils/default.nix | 2 | ||||
-rw-r--r-- | pkgs/tools/archivers/unzip/default.nix | 2 | ||||
-rw-r--r-- | pkgs/tools/archivers/zpaq/default.nix | 2 | ||||
-rw-r--r-- | pkgs/tools/audio/liquidsoap/full.nix | 4 | ||||
-rw-r--r-- | pkgs/tools/compression/zsync/default.nix | 2 | ||||
-rw-r--r-- | pkgs/tools/filesystems/btrfs-progs/default.nix | 11 | ||||
-rw-r--r-- | pkgs/tools/graphics/zbar/0.23.92-CVE-2023-40889.patch | 17 | ||||
-rw-r--r-- | pkgs/tools/graphics/zbar/0.23.92-CVE-2023-40890.patch | 26 | ||||
-rw-r--r-- | pkgs/tools/graphics/zbar/default.nix | 12 | ||||
-rw-r--r-- | pkgs/tools/networking/ockam/default.nix | 6 | ||||
-rw-r--r-- | pkgs/tools/package-management/nix/common.nix | 2 |
11 files changed, 26 insertions, 60 deletions
diff --git a/pkgs/tools/X11/xdg-utils/default.nix b/pkgs/tools/X11/xdg-utils/default.nix index cf46239939b5..3be7b2fd0ee6 100644 --- a/pkgs/tools/X11/xdg-utils/default.nix +++ b/pkgs/tools/X11/xdg-utils/default.nix @@ -85,7 +85,7 @@ stdenv.mkDerivation rec { meta = with lib; { homepage = "https://www.freedesktop.org/wiki/Software/xdg-utils/"; description = "A set of command line tools that assist applications with a variety of desktop integration tasks"; - license = if mimiSupport then licenses.gpl2 else licenses.free; + license = if mimiSupport then licenses.gpl2 else licenses.mit; maintainers = [ maintainers.eelco ]; platforms = platforms.all; }; diff --git a/pkgs/tools/archivers/unzip/default.nix b/pkgs/tools/archivers/unzip/default.nix index ab37ef98c0bd..9860817cf3e1 100644 --- a/pkgs/tools/archivers/unzip/default.nix +++ b/pkgs/tools/archivers/unzip/default.nix @@ -100,7 +100,7 @@ stdenv.mkDerivation rec { meta = { homepage = "http://www.info-zip.org"; description = "An extraction utility for archives compressed in .zip format"; - license = lib.licenses.free; # http://www.info-zip.org/license.html + license = lib.licenses.info-zip; platforms = lib.platforms.all; mainProgram = "unzip"; }; diff --git a/pkgs/tools/archivers/zpaq/default.nix b/pkgs/tools/archivers/zpaq/default.nix index 7c394e27d178..6a03b825e902 100644 --- a/pkgs/tools/archivers/zpaq/default.nix +++ b/pkgs/tools/archivers/zpaq/default.nix @@ -27,7 +27,7 @@ stdenv.mkDerivation rec { homepage = "http://mattmahoney.net/dc/zpaq.html"; license = licenses.gpl3Plus ; maintainers = with maintainers; [ raskin ]; - platforms = platforms.linux; + platforms = platforms.unix; mainProgram = "zpaq"; }; } diff --git a/pkgs/tools/audio/liquidsoap/full.nix b/pkgs/tools/audio/liquidsoap/full.nix index 22925dce99fa..87914436fd49 100644 --- a/pkgs/tools/audio/liquidsoap/full.nix +++ b/pkgs/tools/audio/liquidsoap/full.nix @@ -7,7 +7,7 @@ let pname = "liquidsoap"; - version = "2.2.2"; + version = "2.2.3"; in stdenv.mkDerivation { inherit pname version; @@ -16,7 +16,7 @@ stdenv.mkDerivation { owner = "savonet"; repo = "liquidsoap"; rev = "refs/tags/v${version}"; - hash = "sha256-t7rkWHSAd3DaTCXaGfL9NcIQYT+f4Od9D6huuZlwhWk="; + hash = "sha256-oCMSdmdU3oHrq3QFEDQLdb3CLFYcWylxTqKWtGOoQW8="; }; postPatch = '' diff --git a/pkgs/tools/compression/zsync/default.nix b/pkgs/tools/compression/zsync/default.nix index b92112a4816e..0de21cb9c736 100644 --- a/pkgs/tools/compression/zsync/default.nix +++ b/pkgs/tools/compression/zsync/default.nix @@ -14,7 +14,7 @@ stdenv.mkDerivation rec { meta = with lib; { homepage = "http://zsync.moria.org.uk/"; description = "File distribution system using the rsync algorithm"; - license = licenses.free; + license = licenses.artistic2; maintainers = with maintainers; [ viric ]; platforms = with platforms; all; }; diff --git a/pkgs/tools/filesystems/btrfs-progs/default.nix b/pkgs/tools/filesystems/btrfs-progs/default.nix index 676194736731..ba40e432cad1 100644 --- a/pkgs/tools/filesystems/btrfs-progs/default.nix +++ b/pkgs/tools/filesystems/btrfs-progs/default.nix @@ -1,5 +1,5 @@ { lib, stdenv, fetchurl -, pkg-config, sphinx +, pkg-config, python3 , zstd , acl, attr, e2fsprogs, libuuid, lzo, udev, zlib , runCommand, btrfs-progs @@ -9,17 +9,20 @@ stdenv.mkDerivation rec { pname = "btrfs-progs"; - version = "6.6.2"; + version = "6.6.3"; src = fetchurl { url = "mirror://kernel/linux/kernel/people/kdave/btrfs-progs/btrfs-progs-v${version}.tar.xz"; - hash = "sha256-tCZzbclOKwS2mD6ZjE3EJ9wWbWbd6iRsiQ7ZwqRQBE8="; + hash = "sha256-9BzlP2Zz/1Ue5KP+fclgHloN3mttCRd9H6ticYq8bZo="; }; nativeBuildInputs = [ pkg-config ] ++ [ - sphinx + (python3.withPackages (ps: with ps; [ + sphinx + sphinx-rtd-theme + ])) ]; buildInputs = [ acl attr e2fsprogs libuuid lzo udev zlib zstd ]; diff --git a/pkgs/tools/graphics/zbar/0.23.92-CVE-2023-40889.patch b/pkgs/tools/graphics/zbar/0.23.92-CVE-2023-40889.patch deleted file mode 100644 index 7b7ca5a0befa..000000000000 --- a/pkgs/tools/graphics/zbar/0.23.92-CVE-2023-40889.patch +++ /dev/null @@ -1,17 +0,0 @@ -Simple bounds checks for CVE-2023-40889, based on third-party -fix by Remi Meier @ -https://github.com/Raemi/zbar/commit/5e8acc6974f17e56c3ddaa5509870beb8d7a599c - ---- a/zbar/qrcode/qrdec.c -+++ b/zbar/qrcode/qrdec.c -@@ -3900,8 +3900,8 @@ void qr_reader_match_centers(qr_reader *_reader,qr_code_data_list *_qrlist, - /*TODO: We might be able to accelerate this step significantly by - considering the remaining finder centers in a more intelligent order, - based on the first finder center we just chose.*/ -- for(j=i+1;!mark[i]&&j<_ncenters;j++){ -- for(k=j+1;!mark[j]&&k<_ncenters;k++)if(!mark[k]){ -+ for(j=i+1; i < _ncenters && !mark[i]&&j<_ncenters;j++){ -+ for(k=j+1; j < _ncenters && !mark[j]&&k<_ncenters;k++)if(!mark[k]){ - qr_finder_center *c[3]; - qr_code_data qrdata; - int version; diff --git a/pkgs/tools/graphics/zbar/0.23.92-CVE-2023-40890.patch b/pkgs/tools/graphics/zbar/0.23.92-CVE-2023-40890.patch deleted file mode 100644 index 3576df214ae1..000000000000 --- a/pkgs/tools/graphics/zbar/0.23.92-CVE-2023-40890.patch +++ /dev/null @@ -1,26 +0,0 @@ -Simple bounds checks for CVE-2023-40890 - ---- a/zbar/decoder/databar.c -+++ b/zbar/decoder/databar.c -@@ -23,6 +23,8 @@ - - #include <config.h> - #include <zbar.h> -+#include <stdlib.h> -+#include <stdio.h> - - #ifdef DEBUG_DATABAR - # define DEBUG_LEVEL (DEBUG_DATABAR) -@@ -691,6 +693,12 @@ lookup_sequence (databar_segment_t *seg, - fixed = -1; - s <<= 1; - dbprintf(2, "%x", s); -+ -+ if (i > 20) { -+ fprintf(stderr, "Bug: Out-of-bounds condition detected\n"); -+ exit(99); -+ } -+ - seq[i++] = s++; - seq[i++] = s; - } diff --git a/pkgs/tools/graphics/zbar/default.nix b/pkgs/tools/graphics/zbar/default.nix index 5a1d7e94fdf6..fe398bf53314 100644 --- a/pkgs/tools/graphics/zbar/default.nix +++ b/pkgs/tools/graphics/zbar/default.nix @@ -44,8 +44,16 @@ stdenv.mkDerivation rec { }; patches = [ - ./0.23.92-CVE-2023-40889.patch - ./0.23.92-CVE-2023-40890.patch + (fetchpatch { + name = "CVE-2023-40889.patch"; + url = "https://salsa.debian.org/debian/zbar/-/raw/debian/0.23.92-9/debian/patches/0003-CVE-2023-40889-qrdec.c-Fix-array-out-of-bounds-acces.patch"; + hash = "sha256-z0IADJwUt9PBoox5xJJN//5vrcRbIrWB9H7wtxNVUZU="; + }) + (fetchpatch { + name = "CVE-2023-40890.patch"; + url = "https://salsa.debian.org/debian/zbar/-/raw/debian/0.23.92-9/debian/patches/0004-Add-bounds-check-for-CVE-2023-40890.patch"; + hash = "sha256-YgiptwXpRpz0qIcXBpARfIzSB8KYmksZR58o5yFPahs="; + }) ]; nativeBuildInputs = [ diff --git a/pkgs/tools/networking/ockam/default.nix b/pkgs/tools/networking/ockam/default.nix index fe0bbf374635..55a1300c06d0 100644 --- a/pkgs/tools/networking/ockam/default.nix +++ b/pkgs/tools/networking/ockam/default.nix @@ -12,7 +12,7 @@ let pname = "ockam"; - version = "0.105.0"; + version = "0.111.0"; in rustPlatform.buildRustPackage { inherit pname version; @@ -21,10 +21,10 @@ rustPlatform.buildRustPackage { owner = "build-trust"; repo = pname; rev = "ockam_v${version}"; - sha256 = "sha256-YS98elkf1iIslC1dAf+Os2VoA0pmHmkQN0//PtBRBcM="; + sha256 = "sha256-pd27611px/TXnO5FlRjBI8iQ64l5X9fmfCG/KnR7AAI="; }; - cargoHash = "sha256-aW+Pc2C7vohUAByrzBiOaJlBPfSLAv0FrOxRiB1AM9k="; + cargoHash = "sha256-O91enOKMoTfFTv8Hkg3qBSstJpxtKxZVITqGlZQUL/4="; nativeBuildInputs = [ git pkg-config ]; buildInputs = [ openssl dbus ] ++ lib.optionals stdenv.isDarwin [ Security ]; diff --git a/pkgs/tools/package-management/nix/common.nix b/pkgs/tools/package-management/nix/common.nix index d61384ec1055..0ea47dd7e17c 100644 --- a/pkgs/tools/package-management/nix/common.nix +++ b/pkgs/tools/package-management/nix/common.nix @@ -182,8 +182,6 @@ self = stdenv.mkDerivation { "--enable-gc" ] ++ lib.optionals (!enableDocumentation) [ "--disable-doc-gen" - ] ++ lib.optionals atLeast214 [ - "CXXFLAGS=-I${lib.getDev rapidcheck}/extras/gtest/include" ] ++ lib.optionals stdenv.isLinux [ "--with-sandbox-shell=${busybox-sandbox-shell}/bin/busybox" ] ++ lib.optionals (atLeast210 && stdenv.isLinux && stdenv.hostPlatform.isStatic) [ |