From 0c8f023b9dd582d38b38fe350c53c7aeb9212e23 Mon Sep 17 00:00:00 2001 From: "R. Ryantm" Date: Mon, 9 Oct 2023 23:28:38 +0000 Subject: [PATCH 001/212] dav1d: 1.2.1 -> 1.3.0 --- pkgs/development/libraries/dav1d/default.nix | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/pkgs/development/libraries/dav1d/default.nix b/pkgs/development/libraries/dav1d/default.nix index 9c5e5101c8af..3f044eb71c9d 100644 --- a/pkgs/development/libraries/dav1d/default.nix +++ b/pkgs/development/libraries/dav1d/default.nix @@ -17,13 +17,13 @@ assert useVulkan -> withExamples; stdenv.mkDerivation rec { pname = "dav1d"; - version = "1.2.1"; + version = "1.3.0"; src = fetchFromGitHub { owner = "videolan"; repo = pname; rev = version; - hash = "sha256-RrEim3HXXjx2RUU7K3wPH3QbhNTRN9ZX/oAcyE9aV8I="; + hash = "sha256-c7Dur+0HpteI7KkR9oo3WynoH/FCRaBwZA7bJmPDJp8="; }; outputs = [ "out" "dev" ]; From dc0f09a49f590b825e93bfd9e0ea94b4b5701fc4 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Jan=20Kundr=C3=A1t?= Date: Thu, 12 Oct 2023 16:56:04 +0200 Subject: [PATCH 002/212] zip: fix buffer overflow on Unicode path names When creating ZIP files with non-ASCII names (such as some European accent chars), something was detecting a buffer overflow and bailing out. It turns out that this has been already fixed earlier this year in Fedora, so let's reuse their patch as-is. Bug: https://bugzilla.redhat.com/show_bug.cgi?id=2165653 --- .../zip/buffer-overflow-on-utf8-rh-bug-2165653.patch | 12 ++++++++++++ pkgs/tools/archivers/zip/default.nix | 3 +++ 2 files changed, 15 insertions(+) create mode 100644 pkgs/tools/archivers/zip/buffer-overflow-on-utf8-rh-bug-2165653.patch diff --git a/pkgs/tools/archivers/zip/buffer-overflow-on-utf8-rh-bug-2165653.patch b/pkgs/tools/archivers/zip/buffer-overflow-on-utf8-rh-bug-2165653.patch new file mode 100644 index 000000000000..2ee3fff0db54 --- /dev/null +++ b/pkgs/tools/archivers/zip/buffer-overflow-on-utf8-rh-bug-2165653.patch @@ -0,0 +1,12 @@ +diff -urp zip30/fileio.c zip30/fileio.c +--- zip30/fileio.c 2008-05-29 03:13:24.000000000 +0300 ++++ zip30/fileio.c 2023-05-02 12:19:50.488314853 +0300 +@@ -3502,7 +3502,7 @@ zwchar *local_to_wide_string(local_strin + if ((wc_string = (wchar_t *)malloc((wsize + 1) * sizeof(wchar_t))) == NULL) { + ZIPERR(ZE_MEM, "local_to_wide_string"); + } +- wsize = mbstowcs(wc_string, local_string, strlen(local_string) + 1); ++ wsize = mbstowcs(wc_string, local_string, wsize + 1); + wc_string[wsize] = (wchar_t) 0; + + /* in case wchar_t is not zwchar */ diff --git a/pkgs/tools/archivers/zip/default.nix b/pkgs/tools/archivers/zip/default.nix index 1ac615a3d90f..1d75040c7784 100644 --- a/pkgs/tools/archivers/zip/default.nix +++ b/pkgs/tools/archivers/zip/default.nix @@ -33,6 +33,9 @@ stdenv.mkDerivation rec { ./fix-memset-detection.patch # Implicit declaration of `closedir` and `opendir` cause dirent detection to fail with clang 16. ./fix-implicit-declarations.patch + # Buffer overflow on Unicode characters in path names + # https://bugzilla.redhat.com/show_bug.cgi?id=2165653 + ./buffer-overflow-on-utf8-rh-bug-2165653.patch ] ++ lib.optionals (enableNLS && !stdenv.isCygwin) [ ./natspec-gentoo.patch.bz2 ]; buildInputs = lib.optional enableNLS libnatspec From cbf59c98a8b8565f345cbe3a00485324bcf513cd Mon Sep 17 00:00:00 2001 From: "R. Ryantm" Date: Thu, 12 Oct 2023 20:32:20 +0000 Subject: [PATCH 003/212] libipt: 2.0.6 -> 2.1 --- pkgs/development/libraries/libipt/default.nix | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/pkgs/development/libraries/libipt/default.nix b/pkgs/development/libraries/libipt/default.nix index 9b3de39e5d91..6a05aec46854 100644 --- a/pkgs/development/libraries/libipt/default.nix +++ b/pkgs/development/libraries/libipt/default.nix @@ -2,13 +2,13 @@ stdenv.mkDerivation rec { pname = "libipt"; - version = "2.0.6"; + version = "2.1"; src = fetchFromGitHub { owner = "intel"; repo = "libipt"; rev = "v${version}"; - sha256 = "sha256-RuahOkDLbac9bhXn8QSf7lMRw11PIpXQo3eaQ9N4Rtc="; + sha256 = "sha256-SLCuNTFRGFh0mTv1xLCIDg7b6DbWCxgHhrCoPu9xpmw="; }; nativeBuildInputs = [ cmake ]; From f7f4accacb472cca4eb9dc8f60a218fd6e65d91a Mon Sep 17 00:00:00 2001 From: Nicolas Benes Date: Sun, 19 Nov 2023 02:55:31 +0100 Subject: [PATCH 004/212] boehmgc: 8.2.2 -> 8.2.4 --- .../libraries/boehm-gc/default.nix | 24 +++++++++++-------- 1 file changed, 14 insertions(+), 10 deletions(-) diff --git a/pkgs/development/libraries/boehm-gc/default.nix b/pkgs/development/libraries/boehm-gc/default.nix index e37eb26deb38..6da88ee8258f 100644 --- a/pkgs/development/libraries/boehm-gc/default.nix +++ b/pkgs/development/libraries/boehm-gc/default.nix @@ -1,7 +1,8 @@ { lib , stdenv -, fetchurl -# doc: https://github.com/ivmai/bdwgc/blob/v8.2.2/doc/README.macros (LARGE_CONFIG) +, fetchFromGitHub +, autoreconfHook +# doc: https://github.com/ivmai/bdwgc/blob/v8.2.4/doc/README.macros (LARGE_CONFIG) , enableLargeConfig ? false , enableMmap ? true , enableStatic ? false @@ -10,19 +11,22 @@ stdenv.mkDerivation (finalAttrs: { pname = "boehm-gc"; - version = "8.2.2"; + version = "8.2.4"; - src = fetchurl { - urls = [ - # "https://www.hboehm.info/gc/gc_source/gc-${finalAttrs.version}.tar.gz" - "https://github.com/ivmai/bdwgc/releases/download/v${finalAttrs.version}/gc-${finalAttrs.version}.tar.gz" - ]; - sha256 = "sha256-8wEHvLBi4JIKeQ//+lbZUSNIVGhZNkwjoUviZLOINqA="; + src = fetchFromGitHub { + owner = "ivmai"; + repo = "bdwgc"; + rev = "v${finalAttrs.version}"; + hash = "sha256-KHijT4BBKfDvTpHpwognN+3ZXoC6JabBTFSYFyOUT9o="; }; outputs = [ "out" "dev" "doc" ]; separateDebugInfo = stdenv.isLinux && stdenv.hostPlatform.libc != "musl"; + nativeBuildInputs = [ + autoreconfHook + ]; + configureFlags = [ "--enable-cplusplus" "--with-libatomic-ops=none" @@ -38,7 +42,7 @@ stdenv.mkDerivation (finalAttrs: { # not fix the problem the test failure will be a reminder to # extend the set of versions requiring the workaround). makeFlags = lib.optionals (stdenv.hostPlatform.isPower64 && - finalAttrs.version == "8.2.2") + finalAttrs.version == "8.2.4") [ # do not use /proc primitives to track dirty bits; see: # https://github.com/ivmai/bdwgc/issues/479#issuecomment-1279687537 From b2d0641e340334994ffc1cc455ab8d82a5ffb13d Mon Sep 17 00:00:00 2001 From: Nicolas Benes Date: Sun, 19 Nov 2023 12:04:01 +0100 Subject: [PATCH 005/212] nix: rebase boehmgc-coroutine-sp-fallback.patch --- .../patches/boehmgc-coroutine-sp-fallback.patch | 14 +++++++------- 1 file changed, 7 insertions(+), 7 deletions(-) diff --git a/pkgs/tools/package-management/nix/patches/boehmgc-coroutine-sp-fallback.patch b/pkgs/tools/package-management/nix/patches/boehmgc-coroutine-sp-fallback.patch index e4e2b3858ad5..578bd325d56b 100644 --- a/pkgs/tools/package-management/nix/patches/boehmgc-coroutine-sp-fallback.patch +++ b/pkgs/tools/package-management/nix/patches/boehmgc-coroutine-sp-fallback.patch @@ -1,8 +1,8 @@ diff --git a/pthread_stop_world.c b/pthread_stop_world.c -index b5d71e62..aed7b0bf 100644 +index 2b45489..0e6d8ef 100644 --- a/pthread_stop_world.c +++ b/pthread_stop_world.c -@@ -768,6 +768,8 @@ STATIC void GC_restart_handler(int sig) +@@ -776,6 +776,8 @@ STATIC void GC_restart_handler(int sig) /* world is stopped. Should not fail if it isn't. */ GC_INNER void GC_push_all_stacks(void) { @@ -11,10 +11,10 @@ index b5d71e62..aed7b0bf 100644 GC_bool found_me = FALSE; size_t nthreads = 0; int i; -@@ -851,6 +853,31 @@ GC_INNER void GC_push_all_stacks(void) - hi = p->altstack + p->altstack_size; +@@ -868,6 +870,31 @@ GC_INNER void GC_push_all_stacks(void) + hi = p->altstack + p->altstack_size; + # endif /* FIXME: Need to scan the normal stack too, but how ? */ - /* FIXME: Assume stack grows down */ + } else { + if (pthread_getattr_np(p->id, &pattr)) { + ABORT("GC_push_all_stacks: pthread_getattr_np failed!"); @@ -41,5 +41,5 @@ index b5d71e62..aed7b0bf 100644 + #error "STACK_GROWS_UP not supported in boost_coroutine2 (as of june 2021), so we don't support it in Nix." + #endif } - GC_push_all_stack_sections(lo, hi, traced_stack_sect); - # ifdef STACK_GROWS_UP + # ifdef STACKPTR_CORRECTOR_AVAILABLE + if (GC_sp_corrector != 0) From 791b761c6181525b897e6f0f6f6e80d3fe462eca Mon Sep 17 00:00:00 2001 From: Sergei Trofimovich Date: Sat, 2 Dec 2023 11:08:39 +0000 Subject: [PATCH 006/212] cmake: 3.27.8 -> 3.27.9 Changes: https://github.com/Kitware/CMake/compare/v3.27.8...v3.27.9 --- pkgs/by-name/cm/cmake/package.nix | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/pkgs/by-name/cm/cmake/package.nix b/pkgs/by-name/cm/cmake/package.nix index cc69b4de4ad2..be35e4af85ca 100644 --- a/pkgs/by-name/cm/cmake/package.nix +++ b/pkgs/by-name/cm/cmake/package.nix @@ -46,11 +46,11 @@ stdenv.mkDerivation (finalAttrs: { + lib.optionalString isMinimalBuild "-minimal" + lib.optionalString cursesUI "-cursesUI" + lib.optionalString qt5UI "-qt5UI"; - version = "3.27.8"; + version = "3.27.9"; src = fetchurl { url = "https://cmake.org/files/v${lib.versions.majorMinor finalAttrs.version}/cmake-${finalAttrs.version}.tar.gz"; - hash = "sha256-/s4kVj9peHD7uYLqi/F0gsnV+FXYyb8LgkY9dsno0Mw="; + hash = "sha256-YJqbmFcqal6kd/kSz/uXMQntTQpqaz+eI1PSzcBIcI4="; }; patches = [ From f341406ddc2a077de0b8e7d3a5ff68cedbd84cad Mon Sep 17 00:00:00 2001 From: "R. Ryantm" Date: Tue, 12 Dec 2023 06:38:05 +0000 Subject: [PATCH 007/212] kbd: 2.6.3 -> 2.6.4 --- pkgs/os-specific/linux/kbd/default.nix | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/pkgs/os-specific/linux/kbd/default.nix b/pkgs/os-specific/linux/kbd/default.nix index 9d97f73780d5..badb02aaec5a 100644 --- a/pkgs/os-specific/linux/kbd/default.nix +++ b/pkgs/os-specific/linux/kbd/default.nix @@ -17,11 +17,11 @@ stdenv.mkDerivation rec { pname = "kbd"; - version = "2.6.3"; + version = "2.6.4"; src = fetchurl { url = "mirror://kernel/linux/utils/kbd/${pname}-${version}.tar.xz"; - sha256 = "sha256-BJlsCNfRxGCWb7JEo9OIM1LCZ0t61SIAPZ9Oy4q0jes="; + sha256 = "sha256-UZ+NCHrsyn4KM80IS++SwGbrGXMWZmU9zHDJ1xqkCSY="; }; # vlock is moved into its own output, since it depends on pam. This From 77536ba66a2033df2f3c561f753268002698a791 Mon Sep 17 00:00:00 2001 From: "R. Ryantm" Date: Sat, 16 Dec 2023 11:17:59 +0000 Subject: [PATCH 008/212] libsepol: 3.5 -> 3.6 --- pkgs/os-specific/linux/libsepol/default.nix | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/pkgs/os-specific/linux/libsepol/default.nix b/pkgs/os-specific/linux/libsepol/default.nix index 5d1c1cfc89c0..548d5222c7a2 100644 --- a/pkgs/os-specific/linux/libsepol/default.nix +++ b/pkgs/os-specific/linux/libsepol/default.nix @@ -2,14 +2,14 @@ stdenv.mkDerivation rec { pname = "libsepol"; - version = "3.5"; + version = "3.6"; se_url = "https://github.com/SELinuxProject/selinux/releases/download"; outputs = [ "bin" "out" "dev" "man" ]; src = fetchurl { url = "${se_url}/${version}/libsepol-${version}.tar.gz"; - sha256 = "sha256-eP2vaZJNt4C6x4VG5D2cRAdLrXmMLEFdC5u5bQZe6KI="; + sha256 = "sha256-ydxYXqlJA9eE1ZfIYc1dzmRZFo+V4isxoOqxzdgAl1o="; }; postPatch = lib.optionalString stdenv.hostPlatform.isStatic '' From 953f35778af53c85862d4ed2cb0bec49851c7e83 Mon Sep 17 00:00:00 2001 From: "R. Ryantm" Date: Fri, 22 Dec 2023 04:14:11 +0000 Subject: [PATCH 009/212] fdk_aac: 2.0.2 -> 2.0.3 --- pkgs/development/libraries/fdk-aac/default.nix | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/pkgs/development/libraries/fdk-aac/default.nix b/pkgs/development/libraries/fdk-aac/default.nix index 99e211877da1..0b07b5704916 100644 --- a/pkgs/development/libraries/fdk-aac/default.nix +++ b/pkgs/development/libraries/fdk-aac/default.nix @@ -6,11 +6,11 @@ stdenv.mkDerivation rec { pname = "fdk-aac"; - version = "2.0.2"; + version = "2.0.3"; src = fetchurl { url = "mirror://sourceforge/opencore-amr/fdk-aac/${pname}-${version}.tar.gz"; - sha256 = "sha256-yehjDPnUM/POrXSQahUg0iI/ibzT+pJUhhAXRAuOsi8="; + sha256 = "sha256-gptrie7zgkCc2mhX/YKvhPq7Y0F7CO3p6npVP4Ect54="; }; outputs = [ "out" "dev" ]; From 92605d2155a8eda40f781dd65733a09957ea9b69 Mon Sep 17 00:00:00 2001 From: Sporesirius Date: Fri, 8 Dec 2023 21:56:47 +0100 Subject: [PATCH 010/212] alsa-ucm-conf: apply patch to fix SplitPCM: Device argument may not be set --- pkgs/by-name/al/alsa-ucm-conf/package.nix | 12 +++++++++++- 1 file changed, 11 insertions(+), 1 deletion(-) diff --git a/pkgs/by-name/al/alsa-ucm-conf/package.nix b/pkgs/by-name/al/alsa-ucm-conf/package.nix index b7203a737638..cb3bf00a0038 100644 --- a/pkgs/by-name/al/alsa-ucm-conf/package.nix +++ b/pkgs/by-name/al/alsa-ucm-conf/package.nix @@ -1,4 +1,4 @@ -{ lib, stdenv, fetchurl }: +{ lib, stdenv, fetchurl, fetchpatch }: stdenv.mkDerivation rec { pname = "alsa-ucm-conf"; @@ -9,6 +9,16 @@ stdenv.mkDerivation rec { hash = "sha256-nCHj8B/wC6p1jfF+hnzTbiTrtBpr7ElzfpkQXhbyrpc="; }; + patches = [ + (fetchpatch { + # ToDo: Remove this patch in the next package upgrade + # Fixes SplitPCM to make some audio devices work with alsa-ucm-conf v1.2.10 again + name = "alsa-ucm-conf-splitpcm-device-argument-fix.patch"; + url = "https://github.com/alsa-project/alsa-ucm-conf/commit/b68aa52acdd2763fedad5eec0f435fbf43e5ccc6.patch"; + hash = "sha256-8WE4+uhi4W7cCSZYmL7uFpcHJ9muX09UkGXyZIpEd9I="; + }) + ]; + dontBuild = true; installPhase = '' From 572a7c01fb4c12b88f6dda33d1ffbca8b3b8a88f Mon Sep 17 00:00:00 2001 From: "R. Ryantm" Date: Mon, 25 Dec 2023 19:32:17 +0000 Subject: [PATCH 011/212] exempi: 2.6.4 -> 2.6.5 --- pkgs/development/libraries/exempi/default.nix | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/pkgs/development/libraries/exempi/default.nix b/pkgs/development/libraries/exempi/default.nix index ac45084a74f9..2ebf1ce7cc91 100644 --- a/pkgs/development/libraries/exempi/default.nix +++ b/pkgs/development/libraries/exempi/default.nix @@ -2,11 +2,11 @@ stdenv.mkDerivation rec { pname = "exempi"; - version = "2.6.4"; + version = "2.6.5"; src = fetchurl { url = "https://libopenraw.freedesktop.org/download/${pname}-${version}.tar.bz2"; - sha256 = "sha256-p1FJyWth45zcsEb9XlbYjP7qtuCPiU4V6//ZlECSv9A="; + sha256 = "sha256-6fmj1Cv/c7XrD3fsIs0BY8PiGUnMQUrR8ZoEZd3kH/4="; }; configureFlags = [ From e6d5d5d44f03cfd3ca37a9a9a12a6fe6a30b14a5 Mon Sep 17 00:00:00 2001 From: Nick Cao Date: Tue, 26 Dec 2023 19:04:27 -0500 Subject: [PATCH 012/212] pcsclite: disable building pcsc-wirecheck{,-gen} when cross compiling --- pkgs/tools/security/pcsclite/default.nix | 8 ++++++++ 1 file changed, 8 insertions(+) diff --git a/pkgs/tools/security/pcsclite/default.nix b/pkgs/tools/security/pcsclite/default.nix index 08a4b5b08d02..386fa01275ca 100644 --- a/pkgs/tools/security/pcsclite/default.nix +++ b/pkgs/tools/security/pcsclite/default.nix @@ -46,6 +46,14 @@ stdenv.mkDerivation (finalAttrs: { "POLICY_DIR=$(out)/share/polkit-1/actions" ]; + # disable building pcsc-wirecheck{,-gen} when cross compiling + # see also: https://github.com/LudovicRousseau/PCSC/issues/25 + postPatch = lib.optionalString (!stdenv.buildPlatform.canExecute stdenv.hostPlatform) '' + substituteInPlace src/Makefile.am \ + --replace "noinst_PROGRAMS = testpcsc pcsc-wirecheck pcsc-wirecheck-gen" \ + "noinst_PROGRAMS = testpcsc" + ''; + postInstall = '' # pcsc-spy is a debugging utility and it drags python into the closure moveToOutput bin/pcsc-spy "$dev" From a9323a371bf69b640fd3034a546535b16774bb52 Mon Sep 17 00:00:00 2001 From: Jonathan King Date: Mon, 1 Jan 2024 17:03:51 +0000 Subject: [PATCH 013/212] p11-kit: fix builds on single-user systems Add back FAKED_MODE environment variable. This was removed in 3ca33e5ef4f8c3e24013905cf741330c9ace3a6c, which caused tests to be run (and fail) that were previously skipped. --- pkgs/development/libraries/p11-kit/default.nix | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/pkgs/development/libraries/p11-kit/default.nix b/pkgs/development/libraries/p11-kit/default.nix index 1e01ed4a607a..246c71ddab1d 100644 --- a/pkgs/development/libraries/p11-kit/default.nix +++ b/pkgs/development/libraries/p11-kit/default.nix @@ -71,6 +71,13 @@ stdenv.mkDerivation rec { --replace 'install_dir: prefix / p11_system_config' "install_dir: '$out/etc/pkcs11'" ''; + preCheck = '' + # Tests run in fakeroot for non-root users (with Nix single-user install) + if [ "$(id -u)" != "0" ]; then + export FAKED_MODE=1 + fi + ''; + meta = with lib; { description = "Library for loading and sharing PKCS#11 modules"; longDescription = '' From 612b3227d3612b0ae78d014caef0eba1fdef7ce7 Mon Sep 17 00:00:00 2001 From: Sergei Trofimovich Date: Tue, 19 Dec 2023 21:58:09 +0000 Subject: [PATCH 014/212] enchant: 2.6.3 -> 2.6.5 Changes: - https://github.com/AbiWord/enchant/releases/tag/v2.6.4 - https://github.com/AbiWord/enchant/releases/tag/v2.6.5 --- pkgs/development/libraries/enchant/2.x.nix | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/pkgs/development/libraries/enchant/2.x.nix b/pkgs/development/libraries/enchant/2.x.nix index 43f9093848b8..30edf6817838 100644 --- a/pkgs/development/libraries/enchant/2.x.nix +++ b/pkgs/development/libraries/enchant/2.x.nix @@ -13,13 +13,13 @@ stdenv.mkDerivation rec { pname = "enchant"; - version = "2.6.3"; + version = "2.6.5"; outputs = [ "out" "dev" ]; src = fetchurl { url = "https://github.com/AbiWord/${pname}/releases/download/v${version}/${pname}-${version}.tar.gz"; - hash = "sha256-wcVxnypZfOPgbJOM+5n7aX2gk96nuFfMAE3B3PG7oYI="; + hash = "sha256-no/SjLZae22jVFh4pcL1KhXwPASTOl/0jbif6GhFco4="; }; nativeBuildInputs = [ From 3ae0f9017f3dada94ae36942ad169fa59e315c3b Mon Sep 17 00:00:00 2001 From: "R. Ryantm" Date: Tue, 9 Jan 2024 15:42:59 +0000 Subject: [PATCH 015/212] libedit: 20221030-3.1 -> 20230828-3.1 --- pkgs/development/libraries/libedit/default.nix | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/pkgs/development/libraries/libedit/default.nix b/pkgs/development/libraries/libedit/default.nix index f0eb267b05b5..749a913da9f1 100644 --- a/pkgs/development/libraries/libedit/default.nix +++ b/pkgs/development/libraries/libedit/default.nix @@ -2,11 +2,11 @@ stdenv.mkDerivation rec { pname = "libedit"; - version = "20221030-3.1"; + version = "20230828-3.1"; src = fetchurl { url = "https://thrysoee.dk/editline/${pname}-${version}.tar.gz"; - sha256 = "sha256-8JJaWt9LG/EW7hl2a32qdmkXrsGYdHlDscTt9npL4rs="; + sha256 = "sha256-TugYK25WkpDn0fRPD3jayHFrNfZWt2Uo9pnGnJiBTa0="; }; outputs = [ "out" "dev" ]; From 88d193f8f5aa06531282ff6a7a4198662cd2f856 Mon Sep 17 00:00:00 2001 From: Sergei Trofimovich Date: Tue, 9 Jan 2024 17:09:12 +0000 Subject: [PATCH 016/212] iproute2: 6.6.0 -> 6.7.0 Changes: https://lore.kernel.org/netdev/20240108094709.050e22bc@hermes.local/T/ --- pkgs/os-specific/linux/iproute/default.nix | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/pkgs/os-specific/linux/iproute/default.nix b/pkgs/os-specific/linux/iproute/default.nix index 1fae93c53251..03eb1959c9b2 100644 --- a/pkgs/os-specific/linux/iproute/default.nix +++ b/pkgs/os-specific/linux/iproute/default.nix @@ -6,11 +6,11 @@ stdenv.mkDerivation rec { pname = "iproute2"; - version = "6.6.0"; + version = "6.7.0"; src = fetchurl { url = "mirror://kernel/linux/utils/net/${pname}/${pname}-${version}.tar.xz"; - hash = "sha256-hzjIBK/Qnwv3VpN/DD3iMReDKpjYy79QOGz1AFzWE84="; + hash = "sha256-/5Qt2YKNfR+Gf2H+cs5DMHjDHl2OSnjiDwLLWJLohB0="; }; postPatch = '' From 205ccaef1d141f0c6ce4cc317dc23a8f7befcfac Mon Sep 17 00:00:00 2001 From: "R. Ryantm" Date: Thu, 11 Jan 2024 15:44:21 +0000 Subject: [PATCH 017/212] qpdf: 11.6.3 -> 11.8.0 --- pkgs/development/libraries/qpdf/default.nix | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/pkgs/development/libraries/qpdf/default.nix b/pkgs/development/libraries/qpdf/default.nix index 2cabf5022844..872faafdd1ff 100644 --- a/pkgs/development/libraries/qpdf/default.nix +++ b/pkgs/development/libraries/qpdf/default.nix @@ -2,13 +2,13 @@ stdenv.mkDerivation rec { pname = "qpdf"; - version = "11.6.3"; + version = "11.8.0"; src = fetchFromGitHub { owner = "qpdf"; repo = "qpdf"; rev = "v${version}"; - hash = "sha256-asGNZ/5iEkyIjRO9FECV1bN4k/YHv4/7I125BUr9+fE="; + hash = "sha256-EoFCRAWia8LAaLdoBW0ByndzIAjSvQ7bJFh0SZ/FKtY="; }; nativeBuildInputs = [ cmake perl ]; From 62d6083d3cd4ee629da58b4225349c21c9099999 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Robert=20Sch=C3=BCtz?= Date: Thu, 11 Jan 2024 09:02:51 -0800 Subject: [PATCH 018/212] python311Packages.trove-classifiers: 2023.11.29 -> 2024.1.8 Changelog: https://github.com/pypa/trove-classifiers/releases/tag/2024.1.8 --- pkgs/development/python-modules/trove-classifiers/default.nix | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/pkgs/development/python-modules/trove-classifiers/default.nix b/pkgs/development/python-modules/trove-classifiers/default.nix index 3485c0f1fd2c..f65c9e651bed 100644 --- a/pkgs/development/python-modules/trove-classifiers/default.nix +++ b/pkgs/development/python-modules/trove-classifiers/default.nix @@ -10,14 +10,14 @@ let self = buildPythonPackage rec { pname = "trove-classifiers"; - version = "2023.11.29"; + version = "2024.1.8"; pyproject = true; disabled = pythonOlder "3.7"; src = fetchPypi { inherit pname version; - hash = "sha256-/49/2Cx5MhE7RufvZ0LHAJHMY2QMjGXbANkfLpQLlRQ="; + hash = "sha256-bjbK9DD/ZIXEtXpMazZKE/aomNFrlBfGw3Rn5ZwUsFo="; }; postPatch = '' From 5ae7a93f626a37f4320a4a789096c6dd3569ff96 Mon Sep 17 00:00:00 2001 From: "R. Ryantm" Date: Mon, 15 Jan 2024 04:07:32 +0000 Subject: [PATCH 019/212] attr: 2.5.1 -> 2.5.2 --- pkgs/development/libraries/attr/default.nix | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/pkgs/development/libraries/attr/default.nix b/pkgs/development/libraries/attr/default.nix index 4ad1525c2e09..4815497da14f 100644 --- a/pkgs/development/libraries/attr/default.nix +++ b/pkgs/development/libraries/attr/default.nix @@ -7,11 +7,11 @@ stdenv.mkDerivation rec { pname = "attr"; - version = "2.5.1"; + version = "2.5.2"; src = fetchurl { url = "mirror://savannah/attr/${pname}-${version}.tar.gz"; - sha256 = "1y6sibbkrcjygv8naadnsg6xmsqwfh6cwrqk01l0v2i5kfacdqds"; + sha256 = "sha256-Ob9nRS+kHQlIwhl2AQU/SLPXigKTiXNDMqYwmmgMbIc="; }; outputs = [ "bin" "dev" "out" "man" "doc" ]; From 813f5d7bbb4c09b997bf67ac0a0697e4d22e3fc0 Mon Sep 17 00:00:00 2001 From: "R. Ryantm" Date: Mon, 15 Jan 2024 04:11:59 +0000 Subject: [PATCH 020/212] isocodes: 4.15.0 -> 4.16.0 --- pkgs/development/libraries/iso-codes/default.nix | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/pkgs/development/libraries/iso-codes/default.nix b/pkgs/development/libraries/iso-codes/default.nix index f5a4c46f5791..5539a97f0ce6 100644 --- a/pkgs/development/libraries/iso-codes/default.nix +++ b/pkgs/development/libraries/iso-codes/default.nix @@ -2,11 +2,11 @@ stdenv.mkDerivation rec { pname = "iso-codes"; - version = "4.15.0"; + version = "4.16.0"; src = fetchurl { url = "https://salsa.debian.org/iso-codes-team/iso-codes/-/archive/v${version}/${pname}-v${version}.tar.gz"; - sha256 = "sha256-uDtUudfdbrh3OAs+xG83CwXa8sv6ExxhLwNZjWVMDvg="; + sha256 = "sha256-fJkPw5oFl1vtsBdeP/Cfw4MEiBX2i0Yqu/BVqAMuZsw="; }; nativeBuildInputs = [ gettext python3 ]; From d815073393b24c345a16f3784f97989f998600e9 Mon Sep 17 00:00:00 2001 From: "R. Ryantm" Date: Mon, 15 Jan 2024 05:17:34 +0000 Subject: [PATCH 021/212] libidn: 1.41 -> 1.42 --- pkgs/development/libraries/libidn/default.nix | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/pkgs/development/libraries/libidn/default.nix b/pkgs/development/libraries/libidn/default.nix index 9e1d9e55c16a..da37ef781b35 100644 --- a/pkgs/development/libraries/libidn/default.nix +++ b/pkgs/development/libraries/libidn/default.nix @@ -4,11 +4,11 @@ stdenv.mkDerivation (finalAttrs: { pname = "libidn"; - version = "1.41"; + version = "1.42"; src = fetchurl { url = "mirror://gnu/libidn/${finalAttrs.pname}-${finalAttrs.version}.tar.gz"; - sha256 = "sha256-iE1wY2S4Gr3Re+6Whtj/KudDHFoUZRBHxorfizH9iUU="; + sha256 = "sha256-1sGZ3NgG5P4nk2DLSwg0mg05Vg7VSP/RzK3ajN7LRyM="; }; outputs = [ "bin" "dev" "out" "info" "devdoc" ]; From 5aaf2ce7e59f6a0cae48459d29f773f305381875 Mon Sep 17 00:00:00 2001 From: "R. Ryantm" Date: Mon, 15 Jan 2024 05:25:09 +0000 Subject: [PATCH 022/212] libsForQt5.qca: 2.3.7 -> 2.3.8 --- pkgs/development/libraries/qca/default.nix | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/pkgs/development/libraries/qca/default.nix b/pkgs/development/libraries/qca/default.nix index 6e2afe6f0deb..66cdfe28eb31 100644 --- a/pkgs/development/libraries/qca/default.nix +++ b/pkgs/development/libraries/qca/default.nix @@ -4,11 +4,11 @@ let isQt6 = lib.versions.major qtbase.version == "6"; in stdenv.mkDerivation rec { pname = "qca"; - version = "2.3.7"; + version = "2.3.8"; src = fetchurl { url = "mirror://kde/stable/qca/${version}/qca-${version}.tar.xz"; - sha256 = "sha256-/uI0O1RofVvj4w+zPOKW7lCseuXiPXq3JfY//fevP0M="; + sha256 = "sha256-SHWcqGoCAkYdkIumYTQ4DMO7fSD+08AxufwCiXlqgmQ="; }; buildInputs = [ openssl qtbase qt5compat ]; From 2e051a49b48b284abf038eecf74251d5538e20a9 Mon Sep 17 00:00:00 2001 From: Sergei Trofimovich Date: Mon, 15 Jan 2024 21:48:08 +0000 Subject: [PATCH 023/212] libpsl: 0.21.2 -> 0.21.5 Changes: - https://github.com/rockdaboot/libpsl/releases/tag/0.21.3 - https://github.com/rockdaboot/libpsl/releases/tag/0.21.4 - https://github.com/rockdaboot/libpsl/releases/tag/0.21.5 --- pkgs/development/libraries/libpsl/default.nix | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/pkgs/development/libraries/libpsl/default.nix b/pkgs/development/libraries/libpsl/default.nix index 2af41e7785ae..26ca5b2455dc 100644 --- a/pkgs/development/libraries/libpsl/default.nix +++ b/pkgs/development/libraries/libpsl/default.nix @@ -25,11 +25,11 @@ let ; in stdenv.mkDerivation rec { pname = "libpsl"; - version = "0.21.2"; + version = "0.21.5"; src = fetchurl { url = "https://github.com/rockdaboot/libpsl/releases/download/${version}/libpsl-${version}.tar.lz"; - sha256 = "sha256-qj1wbEUnhtE0XglNriAc022B8Dz4HWNtXPwQ02WQfxc="; + hash = "sha256-mp9qjG7bplDPnqVUdc0XLdKEhzFoBOnHMgLZdXLNOi0="; }; nativeBuildInputs = [ From 32cacb910002b59442fdd10bf5a5de3d8e326071 Mon Sep 17 00:00:00 2001 From: Sergei Trofimovich Date: Mon, 15 Jan 2024 21:57:13 +0000 Subject: [PATCH 024/212] cpio: 2.14 -> 2.15 Changes: https://lists.gnu.org/archive/html/info-gnu/2024-01/msg00006.html --- pkgs/tools/archivers/cpio/default.nix | 14 ++------------ 1 file changed, 2 insertions(+), 12 deletions(-) diff --git a/pkgs/tools/archivers/cpio/default.nix b/pkgs/tools/archivers/cpio/default.nix index 4116a0b3e4ca..5b65a580fa67 100644 --- a/pkgs/tools/archivers/cpio/default.nix +++ b/pkgs/tools/archivers/cpio/default.nix @@ -1,7 +1,6 @@ { lib , stdenv , fetchurl -, fetchpatch , autoreconfHook # for passthru.tests @@ -13,22 +12,13 @@ stdenv.mkDerivation rec { pname = "cpio"; - version = "2.14"; + version = "2.15"; src = fetchurl { url = "mirror://gnu/cpio/cpio-${version}.tar.bz2"; - sha256 = "/NwV1g9yZ6b8fvzWudt7bIlmxPL7u5ZMJNQTNv0/LBI="; + hash = "sha256-k3YQuXwymh7JJoVT+3gAN7z/8Nz/6XJevE/ZwaqQdds="; }; - patches = [ - # Pull upstream fix for clang-16 and gcc-14. - (fetchpatch { - name = "major-decl.patch"; - url = "https://git.savannah.gnu.org/cgit/cpio.git/patch/?id=8179be21e664cedb2e9d238cc2f6d04965e97275"; - hash = "sha256-k5Xiv3xuPU8kPT6D9B6p+V8SK55ybFgrIIPDgHuorpM="; - }) - ]; - nativeBuildInputs = [ autoreconfHook ]; separateDebugInfo = true; From bbf8e405bd569deb94619c6a61e3bb735df91531 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Robert=20Sch=C3=BCtz?= Date: Mon, 15 Jan 2024 16:41:14 -0800 Subject: [PATCH 025/212] catch2_3: 3.5.1 -> 3.5.2 Diff: https://github.com/catchorg/Catch2/compare/v3.5.1...v3.5.2 Changelog: https://github.com/catchorg/Catch2/blob/v3.5.2/docs/release-notes.md --- pkgs/development/libraries/catch2/3.nix | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/pkgs/development/libraries/catch2/3.nix b/pkgs/development/libraries/catch2/3.nix index a6b51710e615..6bf982aa75fb 100644 --- a/pkgs/development/libraries/catch2/3.nix +++ b/pkgs/development/libraries/catch2/3.nix @@ -7,13 +7,13 @@ stdenv.mkDerivation rec { pname = "catch2"; - version = "3.5.1"; + version = "3.5.2"; src = fetchFromGitHub { owner = "catchorg"; repo = "Catch2"; rev = "v${version}"; - hash = "sha256-OyYNUfnu6h1+MfCF8O+awQ4Usad0qrdCtdZhYgOY+Vw="; + hash = "sha256-xGPfXjk+oOnR7JqTrZd2pKJxalrlS8CMs7HWDClXaS8="; }; nativeBuildInputs = [ From 97e613d5ccb5a2a040f73ec9046f822444b516c1 Mon Sep 17 00:00:00 2001 From: Nick Cao Date: Wed, 10 Jan 2024 16:21:39 -0500 Subject: [PATCH 026/212] xorg.imake: 1.0.9 -> 1.0.10 --- pkgs/servers/x11/xorg/default.nix | 6 +++--- pkgs/servers/x11/xorg/tarballs.list | 2 +- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/pkgs/servers/x11/xorg/default.nix b/pkgs/servers/x11/xorg/default.nix index ec79b05c4f65..86ecef5034a9 100644 --- a/pkgs/servers/x11/xorg/default.nix +++ b/pkgs/servers/x11/xorg/default.nix @@ -998,11 +998,11 @@ self: with self; { # THIS IS A GENERATED FILE. DO NOT EDIT! imake = callPackage ({ stdenv, pkg-config, fetchurl, xorgproto, testers }: stdenv.mkDerivation (finalAttrs: { pname = "imake"; - version = "1.0.9"; + version = "1.0.10"; builder = ./builder.sh; src = fetchurl { - url = "mirror://xorg/individual/util/imake-1.0.9.tar.xz"; - sha256 = "10wgw3l0rsnvc2191awyg5j24n3g552xgc671qr5vnbliwkrvpkj"; + url = "mirror://xorg/individual/util/imake-1.0.10.tar.xz"; + sha256 = "1xgcsamfij22ggc4p8anvvihwyf4adg6gjdd6v7m9cypm37cppkm"; }; hardeningDisable = [ "bindnow" "relro" ]; strictDeps = true; diff --git a/pkgs/servers/x11/xorg/tarballs.list b/pkgs/servers/x11/xorg/tarballs.list index c7f54a0c0ecc..8cb6162c0b22 100644 --- a/pkgs/servers/x11/xorg/tarballs.list +++ b/pkgs/servers/x11/xorg/tarballs.list @@ -213,7 +213,7 @@ mirror://xorg/individual/proto/xcb-proto-1.16.0.tar.xz mirror://xorg/individual/proto/xorgproto-2023.2.tar.xz mirror://xorg/individual/util/bdftopcf-1.1.1.tar.xz mirror://xorg/individual/util/gccmakedep-1.0.3.tar.bz2 -mirror://xorg/individual/util/imake-1.0.9.tar.xz +mirror://xorg/individual/util/imake-1.0.10.tar.xz mirror://xorg/individual/util/lndir-1.0.4.tar.xz mirror://xorg/individual/util/makedepend-1.0.8.tar.xz mirror://xorg/individual/util/util-macros-1.20.0.tar.xz From 9296199d02167661ae9ebc86d89ca70fe32a02af Mon Sep 17 00:00:00 2001 From: Sergei Trofimovich Date: Tue, 16 Jan 2024 11:49:40 +0000 Subject: [PATCH 027/212] sqlite, sqlite-analyzer: 3.44.2 -> 3.45.0 Changes: https://www.sqlite.org/releaselog/3_45_0.html --- pkgs/development/libraries/sqlite/default.nix | 6 +++--- pkgs/development/libraries/sqlite/tools.nix | 6 +++--- 2 files changed, 6 insertions(+), 6 deletions(-) diff --git a/pkgs/development/libraries/sqlite/default.nix b/pkgs/development/libraries/sqlite/default.nix index eb4d975a6e01..b13da429bd15 100644 --- a/pkgs/development/libraries/sqlite/default.nix +++ b/pkgs/development/libraries/sqlite/default.nix @@ -17,13 +17,13 @@ in stdenv.mkDerivation rec { pname = "sqlite${lib.optionalString interactive "-interactive"}"; - version = "3.44.2"; + version = "3.45.0"; # nixpkgs-update: no auto update # NB! Make sure to update ./tools.nix src (in the same directory). src = fetchurl { - url = "https://sqlite.org/2023/sqlite-autoconf-${archiveVersion version}.tar.gz"; - hash = "sha256-HGcZoUi8Qc8PK7vjkm184/XKCdh48SRvzCB2exdbtAc="; + url = "https://sqlite.org/2024/sqlite-autoconf-${archiveVersion version}.tar.gz"; + hash = "sha256-coh9V6HY+J9SvjjvhKY1POjD7VWtp4ZOuUSr2aSV5DY="; }; outputs = [ "bin" "dev" "out" ]; diff --git a/pkgs/development/libraries/sqlite/tools.nix b/pkgs/development/libraries/sqlite/tools.nix index dd092dd0f043..bcc02efe4e9a 100644 --- a/pkgs/development/libraries/sqlite/tools.nix +++ b/pkgs/development/libraries/sqlite/tools.nix @@ -4,12 +4,12 @@ let archiveVersion = import ./archive-version.nix lib; mkTool = { pname, makeTarget, description, homepage, mainProgram }: stdenv.mkDerivation rec { inherit pname; - version = "3.44.2"; + version = "3.45.0"; # nixpkgs-update: no auto update src = assert version == sqlite.version; fetchurl { - url = "https://sqlite.org/2023/sqlite-src-${archiveVersion version}.zip"; - hash = "sha256-cxh0c/63RQk1fo+my5/WcVOy0BDQCusv3bbO6xirryc="; + url = "https://sqlite.org/2024/sqlite-src-${archiveVersion version}.zip"; + hash = "sha256-FNwttIfoVjzihqOJSQQsseh8pm2HLV6kPHY5EASUH+I="; }; nativeBuildInputs = [ unzip ]; From 6c28096c16e7a8c8add40b1f12dbd97f87c87767 Mon Sep 17 00:00:00 2001 From: Sergei Trofimovich Date: Tue, 16 Jan 2024 12:01:09 +0000 Subject: [PATCH 028/212] shadow: 4.14.2 -> 4.14.3 Changes: https://github.com/shadow-maint/shadow/releases/tag/4.14.3 --- pkgs/os-specific/linux/shadow/default.nix | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/pkgs/os-specific/linux/shadow/default.nix b/pkgs/os-specific/linux/shadow/default.nix index d6319fd0dcf3..2f4e49062aef 100644 --- a/pkgs/os-specific/linux/shadow/default.nix +++ b/pkgs/os-specific/linux/shadow/default.nix @@ -17,13 +17,13 @@ in stdenv.mkDerivation rec { pname = "shadow"; - version = "4.14.2"; + version = "4.14.3"; src = fetchFromGitHub { owner = "shadow-maint"; repo = pname; rev = version; - hash = "sha256-8sFXxP4MPFzKfBHzlKlsibj0lVQKJbC/Z7pWCy3WEuc="; + hash = "sha256-Y5wyvmTh66Bjb1/UPdDF78lgvH7HFTCFowhQQ+Fo9ak="; }; outputs = [ "out" "su" "dev" "man" ]; From 4181c1f58775ee90277569f4f636e6cabe91d828 Mon Sep 17 00:00:00 2001 From: Sergei Trofimovich Date: Wed, 17 Jan 2024 11:08:09 +0000 Subject: [PATCH 029/212] bash: 5.2p21 -> 5.2p26 While at it exposed patch suffix as a `version` attribute. --- pkgs/shells/bash/5.nix | 7 ++++--- pkgs/shells/bash/bash-5.2-patches.nix | 5 +++++ 2 files changed, 9 insertions(+), 3 deletions(-) diff --git a/pkgs/shells/bash/5.nix b/pkgs/shells/bash/5.nix index 3c4fb83e3e4e..de0426fbcdcd 100644 --- a/pkgs/shells/bash/5.nix +++ b/pkgs/shells/bash/5.nix @@ -22,11 +22,12 @@ let }); in stdenv.mkDerivation rec { - name = "bash-${lib.optionalString interactive "interactive-"}${version}-p${toString (builtins.length upstreamPatches)}"; - version = "5.2"; + pname = "bash${lib.optionalString interactive "-interactive"}"; + version = "5.2${patch_suffix}"; + patch_suffix = "p${toString (builtins.length upstreamPatches)}"; src = fetchurl { - url = "mirror://gnu/bash/bash-${version}.tar.gz"; + url = "mirror://gnu/bash/bash-${lib.removeSuffix patch_suffix version}.tar.gz"; sha256 = "sha256-oTnBZt9/9EccXgczBRZC7lVWwcyKSnjxRVg8XIGrMvs="; }; diff --git a/pkgs/shells/bash/bash-5.2-patches.nix b/pkgs/shells/bash/bash-5.2-patches.nix index 3aa9f331d8bb..5d5ef94676de 100644 --- a/pkgs/shells/bash/bash-5.2-patches.nix +++ b/pkgs/shells/bash/bash-5.2-patches.nix @@ -22,4 +22,9 @@ patch: [ (patch "019" "10njgv5mrc5rhsp5lvxcbm0pnzn59a8spi2nhdasifyl1a32cp1j") (patch "020" "07f0wlmqjdfarp44w3gj9gdqbqm5x20rvlhpn34ngklmxcm2bz5n") (patch "021" "1kahfqqalcwi4m73pg3ssz6lh0kcqsqax09myac7a15d2y0vhd43") +(patch "022" "0w74aym0g1fh48864a3qxh89f26iaq7wsbg7244c6kjr94527dbq") +(patch "023" "1lywjqbc36j5pdzfcvnz1zy30j76aqmsm190p888av0hw815b45g") +(patch "024" "1hq23djqbr7s9y2324jq9mxr5bwdkmgizn3zgpchbsqp054k85cp") +(patch "025" "0x9hc4silzl4d3zw4p43i5dm7w86k50j47f87lracwfgwy3z8f2i") +(patch "026" "1b1fhm1dsi67r8ip17s0xvx2qq31fsxc1g9n3r931dd0k9a1zvln") ] From 43f2bb13b225287422b8da5edd8b51a3007ff095 Mon Sep 17 00:00:00 2001 From: Maxine Aubrey Date: Tue, 16 Jan 2024 23:57:54 +0100 Subject: [PATCH 030/212] =?UTF-8?q?libdecor:=200.1.1=20=E2=86=92=200.2.2?