diff options
Diffstat (limited to 'pkgs')
182 files changed, 2219 insertions, 2057 deletions
diff --git a/pkgs/applications/editors/ed/sources.nix b/pkgs/applications/editors/ed/sources.nix index 5cb750183053..e78a6085ddda 100644 --- a/pkgs/applications/editors/ed/sources.nix +++ b/pkgs/applications/editors/ed/sources.nix @@ -23,10 +23,10 @@ in { ed = let pname = "ed"; - version = "1.19"; + version = "1.20"; src = fetchurl { url = "mirror://gnu/ed/ed-${version}.tar.lz"; - hash = "sha256-zi8uXEJHkKqW0J2suT2bv9wLfrYknJy3U4RS6Ox3zUg="; + hash = "sha256-xgMN7+auFy8Wh5Btc1QFTHWmqRMK8xnU5zxQqRlZxaY="; }; in import ./generic.nix { inherit pname version src meta; diff --git a/pkgs/applications/editors/emacs/sources.nix b/pkgs/applications/editors/emacs/sources.nix index 37bab4923bfc..aa73fa29b0d1 100644 --- a/pkgs/applications/editors/emacs/sources.nix +++ b/pkgs/applications/editors/emacs/sources.nix @@ -77,10 +77,10 @@ in emacs29 = import ./make-emacs.nix (mkArgs { pname = "emacs"; - version = "29.1"; + version = "29.2"; variant = "mainline"; - rev = "29.1"; - hash = "sha256-3HDCwtOKvkXwSULf3W7YgTz4GV8zvYnh2RrL28qzGKg="; + rev = "29.2"; + hash = "sha256-qSQmQzVyEGSr4GAI6rqnEwBvhl09D2D8MNasHqZQPL8="; }); emacs28-macport = import ./make-emacs.nix (mkArgs { diff --git a/pkgs/build-support/cc-wrapper/add-hardening.sh b/pkgs/build-support/cc-wrapper/add-hardening.sh index 2eae278da160..e884f8388b58 100644 --- a/pkgs/build-support/cc-wrapper/add-hardening.sh +++ b/pkgs/build-support/cc-wrapper/add-hardening.sh @@ -32,7 +32,7 @@ if [[ -n "${hardeningEnableMap[fortify3]-}" ]]; then fi if (( "${NIX_DEBUG:-0}" >= 1 )); then - declare -a allHardeningFlags=(fortify fortify3 stackprotector pie pic strictoverflow format) + declare -a allHardeningFlags=(fortify fortify3 stackprotector pie pic strictoverflow format zerocallusedregs) declare -A hardeningDisableMap=() # Determine which flags were effectively disabled so we can report below. @@ -110,6 +110,10 @@ for flag in "${!hardeningEnableMap[@]}"; do if (( "${NIX_DEBUG:-0}" >= 1 )); then echo HARDENING: enabling format >&2; fi hardeningCFlagsBefore+=('-Wformat' '-Wformat-security' '-Werror=format-security') ;; + zerocallusedregs) + if (( "${NIX_DEBUG:-0}" >= 1 )); then echo HARDENING: enabling zerocallusedregs >&2; fi + hardeningCFlagsBefore+=('-fzero-call-used-regs=used-gpr') + ;; *) # Ignore unsupported. Checked in Nix that at least *some* # tool supports each flag. diff --git a/pkgs/build-support/cc-wrapper/default.nix b/pkgs/build-support/cc-wrapper/default.nix index 59aaa41e9c17..693c6e6fcfd4 100644 --- a/pkgs/build-support/cc-wrapper/default.nix +++ b/pkgs/build-support/cc-wrapper/default.nix @@ -223,6 +223,15 @@ let defaultHardeningFlags = bintools.defaultHardeningFlags or []; + # if cc.hardeningUnsupportedFlagsByTargetPlatform exists, this is + # called with the targetPlatform as an argument and + # cc.hardeningUnsupportedFlags is completely ignored - the function + # is responsible for including the constant hardeningUnsupportedFlags + # list however it sees fit. + ccHardeningUnsupportedFlags = if cc ? hardeningUnsupportedFlagsByTargetPlatform + then cc.hardeningUnsupportedFlagsByTargetPlatform targetPlatform + else (cc.hardeningUnsupportedFlags or []); + darwinPlatformForCC = optionalString stdenv.targetPlatform.isDarwin ( if (targetPlatform.darwinPlatform == "macos" && isGNU) then "macosx" else targetPlatform.darwinPlatform @@ -584,7 +593,7 @@ stdenv.mkDerivation { ## Hardening support ## + '' - export hardening_unsupported_flags="${builtins.concatStringsSep " " (cc.hardeningUnsupportedFlags or [])}" + export hardening_unsupported_flags="${builtins.concatStringsSep " " ccHardeningUnsupportedFlags}" '' # Machine flags. These are necessary to support diff --git a/pkgs/build-support/rust/rustc-wrapper/rustc-wrapper.sh b/pkgs/build-support/rust/rustc-wrapper/rustc-wrapper.sh index 2082f3126a53..4a90e30652fe 100644 --- a/pkgs/build-support/rust/rustc-wrapper/rustc-wrapper.sh +++ b/pkgs/build-support/rust/rustc-wrapper/rustc-wrapper.sh @@ -4,7 +4,7 @@ defaultSysroot=(@sysroot@) for arg; do case "$arg" in - --sysroot) + --sysroot|--sysroot=*) defaultSysroot=() ;; --) diff --git a/pkgs/by-name/al/alsa-lib/package.nix b/pkgs/by-name/al/alsa-lib/package.nix index f0eb34906073..f22f68d19cf8 100644 --- a/pkgs/by-name/al/alsa-lib/package.nix +++ b/pkgs/by-name/al/alsa-lib/package.nix @@ -8,11 +8,11 @@ stdenv.mkDerivation (finalAttrs: { pname = "alsa-lib"; - version = "1.2.9"; + version = "1.2.11"; src = fetchurl { url = "mirror://alsa/lib/${finalAttrs.pname}-${finalAttrs.version}.tar.bz2"; - hash = "sha256-3JxkP9xMz9BXLMaFhY3UHgivtYPzBGCzF+QYgnX2FbI="; + hash = "sha256-nz8vabmV+a03NZBy+8aaOoi/uggfyD6b4w4UZieVu00="; }; patches = [ diff --git a/pkgs/by-name/al/alsa-ucm-conf/package.nix b/pkgs/by-name/al/alsa-ucm-conf/package.nix index b7203a737638..cb3bf00a0038 100644 --- a/pkgs/by-name/al/alsa-ucm-conf/package.nix +++ b/pkgs/by-name/al/alsa-ucm-conf/package.nix @@ -1,4 +1,4 @@ -{ lib, stdenv, fetchurl }: +{ lib, stdenv, fetchurl, fetchpatch }: stdenv.mkDerivation rec { pname = "alsa-ucm-conf"; @@ -9,6 +9,16 @@ stdenv.mkDerivation rec { hash = "sha256-nCHj8B/wC6p1jfF+hnzTbiTrtBpr7ElzfpkQXhbyrpc="; }; + patches = [ + (fetchpatch { + # ToDo: Remove this patch in the next package upgrade + # Fixes SplitPCM to make some audio devices work with alsa-ucm-conf v1.2.10 again + name = "alsa-ucm-conf-splitpcm-device-argument-fix.patch"; + url = "https://github.com/alsa-project/alsa-ucm-conf/commit/b68aa52acdd2763fedad5eec0f435fbf43e5ccc6.patch"; + hash = "sha256-8WE4+uhi4W7cCSZYmL7uFpcHJ9muX09UkGXyZIpEd9I="; + }) + ]; + dontBuild = true; installPhase = '' diff --git a/pkgs/by-name/bl/bluez/package.nix b/pkgs/by-name/bl/bluez/package.nix index 4704ecd07896..b87c84fe7f67 100644 --- a/pkgs/by-name/bl/bluez/package.nix +++ b/pkgs/by-name/bl/bluez/package.nix @@ -5,7 +5,6 @@ , docutils , ell , enableExperimental ? false -, fetchpatch , fetchurl , glib , json_c @@ -19,13 +18,23 @@ stdenv.mkDerivation (finalAttrs: { pname = "bluez"; - version = "5.71"; + version = "5.72"; src = fetchurl { url = "mirror://kernel/linux/bluetooth/bluez-${finalAttrs.version}.tar.xz"; - hash = "sha256-uCjUGMk87R9Vthb7VILPAVN0QL+zT72hpWTz7OlHNdg="; + hash = "sha256-SZ1/o0WplsG7ZQ9cZ0nh2SkRH6bs4L4OmGh/7mEkU24="; }; + patches = + # Disable one failing test with musl libc, also seen by alpine + # https://github.com/bluez/bluez/issues/726 + lib.optional (stdenv.hostPlatform.isMusl && stdenv.hostPlatform.isx86_64) + (fetchurl { + url = "https://git.alpinelinux.org/aports/plain/main/bluez/disable_aics_unit_testcases.patch?id=8e96f7faf01a45f0ad8449c1cd825db63a8dfd48"; + hash = "sha256-1PJkipqBO3qxxOqRFQKfpWlne1kzTCgtnTFYI1cFQt4="; + }) + ; + buildInputs = [ alsa-lib dbus @@ -41,6 +50,7 @@ stdenv.mkDerivation (finalAttrs: { nativeBuildInputs = [ docutils pkg-config + python3.pkgs.pygments python3.pkgs.wrapPython ]; diff --git a/pkgs/by-name/cm/cmake/package.nix b/pkgs/by-name/cm/cmake/package.nix index 51db582b68f2..42dbacac67b9 100644 --- a/pkgs/by-name/cm/cmake/package.nix +++ b/pkgs/by-name/cm/cmake/package.nix @@ -46,11 +46,11 @@ stdenv.mkDerivation (finalAttrs: { + lib.optionalString isMinimalBuild "-minimal" + lib.optionalString cursesUI "-cursesUI" + lib.optionalString qt5UI "-qt5UI"; - version = "3.27.8"; + version = "3.27.9"; src = fetchurl { url = "https://cmake.org/files/v${lib.versions.majorMinor finalAttrs.version}/cmake-${finalAttrs.version}.tar.gz"; - hash = "sha256-/s4kVj9peHD7uYLqi/F0gsnV+FXYyb8LgkY9dsno0Mw="; + hash = "sha256-YJqbmFcqal6kd/kSz/uXMQntTQpqaz+eI1PSzcBIcI4="; }; patches = [ @@ -68,6 +68,7 @@ stdenv.mkDerivation (finalAttrs: { ++ lib.optional stdenv.isDarwin ./006-darwin-always-set-runtime-c-flag.diff; outputs = [ "out" ] ++ lib.optionals buildDocs [ "man" "info" ]; + separateDebugInfo = true; setOutputFlags = false; setupHooks = [ diff --git a/pkgs/development/libraries/libcamera/default.nix b/pkgs/by-name/li/libcamera/package.nix index 232fb29ecbe5..a6a0fe8fa7c3 100644 --- a/pkgs/development/libraries/libcamera/default.nix +++ b/pkgs/by-name/li/libcamera/package.nix @@ -1,7 +1,7 @@ { stdenv , fetchgit -, fetchpatch , lib +, fetchpatch , meson , ninja , pkg-config @@ -18,29 +18,23 @@ , python3 , python3Packages , systemd # for libudev +, withQcam ? false +, qt5 # withQcam +, libtiff # withQcam }: stdenv.mkDerivation rec { pname = "libcamera"; - version = "0.1.0"; + version = "0.2.0"; src = fetchgit { url = "https://git.libcamera.org/libcamera/libcamera.git"; rev = "v${version}"; - hash = "sha256-icHZtv25QvJEv0DlELT3cDxho3Oz2BJAMNKr5W4bshk="; + hash = "sha256-x0Im9m9MoACJhQKorMI34YQ+/bd62NdAPc2nWwaJAvM="; }; outputs = [ "out" "dev" "doc" ]; - patches = [ - (fetchpatch { - # https://git.libcamera.org/libcamera/libcamera.git/commit/?id=6cb92b523bd60bd7718df134cc5b1eff51cf42e5 - name = "libcamera-sphinx7.0-compat.patch"; - url = "https://git.libcamera.org/libcamera/libcamera.git/patch/?id=6cb92b523bd60bd7718df134cc5b1eff51cf42e5"; - hash = "sha256-gs0EiT3gWlmRjDim+o2C0VmnoWqEouP5pNTD4XbNSdE="; - }) - ]; - postPatch = '' patchShebangs utils/ ''; @@ -69,7 +63,7 @@ stdenv.mkDerivation rec { libyaml gtest - ]; + ] ++ lib.optionals withQcam [ libtiff qt5.qtbase qt5.qttools ]; nativeBuildInputs = [ meson @@ -83,22 +77,22 @@ stdenv.mkDerivation rec { graphviz doxygen openssl - ]; + ] ++ lib.optional withQcam qt5.wrapQtAppsHook; mesonFlags = [ "-Dv4l2=true" - "-Dqcam=disabled" + "-Dqcam=${if withQcam then "enabled" else "disabled"}" "-Dlc-compliance=disabled" # tries unconditionally to download gtest when enabled # Avoid blanket -Werror to evade build failures on less # tested compilers. "-Dwerror=false" - ]; + ]; # Fixes error on a deprecated declaration env.NIX_CFLAGS_COMPILE = "-Wno-error=deprecated-declarations"; # Silence fontconfig warnings about missing config - FONTCONFIG_FILE = makeFontsConf { fontDirectories = []; }; + FONTCONFIG_FILE = makeFontsConf { fontDirectories = [ ]; }; # libcamera signs the IPA module libraries at install time, but they are then # modified by stripping and RPATH fixup. Therefore, we need to generate the diff --git a/pkgs/by-name/ti/tinycompress/package.nix b/pkgs/by-name/ti/tinycompress/package.nix index 96b82bc696fc..b6002c0205b0 100644 --- a/pkgs/by-name/ti/tinycompress/package.nix +++ b/pkgs/by-name/ti/tinycompress/package.nix @@ -5,11 +5,11 @@ stdenv.mkDerivation rec { pname = "tinycompress"; - version = "1.2.8"; + version = "1.2.11"; src = fetchurl { url = "mirror://alsa/tinycompress/${pname}-${version}.tar.bz2"; - hash = "sha256-L4l+URLNO8pnkLXOz9puBmLIvF7g+6uXKyR6DMYg1mw="; + hash = "sha256-6754jCgyjnzKJFqvkZSlrQ3JHp4NyIPCz5/rbULJ8/w="; }; meta = with lib; { diff --git a/pkgs/data/misc/publicsuffix-list/default.nix b/pkgs/data/misc/publicsuffix-list/default.nix index d5608036b5e3..b2c69dff1091 100644 --- a/pkgs/data/misc/publicsuffix-list/default.nix +++ b/pkgs/data/misc/publicsuffix-list/default.nix @@ -2,13 +2,13 @@ stdenvNoCC.mkDerivation { pname = "publicsuffix-list"; - version = "unstable-2023-02-16"; + version = "0-unstable-2024-01-07"; src = fetchFromGitHub { owner = "publicsuffix"; repo = "list"; - rev = "8ec4d3049fe139f92937b6137155c33b81dcaf18"; - hash = "sha256-wA8zk0iADFNP33veIf+Mfx22zdMzHsMNWEizMp1SnuA="; + rev = "5db9b65997e3c9230ac4353b01994c2ae9667cb9"; + hash = "sha256-kIJVS2ETAXQa1MMG8cjRUSFUn+jm9jBWH8go3L+lqHE="; }; dontBuild = true; diff --git a/pkgs/data/misc/tzdata/default.nix b/pkgs/data/misc/tzdata/default.nix index b90a560045bb..3d40384132cb 100644 --- a/pkgs/data/misc/tzdata/default.nix +++ b/pkgs/data/misc/tzdata/default.nix @@ -1,17 +1,17 @@ { lib, stdenv, fetchurl, buildPackages }: -stdenv.mkDerivation rec { +stdenv.mkDerivation (finalAttrs: { pname = "tzdata"; - version = "2023d"; + version = "2024a"; srcs = [ (fetchurl { - url = "https://data.iana.org/time-zones/releases/tzdata${version}.tar.gz"; - hash = "sha256-28ohlwsKi4wM7O7B17kfqQO+D27KWucytTKWciMqCPM="; + url = "https://data.iana.org/time-zones/releases/tzdata${finalAttrs.version}.tar.gz"; + hash = "sha256-DQQ0RZrL0gWaeo2h8zBKhKhlkfbtacYkj/+lArbt/+M="; }) (fetchurl { - url = "https://data.iana.org/time-zones/releases/tzcode${version}.tar.gz"; - hash = "sha256-6aX54RiIbS3pK2K7BVEKKMxsBY15HJO9a4TTKSw8Fh4="; + url = "https://data.iana.org/time-zones/releases/tzcode${finalAttrs.version}.tar.gz"; + hash = "sha256-gAcolK3/WkWPHRQ+FuTKHYsqEiycU5naSCy2jLpqH/g="; }) ]; @@ -25,14 +25,14 @@ stdenv.mkDerivation rec { propagatedBuildOutputs = [ ]; makeFlags = [ - "TOPDIR=$(out)" - "TZDIR=$(out)/share/zoneinfo" - "BINDIR=$(bin)/bin" - "ZICDIR=$(bin)/bin" + "TOPDIR=${placeholder "out"}" + "TZDIR=${placeholder "out"}/share/zoneinfo" + "BINDIR=${placeholder "bin"}/bin" + "ZICDIR=${placeholder "bin"}/bin" "ETCDIR=$(TMPDIR)/etc" "TZDEFAULT=tzdefault-to-remove" - "LIBDIR=$(dev)/lib" - "MANDIR=$(man)/share/man" + "LIBDIR=${placeholder "dev"}/lib" + "MANDIR=${placeholder "man"}/share/man" "AWK=awk" "CFLAGS=-DHAVE_LINK=0" "CFLAGS+=-DZIC_BLOAT_DEFAULT=\\\"fat\\\"" @@ -45,7 +45,9 @@ stdenv.mkDerivation rec { "CFLAGS+=-DRESERVE_STD_EXT_IDS" ]; - doCheck = false; # needs more tools + doCheck = true; + # everything except for check_web, because that needs curl and wants to talk to https://validator.w3.org + checkTarget = "check_back check_character_set check_white_space check_links check_name_lengths check_now check_slashed_abbrs check_sorted check_tables check_ziguard check_zishrink check_tzs"; installFlags = lib.optionals (stdenv.buildPlatform != stdenv.hostPlatform) [ "zic=${buildPackages.tzdata.bin}/bin/zic" @@ -70,7 +72,7 @@ stdenv.mkDerivation rec { meta = with lib; { homepage = "http://www.iana.org/time-zones"; description = "Database of current and historical time zones"; - changelog = "https://github.com/eggert/tz/blob/${version}/NEWS"; + changelog = "https://github.com/eggert/tz/blob/${finalAttrs.version}/NEWS"; license = with licenses; [ bsd3 # tzcode publicDomain # tzdata @@ -78,4 +80,4 @@ stdenv.mkDerivation rec { platforms = platforms.all; maintainers = with maintainers; [ ajs124 fpletz ]; }; -} +}) diff --git a/pkgs/development/compilers/gcc/default.nix b/pkgs/development/compilers/gcc/default.nix index e0ca04a13878..53bc057a5b25 100644 --- a/pkgs/development/compilers/gcc/default.nix +++ b/pkgs/development/compilers/gcc/default.nix @@ -407,6 +407,7 @@ lib.pipe ((callFile ./common/builder.nix {}) ({ inherit langC langCC langObjC langObjCpp langAda langFortran langGo langD langJava version; isGNU = true; hardeningUnsupportedFlags = lib.optional is48 "stackprotector" + ++ lib.optional (!atLeast11) "zerocallusedregs" ++ lib.optional (!atLeast12) "fortify3" ++ lib.optionals (langFortran) [ "fortify" "format" ]; }; diff --git a/pkgs/development/compilers/llvm/10/clang/default.nix b/pkgs/development/compilers/llvm/10/clang/default.nix new file mode 100644 index 000000000000..747e7cf1a551 --- /dev/null +++ b/pkgs/development/compilers/llvm/10/clang/default.nix @@ -0,0 +1,133 @@ +{ lib, stdenv, llvm_meta, fetch, substituteAll, cmake, libxml2, libllvm, version, clang-tools-extra_src, python3 +, buildLlvmTools +, fixDarwinDylibNames +, enableManpages ? false +}: + +let + self = stdenv.mkDerivation ({ + pname = "clang"; + inherit version; + + src = fetch "clang" "091bvcny2lh32zy8f3m9viayyhb2zannrndni7325rl85cwgr6pr"; + + unpackPhase = '' + unpackFile $src + mv clang-${version}* clang + sourceRoot=$PWD/clang + unpackFile ${clang-tools-extra_src} + mv clang-tools-extra-* $sourceRoot/tools/extra + ''; + + nativeBuildInputs = [ cmake python3 ] + ++ lib.optional enableManpages python3.pkgs.sphinx + ++ lib.optional stdenv.hostPlatform.isDarwin fixDarwinDylibNames; + + buildInputs = [ libxml2 libllvm ]; + + cmakeFlags = [ + "-DCLANGD_BUILD_XPC=OFF" + "-DLLVM_ENABLE_RTTI=ON" + ] ++ lib.optionals enableManpages [ + "-DCLANG_INCLUDE_DOCS=ON" + "-DLLVM_ENABLE_SPHINX=ON" + "-DSPHINX_OUTPUT_MAN=ON" + "-DSPHINX_OUTPUT_HTML=OFF" + "-DSPHINX_WARNINGS_AS_ERRORS=OFF" + ] ++ lib.optionals (stdenv.hostPlatform != stdenv.buildPlatform) [ + "-DLLVM_TABLEGEN_EXE=${buildLlvmTools.llvm}/bin/llvm-tblgen" + "-DCLANG_TABLEGEN=${buildLlvmTools.libclang.dev}/bin/clang-tblgen" + ]; + + patches = [ + ./purity.patch + # https://reviews.llvm.org/D51899 + ./compiler-rt-baremetal.patch + ./gnu-install-dirs.patch + (substituteAll { + src = ../../clang-6-10-LLVMgold-path.patch; + libllvmLibdir = "${libllvm.lib}/lib"; + }) + ]; + + postPatch = '' + sed -i -e 's/DriverArgs.hasArg(options::OPT_nostdlibinc)/true/' \ + -e 's/Args.hasArg(options::OPT_nostdlibinc)/true/' \ + lib/Driver/ToolChains/*.cpp + '' + lib.optionalString stdenv.hostPlatform.isMusl '' + sed -i -e 's/lgcc_s/lgcc_eh/' lib/Driver/ToolChains/*.cpp + '' + lib.optionalString stdenv.hostPlatform.isDarwin '' + substituteInPlace tools/extra/clangd/CMakeLists.txt \ + --replace "NOT HAVE_CXX_ATOMICS64_WITHOUT_LIB" FALSE + ''; + + outputs = [ "out" "lib" "dev" "python" ]; + + postInstall = '' + ln -sv $out/bin/clang $out/bin/cpp + + # Move libclang to 'lib' output + moveToOutput "lib/libclang.*" "$lib" + moveToOutput "lib/libclang-cpp.*" "$lib" + substituteInPlace $out/lib/cmake/clang/ClangTargets-release.cmake \ + --replace "\''${_IMPORT_PREFIX}/lib/libclang." "$lib/lib/libclang." \ + --replace "\''${_IMPORT_PREFIX}/lib/libclang-cpp." "$lib/lib/libclang-cpp." + + mkdir -p $python/bin $python/share/{clang,scan-view} + mv $out/bin/{git-clang-format,scan-view} $python/bin + if [ -e $out/bin/set-xcode-analyzer ]; then + mv $out/bin/set-xcode-analyzer $python/bin + fi + mv $out/share/clang/*.py $python/share/clang + mv $out/share/scan-view/*.py $python/share/scan-view + rm $out/bin/c-index-test + patchShebangs $python/bin + + mkdir -p $dev/bin + cp bin/clang-tblgen $dev/bin + ''; + + passthru = { + inherit libllvm; + isClang = true; + hardeningUnsupportedFlags = [ "fortify3" "zerocallusedregs" ]; + }; + + meta = llvm_meta // { + homepage = "https://clang.llvm.org/"; + description = "A C language family frontend for LLVM"; + longDescription = '' + The Clang project provides a language front-end and tooling + infrastructure for languages in the C language family (C, C++, Objective + C/C++, OpenCL, CUDA, and RenderScript) for the LLVM project. + It aims to deliver amazingly fast compiles, extremely useful error and + warning messages and to provide a platform for building great source + level tools. The Clang Static Analyzer and clang-tidy are tools that + automatically find bugs in your code, and are great examples of the sort + of tools that can be built using the Clang frontend as a library to + parse C/C++ code. + ''; + mainProgram = "clang"; + }; + } // lib.optionalAttrs enableManpages { + pname = "clang-manpages"; + + buildPhase = '' + make docs-clang-man + ''; + + installPhase = '' + mkdir -p $out/share/man/man1 + # Manually install clang manpage + cp docs/man/*.1 $out/share/man/man1/ + ''; + + outputs = [ "out" ]; + + doCheck = false; + + meta = llvm_meta // { + description = "man page for Clang ${version}"; + }; + }); +in self diff --git a/pkgs/development/compilers/llvm/11/clang/default.nix b/pkgs/development/compilers/llvm/11/clang/default.nix index 0e61930f1c0e..5ddecd1f47e9 100644 --- a/pkgs/development/compilers/llvm/11/clang/default.nix +++ b/pkgs/development/compilers/llvm/11/clang/default.nix @@ -95,7 +95,7 @@ let passthru = { inherit libllvm; isClang = true; - hardeningUnsupportedFlags = [ "fortify3" ]; + hardeningUnsupportedFlags = [ "fortify3" "zerocallusedregs" ]; }; meta = llvm_meta // { diff --git a/pkgs/development/compilers/llvm/12/clang/default.nix b/pkgs/development/compilers/llvm/12/clang/default.nix index c46776d38ac3..28f976a26bdb 100644 --- a/pkgs/development/compilers/llvm/12/clang/default.nix +++ b/pkgs/development/compilers/llvm/12/clang/default.nix @@ -89,7 +89,7 @@ let passthru = { inherit libllvm; isClang = true; - hardeningUnsupportedFlags = [ "fortify3" ]; + hardeningUnsupportedFlags = [ "fortify3" "zerocallusedregs" ]; }; meta = llvm_meta // { diff --git a/pkgs/development/compilers/llvm/13/clang/default.nix b/pkgs/development/compilers/llvm/13/clang/default.nix index 6604ae0efc3f..7673c903e71c 100644 --- a/pkgs/development/compilers/llvm/13/clang/default.nix +++ b/pkgs/development/compilers/llvm/13/clang/default.nix @@ -83,7 +83,7 @@ let passthru = { inherit libllvm; isClang = true; - hardeningUnsupportedFlags = [ "fortify3" ]; + hardeningUnsupportedFlags = [ "fortify3" "zerocallusedregs" ]; }; meta = llvm_meta // { diff --git a/pkgs/development/compilers/llvm/14/clang/default.nix b/pkgs/development/compilers/llvm/14/clang/default.nix index 9f0da7a9f46c..f63f55cfa546 100644 --- a/pkgs/development/compilers/llvm/14/clang/default.nix +++ b/pkgs/development/compilers/llvm/14/clang/default.nix @@ -86,7 +86,7 @@ let passthru = { inherit libllvm; isClang = true; - hardeningUnsupportedFlags = [ "fortify3" ]; + hardeningUnsupportedFlags = [ "fortify3" "zerocallusedregs" ]; }; meta = llvm_meta // { diff --git a/pkgs/development/compilers/llvm/15/clang/default.nix b/pkgs/development/compilers/llvm/15/clang/default.nix index c49d6368cb97..9ec15a393004 100644 --- a/pkgs/development/compilers/llvm/15/clang/default.nix +++ b/pkgs/development/compilers/llvm/15/clang/default.nix @@ -7,7 +7,7 @@ }: let - self = stdenv.mkDerivation (rec { + self = stdenv.mkDerivation (finalAttrs: rec { pname = "clang"; inherit version; @@ -97,7 +97,12 @@ let passthru = { inherit libllvm; isClang = true; - hardeningUnsupportedFlags = [ "fortify3" ]; + hardeningUnsupportedFlags = [ + "fortify3" + ]; + hardeningUnsupportedFlagsByTargetPlatform = targetPlatform: + lib.optional (!(targetPlatform.isx86_64 || targetPlatform.isAarch64)) "zerocallusedregs" + ++ (finalAttrs.passthru.hardeningUnsupportedFlags or []); }; meta = llvm_meta // { diff --git a/pkgs/development/compilers/llvm/16/clang/default.nix b/pkgs/development/compilers/llvm/16/clang/default.nix index 5f28e810f603..43c497b92761 100644 --- a/pkgs/development/compilers/llvm/16/clang/default.nix +++ b/pkgs/development/compilers/llvm/16/clang/default.nix @@ -7,7 +7,7 @@ }: let - self = stdenv.mkDerivation (rec { + self = stdenv.mkDerivation (finalAttrs: rec { pname = "clang"; inherit version; @@ -91,7 +91,12 @@ let passthru = { inherit libllvm; isClang = true; - hardeningUnsupportedFlags = [ "fortify3" ]; + hardeningUnsupportedFlags = [ + "fortify3" + ]; + hardeningUnsupportedFlagsByTargetPlatform = targetPlatform: + lib.optional (!(targetPlatform.isx86_64 || targetPlatform.isAarch64)) "zerocallusedregs" + ++ (finalAttrs.passthru.hardeningUnsupportedFlags or []); }; meta = llvm_meta // { diff --git a/pkgs/development/compilers/llvm/17/clang/default.nix b/pkgs/development/compilers/llvm/17/clang/default.nix index 3184437830a2..f2f114233c28 100644 --- a/pkgs/development/compilers/llvm/17/clang/default.nix +++ b/pkgs/development/compilers/llvm/17/clang/default.nix @@ -7,7 +7,7 @@ }: let - self = stdenv.mkDerivation (rec { + self = stdenv.mkDerivation (finalAttrs: rec { pname = "clang"; inherit version; @@ -95,7 +95,12 @@ let passthru = { inherit libllvm; isClang = true; - hardeningUnsupportedFlags = [ "fortify3" ]; + hardeningUnsupportedFlags = [ + "fortify3" + ]; + hardeningUnsupportedFlagsByTargetPlatform = targetPlatform: + lib.optional (!(targetPlatform.isx86_64 || targetPlatform.isAarch64)) "zerocallusedregs" + ++ (finalAttrs.passthru.hardeningUnsupportedFlags or []); }; meta = llvm_meta // { diff --git a/pkgs/development/compilers/llvm/8/clang/default.nix b/pkgs/development/compilers/llvm/8/clang/default.nix new file mode 100644 index 000000000000..36b09df19c68 --- /dev/null +++ b/pkgs/development/compilers/llvm/8/clang/default.nix @@ -0,0 +1,145 @@ +{ lib, stdenv, llvm_meta, fetch, substituteAll, cmake, libxml2, libllvm, version, clang-tools-extra_src, python3 +, buildLlvmTools +, fixDarwinDylibNames +, enableManpages ? false +, enablePolly ? false # TODO: get this info from llvm (passthru?) +}: + +let + self = stdenv.mkDerivation ({ + pname = "clang"; + inherit version; + + src = fetch "cfe" "0ihnbdl058gvl2wdy45p5am55bq8ifx8m9mhcsgj9ax8yxlzvvvh"; + + unpackPhase = '' + unpackFile $src + mv cfe-${version}* clang + sourceRoot=$PWD/clang + unpackFile ${clang-tools-extra_src} + mv clang-tools-extra-* $sourceRoot/tools/extra + ''; + + nativeBuildInputs = [ cmake python3 ] + ++ lib.optional enableManpages python3.pkgs.sphinx + ++ lib.optional stdenv.hostPlatform.isDarwin fixDarwinDylibNames; + + buildInputs = [ libxml2 libllvm ]; + + cmakeFlags = [ + "-DCMAKE_CXX_FLAGS=-std=c++11" + "-DCLANGD_BUILD_XPC=OFF" + "-DLLVM_ENABLE_RTTI=ON" + ] ++ lib.optionals enableManpages [ + "-DCLANG_INCLUDE_DOCS=ON" + "-DLLVM_ENABLE_SPHINX=ON" + "-DSPHINX_OUTPUT_MAN=ON" + "-DSPHINX_OUTPUT_HTML=OFF" + "-DSPHINX_WARNINGS_AS_ERRORS=OFF" + ] ++ lib.optionals (stdenv.hostPlatform != stdenv.buildPlatform) [ + "-DLLVM_TABLEGEN_EXE=${buildLlvmTools.llvm}/bin/llvm-tblgen" + "-DCLANG_TABLEGEN=${buildLlvmTools.libclang.dev}/bin/clang-tblgen" + ] ++ lib.optionals enablePolly [ + "-DWITH_POLLY=ON" + "-DLINK_POLLY_INTO_TOOLS=ON" + ]; + + patches = [ + ../../common/clang/5-8-purity.patch + ./xpc.patch + # Backport for -static-pie, which the latter touches, and which is nice in + # its own right. + ./static-pie.patch + # Backport for the `--unwindlib=[libgcc|compiler-rt]` flag, which is + # needed for our bootstrapping to not interfere with C. + ./unwindlib.patch + # https://reviews.llvm.org/D51899 + ./compiler-rt-baremetal.patch + # make clang -xhip use $PATH to find executables + ./HIP-use-PATH-8.patch + ./gnu-install-dirs.patch + (substituteAll { + src = ../../clang-6-10-LLVMgold-path.patch; + libllvmLibdir = "${libllvm.lib}/lib"; + }) + ]; + + postPatch = '' + sed -i -e 's/DriverArgs.hasArg(options::OPT_nostdlibinc)/true/' \ + -e 's/Args.hasArg(options::OPT_nostdlibinc)/true/' \ + lib/Driver/ToolChains/*.cpp + '' + lib.optionalString stdenv.hostPlatform.isMusl '' + sed -i -e 's/lgcc_s/lgcc_eh/' lib/Driver/ToolChains/*.cpp + '' + lib.optionalString stdenv.hostPlatform.isDarwin '' + substituteInPlace tools/extra/clangd/CMakeLists.txt \ + --replace "NOT HAVE_CXX_ATOMICS64_WITHOUT_LIB" FALSE + ''; + + outputs = [ "out" "lib" "dev" "python" ]; + + postInstall = '' + ln -sv $out/bin/clang $out/bin/cpp + + # Move libclang to 'lib' output + moveToOutput "lib/libclang.*" "$lib" + substituteInPlace $out/lib/cmake/clang/ClangTargets-release.cmake \ + --replace "\''${_IMPORT_PREFIX}/lib/libclang." "$lib/lib/libclang." + + mkdir -p $python/bin $python/share/{clang,scan-view} + mv $out/bin/{git-clang-format,scan-view} $python/bin + if [ -e $out/bin/set-xcode-analyzer ]; then + mv $out/bin/set-xcode-analyzer $python/bin + fi + mv $out/share/clang/*.py $python/share/clang + mv $out/share/scan-view/*.py $python/share/scan-view + rm $out/bin/c-index-test + patchShebangs $python/bin + + mkdir -p $dev/bin + cp bin/clang-tblgen $dev/bin + ''; + + passthru = { + inherit libllvm; + isClang = true; + hardeningUnsupportedFlags = [ "fortify3" "zerocallusedregs" ]; + }; + + meta = llvm_meta // { + homepage = "https://clang.llvm.org/"; + description = "A C language family frontend for LLVM"; + longDescription = '' + The Clang project provides a language front-end and tooling + infrastructure for languages in the C language family (C, C++, Objective + C/C++, OpenCL, CUDA, and RenderScript) for the LLVM project. + It aims to deliver amazingly fast compiles, extremely useful error and + warning messages and to provide a platform for building great source + level tools. The Clang Static Analyzer and clang-tidy are tools that + automatically find bugs in your code, and are great examples of the sort + of tools that can be built using the Clang frontend as a library to + parse C/C++ code. + ''; + mainProgram = "clang"; + }; + } // lib.optionalAttrs enableManpages { + pname = "clang-manpages"; + + buildPhase = '' + make docs-clang-man + ''; + + installPhase = '' + mkdir -p $out/share/man/man1 + # Manually install clang manpage + cp docs/man/*.1 $out/share/man/man1/ + ''; + + outputs = [ "out" ]; + + doCheck = false; + + meta = llvm_meta // { + description = "man page for Clang ${version}"; + }; + }); +in self diff --git a/pkgs/development/compilers/llvm/9/clang/default.nix b/pkgs/development/compilers/llvm/9/clang/default.nix index 75814fc11c48..e8a2a4bd0db1 100644 --- a/pkgs/development/compilers/llvm/9/clang/default.nix +++ b/pkgs/development/compilers/llvm/9/clang/default.nix @@ -97,7 +97,7 @@ let passthru = { inherit libllvm; isClang = true; - hardeningUnsupportedFlags = [ "fortify3" ]; + hardeningUnsupportedFlags = [ "fortify3" "zerocallusedregs" ]; }; meta = llvm_meta // { diff --git a/pkgs/development/compilers/llvm/git/clang/default.nix b/pkgs/development/compilers/llvm/git/clang/default.nix index fff39fa9cea0..eea346ef22ef 100644 --- a/pkgs/development/compilers/llvm/git/clang/default.nix +++ b/pkgs/development/compilers/llvm/git/clang/default.nix @@ -7,7 +7,7 @@ }: let - self = stdenv.mkDerivation (rec { + self = stdenv.mkDerivation (finalAttrs: rec { pname = "clang"; inherit version; @@ -96,7 +96,12 @@ let passthru = { inherit libllvm; isClang = true; - hardeningUnsupportedFlags = [ "fortify3" ]; + hardeningUnsupportedFlags = [ + "fortify3" + ]; + hardeningUnsupportedFlagsByTargetPlatform = targetPlatform: + lib.optional (!(targetPlatform.isx86_64 || targetPlatform.isAarch64)) "zerocallusedregs" + ++ (finalAttrs.passthru.hardeningUnsupportedFlags or []); }; meta = llvm_meta // { diff --git a/pkgs/development/interpreters/python/cpython/3.10/asyncio-deprecation.patch b/pkgs/development/interpreters/python/cpython/3.10/asyncio-deprecation.patch deleted file mode 100644 index 656e4eb6a4cb..000000000000 --- a/pkgs/development/interpreters/python/cpython/3.10/asyncio-deprecation.patch +++ /dev/null @@ -1,598 +0,0 @@ -REVERT https://github.com/python/cpython/commit/300d812fd1c4d9244e71de0d228cc72439d312a7 ---- b/Doc/library/asyncio-eventloop.rst -+++ a/Doc/library/asyncio-eventloop.rst -@@ -43,12 +43,10 @@ - - Get the current event loop. - -+ If there is no current event loop set in the current OS thread, -+ the OS thread is main, and :func:`set_event_loop` has not yet -+ been called, asyncio will create a new event loop and set it as the -+ current one. -- When called from a coroutine or a callback (e.g. scheduled with -- call_soon or similar API), this function will always return the -- running event loop. -- -- If there is no running event loop set, the function will return -- the result of ``get_event_loop_policy().get_event_loop()`` call. - - Because this function has rather complex behavior (especially - when custom event loop policies are in use), using the -@@ -60,14 +58,10 @@ - event loop. - - .. deprecated:: 3.10 -+ Emits a deprecation warning if there is no running event loop. -+ In future Python releases, this function may become an alias of -+ :func:`get_running_loop` and will accordingly raise a -+ :exc:`RuntimeError` if there is no running event loop. -- Deprecation warning is emitted if there is no current event loop. -- In Python 3.12 it will be an error. -- -- .. note:: -- In Python versions 3.10.0--3.10.8 this function -- (and other functions which used it implicitly) emitted a -- :exc:`DeprecationWarning` if there was no running event loop, even if -- the current loop was set. - - .. function:: set_event_loop(loop) - -reverted: ---- b/Doc/library/asyncio-llapi-index.rst -+++ a/Doc/library/asyncio-llapi-index.rst -@@ -19,7 +19,7 @@ - - The **preferred** function to get the running event loop. - - * - :func:`asyncio.get_event_loop` -+ - Get an event loop instance (current or via the policy). -- - Get an event loop instance (running or current via the current policy). - - * - :func:`asyncio.set_event_loop` - - Set the event loop as current via the current policy. -reverted: ---- b/Doc/library/asyncio-policy.rst -+++ a/Doc/library/asyncio-policy.rst -@@ -112,11 +112,6 @@ - - On Windows, :class:`ProactorEventLoop` is now used by default. - -- .. deprecated:: 3.10.9 -- :meth:`get_event_loop` now emits a :exc:`DeprecationWarning` if there -- is no current event loop set and a new event loop has been implicitly -- created. In Python 3.12 it will be an error. -- - - .. class:: WindowsSelectorEventLoopPolicy - -reverted: ---- b/Lib/asyncio/events.py -+++ a/Lib/asyncio/events.py -@@ -650,21 +650,6 @@ - if (self._local._loop is None and - not self._local._set_called and - threading.current_thread() is threading.main_thread()): -- stacklevel = 2 -- try: -- f = sys._getframe(1) -- except AttributeError: -- pass -- else: -- while f: -- module = f.f_globals.get('__name__') -- if not (module == 'asyncio' or module.startswith('asyncio.')): -- break -- f = f.f_back -- stacklevel += 1 -- import warnings -- warnings.warn('There is no current event loop', -- DeprecationWarning, stacklevel=stacklevel) - self.set_event_loop(self.new_event_loop()) - - if self._local._loop is None: -@@ -778,13 +763,12 @@ - - - def _get_event_loop(stacklevel=3): -- # This internal method is going away in Python 3.12, left here only for -- # backwards compatibility with 3.10.0 - 3.10.8 and 3.11.0. -- # Similarly, this method's C equivalent in _asyncio is going away as well. -- # See GH-99949 for more details. - current_loop = _get_running_loop() - if current_loop is not None: - return current_loop -+ import warnings -+ warnings.warn('There is no current event loop', -+ DeprecationWarning, stacklevel=stacklevel) - return get_event_loop_policy().get_event_loop() - - -reverted: ---- b/Lib/test/test_asyncio/test_base_events.py -+++ a/Lib/test/test_asyncio/test_base_events.py -@@ -752,7 +752,7 @@ - def test_env_var_debug(self): - code = '\n'.join(( - 'import asyncio', -+ 'loop = asyncio.get_event_loop()', -- 'loop = asyncio.new_event_loop()', - 'print(loop.get_debug())')) - - # Test with -E to not fail if the unit test was run with -reverted: ---- b/Lib/test/test_asyncio/test_events.py -+++ a/Lib/test/test_asyncio/test_events.py -@@ -2561,9 +2561,8 @@ - def test_get_event_loop(self): - policy = asyncio.DefaultEventLoopPolicy() - self.assertIsNone(policy._local._loop) -+ -+ loop = policy.get_event_loop() -- with self.assertWarns(DeprecationWarning) as cm: -- loop = policy.get_event_loop() -- self.assertEqual(cm.filename, __file__) - self.assertIsInstance(loop, asyncio.AbstractEventLoop) - - self.assertIs(policy._local._loop, loop) -@@ -2577,10 +2576,7 @@ - policy, "set_event_loop", - wraps=policy.set_event_loop) as m_set_event_loop: - -+ loop = policy.get_event_loop() -- with self.assertWarns(DeprecationWarning) as cm: -- loop = policy.get_event_loop() -- self.addCleanup(loop.close) -- self.assertEqual(cm.filename, __file__) - - # policy._local._loop must be set through .set_event_loop() - # (the unix DefaultEventLoopPolicy needs this call to attach -@@ -2614,8 +2610,7 @@ - - def test_set_event_loop(self): - policy = asyncio.DefaultEventLoopPolicy() -+ old_loop = policy.get_event_loop() -- old_loop = policy.new_event_loop() -- policy.set_event_loop(old_loop) - - self.assertRaises(AssertionError, policy.set_event_loop, object()) - -@@ -2728,11 +2723,15 @@ - asyncio.set_event_loop_policy(Policy()) - loop = asyncio.new_event_loop() - -+ with self.assertWarns(DeprecationWarning) as cm: -+ with self.assertRaises(TestError): -+ asyncio.get_event_loop() -+ self.assertEqual(cm.warnings[0].filename, __file__) -- with self.assertRaises(TestError): -- asyncio.get_event_loop() - asyncio.set_event_loop(None) -+ with self.assertWarns(DeprecationWarning) as cm: -+ with self.assertRaises(TestError): -+ asyncio.get_event_loop() -+ self.assertEqual(cm.warnings[0].filename, __file__) -- with self.assertRaises(TestError): -- asyncio.get_event_loop() - - with self.assertRaisesRegex(RuntimeError, 'no running'): - asyncio.get_running_loop() -@@ -2746,11 +2745,16 @@ - loop.run_until_complete(func()) - - asyncio.set_event_loop(loop) -+ with self.assertWarns(DeprecationWarning) as cm: -+ with self.assertRaises(TestError): -+ asyncio.get_event_loop() -+ self.assertEqual(cm.warnings[0].filename, __file__) -+ -- with self.assertRaises(TestError): -- asyncio.get_event_loop() - asyncio.set_event_loop(None) -+ with self.assertWarns(DeprecationWarning) as cm: -+ with self.assertRaises(TestError): -+ asyncio.get_event_loop() -+ self.assertEqual(cm.warnings[0].filename, __file__) -- with self.assertRaises(TestError): -- asyncio.get_event_loop() - - finally: - asyncio.set_event_loop_policy(old_policy) -@@ -2774,8 +2778,10 @@ - self.addCleanup(loop2.close) - self.assertEqual(cm.warnings[0].filename, __file__) - asyncio.set_event_loop(None) -+ with self.assertWarns(DeprecationWarning) as cm: -+ with self.assertRaisesRegex(RuntimeError, 'no current'): -+ asyncio.get_event_loop() -+ self.assertEqual(cm.warnings[0].filename, __file__) -- with self.assertRaisesRegex(RuntimeError, 'no current'): -- asyncio.get_event_loop() - - with self.assertRaisesRegex(RuntimeError, 'no running'): - asyncio.get_running_loop() -@@ -2789,11 +2795,15 @@ - loop.run_until_complete(func()) - - asyncio.set_event_loop(loop) -+ with self.assertWarns(DeprecationWarning) as cm: -+ self.assertIs(asyncio.get_event_loop(), loop) -+ self.assertEqual(cm.warnings[0].filename, __file__) -- self.assertIs(asyncio.get_event_loop(), loop) - - asyncio.set_event_loop(None) -+ with self.assertWarns(DeprecationWarning) as cm: -+ with self.assertRaisesRegex(RuntimeError, 'no current'): -+ asyncio.get_event_loop() -+ self.assertEqual(cm.warnings[0].filename, __file__) -- with self.assertRaisesRegex(RuntimeError, 'no current'): -- asyncio.get_event_loop() - - finally: - asyncio.set_event_loop_policy(old_policy) -reverted: ---- b/Lib/test/test_asyncio/test_futures.py -+++ a/Lib/test/test_asyncio/test_futures.py -@@ -145,8 +145,10 @@ - self.assertTrue(f.cancelled()) - - def test_constructor_without_loop(self): -+ with self.assertWarns(DeprecationWarning) as cm: -+ with self.assertRaisesRegex(RuntimeError, 'There is no current event loop'): -+ self._new_future() -+ self.assertEqual(cm.warnings[0].filename, __file__) -- with self.assertRaisesRegex(RuntimeError, 'no current event loop'): -- self._new_future() - - def test_constructor_use_running_loop(self): - async def test(): -@@ -156,10 +158,12 @@ - self.assertIs(f.get_loop(), self.loop) - - def test_constructor_use_global_loop(self): -+ # Deprecated in 3.10 -- # Deprecated in 3.10, undeprecated in 3.11.1 - asyncio.set_event_loop(self.loop) - self.addCleanup(asyncio.set_event_loop, None) -+ with self.assertWarns(DeprecationWarning) as cm: -+ f = self._new_future() -+ self.assertEqual(cm.warnings[0].filename, __file__) -- f = self._new_future() - self.assertIs(f._loop, self.loop) - self.assertIs(f.get_loop(), self.loop) - -@@ -495,8 +499,10 @@ - return (arg, threading.get_ident()) - ex = concurrent.futures.ThreadPoolExecutor(1) - f1 = ex.submit(run, 'oi') -+ with self.assertWarns(DeprecationWarning) as cm: -+ with self.assertRaises(RuntimeError): -+ asyncio.wrap_future(f1) -+ self.assertEqual(cm.warnings[0].filename, __file__) -- with self.assertRaisesRegex(RuntimeError, 'no current event loop'): -- asyncio.wrap_future(f1) - ex.shutdown(wait=True) - - def test_wrap_future_use_running_loop(self): -@@ -511,14 +517,16 @@ - ex.shutdown(wait=True) - - def test_wrap_future_use_global_loop(self): -+ # Deprecated in 3.10 -- # Deprecated in 3.10, undeprecated in 3.11.1 - asyncio.set_event_loop(self.loop) - self.addCleanup(asyncio.set_event_loop, None) - def run(arg): - return (arg, threading.get_ident()) - ex = concurrent.futures.ThreadPoolExecutor(1) - f1 = ex.submit(run, 'oi') -+ with self.assertWarns(DeprecationWarning) as cm: -+ f2 = asyncio.wrap_future(f1) -+ self.assertEqual(cm.warnings[0].filename, __file__) -- f2 = asyncio.wrap_future(f1) - self.assertIs(self.loop, f2._loop) - ex.shutdown(wait=True) - -reverted: ---- b/Lib/test/test_asyncio/test_streams.py -+++ a/Lib/test/test_asyncio/test_streams.py -@@ -747,8 +747,10 @@ - self.assertEqual(data, b'data') - - def test_streamreader_constructor_without_loop(self): -+ with self.assertWarns(DeprecationWarning) as cm: -+ with self.assertRaisesRegex(RuntimeError, 'There is no current event loop'): -+ asyncio.StreamReader() -+ self.assertEqual(cm.warnings[0].filename, __file__) -- with self.assertRaisesRegex(RuntimeError, 'no current event loop'): -- asyncio.StreamReader() - - def test_streamreader_constructor_use_running_loop(self): - # asyncio issue #184: Ensure that StreamReaderProtocol constructor -@@ -762,17 +764,21 @@ - def test_streamreader_constructor_use_global_loop(self): - # asyncio issue #184: Ensure that StreamReaderProtocol constructor - # retrieves the current loop if the loop parameter is not set -+ # Deprecated in 3.10 -- # Deprecated in 3.10, undeprecated in 3.11.1 - self.addCleanup(asyncio.set_event_loop, None) - asyncio.set_event_loop(self.loop) -+ with self.assertWarns(DeprecationWarning) as cm: -+ reader = asyncio.StreamReader() -+ self.assertEqual(cm.warnings[0].filename, __file__) -- reader = asyncio.StreamReader() - self.assertIs(reader._loop, self.loop) - - - def test_streamreaderprotocol_constructor_without_loop(self): - reader = mock.Mock() -+ with self.assertWarns(DeprecationWarning) as cm: -+ with self.assertRaisesRegex(RuntimeError, 'There is no current event loop'): -+ asyncio.StreamReaderProtocol(reader) -+ self.assertEqual(cm.warnings[0].filename, __file__) -- with self.assertRaisesRegex(RuntimeError, 'no current event loop'): -- asyncio.StreamReaderProtocol(reader) - - def test_streamreaderprotocol_constructor_use_running_loop(self): - # asyncio issue #184: Ensure that StreamReaderProtocol constructor -@@ -786,11 +792,13 @@ - def test_streamreaderprotocol_constructor_use_global_loop(self): - # asyncio issue #184: Ensure that StreamReaderProtocol constructor - # retrieves the current loop if the loop parameter is not set -+ # Deprecated in 3.10 -- # Deprecated in 3.10, undeprecated in 3.11.1 - self.addCleanup(asyncio.set_event_loop, None) - asyncio.set_event_loop(self.loop) - reader = mock.Mock() -+ with self.assertWarns(DeprecationWarning) as cm: -+ protocol = asyncio.StreamReaderProtocol(reader) -+ self.assertEqual(cm.warnings[0].filename, __file__) -- protocol = asyncio.StreamReaderProtocol(reader) - self.assertIs(protocol._loop, self.loop) - - def test_multiple_drain(self): -reverted: ---- b/Lib/test/test_asyncio/test_tasks.py -+++ a/Lib/test/test_asyncio/test_tasks.py -@@ -210,8 +210,10 @@ - - a = notmuch() - self.addCleanup(a.close) -+ with self.assertWarns(DeprecationWarning) as cm: -+ with self.assertRaisesRegex(RuntimeError, 'There is no current event loop'): -+ asyncio.ensure_future(a) -+ self.assertEqual(cm.warnings[0].filename, __file__) -- with self.assertRaisesRegex(RuntimeError, 'no current event loop'): -- asyncio.ensure_future(a) - - async def test(): - return asyncio.ensure_future(notmuch()) -@@ -221,10 +223,12 @@ - self.assertTrue(t.done()) - self.assertEqual(t.result(), 'ok') - -+ # Deprecated in 3.10 -- # Deprecated in 3.10.0, undeprecated in 3.10.9 - asyncio.set_event_loop(self.loop) - self.addCleanup(asyncio.set_event_loop, None) -+ with self.assertWarns(DeprecationWarning) as cm: -+ t = asyncio.ensure_future(notmuch()) -+ self.assertEqual(cm.warnings[0].filename, __file__) -- t = asyncio.ensure_future(notmuch()) - self.assertIs(t._loop, self.loop) - self.loop.run_until_complete(t) - self.assertTrue(t.done()) -@@ -243,8 +247,10 @@ - - a = notmuch() - self.addCleanup(a.close) -+ with self.assertWarns(DeprecationWarning) as cm: -+ with self.assertRaisesRegex(RuntimeError, 'There is no current event loop'): -+ asyncio.ensure_future(a) -+ self.assertEqual(cm.warnings[0].filename, __file__) -- with self.assertRaisesRegex(RuntimeError, 'There is no current event loop'): -- asyncio.ensure_future(a) - - async def test(): - return asyncio.ensure_future(notmuch()) -@@ -254,10 +260,12 @@ - self.assertTrue(t.done()) - self.assertEqual(t.result(), 'ok') - -+ # Deprecated in 3.10 -- # Deprecated in 3.10.0, undeprecated in 3.10.9 - asyncio.set_event_loop(self.loop) - self.addCleanup(asyncio.set_event_loop, None) -+ with self.assertWarns(DeprecationWarning) as cm: -+ t = asyncio.ensure_future(notmuch()) -+ self.assertEqual(cm.warnings[0].filename, __file__) -- t = asyncio.ensure_future(notmuch()) - self.assertIs(t._loop, self.loop) - self.loop.run_until_complete(t) - self.assertTrue(t.done()) -@@ -1480,8 +1488,10 @@ - self.addCleanup(a.close) - - futs = asyncio.as_completed([a]) -+ with self.assertWarns(DeprecationWarning) as cm: -+ with self.assertRaisesRegex(RuntimeError, 'There is no current event loop'): -+ list(futs) -+ self.assertEqual(cm.warnings[0].filename, __file__) -- with self.assertRaisesRegex(RuntimeError, 'no current event loop'): -- list(futs) - - def test_as_completed_coroutine_use_running_loop(self): - loop = self.new_test_loop() -@@ -1497,14 +1507,17 @@ - loop.run_until_complete(test()) - - def test_as_completed_coroutine_use_global_loop(self): -+ # Deprecated in 3.10 -- # Deprecated in 3.10.0, undeprecated in 3.10.9 - async def coro(): - return 42 - - loop = self.new_test_loop() - asyncio.set_event_loop(loop) - self.addCleanup(asyncio.set_event_loop, None) -+ futs = asyncio.as_completed([coro()]) -+ with self.assertWarns(DeprecationWarning) as cm: -+ futs = list(futs) -+ self.assertEqual(cm.warnings[0].filename, __file__) -- futs = list(asyncio.as_completed([coro()])) - self.assertEqual(len(futs), 1) - self.assertEqual(loop.run_until_complete(futs[0]), 42) - -@@ -1974,8 +1987,10 @@ - - inner = coro() - self.addCleanup(inner.close) -+ with self.assertWarns(DeprecationWarning) as cm: -+ with self.assertRaisesRegex(RuntimeError, 'There is no current event loop'): -+ asyncio.shield(inner) -+ self.assertEqual(cm.warnings[0].filename, __file__) -- with self.assertRaisesRegex(RuntimeError, 'no current event loop'): -- asyncio.shield(inner) - - def test_shield_coroutine_use_running_loop(self): - async def coro(): -@@ -1989,13 +2004,15 @@ - self.assertEqual(res, 42) - - def test_shield_coroutine_use_global_loop(self): -+ # Deprecated in 3.10 -- # Deprecated in 3.10.0, undeprecated in 3.10.9 - async def coro(): - return 42 - - asyncio.set_event_loop(self.loop) - self.addCleanup(asyncio.set_event_loop, None) -+ with self.assertWarns(DeprecationWarning) as cm: -+ outer = asyncio.shield(coro()) -+ self.assertEqual(cm.warnings[0].filename, __file__) -- outer = asyncio.shield(coro()) - self.assertEqual(outer._loop, self.loop) - res = self.loop.run_until_complete(outer) - self.assertEqual(res, 42) -@@ -2933,7 +2950,7 @@ - self.assertIsNone(asyncio.current_task(loop=self.loop)) - - def test_current_task_no_running_loop_implicit(self): -+ with self.assertRaises(RuntimeError): -- with self.assertRaisesRegex(RuntimeError, 'no running event loop'): - asyncio.current_task() - - def test_current_task_with_implicit_loop(self): -@@ -3097,8 +3114,10 @@ - return asyncio.gather(*args, **kwargs) - - def test_constructor_empty_sequence_without_loop(self): -+ with self.assertWarns(DeprecationWarning) as cm: -+ with self.assertRaises(RuntimeError): -+ asyncio.gather() -+ self.assertEqual(cm.warnings[0].filename, __file__) -- with self.assertRaisesRegex(RuntimeError, 'no current event loop'): -- asyncio.gather() - - def test_constructor_empty_sequence_use_running_loop(self): - async def gather(): -@@ -3111,10 +3130,12 @@ - self.assertEqual(fut.result(), []) - - def test_constructor_empty_sequence_use_global_loop(self): -+ # Deprecated in 3.10 -- # Deprecated in 3.10.0, undeprecated in 3.10.9 - asyncio.set_event_loop(self.one_loop) - self.addCleanup(asyncio.set_event_loop, None) -+ with self.assertWarns(DeprecationWarning) as cm: -+ fut = asyncio.gather() -+ self.assertEqual(cm.warnings[0].filename, __file__) -- fut = asyncio.gather() - self.assertIsInstance(fut, asyncio.Future) - self.assertIs(fut._loop, self.one_loop) - self._run_loop(self.one_loop) -@@ -3202,8 +3223,10 @@ - self.addCleanup(gen1.close) - gen2 = coro() - self.addCleanup(gen2.close) -+ with self.assertWarns(DeprecationWarning) as cm: -+ with self.assertRaises(RuntimeError): -+ asyncio.gather(gen1, gen2) -+ self.assertEqual(cm.warnings[0].filename, __file__) -- with self.assertRaisesRegex(RuntimeError, 'no current event loop'): -- asyncio.gather(gen1, gen2) - - def test_constructor_use_running_loop(self): - async def coro(): -@@ -3217,14 +3240,16 @@ - self.one_loop.run_until_complete(fut) - - def test_constructor_use_global_loop(self): -+ # Deprecated in 3.10 -- # Deprecated in 3.10.0, undeprecated in 3.10.9 - async def coro(): - return 'abc' - asyncio.set_event_loop(self.other_loop) - self.addCleanup(asyncio.set_event_loop, None) - gen1 = coro() - gen2 = coro() -+ with self.assertWarns(DeprecationWarning) as cm: -+ fut = asyncio.gather(gen1, gen2) -+ self.assertEqual(cm.warnings[0].filename, __file__) -- fut = asyncio.gather(gen1, gen2) - self.assertIs(fut._loop, self.other_loop) - self.other_loop.run_until_complete(fut) - -reverted: ---- b/Lib/test/test_asyncio/test_unix_events.py -+++ a/Lib/test/test_asyncio/test_unix_events.py -@@ -1740,8 +1740,7 @@ - - def test_child_watcher_replace_mainloop_existing(self): - policy = self.create_policy() -+ loop = policy.get_event_loop() -- loop = policy.new_event_loop() -- policy.set_event_loop(loop) - - # Explicitly setup SafeChildWatcher, - # default ThreadedChildWatcher has no _loop property -reverted: ---- b/Lib/test/test_coroutines.py -+++ a/Lib/test/test_coroutines.py -@@ -2319,8 +2319,7 @@ - def test_unawaited_warning_during_shutdown(self): - code = ("import asyncio\n" - "async def f(): pass\n" -+ "asyncio.gather(f())\n") -- "async def t(): asyncio.gather(f())\n" -- "asyncio.run(t())\n") - assert_python_ok("-c", code) - - code = ("import sys\n" -reverted: ---- b/Modules/_asynciomodule.c -+++ a/Modules/_asynciomodule.c -@@ -332,6 +332,13 @@ - return loop; - } - -+ if (PyErr_WarnEx(PyExc_DeprecationWarning, -+ "There is no current event loop", -+ stacklevel)) -+ { -+ return NULL; -+ } -+ - policy = PyObject_CallNoArgs(asyncio_get_event_loop_policy); - if (policy == NULL) { - return NULL; -@@ -3085,11 +3092,6 @@ - return get_event_loop(1); - } - --// This internal method is going away in Python 3.12, left here only for --// backwards compatibility with 3.10.0 - 3.10.8 and 3.11.0. --// Similarly, this method's Python equivalent in asyncio.events is going --// away as well. --// See GH-99949 for more details. - /*[clinic input] - _asyncio._get_event_loop - stacklevel: int = 3 diff --git a/pkgs/development/interpreters/python/cpython/default.nix b/pkgs/development/interpreters/python/cpython/default.nix index 8e13ed51bc74..1eea842871fc 100644 --- a/pkgs/development/interpreters/python/cpython/default.nix +++ b/pkgs/development/interpreters/python/cpython/default.nix @@ -1,40 +1,55 @@ -{ lib, stdenv, fetchurl, fetchpatch, fetchgit +{ lib +, stdenv +, fetchurl +, fetchpatch +, fetchgit + +# build dependencies +, autoconf-archive +, autoreconfHook +, nukeReferences +, pkg-config +, python-setup-hook + +# runtime dependencies , bzip2 , expat , libffi -, gdbm -, xz -, mailcap, mimetypesSupport ? true +, libxcrypt +, mpdecimal , ncurses , openssl -, openssl_legacy -, readline , sqlite -, tcl ? null, tk ? null, tix ? null, libX11 ? null, xorgproto ? null, x11Support ? false -, bluez ? null, bluezSupport ? false +, xz , zlib -, tzdata ? null -, libxcrypt -, self + +# platform-specific dependencies +, bash , configd , darwin , windows -, autoreconfHook -, autoconf-archive -, pkg-config -, python-setup-hook -, nukeReferences -# For the Python package set -, packageOverrides ? (self: super: {}) + +# optional dependencies +, bluezSupport ? false, bluez +, mimetypesSupport ? true, mailcap +, tzdata +, withGdbm ? !stdenv.hostPlatform.isWindows, gdbm +, withReadline ? !stdenv.hostPlatform.isWindows, readline +, x11Support ? false, tcl, tk, tix, libX11, xorgproto + +# splicing/cross +, pythonAttr ? "python${sourceVersion.major}${sourceVersion.minor}" +, self , pkgsBuildBuild , pkgsBuildHost , pkgsBuildTarget , pkgsHostHost , pkgsTargetTarget + +# build customization , sourceVersion , hash , passthruFun -, bash , stripConfig ? false , stripIdlelib ? false , stripTests ? false @@ -44,21 +59,28 @@ , includeSiteCustomize ? true , static ? stdenv.hostPlatform.isStatic , enableFramework ? false +, noldconfigPatch ? ./. + "/${sourceVersion.major}.${sourceVersion.minor}/no-ldconfig.patch" + +# pgo (not reproducible) + -fno-semantic-interposition +# https://docs.python.org/3/using/configure.html#cmdoption-enable-optimizations , enableOptimizations ? false -# these dont build for windows -, withGdbm ? !stdenv.hostPlatform.isWindows -, withReadline ? !stdenv.hostPlatform.isWindows -# enableNoSemanticInterposition is a subset of the enableOptimizations flag that doesn't harm reproducibility. -# clang starts supporting `-fno-sematic-interposition` with version 10 -, enableNoSemanticInterposition ? (!stdenv.cc.isClang || (stdenv.cc.isClang && lib.versionAtLeast stdenv.cc.version "10")) -# enableLTO is a subset of the enableOptimizations flag that doesn't harm reproducibility. + +# improves performance, but remains reproducible +, enableNoSemanticInterposition ? true + # enabling LTO on 32bit arch causes downstream packages to fail when linking # enabling LTO on *-darwin causes python3 to fail when linking. , enableLTO ? stdenv.is64bit && stdenv.isLinux + +# enable asserts to ensure the build remains reproducible , reproducibleBuild ? false -, pythonAttr ? "python${sourceVersion.major}${sourceVersion.minor}" -, noldconfigPatch ? ./. + "/${sourceVersion.major}.${sourceVersion.minor}/no-ldconfig.patch" + +# for the Python package set +, packageOverrides ? (self: super: {}) + +# tests , testers + } @ inputs: # Note: this package is used for bootstrapping fetchurl, and thus @@ -73,7 +95,11 @@ assert x11Support -> tcl != null assert bluezSupport -> bluez != null; -assert enableFramework -> stdenv.isDarwin; +assert lib.assertMsg (bluezSupport -> stdenv.isLinux) + "Bluez support is only available on Linux."; + +assert lib.assertMsg (enableFramework -> stdenv.isDarwin) + "Framework builds are only supported on Darwin."; assert lib.assertMsg (reproducibleBuild -> stripBytecode) "Deterministic builds require stripping bytecode."; @@ -84,18 +110,21 @@ assert lib.assertMsg (reproducibleBuild -> (!enableOptimizations)) assert lib.assertMsg (reproducibleBuild -> (!rebuildBytecode)) "Deterministic builds are not achieved when (default unoptimized) bytecode is created."; -with lib; - let - # some python packages need legacy ciphers, so we're using openssl 3, but with that config - # null check for Minimal - openssl' = if openssl != null then openssl_legacy else null; + inherit (lib) + concatMapStringsSep + concatStringsSep + getDev + getLib + optionals + optionalString + replaceStrings + versionOlder + ; buildPackages = pkgsBuildHost; inherit (passthru) pythonOnBuildForHost; - inherit (darwin.apple_sdk.frameworks) Cocoa; - tzdataSupport = tzdata != null && passthru.pythonAtLeast "3.9"; passthru = let @@ -119,12 +148,12 @@ let version = with sourceVersion; "${major}.${minor}.${patch}${suffix}"; - nativeBuildInputs = optionals (!stdenv.isDarwin) [ + nativeBuildInputs = [ + nukeReferences + ] ++ optionals (!stdenv.isDarwin) [ + autoconf-archive # needed for AX_CHECK_COMPILE_FLAG autoreconfHook pkg-config - autoconf-archive # needed for AX_CHECK_COMPILE_FLAG - ] ++ [ - nukeReferences ] ++ optionals (stdenv.hostPlatform != stdenv.buildPlatform) [ buildPackages.stdenv.cc pythonOnBuildForHost @@ -132,19 +161,38 @@ let stdenv.cc.cc.libllvm.out ]; - buildInputs = filter (p: p != null) ([ - zlib bzip2 expat xz libffi libxcrypt ] - ++ optional withGdbm gdbm - ++ [ sqlite ] - ++ optional withReadline readline - ++ [ ncurses openssl' ] - ++ optionals x11Support [ tcl tk libX11 xorgproto ] - ++ optionals (bluezSupport && stdenv.isLinux) [ bluez ] - ++ optionals stdenv.isDarwin [ configd ]) - - ++ optionals enableFramework [ Cocoa ] - ++ optionals stdenv.hostPlatform.isMinGW [ windows.mingw_w64_pthreads windows.dlfcn ] - ++ optionals tzdataSupport [ tzdata ]; # `zoneinfo` module + buildInputs = lib.filter (p: p != null) ([ + bzip2 + expat + libffi + libxcrypt + mpdecimal + ncurses + openssl + sqlite + xz + zlib + ] ++ optionals bluezSupport [ + bluez + ] ++ optionals enableFramework [ + darwin.apple_sdk.frameworks.Cocoa + ] ++ optionals stdenv.hostPlatform.isMinGW [ + windows.dlfcn + windows.mingw_w64_pthreads + ] ++ optionals stdenv.isDarwin [ + configd + ] ++ optionals tzdataSupport [ + tzdata + ] ++ optionals withGdbm [ + gdbm + ] ++ optionals withReadline [ + readline + ] ++ optionals x11Support [ + libX11 + tcl + tk + xorgproto + ]); hasDistutilsCxxPatch = !(stdenv.cc.isGNU or false); @@ -207,7 +255,7 @@ let pythonAbi = nixpkgsPythonAbiMappings.${parsed.abi.name} or parsed.abi.name; in # Python <3.11 doesn't distinguish musl and glibc and always prefixes with "gnu" - if lib.versionOlder version "3.11" then + if versionOlder version "3.11" then replaceStrings [ "musl" ] [ "gnu" ] pythonAbi else pythonAbi; @@ -238,29 +286,18 @@ in with passthru; stdenv.mkDerivation (finalAttrs: { inherit src version; inherit nativeBuildInputs; - buildInputs = lib.optionals (!stdenv.hostPlatform.isWindows) [ bash ] ++ buildInputs; # bash is only used for patchShebangs - + buildInputs = lib.optionals (!stdenv.hostPlatform.isWindows) [ + bash # only required for patchShebangs + ] ++ buildInputs; prePatch = optionalString stdenv.isDarwin '' - substituteInPlace configure --replace '`/usr/bin/arch`' '"i386"' + substituteInPlace configure --replace-fail '`/usr/bin/arch`' '"i386"' '' + optionalString (pythonOlder "3.9" && stdenv.isDarwin && x11Support) '' # Broken on >= 3.9; replaced with ./3.9/darwin-tcl-tk.patch - substituteInPlace setup.py --replace /Library/Frameworks /no-such-path + substituteInPlace setup.py --replace-fail /Library/Frameworks /no-such-path ''; - patches = optionals (version == "3.10.9") [ - # https://github.com/python/cpython/issues/100160 - ./3.10/asyncio-deprecation.patch - ] ++ optionals (version == "3.11.1") [ - # https://github.com/python/cpython/issues/100160 - (fetchpatch { - name = "asyncio-deprecation-3.11.patch"; - url = "https://github.com/python/cpython/commit/3fae04b10e2655a20a3aadb5e0d63e87206d0c67.diff"; - revert = true; - excludes = [ "Misc/NEWS.d/*" ]; - hash = "sha256-PmkXf2D9trtW1gXZilRIWgdg2Y47JfELq1z4DuG3wJY="; - }) - ] ++ [ + patches = [ # Disable the use of ldconfig in ctypes.util.find_library (since # ldconfig doesn't work on NixOS), and don't use # ctypes.util.find_library during the loading of the uuid module @@ -282,7 +319,7 @@ in with passthru; stdenv.mkDerivation (finalAttrs: { ] ++ optionals (pythonAtLeast "3.9" && pythonOlder "3.11" && stdenv.isDarwin) [ # Stop checking for TCL/TK in global macOS locations ./3.9/darwin-tcl-tk.patch - ] ++ optionals (isPy3k && hasDistutilsCxxPatch && pythonOlder "3.12") [ + ] ++ optionals (hasDistutilsCxxPatch && pythonOlder "3.12") [ # Fix for http://bugs.python.org/issue1222585 # Upstream distutils is calling C compiler to compile C++ code, which # only works for GCC and Apple Clang. This makes distutils to call C++ @@ -323,12 +360,14 @@ in with passthru; stdenv.mkDerivation (finalAttrs: { postPatch = optionalString (!stdenv.hostPlatform.isWindows) '' substituteInPlace Lib/subprocess.py \ - --replace "'/bin/sh'" "'${bash}/bin/sh'" + --replace-fail "'/bin/sh'" "'${bash}/bin/sh'" '' + optionalString mimetypesSupport '' substituteInPlace Lib/mimetypes.py \ - --replace "@mime-types@" "${mailcap}" + --replace-fail "@mime-types@" "${mailcap}" '' + optionalString (pythonOlder "3.13" && x11Support && (tix != null)) '' - substituteInPlace "Lib/tkinter/tix.py" --replace "os.environ.get('TIX_LIBRARY')" "os.environ.get('TIX_LIBRARY') or '${tix}/lib'" + substituteInPlace "Lib/tkinter/tix.py" --replace-fail \ + "os.environ.get('TIX_LIBRARY')" \ + "os.environ.get('TIX_LIBRARY') or '${tix}/lib'" ''; env = { @@ -343,25 +382,30 @@ in with passthru; stdenv.mkDerivation (finalAttrs: { PYTHONHASHSEED=0; }; + # https://docs.python.org/3/using/configure.html configureFlags = [ "--without-ensurepip" "--with-system-expat" - "--with-system-ffi" + ] ++ optionals (!(stdenv.isDarwin && pythonAtLeast "3.12")) [ + # ./Modules/_decimal/_decimal.c:4673:6: error: "No valid combination of CONFIG_64, CONFIG_32 and _PyHASH_BITS" + # https://hydra.nixos.org/build/248410479/nixlog/2/tail + "--with-system-libmpdec" + ] ++ optionals (openssl != null) [ + "--with-openssl=${openssl.dev}" + ] ++ optionals tzdataSupport [ + "--with-tzpath=${tzdata}/share/zoneinfo" + ] ++ optionals (execSuffix != "") [ + "--with-suffix=${execSuffix}" + ] ++ optionals enableLTO [ + "--with-lto" ] ++ optionals (!static && !enableFramework) [ "--enable-shared" ] ++ optionals enableFramework [ "--enable-framework=${placeholder "out"}/Library/Frameworks" ] ++ optionals enableOptimizations [ "--enable-optimizations" - ] ++ optionals enableLTO [ - "--with-lto" - ] ++ optionals (pythonOlder "3.7") [ - # This is unconditionally true starting in CPython 3.7. - "--with-threads" - ] ++ optionals (sqlite != null && isPy3k) [ + ] ++ optionals (sqlite != null) [ "--enable-loadable-sqlite-extensions" - ] ++ optionals (openssl' != null) [ - "--with-openssl=${openssl'.dev}" ] ++ optionals (libxcrypt != null) [ "CFLAGS=-I${libxcrypt}/include" "LIBS=-L${libxcrypt}/lib" @@ -393,14 +437,14 @@ in with passthru; stdenv.mkDerivation (finalAttrs: { # Never even try to use lchmod on linux, # don't rely on detecting glibc-isms. "ac_cv_func_lchmod=no" - ] ++ optionals tzdataSupport [ - "--with-tzpath=${tzdata}/share/zoneinfo" - ] ++ optional static "LDFLAGS=-static" - ++ optional (execSuffix != "") "--with-suffix=${execSuffix}"; + ] ++ optionals static [ + "LDFLAGS=-static" + ]; preConfigure = optionalString (pythonOlder "3.12") '' - for i in /usr /sw /opt /pkg; do # improve purity - substituteInPlace ./setup.py --replace $i /no-such-path + # Improve purity + for path in /usr /sw /opt /pkg; do + substituteInPlace ./setup.py --replace-warn $path /no-such-path done '' + optionalString stdenv.isDarwin '' # Override the auto-detection in setup.py, which assumes a universal build @@ -408,10 +452,6 @@ in with passthru; stdenv.mkDerivation (finalAttrs: { '' + optionalString (stdenv.isDarwin && x11Support && pythonAtLeast "3.11") '' export TCLTK_LIBS="-L${tcl}/lib -L${tk}/lib -l${tcl.libPrefix} -l${tk.libPrefix}" export TCLTK_CFLAGS="-I${tcl}/include -I${tk}/include" - '' + optionalString (isPy3k && pythonOlder "3.7") '' - # Determinism: The interpreter is patched to write null timestamps when compiling Python files - # so Python doesn't try to update the bytecode when seeing frozen timestamps in Nix's store. - export DETERMINISTIC_BUILD=1; '' + optionalString stdenv.hostPlatform.isMusl '' export NIX_CFLAGS_COMPILE+=" -DTHREAD_STACK_SIZE=0x100000" '' + @@ -482,9 +522,6 @@ in with passthru; stdenv.mkDerivation (finalAttrs: { # This allows build Python to import host Python's sysconfigdata mkdir -p "$out/${sitePackages}" ln -s "$out/lib/${libPrefix}/"_sysconfigdata*.py "$out/${sitePackages}/" - '' + lib.optionalString (pythonOlder "3.8") '' - # This is gone in Python >= 3.8 - ln -s "$out/include/${executable}m" "$out/include/${executable}" '' + optionalString stripConfig '' rm -R $out/bin/python*-config $out/lib/python*/config-* '' + optionalString stripIdlelib '' @@ -498,7 +535,6 @@ in with passthru; stdenv.mkDerivation (finalAttrs: { '' + optionalString includeSiteCustomize '' # Include a sitecustomize.py file cp ${../sitecustomize.py} $out/${sitePackages}/sitecustomize.py - '' + optionalString stripBytecode '' # Determinism: deterministic bytecode # First we delete all old bytecode. @@ -556,9 +592,9 @@ in with passthru; stdenv.mkDerivation (finalAttrs: { # Enforce that we don't have references to the OpenSSL -dev package, which we # explicitly specify in our configure flags above. - disallowedReferences = - lib.optionals (openssl' != null && !static && !enableFramework) [ openssl'.dev ] - ++ lib.optionals (stdenv.hostPlatform != stdenv.buildPlatform) [ + disallowedReferences = lib.optionals (openssl != null && !static && !enableFramework) [ + openssl.dev + ] ++ lib.optionals (stdenv.hostPlatform != stdenv.buildPlatform) [ # Ensure we don't have references to build-time packages. # These typically end up in shebangs. pythonOnBuildForHost buildPackages.bash @@ -591,11 +627,11 @@ in with passthru; stdenv.mkDerivation (finalAttrs: { enableParallelBuilding = true; - meta = { + meta = with lib; { homepage = "https://www.python.org"; changelog = let - majorMinor = lib.versions.majorMinor version; - dashedVersion = lib.replaceStrings [ "." "a" ] [ "-" "-alpha-" ] version; + majorMinor = versions.majorMinor version; + dashedVersion = replaceStrings [ "." "a" ] [ "-" "-alpha-" ] version; in if sourceVersion.suffix == "" then "https://docs.python.org/release/${version}/whatsnew/changelog.html" diff --git a/pkgs/development/interpreters/python/default.nix b/pkgs/development/interpreters/python/default.nix index 7f60ba036c5f..1322673c1bc6 100644 --- a/pkgs/development/interpreters/python/default.nix +++ b/pkgs/development/interpreters/python/default.nix @@ -16,16 +16,6 @@ passthruFun = import ./passthrufun.nix args; sources = { - python310 = { - sourceVersion = { - major = "3"; - minor = "10"; - patch = "13"; - suffix = ""; - }; - hash = "sha256-XIiEhmhkDT4VKzW0U27xwjsspL0slX7x7LsFP1cd0/Y="; - }; - python311 = { sourceVersion = { major = "3"; @@ -78,11 +68,18 @@ in { inherit passthruFun; }; - python310 = callPackage ./cpython ({ + python310 = callPackage ./cpython { self = __splicedPackages.python310; + sourceVersion = { + major = "3"; + minor = "10"; + patch = "13"; + suffix = ""; + }; + hash = "sha256-XIiEhmhkDT4VKzW0U27xwjsspL0slX7x7LsFP1cd0/Y="; inherit (darwin) configd; inherit passthruFun; - } // sources.python310); + }; python311 = callPackage ./cpython ({ self = __splicedPackages.python311; @@ -125,8 +122,8 @@ in { readline = null; ncurses = null; gdbm = null; - sqlite = null; configd = null; + sqlite = null; tzdata = null; libffi = libffiBoot; # without test suite stripConfig = true; diff --git a/pkgs/development/interpreters/wamr/default.nix b/pkgs/development/interpreters/wamr/default.nix index d1d0796f5e97..34a60c320bcb 100644 --- a/pkgs/development/interpreters/wamr/default.nix +++ b/pkgs/development/interpreters/wamr/default.nix @@ -18,7 +18,7 @@ stdenv.mkDerivation (finalAttrs: { nativeBuildInputs = [ cmake ]; cmakeFlags = lib.optionals stdenv.isDarwin [ - "-DCMAKE_OSX_DEPLOYMENT_TARGET=${stdenv.targetPlatform.darwinSdkVersion}" + "-DCMAKE_OSX_DEPLOYMENT_TARGET=${stdenv.hostPlatform.darwinSdkVersion}" ]; sourceRoot = let diff --git a/pkgs/development/libraries/acl/LFS64.patch b/pkgs/development/libraries/acl/LFS64.patch deleted file mode 100644 index dee951f4121e..000000000000 --- a/pkgs/development/libraries/acl/LFS64.patch +++ /dev/null @@ -1,38 +0,0 @@ -From 2b42f64737adf6a2ddd491213580d6e9cdd2f5af Mon Sep 17 00:00:00 2001 -From: Khem Raj <raj.khem@gmail.com> -Date: Thu, 10 Nov 2022 18:04:15 -0800 -Subject: chacl: Use portable version of dirent and readdir - -Using 64bit versions on 32bit architectures should be enabled with ---enable-largefile, this makes it portable across musl and glibc - -Signed-off-by: Khem Raj <raj.khem@gmail.com> ---- - tools/chacl.c | 4 ++-- - 1 file changed, 2 insertions(+), 2 deletions(-) - -diff --git a/tools/chacl.c b/tools/chacl.c -index 525a7ff..8fff875 100644 ---- a/tools/chacl.c -+++ b/tools/chacl.c -@@ -320,7 +320,7 @@ walk_dir(acl_t acl, acl_t dacl, const char *fname) - { - int failed = 0; - DIR *dir; -- struct dirent64 *d; -+ struct dirent *d; - char *name; - - if ((dir = opendir(fname)) == NULL) { -@@ -332,7 +332,7 @@ walk_dir(acl_t acl, acl_t dacl, const char *fname) - return(0); /* got a file, not an error */ - } - -- while ((d = readdir64(dir)) != NULL) { -+ while ((d = readdir(dir)) != NULL) { - /* skip "." and ".." entries */ - if (strcmp(d->d_name, ".") == 0 || strcmp(d->d_name, "..") == 0) - continue; --- -cgit v1.1 - diff --git a/pkgs/development/libraries/acl/default.nix b/pkgs/development/libraries/acl/default.nix index eccfef568e9c..7d8a04a2f0a9 100644 --- a/pkgs/development/libraries/acl/default.nix +++ b/pkgs/development/libraries/acl/default.nix @@ -7,31 +7,19 @@ stdenv.mkDerivation rec { pname = "acl"; - version = "2.3.1"; + version = "2.3.2"; src = fetchurl { url = "mirror://savannah/acl/acl-${version}.tar.gz"; - sha256 = "sha256-dgxhxokBs3/dXu/ur0wMeia9/disdHoe3/HODiQ8Ea8="; + hash = "sha256-XyvbrWKXB6p9hcYj+ZSqih0t7FWnPeUgW6wL9gWKL3w="; }; - patches = [ - ./LFS64.patch - ]; - outputs = [ "bin" "dev" "out" "man" "doc" ]; nativeBuildInputs = [ gettext ]; buildInputs = [ attr ]; - # causes failures in coreutils test suite - hardeningDisable = [ "fortify3" ]; - - # Upstream use C++-style comments in C code. Remove them. - # This comment breaks compilation if too strict gcc flags are used. postPatch = '' - echo "Removing C++-style comments from include/acl.h" - sed -e '/^\/\//d' -i include/acl.h - patchShebangs . ''; diff --git a/pkgs/development/libraries/at-spi2-core/default.nix b/pkgs/development/libraries/at-spi2-core/default.nix index 7af9edd26865..271c54ea97fa 100644 --- a/pkgs/development/libraries/at-spi2-core/default.nix +++ b/pkgs/development/libraries/at-spi2-core/default.nix @@ -26,6 +26,7 @@ stdenv.mkDerivation rec { version = "2.50.0"; outputs = [ "out" "dev" ]; + separateDebugInfo = true; src = fetchurl { url = "mirror://gnome/sources/${pname}/${lib.versions.majorMinor version}/${pname}-${version}.tar.xz"; diff --git a/pkgs/development/libraries/attr/default.nix b/pkgs/development/libraries/attr/default.nix index 4ad1525c2e09..4815497da14f 100644 --- a/pkgs/development/libraries/attr/default.nix +++ b/pkgs/development/libraries/attr/default.nix @@ -7,11 +7,11 @@ stdenv.mkDerivation rec { pname = "attr"; - version = "2.5.1"; + version = "2.5.2"; src = fetchurl { url = "mirror://savannah/attr/${pname}-${version}.tar.gz"; - sha256 = "1y6sibbkrcjygv8naadnsg6xmsqwfh6cwrqk01l0v2i5kfacdqds"; + sha256 = "sha256-Ob9nRS+kHQlIwhl2AQU/SLPXigKTiXNDMqYwmmgMbIc="; }; outputs = [ "bin" "dev" "out" "man" "doc" ]; diff --git a/pkgs/development/libraries/audio/lilv/default.nix b/pkgs/development/libraries/audio/lilv/default.nix index 3c691c245ce5..c17b27a7aa6f 100644 --- a/pkgs/development/libraries/audio/lilv/default.nix +++ b/pkgs/development/libraries/audio/lilv/default.nix @@ -18,13 +18,13 @@ stdenv.mkDerivation rec { pname = "lilv"; - version = "0.24.22"; + version = "0.24.24"; outputs = [ "out" "dev" "man" ]; src = fetchurl { url = "https://download.drobilla.net/${pname}-${version}.tar.xz"; - hash = "sha256-dvlJ0OWfyDNjQJtexeFcEEb7fdZYnTwbkgzsH9Kfn/M="; + hash = "sha256-a7a+n4hQQXbQZC8S3oCbK54txVYhporbjH7bma76u08="; }; nativeBuildInputs = [ meson ninja pkg-config python3 ]; diff --git a/pkgs/development/libraries/boehm-gc/default.nix b/pkgs/development/libraries/boehm-gc/default.nix index e37eb26deb38..6da88ee8258f 100644 --- a/pkgs/development/libraries/boehm-gc/default.nix +++ b/pkgs/development/libraries/boehm-gc/default.nix @@ -1,7 +1,8 @@ { lib , stdenv -, fetchurl -# doc: https://github.com/ivmai/bdwgc/blob/v8.2.2/doc/README.macros (LARGE_CONFIG) +, fetchFromGitHub +, autoreconfHook +# doc: https://github.com/ivmai/bdwgc/blob/v8.2.4/doc/README.macros (LARGE_CONFIG) , enableLargeConfig ? false , enableMmap ? true , enableStatic ? false @@ -10,19 +11,22 @@ stdenv.mkDerivation (finalAttrs: { pname = "boehm-gc"; - version = "8.2.2"; + version = "8.2.4"; - src = fetchurl { - urls = [ - # "https://www.hboehm.info/gc/gc_source/gc-${finalAttrs.version}.tar.gz" - "https://github.com/ivmai/bdwgc/releases/download/v${finalAttrs.version}/gc-${finalAttrs.version}.tar.gz" - ]; - sha256 = "sha256-8wEHvLBi4JIKeQ//+lbZUSNIVGhZNkwjoUviZLOINqA="; + src = fetchFromGitHub { + owner = "ivmai"; + repo = "bdwgc"; + rev = "v${finalAttrs.version}"; + hash = "sha256-KHijT4BBKfDvTpHpwognN+3ZXoC6JabBTFSYFyOUT9o="; }; outputs = [ "out" "dev" "doc" ]; separateDebugInfo = stdenv.isLinux && stdenv.hostPlatform.libc != "musl"; + nativeBuildInputs = [ + autoreconfHook + ]; + configureFlags = [ "--enable-cplusplus" "--with-libatomic-ops=none" @@ -38,7 +42,7 @@ stdenv.mkDerivation (finalAttrs: { # not fix the problem the test failure will be a reminder to # extend the set of versions requiring the workaround). makeFlags = lib.optionals (stdenv.hostPlatform.isPower64 && - finalAttrs.version == "8.2.2") + finalAttrs.version == "8.2.4") [ # do not use /proc primitives to track dirty bits; see: # https://github.com/ivmai/bdwgc/issues/479#issuecomment-1279687537 diff --git a/pkgs/development/libraries/dav1d/default.nix b/pkgs/development/libraries/dav1d/default.nix index 670f568e0b6a..4e48536fa3af 100644 --- a/pkgs/development/libraries/dav1d/default.nix +++ b/pkgs/development/libraries/dav1d/default.nix @@ -26,13 +26,13 @@ assert useVulkan -> withExamples; stdenv.mkDerivation rec { pname = "dav1d"; - version = "1.2.1"; + version = "1.3.0"; src = fetchFromGitHub { owner = "videolan"; repo = pname; rev = version; - hash = "sha256-RrEim3HXXjx2RUU7K3wPH3QbhNTRN9ZX/oAcyE9aV8I="; + hash = "sha256-c7Dur+0HpteI7KkR9oo3WynoH/FCRaBwZA7bJmPDJp8="; }; outputs = [ "out" "dev" ]; diff --git a/pkgs/development/libraries/dbus-cplusplus/default.nix b/pkgs/development/libraries/dbus-cplusplus/default.nix index 2452f3e8f35c..310016363253 100644 --- a/pkgs/development/libraries/dbus-cplusplus/default.nix +++ b/pkgs/development/libraries/dbus-cplusplus/default.nix @@ -32,7 +32,6 @@ stdenv.mkDerivation rec { url = "https://src.fedoraproject.org/rpms/dbus-c++/raw/9f515ace0594c8b2b9f0d41ffe71bc5b78d30eee/f/dbus-c++-template-operators.patch"; hash = "sha256-B8S7z/YH2YEQgaRsBJBBVTx8vHQhHW7z171TZmogpL8="; }) - ] ++ lib.optionals stdenv.hostPlatform.isMusl [ (fetchpatch { name = "0001-src-eventloop.cpp-use-portable-method-for-initializi.patch"; url = "https://github.com/openembedded/meta-openembedded/raw/119e75e48dbf0539b4e440417901458ffff79b38/meta-oe/recipes-core/dbus/libdbus-c++-0.9.0/0001-src-eventloop.cpp-use-portable-method-for-initializi.patch"; diff --git a/pkgs/development/libraries/enchant/2.x.nix b/pkgs/development/libraries/enchant/2.x.nix index c843fef4a0ef..10d9a4106bb9 100644 --- a/pkgs/development/libraries/enchant/2.x.nix +++ b/pkgs/development/libraries/enchant/2.x.nix @@ -13,13 +13,13 @@ stdenv.mkDerivation rec { pname = "enchant"; - version = "2.6.3"; + version = "2.6.5"; outputs = [ "out" "dev" ]; src = fetchurl { url = "https://github.com/AbiWord/${pname}/releases/download/v${version}/${pname}-${version}.tar.gz"; - hash = "sha256-wcVxnypZfOPgbJOM+5n7aX2gk96nuFfMAE3B3PG7oYI="; + hash = "sha256-no/SjLZae22jVFh4pcL1KhXwPASTOl/0jbif6GhFco4="; }; strictDeps = true; diff --git a/pkgs/development/libraries/exempi/default.nix b/pkgs/development/libraries/exempi/default.nix index ac45084a74f9..2ebf1ce7cc91 100644 --- a/pkgs/development/libraries/exempi/default.nix +++ b/pkgs/development/libraries/exempi/default.nix @@ -2,11 +2,11 @@ stdenv.mkDerivation rec { pname = "exempi"; - version = "2.6.4"; + version = "2.6.5"; src = fetchurl { url = "https://libopenraw.freedesktop.org/download/${pname}-${version}.tar.bz2"; - sha256 = "sha256-p1FJyWth45zcsEb9XlbYjP7qtuCPiU4V6//ZlECSv9A="; + sha256 = "sha256-6fmj1Cv/c7XrD3fsIs0BY8PiGUnMQUrR8ZoEZd3kH/4="; }; configureFlags = [ diff --git a/pkgs/development/libraries/fdk-aac/default.nix b/pkgs/development/libraries/fdk-aac/default.nix index 99e211877da1..0b07b5704916 100644 --- a/pkgs/development/libraries/fdk-aac/default.nix +++ b/pkgs/development/libraries/fdk-aac/default.nix @@ -6,11 +6,11 @@ stdenv.mkDerivation rec { pname = "fdk-aac"; - version = "2.0.2"; + version = "2.0.3"; src = fetchurl { url = "mirror://sourceforge/opencore-amr/fdk-aac/${pname}-${version}.tar.gz"; - sha256 = "sha256-yehjDPnUM/POrXSQahUg0iI/ibzT+pJUhhAXRAuOsi8="; + sha256 = "sha256-gptrie7zgkCc2mhX/YKvhPq7Y0F7CO3p6npVP4Ect54="; }; outputs = [ "out" "dev" ]; diff --git a/pkgs/development/libraries/ffmpeg/generic.nix b/pkgs/development/libraries/ffmpeg/generic.nix index 0f5d88984566..89893d32ef5d 100644 --- a/pkgs/development/libraries/ffmpeg/generic.nix +++ b/pkgs/development/libraries/ffmpeg/generic.nix @@ -34,15 +34,17 @@ , withBzlib ? withHeadlessDeps , withCaca ? withFullDeps # Textual display (ASCII art) , withCelt ? withFullDeps # CELT decoder +, withChromaprint ? withFullDeps # Audio fingerprinting , withCuda ? withFullDeps && (with stdenv; (!isDarwin && !hostPlatform.isAarch && !hostPlatform.isRiscV)) , withCudaLLVM ? withFullDeps , withDav1d ? withHeadlessDeps # AV1 decoder (focused on speed and correctness) , withDc1394 ? withFullDeps && !stdenv.isDarwin # IIDC-1394 grabbing (ieee 1394) , withDrm ? withHeadlessDeps && (with stdenv; isLinux || isFreeBSD) # libdrm support , withFdkAac ? withFullDeps && withUnfree # Fraunhofer FDK AAC de/encoder +, withFlite ? withFullDeps # Voice Synthesis , withFontconfig ? withHeadlessDeps # Needed for drawtext filter , withFreetype ? withHeadlessDeps # Needed for drawtext filter -, withFrei0r ? withFullDeps # frei0r video filtering +, withFrei0r ? withFullDeps && withGPL # frei0r video filtering , withFribidi ? withFullDeps # Needed for drawtext filter , withGme ? withFullDeps # Game Music Emulator , withGnutls ? withHeadlessDeps @@ -50,7 +52,6 @@ , withIconv ? withHeadlessDeps , withJack ? withFullDeps && !stdenv.isDarwin # Jack audio , withLadspa ? withFullDeps # LADSPA audio filtering -, withLibplacebo ? withFullDeps && !stdenv.isDarwin # libplacebo video processing library , withLzma ? withHeadlessDeps # xz-utils , withMfx ? withFullDeps && (with stdenv.hostPlatform; isLinux && !isAarch) # Hardware acceleration via intel-media-sdk/libmfx , withModplug ? withFullDeps && !stdenv.isDarwin # ModPlug support @@ -61,16 +62,17 @@ , withOgg ? withHeadlessDeps # Ogg container used by vorbis & theora , withOpenal ? withFullDeps # OpenAL 1.1 capture support , withOpencl ? withFullDeps -, withOpencoreAmrnb ? withFullDeps # AMR-NB de/encoder & AMR-WB decoder +, withOpencoreAmrnb ? withFullDeps && withVersion3 # AMR-NB de/encoder & AMR-WB decoder , withOpengl ? false # OpenGL rendering , withOpenh264 ? withFullDeps # H.264/AVC encoder , withOpenjpeg ? withFullDeps # JPEG 2000 de/encoder , withOpenmpt ? withFullDeps # Tracked music files decoder , withOpus ? withHeadlessDeps # Opus de/encoder +, withPlacebo ? withFullDeps && !stdenv.isDarwin # libplacebo video processing library , withPulse ? withSmallDeps && !stdenv.isDarwin # Pulseaudio input support , withRav1e ? withFullDeps # AV1 encoder (focused on speed and safety) , withRtmp ? false # RTMP[E] support -, withSamba ? withFullDeps && !stdenv.isDarwin # Samba protocol +, withSamba ? withFullDeps && !stdenv.isDarwin && withGPLv3 # Samba protocol , withSdl2 ? withSmallDeps , withShaderc ? withFullDeps && !stdenv.isDarwin && lib.versionAtLeast version "5.0" , withSoxr ? withHeadlessDeps # Resampling via soxr @@ -85,23 +87,23 @@ , withV4l2M2m ? withV4l2 , withVaapi ? withHeadlessDeps && (with stdenv; isLinux || isFreeBSD) # Vaapi hardware acceleration , withVdpau ? withSmallDeps # Vdpau hardware acceleration -, withVidStab ? withFullDeps # Video stabilization -, withVmaf ? withFullDeps && withGPLv3 && !stdenv.isAarch64 && lib.versionAtLeast version "5" # Netflix's VMAF (Video Multi-Method Assessment Fusion) -, withVoAmrwbenc ? withFullDeps # AMR-WB encoder +, withVidStab ? withFullDeps && withGPL # Video stabilization +, withVmaf ? withFullDeps && !stdenv.isAarch64 && lib.versionAtLeast version "5" # Netflix's VMAF (Video Multi-Method Assessment Fusion) +, withVoAmrwbenc ? withFullDeps && withVersion3 # AMR-WB encoder , withVorbis ? withHeadlessDeps # Vorbis de/encoding, native encoder exists , withVpx ? withHeadlessDeps && stdenv.buildPlatform == stdenv.hostPlatform # VP8 & VP9 de/encoding , withVulkan ? withFullDeps && !stdenv.isDarwin , withWebp ? withFullDeps # WebP encoder -, withX264 ? withHeadlessDeps # H.264/AVC encoder -, withX265 ? withHeadlessDeps # H.265/HEVC encoder -, withXavs ? withFullDeps # AVS encoder +, withX264 ? withHeadlessDeps && withGPL # H.264/AVC encoder +, withX265 ? withHeadlessDeps && withGPL # H.265/HEVC encoder +, withXavs ? withFullDeps && withGPL # AVS encoder , withXcb ? withXcbShm || withXcbxfixes || withXcbShape # X11 grabbing using XCB , withXcbShape ? withFullDeps # X11 grabbing shape rendering , withXcbShm ? withFullDeps # X11 grabbing shm communication , withXcbxfixes ? withFullDeps # X11 grabbing mouse rendering , withXlib ? withFullDeps # Xlib support , withXml2 ? withFullDeps # libxml2 support, for IMF and DASH demuxers -, withXvid ? withHeadlessDeps # Xvid encoder, native encoder exists +, withXvid ? withHeadlessDeps && withGPL # Xvid encoder, native encoder exists , withZimg ? withHeadlessDeps , withZlib ? withHeadlessDeps , withZmq ? withFullDeps # Message passing @@ -110,7 +112,8 @@ * Licensing options (yes some are listed twice, filters and such are not listed) */ , withGPL ? true -, withGPLv3 ? true +, withVersion3 ? true # When withGPL is set this implies GPLv3 otherwise it is LGPLv3 +, withGPLv3 ? withGPL && withVersion3 , withUnfree ? false /* @@ -125,6 +128,11 @@ , withMultithread ? true # Multithreading via pthreads/win32 threads , withNetwork ? withHeadlessDeps # Network support , withPixelutils ? withHeadlessDeps # Pixel utils in libavutil +, withStatic ? stdenv.hostPlatform.isStatic +, withShared ? !stdenv.hostPlatform.isStatic +, withPic ? true +, withThumb ? false # On some ARM platforms + /* * Program options */ @@ -181,9 +189,11 @@ , alsa-lib , bzip2 , celt +, chromaprint , clang , dav1d , fdk_aac +, flite , fontconfig , freetype , frei0r @@ -301,8 +311,8 @@ assert lib.elem ffmpegVariant [ "headless" "small" "full" ]; /* * Licensing dependencies */ -assert withGPLv3 -> withGPL; -assert withUnfree -> withGPL && withGPLv3; +assert withGPLv3 -> withGPL && withVersion3; + /* * Build dependencies */ @@ -376,14 +386,15 @@ stdenv.mkDerivation (finalAttrs: { * Licensing flags */ (enableFeature withGPL "gpl") - (enableFeature withGPLv3 "version3") + (enableFeature withVersion3 "version3") (enableFeature withUnfree "nonfree") /* * Build flags */ - # On some ARM platforms --enable-thumb - "--enable-shared" - "--enable-pic" + (enableFeature withStatic "static") + (enableFeature withShared "shared") + (enableFeature withPic "pic") + (enableFeature withThumb "thumb") (enableFeature withSmallBuild "small") (enableFeature withRuntimeCPUDetection "runtime-cpudetect") @@ -447,15 +458,23 @@ stdenv.mkDerivation (finalAttrs: { * External libraries */ (enableFeature withAlsa "alsa") - # FIXME: see if jellyfin-ffmpeg is already on a version >= 6.1 to use enableFeature - (optionalString (withAribcaption && lib.versionAtLeast finalAttrs.version "6.1") "--enable-libaribcaption") + (enableFeature withAom "libaom") + ] ++ optionals (versionAtLeast finalAttrs.version "6.1") [ + (enableFeature withAribcaption "libaribcaption") + ] ++ [ + (enableFeature withAss "libass") + (enableFeature withBluray "libbluray") + (enableFeature withBs2b "libbs2b") (enableFeature withBzlib "bzlib") (enableFeature withCelt "libcelt") + (enableFeature withChromaprint "chromaprint") (enableFeature withCuda "cuda") (enableFeature withCudaLLVM "cuda-llvm") (enableFeature withDav1d "libdav1d") + (enableFeature withDc1394 "libdc1394") + (enableFeature withDrm "libdrm") (enableFeature withFdkAac "libfdk-aac") - "--disable-libflite" # Force disable until a solution is found + (enableFeature withFlite "libflite") (enableFeature withFontconfig "fontconfig") (enableFeature withFreetype "libfreetype") (enableFeature withFrei0r "frei0r") @@ -463,41 +482,14 @@ stdenv.mkDerivation (finalAttrs: { (enableFeature withGme "libgme") (enableFeature withGnutls "gnutls") (enableFeature withGsm "libgsm") - (enableFeature withLadspa "ladspa") - (enableFeature withMp3lame "libmp3lame") - (enableFeature withAom "libaom") - (enableFeature withAss "libass") - (enableFeature withBluray "libbluray") - (enableFeature withBs2b "libbs2b") - (enableFeature withDc1394 "libdc1394") - (enableFeature withDrm "libdrm") (enableFeature withIconv "iconv") (enableFeature withJack "libjack") + (enableFeature withLadspa "ladspa") + (enableFeature withLzma "lzma") (enableFeature withMfx "libmfx") (enableFeature withModplug "libmodplug") + (enableFeature withMp3lame "libmp3lame") (enableFeature withMysofa "libmysofa") - (enableFeature withOpus "libopus") - (optionalString (versionAtLeast finalAttrs.version "5.0" && withLibplacebo) "--enable-libplacebo") - (enableFeature withSvg "librsvg") - (enableFeature withSrt "libsrt") - (enableFeature withSsh "libssh") - (enableFeature withTensorflow "libtensorflow") - (enableFeature withTheora "libtheora") - (enableFeature withV4l2 "libv4l2") - (enableFeature withV4l2M2m "v4l2-m2m") - (enableFeature withVaapi "vaapi") - (enableFeature withVdpau "vdpau") - (enableFeature withVorbis "libvorbis") - (enableFeature withVmaf "libvmaf") - (enableFeature withVpx "libvpx") - (enableFeature withWebp "libwebp") - (enableFeature withXlib "xlib") - (enableFeature withXcb "libxcb") - (enableFeature withXcbShm "libxcb-shm") - (enableFeature withXcbxfixes "libxcb-xfixes") - (enableFeature withXcbShape "libxcb-shape") - (enableFeature withXml2 "libxml2") - (enableFeature withLzma "lzma") (enableFeature withNvdec "cuvid") (enableFeature withNvdec "nvdec") (enableFeature withNvenc "nvenc") @@ -508,25 +500,50 @@ stdenv.mkDerivation (finalAttrs: { (enableFeature withOpenh264 "libopenh264") (enableFeature withOpenjpeg "libopenjpeg") (enableFeature withOpenmpt "libopenmpt") + (enableFeature withOpus "libopus") + ] ++ optionals (versionAtLeast finalAttrs.version "5.0") [ + (enableFeature withPlacebo "libplacebo") + ] ++ [ (enableFeature withPulse "libpulse") (enableFeature withRav1e "librav1e") - (enableFeature withSvtav1 "libsvtav1") (enableFeature withRtmp "librtmp") + (enableFeature withSamba "libsmbclient") (enableFeature withSdl2 "sdl2") + ] ++ optionals (versionAtLeast finalAttrs.version "5.0") [ + (enableFeature withShaderc "libshaderc") + ] ++ [ (enableFeature withSoxr "libsoxr") (enableFeature withSpeex "libspeex") + (enableFeature withSrt "libsrt") + (enableFeature withSsh "libssh") + (enableFeature withSvg "librsvg") + (enableFeature withSvtav1 "libsvtav1") + (enableFeature withTensorflow "libtensorflow") + (enableFeature withTheora "libtheora") + (enableFeature withV4l2 "libv4l2") + (enableFeature withV4l2M2m "v4l2-m2m") + (enableFeature withVaapi "vaapi") + (enableFeature withVdpau "vdpau") (enableFeature withVidStab "libvidstab") # Actual min. version 2.0 + (enableFeature withVmaf "libvmaf") (enableFeature withVoAmrwbenc "libvo-amrwbenc") + (enableFeature withVorbis "libvorbis") + (enableFeature withVpx "libvpx") + (enableFeature withVulkan "vulkan") + (enableFeature withWebp "libwebp") (enableFeature withX264 "libx264") (enableFeature withX265 "libx265") (enableFeature withXavs "libxavs") + (enableFeature withXcb "libxcb") + (enableFeature withXcbShape "libxcb-shape") + (enableFeature withXcbShm "libxcb-shm") + (enableFeature withXcbxfixes "libxcb-xfixes") + (enableFeature withXlib "xlib") + (enableFeature withXml2 "libxml2") (enableFeature withXvid "libxvid") - (enableFeature withZmq "libzmq") (enableFeature withZimg "libzimg") (enableFeature withZlib "zlib") - (enableFeature withVulkan "vulkan") - (optionalString (lib.versionAtLeast finalAttrs.version "5") (enableFeature withShaderc "libshaderc")) - (enableFeature withSamba "libsmbclient") + (enableFeature withZmq "libzmq") /* * Developer flags */ @@ -558,10 +575,7 @@ stdenv.mkDerivation (finalAttrs: { nativeBuildInputs = [ removeReferencesTo addOpenGLRunpath perl pkg-config texinfo yasm ] ++ optionals withCudaLLVM [ clang ]; - # TODO This was always in buildInputs before, why? - buildInputs = optionals withFullDeps [ libdc1394 ] - ++ optionals (withFullDeps && !stdenv.isDarwin) [ libraw1394 ] # TODO where does this belong to - ++ optionals (withNvdec || withNvenc) [ (if (lib.versionAtLeast finalAttrs.version "6") then nv-codec-headers-12 else nv-codec-headers) ] + buildInputs = optionals (withNvdec || withNvenc) [ (if (lib.versionAtLeast finalAttrs.version "6") then nv-codec-headers-12 else nv-codec-headers) ] ++ optionals withAlsa [ alsa-lib ] ++ optionals withAom [ libaom ] ++ optionals withAribcaption [ libaribcaption ] @@ -571,9 +585,12 @@ stdenv.mkDerivation (finalAttrs: { ++ optionals withBzlib [ bzip2 ] ++ optionals withCaca [ libcaca ] ++ optionals withCelt [ celt ] + ++ optionals withChromaprint [ chromaprint ] ++ optionals withDav1d [ dav1d ] + ++ optionals withDc1394 [ libdc1394 libraw1394 ] ++ optionals withDrm [ libdrm ] ++ optionals withFdkAac [ fdk_aac ] + ++ optionals withFlite [ flite ] ++ optionals withFontconfig [ fontconfig ] ++ optionals withFreetype [ freetype ] ++ optionals withFrei0r [ frei0r ] @@ -584,7 +601,6 @@ stdenv.mkDerivation (finalAttrs: { ++ optionals withIconv [ libiconv ] # On Linux this should be in libc, do we really need it? ++ optionals withJack [ libjack2 ] ++ optionals withLadspa [ ladspaH ] - ++ optionals withLibplacebo [ (if (lib.versionAtLeast finalAttrs.version "6.1") then libplacebo else libplacebo_5) vulkan-headers ] ++ optionals withLzma [ xz ] ++ optionals withMfx [ intel-media-sdk ] ++ optionals withModplug [ libmodplug ] @@ -599,6 +615,7 @@ stdenv.mkDerivation (finalAttrs: { ++ optionals withOpenjpeg [ openjpeg ] ++ optionals withOpenmpt [ libopenmpt ] ++ optionals withOpus [ libopus ] + ++ optionals withPlacebo [ (if (lib.versionAtLeast finalAttrs.version "6.1") then libplacebo else libplacebo_5) vulkan-headers ] ++ optionals withPulse [ libpulseaudio ] ++ optionals withRav1e [ rav1e ] ++ optionals withRtmp [ rtmpdump ] @@ -613,6 +630,7 @@ stdenv.mkDerivation (finalAttrs: { ++ optionals withSvtav1 [ svt-av1 ] ++ optionals withTensorflow [ libtensorflow ] ++ optionals withTheora [ libtheora ] + ++ optionals withV4l2 [ libv4l ] ++ optionals withVaapi [ (if withSmallDeps then libva else libva-minimal) ] ++ optionals withVdpau [ libvdpau ] ++ optionals withVidStab [ vid-stab ] @@ -620,7 +638,6 @@ stdenv.mkDerivation (finalAttrs: { ++ optionals withVoAmrwbenc [ vo-amrwbenc ] ++ optionals withVorbis [ libvorbis ] ++ optionals withVpx [ libvpx ] - ++ optionals withV4l2 [ libv4l ] ++ optionals withVulkan [ vulkan-headers vulkan-loader ] ++ optionals withWebp [ libwebp ] ++ optionals withX264 [ x264 ] @@ -703,11 +720,13 @@ stdenv.mkDerivation (finalAttrs: { ''; license = with licenses; [ lgpl21Plus ] ++ optional withGPL gpl2Plus + ++ optional withVersion3 lgpl3Plus ++ optional withGPLv3 gpl3Plus - ++ optional withUnfree unfreeRedistributable; + ++ optional withUnfree unfreeRedistributable + ++ optional (withGPL && withUnfree) unfree; pkgConfigModules = [ "libavutil" ]; platforms = platforms.all; - maintainers = with maintainers; [ atemu arthsmn ]; + maintainers = with maintainers; [ atemu arthsmn jopejoe1 ]; mainProgram = "ffmpeg"; }; }) diff --git a/pkgs/development/libraries/gjs/default.nix b/pkgs/development/libraries/gjs/default.nix index b7f91afa3710..1c1c1d5ff407 100644 --- a/pkgs/development/libraries/gjs/default.nix +++ b/pkgs/development/libraries/gjs/default.nix @@ -32,13 +32,13 @@ let ]; in stdenv.mkDerivation (finalAttrs: { pname = "gjs"; - version = "1.78.1"; + version = "1.78.3"; outputs = [ "out" "dev" "installedTests" ]; src = fetchurl { url = "mirror://gnome/sources/gjs/${lib.versions.majorMinor finalAttrs.version}/gjs-${finalAttrs.version}.tar.xz"; - hash = "sha256-fpBRHEKRJ8OerABoxKyaNT335vu8ZG9fGOiWKILBhkE="; + hash = "sha256-QtUDZMql15LHZzT+W7zEudu0iBnaIKQGAGHouVJhNKQ="; }; patches = [ diff --git a/pkgs/development/libraries/glib/default.nix b/pkgs/development/libraries/glib/default.nix index f92db5b0e5d6..2a1bae9cf41b 100644 --- a/pkgs/development/libraries/glib/default.nix +++ b/pkgs/development/libraries/glib/default.nix @@ -50,11 +50,11 @@ in stdenv.mkDerivation (finalAttrs: { pname = "glib"; - version = "2.78.3"; + version = "2.78.4"; src = fetchurl { url = "mirror://gnome/sources/glib/${lib.versions.majorMinor finalAttrs.version}/glib-${finalAttrs.version}.tar.xz"; - sha256 = "YJgB3Tc3luUVlyv5X8Cy2qRFRUge4vRlxPIE0iSyvCE="; + sha256 = "sha256-JLjgZy3KEgzDLTlLzLhYROcy4E/nXRi7BXOy28dUj2M="; }; patches = lib.optionals stdenv.isDarwin [ diff --git a/pkgs/development/libraries/glibc/2.38-master.patch.gz b/pkgs/development/libraries/glibc/2.38-master.patch.gz index 6414956807f4..a07e4f8e1d50 100644 --- a/pkgs/development/libraries/glibc/2.38-master.patch.gz +++ b/pkgs/development/libraries/glibc/2.38-master.patch.gz Binary files differdiff --git a/pkgs/development/libraries/glibc/common.nix b/pkgs/development/libraries/glibc/common.nix index 3e17817c0bab..826d1e9c8389 100644 --- a/pkgs/development/libraries/glibc/common.nix +++ b/pkgs/development/libraries/glibc/common.nix @@ -44,7 +44,7 @@ let version = "2.38"; - patchSuffix = "-27"; + patchSuffix = "-44"; sha256 = "sha256-+4KZiZiyspllRnvBtp0VLpwwfSzzAcnq+0VVt3DvP9I="; in @@ -60,7 +60,7 @@ stdenv.mkDerivation ({ [ /* No tarballs for stable upstream branch, only https://sourceware.org/git/glibc.git and using git would complicate bootstrapping. $ git fetch --all -p && git checkout origin/release/2.38/master && git describe - glibc-2.38-27-g750a45a783 + glibc-2.38-44-gd37c2b20a4 $ git show --minimal --reverse glibc-2.38.. | gzip -9n --rsyncable - > 2.38-master.patch.gz To compare the archive contents zdiff can be used. @@ -96,6 +96,11 @@ stdenv.mkDerivation ({ & https://github.com/NixOS/nixpkgs/pull/188492#issuecomment-1233802991 */ ./reenable_DT_HASH.patch + + /* Retrieved from https://salsa.debian.org/glibc-team/glibc/-/commit/662dbc4f9287139a0d9c91df328a5ba6cc6abee1#0f3c6d67cb8cf5bb35c421c20f828fea97b68edf + Qualys advisory: https://www.qualys.com/2024/01/30/qsort.txt + */ + ./local-qsort-memory-corruption.patch ] /* NVCC does not support ARM intrinsics. Since <math.h> is pulled in by almost every HPC piece of software, without this patch CUDA compilation on ARM @@ -155,7 +160,7 @@ stdenv.mkDerivation ({ # and on aarch64 with binutils 2.30 or later. # https://sourceware.org/glibc/wiki/PortStatus "--enable-static-pie" - ] ++ lib.optionals stdenv.hostPlatform.isx86 [ + ] ++ lib.optionals stdenv.hostPlatform.isx86_64 [ # Enable Intel Control-flow Enforcement Technology (CET) support "--enable-cet" ] ++ lib.optionals withLinuxHeaders [ diff --git a/pkgs/development/libraries/glibc/local-qsort-memory-corruption.patch b/pkgs/development/libraries/glibc/local-qsort-memory-corruption.patch new file mode 100644 index 000000000000..f7e25c72a61c --- /dev/null +++ b/pkgs/development/libraries/glibc/local-qsort-memory-corruption.patch @@ -0,0 +1,14 @@ +diff -rup a/stdlib/qsort.c b/stdlib/qsort.c +--- a/stdlib/qsort.c 2023-07-31 10:54:16.000000000 -0700 ++++ b/stdlib/qsort.c 2024-01-15 09:08:25.596167959 -0800 +@@ -224,7 +224,8 @@ _quicksort (void *const pbase, size_t to + while ((run_ptr += size) <= end_ptr) + { + tmp_ptr = run_ptr - size; +- while ((*cmp) ((void *) run_ptr, (void *) tmp_ptr, arg) < 0) ++ while (tmp_ptr != base_ptr ++ && (*cmp) ((void *) run_ptr, (void *) tmp_ptr, arg) < 0) + tmp_ptr -= size; + + tmp_ptr += size; + diff --git a/pkgs/development/libraries/gperftools/default.nix b/pkgs/development/libraries/gperftools/default.nix index 132ae64577a7..e76c033c705d 100644 --- a/pkgs/development/libraries/gperftools/default.nix +++ b/pkgs/development/libraries/gperftools/default.nix @@ -9,13 +9,13 @@ stdenv.mkDerivation rec { pname = "gperftools"; - version = "2.10"; + version = "2.15"; src = fetchFromGitHub { owner = pname; repo = pname; rev = "${pname}-${version}"; - sha256 = "sha256-lUX9T31cYZEi+0DgF52EDSL9yiSHa8ToMxhpQFKHOGk="; + sha256 = "sha256-3ibr8AHzo7txX1U+9oOWA60qeeJs/OGeevv+sgBwQa0="; }; patches = [ diff --git a/pkgs/development/libraries/graphene/default.nix b/pkgs/development/libraries/graphene/default.nix index 2972d5712cba..23b617d4a610 100644 --- a/pkgs/development/libraries/graphene/default.nix +++ b/pkgs/development/libraries/graphene/default.nix @@ -11,10 +11,13 @@ , mutest , nixosTests , glib +, withDocumentation ? !stdenv.hostPlatform.isStatic , gtk-doc , docbook_xsl , docbook_xml_dtd_43 +, buildPackages , gobject-introspection +, withIntrospection ? lib.meta.availableOn stdenv.hostPlatform gobject-introspection && stdenv.hostPlatform.emulatorAvailable buildPackages , makeWrapper }: @@ -22,7 +25,8 @@ stdenv.mkDerivation rec { pname = "graphene"; version = "1.10.8"; - outputs = [ "out" "dev" "devdoc" ] + outputs = [ "out" "dev" ] + ++ lib.optionals withDocumentation [ "devdoc" ] ++ lib.optionals (stdenv.hostPlatform == stdenv.buildPlatform) [ "installedTests" ]; src = fetchFromGitHub { @@ -51,15 +55,17 @@ stdenv.mkDerivation rec { ]; nativeBuildInputs = [ - docbook_xml_dtd_43 - docbook_xsl - gtk-doc meson ninja pkg-config - gobject-introspection python3 makeWrapper + ] ++ lib.optionals withDocumentation [ + docbook_xml_dtd_43 + docbook_xsl + gtk-doc + ] ++ lib.optionals withIntrospection [ + gobject-introspection ] ++ lib.optionals (!stdenv.buildPlatform.canExecute stdenv.hostPlatform) [ mesonEmulatorHook ]; @@ -73,8 +79,8 @@ stdenv.mkDerivation rec { ]; mesonFlags = [ - "-Dgtk_doc=true" - "-Dintrospection=enabled" + (lib.mesonBool "gtk_doc" withDocumentation) + (lib.mesonEnable "introspection" withIntrospection) "-Dinstalled_test_datadir=${placeholder "installedTests"}/share" "-Dinstalled_test_bindir=${placeholder "installedTests"}/libexec" ] ++ lib.optionals stdenv.isAarch32 [ @@ -87,12 +93,13 @@ stdenv.mkDerivation rec { postPatch = '' patchShebangs tests/gen-installed-test.py + '' + lib.optionalString withIntrospection '' PATH=${python3.withPackages (pp: [ pp.pygobject3 pp.tappy ])}/bin:$PATH patchShebangs tests/introspection.py ''; postFixup = let introspectionPy = "${placeholder "installedTests"}/libexec/installed-tests/graphene-1.0/introspection.py"; - in '' + in lib.optionalString withIntrospection '' if [ -x '${introspectionPy}' ] ; then wrapProgram '${introspectionPy}' \ --prefix GI_TYPELIB_PATH : "$out/lib/girepository-1.0" diff --git a/pkgs/development/libraries/iso-codes/default.nix b/pkgs/development/libraries/iso-codes/default.nix index f5a4c46f5791..5539a97f0ce6 100644 --- a/pkgs/development/libraries/iso-codes/default.nix +++ b/pkgs/development/libraries/iso-codes/default.nix @@ -2,11 +2,11 @@ stdenv.mkDerivation rec { pname = "iso-codes"; - version = "4.15.0"; + version = "4.16.0"; src = fetchurl { url = "https://salsa.debian.org/iso-codes-team/iso-codes/-/archive/v${version}/${pname}-v${version}.tar.gz"; - sha256 = "sha256-uDtUudfdbrh3OAs+xG83CwXa8sv6ExxhLwNZjWVMDvg="; + sha256 = "sha256-fJkPw5oFl1vtsBdeP/Cfw4MEiBX2i0Yqu/BVqAMuZsw="; }; nativeBuildInputs = [ gettext python3 ]; diff --git a/pkgs/development/libraries/jellyfin-ffmpeg/default.nix b/pkgs/development/libraries/jellyfin-ffmpeg/default.nix index 5c015910eab7..6398f8b872d5 100644 --- a/pkgs/development/libraries/jellyfin-ffmpeg/default.nix +++ b/pkgs/development/libraries/jellyfin-ffmpeg/default.nix @@ -1,5 +1,4 @@ { ffmpeg_6-full -, chromaprint , fetchFromGitHub , lib }: @@ -18,12 +17,9 @@ ffmpeg_6-full.overrideAttrs (old: rec { # Clobber upstream patches as they don't apply to the Jellyfin fork patches = []; - buildInputs = old.buildInputs ++ [ chromaprint ]; - configureFlags = old.configureFlags ++ [ "--extra-version=Jellyfin" "--disable-ptx-compression" # https://github.com/jellyfin/jellyfin/issues/7944#issuecomment-1156880067 - "--enable-chromaprint" ]; postPatch = '' diff --git a/pkgs/development/libraries/libaom/default.nix b/pkgs/development/libraries/libaom/default.nix index 78aac8754787..a808b62c3a3b 100644 --- a/pkgs/development/libraries/libaom/default.nix +++ b/pkgs/development/libraries/libaom/default.nix @@ -1,5 +1,4 @@ { lib, stdenv, fetchzip, yasm, perl, cmake, pkg-config, python3 -, enableButteraugli ? true, libjxl , enableVmaf ? true, libvmaf , gitUpdater }: @@ -9,11 +8,11 @@ let in stdenv.mkDerivation rec { pname = "libaom"; - version = "3.8.0"; + version = "3.8.1"; src = fetchzip { url = "https://aomedia.googlesource.com/aom/+archive/v${version}.tar.gz"; - hash = "sha256-JxMz+XnjmUvk8TlTqdU2HP1Gq3bXfcLkXp5AEv9+7hM="; + hash = "sha256-qng9fEbm71HqPnPzfgqswSium9egIgpB6ZLesOQVg6c="; stripRoot = false; }; @@ -23,8 +22,7 @@ stdenv.mkDerivation rec { yasm perl cmake pkg-config python3 ]; - propagatedBuildInputs = lib.optional enableButteraugli libjxl - ++ lib.optional enableVmaf libvmaf; + propagatedBuildInputs = lib.optional enableVmaf libvmaf; preConfigure = '' # build uses `git describe` to set the build version @@ -42,8 +40,6 @@ stdenv.mkDerivation rec { cmakeFlags = [ "-DBUILD_SHARED_LIBS=ON" "-DENABLE_TESTS=OFF" - ] ++ lib.optionals enableButteraugli [ - "-DCONFIG_TUNE_BUTTERAUGLI=1" ] ++ lib.optionals enableVmaf [ "-DCONFIG_TUNE_VMAF=1" ] ++ lib.optionals (stdenv.isDarwin && stdenv.isAarch64) [ diff --git a/pkgs/development/libraries/libcbor/default.nix b/pkgs/development/libraries/libcbor/default.nix index 514ee36d02df..43a73d374ea5 100644 --- a/pkgs/development/libraries/libcbor/default.nix +++ b/pkgs/development/libraries/libcbor/default.nix @@ -14,13 +14,13 @@ stdenv.mkDerivation (finalAttrs: { pname = "libcbor"; - version = "unstable-2023-01-29"; # Musl fix hasn't been released yet. + version = "0.10.2"; src = fetchFromGitHub { owner = "PJK"; repo = "libcbor"; - rev = "cb4162f40d94751141b4d43b07c4add83e738a68"; - sha256 = "sha256-ZTa+wG1g9KsVoqJG/yqxo2fJ7OhPnaI9QcfOmpOT3pg="; + rev = "v${finalAttrs.version}"; + hash = "sha256-eE11hYPsOKqfoX8fx/oYfOAichhUe4mMpNQNVZ6vAUI="; }; outputs = [ "out" "dev" ]; diff --git a/pkgs/development/libraries/libdecor/default.nix b/pkgs/development/libraries/libdecor/default.nix index fefaf98c40e9..f81fdc68768a 100644 --- a/pkgs/development/libraries/libdecor/default.nix +++ b/pkgs/development/libraries/libdecor/default.nix @@ -10,18 +10,19 @@ , cairo , dbus , pango +, gtk3 }: stdenv.mkDerivation rec { pname = "libdecor"; - version = "0.1.1"; + version = "0.2.2"; src = fetchFromGitLab { domain = "gitlab.freedesktop.org"; owner = "libdecor"; repo = "libdecor"; rev = version; - hash = "sha256-8b6qCqOSDDbhYwAeAaUyI71tSopTkGtCJaxZaJw1vQQ="; + hash = "sha256-mID19uHXFKJUZtQsSOXjRdz541YVjMxmSHVa+DlkPRc="; }; outputs = [ "out" "dev" ]; @@ -45,6 +46,7 @@ stdenv.mkDerivation rec { cairo dbus pango + gtk3 ]; meta = with lib; { diff --git a/pkgs/development/libraries/libedit/default.nix b/pkgs/development/libraries/libedit/default.nix index d8c7be41f4a1..97636e36e848 100644 --- a/pkgs/development/libraries/libedit/default.nix +++ b/pkgs/development/libraries/libedit/default.nix @@ -2,11 +2,11 @@ stdenv.mkDerivation rec { pname = "libedit"; - version = "20221030-3.1"; + version = "20230828-3.1"; src = fetchurl { url = "https://thrysoee.dk/editline/${pname}-${version}.tar.gz"; - sha256 = "sha256-8JJaWt9LG/EW7hl2a32qdmkXrsGYdHlDscTt9npL4rs="; + sha256 = "sha256-TugYK25WkpDn0fRPD3jayHFrNfZWt2Uo9pnGnJiBTa0="; }; outputs = [ "out" "dev" ]; diff --git a/pkgs/development/libraries/libei/default.nix b/pkgs/development/libraries/libei/default.nix index 3b687fcd8edc..18bf680ca840 100644 --- a/pkgs/development/libraries/libei/default.nix +++ b/pkgs/development/libraries/libei/default.nix @@ -23,14 +23,14 @@ let in stdenv.mkDerivation rec { pname = "libei"; - version = "1.1.0"; + version = "1.2.0"; src = fetchFromGitLab { domain = "gitlab.freedesktop.org"; owner = "libinput"; repo = "libei"; rev = version; - hash = "sha256-ebZZ2dGXrPBUDPsuu5GZY5kDv9qndnxepQUGFDe9PUg="; + hash = "sha256-MHPWEBMtxoEJ8j3LyDPD+m3DsO9u8nE+/pPtRHHXEXA="; }; buildInputs = [ diff --git a/pkgs/development/libraries/libgit2/default.nix b/pkgs/development/libraries/libgit2/default.nix index 1012092c71df..957a146ce2a0 100644 --- a/pkgs/development/libraries/libgit2/default.nix +++ b/pkgs/development/libraries/libgit2/default.nix @@ -23,6 +23,8 @@ stdenv.mkDerivation rec { version = "1.7.1"; # also check the following packages for updates: python3Packages.pygit2 and libgit2-glib + outputs = ["lib" "dev" "out"]; + src = fetchFromGitHub { owner = "libgit2"; repo = "libgit2"; @@ -47,7 +49,22 @@ stdenv.mkDerivation rec { propagatedBuildInputs = lib.optional (!stdenv.isLinux) libiconv; - doCheck = false; # hangs. or very expensive? + doCheck = true; + checkPhase = '' + testArgs=(-v -xonline) + + # slow + testArgs+=(-xclone::nonetwork::bad_urls) + + # failed to set permissions on ...: Operation not permitted + testArgs+=(-xrepo::init::extended_1) + testArgs+=(-xrepo::template::extended_with_template_and_shared_mode) + + ( + set -x + ./libgit2_tests ''${testArgs[@]} + ) + ''; passthru.tests = { inherit libgit2-glib; diff --git a/pkgs/development/libraries/libgudev/default.nix b/pkgs/development/libraries/libgudev/default.nix index 