diff --git a/nixos/modules/services/web-apps/mastodon.nix b/nixos/modules/services/web-apps/mastodon.nix index ea7aebc3b12d..16e8ae2ec0b2 100644 --- a/nixos/modules/services/web-apps/mastodon.nix +++ b/nixos/modules/services/web-apps/mastodon.nix @@ -43,8 +43,32 @@ let LogsDirectoryMode = "0750"; # Access write directories UMask = "0027"; + # Capabilities + CapabilityBoundingSet = ""; + # Security + NoNewPrivileges = true; # Sandboxing + ProtectSystem = "strict"; + ProtectHome = true; PrivateTmp = true; + PrivateDevices = true; + PrivateUsers = true; + ProtectClock = true; + ProtectHostname = true; + ProtectKernelLogs = true; + ProtectKernelModules = true; + ProtectKernelTunables = true; + ProtectControlGroups = true; + RestrictAddressFamilies = [ "AF_UNIX" "AF_INET" "AF_INET6" "AF_NETLINK" ]; + RestrictNamespaces = true; + LockPersonality = true; + MemoryDenyWriteExecute = false; + RestrictRealtime = true; + RestrictSUIDSGID = true; + PrivateMounts = true; + # System Call Filtering + SystemCallArchitectures = "native"; + SystemCallFilter = "~@clock @cpu-emulation @debug @keyring @module @mount @obsolete @reboot @resources @setuid @swap"; }; envFile = pkgs.writeText "mastodon.env" (lib.concatMapStrings (s: s + "\n") ( diff --git a/pkgs/applications/audio/helio-workstation/default.nix b/pkgs/applications/audio/helio-workstation/default.nix index e2c19ac156d4..bb92682b141f 100644 --- a/pkgs/applications/audio/helio-workstation/default.nix +++ b/pkgs/applications/audio/helio-workstation/default.nix @@ -5,14 +5,14 @@ stdenv.mkDerivation rec { pname = "helio-workstation"; - version = "3.3"; + version = "3.4"; src = fetchFromGitHub { owner = "helio-fm"; repo = pname; rev = version; fetchSubmodules = true; - sha256 = "sha256-meeNqV1jKUwWc7P3p/LicPsbpzpKKFmQ1wP9DuXc9NY="; + sha256 = "sha256-zXsDu/xi7OV6VtnZK9ZJ8uwPeA5uTgNpAQsqe90iwG4="; }; buildInputs = [ diff --git a/pkgs/applications/backup/pika-backup/default.nix b/pkgs/applications/backup/pika-backup/default.nix index 51f00d021c39..7f7be99f9a24 100644 --- a/pkgs/applications/backup/pika-backup/default.nix +++ b/pkgs/applications/backup/pika-backup/default.nix @@ -19,20 +19,20 @@ stdenv.mkDerivation rec { pname = "pika-backup"; - version = "0.2.1"; + version = "0.2.2"; src = fetchFromGitLab { domain = "gitlab.gnome.org"; owner = "World"; repo = "pika-backup"; rev = "v${version}"; - sha256 = "0fm6vwpw0pa98v2yn8p3818rrlv9lk3pmgnal1b2kh52im5ll7m8"; + sha256 = "16284gv31wdwmb99056962d1gh6xz26ami6synr47nsbbp5l0s6k"; }; cargoDeps = rustPlatform.fetchCargoTarball { inherit src; name = "${pname}-${version}"; - sha256 = "1f5s6a0wjrs2spsicirhbvb5xlz9iflwsaqchij9k02hfcsr308y"; + sha256 = "12ymjwpxx3sdna8w5j9fnwwfk8ynk9ziwl0lkpq68y0vyllln5an"; }; patches = [ diff --git a/pkgs/applications/editors/ghostwriter/default.nix b/pkgs/applications/editors/ghostwriter/default.nix index 23a81c9cb00a..2249009af777 100644 --- a/pkgs/applications/editors/ghostwriter/default.nix +++ b/pkgs/applications/editors/ghostwriter/default.nix @@ -2,13 +2,13 @@ mkDerivation rec { pname = "ghostwriter"; - version = "2.0.0-rc4"; + version = "2.0.0-rc5"; src = fetchFromGitHub { owner = "wereturtle"; repo = pname; rev = version; - sha256 = "07547503a209hc0fcg902w3x0s1m899c10nj3gqz3hak0cmrasi3"; + sha256 = "sha256-Gc0/AHxxJd5Cq3dBQ0Xy2TF78CBmQFYUzm4s7q1aHEE="; }; nativeBuildInputs = [ qmake pkg-config qttools ]; diff --git a/pkgs/applications/editors/vscode/vscode.nix b/pkgs/applications/editors/vscode/vscode.nix index ba03bb65c267..ddede59a837d 100644 --- a/pkgs/applications/editors/vscode/vscode.nix +++ b/pkgs/applications/editors/vscode/vscode.nix @@ -34,7 +34,7 @@ in src = fetchurl { name = "VSCode_${version}_${plat}.