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- pkgs/development/libraries/libdecor/default.nix | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/pkgs/development/libraries/libdecor/default.nix b/pkgs/development/libraries/libdecor/default.nix index fefaf98c40e9..f81fdc68768a 100644 --- a/pkgs/development/libraries/libdecor/default.nix +++ b/pkgs/development/libraries/libdecor/default.nix @@ -10,18 +10,19 @@ , cairo , dbus , pango +, gtk3 }: stdenv.mkDerivation rec { pname = "libdecor"; - version = "0.1.1"; + version = "0.2.2"; src = fetchFromGitLab { domain = "gitlab.freedesktop.org"; owner = "libdecor"; repo = "libdecor"; rev = version; - hash = "sha256-8b6qCqOSDDbhYwAeAaUyI71tSopTkGtCJaxZaJw1vQQ="; + hash = "sha256-mID19uHXFKJUZtQsSOXjRdz541YVjMxmSHVa+DlkPRc="; }; outputs = [ "out" "dev" ]; @@ -45,6 +46,7 @@ stdenv.mkDerivation rec { cairo dbus pango + gtk3 ]; meta = with lib; { From bfe565b38722e3e26356d00c9da8a7a24b1a1e2e Mon Sep 17 00:00:00 2001 From: "R. Ryantm" Date: Thu, 18 Jan 2024 06:49:19 +0000 Subject: [PATCH 031/212] libmaxminddb: 1.7.1 -> 1.9.1 --- pkgs/development/libraries/libmaxminddb/default.nix | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/pkgs/development/libraries/libmaxminddb/default.nix b/pkgs/development/libraries/libmaxminddb/default.nix index db794925504a..1651d36710e6 100644 --- a/pkgs/development/libraries/libmaxminddb/default.nix +++ b/pkgs/development/libraries/libmaxminddb/default.nix @@ -2,11 +2,11 @@ stdenv.mkDerivation rec { pname = "libmaxminddb"; - version = "1.7.1"; + version = "1.9.1"; src = fetchurl { url = meta.homepage + "/releases/download/${version}/${pname}-${version}.tar.gz"; - sha256 = "sha256-6EFPDe3Oy8H2wxy2XNgWUJUqsGd6TYxJyrYDs7j7CD4="; + sha256 = "sha256-qAaCqJ2RX99gs10xYjL7BOvzb/8n/am9Of6KONPNPxI="; }; meta = with lib; { From bc08997f00d1262b5a1cf2808d6cb046c4d0c4cb Mon Sep 17 00:00:00 2001 From: "R. Ryantm" Date: Thu, 18 Jan 2024 07:15:00 +0000 Subject: [PATCH 032/212] dhcpcd: 10.0.3 -> 10.0.6 --- pkgs/tools/networking/dhcpcd/default.nix | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/pkgs/tools/networking/dhcpcd/default.nix b/pkgs/tools/networking/dhcpcd/default.nix index 0350a4989262..13fe0bca6bf7 100644 --- a/pkgs/tools/networking/dhcpcd/default.nix +++ b/pkgs/tools/networking/dhcpcd/default.nix @@ -11,13 +11,13 @@ stdenv.mkDerivation rec { pname = "dhcpcd"; - version = "10.0.3"; + version = "10.0.6"; src = fetchFromGitHub { owner = "NetworkConfiguration"; repo = "dhcpcd"; rev = "v${version}"; - sha256 = "sha256-NXLOfSPGHiRDSagaT+37TAn9XtdcG4+wP9AvyGJi4Dc="; + sha256 = "sha256-tNC5XCA8dShaTIff15mQz8v+YK9sZkRNLCX5qnlpxx4="; }; nativeBuildInputs = [ pkg-config ]; From 159b810bead4af2e04145d8a63168cab0d40538b Mon Sep 17 00:00:00 2001 From: Jonathan Davies Date: Thu, 18 Jan 2024 11:16:52 +0000 Subject: [PATCH 033/212] =?UTF-8?q?libcamera:=200.1.0=20=E2=86=92=200.2.0?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- pkgs/development/libraries/libcamera/default.nix | 14 ++------------ 1 file changed, 2 insertions(+), 12 deletions(-) diff --git a/pkgs/development/libraries/libcamera/default.nix b/pkgs/development/libraries/libcamera/default.nix index 232fb29ecbe5..5079c0219da1 100644 --- a/pkgs/development/libraries/libcamera/default.nix +++ b/pkgs/development/libraries/libcamera/default.nix @@ -1,6 +1,5 @@ { stdenv , fetchgit -, fetchpatch , lib , meson , ninja @@ -22,25 +21,16 @@ stdenv.mkDerivation rec { pname = "libcamera"; - version = "0.1.0"; + version = "0.2.0"; src = fetchgit { url = "https://git.libcamera.org/libcamera/libcamera.git"; rev = "v${version}"; - hash = "sha256-icHZtv25QvJEv0DlELT3cDxho3Oz2BJAMNKr5W4bshk="; + hash = "sha256-x0Im9m9MoACJhQKorMI34YQ+/bd62NdAPc2nWwaJAvM="; }; outputs = [ "out" "dev" "doc" ]; - patches = [ - (fetchpatch { - # https://git.libcamera.org/libcamera/libcamera.git/commit/?id=6cb92b523bd60bd7718df134cc5b1eff51cf42e5 - name = "libcamera-sphinx7.0-compat.patch"; - url = "https://git.libcamera.org/libcamera/libcamera.git/patch/?id=6cb92b523bd60bd7718df134cc5b1eff51cf42e5"; - hash = "sha256-gs0EiT3gWlmRjDim+o2C0VmnoWqEouP5pNTD4XbNSdE="; - }) - ]; - postPatch = '' patchShebangs utils/ ''; From c58d060c232c5affcc8fa9fde5f0f88ac660be76 Mon Sep 17 00:00:00 2001 From: Lin Jian Date: Thu, 18 Jan 2024 22:14:53 +0800 Subject: [PATCH 034/212] emacs: 29.1 -> 29.2 --- pkgs/applications/editors/emacs/sources.nix | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/pkgs/applications/editors/emacs/sources.nix b/pkgs/applications/editors/emacs/sources.nix index 37bab4923bfc..aa73fa29b0d1 100644 --- a/pkgs/applications/editors/emacs/sources.nix +++ b/pkgs/applications/editors/emacs/sources.nix @@ -77,10 +77,10 @@ in emacs29 = import ./make-emacs.nix (mkArgs { pname = "emacs"; - version = "29.1"; + version = "29.2"; variant = "mainline"; - rev = "29.1"; - hash = "sha256-3HDCwtOKvkXwSULf3W7YgTz4GV8zvYnh2RrL28qzGKg="; + rev = "29.2"; + hash = "sha256-qSQmQzVyEGSr4GAI6rqnEwBvhl09D2D8MNasHqZQPL8="; }); emacs28-macport = import ./make-emacs.nix (mkArgs { From 3ae83d1fadf35b1c57541627400612c4fb892249 Mon Sep 17 00:00:00 2001 From: Robert Scott Date: Thu, 18 Jan 2024 21:39:49 +0000 Subject: [PATCH 035/212] python3Packages.scipy: add patch to fix build with openblas 0.3.26 --- pkgs/development/python-modules/scipy/default.nix | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/pkgs/development/python-modules/scipy/default.nix b/pkgs/development/python-modules/scipy/default.nix index caca48153b72..14179f9e859b 100644 --- a/pkgs/development/python-modules/scipy/default.nix +++ b/pkgs/development/python-modules/scipy/default.nix @@ -73,6 +73,11 @@ in buildPythonPackage { "doc/source/dev/contributor/meson_advanced.rst" ]; }) + (fetchpatch { + name = "openblas-0.3.26-compat.patch"; + url = "https://github.com/scipy/scipy/commit/8c96a1f742335bca283aae418763aaba62c03378.patch"; + hash = "sha256-SGoYDxwSAkr6D5/XEqHLerF4e4nmmI+PX+z+3taWAps="; + }) ]; # Relax deps a bit From 4adfb15a20051c7bd075b9d03a8227211422977f Mon Sep 17 00:00:00 2001 From: "R. Ryantm" Date: Wed, 3 Jan 2024 06:37:25 +0000 Subject: [PATCH 036/212] openblas: 0.3.25 -> 0.3.26 --- pkgs/development/libraries/science/math/openblas/default.nix | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/pkgs/development/libraries/science/math/openblas/default.nix b/pkgs/development/libraries/science/math/openblas/default.nix index c5b9f9019e06..4138ece9af5b 100644 --- a/pkgs/development/libraries/science/math/openblas/default.nix +++ b/pkgs/development/libraries/science/math/openblas/default.nix @@ -141,7 +141,7 @@ let in stdenv.mkDerivation rec { pname = "openblas"; - version = "0.3.25"; + version = "0.3.26"; outputs = [ "out" "dev" ]; @@ -149,7 +149,7 @@ stdenv.mkDerivation rec { owner = "xianyi"; repo = "OpenBLAS"; rev = "v${version}"; - hash = "sha256-eY/R7gLDOls3csuwZkUS+x+v3GeL3dCsOD+4STxDpCg="; + hash = "sha256-AA3+x3SXkcg3g7bROZYLpWAbxnRedmQBZPe+rBJKxJ8="; }; postPatch = '' From fdc01914573cab5d476e4cc3dd4df1fcf13b8403 Mon Sep 17 00:00:00 2001 From: Jonathan Davies Date: Fri, 19 Jan 2024 09:56:01 +0000 Subject: [PATCH 037/212] pipewire: Added upstream patch for libcamera 0.2.0 changes. --- pkgs/development/libraries/pipewire/default.nix | 8 ++++++++ 1 file changed, 8 insertions(+) diff --git a/pkgs/development/libraries/pipewire/default.nix b/pkgs/development/libraries/pipewire/default.nix index 0d1e3b03a09a..fffed9b3f79c 100644 --- a/pkgs/development/libraries/pipewire/default.nix +++ b/pkgs/development/libraries/pipewire/default.nix @@ -105,6 +105,14 @@ let ./0060-libjack-path.patch # Move installed tests into their own output. ./0070-installed-tests-path.patch + + # Remove for release post 1.0.1: + (fetchpatch { + # https://gitlab.freedesktop.org/pipewire/pipewire/-/merge_requests/1750 + name = "pipewire-spa-libcamera-use-cameraconfiguration-orientation-pr1750.patch"; + url = "https://gitlab.freedesktop.org/pipewire/pipewire/-/merge_requests/1750.patch "; + hash = "sha256-Ugg913KZDKELnYLwpDEgYh92YPxccw61l6kAJulBbIA="; + }) ]; strictDeps = true; From 234a90427a2707de5b73b4a28be51a2f8d3e5740 Mon Sep 17 00:00:00 2001 From: Sergei Trofimovich Date: Tue, 9 Jan 2024 17:15:57 +0000 Subject: [PATCH 038/212] gjs: 1.78.1 -> 1.78.3 Changes: - https://gitlab.gnome.org/GNOME/gjs/-/blob/1.78.2/NEWS - https://gitlab.gnome.org/GNOME/gjs/-/blob/1.78.3/NEWS --- pkgs/development/libraries/gjs/default.nix | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/pkgs/development/libraries/gjs/default.nix b/pkgs/development/libraries/gjs/default.nix index b7f91afa3710..1c1c1d5ff407 100644 --- a/pkgs/development/libraries/gjs/default.nix +++ b/pkgs/development/libraries/gjs/default.nix @@ -32,13 +32,13 @@ let ]; in stdenv.mkDerivation (finalAttrs: { pname = "gjs"; - version = "1.78.1"; + version = "1.78.3"; outputs = [ "out" "dev" "installedTests" ]; src = fetchurl { url = "mirror://gnome/sources/gjs/${lib.versions.majorMinor finalAttrs.version}/gjs-${finalAttrs.version}.tar.xz"; - hash = "sha256-fpBRHEKRJ8OerABoxKyaNT335vu8ZG9fGOiWKILBhkE="; + hash = "sha256-QtUDZMql15LHZzT+W7zEudu0iBnaIKQGAGHouVJhNKQ="; }; patches = [ From bc73401bf642f80465900c38090dae5618cd5be1 Mon Sep 17 00:00:00 2001 From: Sergei Trofimovich Date: Fri, 19 Jan 2024 20:35:36 +0000 Subject: [PATCH 039/212] pam: 1.5.3 -> 1.6.0 Changes: https://github.com/linux-pam/linux-pam/releases/tag/v1.6.0 --- pkgs/os-specific/linux/pam/default.nix | 16 +++------------- 1 file changed, 3 insertions(+), 13 deletions(-) diff --git a/pkgs/os-specific/linux/pam/default.nix b/pkgs/os-specific/linux/pam/default.nix index 241f33f1e00a..116fd06d511c 100644 --- a/pkgs/os-specific/linux/pam/default.nix +++ b/pkgs/os-specific/linux/pam/default.nix @@ -1,5 +1,4 @@ { lib, stdenv, buildPackages, fetchurl -, fetchpatch , flex, cracklib, db4, gettext, audit, libxcrypt , nixosTests , autoreconfHook269, pkg-config-unwrapped @@ -7,23 +6,15 @@ stdenv.mkDerivation rec { pname = "linux-pam"; - version = "1.5.3"; + version = "1.6.0"; src = fetchurl { url = "https://github.com/linux-pam/linux-pam/releases/download/v${version}/Linux-PAM-${version}.tar.xz"; - hash = "sha256-esS1D+7gBKn6iPHf0tL6c4qCiWdjBQzXc7PFSwqBgoM="; + hash = "sha256-//SjTlu+534ujxmS8nYx4jKby/igVj3etcM4m04xaa0="; }; patches = [ ./suid-wrapper-path.patch - # Pull support for localization on non-default --prefix: - # https://github.com/NixOS/nixpkgs/issues/249010 - # https://github.com/linux-pam/linux-pam/pull/604 - (fetchpatch { - name = "bind-locales.patch"; - url = "https://github.com/linux-pam/linux-pam/commit/77bd338125cde583ecdfb9fd69619bcd2baf15c2.patch"; - hash = "sha256-tlc9RcLZpEH315NFD4sdN9yOco8qhC6+bszl4OHm+AI="; - }) ]; # Case-insensitivity workaround for https://github.com/linux-pam/linux-pam/issues/569 @@ -35,8 +26,7 @@ stdenv.mkDerivation rec { outputs = [ "out" "doc" "man" /* "modules" */ ]; depsBuildBuild = [ buildPackages.stdenv.cc ]; - # autoreconfHook269 is needed for `suid-wrapper-path.patch` and - # `bind-locales.patch` above. + # autoreconfHook269 is needed for `suid-wrapper-path.patch` above. # pkg-config-unwrapped is needed for `AC_CHECK_LIB` and `AC_SEARCH_LIBS` nativeBuildInputs = [ flex autoreconfHook269 pkg-config-unwrapped ] ++ lib.optional stdenv.buildPlatform.isDarwin gettext; From 2193026e9fe9189a04a585e217a272e44ef93bca Mon Sep 17 00:00:00 2001 From: Sergei Trofimovich Date: Fri, 19 Jan 2024 22:55:21 +0000 Subject: [PATCH 040/212] efivar: pull `gcc-13` fix pending upstream inclusion Without the change (and without disabled warnings) the build fails as: esl-iter.c:84:1: error: conflicting types for 'esl_iter_next_with_size_correction' due to enum/integer mismatch; have 'esl_iter_status_t(esl_iter *, efi_guid_t *, efi_guid_t *, uint8_t **, size_t *, _Bool)' {aka 'enum esl_iter_status(esl_iter *, efi_guid_t *, efi_guid_t *, unsigned char **, long unsigned int *, _Bool)'} [-Werror=enum-int-mismatch] 84 | esl_iter_next_with_size_correction(esl_iter *iter, efi_guid_t *type, | ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ In file included from efisec.h:25, from esl-iter.c:7: esl-iter.h:61:12: note: previous declaration of 'esl_iter_next_with_size_correction' with type 'int(esl_iter *, efi *, efi_guid_t *, uint8_t **, size_t *, _Bool)' {aka 'int(esl_iter *, efi_guid_t *, efi_guid_t *, unsigned char **, long unsigned int *, _Bool)'} 61 | extern int esl_iter_next_with_size_correction(esl_iter *iter, efi_guid_t *type, | ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ --- pkgs/tools/system/efivar/default.nix | 7 +++++++ pkgs/top-level/all-packages.nix | 2 +- 2 files changed, 8 insertions(+), 1 deletion(-) diff --git a/pkgs/tools/system/efivar/default.nix b/pkgs/tools/system/efivar/default.nix index 8507c7c7cec0..9ddb83ca5e36 100644 --- a/pkgs/tools/system/efivar/default.nix +++ b/pkgs/tools/system/efivar/default.nix @@ -29,6 +29,13 @@ stdenv.mkDerivation rec { url = "https://github.com/rhboot/efivar/commit/cece3ffd5be2f8641eb694513f2b73e5eb97ffd3.patch"; sha256 = "7/E0gboU0A45/BY6jGPLuvds6qKtNjzpgKgdNTaVaZQ="; }) + + # Fix build against gcc-13: https://github.com/rhboot/efivar/pull/242 + (fetchpatch { + name = "gcc-13.patch"; + url = "https://github.com/rhboot/efivar/commit/52fece47d4f3ebd588bd85598bfc7a0142365f7e.patch"; + hash = "sha256-tOmxbY7kD6kzbBZ2RhQ5gCCpHtu+2gRNa7VUAWdCKu0="; + }) ]; nativeBuildInputs = [ pkg-config mandoc ]; diff --git a/pkgs/top-level/all-packages.nix b/pkgs/top-level/all-packages.nix index 1e80a598bfca..6428d88b2963 100644 --- a/pkgs/top-level/all-packages.nix +++ b/pkgs/top-level/all-packages.nix @@ -7944,7 +7944,7 @@ with pkgs; efibootmgr = callPackage ../tools/system/efibootmgr { }; - efivar = disable-warnings-if-gcc13 (callPackage ../tools/system/efivar { }); + efivar = callPackage ../tools/system/efivar { }; eget = callPackage ../tools/misc/eget { }; From 59fe697100e0bc5046c20c314c2d5689831b4b30 Mon Sep 17 00:00:00 2001 From: "R. Ryantm" Date: Sat, 20 Jan 2024 00:07:51 +0000 Subject: [PATCH 041/212] libaom: 3.8.0 -> 3.8.1 --- pkgs/development/libraries/libaom/default.nix | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/pkgs/development/libraries/libaom/default.nix b/pkgs/development/libraries/libaom/default.nix index 78aac8754787..0818aa38dbbd 100644 --- a/pkgs/development/libraries/libaom/default.nix +++ b/pkgs/development/libraries/libaom/default.nix @@ -9,11 +9,11 @@ let in stdenv.mkDerivation rec { pname = "libaom"; - version = "3.8.0"; + version = "3.8.1"; src = fetchzip { url = "https://aomedia.googlesource.com/aom/+archive/v${version}.tar.gz"; - hash = "sha256-JxMz+XnjmUvk8TlTqdU2HP1Gq3bXfcLkXp5AEv9+7hM="; + hash = "sha256-qng9fEbm71HqPnPzfgqswSium9egIgpB6ZLesOQVg6c="; stripRoot = false; }; From 147e5c5026cd9e77fa456fcead3e5486969e263f Mon Sep 17 00:00:00 2001 From: "R. Ryantm" Date: Sat, 20 Jan 2024 05:44:11 +0000 Subject: [PATCH 042/212] iputils: 20231222 -> 20240117 --- pkgs/os-specific/linux/iputils/default.nix | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/pkgs/os-specific/linux/iputils/default.nix b/pkgs/os-specific/linux/iputils/default.nix index 56ac85fa0b7a..75d706b63f95 100644 --- a/pkgs/os-specific/linux/iputils/default.nix +++ b/pkgs/os-specific/linux/iputils/default.nix @@ -15,13 +15,13 @@ stdenv.mkDerivation rec { pname = "iputils"; - version = "20231222"; + version = "20240117"; src = fetchFromGitHub { owner = pname; repo = pname; rev = version; - hash = "sha256-/blxT6k79fgbxX8qCQuJMf7zDPwMjJUt7FCscaMXx6U="; + hash = "sha256-sERY8ZKuXiY85cXdNWOm4byiNU7mOVIeA55dgQJHdoE="; }; outputs = [ "out" "apparmor" ]; From ce9db269a63518296030dbf2a0cb0f729686552e Mon Sep 17 00:00:00 2001 From: Sergei Trofimovich Date: Sat, 20 Jan 2024 10:43:23 +0000 Subject: [PATCH 043/212] linuxHeaders: 6.6 -> 6.7 --- pkgs/os-specific/linux/kernel-headers/default.nix | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/pkgs/os-specific/linux/kernel-headers/default.nix b/pkgs/os-specific/linux/kernel-headers/default.nix index 652468002775..fc2f8ddbd143 100644 --- a/pkgs/os-specific/linux/kernel-headers/default.nix +++ b/pkgs/os-specific/linux/kernel-headers/default.nix @@ -111,12 +111,12 @@ let in { inherit makeLinuxHeaders; - linuxHeaders = let version = "6.6"; in + linuxHeaders = let version = "6.7"; in makeLinuxHeaders { inherit version; src = fetchurl { url = "mirror://kernel/linux/kernel/v${lib.versions.major version}.x/linux-${version}.tar.xz"; - hash = "sha256-2SagbGPdisffP4buH/ws4qO4Gi0WhITna1s4mrqOVtA="; + hash = "sha256-7zEUSiV20IDYwxaY6D7J9mv5fGd/oqrw1bu58zRbEGk="; }; patches = [ ./no-relocs.patch # for building x86 kernel headers on non-ELF platforms From a8f8d262582eec4ee8c6a6e76d70116c5b51a7ff Mon Sep 17 00:00:00 2001 From: Robert Scott Date: Tue, 12 Dec 2023 21:48:49 +0000 Subject: [PATCH 044/212] release-notes: add note on new ability to set defaultHardeningFlags --- nixos/doc/manual/release-notes/rl-2405.section.md | 2 ++ 1 file changed, 2 insertions(+) diff --git a/nixos/doc/manual/release-notes/rl-2405.section.md b/nixos/doc/manual/release-notes/rl-2405.section.md index 0286b3346a65..7b7e06616150 100644 --- a/nixos/doc/manual/release-notes/rl-2405.section.md +++ b/nixos/doc/manual/release-notes/rl-2405.section.md @@ -176,6 +176,8 @@ The pre-existing [services.ankisyncd](#opt-services.ankisyncd.enable) has been m After upgrading, follow the instructions on the [upstream release notes](https://github.com/majewsky/portunus/releases/tag/v2.0.0) to upgrade all user accounts to strong password hashes. Support for weak password hashes will be removed in NixOS 24.11. +- A stdenv's default set of hardening flags can now be set via its `bintools-wrapper`'s `defaultHardeningFlags` argument. A convenient stdenv adapter, `withDefaultHardeningFlags`, can be used to override an existing stdenv's `defaultHardeningFlags`. + - `libass` now uses the native CoreText backend on Darwin, which may fix subtitle rendering issues with `mpv`, `ffmpeg`, etc. - [Lilypond](https://lilypond.org/index.html) and [Denemo](https://www.denemo.org) are now compiled with Guile 3.0. From 40868719b0ff142d0df5fba0f2ec7f370e072048 Mon Sep 17 00:00:00 2001 From: Robert Scott Date: Sun, 8 Oct 2023 22:56:46 +0100 Subject: [PATCH 045/212] cc-wrapper: add zerocallusedregs hardening flag this uses the value `used-gpr` which seems to be a commonly chosen value for general use --- nixos/doc/manual/release-notes/rl-2405.section.md | 2 ++ pkgs/build-support/cc-wrapper/add-hardening.sh | 6 +++++- pkgs/development/compilers/gcc/default.nix | 1 + pkgs/development/compilers/llvm/10/clang/default.nix | 2 +- pkgs/development/compilers/llvm/11/clang/default.nix | 2 +- pkgs/development/compilers/llvm/12/clang/default.nix | 2 +- pkgs/development/compilers/llvm/13/clang/default.nix | 2 +- pkgs/development/compilers/llvm/14/clang/default.nix | 2 +- pkgs/development/compilers/llvm/15/clang/default.nix | 6 +++++- pkgs/development/compilers/llvm/16/clang/default.nix | 6 +++++- pkgs/development/compilers/llvm/17/clang/default.nix | 6 +++++- pkgs/development/compilers/llvm/8/clang/default.nix | 2 +- pkgs/development/compilers/llvm/9/clang/default.nix | 2 +- pkgs/development/compilers/llvm/git/clang/default.nix | 6 +++++- pkgs/stdenv/darwin/default.nix | 5 ++++- pkgs/stdenv/generic/make-derivation.nix | 1 + pkgs/stdenv/linux/bootstrap-tools-musl/default.nix | 2 +- pkgs/stdenv/linux/bootstrap-tools/default.nix | 2 +- 18 files changed, 42 insertions(+), 15 deletions(-) diff --git a/nixos/doc/manual/release-notes/rl-2405.section.md b/nixos/doc/manual/release-notes/rl-2405.section.md index 0286b3346a65..b6d5f02220d9 100644 --- a/nixos/doc/manual/release-notes/rl-2405.section.md +++ b/nixos/doc/manual/release-notes/rl-2405.section.md @@ -195,6 +195,8 @@ The pre-existing [services.ankisyncd](#opt-services.ankisyncd.enable) has been m - `stdenv`: The `--replace` flag in `substitute`, `substituteInPlace`, `substituteAll`, `substituteAllStream`, and `substituteStream` is now deprecated if favor of the new `--replace-fail`, `--replace-warn` and `--replace-quiet`. The deprecated `--replace` equates to `--replace-warn`. +- A new hardening flag, `zerocallusedregs` was made available, corresponding to the gcc/clang option `-fzero-call-used-regs=used-gpr`. + - The Yama LSM is now enabled by default in the kernel, which prevents ptracing non-child processes. This means you will not be able to attach gdb to an existing process, but will need to start that process from gdb (so it is a diff --git a/pkgs/build-support/cc-wrapper/add-hardening.sh b/pkgs/build-support/cc-wrapper/add-hardening.sh index 2eae278da160..e884f8388b58 100644 --- a/pkgs/build-support/cc-wrapper/add-hardening.sh +++ b/pkgs/build-support/cc-wrapper/add-hardening.sh @@ -32,7 +32,7 @@ if [[ -n "${hardeningEnableMap[fortify3]-}" ]]; then fi if (( "${NIX_DEBUG:-0}" >= 1 )); then - declare -a allHardeningFlags=(fortify fortify3 stackprotector pie pic strictoverflow format) + declare -a allHardeningFlags=(fortify fortify3 stackprotector pie pic strictoverflow format zerocallusedregs) declare -A hardeningDisableMap=() # Determine which flags were effectively disabled so we can report below. @@ -110,6 +110,10 @@ for flag in "${!hardeningEnableMap[@]}"; do if (( "${NIX_DEBUG:-0}" >= 1 )); then echo HARDENING: enabling format >&2; fi hardeningCFlagsBefore+=('-Wformat' '-Wformat-security' '-Werror=format-security') ;; + zerocallusedregs) + if (( "${NIX_DEBUG:-0}" >= 1 )); then echo HARDENING: enabling zerocallusedregs >&2; fi + hardeningCFlagsBefore+=('-fzero-call-used-regs=used-gpr') + ;; *) # Ignore unsupported. Checked in Nix that at least *some* # tool supports each flag. diff --git a/pkgs/development/compilers/gcc/default.nix b/pkgs/development/compilers/gcc/default.nix index e0ca04a13878..53bc057a5b25 100644 --- a/pkgs/development/compilers/gcc/default.nix +++ b/pkgs/development/compilers/gcc/default.nix @@ -407,6 +407,7 @@ lib.pipe ((callFile ./common/builder.nix {}) ({ inherit langC langCC langObjC langObjCpp langAda langFortran langGo langD langJava version; isGNU = true; hardeningUnsupportedFlags = lib.optional is48 "stackprotector" + ++ lib.optional (!atLeast11) "zerocallusedregs" ++ lib.optional (!atLeast12) "fortify3" ++ lib.optionals (langFortran) [ "fortify" "format" ]; }; diff --git a/pkgs/development/compilers/llvm/10/clang/default.nix b/pkgs/development/compilers/llvm/10/clang/default.nix index ad4e91304158..747e7cf1a551 100644 --- a/pkgs/development/compilers/llvm/10/clang/default.nix +++ b/pkgs/development/compilers/llvm/10/clang/default.nix @@ -90,7 +90,7 @@ let passthru = { inherit libllvm; isClang = true; - hardeningUnsupportedFlags = [ "fortify3" ]; + hardeningUnsupportedFlags = [ "fortify3" "zerocallusedregs" ]; }; meta = llvm_meta // { diff --git a/pkgs/development/compilers/llvm/11/clang/default.nix b/pkgs/development/compilers/llvm/11/clang/default.nix index 0e61930f1c0e..5ddecd1f47e9 100644 --- a/pkgs/development/compilers/llvm/11/clang/default.nix +++ b/pkgs/development/compilers/llvm/11/clang/default.nix @@ -95,7 +95,7 @@ let passthru = { inherit libllvm; isClang = true; - hardeningUnsupportedFlags = [ "fortify3" ]; + hardeningUnsupportedFlags = [ "fortify3" "zerocallusedregs" ]; }; meta = llvm_meta // { diff --git a/pkgs/development/compilers/llvm/12/clang/default.nix b/pkgs/development/compilers/llvm/12/clang/default.nix index c46776d38ac3..28f976a26bdb 100644 --- a/pkgs/development/compilers/llvm/12/clang/default.nix +++ b/pkgs/development/compilers/llvm/12/clang/default.nix @@ -89,7 +89,7 @@ let passthru = { inherit libllvm; isClang = true; - hardeningUnsupportedFlags = [ "fortify3" ]; + hardeningUnsupportedFlags = [ "fortify3" "zerocallusedregs" ]; }; meta = llvm_meta // { diff --git a/pkgs/development/compilers/llvm/13/clang/default.nix b/pkgs/development/compilers/llvm/13/clang/default.nix index 6604ae0efc3f..7673c903e71c 100644 --- a/pkgs/development/compilers/llvm/13/clang/default.nix +++ b/pkgs/development/compilers/llvm/13/clang/default.nix @@ -83,7 +83,7 @@ let passthru = { inherit libllvm; isClang = true; - hardeningUnsupportedFlags = [ "fortify3" ]; + hardeningUnsupportedFlags = [ "fortify3" "zerocallusedregs" ]; }; meta = llvm_meta // { diff --git a/pkgs/development/compilers/llvm/14/clang/default.nix b/pkgs/development/compilers/llvm/14/clang/default.nix index 9f0da7a9f46c..f63f55cfa546 100644 --- a/pkgs/development/compilers/llvm/14/clang/default.nix +++ b/pkgs/development/compilers/llvm/14/clang/default.nix @@ -86,7 +86,7 @@ let passthru = { inherit libllvm; isClang = true; - hardeningUnsupportedFlags = [ "fortify3" ]; + hardeningUnsupportedFlags = [ "fortify3" "zerocallusedregs" ]; }; meta = llvm_meta // { diff --git a/pkgs/development/compilers/llvm/15/clang/default.nix b/pkgs/development/compilers/llvm/15/clang/default.nix index c49d6368cb97..8c19956a0bfe 100644 --- a/pkgs/development/compilers/llvm/15/clang/default.nix +++ b/pkgs/development/compilers/llvm/15/clang/default.nix @@ -97,7 +97,11 @@ let passthru = { inherit libllvm; isClang = true; - hardeningUnsupportedFlags = [ "fortify3" ]; + hardeningUnsupportedFlags = [ + "fortify3" + # supported on x86_64/aarch64 only + "zerocallusedregs" + ]; }; meta = llvm_meta // { diff --git a/pkgs/development/compilers/llvm/16/clang/default.nix b/pkgs/development/compilers/llvm/16/clang/default.nix index 5f28e810f603..4e260906a2c5 100644 --- a/pkgs/development/compilers/llvm/16/clang/default.nix +++ b/pkgs/development/compilers/llvm/16/clang/default.nix @@ -91,7 +91,11 @@ let passthru = { inherit libllvm; isClang = true; - hardeningUnsupportedFlags = [ "fortify3" ]; + hardeningUnsupportedFlags = [ + "fortify3" + # supported on x86_64/aarch64 only + "zerocallusedregs" + ]; }; meta = llvm_meta // { diff --git a/pkgs/development/compilers/llvm/17/clang/default.nix b/pkgs/development/compilers/llvm/17/clang/default.nix index 3184437830a2..7b530e009de2 100644 --- a/pkgs/development/compilers/llvm/17/clang/default.nix +++ b/pkgs/development/compilers/llvm/17/clang/default.nix @@ -95,7 +95,11 @@ let passthru = { inherit libllvm; isClang = true; - hardeningUnsupportedFlags = [ "fortify3" ]; + hardeningUnsupportedFlags = [ + "fortify3" + # supported on x86_64/aarch64 only + "zerocallusedregs" + ]; }; meta = llvm_meta // { diff --git a/pkgs/development/compilers/llvm/8/clang/default.nix b/pkgs/development/compilers/llvm/8/clang/default.nix index 994f9bd967c4..36b09df19c68 100644 --- a/pkgs/development/compilers/llvm/8/clang/default.nix +++ b/pkgs/development/compilers/llvm/8/clang/default.nix @@ -102,7 +102,7 @@ let passthru = { inherit libllvm; isClang = true; - hardeningUnsupportedFlags = [ "fortify3" ]; + hardeningUnsupportedFlags = [ "fortify3" "zerocallusedregs" ]; }; meta = llvm_meta // { diff --git a/pkgs/development/compilers/llvm/9/clang/default.nix b/pkgs/development/compilers/llvm/9/clang/default.nix index 75814fc11c48..e8a2a4bd0db1 100644 --- a/pkgs/development/compilers/llvm/9/clang/default.nix +++ b/pkgs/development/compilers/llvm/9/clang/default.nix @@ -97,7 +97,7 @@ let passthru = { inherit libllvm; isClang = true; - hardeningUnsupportedFlags = [ "fortify3" ]; + hardeningUnsupportedFlags = [ "fortify3" "zerocallusedregs" ]; }; meta = llvm_meta // { diff --git a/pkgs/development/compilers/llvm/git/clang/default.nix b/pkgs/development/compilers/llvm/git/clang/default.nix index d8fe08569f3f..b8e5c4eb5910 100644 --- a/pkgs/development/compilers/llvm/git/clang/default.nix +++ b/pkgs/development/compilers/llvm/git/clang/default.nix @@ -95,7 +95,11 @@ let passthru = { inherit libllvm; isClang = true; - hardeningUnsupportedFlags = [ "fortify3" ]; + hardeningUnsupportedFlags = [ + "fortify3" + # supported on x86_64/aarch64 only + "zerocallusedregs" + ]; }; meta = llvm_meta // { diff --git a/pkgs/stdenv/darwin/default.nix b/pkgs/stdenv/darwin/default.nix index c94c56daae1c..eb5403860cad 100644 --- a/pkgs/stdenv/darwin/default.nix +++ b/pkgs/stdenv/darwin/default.nix @@ -341,7 +341,10 @@ in ln -s ${bootstrapTools}/lib/clang $out/lib ln -s ${bootstrapTools}/include $out ''; - passthru.isFromBootstrapFiles = true; + passthru = { + isFromBootstrapFiles = true; + hardeningUnsupportedFlags = [ "fortify3" "zerocallusedregs" ]; + }; }; clang-unwrapped = selfTools.libclang; libllvm = self.stdenv.mkDerivation { diff --git a/pkgs/stdenv/generic/make-derivation.nix b/pkgs/stdenv/generic/make-derivation.nix index cb1607c5e63a..54a03a56866b 100644 --- a/pkgs/stdenv/generic/make-derivation.nix +++ b/pkgs/stdenv/generic/make-derivation.nix @@ -249,6 +249,7 @@ let "relro" "stackprotector" "strictoverflow" + "zerocallusedregs" ]; defaultHardeningFlags = (if stdenv.hasCC then stdenv.cc else {}).defaultHardeningFlags or diff --git a/pkgs/stdenv/linux/bootstrap-tools-musl/default.nix b/pkgs/stdenv/linux/bootstrap-tools-musl/default.nix index 569f0c6f31e2..ad2449cfd9ff 100644 --- a/pkgs/stdenv/linux/bootstrap-tools-musl/default.nix +++ b/pkgs/stdenv/linux/bootstrap-tools-musl/default.nix @@ -15,5 +15,5 @@ derivation ({ langC = true; langCC = true; isGNU = true; - hardeningUnsupportedFlags = [ "fortify3" ]; + hardeningUnsupportedFlags = [ "fortify3" "zerocallusedregs" ]; } // extraAttrs) diff --git a/pkgs/stdenv/linux/bootstrap-tools/default.nix b/pkgs/stdenv/linux/bootstrap-tools/default.nix index 569f0c6f31e2..ad2449cfd9ff 100644 --- a/pkgs/stdenv/linux/bootstrap-tools/default.nix +++ b/pkgs/stdenv/linux/bootstrap-tools/default.nix @@ -15,5 +15,5 @@ derivation ({ langC = true; langCC = true; isGNU = true; - hardeningUnsupportedFlags = [ "fortify3" ]; + hardeningUnsupportedFlags = [ "fortify3" "zerocallusedregs" ]; } // extraAttrs) From 851f20e12826cf368d2df9f7137061b8108636d0 Mon Sep 17 00:00:00 2001 From: Jan Tojnar Date: Sat, 20 Jan 2024 15:07:09 +0100 Subject: [PATCH 046/212] =?UTF-8?q?libxml2:=202.12.3-unstable-2023-12-14?= =?UTF-8?q?=20=E2=86=92=202.12.4?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit https://gitlab.gnome.org/GNOME/libxml2/-/releases/v2.12.4 --- pkgs/development/libraries/libxml2/default.nix | 12 ++++-------- 1 file changed, 4 insertions(+), 8 deletions(-) diff --git a/pkgs/development/libraries/libxml2/default.nix b/pkgs/development/libraries/libxml2/default.nix index d06c45e81990..ce7e51c04f48 100644 --- a/pkgs/development/libraries/libxml2/default.nix +++ b/pkgs/development/libraries/libxml2/default.nix @@ -1,7 +1,6 @@ { stdenv , lib , fetchurl -, fetchFromGitLab , zlib , pkg-config , autoreconfHook @@ -35,19 +34,16 @@ in let libxml = stdenv.mkDerivation rec { pname = "libxml2"; - version = "2.12.3-unstable-2023-12-14"; + version = "2.12.4"; outputs = [ "bin" "dev" "out" "doc" ] ++ lib.optional pythonSupport "py" ++ lib.optional (enableStatic && enableShared) "static"; outputMan = "bin"; - src = fetchFromGitLab { - domain = "gitlab.gnome.org"; - owner = "GNOME"; - repo = "libxml2"; - rev = "f006355eda722cae204606b9f95ba51f5ce9189b"; - hash = "sha256-3WE90KDZq4Uaawuulc3t2+R8duCqgjEGUDN4HSXxohY="; + src = fetchurl { + url = "mirror://gnome/sources/libxml2/${lib.versions.majorMinor version}/libxml2-${version}.tar.xz"; + hash = "sha256-SXNg5CPPC9merNt8YhXeqS5tbonulAOTwrrg53y5t9A="; }; strictDeps = true; From e35a2e2fe339efdeb9493fc6e4b29f39992afe0c Mon Sep 17 00:00:00 2001 From: Robert Scott Date: Sat, 20 Jan 2024 18:27:00 +0000 Subject: [PATCH 047/212] python3Packages.pillow: 10.1.0 -> 10.2.0 note pypi package name has been lowercased --- pkgs/development/python-modules/pillow/default.nix | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/pkgs/development/python-modules/pillow/default.nix b/pkgs/development/python-modules/pillow/default.nix index 7cf0bb9420fe..f101d6b361ec 100644 --- a/pkgs/development/python-modules/pillow/default.nix +++ b/pkgs/development/python-modules/pillow/default.nix @@ -12,15 +12,15 @@ import ./generic.nix (rec { pname = "pillow"; - version = "10.1.0"; + version = "10.2.0"; format = "pyproject"; disabled = pythonOlder "3.8"; src = fetchPypi { - pname = "Pillow"; + pname = "pillow"; inherit version; - hash = "sha256-5r+N5sNu2WyG6jtuHVJzxT9G71GKBiRkzX713Sz5Ljg="; + hash = "sha256-6H8LLHgVfhLXaGsn1jwHD9ZdmU6N2ubzKODc9KDNAH4="; }; passthru.tests = { From 108dfbc2c4a8aeb07cca8c0ee7aafa684995e1b3 Mon Sep 17 00:00:00 2001 From: Simon Hollingshead Date: Sun, 21 Jan 2024 02:06:02 +0000 Subject: [PATCH 048/212] libcbor: unstable-2023-01-29 -> 0.10.2 --- pkgs/development/libraries/libcbor/default.nix | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/pkgs/development/libraries/libcbor/default.nix b/pkgs/development/libraries/libcbor/default.nix index 514ee36d02df..43a73d374ea5 100644 --- a/pkgs/development/libraries/libcbor/default.nix +++ b/pkgs/development/libraries/libcbor/default.nix @@ -14,13 +14,13 @@ stdenv.mkDerivation (finalAttrs: { pname = "libcbor"; - version = "unstable-2023-01-29"; # Musl fix hasn't been released yet. + version = "0.10.2"; src = fetchFromGitHub { owner = "PJK"; repo = "libcbor"; - rev = "cb4162f40d94751141b4d43b07c4add83e738a68"; - sha256 = "sha256-ZTa+wG1g9KsVoqJG/yqxo2fJ7OhPnaI9QcfOmpOT3pg="; + rev = "v${finalAttrs.version}"; + hash = "sha256-eE11hYPsOKqfoX8fx/oYfOAichhUe4mMpNQNVZ6vAUI="; }; outputs = [ "out" "dev" ]; From c943bf8a2ef60e9cdb7662816d214ac4797b3993 Mon Sep 17 00:00:00 2001 From: Simon Hollingshead Date: Sun, 21 Jan 2024 06:09:36 +0000 Subject: [PATCH 049/212] publicsuffix-list: unstable-2023-02-16 -> 0-unstable-2024-01-07 --- pkgs/data/misc/publicsuffix-list/default.nix | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/pkgs/data/misc/publicsuffix-list/default.nix b/pkgs/data/misc/publicsuffix-list/default.nix index d5608036b5e3..b2c69dff1091 100644 --- a/pkgs/data/misc/publicsuffix-list/default.nix +++ b/pkgs/data/misc/publicsuffix-list/default.nix @@ -2,13 +2,13 @@ stdenvNoCC.mkDerivation { pname = "publicsuffix-list"; - version = "unstable-2023-02-16"; + version = "0-unstable-2024-01-07"; src = fetchFromGitHub { owner = "publicsuffix"; repo = "list"; - rev = "8ec4d3049fe139f92937b6137155c33b81dcaf18"; - hash = "sha256-wA8zk0iADFNP33veIf+Mfx22zdMzHsMNWEizMp1SnuA="; + rev = "5db9b65997e3c9230ac4353b01994c2ae9667cb9"; + hash = "sha256-kIJVS2ETAXQa1MMG8cjRUSFUn+jm9jBWH8go3L+lqHE="; }; dontBuild = true; From e79c13385843382aa2256898f80b44030889f9a5 Mon Sep 17 00:00:00 2001 From: Robert Scott Date: Mon, 11 Dec 2023 18:01:24 +0000 Subject: [PATCH 050/212] add pkgsExtraHardening package set this package set can be used to trial new hardening flags or enable those which are still known to cause some problems --- nixos/doc/manual/release-notes/rl-2405.section.md | 2 ++ pkgs/top-level/release-attrpaths-superset.nix | 1 + pkgs/top-level/stage.nix | 13 +++++++++++++ 3 files changed, 16 insertions(+) diff --git a/nixos/doc/manual/release-notes/rl-2405.section.md b/nixos/doc/manual/release-notes/rl-2405.section.md index b6d5f02220d9..74d47fb56604 100644 --- a/nixos/doc/manual/release-notes/rl-2405.section.md +++ b/nixos/doc/manual/release-notes/rl-2405.section.md @@ -214,6 +214,8 @@ The pre-existing [services.ankisyncd](#opt-services.ankisyncd.enable) has been m - [](#opt-boot.kernel.sysctl._net.core.wmem_max_) changed from a string to an integer because of the addition of a custom merge option (taking the highest value defined to avoid conflicts between 2 services trying to set that value), just as [](#opt-boot.kernel.sysctl._net.core.rmem_max_) since 22.11. +- A new top-level package set, `pkgsExtraHardening` is added. This is a set of packages built with stricter hardening flags - those that have not yet received enough testing to be applied universally, those that are more likely to cause build failures or those that have drawbacks to their use (e.g. performance or required hardware features). + - `services.zfs.zed.enableMail` now uses the global `sendmail` wrapper defined by an email module (such as msmtp or Postfix). It no longer requires using a special ZFS build with email support. diff --git a/pkgs/top-level/release-attrpaths-superset.nix b/pkgs/top-level/release-attrpaths-superset.nix index 673b63a5ac34..55cce6101d71 100644 --- a/pkgs/top-level/release-attrpaths-superset.nix +++ b/pkgs/top-level/release-attrpaths-superset.nix @@ -53,6 +53,7 @@ let pkgsStatic = true; pkgsCross = true; pkgsi686Linux = true; + pkgsExtraHardening = true; }; # No release package attrname may have any of these at a component diff --git a/pkgs/top-level/stage.nix b/pkgs/top-level/stage.nix index 1cc05167cee8..cbf0f585fe41 100644 --- a/pkgs/top-level/stage.nix +++ b/pkgs/top-level/stage.nix @@ -276,6 +276,19 @@ let gcc.abi = "elfv2"; }; }); + + pkgsExtraHardening = nixpkgsFun { + overlays = [ + (self': super': { + pkgsExtraHardening = super'; + stdenv = super'.withDefaultHardeningFlags ( + super'.stdenv.cc.defaultHardeningFlags ++ [ + "zerocallusedregs" + ] + ) super'.stdenv; + }) + ] ++ overlays; + }; }; # The complete chain of package set builders, applied from top to bottom. From 506ec38e7f2292790dba1b34b5def792ad2de5e8 Mon Sep 17 00:00:00 2001 From: Robert Scott Date: Sun, 17 Dec 2023 14:04:44 +0000 Subject: [PATCH 051/212] cc-wrapper, clang: use new mechanism to selectively unsupport zerocallusedregs this allows a compiler derivation to provide a hardeningUnsupportedFlagsByTargetPlatform passthru attr that will be called with the targetPlatform to determine the unsupported hardening flags for that platform. we can do this because even though a clang compiler is multi-target by nature, cc-wrapper effectively fixes the target platform at wrapping time. otherwise we'd have to sniff the intended target at runtime, which wouldn't be fun at all. the advantage of using a new attribute instead of allowing hardeningUnsupportedFlags to optionally be a function is that hardeningUnsupportedFlags retains its simple overriding pattern for simple cases (i.e. `(prev.hardeningUnsupportedFlags or []) ++ [ "foo" ]` ) which will continue to work as long as the bottom-most function of hardeningUnsupportedFlagsByTargetPlatform falls back to hardeningUnsupportedFlags. --- pkgs/build-support/cc-wrapper/default.nix | 11 ++++++++++- pkgs/development/compilers/llvm/15/clang/default.nix | 7 ++++--- pkgs/development/compilers/llvm/16/clang/default.nix | 7 ++++--- pkgs/development/compilers/llvm/17/clang/default.nix | 7 ++++--- pkgs/development/compilers/llvm/git/clang/default.nix | 7 ++++--- 5 files changed, 26 insertions(+), 13 deletions(-) diff --git a/pkgs/build-support/cc-wrapper/default.nix b/pkgs/build-support/cc-wrapper/default.nix index 59aaa41e9c17..693c6e6fcfd4 100644 --- a/pkgs/build-support/cc-wrapper/default.nix +++ b/pkgs/build-support/cc-wrapper/default.nix @@ -223,6 +223,15 @@ let defaultHardeningFlags = bintools.defaultHardeningFlags or []; + # if cc.hardeningUnsupportedFlagsByTargetPlatform exists, this is + # called with the targetPlatform as an argument and + # cc.hardeningUnsupportedFlags is completely ignored - the function + # is responsible for including the constant hardeningUnsupportedFlags + # list however it sees fit. + ccHardeningUnsupportedFlags = if cc ? hardeningUnsupportedFlagsByTargetPlatform + then cc.hardeningUnsupportedFlagsByTargetPlatform targetPlatform + else (cc.hardeningUnsupportedFlags or []); + darwinPlatformForCC = optionalString stdenv.targetPlatform.isDarwin ( if (targetPlatform.darwinPlatform == "macos" && isGNU) then "macosx" else targetPlatform.darwinPlatform @@ -584,7 +593,7 @@ stdenv.mkDerivation { ## Hardening support ## + '' - export hardening_unsupported_flags="${builtins.concatStringsSep " " (cc.hardeningUnsupportedFlags or [])}" + export hardening_unsupported_flags="${builtins.concatStringsSep " " ccHardeningUnsupportedFlags}" '' # Machine flags. These are necessary to support diff --git a/pkgs/development/compilers/llvm/15/clang/default.nix b/pkgs/development/compilers/llvm/15/clang/default.nix index 8c19956a0bfe..9ec15a393004 100644 --- a/pkgs/development/compilers/llvm/15/clang/default.nix +++ b/pkgs/development/compilers/llvm/15/clang/default.nix @@ -7,7 +7,7 @@ }: let - self = stdenv.mkDerivation (rec { + self = stdenv.mkDerivation (finalAttrs: rec { pname = "clang"; inherit version; @@ -99,9 +99,10 @@ let isClang = true; hardeningUnsupportedFlags = [ "fortify3" - # supported on x86_64/aarch64 only - "zerocallusedregs" ]; + hardeningUnsupportedFlagsByTargetPlatform = targetPlatform: + lib.optional (!