5098bd9f65ca..fd21c9e7f85e 100644 --- a/pkgs/development/libraries/libgudev/default.nix +++ b/pkgs/development/libraries/libgudev/default.nix @@ -9,7 +9,6 @@ , gnome , vala , gobject-introspection -, fetchpatch , glibcLocales , umockdev }: @@ -25,6 +24,18 @@ stdenv.mkDerivation (finalAttrs: { hash = "sha256-YSZqsa/J1z28YKiyr3PpnS/f9H2ZVE0IV2Dk+mZ7XdE="; }; + patches = [ + # Conditionally disable one test that requires a locale implementation + # https://gitlab.gnome.org/GNOME/libgudev/-/merge_requests/31 + ./tests-skip-double-test-on-stub-locale-impls.patch + ]; + + postPatch = '' + # The relative location of LD_PRELOAD works for Glibc but not for other loaders (e.g. pkgsMusl) + substituteInPlace tests/meson.build \ + --replace "LD_PRELOAD=libumockdev-preload.so.0" "LD_PRELOAD=${lib.getLib umockdev}/lib/libumockdev-preload.so.0" + ''; + strictDeps = true; nativeBuildInputs = [ diff --git a/pkgs/development/libraries/libgudev/tests-skip-double-test-on-stub-locale-impls.patch b/pkgs/development/libraries/libgudev/tests-skip-double-test-on-stub-locale-impls.patch new file mode 100644 index 000000000000..277670aeed2b --- /dev/null +++ b/pkgs/development/libraries/libgudev/tests-skip-double-test-on-stub-locale-impls.patch @@ -0,0 +1,41 @@ +From ad8b10870ee2092268f87144d8e5ab7db2011139 Mon Sep 17 00:00:00 2001 +From: Alyssa Ross <hi@alyssa.is> +Date: Tue, 30 Jan 2024 20:47:21 +0100 +Subject: [PATCH] tests: Skip double test on stub locale impls + +On musl, setlocale() with an unknown locale name will succeed, but +treat the requested locale as if it were C.UTF-8. Therefore, to +properly check whether the locale is supported, we need to actually +verify whether it works the way we expect when deciding whether to +skip the test. +--- + tests/test-double.c | 6 ++++-- + 1 file changed, 4 insertions(+), 2 deletions(-) + +diff --git a/tests/test-double.c b/tests/test-double.c +index 91e77c9..e9d9232 100644 +--- a/tests/test-double.c ++++ b/tests/test-double.c +@@ -39,8 +39,6 @@ fixture_teardown (Fixture *f, G_GNUC_UNUSED const void *data) + static void + test_double (Fixture *f, G_GNUC_UNUSED const void *data) + { +- g_assert_cmpstr (nl_langinfo(RADIXCHAR), ==, ","); +- + umockdev_testbed_add_device (f->testbed, "platform", "dev1", NULL, + "in_accel_scale", "0.0000098", NULL, + "ID_MODEL", "KoolGadget", "SCALE", "0.0000098", NULL); +@@ -73,6 +71,10 @@ int main(int argc, char **argv) + if (setlocale (LC_NUMERIC, "fr_FR.UTF-8") == NULL) + return GNU_SKIP_RETURNCODE; + ++ /* Skip if locale doesn't work how we expect. */ ++ if (strcmp (nl_langinfo(RADIXCHAR), ",")) ++ return GNU_SKIP_RETURNCODE; ++ + g_test_init (&argc, &argv, NULL); + + g_test_add ("/gudev/double", Fixture, NULL, +-- +GitLab + diff --git a/pkgs/development/libraries/libidn/default.nix b/pkgs/development/libraries/libidn/default.nix index 9e1d9e55c16a..da37ef781b35 100644 --- a/pkgs/development/libraries/libidn/default.nix +++ b/pkgs/development/libraries/libidn/default.nix @@ -4,11 +4,11 @@ stdenv.mkDerivation (finalAttrs: { pname = "libidn"; - version = "1.41"; + version = "1.42"; src = fetchurl { url = "mirror://gnu/libidn/${finalAttrs.pname}-${finalAttrs.version}.tar.gz"; - sha256 = "sha256-iE1wY2S4Gr3Re+6Whtj/KudDHFoUZRBHxorfizH9iUU="; + sha256 = "sha256-1sGZ3NgG5P4nk2DLSwg0mg05Vg7VSP/RzK3ajN7LRyM="; }; outputs = [ "bin" "dev" "out" "info" "devdoc" ]; diff --git a/pkgs/development/libraries/libidn2/default.nix b/pkgs/development/libraries/libidn2/default.nix index 0782f94f41e5..8fcbe42650fc 100644 --- a/pkgs/development/libraries/libidn2/default.nix +++ b/pkgs/development/libraries/libidn2/default.nix @@ -7,11 +7,11 @@ stdenv.mkDerivation rec { pname = "libidn2"; - version = "2.3.4"; + version = "2.3.7"; src = fetchurl { url = "https://ftp.gnu.org/gnu/libidn/${pname}-${version}.tar.gz"; - sha256 = "sha256-k8q6crTgUdH41PWgdqtjyZt3+u4Bm3K5eDsmeYbbtF8="; + hash = "sha256-TCGnkbYQuVGbnQ4SuAl78vNZsS+N2SZHYRqSnmv9fWQ="; }; strictDeps = true; diff --git a/pkgs/development/libraries/libimagequant/Cargo.lock b/pkgs/development/libraries/libimagequant/Cargo.lock index fdad112994ac..8e542f358693 100644 --- a/pkgs/development/libraries/libimagequant/Cargo.lock +++ b/pkgs/development/libraries/libimagequant/Cargo.lock @@ -10,13 +10,14 @@ checksum = "f26201604c87b1e01bd3d98f8d5d9a8fcbb815e8cedb41ffccbeb4bf593a35fe" [[package]] name = "ahash" -version = "0.8.3" +version = "0.8.7" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "2c99f64d1e06488f620f932677e24bc6e2897582980441ae90a671415bd7ec2f" +checksum = "77c3a9648d43b9cd48db467b3f87fdd6e146bcc88ab0180006cef2179fe11d01" dependencies = [ "cfg-if", "once_cell", "version_check", + "zerocopy", ] [[package]] @@ -26,16 +27,10 @@ source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "96d30a06541fbafbc7f82ed10c06164cfbd2c401138f6addd8404629c4b16711" [[package]] -name = "autocfg" -version = "1.1.0" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "d468802bab17cbc0cc575e9b053f41e72aa36bfa6b7f55e3529ffa43161b97fa" - -[[package]] name = "bitflags" -version = "2.4.0" +version = "2.4.2" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "b4682ae6287fcf752ecaabbfcc7b6f9b72aa33933dc23a554d853aea8eea8635" +checksum = "ed570934406eb16438a4e976b1b4500774099c13b8cb96eec99f620f05090ddf" [[package]] name = "bytemuck" @@ -77,36 +72,28 @@ dependencies = [ [[package]] name = "crossbeam-deque" -version = "0.8.3" +version = "0.8.5" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "ce6fd6f855243022dcecf8702fef0c297d4338e226845fe067f6341ad9fa0cef" +checksum = "613f8cc01fe9cf1a3eb3d7f488fd2fa8388403e97039e2f73692932e291a770d" dependencies = [ - "cfg-if", "crossbeam-epoch", "crossbeam-utils", ] [[package]] name = "crossbeam-epoch" -version = "0.9.15" +version = "0.9.18" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "ae211234986c545741a7dc064309f67ee1e5ad243d0e48335adc0484d960bcc7" +checksum = "5b82ac4a3c2ca9c3460964f020e1402edd5753411d7737aa39c3714ad1b5420e" dependencies = [ - "autocfg", - "cfg-if", "crossbeam-utils", - "memoffset", - "scopeguard", ] [[package]] name = "crossbeam-utils" -version = "0.8.16" +version = "0.8.19" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "5a22b2d63d4d1dc0b7f1b6b2747dd0088008a9be28b6ddf0b1e7d335e3037294" -dependencies = [ - "cfg-if", -] +checksum = "248e3bacc7dc6baa3b21e405ee045c3047101a49145e7e9eca583ab4c2ca5345" [[package]] name = "either" @@ -144,7 +131,7 @@ dependencies = [ [[package]] name = "imagequant" -version = "4.2.2" +version = "4.3.0" dependencies = [ "arrayvec", "lodepng", @@ -156,7 +143,7 @@ dependencies = [ [[package]] name = "imagequant-sys" -version = "4.0.3" +version = "4.0.4" dependencies = [ "bitflags", "imagequant", @@ -165,15 +152,15 @@ dependencies = [ [[package]] name = "libc" -version = "0.2.149" +version = "0.2.152" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "a08173bc88b7955d1b3145aa561539096c421ac8debde8cbc3612ec635fee29b" +checksum = "13e3bf6590cbc649f4d1a3eefc9d5d6eb746f5200ffb04e5e142700b8faa56e7" [[package]] name = "lodepng" -version = "3.9.1" +version = "3.10.1" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "a3cdccd0cf57a5d456f0656ebcff72c2e19503287e1afbf3b84382812adc0606" +checksum = "a42d298694b14401847de29abd44adf278b42e989e516deac7b72018400002d8" dependencies = [ "crc32fast", "fallible_collections", @@ -183,15 +170,6 @@ dependencies = [ ] [[package]] -name = "memoffset" -version = "0.9.0" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "5a634b1c61a95585bd15607c6ab0c4e5b226e695ff2800ba0cdccddf208c406c" -dependencies = [ - "autocfg", -] - -[[package]] name = "miniz_oxide" version = "0.7.1" source = "registry+https://github.com/rust-lang/crates.io-index" @@ -202,15 +180,33 @@ dependencies = [ [[package]] name = "once_cell" -version = "1.18.0" +version = "1.19.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "3fdb12b2476b595f9358c5161aa467c2438859caa136dec86c26fdd2efe17b92" + +[[package]] +name = "proc-macro2" +version = "1.0.78" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "e2422ad645d89c99f8f3e6b88a9fdeca7fabeac836b1002371c4367c8f984aae" +dependencies = [ + "unicode-ident", +] + +[[package]] +name = "quote" +version = "1.0.35" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "dd8b5dd2ae5ed71462c540258bedcb51965123ad7e7ccf4b9a8cafaa4a63576d" +checksum = "291ec9ab5efd934aaf503a6466c5d5251535d108ee747472c3977cc5acc868ef" +dependencies = [ + "proc-macro2", +] [[package]] name = "rayon" -version = "1.8.0" +version = "1.8.1" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "9c27db03db7734835b3f53954b534c91069375ce6ccaa2e065441e07d9b6cdb1" +checksum = "fa7237101a77a10773db45d62004a272517633fbcc3df19d96455ede1122e051" dependencies = [ "either", "rayon-core", @@ -218,9 +214,9 @@ dependencies = [ [[package]] name = "rayon-core" -version = "1.12.0" +version = "1.12.1" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "5ce3fb6ad83f861aac485e76e1985cd109d9a3713802152be56c3b1f0e0658ed" +checksum = "1465873a3dfdaa8ae7cb14b4383657caab0b3e8a0aa9ae8e04b044854c8dfce2" dependencies = [ "crossbeam-deque", "crossbeam-utils", @@ -228,18 +224,23 @@ dependencies = [ [[package]] name = "rgb" -version = "0.8.36" +version = "0.8.37" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "20ec2d3e3fc7a92ced357df9cebd5a10b6fb2aa1ee797bf7e9ce2f17dffc8f59" +checksum = "05aaa8004b64fd573fc9d002f4e632d51ad4f026c2b5ba95fcb6c2f32c2c47d8" dependencies = [ "bytemuck", ] [[package]] -name = "scopeguard" -version = "1.2.0" +name = "syn" +version = "2.0.48" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "94143f37725109f92c262ed2cf5e59bce7498c01bcc1502d7b9afe439a4e9f49" +checksum = "0f3531638e407dfc0814761abb7c00a5b54992b849452a0646b7f65c9f770f3f" +dependencies = [ + "proc-macro2", + "quote", + "unicode-ident", +] [[package]] name = "thread_local" @@ -252,7 +253,33 @@ dependencies = [ ] [[package]] +name = "unicode-ident" +version = "1.0.12" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "3354b9ac3fae1ff6755cb6db53683adb661634f67557942dea4facebec0fee4b" + +[[package]] name = "version_check" version = "0.9.4" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "49874b5167b65d7193b8aba1567f5c7d93d001cafc34600cee003eda787e483f" + +[[package]] +name = "zerocopy" +version = "0.7.32" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "74d4d3961e53fa4c9a25a8637fc2bfaf2595b3d3ae34875568a5cf64787716be" +dependencies = [ + "zerocopy-derive", +] + +[[package]] +name = "zerocopy-derive" +version = "0.7.32" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "9ce1b18ccd8e73a9321186f97e46f9f04b778851177567b1975109d26a08d2a6" +dependencies = [ + "proc-macro2", + "quote", + "syn", +] diff --git a/pkgs/development/libraries/libimagequant/default.nix b/pkgs/development/libraries/libimagequant/default.nix index f60a1c7cab7a..8d8acfd835d0 100644 --- a/pkgs/development/libraries/libimagequant/default.nix +++ b/pkgs/development/libraries/libimagequant/default.nix @@ -1,14 +1,27 @@ -{ lib, stdenv, fetchFromGitHub, fetchurl, rust, rustPlatform, cargo-c, python3 }: +{ lib +, stdenv +, fetchFromGitHub +, fetchurl +, rust +, rustPlatform +, cargo-c +, python3 + +# tests +, testers +, vips +, libimagequant +}: rustPlatform.buildRustPackage rec { pname = "libimagequant"; - version = "4.2.2"; + version = "4.3.0"; src = fetchFromGitHub { owner = "ImageOptim"; - repo = pname; + repo = "libimagequant"; rev = version; - hash = "sha256-cZgnJOmj+xJDcewsxH2Jp5AAnFZKVuYxKPtoGeN03g4="; + hash = "sha256-/gHe3LQaBWOQImBesKvHK46T42TtRld988wgxbut4i0="; }; cargoLock = { @@ -34,7 +47,13 @@ rustPlatform.buildRustPackage rec { ''; passthru.tests = { + inherit vips; inherit (python3.pkgs) pillow; + + pkg-config = testers.hasPkgConfigModules { + package = libimagequant; + moduleNames = [ "imagequant" ]; + }; }; meta = with lib; { diff --git a/pkgs/development/libraries/libinput/default.nix b/pkgs/development/libraries/libinput/default.nix index a159a1fb5f62..16193e5e5148 100644 --- a/pkgs/development/libraries/libinput/default.nix +++ b/pkgs/development/libraries/libinput/default.nix @@ -45,7 +45,7 @@ in stdenv.mkDerivation rec { pname = "libinput"; - version = "1.24.0"; + version = "1.25.0"; outputs = [ "bin" "out" "dev" ]; @@ -54,7 +54,7 @@ stdenv.mkDerivation rec { owner = "libinput"; repo = "libinput"; rev = version; - sha256 = "sha256-gTcgEZ7cs4jq8w5Genxtio9nVFy7y3n0nNXJ6SVtYHY="; + hash = "sha256-c2FU5OW+CIgtYTQy+bwIbaw3SP1pVxaLokhO+ag5/1s="; }; patches = [ diff --git a/pkgs/development/libraries/libipt/default.nix b/pkgs/development/libraries/libipt/default.nix index 9b3de39e5d91..6a05aec46854 100644 --- a/pkgs/development/libraries/libipt/default.nix +++ b/pkgs/development/libraries/libipt/default.nix @@ -2,13 +2,13 @@ stdenv.mkDerivation rec { pname = "libipt"; - version = "2.0.6"; + version = "2.1"; src = fetchFromGitHub { owner = "intel"; repo = "libipt"; rev = "v${version}"; - sha256 = "sha256-RuahOkDLbac9bhXn8QSf7lMRw11PIpXQo3eaQ9N4Rtc="; + sha256 = "sha256-SLCuNTFRGFh0mTv1xLCIDg7b6DbWCxgHhrCoPu9xpmw="; }; nativeBuildInputs = [ cmake ]; diff --git a/pkgs/development/libraries/libjpeg-turbo/0001-Compile-transupp.c-as-part-of-the-library.patch b/pkgs/development/libraries/libjpeg-turbo/0001-Compile-transupp.c-as-part-of-the-library.patch index 0a09a8845c13..775315018064 100644 --- a/pkgs/development/libraries/libjpeg-turbo/0001-Compile-transupp.c-as-part-of-the-library.patch +++ b/pkgs/development/libraries/libjpeg-turbo/0001-Compile-transupp.c-as-part-of-the-library.patch @@ -1,29 +1,26 @@ -From 4a0584f7c05641143151ebdc1be1163bebf9d35d Mon Sep 17 00:00:00 2001 +From 6442d11617f95d13e2a371bd3e01f5082a9c356d Mon Sep 17 00:00:00 2001 From: Las <las@protonmail.ch> Date: Sun, 3 Jan 2021 18:35:37 +0000 Subject: [PATCH] Compile transupp.c as part of the library -The exported symbols are made weak to not conflict with users -of the library that already vendor this functionality. --- CMakeLists.txt | 4 ++-- - transupp.c | 14 +++++++------- - 2 files changed, 9 insertions(+), 9 deletions(-) + 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/CMakeLists.txt b/CMakeLists.txt -index 0ca6f98..a9a0fae 100644 +index adb0ca45..46fc16dd 100644 --- a/CMakeLists.txt +++ b/CMakeLists.txt -@@ -533,7 +533,7 @@ set(JPEG_SOURCES jcapimin.c jcapistd.c jccoefct.c jccolor.c jcdctmgr.c jchuff.c - jdatasrc.c jdcoefct.c jdcolor.c jddctmgr.c jdhuff.c jdicc.c jdinput.c - jdmainct.c jdmarker.c jdmaster.c jdmerge.c jdphuff.c jdpostct.c jdsample.c - jdtrans.c jerror.c jfdctflt.c jfdctfst.c jfdctint.c jidctflt.c jidctfst.c -- jidctint.c jidctred.c jquant1.c jquant2.c jutils.c jmemmgr.c jmemnobs.c) -+ jidctint.c jidctred.c jquant1.c jquant2.c jutils.c jmemmgr.c jmemnobs.c transupp.c) +@@ -581,7 +581,7 @@ set(JPEG_SOURCES ${JPEG12_SOURCES} jcapimin.c jchuff.c jcicc.c jcinit.c + jclhuff.c jcmarker.c jcmaster.c jcomapi.c jcparam.c jcphuff.c jctrans.c + jdapimin.c jdatadst.c jdatasrc.c jdhuff.c jdicc.c jdinput.c jdlhuff.c + jdmarker.c jdmaster.c jdphuff.c jdtrans.c jerror.c jfdctflt.c jmemmgr.c +- jmemnobs.c jpeg_nbits.c) ++ jmemnobs.c jpeg_nbits.c transupp.c) if(WITH_ARITH_ENC OR WITH_ARITH_DEC) set(JPEG_SOURCES ${JPEG_SOURCES} jaricom.c) -@@ -1489,7 +1489,7 @@ install(EXPORT ${CMAKE_PROJECT_NAME}Targets +@@ -1803,7 +1803,7 @@ install(EXPORT ${CMAKE_PROJECT_NAME}Targets install(FILES ${CMAKE_CURRENT_BINARY_DIR}/jconfig.h ${CMAKE_CURRENT_SOURCE_DIR}/jerror.h ${CMAKE_CURRENT_SOURCE_DIR}/jmorecfg.h @@ -32,73 +29,6 @@ index 0ca6f98..a9a0fae 100644 DESTINATION ${CMAKE_INSTALL_INCLUDEDIR}) include(cmakescripts/BuildPackages.cmake) -diff --git a/transupp.c b/transupp.c -index 6e86077..2da49a7 100644 ---- a/transupp.c -+++ b/transupp.c -@@ -1386,7 +1386,7 @@ jt_read_integer(const char **strptr, JDIMENSION *result) - * This code is loosely based on XParseGeometry from the X11 distribution. - */ - --GLOBAL(boolean) -+GLOBAL(boolean) __attribute__((weak)) - jtransform_parse_crop_spec(jpeg_transform_info *info, const char *spec) - { - info->crop = FALSE; -@@ -1486,7 +1486,7 @@ trim_bottom_edge(jpeg_transform_info *info, JDIMENSION full_height) - * and transformation is not perfect. Otherwise returns TRUE. - */ - --GLOBAL(boolean) -+GLOBAL(boolean) __attribute__((weak)) - jtransform_request_workspace(j_decompress_ptr srcinfo, - jpeg_transform_info *info) - { -@@ -2033,7 +2033,7 @@ adjust_exif_parameters(JOCTET *data, unsigned int length, JDIMENSION new_width, - * to jpeg_write_coefficients(). - */ - --GLOBAL(jvirt_barray_ptr *) -+GLOBAL(jvirt_barray_ptr *) __attribute__((weak)) - jtransform_adjust_parameters(j_decompress_ptr srcinfo, j_compress_ptr dstinfo, - jvirt_barray_ptr *src_coef_arrays, - jpeg_transform_info *info) -@@ -2152,7 +2152,7 @@ jtransform_adjust_parameters(j_decompress_ptr srcinfo, j_compress_ptr dstinfo, - * Note that some transformations will modify the source data arrays! - */ - --GLOBAL(void) -+GLOBAL(void) __attribute__((weak)) - jtransform_execute_transform(j_decompress_ptr srcinfo, j_compress_ptr dstinfo, - jvirt_barray_ptr *src_coef_arrays, - jpeg_transform_info *info) -@@ -2264,7 +2264,7 @@ jtransform_execute_transform(j_decompress_ptr srcinfo, j_compress_ptr dstinfo, - * (may use custom action then) - */ - --GLOBAL(boolean) -+GLOBAL(boolean) __attribute__((weak)) - jtransform_perfect_transform(JDIMENSION image_width, JDIMENSION image_height, - int MCU_width, int MCU_height, - JXFORM_CODE transform) -@@ -2303,7 +2303,7 @@ jtransform_perfect_transform(JDIMENSION image_width, JDIMENSION image_height, - * This must be called before jpeg_read_header() to have the desired effect. - */ - --GLOBAL(void) -+GLOBAL(void) __attribute__((weak)) - jcopy_markers_setup(j_decompress_ptr srcinfo, JCOPY_OPTION option) - { - #ifdef SAVE_MARKERS_SUPPORTED -@@ -2331,7 +2331,7 @@ jcopy_markers_setup(j_decompress_ptr srcinfo, JCOPY_OPTION option) - * JFIF APP0 or Adobe APP14 markers if selected. - */ - --GLOBAL(void) -+GLOBAL(void) __attribute__((weak)) - jcopy_markers_execute(j_decompress_ptr srcinfo, j_compress_ptr dstinfo, - JCOPY_OPTION option) - { -- -2.29.2 +2.43.0 diff --git a/pkgs/development/libraries/libjpeg-turbo/0002-Make-exported-symbols-in-transupp.c-weak.patch b/pkgs/development/libraries/libjpeg-turbo/0002-Make-exported-symbols-in-transupp.c-weak.patch new file mode 100644 index 000000000000..fc23b776312a --- /dev/null +++ b/pkgs/development/libraries/libjpeg-turbo/0002-Make-exported-symbols-in-transupp.c-weak.patch @@ -0,0 +1,81 @@ +From 6442d11617f95d13e2a371bd3e01f5082a9c356d Mon Sep 17 00:00:00 2001 +From: Las <las@protonmail.ch> +Date: Sun, 3 Jan 2021 18:35:37 +0000 +Subject: [PATCH] Make exported symbols in transupp.c weak + +The exported symbols are made weak to not conflict with users +of the library that already vendor this functionality. +--- + transupp.c | 14 +++++++------- + 1 file changed, 7 insertions(+), 7 deletions(-) + +diff --git a/transupp.c b/transupp.c +index 34fbb371..c0ade5a9 100644 +--- a/transupp.c ++++ b/transupp.c +@@ -1388,7 +1388,7 @@ jt_read_integer(const char **strptr, JDIMENSION *result) + * This code is loosely based on XParseGeometry from the X11 distribution. + */ + +-GLOBAL(boolean) ++GLOBAL(boolean) __attribute__((weak)) + jtransform_parse_crop_spec(jpeg_transform_info *info, const char *spec) + { + info->crop = FALSE; +@@ -1488,7 +1488,7 @@ trim_bottom_edge(jpeg_transform_info *info, JDIMENSION full_height) + * and transformation is not perfect. Otherwise returns TRUE. + */ + +-GLOBAL(boolean) ++GLOBAL(boolean) __attribute__((weak)) + jtransform_request_workspace(j_decompress_ptr srcinfo, + jpeg_transform_info *info) + { +@@ -2035,7 +2035,7 @@ adjust_exif_parameters(JOCTET *data, unsigned int length, JDIMENSION new_width, + * to jpeg_write_coefficients(). + */ + +-GLOBAL(jvirt_barray_ptr *) ++GLOBAL(jvirt_barray_ptr *) __attribute__((weak)) + jtransform_adjust_parameters(j_decompress_ptr srcinfo, j_compress_ptr dstinfo, + jvirt_barray_ptr *src_coef_arrays, + jpeg_transform_info *info) +@@ -2154,7 +2154,7 @@ jtransform_adjust_parameters(j_decompress_ptr srcinfo, j_compress_ptr dstinfo, + * Note that some transformations will modify the source data arrays! + */ + +-GLOBAL(void) ++GLOBAL(void) __attribute__((weak)) + jtransform_execute_transform(j_decompress_ptr srcinfo, j_compress_ptr dstinfo, + jvirt_barray_ptr *src_coef_arrays, + jpeg_transform_info *info) +@@ -2266,7 +2266,7 @@ jtransform_execute_transform(j_decompress_ptr srcinfo, j_compress_ptr dstinfo, + * (may use custom action then) + */ + +-GLOBAL(boolean) ++GLOBAL(boolean) __attribute__((weak)) + jtransform_perfect_transform(JDIMENSION image_width, JDIMENSION image_height, + int MCU_width, int MCU_height, + JXFORM_CODE transform) +@@ -2305,7 +2305,7 @@ jtransform_perfect_transform(JDIMENSION image_width, JDIMENSION image_height, + * This must be called before jpeg_read_header() to have the desired effect. + */ + +-GLOBAL(void) ++GLOBAL(void) __attribute__((weak)) + jcopy_markers_setup(j_decompress_ptr srcinfo, JCOPY_OPTION option) + { + #ifdef SAVE_MARKERS_SUPPORTED +@@ -2337,7 +2337,7 @@ jcopy_markers_setup(j_decompress_ptr srcinfo, JCOPY_OPTION option) + * JFIF APP0 or Adobe APP14 markers if selected. + */ + +-GLOBAL(void) ++GLOBAL(void) __attribute__((weak)) + jcopy_markers_execute(j_decompress_ptr srcinfo, j_compress_ptr dstinfo, + JCOPY_OPTION option) + { +-- +2.43.0 + diff --git a/pkgs/development/libraries/libjpeg-turbo/default.nix b/pkgs/development/libraries/libjpeg-turbo/default.nix index 711f05779e85..a34a60b11bf1 100644 --- a/pkgs/development/libraries/libjpeg-turbo/default.nix +++ b/pkgs/development/libraries/libjpeg-turbo/default.nix @@ -1,6 +1,7 @@ { lib , stdenv , fetchFromGitHub +, fetchpatch , cmake , nasm , openjdk @@ -32,19 +33,29 @@ assert !(enableJpeg7 && enableJpeg8); # pick only one or none, not both stdenv.mkDerivation (finalAttrs: { pname = "libjpeg-turbo"; - version = "2.1.5.1"; + version = "3.0.2"; src = fetchFromGitHub { owner = "libjpeg-turbo"; repo = "libjpeg-turbo"; rev = finalAttrs.version; - sha256 = "sha256-96SBBZp+/4WkXLvHKSPItNi5WuzdVccI/ZcbJOFjYYk="; + hash = "sha256-xHjd0WHN50b75wdWPHUwfmJGsiWKmj+zA59UwakIo74="; }; - # This is needed by freeimage - patches = [ ./0001-Compile-transupp.c-as-part-of-the-library.patch ] - ++ lib.optional stdenv.hostPlatform.isMinGW - ./mingw-boolean.patch; + patches = [ + (fetchpatch { + name = "CMAKE_CROSSCOMPILING_EMULATOR=env-fix.patch"; + url = "https://github.com/libjpeg-turbo/libjpeg-turbo/compare/36c51dd3eb60ebde3ca77d3cfa7df3422f1aaaf1..b6ee1016abbc55116304ad396cf88aa19391e10a.patch"; + hash = "sha256-dNwXicvZEsG02TBaM5nYMlZ+VczT/Dfx6ZM/6huZpwE="; + }) + + # This is needed by freeimage + ./0001-Compile-transupp.c-as-part-of-the-library.patch + ] ++ lib.optionals (!stdenv.hostPlatform.isMinGW) [ + ./0002-Make-exported-symbols-in-transupp.c-weak.patch + ] ++ lib.optionals stdenv.hostPlatform.isMinGW [ + ./mingw-boolean.patch + ]; outputs = [ "bin" "dev" "dev_private" "out" "man" "doc" ]; diff --git a/pkgs/development/libraries/libjxl/default.nix b/pkgs/development/libraries/libjxl/default.nix index 8454f3e1e83b..833b58e59428 100644 --- a/pkgs/development/libraries/libjxl/default.nix +++ b/pkgs/development/libraries/libjxl/default.nix @@ -1,5 +1,4 @@ { stdenv, lib, fetchFromGitHub -, fetchpatch , brotli , cmake , giflib @@ -12,7 +11,6 @@ , openexr_3 , pkg-config , zlib -, buildDocs ? true , asciidoc , graphviz , doxygen @@ -21,7 +19,7 @@ stdenv.mkDerivation rec { pname = "libjxl"; - version = "0.8.2"; + version = "0.9.1"; outputs = [ "out" "dev" ]; @@ -29,31 +27,21 @@ stdenv.mkDerivation rec { owner = "libjxl"; repo = "libjxl"; rev = "v${version}"; - hash = "sha256-I3PGgh0XqRkCFz7lUZ3Q4eU0+0GwaQcVb6t4Pru1kKo="; + hash = "sha256-n5KNbbw6NQRROEM7Cojla/igRCFNawUq7nfhzJlMlPI="; # There are various submodules in `third_party/`. fetchSubmodules = true; }; - patches = [ - # Add missing <atomic> content to fix gcc compilation for RISCV architecture - # https://github.com/libjxl/libjxl/pull/2211 - (fetchpatch { - url = "https://github.com/libjxl/libjxl/commit/22d12d74e7bc56b09cfb1973aa89ec8d714fa3fc.patch"; - hash = "sha256-X4fbYTMS+kHfZRbeGzSdBW5jQKw8UN44FEyFRUtw0qo="; - }) - ]; - nativeBuildInputs = [ cmake gtest pkg-config - ] ++ lib.optionals buildDocs [ asciidoc doxygen python3 ]; - depsBuildBuild = lib.optionals buildDocs [ + depsBuildBuild = [ graphviz ]; diff --git a/pkgs/development/libraries/libmaxminddb/default.nix b/pkgs/development/libraries/libmaxminddb/default.nix index db794925504a..1651d36710e6 100644 --- a/pkgs/development/libraries/libmaxminddb/default.nix +++ b/pkgs/development/libraries/libmaxminddb/default.nix @@ -2,11 +2,11 @@ stdenv.mkDerivation rec { pname = "libmaxminddb"; - version = "1.7.1"; + version = "1.9.1"; src = fetchurl { url = meta.homepage + "/releases/download/${version}/${pname}-${version}.tar.gz"; - sha256 = "sha256-6EFPDe3Oy8H2wxy2XNgWUJUqsGd6TYxJyrYDs7j7CD4="; + sha256 = "sha256-qAaCqJ2RX99gs10xYjL7BOvzb/8n/am9Of6KONPNPxI="; }; meta = with lib; { diff --git a/pkgs/development/libraries/libplacebo/default.nix b/pkgs/development/libraries/libplacebo/default.nix index cad556ee7a7e..558acc4bbbeb 100644 --- a/pkgs/development/libraries/libplacebo/default.nix +++ b/pkgs/development/libraries/libplacebo/default.nix @@ -19,14 +19,14 @@ stdenv.mkDerivation rec { pname = "libplacebo"; - version = "6.338.1"; + version = "6.338.2"; src = fetchFromGitLab { domain = "code.videolan.org"; owner = "videolan"; repo = pname; rev = "v${version}"; - hash = "sha256-NZmwR3+lIC2PF+k+kqCjoMYkMM/PKOJmDwAq7t6YONY="; + hash = "sha256-gE6yKnFvsOFh8bFYc7b+bS+zmdDU7jucr0HwhdDeFzU="; }; nativeBuildInputs = [ diff --git a/pkgs/development/libraries/libpsl/default.nix b/pkgs/development/libraries/libpsl/default.nix index 2af41e7785ae..3d0a3f208714 100644 --- a/pkgs/development/libraries/libpsl/default.nix +++ b/pkgs/development/libraries/libpsl/default.nix @@ -14,22 +14,13 @@ , publicsuffix-list }: -let - enableValgrindTests = !stdenv.isDarwin && lib.meta.availableOn stdenv.hostPlatform valgrind - # Apparently valgrind doesn't support some new ARM features on (some) Hydra machines: - # VEX: Mismatch detected between RDMA and atomics features. - && !stdenv.isAarch64 - # Valgrind on musl does not hook malloc calls properly, resulting in errors `Invalid free() / delete / delete[] / realloc()` - # https://bugs.kde.org/show_bug.cgi?id=435441 - && !stdenv.hostPlatform.isMusl - ; -in stdenv.mkDerivation rec { +stdenv.mkDerivation rec { pname = "libpsl"; - version = "0.21.2"; + version = "0.21.5"; src = fetchurl { url = "https://github.com/rockdaboot/libpsl/releases/download/${version}/libpsl-${version}.tar.lz"; - sha256 = "sha256-qj1wbEUnhtE0XglNriAc022B8Dz4HWNtXPwQ02WQfxc="; + hash = "sha256-mp9qjG7bplDPnqVUdc0XLdKEhzFoBOnHMgLZdXLNOi0="; }; nativeBuildInputs = [ @@ -41,8 +32,6 @@ in stdenv.mkDerivation rec { pkg-config python3 libxslt - ] ++ lib.optionals enableValgrindTests [ - valgrind ]; buildInputs = [ @@ -69,8 +58,6 @@ in stdenv.mkDerivation rec { "--with-psl-distfile=${publicsuffix-list}/share/publicsuffix/public_suffix_list.dat" "--with-psl-file=${publicsuffix-list}/share/publicsuffix/public_suffix_list.dat" "--with-psl-testfile=${publicsuffix-list}/share/publicsuffix/test_psl.txt" - ] ++ lib.optionals enableValgrindTests [ - "--enable-valgrind-tests" ]; enableParallelBuilding = true; diff --git a/pkgs/development/libraries/libusb1/default.nix b/pkgs/development/libraries/libusb1/default.nix index 57ceb5b444df..910368954617 100644 --- a/pkgs/development/libraries/libusb1/default.nix +++ b/pkgs/development/libraries/libusb1/default.nix @@ -15,13 +15,13 @@ stdenv.mkDerivation rec { pname = "libusb"; - version = "1.0.26"; + version = "1.0.27"; src = fetchFromGitHub { owner = "libusb"; repo = "libusb"; rev = "v${version}"; - sha256 = "sha256-LEy45YiFbueCCi8d2hguujMsxBezaTUERHUpFsTKGZQ="; + sha256 = "sha256-OtzYxWwiba0jRK9X+4deWWDDTeZWlysEt0qMyGUarDo="; }; outputs = [ "out" "dev" ]; diff --git a/pkgs/development/libraries/libuv/default.nix b/pkgs/development/libraries/libuv/default.nix index 9381f370754c..a150bddc626d 100644 --- a/pkgs/development/libraries/libuv/default.nix +++ b/pkgs/development/libraries/libuv/default.nix @@ -69,6 +69,9 @@ stdenv.mkDerivation (finalAttrs: { "fs_event_watch_dir_recursive" "fs_event_watch_file" "fs_event_watch_file_current_dir" "fs_event_watch_file_exact_path" "process_priority" "udp_create_early_bad_bind" + ] ++ lib.optionals (stdenv.isDarwin && stdenv.isx86_64) [ + # fail on macos < 10.15 (starting in libuv 1.47.0) + "fs_write_alotof_bufs_with_offset" "fs_write_multiple_bufs" "fs_read_bufs" ] ++ lib.optionals stdenv.isAarch32 [ # I observe this test failing with some regularity on ARMv7: # https://github.com/libuv/libuv/issues/1871 diff --git a/pkgs/development/libraries/libvpx/default.nix b/pkgs/development/libraries/libvpx/default.nix index eb5b320b317b..dda6b13c1bf6 100644 --- a/pkgs/development/libraries/libvpx/default.nix +++ b/pkgs/development/libraries/libvpx/default.nix @@ -75,13 +75,13 @@ assert isCygwin -> unitTestsSupport && webmIOSupport && libyuvSupport; stdenv.mkDerivation rec { pname = "libvpx"; - version = "1.13.1"; + version = "1.14.0"; src = fetchFromGitHub { owner = "webmproject"; repo = pname; rev = "v${version}"; - hash = "sha256-KTbzZ5/qCH+bCvatYZhFiWcT+L2duD40E2w/BUaRorQ="; + hash = "sha256-duU1exUg7JiKCtZfNxyb/y40hxsXeTIMShf9YounTWA="; }; postPatch = '' diff --git a/pkgs/development/libraries/libwpe/default.nix b/pkgs/development/libraries/libwpe/default.nix index 408d082a00de..9978082fc60e 100644 --- a/pkgs/development/libraries/libwpe/default.nix +++ b/pkgs/development/libraries/libwpe/default.nix @@ -12,11 +12,11 @@ stdenv.mkDerivation rec { pname = "libwpe"; - version = "1.14.1"; + version = "1.14.2"; src = fetchurl { url = "https://wpewebkit.org/releases/libwpe-${version}.tar.xz"; - sha256 = "sha256-sdDNzw+Nu0lOZbD3kT41cQbamg1X9Pu3udEjim2+mt4="; + sha256 = "sha256-iuOAIsUMs0DJb9vuEhfx5Gq1f7wci6mBQlZau+2+Iu8="; }; nativeBuildInputs = [ diff --git a/pkgs/development/libraries/libxml2/default.nix b/pkgs/development/libraries/libxml2/default.nix index d06c45e81990..ce7e51c04f48 100644 --- a/pkgs/development/libraries/libxml2/default.nix +++ b/pkgs/development/libraries/libxml2/default.nix @@ -1,7 +1,6 @@ { stdenv , lib , fetchurl -, fetchFromGitLab , zlib , pkg-config , autoreconfHook @@ -35,19 +34,16 @@ in let libxml = stdenv.mkDerivation rec { pname = "libxml2"; - version = "2.12.3-unstable-2023-12-14"; + version = "2.12.4"; outputs = [ "bin" "dev" "out" "doc" ] ++ lib.optional pythonSupport "py" ++ lib.optional (enableStatic && enableShared) "static"; outputMan = "bin"; - src = fetchFromGitLab { - domain = "gitlab.gnome.org"; - owner = "GNOME"; - repo = "libxml2"; - rev = "f006355eda722cae204606b9f95ba51f5ce9189b"; - hash = "sha256-3WE90KDZq4Uaawuulc3t2+R8duCqgjEGUDN4HSXxohY="; + src = fetchurl { + url = "mirror://gnome/sources/libxml2/${lib.versions.majorMinor version}/libxml2-${version}.tar.xz"; + hash = "sha256-SXNg5CPPC9merNt8YhXeqS5tbonulAOTwrrg53y5t9A="; }; strictDeps = true; diff --git a/pkgs/development/libraries/lmdb/default.nix b/pkgs/development/libraries/lmdb/default.nix index 99296b63a727..8c65d02bf565 100644 --- a/pkgs/development/libraries/lmdb/default.nix +++ b/pkgs/development/libraries/lmdb/default.nix @@ -2,14 +2,14 @@ stdenv.mkDerivation rec { pname = "lmdb"; - version = "0.9.31"; + version = "0.9.32"; src = fetchFromGitLab { domain = "git.openldap.org"; owner = "openldap"; repo = "openldap"; rev = "LMDB_${version}"; - sha256 = "sha256-SBbo7MX3NST+OFPDtQshevIYrIsZD9bOkSsH91inMBw="; + sha256 = "sha256-29ZrGIiGqrvX+WsPRs2V25hPmAJSHTHaGo19nMldsb8="; }; postUnpack = "sourceRoot=\${sourceRoot}/libraries/liblmdb"; @@ -66,6 +66,7 @@ stdenv.mkDerivation rec { limited to the size of the virtual address space. ''; homepage = "https://symas.com/lmdb/"; + changelog = "https://git.openldap.org/openldap/openldap/-/blob/LMDB_${version}/libraries/liblmdb/CHANGES"; maintainers = with maintainers; [ jb55 vcunat ]; license = licenses.openldap; platforms = platforms.all; diff --git a/pkgs/development/libraries/mesa/default.nix b/pkgs/development/libraries/mesa/default.nix index 970081741b14..38b73f56cab6 100644 --- a/pkgs/development/libraries/mesa/default.nix +++ b/pkgs/development/libraries/mesa/default.nix @@ -86,8 +86,8 @@ */ let - version = "23.3.3"; - hash = "sha256-UYMHwAV/o87otY33i+Qx1N9ar6ftxg0JJ4stegqA87Q="; + version = "23.3.5"; + hash = "sha256-acyxJ4ZB/1utccoPhmGIrrGpKq3E27nTX1CuvsW4tQ8="; # Release calendar: https://www.mesa3d.org/release-calendar.html # Release frequency: https://www.mesa3d.org/releasing.html#schedule @@ -121,7 +121,6 @@ self = stdenv.mkDerivation { ./musl.patch ./opencl.patch - ./disk_cache-include-dri-driver-path-in-cache-key.patch # Backports to fix build # FIXME: remove when applied upstream @@ -170,7 +169,6 @@ self = stdenv.mkDerivation { # https://gitlab.freedesktop.org/mesa/mesa/blob/master/docs/meson.html#L327 "-Db_ndebug=true" - "-Ddisk-cache-key=${placeholder "drivers"}" "-Ddri-search-path=${libglvnd.driverLink}/lib/dri" "-Dplatforms=${lib.concatStringsSep "," eglPlatforms}" @@ -316,8 +314,9 @@ self = stdenv.mkDerivation { postFixup = lib.optionalString stdenv.isLinux '' # set the default search path for DRI drivers; used e.g. by X server - substituteInPlace "$dev/lib/pkgconfig/dri.pc" --replace "$drivers" "${libglvnd.driverLink}" - [ -f "$dev/lib/pkgconfig/d3d.pc" ] && substituteInPlace "$dev/lib/pkgconfig/d3d.pc" --replace "$drivers" "${libglvnd.driverLink}" + for pc in lib/pkgconfig/{dri,d3d}.pc; do + [ -f "$dev/$pc" ] && substituteInPlace "$dev/$pc" --replace "$drivers" "${libglvnd.driverLink}" + done # remove pkgconfig files for GL/EGL; they are provided by libGL. rm -f $dev/lib/pkgconfig/{gl,egl}.pc diff --git a/pkgs/development/libraries/mesa/disk_cache-include-dri-driver-path-in-cache-key.patch b/pkgs/development/libraries/mesa/disk_cache-include-dri-driver-path-in-cache-key.patch deleted file mode 100644 index 05f5ec7b6a03..000000000000 --- a/pkgs/development/libraries/mesa/disk_cache-include-dri-driver-path-in-cache-key.patch +++ /dev/null @@ -1,59 +0,0 @@ -diff --git a/meson_options.txt b/meson_options.txt -index 591ed957c85..6cb550593e3 100644 ---- a/meson_options.txt -+++ b/meson_options.txt -@@ -519,6 +519,13 @@ option( - description : 'Enable direct rendering in GLX and EGL for DRI', - ) - -+option( -+ 'disk-cache-key', -+ type : 'string', -+ value : '', -+ description : 'Mesa cache key.' -+) -+ - option('egl-lib-suffix', - type : 'string', - value : '', -diff --git a/src/util/disk_cache.c b/src/util/disk_cache.c -index 1d23b92af7e..fbb4b04f3cf 100644 ---- a/src/util/disk_cache.c -+++ b/src/util/disk_cache.c -@@ -218,8 +218,10 @@ disk_cache_type_create(const char *gpu_name, - - /* Create driver id keys */ - size_t id_size = strlen(driver_id) + 1; -+ size_t key_size = strlen(DISK_CACHE_KEY) + 1; - size_t gpu_name_size = strlen(gpu_name) + 1; - cache->driver_keys_blob_size += id_size; -+ cache->driver_keys_blob_size += key_size; - cache->driver_keys_blob_size += gpu_name_size; - - /* We sometimes store entire structs that contains a pointers in the cache, -@@ -240,6 +242,7 @@ disk_cache_type_create(const char *gpu_name, - uint8_t *drv_key_blob = cache->driver_keys_blob; - DRV_KEY_CPY(drv_key_blob, &cache_version, cv_size) - DRV_KEY_CPY(drv_key_blob, driver_id, id_size) -+ DRV_KEY_CPY(drv_key_blob, DISK_CACHE_KEY, key_size) - DRV_KEY_CPY(drv_key_blob, gpu_name, gpu_name_size) - DRV_KEY_CPY(drv_key_blob, &ptr_size, ptr_size_size) - DRV_KEY_CPY(drv_key_blob, &driver_flags, driver_flags_size) -diff --git a/src/util/meson.build b/src/util/meson.build -index eb88f235c47..eae5c54cc10 100644 ---- a/src/util/meson.build -+++ b/src/util/meson.build -@@ -286,7 +286,12 @@ _libmesa_util = static_library( - include_directories : [inc_util, include_directories('format')], - dependencies : deps_for_libmesa_util, - link_with: [libmesa_util_sse41], -- c_args : [c_msvc_compat_args], -+ c_args : [ -+ c_msvc_compat_args, -+ '-DDISK_CACHE_KEY="@0@"'.format( -+ get_option('disk-cache-key') -+ ), -+ ], - gnu_symbol_visibility : 'hidden', - build_by_default : false - ) diff --git a/pkgs/development/libraries/minizip/default.nix b/pkgs/development/libraries/minizip/default.nix index 74493a06b526..586dd113f1d1 100644 --- a/pkgs/development/libraries/minizip/default.nix +++ b/pkgs/development/libraries/minizip/default.nix @@ -4,14 +4,6 @@ stdenv.mkDerivation { pname = "minizip"; inherit (zlib) src version; - patches = [ - (fetchpatch { - name = "CVE-2023-45853.patch"; - url = "https://github.com/madler/zlib/commit/73331a6a0481067628f065ffe87bb1d8f787d10c.patch"; - hash = "sha256-yayfe1g9HsvgMN28WF/MYkH7dGMX4PsK53FcnfL3InM="; - }) - ]; - patchFlags = [ "-p3" ]; nativeBuildInputs = [ autoreconfHook ]; diff --git a/pkgs/development/libraries/mpdecimal/default.nix b/pkgs/development/libraries/mpdecimal/default.nix index 514c61ffcb0c..3a2e4b1fe7d0 100644 --- a/pkgs/development/libraries/mpdecimal/default.nix +++ b/pkgs/development/libraries/mpdecimal/default.nix @@ -2,12 +2,12 @@ stdenv.mkDerivation rec { pname = "mpdecimal"; - version = "4.0.0"; + version = "2.5.1"; outputs = [ "out" "cxx" "doc" "dev" ]; src = fetchurl { url = "https://www.bytereef.org/software/mpdecimal/releases/mpdecimal-${version}.tar.gz"; - hash = "sha256-lCRFwyRbInMP1Bpnp8XCMdEcsbmTa5wPdjNPt9C0Row="; + hash = "sha256-n5zUwEH5m1xJ/7e1nZ8S2VtoPYhYVgiqVqYwdmeysh8="; }; configureFlags = [ "LD=${stdenv.cc.targetPrefix}cc" ]; diff --git a/pkgs/development/libraries/nghttp2/default.nix b/pkgs/development/libraries/nghttp2/default.nix index b208607f7b1b..f4ae615b6e94 100644 --- a/pkgs/development/libraries/nghttp2/default.nix +++ b/pkgs/development/libraries/nghttp2/default.nix @@ -32,11 +32,11 @@ assert enableJemalloc -> enableApp; stdenv.mkDerivation rec { pname = "nghttp2"; - version = "1.57.0"; + version = "1.59.0"; src = fetchurl { url = "https://github.com/${pname}/${pname}/releases/download/v${version}/${pname}-${version}.tar.bz2"; - sha256 = "sha256-xjdnfLrESU6q+LDgOGFzFGhFgw76/+To3JL7O0KOWtI="; + sha256 = "sha256-A1P8u6ENKl9304ouSS5eZ3tjexdxI0WkcyXDw1+0d/g="; }; outputs = [ "out" "dev" "lib" "doc" "man" ]; diff --git a/pkgs/development/libraries/opencv/4.x.nix b/pkgs/development/libraries/opencv/4.x.nix index 48cc2adc6c75..7bb2649ff894 100644 --- a/pkgs/development/libraries/opencv/4.x.nix +++ b/pkgs/development/libraries/opencv/4.x.nix @@ -233,7 +233,7 @@ let printEnabled = enabled: if enabled then "ON" else "OFF"; withOpenblas = (enableBlas && blas.provider.pname == "openblas"); #multithreaded openblas conflicts with opencv multithreading, which manifest itself in hung tests - #https://github.com/xianyi/OpenBLAS/wiki/Faq/4bded95e8dc8aadc70ce65267d1093ca7bdefc4c#multi-threaded + #https://github.com/OpenMathLib/OpenBLAS/wiki/Faq/4bded95e8dc8aadc70ce65267d1093ca7bdefc4c#multi-threaded openblas_ = blas.provider.override { singleThreaded = true; }; inherit (cudaPackages) cudaFlags cudaVersion; diff --git a/pkgs/development/libraries/openldap/default.nix b/pkgs/development/libraries/openldap/default.nix index d04690948041..aa04ff683bfd 100644 --- a/pkgs/development/libraries/openldap/default.nix +++ b/pkgs/development/libraries/openldap/default.nix @@ -17,11 +17,11 @@ stdenv.mkDerivation rec { pname = "openldap"; - version = "2.6.6"; + version = "2.6.7"; src = fetchurl { url = "https://www.openldap.org/software/download/OpenLDAP/openldap-release/${pname}-${version}.tgz"; - hash = "sha256-CC6ZjPVCmE1DY0RC2+EdqGB1nlEJBxUupXm9xC/jnqA="; + hash = "sha256-zXdfYlyUTteKPaGKA7A7CO6nPIqryXtBuzNumhCVSTA="; }; # TODO: separate "out" and "bin" @@ -99,6 +99,11 @@ stdenv.mkDerivation rec { # skip flaky tests rm -f tests/scripts/test063-delta-multiprovider + + # https://bugs.openldap.org/show_bug.cgi?id=10009 + # can probably be re-added once https://github.com/cyrusimap/cyrus-sasl/pull/772 + # has made it to a release + rm -f tests/scripts/test076-authid-rewrite ''; doCheck = true; diff --git a/pkgs/development/libraries/openssl/default.nix b/pkgs/development/libraries/openssl/default.nix index c7234c3da81e..7af5085410f7 100644 --- a/pkgs/development/libraries/openssl/default.nix +++ b/pkgs/development/libraries/openssl/default.nix @@ -264,8 +264,8 @@ in { }; openssl_3 = common { - version = "3.0.12"; - hash = "sha256-+Tyejt3l6RZhGd4xdV/Ie0qjSGNmL2fd/LoU0La2m2E="; + version = "3.0.13"; + hash = "sha256-iFJXU/edO+wn0vp8ZqoLkrOqlJja/ZPXz6SzeAza4xM="; patches = [ ./3.0/nix-ssl-cert-file.patch @@ -287,8 +287,8 @@ in { }; openssl_3_2 = common { - version = "3.2.0"; - hash = "sha256-FMgm8Hx+QzcG+1xp+p4l2rlWhIRLTJYqLPG/GD60aQ4="; + version = "3.2.1"; + hash = "sha256-g8cyn+UshQZ3115dCwyiRTCbl+jsvP3B39xKufrDWzk="; patches = [ ./3.0/nix-ssl-cert-file.patch diff --git a/pkgs/development/libraries/p11-kit/default.nix b/pkgs/development/libraries/p11-kit/default.nix index 6127b83813c7..ab9bfcbc1d97 100644 --- a/pkgs/development/libraries/p11-kit/default.nix +++ b/pkgs/development/libraries/p11-kit/default.nix @@ -73,6 +73,13 @@ stdenv.mkDerivation rec { --replace 'install_dir: prefix / p11_system_config' "install_dir: '$out/etc/pkcs11'" ''; + preCheck = '' + # Tests run in fakeroot for non-root users (with Nix single-user install) + if [ "$(id -u)" != "0" ]; then + export FAKED_MODE=1 + fi + ''; + meta = with lib; { description = "Library for loading and sharing PKCS#11 modules"; longDescription = '' diff --git a/pkgs/development/libraries/pipewire/default.nix b/pkgs/development/libraries/pipewire/default.nix index 0d1e3b03a09a..4cfcf9b3a6d8 100644 --- a/pkgs/development/libraries/pipewire/default.nix +++ b/pkgs/development/libraries/pipewire/default.nix @@ -1,8 +1,6 @@ { stdenv , lib -, buildPackages , fetchFromGitLab -, fetchpatch , python3 , meson , ninja @@ -28,7 +26,6 @@ , readline # meson can't find <7 as those versions don't have a .pc file , lilv , makeFontsConf -, callPackage , nixosTests , withValgrind ? lib.meta.availableOn stdenv.hostPlatform valgrind , valgrind @@ -76,147 +73,141 @@ # Bluetooth codec only makes sense if general bluetooth enabled assert ldacbtSupport -> bluezSupport; -let - mesonEnableFeature = b: if b then "enabled" else "disabled"; - - self = stdenv.mkDerivation rec { - pname = "pipewire"; - version = "1.0.1"; - - outputs = [ - "out" - "jack" - "dev" - "doc" - "man" - "installedTests" - ]; - - src = fetchFromGitLab { - domain = "gitlab.freedesktop.org"; - owner = "pipewire"; - repo = "pipewire"; - rev = version; - sha256 = "sha256-rvf0sZRgDDLcqroLg7hcMUqXD/4JT+3lBRX6/m+3Ry8="; - }; - - patches = [ - # Load libjack from a known location - ./0060-libjack-path.patch - # Move installed tests into their own output. - ./0070-installed-tests-path.patch - ]; - - strictDeps = true; - nativeBuildInputs = [ - docutils - doxygen - graphviz - meson - ninja - pkg-config - python3 - glib - ]; - - buildInputs = [ - alsa-lib - dbus - glib - libjack2 - libusb1 - libselinux - libsndfile - lilv - ncurses - readline - udev - vulkan-headers - vulkan-loader - tinycompress - ] ++ (if enableSystemd then [ systemd ] else [ eudev ]) - ++ (if lib.meta.availableOn stdenv.hostPlatform webrtc-audio-processing_1 then [ webrtc-audio-processing_1 ] else [ webrtc-audio-processing ]) - ++ lib.optionals gstreamerSupport [ gst_all_1.gst-plugins-base gst_all_1.gstreamer ] - ++ lib.optionals libcameraSupport [ libcamera libdrm ] - ++ lib.optional ffmpegSupport ffmpeg - ++ lib.optionals bluezSupport [ bluez libfreeaptx liblc3 sbc fdk_aac libopus ] - ++ lib.optional ldacbtSupport ldacbt - ++ lib.optional nativeModemManagerSupport modemmanager - ++ lib.optional pulseTunnelSupport libpulseaudio - ++ lib.optional zeroconfSupport avahi - ++ lib.optional raopSupport openssl - ++ lib.optional rocSupport roc-toolkit - ++ lib.optionals x11Support [ libcanberra xorg.libX11 xorg.libXfixes ] - ++ lib.optional mysofaSupport libmysofa - ++ lib.optional ffadoSupport ffado; - - # Valgrind binary is required for running one optional test. - nativeCheckInputs = lib.optional withValgrind valgrind; - - mesonFlags = [ - "-Ddocs=enabled" - "-Dudevrulesdir=lib/udev/rules.d" - "-Dinstalled_tests=enabled" - "-Dinstalled_test_prefix=${placeholder "installedTests"}" - "-Dlibjack-path=${placeholder "jack"}/lib" - "-Dlibcamera=${mesonEnableFeature libcameraSupport}" - "-Dlibffado=${mesonEnableFeature ffadoSupport}" - "-Droc=${mesonEnableFeature rocSupport}" - "-Dlibpulse=${mesonEnableFeature pulseTunnelSupport}" - "-Davahi=${mesonEnableFeature zeroconfSupport}" - "-Dgstreamer=${mesonEnableFeature gstreamerSupport}" - "-Dsystemd-system-service=${mesonEnableFeature enableSystemd}" - "-Dudev=${mesonEnableFeature (!enableSystemd)}" - "-Dffmpeg=${mesonEnableFeature ffmpegSupport}" - "-Dbluez5=${mesonEnableFeature bluezSupport}" - "-Dbluez5-backend-hsp-native=${mesonEnableFeature nativeHspSupport}" - "-Dbluez5-backend-hfp-native=${mesonEnableFeature nativeHfpSupport}" - "-Dbluez5-backend-native-mm=${mesonEnableFeature nativeModemManagerSupport}" - "-Dbluez5-backend-ofono=${mesonEnableFeature ofonoSupport}" - "-Dbluez5-backend-hsphfpd=${mesonEnableFeature hsphfpdSupport}" - # source code is not easily obtainable - "-Dbluez5-codec-lc3plus=disabled" - "-Dbluez5-codec-lc3=${mesonEnableFeature bluezSupport}" - "-Dbluez5-codec-ldac=${mesonEnableFeature ldacbtSupport}" - "-Dsysconfdir=/etc" - "-Draop=${mesonEnableFeature raopSupport}" - "-Dsession-managers=" - "-Dvulkan=enabled" - "-Dx11=${mesonEnableFeature x11Support}" - "-Dx11-xfixes=${mesonEnableFeature x11Support}" - "-Dlibcanberra=${mesonEnableFeature x11Support}" - "-Dlibmysofa=${mesonEnableFeature mysofaSupport}" - "-Dsdl2=disabled" # required only to build examples, causes dependency loop - "-Drlimits-install=false" # installs to /etc, we won't use this anyway - "-Dcompress-offload=enabled" - "-Dman=enabled" - ]; - - # Fontconfig error: Cannot load default config file - FONTCONFIG_FILE = makeFontsConf { fontDirectories = [ ]; }; - - doCheck = true; - - postUnpack = '' - patchShebangs source/doc/*.py - patchShebangs source/doc/input-filter-h.sh - ''; - - postInstall = '' - moveToOutput "bin/pw-jack" "$jack" - ''; - - passthru.tests.installed-tests = nixosTests.installed-tests.pipewire; - - meta = with lib; { - description = "Server and user space API to deal with multimedia pipelines"; - changelog = "https://gitlab.freedesktop.org/pipewire/pipewire/-/releases/${version}"; - homepage = "https://pipewire.org/"; - license = licenses.mit; - platforms = platforms.linux; - maintainers = with maintainers; [ kranzes k900 ]; - }; +stdenv.mkDerivation(finalAttrs: { + pname = "pipewire"; + version = "1.0.3"; + + outputs = [ + "out" + "jack" + "dev" + "doc" + "man" + "installedTests" + ]; + + src = fetchFromGitLab { + domain = "gitlab.freedesktop.org"; + owner = "pipewire"; + repo = "pipewire"; + rev = finalAttrs.version; + sha256 = "sha256-QVw7Q+RNo8BBy/uxoZeSQQn/vQcIl1bOiA9fYMR0+oI="; }; -in -self + patches = [ + # Load libjack from a known location + ./0060-libjack-path.patch + # Move installed tests into their own output. + ./0070-installed-tests-path.patch + ]; + + strictDeps = true; + nativeBuildInputs = [ + docutils + doxygen + graphviz + meson + ninja + pkg-config + python3 + glib + ]; + + buildInputs = [ + alsa-lib + dbus + glib + libjack2 + libusb1 + libselinux + libsndfile + lilv + ncurses + readline + udev + vulkan-headers + vulkan-loader + tinycompress + ] ++ (if enableSystemd then [ systemd ] else [ eudev ]) + ++ (if lib.meta.availableOn stdenv.hostPlatform webrtc-audio-processing_1 then [ webrtc-audio-processing_1 ] else [ webrtc-audio-processing ]) + ++ lib.optionals gstreamerSupport [ gst_all_1.gst-plugins-base gst_all_1.gstreamer ] + ++ lib.optionals libcameraSupport [ libcamera libdrm ] + ++ lib.optional ffmpegSupport ffmpeg + ++ lib.optionals bluezSupport [ bluez libfreeaptx liblc3 sbc fdk_aac libopus ] + ++ lib.optional ldacbtSupport ldacbt + ++ lib.optional nativeModemManagerSupport modemmanager + ++ lib.optional pulseTunnelSupport libpulseaudio + ++ lib.optional zeroconfSupport avahi + ++ lib.optional raopSupport openssl + ++ lib.optional rocSupport roc-toolkit + ++ lib.optionals x11Support [ libcanberra xorg.libX11 xorg.libXfixes ] + ++ lib.optional mysofaSupport libmysofa + ++ lib.optional ffadoSupport ffado; + + # Valgrind binary is required for running one optional test. + nativeCheckInputs = lib.optional withValgrind valgrind; + + mesonFlags = [ + (lib.mesonEnable "docs" true) + (lib.mesonOption "udevrulesdir" "lib/udev/rules.d") + (lib.mesonEnable "installed_tests" true) + (lib.mesonOption "installed_test_prefix" (placeholder "installedTests")) + (lib.mesonOption "libjack-path" "${placeholder "jack"}/lib") + (lib.mesonEnable "libcamera" libcameraSupport) + (lib.mesonEnable "libffado" ffadoSupport) + (lib.mesonEnable "roc" rocSupport) + (lib.mesonEnable "libpulse" pulseTunnelSupport) + (lib.mesonEnable "avahi" zeroconfSupport) + (lib.mesonEnable "gstreamer" gstreamerSupport) + (lib.mesonEnable "systemd-system-service" enableSystemd) + (lib.mesonEnable "udev" (!enableSystemd)) + (lib.mesonEnable "ffmpeg" ffmpegSupport) + (lib.mesonEnable "bluez5" bluezSupport) + (lib.mesonEnable "bluez5-backend-hsp-native" nativeHspSupport) + (lib.mesonEnable "bluez5-backend-hfp-native" nativeHfpSupport) + (lib.mesonEnable "bluez5-backend-native-mm" nativeModemManagerSupport) + (lib.mesonEnable "bluez5-backend-ofono" ofonoSupport) + (lib.mesonEnable "bluez5-backend-hsphfpd" hsphfpdSupport) + # source code is not easily obtainable + (lib.mesonEnable "bluez5-codec-lc3plus" false) + (lib.mesonEnable "bluez5-codec-lc3" bluezSupport) + (lib.mesonEnable "bluez5-codec-ldac" ldacbtSupport) + (lib.mesonOption "sysconfdir" "/etc") + (lib.mesonEnable "raop" raopSupport) + (lib.mesonOption "session-managers" "") + (lib.mesonEnable "vulkan" true) + (lib.mesonEnable "x11" x11Support) + (lib.mesonEnable "x11-xfixes" x11Support) + (lib.mesonEnable "libcanberra" x11Support) + (lib.mesonEnable "libmysofa" mysofaSupport) + (lib.mesonEnable "sdl2" false) # required only to build examples, causes dependency loop + (lib.mesonBool "rlimits-install" false) # installs to /etc, we won't use this anyway + (lib.mesonEnable "compress-offload" true) + (lib.mesonEnable "man" true) + ]; + + # Fontconfig error: Cannot load default config file + FONTCONFIG_FILE = makeFontsConf { fontDirectories = [ ]; }; + + doCheck = true; + + postUnpack = '' + patchShebangs source/doc/*.py + patchShebangs source/doc/input-filter-h.sh + ''; + + postInstall = '' + moveToOutput "bin/pw-jack" "$jack" + ''; + + passthru.tests.installed-tests = nixosTests.installed-tests.pipewire; + + meta = with lib; { + description = "Server and user space API to deal with multimedia pipelines"; + changelog = "https://gitlab.freedesktop.org/pipewire/pipewire/-/releases/${version}"; + homepage = "https://pipewire.org/"; + license = licenses.mit; + platforms = platforms.linux; + maintainers = with maintainers; [ kranzes k900 ]; + }; +}) diff --git a/pkgs/development/libraries/pixman/default.nix b/pkgs/development/libraries/pixman/default.nix index 121bb03f4cac..1b5aaaaa06d4 100644 --- a/pkgs/development/libraries/pixman/default.nix +++ b/pkgs/development/libraries/pixman/default.nix @@ -20,14 +20,14 @@ stdenv.mkDerivation rec { pname = "pixman"; - version = "0.43.0"; + version = "0.43.2"; src = fetchurl { urls = [ "mirror://xorg/individual/lib/${pname}-${version}.tar.gz" "https://cairographics.org/releases/${pname}-${version}.tar.gz" ]; - hash = "sha256-plwoIJhY+xa+5Q2AnID5Co5BXA5P2DIQeKGCJ4WlVgo="; + hash = "sha256-6nkpflQY+1KNBGbotbkdG+iIV/o3BvSXd7KSWnKumSQ="; }; separateDebugInfo = !stdenv.hostPlatform.isStatic; diff --git a/pkgs/development/libraries/qca/default.nix b/pkgs/development/libraries/qca/default.nix index 6e2afe6f0deb..66cdfe28eb31 100644 --- a/pkgs/development/libraries/qca/default.nix +++ b/pkgs/development/libraries/qca/default.nix @@ -4,11 +4,11 @@ let isQt6 = lib.versions.major qtbase.version == "6"; in stdenv.mkDerivation rec { pname = "qca"; - version = "2.3.7"; + version = "2.3.8"; src = fetchurl { url = "mirror://kde/stable/qca/${version}/qca-${version}.tar.xz"; - sha256 = "sha256-/uI0O1RofVvj4w+zPOKW7lCseuXiPXq3JfY//fevP0M="; + sha256 = "sha256-SHWcqGoCAkYdkIumYTQ4DMO7fSD+08AxufwCiXlqgmQ="; }; buildInputs = [ openssl qtbase qt5compat ]; diff --git a/pkgs/development/libraries/qpdf/default.nix b/pkgs/development/libraries/qpdf/default.nix index 2cabf5022844..872faafdd1ff 100644 --- a/pkgs/development/libraries/qpdf/default.nix +++ b/pkgs/development/libraries/qpdf/default.nix @@ -2,13 +2,13 @@ stdenv.mkDerivation rec { pname = "qpdf"; - version = "11.6.3"; + version = "11.8.0"; src = fetchFromGitHub { owner = "qpdf"; repo = "qpdf"; rev = "v${version}"; - hash = "sha256-asGNZ/5iEkyIjRO9FECV1bN4k/YHv4/7I125BUr9+fE="; + hash = "sha256-EoFCRAWia8LAaLdoBW0ByndzIAjSvQ7bJFh0SZ/FKtY="; }; nativeBuildInputs = [ cmake perl ]; diff --git a/pkgs/development/libraries/qt-6/modules/qtwebengine.nix b/pkgs/development/libraries/qt-6/modules/qtwebengine.nix index 564c5c60eb51..068c04b4c89e 100644 --- a/pkgs/development/libraries/qt-6/modules/qtwebengine.nix +++ b/pkgs/development/libraries/qt-6/modules/qtwebengine.nix @@ -204,7 +204,7 @@ qtModule { ] ++ lib.optionals enableProprietaryCodecs [ "-DQT_FEATURE_webengine_proprietary_codecs=ON" ] ++ lib.optionals stdenv.isDarwin [ - "-DCMAKE_OSX_DEPLOYMENT_TARGET=${stdenv.targetPlatform.darwinSdkVersion}" + "-DCMAKE_OSX_DEPLOYMENT_TARGET=${stdenv.hostPlatform.darwinSdkVersion}" ]; propagatedBuildInputs = [ diff --git a/pkgs/development/libraries/s2n-tls/default.nix b/pkgs/development/libraries/s2n-tls/default.nix index 6c6fa1d6be95..9f68c243cf50 100644 --- a/pkgs/development/libraries/s2n-tls/default.nix +++ b/pkgs/development/libraries/s2n-tls/default.nix @@ -8,13 +8,13 @@ stdenv.mkDerivation rec { pname = "s2n-tls"; - version = "1.4.1"; + version = "1.4.3"; src = fetchFromGitHub { owner = "aws"; repo = pname; rev = "v${version}"; - hash = "sha256-Kq4jl/ss+Xf5/zv18QWuIyXZDyz8mk3av4mdRoQrvJY="; + hash = "sha256-E3Giiu8xiTCSAPkbxOaVL/LXZWjhAS1M/n//Pe5eOKg="; }; nativeBuildInputs = [ cmake ]; diff --git a/pkgs/development/libraries/science/math/openblas/default.nix b/pkgs/development/libraries/science/math/openblas/default.nix index c5b9f9019e06..7ecd6a88d13c 100644 --- a/pkgs/development/libraries/science/math/openblas/default.nix +++ b/pkgs/development/libraries/science/math/openblas/default.nix @@ -6,14 +6,14 @@ # Multi-threaded applications must not call a threaded OpenBLAS # (the only exception is when an application uses OpenMP as its # *only* form of multi-threading). See -# https://github.com/xianyi/OpenBLAS/wiki/Faq/4bded95e8dc8aadc70ce65267d1093ca7bdefc4c#multi-threaded -# https://github.com/xianyi/OpenBLAS/issues/2543 +# https://github.com/OpenMathLib/OpenBLAS/wiki/Faq/4bded95e8dc8aadc70ce65267d1093ca7bdefc4c#multi-threaded +# https://github.com/OpenMathLib/OpenBLAS/issues/2543 # This flag builds a single-threaded OpenBLAS using the flags # stated in thre. , singleThreaded ? false , buildPackages # Select a specific optimization target (other than the default) -# See https://github.com/xianyi/OpenBLAS/blob/develop/TargetList.txt +# See https://github.com/OpenMathLib/OpenBLAS/blob/develop/TargetList.txt , target ? null # Select whether DYNAMIC_ARCH is enabled or not. , dynamicArch ? null @@ -30,6 +30,7 @@ , octave , opencv , python3 +, openmp ? null }: let blas64_ = blas64; in @@ -141,15 +142,15 @@ let in stdenv.mkDerivation rec { pname = "openblas"; - version = "0.3.25"; + version = "0.3.26"; outputs = [ "out" "dev" ]; src = fetchFromGitHub { - owner = "xianyi"; + owner = "OpenMathLib"; repo = "OpenBLAS"; rev = "v${version}"; - hash = "sha256-eY/R7gLDOls3csuwZkUS+x+v3GeL3dCsOD+4STxDpCg="; + hash = "sha256-AA3+x3SXkcg3g7bROZYLpWAbxnRedmQBZPe+rBJKxJ8="; }; postPatch = '' @@ -179,6 +180,8 @@ stdenv.mkDerivation rec { which ]; + buildInputs = lib.optional (stdenv.cc.isClang && config.USE_OPENMP) openmp; + depsBuildBuild = [ buildPackages.gfortran buildPackages.stdenv.cc @@ -206,10 +209,12 @@ stdenv.mkDerivation rec { else stdenv.hostPlatform != stdenv.buildPlatform; # This disables automatic build job count detection (which honours neither enableParallelBuilding nor NIX_BUILD_CORES) # and uses the main make invocation's job count, falling back to 1 if no parallelism is used. - # https://github.com/xianyi/OpenBLAS/blob/v0.3.20/getarch.c#L1781-L1792 + # https://github.com/OpenMathLib/OpenBLAS/blob/v0.3.20/getarch.c#L1781-L1792 MAKE_NB_JOBS = 0; - } // (lib.optionalAttrs singleThreaded { - # As described on https://github.com/xianyi/OpenBLAS/wiki/Faq/4bded95e8dc8aadc70ce65267d1093ca7bdefc4c#multi-threaded + } // (lib.optionalAttrs stdenv.cc.isClang { + LDFLAGS = "-L${lib.getLib buildPackages.gfortran.cc}/lib"; # contains `libgfortran.so`; building with clang needs this, gcc has it implicit + }) // (lib.optionalAttrs singleThreaded { + # As described on https://github.com/OpenMathLib/OpenBLAS/wiki/Faq/4bded95e8dc8aadc70ce65267d1093ca7bdefc4c#multi-threaded USE_THREAD = false; USE_LOCKING = true; # available with openblas >= 0.3.7 USE_OPENMP = false; # openblas will refuse building with both USE_OPENMP=1 and USE_THREAD=0 @@ -220,7 +225,7 @@ stdenv.mkDerivation rec { postInstall = '' # Write pkgconfig aliases. Upstream report: - # https://github.com/xianyi/OpenBLAS/issues/1740 + # https://github.com/OpenMathLib/OpenBLAS/issues/1740 for alias in blas cblas lapack; do cat <<EOF > $out/lib/pkgconfig/$alias.pc Name: $alias @@ -257,7 +262,7 @@ EOF meta = with lib; { description = "Basic Linear Algebra Subprograms"; license = licenses.bsd3; - homepage = "https://github.com/xianyi/OpenBLAS"; + homepage = "https://github.com/OpenMathLib/OpenBLAS"; platforms = attrNames configs; maintainers = with maintainers; [ ttuegel ]; }; diff --git a/pkgs/development/libraries/science/math/suitesparse/default.nix b/pkgs/development/libraries/science/math/suitesparse/default.nix index 45ea5900e286..9561cf2ed779 100644 --- a/pkgs/development/libraries/science/math/suitesparse/default.nix +++ b/pkgs/development/libraries/science/math/suitesparse/default.nix @@ -9,6 +9,7 @@ , config , enableCuda ? config.cudaSupport , cudaPackages +, openmp ? null }: stdenv.mkDerivation rec { @@ -38,6 +39,8 @@ stdenv.mkDerivation rec { gfortran.cc.lib gmp mpfr + ] ++ lib.optionals stdenv.cc.isClang [ + openmp ] ++ lib.optionals enableCuda [ cudaPackages.cuda_cudart.dev cudaPackages.cuda_cudart.lib diff --git a/pkgs/development/libraries/sqlite/default.nix b/pkgs/development/libraries/sqlite/default.nix index 952fc28eae4c..5152f5d0e33c 100644 --- a/pkgs/development/libraries/sqlite/default.nix +++ b/pkgs/development/libraries/sqlite/default.nix @@ -15,13 +15,13 @@ in stdenv.mkDerivation rec { pname = "sqlite${lib.optionalString interactive "-interactive"}"; - version = "3.44.2"; + version = "3.45.1"; # nixpkgs-update: no auto update # NB! Make sure to update ./tools.nix src (in the same directory). src = fetchurl { - url = "https://sqlite.org/2023/sqlite-autoconf-${archiveVersion version}.tar.gz"; - hash = "sha256-HGcZoUi8Qc8PK7vjkm184/XKCdh48SRvzCB2exdbtAc="; + url = "https://sqlite.org/2024/sqlite-autoconf-${archiveVersion version}.tar.gz"; + hash = "sha256-zZwnhBt6WTLJiXZR4guGxwHddAVWmJsByllvz6PUmgo="; }; outputs = [ "bin" "dev" "out" ]; diff --git a/pkgs/development/libraries/sqlite/tools.nix b/pkgs/development/libraries/sqlite/tools.nix index dd092dd0f043..695d2207da7d 100644 --- a/pkgs/development/libraries/sqlite/tools.nix +++ b/pkgs/development/libraries/sqlite/tools.nix @@ -4,12 +4,12 @@ let archiveVersion = import ./archive-version.nix lib; mkTool = { pname, makeTarget, description, homepage, mainProgram }: stdenv.mkDerivation rec { inherit pname; - version = "3.44.2"; + version = "3.45.1"; # nixpkgs-update: no auto update src = assert version == sqlite.version; fetchurl { - url = "https://sqlite.org/2023/sqlite-src-${archiveVersion version}.zip"; - hash = "sha256-cxh0c/63RQk1fo+my5/WcVOy0BDQCusv3bbO6xirryc="; + url = "https://sqlite.org/2024/sqlite-src-${archiveVersion version}.zip"; + hash = "sha256-f3sUpo7bzUpX3zqMTb1W0tNUam583VDeQM6wOvM9NLo="; }; nativeBuildInputs = [ unzip ]; diff --git a/pkgs/development/libraries/umockdev/default.nix b/pkgs/development/libraries/umockdev/default.nix index 1cae2c62b33c..9c3026b0c9fb 100644 --- a/pkgs/development/libraries/umockdev/default.nix +++ b/pkgs/development/libraries/umockdev/default.nix @@ -2,6 +2,7 @@ , lib , docbook-xsl-nons , fetchurl +, fetchpatch , glib , gobject-introspection , gtk-doc @@ -12,7 +13,8 @@ , ninja , pkg-config , python3 -, systemd +, substituteAll +, systemdMinimal , usbutils , vala , which @@ -33,6 +35,20 @@ stdenv.mkDerivation (finalAttrs: { # Hardcode absolute paths to libraries so that consumers # do not need to set LD_LIBRARY_PATH themselves. ./hardcode-paths.patch + + # Replace references to udevadm with an absolute paths, so programs using + # umockdev will just work without having to provide it in their test environment + # $PATH. + (substituteAll { + src = ./substitute-udevadm.patch; + udevadm = "${systemdMinimal}/bin/udevadm"; + }) + + (fetchpatch { + name = "musl.patch"; + url = "https://github.com/martinpitt/umockdev/commit/d4efe24be59bd859b87473ea3d7efe8100bedc74.patch"; + hash = "sha256-whf3p2e7FWN1xk5+HF9KsbMW74DPOQ0R0+FxBfCZTX0="; + }) ]; nativeBuildInputs = [ @@ -49,7 +65,7 @@ stdenv.mkDerivation (finalAttrs: { buildInputs = [ glib - systemd + systemdMinimal libpcap ]; @@ -59,10 +75,12 @@ stdenv.mkDerivation (finalAttrs: { nativeCheckInputs = [ python3 - which usbutils + which ]; + strictDeps = true; + mesonFlags = [ "-Dgtk_doc=true" ]; diff --git a/pkgs/development/libraries/umockdev/substitute-udevadm.patch b/pkgs/development/libraries/umockdev/substitute-udevadm.patch new file mode 100644 index 000000000000..b09d151018e5 --- /dev/null +++ b/pkgs/development/libraries/umockdev/substitute-udevadm.patch @@ -0,0 +1,41 @@ +From 09efbe8090f501c60975d5467fb587ed633d6a01 Mon Sep 17 00:00:00 2001 +From: Florian Klink <flokli@flokli.de> +Date: Wed, 24 Jan 2024 14:29:28 +0200 +Subject: [PATCH] substitute udevadm + +--- + src/umockdev-record.vala | 2 +- + tests/test-umockdev-run.vala | 4 ++-- + 2 files changed, 3 insertions(+), 3 deletions(-) + +diff --git a/src/umockdev-record.vala b/src/umockdev-record.vala +index 2d49bc8..272f25e 100644 +--- a/src/umockdev-record.vala ++++ b/src/umockdev-record.vala +@@ -223,7 +223,7 @@ record_device(string dev) + int exitcode; + try { + Process.spawn_sync(null, +- {"udevadm", "info", "--query=all", "--path", dev}, ++ {"@udevadm@", "info", "--query=all", "--path", dev}, + null, + SpawnFlags.SEARCH_PATH, + null, +diff --git a/tests/test-umockdev-run.vala b/tests/test-umockdev-run.vala +index cd00a08..94616cb 100644 +--- a/tests/test-umockdev-run.vala ++++ b/tests/test-umockdev-run.vala +@@ -199,8 +199,8 @@ A: size=1048576\n + + // unfortunately the udevadm output between distros is not entirely constant + assert (get_program_out ( +- "udevadm", +- umockdev_run_command + "-d " + umockdev_file + " -- udevadm info --query=all --name=/dev/loop23", ++ "@udevadm@", ++ umockdev_run_command + "-d " + umockdev_file + " -- @udevadm@ info --query=all --name=/dev/loop23", + out sout, out serr, out exit)); + + assert_cmpstr (serr, CompareOperator.EQ, ""); +-- +2.43.0 + diff --git a/pkgs/development/libraries/wayland/protocols.nix b/pkgs/development/libraries/wayland/protocols.nix index 0fadb103ce33..9625f3a5ee1b 100644 --- a/pkgs/development/libraries/wayland/protocols.nix +++ b/pkgs/development/libraries/wayland/protocols.nix @@ -6,14 +6,14 @@ stdenv.mkDerivation rec { pname = "wayland-protocols"; - version = "1.32"; + version = "1.33"; # https://gitlab.freedesktop.org/wayland/wayland-protocols/-/issues/48 doCheck = stdenv.hostPlatform == stdenv.buildPlatform && stdenv.hostPlatform.linker == "bfd" && wayland.withLibraries; src = fetchurl { url = "https://gitlab.freedesktop.org/wayland/${pname}/-/releases/${version}/downloads/${pname}-${version}.tar.xz"; - hash = "sha256-dFl5nTQMgpa2le+FfAfd7yTFoJsJq2p097kmQNKxuhE="; + hash = "sha256-lPDFCwkNbmGgP2IEhGexmrvoUb5OEa57NvZfi5jDljo="; }; postPatch = lib.optionalString doCheck '' diff --git a/pkgs/development/libraries/webrtc-audio-processing/default.nix b/pkgs/development/libraries/webrtc-audio-processing/default.nix index ad2b12de8910..1b847528550e 100644 --- a/pkgs/development/libraries/webrtc-audio-processing/default.nix +++ b/pkgs/development/libraries/webrtc-audio-processing/default.nix @@ -1,6 +1,7 @@ { lib , stdenv , fetchFromGitLab +, fetchurl , darwin , abseil-cpp , meson @@ -20,6 +21,15 @@ stdenv.mkDerivation rec { hash = "sha256-8CDt4kMt2Owzyv22dqWIcFuHeg4Y3FxB405cLw3FZ+g="; }; + patches = [ + # Fix an include oppsie that happens to not happen on glibc + # https://gitlab.freedesktop.org/pulseaudio/webrtc-audio-processing/-/merge_requests/38 + (fetchurl { + url = "https://git.alpinelinux.org/aports/plain/community/webrtc-audio-processing-1/0001-rtc_base-Include-stdint.h-to-fix-build-failures.patch?id=625e19c19972e69e034c0870a31b375833d1ab5d"; + hash = "sha256-9nI22SJoU0H3CzsPSAObtCFTadtvkzdnqIh6mxmUuds="; + }) + ]; + outputs = [ "out" "dev" ]; nativeBuildInputs = [ diff --git a/pkgs/development/libraries/zlib/default.nix b/pkgs/development/libraries/zlib/default.nix index 9fccef25da17..687fb3598444 100644 --- a/pkgs/development/libraries/zlib/default.nix +++ b/pkgs/development/libraries/zlib/default.nix @@ -9,6 +9,7 @@ # If false, and if `{ static = true; }`, the .a stays in the main output. , splitStaticOutput ? shared && static , testers +, minizip }: # Without either the build will actually still succeed because the build @@ -24,7 +25,7 @@ assert splitStaticOutput -> static; stdenv.mkDerivation (finalAttrs: { pname = "zlib"; - version = "1.3"; + version = "1.3.1"; src = let inherit (finalAttrs) version; @@ -35,7 +36,7 @@ stdenv.mkDerivation (finalAttrs: { # Stable archive path, but captcha can be encountered, causing hash mismatch. "https://www.zlib.net/fossils/zlib-${version}.tar.gz" ]; - hash = "sha256-/wukwpIBPbwnUws6geH5qBPNOd4Byl4Pi/NVcC76WT4="; + hash = "sha256-mpOyt9/ax3zrpaVYpYDnRmfdb+3kWFuR7vtg8Dty3yM="; }; postPatch = lib.optionalString stdenv.hostPlatform.isDarwin '' @@ -128,7 +129,11 @@ stdenv.mkDerivation (finalAttrs: { "SHARED_MODE=1" ]; - passthru.tests.pkg-config = testers.testMetaPkgConfig finalAttrs.finalPackage; + passthru.tests = { + pkg-config = testers.testMetaPkgConfig finalAttrs.finalPackage; + # uses `zlib` derivation: + inherit minizip; + }; meta = with lib; { homepage = "https://zlib.net"; diff --git a/pkgs/development/python-modules/aiohttp/default.nix b/pkgs/development/python-modules/aiohttp/default.nix index 691345d65a16..11eb19010fdd 100644 --- a/pkgs/development/python-modules/aiohttp/default.nix +++ b/pkgs/development/python-modules/aiohttp/default.nix @@ -18,18 +18,18 @@ , aiodns , brotli # tests_require +, freezegun , gunicorn , pytest-mock , pytestCheckHook , python-on-whales , re-assert -, time-machine , trustme }: buildPythonPackage rec { pname = "aiohttp"; - version = "3.9.1"; + version = "3.9.3"; pyproject = true; disabled = pythonOlder "3.8"; @@ -38,7 +38,7 @@ buildPythonPackage rec { owner = "aio-libs"; repo = "aiohttp"; rev = "refs/tags/v${version}"; - hash = "sha256-uiqBUDbmROrhkanfBz4avvTSrnKxgVqw54k4jKhfRGY="; + hash = "sha256-dEeMHruFJ1o0J6VUJcpUk7LhEC8sV8hUKXoKcd618lE="; }; patches = [ @@ -79,12 +79,12 @@ buildPythonPackage rec { # NOTE: pytest-xdist cannot be added because it is flaky. See https://github.com/NixOS/nixpkgs/issues/230597 for more info. nativeCheckInputs = [ + freezegun gunicorn pytest-mock pytestCheckHook python-on-whales re-assert - time-machine ] ++ lib.optionals (!