${archive_fmt}"; - url = "https://vscode-update.azurewebsites.net/${version}/${plat}/stable"; + url = "https://update.code.visualstudio.com/${version}/${plat}/stable"; inherit sha256; }; diff --git a/pkgs/applications/misc/josm/default.nix b/pkgs/applications/misc/josm/default.nix index 894b44a8451a..b8e72daa6f77 100644 --- a/pkgs/applications/misc/josm/default.nix +++ b/pkgs/applications/misc/josm/default.nix @@ -1,20 +1,20 @@ { lib, stdenv, fetchurl, fetchsvn, makeWrapper, unzip, jre, libXxf86vm }: let pname = "josm"; - version = "17560"; + version = "17580"; srcs = { jar = fetchurl { url = "https://josm.openstreetmap.de/download/josm-snapshot-${version}.jar"; - sha256 = "1ffrbg2d4s2dmc9zy9b4fbsqnp9g0pvp6vnrq7gbsmxh0y23sw56"; + sha256 = "05y1g48llnpbyv0r8dn3kyhcfqylsg4fbp540xn1n7sk3h17gwsw"; }; macosx = fetchurl { - url = "https://josm.openstreetmap.de/download/macosx/josm-macosx-${version}.zip"; - sha256 = "17qrilj20bvzd8ydfjjirpqjrsbqbkxyj4q35q87z9j3pgnd1h71"; + url = "https://josm.openstreetmap.de/download/macosx/josm-macos-${version}-java16.zip"; + sha256 = "0aqkr6951zbi7a6zawvpsh51i0c4nyz2xkj52gg8n4vxli5pp3y1"; }; pkg = fetchsvn { url = "https://josm.openstreetmap.de/svn/trunk/native/linux/tested"; rev = version; - sha256 = "0wmncbi5g3ijn19qvmvwszb2m79wnv4jpdmpjd7332d3qi5rfmwn"; + sha256 = "04mxrirlyjy8i5s6y8w84kxv3wjlhhdfmlaxxlxd25viim73g3zv"; }; }; in diff --git a/pkgs/applications/networking/browsers/chromium/upstream-info.json b/pkgs/applications/networking/browsers/chromium/upstream-info.json index da36f2de68e3..d45f21d3603e 100644 --- a/pkgs/applications/networking/browsers/chromium/upstream-info.json +++ b/pkgs/applications/networking/browsers/chromium/upstream-info.json @@ -31,9 +31,9 @@ } }, "dev": { - "version": "91.0.4449.6", - "sha256": "1y6z7p64fi4dxyrxrnlmg0wwczgw58cinrsywhnrpl2wp2y3v6m3", - "sha256bin64": "1baxra0hg981awinyyvm1x46rlskjmhs2m1h0zf72l11y1jyj5vc", + "version": "91.0.4455.2", + "sha256": "0nqw1jxysyl72dg2bqls7w9cm366j6i1p4sadf3s5vc0i7yr7h3i", + "sha256bin64": "0d7s7bg58489ph4i92yj4vkww0cl7473pk9sir64gcmm9z18yjc3", "deps": { "gn": { "version": "2021-03-12", diff --git a/pkgs/applications/version-management/git-and-tools/bit/default.nix b/pkgs/applications/version-management/git-and-tools/bit/default.nix new file mode 100644 index 000000000000..e41c2569fcb3 --- /dev/null +++ b/pkgs/applications/version-management/git-and-tools/bit/default.nix @@ -0,0 +1,31 @@ +{ lib +, buildGoModule +, fetchFromGitHub +, git +}: + +buildGoModule rec { + pname = "bit"; + version = "1.0.5"; + + src = fetchFromGitHub { + owner = "chriswalz"; + repo = pname; + rev = "v${version}"; + sha256 = "0dv6ma2vwb21cbxkxzrpmj7cqlhwr7a86i4g728m3y1aclh411sn"; + }; + + vendorSha256 = "1j6w7bll4zyp99579dhs2rza4y9kgfz3g8d5grfzgqck6cjj9mn8"; + + propagatedBuildInputs = [ git ]; + + # Tests require a repository + doCheck = false; + + meta = with lib; { + description = "Command-line tool for git"; + homepage = "https://github.com/chriswalz/bit"; + license = with licenses; [ asl20 ]; + maintainers = with maintainers; [ fab ]; + }; +} diff --git