(targetPlatform.isx86_64 || targetPlatform.isAarch64)) "zerocallusedregs" + ++ (finalAttrs.passthru.hardeningUnsupportedFlags or []); }; meta = llvm_meta // { diff --git a/pkgs/development/compilers/llvm/16/clang/default.nix b/pkgs/development/compilers/llvm/16/clang/default.nix index 4e260906a2c5..43c497b92761 100644 --- a/pkgs/development/compilers/llvm/16/clang/default.nix +++ b/pkgs/development/compilers/llvm/16/clang/default.nix @@ -7,7 +7,7 @@ }: let - self = stdenv.mkDerivation (rec { + self = stdenv.mkDerivation (finalAttrs: rec { pname = "clang"; inherit version; @@ -93,9 +93,10 @@ let isClang = true; hardeningUnsupportedFlags = [ "fortify3" - # supported on x86_64/aarch64 only - "zerocallusedregs" ]; + hardeningUnsupportedFlagsByTargetPlatform = targetPlatform: + lib.optional (!(targetPlatform.isx86_64 || targetPlatform.isAarch64)) "zerocallusedregs" + ++ (finalAttrs.passthru.hardeningUnsupportedFlags or []); }; meta = llvm_meta // { diff --git a/pkgs/development/compilers/llvm/17/clang/default.nix b/pkgs/development/compilers/llvm/17/clang/default.nix index 7b530e009de2..f2f114233c28 100644 --- a/pkgs/development/compilers/llvm/17/clang/default.nix +++ b/pkgs/development/compilers/llvm/17/clang/default.nix @@ -7,7 +7,7 @@ }: let - self = stdenv.mkDerivation (rec { + self = stdenv.mkDerivation (finalAttrs: rec { pname = "clang"; inherit version; @@ -97,9 +97,10 @@ let isClang = true; hardeningUnsupportedFlags = [ "fortify3" - # supported on x86_64/aarch64 only - "zerocallusedregs" ]; + hardeningUnsupportedFlagsByTargetPlatform = targetPlatform: + lib.optional (!(targetPlatform.isx86_64 || targetPlatform.isAarch64)) "zerocallusedregs" + ++ (finalAttrs.passthru.hardeningUnsupportedFlags or []); }; meta = llvm_meta // { diff --git a/pkgs/development/compilers/llvm/git/clang/default.nix b/pkgs/development/compilers/llvm/git/clang/default.nix index b8e5c4eb5910..7d0dc964a9e4 100644 --- a/pkgs/development/compilers/llvm/git/clang/default.nix +++ b/pkgs/development/compilers/llvm/git/clang/default.nix @@ -7,7 +7,7 @@ }: let - self = stdenv.mkDerivation (rec { + self = stdenv.mkDerivation (finalAttrs: rec { pname = "clang"; inherit version; @@ -97,9 +97,10 @@ let isClang = true; hardeningUnsupportedFlags = [ "fortify3" - # supported on x86_64/aarch64 only - "zerocallusedregs" ]; + hardeningUnsupportedFlagsByTargetPlatform = targetPlatform: + lib.optional (!(targetPlatform.isx86_64 || targetPlatform.isAarch64)) "zerocallusedregs" + ++ (finalAttrs.passthru.hardeningUnsupportedFlags or []); }; meta = llvm_meta // { From 6ed157d9b95901ea59e59c0f8e1ae154e3eca2b9 Mon Sep 17 00:00:00 2001 From: Tom Vincent Date: Sun, 21 Jan 2024 13:05:45 +0000 Subject: [PATCH 052/212] bluez: 5.71 -> 5.72 --- pkgs/by-name/bl/bluez/package.nix | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/pkgs/by-name/bl/bluez/package.nix b/pkgs/by-name/bl/bluez/package.nix index e8b649db3939..135642ce39ec 100644 --- a/pkgs/by-name/bl/bluez/package.nix +++ b/pkgs/by-name/bl/bluez/package.nix @@ -19,11 +19,11 @@ stdenv.mkDerivation (finalAttrs: { pname = "bluez"; - version = "5.71"; + version = "5.72"; src = fetchurl { url = "mirror://kernel/linux/bluetooth/bluez-${finalAttrs.version}.tar.xz"; - hash = "sha256-uCjUGMk87R9Vthb7VILPAVN0QL+zT72hpWTz7OlHNdg="; + hash = "sha256-SZ1/o0WplsG7ZQ9cZ0nh2SkRH6bs4L4OmGh/7mEkU24="; }; buildInputs = [ From db2e18bec8b659c24aefbf4c245b36978c5e97f3 Mon Sep 17 00:00:00 2001 From: Sergei Trofimovich Date: Sun, 21 Jan 2024 09:00:43 +0000 Subject: [PATCH 053/212] ed: 1.19 -> 1.20 --- pkgs/applications/editors/ed/sources.nix | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/pkgs/applications/editors/ed/sources.nix b/pkgs/applications/editors/ed/sources.nix index 5cb750183053..e78a6085ddda 100644 --- a/pkgs/applications/editors/ed/sources.nix +++ b/pkgs/applications/editors/ed/sources.nix @@ -23,10 +23,10 @@ in { ed = let pname = "ed"; - version = "1.19"; + version = "1.20"; src = fetchurl { url = "mirror://gnu/ed/ed-${version}.tar.lz"; - hash = "sha256-zi8uXEJHkKqW0J2suT2bv9wLfrYknJy3U4RS6Ox3zUg="; + hash = "sha256-xgMN7+auFy8Wh5Btc1QFTHWmqRMK8xnU5zxQqRlZxaY="; }; in import ./generic.nix { inherit pname version src meta; From 6ab22c116897f8dc5f074ee95625293af2af5ac5 Mon Sep 17 00:00:00 2001 From: "R. Ryantm" Date: Mon, 22 Jan 2024 03:08:47 +0000 Subject: [PATCH 054/212] nghttp2: 1.57.0 -> 1.59.0 --- pkgs/development/libraries/nghttp2/default.nix | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/pkgs/development/libraries/nghttp2/default.nix b/pkgs/development/libraries/nghttp2/default.nix index b208607f7b1b..f4ae615b6e94 100644 --- a/pkgs/development/libraries/nghttp2/default.nix +++ b/pkgs/development/libraries/nghttp2/default.nix @@ -32,11 +32,11 @@ assert enableJemalloc -> enableApp; stdenv.mkDerivation rec { pname = "nghttp2"; - version = "1.57.0"; + version = "1.59.0"; src = fetchurl { url = "https://github.com/${pname}/${pname}/releases/download/v${version}/${pname}-${version}.tar.bz2"; - sha256 = "sha256-xjdnfLrESU6q+LDgOGFzFGhFgw76/+To3JL7O0KOWtI="; + sha256 = "sha256-A1P8u6ENKl9304ouSS5eZ3tjexdxI0WkcyXDw1+0d/g="; }; outputs = [ "out" "dev" "lib" "doc" "man" ]; From a1438ae600fbc8befcd590072c0f90e6a1b6771f Mon Sep 17 00:00:00 2001 From: "Travis A. Everett" Date: Mon, 15 Jan 2024 21:28:05 -0600 Subject: [PATCH 055/212] libuv: work around test breaks on macOS < 10.15 --- pkgs/development/libraries/libuv/default.nix | 3 +++ 1 file changed, 3 insertions(+) diff --git a/pkgs/development/libraries/libuv/default.nix b/pkgs/development/libraries/libuv/default.nix index 9381f370754c..a150bddc626d 100644 --- a/pkgs/development/libraries/libuv/default.nix +++ b/pkgs/development/libraries/libuv/default.nix @@ -69,6 +69,9 @@ stdenv.mkDerivation (finalAttrs: { "fs_event_watch_dir_recursive" "fs_event_watch_file" "fs_event_watch_file_current_dir" "fs_event_watch_file_exact_path" "process_priority" "udp_create_early_bad_bind" + ] ++ lib.optionals (stdenv.isDarwin && stdenv.isx86_64) [ + # fail on macos < 10.15 (starting in libuv 1.47.0) + "fs_write_alotof_bufs_with_offset" "fs_write_multiple_bufs" "fs_read_bufs" ] ++ lib.optionals stdenv.isAarch32 [ # I observe this test failing with some regularity on ARMv7: # https://github.com/libuv/libuv/issues/1871 From 95331c15ee1e2bcb4e92dd7b43b6f7fdc6a3425f Mon Sep 17 00:00:00 2001 From: Daniel Olsen Date: Mon, 22 Jan 2024 23:24:00 +0100 Subject: [PATCH 056/212] bluez: fix build by adding pygments --- pkgs/by-name/bl/bluez/package.nix | 1 + 1 file changed, 1 insertion(+) diff --git a/pkgs/by-name/bl/bluez/package.nix b/pkgs/by-name/bl/bluez/package.nix index 135642ce39ec..b04ef6fbba80 100644 --- a/pkgs/by-name/bl/bluez/package.nix +++ b/pkgs/by-name/bl/bluez/package.nix @@ -41,6 +41,7 @@ stdenv.mkDerivation (finalAttrs: { nativeBuildInputs = [ docutils pkg-config + python3.pkgs.pygments python3.pkgs.wrapPython ]; From 77d29a6dfc12f0ef3f7f0115c3b85a9b998be7ec Mon Sep 17 00:00:00 2001 From: "R. Ryantm" Date: Tue, 23 Jan 2024 00:32:04 +0000 Subject: [PATCH 057/212] rust-bindgen-unwrapped: 0.69.1 -> 0.69.2 --- pkgs/development/tools/rust/bindgen/unwrapped.nix | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/pkgs/development/tools/rust/bindgen/unwrapped.nix b/pkgs/development/tools/rust/bindgen/unwrapped.nix index c2ea437148c6..859d82618063 100644 --- a/pkgs/development/tools/rust/bindgen/unwrapped.nix +++ b/pkgs/development/tools/rust/bindgen/unwrapped.nix @@ -7,15 +7,15 @@ let rustfmt-nightly = rustfmt.override { asNightly = true; }; in rustPlatform.buildRustPackage rec { pname = "rust-bindgen-unwrapped"; - version = "0.69.1"; + version = "0.69.2"; src = fetchCrate { pname = "bindgen-cli"; inherit version; - sha256 = "sha256-zqyIc07RLti2xb23bWzL7zFjreEZuUstnYSp+jUX8Lw="; + sha256 = "sha256-ytbaXCVNXXBtJet5CBkCNUoISxdFXt/kgb4VVZisUXE="; }; - cargoHash = "sha256-o1B8jq7Ze97pBLE9gvNsmCaD/tsW4f6DL0upzQkxbA4="; + cargoHash = "sha256-pnoCq25CrZIAQNkDsokIVVyUYLlg7WY6th17IgeW9x8="; buildInputs = [ clang.cc.lib ]; From 3bf7b1536dde66b3d3de84f9e4cb5549a35642b1 Mon Sep 17 00:00:00 2001 From: Mario Rodas Date: Tue, 23 Jan 2024 04:20:00 +0000 Subject: [PATCH 058/212] libimagequant: 4.2.2 -> 4.3.0 Diff: https://github.com/ImageOptim/libimagequant/compare/4.2.2...4.3.0 --- .../libraries/libimagequant/Cargo.lock | 127 +++++++++++------- .../libraries/libimagequant/default.nix | 6 +- 2 files changed, 80 insertions(+), 53 deletions(-) diff --git a/pkgs/development/libraries/libimagequant/Cargo.lock b/pkgs/development/libraries/libimagequant/Cargo.lock index fdad112994ac..8e542f358693 100644 --- a/pkgs/development/libraries/libimagequant/Cargo.lock +++ b/pkgs/development/libraries/libimagequant/Cargo.lock @@ -10,13 +10,14 @@ checksum = "f26201604c87b1e01bd3d98f8d5d9a8fcbb815e8cedb41ffccbeb4bf593a35fe" [[package]] name = "ahash" -version = "0.8.3" +version = "0.8.7" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "2c99f64d1e06488f620f932677e24bc6e2897582980441ae90a671415bd7ec2f" +checksum = "77c3a9648d43b9cd48db467b3f87fdd6e146bcc88ab0180006cef2179fe11d01" dependencies = [ "cfg-if", "once_cell", "version_check", + "zerocopy", ] [[package]] @@ -25,17 +26,11 @@ version = "0.7.4" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "96d30a06541fbafbc7f82ed10c06164cfbd2c401138f6addd8404629c4b16711" -[[package]] -name = "autocfg" -version = "1.1.0" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "d468802bab17cbc0cc575e9b053f41e72aa36bfa6b7f55e3529ffa43161b97fa" - [[package]] name = "bitflags" -version = "2.4.0" +version = "2.4.2" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "b4682ae6287fcf752ecaabbfcc7b6f9b72aa33933dc23a554d853aea8eea8635" +checksum = "ed570934406eb16438a4e976b1b4500774099c13b8cb96eec99f620f05090ddf" [[package]] name = "bytemuck" @@ -77,36 +72,28 @@ dependencies = [ [[package]] name = "crossbeam-deque" -version = "0.8.3" +version = "0.8.5" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "ce6fd6f855243022dcecf8702fef0c297d4338e226845fe067f6341ad9fa0cef" +checksum = "613f8cc01fe9cf1a3eb3d7f488fd2fa8388403e97039e2f73692932e291a770d" dependencies = [ - "cfg-if", "crossbeam-epoch", "crossbeam-utils", ] [[package]] name = "crossbeam-epoch" -version = "0.9.15" +version = "0.9.18" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "ae211234986c545741a7dc064309f67ee1e5ad243d0e48335adc0484d960bcc7" +checksum = "5b82ac4a3c2ca9c3460964f020e1402edd5753411d7737aa39c3714ad1b5420e" dependencies = [ - "autocfg", - "cfg-if", "crossbeam-utils", - "memoffset", - "scopeguard", ] [[package]] name = "crossbeam-utils" -version = "0.8.16" +version = "0.8.19" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "5a22b2d63d4d1dc0b7f1b6b2747dd0088008a9be28b6ddf0b1e7d335e3037294" -dependencies = [ - "cfg-if", -] +checksum = "248e3bacc7dc6baa3b21e405ee045c3047101a49145e7e9eca583ab4c2ca5345" [[package]] name = "either" @@ -144,7 +131,7 @@ dependencies = [ [[package]] name = "imagequant" -version = "4.2.2" +version = "4.3.0" dependencies = [ "arrayvec", "lodepng", @@ -156,7 +143,7 @@ dependencies = [ [[package]] name = "imagequant-sys" -version = "4.0.3" +version = "4.0.4" dependencies = [ "bitflags", "imagequant", @@ -165,15 +152,15 @@ dependencies = [ [[package]] name = "libc" -version = "0.2.149" +version = "0.2.152" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "a08173bc88b7955d1b3145aa561539096c421ac8debde8cbc3612ec635fee29b" +checksum = "13e3bf6590cbc649f4d1a3eefc9d5d6eb746f5200ffb04e5e142700b8faa56e7" [[package]] name = "lodepng" -version = "3.9.1" +version = "3.10.1" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "a3cdccd0cf57a5d456f0656ebcff72c2e19503287e1afbf3b84382812adc0606" +checksum = "a42d298694b14401847de29abd44adf278b42e989e516deac7b72018400002d8" dependencies = [ "crc32fast", "fallible_collections", @@ -182,15 +169,6 @@ dependencies = [ "rgb", ] -[[package]] -name = "memoffset" -version = "0.9.0" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "5a634b1c61a95585bd15607c6ab0c4e5b226e695ff2800ba0cdccddf208c406c" -dependencies = [ - "autocfg", -] - [[package]] name = "miniz_oxide" version = "0.7.1" @@ -202,15 +180,33 @@ dependencies = [ [[package]] name = "once_cell" -version = "1.18.0" +version = "1.19.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "dd8b5dd2ae5ed71462c540258bedcb51965123ad7e7ccf4b9a8cafaa4a63576d" +checksum = "3fdb12b2476b595f9358c5161aa467c2438859caa136dec86c26fdd2efe17b92" + +[[package]] +name = "proc-macro2" +version = "1.0.78" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "e2422ad645d89c99f8f3e6b88a9fdeca7fabeac836b1002371c4367c8f984aae" +dependencies = [ + "unicode-ident", +] + +[[package]] +name = "quote" +version = "1.0.35" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "291ec9ab5efd934aaf503a6466c5d5251535d108ee747472c3977cc5acc868ef" +dependencies = [ + "proc-macro2", +] [[package]] name = "rayon" -version = "1.8.0" +version = "1.8.1" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "9c27db03db7734835b3f53954b534c91069375ce6ccaa2e065441e07d9b6cdb1" +checksum = "fa7237101a77a10773db45d62004a272517633fbcc3df19d96455ede1122e051" dependencies = [ "either", "rayon-core", @@ -218,9 +214,9 @@ dependencies = [ [[package]] name = "rayon-core" -version = "1.12.0" +version = "1.12.1" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "5ce3fb6ad83f861aac485e76e1985cd109d9a3713802152be56c3b1f0e0658ed" +checksum = "1465873a3dfdaa8ae7cb14b4383657caab0b3e8a0aa9ae8e04b044854c8dfce2" dependencies = [ "crossbeam-deque", "crossbeam-utils", @@ -228,18 +224,23 @@ dependencies = [ [[package]] name = "rgb" -version = "0.8.36" +version = "0.8.37" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "20ec2d3e3fc7a92ced357df9cebd5a10b6fb2aa1ee797bf7e9ce2f17dffc8f59" +checksum = "05aaa8004b64fd573fc9d002f4e632d51ad4f026c2b5ba95fcb6c2f32c2c47d8" dependencies = [ "bytemuck", ] [[package]] -name = "scopeguard" -version = "1.2.0" +name = "syn" +version = "2.0.48" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "94143f37725109f92c262ed2cf5e59bce7498c01bcc1502d7b9afe439a4e9f49" +checksum = "0f3531638e407dfc0814761abb7c00a5b54992b849452a0646b7f65c9f770f3f" +dependencies = [ + "proc-macro2", + "quote", + "unicode-ident", +] [[package]] name = "thread_local" @@ -251,8 +252,34 @@ dependencies = [ "once_cell", ] +[[package]] +name = "unicode-ident" +version = "1.0.12" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "3354b9ac3fae1ff6755cb6db53683adb661634f67557942dea4facebec0fee4b" + [[package]] name = "version_check" version = "0.9.4" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "49874b5167b65d7193b8aba1567f5c7d93d001cafc34600cee003eda787e483f" + +[[package]] +name = "zerocopy" +version = "0.7.32" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "74d4d3961e53fa4c9a25a8637fc2bfaf2595b3d3ae34875568a5cf64787716be" +dependencies = [ + "zerocopy-derive", +] + +[[package]] +name = "zerocopy-derive" +version = "0.7.32" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "9ce1b18ccd8e73a9321186f97e46f9f04b778851177567b1975109d26a08d2a6" +dependencies = [ + "proc-macro2", + "quote", + "syn", +] diff --git a/pkgs/development/libraries/libimagequant/default.nix b/pkgs/development/libraries/libimagequant/default.nix index f60a1c7cab7a..ad80408fdb14 100644 --- a/pkgs/development/libraries/libimagequant/default.nix +++ b/pkgs/development/libraries/libimagequant/default.nix @@ -2,13 +2,13 @@ rustPlatform.buildRustPackage rec { pname = "libimagequant"; - version = "4.2.2"; + version = "4.3.0"; src = fetchFromGitHub { owner = "ImageOptim"; - repo = pname; + repo = "libimagequant"; rev = version; - hash = "sha256-cZgnJOmj+xJDcewsxH2Jp5AAnFZKVuYxKPtoGeN03g4="; + hash = "sha256-/gHe3LQaBWOQImBesKvHK46T42TtRld988wgxbut4i0="; }; cargoLock = { From 521965dd914a2b119afd8c6747a81a207771dc89 Mon Sep 17 00:00:00 2001 From: Mario Rodas Date: Tue, 23 Jan 2024 04:20:00 +0000 Subject: [PATCH 059/212] libimagequant: add pkg-config tester --- .../libraries/libimagequant/default.nix | 21 ++++++++++++++++++- 1 file changed, 20 insertions(+), 1 deletion(-) diff --git a/pkgs/development/libraries/libimagequant/default.nix b/pkgs/development/libraries/libimagequant/default.nix index ad80408fdb14..8d8acfd835d0 100644 --- a/pkgs/development/libraries/libimagequant/default.nix +++ b/pkgs/development/libraries/libimagequant/default.nix @@ -1,4 +1,17 @@ -{ lib, stdenv, fetchFromGitHub, fetchurl, rust, rustPlatform, cargo-c, python3 }: +{ lib +, stdenv +, fetchFromGitHub +, fetchurl +, rust +, rustPlatform +, cargo-c +, python3 + +# tests +, testers +, vips +, libimagequant +}: rustPlatform.buildRustPackage rec { pname = "libimagequant"; @@ -34,7 +47,13 @@ rustPlatform.buildRustPackage rec { ''; passthru.tests = { + inherit vips; inherit (python3.pkgs) pillow; + + pkg-config = testers.hasPkgConfigModules { + package = libimagequant; + moduleNames = [ "imagequant" ]; + }; }; meta = with lib; { From 496556a2a8370706314a04c593cb40a41fb817af Mon Sep 17 00:00:00 2001 From: Alyssa Ross Date: Mon, 15 Jan 2024 18:05:29 +0100 Subject: [PATCH 060/212] libinput: 1.24.0 -> 1.25.0 --- pkgs/development/libraries/libinput/default.nix | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/pkgs/development/libraries/libinput/default.nix b/pkgs/development/libraries/libinput/default.nix index a159a1fb5f62..16193e5e5148 100644 --- a/pkgs/development/libraries/libinput/default.nix +++ b/pkgs/development/libraries/libinput/default.nix @@ -45,7 +45,7 @@ in stdenv.mkDerivation rec { pname = "libinput"; - version = "1.24.0"; + version = "1.25.0"; outputs = [ "bin" "out" "dev" ]; @@ -54,7 +54,7 @@ stdenv.mkDerivation rec { owner = "libinput"; repo = "libinput"; rev = version; - sha256 = "sha256-gTcgEZ7cs4jq8w5Genxtio9nVFy7y3n0nNXJ6SVtYHY="; + hash = "sha256-c2FU5OW+CIgtYTQy+bwIbaw3SP1pVxaLokhO+ag5/1s="; }; patches = [ From 4a5606d31f1dfab7d55064eb12478e7217b46630 Mon Sep 17 00:00:00 2001 From: Alyssa Ross Date: Fri, 19 Jan 2024 14:26:41 +0100 Subject: [PATCH 061/212] cmake: enable debug info --- pkgs/by-name/cm/cmake/package.nix | 1 + 1 file changed, 1 insertion(+) diff --git a/pkgs/by-name/cm/cmake/package.nix b/pkgs/by-name/cm/cmake/package.nix index 60664a32fdac..42dbacac67b9 100644 --- a/pkgs/by-name/cm/cmake/package.nix +++ b/pkgs/by-name/cm/cmake/package.nix @@ -68,6 +68,7 @@ stdenv.mkDerivation (finalAttrs: { ++ lib.optional stdenv.isDarwin ./006-darwin-always-set-runtime-c-flag.diff; outputs = [ "out" ] ++ lib.optionals buildDocs [ "man" "info" ]; + separateDebugInfo = true; setOutputFlags = false; setupHooks = [ From a32aa987d2b04f3d7eb432ed8d11062ccc5bdc88 Mon Sep 17 00:00:00 2001 From: "R. Ryantm" Date: Wed, 24 Jan 2024 01:41:28 +0000 Subject: [PATCH 062/212] libvpx: 1.13.1 -> 1.14.0 --- pkgs/development/libraries/libvpx/default.nix | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/pkgs/development/libraries/libvpx/default.nix b/pkgs/development/libraries/libvpx/default.nix index eb5b320b317b..dda6b13c1bf6 100644 --- a/pkgs/development/libraries/libvpx/default.nix +++ b/pkgs/development/libraries/libvpx/default.nix @@ -75,13 +75,13 @@ assert isCygwin -> unitTestsSupport && webmIOSupport && libyuvSupport; stdenv.mkDerivation rec { pname = "libvpx"; - version = "1.13.1"; + version = "1.14.0"; src = fetchFromGitHub { owner = "webmproject"; repo = pname; rev = "v${version}"; - hash = "sha256-KTbzZ5/qCH+bCvatYZhFiWcT+L2duD40E2w/BUaRorQ="; + hash = "sha256-duU1exUg7JiKCtZfNxyb/y40hxsXeTIMShf9YounTWA="; }; postPatch = '' From 2812d1202f4208438a6679d2dcecf8ec325aa74d Mon Sep 17 00:00:00 2001 From: Anderson Torres Date: Fri, 24 Nov 2023 07:58:08 -0300 Subject: [PATCH 063/212] systemd: add meta.longDescription Also, get rid of nested with in meta. --- pkgs/os-specific/linux/systemd/default.nix | 26 +++++++++++++++++----- 1 file changed, 21 insertions(+), 5 deletions(-) diff --git a/pkgs/os-specific/linux/systemd/default.nix b/pkgs/os-specific/linux/systemd/default.nix index c17aa380dd80..32544655c578 100644 --- a/pkgs/os-specific/linux/systemd/default.nix +++ b/pkgs/os-specific/linux/systemd/default.nix @@ -826,15 +826,31 @@ stdenv.mkDerivation (finalAttrs: { }; }; - meta = with lib; { + meta = { homepage = "https://www.freedesktop.org/wiki/Software/systemd/"; description = "A system and service manager for Linux"; - license = licenses.lgpl21Plus; - platforms = platforms.linux; + longDescription = '' + systemd is a suite of basic building blocks for a Linux system. It + provides a system and service manager that runs as PID 1 and starts the + rest of the system. systemd provides aggressive parallelization + capabilities, uses socket and D-Bus activation for starting services, + offers on-demand starting of daemons, keeps track of processes using Linux + control groups, maintains mount and automount points, and implements an + elaborate transactional dependency-based service control logic. systemd + supports SysV and LSB init scripts and works as a replacement for + sysvinit. Other parts include a logging daemon, utilities to control basic + system configuration like the hostname, date, locale, maintain a list of + logged-in users and running containers and virtual machines, system + accounts, runtime directories and settings, and daemons to manage simple + network configuration, network time synchronization, log forwarding, and + name resolution. + ''; + license = with lib.licenses; [ lgpl21Plus ]; + maintainers = with lib.maintainers; [ flokli kloenk ]; + platforms = lib.platforms.linux; + priority = 10; badPlatforms = [ lib.systems.inspect.platformPatterns.isStatic ]; # https://github.com/systemd/systemd/issues/20600#issuecomment-912338965 broken = stdenv.hostPlatform.isStatic; - priority = 10; - maintainers = with maintainers; [ flokli kloenk ]; }; }) From 1a3a5407a0565bd845c0c9f5280133aef8a818a3 Mon Sep 17 00:00:00 2001 From: Anderson Torres Date: Mon, 22 Jan 2024 09:41:15 -0300 Subject: [PATCH 064/212] systemd: update licensing info --- pkgs/os-specific/linux/systemd/default.nix | 13 ++++++++++++- 1 file changed, 12 insertions(+), 1 deletion(-) diff --git a/pkgs/os-specific/linux/systemd/default.nix b/pkgs/os-specific/linux/systemd/default.nix index 32544655c578..cf239dee1911 100644 --- a/pkgs/os-specific/linux/systemd/default.nix +++ b/pkgs/os-specific/linux/systemd/default.nix @@ -845,7 +845,18 @@ stdenv.mkDerivation (finalAttrs: { network configuration, network time synchronization, log forwarding, and name resolution. ''; - license = with lib.licenses; [ lgpl21Plus ]; + license = with lib.licenses; [ + # Taken from https://raw.githubusercontent.com/systemd/systemd-stable/${finalAttrs.src.rev}/LICENSES/README.md + bsd2 + bsd3 + cc0 + lgpl21Plus + lgpl2Plus + mit + mit0 + ofl + publicDomain + ]; maintainers = with lib.maintainers; [ flokli kloenk ]; platforms = lib.platforms.linux; priority = 10; From 92dfeb7b3dab820ae307c56c216d175c69ee93cd Mon Sep 17 00:00:00 2001 From: Anderson Torres Date: Mon, 22 Jan 2024 20:37:48 -0300 Subject: [PATCH 065/212] systemd: rewrite comments In order to be more readable and fit the the 80-column limit. --- pkgs/os-specific/linux/systemd/default.nix | 105 ++++++++++++--------- 1 file changed, 61 insertions(+), 44 deletions(-) diff --git a/pkgs/os-specific/linux/systemd/default.nix b/pkgs/os-specific/linux/systemd/default.nix index cf239dee1911..4895a29e2781 100644 --- a/pkgs/os-specific/linux/systemd/default.nix +++ b/pkgs/os-specific/linux/systemd/default.nix @@ -68,16 +68,17 @@ , libpwquality , qrencode - # the (optional) BPF feature requires bpftool, libbpf, clang and llvm-strip to be available during build time. + # the (optional) BPF feature requires bpftool, libbpf, clang and llvm-strip to + # be available during build time. # Only libbpf should be a runtime dependency. # Note: llvmPackages is explicitly taken from buildPackages instead of relying # on splicing. Splicing will evaluate the adjacent (pkgsHostTarget) llvmPackages # which is sometimes problematic: llvmPackages.clang looks at targetPackages.stdenv.cc - # which, in the unfortunate case of pkgsCross.ghcjs, `throw`s. If we explicitly - # take buildPackages.llvmPackages, this is no problem because - # `buildPackages.targetPackages.stdenv.cc == stdenv.cc` relative to us. Working - # around this is important, because systemd is in the dependency closure of - # GHC via emscripten and jdk. + # which, in the unfortunate case of pkgsCross.ghcjs, `throw`s. If we + # explicitly take buildPackages.llvmPackages, this is no problem because + # `buildPackages.targetPackages.stdenv.cc == stdenv.cc` relative to + # us. Working around this is important, because systemd is in the dependency + # closure of GHC via emscripten and jdk. , bpftools , libbpf @@ -93,14 +94,16 @@ && !stdenv.hostPlatform.isMusl # "Unknown 64-bit data model" && !stdenv.hostPlatform.isRiscV32 -, withCompression ? true # adds bzip2, lz4, xz and zstd + # adds bzip2, lz4, xz and zstd +, withCompression ? true , withCoredump ? true , withCryptsetup ? true , withRepart ? true , withDocumentation ? true , withEfi ? stdenv.hostPlatform.isEfi , withFido2 ? true -, withFirstboot ? false # conflicts with the NixOS /etc management + # conflicts with the NixOS /etc management +, withFirstboot ? false , withHomed ? !stdenv.hostPlatform.isMusl , withHostnamed ? true , withHwdb ? true @@ -108,8 +111,10 @@ , withIptables ? true , withKmod ? true , withLibBPF ? lib.versionAtLeast buildPackages.llvmPackages.clang.version "10.0" - && (stdenv.hostPlatform.isAarch -> lib.versionAtLeast stdenv.hostPlatform.parsed.cpu.version "6") # assumes hard floats - && !stdenv.hostPlatform.isMips64 # see https://github.com/NixOS/nixpkgs/pull/194149#issuecomment-1266642211 + # assumes hard floats + && (stdenv.hostPlatform.isAarch -> lib.versionAtLeast stdenv.hostPlatform.parsed.cpu.version "6") + # see https://github.com/NixOS/nixpkgs/pull/194149#issuecomment-1266642211 + && !stdenv.hostPlatform.isMips64 # can't find gnu/stubs-32.h && (stdenv.hostPlatform.isPower64 -> stdenv.hostPlatform.isBigEndian) # https://reviews.llvm.org/D43106#1019077 @@ -139,7 +144,8 @@ , withTimedated ? true , withTimesyncd ? true , withTpm2Tss ? true -, withUkify ? false # adds python to closure which is too much by default + # adds python to closure which is too much by default +, withUkify ? false , withUserDb ? true , withUtmp ? !stdenv.hostPlatform.isMusl , withVmspawn ? true @@ -148,7 +154,7 @@ # build only libudev and libsystemd , buildLibsOnly ? false - # name argument + # yes, pname is an argument here , pname ? "systemd" , libxslt @@ -171,7 +177,8 @@ let wantGcrypt = withResolved || withImportd; version = "255.2"; - # Bump this variable on every (major) version change. See below (in the meson options list) for why. + # Use the command below to update `releaseTimestamp` on every (major) version + # change. More details in the commentary at mesonFlags. # command: # $ curl -s https://api.github.com/repos/systemd/systemd/releases/latest | \ # jq '.created_at|strptime("%Y-%m-%dT%H:%M:%SZ")|mktime' @@ -189,11 +196,14 @@ stdenv.mkDerivation (finalAttrs: { hash = "sha256-8SfJY/pcH4yrDeJi0GfIUpetTbpMwyswvSu+RSfgqfY="; }; - # On major changes, or when otherwise required, you *must* reformat the patches, - # `git am path/to/00*.patch` them into a systemd worktree, rebase to the more recent - # systemd version, and export the patches again via - # `git -c format.signoff=false format-patch v${version} --no-numbered --zero-commit --no-signature`. - # Use `find . -name "*.patch" | sort` to get an up-to-date listing of all patches + # On major changes, or when otherwise required, you *must* : + # 1. reformat the patches, + # 2. `git am path/to/00*.patch` them into a systemd worktree, + # 3. rebase to the more recent systemd version, + # 4. and export the patches again via + # `git -c format.signoff=false format-patch v${version} --no-numbered --zero-commit --no-signature`. + # Use `find . -name "*.patch" | sort` to get an up-to-date listing of all + # patches patches = [ ./0001-Start-device-units-for-uninitialised-encrypted-devic.patch ./0002-Don-t-try-to-unmount-nix-or-nix-store.patch @@ -261,8 +271,8 @@ stdenv.mkDerivation (finalAttrs: { "$out/lib/systemd/boot/efi" '' + ( let - # The following patches references to dynamic libraries to ensure that - # all the features that are implemented via dlopen(3) are available (or + # The following patches references to dynamic libraries to ensure that all + # the features that are implemented via dlopen(3) are available (or # explicitly deactivated) by pointing dlopen to the absolute store path # instead of relying on the linkers runtime lookup code. # @@ -274,11 +284,11 @@ stdenv.mkDerivation (finalAttrs: { # found` when using e.g. --grep with journalctl. Those errors should # become less unexpected now. # - # There are generally two classes of dlopen(3) calls. Those that we want to - # support and those that should be deactivated / unsupported. This change - # enforces that we handle all dlopen calls explicitly. Meaning: There is - # not a single dlopen call in the source code tree that we did not - # explicitly handle. + # There are generally two classes of dlopen(3) calls. Those that we want + # to support and those that should be deactivated / unsupported. This + # change enforces that we handle all dlopen calls explicitly. Meaning: + # There is not a single dlopen call in the source code tree that we did + # not explicitly handle. # # In order to do this we introduced a list of attributes that maps from # shared object name to the package that contains them. The package can be @@ -287,7 +297,8 @@ stdenv.mkDerivation (finalAttrs: { # path location). # # To get a list of dynamically loaded libraries issue something like - # `grep -ri '"lib[a-zA-Z0-9-]*\.so[\.0-9a-zA-z]*"'' $src` and update the below list. + # `grep -ri '"lib[a-zA-Z0-9-]*\.so[\.0-9a-zA-z]*"'' $src` + # and update the list below. dlopenLibs = let opt = condition: pkg: if condition then pkg else null; @@ -373,7 +384,8 @@ stdenv.mkDerivation (finalAttrs: { # patch all the dlopen calls to contain absolute paths to the libraries lib.concatMapStringsSep "\n" patchDlOpen dlopenLibs ) - # finally ensure that there are no left-over dlopen calls (or rather strings pointing to shared libraries) that we didn't handle + # finally ensure that there are no left-over dlopen calls (or rather strings + # pointing to shared libraries) that we didn't handle + '' if grep -qr '"lib[a-zA-Z0-9-]*\.so[\.0-9a-zA-z]*"' src; then echo "Found unhandled dynamic library calls: " @@ -460,12 +472,13 @@ stdenv.mkDerivation (finalAttrs: { mesonFlags = [ # Options - # We bump this variable on every (major) version change to ensure - # that we have known-good value for a timestamp that is in the (not so distant) past. - # This serves as a lower bound for valid system timestamps during startup. Systemd will - # reset the system timestamp if this date is +- 15 years from the system time. + # We bump this attribute on every (major) version change to ensure that we + # have known-good value for a timestamp that is in the (not so distant) + # past. This serves as a lower bound for valid system timestamps during + # startup. Systemd will reset the system timestamp if this date is +- 15 + # years from the system time. # See the systemd v250 release notes for further details: - # https://github.com/systemd/systemd/blob/60e930fc3e6eb8a36fbc184773119eb8d2f30364/NEWS#L258-L266 + # https://github.com/systemd/systemd/blob/60e930fc3e6eb8a36fbc184773119eb8d2f30364/NEWS#L258-L266 (lib.mesonOption "time-epoch" releaseTimestamp) (lib.mesonOption "version-tag" version) @@ -615,8 +628,13 @@ stdenv.mkDerivation (finalAttrs: { ]; preConfigure = let - # A list of all the runtime binaries that the systemd executables, tests and libraries are referencing in their source code, scripts and unit files. - # As soon as a dependency isn't required anymore we should remove it from the list. The `where` attribute for each of the replacement patterns must be exhaustive. If another (unhandled) case is found in the source code the build fails with an error message. + # A list of all the runtime binaries referenced by the source code (plus + # scripts and unit files) of systemd executables, tests and libraries. + # As soon as a dependency is lo longer required we should remove it from + # the list. + # The `where` attribute for each of the replacement patterns must be + # exhaustive. If another (unhandled) case is found in the source code the + # build fails with an error message. binaryReplacements = [ { search = "/usr/bin/getent"; replacement = "${getent}/bin/getent"; where = [ "src/nspawn/nspawn-setuid.c" ]; } @@ -777,11 +795,11 @@ stdenv.mkDerivation (finalAttrs: { mv $out/lib/sysusers.d $out/example ''; - # Avoid *.EFI binary stripping. At least on aarch64-linux strip - # removes too much from PE32+ files: + # Avoid *.EFI binary stripping. + # At least on aarch64-linux strip removes too much from PE32+ files: # https://github.com/NixOS/nixpkgs/issues/169693 - # The hack is to move EFI file out of lib/ before doStrip - # run and return it after doStrip run. + # The hack is to move EFI file out of lib/ before doStrip run and return it + # after doStrip run. preFixup = lib.optionalString withBootloader '' mv $out/lib/systemd/boot/efi $out/dont-strip-me ''; @@ -806,12 +824,11 @@ stdenv.mkDerivation (finalAttrs: { (builtins.map (p: p.