(stdenv.isDarwin && stdenv.isAarch64)) [ #Â Optional test dependency. Depends indirectly on pyopenssl, which is # broken on aarch64-darwin. diff --git a/pkgs/development/python-modules/cryptography/default.nix b/pkgs/development/python-modules/cryptography/default.nix index 770561126fb3..4ae2e77de6ac 100644 --- a/pkgs/development/python-modules/cryptography/default.nix +++ b/pkgs/development/python-modules/cryptography/default.nix @@ -3,22 +3,20 @@ , buildPythonPackage , callPackage , cargo +, certifi , cffi , cryptography-vectors ? (callPackage ./vectors.nix { }) , fetchPypi -, hypothesis -, iso8601 +, fetchpatch2 , isPyPy , libiconv , libxcrypt , openssl , pkg-config , pretend -, py -, pytest-subtests +, pytest-xdist , pytestCheckHook , pythonOlder -, pytz , rustc , rustPlatform , Security @@ -27,26 +25,34 @@ buildPythonPackage rec { pname = "cryptography"; - version = "41.0.7"; # Also update the hash in vectors.nix + version = "42.0.2"; # Also update the hash in vectors.nix pyproject = true; disabled = pythonOlder "3.7"; src = fetchPypi { inherit pname version; - hash = "sha256-E/k86b6oAWwlOzSvxr1qdZk+XEBnLtVAWpyDLw1KALw="; + hash = "sha256-4OxSujx/G32BPNUmSaWz7x/A1DMhncjJOCfFfqts+Ig="; }; cargoDeps = rustPlatform.fetchCargoTarball { inherit src; sourceRoot = "${pname}-${version}/${cargoRoot}"; name = "${pname}-${version}"; - hash = "sha256-VeZhKisCPDRvmSjGNwCgJJeVj65BZ0Ge+yvXbZw86Rw="; + hash = "sha256-jw/FC5rQO77h6omtBp0Nc2oitkVbNElbkBUduyprTIc="; }; + patches = [ + (fetchpatch2 { + # skip overflowing tests on 32 bit; https://github.com/pyca/cryptography/pull/10366 + url = "https://github.com/pyca/cryptography/commit/d741901dddd731895346636c0d3556c6fa51fbe6.patch"; + hash = "sha256-eC+MZg5O8Ia5CbjRE4y+JhaFs3Q5c62QtPHr3x9T+zw="; + }) + ]; + postPatch = '' substituteInPlace pyproject.toml \ - --replace "--benchmark-disable" "" + --replace-fail "--benchmark-disable" "" ''; cargoRoot = "src/rust"; @@ -75,14 +81,11 @@ buildPythonPackage rec { ]; nativeCheckInputs = [ + certifi cryptography-vectors - hypothesis - iso8601 pretend - py pytestCheckHook - pytest-subtests - pytz + pytest-xdist ]; pytestFlagsArray = [ diff --git a/pkgs/development/python-modules/cryptography/vectors.nix b/pkgs/development/python-modules/cryptography/vectors.nix index c02e4d3bcf7e..a5654de86cbb 100644 --- a/pkgs/development/python-modules/cryptography/vectors.nix +++ b/pkgs/development/python-modules/cryptography/vectors.nix @@ -2,7 +2,7 @@ , buildPythonPackage , fetchPypi , cryptography -, setuptools +, flit-core }: buildPythonPackage rec { @@ -14,11 +14,11 @@ buildPythonPackage rec { src = fetchPypi { pname = "cryptography_vectors"; inherit version; - hash = "sha256-ezb5drbljMGAExDhyTxYTGU503Haf4U47dj8Rj3IDVs="; + hash = "sha256-rc3M9dnuZhqWAq0h0lJfZ4ugem52jOeYNZlOIIurDhY="; }; nativeBuildInputs = [ - setuptools + flit-core ]; # No tests included diff --git a/pkgs/development/python-modules/django/4.nix b/pkgs/development/python-modules/django/4.nix index 66ea0f5c1cf8..365a775c11a6 100644 --- a/pkgs/development/python-modules/django/4.nix +++ b/pkgs/development/python-modules/django/4.nix @@ -42,14 +42,14 @@ buildPythonPackage rec { pname = "Django"; - version = "4.2.9"; + version = "4.2.10"; format = "pyproject"; disabled = pythonOlder "3.8"; src = fetchPypi { inherit pname version; - hash = "sha256-EkmMw8uLyAOFOf756Q6V9QdQJDbB8MOmc0ETJPpnXRQ="; + hash = "sha256-sSYO04GxChF1PHNERAjhmGnzJB/EXJhc1VowF3x4nRM="; }; patches = [ diff --git a/pkgs/development/python-modules/fastapi/default.nix b/pkgs/development/python-modules/fastapi/default.nix index 89c1c2ffbe40..74f816d9b8a6 100644 --- a/pkgs/development/python-modules/fastapi/default.nix +++ b/pkgs/development/python-modules/fastapi/default.nix @@ -38,8 +38,8 @@ buildPythonPackage rec { pname = "fastapi"; - version = "0.104.1"; - format = "pyproject"; + version = "0.109.0"; + pyproject = true; disabled = pythonOlder "3.7"; @@ -47,7 +47,7 @@ buildPythonPackage rec { owner = "tiangolo"; repo = pname; rev = "refs/tags/${version}"; - hash = "sha256-xTTFBc+fswLYUhKRkWP/eiYSbG3j1E7CASkEtHVNTlk="; + hash = "sha256-iZBc0tYGmhQuOL/pdthhBYYnZhe+wEttoinePNAIgEs="; }; nativeBuildInputs = [ @@ -98,14 +98,9 @@ buildPythonPackage rec { # ignoring deprecation warnings to avoid test failure from # tests/test_tutorial/test_testing/test_tutorial001.py "-W ignore::DeprecationWarning" - - # http code mismatches - "--deselect=tests/test_annotated.py::test_get" ]; disabledTestPaths = [ - # Disabled tests require orjson which requires rust nightly - "tests/test_default_response_class.py" # Don't test docs and examples "docs_src" # databases is incompatible with SQLAlchemy 2.0 @@ -113,30 +108,12 @@ buildPythonPackage rec { "tests/test_tutorial/test_sql_databases" ]; - disabledTests = [ - "test_get_custom_response" - # Failed: DID NOT RAISE <class 'starlette.websockets.WebSocketDisconnect'> - "test_websocket_invalid_data" - "test_websocket_no_credentials" - # TypeError: __init__() missing 1...starlette-releated - "test_head" - "test_options" - "test_trace" - # Unexpected number of warnings caught - "test_warn_duplicate_operation_id" - # assert state["except"] is True - "test_dependency_gets_exception" - # Fixtures drift - "test_openapi_schema_sub" - # 200 != 404 - "test_flask" - ]; - pythonImportsCheck = [ "fastapi" ]; meta = with lib; { + changelog = "https://github.com/tiangolo/fastapi/releases/tag/${version}"; description = "Web framework for building APIs"; homepage = "https://github.com/tiangolo/fastapi"; license = licenses.mit; diff --git a/pkgs/development/python-modules/flask-api/default.nix b/pkgs/development/python-modules/flask-api/default.nix index 9b4a398f7f79..e837dc71df37 100644 --- a/pkgs/development/python-modules/flask-api/default.nix +++ b/pkgs/development/python-modules/flask-api/default.nix @@ -2,14 +2,23 @@ , buildPythonPackage , pythonOlder , fetchFromGitHub +, fetchpatch + +# build-system +, setuptools + +# dependencies , flask + +# tests , markdown +, pytestCheckHook }: buildPythonPackage rec { - pname = "Flask-API"; + pname = "flask-api"; version = "3.1"; - format = "setuptools"; + pyproject = true; disabled = pythonOlder "3.6"; @@ -20,9 +29,25 @@ buildPythonPackage rec { hash = "sha256-nHgeI5FLKkDp4uWO+0eaT4YSOMkeQ0wE3ffyJF+WzTM="; }; + patches = [ + (fetchpatch { + # werkzeug 3.0 support + url = "https://github.com/flask-api/flask-api/commit/9c998897f67d8aa959dc3005d7d22f36568b6938.patch"; + hash = "sha256-vaCZ4gVlfQXyeksA44ydkjz2FxODHt3gTTP+ukJwEGY="; + }) + ]; + + nativeBuildInputs = [ + setuptools + ]; + propagatedBuildInputs = [ flask + ]; + + nativeCheckInputs = [ markdown + pytestCheckHook ]; meta = with lib; { diff --git a/pkgs/development/python-modules/flask-autoindex/default.nix b/pkgs/development/python-modules/flask-autoindex/default.nix deleted file mode 100644 index c8e14eaf35e3..000000000000 --- a/pkgs/development/python-modules/flask-autoindex/default.nix +++ /dev/null @@ -1,51 +0,0 @@ -{ lib -, buildPythonPackage -, fetchPypi -, flask -, flask-silk -, future -, pythonOlder -, unittestCheckHook -}: - -buildPythonPackage rec { - pname = "flask-autoindex"; - version = "0.6.6"; - format = "setuptools"; - - disabled = pythonOlder "3.7"; - - src = fetchPypi { - pname = "Flask-AutoIndex"; - inherit version; - sha256 = "ea319f7ccadf68ddf98d940002066278c779323644f9944b300066d50e2effc7"; - }; - - propagatedBuildInputs = [ - flask - flask-silk - future - ]; - - nativeCheckInputs = [ - unittestCheckHook - ]; - - pythonImportsCheck = [ - "flask_autoindex" - ]; - - meta = with lib; { - description = "The mod_autoindex for Flask"; - longDescription = '' - Flask-AutoIndex generates an index page for your Flask application automatically. - The result is just like mod_autoindex, but the look is more awesome! - ''; - homepage = "https://flask-autoindex.readthedocs.io/"; - changelog = "https://github.com/general03/flask-autoindex/blob/v${version}/CHANGELOG.md"; - license = licenses.bsd2; - maintainers = teams.sage.members; - # https://github.com/general03/flask-autoindex/issues/67 - broken = true; - }; -} diff --git a/pkgs/development/python-modules/flask-basicauth/default.nix b/pkgs/development/python-modules/flask-basicauth/default.nix deleted file mode 100644 index 97a214744457..000000000000 --- a/pkgs/development/python-modules/flask-basicauth/default.nix +++ /dev/null @@ -1,55 +0,0 @@ -{ lib -, buildPythonPackage -, fetchFromGitHub -, fetchpatch -, flask -, python -}: - -buildPythonPackage rec { - pname = "flask-basicauth"; - version = "0.2.0"; - format = "setuptools"; - - src = fetchFromGitHub { - owner = "jpvanhal"; - repo = pname; - rev = "v${version}"; - hash = "sha256-han0OjMI1XmuWKHGVpk+xZB+/+cpV1I+659zOG3hcPY="; - }; - - patches = [ - (fetchpatch { - # The unit tests fail due to an invalid import: - # from flask.ext.basicauth import BasicAuth - # - # This patch replaces it with the correct import: - # from flask_basicauth import BasicAuth - # - # The patch uses the changes from this pull request, - # and therefore can be removed once this pull request - # has been merged: - # https://github.com/jpvanhal/flask-basicauth/pull/29 - name = "fix-test-flask-ext-imports.patch"; - url = "https://github.com/jpvanhal/flask-basicauth/commit/23f57dc1c3d85ea6fc7f468e8d8c6f19348a0a81.patch"; - hash = "sha256-njUYjO0TRe3vr5D0XjIfCNcsFlShbGxtFV/DJerAKDE="; - }) - ]; - - propagatedBuildInputs = [ flask ]; - - checkPhase = '' - runHook preCheck - ${python.interpreter} -m unittest discover - runHook postCheck - ''; - - pythonImportsCheck = [ "flask_basicauth" ]; - - meta = with lib; { - homepage = "https://github.com/jpvanhal/flask-basicauth"; - description = "HTTP basic access authentication for Flask"; - license = licenses.mit; - maintainers = with maintainers; [ wesnel ]; - }; -} diff --git a/pkgs/development/python-modules/flask-gravatar/default.nix b/pkgs/development/python-modules/flask-gravatar/default.nix index a52feb8aecbf..1a305f017cee 100644 --- a/pkgs/development/python-modules/flask-gravatar/default.nix +++ b/pkgs/development/python-modules/flask-gravatar/default.nix @@ -1,7 +1,15 @@ { lib , buildPythonPackage , fetchPypi +, fetchpatch + +# build-system +, setuptools + +# dependencies , flask + +# tests , pytestCheckHook , pygments }: @@ -17,6 +25,14 @@ buildPythonPackage rec { sha256 = "YGZfMcLGEokdto/4Aek+06CIHGyOw0arxk0qmSP1YuE="; }; + patches = [ + (fetchpatch { + # flask 3.0 compat + url = "https://github.com/zzzsochi/Flask-Gravatar/commit/d74d70d9695c464b602c96c2383d391b38ed51ac.patch"; + hash = "sha256-tCKkA2io/jhvrh6RhTeEw4AKnIZc9hsqTf2qItUsdjo="; + }) + ]; + postPatch = '' sed -i setup.py \ -e "s|tests_require=tests_require,||g" \ @@ -28,6 +44,10 @@ buildPythonPackage rec { --replace "--cov=flask_gravatar --cov-report=term-missing" "" ''; + nativeBuildInputs = [ + setuptools + ]; + propagatedBuildInputs = [ flask ]; @@ -37,7 +57,9 @@ buildPythonPackage rec { pygments ]; - pythonImportsCheck = [ "flask_gravatar" ]; + pythonImportsCheck = [ + "flask_gravatar" + ]; meta = with lib; { homepage = "https://github.com/zzzsochi/Flask-Gravatar"; diff --git a/pkgs/development/python-modules/flask-restful/default.nix b/pkgs/development/python-modules/flask-restful/default.nix index 68072b7ddde9..3107d4c7f5bc 100644 --- a/pkgs/development/python-modules/flask-restful/default.nix +++ b/pkgs/development/python-modules/flask-restful/default.nix @@ -29,6 +29,8 @@ buildPythonPackage rec { # conditional so that overrides are easier for web applications patches = lib.optionals (lib.versionAtLeast werkzeug.version "2.1.0") [ ./werkzeug-2.1.0-compat.patch + ] ++ lib.optionals (lib.versionAtLeast flask.version "3.0.0") [ + ./flask-3.0-compat.patch ]; propagatedBuildInputs = [ diff --git a/pkgs/development/python-modules/flask-restful/flask-3.0-compat.patch b/pkgs/development/python-modules/flask-restful/flask-3.0-compat.patch new file mode 100644 index 000000000000..c78105e72282 --- /dev/null +++ b/pkgs/development/python-modules/flask-restful/flask-3.0-compat.patch @@ -0,0 +1,24 @@ +diff --git a/tests/test_api.py b/tests/test_api.py +index 582ee5a..20db1f5 100644 +--- a/tests/test_api.py ++++ b/tests/test_api.py +@@ -1,7 +1,7 @@ + import unittest + import json + from flask import Flask, Blueprint, redirect, views, abort as flask_abort +-from flask.signals import got_request_exception, signals_available ++from flask.signals import got_request_exception + try: + from mock import Mock + except: +@@ -491,10 +491,6 @@ class APITestCase(unittest.TestCase): + self.assertEqual(api.default_mediatype, resp.headers['Content-Type']) + + def test_handle_error_signal(self): +- if not signals_available: +- # This test requires the blinker lib to run. +- print("Can't test signals without signal support") +- return + app = Flask(__name__) + api = flask_restful.Api(app) + diff --git a/pkgs/development/python-modules/flask-session-captcha/default.nix b/pkgs/development/python-modules/flask-session-captcha/default.nix index a720d2a4b555..8a71b99c1539 100644 --- a/pkgs/development/python-modules/flask-session-captcha/default.nix +++ b/pkgs/development/python-modules/flask-session-captcha/default.nix @@ -1,17 +1,25 @@ { lib , fetchFromGitHub +, fetchpatch , buildPythonPackage + +# build-system +, setuptools + +# dependencies +, captcha , flask -, flask-sessionstore +, markupsafe + +# tests , flask-sqlalchemy -, captcha , pytestCheckHook }: buildPythonPackage rec { pname = "flask-session-captcha"; version = "1.3.0"; - format = "setuptools"; + pyproject = true; src = fetchFromGitHub { owner = "Tethik"; @@ -20,15 +28,36 @@ buildPythonPackage rec { hash = "sha256-V0f3mXCfqwH2l3OtJKOHGdrlKAFxs2ynqXvNve7Amkc="; }; - propagatedBuildInputs = [ flask flask-sessionstore captcha ]; + patches = [ + (fetchpatch { + # https://github.com/Tethik/flask-session-captcha/pull/44 + url = "https://github.com/Tethik/flask-session-captcha/commit/3f79c22a71c60dd60e9df61b550cce641603dcb6.patch"; + hash = "sha256-MXsoSytBNbcg3HU6IWlvf2MgNUL78T5ToxKGv4YMtZw="; + }) + ]; + + nativeBuildInputs = [ + setuptools + ]; - pythonImportsCheck = [ "flask_session_captcha" ]; + propagatedBuildInputs = [ + captcha + flask + markupsafe + ]; - nativeCheckInputs = [ flask-sqlalchemy pytestCheckHook ]; + pythonImportsCheck = [ + "flask_session_captcha" + ]; # RuntimeError: Working outside of application context. doCheck = false; + nativeCheckInputs = [ + flask-sqlalchemy + pytestCheckHook + ]; + meta = with lib; { description = "A captcha implemention for flask"; homepage = "https://github.com/Tethik/flask-session-captcha"; diff --git a/pkgs/development/python-modules/flask-sessionstore/default.nix b/pkgs/development/python-modules/flask-sessionstore/default.nix deleted file mode 100644 index 12f3ff51b425..000000000000 --- a/pkgs/development/python-modules/flask-sessionstore/default.nix +++ /dev/null @@ -1,35 +0,0 @@ -{ lib -, fetchPypi -, buildPythonPackage -, flask -, nose -}: - -buildPythonPackage rec { - pname = "flask-sessionstore"; - version = "0.4.5"; - format = "setuptools"; - - src = fetchPypi { - pname = "Flask-Sessionstore"; - inherit version; - hash = "sha256-AQ3jWrnw2UI8L3nFEx4AhDwGP4R8Tr7iBMsDS5jLQPQ="; - }; - - propagatedBuildInputs = [ flask ]; - - pythonImportsCheck = [ "flask_sessionstore" ]; - - nativeCheckInputs = [ nose ]; - - checkPhase = '' - nosetests -s - ''; - - meta = with lib; { - description = "Session Storage Backends for Flask"; - homepage = "https://github.com/mcrowson/flask-sessionstore"; - license = licenses.bsd3; - maintainers = with maintainers; [ Flakebi ]; - }; -} diff --git a/pkgs/development/python-modules/flask/default.nix b/pkgs/development/python-modules/flask/default.nix index 154625f6c52a..083cf33c88fd 100644 --- a/pkgs/development/python-modules/flask/default.nix +++ b/pkgs/development/python-modules/flask/default.nix @@ -1,18 +1,28 @@ { lib , buildPythonPackage , fetchPypi -, asgiref +, pythonOlder + +# build-system +, flit-core + +# dependencies , blinker , click -, flit-core , importlib-metadata , itsdangerous , jinja2 -, python-dotenv , werkzeug + +# optional-dependencies +, asgiref +, python-dotenv + +# tests +, greenlet , pytestCheckHook -, pythonOlder - # used in passthru.tests + +# reverse dependencies , flask-limiter , flask-restful , flask-restx @@ -21,12 +31,12 @@ buildPythonPackage rec { pname = "flask"; - version = "2.3.3"; + version = "3.0.1"; format = "pyproject"; src = fetchPypi { inherit pname version; - hash = "sha256-CcNHqSqn/0qOfzIGeV8w2CZlS684uHPQdEzVccpgnvw="; + hash = "sha256-ZIn1G7Nmbe9vMU4V8Z1QoYaaGa4OjJo2Qf/mbHfUJAM="; }; nativeBuildInputs = [ @@ -39,21 +49,31 @@ buildPythonPackage rec { itsdangerous jinja2 werkzeug - ] ++ lib.optional (pythonOlder "3.10") importlib-metadata; + ] ++ lib.optionals (pythonOlder "3.10") [ + importlib-metadata + ]; + + passthru.optional-dependencies = { + async = [ + asgiref + ]; + dotenv = [ + python-dotenv + ]; + }; nativeCheckInputs = [ pytestCheckHook - ]; + ] ++ lib.optionals (pythonOlder "3.11") [ + greenlet + ] ++ lib.flatten (builtins.attrValues passthru.optional-dependencies); passthru.tests = { inherit flask-limiter flask-restful flask-restx moto; }; - passthru.optional-dependencies = { - dotenv = [ python-dotenv ]; - async = [ asgiref ]; - }; meta = with lib; { + changelog = "https://flask.palletsprojects.com/en/${versions.majorMinor version}.x/changes/#version-${replaceStrings [ "." ] [ "-" ] version}"; homepage = "https://flask.palletsprojects.com/"; description = "The Python micro framework for building web applications"; longDescription = '' diff --git a/pkgs/development/python-modules/fontparts/default.nix b/pkgs/development/python-modules/fontparts/default.nix index 9f042cf1ef46..d543220c4b25 100644 --- a/pkgs/development/python-modules/fontparts/default.nix +++ b/pkgs/development/python-modules/fontparts/default.nix @@ -1,40 +1,67 @@ -{ lib, buildPythonPackage, fetchPypi, python, pythonOlder -, fonttools, lxml, fs, unicodedata2 -, defcon, fontpens, fontmath, booleanoperations -, pytest, setuptools-scm +{ lib +, buildPythonPackage +, fetchPypi +, fetchpatch2 +, pythonOlder + +# build-system +, setuptools +, setuptools-scm + +# dependencies +, fonttools +, defcon +, fontmath +, booleanoperations + +# tests +, python }: buildPythonPackage rec { - pname = "fontParts"; + pname = "fontparts"; version = "0.12.1"; + pyproject = true; disabled = pythonOlder "3.7"; src = fetchPypi { - inherit pname version; + pname = "fontParts"; + inherit version; hash = "sha256-eeU13S1IcC+bsiK3YDlT4rVDeXDGcxx1wY/is8t5pCA="; extension = "zip"; }; - nativeBuildInputs = [ setuptools-scm ]; + patches = [ + (fetchpatch2 { + # replace remaining usage of assertEquals for Python 3.12 support + # https://github.com/robotools/fontParts/pull/720 + url = "https://github.com/robotools/fontParts/commit/d7484cd98051aa1588683136da0bb99eac31523b.patch"; + hash = "sha256-maoUgbmXY/RC4TUZI4triA9OIfB4T98qjUaQ94uhsbg="; + }) + ]; + + nativeBuildInputs = [ + setuptools + setuptools-scm + ]; propagatedBuildInputs = [ booleanoperations - fonttools - unicodedata2 # fonttools[unicode] extra - lxml # fonttools[lxml] extra - fs # fonttools[ufo] extra defcon - fontpens # defcon[pens] extra fontmath - ]; + fonttools + ] + ++ defcon.optional-dependencies.pens + ++ fonttools.optional-dependencies.ufo + ++ fonttools.optional-dependencies.lxml + ++ fonttools.optional-dependencies.unicode; checkPhase = '' runHook preCheck ${python.interpreter} Lib/fontParts/fontshell/test.py runHook postCheck ''; - nativeCheckInputs = [ pytest ]; meta = with lib; { description = "An API for interacting with the parts of fonts during the font development process."; diff --git a/pkgs/development/python-modules/hatchling/default.nix b/pkgs/development/python-modules/hatchling/default.nix index 221c266287f9..6dca631c967e 100644 --- a/pkgs/development/python-modules/hatchling/default.nix +++ b/pkgs/development/python-modules/hatchling/default.nix @@ -20,13 +20,13 @@ buildPythonPackage rec { pname = "hatchling"; - version = "1.21.0"; + version = "1.21.1"; format = "pyproject"; disabled = pythonOlder "3.8"; src = fetchPypi { inherit pname version; - hash = "sha256-XAhncjV6UHI7gl/V2lJ4rH42l833eX0HVBpskLb/dUw="; + hash = "sha256-u6RARToiTn1EeEV/oujYw2M3Zbr6Apdaa1O5v5F5gLw="; }; # listed in backend/pyproject.toml diff --git a/pkgs/development/python-modules/httpbin/default.nix b/pkgs/development/python-modules/httpbin/default.nix index 48de08ee3b4c..0fbc8bc73ee9 100644 --- a/pkgs/development/python-modules/httpbin/default.nix +++ b/pkgs/development/python-modules/httpbin/default.nix @@ -1,6 +1,7 @@ { lib , buildPythonPackage , fetchPypi +, fetchpatch , pythonRelaxDepsHook # build-system @@ -33,6 +34,14 @@ buildPythonPackage rec { hash = "sha256-e4WWvrDnWntlPDnR888mPW1cR20p4d9ve7K3C/nwaj0="; }; + patches = [ + (fetchpatch { + # backport flask 3.0 support; drop after 0.10.1 + url = "https://github.com/psf/httpbin/commit/c1d9e33049263fed3cb27806a97f094acc350905.patch"; + hash = "sha256-SYJgQN3ERDgLIaBc4eqDfey+EX4z6CSxLoAA7j+16xI="; + }) + ]; + nativeBuildInputs = [ setuptools pythonRelaxDepsHook diff --git a/pkgs/development/python-modules/httpx/default.nix b/pkgs/development/python-modules/httpx/default.nix index 0bbb64652737..9641597a516d 100644 --- a/pkgs/development/python-modules/httpx/default.nix +++ b/pkgs/development/python-modules/httpx/default.nix @@ -30,7 +30,7 @@ buildPythonPackage rec { pname = "httpx"; - version = "0.25.2"; + version = "0.26.0"; format = "pyproject"; disabled = pythonOlder "3.7"; @@ -39,7 +39,7 @@ buildPythonPackage rec { owner = "encode"; repo = pname; rev = "refs/tags/${version}"; - hash = "sha256-rGtIrs4dffs7Ndtjb400q7JrZh+HG9k0uwHw9pRlC5s="; + hash = "sha256-qMMx1CYu2/yH4NRvZFzJOflAPIbcvMYJqU4r+chuzl0="; }; nativeBuildInputs = [ diff --git a/pkgs/development/python-modules/ipython/default.nix b/pkgs/development/python-modules/ipython/default.nix index 09121fb1f24a..e92d5fbbf656 100644 --- a/pkgs/development/python-modules/ipython/default.nix +++ b/pkgs/development/python-modules/ipython/default.nix @@ -29,13 +29,13 @@ buildPythonPackage rec { pname = "ipython"; - version = "8.18.1"; - format = "pyproject"; - disabled = pythonOlder "3.8"; + version = "8.20.0"; + pyproject = true; + disabled = pythonOlder "3.10"; src = fetchPypi { inherit pname version; - sha256 = "sha256-ym8Hm7M0V8ZuIz5FgOv8QSiFW0z2Nw3d1zhCqVY+iic="; + hash = "sha256-LyG9P8HVFVDInuOUSuBLvHvHnhKeoJN9pubGi/2/EXo="; }; nativeBuildInputs = [ diff --git a/pkgs/development/python-modules/json-logging/default.nix b/pkgs/development/python-modules/json-logging/default.nix index a3ac3ff7f005..3d22f4e878ba 100644 --- a/pkgs/development/python-modules/json-logging/default.nix +++ b/pkgs/development/python-modules/json-logging/default.nix @@ -6,6 +6,7 @@ , httpx , pytestCheckHook , pythonOlder +, quart , requests , sanic , uvicorn @@ -31,7 +32,7 @@ buildPythonPackage rec { flask httpx pytestCheckHook - # quart + quart requests sanic uvicorn diff --git a/pkgs/development/python-modules/numpy/default.nix b/pkgs/development/python-modules/numpy/default.nix index ff50cf872f9c..039e571695f8 100644 --- a/pkgs/development/python-modules/numpy/default.nix +++ b/pkgs/development/python-modules/numpy/default.nix @@ -114,7 +114,7 @@ in buildPythonPackage rec { # we default openblas to build with 64 threads # if a machine has more than 64 threads, it will segfault - # see https://github.com/xianyi/OpenBLAS/issues/2993 + # see https://github.com/OpenMathLib/OpenBLAS/issues/2993 preConfigure = '' sed -i 's/-faltivec//' numpy/distutils/system_info.py export OMP_NUM_THREADS=$((NIX_BUILD_CORES > 64 ? 64 : NIX_BUILD_CORES)) diff --git a/pkgs/development/python-modules/pdm-backend/default.nix b/pkgs/development/python-modules/pdm-backend/default.nix index 3d32a02768b4..0e1cc04f920b 100644 --- a/pkgs/development/python-modules/pdm-backend/default.nix +++ b/pkgs/development/python-modules/pdm-backend/default.nix @@ -15,14 +15,14 @@ buildPythonPackage rec { pname = "pdm-backend"; - version = "2.1.7"; + version = "2.1.8"; format = "pyproject"; src = fetchFromGitHub { owner = "pdm-project"; repo = "pdm-backend"; rev = "refs/tags/${version}"; - hash = "sha256-1YM/vba+8+2wKcWzPKzkpaWVmHqbFsYdhQSY/VBBAfo="; + hash = "sha256-d8i+FvxNFPM18W7NmOwh9bqZnMUenF7eCPdcCw4BT7s="; }; env.PDM_BUILD_SCM_VERSION = version; diff --git a/pkgs/development/python-modules/pillow/default.nix b/pkgs/development/python-modules/pillow/default.nix index 7cf0bb9420fe..f101d6b361ec 100644 --- a/pkgs/development/python-modules/pillow/default.nix +++ b/pkgs/development/python-modules/pillow/default.nix @@ -12,15 +12,15 @@ import ./generic.nix (rec { pname = "pillow"; - version = "10.1.0"; + version = "10.2.0"; format = "pyproject"; disabled = pythonOlder "3.8"; src = fetchPypi { - pname = "Pillow"; + pname = "pillow"; inherit version; - hash = "sha256-5r+N5sNu2WyG6jtuHVJzxT9G71GKBiRkzX713Sz5Ljg="; + hash = "sha256-6H8LLHgVfhLXaGsn1jwHD9ZdmU6N2ubzKODc9KDNAH4="; }; passthru.tests = { diff --git a/pkgs/development/python-modules/pluggy/default.nix b/pkgs/development/python-modules/pluggy/default.nix index 6b1c8e67f1eb..a768e8ce942f 100644 --- a/pkgs/development/python-modules/pluggy/default.nix +++ b/pkgs/development/python-modules/pluggy/default.nix @@ -9,17 +9,17 @@ buildPythonPackage rec { pname = "pluggy"; - version = "1.3.0"; + version = "1.4.0"; disabled = pythonOlder "3.8"; - format = "pyproject"; + pyproject = true; src = fetchFromGitHub { owner = "pytest-dev"; repo = "pluggy"; rev = "refs/tags/${version}"; - hash = "sha256-jLasnqmATIOoheGu90Wo1+iTCwslYzNOKckqHIZDJec="; + hash = "sha256-1XHJwODmpYQkYZvnZck6RrtT4lOeCf8cr1QFx9DCbzw="; }; nativeBuildInputs = [ setuptools-scm ]; diff --git a/pkgs/development/python-modules/psutil/default.nix b/pkgs/development/python-modules/psutil/default.nix index a08ff4c7a697..a27bb429c7c1 100644 --- a/pkgs/development/python-modules/psutil/default.nix +++ b/pkgs/development/python-modules/psutil/default.nix @@ -11,7 +11,7 @@ buildPythonPackage rec { pname = "psutil"; - version = "5.9.6"; + version = "5.9.8"; format = "setuptools"; inherit stdenv; @@ -20,9 +20,17 @@ buildPythonPackage rec { src = fetchPypi { inherit pname version; - hash = "sha256-5Lkt3NfdTN0/kAGA6h4QSTLHvOI0+4iXbio7KWRBIlo="; + hash = "sha256-a+Em4yJUht/yhqj7mgYkalJT9MfFO0depfWsk05kGUw="; }; + postPatch = '' + # stick to the old SDK name for now + # https://developer.apple.com/documentation/iokit/kiomasterportdefault/ + # https://developer.apple.com/documentation/iokit/kiomainportdefault/ + substituteInPlace psutil/arch/osx/cpu.c \ + --replace-fail kIOMainPortDefault kIOMasterPortDefault + ''; + buildInputs = # workaround for https://github.com/NixOS/nixpkgs/issues/146760 lib.optionals (stdenv.isDarwin && stdenv.isx86_64) [ diff --git a/pkgs/development/python-modules/pydantic-settings/default.nix b/pkgs/development/python-modules/pydantic-settings/default.nix index 3034b2f92711..000f0dd52a17 100644 --- a/pkgs/development/python-modules/pydantic-settings/default.nix +++ b/pkgs/development/python-modules/pydantic-settings/default.nix @@ -10,7 +10,7 @@ , pytest-mock }: -buildPythonPackage rec { +let self = buildPythonPackage rec { pname = "pydantic-settings"; version = "2.1.0"; pyproject = true; @@ -50,6 +50,15 @@ buildPythonPackage rec { export HOME=$TMPDIR ''; + # ruff is a dependency of pytest-examples which is required to run the tests. + # We do not want all of the downstream packages that depend on pydantic-settings to also depend on ruff. + doCheck = false; + passthru.tests = { + pytest = self.overridePythonAttrs { + doCheck = true; + }; + }; + meta = with lib; { description = "Settings management using pydantic"; homepage = "https://github.com/pydantic/pydantic-settings"; @@ -57,4 +66,4 @@ buildPythonPackage rec { broken = lib.versionOlder pydantic.version "2.0.0"; maintainers = with maintainers; [ ]; }; -} +}; in self diff --git a/pkgs/development/python-modules/pytest/default.nix b/pkgs/development/python-modules/pytest/default.nix index 67fb6989df01..88398d5ab438 100644 --- a/pkgs/development/python-modules/pytest/default.nix +++ b/pkgs/development/python-modules/pytest/default.nix @@ -29,12 +29,12 @@ buildPythonPackage rec { pname = "pytest"; - version = "7.4.3"; + version = "7.4.4"; pyproject = true; src = fetchPypi { inherit pname version; - hash = "sha256-2YnRNpgt5OOynavMg4rVgcZOjtUsEfvobd69naCBjNU="; + hash = "sha256-LPAAWSLGrOSj4uyLQIDrDZdT/ckxB0FTMvUM6eeZQoA="; }; outputs = [ diff --git a/pkgs/development/python-modules/python-memcached/default.nix b/pkgs/development/python-modules/python-memcached/default.nix index e82b6b51643a..4ca7cbbadd25 100644 --- a/pkgs/development/python-modules/python-memcached/default.nix +++ b/pkgs/development/python-modules/python-memcached/default.nix @@ -2,20 +2,21 @@ , buildPythonPackage , fetchFromGitHub , setuptools +, memcached , mock , pytestCheckHook }: buildPythonPackage rec { pname = "python-memcached"; - version = "1.61"; + version = "1.62"; pyproject = true; src = fetchFromGitHub { owner = "linsomniac"; repo = "python-memcached"; rev = version; - hash = "sha256-7bUCVAmOJ6znVmTZg9AJokOuym07NHL12gZgQ2uhfNo="; + hash = "sha256-Qko4Qr9WofeklU0uRRrSPrT8YaBYMCy0GP+TF7YZHLI="; }; nativeBuildInputs = [ @@ -23,12 +24,20 @@ buildPythonPackage rec { ]; nativeCheckInputs = [ + memcached mock pytestCheckHook ]; - # all tests fail - doCheck = false; + preCheck = '' + memcached & + ''; + + postCheck = '' + kill %% + ''; + + __darwinAllowLocalNetworking = true; pythonImportsCheck = [ "memcache" ]; diff --git a/pkgs/development/python-modules/quart/default.nix b/pkgs/development/python-modules/quart/default.nix index 6cf51d6920ff..1effbadf3b67 100644 --- a/pkgs/development/python-modules/quart/default.nix +++ b/pkgs/development/python-modules/quart/default.nix @@ -1,6 +1,7 @@ { lib , buildPythonPackage , fetchFromGitHub +, pythonOlder # build-system , poetry-core @@ -9,6 +10,7 @@ , aiofiles , blinker , click +, flask , hypercorn , importlib-metadata , itsdangerous @@ -29,14 +31,14 @@ buildPythonPackage rec { pname = "quart"; - version = "0.18.4"; + version = "0.19.4"; format = "pyproject"; src = fetchFromGitHub { owner = "pallets"; repo = "quart"; rev = "refs/tags/${version}"; - hash = "sha256-iT/pePUtH1hwNIOG8Y/YbqCVseNXVOKC0nrXfB2RTlQ="; + hash = "sha256-EgCZ0AXK2vGxo55BWAcDVv6zNUrWNbAYNnEXEBJk+84="; }; nativeBuildInputs = [ @@ -52,15 +54,17 @@ buildPythonPackage rec { aiofiles blinker click + flask hypercorn - importlib-metadata itsdangerous jinja2 markupsafe pydata-sphinx-theme python-dotenv - typing-extensions werkzeug + ] ++ lib.optionals (pythonOlder "3.10") [ + importlib-metadata + typing-extensions ]; pythonImportsCheck = [ @@ -75,11 +79,6 @@ buildPythonPackage rec { pytestCheckHook ]; - disabledTestPaths = [ - # remove after 0.18.4 - "tests/test_signals.py" - ]; - meta = with lib; { description = "An async Python micro framework for building web applications"; homepage = "https://github.com/pallets/quart/"; diff --git a/pkgs/development/python-modules/scipy/default.nix b/pkgs/development/python-modules/scipy/default.nix index ec6e966d79bf..b2a58d71c0b1 100644 --- a/pkgs/development/python-modules/scipy/default.nix +++ b/pkgs/development/python-modules/scipy/default.nix @@ -76,6 +76,11 @@ in buildPythonPackage { "doc/source/dev/contributor/meson_advanced.rst" ]; }) + (fetchpatch { + name = "openblas-0.3.26-compat.patch"; + url = "https://github.com/scipy/scipy/commit/8c96a1f742335bca283aae418763aaba62c03378.patch"; + hash = "sha256-SGoYDxwSAkr6D5/XEqHLerF4e4nmmI+PX+z+3taWAps="; + }) ]; # Upstream complicated numpy version pinning is causing issues in the diff --git a/pkgs/development/python-modules/sentry-sdk/default.nix b/pkgs/development/python-modules/sentry-sdk/default.nix index 11d1df937702..e89d8ca0e32f 100644 --- a/pkgs/development/python-modules/sentry-sdk/default.nix +++ b/pkgs/development/python-modules/sentry-sdk/default.nix @@ -27,6 +27,7 @@ , pytest-watch , pytestCheckHook , pythonOlder +, quart , rq , sanic , setuptools @@ -96,7 +97,7 @@ buildPythonPackage rec { pure-eval ]; quart = [ - # quart missing + quart blinker ]; rq = [ diff --git a/pkgs/development/python-modules/setuptools/default.nix b/pkgs/development/python-modules/setuptools/default.nix index 231580cf9675..7cacc0ca5a4d 100644 --- a/pkgs/development/python-modules/setuptools/default.nix +++ b/pkgs/development/python-modules/setuptools/default.nix @@ -8,14 +8,14 @@ buildPythonPackage rec { pname = "setuptools"; - version = "69.0.2"; + version = "69.0.3"; format = "pyproject"; src = fetchFromGitHub { owner = "pypa"; repo = "setuptools"; rev = "refs/tags/v${version}"; - hash = "sha256-7xOZC85glpXPKdPTYOpwjQHRpkKL1hgbMFgJF3q5EW0="; + hash = "sha256-38csULki+SBcg7StScj0/09A+JZesm8iwOBjSgXyXMA="; }; patches = [ diff --git a/pkgs/development/python-modules/sip/default.nix b/pkgs/development/python-modules/sip/default.nix index c36e3acc30ea..32c28211cd06 100644 --- a/pkgs/development/python-modules/sip/default.nix +++ b/pkgs/development/python-modules/sip/default.nix @@ -9,7 +9,11 @@ , ply , toml , tomli + +# tests , poppler-qt5 +, qgis +, qgis-ltr }: buildPythonPackage rec { @@ -38,7 +42,8 @@ buildPythonPackage rec { pythonImportsCheck = [ "sipbuild" ]; passthru.tests = { - inherit poppler-qt5; + # test depending packages + inherit poppler-qt5 qgis qgis-ltr; }; meta = with lib; { diff --git a/pkgs/development/python-modules/sqlalchemy-utils/default.nix b/pkgs/development/python-modules/sqlalchemy-utils/default.nix index 84b42ad27f2f..9fd3c75adcc6 100644 --- a/pkgs/development/python-modules/sqlalchemy-utils/default.nix +++ b/pkgs/development/python-modules/sqlalchemy-utils/default.nix @@ -1,6 +1,7 @@ { lib , buildPythonPackage , fetchPypi +, fetchpatch , pythonOlder # runtime @@ -48,6 +49,12 @@ buildPythonPackage rec { patches = [ ./skip-database-tests.patch + + (fetchpatch { + # sqlalchemy 2.0.22+ compat; https://github.com/kvesteri/sqlalchemy-utils/pull/725 + url = "https://github.com/kvesteri/sqlalchemy-utils/commit/712aabaefc5c8ca3680751c705cf5a5984c74af1.patch"; + hash = "sha256-xBdiUtFWjlUhBzHgGFbaKBt3at6NDo+mv9sd8WwiPOA="; + }) ]; propagatedBuildInputs = [ diff --git a/pkgs/development/python-modules/sqlalchemy/default.nix b/pkgs/development/python-modules/sqlalchemy/default.nix index 9ea29db26c8d..edee5d1d4414 100644 --- a/pkgs/development/python-modules/sqlalchemy/default.nix +++ b/pkgs/development/python-modules/sqlalchemy/default.nix @@ -40,7 +40,7 @@ buildPythonPackage rec { pname = "SQLAlchemy"; - version = "2.0.21"; + version = "2.0.25"; format = "pyproject"; disabled = pythonOlder "3.7"; @@ -49,7 +49,7 @@ buildPythonPackage rec { owner = "sqlalchemy"; repo = "sqlalchemy"; rev = "refs/tags/rel_${lib.replaceStrings [ "." ] [ "_" ] version}"; - hash = "sha256-ldBn+pdZfqnBKdYkOcG47ScH/hBgeJBeIvn1hCIBw/A="; + hash = "sha256-nfkYzLpWyNXDuRUJl5pzaedw5v7jHpG7kpmr6VTGUaw="; }; postPatch = '' diff --git a/pkgs/development/python-modules/starlette/default.nix b/pkgs/development/python-modules/starlette/default.nix index 137bd59c703c..4f248044cc7f 100644 --- a/pkgs/development/python-modules/starlette/default.nix +++ b/pkgs/development/python-modules/starlette/default.nix @@ -1,37 +1,42 @@ { lib -, stdenv , buildPythonPackage , fetchFromGitHub + +# build-system , hatchling -# runtime -, ApplicationServices +# dependencies , anyio +, typing-extensions + +# optional dependencies , itsdangerous , jinja2 , python-multipart , pyyaml , httpx -, typing-extensions # tests , pytestCheckHook , pythonOlder , trio + +# reverse dependencies +, fastapi }: buildPythonPackage rec { pname = "starlette"; - version = "0.32.0.post1"; - format = "pyproject"; + version = "0.35.1"; + pyproject = true; - disabled = pythonOlder "3.7"; + disabled = pythonOlder "3.8"; src = fetchFromGitHub { owner = "encode"; repo = pname; rev = "refs/tags/${version}"; - hash = "sha256-1twyN3fSlxwfDtyqaFFuCAVehLZ8vCV4voCT7CVSEbk="; + hash = "sha256-ynT1KowVJ1QdKLSOXYWVe5Q/PrYEWQDUbj395ebfk6Y="; }; nativeBuildInputs = [ @@ -40,38 +45,37 @@ buildPythonPackage rec { propagatedBuildInputs = [ anyio + ] ++ lib.optionals (pythonOlder "3.10") [ + typing-extensions + ]; + + passthru.optional-dependencies.full = [ itsdangerous jinja2 python-multipart pyyaml httpx - ] ++ lib.optionals (pythonOlder "3.10") [ - typing-extensions - ] ++ lib.optionals stdenv.isDarwin [ - ApplicationServices ]; nativeCheckInputs = [ pytestCheckHook trio typing-extensions - ]; + ] ++ lib.flatten (lib.attrValues passthru.optional-dependencies); pytestFlagsArray = [ "-W" "ignore::DeprecationWarning" "-W" "ignore::trio.TrioDeprecationWarning" ]; - disabledTests = [ - # asserts fail due to inclusion of br in Accept-Encoding - "test_websocket_headers" - "test_request_headers" - ]; - pythonImportsCheck = [ "starlette" ]; + passthru.tests = { + inherit fastapi; + }; + meta = with lib; { changelog = "https://github.com/encode/starlette/releases/tag/${version}"; downloadPage = "https://github.com/encode/starlette"; diff --git a/pkgs/development/python-modules/tqdm/default.nix b/pkgs/development/python-modules/tqdm/default.nix index 6cf4c9713f9e..84489b22ce4a 100644 --- a/pkgs/development/python-modules/tqdm/default.nix +++ b/pkgs/development/python-modules/tqdm/default.nix @@ -2,7 +2,7 @@ , stdenv , buildPythonPackage , fetchPypi -, pythonAtLeast +, pythonOlder , setuptools , setuptools-scm , wheel @@ -20,9 +20,6 @@ buildPythonPackage rec { version = "4.66.1"; format = "pyproject"; - # https://github.com/tqdm/tqdm/issues/1537 - disabled = pythonAtLeast "3.12"; - src = fetchPypi { inherit pname version; hash = "sha256-2I5lH5242FUaYlVtPP+eMDQnTKXWbpMZfPJJDi3Lacc="; @@ -34,6 +31,9 @@ buildPythonPackage rec { wheel ]; + # https://github.com/tqdm/tqdm/issues/1537 + doCheck = pythonOlder "3.12"; + nativeCheckInputs = [ pytestCheckHook pytest-asyncio diff --git a/pkgs/development/python-modules/trove-classifiers/default.nix b/pkgs/development/python-modules/trove-classifiers/default.nix index 3485c0f1fd2c..f65c9e651bed 100644 --- a/pkgs/development/python-modules/trove-classifiers/default.nix +++ b/pkgs/development/python-modules/trove-classifiers/default.nix @@ -10,14 +10,14 @@ let self = buildPythonPackage rec { pname = "trove-classifiers"; - version = "2023.11.29"; + version = "2024.1.8"; pyproject = true; disabled = pythonOlder "3.7"; src = fetchPypi { inherit pname version; - hash = "sha256-/49/2Cx5MhE7RufvZ0LHAJHMY2QMjGXbANkfLpQLlRQ="; + hash = "sha256-bjbK9DD/ZIXEtXpMazZKE/aomNFrlBfGw3Rn5ZwUsFo="; }; postPatch = '' diff --git a/pkgs/development/python-modules/werkzeug/default.nix b/pkgs/development/python-modules/werkzeug/default.nix index 35c5f943cb19..e59eda006e6e 100644 --- a/pkgs/development/python-modules/werkzeug/default.nix +++ b/pkgs/development/python-modules/werkzeug/default.nix @@ -3,27 +3,39 @@ , buildPythonPackage , pythonOlder , fetchPypi + +# build-system , flit-core + +# dependencies +, markupsafe + +# optional-dependencies , watchdog + +# tests +, cryptography , ephemeral-port-reserve +, greenlet , pytest-timeout , pytest-xprocess , pytestCheckHook -, markupsafe -# for passthru.tests -, moto, sentry-sdk + +# reverse dependencies +, moto +, sentry-sdk }: buildPythonPackage rec { pname = "werkzeug"; - version = "2.3.8"; + version = "3.0.1"; format = "pyproject"; disabled = pythonOlder "3.8"; src = fetchPypi { inherit pname version; - hash = "sha256-VUslfHS763oNJUFgpPj/4YUkP1KlIDUGC3Ycpi2XfwM="; + hash = "sha256-UH6BHs6nKxikBJR63tSzOQ4duPgmtJTXZVDvRbs7Hcw="; }; nativeBuildInputs = [ @@ -36,16 +48,19 @@ buildPythonPackage rec { passthru.optional-dependencies = { watchdog = lib.optionals (!stdenv.isDarwin) [ - # watchdog requires macos-sdk 10.13[ + # watchdog requires macos-sdk 10.13 watchdog ]; }; nativeCheckInputs = [ + cryptography ephemeral-port-reserve pytest-timeout pytest-xprocess pytestCheckHook + ] ++ lib.optionals (pythonOlder "3.11") [ + greenlet ] ++ lib.flatten (builtins.attrValues passthru.optional-dependencies); disabledTests = lib.optionals stdenv.isDarwin [ @@ -68,6 +83,7 @@ buildPythonPackage rec { }; meta = with lib; { + changelog = "https://werkzeug.palletsprojects.com/en/${versions.majorMinor version}.x/changes/#version-${replaceStrings [ "." ] [ "-" ] version}"; homepage = "https://palletsprojects.com/p/werkzeug/"; description = "The comprehensive WSGI web application library"; longDescription = '' diff --git a/pkgs/development/tools/global-platform-pro/default.nix b/pkgs/development/tools/global-platform-pro/default.nix index a5b1a35531b9..dc533daf99a3 100644 --- a/pkgs/development/tools/global-platform-pro/default.nix +++ b/pkgs/development/tools/global-platform-pro/default.nix @@ -47,7 +47,7 @@ mavenJdk8.buildMavenPackage rec { cp tool/target/gp.jar "$out/share/java" makeWrapper "${jre8_headless}/bin/java" "$out/bin/gp" \ --add-flags "-jar '$out/share/java/gp.jar'" \ - --prefix LD_LIBRARY_PATH : "${pcsclite.out}/lib" + --prefix LD_LIBRARY_PATH : "${lib.getLib pcsclite}/lib" ''; meta = with lib; { diff --git a/pkgs/development/tools/misc/lsof/default.nix b/pkgs/development/tools/misc/lsof/default.nix index 2faefedd6656..9153a2dea198 100644 --- a/pkgs/development/tools/misc/lsof/default.nix +++ b/pkgs/development/tools/misc/lsof/default.nix @@ -1,4 +1,4 @@ -{ lib, stdenv, fetchFromGitHub, buildPackages, perl, which, ncurses }: +{ lib, stdenv, fetchFromGitHub, buildPackages, perl, which, ncurses, nukeReferences }: let dialect = with lib; last (splitString "-" stdenv.hostPlatform.system); @@ -6,27 +6,29 @@ in stdenv.mkDerivation rec { pname = "lsof"; - version = "4.98.0"; + version = "4.99.3"; src = fetchFromGitHub { owner = "lsof-org"; repo = "lsof"; rev = version; - sha256 = "sha256-DQLY0a0sOCZFEJA4Y4b18OcWZw47RyqKZ0mVG0CDVTI="; + hash = "sha256-XW3l+E9D8hgI9jGJGKkIAKa8O9m0JHgZhEASqg4gYuw="; }; - patches = [ - ./no-build-info.patch - ]; - - postPatch = lib.optionalString stdenv.hostPlatform.isMusl '' + postPatch = '' + patchShebangs --build lib/dialects/*/Mksrc + # Do not re-build version.h in every 'make' to allow nuke-refs below. + # We remove phony 'FRC' target that forces rebuilds: + # 'version.h: FRC ...' is translated to 'version.h: ...'