a/pkgs/applications/version-management/git-and-tools/git-machete/default.nix b/pkgs/applications/version-management/git-and-tools/git-machete/default.nix index 9933535475a3..99772f60bc50 100644 --- a/pkgs/applications/version-management/git-and-tools/git-machete/default.nix +++ b/pkgs/applications/version-management/git-and-tools/git-machete/default.nix @@ -4,11 +4,11 @@ buildPythonApplication rec { pname = "git-machete"; - version = "3.0.0"; + version = "3.1.0"; src = fetchPypi { inherit pname version; - sha256 = "077xs3grjidahxz1gc93565b25blf97lwsljmkmr0yapps8z630d"; + sha256 = "0bb6ap8sdp4ad0xkh3y8vj46a363g5gdw0dzf9ycw0z9ah8ispfx"; }; nativeBuildInputs = [ installShellFiles pbr ]; diff --git a/pkgs/development/libraries/amdvlk/default.nix b/pkgs/development/libraries/amdvlk/default.nix index 24ad128a5842..1d0256f3b274 100644 --- a/pkgs/development/libraries/amdvlk/default.nix +++ b/pkgs/development/libraries/amdvlk/default.nix @@ -21,13 +21,13 @@ let in stdenv.mkDerivation rec { pname = "amdvlk"; - version = "2021.Q1.5"; + version = "2021.Q1.6"; src = fetchRepoProject { name = "${pname}-src"; manifest = "https://github.com/GPUOpen-Drivers/AMDVLK.git"; rev = "refs/tags/v-${version}"; - sha256 = "OSX4alrR49jqIu2QZcTieurUnyWQJ0wheDwFiNd9QcY="; + sha256 = "FSQ/bYlvdw0Ih3Yl329o8Gizw0YcZTLtiI222Ju4M8w="; }; buildInputs = [ diff --git a/pkgs/development/python-modules/boto3/default.nix b/pkgs/development/python-modules/boto3/default.nix index 8868b402595f..4f4aece6761c 100644 --- a/pkgs/development/python-modules/boto3/default.nix +++ b/pkgs/development/python-modules/boto3/default.nix @@ -13,11 +13,11 @@ buildPythonPackage rec { pname = "boto3"; - version = "1.17.33"; # N.B: if you change this, change botocore and awscli to a matching version + version = "1.17.34"; # N.B: if you change this, change botocore and awscli to a matching version src = fetchPypi { inherit pname version; - sha256 = "sha256-DKwv/8G6kV97tezuU5MYUy21HyGMkooij6/j5QHpRy4="; + sha256 = "sha256-jzPLPS/EKwVHpVYKbXOXqpMzb1CJk4Z2KyRQaCwOmSs="; }; propagatedBuildInputs = [ botocore jmespath s3transfer ] ++ lib.optionals (!isPy3k) [ futures ]; diff --git a/pkgs/development/python-modules/botocore/default.nix b/pkgs/development/python-modules/botocore/default.nix index 4aef369c60a9..e04c2e5aeff4 100644 --- a/pkgs/development/python-modules/botocore/default.nix +++ b/pkgs/development/python-modules/botocore/default.nix @@ -12,11 +12,11 @@ buildPythonPackage rec { pname = "botocore"; - version = "1.20.33"; # N.B: if you change this, change boto3 and awscli to a matching version + version = "1.20.34"; # N.B: if you change this, change boto3 and awscli to a matching version src = fetchPypi { inherit pname version; - sha256 = "sha256-41UwUwlpnTrKHgBQ/CHUhZW0DbBGyw0kkc1X/1smkgs="; + sha256 = "sha256-dJvbFR40AynxslYAv+nSI+kw+LomvXS3FHjKV4Hy/q8="; }; propagatedBuildInputs = [ diff --git a/pkgs/development/python-modules/forbiddenfruit/default.nix b/pkgs/development/python-modules/forbiddenfruit/default.nix index 6ad99a12581e..13c46ba1e8aa 100644 --- a/pkgs/development/python-modules/forbiddenfruit/default.nix +++ b/pkgs/development/python-modules/forbiddenfruit/default.nix @@ -1,6 +1,6 @@ { lib , buildPythonPackage -, fetchPypi +, fetchFromGitHub , nose }: @@ -8,13 +8,20 @@ buildPythonPackage rec { version = "0.1.4"; pname = "forbiddenfruit"; - src = fetchPypi { - inherit pname version; - sha256 = "e3f7e66561a29ae129aac139a85d610dbf3dd896128187ed5454b6421f624253"; + src = fetchFromGitHub { + owner = "clarete"; + repo = "forbiddenfruit"; + rev = version; + sha256 = "16chhrxbbmg6lfbzm532fq0v00z8qihcsj0kg2b5jlgnb6qijwn8"; }; checkInputs = [ nose ]; + preBuild = '' + export FFRUIT_EXTENSION="true"; + ''; + + # https://github.com/clarete/forbiddenfruit/pull/47 required to switch to pytest checkPhase = '' find ./build -name '*.so' -exec mv {} tests/unit \; nosetests @@ -22,7 +29,7 @@ buildPythonPackage rec { meta = with lib; { description = "Patch python built-in objects"; - homepage = "https://pypi.python.org/pypi/forbiddenfruit"; + homepage = "https://github.com/clarete/forbiddenfruit"; license = licenses.mit; }; diff --git a/pkgs/development/python-modules/graphite-web/default.nix b/pkgs/development/python-modules/graphite-web/default.nix index 17ac91329163..81260110f929 100644 --- a/pkgs/development/python-modules/graphite-web/default.nix +++ b/pkgs/development/python-modules/graphite-web/default.nix @@ -1,6 +1,19 @@ -{ lib, buildPythonPackage, fetchPypi, isPy3k -, django, django_tagging, whisper, pycairo, cairocffi, ldap, memcached, pytz, urllib3, scandir +{ lib, buildPythonPackage, fetchPypi +, django +, memcached +, txamqp +, django_tagging +, gunicorn +, pytz +, pyparsing +, cairocffi +, whisper +, whitenoise +, scandir +, urllib3 +, six }: + buildPythonPackage rec { pname = "graphite-web"; version = "1.1.7"; @@ -15,8 +28,19 @@ buildPythonPackage rec { ]; propagatedBuildInputs = [ - django django_tagging whisper pycairo cairocffi - ldap memcached pytz urllib3 scandir + django + memcached + txamqp + django_tagging + gunicorn + pytz + pyparsing + cairocffi + whisper + whitenoise + scandir + urllib3 + six ]; # Carbon-s default installation is /opt/graphite. This env variable ensures @@ -28,6 +52,8 @@ buildPythonPackage rec { --replace "join(WEBAPP_DIR, 'content')" "join('$out', 'webapp', 'content')" ''; + pythonImportsCheck = [ "graphite" ]; + meta = with lib; { homepage = "http://graphiteapp.org/"; description = "Enterprise scalable realtime graphing"; diff --git a/pkgs/development/python-modules/hdbscan/default.nix b/pkgs/development/python-modules/hdbscan/default.nix index 6e381794cff5..d2590d14955c 100644 --- a/pkgs/development/python-modules/hdbscan/default.nix +++ b/pkgs/development/python-modules/hdbscan/default.nix @@ -1,8 +1,9 @@ { lib , buildPythonPackage +, fetchpatch , cython , numpy -, nose +, pytestCheckHook , scipy , scikitlearn , fetchPypi @@ -18,11 +19,22 @@ buildPythonPackage rec { inherit pname version; sha256 = "e3a418d0d36874f7b6a1bf0b7461f3857fc13a525fd48ba34caed2fe8973aa26"; }; - - checkInputs = [ nose ]; + patches = [ + # This patch fixes compatibility with numpy 1.20. It will be in the next release + # after 0.8.27 + (fetchpatch { + url = "https://github.com/scikit-learn-contrib/hdbscan/commit/5b67a4fba39c5aebe8187a6a418da677f89a63e0.patch"; + sha256 = "07d7jdwk0b8kgaqkifd529sarji01j1jiih7cfccc5kxmlb5py9h"; + }) + ]; nativeBuildInputs = [ cython ]; propagatedBuildInputs = [ numpy scipy scikitlearn joblib six ]; + preCheck = '' + cd hdbscan/tests + rm __init__.py + ''; + checkInputs = [ pytestCheckHook ]; meta = with lib; { description = "Hierarchical Density-Based Spatial Clustering of Applications with Noise, a clustering algorithm with a scikit-learn compatible API"; diff --git a/pkgs/development/python-modules/numtraits/default.nix