__spliced.buildHost or p) finalAttrs.nativeBuildInputs); passthru = { - # The interface version prevents NixOS from switching to an - # incompatible systemd at runtime. (Switching across reboots is - # fine, of course.) It should be increased whenever systemd changes - # in a backwards-incompatible way. If the interface version of two - # systemd builds is the same, then we can switch between them at - # runtime; otherwise we can't and we need to reboot. + # The `interfaceVersion` attribute below points out the incompatibilities + # between systemd versions. When the new systemd build is + # backwards-compatible with the previous one, then they can be switched at + # runtime (the reboot being optional in this case); otherwise, a reboot is + # needed - and therefore `interfaceVersion` should be incremented. interfaceVersion = 2; inherit withCryptsetup withHostnamed withImportd withKmod withLocaled withMachined withPortabled withTimedated withUtmp util-linux kmod kbd; From 67643f8ec84bef1482204709073e417c9f07eb87 Mon Sep 17 00:00:00 2001 From: Anderson Torres Date: Tue, 23 Jan 2024 22:48:29 -0300 Subject: [PATCH 066/212] systemd: break too long lines of Nix code To improve readability. --- pkgs/os-specific/linux/systemd/default.nix | 51 +++++++++++++++++----- 1 file changed, 39 insertions(+), 12 deletions(-) diff --git a/pkgs/os-specific/linux/systemd/default.nix b/pkgs/os-specific/linux/systemd/default.nix index 4895a29e2781..87269c6c000e 100644 --- a/pkgs/os-specific/linux/systemd/default.nix +++ b/pkgs/os-specific/linux/systemd/default.nix @@ -636,8 +636,11 @@ stdenv.mkDerivation (finalAttrs: { # exhaustive. If another (unhandled) case is found in the source code the # build fails with an error message. binaryReplacements = [ - { search = "/usr/bin/getent"; replacement = "${getent}/bin/getent"; where = [ "src/nspawn/nspawn-setuid.c" ]; } - + { + search = "/usr/bin/getent"; + replacement = "${getent}/bin/getent"; + where = [ "src/nspawn/nspawn-setuid.c" ]; + } { search = "/sbin/mkswap"; replacement = "${lib.getBin util-linux}/sbin/mkswap"; @@ -645,8 +648,19 @@ stdenv.mkDerivation (finalAttrs: { "man/systemd-makefs@.service.xml" ]; } - { search = "/sbin/swapon"; replacement = "${lib.getOutput "swap" util-linux}/sbin/swapon"; where = [ "src/core/swap.c" "src/basic/unit-def.h" ]; } - { search = "/sbin/swapoff"; replacement = "${lib.getOutput "swap" util-linux}/sbin/swapoff"; where = [ "src/core/swap.c" ]; } + { + search = "/sbin/swapon"; + replacement = "${lib.getOutput "swap" util-linux}/sbin/swapon"; + where = [ + "src/core/swap.c" + "src/basic/unit-def.h" + ]; + } + { + search = "/sbin/swapoff"; + replacement = "${lib.getOutput "swap" util-linux}/sbin/swapoff"; + where = [ "src/core/swap.c" ]; + } { search = "/bin/echo"; replacement = "${coreutils}/bin/echo"; @@ -663,14 +677,15 @@ stdenv.mkDerivation (finalAttrs: { { search = "/bin/cat"; replacement = "${coreutils}/bin/cat"; - where = [ "test/test-execute/exec-noexecpaths-simple.service" "src/journal/cat.c" ]; + where = [ + "test/test-execute/exec-noexecpaths-simple.service" + "src/journal/cat.c" + ]; } { search = "/usr/lib/systemd/systemd-fsck"; replacement = "$out/lib/systemd/systemd-fsck"; - where = [ - "man/systemd-fsck@.service.xml" - ]; + where = [ "man/systemd-fsck@.service.xml" ]; } ] ++ lib.optionals withImportd [ { @@ -699,10 +714,14 @@ stdenv.mkDerivation (finalAttrs: { ]; } ] ++ lib.optionals withKmod [ - { search = "/sbin/modprobe"; replacement = "${lib.getBin kmod}/sbin/modprobe"; where = [ "units/modprobe@.service" ]; } + { + search = "/sbin/modprobe"; + replacement = "${lib.getBin kmod}/sbin/modprobe"; + where = [ "units/modprobe@.service" ]; + } ]; - # { replacement, search, where } -> List[str] + # { replacement, search, where, ignore } -> List[str] mkSubstitute = { replacement, search, where, ignore ? [ ] }: map (path: "substituteInPlace ${path} --replace '${search}' \"${replacement}\"") where; mkEnsureSubstituted = { replacement, search, where, ignore ? [ ] }: @@ -831,7 +850,8 @@ stdenv.mkDerivation (finalAttrs: { # needed - and therefore `interfaceVersion` should be incremented. interfaceVersion = 2; - inherit withCryptsetup withHostnamed withImportd withKmod withLocaled withMachined withPortabled withTimedated withUtmp util-linux kmod kbd; + inherit withCryptsetup withHostnamed withImportd withKmod withLocaled + withMachined withPortabled withTimedated withUtmp util-linux kmod kbd; tests = { inherit (nixosTests) @@ -839,7 +859,14 @@ stdenv.mkDerivation (finalAttrs: { systemd-journal systemd-journal-gateway systemd-journal-upload; - cross = pkgsCross.${if stdenv.buildPlatform.isAarch64 then "gnu64" else "aarch64-multiplatform"}.systemd; + cross = + let + systemString = + if stdenv.buildPlatform.isAarch64 + then "gnu64" + else "aarch64-multiplatform"; + in + pkgsCross.${systemString}.systemd; }; }; From 4eab8d9e1f6e23939174addf55552f6b9a6ab1ed Mon Sep 17 00:00:00 2001 From: Anderson Torres Date: Mon, 22 Jan 2024 20:54:51 -0300 Subject: [PATCH 067/212] git-blame-ignore-revs: add two systemd cosmetic modifications --- .git-blame-ignore-revs | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/.git-blame-ignore-revs b/.git-blame-ignore-revs index 2436c29afc70..b7da3c84fc17 100644 --- a/.git-blame-ignore-revs +++ b/.git-blame-ignore-revs @@ -96,3 +96,9 @@ fb0e5be84331188a69b3edd31679ca6576edb75a # nixos/*: add trivial defaultText for options with simple defaults 25124556397ba17bfd70297000270de1e6523b0a + +# systemd: rewrite comments +92dfeb7b3dab820ae307c56c216d175c69ee93cd + +# systemd: break too long lines of Nix code +67643f8ec84bef1482204709073e417c9f07eb87 From 15a8cd49df44daa617e663524c4d4d5ad8011636 Mon Sep 17 00:00:00 2001 From: Simon Hollingshead Date: Sun, 21 Jan 2024 03:07:31 +0000 Subject: [PATCH 068/212] libjxl: 0.8.2 -> 0.9.1, libaom: remove butteraugli support --- .../manual/release-notes/rl-2405.section.md | 2 ++ pkgs/development/libraries/libaom/default.nix | 6 +----- pkgs/development/libraries/libjxl/default.nix | 18 +++--------------- pkgs/top-level/all-packages.nix | 5 +---- 4 files changed, 7 insertions(+), 24 deletions(-) diff --git a/nixos/doc/manual/release-notes/rl-2405.section.md b/nixos/doc/manual/release-notes/rl-2405.section.md index 0286b3346a65..0e84cf1f31ba 100644 --- a/nixos/doc/manual/release-notes/rl-2405.section.md +++ b/nixos/doc/manual/release-notes/rl-2405.section.md @@ -204,6 +204,8 @@ The pre-existing [services.ankisyncd](#opt-services.ankisyncd.enable) has been m `globalRedirect` can now have redirect codes other than 301 through `redirectCode`. +- `libjxl` 0.9.0 [dropped support for the butteraugli API](https://github.com/libjxl/libjxl/pull/2576). You will no longer be able to set `enableButteraugli` on `libaom`. + - The source of the `mockgen` package has changed to the [go.uber.org/mock](https://github.com/uber-go/mock) fork because [the original repository is no longer maintained](https://github.com/golang/mock#gomock). - `security.pam.enableSSHAgentAuth` was renamed to `security.pam.sshAgentAuth.enable` and an `authorizedKeysFiles` diff --git a/pkgs/development/libraries/libaom/default.nix b/pkgs/development/libraries/libaom/default.nix index 78aac8754787..7eabc326ffbf 100644 --- a/pkgs/development/libraries/libaom/default.nix +++ b/pkgs/development/libraries/libaom/default.nix @@ -1,5 +1,4 @@ { lib, stdenv, fetchzip, yasm, perl, cmake, pkg-config, python3 -, enableButteraugli ? true, libjxl , enableVmaf ? true, libvmaf , gitUpdater }: @@ -23,8 +22,7 @@ stdenv.mkDerivation rec { yasm perl cmake pkg-config python3 ]; - propagatedBuildInputs = lib.optional enableButteraugli libjxl - ++ lib.optional enableVmaf libvmaf; + propagatedBuildInputs = lib.optional enableVmaf libvmaf; preConfigure = '' # build uses `git describe` to set the build version @@ -42,8 +40,6 @@ stdenv.mkDerivation rec { cmakeFlags = [ "-DBUILD_SHARED_LIBS=ON" "-DENABLE_TESTS=OFF" - ] ++ lib.optionals enableButteraugli [ - "-DCONFIG_TUNE_BUTTERAUGLI=1" ] ++ lib.optionals enableVmaf [ "-DCONFIG_TUNE_VMAF=1" ] ++ lib.optionals (stdenv.isDarwin && stdenv.isAarch64) [ diff --git a/pkgs/development/libraries/libjxl/default.nix b/pkgs/development/libraries/libjxl/default.nix index 8454f3e1e83b..833b58e59428 100644 --- a/pkgs/development/libraries/libjxl/default.nix +++ b/pkgs/development/libraries/libjxl/default.nix @@ -1,5 +1,4 @@ { stdenv, lib, fetchFromGitHub -, fetchpatch , brotli , cmake , giflib @@ -12,7 +11,6 @@ , openexr_3 , pkg-config , zlib -, buildDocs ? true , asciidoc , graphviz , doxygen @@ -21,7 +19,7 @@ stdenv.mkDerivation rec { pname = "libjxl"; - version = "0.8.2"; + version = "0.9.1"; outputs = [ "out" "dev" ]; @@ -29,31 +27,21 @@ stdenv.mkDerivation rec { owner = "libjxl"; repo = "libjxl"; rev = "v${version}"; - hash = "sha256-I3PGgh0XqRkCFz7lUZ3Q4eU0+0GwaQcVb6t4Pru1kKo="; + hash = "sha256-n5KNbbw6NQRROEM7Cojla/igRCFNawUq7nfhzJlMlPI="; # There are various submodules in `third_party/`. fetchSubmodules = true; }; - patches = [ - # Add missing content to fix gcc compilation for RISCV architecture - # https://github.com/libjxl/libjxl/pull/2211 - (fetchpatch { - url = "https://github.com/libjxl/libjxl/commit/22d12d74e7bc56b09cfb1973aa89ec8d714fa3fc.patch"; - hash = "sha256-X4fbYTMS+kHfZRbeGzSdBW5jQKw8UN44FEyFRUtw0qo="; - }) - ]; - nativeBuildInputs = [ cmake gtest pkg-config - ] ++ lib.optionals buildDocs [ asciidoc doxygen python3 ]; - depsBuildBuild = lib.optionals buildDocs [ + depsBuildBuild = [ graphviz ]; diff --git a/pkgs/top-level/all-packages.nix b/pkgs/top-level/all-packages.nix index cc125f735430..f92549c4d5bb 100644 --- a/pkgs/top-level/all-packages.nix +++ b/pkgs/top-level/all-packages.nix @@ -22390,10 +22390,7 @@ with pkgs; libantlr3c = callPackage ../development/libraries/libantlr3c { }; - libaom = callPackage ../development/libraries/libaom { - # Remove circular dependency for libavif - libjxl = libjxl.override { buildDocs = false; }; - }; + libaom = callPackage ../development/libraries/libaom { }; libappindicator-gtk2 = libappindicator.override { gtkVersion = "2"; }; libappindicator-gtk3 = libappindicator.override { gtkVersion = "3"; }; From 08fb5feb87acf300a06a896912e77250ce4aa252 Mon Sep 17 00:00:00 2001 From: Sergei Trofimovich Date: Wed, 24 Jan 2024 11:50:50 +0000 Subject: [PATCH 069/212] lilv: 0.24.22 -> 0.24.24 Change: https://drobilla.net/2024/01/23/lilv-0-24-24.html --- pkgs/development/libraries/audio/lilv/default.nix | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/pkgs/development/libraries/audio/lilv/default.nix b/pkgs/development/libraries/audio/lilv/default.nix index 3c691c245ce5..c17b27a7aa6f 100644 --- a/pkgs/development/libraries/audio/lilv/default.nix +++ b/pkgs/development/libraries/audio/lilv/default.nix @@ -18,13 +18,13 @@ stdenv.mkDerivation rec { pname = "lilv"; - version = "0.24.22"; + version = "0.24.24"; outputs = [ "out" "dev" "man" ]; src = fetchurl { url = "https://download.drobilla.net/${pname}-${version}.tar.xz"; - hash = "sha256-dvlJ0OWfyDNjQJtexeFcEEb7fdZYnTwbkgzsH9Kfn/M="; + hash = "sha256-a7a+n4hQQXbQZC8S3oCbK54txVYhporbjH7bma76u08="; }; nativeBuildInputs = [ meson ninja pkg-config python3 ]; From 58762560bc3e8843bdfcada1b04ebcd019c5529e Mon Sep 17 00:00:00 2001 From: Florian Klink Date: Tue, 23 Jan 2024 17:28:25 +0200 Subject: [PATCH 070/212] umockdev: enable strictDeps As pointed out in https://github.com/NixOS/nixpkgs/issues/280697#issuecomment-1906206490, umockdev tests shell out to udevadm, and in both cases, systemdMinimal should be sufficient. Fixes #280697 --- pkgs/development/libraries/umockdev/default.nix | 9 ++++++--- 1 file changed, 6 insertions(+), 3 deletions(-) diff --git a/pkgs/development/libraries/umockdev/default.nix b/pkgs/development/libraries/umockdev/default.nix index 1cae2c62b33c..e1c7697b78a2 100644 --- a/pkgs/development/libraries/umockdev/default.nix +++ b/pkgs/development/libraries/umockdev/default.nix @@ -12,7 +12,7 @@ , ninja , pkg-config , python3 -, systemd +, systemdMinimal , usbutils , vala , which @@ -49,7 +49,7 @@ stdenv.mkDerivation (finalAttrs: { buildInputs = [ glib - systemd + systemdMinimal libpcap ]; @@ -59,10 +59,13 @@ stdenv.mkDerivation (finalAttrs: { nativeCheckInputs = [ python3 - which + systemdMinimal usbutils + which ]; + strictDeps = true; + mesonFlags = [ "-Dgtk_doc=true" ]; From ded8c868f68826a8e04c9935e0abe9aa3f9b6507 Mon Sep 17 00:00:00 2001 From: Florian Klink Date: Wed, 24 Jan 2024 14:34:56 +0200 Subject: [PATCH 071/212] umockev: hardcode udevadm Replace references to udevadm with an absolute paths, so programs using umockdev will just work without having to provide it in their test environment $PATH. This allows us removing systemdMinimal from nativeCheckInputs ourselves. It's still needed in buildInputs, as the build queries for it via pkg-config. --- .../libraries/umockdev/default.nix | 10 ++++- .../umockdev/substitute-udevadm.patch | 41 +++++++++++++++++++ 2 files changed, 50 insertions(+), 1 deletion(-) create mode 100644 pkgs/development/libraries/umockdev/substitute-udevadm.patch diff --git a/pkgs/development/libraries/umockdev/default.nix b/pkgs/development/libraries/umockdev/default.nix index e1c7697b78a2..0bc817cde299 100644 --- a/pkgs/development/libraries/umockdev/default.nix +++ b/pkgs/development/libraries/umockdev/default.nix @@ -12,6 +12,7 @@ , ninja , pkg-config , python3 +, substituteAll , systemdMinimal , usbutils , vala @@ -33,6 +34,14 @@ stdenv.mkDerivation (finalAttrs: { # Hardcode absolute paths to libraries so that consumers # do not need to set LD_LIBRARY_PATH themselves. ./hardcode-paths.patch + + # Replace references to udevadm with an absolute paths, so programs using + # umockdev will just work without having to provide it in their test environment + # $PATH. + (substituteAll { + src = ./substitute-udevadm.patch; + udevadm = "${systemdMinimal}/bin/udevadm"; + }) ]; nativeBuildInputs = [ @@ -59,7 +68,6 @@ stdenv.mkDerivation (finalAttrs: { nativeCheckInputs = [ python3 - systemdMinimal usbutils which ]; diff --git a/pkgs/development/libraries/umockdev/substitute-udevadm.patch b/pkgs/development/libraries/umockdev/substitute-udevadm.patch new file mode 100644 index 000000000000..b09d151018e5 --- /dev/null +++ b/pkgs/development/libraries/umockdev/substitute-udevadm.patch @@ -0,0 +1,41 @@ +From 09efbe8090f501c60975d5467fb587ed633d6a01 Mon Sep 17 00:00:00 2001 +From: Florian Klink +Date: Wed, 24 Jan 2024 14:29:28 +0200 +Subject: [PATCH] substitute udevadm + +--- + src/umockdev-record.vala | 2 +- + tests/test-umockdev-run.vala | 4 ++-- + 2 files changed, 3 insertions(+), 3 deletions(-) + +diff --git a/src/umockdev-record.vala b/src/umockdev-record.vala +index 2d49bc8..272f25e 100644 +--- a/src/umockdev-record.vala ++++ b/src/umockdev-record.vala +@@ -223,7 +223,7 @@ record_device(string dev) + int exitcode; + try { + Process.spawn_sync(null, +- {"udevadm", "info", "--query=all", "--path", dev}, ++ {"@udevadm@", "info", "--query=all", "--path", dev}, + null, + SpawnFlags.SEARCH_PATH, + null, +diff --git a/tests/test-umockdev-run.vala b/tests/test-umockdev-run.vala +index cd00a08..94616cb 100644 +--- a/tests/test-umockdev-run.vala ++++ b/tests/test-umockdev-run.vala +@@ -199,8 +199,8 @@ A: size=1048576\n + + // unfortunately the udevadm output between distros is not entirely constant + assert (get_program_out ( +- "udevadm", +- umockdev_run_command + "-d " + umockdev_file + " -- udevadm info --query=all --name=/dev/loop23", ++ "@udevadm@", ++ umockdev_run_command + "-d " + umockdev_file + " -- @udevadm@ info --query=all --name=/dev/loop23", + out sout, out serr, out exit)); + + assert_cmpstr (serr, CompareOperator.EQ, ""); +-- +2.43.0 + From b5db527bd6369c716b969522400c7783884bff9a Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Robert=20Sch=C3=BCtz?= Date: Wed, 24 Jan 2024 11:50:53 -0800 Subject: [PATCH 072/212] python311Packages.pluggy: 1.3.0 -> 1.4.0 Diff: https://github.com/pytest-dev/pluggy/compare/refs/tags/1.3.0...1.4.0 Changelog: https://github.com/pytest-dev/pluggy/blob/refs/tags/1.4.0/CHANGELOG.rst --- pkgs/development/python-modules/pluggy/default.nix | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/pkgs/development/python-modules/pluggy/default.nix b/pkgs/development/python-modules/pluggy/default.nix index 6b1c8e67f1eb..a768e8ce942f 100644 --- a/pkgs/development/python-modules/pluggy/default.nix +++ b/pkgs/development/python-modules/pluggy/default.nix @@ -9,17 +9,17 @@ buildPythonPackage rec { pname = "pluggy"; - version = "1.3.0"; + version = "1.4.0"; disabled = pythonOlder "3.8"; - format = "pyproject"; + pyproject = true; src = fetchFromGitHub { owner = "pytest-dev"; repo = "pluggy"; rev = "refs/tags/${version}"; - hash = "sha256-jLasnqmATIOoheGu90Wo1+iTCwslYzNOKckqHIZDJec="; + hash = "sha256-1XHJwODmpYQkYZvnZck6RrtT4lOeCf8cr1QFx9DCbzw="; }; nativeBuildInputs = [ setuptools-scm ]; From 5c5f9bf221661b0de5e53806a34ed4a36fbc0523 Mon Sep 17 00:00:00 2001 From: Sergei Trofimovich Date: Tue, 23 Jan 2024 10:19:35 +0000 Subject: [PATCH 073/212] zlib: 1.3 -> 1.3.1 Changes: https://github.com/madler/zlib/releases/tag/v1.3.1 --- pkgs/development/libraries/minizip/default.nix | 8 -------- pkgs/development/libraries/zlib/default.nix | 11 ++++++++--- 2 files changed, 8 insertions(+), 11 deletions(-) diff --git a/pkgs/development/libraries/minizip/default.nix b/pkgs/development/libraries/minizip/default.nix index 74493a06b526..586dd113f1d1 100644 --- a/pkgs/development/libraries/minizip/default.nix +++ b/pkgs/development/libraries/minizip/default.nix @@ -4,14 +4,6 @@ stdenv.mkDerivation { pname = "minizip"; inherit (zlib) src version; - patches = [ - (fetchpatch { - name = "CVE-2023-45853.patch"; - url = "https://github.com/madler/zlib/commit/73331a6a0481067628f065ffe87bb1d8f787d10c.patch"; - hash = "sha256-yayfe1g9HsvgMN28WF/MYkH7dGMX4PsK53FcnfL3InM="; - }) - ]; - patchFlags = [ "-p3" ]; nativeBuildInputs = [ autoreconfHook ]; diff --git a/pkgs/development/libraries/zlib/default.nix b/pkgs/development/libraries/zlib/default.nix index 9fccef25da17..687fb3598444 100644 --- a/pkgs/development/libraries/zlib/default.nix +++ b/pkgs/development/libraries/zlib/default.nix @@ -9,6 +9,7 @@ # If false, and if `{ static = true; }`, the .a stays in the main output. , splitStaticOutput ? shared && static , testers +, minizip }: # Without either the build will actually still succeed because the build @@ -24,7 +25,7 @@ assert splitStaticOutput -> static; stdenv.mkDerivation (finalAttrs: { pname = "zlib"; - version = "1.3"; + version = "1.3.1"; src = let inherit (finalAttrs) version; @@ -35,7 +36,7 @@ stdenv.mkDerivation (finalAttrs: { # Stable archive path, but captcha can be encountered, causing hash mismatch. "https://www.zlib.net/fossils/zlib-${version}.tar.gz" ]; - hash = "sha256-/wukwpIBPbwnUws6geH5qBPNOd4Byl4Pi/NVcC76WT4="; + hash = "sha256-mpOyt9/ax3zrpaVYpYDnRmfdb+3kWFuR7vtg8Dty3yM="; }; postPatch = lib.optionalString stdenv.hostPlatform.isDarwin '' @@ -128,7 +129,11 @@ stdenv.mkDerivation (finalAttrs: { "SHARED_MODE=1" ]; - passthru.tests.pkg-config = testers.testMetaPkgConfig finalAttrs.finalPackage; + passthru.tests = { + pkg-config = testers.testMetaPkgConfig finalAttrs.finalPackage; + # uses `zlib` derivation: + inherit minizip; + }; meta = with lib; { homepage = "https://zlib.net"; From 897760f5bb873f439121f6561545be402795518d Mon Sep 17 00:00:00 2001 From: Alyssa Ross Date: Wed, 24 Jan 2024 22:22:26 +0100 Subject: [PATCH 074/212] mesa: 23.3.3 -> 23.3.4 --- pkgs/development/libraries/mesa/default.nix | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/pkgs/development/libraries/mesa/default.nix b/pkgs/development/libraries/mesa/default.nix index cb9d19c30c84..c37fb49ca8cf 100644 --- a/pkgs/development/libraries/mesa/default.nix +++ b/pkgs/development/libraries/mesa/default.nix @@ -85,8 +85,8 @@ */ let - version = "23.3.3"; - hash = "sha256-UYMHwAV/o87otY33i+Qx1N9ar6ftxg0JJ4stegqA87Q="; + version = "23.3.4"; + hash = "sha256-3xLXZb5GUP5TKGCxiqGObaHQsH0aId/f4EZg5re6w5o="; # Release calendar: https://www.mesa3d.org/release-calendar.html # Release frequency: https://www.mesa3d.org/releasing.html#schedule From 56a3b62fe15c8cf62a21fdc8fe2ce6660a7852ed Mon Sep 17 00:00:00 2001 From: "R. Ryantm" Date: Thu, 25 Jan 2024 06:08:33 +0000 Subject: [PATCH 075/212] cryptsetup: 2.6.1 -> 2.7.0 --- pkgs/os-specific/linux/cryptsetup/default.nix | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/pkgs/os-specific/linux/cryptsetup/default.nix b/pkgs/os-specific/linux/cryptsetup/default.nix index fbff9a3363de..33edbc0a4f73 100644 --- a/pkgs/os-specific/linux/cryptsetup/default.nix +++ b/pkgs/os-specific/linux/cryptsetup/default.nix @@ -14,14 +14,14 @@ stdenv.mkDerivation rec { pname = "cryptsetup"; - version = "2.6.1"; + version = "2.7.0"; outputs = [ "bin" "out" "dev" "man" ]; separateDebugInfo = true; src = fetchurl { url = "mirror://kernel/linux/utils/cryptsetup/v${lib.versions.majorMinor version}/${pname}-${version}.tar.xz"; - hash = "sha256-QQ3tZaEHKrnI5Brd7Te5cpwIf+9NLbArtO9SmtbaRpM="; + hash = "sha256-lAA6AM1agZRPRejcUp4M/Spv9im9LNIc9eV05GXa95U="; }; patches = [ From 06cd3d57a72b08672171091ce5516e9024d4e782 Mon Sep 17 00:00:00 2001 From: "R. Ryantm" Date: Thu, 25 Jan 2024 07:47:32 +0000 Subject: [PATCH 076/212] s2n-tls: 1.4.1 -> 1.4.2 --- pkgs/development/libraries/s2n-tls/default.nix | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/pkgs/development/libraries/s2n-tls/default.nix b/pkgs/development/libraries/s2n-tls/default.nix index 6c6fa1d6be95..97a8000e6310 100644 --- a/pkgs/development/libraries/s2n-tls/default.nix +++ b/pkgs/development/libraries/s2n-tls/default.nix @@ -8,13 +8,13 @@ stdenv.mkDerivation rec { pname = "s2n-tls"; - version = "1.4.1"; + version = "1.4.2"; src = fetchFromGitHub { owner = "aws"; repo = pname; rev = "v${version}"; - hash = "sha256-Kq4jl/ss+Xf5/zv18QWuIyXZDyz8mk3av4mdRoQrvJY="; + hash = "sha256-Roc+em2inEBt/oQFZrfaZC1TMiQ7T79A5otAD+68ZA0="; }; nativeBuildInputs = [ cmake ]; From 71c6265be02691f4ba1926202d9b2e6391a2cd47 Mon Sep 17 00:00:00 2001 From: Ivan Mincik Date: Thu, 25 Jan 2024 10:03:50 +0100 Subject: [PATCH 077/212] python3Packages.sip: add qgis and qgis-ltr to passthru.tests --- pkgs/development/python-modules/sip/default.nix | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) diff --git a/pkgs/development/python-modules/sip/default.nix b/pkgs/development/python-modules/sip/default.nix index c36e3acc30ea..32c28211cd06 100644 --- a/pkgs/development/python-modules/sip/default.nix +++ b/pkgs/development/python-modules/sip/default.nix @@ -9,7 +9,11 @@ , ply , toml , tomli + +# tests , poppler-qt5 +, qgis +, qgis-ltr }: buildPythonPackage rec { @@ -38,7 +42,8 @@ buildPythonPackage rec { pythonImportsCheck = [ "sipbuild" ]; passthru.tests = { - inherit poppler-qt5; + # test depending packages + inherit poppler-qt5 qgis qgis-ltr; }; meta = with lib; { From 2136bc77182e8d7b842c77dbbfbf2055c87fbfe1 Mon Sep 17 00:00:00 2001 From: Sergei Trofimovich Date: Sun, 19 Nov 2023 11:59:38 +0000 Subject: [PATCH 078/212] lsof: 4.98.0 -> 4.99.3 While at it dropped local patch as upstream does not retain hostname and build user by default. Changes: - https://github.com/lsof-org/lsof/releases/tag/4.99.0 - https://github.com/lsof-org/lsof/releases/tag/4.99.1 - https://github.com/lsof-org/lsof/releases/tag/4.99.2 - https://github.com/lsof-org/lsof/releases/tag/4.99.3 --- pkgs/development/tools/misc/lsof/default.nix | 24 ++++++----- .../tools/misc/lsof/no-build-info.patch | 40 ------------------- 2 files changed, 15 insertions(+), 49 deletions(-) delete mode 100644 pkgs/development/tools/misc/lsof/no-build-info.patch diff --git a/pkgs/development/tools/misc/lsof/default.nix b/pkgs/development/tools/misc/lsof/default.nix index 2faefedd6656..9153a2dea198 100644 --- a/pkgs/development/tools/misc/lsof/default.nix +++ b/pkgs/development/tools/misc/lsof/default.nix @@ -1,4 +1,4 @@ -{ lib, stdenv, fetchFromGitHub, buildPackages, perl, which, ncurses }: +{ lib, stdenv, fetchFromGitHub, buildPackages, perl, which, ncurses, nukeReferences }: let dialect = with lib; last (splitString "-" stdenv.hostPlatform.system); @@ -6,27 +6,29 @@ in stdenv.mkDerivation rec { pname = "lsof"; - version = "4.98.0"; + version = "4.99.3"; src = fetchFromGitHub { owner = "lsof-org"; repo = "lsof"; rev = version; - sha256 = "sha256-DQLY0a0sOCZFEJA4Y4b18OcWZw47RyqKZ0mVG0CDVTI="; + hash = "sha256-XW3l+E9D8hgI9jGJGKkIAKa8O9m0JHgZhEASqg4gYuw="; }; - patches = [ - ./no-build-info.patch - ]; - - postPatch = lib.optionalString stdenv.hostPlatform.isMusl '' + postPatch = '' + patchShebangs --build lib/dialects/*/Mksrc + # Do not re-build version.h in every 'make' to allow nuke-refs below. + # We remove phony 'FRC' target that forces rebuilds: + # 'version.h: FRC ...' is translated to 'version.h: ...'. + sed -i lib/dialects/*/Makefile -e 's/version.h:\s*FRC/version.h:/' + '' + lib.optionalString stdenv.hostPlatform.isMusl '' substituteInPlace dialects/linux/dlsof.h --replace "defined(__UCLIBC__)" 1 '' + lib.optionalString stdenv.isDarwin '' sed -i 's|lcurses|lncurses|g' Configure ''; depsBuildBuild = [ buildPackages.stdenv.cc ]; - nativeBuildInputs = [ perl which ]; + nativeBuildInputs = [ nukeReferences perl which ]; buildInputs = [ ncurses ]; # Stop build scripts from searching global include paths @@ -37,6 +39,10 @@ stdenv.mkDerivation rec { for filepath in $(find dialects/${dialect} -type f); do sed -i "s,/usr/include,$LSOF_INCLUDE,g" $filepath done + + # Wipe out development-only flags from CFLAGS embedding + make version.h + nuke-refs version.h ''; installPhase = '' diff --git a/pkgs/development/tools/misc/lsof/no-build-info.patch b/pkgs/development/tools/misc/lsof/no-build-info.patch deleted file mode 100644 index 3c518896b045..000000000000 --- a/pkgs/development/tools/misc/lsof/no-build-info.patch +++ /dev/null @@ -1,40 +0,0 @@ ---- a/usage.c -+++ b/usage.c -@@ -931,24 +931,6 @@ usage(err, fh, version) - (void) fprintf(stderr, " configuration info: %s\n", cp); - #endif /* defined(LSOF_CINFO) */ - -- cp = isnullstr(LSOF_HOST); -- if (!(cp1 = isnullstr(LSOF_LOGNAME))) -- cp1 = isnullstr(LSOF_USER); -- if (cp || cp1) { -- if (cp && cp1) -- cp2 = "by and on"; -- else if (cp) -- cp2 = "on"; -- else -- cp2 = "by"; -- (void) fprintf(stderr, " constructed %s: %s%s%s\n", -- cp2, -- cp1 ? cp1 : "", -- (cp && cp1) ? "@" : "", -- cp ? cp : "" -- ); -- } -- - #if defined(LSOF_BLDCMT) - if ((cp = isnullstr(LSOF_BLDCMT))) - (void) fprintf(stderr, " builder's comment: %s\n", cp); -@@ -958,12 +940,6 @@ usage(err, fh, version) - (void) fprintf(stderr, " compiler: %s\n", cp); - if ((cp = isnullstr(LSOF_CCV))) - (void) fprintf(stderr, " compiler version: %s\n", cp); -- if ((cp = isnullstr(LSOF_CCFLAGS))) -- (void) fprintf(stderr, " compiler flags: %s\n", cp); -- if ((cp = isnullstr(LSOF_LDFLAGS))) -- (void) fprintf(stderr, " loader flags: %s\n", cp); -- if ((cp = isnullstr(LSOF_SYSINFO))) -- (void) fprintf(stderr, " system info: %s\n", cp); - // display configurations that might affect output - char *features[] = { - #if defined(HASEFFNLINK) From f419df05df66ab4fb53320e7fca5b0cab277c82e Mon Sep 17 00:00:00 2001 From: Alyssa Ross Date: Fri, 19 Jan 2024 14:57:39 +0100 Subject: [PATCH 079/212] wayland-protocols: 1.32 -> 1.33 --- pkgs/development/libraries/wayland/protocols.nix | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/pkgs/development/libraries/wayland/protocols.nix b/pkgs/development/libraries/wayland/protocols.nix index 0fadb103ce33..9625f3a5ee1b 100644 --- a/pkgs/development/libraries/wayland/protocols.nix +++ b/pkgs/development/libraries/wayland/protocols.nix @@ -6,14 +6,14 @@ stdenv.mkDerivation rec { pname = "wayland-protocols"; - version = "1.32"; + version = "1.33"; # https://gitlab.freedesktop.org/wayland/wayland-protocols/-/issues/48 doCheck = stdenv.hostPlatform == stdenv.buildPlatform && stdenv.hostPlatform.linker == "bfd" && wayland.withLibraries; src = fetchurl { url = "https://gitlab.freedesktop.org/wayland/${pname}/-/releases/${version}/downloads/${pname}-${version}.tar.xz"; - hash = "sha256-dFl5nTQMgpa2le+FfAfd7yTFoJsJq2p097kmQNKxuhE="; + hash = "sha256-lPDFCwkNbmGgP2IEhGexmrvoUb5OEa57NvZfi5jDljo="; }; postPatch = lib.optionalString doCheck '' From 756efb587c51ab73911a293295e27cf85f4a4ee6 Mon Sep 17 00:00:00 2001 From: Martin Weinelt Date: Sun, 1 Oct 2023 00:29:35 +0200 Subject: [PATCH 080/212] python311Packages.werkzeug: 2.3.7 -> 3.0.1 https://werkzeug.palletsprojects.com/en/3.0.x/changes/#version-3-0-1 --- .../python-modules/werkzeug/default.nix | 28 +++++++++++++++---- 1 file changed, 22 insertions(+), 6 deletions(-) diff --git a/pkgs/development/python-modules/werkzeug/default.nix b/pkgs/development/python-modules/werkzeug/default.nix index 35c5f943cb19..e59eda006e6e 100644 --- a/pkgs/development/python-modules/werkzeug/default.nix +++ b/pkgs/development/python-modules/werkzeug/default.nix @@ -3,27 +3,39 @@ , buildPythonPackage , pythonOlder , fetchPypi + +# build-system , flit-core + +# dependencies +, markupsafe + +# optional-dependencies , watchdog + +# tests +, cryptography , ephemeral-port-reserve +, greenlet , pytest-timeout , pytest-xprocess , pytestCheckHook -, markupsafe -# for passthru.tests -, moto, sentry-sdk + +# reverse dependencies +, moto +, sentry-sdk }: buildPythonPackage rec { pname = "werkzeug"; - version = "2.3.8"; + version = "3.0.1"; format = "pyproject"; disabled = pythonOlder "3.8"; src = fetchPypi { inherit pname version; - hash = "sha256-VUslfHS763oNJUFgpPj/4YUkP1KlIDUGC3Ycpi2XfwM="; + hash = "sha256-UH6BHs6nKxikBJR63tSzOQ4duPgmtJTXZVDvRbs7Hcw="; }; nativeBuildInputs = [ @@ -36,16 +48,19 @@ buildPythonPackage rec { passthru.optional-dependencies = { watchdog = lib.optionals (!stdenv.isDarwin) [ - # watchdog requires macos-sdk 10.13[ + # watchdog requires macos-sdk 10.13 watchdog ]; }; nativeCheckInputs = [ + cryptography ephemeral-port-reserve pytest-timeout pytest-xprocess pytestCheckHook + ] ++ lib.optionals (pythonOlder "3.11") [ + greenlet ] ++ lib.flatten (builtins.attrValues passthru.optional-dependencies); disabledTests = lib.optionals stdenv.isDarwin [ @@ -68,6 +83,7 @@ buildPythonPackage rec { }; meta = with lib; { + changelog = "https://werkzeug.palletsprojects.com/en/${versions.majorMinor version}.x/changes/#version-${replaceStrings [ "." ] [ "-" ] version}"; homepage = "https://palletsprojects.com/p/werkzeug/"; description = "The comprehensive WSGI web application library"; longDescription = '' From a24d9a6a54fbba232db7f654beff8e3150d5f5ff Mon Sep 17 00:00:00 2001 From: Martin Weinelt Date: Sun, 1 Oct 2023 00:55:56 +0200 Subject: [PATCH 081/212] python311Packages.flask: 2.3.3 -> 3.0.1 https://flask.palletsprojects.com/en/3.0.x/changes/#version-3-0-1 --- .../python-modules/flask/default.nix | 46 +++++++++++++------ 1 file changed, 33 insertions(+), 13 deletions(-) diff --git a/pkgs/development/python-modules/flask/default.nix b/pkgs/development/python-modules/flask/default.nix index 154625f6c52a..083cf33c88fd 100644 --- a/pkgs/development/python-modules/flask/default.nix +++ b/pkgs/development/python-modules/flask/default.nix @@ -1,18 +1,28 @@ { lib , buildPythonPackage , fetchPypi -, asgiref +, pythonOlder + +# build-system +, flit-core + +# dependencies , blinker , click -, flit-core , importlib-metadata , itsdangerous , jinja2 -, python-dotenv , werkzeug + +# optional-dependencies +, asgiref +, python-dotenv + +# tests +, greenlet , pytestCheckHook -, pythonOlder - # used in passthru.tests + +# reverse dependencies , flask-limiter , flask-restful , flask-restx @@ -21,12 +31,12 @@ buildPythonPackage rec { pname = "flask"; - version = "2.3.3"; + version = "3.0.1"; format = "pyproject"; src = fetchPypi { inherit pname version; - hash = "sha256-CcNHqSqn/0qOfzIGeV8w2CZlS684uHPQdEzVccpgnvw="; + hash = "sha256-ZIn1G7Nmbe9vMU4V8Z1QoYaaGa4OjJo2Qf/mbHfUJAM="; }; nativeBuildInputs = [ @@ -39,21 +49,31 @@ buildPythonPackage rec { itsdangerous jinja2 werkzeug - ] ++ lib.optional (pythonOlder "3.10") importlib-metadata; + ] ++ lib.optionals (pythonOlder "3.10") [ + importlib-metadata + ]; + + passthru.optional-dependencies = { + async = [ + asgiref + ]; + dotenv = [ + python-dotenv + ]; + }; nativeCheckInputs = [ pytestCheckHook - ]; + ] ++ lib.optionals (pythonOlder "3.11") [ + greenlet + ] ++ lib.flatten (builtins.attrValues passthru.optional-dependencies); passthru.tests = { inherit flask-limiter flask-restful flask-restx moto; }; - passthru.optional-dependencies = { - dotenv = [ python-dotenv ]; - async = [ asgiref ]; - }; meta = with lib; { + changelog = "https://flask.palletsprojects.com/en/${versions.majorMinor version}.x/changes/#version-${replaceStrings [ "." ] [ "-" ] version}"; homepage = "https://flask.palletsprojects.com/"; description = "The Python micro framework for building web applications"; longDescription = '' From 138f345fdafcf94952f55b0663d678d3fed4c019 Mon Sep 17 00:00:00 2001 From: Martin Weinelt Date: Sun, 1 Oct 2023 01:26:41 +0200 Subject: [PATCH 082/212] python311Packages.quart: 0.18.4 -> 0.19.4 https://github.com/pallets/quart/blob/0.19.4/CHANGES.rst --- .../python-modules/quart/default.nix | 17 ++++++++--------- 1 file changed, 8 insertions(+), 9 deletions(-) diff --git a/pkgs/development/python-modules/quart/default.nix b/pkgs/development/python-modules/quart/default.nix index 6cf51d6920ff..1effbadf3b67 100644 --- a/pkgs/development/python-modules/quart/default.nix +++ b/pkgs/development/python-modules/quart/default.nix @@ -1,6 +1,7 @@ { lib , buildPythonPackage , fetchFromGitHub +, pythonOlder # build-system , poetry-core @@ -9,6 +10,7 @@ , aiofiles , blinker , click +, flask , hypercorn , importlib-metadata , itsdangerous @@ -29,14 +31,14 @@ buildPythonPackage rec { pname = "quart"; - version = "0.18.4"; + version = "0.19.4"; format = "pyproject"; src = fetchFromGitHub { owner = "pallets"; repo = "quart"; rev = "refs/tags/${version}"; - hash = "sha256-iT/pePUtH1hwNIOG8Y/YbqCVseNXVOKC0nrXfB2RTlQ="; + hash = "sha256-EgCZ0AXK2vGxo55BWAcDVv6zNUrWNbAYNnEXEBJk+84="; }; nativeBuildInputs = [ @@ -52,15 +54,17 @@ buildPythonPackage rec { aiofiles blinker click + flask hypercorn - importlib-metadata itsdangerous jinja2 markupsafe pydata-sphinx-theme python-dotenv - typing-extensions werkzeug + ] ++ lib.optionals (pythonOlder "3.10") [ + importlib-metadata + typing-extensions ]; pythonImportsCheck = [ @@ -75,11 +79,6 @@ buildPythonPackage rec { pytestCheckHook ]; - disabledTestPaths = [ - # remove after 0.18.4 - "tests/test_signals.py" - ]; - meta = with lib; { description = "An async Python micro framework for building web applications"; homepage = "https://github.com/pallets/quart/"; From df144419002c8c4fba918692541f2f4465ee8448 Mon Sep 17 00:00:00 2001 From: Martin Weinelt Date: Sun, 1 Oct 2023 01:32:44 +0200 Subject: [PATCH 083/212] python311Packages.json-logging: test quart integration --- pkgs/development/python-modules/json-logging/default.nix | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/pkgs/development/python-modules/json-logging/default.nix b/pkgs/development/python-modules/json-logging/default.nix index a3ac3ff7f005..3d22f4e878ba 100644 --- a/pkgs/development/python-modules/json-logging/default.nix +++ b/pkgs/development/python-modules/json-logging/default.nix @@ -6,6 +6,7 @@ , httpx , pytestCheckHook , pythonOlder +, quart , requests , sanic , uvicorn @@ -31,7 +32,7 @@ buildPythonPackage rec { flask httpx pytestCheckHook - # quart + quart requests sanic uvicorn From e5d3d385319d2bc8fd07c2e6a4a05bf9e5fc1ed4 Mon Sep 17 00:00:00 2001 From: Martin Weinelt Date: Sun, 1 Oct 2023 01:34:52 +0200 Subject: [PATCH 084/212] python311Packages.sentry-sdk: add quart optional and prune unused package arguments. --- pkgs/development/python-modules/sentry-sdk/default.nix | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/pkgs/development/python-modules/sentry-sdk/default.nix b/pkgs/development/python-modules/sentry-sdk/default.nix index 11d1df937702..e89d8ca0e32f 100644 --- a/pkgs/development/python-modules/sentry-sdk/default.nix +++ b/pkgs/development/python-modules/sentry-sdk/default.nix @@ -27,6 +27,7 @@ , pytest-watch , pytestCheckHook , pythonOlder +, quart , rq , sanic , setuptools @@ -96,7 +97,7 @@ buildPythonPackage rec { pure-eval ]; quart = [ - # quart missing + quart blinker ]; rq = [ From ac2b358b7d0d100ad9ab94f3434b2fa743ae9845 Mon Sep 17 00:00:00 2001 From: Martin