. + sed -i lib/dialects/*/Makefile -e 's/version.h:\s*FRC/version.h:/' + '' + lib.optionalString stdenv.hostPlatform.isMusl '' substituteInPlace dialects/linux/dlsof.h --replace "defined(__UCLIBC__)" 1 '' + lib.optionalString stdenv.isDarwin '' sed -i 's|lcurses|lncurses|g' Configure ''; depsBuildBuild = [ buildPackages.stdenv.cc ]; - nativeBuildInputs = [ perl which ]; + nativeBuildInputs = [ nukeReferences perl which ]; buildInputs = [ ncurses ]; # Stop build scripts from searching global include paths @@ -37,6 +39,10 @@ stdenv.mkDerivation rec { for filepath in $(find dialects/${dialect} -type f); do sed -i "s,/usr/include,$LSOF_INCLUDE,g" $filepath done + + # Wipe out development-only flags from CFLAGS embedding + make version.h + nuke-refs version.h ''; installPhase = '' diff --git a/pkgs/development/tools/misc/lsof/no-build-info.patch b/pkgs/development/tools/misc/lsof/no-build-info.patch deleted file mode 100644 index 3c518896b045..000000000000 --- a/pkgs/development/tools/misc/lsof/no-build-info.patch +++ /dev/null @@ -1,40 +0,0 @@ ---- a/usage.c -+++ b/usage.c -@@ -931,24 +931,6 @@ usage(err, fh, version) - (void) fprintf(stderr, " configuration info: %s\n", cp); - #endif /* defined(LSOF_CINFO) */ - -- cp = isnullstr(LSOF_HOST); -- if (!(cp1 = isnullstr(LSOF_LOGNAME))) -- cp1 = isnullstr(LSOF_USER); -- if (cp || cp1) { -- if (cp && cp1) -- cp2 = "by and on"; -- else if (cp) -- cp2 = "on"; -- else -- cp2 = "by"; -- (void) fprintf(stderr, " constructed %s: %s%s%s\n", -- cp2, -- cp1 ? cp1 : "", -- (cp && cp1) ? "@" : "", -- cp ? cp : "" -- ); -- } -- - #if defined(LSOF_BLDCMT) - if ((cp = isnullstr(LSOF_BLDCMT))) - (void) fprintf(stderr, " builder's comment: %s\n", cp); -@@ -958,12 +940,6 @@ usage(err, fh, version) - (void) fprintf(stderr, " compiler: %s\n", cp); - if ((cp = isnullstr(LSOF_CCV))) - (void) fprintf(stderr, " compiler version: %s\n", cp); -- if ((cp = isnullstr(LSOF_CCFLAGS))) -- (void) fprintf(stderr, " compiler flags: %s\n", cp); -- if ((cp = isnullstr(LSOF_LDFLAGS))) -- (void) fprintf(stderr, " loader flags: %s\n", cp); -- if ((cp = isnullstr(LSOF_SYSINFO))) -- (void) fprintf(stderr, " system info: %s\n", cp); - // display configurations that might affect output - char *features[] = { - #if defined(HASEFFNLINK) diff --git a/pkgs/development/tools/ruff/default.nix b/pkgs/development/tools/ruff/default.nix index dadfba7cc67b..a75c7759902a 100644 --- a/pkgs/development/tools/ruff/default.nix +++ b/pkgs/development/tools/ruff/default.nix @@ -5,22 +5,29 @@ , stdenv , darwin , rust-jemalloc-sys - # tests , ruff-lsp }: rustPlatform.buildRustPackage rec { pname = "ruff"; - version = "0.1.13"; + version = "0.1.15"; src = fetchFromGitHub { owner = "astral-sh"; repo = "ruff"; rev = "refs/tags/v${version}"; - hash = "sha256-cH/Vw04QQ3U7E1ZCwozjhPcn0KVljP976/p3okrBpEU="; + hash = "sha256-DzdzMO9PEwf4HmpG8SxRJTmdrmkXuQ8RsIchvsKstH8="; }; - cargoHash = "sha256-tmoFnghHQEsyv0vO9fnWyTsxiIhmovhi/zHXOCi5u10="; + # The following specific substitution is not working as the current directory is `/build/source` and thus has no mention of `ruff` in it. + # https://github.com/astral-sh/ruff/blob/866bea60a5de3c59d2537b0f3a634ae0ac9afd94/crates/ruff/tests/show_settings.rs#L12 + # -> Just patch it so that it expects the actual current directory and not `"[BASEPATH]"`. + postPatch = '' + substituteInPlace crates/ruff/tests/snapshots/show_settings__display_default_settings.snap \ + --replace '"[BASEPATH]"' '"'$PWD'"' + ''; + + cargoHash = "sha256-MpiWdNUs66OGYfOJo1kJQTCqjrk/DAYecaLf6GUUKew="; nativeBuildInputs = [ installShellFiles @@ -32,9 +39,6 @@ rustPlatform.buildRustPackage rec { darwin.apple_sdk.frameworks.CoreServices ]; - cargoBuildFlags = [ "--package=ruff_cli" ]; - cargoTestFlags = cargoBuildFlags; - # tests expect no colors preCheck = '' export NO_COLOR=1 diff --git a/pkgs/development/tools/rust/bindgen/unwrapped.nix b/pkgs/development/tools/rust/bindgen/unwrapped.nix index c2ea437148c6..859d82618063 100644 --- a/pkgs/development/tools/rust/bindgen/unwrapped.nix +++ b/pkgs/development/tools/rust/bindgen/unwrapped.nix @@ -7,15 +7,15 @@ let rustfmt-nightly = rustfmt.override { asNightly = true; }; in rustPlatform.buildRustPackage rec { pname = "rust-bindgen-unwrapped"; - version = "0.69.1"; + version = "0.69.2"; src = fetchCrate { pname = "bindgen-cli"; inherit version; - sha256 = "sha256-zqyIc07RLti2xb23bWzL7zFjreEZuUstnYSp+jUX8Lw="; + sha256 = "sha256-ytbaXCVNXXBtJet5CBkCNUoISxdFXt/kgb4VVZisUXE="; }; - cargoHash = "sha256-o1B8jq7Ze97pBLE9gvNsmCaD/tsW4f6DL0upzQkxbA4="; + cargoHash = "sha256-pnoCq25CrZIAQNkDsokIVVyUYLlg7WY6th17IgeW9x8="; buildInputs = [ clang.cc.lib ]; diff --git a/pkgs/os-specific/darwin/apple-sdk-11.0/default.nix b/pkgs/os-specific/darwin/apple-sdk-11.0/default.nix index a02445adb33b..0e908d0179db 100644 --- a/pkgs/os-specific/darwin/apple-sdk-11.0/default.nix +++ b/pkgs/os-specific/darwin/apple-sdk-11.0/default.nix @@ -61,12 +61,15 @@ let mkStdenv = stdenv: if stdenv.isAarch64 then stdenv else + let + darwinMinVersion = "10.12"; + darwinSdkVersion = "11.0"; + in (overrideCC stdenv (mkCc stdenv.cc)).override { extraBuildInputs = [ pkgs.darwin.apple_sdk_11_0.frameworks.CoreFoundation ]; - targetPlatform = stdenv.targetPlatform // { - darwinMinVersion = "10.12"; - darwinSdkVersion = "11.0"; - }; + buildPlatform = stdenv.buildPlatform // { inherit darwinMinVersion darwinSdkVersion; }; + hostPlatform = stdenv.hostPlatform // { inherit darwinMinVersion darwinSdkVersion; }; + targetPlatform = stdenv.targetPlatform // { inherit darwinMinVersion darwinSdkVersion; }; }; stdenvs = { diff --git a/pkgs/os-specific/linux/cryptsetup/default.nix b/pkgs/os-specific/linux/cryptsetup/default.nix index fbff9a3363de..33edbc0a4f73 100644 --- a/pkgs/os-specific/linux/cryptsetup/default.nix +++ b/pkgs/os-specific/linux/cryptsetup/default.nix @@ -14,14 +14,14 @@ stdenv.mkDerivation rec { pname = "cryptsetup"; - version = "2.6.1"; + version = "2.7.0"; outputs = [ "bin" "out" "dev" "man" ]; separateDebugInfo = true; src = fetchurl { url = "mirror://kernel/linux/utils/cryptsetup/v${lib.versions.majorMinor version}/${pname}-${version}.tar.xz"; - hash = "sha256-QQ3tZaEHKrnI5Brd7Te5cpwIf+9NLbArtO9SmtbaRpM="; + hash = "sha256-lAA6AM1agZRPRejcUp4M/Spv9im9LNIc9eV05GXa95U="; }; patches = [ diff --git a/pkgs/os-specific/linux/ffado/default.nix b/pkgs/os-specific/linux/ffado/default.nix index 3d44ad813a69..d1e78a312e05 100644 --- a/pkgs/os-specific/linux/ffado/default.nix +++ b/pkgs/os-specific/linux/ffado/default.nix @@ -24,13 +24,15 @@ let in mkDerivation rec { pname = "ffado"; - version = "2.4.7"; + version = "2.4.8"; src = fetchurl { url = "http://www.ffado.org/files/libffado-${version}.tgz"; - sha256 = "0vsn3y52g6f77lqh9qfkd7dslmb7bbgy46cv5idynx4frqscc23s"; + hash = "sha256-f0x561ehKw6uMSri0RZip+v1JHZuhixtywl0PVU/N44="; }; + sourceRoot = "libffado-${version}/libffado"; + prePatch = '' substituteInPlace ./support/tools/ffado-diag.in \ --replace /lib/modules/ "/run/booted-system/kernel-modules/lib/modules/" diff --git a/pkgs/os-specific/linux/iproute/default.nix b/pkgs/os-specific/linux/iproute/default.nix index 1fae93c53251..03eb1959c9b2 100644 --- a/pkgs/os-specific/linux/iproute/default.nix +++ b/pkgs/os-specific/linux/iproute/default.nix @@ -6,11 +6,11 @@ stdenv.mkDerivation rec { pname = "iproute2"; - version = "6.6.0"; + version = "6.7.0"; src = fetchurl { url = "mirror://kernel/linux/utils/net/${pname}/${pname}-${version}.tar.xz"; - hash = "sha256-hzjIBK/Qnwv3VpN/DD3iMReDKpjYy79QOGz1AFzWE84="; + hash = "sha256-/5Qt2YKNfR+Gf2H+cs5DMHjDHl2OSnjiDwLLWJLohB0="; }; postPatch = '' diff --git a/pkgs/os-specific/linux/iputils/default.nix b/pkgs/os-specific/linux/iputils/default.nix index 56ac85fa0b7a..75d706b63f95 100644 --- a/pkgs/os-specific/linux/iputils/default.nix +++ b/pkgs/os-specific/linux/iputils/default.nix @@ -15,13 +15,13 @@ stdenv.mkDerivation rec { pname = "iputils"; - version = "20231222"; + version = "20240117"; src = fetchFromGitHub { owner = pname; repo = pname; rev = version; - hash = "sha256-/blxT6k79fgbxX8qCQuJMf7zDPwMjJUt7FCscaMXx6U="; + hash = "sha256-sERY8ZKuXiY85cXdNWOm4byiNU7mOVIeA55dgQJHdoE="; }; outputs = [ "out" "apparmor" ]; diff --git a/pkgs/os-specific/linux/kbd/default.nix b/pkgs/os-specific/linux/kbd/default.nix index 9d97f73780d5..badb02aaec5a 100644 --- a/pkgs/os-specific/linux/kbd/default.nix +++ b/pkgs/os-specific/linux/kbd/default.nix @@ -17,11 +17,11 @@ stdenv.mkDerivation rec { pname = "kbd"; - version = "2.6.3"; + version = "2.6.4"; src = fetchurl { url = "mirror://kernel/linux/utils/kbd/${pname}-${version}.tar.xz"; - sha256 = "sha256-BJlsCNfRxGCWb7JEo9OIM1LCZ0t61SIAPZ9Oy4q0jes="; + sha256 = "sha256-UZ+NCHrsyn4KM80IS++SwGbrGXMWZmU9zHDJ1xqkCSY="; }; # vlock is moved into its own output, since it depends on pam. This diff --git a/pkgs/os-specific/linux/kernel-headers/default.nix b/pkgs/os-specific/linux/kernel-headers/default.nix index 652468002775..fc2f8ddbd143 100644 --- a/pkgs/os-specific/linux/kernel-headers/default.nix +++ b/pkgs/os-specific/linux/kernel-headers/default.nix @@ -111,12 +111,12 @@ let in { inherit makeLinuxHeaders; - linuxHeaders = let version = "6.6"; in + linuxHeaders = let version = "6.7"; in makeLinuxHeaders { inherit version; src = fetchurl { url = "mirror://kernel/linux/kernel/v${lib.versions.major version}.x/linux-${version}.tar.xz"; - hash = "sha256-2SagbGPdisffP4buH/ws4qO4Gi0WhITna1s4mrqOVtA="; + hash = "sha256-7zEUSiV20IDYwxaY6D7J9mv5fGd/oqrw1bu58zRbEGk="; }; patches = [ ./no-relocs.patch # for building x86 kernel headers on non-ELF platforms diff --git a/pkgs/os-specific/linux/libsepol/default.nix b/pkgs/os-specific/linux/libsepol/default.nix index 5d1c1cfc89c0..548d5222c7a2 100644 --- a/pkgs/os-specific/linux/libsepol/default.nix +++ b/pkgs/os-specific/linux/libsepol/default.nix @@ -2,14 +2,14 @@ stdenv.mkDerivation rec { pname = "libsepol"; - version = "3.5"; + version = "3.6"; se_url = "https://github.com/SELinuxProject/selinux/releases/download"; outputs = [ "bin" "out" "dev" "man" ]; src = fetchurl { url = "${se_url}/${version}/libsepol-${version}.tar.gz"; - sha256 = "sha256-eP2vaZJNt4C6x4VG5D2cRAdLrXmMLEFdC5u5bQZe6KI="; + sha256 = "sha256-ydxYXqlJA9eE1ZfIYc1dzmRZFo+V4isxoOqxzdgAl1o="; }; postPatch = lib.optionalString stdenv.hostPlatform.isStatic '' diff --git a/pkgs/os-specific/linux/pam/default.nix b/pkgs/os-specific/linux/pam/default.nix index 8660313a7189..c956dfad4c64 100644 --- a/pkgs/os-specific/linux/pam/default.nix +++ b/pkgs/os-specific/linux/pam/default.nix @@ -1,5 +1,4 @@ -{ lib, stdenv, buildPackages, fetchurl -, fetchpatch +{ lib, stdenv, buildPackages, fetchurl, fetchpatch , flex, cracklib, db4, gettext, audit, libxcrypt , nixosTests , autoreconfHook269, pkg-config-unwrapped @@ -7,30 +6,23 @@ stdenv.mkDerivation rec { pname = "linux-pam"; - version = "1.5.3"; + version = "1.6.0"; src = fetchurl { url = "https://github.com/linux-pam/linux-pam/releases/download/v${version}/Linux-PAM-${version}.tar.xz"; - hash = "sha256-esS1D+7gBKn6iPHf0tL6c4qCiWdjBQzXc7PFSwqBgoM="; + hash = "sha256-//SjTlu+534ujxmS8nYx4jKby/igVj3etcM4m04xaa0="; }; patches = [ ./suid-wrapper-path.patch - # Pull support for localization on non-default --prefix: - # https://github.com/NixOS/nixpkgs/issues/249010 - # https://github.com/linux-pam/linux-pam/pull/604 + + # Backport fix for missing include breaking musl builds. (fetchpatch { - name = "bind-locales.patch"; - url = "https://github.com/linux-pam/linux-pam/commit/77bd338125cde583ecdfb9fd69619bcd2baf15c2.patch"; - hash = "sha256-tlc9RcLZpEH315NFD4sdN9yOco8qhC6+bszl4OHm+AI="; - }) - ] - ++ lib.optional stdenv.hostPlatform.isMusl (fetchpatch { - name = "missing-termio.patch"; - url = "https://github.com/linux-pam/linux-pam/commit/5374f677e4cae669eb9accf2449178b602e8a40a.patch"; - hash = "sha256-b6n8f16ETSNj5h+5/Yhn32XMfVO8xEnZRRhw+nuLP/8="; + name = "pam_namespace-stdint.h.patch"; + url = "https://github.com/linux-pam/linux-pam/commit/cc9d40b7cdbd3e15ccaa324a0dda1680ef9dea13.patch"; + hash = "sha256-tCnH2yPO4dBbJOZA0fP2gm1EavHRMEJyfzB5Vy7YjAA="; }) - ; + ]; # Case-insensitivity workaround for https://github.com/linux-pam/linux-pam/issues/569 postPatch = if stdenv.buildPlatform.isDarwin && stdenv.buildPlatform != stdenv.hostPlatform then '' @@ -41,8 +33,7 @@ stdenv.mkDerivation rec { outputs = [ "out" "doc" "man" /* "modules" */ ]; depsBuildBuild = [ buildPackages.stdenv.cc ]; - # autoreconfHook269 is needed for `suid-wrapper-path.patch` and - # `bind-locales.patch` above. + # autoreconfHook269 is needed for `suid-wrapper-path.patch` above. # pkg-config-unwrapped is needed for `AC_CHECK_LIB` and `AC_SEARCH_LIBS` nativeBuildInputs = [ flex autoreconfHook269 pkg-config-unwrapped ] ++ lib.optional stdenv.buildPlatform.isDarwin gettext; diff --git a/pkgs/os-specific/linux/shadow/default.nix b/pkgs/os-specific/linux/shadow/default.nix index d6319fd0dcf3..2f4e49062aef 100644 --- a/pkgs/os-specific/linux/shadow/default.nix +++ b/pkgs/os-specific/linux/shadow/default.nix @@ -17,13 +17,13 @@ in stdenv.mkDerivation rec { pname = "shadow"; - version = "4.14.2"; + version = "4.14.3"; src = fetchFromGitHub { owner = "shadow-maint"; repo = pname; rev = version; - hash = "sha256-8sFXxP4MPFzKfBHzlKlsibj0lVQKJbC/Z7pWCy3WEuc="; + hash = "sha256-Y5wyvmTh66Bjb1/UPdDF78lgvH7HFTCFowhQQ+Fo9ak="; }; outputs = [ "out" "su" "dev" "man" ]; diff --git a/pkgs/os-specific/linux/systemd/default.nix b/pkgs/os-specific/linux/systemd/default.nix index c084112a5bdc..064c465bd6e3 100644 --- a/pkgs/os-specific/linux/systemd/default.nix +++ b/pkgs/os-specific/linux/systemd/default.nix @@ -68,16 +68,17 @@ , libpwquality , qrencode - # the (optional) BPF feature requires bpftool, libbpf, clang and llvm-strip to be available during build time. + # the (optional) BPF feature requires bpftool, libbpf, clang and llvm-strip to + # be available during build time. # Only libbpf should be a runtime dependency. # Note: llvmPackages is explicitly taken from buildPackages instead of relying # on splicing. Splicing will evaluate the adjacent (pkgsHostTarget) llvmPackages # which is sometimes problematic: llvmPackages.clang looks at targetPackages.stdenv.cc - # which, in the unfortunate case of pkgsCross.ghcjs, `throw`s. If we explicitly - # take buildPackages.llvmPackages, this is no problem because - # `buildPackages.targetPackages.stdenv.cc == stdenv.cc` relative to us. Working - # around this is important, because systemd is in the dependency closure of - # GHC via emscripten and jdk. + # which, in the unfortunate case of pkgsCross.ghcjs, `throw`s. If we + # explicitly take buildPackages.llvmPackages, this is no problem because + # `buildPackages.targetPackages.stdenv.cc == stdenv.cc` relative to + # us. Working around this is important, because systemd is in the dependency + # closure of GHC via emscripten and jdk. , bpftools , libbpf @@ -93,14 +94,16 @@ && !stdenv.hostPlatform.isMusl # "Unknown 64-bit data model" && !stdenv.hostPlatform.isRiscV32 -, withCompression ? true # adds bzip2, lz4, xz and zstd + # adds bzip2, lz4, xz and zstd +, withCompression ? true , withCoredump ? true , withCryptsetup ? true , withRepart ? true , withDocumentation ? true , withEfi ? stdenv.hostPlatform.isEfi , withFido2 ? true -, withFirstboot ? false # conflicts with the NixOS /etc management + # conflicts with the NixOS /etc management +, withFirstboot ? false , withHomed ? !stdenv.hostPlatform.isMusl , withHostnamed ? true , withHwdb ? true @@ -108,8 +111,10 @@ , withIptables ? true , withKmod ? true , withLibBPF ? lib.versionAtLeast buildPackages.llvmPackages.clang.version "10.0" - && (stdenv.hostPlatform.isAarch -> lib.versionAtLeast stdenv.hostPlatform.parsed.cpu.version "6") # assumes hard floats - && !stdenv.hostPlatform.isMips64 # see https://github.com/NixOS/nixpkgs/pull/194149#issuecomment-1266642211 + # assumes hard floats + && (stdenv.hostPlatform.isAarch -> lib.versionAtLeast stdenv.hostPlatform.parsed.cpu.version "6") + # see https://github.com/NixOS/nixpkgs/pull/194149#issuecomment-1266642211 + && !stdenv.hostPlatform.isMips64 # can't find gnu/stubs-32.h && (stdenv.hostPlatform.isPower64 -> stdenv.hostPlatform.isBigEndian) # https://reviews.llvm.org/D43106#1019077 @@ -139,7 +144,8 @@ , withTimedated ? true , withTimesyncd ? true , withTpm2Tss ? true -, withUkify ? false # adds python to closure which is too much by default + # adds python to closure which is too much by default +, withUkify ? false , withUserDb ? true , withUtmp ? !stdenv.hostPlatform.isMusl , withVmspawn ? true @@ -148,7 +154,7 @@ # build only libudev and libsystemd , buildLibsOnly ? false - # name argument + # yes, pname is an argument here , pname ? "systemd" , libxslt @@ -171,7 +177,8 @@ let wantGcrypt = withResolved || withImportd; version = "255.2"; - # Bump this variable on every (major) version change. See below (in the meson options list) for why. + # Use the command below to update `releaseTimestamp` on every (major) version + # change. More details in the commentary at mesonFlags. # command: # $ curl -s https://api.github.com/repos/systemd/systemd/releases/latest | \ # jq '.created_at|strptime("%Y-%m-%dT%H:%M:%SZ")|mktime' @@ -189,11 +196,14 @@ stdenv.mkDerivation (finalAttrs: { hash = "sha256-8SfJY/pcH4yrDeJi0GfIUpetTbpMwyswvSu+RSfgqfY="; }; - # On major changes, or when otherwise required, you *must* reformat the patches, - # `git am path/to/00*.patch` them into a systemd worktree, rebase to the more recent - # systemd version, and export the patches again via - # `git -c format.signoff=false format-patch v${version} --no-numbered --zero-commit --no-signature`. - # Use `find . -name "*.patch" | sort` to get an up-to-date listing of all patches + # On major changes, or when otherwise required, you *must* : + # 1. reformat the patches, + # 2. `git am path/to/00*.patch` them into a systemd worktree, + # 3. rebase to the more recent systemd version, + # 4. and export the patches again via + # `git -c format.signoff=false format-patch v${version} --no-numbered --zero-commit --no-signature`. + # Use `find . -name "*.patch" | sort` to get an up-to-date listing of all + # patches patches = [ ./0001-Start-device-units-for-uninitialised-encrypted-devic.patch ./0002-Don-t-try-to-unmount-nix-or-nix-store.patch @@ -262,8 +272,8 @@ stdenv.mkDerivation (finalAttrs: { "$out/lib/systemd/boot/efi" '' + ( let - # The following patches references to dynamic libraries to ensure that - # all the features that are implemented via dlopen(3) are available (or + # The following patches references to dynamic libraries to ensure that all + # the features that are implemented via dlopen(3) are available (or # explicitly deactivated) by pointing dlopen to the absolute store path # instead of relying on the linkers runtime lookup code. # @@ -275,11 +285,11 @@ stdenv.mkDerivation (finalAttrs: { # found` when using e.g. --grep with journalctl. Those errors should # become less unexpected now. # - # There are generally two classes of dlopen(3) calls. Those that we want to - # support and those that should be deactivated / unsupported. This change - # enforces that we handle all dlopen calls explicitly. Meaning: There is - # not a single dlopen call in the source code tree that we did not - # explicitly handle. + # There are generally two classes of dlopen(3) calls. Those that we want + # to support and those that should be deactivated / unsupported. This + # change enforces that we handle all dlopen calls explicitly. Meaning: + # There is not a single dlopen call in the source code tree that we did + # not explicitly handle. # # In order to do this we introduced a list of attributes that maps from # shared object name to the package that contains them. The package can be @@ -288,7 +298,8 @@ stdenv.mkDerivation (finalAttrs: { # path location). # # To get a list of dynamically loaded libraries issue something like - # `grep -ri '"lib[a-zA-Z0-9-]*\.so[\.0-9a-zA-z]*"'' $src` and update the below list. + # `grep -ri '"lib[a-zA-Z0-9-]*\.so[\.0-9a-zA-z]*"'' $src` + # and update the list below. dlopenLibs = let opt = condition: pkg: if condition then pkg else null; @@ -374,7 +385,8 @@ stdenv.mkDerivation (finalAttrs: { # patch all the dlopen calls to contain absolute paths to the libraries lib.concatMapStringsSep "\n" patchDlOpen dlopenLibs ) - # finally ensure that there are no left-over dlopen calls (or rather strings pointing to shared libraries) that we didn't handle + # finally ensure that there are no left-over dlopen calls (or rather strings + # pointing to shared libraries) that we didn't handle + '' if grep -qr '"lib[a-zA-Z0-9-]*\.so[\.0-9a-zA-z]*"' src; then echo "Found unhandled dynamic library calls: " @@ -461,12 +473,13 @@ stdenv.mkDerivation (finalAttrs: { mesonFlags = [ # Options - # We bump this variable on every (major) version change to ensure - # that we have known-good value for a timestamp that is in the (not so distant) past. - # This serves as a lower bound for valid system timestamps during startup. Systemd will - # reset the system timestamp if this date is +- 15 years from the system time. + # We bump this attribute on every (major) version change to ensure that we + # have known-good value for a timestamp that is in the (not so distant) + # past. This serves as a lower bound for valid system timestamps during + # startup. Systemd will reset the system timestamp if this date is +- 15 + # years from the system time. # See the systemd v250 release notes for further details: - # https://github.com/systemd/systemd/blob/60e930fc3e6eb8a36fbc184773119eb8d2f30364/NEWS#L258-L266 + # https://github.com/systemd/systemd/blob/60e930fc3e6eb8a36fbc184773119eb8d2f30364/NEWS#L258-L266 (lib.mesonOption "time-epoch" releaseTimestamp) (lib.mesonOption "version-tag" version) @@ -616,11 +629,19 @@ stdenv.mkDerivation (finalAttrs: { ]; preConfigure = let - # A list of all the runtime binaries that the systemd executables, tests and libraries are referencing in their source code, scripts and unit files. - # As soon as a dependency isn't required anymore we should remove it from the list. The `where` attribute for each of the replacement patterns must be exhaustive. If another (unhandled) case is found in the source code the build fails with an error message. + # A list of all the runtime binaries referenced by the source code (plus + # scripts and unit files) of systemd executables, tests and libraries. + # As soon as a dependency is lo longer required we should remove it from + # the list. + # The `where` attribute for each of the replacement patterns must be + # exhaustive. If another (unhandled) case is found in the source code the + # build fails with an error message. binaryReplacements = [ - { search = "/usr/bin/getent"; replacement = "${getent}/bin/getent"; where = [ "src/nspawn/nspawn-setuid.c" ]; } - + { + search = "/usr/bin/getent"; + replacement = "${getent}/bin/getent"; + where = [ "src/nspawn/nspawn-setuid.c" ]; + } { search = "/sbin/mkswap"; replacement = "${lib.getBin util-linux}/sbin/mkswap"; @@ -628,8 +649,19 @@ stdenv.mkDerivation (finalAttrs: { "man/systemd-makefs@.service.xml" ]; } - { search = "/sbin/swapon"; replacement = "${lib.getOutput "swap" util-linux}/sbin/swapon"; where = [ "src/core/swap.c" "src/basic/unit-def.h" ]; } - { search = "/sbin/swapoff"; replacement = "${lib.getOutput "swap" util-linux}/sbin/swapoff"; where = [ "src/core/swap.c" ]; } + { + search = "/sbin/swapon"; + replacement = "${lib.getOutput "swap" util-linux}/sbin/swapon"; + where = [ + "src/core/swap.c" + "src/basic/unit-def.h" + ]; + } + { + search = "/sbin/swapoff"; + replacement = "${lib.getOutput "swap" util-linux}/sbin/swapoff"; + where = [ "src/core/swap.c" ]; + } { search = "/bin/echo"; replacement = "${coreutils}/bin/echo"; @@ -646,14 +678,15 @@ stdenv.mkDerivation (finalAttrs: { { search = "/bin/cat"; replacement = "${coreutils}/bin/cat"; - where = [ "test/test-execute/exec-noexecpaths-simple.service" "src/journal/cat.c" ]; + where = [ + "test/test-execute/exec-noexecpaths-simple.service" + "src/journal/cat.c" + ]; } { search = "/usr/lib/systemd/systemd-fsck"; replacement = "$out/lib/systemd/systemd-fsck"; - where = [ - "man/systemd-fsck@.service.xml" - ]; + where = [ "man/systemd-fsck@.service.xml" ]; } ] ++ lib.optionals withImportd [ { @@ -682,10 +715,14 @@ stdenv.mkDerivation (finalAttrs: { ]; } ] ++ lib.optionals withKmod [ - { search = "/sbin/modprobe"; replacement = "${lib.getBin kmod}/sbin/modprobe"; where = [ "units/modprobe@.service" ]; } + { + search = "/sbin/modprobe"; + replacement = "${lib.getBin kmod}/sbin/modprobe"; + where = [ "units/modprobe@.service" ]; + } ]; - # { replacement, search, where } -> List[str] + # { replacement, search, where, ignore } -> List[str] mkSubstitute = { replacement, search, where, ignore ? [ ] }: map (path: "substituteInPlace ${path} --replace '${search}' \"${replacement}\"") where; mkEnsureSubstituted = { replacement, search, where, ignore ? [ ] }: @@ -778,11 +815,11 @@ stdenv.mkDerivation (finalAttrs: { mv $out/lib/sysusers.d $out/example ''; - # Avoid *.EFI binary stripping. At least on aarch64-linux strip - # removes too much from PE32+ files: + # Avoid *.EFI binary stripping. + # At least on aarch64-linux strip removes too much from PE32+ files: # https://github.com/NixOS/nixpkgs/issues/169693 - # The hack is to move EFI file out of lib/ before doStrip - # run and return it after doStrip run. + # The hack is to move EFI file out of lib/ before doStrip run and return it + # after doStrip run. preFixup = lib.optionalString withBootloader '' mv $out/lib/systemd/boot/efi $out/dont-strip-me ''; @@ -807,15 +844,15 @@ stdenv.mkDerivation (finalAttrs: { (builtins.map (p: p.__spliced.buildHost or p) finalAttrs.nativeBuildInputs); passthru = { - # The interface version prevents NixOS from switching to an - # incompatible systemd at runtime. (Switching across reboots is - # fine, of course.) It should be increased whenever systemd changes - # in a backwards-incompatible way. If the interface version of two - # systemd builds is the same, then we can switch between them at - # runtime; otherwise we can't and we need to reboot. + # The `interfaceVersion` attribute below points out the incompatibilities + # between systemd versions. When the new systemd build is + # backwards-compatible with the previous one, then they can be switched at + # runtime (the reboot being optional in this case); otherwise, a reboot is + # needed - and therefore `interfaceVersion` should be incremented. interfaceVersion = 2; - inherit withCryptsetup withHostnamed withImportd withKmod withLocaled withMachined withPortabled withTimedated withUtmp util-linux kmod kbd; + inherit withCryptsetup withHostnamed withImportd withKmod withLocaled + withMachined withPortabled withTimedated withUtmp util-linux kmod kbd; tests = { inherit (nixosTests) @@ -823,19 +860,53 @@ stdenv.mkDerivation (finalAttrs: { systemd-journal systemd-journal-gateway systemd-journal-upload; - cross = pkgsCross.${if stdenv.buildPlatform.isAarch64 then "gnu64" else "aarch64-multiplatform"}.systemd; + cross = + let + systemString = + if stdenv.buildPlatform.isAarch64 + then "gnu64" + else "aarch64-multiplatform"; + in + pkgsCross.