b/pkgs/development/python-modules/numtraits/default.nix deleted file mode 100644 index 624f32fd337b..000000000000 --- a/pkgs/development/python-modules/numtraits/default.nix +++ /dev/null @@ -1,32 +0,0 @@ -{ lib -, buildPythonPackage -, fetchPypi -, pytest -, six -, numpy -, traitlets -}: - -buildPythonPackage rec { - pname = "numtraits"; - version = "0.2"; - - src = fetchPypi { - inherit pname version; - sha256 = "2fca9a6c9334f7358ef1a3e2e64ccaa6a479fc99fc096910e0d5fbe8edcdfd7e"; - }; - - checkInputs = [ pytest ]; - propagatedBuildInputs = [ six numpy traitlets]; - - checkPhase = '' - py.test - ''; - - meta = { - description = "Numerical traits for Python objects"; - license = lib.licenses.bsd2; - maintainers = with lib.maintainers; [ fridh ]; - homepage = "https://github.com/astrofrog/numtraits"; - }; -} diff --git a/pkgs/development/python-modules/onnx/default.nix b/pkgs/development/python-modules/onnx/default.nix index 807b6cf5f5e1..90683a84f46a 100644 --- a/pkgs/development/python-modules/onnx/default.nix +++ b/pkgs/development/python-modules/onnx/default.nix @@ -46,7 +46,8 @@ buildPythonPackage rec { ]; postPatch = '' - patchShebangs tools/protoc-gen-mypy.py + chmod +x tools/protoc-gen-mypy.sh.in + patchShebangs tools/protoc-gen-mypy.sh.in tools/protoc-gen-mypy.py ''; preBuild = '' diff --git a/pkgs/development/python-modules/prance/default.nix b/pkgs/development/python-modules/prance/default.nix index 3c9bc5c7c5ba..f9d5b6f80b1f 100644 --- a/pkgs/development/python-modules/prance/default.nix +++ b/pkgs/development/python-modules/prance/default.nix @@ -6,10 +6,9 @@ , requests , six , semver -, pytest +, pytestCheckHook , pytestcov , pytestrunner -, sphinx , openapi-spec-validator }: @@ -35,18 +34,28 @@ buildPythonPackage rec { ]; checkInputs = [ - pytest + pytestCheckHook pytestcov openapi-spec-validator ]; postPatch = '' substituteInPlace setup.py \ - --replace "tests_require = dev_require," "tests_require = None," + --replace "tests_require = dev_require," "tests_require = None," \ + --replace "chardet~=4.0" "" \ + --replace "semver~=2.13" "" + substituteInPlace setup.cfg \ + --replace "--cov-fail-under=90" "" ''; - # many tests require network connection - doCheck = false; + # Disable tests that require network + disabledTestPaths = [ + "tests/test_convert.py" + ]; + disabledTests = [ + "test_fetch_url_http" + ]; + pythonImportsCheck = [ "prance" ]; meta = with lib; { description = "Resolving Swagger/OpenAPI 2.0 and 3.0.0 Parser"; diff --git a/pkgs/development/python-modules/sphinx-autobuild/default.nix b/pkgs/development/python-modules/sphinx-autobuild/default.nix index 739ea2afa820..94047b359aa9 100644 --- a/pkgs/development/python-modules/sphinx-autobuild/default.nix +++ b/pkgs/development/python-modules/sphinx-autobuild/default.nix @@ -24,6 +24,6 @@ buildPythonPackage rec { description = "Rebuild Sphinx documentation on changes, with live-reload in the browser"; homepage = "https://github.com/executablebooks/sphinx-autobuild"; license = with licenses; [ mit ]; - maintainer = with maintainers; [holgerpeters]; + maintainers = with maintainers; [holgerpeters]; }; } diff --git a/pkgs/development/tools/build-managers/mill/default.nix b/pkgs/development/tools/build-managers/mill/default.nix index 5942e20ec920..4538c212da58 100644 --- a/pkgs/development/tools/build-managers/mill/default.nix +++ b/pkgs/development/tools/build-managers/mill/default.nix @@ -2,11 +2,11 @@ stdenv.mkDerivation rec { pname = "mill"; - version = "0.9.3"; + version = "0.9.5"; src = fetchurl { - url = "https://github.com/lihaoyi/mill/releases/download/${version}/${version}"; - sha256 = "0x9mvcm5znyi7w6cpiasj2v6f63y7d8qdck7lx03p2k6i9aa2f77"; + url = "https://github.com/com-lihaoyi/mill/releases/download/${version}/${version}"; + sha256 = "142vr40p60mapvvb5amn8hz6a8930kxsz510baql40hai4yhga7z"; }; nativeBuildInputs = [ makeWrapper ]; diff --git a/pkgs/development/tools/coursier/default.nix b/pkgs/development/tools/coursier/default.nix index 69e55463cc67..64c48b702cf1 100644 --- a/pkgs/development/tools/coursier/default.nix +++ b/pkgs/development/tools/coursier/default.nix @@ -2,7 +2,7 @@ , coreutils, git, gnused, nix, nixfmt }: let - version = "2.0.15"; + version = "2.0.16"; zshCompletion = fetchurl { url = @@ -19,7 +19,7 @@ in stdenv.mkDerivation rec { src = fetchurl { url = "https://github.com/coursier/coursier/releases/download/v${version}/coursier"; - sha256 = "sha256-XfTW8GNoPsNXamy0K9Ai3SSzBSyS1dNNCeWsbD8xCQI="; + sha256 = "sha256-Yx6PvBo763GnEwU5s7AYUs++Au25TF6cZ4WYGgruHpw="; }; nativeBuildInputs = [ makeWrapper ]; diff --git a/pkgs/development/tools/go-task/default.nix b/pkgs/development/tools/go-task/default.nix index b9241174eadc..d2ea8a4f6bd5 100644 --- a/pkgs/development/tools/go-task/default.nix +++ b/pkgs/development/tools/go-task/default.nix @@ -22,7 +22,7 @@ buildGoModule rec { ]; postInstall = '' - mv $out/bin/task $out/bin/go-task + ln -s $out/bin/task $out/bin/go-task ''; meta = with lib; { diff --git a/pkgs/development/tools/jbang/default.nix b/pkgs/development/tools/jbang/default.nix index bb244c57cc23..4c35aaaae05a 100644 --- a/pkgs/development/tools/jbang/default.nix +++ b/pkgs/development/tools/jbang/default.nix @@ -1,12 +1,12 @@ { stdenv, lib, fetchzip, jdk, makeWrapper, coreutils, curl }: stdenv.mkDerivation rec { - version = "0.68.0"; + version = "0.69.1"; pname = "jbang"; src = fetchzip { url = "https://github.com/jbangdev/jbang/releases/download/v${version}/${pname}-${version}.tar"; - sha256 = "sha256-+hBI4asgRZg1nu50GMCl0/djqCxjb92xlO3roU4LZS8="; + sha256 = "sha256-FuwivcF1SpGbLcoQshVNSWSQ7PgWC0XPCQF+i9zHb/w="; }; nativeBuildInputs = [ makeWrapper ]; diff --git a/pkgs/misc/emulators/cen64/default.nix b/pkgs/misc/emulators/cen64/default.nix index 0153ed11cd2d..ddf455473378 100644 --- a/pkgs/misc/emulators/cen64/default.nix +++ b/pkgs/misc/emulators/cen64/default.nix @@ -2,21 +2,22 @@ stdenv.mkDerivation rec { pname = "cen64"; - version = "unstable-2020-02-20"; + version = "unstable-2021-03-12"; src = fetchFromGitHub { owner = "n64dev"; repo = "cen64"; - rev = "6f9f5784bf0a720522c4ecb0915e20229c126aed"; - sha256 = "08q0a3b2ilb95zlz4cw681gwz45n2wrb2gp2z414cf0bhn90vz0s"; + rev = "1b31ca9b3c3bb783391ab9773bd26c50db2056a8"; + sha256 = "0x1fz3z4ffl5xssiyxnmbhpjlf0k0fxsqn4f2ikrn17742dx4c0z"; }; nativeBuildInputs = [ cmake ]; buildInputs = [ libGL libiconv openal libX11 ]; installPhase = '' - mkdir -p $out/bin - mv cen64 $out/bin + runHook preInstall + install -D {,$out/bin/}${pname} + runHook postInstall ''; meta = with lib; { diff --git a/pkgs/os-specific/linux/kernel/hardened/config.nix b/pkgs/os-specific/linux/kernel/hardened/config.nix index acffa383f076..e4a7522fe597 100644 --- a/pkgs/os-specific/linux/kernel/hardened/config.nix +++ b/pkgs/os-specific/linux/kernel/hardened/config.nix @@ -55,8 +55,8 @@ assert (versionAtLeast version "4.9"); # Wipe higher-level memory allocations on free() with page_poison=1 PAGE_POISONING = yes; - PAGE_POISONING_NO_SANITY = yes; - PAGE_POISONING_ZERO = yes; + PAGE_POISONING_NO_SANITY = whenOlder "5.11" yes; + PAGE_POISONING_ZERO = whenOlder "5.11" yes; # Enable the SafeSetId LSM SECURITY_SAFESETID = whenAtLeast "5.1" yes; diff --git a/pkgs/servers/http/apache-modules/mod_perl/default.nix b/pkgs/servers/http/apache-modules/mod_perl/default.nix index 04746d678c52..2762f636f592 100644 --- a/pkgs/servers/http/apache-modules/mod_perl/default.nix +++ b/pkgs/servers/http/apache-modules/mod_perl/default.nix @@ -1,11 +1,12 @@ { stdenv, fetchurl, apacheHttpd, perl }: stdenv.mkDerivation rec { - name = "mod_perl-2.0.10"; + pname = "mod_perl"; + version = "2.0.11"; src = fetchurl { - url = "mirror://apache/perl/${name}.tar.gz"; - sha256 = "0r1bhzwl5gr0202r6448943hjxsickzn55kdmb7dzad39vnq7kyi"; + url = "mirror://apache/perl/${pname}-${version}.tar.gz"; + sha256 = "0x3gq4nz96y202cymgrf56n8spm7bffkd1p74dh9q3zrrlc9wana"; }; buildInputs = [ apacheHttpd perl ]; diff --git a/pkgs/tools/admin/awscli/default.nix b/pkgs/tools/admin/awscli/default.nix index e9d2bb713dde..445d32be1225 100644 --- a/pkgs/tools/admin/awscli/default.nix +++ b/pkgs/tools/admin/awscli/default.nix @@ -28,11 +28,11 @@ let in with py.pkgs; buildPythonApplication rec { pname = "awscli"; - version = "1.19.33"; # N.B: if you change this, change botocore and boto3 to a matching version too + version = "1.19.34"; # N.B: if you change this, change botocore and boto3 to a matching version too src = fetchPypi { inherit pname version; - sha256 = "sha256-Rz0aZTsFV3RAdH04d3jvvqi1wFuIIx3SFddONhM8c8E="; + sha256 = "sha256-RJ+ibZmOxH4r+pGI/rrkRES89u0IRUU3sSE5OFSJ2qw="; }; # https://github.com/aws/aws-cli/issues/4837 diff --git a/pkgs/tools/misc/tz/default.nix b/pkgs/tools/misc/tz/default.nix new file mode 100644 index 000000000000..c0c6fe9ec33b --- /dev/null +++ b/pkgs/tools/misc/tz/default.nix @@ -0,0 +1,22 @@ +{ lib, buildGoModule, fetchFromGitHub }: + +buildGoModule rec { + pname = "tz"; + version = "0.4"; + + src = fetchFromGitHub { + owner = "oz"; + repo = "tz"; + rev = "v${version}"; + sha256 = "sha256-36nTau7xjABdeUOioHar28cuawFWW3DBaDH0YAvdufI="; + }; + + vendorSha256 = "sha256-Soa87I7oMa34LjYKxNAz9Limi0kQ6JUtb/zI4G7yZnw="; + + meta = with lib; { + description = "A time zone helper"; + homepage = "https://github.com/oz/tz"; + license = licenses.gpl3Plus; + maintainers = with maintainers; [ siraben ]; + }; +} diff --git a/pkgs/tools/package-management/cargo-audit/default.nix b/pkgs/tools/package-management/cargo-audit/default.nix index 12bf27165f7e..d5be54b71b05 100644 --- a/pkgs/tools/package-management/cargo-audit/default.nix +++ b/pkgs/tools/package-management/cargo-audit/default.nix @@ -15,6 +15,9 @@ rustPlatform.buildRustPackage rec { buildInputs = [ openssl libiconv ] ++ lib.optionals stdenv.isDarwin [ Security ]; nativeBuildInputs = [ pkg-config ]; + # enables `cargo audit fix` + cargoBuildFlags = [ "--features fix" ]; + # The tests require network access which is not available in sandboxed Nix builds. doCheck = false; diff --git a/pkgs/tools/security/ldeep/default.nix b/pkgs/tools/security/ldeep/default.nix index 855ffc6fdba1..db4d14ba3ed7 100644 --- a/pkgs/tools/security/ldeep/default.nix +++ b/pkgs/tools/security/ldeep/default.nix @@ -10,11 +10,11 @@ buildPythonApplication rec { pname = "ldeep"; - version = "1.0.9"; + version = "1.0.10"; src = fetchPypi { inherit pname version; - sha256 = "0n38idkn9hy31m5xkrc36dmw364d137c7phssvj76gr2gqsrqjy3"; + sha256 = "sha256-/7mcmAj69NmuiK+xlQijAk39sMLDX8kHatmSI6XYbwE="; }; propagatedBuildInputs = [ diff --git a/pkgs/tools/security/slowhttptest/default.nix b/pkgs/tools/security/slowhttptest/default.nix new file mode 100644 index 000000000000..5dce5d5439ac --- /dev/null +++ b/pkgs/tools/security/slowhttptest/default.nix @@ -0,0 +1,26 @@ +{ lib +, stdenv +, fetchFromGitHub +, openssl +}: + +stdenv.mkDerivation rec { + pname = "slowhttptest"; + version = "1.8.2"; + + src = fetchFromGitHub { + owner = "shekyan"; + repo = pname; + rev = "v${version}"; + sha256 = "1xv2j3hl4zj0s2cxcsvlwgridh9ap4g84g7c4918d03id15wydcx"; + }; + + buildInputs = [ openssl ]; + + meta = with lib; { + description = "Application Layer DoS attack simulator"; + homepage = "https://github.com/shekyan/slowhttptest"; + license = with licenses; [ asl20 ]; + maintainers = with maintainers; [ fab ]; + }; +} diff --git a/pkgs/top-level/all-packages.nix b/pkgs/top-level/all-packages.nix index d1ffcde70aab..76ca39eba61b 100644 --- a/pkgs/top-level/all-packages.nix +++ b/pkgs/top-level/all-packages.nix @@ -1138,6 +1138,8 @@ in bcachefs-tools = callPackage ../tools/filesystems/bcachefs-tools { }; + bit = callPackage ../applications/version-management/git-and-tools/bit { }; + bitwarden = callPackage ../tools/security/bitwarden { }; inherit (nodePackages) bitwarden-cli; @@ -8776,6 +8778,8 @@ in tydra = callPackage ../tools/misc/tydra { }; + tz = callPackage ../tools/misc/tz { }; + u9fs = callPackage ../servers/u9fs { }; ua = callPackage ../tools/networking/ua { }; @@ -19882,7 +19886,7 @@ in # Hardened Linux hardenedLinuxPackagesFor = kernel': overrides: let # Note: We use this hack since the hardened patches can lag behind and we don't want to delay updates: - linux_latest_for_hardened = pkgs.linux_5_10; + linux_latest_for_hardened = pkgs.linux_5_11; kernel = (if kernel' == pkgs.linux_latest then linux_latest_for_hardened else kernel').override overrides; in linuxPackagesFor (kernel.override { structuredExtraConfig = import ../os-specific/linux/kernel/hardened/config.nix { @@ -25296,6 +25300,8 @@ in slop = callPackage ../tools/misc/slop {}; + slowhttptest = callPackage ../tools/security/slowhttptest { }; + slrn = callPackage ../applications/networking/newsreaders/slrn { }; sniproxy = callPackage ../applications/networking/sniproxy { }; diff --git a/pkgs/top-level/python-packages.nix b/pkgs/top-level/python-packages.nix index f3b5c37d5f72..290f77315458 100644 --- a/pkgs/top-level/python-packages.nix +++ b/pkgs/top-level/python-packages.nix @@ -4719,8 +4719,6 @@ in { numpy-stl = callPackage ../development/python-modules/numpy-stl { }; - numtraits = callPackage ../development/python-modules/numtraits { }; - nunavut = callPackage ../development/python-modules/nunavut { }; nvchecker = callPackage ../development/python-modules/nvchecker { }; @@ -7883,7 +7881,7 @@ in { sphinx-argparse = callPackage ../development/python-modules/sphinx-argparse { }; - sphinx-autobuild = callPackage ../development/python-modules/sphinx-argparse { }; + sphinx-autobuild = callPackage ../development/python-modules/sphinx-autobuild { }; sphinx-jinja = callPackage ../development/python-modules/sphinx-jinja { };