Weinelt Date: Fri, 26 Jan 2024 00:53:34 +0100 Subject: [PATCH 085/212] python311Packages.httpbin: backport flask 3.0 support --- pkgs/development/python-modules/httpbin/default.nix | 9 +++++++++ 1 file changed, 9 insertions(+) diff --git a/pkgs/development/python-modules/httpbin/default.nix b/pkgs/development/python-modules/httpbin/default.nix index 48de08ee3b4c..0fbc8bc73ee9 100644 --- a/pkgs/development/python-modules/httpbin/default.nix +++ b/pkgs/development/python-modules/httpbin/default.nix @@ -1,6 +1,7 @@ { lib , buildPythonPackage , fetchPypi +, fetchpatch , pythonRelaxDepsHook # build-system @@ -33,6 +34,14 @@ buildPythonPackage rec { hash = "sha256-e4WWvrDnWntlPDnR888mPW1cR20p4d9ve7K3C/nwaj0="; }; + patches = [ + (fetchpatch { + # backport flask 3.0 support; drop after 0.10.1 + url = "https://github.com/psf/httpbin/commit/c1d9e33049263fed3cb27806a97f094acc350905.patch"; + hash = "sha256-SYJgQN3ERDgLIaBc4eqDfey+EX4z6CSxLoAA7j+16xI="; + }) + ]; + nativeBuildInputs = [ setuptools pythonRelaxDepsHook From d2c9ee5630e7fcb4db7e7c0fdd4c597b63f507ae Mon Sep 17 00:00:00 2001 From: Martin Weinelt Date: Fri, 26 Jan 2024 01:06:12 +0100 Subject: [PATCH 086/212] python311Packages.flask-basicauth: drop Not compatible with Flask 3.0 and upstream is essentially dead. --- .../flask-basicauth/default.nix | 55 ------------------- pkgs/top-level/python-aliases.nix | 1 + pkgs/top-level/python-packages.nix | 2 - 3 files changed, 1 insertion(+), 57 deletions(-) delete mode 100644 pkgs/development/python-modules/flask-basicauth/default.nix diff --git a/pkgs/development/python-modules/flask-basicauth/default.nix b/pkgs/development/python-modules/flask-basicauth/default.nix deleted file mode 100644 index 97a214744457..000000000000 --- a/pkgs/development/python-modules/flask-basicauth/default.nix +++ /dev/null @@ -1,55 +0,0 @@ -{ lib -, buildPythonPackage -, fetchFromGitHub -, fetchpatch -, flask -, python -}: - -buildPythonPackage rec { - pname = "flask-basicauth"; - version = "0.2.0"; - format = "setuptools"; - - src = fetchFromGitHub { - owner = "jpvanhal"; - repo = pname; - rev = "v${version}"; - hash = "sha256-han0OjMI1XmuWKHGVpk+xZB+/+cpV1I+659zOG3hcPY="; - }; - - patches = [ - (fetchpatch { - # The unit tests fail due to an invalid import: - # from flask.ext.basicauth import BasicAuth - # - # This patch replaces it with the correct import: - # from flask_basicauth import BasicAuth - # - # The patch uses the changes from this pull request, - # and therefore can be removed once this pull request - # has been merged: - # https://github.com/jpvanhal/flask-basicauth/pull/29 - name = "fix-test-flask-ext-imports.patch"; - url = "https://github.com/jpvanhal/flask-basicauth/commit/23f57dc1c3d85ea6fc7f468e8d8c6f19348a0a81.patch"; - hash = "sha256-njUYjO0TRe3vr5D0XjIfCNcsFlShbGxtFV/DJerAKDE="; - }) - ]; - - propagatedBuildInputs = [ flask ]; - - checkPhase = '' - runHook preCheck - ${python.interpreter} -m unittest discover - runHook postCheck - ''; - - pythonImportsCheck = [ "flask_basicauth" ]; - - meta = with lib; { - homepage = "https://github.com/jpvanhal/flask-basicauth"; - description = "HTTP basic access authentication for Flask"; - license = licenses.mit; - maintainers = with maintainers; [ wesnel ]; - }; -} diff --git a/pkgs/top-level/python-aliases.nix b/pkgs/top-level/python-aliases.nix index ad98e21d5ef5..d61fbbe96f2b 100644 --- a/pkgs/top-level/python-aliases.nix +++ b/pkgs/top-level/python-aliases.nix @@ -164,6 +164,7 @@ mapAliases ({ flask_sqlalchemy = flask-sqlalchemy; # added 2022-07-20 flask_testing = flask-testing; # added 2022-04-25 flask_wtf = flask-wtf; # added 2022-05-24 + flask-basicauth = throw "flask-basicauth was removed, as it is not compatible with flask 3.0 and unmaintained since 2016."; flowlogs_reader = flowlogs-reader; # added 2024-01-03 FormEncode = formencode; # added 2023-02-19 foundationdb51 = throw "foundationdb51 is no longer maintained, use foundationdb71 instead"; # added 2023-06-06 diff --git a/pkgs/top-level/python-packages.nix b/pkgs/top-level/python-packages.nix index b386432808eb..8a6be0606b37 100644 --- a/pkgs/top-level/python-packages.nix +++ b/pkgs/top-level/python-packages.nix @@ -4103,8 +4103,6 @@ self: super: with self; { flask-babelex = callPackage ../development/python-modules/flask-babelex { }; - flask-basicauth = callPackage ../development/python-modules/flask-basicauth { }; - flask-bcrypt = callPackage ../development/python-modules/flask-bcrypt { }; flask-bootstrap = callPackage ../development/python-modules/flask-bootstrap { }; From 569fb1934476dbc2206b0ceb8bcd86f0b39b42dd Mon Sep 17 00:00:00 2001 From: Martin Weinelt Date: Fri, 26 Jan 2024 01:10:44 +0100 Subject: [PATCH 087/212] python311Packages.flask-sessionstore: drop Incompatible with Flask 3.0 and unmaintained since 2017. --- .../flask-sessionstore/default.nix | 35 ------------------- pkgs/top-level/python-aliases.nix | 1 + pkgs/top-level/python-packages.nix | 2 -- 3 files changed, 1 insertion(+), 37 deletions(-) delete mode 100644 pkgs/development/python-modules/flask-sessionstore/default.nix diff --git a/pkgs/development/python-modules/flask-sessionstore/default.nix b/pkgs/development/python-modules/flask-sessionstore/default.nix deleted file mode 100644 index 12f3ff51b425..000000000000 --- a/pkgs/development/python-modules/flask-sessionstore/default.nix +++ /dev/null @@ -1,35 +0,0 @@ -{ lib -, fetchPypi -, buildPythonPackage -, flask -, nose -}: - -buildPythonPackage rec { - pname = "flask-sessionstore"; - version = "0.4.5"; - format = "setuptools"; - - src = fetchPypi { - pname = "Flask-Sessionstore"; - inherit version; - hash = "sha256-AQ3jWrnw2UI8L3nFEx4AhDwGP4R8Tr7iBMsDS5jLQPQ="; - }; - - propagatedBuildInputs = [ flask ]; - - pythonImportsCheck = [ "flask_sessionstore" ]; - - nativeCheckInputs = [ nose ]; - - checkPhase = '' - nosetests -s - ''; - - meta = with lib; { - description = "Session Storage Backends for Flask"; - homepage = "https://github.com/mcrowson/flask-sessionstore"; - license = licenses.bsd3; - maintainers = with maintainers; [ Flakebi ]; - }; -} diff --git a/pkgs/top-level/python-aliases.nix b/pkgs/top-level/python-aliases.nix index d61fbbe96f2b..861ae510a517 100644 --- a/pkgs/top-level/python-aliases.nix +++ b/pkgs/top-level/python-aliases.nix @@ -165,6 +165,7 @@ mapAliases ({ flask_testing = flask-testing; # added 2022-04-25 flask_wtf = flask-wtf; # added 2022-05-24 flask-basicauth = throw "flask-basicauth was removed, as it is not compatible with flask 3.0 and unmaintained since 2016."; + flask-sessionstore = throw "flask-sessionstore was removed, as it is not compatible with flask 3.0 and unmaintained since 2017."; flowlogs_reader = flowlogs-reader; # added 2024-01-03 FormEncode = formencode; # added 2023-02-19 foundationdb51 = throw "foundationdb51 is no longer maintained, use foundationdb71 instead"; # added 2023-06-06 diff --git a/pkgs/top-level/python-packages.nix b/pkgs/top-level/python-packages.nix index 8a6be0606b37..3cf34169fed3 100644 --- a/pkgs/top-level/python-packages.nix +++ b/pkgs/top-level/python-packages.nix @@ -4169,8 +4169,6 @@ self: super: with self; { flask-session-captcha = callPackage ../development/python-modules/flask-session-captcha { }; - flask-sessionstore = callPackage ../development/python-modules/flask-sessionstore { }; - flask-security-too = callPackage ../development/python-modules/flask-security-too { }; flask-silk = callPackage ../development/python-modules/flask-silk { }; From 22e69038a60c7255f1ce4ad304464a7531c8e43a Mon Sep 17 00:00:00 2001 From: Martin Weinelt Date: Fri, 26 Jan 2024 01:29:59 +0100 Subject: [PATCH 088/212] python311Packages.flask-session-captcha: fix build with flask 3.0 Applies a patch that fixes the markupsafe import. Tests still don't work. --- .../flask-session-captcha/default.nix | 43 ++++++++++++++++--- 1 file changed, 36 insertions(+), 7 deletions(-) diff --git a/pkgs/development/python-modules/flask-session-captcha/default.nix b/pkgs/development/python-modules/flask-session-captcha/default.nix index a720d2a4b555..8a71b99c1539 100644 --- a/pkgs/development/python-modules/flask-session-captcha/default.nix +++ b/pkgs/development/python-modules/flask-session-captcha/default.nix @@ -1,17 +1,25 @@ { lib , fetchFromGitHub +, fetchpatch , buildPythonPackage -, flask -, flask-sessionstore -, flask-sqlalchemy + +# build-system +, setuptools + +# dependencies , captcha +, flask +, markupsafe + +# tests +, flask-sqlalchemy , pytestCheckHook }: buildPythonPackage rec { pname = "flask-session-captcha"; version = "1.3.0"; - format = "setuptools"; + pyproject = true; src = fetchFromGitHub { owner = "Tethik"; @@ -20,15 +28,36 @@ buildPythonPackage rec { hash = "sha256-V0f3mXCfqwH2l3OtJKOHGdrlKAFxs2ynqXvNve7Amkc="; }; - propagatedBuildInputs = [ flask flask-sessionstore captcha ]; + patches = [ + (fetchpatch { + # https://github.com/Tethik/flask-session-captcha/pull/44 + url = "https://github.com/Tethik/flask-session-captcha/commit/3f79c22a71c60dd60e9df61b550cce641603dcb6.patch"; + hash = "sha256-MXsoSytBNbcg3HU6IWlvf2MgNUL78T5ToxKGv4YMtZw="; + }) + ]; - pythonImportsCheck = [ "flask_session_captcha" ]; + nativeBuildInputs = [ + setuptools + ]; - nativeCheckInputs = [ flask-sqlalchemy pytestCheckHook ]; + propagatedBuildInputs = [ + captcha + flask + markupsafe + ]; + + pythonImportsCheck = [ + "flask_session_captcha" + ]; # RuntimeError: Working outside of application context. doCheck = false; + nativeCheckInputs = [ + flask-sqlalchemy + pytestCheckHook + ]; + meta = with lib; { description = "A captcha implemention for flask"; homepage = "https://github.com/Tethik/flask-session-captcha"; From 68c9550fc7632b36854709898015d2ab6e285593 Mon Sep 17 00:00:00 2001 From: Martin Weinelt Date: Fri, 26 Jan 2024 01:34:57 +0100 Subject: [PATCH 089/212] python311Packages.flask-autoindex: drop Incompatible with Flask 3.0 and unmaintained since 2020. --- .../flask-autoindex/default.nix | 51 ------------------- pkgs/top-level/python-aliases.nix | 1 + pkgs/top-level/python-packages.nix | 2 - 3 files changed, 1 insertion(+), 53 deletions(-) delete mode 100644 pkgs/development/python-modules/flask-autoindex/default.nix diff --git a/pkgs/development/python-modules/flask-autoindex/default.nix b/pkgs/development/python-modules/flask-autoindex/default.nix deleted file mode 100644 index c8e14eaf35e3..000000000000 --- a/pkgs/development/python-modules/flask-autoindex/default.nix +++ /dev/null @@ -1,51 +0,0 @@ -{ lib -, buildPythonPackage -, fetchPypi -, flask -, flask-silk -, future -, pythonOlder -, unittestCheckHook -}: - -buildPythonPackage rec { - pname = "flask-autoindex"; - version = "0.6.6"; - format = "setuptools"; - - disabled = pythonOlder "3.7"; - - src = fetchPypi { - pname = "Flask-AutoIndex"; - inherit version; - sha256 = "ea319f7ccadf68ddf98d940002066278c779323644f9944b300066d50e2effc7"; - }; - - propagatedBuildInputs = [ - flask - flask-silk - future - ]; - - nativeCheckInputs = [ - unittestCheckHook - ]; - - pythonImportsCheck = [ - "flask_autoindex" - ]; - - meta = with lib; { - description = "The mod_autoindex for Flask"; - longDescription = '' - Flask-AutoIndex generates an index page for your Flask application automatically. - The result is just like mod_autoindex, but the look is more awesome! - ''; - homepage = "https://flask-autoindex.readthedocs.io/"; - changelog = "https://github.com/general03/flask-autoindex/blob/v${version}/CHANGELOG.md"; - license = licenses.bsd2; - maintainers = teams.sage.members; - # https://github.com/general03/flask-autoindex/issues/67 - broken = true; - }; -} diff --git a/pkgs/top-level/python-aliases.nix b/pkgs/top-level/python-aliases.nix index 861ae510a517..28f5d193e213 100644 --- a/pkgs/top-level/python-aliases.nix +++ b/pkgs/top-level/python-aliases.nix @@ -164,6 +164,7 @@ mapAliases ({ flask_sqlalchemy = flask-sqlalchemy; # added 2022-07-20 flask_testing = flask-testing; # added 2022-04-25 flask_wtf = flask-wtf; # added 2022-05-24 + flask-autoindex = throw "flask-autoindex was removed, as it is not compatible with flask 3.0 and unmaintained since 2020."; flask-basicauth = throw "flask-basicauth was removed, as it is not compatible with flask 3.0 and unmaintained since 2016."; flask-sessionstore = throw "flask-sessionstore was removed, as it is not compatible with flask 3.0 and unmaintained since 2017."; flowlogs_reader = flowlogs-reader; # added 2024-01-03 diff --git a/pkgs/top-level/python-packages.nix b/pkgs/top-level/python-packages.nix index 3cf34169fed3..a1f857d774fe 100644 --- a/pkgs/top-level/python-packages.nix +++ b/pkgs/top-level/python-packages.nix @@ -4097,8 +4097,6 @@ self: super: with self; { flask-assets = callPackage ../development/python-modules/flask-assets { }; - flask-autoindex = callPackage ../development/python-modules/flask-autoindex { }; - flask-babel = callPackage ../development/python-modules/flask-babel { }; flask-babelex = callPackage ../development/python-modules/flask-babelex { }; From 2cee7f3747437664630dbb3b90693365084f7322 Mon Sep 17 00:00:00 2001 From: Martin Weinelt Date: Fri, 26 Jan 2024 01:44:34 +0100 Subject: [PATCH 090/212] python311Packages.flask-api: fix flask 3.0 compat, enable tests --- .../python-modules/flask-api/default.nix | 29 +++++++++++++++++-- 1 file changed, 27 insertions(+), 2 deletions(-) diff --git a/pkgs/development/python-modules/flask-api/default.nix b/pkgs/development/python-modules/flask-api/default.nix index 9b4a398f7f79..e837dc71df37 100644 --- a/pkgs/development/python-modules/flask-api/default.nix +++ b/pkgs/development/python-modules/flask-api/default.nix @@ -2,14 +2,23 @@ , buildPythonPackage , pythonOlder , fetchFromGitHub +, fetchpatch + +# build-system +, setuptools + +# dependencies , flask + +# tests , markdown +, pytestCheckHook }: buildPythonPackage rec { - pname = "Flask-API"; + pname = "flask-api"; version = "3.1"; - format = "setuptools"; + pyproject = true; disabled = pythonOlder "3.6"; @@ -20,9 +29,25 @@ buildPythonPackage rec { hash = "sha256-nHgeI5FLKkDp4uWO+0eaT4YSOMkeQ0wE3ffyJF+WzTM="; }; + patches = [ + (fetchpatch { + # werkzeug 3.0 support + url = "https://github.com/flask-api/flask-api/commit/9c998897f67d8aa959dc3005d7d22f36568b6938.patch"; + hash = "sha256-vaCZ4gVlfQXyeksA44ydkjz2FxODHt3gTTP+ukJwEGY="; + }) + ]; + + nativeBuildInputs = [ + setuptools + ]; + propagatedBuildInputs = [ flask + ]; + + nativeCheckInputs = [ markdown + pytestCheckHook ]; meta = with lib; { From 53137014dbc506de4aac84ea47e3cbd2489143a4 Mon Sep 17 00:00:00 2001 From: Martin Weinelt Date: Fri, 26 Jan 2024 01:56:18 +0100 Subject: [PATCH 091/212] python311Packages.flask-restful: fix tests Signals are now always available, since flask depends on blinker. --- .../python-modules/flask-restful/default.nix | 2 ++ .../flask-restful/flask-3.0-compat.patch | 24 +++++++++++++++++++ 2 files changed, 26 insertions(+) create mode 100644 pkgs/development/python-modules/flask-restful/flask-3.0-compat.patch diff --git a/pkgs/development/python-modules/flask-restful/default.nix b/pkgs/development/python-modules/flask-restful/default.nix index 68072b7ddde9..3107d4c7f5bc 100644 --- a/pkgs/development/python-modules/flask-restful/default.nix +++ b/pkgs/development/python-modules/flask-restful/default.nix @@ -29,6 +29,8 @@ buildPythonPackage rec { # conditional so that overrides are easier for web applications patches = lib.optionals (lib.versionAtLeast werkzeug.version "2.1.0") [ ./werkzeug-2.1.0-compat.patch + ] ++ lib.optionals (lib.versionAtLeast flask.version "3.0.0") [ + ./flask-3.0-compat.patch ]; propagatedBuildInputs = [ diff --git a/pkgs/development/python-modules/flask-restful/flask-3.0-compat.patch b/pkgs/development/python-modules/flask-restful/flask-3.0-compat.patch new file mode 100644 index 000000000000..c78105e72282 --- /dev/null +++ b/pkgs/development/python-modules/flask-restful/flask-3.0-compat.patch @@ -0,0 +1,24 @@ +diff --git a/tests/test_api.py b/tests/test_api.py +index 582ee5a..20db1f5 100644 +--- a/tests/test_api.py ++++ b/tests/test_api.py +@@ -1,7 +1,7 @@ + import unittest + import json + from flask import Flask, Blueprint, redirect, views, abort as flask_abort +-from flask.signals import got_request_exception, signals_available ++from flask.signals import got_request_exception + try: + from mock import Mock + except: +@@ -491,10 +491,6 @@ class APITestCase(unittest.TestCase): + self.assertEqual(api.default_mediatype, resp.headers['Content-Type']) + + def test_handle_error_signal(self): +- if not signals_available: +- # This test requires the blinker lib to run. +- print("Can't test signals without signal support") +- return + app = Flask(__name__) + api = flask_restful.Api(app) + From 8592e8e5540801bc9bd208c0419e3984ae34611b Mon Sep 17 00:00:00 2001 From: Martin Weinelt Date: Fri, 26 Jan 2024 02:04:22 +0100 Subject: [PATCH 092/212] python311Packages.flask-gravatar: fix flask 3.0 compat --- .../python-modules/flask-gravatar/default.nix | 24 ++++++++++++++++++- 1 file changed, 23 insertions(+), 1 deletion(-) diff --git a/pkgs/development/python-modules/flask-gravatar/default.nix b/pkgs/development/python-modules/flask-gravatar/default.nix index a52feb8aecbf..1a305f017cee 100644 --- a/pkgs/development/python-modules/flask-gravatar/default.nix +++ b/pkgs/development/python-modules/flask-gravatar/default.nix @@ -1,7 +1,15 @@ { lib , buildPythonPackage , fetchPypi +, fetchpatch + +# build-system +, setuptools + +# dependencies , flask + +# tests , pytestCheckHook , pygments }: @@ -17,6 +25,14 @@ buildPythonPackage rec { sha256 = "YGZfMcLGEokdto/4Aek+06CIHGyOw0arxk0qmSP1YuE="; }; + patches = [ + (fetchpatch { + # flask 3.0 compat + url = "https://github.com/zzzsochi/Flask-Gravatar/commit/d74d70d9695c464b602c96c2383d391b38ed51ac.patch"; + hash = "sha256-tCKkA2io/jhvrh6RhTeEw4AKnIZc9hsqTf2qItUsdjo="; + }) + ]; + postPatch = '' sed -i setup.py \ -e "s|tests_require=tests_require,||g" \ @@ -28,6 +44,10 @@ buildPythonPackage rec { --replace "--cov=flask_gravatar --cov-report=term-missing" "" ''; + nativeBuildInputs = [ + setuptools + ]; + propagatedBuildInputs = [ flask ]; @@ -37,7 +57,9 @@ buildPythonPackage rec { pygments ]; - pythonImportsCheck = [ "flask_gravatar" ]; + pythonImportsCheck = [ + "flask_gravatar" + ]; meta = with lib; { homepage = "https://github.com/zzzsochi/Flask-Gravatar"; From a6dec248157c977bd6b9650de88ca900c99609b0 Mon Sep 17 00:00:00 2001 From: natsukium Date: Sat, 20 Jan 2024 09:23:07 +0900 Subject: [PATCH 093/212] python311Packages.ipython: 8.18.1 -> 8.20.0 Changelog: https://github.com/ipython/ipython/blob/8.20.0/docs/source/whatsnew/version8.rst --- pkgs/development/python-modules/ipython/default.nix | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/pkgs/development/python-modules/ipython/default.nix b/pkgs/development/python-modules/ipython/default.nix index 09121fb1f24a..e92d5fbbf656 100644 --- a/pkgs/development/python-modules/ipython/default.nix +++ b/pkgs/development/python-modules/ipython/default.nix @@ -29,13 +29,13 @@ buildPythonPackage rec { pname = "ipython"; - version = "8.18.1"; - format = "pyproject"; - disabled = pythonOlder "3.8"; + version = "8.20.0"; + pyproject = true; + disabled = pythonOlder "3.10"; src = fetchPypi { inherit pname version; - sha256 = "sha256-ym8Hm7M0V8ZuIz5FgOv8QSiFW0z2Nw3d1zhCqVY+iic="; + hash = "sha256-LyG9P8HVFVDInuOUSuBLvHvHnhKeoJN9pubGi/2/EXo="; }; nativeBuildInputs = [ From e5fb80d393373ea5732ddc7987002b39db877a72 Mon Sep 17 00:00:00 2001 From: "R. Ryantm" Date: Fri, 26 Jan 2024 05:55:31 +0000 Subject: [PATCH 094/212] libwpe: 1.14.1 -> 1.14.2 --- pkgs/development/libraries/libwpe/default.nix | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/pkgs/development/libraries/libwpe/default.nix b/pkgs/development/libraries/libwpe/default.nix index 408d082a00de..9978082fc60e 100644 --- a/pkgs/development/libraries/libwpe/default.nix +++ b/pkgs/development/libraries/libwpe/default.nix @@ -12,11 +12,11 @@ stdenv.mkDerivation rec { pname = "libwpe"; - version = "1.14.1"; + version = "1.14.2"; src = fetchurl { url = "https://wpewebkit.org/releases/libwpe-${version}.tar.xz"; - sha256 = "sha256-sdDNzw+Nu0lOZbD3kT41cQbamg1X9Pu3udEjim2+mt4="; + sha256 = "sha256-iuOAIsUMs0DJb9vuEhfx5Gq1f7wci6mBQlZau+2+Iu8="; }; nativeBuildInputs = [ From 31ab028e34f9a11556e45c80e829182243aef369 Mon Sep 17 00:00:00 2001 From: Alyssa Ross Date: Thu, 25 Jan 2024 20:21:19 +0100 Subject: [PATCH 095/212] at-spi2-core: enable debug info --- pkgs/development/libraries/at-spi2-core/default.nix | 1 + 1 file changed, 1 insertion(+) diff --git a/pkgs/development/libraries/at-spi2-core/default.nix b/pkgs/development/libraries/at-spi2-core/default.nix index 7af9edd26865..271c54ea97fa 100644 --- a/pkgs/development/libraries/at-spi2-core/default.nix +++ b/pkgs/development/libraries/at-spi2-core/default.nix @@ -26,6 +26,7 @@ stdenv.mkDerivation rec { version = "2.50.0"; outputs = [ "out" "dev" ]; + separateDebugInfo = true; src = fetchurl { url = "mirror://gnome/sources/${pname}/${lib.versions.majorMinor version}/${pname}-${version}.tar.xz"; From b9e78cd4a0fd869c426c537ff6dc0941ad433658 Mon Sep 17 00:00:00 2001 From: Raito Bezarius Date: Fri, 26 Jan 2024 17:17:23 +0100 Subject: [PATCH 096/212] rl-2405: highlight cryptsetup upgrade It is probably a good idea to talk about it and leave it to release editors to decide how they want to present this. Hardware OPAL based is interesting for certain companies with compliance constraints. --- nixos/doc/manual/release-notes/rl-2405.section.md | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/nixos/doc/manual/release-notes/rl-2405.section.md b/nixos/doc/manual/release-notes/rl-2405.section.md index 9a96c6256846..0aaaa2abfc29 100644 --- a/nixos/doc/manual/release-notes/rl-2405.section.md +++ b/nixos/doc/manual/release-notes/rl-2405.section.md @@ -8,6 +8,10 @@ In addition to numerous new and upgraded packages, this release has the followin +- `cryptsetup` has been upgraded from 2.6.1 to 2.7.0. Cryptsetup is a critical component enabling LUKS-based (but not only) full disk encryption. + Take the time to review [the release notes](https://gitlab.com/cryptsetup/cryptsetup/-/raw/v2.7.0/docs/v2.7.0-ReleaseNotes). + One of the highlight is that it is now possible to use hardware OPAL-based encryption of your disk with `cryptsetup`, it has a lot of caveats, see the above notes for the full details. + - `screen`'s module has been cleaned, and will now require you to set `programs.screen.enable` in order to populate `screenrc` and add the program to the environment. - `linuxPackages_testing_bcachefs` is now fully deprecated by `linuxPackages_latest`, and is therefore no longer available. From a1f829cad75112fdfcafe981ea5b18ff2cfc156f Mon Sep 17 00:00:00 2001 From: Sergei Trofimovich Date: Fri, 26 Jan 2024 19:05:47 +0000 Subject: [PATCH 097/212] xz: 5.4.5 -> 5.4.6 Releases moved to github. Changes: https://github.com/tukaani-project/xz/releases/tag/v5.4.6 --- pkgs/tools/compression/xz/default.nix | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/pkgs/tools/compression/xz/default.nix b/pkgs/tools/compression/xz/default.nix index e8e0ae2439f2..9e195a0aa7db 100644 --- a/pkgs/tools/compression/xz/default.nix +++ b/pkgs/tools/compression/xz/default.nix @@ -10,11 +10,11 @@ stdenv.mkDerivation rec { pname = "xz"; - version = "5.4.5"; + version = "5.4.6"; src = fetchurl { - url = "https://tukaani.org/xz/xz-${version}.tar.bz2"; - sha256 = "sha256-jM9f/4aMAG8pUi44b7TGobZkY/vKZaTPw8S9WW6JXnk="; + url = "https://github.com/tukaani-project/xz/releases/download/v${version}/xz-${version}.tar.bz2"; + sha256 = "sha256-kThRsnTo4dMXgeyUnxwj6NvPDs9uc6JDbcIXad0+b0k="; }; strictDeps = true; From c65c8255a1964aee7702c30a2ee23fd35a8b38aa Mon Sep 17 00:00:00 2001 From: Maxine Aubrey Date: Fri, 26 Jan 2024 21:59:21 +0100 Subject: [PATCH 098/212] =?UTF-8?q?glib:=202.78.3=20=E2=86=92=202.78.4?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit https://gitlab.gnome.org/GNOME/glib/-/compare/2.78.3...2.78.4 https://gitlab.gnome.org/GNOME/glib/-/blob/2.78.4/NEWS --- pkgs/development/libraries/glib/default.nix | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/pkgs/development/libraries/glib/default.nix b/pkgs/development/libraries/glib/default.nix index f92db5b0e5d6..2a1bae9cf41b 100644 --- a/pkgs/development/libraries/glib/default.nix +++ b/pkgs/development/libraries/glib/default.nix @@ -50,11 +50,11 @@ in stdenv.mkDerivation (finalAttrs: { pname = "glib"; - version = "2.78.3"; + version = "2.78.4"; src = fetchurl { url = "mirror://gnome/sources/glib/${lib.versions.majorMinor finalAttrs.version}/glib-${finalAttrs.version}.tar.xz"; - sha256 = "YJgB3Tc3luUVlyv5X8Cy2qRFRUge4vRlxPIE0iSyvCE="; + sha256 = "sha256-JLjgZy3KEgzDLTlLzLhYROcy4E/nXRi7BXOy28dUj2M="; }; patches = lib.optionals stdenv.isDarwin [ From e8d2916513a7cff6690f0057e857cbb167726351 Mon Sep 17 00:00:00 2001 From: jopejoe1 Date: Tue, 16 Jan 2024 23:17:27 +0100 Subject: [PATCH 099/212] ffmpeg: make some build options configurable --- pkgs/development/libraries/ffmpeg/generic.nix | 12 +++++++++--- 1 file changed, 9 insertions(+), 3 deletions(-) diff --git a/pkgs/development/libraries/ffmpeg/generic.nix b/pkgs/development/libraries/ffmpeg/generic.nix index 0f5d88984566..b478bd7bd390 100644 --- a/pkgs/development/libraries/ffmpeg/generic.nix +++ b/pkgs/development/libraries/ffmpeg/generic.nix @@ -125,6 +125,11 @@ , withMultithread ? true # Multithreading via pthreads/win32 threads , withNetwork ? withHeadlessDeps # Network support , withPixelutils ? withHeadlessDeps # Pixel utils in libavutil +, withStatic ? stdenv.hostPlatform.isStatic +, withShared ? !stdenv.hostPlatform.isStatic +, withPic ? true +, withThumb ? false # On some ARM platforms + /* * Program options */ @@ -381,9 +386,10 @@ stdenv.mkDerivation (finalAttrs: { /* * Build flags */ - # On some ARM platforms --enable-thumb - "--enable-shared" - "--enable-pic" + (enableFeature withStatic "static") + (enableFeature withShared "shared") + (enableFeature withPic "pic") + (enableFeature withThumb "thumb") (enableFeature withSmallBuild "small") (enableFeature withRuntimeCPUDetection "runtime-cpudetect") From 074566850e991865b60ce1810f10899570a3ffd6 Mon Sep 17 00:00:00 2001 From: jopejoe1 Date: Tue, 16 Jan 2024 23:21:38 +0100 Subject: [PATCH 100/212] ffmpeg: move libdc1394 and libraw1394 to the right option --- pkgs/development/libraries/ffmpeg/generic.nix | 6 ++---- 1 file changed, 2 insertions(+), 4 deletions(-) diff --git a/pkgs/development/libraries/ffmpeg/generic.nix b/pkgs/development/libraries/ffmpeg/generic.nix index b478bd7bd390..6161ff687b7b 100644 --- a/pkgs/development/libraries/ffmpeg/generic.nix +++ b/pkgs/development/libraries/ffmpeg/generic.nix @@ -564,10 +564,7 @@ stdenv.mkDerivation (finalAttrs: { nativeBuildInputs = [ removeReferencesTo addOpenGLRunpath perl pkg-config texinfo yasm ] ++ optionals withCudaLLVM [ clang ]; - # TODO This was always in buildInputs before, why? - buildInputs = optionals withFullDeps [ libdc1394 ] - ++ optionals (withFullDeps && !stdenv.isDarwin) [ libraw1394 ] # TODO where does this belong to - ++ optionals (withNvdec || withNvenc) [ (if (lib.versionAtLeast finalAttrs.version "6") then nv-codec-headers-12 else nv-codec-headers) ] + buildInputs = optionals (withNvdec || withNvenc) [ (if (lib.versionAtLeast finalAttrs.version "6") then nv-codec-headers-12 else nv-codec-headers) ] ++ optionals withAlsa [ alsa-lib ] ++ optionals withAom [ libaom ] ++ optionals withAribcaption [ libaribcaption ] @@ -578,6 +575,7 @@ stdenv.mkDerivation (finalAttrs: { ++ optionals withCaca [ libcaca ] ++ optionals withCelt [ celt ] ++ optionals withDav1d [ dav1d ] + ++ optionals withDc1394 [ libdc1394 libraw1394 ] ++ optionals withDrm [ libdrm ] ++ optionals withFdkAac [ fdk_aac ] ++ optionals withFontconfig [ fontconfig ] From cba74f016edc758d3657f715f7c4486e5e346c21 Mon Sep 17 00:00:00 2001 From: Sergei Trofimovich Date: Sat, 27 Jan 2024 15:38:46 +0000 Subject: [PATCH 101/212] libplacebo: 6.338.1 -> 6.338.2 Changes: https://code.videolan.org/videolan/libplacebo/-/tags/v6.338.2 --- pkgs/development/libraries/libplacebo/default.nix | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/pkgs/development/libraries/libplacebo/default.nix b/pkgs/development/libraries/libplacebo/default.nix index c303ffb29558..4a7f9afe0fe2 100644 --- a/pkgs/development/libraries/libplacebo/default.nix +++ b/pkgs/development/libraries/libplacebo/default.nix @@ -18,14 +18,14 @@ stdenv.mkDerivation rec { pname = "libplacebo"; - version = "6.338.1"; + version = "6.338.2"; src = fetchFromGitLab { domain = "code.videolan.org"; owner = "videolan"; repo = pname; rev = "v${version}"; - hash = "sha256-NZmwR3+lIC2PF+k+kqCjoMYkMM/PKOJmDwAq7t6YONY="; + hash = "sha256-gE6yKnFvsOFh8bFYc7b+bS+zmdDU7jucr0HwhdDeFzU="; }; nativeBuildInputs = [ From 6c1f8181b823359fea74a4a06bee13c8bd41845d Mon Sep 17 00:00:00 2001 From: Sergei Trofimovich Date: Sat, 27 Jan 2024 15:43:50 +0000 Subject: [PATCH 102/212] libidn2: 2.3.4 -> 2.3.7 Changes: https://lists.gnu.org/archive/html/help-libidn/2024-01/msg00005.html --- pkgs/development/libraries/libidn2/default.nix | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/pkgs/development/libraries/libidn2/default.nix b/pkgs/development/libraries/libidn2/default.nix index 0782f94f41e5..8fcbe42650fc 100644 --- a/pkgs/development/libraries/libidn2/default.nix +++ b/pkgs/development/libraries/libidn2/default.nix @@ -7,11 +7,11 @@ stdenv.mkDerivation rec { pname = "libidn2"; - version = "2.3.4"; + version = "2.3.7"; src = fetchurl { url = "https://ftp.gnu.org/gnu/libidn/${pname}-${version}.tar.gz"; - sha256 = "sha256-k8q6crTgUdH41PWgdqtjyZt3+u4Bm3K5eDsmeYbbtF8="; + hash = "sha256-TCGnkbYQuVGbnQ4SuAl78vNZsS+N2SZHYRqSnmv9fWQ="; }; strictDeps = true; From ae25ed6e53f1c3c7ccb0e61710b7a3d1cc14da17 Mon Sep 17 00:00:00 2001 From: Sergei Trofimovich Date: Sat, 27 Jan 2024 15:46:18 +0000 Subject: [PATCH 103/212] libei: 1.1.0 -> 1.2.0 Changes: https://gitlab.freedesktop.org/libinput/libei/-/releases/1.2.0 --- pkgs/development/libraries/libei/default.nix | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/pkgs/development/libraries/libei/default.nix b/pkgs/development/libraries/libei/default.nix index 3b687fcd8edc..18bf680ca840 100644 --- a/pkgs/development/libraries/libei/default.nix +++ b/pkgs/development/libraries/libei/default.nix @@ -23,14 +23,14 @@ let in stdenv.mkDerivation rec { pname = "libei"; - version = "1.1.0"; + version = "1.2.0"; src = fetchFromGitLab { domain = "gitlab.freedesktop.org"; owner = "libinput"; repo = "libei"; rev = version; - hash = "sha256-ebZZ2dGXrPBUDPsuu5GZY5kDv9qndnxepQUGFDe9PUg="; + hash = "sha256-MHPWEBMtxoEJ8j3LyDPD+m3DsO9u8nE+/pPtRHHXEXA="; }; buildInputs = [ From 7504179397e11841dae9879dfe419ca1e21c4af6 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Sandro=20J=C3=A4ckel?= Date: Sun, 9 Apr 2023 19:50:43 +0200 Subject: [PATCH 104/212] dhcpcd: change files after patching otherwise patches that touch the files do not apply --- pkgs/tools/networking/dhcpcd/default.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/pkgs/tools/networking/dhcpcd/default.nix b/pkgs/tools/networking/dhcpcd/default.nix index 0350a4989262..a10383c9564b 100644 --- a/pkgs/tools/networking/dhcpcd/default.nix +++ b/pkgs/tools/networking/dhcpcd/default.nix @@ -26,7 +26,7 @@ stdenv.mkDerivation rec { runtimeShellPackage # So patchShebangs finds a bash suitable for the installed scripts ]; - prePatch = '' + postPatch = '' substituteInPlace hooks/dhcpcd-run-hooks.in --replace /bin/sh ${runtimeShell} ''; From 1af95a24c11402f46f8ab055a3fb14458f65bd70 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Sandro=20J=C3=A4ckel?= Date: Sun, 9 Apr 2023 19:51:11 +0200 Subject: [PATCH 105/212] nixos/dhcpcd: link dhcpcd.conf to /etc/ to fix dhcpcd -k --- nixos/modules/services/networking/dhcpcd.nix | 2 ++ 1 file changed, 2 insertions(+) diff --git a/nixos/modules/services/networking/dhcpcd.nix b/nixos/modules/services/networking/dhcpcd.nix index 2b59352ac616..266a7ea1435e 100644 --- a/nixos/modules/services/networking/dhcpcd.nix +++ b/nixos/modules/services/networking/dhcpcd.nix @@ -219,6 +219,8 @@ in ''; } ]; + environment.etc."dhcpcd.conf".source = dhcpcdConf; + systemd.services.dhcpcd = let cfgN = config.networking; hasDefaultGatewaySet = (cfgN.defaultGateway != null && cfgN.defaultGateway.address != "") From 42b05f1c6df89609d6bcb9bf505cb35a96c273ae Mon Sep 17 00:00:00 2001 From: Alyssa Ross Date: Sat, 27 Jan 2024 19:01:40 +0100 Subject: [PATCH 106/212] wrapRustc: handle --sysroot= This form is used by Linux 6.8. --- pkgs/build-support/rust/rustc-wrapper/rustc-wrapper.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/pkgs/build-support/rust/rustc-wrapper/rustc-wrapper.sh b/pkgs/build-support/rust/rustc-wrapper/rustc-wrapper.sh index 2082f3126a53..4a90e30652fe 100644 --- a/pkgs/build-support/rust/rustc-wrapper/rustc-wrapper.sh +++ b/pkgs/build-support/rust/rustc-wrapper/rustc-wrapper.sh @@ -4,7 +4,7 @@ defaultSysroot=(@sysroot@) for arg; do case "$arg" in - --sysroot) + --sysroot|--sysroot=*) defaultSysroot=() ;; --) From 08d7dab2bed188732ac7275661290a48d72e3f95 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Robert=20Sch=C3=BCtz?= Date: Sat, 27 Jan 2024 18:18:50 -0800 Subject: [PATCH 107/212] python311Packages.python-memcached: 1.61 -> 1.62 Diff: https://github.com/linsomniac/python-memcached/compare/1.61...1.62 Changelog: https://github.com/linsomniac/python-memcached/releases/tag/1.62 --- pkgs/development/python-modules/python-memcached/default.nix | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/pkgs/development/python-modules/python-memcached/default.nix b/pkgs/development/python-modules/python-memcached/default.nix index e82b6b51643a..4ddecadc18e8 100644 --- a/pkgs/development/python-modules/python-memcached/default.nix +++ b/pkgs/development/python-modules/python-memcached/default.nix @@ -8,14 +8,14 @@ buildPythonPackage rec { pname = "python-memcached"; - version = "1.61"; + version = "1.62"; pyproject = true; src = fetchFromGitHub { owner = "linsomniac"; repo = "python-memcached"; rev = version; - hash = "sha256-7bUCVAmOJ6znVmTZg9AJokOuym07NHL12gZgQ2uhfNo="; + hash = "sha256-Qko4Qr9WofeklU0uRRrSPrT8YaBYMCy0GP+TF7YZHLI="; }; nativeBuildInputs = [ From e3761602e2b3f951305b77cf38a7ab57fe46de6b Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Robert=20Sch=C3=BCtz?