${systemString}.systemd; }; }; - meta = with lib; { + meta = { homepage = "https://www.freedesktop.org/wiki/Software/systemd/"; description = "A system and service manager for Linux"; - license = licenses.lgpl21Plus; - platforms = platforms.linux; + longDescription = '' + systemd is a suite of basic building blocks for a Linux system. It + provides a system and service manager that runs as PID 1 and starts the + rest of the system. systemd provides aggressive parallelization + capabilities, uses socket and D-Bus activation for starting services, + offers on-demand starting of daemons, keeps track of processes using Linux + control groups, maintains mount and automount points, and implements an + elaborate transactional dependency-based service control logic. systemd + supports SysV and LSB init scripts and works as a replacement for + sysvinit. Other parts include a logging daemon, utilities to control basic + system configuration like the hostname, date, locale, maintain a list of + logged-in users and running containers and virtual machines, system + accounts, runtime directories and settings, and daemons to manage simple + network configuration, network time synchronization, log forwarding, and + name resolution. + ''; + license = with lib.licenses; [ + # Taken from https://raw.githubusercontent.com/systemd/systemd-stable/${finalAttrs.src.rev}/LICENSES/README.md + bsd2 + bsd3 + cc0 + lgpl21Plus + lgpl2Plus + mit + mit0 + ofl + publicDomain + ]; + maintainers = with lib.maintainers; [ flokli kloenk ]; + platforms = lib.platforms.linux; + priority = 10; badPlatforms = [ lib.systems.inspect.platformPatterns.isStatic ]; # https://github.com/systemd/systemd/issues/20600#issuecomment-912338965 broken = stdenv.hostPlatform.isStatic; - priority = 10; - maintainers = with maintainers; [ flokli kloenk ]; }; }) diff --git a/pkgs/servers/x11/xorg/default.nix b/pkgs/servers/x11/xorg/default.nix index 8786e0798627..8e18237b8e9f 100644 --- a/pkgs/servers/x11/xorg/default.nix +++ b/pkgs/servers/x11/xorg/default.nix @@ -998,11 +998,11 @@ self: with self; { # THIS IS A GENERATED FILE. DO NOT EDIT! imake = callPackage ({ stdenv, pkg-config, fetchurl, xorgproto, testers }: stdenv.mkDerivation (finalAttrs: { pname = "imake"; - version = "1.0.9"; + version = "1.0.10"; builder = ./builder.sh; src = fetchurl { - url = "mirror://xorg/individual/util/imake-1.0.9.tar.xz"; - sha256 = "10wgw3l0rsnvc2191awyg5j24n3g552xgc671qr5vnbliwkrvpkj"; + url = "mirror://xorg/individual/util/imake-1.0.10.tar.xz"; + sha256 = "1xgcsamfij22ggc4p8anvvihwyf4adg6gjdd6v7m9cypm37cppkm"; }; hardeningDisable = [ "bindnow" "relro" ]; strictDeps = true; diff --git a/pkgs/servers/x11/xorg/tarballs.list b/pkgs/servers/x11/xorg/tarballs.list index 1234f05b9723..c6dcd9b0402f 100644 --- a/pkgs/servers/x11/xorg/tarballs.list +++ b/pkgs/servers/x11/xorg/tarballs.list @@ -213,7 +213,7 @@ mirror://xorg/individual/proto/xcb-proto-1.16.0.tar.xz mirror://xorg/individual/proto/xorgproto-2023.2.tar.xz mirror://xorg/individual/util/bdftopcf-1.1.1.tar.xz mirror://xorg/individual/util/gccmakedep-1.0.3.tar.bz2 -mirror://xorg/individual/util/imake-1.0.9.tar.xz +mirror://xorg/individual/util/imake-1.0.10.tar.xz mirror://xorg/individual/util/lndir-1.0.4.tar.xz mirror://xorg/individual/util/makedepend-1.0.8.tar.xz mirror://xorg/individual/util/util-macros-1.20.0.tar.xz diff --git a/pkgs/shells/bash/5.nix b/pkgs/shells/bash/5.nix index 3c4fb83e3e4e..de0426fbcdcd 100644 --- a/pkgs/shells/bash/5.nix +++ b/pkgs/shells/bash/5.nix @@ -22,11 +22,12 @@ let }); in stdenv.mkDerivation rec { - name = "bash-${lib.optionalString interactive "interactive-"}${version}-p${toString (builtins.length upstreamPatches)}"; - version = "5.2"; + pname = "bash${lib.optionalString interactive "-interactive"}"; + version = "5.2${patch_suffix}"; + patch_suffix = "p${toString (builtins.length upstreamPatches)}"; src = fetchurl { - url = "mirror://gnu/bash/bash-${version}.tar.gz"; + url = "mirror://gnu/bash/bash-${lib.removeSuffix patch_suffix version}.tar.gz"; sha256 = "sha256-oTnBZt9/9EccXgczBRZC7lVWwcyKSnjxRVg8XIGrMvs="; }; diff --git a/pkgs/shells/bash/bash-5.2-patches.nix b/pkgs/shells/bash/bash-5.2-patches.nix index 3aa9f331d8bb..5d5ef94676de 100644 --- a/pkgs/shells/bash/bash-5.2-patches.nix +++ b/pkgs/shells/bash/bash-5.2-patches.nix @@ -22,4 +22,9 @@ patch: [ (patch "019" "10njgv5mrc5rhsp5lvxcbm0pnzn59a8spi2nhdasifyl1a32cp1j") (patch "020" "07f0wlmqjdfarp44w3gj9gdqbqm5x20rvlhpn34ngklmxcm2bz5n") (patch "021" "1kahfqqalcwi4m73pg3ssz6lh0kcqsqax09myac7a15d2y0vhd43") +(patch "022" "0w74aym0g1fh48864a3qxh89f26iaq7wsbg7244c6kjr94527dbq") +(patch "023" "1lywjqbc36j5pdzfcvnz1zy30j76aqmsm190p888av0hw815b45g") +(patch "024" "1hq23djqbr7s9y2324jq9mxr5bwdkmgizn3zgpchbsqp054k85cp") +(patch "025" "0x9hc4silzl4d3zw4p43i5dm7w86k50j47f87lracwfgwy3z8f2i") +(patch "026" "1b1fhm1dsi67r8ip17s0xvx2qq31fsxc1g9n3r931dd0k9a1zvln") ] diff --git a/pkgs/stdenv/darwin/default.nix b/pkgs/stdenv/darwin/default.nix index c47937d7bfad..1433369c3252 100644 --- a/pkgs/stdenv/darwin/default.nix +++ b/pkgs/stdenv/darwin/default.nix @@ -317,7 +317,10 @@ in ln -s ${bootstrapTools}/lib/clang $out/lib ln -s ${bootstrapTools}/include $out ''; - passthru.isFromBootstrapFiles = true; + passthru = { + isFromBootstrapFiles = true; + hardeningUnsupportedFlags = [ "fortify3" "zerocallusedregs" ]; + }; }; clang-unwrapped = selfTools.libclang; libllvm = self.stdenv.mkDerivation { diff --git a/pkgs/stdenv/generic/make-derivation.nix b/pkgs/stdenv/generic/make-derivation.nix index cb1607c5e63a..54a03a56866b 100644 --- a/pkgs/stdenv/generic/make-derivation.nix +++ b/pkgs/stdenv/generic/make-derivation.nix @@ -249,6 +249,7 @@ let "relro" "stackprotector" "strictoverflow" + "zerocallusedregs" ]; defaultHardeningFlags = (if stdenv.hasCC then stdenv.cc else {}).defaultHardeningFlags or diff --git a/pkgs/stdenv/linux/bootstrap-files/i686-unknown-linux-gnu.nix b/pkgs/stdenv/linux/bootstrap-files/i686-unknown-linux-gnu.nix index 112d37670c8c..91709d7c6670 100644 --- a/pkgs/stdenv/linux/bootstrap-files/i686-unknown-linux-gnu.nix +++ b/pkgs/stdenv/linux/bootstrap-files/i686-unknown-linux-gnu.nix @@ -1,12 +1,21 @@ +# Autogenerated by maintainers/scripts/bootstrap-files/refresh-tarballs.bash as: +# $ ./refresh-tarballs.bash --targets=i686-unknown-linux-gnu +# +# Metadata: +# - nixpkgs revision: 125cefd4cf8f857e5ff1aceaef9230ba578a033d +# - hydra build: https://hydra.nixos.org/job/nixpkgs/trunk/stdenvBootstrapTools.i686-unknown-linux-gnu.build/latest +# - resolved hydra build: https://hydra.nixos.org/build/247889988 +# - instantiated derivation: /nix/store/chcf0brhdyn7ihmb14n0w4rm2a59gqrw-stdenv-bootstrap-tools.drv +# - output directory: /nix/store/5x6dldhza7if5s6wsicaxa8fbndyixps-stdenv-bootstrap-tools +# - build time: Fri, 26 Jan 2024 22:04:03 +0000 { + bootstrapTools = import <nix/fetchurl.nix> { + url = "http://tarballs.nixos.org/stdenv/i686-unknown-linux-gnu/125cefd4cf8f857e5ff1aceaef9230ba578a033d/bootstrap-tools.tar.xz"; + hash = "sha256-KTAh3t91aJMiMO/7NFOjUz6fXI9Iu+H7cuODreWz9N8="; + }; busybox = import <nix/fetchurl.nix> { - url = "http://tarballs.nixos.org/stdenv-linux/i686/4907fc9e8d0d82b28b3c56e3a478a2882f1d700f/busybox"; - sha256 = "ef4c1be6c7ae57e4f654efd90ae2d2e204d6769364c46469fa9ff3761195cba1"; + url = "http://tarballs.nixos.org/stdenv/i686-unknown-linux-gnu/125cefd4cf8f857e5ff1aceaef9230ba578a033d/busybox"; + hash = "sha256-omz+ZT0bhMkAZcDs9evA2PNpO6VHUozdtjMgdui6fxw="; executable = true; }; - - bootstrapTools = import <nix/fetchurl.nix> { - url = "http://tarballs.nixos.org/stdenv-linux/i686/c5aabb0d603e2c1ea05f5a93b3be82437f5ebf31/bootstrap-tools.tar.xz"; - sha256 = "b9bf20315f8c5c0411679c5326084420b522046057a0850367c67d9514794f1c"; - }; } diff --git a/pkgs/stdenv/linux/bootstrap-tools-musl/default.nix b/pkgs/stdenv/linux/bootstrap-tools-musl/default.nix index 569f0c6f31e2..ad2449cfd9ff 100644 --- a/pkgs/stdenv/linux/bootstrap-tools-musl/default.nix +++ b/pkgs/stdenv/linux/bootstrap-tools-musl/default.nix @@ -15,5 +15,5 @@ derivation ({ langC = true; langCC = true; isGNU = true; - hardeningUnsupportedFlags = [ "fortify3" ]; + hardeningUnsupportedFlags = [ "fortify3" "zerocallusedregs" ]; } // extraAttrs) diff --git a/pkgs/stdenv/linux/bootstrap-tools/default.nix b/pkgs/stdenv/linux/bootstrap-tools/default.nix index 569f0c6f31e2..ad2449cfd9ff 100644 --- a/pkgs/stdenv/linux/bootstrap-tools/default.nix +++ b/pkgs/stdenv/linux/bootstrap-tools/default.nix @@ -15,5 +15,5 @@ derivation ({ langC = true; langCC = true; isGNU = true; - hardeningUnsupportedFlags = [ "fortify3" ]; + hardeningUnsupportedFlags = [ "fortify3" "zerocallusedregs" ]; } // extraAttrs) diff --git a/pkgs/tools/X11/xdg-utils/default.nix b/pkgs/tools/X11/xdg-utils/default.nix index 3be7b2fd0ee6..3db16f067148 100644 --- a/pkgs/tools/X11/xdg-utils/default.nix +++ b/pkgs/tools/X11/xdg-utils/default.nix @@ -1,9 +1,10 @@ -{ lib, stdenv, fetchFromGitLab, fetchFromGitHub, fetchpatch -, file, libxslt, docbook_xml_dtd_412, docbook_xsl, xmlto -, w3m, gnugrep, gnused, coreutils, xset, perlPackages -, mimiSupport ? false, gawk -, bash -, glib +{ lib, stdenv, fetchFromGitLab, fetchFromGitHub, fetchpatch, writeText +# docs deps +, libxslt, docbook_xml_dtd_412, docbook_xml_dtd_43, docbook_xsl, xmlto +# runtime deps +, resholve, bash, coreutils, dbus, file, gawk, glib, gnugrep, gnused, jq, lockfileProgs, nettools, procmail, procps, xdg-user-dirs +, perl, perlPackages +, mimiSupport ? false , withXdgOpenUsePortalPatch ? true }: let @@ -15,73 +16,248 @@ let sha256 = "15gw2nyrqmdsdin8gzxihpn77grhk9l97jp7s7pr7sl4n9ya2rpj"; }; - perlPath = with perlPackages; makePerlPath [ - NetDBus XMLTwig XMLParser X11Protocol + # Required by the common desktop detection code + commonDeps = [ dbus coreutils gnugrep gnused ]; + # These are all faked because the current desktop is detected + # based on their presence, so we want them to be missing by default. + commonFakes = [ + "explorer.exe" + "gnome-default-applications-properties" + "kde-config" + "xprop" ]; + # This is still required to work around the eval trickery some scripts do + commonPrologue = "${writeText "xdg-utils-prologue" '' + export PATH=$PATH:${coreutils}/bin + ''}"; + + solutions = [ + { + scripts = [ "bin/xdg-desktop-icon" ]; + interpreter = "${bash}/bin/bash"; + inputs = commonDeps ++ [ xdg-user-dirs ]; + execer = [ + "cannot:${xdg-user-dirs}/bin/xdg-user-dir" + ]; + # These are desktop-specific, so we don't want xdg-utils to be able to + # call them when in a different setup. + fake.external = commonFakes ++ [ + "gconftool-2" # GNOME2 + ]; + keep."$KDE_SESSION_VERSION" = true; + prologue = commonPrologue; + } + + { + scripts = [ "bin/xdg-desktop-menu" ]; + interpreter = "${bash}/bin/bash"; + inputs = commonDeps ++ [ gawk ]; + fake.external = commonFakes; + keep."$KDE_SESSION_VERSION" = true; + prologue = commonPrologue; + } + + { + scripts = [ "bin/xdg-email" ]; + interpreter = "${bash}/bin/bash"; + inputs = commonDeps ++ [ gawk glib.bin "${placeholder "out"}/bin" ]; + execer = [ + "cannot:${placeholder "out"}/bin/xdg-mime" + "cannot:${placeholder "out"}/bin/xdg-open" + ]; + # These are desktop-specific, so we don't want xdg-utils to be able to + # call them when in a different setup. + fake.external = commonFakes ++ [ + "exo-open" # XFCE + "gconftool-2" # GNOME + "gio" # GNOME (new) + "gnome-open" # GNOME (very old) + "gvfs-open" # GNOME (old) + "qtxdg-mat" # LXQT + "xdg-email-hook.sh" # user-defined hook that may be available ambiently + ]; + fix."/bin/echo" = true; + keep = { + "$command" = true; + "$kreadconfig" = true; + "$THUNDERBIRD" = true; + "$utf8" = true; + }; + } + + { + scripts = [ "bin/xdg-icon-resource" ]; + interpreter = "${bash}/bin/bash"; + inputs = commonDeps; + fake.external = commonFakes; + keep."$KDE_SESSION_VERSION" = true; + prologue = commonPrologue; + } + + { + scripts = [ "bin/xdg-mime" ]; + interpreter = "${bash}/bin/bash"; + inputs = commonDeps ++ [ file gawk ]; + # These are desktop-specific, so we don't want xdg-utils to be able to + # call them when in a different setup. + fake.external = commonFakes ++ [ + "gio" # GNOME (new) + "gnomevfs-info" # GNOME (very old) + "gvfs-info" # GNOME (old) + "kde4-config" # Plasma 4 + "kfile" # KDE 3 + "kmimetypefinder" # Plasma (generic) + "kmimetypefinder5" # Plasma 5 + "ktraderclient" # KDE 3 + "ktradertest" # KDE 3 + "mimetype" # alternative tool for file, pulls in perl, avoid + "qtpaths" # Plasma + "qtxdg-mat" # LXQT + ]; + fix."/usr/bin/file" = true; + keep = { + "$KDE_SESSION_VERSION" = true; + "$KTRADER" = true; + }; + prologue = commonPrologue; + } + + { + scripts = [ "bin/xdg-open" ]; + interpreter = "${bash}/bin/bash"; + inputs = commonDeps ++ [ nettools glib.bin "${placeholder "out"}/bin" ]; + execer = [ + "cannot:${placeholder "out"}/bin/xdg-mime" + ]; + # These are desktop-specific, so we don't want xdg-utils to be able to + # call them when in a different setup. + fake.external = commonFakes ++ [ + "cygstart" # Cygwin + "dde-open" # Deepin + "enlightenment_open" # Enlightenment + "exo-open" # XFCE + "gio" # GNOME (new) + "gnome-open" # GNOME (very old) + "gvfs-open" # GNOME (old) + "kde-open" # Plasma + "kfmclient" # KDE3 + "mate-open" # MATE + "mimeopen" # alternative tool for file, pulls in perl, avoid + "open" # macOS + "pcmanfm" # LXDE + "qtxdg-mat" # LXQT + "run-mailcap" # generic + "rundll32.exe" # WSL + "wslpath" # WSL + ]; + fix."$printf" = [ "printf" ]; + keep = { + "env:$command" = true; + "$browser" = true; + "$KDE_SESSION_VERSION" = true; + }; + } + + { + scripts = [ "bin/xdg-screensaver" ]; + interpreter = "${bash}/bin/bash"; + inputs = commonDeps ++ [ lockfileProgs nettools perl procmail procps ]; + # These are desktop-specific, so we don't want xdg-utils to be able to + # call them when in a different setup. + fake.external = commonFakes ++ [ + "dcop" # KDE3 + "mate-screensaver-command" # MATE + "xautolock" # Xautolock + "xscreensaver-command" # Xscreensaver + "xset" # generic-ish X + ]; + fix."$lockfile_command" = [ "lockfile" ]; + keep = { + "$MV" = true; + "$XPROP" = true; + }; + prologue = "${writeText "xdg-screensaver-prologue" '' + export PERL5LIB=${with perlPackages; makePerlPath [ NetDBus XMLTwig XMLParser X11Protocol ]} + export PATH=$PATH:${coreutils}/bin + ''}"; + } + + { + scripts = [ "bin/xdg-settings" ]; + interpreter = "${bash}/bin/bash"; + inputs = commonDeps ++ [ jq "${placeholder "out"}/bin" ]; + execer = [ + "cannot:${placeholder "out"}/bin/xdg-mime" + ]; + # These are desktop-specific, so we don't want xdg-utils to be able to + # call them when in a different setup. + fake.external = commonFakes ++ [ + "gconftool-2" # GNOME + "kreadconfig" # Plasma (generic) + "kreadconfig5" # Plasma 5 + "kreadconfig6" # Plasma 6 + "ktradertest" # KDE3 + "kwriteconfig" # Plasma (generic) + "kwriteconfig5" # Plasma 5 + "kwriteconfig6" # Plasma 6 + "qtxdg-mat" # LXQT + ]; + keep = { + "$KDE_SESSION_VERSION" = true; + # get_browser_$handler + "$handler" = true; + }; + } + ]; in stdenv.mkDerivation rec { pname = "xdg-utils"; - version = "unstable-2022-11-06"; + version = "1.2.0"; src = fetchFromGitLab { domain = "gitlab.freedesktop.org"; owner = "xdg"; repo = "xdg-utils"; - rev = "8ae02631a9806da11b34cd6b274af02d28aee5da"; - sha256 = "sha256-WdnnAiPYbREny633FnBi5tD9hDuF8NCVVbUaAVIKTxM="; + rev = "v${version}"; + hash = "sha256-rjNIO4B9jHsBmPaugWTMqTGNpjiw0MTEmf9/ds2Mud4="; }; - patches = lib.optionals withXdgOpenUsePortalPatch [ + patches = [ + # Backport typo fix + (fetchpatch { + url = "https://gitlab.freedesktop.org/xdg/xdg-utils/-/commit/af2fe0d1dcbcd982d84ddf2bbd174afe90976ed9.patch"; + hash = "sha256-HhQk06wWkyWjSxjXet+sADKf1irswKxDA8WuOknZKRs="; + }) + # Backport docs rendering fixes + # See: https://gitlab.freedesktop.org/xdg/xdg-utils/-/merge_requests/106 + (fetchpatch { + url = "https://gitlab.freedesktop.org/xdg/xdg-utils/-/commit/403a720ad18920030418a7c3d1f2caba9ce3892d.patch"; + hash = "sha256-XxFUeyXENHCy+wplIJ5OzoU5oyA4v1bz/9qMXp1ZwsE="; + }) + (fetchpatch { + url = "https://gitlab.freedesktop.org/xdg/xdg-utils/-/commit/a137f2ba87620402aca21b14fb1d79517782dd29.patch"; + hash = "sha256-XFUAWn4uOyzgLdvupBxsO7wm6VDSzYj1SGZEM+9ouec="; + }) + ] ++ lib.optionals withXdgOpenUsePortalPatch [ # Allow forcing the use of XDG portals using NIXOS_XDG_OPEN_USE_PORTAL environment variable. # Upstream PR: https://github.com/freedesktop/xdg-utils/pull/12 ./allow-forcing-portal-use.patch - # Allow opening files when using portal with xdg-open. - # Upstream PR: https://gitlab.freedesktop.org/xdg/xdg-utils/-/merge_requests/65 - (fetchpatch { - name = "support-openfile-with-portal.patch"; - url = "https://gitlab.freedesktop.org/xdg/xdg-utils/-/commit/5cd8c38f58d9db03240f4bc67267fe3853b66ec7.diff"; - hash = "sha256-snkhxwGF9hpqEh5NGG8xixTi/ydAk5apXRtgYrVgNY8="; - }) ]; # just needed when built from git - nativeBuildInputs = [ libxslt docbook_xml_dtd_412 docbook_xsl xmlto w3m ]; + nativeBuildInputs = [ libxslt docbook_xml_dtd_412 docbook_xml_dtd_43 docbook_xsl xmlto ]; # explicitly provide a runtime shell so patchShebangs is consistent across build platforms buildInputs = [ bash ]; postInstall = lib.optionalString mimiSupport '' cp ${mimisrc}/xdg-open $out/bin/xdg-open - '' + '' - sed '2s#.#\ - sed() { ${gnused}/bin/sed "$@"; }\ - grep() { ${gnugrep}/bin/grep "$@"; }\ - egrep() { ${gnugrep}/bin/egrep "$@"; }\ - file() { ${file}/bin/file "$@"; }\ - awk() { ${gawk}/bin/awk "$@"; }\ - xset() { ${xset}/bin/xset "$@"; }\ - perl() { PERL5LIB=${perlPath} ${perlPackages.perl}/bin/perl "$@"; }\ - mimetype() { ${perlPackages.FileMimeInfo}/bin/mimetype "$@"; }\ - PATH=$PATH:'$out'/bin:${coreutils}/bin\ - &#' -i "$out"/bin/* - - substituteInPlace $out/bin/xdg-open \ - --replace "/usr/bin/printf" "${coreutils}/bin/printf" \ - --replace "gdbus" "${glib}/bin/gdbus" \ - --replace "mimeopen" "${perlPackages.FileMimeInfo}/bin/mimeopen" - - substituteInPlace $out/bin/xdg-mime \ - --replace "/usr/bin/file" "${file}/bin/file" - - substituteInPlace $out/bin/xdg-email \ - --replace "/bin/echo" "${coreutils}/bin/echo" \ - --replace "gdbus" "${glib}/bin/gdbus" - - sed 's|\bwhich\b|type -P|g' -i "$out"/bin/* ''; + preFixup = lib.concatStringsSep "\n" (map (resholve.phraseSolution "xdg-utils-resholved") solutions); + meta = with lib; { homepage = "https://www.freedesktop.org/wiki/Software/xdg-utils/"; description = "A set of command line tools that assist applications with a variety of desktop integration tasks"; diff --git a/pkgs/tools/archivers/cpio/default.nix b/pkgs/tools/archivers/cpio/default.nix index 4116a0b3e4ca..5b65a580fa67 100644 --- a/pkgs/tools/archivers/cpio/default.nix +++ b/pkgs/tools/archivers/cpio/default.nix @@ -1,7 +1,6 @@ { lib , stdenv , fetchurl -, fetchpatch , autoreconfHook # for passthru.tests @@ -13,22 +12,13 @@ stdenv.mkDerivation rec { pname = "cpio"; - version = "2.14"; + version = "2.15"; src = fetchurl { url = "mirror://gnu/cpio/cpio-${version}.tar.bz2"; - sha256 = "/NwV1g9yZ6b8fvzWudt7bIlmxPL7u5ZMJNQTNv0/LBI="; + hash = "sha256-k3YQuXwymh7JJoVT+3gAN7z/8Nz/6XJevE/ZwaqQdds="; }; - patches = [ - # Pull upstream fix for clang-16 and gcc-14. - (fetchpatch { - name = "major-decl.patch"; - url = "https://git.savannah.gnu.org/cgit/cpio.git/patch/?id=8179be21e664cedb2e9d238cc2f6d04965e97275"; - hash = "sha256-k5Xiv3xuPU8kPT6D9B6p+V8SK55ybFgrIIPDgHuorpM="; - }) - ]; - nativeBuildInputs = [ autoreconfHook ]; separateDebugInfo = true; diff --git a/pkgs/tools/archivers/zip/buffer-overflow-on-utf8-rh-bug-2165653.patch b/pkgs/tools/archivers/zip/buffer-overflow-on-utf8-rh-bug-2165653.patch new file mode 100644 index 000000000000..2ee3fff0db54 --- /dev/null +++ b/pkgs/tools/archivers/zip/buffer-overflow-on-utf8-rh-bug-2165653.patch @@ -0,0 +1,12 @@ +diff -urp zip30/fileio.c zip30/fileio.c +--- zip30/fileio.c 2008-05-29 03:13:24.000000000 +0300 ++++ zip30/fileio.c 2023-05-02 12:19:50.488314853 +0300 +@@ -3502,7 +3502,7 @@ zwchar *local_to_wide_string(local_strin + if ((wc_string = (wchar_t *)malloc((wsize + 1) * sizeof(wchar_t))) == NULL) { + ZIPERR(ZE_MEM, "local_to_wide_string"); + } +- wsize = mbstowcs(wc_string, local_string, strlen(local_string) + 1); ++ wsize = mbstowcs(wc_string, local_string, wsize + 1); + wc_string[wsize] = (wchar_t) 0; + + /* in case wchar_t is not zwchar */ diff --git a/pkgs/tools/archivers/zip/default.nix b/pkgs/tools/archivers/zip/default.nix index 1ac615a3d90f..1d75040c7784 100644 --- a/pkgs/tools/archivers/zip/default.nix +++ b/pkgs/tools/archivers/zip/default.nix @@ -33,6 +33,9 @@ stdenv.mkDerivation rec { ./fix-memset-detection.patch # Implicit declaration of `closedir` and `opendir` cause dirent detection to fail with clang 16. ./fix-implicit-declarations.patch + # Buffer overflow on Unicode characters in path names + # https://bugzilla.redhat.com/show_bug.cgi?id=2165653 + ./buffer-overflow-on-utf8-rh-bug-2165653.patch ] ++ lib.optionals (enableNLS && !stdenv.isCygwin) [ ./natspec-gentoo.patch.bz2 ]; buildInputs = lib.optional enableNLS libnatspec diff --git a/pkgs/tools/compression/xz/default.nix b/pkgs/tools/compression/xz/default.nix index e8e0ae2439f2..9e195a0aa7db 100644 --- a/pkgs/tools/compression/xz/default.nix +++ b/pkgs/tools/compression/xz/default.nix @@ -10,11 +10,11 @@ stdenv.mkDerivation rec { pname = "xz"; - version = "5.4.5"; + version = "5.4.6"; src = fetchurl { - url = "https://tukaani.org/xz/xz-${version}.tar.bz2"; - sha256 = "sha256-jM9f/4aMAG8pUi44b7TGobZkY/vKZaTPw8S9WW6JXnk="; + url = "https://github.com/tukaani-project/xz/releases/download/v${version}/xz-${version}.tar.bz2"; + sha256 = "sha256-kThRsnTo4dMXgeyUnxwj6NvPDs9uc6JDbcIXad0+b0k="; }; strictDeps = true; diff --git a/pkgs/tools/networking/curl/configure-ipv6-autodetect.diff b/pkgs/tools/networking/curl/configure-ipv6-autodetect.diff deleted file mode 100644 index 9797d2c16d11..000000000000 --- a/pkgs/tools/networking/curl/configure-ipv6-autodetect.diff +++ /dev/null @@ -1,46 +0,0 @@ -diff --git a/configure b/configure -index 04d1de1..5de1b41 100755 ---- a/configure -+++ b/configure -@@ -24949,15 +24949,12 @@ else $as_nop - # include <netinet/in6.h> - #endif - #endif --#include <stdlib.h> /* for exit() */ --main() -+ -+int main(void) - { - struct sockaddr_in6 s; - (void)s; -- if (socket(AF_INET6, SOCK_STREAM, 0) < 0) -- exit(1); -- else -- exit(0); -+ return socket(AF_INET6, SOCK_STREAM, 0) < 0; - } - - -diff --git a/configure.ac b/configure.ac -index 2d71c83..bd38dd9 100644 ---- a/configure.ac -+++ b/configure.ac -@@ -1679,15 +1679,12 @@ AS_HELP_STRING([--disable-ipv6],[Disable IPv6 support]), - # include <netinet/in6.h> - #endif - #endif --#include <stdlib.h> /* for exit() */ --main() -+ -+int main(void) - { - struct sockaddr_in6 s; - (void)s; -- if (socket(AF_INET6, SOCK_STREAM, 0) < 0) -- exit(1); -- else -- exit(0); -+ return socket(AF_INET6, SOCK_STREAM, 0) < 0; - } - ]]) - ], diff --git a/pkgs/tools/networking/curl/default.nix b/pkgs/tools/networking/curl/default.nix index d7d78cea11b7..9cbf6dc1b0fb 100644 --- a/pkgs/tools/networking/curl/default.nix +++ b/pkgs/tools/networking/curl/default.nix @@ -48,21 +48,19 @@ assert !((lib.count (x: x) [ gnutlsSupport opensslSupport wolfsslSupport rustlsS stdenv.mkDerivation (finalAttrs: { pname = "curl"; - version = "8.5.0"; + version = "8.6.0"; src = fetchurl { urls = [ "https://curl.haxx.se/download/curl-${finalAttrs.version}.tar.xz" "https://github.com/curl/curl/releases/download/curl-${builtins.replaceStrings [ "." ] [ "_" ] finalAttrs.version}/curl-${finalAttrs.version}.tar.xz" ]; - hash = "sha256-QquNueINgpCjtjPn+7POwV2zTfZf0QFe+KweRyN1Dus="; + hash = "sha256-PM1V2Rr5UWU534BiX4GMc03G8uz5utozx2dl6ZEh2xU="; }; - patches = [ - # fix ipv6 autodetect compile error in configure script - # remove once https://github.com/curl/curl/pull/12607 released (8.6.0) - ./configure-ipv6-autodetect.diff - ]; + postPatch = '' + patchShebangs scripts + ''; outputs = [ "bin" "dev" "out" "man" "devdoc" ]; separateDebugInfo = stdenv.isLinux; @@ -120,6 +118,7 @@ stdenv.mkDerivation (finalAttrs: { (lib.withFeature rtmpSupport "librtmp") (lib.withFeature rustlsSupport "rustls") (lib.withFeature zstdSupport "zstd") + (lib.withFeature pslSupport "libpsl") (lib.withFeatureAs brotliSupport "brotli" (lib.getDev brotli)) (lib.withFeatureAs gnutlsSupport "gnutls" (lib.getDev gnutls)) (lib.withFeatureAs idnSupport "libidn2" (lib.getDev libidn2)) @@ -180,7 +179,6 @@ stdenv.mkDerivation (finalAttrs: { inherit opensslSupport openssl; tests = { withCheck = finalAttrs.finalPackage.overrideAttrs (_: { doCheck = true; }); - fetchpatch = tests.fetchpatch.simple.override { fetchpatch = (fetchpatch.override { fetchurl = useThisCurl fetchurl; }) // { version = 1; }; }; curlpp = useThisCurl curlpp; coeurl = useThisCurl coeurl; haskell-curl = useThisCurl haskellPackages.curl; @@ -192,6 +190,8 @@ stdenv.mkDerivation (finalAttrs: { # nginx-http3 = useThisCurl nixosTests.nginx-http3; nginx-http3 = nixosTests.nginx-http3; pkg-config = testers.testMetaPkgConfig finalAttrs.finalPackage; + } // lib.optionalAttrs (!stdenv.isDarwin) { + fetchpatch = tests.fetchpatch.simple.override { fetchpatch = (fetchpatch.override { fetchurl = useThisCurl fetchurl; }) // { version = 1; }; }; }; }; diff --git a/pkgs/tools/networking/dhcpcd/default.nix b/pkgs/tools/networking/dhcpcd/default.nix index 0350a4989262..9d4dc1cd7c2c 100644 --- a/pkgs/tools/networking/dhcpcd/default.nix +++ b/pkgs/tools/networking/dhcpcd/default.nix @@ -11,13 +11,13 @@ stdenv.mkDerivation rec { pname = "dhcpcd"; - version = "10.0.3"; + version = "10.0.6"; src = fetchFromGitHub { owner = "NetworkConfiguration"; repo = "dhcpcd"; rev = "v${version}"; - sha256 = "sha256-NXLOfSPGHiRDSagaT+37TAn9XtdcG4+wP9AvyGJi4Dc="; + sha256 = "sha256-tNC5XCA8dShaTIff15mQz8v+YK9sZkRNLCX5qnlpxx4="; }; nativeBuildInputs = [ pkg-config ]; @@ -26,7 +26,7 @@ stdenv.mkDerivation rec { runtimeShellPackage # So patchShebangs finds a bash suitable for the installed scripts ]; - prePatch = '' + postPatch = '' substituteInPlace hooks/dhcpcd-run-hooks.in --replace /bin/sh ${runtimeShell} ''; diff --git a/pkgs/tools/package-management/nix/patches/boehmgc-coroutine-sp-fallback.patch b/pkgs/tools/package-management/nix/patches/boehmgc-coroutine-sp-fallback.patch index e4e2b3858ad5..578bd325d56b 100644 --- a/pkgs/tools/package-management/nix/patches/boehmgc-coroutine-sp-fallback.patch +++ b/pkgs/tools/package-management/nix/patches/boehmgc-coroutine-sp-fallback.patch @@ -1,8 +1,8 @@ diff --git a/pthread_stop_world.c b/pthread_stop_world.c -index b5d71e62..aed7b0bf 100644 +index 2b45489..0e6d8ef 100644 --- a/pthread_stop_world.c +++ b/pthread_stop_world.c -@@ -768,6 +768,8 @@ STATIC void GC_restart_handler(int sig) +@@ -776,6 +776,8 @@ STATIC void GC_restart_handler(int sig) /* world is stopped. Should not fail if it isn't. */ GC_INNER void GC_push_all_stacks(void) { @@ -11,10 +11,10 @@ index b5d71e62..aed7b0bf 100644 GC_bool found_me = FALSE; size_t nthreads = 0; int i; -@@ -851,6 +853,31 @@ GC_INNER void GC_push_all_stacks(void) - hi = p->altstack + p->altstack_size; +@@ -868,6 +870,31 @@ GC_INNER void GC_push_all_stacks(void) + hi = p->altstack + p->altstack_size; + # endif /* FIXME: Need to scan the normal stack too, but how ? */ - /* FIXME: Assume stack grows down */ + } else { + if (pthread_getattr_np(p->id, &pattr)) { + ABORT("GC_push_all_stacks: pthread_getattr_np failed!"); @@ -41,5 +41,5 @@ index b5d71e62..aed7b0bf 100644 + #error "STACK_GROWS_UP not supported in boost_coroutine2 (as of june 2021), so we don't support it in Nix." + #endif } - GC_push_all_stack_sections(lo, hi, traced_stack_sect); - # ifdef STACK_GROWS_UP + # ifdef STACKPTR_CORRECTOR_AVAILABLE + if (GC_sp_corrector != 0) diff --git a/pkgs/tools/security/gnupg/24.nix b/pkgs/tools/security/gnupg/24.nix index 49beed63b53a..95a6d9c0fa5f 100644 --- a/pkgs/tools/security/gnupg/24.nix +++ b/pkgs/tools/security/gnupg/24.nix @@ -13,11 +13,11 @@ assert guiSupport -> enableMinimal == false; stdenv.mkDerivation rec { pname = "gnupg"; - version = "2.4.3"; + version = "2.4.4"; src = fetchurl { url = "mirror://gnupg/gnupg/${pname}-${version}.tar.bz2"; - hash = "sha256-onGubXMvb02AwlitnuiN2clMj9wzw+RTKMTXwSa9IZ0="; + hash = "sha256-Z+vgFsqQ+naIzmejh+vYLGJh6ViX23sj3yT/M1voW8Y="; }; depsBuildBuild = [ buildPackages.stdenv.cc ]; diff --git a/pkgs/tools/security/pcsclite/default.nix b/pkgs/tools/security/pcsclite/default.nix index 08a4b5b08d02..2b55b76b6654 100644 --- a/pkgs/tools/security/pcsclite/default.nix +++ b/pkgs/tools/security/pcsclite/default.nix @@ -21,7 +21,7 @@ stdenv.mkDerivation (finalAttrs: { inherit pname; version = "2.0.1"; - outputs = [ "bin" "out" "dev" "doc" "man" ]; + outputs = [ "out" "lib" "dev" "doc" "man" ]; src = fetchFromGitLab { domain = "salsa.debian.org"; @@ -39,13 +39,21 @@ stdenv.mkDerivation (finalAttrs: { (lib.enableFeature polkitSupport "polkit") ] ++ lib.optionals stdenv.isLinux [ "--enable-ipcdir=/run/pcscd" - "--with-systemdsystemunitdir=${placeholder "bin"}/lib/systemd/system" + "--with-systemdsystemunitdir=${placeholder "out"}/lib/systemd/system" ]; makeFlags = [ "POLICY_DIR=$(out)/share/polkit-1/actions" ]; + # disable building pcsc-wirecheck{,-gen} when cross compiling + # see also: https://github.com/LudovicRousseau/PCSC/issues/25 + postPatch = lib.optionalString (!stdenv.buildPlatform.canExecute stdenv.hostPlatform) '' + substituteInPlace src/Makefile.am \ + --replace "noinst_PROGRAMS = testpcsc pcsc-wirecheck pcsc-wirecheck-gen" \ + "noinst_PROGRAMS = testpcsc" + ''; + postInstall = '' # pcsc-spy is a debugging utility and it drags python into the closure moveToOutput bin/pcsc-spy "$dev" diff --git a/pkgs/tools/system/efivar/default.nix b/pkgs/tools/system/efivar/default.nix index 8507c7c7cec0..9ddb83ca5e36 100644 --- a/pkgs/tools/system/efivar/default.nix +++ b/pkgs/tools/system/efivar/default.nix @@ -29,6 +29,13 @@ stdenv.mkDerivation rec { url = "https://github.com/rhboot/efivar/commit/cece3ffd5be2f8641eb694513f2b73e5eb97ffd3.patch"; sha256 = "7/E0gboU0A45/BY6jGPLuvds6qKtNjzpgKgdNTaVaZQ="; }) + + # Fix build against gcc-13: https://github.com/rhboot/efivar/pull/242 + (fetchpatch { + name = "gcc-13.patch"; + url = "https://github.com/rhboot/efivar/commit/52fece47d4f3ebd588bd85598bfc7a0142365f7e.patch"; + hash = "sha256-tOmxbY7kD6kzbBZ2RhQ5gCCpHtu+2gRNa7VUAWdCKu0="; + }) ]; nativeBuildInputs = [ pkg-config mandoc ]; diff --git a/pkgs/top-level/all-packages.nix b/pkgs/top-level/all-packages.nix index eab696390f33..56d60e92a7eb 100644 --- a/pkgs/top-level/all-packages.nix +++ b/pkgs/top-level/all-packages.nix @@ -7319,6 +7319,7 @@ with pkgs; curl = curlMinimal.override ({ idnSupport = true; + pslSupport = true; zstdSupport = true; } // lib.optionalAttrs (!stdenv.hostPlatform.isStatic) { brotliSupport = true; @@ -7915,7 +7916,7 @@ with pkgs; efibootmgr = callPackage ../tools/system/efibootmgr { }; - efivar = disable-warnings-if-gcc13 (callPackage ../tools/system/efivar { }); + efivar = callPackage ../tools/system/efivar { }; eget = callPackage ../tools/misc/eget { }; @@ -20371,7 +20372,7 @@ with pkgs; then overrideSDK stdenv { darwinMinVersion = "10.13"; } else stdenv; }; - abseil-cpp = abseil-cpp_202301; + abseil-cpp = abseil-cpp_202401; accountsservice = callPackage ../development/libraries/accountsservice { }; @@ -22305,10 +22306,7 @@ with pkgs; libantlr3c = callPackage ../development/libraries/libantlr3c { }; - libaom = callPackage ../development/libraries/libaom { - # Remove circular dependency for libavif - libjxl = libjxl.override { buildDocs = false; }; - }; + libaom = callPackage ../development/libraries/libaom { }; libappindicator-gtk2 = libappindicator.override { gtkVersion = "2"; }; libappindicator-gtk3 = libappindicator.override { gtkVersion = "3"; }; @@ -22389,7 +22387,7 @@ with pkgs; libcacard = callPackage ../development/libraries/libcacard { }; - libcamera = callPackage ../development/libraries/libcamera { }; + libcamera-qcam = callPackage ../by-name/li/libcamera/package.nix { withQcam = true; }; libcanberra = callPackage ../development/libraries/libcanberra { inherit (darwin.apple_sdk.frameworks) Carbon CoreServices AppKit; @@ -24223,9 +24221,7 @@ with pkgs; openexrid-unstable = callPackage ../development/libraries/openexrid-unstable { }; - openldap = callPackage ../development/libraries/openldap { - openssl = openssl_legacy; - }; + openldap = callPackage ../development/libraries/openldap { }; opencolorio = darwin.apple_sdk_11_0.callPackage ../development/libraries/opencolorio { inherit (darwin.apple_sdk_11_0.frameworks) Carbon GLUT Cocoa; @@ -36499,9 +36495,7 @@ with pkgs; xdg-user-dirs = callPackage ../tools/X11/xdg-user-dirs { }; - xdg-utils = callPackage ../tools/X11/xdg-utils { - w3m = buildPackages.w3m-batch; - }; + xdg-utils = callPackage ../tools/X11/xdg-utils {}; xdgmenumaker = callPackage ../applications/misc/xdgmenumaker { }; @@ -39052,7 +39046,9 @@ with pkgs; notus-scanner = with python3Packages; toPythonApplication notus-scanner; - openblas = callPackage ../development/libraries/science/math/openblas { }; + openblas = callPackage ../development/libraries/science/math/openblas { + inherit (llvmPackages) openmp; + }; # A version of OpenBLAS using 32-bit integers on all platforms for compatibility with # standard BLAS and LAPACK. @@ -39170,7 +39166,9 @@ with pkgs; suitesparse_4_2 = callPackage ../development/libraries/science/math/suitesparse/4.2.nix { }; suitesparse_4_4 = callPackage ../development/libraries/science/math/suitesparse/4.4.nix { }; - suitesparse_5_3 = callPackage ../development/libraries/science/math/suitesparse { }; + suitesparse_5_3 = callPackage ../development/libraries/science/math/suitesparse { + inherit (llvmPackages) openmp; + }; suitesparse = suitesparse_5_3; suitesparse-graphblas = callPackage ../development/libraries/science/math/suitesparse-graphblas { }; diff --git a/pkgs/top-level/python-aliases.nix b/pkgs/top-level/python-aliases.nix index 20e30e9a03c9..c3c5e84c32f9 100644 --- a/pkgs/top-level/python-aliases.nix +++ b/pkgs/top-level/python-aliases.nix @@ -164,6 +164,9 @@ mapAliases ({ flask_sqlalchemy = flask-sqlalchemy; # added 2022-07-20 flask_testing = flask-testing; # added 2022-04-25 flask_wtf = flask-wtf; # added 2022-05-24 + flask-autoindex = throw "flask-autoindex was removed, as it is not compatible with flask 3.0 and unmaintained since 2020."; + flask-basicauth = throw "flask-basicauth was removed, as it is not compatible with flask 3.0 and unmaintained since 2016."; + flask-sessionstore = throw "flask-sessionstore was removed, as it is not compatible with flask 3.0 and unmaintained since 2017."; flowlogs_reader = flowlogs-reader; # added 2024-01-03 FormEncode = formencode; # added 2023-02-19 foundationdb51 = throw "foundationdb51 is no longer maintained, use foundationdb71 instead"; # added 2023-06-06 diff --git a/pkgs/top-level/python-packages.nix b/pkgs/top-level/python-packages.nix index 03bb52d050b0..7d38b3c99f32 100644 --- a/pkgs/top-level/python-packages.nix +++ b/pkgs/top-level/python-packages.nix @@ -4121,14 +4121,10 @@ self: super: with self; { flask-assets = callPackage ../development/python-modules/flask-assets { }; - flask-autoindex = callPackage ../development/python-modules/flask-autoindex { }; - flask-babel = callPackage ../development/python-modules/flask-babel { }; flask-babelex = callPackage ../development/python-modules/flask-babelex { }; - flask-basicauth = callPackage ../development/python-modules/flask-basicauth { }; - flask-bcrypt = callPackage ../development/python-modules/flask-bcrypt { }; flask-bootstrap = callPackage ../development/python-modules/flask-bootstrap { }; @@ -4195,8 +4191,6 @@ self: super: with self; { flask-session-captcha = callPackage ../development/python-modules/flask-session-captcha { }; - flask-sessionstore = callPackage ../development/python-modules/flask-sessionstore { }; - flask-security-too = callPackage ../development/python-modules/flask-security-too { }; flask-silk = callPackage ../development/python-modules/flask-silk { }; @@ -9652,7 +9646,9 @@ self: super: with self; { python-mbedtls = callPackage ../development/python-modules/python-mbedtls { }; - python-memcached = callPackage ../development/python-modules/python-memcached { }; + python-memcached = callPackage ../development/python-modules/python-memcached { + inherit (pkgs) memcached; + }; python-otbr-api = callPackage ../development/python-modules/python-otbr-api { }; @@ -13883,9 +13879,7 @@ self: super: with self; { stanza = callPackage ../development/python-modules/stanza { }; - starlette = callPackage ../development/python-modules/starlette { - inherit (pkgs.darwin.apple_sdk.frameworks) ApplicationServices; - }; + starlette = callPackage ../development/python-modules/starlette { }; starlette-wtf = callPackage ../development/python-modules/starlette-wtf { }; diff --git a/pkgs/top-level/release-attrpaths-superset.nix b/pkgs/top-level/release-attrpaths-superset.nix index 673b63a5ac34..55cce6101d71 100644 --- a/pkgs/top-level/release-attrpaths-superset.nix +++ b/pkgs/top-level/release-attrpaths-superset.nix @@ -53,6 +53,7 @@ let pkgsStatic = true; pkgsCross = true; pkgsi686Linux = true; + pkgsExtraHardening = true; }; # No release package attrname may have any of these at a component diff --git a/pkgs/top-level/stage.nix b/pkgs/top-level/stage.nix index 1cc05167cee8..cbf0f585fe41 100644 --- a/pkgs/top-level/stage.nix +++ b/pkgs/top-level/stage.nix @@ -276,6 +276,19 @@ let gcc.abi = "elfv2"; }; }); + + pkgsExtraHardening = nixpkgsFun { + overlays = [ + (self': super': { + pkgsExtraHardening = super'; + stdenv = super'.withDefaultHardeningFlags ( + super'.stdenv.cc.defaultHardeningFlags ++ [ + "zerocallusedregs" + ] + ) super'.stdenv; + }) + ] ++ overlays; + }; }; # The complete chain of package set builders, applied from top to bottom. |