= Date: Sat, 27 Jan 2024 19:05:36 -0800 Subject: [PATCH 108/212] python311Packages.python-memcached: run tests --- .../python-modules/python-memcached/default.nix | 13 +++++++++++-- pkgs/top-level/python-packages.nix | 4 +++- 2 files changed, 14 insertions(+), 3 deletions(-) diff --git a/pkgs/development/python-modules/python-memcached/default.nix b/pkgs/development/python-modules/python-memcached/default.nix index 4ddecadc18e8..4ca7cbbadd25 100644 --- a/pkgs/development/python-modules/python-memcached/default.nix +++ b/pkgs/development/python-modules/python-memcached/default.nix @@ -2,6 +2,7 @@ , buildPythonPackage , fetchFromGitHub , setuptools +, memcached , mock , pytestCheckHook }: @@ -23,12 +24,20 @@ buildPythonPackage rec { ]; nativeCheckInputs = [ + memcached mock pytestCheckHook ]; - # all tests fail - doCheck = false; + preCheck = '' + memcached & + ''; + + postCheck = '' + kill %% + ''; + + __darwinAllowLocalNetworking = true; pythonImportsCheck = [ "memcache" ]; diff --git a/pkgs/top-level/python-packages.nix b/pkgs/top-level/python-packages.nix index 77a4c1c63f01..b54bf82b3d01 100644 --- a/pkgs/top-level/python-packages.nix +++ b/pkgs/top-level/python-packages.nix @@ -9603,7 +9603,9 @@ self: super: with self; { python-mbedtls = callPackage ../development/python-modules/python-mbedtls { }; - python-memcached = callPackage ../development/python-modules/python-memcached { }; + python-memcached = callPackage ../development/python-modules/python-memcached { + inherit (pkgs) memcached; + }; python-otbr-api = callPackage ../development/python-modules/python-otbr-api { }; From d08b1a27b64091af7e575b22a6d092aabd050f64 Mon Sep 17 00:00:00 2001 From: Weijia Wang <9713184+wegank@users.noreply.github.com> Date: Sun, 28 Jan 2024 06:33:48 +0100 Subject: [PATCH 109/212] dbus_cplusplus: make patches unconditional --- pkgs/development/libraries/dbus-cplusplus/default.nix | 1 - 1 file changed, 1 deletion(-) diff --git a/pkgs/development/libraries/dbus-cplusplus/default.nix b/pkgs/development/libraries/dbus-cplusplus/default.nix index 2452f3e8f35c..310016363253 100644 --- a/pkgs/development/libraries/dbus-cplusplus/default.nix +++ b/pkgs/development/libraries/dbus-cplusplus/default.nix @@ -32,7 +32,6 @@ stdenv.mkDerivation rec { url = "https://src.fedoraproject.org/rpms/dbus-c++/raw/9f515ace0594c8b2b9f0d41ffe71bc5b78d30eee/f/dbus-c++-template-operators.patch"; hash = "sha256-B8S7z/YH2YEQgaRsBJBBVTx8vHQhHW7z171TZmogpL8="; }) - ] ++ lib.optionals stdenv.hostPlatform.isMusl [ (fetchpatch { name = "0001-src-eventloop.cpp-use-portable-method-for-initializi.patch"; url = "https://github.com/openembedded/meta-openembedded/raw/119e75e48dbf0539b4e440417901458ffff79b38/meta-oe/recipes-core/dbus/libdbus-c++-0.9.0/0001-src-eventloop.cpp-use-portable-method-for-initializi.patch"; From 349c2d76c538676549e15895f6b99464a6815d6d Mon Sep 17 00:00:00 2001 From: Yureka Date: Sun, 28 Jan 2024 13:01:57 +0100 Subject: [PATCH 110/212] webrtc-audio-processing_1: fix build on musl (#284471) --- .../libraries/webrtc-audio-processing/default.nix | 10 ++++++++++ 1 file changed, 10 insertions(+) diff --git a/pkgs/development/libraries/webrtc-audio-processing/default.nix b/pkgs/development/libraries/webrtc-audio-processing/default.nix index ad2b12de8910..1b847528550e 100644 --- a/pkgs/development/libraries/webrtc-audio-processing/default.nix +++ b/pkgs/development/libraries/webrtc-audio-processing/default.nix @@ -1,6 +1,7 @@ { lib , stdenv , fetchFromGitLab +, fetchurl , darwin , abseil-cpp , meson @@ -20,6 +21,15 @@ stdenv.mkDerivation rec { hash = "sha256-8CDt4kMt2Owzyv22dqWIcFuHeg4Y3FxB405cLw3FZ+g="; }; + patches = [ + # Fix an include oppsie that happens to not happen on glibc + # https://gitlab.freedesktop.org/pulseaudio/webrtc-audio-processing/-/merge_requests/38 + (fetchurl { + url = "https://git.alpinelinux.org/aports/plain/community/webrtc-audio-processing-1/0001-rtc_base-Include-stdint.h-to-fix-build-failures.patch?id=625e19c19972e69e034c0870a31b375833d1ab5d"; + hash = "sha256-9nI22SJoU0H3CzsPSAObtCFTadtvkzdnqIh6mxmUuds="; + }) + ]; + outputs = [ "out" "dev" ]; nativeBuildInputs = [ From 7f1305d3d2666813654c14e0b7bb97d65d5602e0 Mon Sep 17 00:00:00 2001 From: Martin Weinelt Date: Sun, 28 Jan 2024 14:33:46 +0100 Subject: [PATCH 111/212] python311Packages.hatchling: 1.21.0 -> 1.21.1 https://github.com/pypa/hatch/releases/tag/hatchling-v1.21.1 --- pkgs/development/python-modules/hatchling/default.nix | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/pkgs/development/python-modules/hatchling/default.nix b/pkgs/development/python-modules/hatchling/default.nix index 221c266287f9..6dca631c967e 100644 --- a/pkgs/development/python-modules/hatchling/default.nix +++ b/pkgs/development/python-modules/hatchling/default.nix @@ -20,13 +20,13 @@ buildPythonPackage rec { pname = "hatchling"; - version = "1.21.0"; + version = "1.21.1"; format = "pyproject"; disabled = pythonOlder "3.8"; src = fetchPypi { inherit pname version; - hash = "sha256-XAhncjV6UHI7gl/V2lJ4rH42l833eX0HVBpskLb/dUw="; + hash = "sha256-u6RARToiTn1EeEV/oujYw2M3Zbr6Apdaa1O5v5F5gLw="; }; # listed in backend/pyproject.toml From 46dae33dd966e5260b7f022594871ec3597c4a34 Mon Sep 17 00:00:00 2001 From: Sergei Trofimovich Date: Sun, 28 Jan 2024 14:46:35 +0000 Subject: [PATCH 112/212] pkgs/stdenv/linux: update i686-unknown-linux-gnu bootstrap-files sha256sum of files to be uploaded: $ sha256sum /nix/store/5x6dldhza7if5s6wsicaxa8fbndyixps-stdenv-bootstrap-tools/on-server/* 293021dedf7568932230effb3453a3533e9f5c8f48bbe1fb72e383ade5b3f4df /nix/store/5x6dldhza7if5s6wsicaxa8fbndyixps-stdenv-bootstrap-tools/on-server/bootstrap-tools.tar.xz d5bffc3231c9f95699ee34118e26bc788e09c608735e5edb2b433057011fddd1 /nix/store/5x6dldhza7if5s6wsicaxa8fbndyixps-stdenv-bootstrap-tools/on-server/busybox Suggested commands to upload files to 'tarballs.nixos.org': $ nix-store --realize /nix/store/5x6dldhza7if5s6wsicaxa8fbndyixps-stdenv-bootstrap-tools $ aws s3 cp --recursive --acl public-read /nix/store/5x6dldhza7if5s6wsicaxa8fbndyixps-stdenv-bootstrap-tools/on-server/ s3://nixpkgs-tarballs/stdenv/i686-unknown-linux-gnu/125cefd4cf8f857e5ff1aceaef9230ba578a033d $ aws s3 cp --recursive s3://nixpkgs-tarballs/stdenv/i686-unknown-linux-gnu/125cefd4cf8f857e5ff1aceaef9230ba578a033d ./ $ sha256sum bootstrap-tools.tar.xz busybox $ sha256sum /nix/store/5x6dldhza7if5s6wsicaxa8fbndyixps-stdenv-bootstrap-tools/on-server/* --- .../i686-unknown-linux-gnu.nix | 23 +++++++++++++------ 1 file changed, 16 insertions(+), 7 deletions(-) diff --git a/pkgs/stdenv/linux/bootstrap-files/i686-unknown-linux-gnu.nix b/pkgs/stdenv/linux/bootstrap-files/i686-unknown-linux-gnu.nix index 112d37670c8c..91709d7c6670 100644 --- a/pkgs/stdenv/linux/bootstrap-files/i686-unknown-linux-gnu.nix +++ b/pkgs/stdenv/linux/bootstrap-files/i686-unknown-linux-gnu.nix @@ -1,12 +1,21 @@ +# Autogenerated by maintainers/scripts/bootstrap-files/refresh-tarballs.bash as: +# $ ./refresh-tarballs.bash --targets=i686-unknown-linux-gnu +# +# Metadata: +# - nixpkgs revision: 125cefd4cf8f857e5ff1aceaef9230ba578a033d +# - hydra build: https://hydra.nixos.org/job/nixpkgs/trunk/stdenvBootstrapTools.i686-unknown-linux-gnu.build/latest +# - resolved hydra build: https://hydra.nixos.org/build/247889988 +# - instantiated derivation: /nix/store/chcf0brhdyn7ihmb14n0w4rm2a59gqrw-stdenv-bootstrap-tools.drv +# - output directory: /nix/store/5x6dldhza7if5s6wsicaxa8fbndyixps-stdenv-bootstrap-tools +# - build time: Fri, 26 Jan 2024 22:04:03 +0000 { + bootstrapTools = import { + url = "http://tarballs.nixos.org/stdenv/i686-unknown-linux-gnu/125cefd4cf8f857e5ff1aceaef9230ba578a033d/bootstrap-tools.tar.xz"; + hash = "sha256-KTAh3t91aJMiMO/7NFOjUz6fXI9Iu+H7cuODreWz9N8="; + }; busybox = import { - url = "http://tarballs.nixos.org/stdenv-linux/i686/4907fc9e8d0d82b28b3c56e3a478a2882f1d700f/busybox"; - sha256 = "ef4c1be6c7ae57e4f654efd90ae2d2e204d6769364c46469fa9ff3761195cba1"; + url = "http://tarballs.nixos.org/stdenv/i686-unknown-linux-gnu/125cefd4cf8f857e5ff1aceaef9230ba578a033d/busybox"; + hash = "sha256-omz+ZT0bhMkAZcDs9evA2PNpO6VHUozdtjMgdui6fxw="; executable = true; }; - - bootstrapTools = import { - url = "http://tarballs.nixos.org/stdenv-linux/i686/c5aabb0d603e2c1ea05f5a93b3be82437f5ebf31/bootstrap-tools.tar.xz"; - sha256 = "b9bf20315f8c5c0411679c5326084420b522046057a0850367c67d9514794f1c"; - }; } From 3da096a5c3d70f4497d525ef478f588011052962 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Sandro=20J=C3=A4ckel?= Date: Wed, 24 Jan 2024 10:53:04 +0100 Subject: [PATCH 113/212] pcsclite: move binaries, polkit, systemd files to out, move libraries to lib This should make the things related to the udev rules and binaries a lot simpler and more expected. --- nixos/modules/services/hardware/pcscd.nix | 6 +++--- pkgs/tools/security/pcsclite/default.nix | 4 ++-- 2 files changed, 5 insertions(+), 5 deletions(-) diff --git a/nixos/modules/services/hardware/pcscd.nix b/nixos/modules/services/hardware/pcscd.nix index 85accd8335f7..b5963e1d29a3 100644 --- a/nixos/modules/services/hardware/pcscd.nix +++ b/nixos/modules/services/hardware/pcscd.nix @@ -46,8 +46,8 @@ in config = mkIf config.services.pcscd.enable { environment.etc."reader.conf".source = cfgFile; - environment.systemPackages = [ package.out ]; - systemd.packages = [ (getBin package) ]; + environment.systemPackages = [ package ]; + systemd.packages = [ package ]; services.pcscd.plugins = [ pkgs.ccid ]; @@ -64,7 +64,7 @@ in # around it, we force the path to the cfgFile. # # https://github.com/NixOS/nixpkgs/issues/121088 - serviceConfig.ExecStart = [ "" "${getBin package}/bin/pcscd -f -x -c ${cfgFile}" ]; + serviceConfig.ExecStart = [ "" "${package}/bin/pcscd -f -x -c ${cfgFile}" ]; }; }; } diff --git a/pkgs/tools/security/pcsclite/default.nix b/pkgs/tools/security/pcsclite/default.nix index 08a4b5b08d02..09d317f87952 100644 --- a/pkgs/tools/security/pcsclite/default.nix +++ b/pkgs/tools/security/pcsclite/default.nix @@ -21,7 +21,7 @@ stdenv.mkDerivation (finalAttrs: { inherit pname; version = "2.0.1"; - outputs = [ "bin" "out" "dev" "doc" "man" ]; + outputs = [ "out" "lib" "dev" "doc" "man" ]; src = fetchFromGitLab { domain = "salsa.debian.org"; @@ -39,7 +39,7 @@ stdenv.mkDerivation (finalAttrs: { (lib.enableFeature polkitSupport "polkit") ] ++ lib.optionals stdenv.isLinux [ "--enable-ipcdir=/run/pcscd" - "--with-systemdsystemunitdir=${placeholder "bin"}/lib/systemd/system" + "--with-systemdsystemunitdir=${placeholder "out"}/lib/systemd/system" ]; makeFlags = [ From 38b2b0f6b5363c690333f4a80f481d56c3ca0c36 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Sandro=20J=C3=A4ckel?= Date: Sun, 28 Jan 2024 19:31:11 +0100 Subject: [PATCH 114/212] global-platform-pro: fix path pcsclite libs --- pkgs/development/tools/global-platform-pro/default.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/pkgs/development/tools/global-platform-pro/default.nix b/pkgs/development/tools/global-platform-pro/default.nix index a5b1a35531b9..dc533daf99a3 100644 --- a/pkgs/development/tools/global-platform-pro/default.nix +++ b/pkgs/development/tools/global-platform-pro/default.nix @@ -47,7 +47,7 @@ mavenJdk8.buildMavenPackage rec { cp tool/target/gp.jar "$out/share/java" makeWrapper "${jre8_headless}/bin/java" "$out/bin/gp" \ --add-flags "-jar '$out/share/java/gp.jar'" \ - --prefix LD_LIBRARY_PATH : "${pcsclite.out}/lib" + --prefix LD_LIBRARY_PATH : "${lib.getLib pcsclite}/lib" ''; meta = with lib; { From cea7de1d0fb130e2ca307491ab8a9d0a922e80c4 Mon Sep 17 00:00:00 2001 From: Martin Weinelt Date: Sun, 28 Jan 2024 22:19:24 +0100 Subject: [PATCH 115/212] python311Packages.sqlalchemy: 2.0.21 -> 2.0.25 https://github.com/sqlalchemy/sqlalchemy/releases/tag/rel_2_0_22 https://github.com/sqlalchemy/sqlalchemy/releases/tag/rel_2_0_23 https://github.com/sqlalchemy/sqlalchemy/releases/tag/rel_2_0_24 https://github.com/sqlalchemy/sqlalchemy/releases/tag/rel_2_0_25 --- pkgs/development/python-modules/sqlalchemy/default.nix | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/pkgs/development/python-modules/sqlalchemy/default.nix b/pkgs/development/python-modules/sqlalchemy/default.nix index 9ea29db26c8d..edee5d1d4414 100644 --- a/pkgs/development/python-modules/sqlalchemy/default.nix +++ b/pkgs/development/python-modules/sqlalchemy/default.nix @@ -40,7 +40,7 @@ buildPythonPackage rec { pname = "SQLAlchemy"; - version = "2.0.21"; + version = "2.0.25"; format = "pyproject"; disabled = pythonOlder "3.7"; @@ -49,7 +49,7 @@ buildPythonPackage rec { owner = "sqlalchemy"; repo = "sqlalchemy"; rev = "refs/tags/rel_${lib.replaceStrings [ "." ] [ "_" ] version}"; - hash = "sha256-ldBn+pdZfqnBKdYkOcG47ScH/hBgeJBeIvn1hCIBw/A="; + hash = "sha256-nfkYzLpWyNXDuRUJl5pzaedw5v7jHpG7kpmr6VTGUaw="; }; postPatch = '' From 45ec7e6f80b0e3417cab470219e7babe3f389897 Mon Sep 17 00:00:00 2001 From: Martin Weinelt Date: Sun, 28 Jan 2024 22:20:28 +0100 Subject: [PATCH 116/212] python311Packages.sqlalchemy-utils: fix sqlalchemy 2.0.22+ compat --- .../python-modules/sqlalchemy-utils/default.nix | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/pkgs/development/python-modules/sqlalchemy-utils/default.nix b/pkgs/development/python-modules/sqlalchemy-utils/default.nix index 84b42ad27f2f..9fd3c75adcc6 100644 --- a/pkgs/development/python-modules/sqlalchemy-utils/default.nix +++ b/pkgs/development/python-modules/sqlalchemy-utils/default.nix @@ -1,6 +1,7 @@ { lib , buildPythonPackage , fetchPypi +, fetchpatch , pythonOlder # runtime @@ -48,6 +49,12 @@ buildPythonPackage rec { patches = [ ./skip-database-tests.patch + + (fetchpatch { + # sqlalchemy 2.0.22+ compat; https://github.com/kvesteri/sqlalchemy-utils/pull/725 + url = "https://github.com/kvesteri/sqlalchemy-utils/commit/712aabaefc5c8ca3680751c705cf5a5984c74af1.patch"; + hash = "sha256-xBdiUtFWjlUhBzHgGFbaKBt3at6NDo+mv9sd8WwiPOA="; + }) ]; propagatedBuildInputs = [ From 96f7b8213bd9f6aebc4a54815195de827a05b561 Mon Sep 17 00:00:00 2001 From: Martin Weinelt Date: Sun, 28 Jan 2024 22:31:01 +0100 Subject: [PATCH 117/212] python311Packages.psutil: 5.9.6 -> 5.9.8 https://github.com/giampaolo/psutil/blob/release-5.9.8/HISTORY.rst --- pkgs/development/python-modules/psutil/default.nix | 12 ++++++++++-- 1 file changed, 10 insertions(+), 2 deletions(-) diff --git a/pkgs/development/python-modules/psutil/default.nix b/pkgs/development/python-modules/psutil/default.nix index a08ff4c7a697..a27bb429c7c1 100644 --- a/pkgs/development/python-modules/psutil/default.nix +++ b/pkgs/development/python-modules/psutil/default.nix @@ -11,7 +11,7 @@ buildPythonPackage rec { pname = "psutil"; - version = "5.9.6"; + version = "5.9.8"; format = "setuptools"; inherit stdenv; @@ -20,9 +20,17 @@ buildPythonPackage rec { src = fetchPypi { inherit pname version; - hash = "sha256-5Lkt3NfdTN0/kAGA6h4QSTLHvOI0+4iXbio7KWRBIlo="; + hash = "sha256-a+Em4yJUht/yhqj7mgYkalJT9MfFO0depfWsk05kGUw="; }; + postPatch = '' + # stick to the old SDK name for now + # https://developer.apple.com/documentation/iokit/kiomasterportdefault/ + # https://developer.apple.com/documentation/iokit/kiomainportdefault/ + substituteInPlace psutil/arch/osx/cpu.c \ + --replace-fail kIOMainPortDefault kIOMasterPortDefault + ''; + buildInputs = # workaround for https://github.com/NixOS/nixpkgs/issues/146760 lib.optionals (stdenv.isDarwin && stdenv.isx86_64) [ From c094770e6d71cadf6f8b7f8c2ac481e173cde2a9 Mon Sep 17 00:00:00 2001 From: Martin Weinelt Date: Mon, 29 Jan 2024 03:17:36 +0100 Subject: [PATCH 118/212] python311Packages.pdm-backend: 2.1.7 -> 2.1.8 https://github.com/pdm-project/pdm-backend/releases/tag/2.1.8 --- pkgs/development/python-modules/pdm-backend/default.nix | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/pkgs/development/python-modules/pdm-backend/default.nix b/pkgs/development/python-modules/pdm-backend/default.nix index 3d32a02768b4..0e1cc04f920b 100644 --- a/pkgs/development/python-modules/pdm-backend/default.nix +++ b/pkgs/development/python-modules/pdm-backend/default.nix @@ -15,14 +15,14 @@ buildPythonPackage rec { pname = "pdm-backend"; - version = "2.1.7"; + version = "2.1.8"; format = "pyproject"; src = fetchFromGitHub { owner = "pdm-project"; repo = "pdm-backend"; rev = "refs/tags/${version}"; - hash = "sha256-1YM/vba+8+2wKcWzPKzkpaWVmHqbFsYdhQSY/VBBAfo="; + hash = "sha256-d8i+FvxNFPM18W7NmOwh9bqZnMUenF7eCPdcCw4BT7s="; }; env.PDM_BUILD_SCM_VERSION = version; From 6e56cbffebf5e510150c23d2f3ff5eb0361f6d46 Mon Sep 17 00:00:00 2001 From: Alyssa Ross Date: Thu, 21 Dec 2023 17:26:11 +0100 Subject: [PATCH 119/212] pkgsStatic.graphene: fix build --- .../libraries/graphene/default.nix | 23 ++++++++++++------- 1 file changed, 15 insertions(+), 8 deletions(-) diff --git a/pkgs/development/libraries/graphene/default.nix b/pkgs/development/libraries/graphene/default.nix index 2972d5712cba..23b617d4a610 100644 --- a/pkgs/development/libraries/graphene/default.nix +++ b/pkgs/development/libraries/graphene/default.nix @@ -11,10 +11,13 @@ , mutest , nixosTests , glib +, withDocumentation ? !stdenv.hostPlatform.isStatic , gtk-doc , docbook_xsl , docbook_xml_dtd_43 +, buildPackages , gobject-introspection +, withIntrospection ? lib.meta.availableOn stdenv.hostPlatform gobject-introspection && stdenv.hostPlatform.emulatorAvailable buildPackages , makeWrapper }: @@ -22,7 +25,8 @@ stdenv.mkDerivation rec { pname = "graphene"; version = "1.10.8"; - outputs = [ "out" "dev" "devdoc" ] + outputs = [ "out" "dev" ] + ++ lib.optionals withDocumentation [ "devdoc" ] ++ lib.optionals (stdenv.hostPlatform == stdenv.buildPlatform) [ "installedTests" ]; src = fetchFromGitHub { @@ -51,15 +55,17 @@ stdenv.mkDerivation rec { ]; nativeBuildInputs = [ - docbook_xml_dtd_43 - docbook_xsl - gtk-doc meson ninja pkg-config - gobject-introspection python3 makeWrapper + ] ++ lib.optionals withDocumentation [ + docbook_xml_dtd_43 + docbook_xsl + gtk-doc + ] ++ lib.optionals withIntrospection [ + gobject-introspection ] ++ lib.optionals (!stdenv.buildPlatform.canExecute stdenv.hostPlatform) [ mesonEmulatorHook ]; @@ -73,8 +79,8 @@ stdenv.mkDerivation rec { ]; mesonFlags = [ - "-Dgtk_doc=true" - "-Dintrospection=enabled" + (lib.mesonBool "gtk_doc" withDocumentation) + (lib.mesonEnable "introspection" withIntrospection) "-Dinstalled_test_datadir=${placeholder "installedTests"}/share" "-Dinstalled_test_bindir=${placeholder "installedTests"}/libexec" ] ++ lib.optionals stdenv.isAarch32 [ @@ -87,12 +93,13 @@ stdenv.mkDerivation rec { postPatch = '' patchShebangs tests/gen-installed-test.py + '' + lib.optionalString withIntrospection '' PATH=${python3.withPackages (pp: [ pp.pygobject3 pp.tappy ])}/bin:$PATH patchShebangs tests/introspection.py ''; postFixup = let introspectionPy = "${placeholder "installedTests"}/libexec/installed-tests/graphene-1.0/introspection.py"; - in '' + in lib.optionalString withIntrospection '' if [ -x '${introspectionPy}' ] ; then wrapProgram '${introspectionPy}' \ --prefix GI_TYPELIB_PATH : "$out/lib/girepository-1.0" From e8678f4fb3ac6071b0d383b8997146ba2b0ee932 Mon Sep 17 00:00:00 2001 From: Gaetan Lepage Date: Mon, 29 Jan 2024 08:23:08 +0100 Subject: [PATCH 120/212] abseil-cpp: 202301 -> 202401 --- pkgs/top-level/all-packages.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/pkgs/top-level/all-packages.nix b/pkgs/top-level/all-packages.nix index 27b3805f6344..10899fede9a9 100644 --- a/pkgs/top-level/all-packages.nix +++ b/pkgs/top-level/all-packages.nix @@ -20448,7 +20448,7 @@ with pkgs; then overrideSDK stdenv { darwinMinVersion = "10.13"; } else stdenv; }; - abseil-cpp = abseil-cpp_202301; + abseil-cpp = abseil-cpp_202401; accountsservice = callPackage ../development/libraries/accountsservice { }; From b42437fd010c561ea90df63c88eb78d5a186947e Mon Sep 17 00:00:00 2001 From: David Morgan Date: Mon, 29 Jan 2024 14:04:39 +0000 Subject: [PATCH 121/212] [staging] gnupg 2.4.3 -> 2.4.4 --- pkgs/tools/security/gnupg/24.nix | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/pkgs/tools/security/gnupg/24.nix b/pkgs/tools/security/gnupg/24.nix index 49beed63b53a..95a6d9c0fa5f 100644 --- a/pkgs/tools/security/gnupg/24.nix +++ b/pkgs/tools/security/gnupg/24.nix @@ -13,11 +13,11 @@ assert guiSupport -> enableMinimal == false; stdenv.mkDerivation rec { pname = "gnupg"; - version = "2.4.3"; + version = "2.4.4"; src = fetchurl { url = "mirror://gnupg/gnupg/${pname}-${version}.tar.bz2"; - hash = "sha256-onGubXMvb02AwlitnuiN2clMj9wzw+RTKMTXwSa9IZ0="; + hash = "sha256-Z+vgFsqQ+naIzmejh+vYLGJh6ViX23sj3yT/M1voW8Y="; }; depsBuildBuild = [ buildPackages.stdenv.cc ]; From 301ae03634cc859488a54d16edd86443092d03d9 Mon Sep 17 00:00:00 2001 From: Martin Weinelt Date: Mon, 29 Jan 2024 17:17:14 +0100 Subject: [PATCH 122/212] libpsl: disable testing with valgrind We plan to enable libpsl support on curl, but including valgrind here causes a cyclic dependency on curl. As the tests have been disabled on various platforms already, this is probably the cheapest place to resolve the dependency chain. --- pkgs/development/libraries/libpsl/default.nix | 15 +-------------- 1 file changed, 1 insertion(+), 14 deletions(-) diff --git a/pkgs/development/libraries/libpsl/default.nix b/pkgs/development/libraries/libpsl/default.nix index 26ca5b2455dc..3d0a3f208714 100644 --- a/pkgs/development/libraries/libpsl/default.nix +++ b/pkgs/development/libraries/libpsl/default.nix @@ -14,16 +14,7 @@ , publicsuffix-list }: -let - enableValgrindTests = !stdenv.isDarwin && lib.meta.availableOn stdenv.hostPlatform valgrind - # Apparently valgrind doesn't support some new ARM features on (some) Hydra machines: - # VEX: Mismatch detected between RDMA and atomics features. - && !stdenv.isAarch64 - # Valgrind on musl does not hook malloc calls properly, resulting in errors `Invalid free() / delete / delete[] / realloc()` - # https://bugs.kde.org/show_bug.cgi?id=435441 - && !stdenv.hostPlatform.isMusl - ; -in stdenv.mkDerivation rec { +stdenv.mkDerivation rec { pname = "libpsl"; version = "0.21.5"; @@ -41,8 +32,6 @@ in stdenv.mkDerivation rec { pkg-config python3 libxslt - ] ++ lib.optionals enableValgrindTests [ - valgrind ]; buildInputs = [ @@ -69,8 +58,6 @@ in stdenv.mkDerivation rec { "--with-psl-distfile=${publicsuffix-list}/share/publicsuffix/public_suffix_list.dat" "--with-psl-file=${publicsuffix-list}/share/publicsuffix/public_suffix_list.dat" "--with-psl-testfile=${publicsuffix-list}/share/publicsuffix/test_psl.txt" - ] ++ lib.optionals enableValgrindTests [ - "--enable-valgrind-tests" ]; enableParallelBuilding = true; From 996b4ebc08e567e51af2116d8aa86c4069256fe6 Mon Sep 17 00:00:00 2001 From: Martin Weinelt Date: Mon, 29 Jan 2024 18:12:56 +0100 Subject: [PATCH 123/212] curl: build with public suffix list support And make sure we pass `--without-libpsl` when it is disabled. https://daniel.haxx.se/blog/2024/01/10/psl-in-curl/ --- pkgs/tools/networking/curl/default.nix | 1 + pkgs/top-level/all-packages.nix | 1 + 2 files changed, 2 insertions(+) diff --git a/pkgs/tools/networking/curl/default.nix b/pkgs/tools/networking/curl/default.nix index d7d78cea11b7..db386df9b068 100644 --- a/pkgs/tools/networking/curl/default.nix +++ b/pkgs/tools/networking/curl/default.nix @@ -120,6 +120,7 @@ stdenv.mkDerivation (finalAttrs: { (lib.withFeature rtmpSupport "librtmp") (lib.withFeature rustlsSupport "rustls") (lib.withFeature zstdSupport "zstd") + (lib.withFeature pslSupport "libpsl") (lib.withFeatureAs brotliSupport "brotli" (lib.getDev brotli)) (lib.withFeatureAs gnutlsSupport "gnutls" (lib.getDev gnutls)) (lib.withFeatureAs idnSupport "libidn2" (lib.getDev libidn2)) diff --git a/pkgs/top-level/all-packages.nix b/pkgs/top-level/all-packages.nix index 84bb3a5ac223..c321bd2372ba 100644 --- a/pkgs/top-level/all-packages.nix +++ b/pkgs/top-level/all-packages.nix @@ -7346,6 +7346,7 @@ with pkgs; curl = curlMinimal.override ({ idnSupport = true; + pslSupport = true; zstdSupport = true; } // lib.optionalAttrs (!stdenv.hostPlatform.isStatic) { brotliSupport = true; From 4d8a6757232e060448fb6b1440de82dbbf5e9bbf Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Robert=20Sch=C3=BCtz?= Date: Sun, 28 Jan 2024 16:46:04 -0800 Subject: [PATCH 124/212] python311Packages.aiohttp: 3.9.1 -> 3.9.3 Diff: https://github.com/aio-libs/aiohttp/compare/refs/tags/v3.9.1...v3.9.3 Changelog: https://github.com/aio-libs/aiohttp/blob/v3.9.3/CHANGES.rst --- pkgs/development/python-modules/aiohttp/default.nix | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/pkgs/development/python-modules/aiohttp/default.nix b/pkgs/development/python-modules/aiohttp/default.nix index 691345d65a16..11eb19010fdd 100644 --- a/pkgs/development/python-modules/aiohttp/default.nix +++ b/pkgs/development/python-modules/aiohttp/default.nix @@ -18,18 +18,18 @@ , aiodns , brotli # tests_require +, freezegun , gunicorn , pytest-mock , pytestCheckHook , python-on-whales , re-assert -, time-machine , trustme }: buildPythonPackage rec { pname = "aiohttp"; - version = "3.9.1"; + version = "3.9.3"; pyproject = true; disabled = pythonOlder "3.8"; @@ -38,7 +38,7 @@ buildPythonPackage rec { owner = "aio-libs"; repo = "aiohttp"; rev = "refs/tags/v${version}"; - hash = "sha256-uiqBUDbmROrhkanfBz4avvTSrnKxgVqw54k4jKhfRGY="; + hash = "sha256-dEeMHruFJ1o0J6VUJcpUk7LhEC8sV8hUKXoKcd618lE="; }; patches = [ @@ -79,12 +79,12 @@ buildPythonPackage rec { # NOTE: pytest-xdist cannot be added because it is flaky. See https://github.com/NixOS/nixpkgs/issues/230597 for more info. nativeCheckInputs = [ + freezegun gunicorn pytest-mock pytestCheckHook python-on-whales re-assert - time-machine ] ++ lib.optionals (!(stdenv.isDarwin && stdenv.isAarch64)) [ # Optional test dependency. Depends indirectly on pyopenssl, which is # broken on aarch64-darwin. From c7c64a8c72d7c209aa301a946fa9938af2f430de Mon Sep 17 00:00:00 2001 From: Weijia Wang <9713184+wegank@users.noreply.github.com> Date: Tue, 23 Jan 2024 07:44:29 +0100 Subject: [PATCH 125/212] darwin.apple_sdk_11_0.stdenv: set darwinSdkVersion on all platforms --- pkgs/os-specific/darwin/apple-sdk-11.0/default.nix | 11 +++++++---- 1 file changed, 7 insertions(+), 4 deletions(-) diff --git a/pkgs/os-specific/darwin/apple-sdk-11.0/default.nix b/pkgs/os-specific/darwin/apple-sdk-11.0/default.nix index a02445adb33b..0e908d0179db 100644 --- a/pkgs/os-specific/darwin/apple-sdk-11.0/default.nix +++ b/pkgs/os-specific/darwin/apple-sdk-11.0/default.nix @@ -61,12 +61,15 @@ let mkStdenv = stdenv: if stdenv.isAarch64 then stdenv else + let + darwinMinVersion = "10.12"; + darwinSdkVersion = "11.0"; + in (overrideCC stdenv (mkCc stdenv.cc)).override { extraBuildInputs = [ pkgs.darwin.apple_sdk_11_0.frameworks.CoreFoundation ]; - targetPlatform = stdenv.targetPlatform // { - darwinMinVersion = "10.12"; - darwinSdkVersion = "11.0"; - }; + buildPlatform = stdenv.buildPlatform // { inherit darwinMinVersion darwinSdkVersion; }; + hostPlatform = stdenv.hostPlatform // { inherit darwinMinVersion darwinSdkVersion; }; + targetPlatform = stdenv.targetPlatform // { inherit darwinMinVersion darwinSdkVersion; }; }; stdenvs = { From 9a1126f9bc402691f8f079545c943f4d74800d71 Mon Sep 17 00:00:00 2001 From: Weijia Wang <9713184+wegank@users.noreply.github.com> Date: Tue, 23 Jan 2024 07:44:55 +0100 Subject: [PATCH 126/212] treewide: move darwinSdkVersion to hostPlatform --- pkgs/development/interpreters/wamr/default.nix | 2 +- pkgs/development/libraries/qt-6/modules/qtwebengine.nix | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/pkgs/development/interpreters/wamr/default.nix b/pkgs/development/interpreters/wamr/default.nix index 56f8274828ca..b71410f24d6d 100644 --- a/pkgs/development/interpreters/wamr/default.nix +++ b/pkgs/development/interpreters/wamr/default.nix @@ -18,7 +18,7 @@ stdenv.mkDerivation (finalAttrs: { nativeBuildInputs = [ cmake ]; cmakeFlags = lib.optionals stdenv.isDarwin [ - "-DCMAKE_OSX_DEPLOYMENT_TARGET=${stdenv.targetPlatform.darwinSdkVersion}" + "-DCMAKE_OSX_DEPLOYMENT_TARGET=${stdenv.hostPlatform.darwinSdkVersion}" ]; sourceRoot = let diff --git a/pkgs/development/libraries/qt-6/modules/qtwebengine.nix b/pkgs/development/libraries/qt-6/modules/qtwebengine.nix index 564c5c60eb51..068c04b4c89e 100644 --- a/pkgs/development/libraries/qt-6/modules/qtwebengine.nix +++ b/pkgs/development/libraries/qt-6/modules/qtwebengine.nix @@ -204,7 +204,7 @@ qtModule { ] ++ lib.optionals enableProprietaryCodecs [ "-DQT_FEATURE_webengine_proprietary_codecs=ON" ] ++ lib.optionals stdenv.isDarwin [ - "-DCMAKE_OSX_DEPLOYMENT_TARGET=${stdenv.targetPlatform.darwinSdkVersion}" + "-DCMAKE_OSX_DEPLOYMENT_TARGET=${stdenv.hostPlatform.darwinSdkVersion}" ]; propagatedBuildInputs = [ From 0c367bef7459f408239df97759384ee5c25ce23d Mon Sep 17 00:00:00 2001 From: "R. Ryantm" Date: Tue, 30 Jan 2024 06:45:00 +0000 Subject: [PATCH 127/212] lmdb: 0.9.31 -> 0.9.32 --- pkgs/development/libraries/lmdb/default.nix | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/pkgs/development/libraries/lmdb/default.nix b/pkgs/development/libraries/lmdb/default.nix index 99296b63a727..73b865f7e6ac 100644 --- a/pkgs/development/libraries/lmdb/default.nix +++ b/pkgs/development/libraries/lmdb/default.nix @@ -2,14 +2,14 @@ stdenv.mkDerivation rec { pname = "lmdb"; - version = "0.9.31"; + version = "0.9.32"; src = fetchFromGitLab { domain = "git.openldap.org"; owner = "openldap"; repo = "openldap"; rev = "LMDB_${version}"; - sha256 = "sha256-SBbo7MX3NST+OFPDtQshevIYrIsZD9bOkSsH91inMBw="; + sha256 = "sha256-29ZrGIiGqrvX+WsPRs2V25hPmAJSHTHaGo19nMldsb8="; }; postUnpack = "sourceRoot=\${sourceRoot}/libraries/liblmdb"; From 8ac6e314e96583e162584694a59c538b27699605 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Vladim=C3=ADr=20=C4=8Cun=C3=A1t?= Date: Tue, 30 Jan 2024 08:42:05 +0100 Subject: [PATCH 128/212] lmdb: add .meta.changelog --- pkgs/development/libraries/lmdb/default.nix | 1 + 1 file changed, 1 insertion(+) diff --git a/pkgs/development/libraries/lmdb/default.nix b/pkgs/development/libraries/lmdb/default.nix index 73b865f7e6ac..8c65d02bf565 100644 --- a/pkgs/development/libraries/lmdb/default.nix +++ b/pkgs/development/libraries/lmdb/default.nix @@ -66,6 +66,7 @@ stdenv.mkDerivation rec { limited to the size of the virtual address space. ''; homepage = "https://symas.com/lmdb/"; + changelog = "https://git.openldap.org/openldap/openldap/-/blob/LMDB_${version}/libraries/liblmdb/CHANGES"; maintainers = with maintainers; [ jb55 vcunat ]; license = licenses.openldap; platforms = platforms.all; From 9ec316831f68bdb51691e37b3861dcbe006ad797 Mon Sep 17 00:00:00 2001 From: Florian Klink Date: Tue, 30 Jan 2024 10:53:07 +0200 Subject: [PATCH 129/212] libcamera-qcam: init libcamera provides a more helpful debugging gui, which however needs qt, so is undesirable in the default case (which is why it was disabled initially). Introduce a withQcam boolean flag, which will enable building it with qcam, and expose it as a toplevel libcamera-qcam attribute. This helped debugging the new ipu6 softisp camera stack. The Qt 6 support patch is already circulating on the upstream mailing list, however it doesn't apply cleanly. As discussed in https://github.com/NixOS/nixpkgs/pull/284964, we opted to not ship that patch, but rather use qt5 for now, as KDE seems to maintain a Qt5 patchset that we track. --- pkgs/development/libraries/libcamera/default.nix | 14 +++++++++----- pkgs/top-level/all-packages.nix | 2 ++ 2 files changed, 11 insertions(+), 5 deletions(-) diff --git a/pkgs/development/libraries/libcamera/default.nix b/pkgs/development/libraries/libcamera/default.nix index 5079c0219da1..a6a0fe8fa7c3 100644 --- a/pkgs/development/libraries/libcamera/default.nix +++ b/pkgs/development/libraries/libcamera/default.nix @@ -1,6 +1,7 @@ { stdenv , fetchgit , lib +, fetchpatch , meson , ninja , pkg-config @@ -17,6 +18,9 @@ , python3 , python3Packages , systemd # for libudev +, withQcam ? false +, qt5 # withQcam +, libtiff # withQcam }: stdenv.mkDerivation rec { @@ -59,7 +63,7 @@ stdenv.mkDerivation rec { libyaml gtest - ]; + ] ++ lib.optionals withQcam [ libtiff qt5.qtbase qt5.qttools ]; nativeBuildInputs = [ meson @@ -73,22 +77,22 @@ stdenv.mkDerivation rec { graphviz doxygen openssl - ]; + ] ++ lib.optional withQcam qt5.wrapQtAppsHook; mesonFlags = [ "-Dv4l2=true" - "-Dqcam=disabled" + "-Dqcam=${if withQcam then "enabled" else "disabled"}" "-Dlc-compliance=disabled" # tries unconditionally to download gtest when enabled # Avoid blanket -Werror to evade build failures on less # tested compilers. "-Dwerror=false" - ]; + ]; # Fixes error on a deprecated declaration env.NIX_CFLAGS_COMPILE = "-Wno-error=deprecated-declarations"; # Silence fontconfig warnings about missing config - FONTCONFIG_FILE = makeFontsConf { fontDirectories = []; }; + FONTCONFIG_FILE = makeFontsConf { fontDirectories = [ ]; }; # libcamera signs the IPA module libraries at install time, but they are then # modified by stripping and RPATH fixup. Therefore, we need to generate the diff --git a/pkgs/top-level/all-packages.nix b/pkgs/top-level/all-packages.nix index 0b1144d99cfa..dd9c57c58316 100644 --- a/pkgs/top-level/all-packages.nix +++ b/pkgs/top-level/all-packages.nix @@ -22465,6 +22465,8 @@ with pkgs; libcamera = callPackage ../development/libraries/libcamera { }; + libcamera-qcam = callPackage ../development/libraries/libcamera { withQcam = true; }; + libcanberra = callPackage ../development/libraries/libcanberra { inherit (darwin.apple_sdk.frameworks) Carbon CoreServices AppKit; }; From d6ee968663f3c206f1edf45a4ab5b76bc2f518ee Mon Sep 17 00:00:00 2001 From: Florian Klink Date: Tue, 30 Jan 2024 11:06:25 +0200 Subject: [PATCH 130/212] libcamera: move to pkgs/by-name MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit The CI check complains about a new attribute introduced that's not using the by-name pattern, even though it's using the same .nix file. It seems using callPackage ../by-name/… from toplevel for the alternative toplevel attribute seems to be others do this, so using the same pattern here. --- .../default.nix => by-name/li/libcamera/package.nix} | 0 pkgs/top-level/all-packages.nix | 4 +--- 2 files changed, 1 insertion(+), 3 deletions(-) rename pkgs/{development/libraries/libcamera/default.nix => by-name/li/libcamera/package.nix} (100%) diff --git a/pkgs/development/libraries/libcamera/default.nix b/pkgs/by-name/li/libcamera/package.nix similarity index 100% rename from pkgs/development/libraries/libcamera/default.nix rename to pkgs/by-name/li/libcamera/package.nix diff --git a/pkgs/top-level/all-packages.nix b/pkgs/top-level/all-packages.nix index dd9c57c58316..ddcbd4bcd94d 100644 --- a/pkgs/top-level/all-packages.nix +++ b/pkgs/top-level/all-packages.nix @@ -22463,9 +22463,7 @@ with pkgs; libcacard = callPackage ../development/libraries/libcacard { }; - libcamera = callPackage ../development/libraries/libcamera { }; - - libcamera-qcam = callPackage ../development/libraries/libcamera { withQcam = true; }; + libcamera-qcam = callPackage ../by-name/li/libcamera/package.nix { withQcam = true; }; libcanberra = callPackage ../development/libraries/libcanberra { inherit (darwin.apple_sdk.frameworks) Carbon CoreServices AppKit; From 48dc1dba06b1fdf5376d71a6cfe55cdbc4f118aa Mon Sep 17 00:00:00 2001 From: Nicolas Benes Date: Mon, 29 Jan 2024 18:16:32 +0100 Subject: [PATCH 131/212] openblas: update URLs, upstream repo was moved --- pkgs/development/libraries/opencv/4.x.nix | 2 +- .../libraries/science/math/openblas/default.nix | 16 ++++++++-------- .../development/python-modules/numpy/default.nix | 2 +- 3 files changed, 10 insertions(+), 10 deletions(-) diff --git a/pkgs/development/libraries/opencv/4.x.nix b/pkgs/development/libraries/opencv/4.x.nix index 48cc2adc6c75..7bb2649ff894 100644 --- a/pkgs/development/libraries/opencv/4.x.nix +++ b/pkgs/development/libraries/opencv/4.x.nix @@ -233,7 +233,7 @@ let printEnabled = enabled: if enabled then "ON" else "OFF"; withOpenblas = (enableBlas && blas.provider.pname == "openblas"); #multithreaded openblas conflicts with opencv multithreading, which manifest itself in hung tests - #https://github.com/xianyi/OpenBLAS/wiki/Faq/4bded95e8dc8aadc70ce65267d1093ca7bdefc4c#multi-threaded + #https://github.com/OpenMathLib/OpenBLAS/wiki/Faq/4bded95e8dc8aadc70ce65267d1093ca7bdefc4c#multi-threaded openblas_ = blas.provider.override { singleThreaded = true; }; inherit (cudaPackages) cudaFlags cudaVersion; diff --git a/pkgs/development/libraries/science/math/openblas/default.nix b/pkgs/development/libraries/science/math/openblas/default.nix index 4138ece9af5b..643e8033e0ad 100644 --- a/pkgs/development/libraries/science/math/openblas/default.nix +++ b/pkgs/development/libraries/science/math/openblas/default.nix @@ -6,14 +6,14 @@ # Multi-threaded applications must not call a threaded OpenBLAS # (the only exception is when an application uses OpenMP as its # *only* form of multi-threading). See -# https://github.com/xianyi/OpenBLAS/wiki/Faq/4bded95e8dc8aadc70ce65267d1093ca7bdefc4c#multi-threaded -# https://github.com/xianyi/OpenBLAS/issues/2543 +# https://github.com/OpenMathLib/OpenBLAS/wiki/Faq/4bded95e8dc8aadc70ce65267d1093ca7bdefc4c#multi-threaded +# https://github.com/OpenMathLib/OpenBLAS/issues/2543 # This flag builds a single-threaded OpenBLAS using the flags # stated in thre. , singleThreaded ? false , buildPackages # Select a specific optimization target (other than the default) -# See https://github.com/xianyi/OpenBLAS/blob/develop/TargetList.txt +# See https://github.com/OpenMathLib/OpenBLAS/blob/develop/TargetList.txt , target ? null # Select whether DYNAMIC_ARCH is enabled or not. , dynamicArch ? null @@ -146,7 +146,7 @@ stdenv.mkDerivation rec { outputs = [ "out" "dev" ]; src = fetchFromGitHub { - owner = "xianyi"; + owner = "OpenMathLib"; repo = "OpenBLAS"; rev = "v${version}"; hash = "sha256-AA3+x3SXkcg3g7bROZYLpWAbxnRedmQBZPe+rBJKxJ8="; @@ -206,10 +206,10 @@ stdenv.mkDerivation rec { else stdenv.hostPlatform != stdenv.buildPlatform; # This disables automatic build job count detection (which honours neither enableParallelBuilding nor NIX_BUILD_CORES) # and uses the main make invocation's job count, falling back to 1 if no parallelism is used. - # https://github.com/xianyi/OpenBLAS/blob/v0.3.20/getarch.c#L1781-L1792 + # https://github.com/OpenMathLib/OpenBLAS/blob/v0.3.20/getarch.c#L1781-L1792 MAKE_NB_JOBS = 0; } // (lib.optionalAttrs singleThreaded { - # As described on https://github.com/xianyi/OpenBLAS/wiki/Faq/4bded95e8dc8aadc70ce65267d1093ca7bdefc4c#multi-threaded + # As described on https://github.com/OpenMathLib/OpenBLAS/wiki/Faq/4bded95e8dc8aadc70ce65267d1093ca7bdefc4c#multi-threaded USE_THREAD = false; USE_LOCKING = true; # available with openblas >= 0.3.7 USE_OPENMP = false; # openblas will refuse building with both USE_OPENMP=1 and USE_THREAD=0 @@ -220,7 +220,7 @@ stdenv.mkDerivation rec { postInstall = '' # Write pkgconfig aliases. Upstream report: - # https://github.com/xianyi/OpenBLAS/issues/1740 + # https://github.com/OpenMathLib/OpenBLAS/issues/1740 for alias in blas cblas lapack; do cat < $out/lib/pkgconfig/$alias.pc Name: $alias @@ -257,7 +257,7 @@ EOF meta = with lib; { description = "Basic Linear Algebra Subprograms"; license = licenses.bsd3; - homepage = "https://github.com/xianyi/OpenBLAS"; + homepage = "https://github.com/OpenMathLib/OpenBLAS"; platforms = attrNames configs; maintainers = with maintainers; [ ttuegel ]; }; diff --git a/pkgs/development/python-modules/numpy/default.nix b/pkgs/development/python-modules/numpy/default.nix index ff50cf872f9c..039e571695f8 100644 --- a/pkgs/development/python-modules/numpy/default.nix +++ b/pkgs/development/python-modules/numpy/default.nix @@ -114,7 +114,7 @@ in buildPythonPackage rec { # we default openblas to build with 64 threads # if a machine has more than 64 threads, it will segfault - # see https://github.com/xianyi/OpenBLAS/issues/2993 + # see https://github.com/OpenMathLib/OpenBLAS/issues/2993 preConfigure = '' sed -i 's/-faltivec//' numpy/distutils/system_info.py export OMP_NUM_THREADS=$((NIX_BUILD_CORES > 64 ? 64 : NIX_BUILD_CORES)) From ccaad56e4b7d3fb3c7b461ef3d43045992b54e5f Mon Sep 17 00:00:00 2001 From: Markus Theil Date: Tue, 30 Jan 2024 16:27:44 +0100 Subject: [PATCH 132/212] openssl_3: 3.0.12 -> 3.0.13 Full release notes: https://github.com/openssl/openssl/blob/openssl-3.0.13/CHANGES.md#changes-between-3012-and-3013-30-jan-2024 Fixes: - CVE-2024-0727 (PKCS12 Handling Crash) - CVE-2023-6237 (long time taken for RSA key check) - CVE-2023-6129 (corrupt registers on PowerPC for Poly1305) - CVE-2023-5678 (excessive time in DH param check) Signed-off-by: Markus Theil --- pkgs/development/libraries/openssl/default.nix | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/pkgs/development/libraries/openssl/default.nix b/pkgs/development/libraries/openssl/default.nix index c7234c3da81e..f6385d515c11 100644 --- a/pkgs/development/libraries/openssl/default.nix +++ b/pkgs/development/libraries/openssl/default.nix @@ -264,8 +264,8 @@ in { }; openssl_3 = common { - version = "3.0.12"; - hash = "sha256-+Tyejt3l6RZhGd4xdV/Ie0qjSGNmL2fd/LoU0La2m2E="; + version = "3.0.13"; + hash = "sha256-iFJXU/edO+wn0vp8ZqoLkrOqlJja/ZPXz6SzeAza4xM="; patches = [ ./3.0/nix-ssl-cert-file.patch From 2d9a5944ef48afefcac19a3297c62b5393431343 Mon Sep 17 00:00:00 2001 From: Markus Theil Date: Tue, 30 Jan 2024 16:27:56 +0100 Subject: [PATCH 133/212] openssl_3_2: 3.2.0 -> 3.2.1 Full release notes: https://github.com/openssl/openssl/blob/openssl-3.2.1/CHANGES.md#changes-between-320-and-321-30-jan-2024 Fixes: - CVE-2024-0727 (PKCS12 Handling Crash) - CVE-2023-6237 (long time taken for RSA key check) - CVE-2023-6129 (corrupt registers on PowerPC for Poly1305) - CVE-2023-5678 (excessive time in DH param check) Signed-off-by: Markus Theil --- pkgs/development/libraries/openssl/default.nix | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/pkgs/development/libraries/openssl/default.nix b/pkgs/development/libraries/openssl/default.nix index f6385d515c11..7af5085410f7 100644 --- a/pkgs/development/libraries/openssl/default.nix +++ b/pkgs/development/libraries/openssl/default.nix @@ -287,8 +287,8 @@ in { }; openssl_3_2 = common { - version = "3.2.0"; - hash = "sha256-FMgm8Hx+QzcG+1xp+p4l2rlWhIRLTJYqLPG/GD60aQ4="; + version = "3.2.1"; + hash = "sha256-g8cyn+UshQZ3115dCwyiRTCbl+jsvP3B39xKufrDWzk="; patches = [ ./3.0/nix-ssl-cert-file.patch From fffe54bddcc2bb0cf1ec78ca93da21d151ef1a9e Mon Sep 17 00:00:00 2001 From: Robert Hensing Date: Sun, 21 Jan 2024 09:26:48 +0100 Subject: [PATCH 134/212] libgit2: Enable tests The tests hanging comment dates from 2018. I did encounter a slow test when running them in a nix-shell - the nonetwork::bad_urls one. The name suggests that it might work fine, but it's still annoying when building in nix-shell, and it seems unlikely that this particular test will catch anything for us. --- pkgs/development/libraries/libgit2/default.nix | 17 ++++++++++++++++- 1 file changed, 16 insertions(+), 1 deletion(-) diff --git a/pkgs/development/libraries/libgit2/default.nix b/pkgs/development/libraries/libgit2/default.nix index d21dbcb7ac0a..a47b53a9411a 100644 --- a/pkgs/development/libraries/libgit2/default.nix +++ b/pkgs/development/libraries/libgit2/default.nix @@ -46,7 +46,22 @@ stdenv.mkDerivation rec { propagatedBuildInputs = lib.optional (!stdenv.isLinux) libiconv; - doCheck = false; # hangs. or very expensive? + doCheck = true; + checkPhase = '' + testArgs=(-v -xonline) + + # slow + testArgs+=(-xclone::nonetwork::bad_urls) + + # failed to set permissions on ...: Operation not permitted + testArgs+=(-xrepo::init::extended_1) + testArgs+=(-xrepo::template::extended_with_template_and_shared_mode) + + ( + set -x + ./libgit2_tests ''${testArgs[@]} + ) + ''; passthru.tests = { inherit libgit2-glib; From de0220384c4271e231d0d7f7a731aed05cbda6bf Mon Sep 17 00:00:00 2001 From: Robert Hensing Date: Sun, 21 Jan 2024 09:29:28 +0100 Subject: [PATCH 135/212] libgit2: Enable multiple outputs It has a `git2` binary with limited functionality. --- pkgs/development/libraries/libgit2/default.nix | 2 ++ 1 file changed, 2 insertions(+) diff --git a/pkgs/development/libraries/libgit2/default.nix b/pkgs/development/libraries/libgit2/default.nix index a47b53a9411a..ab371c224ef6 100644 --- a/pkgs/development/libraries/libgit2/default.nix +++ b/pkgs/development/libraries/libgit2/default.nix @@ -22,6 +22,8 @@ stdenv.mkDerivation rec { version = "1.7.1"; # also check the following packages for updates: python3Packages.pygit2 and libgit2-glib + outputs = ["lib" "dev" "out"]; + src = fetchFromGitHub { owner = "libgit2"; repo = "libgit2"; From 0648d5b544db929000cf19501d121e690c066792 Mon Sep 17 00:00:00 2001 From: "R. Ryantm" Date: Tue, 30 Jan 2024 16:00:24 +0000 Subject: [PATCH 136/212] pixman: 0.43.0 -> 0.43.2 --- pkgs/development/libraries/pixman/default.nix | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/pkgs/development/libraries/pixman/default.nix b/pkgs/development/libraries/pixman/default.nix index 121bb03f4cac..1b5aaaaa06d4 100644 --- a/pkgs/development/libraries/pixman/default.nix +++ b/pkgs/development/libraries/pixman/default.nix @@ -20,14 +20,14 @@ stdenv.mkDerivation rec { pname = "pixman"; - version = "0.43.0"; + version = "0.43.2"; src = fetchurl { urls = [ "mirror://xorg/individual/lib/${pname}-${version}.tar.gz" "https://cairographics.org/releases/${pname}-${version}.tar.gz" ]; - hash = "sha256-plwoIJhY+xa+5Q2AnID5Co5BXA5P2DIQeKGCJ4WlVgo="; + hash = "sha256-6nkpflQY+1KNBGbotbkdG+iIV/o3BvSXd7KSWnKumSQ="; }; separateDebugInfo = !stdenv.hostPlatform.isStatic; From efc7c1f5e8e56d75e2edd1ba67194ac14ca4799c Mon Sep 17 00:00:00 2001 From: "R. Ryantm" Date: Tue, 30 Jan 2024 06:44:43 +0000 Subject: [PATCH 137/212] openldap: 2.6.6 -> 2.6.7 --- pkgs/development/libraries/openldap/default.nix | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/pkgs/development/libraries/openldap/default.nix b/pkgs/development/libraries/openldap/default.nix index d04690948041..faa70d68a426 100644 --- a/pkgs/development/libraries/openldap/default.nix +++ b/pkgs/development/libraries/openldap/default.nix @@ -17,11 +17,11 @@ stdenv.mkDerivation rec { pname = "openldap"; - version = "2.6.6"; + version = "2.6.7"; src = fetchurl { url = "https://www.openldap.org/software/download/OpenLDAP/openldap-release/${pname}-${version}.tgz"; - hash = "sha256-CC6ZjPVCmE1DY0RC2+EdqGB1nlEJBxUupXm9xC/jnqA="; + hash = "sha256-zXdfYlyUTteKPaGKA7A7CO6nPIqryXtBuzNumhCVSTA="; }; # TODO: separate "out" and "bin" From d0fd0aa42e12dc389c2f9488c397140ffec9fc4d Mon Sep 17 00:00:00 2001 From: ajs124 Date: Tue, 30 Jan 2024 16:34:05 +0100 Subject: [PATCH 138/212] openldap: don't use openssl_legacy anymore --- pkgs/development/libraries/openldap/default.nix | 5 +++++ pkgs/top-level/all-packages.nix | 4 +--- 2 files changed, 6 insertions(+), 3 deletions(-) diff --git a/pkgs/development/libraries/openldap/default.nix b/pkgs/development/libraries/openldap/default.nix index faa70d68a426..aa04ff683bfd 100644 --- a/pkgs/development/libraries/openldap/default.nix +++ b/pkgs/development/libraries/openldap/default.nix @@ -99,6 +99,11 @@ stdenv.mkDerivation rec { # skip flaky tests rm -f tests/scripts/test063-delta-multiprovider + + # https://bugs.openldap.org/show_bug.cgi?id=10009 + # can probably be re-added once https://github.com/cyrusimap/cyrus-sasl/pull/772 + # has made it to a release + rm -f tests/scripts/test076-authid-rewrite ''; doCheck = true; diff --git a/pkgs/top-level/all-packages.nix b/pkgs/top-level/all-packages.nix index d8cb2b021154..c372099e1346 100644 --- a/pkgs/top-level/all-packages.nix +++ b/pkgs/top-level/all-packages.nix @@ -24302,9 +24302,7 @@ with pkgs; openexrid-unstable = callPackage ../development/libraries/openexrid-unstable { }; - openldap = callPackage ../development/libraries/openldap { - openssl = openssl_legacy; - }; + openldap = callPackage ../development/libraries/openldap { }; opencolorio = darwin.apple_sdk_11_0.callPackage ../development/libraries/opencolorio { inherit (darwin.apple_sdk_11_0.frameworks) Carbon GLUT Cocoa; From 42387a98a83f8f91f96b40f5b23fe4435b2b878b Mon Sep 17 00:00:00 2001 From: Sergei Trofimovich Date: Tue, 30 Jan 2024 20:37:20 +0000 Subject: [PATCH 139/212] sqlite, sqlite-analyzer: 3.45.0 -> 2.45.1 Changes: https://www.sqlite.org/releaselog/3_45_1.html --- pkgs/development/libraries/sqlite/default.nix | 4 ++-- pkgs/development/libraries/sqlite/tools.nix | 4 ++-- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/pkgs/development/libraries/sqlite/default.nix b/pkgs/development/libraries/sqlite/default.nix index b13da429bd15..3f6307703479 100644 --- a/pkgs/development/libraries/sqlite/default.nix +++ b/pkgs/development/libraries/sqlite/default.nix @@ -17,13 +17,13 @@ in stdenv.mkDerivation rec { pname = "sqlite${lib.optionalString interactive "-interactive"}"; - version = "3.45.0"; + version = "3.45.1"; # nixpkgs-update: no auto update # NB! Make sure to update ./tools.nix src (in the same directory). src = fetchurl { url = "https://sqlite.org/2024/sqlite-autoconf-${archiveVersion version}.tar.gz"; - hash = "sha256-coh9V6HY+J9SvjjvhKY1POjD7VWtp4ZOuUSr2aSV5DY="; + hash = "sha256-zZwnhBt6WTLJiXZR4guGxwHddAVWmJsByllvz6PUmgo="; }; outputs = [ "bin" "dev" "out" ]; diff --git a/pkgs/development/libraries/sqlite/tools.nix b/pkgs/development/libraries/sqlite/tools.nix index bcc02efe4e9a..695d2207da7d 100644 --- a/pkgs/development/libraries/sqlite/tools.nix +++ b/pkgs/development/libraries/sqlite/tools.nix @@ -4,12 +4,12 @@ let archiveVersion = import ./archive-version.nix lib; mkTool = { pname, makeTarget, description, homepage, mainProgram }: stdenv.mkDerivation rec { inherit pname; - version = "3.45.0"; + version = "3.45.1"; # nixpkgs-update: no auto update src = assert version == sqlite.version; fetchurl { url = "https://sqlite.org/2024/sqlite-src-${archiveVersion version}.zip"; - hash = "sha256-FNwttIfoVjzihqOJSQQsseh8pm2HLV6kPHY5EASUH+I="; + hash = "sha256-f3sUpo7bzUpX3zqMTb1W0tNUam583VDeQM6wOvM9NLo="; }; nativeBuildInputs = [ unzip ]; From da01901c0c8bacea04938f059261f9317ab14de3 Mon Sep 17 00:00:00 2001 From: Gaetan Lepage Date: Tue, 30 Jan 2024 10:14:53 +0100 Subject: [PATCH 140/212] ruff: 0.1.13 -> 0.1.15 Changelog: https://github.com/astral-sh/ruff/releases/tag/v0.1.15 --- pkgs/development/tools/ruff/default.nix | 18 +++++++++++------- 1 file changed, 11 insertions(+), 7 deletions(-) diff --git a/pkgs/development/tools/ruff/default.nix b/pkgs/development/tools/ruff/default.nix index dadfba7cc67b..a75c7759902a 100644 --- a/pkgs/development/tools/ruff/default.nix +++ b/pkgs/development/tools/ruff/default.nix @@ -5,22 +5,29 @@ , stdenv , darwin , rust-jemalloc-sys - # tests , ruff-lsp }: rustPlatform.buildRustPackage rec { pname = "ruff"; - version = "0.1.13"; + version = "0.1.15"; src = fetchFromGitHub { owner = "astral-sh"; repo = "ruff"; rev = "refs/tags/v${version}"; - hash = "sha256-cH/Vw04QQ3U7E1ZCwozjhPcn0KVljP976/p3okrBpEU="; + hash = "sha256-DzdzMO9PEwf4HmpG8SxRJTmdrmkXuQ8RsIchvsKstH8="; }; - cargoHash = "sha256-tmoFnghHQEsyv0vO9fnWyTsxiIhmovhi/zHXOCi5u10="; + # The following specific substitution is not working as the current directory is `/build/source` and thus has no mention of `ruff` in it. + # https://github.com/astral-sh/ruff/blob/866bea60a5de3c59d2537b0f3a634ae0ac9afd94/crates/ruff/tests/show_settings.rs#L12 + # -> Just patch it so that it expects the actual current directory and not `"[BASEPATH]"`. + postPatch = '' + substituteInPlace crates/ruff/tests/snapshots/show_settings__display_default_settings.snap \ + --replace '"[BASEPATH]"' '"'$PWD'"' + ''; + + cargoHash = "sha256-MpiWdNUs66OGYfOJo1kJQTCqjrk/DAYecaLf6GUUKew="; nativeBuildInputs = [ installShellFiles @@ -32,9 +39,6 @@ rustPlatform.buildRustPackage rec { darwin.apple_sdk.frameworks.CoreServices ]; - cargoBuildFlags = [ "--package=ruff_cli" ]; - cargoTestFlags = cargoBuildFlags; - # tests expect no colors preCheck = '' export NO_COLOR=1 From f9272aa06046b2bddc5f1ad0fd401dcccdb605d4 Mon Sep 17 00:00:00 2001 From: Alyssa Ross Date: Tue, 30 Jan 2024 21:49:21 +0100 Subject: [PATCH 141/212] ffado: 2.4.7 -> 2.4.8 --- pkgs/os-specific/linux/ffado/default.nix | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/pkgs/os-specific/linux/ffado/default.nix b/pkgs/os-specific/linux/ffado/default.nix index 3d44ad813a69..d1e78a312e05 100644 --- a/pkgs/os-specific/linux/ffado/default.nix +++ b/pkgs/os-specific/linux/ffado/default.nix @@ -24,13 +24,15 @@ let in mkDerivation rec { pname = "ffado"; - version = "2.4.7"; + version = "2.4.8"; src = fetchurl { url = "http://www.ffado.org/files/libffado-${version}.tgz"; - sha256 = "0vsn3y52g6f77lqh9qfkd7dslmb7bbgy46cv5idynx4frqscc23s"; + hash = "sha256-f0x561ehKw6uMSri0RZip+v1JHZuhixtywl0PVU/N44="; }; + sourceRoot = "libffado-${version}/libffado"; + prePatch = '' substituteInPlace ./support/tools/ffado-diag.in \ --replace /lib/modules/ "/run/booted-system/kernel-modules/lib/modules/" From 9f0215d1896f1d8b2e35195a4b653ff1dff06349 Mon Sep 17 00:00:00 2001 From: Alyssa Ross Date: Tue, 30 Jan 2024 20:32:59 +0100 Subject: [PATCH 142/212] pkgsMusl.pam: fix build --- pkgs/os-specific/linux/pam/default.nix | 9 ++++++++- 1 file changed, 8 insertions(+), 1 deletion(-) diff --git a/pkgs/os-specific/linux/pam/default.nix b/pkgs/os-specific/linux/pam/default.nix index 116fd06d511c..c956dfad4c64 100644 --- a/pkgs/os-specific/linux/pam/default.nix +++ b/pkgs/os-specific/linux/pam/default.nix @@ -1,4 +1,4 @@ -{ lib, stdenv, buildPackages, fetchurl +{ lib, stdenv, buildPackages, fetchurl, fetchpatch , flex, cracklib, db4, gettext, audit, libxcrypt , nixosTests , autoreconfHook269, pkg-config-unwrapped @@ -15,6 +15,13 @@ stdenv.mkDerivation rec { patches = [ ./suid-wrapper-path.patch + + # Backport fix for missing include breaking musl builds. + (fetchpatch { + name = "pam_namespace-stdint.h.patch"; + url = "https://github.com/linux-pam/linux-pam/commit/cc9d40b7cdbd3e15ccaa324a0dda1680ef9dea13.patch"; + hash = "sha256-tCnH2yPO4dBbJOZA0fP2gm1EavHRMEJyfzB5Vy7YjAA="; + }) ]; # Case-insensitivity workaround for https://github.com/linux-pam/linux-pam/issues/569 From 85ab4f8d499923ba7b449e84017eff767bca380e Mon Sep 17 00:00:00 2001 From: Jiajie Chen Date: Wed, 6 Sep 2023 09:48:09 +0800 Subject: [PATCH 143/212] gperftools: 2.10 -> 2.15 --- pkgs/development/libraries/gperftools/default.nix | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/pkgs/development/libraries/gperftools/default.nix b/pkgs/development/libraries/gperftools/default.nix index 132ae64577a7..e76c033c705d 100644 --- a/pkgs/development/libraries/gperftools/default.nix +++ b/pkgs/development/libraries/gperftools/default.nix @@ -9,13 +9,13 @@ stdenv.mkDerivation rec { pname = "gperftools"; - version = "2.10"; + version = "2.15"; src = fetchFromGitHub { owner = pname; repo = pname; rev = "${pname}-${version}"; - sha256 = "sha256-lUX9T31cYZEi+0DgF52EDSL9yiSHa8ToMxhpQFKHOGk="; + sha256 = "sha256-3ibr8AHzo7txX1U+9oOWA60qeeJs/OGeevv+sgBwQa0="; }; patches = [ From 715ac7cbd51b21978ac546f30ac22d86cd2d8de8 Mon Sep 17 00:00:00 2001 From: "R. Ryantm" Date: Wed, 31 Jan 2024 04:15:30 +0000 Subject: [PATCH 144/212] tinycompress: 1.2.8 -> 1.2.11 --- pkgs/by-name/ti/tinycompress/package.nix | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/pkgs/by-name/ti/tinycompress/package.nix b/pkgs/by-name/ti/tinycompress/package.nix index 96b82bc696fc..b6002c0205b0 100644 --- a/pkgs/by-name/ti/tinycompress/package.nix +++ b/pkgs/by-name/ti/tinycompress/package.nix @@ -5,11 +5,11 @@ stdenv.mkDerivation rec { pname = "tinycompress"; - version = "1.2.8"; + version = "1.2.11"; src = fetchurl { url = "mirror://alsa/tinycompress/${pname}-${version}.tar.bz2"; - hash = "sha256-L4l+URLNO8pnkLXOz9puBmLIvF7g+6uXKyR6DMYg1mw="; + hash = "sha256-6754jCgyjnzKJFqvkZSlrQ3JHp4NyIPCz5/rbULJ8/w="; }; meta = with lib; { From 63b90c560347817fef17591179daaae495401c36 Mon Sep 17 00:00:00 2001 From: K900 Date: Wed, 31 Jan 2024 16:37:29 +0300 Subject: [PATCH 145/212] pipewire: 1.0.1 -> 1.0.2, big cleanup Diff: https://gitlab.freedesktop.org/pipewire/pipewire/-/compare/1.0.1...1.0.2 Changelog: https://gitlab.freedesktop.org/pipewire/pipewire/-/releases/24.05pre-git --- .../libraries/pipewire/default.nix | 285 ++++++++---------- 1 file changed, 134 insertions(+), 151 deletions(-) diff --git a/pkgs/development/libraries/pipewire/default.nix b/pkgs/development/libraries/pipewire/default.nix index fffed9b3f79c..9716abdece99 100644 --- a/pkgs/development/libraries/pipewire/default.nix +++ b/pkgs/development/libraries/pipewire/default.nix @@ -1,8 +1,6 @@ { stdenv , lib -, buildPackages , fetchFromGitLab -, fetchpatch , python3 , meson , ninja @@ -28,7 +26,6 @@ , readline # meson can't find <7 as those versions don't have a .pc file , lilv , makeFontsConf -, callPackage , nixosTests , withValgrind ? lib.meta.availableOn stdenv.hostPlatform valgrind , valgrind @@ -76,155 +73,141 @@ # Bluetooth codec only makes sense if general bluetooth enabled assert ldacbtSupport -> bluezSupport; -let - mesonEnableFeature = b: if b then "enabled" else "disabled"; +stdenv.mkDerivation(finalAttrs: { + pname = "pipewire"; + version = "1.0.2"; - self = stdenv.mkDerivation rec { - pname = "pipewire"; - version = "1.0.1"; + outputs = [ + "out" + "jack" + "dev" + "doc" + "man" + "installedTests" + ]; - outputs = [ - "out" - "jack" - "dev" - "doc" - "man" - "installedTests" - ]; - - src = fetchFromGitLab { - domain = "gitlab.freedesktop.org"; - owner = "pipewire"; - repo = "pipewire"; - rev = version; - sha256 = "sha256-rvf0sZRgDDLcqroLg7hcMUqXD/4JT+3lBRX6/m+3Ry8="; - }; - - patches = [ - # Load libjack from a known location - ./0060-libjack-path.patch - # Move installed tests into their own output. - ./0070-installed-tests-path.patch - - # Remove for release post 1.0.1: - (fetchpatch { - # https://gitlab.freedesktop.org/pipewire/pipewire/-/merge_requests/1750 - name = "pipewire-spa-libcamera-use-cameraconfiguration-orientation-pr1750.patch"; - url = "https://gitlab.freedesktop.org/pipewire/pipewire/-/merge_requests/1750.patch "; - hash = "sha256-Ugg913KZDKELnYLwpDEgYh92YPxccw61l6kAJulBbIA="; - }) - ]; - - strictDeps = true; - nativeBuildInputs = [ - docutils - doxygen - graphviz - meson - ninja - pkg-config - python3 - glib - ]; - - buildInputs = [ - alsa-lib - dbus - glib - libjack2 - libusb1 - libselinux - libsndfile - lilv - ncurses - readline - udev - vulkan-headers - vulkan-loader - tinycompress - ] ++ (if enableSystemd then [ systemd ] else [ eudev ]) - ++ (if lib.meta.availableOn stdenv.hostPlatform webrtc-audio-processing_1 then [ webrtc-audio-processing_1 ] else [ webrtc-audio-processing ]) - ++ lib.optionals gstreamerSupport [ gst_all_1.gst-plugins-base gst_all_1.gstreamer ] - ++ lib.optionals libcameraSupport [ libcamera libdrm ] - ++ lib.optional ffmpegSupport ffmpeg - ++ lib.optionals bluezSupport [ bluez libfreeaptx liblc3 sbc fdk_aac libopus ] - ++ lib.optional ldacbtSupport ldacbt - ++ lib.optional nativeModemManagerSupport modemmanager - ++ lib.optional pulseTunnelSupport libpulseaudio - ++ lib.optional zeroconfSupport avahi - ++ lib.optional raopSupport openssl - ++ lib.optional rocSupport roc-toolkit - ++ lib.optionals x11Support [ libcanberra xorg.libX11 xorg.libXfixes ] - ++ lib.optional mysofaSupport libmysofa - ++ lib.optional ffadoSupport ffado; - - # Valgrind binary is required for running one optional test. - nativeCheckInputs = lib.optional withValgrind valgrind; - - mesonFlags = [ - "-Ddocs=enabled" - "-Dudevrulesdir=lib/udev/rules.d" - "-Dinstalled_tests=enabled" - "-Dinstalled_test_prefix=${placeholder "installedTests"}" - "-Dlibjack-path=${placeholder "jack"}/lib" - "-Dlibcamera=${mesonEnableFeature libcameraSupport}" - "-Dlibffado=${mesonEnableFeature ffadoSupport}" - "-Droc=${mesonEnableFeature rocSupport}" - "-Dlibpulse=${mesonEnableFeature pulseTunnelSupport}" - "-Davahi=${mesonEnableFeature zeroconfSupport}" - "-Dgstreamer=${mesonEnableFeature gstreamerSupport}" - "-Dsystemd-system-service=${mesonEnableFeature enableSystemd}" - "-Dudev=${mesonEnableFeature (!enableSystemd)}" - "-Dffmpeg=${mesonEnableFeature ffmpegSupport}" - "-Dbluez5=${mesonEnableFeature bluezSupport}" - "-Dbluez5-backend-hsp-native=${mesonEnableFeature nativeHspSupport}" - "-Dbluez5-backend-hfp-native=${mesonEnableFeature nativeHfpSupport}" - "-Dbluez5-backend-native-mm=${mesonEnableFeature nativeModemManagerSupport}" - "-Dbluez5-backend-ofono=${mesonEnableFeature ofonoSupport}" - "-Dbluez5-backend-hsphfpd=${mesonEnableFeature hsphfpdSupport}" - # source code is not easily obtainable - "-Dbluez5-codec-lc3plus=disabled" - "-Dbluez5-codec-lc3=${mesonEnableFeature bluezSupport}" - "-Dbluez5-codec-ldac=${mesonEnableFeature ldacbtSupport}" - "-Dsysconfdir=/etc" - "-Draop=${mesonEnableFeature raopSupport}" - "-Dsession-managers=" - "-Dvulkan=enabled" - "-Dx11=${mesonEnableFeature x11Support}" - "-Dx11-xfixes=${mesonEnableFeature x11Support}" - "-Dlibcanberra=${mesonEnableFeature x11Support}" - "-Dlibmysofa=${mesonEnableFeature mysofaSupport}" - "-Dsdl2=disabled" # required only to build examples, causes dependency loop - "-Drlimits-install=false" # installs to /etc, we won't use this anyway - "-Dcompress-offload=enabled" - "-Dman=enabled" - ]; - - # Fontconfig error: Cannot load default config file - FONTCONFIG_FILE = makeFontsConf { fontDirectories = [ ]; }; - - doCheck = true; - - postUnpack = '' - patchShebangs source/doc/*.py - patchShebangs source/doc/input-filter-h.sh - ''; - - postInstall = '' - moveToOutput "bin/pw-jack" "$jack" - ''; - - passthru.tests.installed-tests = nixosTests.installed-tests.pipewire; - - meta = with lib; { - description = "Server and user space API to deal with multimedia pipelines"; - changelog = "https://gitlab.freedesktop.org/pipewire/pipewire/-/releases/${version}"; - homepage = "https://pipewire.org/"; - license = licenses.mit; - platforms = platforms.linux; - maintainers = with maintainers; [ kranzes k900 ]; - }; + src = fetchFromGitLab { + domain = "gitlab.freedesktop.org"; + owner = "pipewire"; + repo = "pipewire"; + rev = finalAttrs.version; + sha256 = "sha256-+D9+IvKDrsEdhJd9bRsWg6vwvbEomOxN/5XgTHQimQI="; }; -in -self + patches = [ + # Load libjack from a known location + ./0060-libjack-path.patch + # Move installed tests into their own output. + ./0070-installed-tests-path.patch + ]; + + strictDeps = true; + nativeBuildInputs = [ + docutils + doxygen + graphviz + meson + ninja + pkg-config + python3 + glib + ]; + + buildInputs = [ + alsa-lib + dbus + glib + libjack2 + libusb1 + libselinux + libsndfile + lilv + ncurses + readline + udev + vulkan-headers + vulkan-loader + tinycompress + ] ++ (if enableSystemd then [ systemd ] else [ eudev ]) + ++ (if lib.meta.availableOn stdenv.hostPlatform webrtc-audio-processing_1 then [ webrtc-audio-processing_1 ] else [ webrtc-audio-processing ]) + ++ lib.optionals gstreamerSupport [ gst_all_1.gst-plugins-base gst_all_1.gstreamer ] + ++ lib.optionals libcameraSupport [ libcamera libdrm ] + ++ lib.optional ffmpegSupport ffmpeg + ++ lib.optionals bluezSupport [ bluez libfreeaptx liblc3 sbc fdk_aac libopus ] + ++ lib.optional ldacbtSupport ldacbt + ++ lib.optional nativeModemManagerSupport modemmanager + ++ lib.optional pulseTunnelSupport libpulseaudio + ++ lib.optional zeroconfSupport avahi + ++ lib.optional raopSupport openssl + ++ lib.optional rocSupport roc-toolkit + ++ lib.optionals x11Support [ libcanberra xorg.libX11 xorg.libXfixes ] + ++ lib.optional mysofaSupport libmysofa + ++ lib.optional ffadoSupport ffado; + + # Valgrind binary is required for running one optional test. + nativeCheckInputs = lib.optional withValgrind valgrind; + + mesonFlags = [ + (lib.mesonEnable "docs" true) + (lib.mesonOption "udevrulesdir" "lib/udev/rules.d") + (lib.mesonEnable "installed_tests" true) + (lib.mesonOption "installed_test_prefix" (placeholder "installedTests")) + (lib.mesonOption "libjack-path" "${placeholder "jack"}/lib") + (lib.mesonEnable "libcamera" libcameraSupport) + (lib.mesonEnable "libffado" ffadoSupport) + (lib.mesonEnable "roc" rocSupport) + (lib.mesonEnable "libpulse" pulseTunnelSupport) + (lib.mesonEnable "avahi" zeroconfSupport) + (lib.mesonEnable "gstreamer" gstreamerSupport) + (lib.mesonEnable "systemd-system-service" enableSystemd) + (lib.mesonEnable "udev" (!enableSystemd)) + (lib.mesonEnable "ffmpeg" ffmpegSupport) + (lib.mesonEnable "bluez5" bluezSupport) + (lib.mesonEnable "bluez5-backend-hsp-native" nativeHspSupport) + (lib.mesonEnable "bluez5-backend-hfp-native" nativeHfpSupport) + (lib.mesonEnable "bluez5-backend-native-mm" nativeModemManagerSupport) + (lib.mesonEnable "bluez5-backend-ofono" ofonoSupport) + (lib.mesonEnable "bluez5-backend-hsphfpd" hsphfpdSupport) + # source code is not easily obtainable + (lib.mesonEnable "bluez5-codec-lc3plus" false) + (lib.mesonEnable "bluez5-codec-lc3" bluezSupport) + (lib.mesonEnable "bluez5-codec-ldac" ldacbtSupport) + (lib.mesonOption "sysconfdir" "/etc") + (lib.mesonEnable "raop" raopSupport) + (lib.mesonOption "session-managers" "") + (lib.mesonEnable "vulkan" true) + (lib.mesonEnable "x11" x11Support) + (lib.mesonEnable "x11-xfixes" x11Support) + (lib.mesonEnable "libcanberra" x11Support) + (lib.mesonEnable "libmysofa" mysofaSupport) + (lib.mesonEnable "sdl2" false) # required only to build examples, causes dependency loop + (lib.mesonBool "rlimits-install" false) # installs to /etc, we won't use this anyway + (lib.mesonEnable "compress-offload" true) + (lib.mesonEnable "man" true) + ]; + + # Fontconfig error: Cannot load default config file + FONTCONFIG_FILE = makeFontsConf { fontDirectories = [ ]; }; + + doCheck = true; + + postUnpack = '' + patchShebangs source/doc/*.py + patchShebangs source/doc/input-filter-h.sh + ''; + + postInstall = '' + moveToOutput "bin/pw-jack" "$jack" + ''; + + passthru.tests.installed-tests = nixosTests.installed-tests.pipewire; + + meta = with lib; { + description = "Server and user space API to deal with multimedia pipelines"; + changelog = "https://gitlab.freedesktop.org/pipewire/pipewire/-/releases/${version}"; + homepage = "https://pipewire.org/"; + license = licenses.mit; + platforms = platforms.linux; + maintainers = with maintainers; [ kranzes k900 ]; + }; +}) From d4f4956702bb93948654a7fb9183900fb9a1ac40 Mon Sep 17 00:00:00 2001 From: Martin Weinelt Date: Wed, 31 Jan 2024 16:14:02 +0100 Subject: [PATCH 146/212] curl: 8.5.0 -> 8.6.0 https://curl.se/changes.html#8_6_0 https://curl.se/docs/CVE-2024-0853.html Fixes: CVE-2024-0853 --- .../curl/configure-ipv6-autodetect.diff | 46 ------------------- pkgs/tools/networking/curl/default.nix | 12 ++--- 2 files changed, 5 insertions(+), 53 deletions(-) delete mode 100644 pkgs/tools/networking/curl/configure-ipv6-autodetect.diff diff --git a/pkgs/tools/networking/curl/configure-ipv6-autodetect.diff b/pkgs/tools/networking/curl/configure-ipv6-autodetect.diff deleted file mode 100644 index 9797d2c16d11..000000000000 --- a/pkgs/tools/networking/curl/configure-ipv6-autodetect.diff +++ /dev/null @@ -1,46 +0,0 @@ -diff --git a/configure b/configure -index 04d1de1..5de1b41 100755 ---- a/configure -+++ b/configure -@@ -24949,15 +24949,12 @@ else $as_nop - # include - #endif - #endif --#include /* for exit() */ --main() -+ -+int main(void) - { - struct sockaddr_in6 s; - (void)s; -- if (socket(AF_INET6, SOCK_STREAM, 0) < 0) -- exit(1); -- else -- exit(0); -+ return socket(AF_INET6, SOCK_STREAM, 0) < 0; - } - - -diff --git a/configure.ac b/configure.ac -index 2d71c83..bd38dd9 100644 ---- a/configure.ac -+++ b/configure.ac -@@ -1679,15 +1679,12 @@ AS_HELP_STRING([--disable-ipv6],[Disable IPv6 support]), - # include - #endif - #endif --#include /* for exit() */ --main() -+ -+int main(void) - { - struct sockaddr_in6 s; - (void)s; -- if (socket(AF_INET6, SOCK_STREAM, 0) < 0) -- exit(1); -- else -- exit(0); -+ return socket(AF_INET6, SOCK_STREAM, 0) < 0; - } - ]]) - ], diff --git a/pkgs/tools/networking/curl/default.nix b/pkgs/tools/networking/curl/default.nix index db386df9b068..0351debfb3c1 100644 --- a/pkgs/tools/networking/curl/default.nix +++ b/pkgs/tools/networking/curl/default.nix @@ -48,21 +48,19 @@ assert !((lib.count (x: x) [ gnutlsSupport opensslSupport wolfsslSupport rustlsS stdenv.mkDerivation (finalAttrs: { pname = "curl"; - version = "8.5.0"; + version = "8.6.0"; src = fetchurl { urls = [ "https://curl.haxx.se/download/curl-${finalAttrs.version}.tar.xz" "https://github.com/curl/curl/releases/download/curl-${builtins.replaceStrings [ "." ] [ "_" ] finalAttrs.version}/curl-${finalAttrs.version}.tar.xz" ]; - hash = "sha256-QquNueINgpCjtjPn+7POwV2zTfZf0QFe+KweRyN1Dus="; + hash = "sha256-PM1V2Rr5UWU534BiX4GMc03G8uz5utozx2dl6ZEh2xU="; }; - patches = [ - # fix ipv6 autodetect compile error in configure script - # remove once https://github.com/curl/curl/pull/12607 released (8.6.0) - ./configure-ipv6-autodetect.diff - ]; + postPatch = '' + patchShebangs scripts + ''; outputs = [ "bin" "dev" "out" "man" "devdoc" ]; separateDebugInfo = stdenv.isLinux; From da5ef4eb6a1bdf3e9ad22c4683b103d5b4ff9574 Mon Sep 17 00:00:00 2001 From: Gaetan Lepage Date: Tue, 30 Jan 2024 13:57:37 +0100 Subject: [PATCH 147/212] python311Packages.pydantic-settings: remove ruff dependency --- .../python-modules/pydantic-settings/default.nix | 13 +++++++++++-- 1 file changed, 11 insertions(+), 2 deletions(-) diff --git a/pkgs/development/python-modules/pydantic-settings/default.nix b/pkgs/development/python-modules/pydantic-settings/default.nix index 3034b2f92711..000f0dd52a17 100644 --- a/pkgs/development/python-modules/pydantic-settings/default.nix +++ b/pkgs/development/python-modules/pydantic-settings/default.nix @@ -10,7 +10,7 @@ , pytest-mock }: -buildPythonPackage rec { +let self = buildPythonPackage rec { pname = "pydantic-settings"; version = "2.1.0"; pyproject = true; @@ -50,6 +50,15 @@ buildPythonPackage rec { export HOME=$TMPDIR ''; + # ruff is a dependency of pytest-examples which is required to run the tests. + # We do not want all of the downstream packages that depend on pydantic-settings to also depend on ruff. + doCheck = false; + passthru.tests = { + pytest = self.overridePythonAttrs { + doCheck = true; + }; + }; + meta = with lib; { description = "Settings management using pydantic"; homepage = "https://github.com/pydantic/pydantic-settings"; @@ -57,4 +66,4 @@ buildPythonPackage rec { broken = lib.versionOlder pydantic.version "2.0.0"; maintainers = with maintainers; [ ]; }; -} +}; in self From 9e543e3353af49f85f47e50cf569460b54407feb Mon Sep 17 00:00:00 2001 From: Sergei Trofimovich Date: Wed, 31 Jan 2024 22:12:51 +0000 Subject: [PATCH 148/212] s2n-tls: 1.4.2 -> 1.4.3 Changes: https://github.com/aws/s2n-tls/releases/tag/v1.4.3 --- pkgs/development/libraries/s2n-tls/default.nix | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/pkgs/development/libraries/s2n-tls/default.nix b/pkgs/development/libraries/s2n-tls/default.nix index 97a8000e6310..9f68c243cf50 100644 --- a/pkgs/development/libraries/s2n-tls/default.nix +++ b/pkgs/development/libraries/s2n-tls/default.nix @@ -8,13 +8,13 @@ stdenv.mkDerivation rec { pname = "s2n-tls"; - version = "1.4.2"; + version = "1.4.3"; src = fetchFromGitHub { owner = "aws"; repo = pname; rev = "v${version}"; - hash = "sha256-Roc+em2inEBt/oQFZrfaZC1TMiQ7T79A5otAD+68ZA0="; + hash = "sha256-E3Giiu8xiTCSAPkbxOaVL/LXZWjhAS1M/n//Pe5eOKg="; }; nativeBuildInputs = [ cmake ]; From c840191df517291d24c2752de427e5c81798ebad Mon Sep 17 00:00:00 2001 From: Sergei Trofimovich Date: Wed, 31 Jan 2024 22:56:51 +0000 Subject: [PATCH 149/212] acl: 2.3.1 -> 2.3.2 --- pkgs/development/libraries/acl/LFS64.patch | 38 ---------------------- pkgs/development/libraries/acl/default.nix | 16 ++------- 2 files changed, 2 insertions(+), 52 deletions(-) delete mode 100644 pkgs/development/libraries/acl/LFS64.patch diff --git a/pkgs/development/libraries/acl/LFS64.patch b/pkgs/development/libraries/acl/LFS64.patch deleted file mode 100644 index dee951f4121e..000000000000 --- a/pkgs/development/libraries/acl/LFS64.patch +++ /dev/null @@ -1,38 +0,0 @@ -From 2b42f64737adf6a2ddd491213580d6e9cdd2f5af Mon Sep 17 00:00:00 2001 -From: Khem Raj -Date: Thu, 10 Nov 2022 18:04:15 -0800 -Subject: chacl: Use portable version of dirent and readdir - -Using 64bit versions on 32bit architectures should be enabled with ---enable-largefile, this makes it portable across musl and glibc - -Signed-off-by: Khem Raj ---- - tools/chacl.c | 4 ++-- - 1 file changed, 2 insertions(+), 2 deletions(-) - -diff --git a/tools/chacl.c b/tools/chacl.c -index 525a7ff..8fff875 100644 ---- a/tools/chacl.c -+++ b/tools/chacl.c -@@ -320,7 +320,7 @@ walk_dir(acl_t acl, acl_t dacl, const char *fname) - { - int failed = 0; - DIR *dir; -- struct dirent64 *d; -+ struct dirent *d; - char *name; - - if ((dir = opendir(fname)) == NULL) { -@@ -332,7 +332,7 @@ walk_dir(acl_t acl, acl_t dacl, const char *fname) - return(0); /* got a file, not an error */ - } - -- while ((d = readdir64(dir)) != NULL) { -+ while ((d = readdir(dir)) != NULL) { - /* skip "." and ".." entries */ - if (strcmp(d->d_name, ".") == 0 || strcmp(d->d_name, "..") == 0) - continue; --- -cgit v1.1 - diff --git a/pkgs/development/libraries/acl/default.nix b/pkgs/development/libraries/acl/default.nix index eccfef568e9c..7d8a04a2f0a9 100644 --- a/pkgs/development/libraries/acl/default.nix +++ b/pkgs/development/libraries/acl/default.nix @@ -7,31 +7,19 @@ stdenv.mkDerivation rec { pname = "acl"; - version = "2.3.1"; + version = "2.3.2"; src = fetchurl { url = "mirror://savannah/acl/acl-${version}.tar.gz"; - sha256 = "sha256-dgxhxokBs3/dXu/ur0wMeia9/disdHoe3/HODiQ8Ea8="; + hash = "sha256-XyvbrWKXB6p9hcYj+ZSqih0t7FWnPeUgW6wL9gWKL3w="; }; - patches = [ - ./LFS64.patch - ]; - outputs = [ "bin" "dev" "out" "man" "doc" ]; nativeBuildInputs = [ gettext ]; buildInputs = [ attr ]; - # causes failures in coreutils test suite - hardeningDisable = [ "fortify3" ]; - - # Upstream use C++-style comments in C code. Remove them. - # This comment breaks compilation if too strict gcc flags are used. postPatch = '' - echo "Removing C++-style comments from include/acl.h" - sed -e '/^\/\//d' -i include/acl.h - patchShebangs . ''; From cfb8f44c8c364ffc1d7d4d6ffc4b493720acf53c Mon Sep 17 00:00:00 2001 From: jopejoe1 Date: Wed, 17 Jan 2024 19:17:17 +0100 Subject: [PATCH 150/212] ffmpeg: update license flags none = lgpl21Plus version3 = lgpl3Plus gpl = gpl2Plus version3 + gpl = gpl3Plus nonfree = unfree (unredistributable) see https://git.ffmpeg.org/gitweb/ffmpeg.git/blob/HEAD:/LICENSE.md see for which libary which license is needed https://git.ffmpeg.org/gitweb/ffmpeg.git/blob/8e23ebe6f971ec4177be73b453960d83c264b7b5:/configure#l1804 --- pkgs/development/libraries/ffmpeg/generic.nix | 33 ++++++++++--------- 1 file changed, 18 insertions(+), 15 deletions(-) diff --git a/pkgs/development/libraries/ffmpeg/generic.nix b/pkgs/development/libraries/ffmpeg/generic.nix index 6161ff687b7b..436715478945 100644 --- a/pkgs/development/libraries/ffmpeg/generic.nix +++ b/pkgs/development/libraries/ffmpeg/generic.nix @@ -42,7 +42,7 @@ , withFdkAac ? withFullDeps && withUnfree # Fraunhofer FDK AAC de/encoder , withFontconfig ? withHeadlessDeps # Needed for drawtext filter , withFreetype ? withHeadlessDeps # Needed for drawtext filter -, withFrei0r ? withFullDeps # frei0r video filtering +, withFrei0r ? withFullDeps && withGPL # frei0r video filtering , withFribidi ? withFullDeps # Needed for drawtext filter , withGme ? withFullDeps # Game Music Emulator , withGnutls ? withHeadlessDeps @@ -61,7 +61,7 @@ , withOgg ? withHeadlessDeps # Ogg container used by vorbis & theora , withOpenal ? withFullDeps # OpenAL 1.1 capture support , withOpencl ? withFullDeps -, withOpencoreAmrnb ? withFullDeps # AMR-NB de/encoder & AMR-WB decoder +, withOpencoreAmrnb ? withFullDeps && withVersion3 # AMR-NB de/encoder & AMR-WB decoder , withOpengl ? false # OpenGL rendering , withOpenh264 ? withFullDeps # H.264/AVC encoder , withOpenjpeg ? withFullDeps # JPEG 2000 de/encoder @@ -70,7 +70,7 @@ , withPulse ? withSmallDeps && !stdenv.isDarwin # Pulseaudio input support , withRav1e ? withFullDeps # AV1 encoder (focused on speed and safety) , withRtmp ? false # RTMP[E] support -, withSamba ? withFullDeps && !stdenv.isDarwin # Samba protocol +, withSamba ? withFullDeps && !stdenv.isDarwin && withGPLv3 # Samba protocol , withSdl2 ? withSmallDeps , withShaderc ? withFullDeps && !stdenv.isDarwin && lib.versionAtLeast version "5.0" , withSoxr ? withHeadlessDeps # Resampling via soxr @@ -85,23 +85,23 @@ , withV4l2M2m ? withV4l2 , withVaapi ? withHeadlessDeps && (with stdenv; isLinux || isFreeBSD) # Vaapi hardware acceleration , withVdpau ? withSmallDeps # Vdpau hardware acceleration -, withVidStab ? withFullDeps # Video stabilization -, withVmaf ? withFullDeps && withGPLv3 && !stdenv.isAarch64 && lib.versionAtLeast version "5" # Netflix's VMAF (Video Multi-Method Assessment Fusion) -, withVoAmrwbenc ? withFullDeps # AMR-WB encoder +, withVidStab ? withFullDeps && withGPL # Video stabilization +, withVmaf ? withFullDeps && !stdenv.isAarch64 && lib.versionAtLeast version "5" # Netflix's VMAF (Video Multi-Method Assessment Fusion) +, withVoAmrwbenc ? withFullDeps && withVersion3 # AMR-WB encoder , withVorbis ? withHeadlessDeps # Vorbis de/encoding, native encoder exists , withVpx ? withHeadlessDeps && stdenv.buildPlatform == stdenv.hostPlatform # VP8 & VP9 de/encoding , withVulkan ? withFullDeps && !stdenv.isDarwin , withWebp ? withFullDeps # WebP encoder -, withX264 ? withHeadlessDeps # H.264/AVC encoder -, withX265 ? withHeadlessDeps # H.265/HEVC encoder -, withXavs ? withFullDeps # AVS encoder +, withX264 ? withHeadlessDeps && withGPL # H.264/AVC encoder +, withX265 ? withHeadlessDeps && withGPL # H.265/HEVC encoder +, withXavs ? withFullDeps && withGPL # AVS encoder , withXcb ? withXcbShm || withXcbxfixes || withXcbShape # X11 grabbing using XCB , withXcbShape ? withFullDeps # X11 grabbing shape rendering , withXcbShm ? withFullDeps # X11 grabbing shm communication , withXcbxfixes ? withFullDeps # X11 grabbing mouse rendering , withXlib ? withFullDeps # Xlib support , withXml2 ? withFullDeps # libxml2 support, for IMF and DASH demuxers -, withXvid ? withHeadlessDeps # Xvid encoder, native encoder exists +, withXvid ? withHeadlessDeps && withGPL # Xvid encoder, native encoder exists , withZimg ? withHeadlessDeps , withZlib ? withHeadlessDeps , withZmq ? withFullDeps # Message passing @@ -110,7 +110,8 @@ * Licensing options (yes some are listed twice, filters and such are not listed) */ , withGPL ? true -, withGPLv3 ? true +, withVersion3 ? true # When withGPL is set this implies GPLv3 otherwise it is LGPLv3 +, withGPLv3 ? withGPL && withVersion3 , withUnfree ? false /* @@ -306,8 +307,8 @@ assert lib.elem ffmpegVariant [ "headless" "small" "full" ]; /* * Licensing dependencies */ -assert withGPLv3 -> withGPL; -assert withUnfree -> withGPL && withGPLv3; +assert withGPLv3 -> withGPL && withVersion3; + /* * Build dependencies */ @@ -381,7 +382,7 @@ stdenv.mkDerivation (finalAttrs: { * Licensing flags */ (enableFeature withGPL "gpl") - (enableFeature withGPLv3 "version3") + (enableFeature withVersion3 "version3") (enableFeature withUnfree "nonfree") /* * Build flags @@ -707,8 +708,10 @@ stdenv.mkDerivation (finalAttrs: { ''; license = with licenses; [ lgpl21Plus ] ++ optional withGPL gpl2Plus + ++ optional withVersion3 lgpl3Plus ++ optional withGPLv3 gpl3Plus - ++ optional withUnfree unfreeRedistributable; + ++ optional withUnfree unfreeRedistributable + ++ optional (withGPL && withUnfree) unfree; pkgConfigModules = [ "libavutil" ]; platforms = platforms.all; maintainers = with maintainers; [ atemu arthsmn ]; From 7f8349fd48d8b996646017d5770aab6b13684529 Mon Sep 17 00:00:00 2001 From: Thomas Gerbet Date: Tue, 30 Jan 2024 19:56:31 +0100 Subject: [PATCH 151/212] glibc: 2.38-27 -> 2.38-44 and patch for glibc possible memory corruption in qsort() Fixes CVE-2023-6246, CVE-2023-6779, and CVE-2023-6780 Advisories from Qualys: https://www.qualys.com/2024/01/30/cve-2023-6246/syslog.txt https://www.qualys.com/2024/01/30/qsort.txt Upstream advisories: https://sourceware.org/git/?p=glibc.git;a=blob;f=advisories/GLIBC-SA-2024-0001;h=28931c75ae018cc398344af80e6be6ab6e1874b7;hb=6cdc44214253a74e7140d75a7ebfc900820a5fa8 https://sourceware.org/git/?p=glibc.git;a=blob;f=advisories/GLIBC-SA-2024-0002;h=940bfcf2fcb760505ec59d84b94250aaf49c3be9;hb=6cdc44214253a74e7140d75a7ebfc900820a5fa8 https://sourceware.org/git/?p=glibc.git;a=blob;f=advisories/GLIBC-SA-2024-0003;h=b43a5150ab1b0cc4ef2cabf5bf792428389f5e37;hb=6cdc44214253a74e7140d75a7ebfc900820a5fa8 --- .../libraries/glibc/2.38-master.patch.gz | Bin 35936 -> 55343 bytes pkgs/development/libraries/glibc/common.nix | 9 +++++++-- .../glibc/local-qsort-memory-corruption.patch | 14 ++++++++++++++ 3 files changed, 21 insertions(+), 2 deletions(-) create mode 100644 pkgs/development/libraries/glibc/local-qsort-memory-corruption.patch diff --git a/pkgs/development/libraries/glibc/2.38-master.patch.gz b/pkgs/development/libraries/glibc/2.38-master.patch.gz index 6414956807f442bd75a85de907b59179225ae35c..a07e4f8e1d507dbc33fa97d05ba0ea343fc03d4d 100644 GIT binary patch literal 55343 zcmV)3K+C@$iwFP!000021Dsh|bK5u)e%G()t*zQfmMHPi?PKhfos4UojBB0jPUVFK zf}n^AMXGq%)}->^rvXqRMUk?yE?WoC-RSe{CQPH%il^YtCX^C`ja+YPm=4p~&}9a* zruxkAbklJRHeqzgS~pqhNAVoq2T{yP2>)Yz#bUVdUgU@Cn7KYl`!rfzwQfnu<^b?H zV{nr#!2m;_o0GXQ0#i3F=<24fw^~R6N$LjNnZx~R9Y@a$(j?VlMuIg-eL!LO&K(}` zbOSFOmy#%pDFZKxQ|@t!yHO|w$(P?l_^?=j!*HL0Vf5hs@dhZWyCUCExWD6MF6@pW zFC-S5Bo!1=kdt{HT9@#@81MwbD20H;O9m{AvZW90DL9*yCBVZZWyFQZgU6fCzuF&f z{!lxez7+JHzoJkS;cOsFc(??z6)q3NowDG5VN09(ERHv@=JXqC>&4MZI79?(Wau6> zb$4Q6tV}u`O-;+4&1Ped5IPx-$7435CYy9xEth*9Xxb9F$Ur%JQ1)@3f>XcV;-Sl4 z!L!T}osGzF*za58*^p6pN<0jxJ{}HRnx-|$ZFRfdM%mZbpqazo7`pg6f$M8&@&l(V zOc;BJ=7oCEhnJbI8Y6{`zBP1nhMFnD=+=`X{qAH~Z-phP8u zt3JTlpare&KY2)l%w=#9aP(r*_pe$|ETW=3I$T5LD~l@<1Q8XB!itfO`gcc0&oIyo zc#gOWE|VnCmfz0S9XuYWPvSEuZQ$znmIj!IX%>ef-Xw;z&MGIFcFu*)p392VYIPgQ zw3B4yQ)34XPvlRmwckjbtw>0Hjvf>%{cpRKYqD}1L1HvF_4#NA68aV-UZ>-^ ztRyU6tY$0>2@P2)%OCLf=Ho2{Y)R+_=sHVEW%LxS*mg@$EgrulKtdP%&6>r}Jc;52 zeDbW&!A5TG+VD<)o#OGft{b=S6i_ilhX}s1IO-v3mY{Q!EJ#I3^AP^Rb>?bOmgcHq z$tq2sNszHzqt5~fumq@&-00~zax;o3B94v%7hcFlAjzSL1a+1YJi-GlAs*7NuxHL*&@yK; zhsT($PykZK1U_Oik@cFu#k#cIU**e1przpqVNwY>rGZpnYm>NaoeVGy25z898+hnp zu?l=?+{^)tx>e({CFnIG+!_%y%J3EGUyVaiEAp!H zUkR*kdtrW%IBIYPpCXW11;adH+Z&d4a<~Nn(`{iiT!H7uXi1p99x)@vb8ej#j3q4g!VU4$ zEBx6L@$89E^+Z?%^a>_%TH*66Ax$wGw;i!Bz5E5$%B9;CToSdPgH0X*m!*ggiHd=g z@LjzfO@l4T34YHhE56THPxXI|5c32fl{nN$(M!f`eWrHXg=>3?p(hHjAuwBKh}!xG z3N9V?z4(Yd0Y?;s^0un&(nf_2btEE;g(dgOlAEWe-xu@aq_?M%Zk_x#rFDd|7#iB> z8@Rdx)9k>%M4&yd16?rAPcm&=;-^`6618dn1hI9TxG+;#Da`YJ%DmG}JK3z0O*(2$ zW7s-ymdCVgty~p(EO`1%Vsk)P)n#iU*s1E>=!h_)CH$!bh!QTv{

}nlb|vK!jB%-2L{OxBRlXg#yi^|=niJO3 z`%I)TNs@?iETm^v8VnBgzPJE$U+tPo&KU|l-nOm=flrsx0FGt7r35S&lTO2{i>o#UB4PPaZl^0r%lv*`BxaB zH_=;WExpl1Kde>9Fq`Pd!&-W)iGEhEf1_^=vtFUmkr}Bj%{nlEa;cu!S4&{M*F}$~ zY;$=vSH}s3*D!39Qe9rsiKmG)!d__ymbzUK9jpi2Z#K4AJN096M|!zu+TH_+qDU$v z*nE=|k~Gd}D(-b`j}f$tC2&^$R9=b>k>P8M8 zp4aRoG<-qUXc<{D5jmePeTKE6a#dZ!;2^q}QF|vR*?Jwt;#M+OpeCcXs$EsouCL|& zdKu)*)pQs6CX;x39f~r5QgxO4m4!fJ>hqLQSuZt8mCH%Ha!A5yUyb}K?~Tc^gxO)# zo(*(+XI57oMMZA?p^8xW_QA@n;2|s)e>5jh-RzG*a!M}M;bKW^%rmk#V>Udu))-tD z$Fu4Y6)`zfR;5)lbvL=@|9EH!N1Zfve!W0Z18?77Xa_^(FU_|X*!}eLqYn{9L)A{2 zYPFx}&BZ+FHq4VHj~&dB2Q%cs{8%$P?uLQC0RRC1|D;+?Z=)~}J-5GtW21&{2q_6o zFO^m+t+eW;dq>7Lsa3!cA4xC!-*-F)V!)KDl`2&t*o-|h_M3T+P2xriX0+f%3s$t@ zL>or5;X@lXwBbS%i6`+uN)y10%)%`?k>gylqLE4E={Toq9A7IGGA%q+m`b0IBQ-GDf)3h$d z3C&U>g4XtO(!5)XeNMa87Z;e>)_CLUqddI*M5-E{)cy`wb9el3-w8p2I1D%UJLZL3 z5^uL5kK-Uo0)I`tV8_=qPRJ&?-}qlriTx^s7J#5kO#KBTnOI&@_Tc=KSn3sA9o5W% zYMU@t=p2t>27k3(g^P=L;jb!(U?d#1Jd=6jD(6*}RjH3(R8>8{yf~R;bqc?ocoCCI zWJ{DEL6xpm7jQH1LPQnj^u9GEVZQ(a`LvT7@~HDXz7xjUh6Jyh-YucG^1v)f=)UPZcs`!!UyB}2MIj36D zLJeh#mXs**&-*Tjf{hDDY5ndV@>(m$+~gvKS^ftA0RR6|00000|NpF8ZFAeW5&mrb z3Uqvv+OZ^)lqgF{FLR2|zG#}*9=|k`HXRxyL5Z~_>PX7AKIFgm*#$_ElIVrsv z3lLZ=cAs4=*tqixli!EIwq|m^YK^C{A7t&t3d0-eeIs86ccr&nX6$g6qzGe}lh|LD zqt}6&JcjNvUUsIXjs^&M(%FXimgW(Y(_|8_b+v~iz000Uy19zO5W+JN7s(0>`%Ypx zWv1*moeoL)ifOIlHFY9Ebz_yJX+hBbMS^ zC)&Z=W`UaX?uOV~VvahFhb}{rQE!^;MZdk*mjxmMl; zELU^RP}zmr9$k5(GqFeW3{`FVRJQq){Og>*Ct7ToG`vlr}##vG~qaJ{~mo3#=%KW@jig2BLc>~^~s+T9~};8;QC{+p!?a8>rUG!8al-K;KNQ7b>kn>8w+6s$J)NkNL>nT1L3~scZ=WwG{ z&8j2^=v&F+8pBw-e3Ewx+FfCIwP(XDM_S$fAnFDYgt_PUx;;y&L7iFkdYV=BG8ST& zJO}>ABfW1GHs{T+T3=K&omf1CI?@Dfym*+)nV0HY3NGO`UFg?eNucp!oR&1>bj&o9 zEH9hDy}y#7Cg6wptb?bbdY0Z(k$%q)iyRLb?T-g4t9&c;$KEsI>QAxv%bvCZEL*?q5$J5`&cc*%uJL|zrLq;d2it;EGfTyc*9wgY z$*x7&({kWLgxubsqg-oXJt0E%$`v`Pzu?qqx5v5DxY#UDq`G2Q>Nr|?5rIHTv=AnH z_`~oYC*Ik~HGGJ_H)zfMju}nkMGoje@B_Sp?Y!d*;AJM33qYd+(N@xe1s0noS%2c7 zabO6_rFrne(mY^vy-`C{DJvNWGEZi40N4uS>p_8dshUbkX5D*Lt)D^xE@4JoU2Y?!D-00cPCDStR51@<6gv#GExFA(dsobW>RUrwhi9(L2UfS#M=4>wx0caSVrX*{0f zV()k#;M(f87-646S&OSA%J~GuDg2y}F=bPX=D=F5BB6$R$UrE~b!2=aE5A+px=e6R zlW{6%RDrAk;IaO|Td_)(d>R98K!KtZp*x00HKPP>9a(DG4QDTxVJJyML&; zO662sEd41YsXRA;Z&OKz#m=qxE3Wd~Fy9h9%Lqd|MeC-iCSX0c04bzirzYJR_Ith( zQ>>4)sQcW|*CV7*J~uu|7UrBuOjs1i4}JhJbF`c`b$^$+_&mD)aDHI=i%k$ z@a+1_+rk?WaME;Jmeii<`@f^Q#kx?3LmT4sPKE21h(e={nKWjQtDdHJh+!!@hf}0tE;K z2n?gPSbcx$xRu(mk2N!ECq91cvBA5XQTQcTR*)$#8<3gZKyBcGM{&oa~A6Xl|*2a&C2KAgu?QA(3hv8`PwX<#dW zr#K1nso?)=G1=rKxZ^CV%6*lD%4n;NFVz>Aiu+kM7Uo)g1s4;ZDE?{FZH9W>xstZ%CXq^k;w$~{O(6GcQp64UF} zD(NDzepL`}(;Cv^1@i$iLOO}q0r^fS`V}Vgze27gXI7Ag$mR6TKxAm5Oil0CqNBei zZmwYASpusz^#-u*69A-cCq%0DlJhG<-JT}3YAl!Af2&?s|U={db{;P>6gc8@IE?evd2VZYby%kGgM4cs!`dX~tE_#>HyS+20`{x&Xd+Yjye zZ{rz^^~R~Y$x;Vh;fW01IQ=(HR|j2Nmb-QA4tgL-VL)JC0)j9w=kV<~);UJ8Q06P9@OO4M>vHiPR``omvEnSxUN0{X%!KPnS-1wLIY^CET($ao(!9FqWUEl^|6fnp{TBcL|NpFIAY3GLrB2+24PJ$~qyWwVO;<+UozU zvMb93t88O;b?WK-cJSG-rVzFu7T{e!<8Ge3wUgil8h@QW)Z;XYSYT`C4KTa#YzpV3!(c6vo8alVT`cSv;usK>YfY_@K5KtS_cL(sBE+hFL|4#vdI>FQ!>f zOxHzDdP?|;CikN-`2KT;m$yK@>USIVEx&|b?QNsPhMzJ! z+aqvxw%mf`VUZNZ6rx$wwISQP2}(a<9vm2Gyf*`lg~@2@+R*kMuDVK-sfXdj+yg;a zgtM}RCKw#wy1qxd4SM)cEcgl{>-9!8Ea4^kS3Py0s-&d{L2IWV@_Mwf{Mz7=V;)X- zM;a5&>k`z>QH>iU_R^#*u&e-olZko$iJi{GRA+wuCmc`z9oqp8kktI>9K_#!lltP5 zge9}~Ui;o`19%MU@)ubw@>L=4)bDpN)8(=*3w>Qt>G+WpVjhJdp}CN8n9x)(8q7(U zM?sn@Iprdb8A-?i)B)MOGD_&*w!xs;V(~_%3HT|nptV z2{i8|ak;Z=x0p;sm<-i=C&gfxId;L?R*^5JLOG8vLe={#UzEJY|2N>iSMoP{J$@;qSA0_f2mpcl-AM~C6OaTE#gSn2yJNZvV; zXuIMictzcSY`1J!RkP@f0J$_7;WefQG3ShKZp#BOUV@2`>+KI7km3_8H6A|bWI~~1 z5`^`~Cl{6MKb~(7BjGM214>0_gol zYrxVuO_T@}C%!*V7|$u^q9-Qo=%j7KItX+nG{&;J{?um7CR^WJy&K%#T)w1eZU+9N z`uu3pJQMQuE z$4FhRR-`nNA|*MxXFTBw7Fu#t2Hjou3Z$FdqB+%QuD7LYG%e8JW>{&(%pGP|v+7qv zacj>;|H5>0?b?vGk|XV(*V*o+j$U=-nq_r5Kl6q|Om5k;{Dx;{kh9Tf)S|<3AriON z*3Z?>sOoI97hYAIkZQiUYq8|Fs%-xy;&-0sDe|vr-L9%g#4I2(f<+j_0n9B(ru>T( zpwZ_^8qlEspDN&busTrv>{fy%wbO#;wXUAOjUH6Jou~-^0RRC1|3ZWec`2cQgpvRN z00960tX$u3+cpq>-u?=84~5gYg(XFnlwt)2qysh#-B9%1pk&JR;z)#k)bW46`|c=8 zR-DXU`Vu1|MUltTQFr%!XQrkg38Q727wI~MIS!W#G6cb8rodci3(Sj+fjPDY=6Q2q zPS^wUgh4Rh)gqV+O@eu$O|V|eIf~%AT0QVp94*2mO2{H4ew^we&KKE5dN2%mmKqG* z|ECt%0jv`A|DD!>QQuw#Mwd>E`h66jAMDKicOn_Kzjr6oBoERsU;0HHFS2D8s~{+n zR4uhi{4Dl;oo9X;1uy0__&0uX&9&@E&OONs3$X8 zeiUw>a5(5m8)P>+Bhm7f!L4?um=#r#=MCjy7hKoh^iUp@<-;B`$+_B>fv!+c>!e8ID4o`Gp57^^&-5w>$`=U-j`>$AAh!pj5yG>O z7U{lX&3WV9^RH>^_oI@-2pPTc?5n}uXZL8LHwiD|s)e;5^%cHuZ{u8FH#Rdl0PG## z5shfZQ^yTB{Prv@jgvr&H(Lj@y(U^IyRXZIN&~?i;!3*)^6VC4V%$n38 z!%0~-)ou&;_OPJ22VO(bh`(A&lptj|{|hFpmP}lDJdM z-b?m=G%?QzV+Vj!21i+Z2olk+rWd^<6czq>GxhE5hkN?Kc({7sGcrs4(8?bEBDRh` zLsnH$&}YQV$dr3Xk`ycirkXwjfUIscS(qDPxWRJsc>|lm*bS*khz$3^0c|CUYAm=z zlKcG%R;!KR9ZPFiX9f@|%$aVva%5fmdYPJ2uQh!|t*Z_vA`6Zy-PCm_rJ`rJ^QWHY zP1FCYKAI?2Z%+^utk;K%8G5t=Moe?G*q)LK2-Zha?xX(t!2m2YBYkYQn~uItAZ>sV zpg6BzyMp9{z-`+HhFI7}yIAjMd+d|+XHEcfZviR%aFGE11pom5{{q$;_yPbCQ?Lz< zpt0%P#3E234XOYMMv@|EK@c$E0u^h({iaD~bb$?nxEGN;p}TbvA%d{R8gE>{Gynhq z0RR8Y9cgbH$Mv&>{)ml%IHXA`yUSaQUC6SMsFf)}lGCPvLF{QSL~>a!Wl6F1-}{ca z_Ml8rM%w^^67KBG?3*|5J|^>Y=4F8Y`b7+%J^c0E`0tZn-<(e_{?+8jkuP7Y@;qt} zuNWIaCs{=^yyoIW)_o|^>iRxPjX)4W#x|O%#*w4+rHveI&(mtW{`wY*D@(%`5y+2A zUwowto2j8)kY;b?K20uBq!NuXm4H(%(TRpgFaPlczj4ghfj3A2W-M0%zI;kNYc}&> z!%GlJFu0X|xt_ysSYo}w4rKgGL1!ZIoCnBHUZ^#x92ADBgV=!b2}#a8>I`os724#U z6ePc)060g=0O2Axn8I%3K{i|_@I{VGXD`x-^uW!?wyH9_HPLQVk?h8X z1iP^{xo&(rV%^x3RHH;vO{nq7W6AX6zg<%5#uMmt1~r zf^9{#8&4wHRJr)kWY|(%*c4k)F-4_0$7jv+0-TaXfGrBY72u^IytjqIo5PBkbGT8M zxlq=)c$({%lVQpDL*u0ys2(h;DO0OfWA#+NP}g%+qprrH1r-?7FA6!jH^gN5PH))7 zM1$?cXe>mBS)n=RTQ{OJ)#+&J`<YmiCbf!-KRq z@R14NuhY8>0imfWR#V+V#)}8FCY(YJl`Qv=7D0mrE#s|<9G8oQ@DGc070uC90jHJB zaeqLM2%)H3!zV$)lG!W@k<(%=jr`YIleR*5B8j)zW%U`$aYSeGNCNfuKt;LwZ*1P9!Viu&Lr z2M%~a0Mj&rLCvF^+(B2X+otePrEhO0J+QJ}Av-kJ5^pJRtVMQ7HgwUT4-rS61R(jL z85ND0K7dbBHJ0W1_m}*90?!TVuoivEKANV}ugzesnZh!*X`;TcR*LQ|iu9^g@Jcg@ z8T6V1ATfP+0DrfmFgtz}&B+>x?VBPpss$1Wxr)qOFr+=X9a&zV01%+8cRkOjN(~SRN)8#*)6>YxdAs((eqOW-PHpMIOFXICu@A2ZcufHmCA{azSni`sI2_ zQCOHMfUX(5-E7)z%6CnCV|PQk;Afn)tEzT=mTFOfBXa@Z$FJYmsa#t%D>9k4yepck zN2>|4EvZXbU#zq9qu(aS<98QEK|3i215+O5p}R3)DeaVc1aecrYyo7pncMmz&Cus^ z*UI2?QPjskdI?@aojoMHNUa%ARHs)O@L_+mG*c#btdJC8t?6YllapW`M)onChM?4e z*eP%qN8t5bM%b~8U?&gEvfj;RU zLgvAOE=hri(R9i^JFsrHRs+N?%*zHH)pE4=yfWACD)8r{jy$ljAoBm&d2$ z$>p!-M;E`Ip1e^d;WGIJd+KKB`V@?pjhy^daCL~hXpr>3vLeZ7e4)0*yM}>uTVh?~ zF(~)2L1CQ@oJiqAmIQ3GwKWPio{GVUx^kAS5ZJ(6WukZt{+19|%<>rYHSyL|u%y=c zHC!x+P)3IFH1*63VWhIe#SkuxdnS)HKAU-YuGXUW32idZ(V03St4Lk5mg?ugIX>%T zhqtHaM~Cq53)tFD5Em9&Q?9`o+LGD9}?Rf8Gsw1t$g~MpjOI{n$ z5;Hc@LWZYI;K-Hzq+@Gvf@RglAKtduu>jZ>8^;$P-a1+LEU|gO(H$?#qUEZFV_L5~ z9z*s+6lr%f#PPqHmT`7kqTV3(vt4={N`{lXoccdg<-NHD(3 z5e)0E)))xe+XJ9=2j@rQ11!RASandAT%)YrEKpCok!o6A_LR1!rZvSZS(ZW{vAjGp zttJR#iP81#VYiE1x1KX<;kFH(QX-%D4x~hL-+KOB97Wr0I$b=AUbpE!{V)hI*{qgi z6GWf|@(48KSvhu6G{GulStCPPQiv+Wk<{RG8rIw6F;!EpmsQ0LeG%0L#!bw{D%qOg z3*a^I^7C%4*@6ffQiZJ94mT~ zS`?r~yva+ZB2r8Cil^4`bF^d0oi-_0FRrqkYWpCu9C}N5{g(1UGH(%!Vk`p|cB)Dk zgLFw1i}}60AyhW7r(iU(E4d@h2RFtsIe5(xm*$#mU=7x%FJf$VDlbRz=^EqPPKi!d z8<6vpt2ggW-pXaU$vnWQQ?RqkFjd!!osQ#&UONaoHkK9X_)!@5oNhdfI^8(x54+AF z+Ad5rUj?S!+wb<)hN+%MR9gV;yBR7r6yb=0YY)e#p3X%HKTxW$&M}JfD0_agT3q1c z<(+g{|8_RCFe@^(!YD{lz^XS@Txo7yE(!1{!VtQY6srImJ6Tlvx<+afA*1`fG>Wfu z`Rx2GJ{E85+TZ8qAO-F!iWY?9Mv&h-s*OppdQ|vPSt);9WviBiM9bx>GGT(^4SoOO zdI=gdZ$MbR$@dJ~J3>iRxjxkHmIQB6;lT?-Dx=^{MR28v6*ePhfxe>+b)z^!jzWC) zln~@+e8{MkX4i3?1Xv0azkA_jY>Ja*r-5CEPiw@Xp)d>8pSJejp%A(I&xVD zGB2ap3s&h;#L`OCppaeu>~9~BX@@~S4xAvihnV%FT#KUg49d(CM7{r5N zSd7OUAN>Q<_wbKQ4C%XmFc{i>%;#>mhk@VebPD<0G@QdN=|3sPl2f%Ek*m#a6-DIX zK-e?@YDqf9f=0T4q7bGjA@+~9-R*YYi=5qk{0pCq-fXxhs=yPlA7N=4zdJdR@AZf8 z6&c7Ym3RyybdUr@Jb$vk3R4d?EECi8dhUBs$p05C%}WjvL>3?mvO5^6S+K1+-X3-` zAu_@*pSYLXAB21F(HfQ9YPoS4Es*kuuzkEg8Q1!euBdF+`pd5Mn=JLY*X{%L-70ui z2h8s6g|_eeal7x>+Xl~eI)edK&!+$AZE40QnXk&aH8Pr5U^Ec1OE!1Ugi#5nd=dL2 ztI!8cwv5HQz$1m{szS~knJ;owijE~=rpE8C6Lv=xdu&-;aacN^Mg`#!hOd^_)ZIf% zW{D^=Q@xz>$&2@8VIx_>Yu&bUE~AQl%#thsvW6WF;5MPl9Is{ZU3A_&;$3ckT&cBK ztV`LL-vhYQwcVb9JMuDCqYvEJ3b!cMiX$P2v)v#1M{|OQ$L&gY9em`u@ci0RLd}_4 za-L{B0xyv{5C6WVS~sFLENfxewciqw8Ce2Mx3V{*LQ!z0&u#!~qi00O>2;)9Gk`6y z+wp7JTIPiaN=JoK1`VX#mJ{%3NxySRS9m5YQnFqnsiM2Ql}UOz zE~rS++%IPGurYE*si;*~yHc0sNd%xKIN3}@j#fJ=0r})$WkHbvoMn$?KA5|{54wXq z6Mj34R+Lnx;#JL^oL!zz4o;4L8BgAw!OBey4LQ2_nQ(NlAl&UGHp!~N>HyBks%}i% zGJlres+6f8R&?rs4ni-&2{BV9S^Z!n(WsDK1d_R^C|zd$^pjHj8A?Wv0kQOP%+q^h zJjd9pI9WBtZ*xm^B#{YAVg}%DK+KlcQ|XMVNxe&s_%m8!een!s)0>Y;@DY<~t};ry zv7RB?UQ=a>XBcmlidncF6snHow(uo$XIBsB5MfC*nw<9lGTI9Gcn&Izal(?5KNwxq zQ?}5{!9oY?-EhMj1V<*zVT*elc+=o|N`f*ujp!@O8$eTs)i9UOuWVX3#10M#3)pm< zWM+s-sX+vlcYpo+<%3rLUicjwwNX>x<@QMq3?%4?lQ6C&lyScAC4p>BzQTt0|M0$A=VvWU$}2z?p6M^7|UgQ^E>WW zLO7getkyJzZvZP%3fjp9!?DP_m?z^bJdayN0d(ElJss2{3y{mI@Msx<@4G=!|9Vb^ z)ZsF-jUkW63^;%nO6(f@^-CIbRMV(g5{8Nv zA%|96gF?@-=Fs(015TFjA)T004k@M#FATs=PlUc-AdHEwO-Ra07Eu>qPMK7!UOGPa zwDDi~=)U8R75867gQCP3C(CSwmCd=S&2l+o$|Q?Kx@X(EQ7iDKgOC8hu(@{yaa zuqIks6WWZp0@fw-uplC+dhl#ILdYUCshRI%cvR`+(dd>N^i%nSOJf=hgym;? zQodTkWL%iF3LLWZ>Sytn84~3gFyj@deIfrx<~HMXrGRsJT|u(S772=?J3BxcWL+(l zsI2bCPDR+-sLJ&Ipw_Ze5h?fhS=2lnXNO<`l1J7}6L|HJ8d!+2lRty7gMC=>sfegU zID95xXa{&%1cw)zCTWM;BrD>oa}i6ZW2OkZmVUr-A=ny6gl^{Fz>QL<-%Is_e>EzP z@~=b$pMK34<%7zm-@2FUGdL)iPz=8pFyX)A@~%NKZE@2@ga2=EqdW^5ht)0H(LOum z#qdm8`t8v-KrE3NfVWO?YT`jRDcoUhVZ1BZGo``EfR8iS4H6v}Aw?Sg6 z=8cB8kUjmI;5EEQBCbNmLZ}D4RtLgE8YCl*iAGXu+Wcya^eRgG(I|?EKtcn0X&lIx zFXH3`JFdE0;%ND1nLo-im7gimU&IZ~%yv#nRL^4=2Az8!D0bOPrWjkr($vG($GGpf z4-=&{X*Wa+btvV02p%her%%ARsRfo{&YL^6duDC-N`AXop(EnM-M)}JK?+Z~+YCvb z-pX{sp-3idAo5rRs}#bs?6w)rRUjXyGf~wHQ20nD#UV=oC3U965I_-v$f9W`c7zHN zWj2H~O^{}2Hl}EIkZ`3Hm|G%xQ!zul^gb9ZOJk7-La)VXN_hsF|FK`PAo!Iam=pdM zioPoOrrMs8i^3=c0+gK6)QA`RH>C54;i}f}-OH$y!iJtgWLoAYY)NWzlB2v%t)0i* zrIra?fT1h%E%diHDj!->J*$-?D`xe&^}S*LL3rDB#WSSzFXOU5S6b@x-Zs->Uwk6# zC%f*@9kfF~-rI|Uuoru7XBbsl?n^V|Ecm6TsCW)~+!mhmA;NS*?oQchg#Woby11PD zc65IH^Y2z|CEADMl-VE2`#oTT)FY+pfm;X~M_m!;mlg3T8bcKA0bJ6(s5cl$H#@qG zmO&!BUdgW$!6wQfNeV62144R4B~gfI=t4Rwnx4e-gc!D!0Gq-VWp|TlH2(m1pax%5 zAAy{0CB-lu(s2+99oFX^r;TuRoDP?zE(4ZbB_gUm2Vrg+fD+$GLG7gAhcw_+engNF z?R!PL4ulT6DO);n4Ljn=cv(S;l~0PCZ(PeazQ#5YxvE1VReBkb&%(bGlc@LMe4=TL zh60=i+dFcF8>Ai*)K$Pf85e*nBME{5AimdgyG|H(JUfgdyWfdyuV*`s>o@_><0$TT zbR@xrH?#hReaft#K-tI@lrPq~>R4`jzdP7>RhcVC#t(?1W&0N19RE+(aeG5#YPTE{ zfc>gx(Fz-LO3y8Jfe$F8Bx7f?gRv_1t>d5x;l{hOYNY&N`)WeLAV`;zn9cyKK*^$d zQ&c(@y_vW43||m6YNc_^m3h~LsW z?fdT961>H}Qd9%Z0O^CRugZgE*-8gc!SU^ZySEp2?Lia|VyCxR3#^JsA8v(J@dAeh za(pIxw{MZzil!{UYCY9O7;Ul>P=y2Q#Wls%)^pa@UF(+HM^2{UiW~!!d&t4z41+rx{6|NB87ScwuH#;VC+{s2ML?zMc8O_NH$XYV_BRz5lePqH) z@t#<8UK&2JsDKV&@-pk)_~PB!+3ES^(Hnd}OaIq|rPp=+VI2DXeh7c;ZZGVFq1y|+ z&;_dEbliS#;Q5{5f0wZQ2LJ&7|J0p3Z^AGXh5t&0R0-4)`O)0?A~CQaA$4QuSotYt z7AF2XIZgtG0X3qc>YQ9BvFtCg@5wzEm{gTAsn#{SX#WT-lKvZ6?h@hcWyri>X+5ru z!e2Ru!^Zix>_OfI$ReEfa5tkNT3xR;pWo&1pH7N?!CrrFecI)K`^ItpF;k7Wil zsrf?7*D#yBcgmk3^mt{=Ebf3%+89`P_9ht@IgxR-iA;{-hYuq8b|^aKv!c#8inSTu3c z4dh><(O!#&wF#DCAwaAYB&i`Kvd;y}1twKxRQtY@$w&8Gu#mtH@YLsIAE(0!00960 z%w1b^+qM#Zj(-K4zSyxYykFF$Q)gnI@u}TpDz}+AZH5DqpreE$HKG*TGwpxxUI5;t z#5$hyaQt9f5D5~%?gCise&2tqTE^2=tDD(#fNFV3CUZZx1BAABJdvaVlj~LLyX+)_=T)W zL7HJ7>PKC~|2n_9`gsKZ%=sT&3aAh7@rhJZ^VH`jMCypA!^}_ChVyb%g^Kv4NC=V( zdh@F6SHpO(9Lqs4zPrsBX$oq@M$N_;L|N38f_@d{tv(#$$5MS?t;@iyHun1&XYVc* zuxa1=G&Gg?7(S8bM?fhPIAFAUtzvR1(0R=U&jrIP?FenNBiz6j+N{v4)g3O-H;SpH z`^8v~!OZZQf;kuX{et&1BN*`Hjo)-z8o$20nZNSgotiCsSheNs)NOS{=WNrSydjw@ zA)+*i=P+;!1Vz!Vf;Cf)f);GF6J}A7474b_dxsc$ns~!Sh6pR&5n=MTeOz~=Ax92K zY+t$xIo_6-$6U5o_13NwJ`A(X>;D+vJ7#FQ6QwU>LCURJ=XP0@9;H>O&$-4rIXoNW=EGwKl&urnn?3fM*MIw!_|Z`AMK!$^pTRW2rZ4G!QUmR$ zX==*Qk1QBy;iRD>oMfa5rYYf1Y;nJAT;z4bPaq63ub9na$5+ zl7qq_b*gDoe@!#_Wm;~FqV21_wPU}TBNKXUgpf5yr-rUg5RG)eO;k|LLm<-%Ii_uNFr#!w<8fZ-o*TwW_r$(~5)J#jWJm zp^$KRC)IG3(>0u`zuogYp07hP5C>GYhu-pywLq9Aek4uLg*{syg=QY*xtm2!VtGO6 zTUlTyAaT(S?>Y6)RCNHE$3cnaa{;x_e9M;6Wa7AaAT2Mq(!K>4-pNWnEG0TM+&rGb z?*aYhOS<^o_?VG=UI695zwDFELctZcUv|B&906Wk4<+tmRcC@uW&s!8n1gqVa zo9BEc57r)0Y?yHm3R-4WXs@gT^{OxW{-5zZ_p3Bw?jVIE~(klKm+v>anarE1%- zy_$Lc%=UKn__D}n#+!;G?6)QNHFk8RxKLN?>K++bKFM^`G0#n&ItO4E*`%(zH)Ca7 z0pTBsZ3e9^(Hn-*Esc|(zRZecwZd(j{(5o{wPx<8p>4W(7UUv<9Z2q4zK!gEuo=m1 z$Mz^))Z8&U(Bx@WjB%*Q==478)49Y9poYlICzC|DnVn~8==Dub|2{T2{W3B)-pGQL z7yfZcm3#he^dHA~b>kAJNT;P(87~UXI27w!^l4Ef$_x1LrTHMsFXZ6nbM%7;v4;{> zU=T<#{;{C^wO-U0I;?xZe|$e}yBU(4AhXnY{D}8f2n~&!FHZhe{;~#&RN28=lNb@U zF-^vpBq9j7{P_G{rd!rJ&C)Yg*Z?xq4knhv{qOZd%EIbsWK8 ze;K`R&~c2)USO_^ev`(lK6nT9l+&H33~T>dtxdcRU4@bm(*eAWUeVbJs_zLFy`a#3 z9>(TK(y_t_)^Nhh?Ho2)o*&vU8w=C+a$$K+B272-Q}fB3T54ry&m4OOlDyZBD7+^+ z6v<>Og0zdq^`7jR2m)?v65B)Xr0cJ5Q6>9~%D8&U3gQO>dyQM{bw%g_@_w;7f#-}7 z&9iPIZ+EKs;={^i|$KK&>c2-HI*o-tI};y>(AY$5HGLgx9@n6qi9qBtvJe9f4;N;O>Om`I19C}>1fucOE_ zJTYgIp(~-*)vzLyNRE^zj^Y*%m{am^iw?X<({Hx54#G9yHc*vCyiY zFsVY5L(CN{>U1qvg1hq$g{Oh%?}1625%BSCQ6-`V)|fV4xfE88zM1 zQPLPM8&TdG!Bc=~AV@MLYA9koTP&1|mhVs^9i6fyNejL01bp+oUuI5rxn z0VM>sC72hRer`$)Uc4xPh&6I;VVGI5ST0HhU3mQa)fro0P#w5siSrT5o9_DhBV|A~ z1ZkaUN)5@zloOnoC$dHH0J4lJgy>~cm#TQi3G4N>Sd#~vgkemfSIShQTa34N%}8+n zGm|0m>ydLx25lh!3kwYvZzk9pSmK-mM0enT;h${-n<-h$5|$d6Ym_i<v|Bx0CCZ$Yn$ zwolc>(L$uOi`xF^HkSWE-Ge6Xe*00960!d066g@LX%rD>c%S(Q6n46CZy2+-g)gq zvPz5TB{9<4yP6&CelxT44fo`>MDc@cXqt5+-r=q7@USSz0wihj7Rmp@L34Pab9Q#~ zn@CH8eP5LmH~Bp}CPW^1ok`(RR5IEFc}>q(oZc90U~4P29Gu_K8Fo{RL>PPg#R(bd zl&!BRBr9jKaUUuGaX^m0UI(gji}}weI~Lat$4_gRY`rfqf8|Q*Yf_&uyq%o7b>c!V zDcLxHiYlVmRT>>i%vB`X;`Ykm_A0x&e#k!F+}=Fgu%2x8Wl_5Gybr?8PbayELKYcg zOc-#jGKD)cmTzU%5XPt|Trf(iI&3{Yrx!0hm-ZxB=uPCfCn=B?MsX6wj^7P1&JH}`Hl4Q#tBf7g zb{rauHqymB(lG$|qyXD9DGHr{1v}1@e6dpK1e*kJ`vkQ=8BlyQBoEm&yU%n{Guob{ zi+Dch5B@)A(`=C@V0=8TVx^PENgPe*c|MP)vsseH8Z32Pz^BFJA2^$AC~!C|A{9-G zX`=Pt!-7+C9Z3fIz2w>CJWaF>$`J-;^+FBr1$WGRT4OV;HF}MX>Yai|L}~HypqhwL zFP`@MZGAQx)tdu|{2AUdjI)lQ-A{luY6KGE(EfKK{di-R*gm|)8nn3|6lK2F!(RBh z7kbgObQs~Os}q8lpH9PN#|aV#8}4?eHUZI3jb4e)2s!FJ3J=DV@nk}=!F=tbxjul=45+V`z`^M zu4}F^zvGCa)^K5o{n^H0NNr4#j`PFN4_ulF^-@tj z6S?3HjV60I=sBk}4^(1{Re+` zObnB#>i-C117&?l};D0{{U3 z|D;_@Pr^VDKJzc?g%rfZ5)3hwgGLV~dg9=*A+Wq=ifLaa z$VS7Lt(4dihJ~@P%2P49oikk$(XezeFy?3q8a8nto%c?Vxi1j~qzpaEiYr=_%#{jr zk5cVG3al@TvxB;(O{R6)p08TEt8S9a>8E!GW=HeY9UfD3I(_5+rDXS=UeCQH5bxdn<1G<=`R4*O{dO_ZJ-2%6_&P5Z z5hO;?21ljntJ~C~jQV&<#^Xg|RFd&PmS}&5FqL(i9&4w&UHZGl{3_qrw|% zS(=RqyF3{NbOgiEz*l5QyK7=CyvDYI-JEhr+7|1f9OyyPJcI%HHbW58_2cMv>_!OegC9$G(@e>9*>*-PWc_^Om$PX(5KITC-Ot;83rueQJQob+7{& z*7_Ek7S$<8_sm~Pkcg>1wURJdz;Bk9I|7>wt`Kj;(Y_>pYb#1WL$0!jL1rE3#@pdG zorz2bxy{TBM!7W){nEA$<|B>67!`j;LlF+J50OM1k)L)`ziWwd)sgEZ7y-Ou&dibV zYn3StNCB4%l#k@!HRt)sZ*`WWKuE5>J=&*xGTEWG8zZlzJu2ZB9ww(`N%pKD-o0I8 zyg;d3JE>nqoL}=3nrw2tQ}JVzvyx$S9yF-hmu&h~UQip1>f9dIyXvppl+|jxUG0y- z9@82Ox$Z~f3lWz?Uk&nt%E&mU=ul`=BQfTJugjjBQ6P>$tCU&rfSLel2`Cge_3pZ6 zhF9@^hG#3^qPgSn5j_v2B3ITaLdswvCcfN$_CvKl)LmOo8&?p1_P_93uofdoz?7!s zp$(~!5L5xF4^@N~ya`tEF7ldMh(Dh*-(1dR&zjp)UlMHZo;{b@xqdUFosp1GM}PLp zk>UwCQamk3w8{Dxs><&~HHBo{bz{DiV}q&VU*gjg{qUWBQ*N0Eq{P5p}zjcGvZ6#aLy4Tr_~JG-Jbx{ zw&%8L=WV`O^NIinDB4!eRG?zG6%LR@`l2#Gj9^EGi21o~{9(|jUadKK;d2V~s~N_N zb<}6+gCX5Us#cdhy;7sH^7fMhLPi(+I|p3(=e6{&Q>LflH z9t!K;St*p-AwB_Ob>+X*0y2QRxd|L^Ra=|Ma(Fc|g7+&3d`eJOFmY-r_e5G%#uMgS zCSNohB}XmkmeC*7krmJ~@+_8v;(qk2Hd8Su{+U8 z$WRh6WZmUm(CO9+2DbEQGVox@$%b+;aAw0q2f%e(vKx&cICgI3X$j@AZ6G$66jK!~ zRUc0Nk=R*TxhMXZ)wMbPgRTICN=_+N2aKFQEeZv5t6Xsp>4qm(EKZ6-(AmLR!JP*l zkKDO=74`VD%sI9=EY8E`gL-VR?qA)-*0mJ^<77UYQg;aoGcs?h>vjY`AAR`=4x91V zeb=p6_}8LY!huagw`jZ?_ShShfqDGXRj{kd{+HCqCfAV@A?1WLE9G7PchYDM*B z6dE&%xgde@Y6CEv0w zQn(NDBzQUrwWYQ=39arqQqae6$fa_Wa2a&q#ct(B?)Gf^-nyhH$7795N z>NXp}@P6zz%Tmmq?@p60zM?QCizD#cDW*) zc61vRU8!gyyu275D1*e$Gwn|54R^J|aC|K>3XiY7fx|AZ^{z7o9A3ityFtA-A{Zlw zU96h}>PM11`FaLcjX_We9@mMi#HA3J1fS4%q9b$tr{50!@MN#)4FCE_9a{mPwnAoV~eClhlc=(4@$y69z&6m z%MaIG-uXP{ZptZX)$r@`P9-mZ>iE+p#BHw+?CRq3@!jV{c6Ef_0PmnL!pr}4cE(3{ zZGnGRni;X67CB9AKsSUeC50z)p^3j$XD7Cc3Zo&yLTY1Es~sowc_dh6n4)yH)gdU) zgp#k=n%#4_Nysy&+_x}9-rG?bSCibeVn834ZWsgmNbKW}sh zL_ZkCYUQq!^0{^~dLrTY=8~c$W^}X@WoUdu=aXCww7Is-4YDS=)vxUWs)P80eX(|} zNBWL-_#NB}(vz@_lvP!$u?S7CafEK0nQ@B5ZWBe?U?*7^aJNEFub^wcnzYa}C{&z< zX(Nz+P~GfX+VP;9^XYpYL?JPEse&5brZWznp)Njl)qpi|x3Xr#TwX7R3j~;>T<8sp z0SL!SDwaXdvgJl8F3f$V>7n8up{mBqW{fuOobMocCpj%fxg8wfxu8BzQ?(S$l_m?m z82C=|;WeMQdxmx_?^B=Ta?_#yI6FN*KEF6Ry|Aw3{rCO^00960yj|;W+E^CBTsGi}eq#!@o84ihEs_fh~?BQ1kspM1>oEgE+9^<;-Jr8$G4LkZw=?b#M zP12&-+(e2fEhvA4M4;M%k|a@XPzB5e6RVAY;(E8RB`B)ZEFb5o>}`oOPgn`upSopW zNV2mMJLp99Rc#d72@E%Ud|bz1m(@!aEA44T#(a%hK@_p=loB;F`RUVG2e(&KpsHTS zNw}TE9+rP;I>*k{dzj0w|MTLF0h!SMtBapSze!EBZy}tmaqNt*N(6-s~S)}aUENcIfEbmBWW2agd2u^BgVcj{( z9s}*%BA2Jk?6R1`M2859LT6(E44^29anZl7CE}fuTd#FAv{q{Y=P=KJbug$8HQvNZ zOYnhFQyJ|6Ehb{FFo`HrR1#{un4&TOJyJ9~VwWPdHZbE~liZFSZi_CiglZs-5HE@0 zbDJ$$l|$CZYXeHb6J1qDc~K=BvGZ)07ZqaLl`gNY)%!s8L|37$QCq$w0$g#;MqPoQ zh(~!&$#q+jS!s@X#Z2>rn(v3I6eP&1$%jJNbWrZWI_nh3SZ0X!>+b4t09bBq70lZB zA!-bW`7R9Ey%Aqv-0)B{p*gf`hTFvw=E@D`?u-<;2y!UX?seNa2~Nnl{^WD_M7cS@ zf$$x?k(w=61nHR@CJR)YqJtSC4gi>Yy)&#WSA-$q}mr&g^Tn*dSwzugM~(BrcM=jEB*k#N1r7gROkx z$Z!({O``gx2b=MHoxz~2O!|04#7n+%!)*zH!j`Xo`slKS0vaqd(tq)&$uDKUym{WW2R}$Vz2;sy`_N>fJlMqVT|=$-*q;y)t^E zW>uC7ZM^NUGstM@r!$q8O_&8$T1MeOe^2_*#MAO8nN$Z_WKy z?7xhC7yizDcjmi^?*=>HOe#OVoJ_;u+K(8HW|xx?AI>i)(KDAR(I8H- zgX)7$ao#oQwbOVKO>kvjLkFe_US`u7Ugpy|UgGIBbf*zEl19*IHkZ$$X-nYoF7 zpvO?uo#W38e-iu&rm$f|7xBgXVs;T;B-j4#PrKIp+q#CGg8hs-NL_2G&F=4ef1-MT z@28EGQk}7{Go8Mvk|T4nzaV0hK@MQ3jYax(z5L3o9JxKf76C2sS=r{s3`=4dpqQjv z_FyNxcBK}*Ljxp+^e-QH`}&E1IpP{jCp^QHL%0GU;w6K)0kl;2S1zIz)Zi58r9x5m zvQ$Ff4gFT+zl>;M1RnkN{GjLJl7OY+`4Qd6HR2t-7=j*@W{QW?&;#lNox&;5C-mT6 zG>zcKOCYfar1kME40=Gi1K!Yk>Kl5re&7v-srjSLMA%giTC1`w7S@KAG&kt>hvRY79|lz>rC8T+C&l~7mW!-&!JnB4Nr~ zD1W!f$oLhSRghf)htyNXh1i9d`+JWxua0TVlRqzd!4mlcD9-V2| z>2x}dy6Jj+yCZQv;&BdjchrXD0#30kd%tjcz!8CPD<{E2hC*c(X2ep#*i>=f5;Xm7 zo@|x~TiiJ2a&70hP@#?IbyGW8imK$FumYpoEZr^<--7F%d`^)&CgxZh%eCqN0~OAl zd>bldu$rqc^Uvu~TYA|Pc3!FYNOa4IAJp$TvY=Sbog?yXWS`3_{b=ZVgLZF>zy{rR zZ+O_?QH0+yx6)*fN6KjQ=C^Nv~-b2Nm1?;*Tl}S-!I0~ObAq*v0 zsJ2q{#Liw51%0`*$d!J1pRbmoyPD1zk&RlQU{#1IYp}*avJn8K z5Msyx8Nz=AQAQi=a1-Io-bKGnA`?nJN@*T~d=>|H8xxer-?Q&qR@>!ff#NM{Mhyh7 zqM)8T3WAKl&C;q^VIop==tRwu5Yt1&3|1uz5z=*e-5BF}aaLGMtL^9w&#labYw^U? z7KcBd3g7z*Ywqb~?9_IUTWpu#rEM>Dy>LAh^rk#wZ16fCSz!T&Ja9cJ|ow8g+s zq+oNZCkUfMjOmy@^A6=$pl#wA=)Aw~5Zi)!En#2EkCA`D$HK>yAFnV#Td_2yhZP!? z3z$u=vd>gsRpegyIX!B%bnsM{b@JUo+v^=X8s_NFqSYOYICiVe?_S6NF~S9Hek%@1 z*N;~Vh7}M{f#O_JrMUBL?t4>W_V*N(>1WM4Ij&R*YuNP8YrJ-?gUs@t=ddH5X>=ao zR-!hWf9zSMsDZ3o1+vuYYgT$$*9Hw$ad3dL==&kh!Ym2C_>2s}q#a`*QVa1RMhBA? zM#NfN3Sm+EMTonq#ojfFON_IT8K(j1DWB{odD)U&<=QGoptj>Gp67X5f+S z+WJ;+Dsx4#j<$NjL&^aAOr!&kA8FxCvF=jMOVsBJR z22`vlIc|zKiTopy%kaV=I3*jEM$&#S9zja6kQSo>$iPL2erS>)-vKLxunKOVLYLBo z7_8(a1@9xvZ$+^eCDVy95ow=ZbpZb&e4z^b#&mDYuIvHQRDQTsD_vcDa%EsPHprtu zQnSVrT}m_3&gKuR5ai5oL9E060YVUT%&?;bsK@%mLGvU{vPJYSV;HrP^Hd+o^hwUb z5$2-oo_0FpBpCP4#zB8vpA@L3kzxvB3|o?sW|aMN(8fdG`jx@+ z@_o^9SOdz0u!P#rR5RqSVt{dLYA(_nUA<~xRX{b4ZE3X~KWRpxzD^+Td6vmH9Au@g=@ZO78>D20`Zmg%VL({Kku!&Hv#_G?F_uJ7T}`eH zQ%f-0(7?0NA;9GUx1#N8`lgd}47xLKJm?LBWaI@wbk_Bv(J1K8M#*f@ADy0!yHR%> zj{aXv{r-8kcitV=W9m!xAc2}*-k<}_4dGcLjwFkFb^9FyiF3vP2f+kf3e2~`ItRU= z>%o!}lYs0-67RiXDp_AGa% zn9Q&Td-CYI05tjs0%4&=S90!BXMO}a)b7!f;4Z1YNjh-UR55>!#(b?Y2J>)l*viD< z&`aW9EC*wUyu?v+{PX*FuixDK{^8w!Ujc{z>h(KgDyt;>EI_Zm2{Jfmo!?Hb)|kxE zxrpe-_cAygTIGMNUEgopMht#l{|fD;uo7F4lvtLUCV;nQPg!lW2G%!0wxrsC8w*j= zA$!>0KJp{)bhhPWE9MtjKklR>dAvIw`SAtV*6~GI$Ezwy(=q234y!b)(n+~0Cd)7z zCvhBSNf=$$CsL^Z%E57}k#ieAn-cGeY?TE;oW&Q*D7uWwUZ)x@x93!&*VJ@|9Bg{j z;AB?6q8xH=QeKz5N<-Wbw4zMd-7AdREmwiJR1OWQoVrYR4x$pU2`VAbRr1m|G&A}t zut3-&lVp&A8R*2+A~1;!$3XG+B`?G4%~pYV-x((?1wV&jai}NMx%n@zsrU##N2GTc zI^CcDH|z4D3j_L(6``=2Pjvt%>EJF+UwCaPYg;hsl z7xv1Z0N81aw(FwJ*E>YR2pR&-Mo$XT`hfX%%wN?>7KN)M4T7i~$KfQ&E|;eTY2718 zGP0-eD>&yvV zkmq8hAms=neHXpn?Ak}|HMvr;-&0Jw;qA8mV{l7v@x3#Zr#Ifo-(LDJQ~TM<#L2@V zIl7_OKYDMy`KQ?;zx{IitNK8SGmIgLdc=a(=N^@!@1pB4`#LV!Ab_A&TCW;;ct5}u|a{3oE8tyUF79G``&$+eOw^(>o2p};`8Fu zbe{h{owIKQ75X^KsV>b2i||0*j)mdtoQ|n51RqOU{i(^#D)NN|rf*@=d7y?wHI6Oy z4bZpcQRD9_jTdZ6_nt$U(9mICJ*)+1u<|-*M9m}T%@_IIZ2CcUs(~HljTUQ!?0LUo z_TTm`)B6&cN2pd4yS=gFCsiUd$cRnhG=mJYA0!lq?r|`ww9)-69aWk&4MzF*y)&92 zwtrpOt;IfKzPHsH!*f5$%~PF`a3Jrfx5d|%N5J3mFFv*@&1c^9a>&>bPjIh$kJsUt zRRTS0o#%|g)BQu}w=R8whN=~%v68Cxb@?%gg&)a}3oiezd3D2cdw;(@+ZHRi%{TtC z^CNa$nPLCuK5A?2{d`bd*5kqseP1B2%B>VXRxsPm5?e2b?>M}PJ%^5)qmM=pFktk(Y#Se?lnus$8%i)lfVVpc0CiIDzsZ3YjGtsQ(pCs5d&`h57g1#A zD!*d=%ONHQJ0(#;2eXHTer+sj%H!aGZ!aKZ*@sJw_Qvk(X` zfJ%~VWU*tJ*s8w46_IMpNw~?N zhex(8YHL6Qu?9MTD@KPsVuXgQe2P<`e0mOATO%qUjxdECM&tOSvn44zBq; zzT6N_4#8W8&4|d!+{qE%5F;@jZ3C{; zxin2{E!riRy}Iq6gDGjaO1-@qc!`t8K72s5pCnRA#nT<^W?w$gou%;75oEkG4gc?` z;vWD20RR8QU3+iawif@p`xHbmTsXDmhb;M(+W}eTq{hwMAa>RTXd&pC2z71Ol-lMF z`|djrQkG;XZL{p&0BbT*q{Ks>!$Y3O?+KYClQQvtY58%NI;%@i)j3;+Ia8@Q>OL&J z{!z=Y@dR^dJi#0q-#mxL|JX9DW#DKWxFgTEMA z;P1-7UU$+ROnUZ#3`7{Yi2$ag0W&TefxuDfsjp$y?Q!Zr-dOf{5ZFO?{B_JaI=qjS zTq%LVfjE5xD4fusaAyA`?$S6g-A@^!>IC<7aco1bKyvH=b<%jECm0ID12wP%Q;K)3&>#AQ%oUZ_pb? z_OKL%wX^+Dewj+ouoit^sEU80{hVLe)`+gz%s+K&EW)9Tg);_ z5*HSIgzM+jxoHEqs=+A4~_+E>1?5MI3ehG z0tcj{bX2AbN99!V3F>>rFuo+};hU|I@a_?7wLx)@GF>_PukEzm)go@ zBD+#1|K&}Bx7yU0A~yEvGgo!Vd@;#aT;9V}c{k-9{!Jo_a#d z*%9&N9*mt3IW>~DidOaC8~gp7zq<}66|^|h54>;~S^a@Ov_}Igvh#tY?zNJ>t z1PWcW#1AtyXZJGUWYMr%qxd#e3P^tWBWNn+LkJVU!(?yc(=7o@1odG$5bvGWb%689 znR7i~Tux8*6(gkvgd;RwXOY2#7NBN3wpdZZMCMUqN^;AN68{rRt{DdwyWxNVWS!haDBkXq70KVh0ltmO@S}Eb@qgRB#gj>Y z@qqMKI)Vk8T$OZ%FD$H&(xPe<7UWTtE>K`Orgi66_kBpFJg;1$FEnk->qRcely=*M zZ71~lqk&mu#BxjK$#N;1bxn33G})}nu_4Wu;_VL#F`Qc&@ft`O2Zm2qzUA6=m|)n> zVfls#@|MN>3Lt6AR{komj2 ztNAoNH&4^wM|97TPt(_KlaTK8oqbhtpwbUI@SlMS0$HeQ>oQky(D&?KWQXlGY?7|m z?*`$Zk}E6vDDY=RJ!d;&b2j}#b9SvBQ{h>r4!5^%d`CAtNs7T&FJ5fjq*XG~tkJQm zO22FP$(NSk{!X3Qyd{>-iE^Z>&=FBF1I4LvsOYr_yz?2OYE}QsK^o7V{i{X+t!GI7&J-YF@HdgM+VtqLx5n@mXezE@tYFBw20CH{fa} zt5`9=nyTx6!01WZ0%#vmOGsO@^iR7zj%+vdg7G+__0Y{Zr6UQj zeJqu+NAL|s>xO(R!WdJ;PzRqfWuT|usQM)JtO1(gJ*9Wua+-W}z(Lh_r&~TqkNvQ- z*wMSqHdGpClI3oN6MB@cTGSB&Rlk`nU%kFwij(<`c!O|y^X1JkO*@_pDR~B6HzFJf zs)l&YxlRz#gu3{3dUg5=+MN76yO=F+a3E*1<$StWh_lyM;zV4YTrFp(*B2*O;_~|H z^7UehSz^ObQ=DmAMfHs0sK^m0N&vhZucW5K4a~W6a^y^3THSUzP4@RqD=Dp+e^i0K z$DDl)2+u-xsNu=91Fri5lbw_!6o?llTNp^AdKR&TE21@5Yu^&@9$ zC_Rr^)=);h@Cr}oxB8E~H)BeN-oOEh_$yb+d;uz4pet%zkXgj(Y3NW6htU>gDP({w zLMKY)9*KawK;UDIpAvst#uu#lX!a%Ge_x6}+KI1X^Zv}TU6h+}n331wR!6nZ!L&Ls z<&q=Y;dwQBJ!l?lt~nlpk8@C$nYR!HVWL4yGJqReP*Ccs1=Y$$pQ8H6s7EO;Ue*2W z4$g!4*c_xBs}FbrXKX4EpyyM{Q4dP!`#nLM&Ha*9@sYnxuV!aAqM<6#i`U9wI?#Ts z>j(=M*-K_2_zLee$X-zly8OuQ@SwFF9aq#U!l7z+Snn*BSF`y!JjP^xuJY62z2$TL ziQl#gc<#St-XA^ZRgD!_Q#;W0q~osjqZ~V}IJ&&F%l)9=o}+|F#WyS+5Hc+>_zM64 z|No>NYj4{|>~s7pgdq#$+EOH0cC2&>W~^yZEZu^--7su`AtPE@pu{!s`C6(d(UVl6J*!;b#(&0C-6u?#GQGFE(w1y zHgt7-i>s6s^RDJ2sCqiw1+F~ip#z?qnR${LJqg9`h2iJk#ccc(Y zkn&wMy7)2}Gue~0bXwhk5I@+TIwY9oIK?roaC5Gwz>flUKXmy9Z%T%dVguf7W#%D>D0LWyvJ) zRa2^0&D6{gh!&5v&t2QiVKky^} z`-L+Os8|)PX*uMlf*0cstXeb2P-YmFzpqbi335R%)M6i$nzZbrZ1vl4CCRx-=avWT zZ3~~dC6JJt0O}EFjMASn^1o!Xc7Aqh{ER`6=5Y}Q^I;Irvv@d) z^Q4HPA_$V;C`blHn9h^IU~K%1({iy`=JnFKsO~^Vcn2c%L#?j;Sc77d<#;B=^T}qS zZ#cwE-(h$hs?aMhh_%B}EXZSYb&+eAlf#H=Y!8PccXdTJVqpLu2cvE)yB1F7s4T5l zHo3b)Bcp>LVyS%Bbn?a6d&HMP=}O!0 z*C1BNzw#gW-8bPPOA2J>UU8;a6>f!h!uBBo%5n+_qi$^E0p*gbwRf6cd#42IBhG$N zk#|)=GMyIVo5K)^=?t*%2;Gr9a8!?$! zIk+9G+n6Y%`ov@@+B;NjD%P_z?w_pZq$kV~fLFvAdq$)ZQn<2lsjAekR7E!+BfV3_ zL>KwrQEGwU2sL3t<-dy_-x{+ND+IC3)3pfSLWW|5KH5?U9cDZx|P_=RqFDgCvRD?)9s>mX1F8QyY3mMYe$LJ}7*DoDRcilxIaN z0j}{H8+{v>D2tffdt>R{^Hj?sp#HJ&^TDfB;(Q=IYnT`lwl751pNB79rlq&MjXb;a z|Am=gt+8woUfsZwVo+D*e6eCrWIUwwuz19Ez%aX{MkmDkH3)BcwJhi5wO8$(IQuS4 z4`dCi!#aLd_sQu4A8fA%)c|8Ku)t+mUjuJ<+3x7+wisbn_#UKW1#*t7vI9!q(LkBVGCnx_%-jM-NXVgItybHwq}A3!NL$ zw8E_kk}WJvA?vOU452qT;EZ#UEdgmF6x;X=g)SVxryU&qpj+a>*FcaI_W%F@0RR8O zZ?iToo3R-MP6tS?0BQvm*Pvy1B?_uKaC20_eMJ=waG9g20A(O*2Te@{u%|i6h-cjT zj0ow|(X!2TvrE4V|NV#+CUI}?^n1)X(3z+22(;W5^_itDIskV z)K;ow8Dj$y*py3>hkSf@W_FkL4eY#@mk@04#bdmCcFx%u9P)9NV>22vE>K=kg+o*> z!D@Egd6j{?<j_5`OUlBfCRKtit&K=}{uKMm%b-b}BY;;a4 z(8^oD$Xh_pEor67iKUVzo3t8YfNsxIbT~BIcS%;-zr_%x(`h;>wEw|o6z1P(3*sM^ z;;;*fE$3hd?&FN;aL8}qQ$`Uuw2m!CqrAT$q91}_?o1(}D!C=rN0$G{^8c4Ce*&kT zNYdjbj_|<(yvwPptlG4|scsYUpJ|KP8V*xPB^hdv_vmD~vL_2$`(~Q#7h_NS05TA2 zv|pr9{fWU|{7Dr86a^^DW0iv=;-YU}1O0b%dojH3TbILu`EYeRxYvrw1563}#3LEH z{&s;VkL#~2Ig7C0#l9MES4b`Da0Hf3Qr;rCnp9>8d?1J8_i>bj*{RI*TJe9V&N_@+_usNS6gy2Ql2PD z4&~*A-=g+8{W5zLK-P7IR`(q?uE}&B)C$!@^un2BNECJ??oYfQnkE~f@zKWcOZrG7 z;LDyXvZ9x<;Wg?`{o}ZuieC1$qJWonGo)Gs1Vi3*w*Hus)E`}zYX!$hh9LrE(CkHW zEtZa$=7?#Im?j^lNzyH5#yOc3iqEXNS?~&gbTW252q*acu8%^eabPW1E_+ekh;&am z!(;OAB3VC*$p!Wau_*^>oiEz6hv9^a1>8D@M?szNRG?8AS@oSrkrmK6wQd;fpK>{> zv5@RKR>f-ayn3VCWq)<})9jvZyZWCE&O{2gO$58bQb(%+I=<2F)atd%kn8*u zKFt+rg7j1gPx@x|2Dby4nT1e{lqykmiUI&=Gr~J;gMEet1^^nM_}g91^2^@UwblQ1 z_0V8OQY!`U;f`glFR+;0;0=|OM5T!;J!-f5m6ehD_PH~vcV2-erV5%sC?Q4)X(sx$s;^2R&yB8vVDkZDq&jog_G>Hm@4-IB zi)1y0+ddz=`uS+2=k8+q>9w<(EjQVEeW;eKH_~i$TAfkL)?f2Xv-Lzlkvcy4e@ZR@ z00030|EyixZreBzeNMiD4T>Ue60b#Cl$9XZP1AN!G)RHA+m}Tl=;l~JV7sxMv?%)T z%enBPNU7UJUTjzr$)Q9I$?=(U#M2j8^|olNczUt*nxR=wt~UKj5|}9aNARNK;`%3N z?Hy9FF0_>9*mFgPQgua}sz=Up_mcZ6K7bK{QJ_ahOYkn9M3`kx&C z;bzu))KO%`Xjlt?X@?!hLc4ZmBSM-!W|XQt8VM^3WN(Lp89MK5Iyytyf#!H#)s>aG zCA)}1$?O5%zxu!n(MRehTYFj9g+~T9Wo%5gUS#*$Zs&u9OPDWA@=w$O zmYTj3P?{Zz2S+;&H$@UdDm{#17;lehlLJiw?JC@h6L*Z?E-$;pQJ9yei3Uc2Mf?;s zf}mgv2RsIVV>0`k>%4)mCF0@`O9VUG>u(lA2Xr&EuH~I_)e6D{Zzr&!V;X1|tL`r` zOH|X_3Kpfa;I%&Rd87R`?(qA@e8Ud)Neoo~EGy{e+LF&QS*yU0=GsZ2|B3c7>4tKQi_MQ!`1D>G~B^VPRn(xAEFb4M0*(%>YoiR zxs8)z=iq2FI6l~{0xaOd=;p@)XNLAJG;2ZUY~!YDh?s)#E8y6k9~~P z&(G!u=bm$x0PN5(b__cPU)!^74TsHHL>CybwPCTt>5MqU%-uCU z^%|RjpKi(}rB|4!Hw>@=5~rGZtvT+(B7Z#(1G##V2z*I0;pHEY!s1YJ^W%e}HND=1 zw7-yB*!;xZsAU%pH`fCqiFZO_&z=dt67w#Y&wnRQV$oh_0yy^c9{wE1B+ptDG`HH1 zzg3w0m#e^;iDTCl53D31%^g8B3Xl+BnG}{AS~h0o`s={6s%jPU6U6{Lkj*ffzUQp`6|2h1rzj_g^c>*Q{y}>;Jf^#o6XcL?TL# zN71oLIy7PpOc=)~lm%f)(tiV%B@7>K=8!9OH8%sf67{@Xpb{^NMp}6)4e(Y6wmoNH zY?R8RNXkTu{k`|~-Aw}_Y-q~T2v}M!l;DceI7&b74Vb8>a?X{CI5Fb|VXL$33XWsa znPU()F5k>}UMjqCmtakIH?Xe5zrF}#Y-V8KVRMpKu%svOjtHl7cIph#CfNaq;do{x zWENWqRK;ilyG+HuM$$Dc6KNiLQca>sUdV}_q|!Y2G}cuVk7YGdYAo|{holP|qt6U( z5pE^B2YCls)b%8tlv_wYuhjse(rvSVJ{A; zJv*Mb_Nif+uH5BAC`vXvI>Yvk`LhMT~1LSgd#~t2iz*-l_SmqD1wpwp0r+AG{0w ztRCwm6Q7^zX7du(`nk{7NBU0ap(FV*=B|u~JB4>}k(8N_1a0_%t)DE$*9@VIXRq*@ zgg{Mg^P&LLl*Nbqc-X6UfrkB#@D;*T1MCGuvfAL*3gaz}CGvLq?Rrs&6N__;$=zl7 zSiu7E6TY=S6mr%n&%01vWBA)NqA1j|-IfcS)OJ>+RT)X1sf1^7#zsPp#3*5D0!NB6 zjb=$K3w@~VMs6RB$c)!$zs2FZre&g4!Ica{87H9XjKgL2Jw*pSt#|04m8@?9l!jl* zkbUQkZ!WK=H`kN9hkQE8^YK@7J>TXNFofheW|EkTw2J@?g2ouuWCy-C>GX!?^G)W@ z@NMSL@YMXFFy*qI&#R@0lDeC@o4cFR4z?yVKl>Ig`vw*+SeGW>5JEhE$nQO$v2%(6 z92rkMWp_aFZ7@NTVkLGshsep(0~GQ0f^e`L|D};mBtnZAeN@6?Pak<69!B&)#{C8I zRn3af2Lf2&S0v;ky))|T_&86Uo%UZH1^H=rDh2-@*5E&fHRxt3R;!qBz!{dc-untH zhryYpSoeJe2EDHbhE;vAt=6nqH4|x?sVve(G?OYqvQTXK0{{U3|IA%kbK6D|eztza ztSTE@B@xEp1{G~dvADLX6x*dE`{1}(17M(FO_5w4a#D`}`*!yn07%fHBGqPJbl{i^ zGd*ATeBB)tr5C4uAz@b#4G};4#Qs&ukr1v?0 zz8|b1xmz(_iqXq|PqMiKXtPowqBXON9ak6!bMSs}@e>&zkO6#C6>ZAl7&~RS-u^B3WdjWSr(zlM8>l;m4)DCRwjYx1|rSMfJc!h)_`lb@8t5;PbET4iC(rz)s#FAfVl)q|r9=a4( z%EMm}ZvZD{QRk{KI(UDF9jmkvRLG9`;_Bn5Tq^VtZ0b-8eQqkGMwrWIr|kGn%)U&k z;wwnM#>7!^LJ<*TTg~&vE^PjvPi0<}m6DaVBx*dmrs5YscSA(nI>VeT!t!&Jm_`VV zL@czsd?xd5ZgQUP*y?U5@-#GB?;SRSODMnC8NdaqeKYAm1zEFbPWO zWn92t0F*sm_;%G^ObF?|matw>JNRKn7n~b?;aJ>?LN4dsvE2cbfi4E?IOJv#bF+vM zm5rqMv>sj5MzYsD9pf?6a(h(j6!DlouI9NQmMFQ$p(C#HV9sHzL3M&^&=+sLUT38c zbe>*!xD0t1wQ>b3cg?=>*GvL^o#OV|%YnBczW|azZNKnSx@gKAfOeSszU$|)>&h%i zrOZG;z$f;iAkTRc2$0SXchRifG94$1l1%tP#*>G;X!0N>aS#}@z21W!?>ES{^BdeZ zu9AS*dWgyv$~RDZO2X|i-XBj6zIy>;;2dd++Ite0IsoMTquR^l7DIW--sVHt$#Q|L zQi3lA#q3jhdory;S=$t$+#)wWqRK#k)ZrDm?lv=*q*Cn}ua}rkQoQJZ$Bj?Ya;3p~ ziFw--qe{$sxO}i>9WG(Ub?2TEG-QU&@xEf<18nMfZvgu6ks6+#PR`HYy&7I!oV*$w ztyR5g(A2xmj^}i)k|Mnf55>dTdrcRDTZ(nJsU~A?!gjVb$U6o@w*!iwf7( zo3V#==Z`T#T6C1-2Ou;au<7W#SVrp3CP{Z>ia zvx_}WE1wfGYbs5a;>fxvj_e+a;b$-3K&d12|UF;*q-Rf8Z1Ay z!tzsxs(P9$f;xK~>yPcQZ?pcMltxoiXB>wE1o3<~Ec_>@(eN~)1TXkoA$&R_A7elv zG#U5J*_RfcjbxdMbJ9ATX;M_MCKV;AXYHYmrML82^cIKMExqQI2Dzn!OM`U9z4ke* zi8;l-TC`lkP=!UF2B2gmVdfWHN-yzCHy18opgfQ~O`<%1Ttp%~x*)I|F*in2rW>zC zBs!hsOJei4F)(TqEo_RQmJ(7lmEE}t70=wFRVu*(>HkeAk+R@EC>($y!%`%E z>hdIw!r1pSKPbFJxT$dCu-GC~N1dI+aY_#QFnpCPxIa?|S6r)5qtMOiHrUgor(j#A zr(o^u9`J?xTZWJ#MsimasRu`pBB|FEM9M^0(iX)!fK+o7@ECyNJrNlWd&MR*olRoK z)ZrLvx3jETkPn2a%2`Qlf>XJ#Qgw9dehnQ_nAVa`hlWWk2?k6|6(TlVM z3uOXA*>hTQw9sT}9Kb0)=XROuu!ppx9(L3`_`DB#xQR-K3}mSll8d{<>Rs>Xv^BrG#j%vQRA1yWI&gy|&@ z^ieZS3<V4bs*e|S+=Mry01?td|M`lS5Q3Y$nTz?PVg9q{gBgzRyMACB(@8{ zG?gNaLCE@P>4_u^<1ljLB#wC$`yxt$G?skrAV;GIQhBTV<#IfiIef}FG2_2+*VrAn z4|Qg#o8bXZoaCV^lAs&Ibd}P^FkMd&dZc6%bSPj=;q3bD<>1xz#b5|J=FcY=mnu%l zt~zl=o#7XE_t~?C8>_xQxPmACIXpePSbw00545ICcOh@yU0$7>pPgK8dH@vGlk3y7 ztNQNh?bE@J*RMNnTloPa8H6In?KcuU4O3obNm)i&oCG|GU63YW>^`CVNcw)-_t#@B zn&k`Po@hO|UIFb%l_t0vBauXf{mapHuMui7<$SMg)YtqqL%5j18pUskTQ!!4q5oh9 zQtOdYpOG+7o`lOW9@rS$zREI+bz2c&xp5$>iBVA;7(*=nOZfGOe&CsDZAhfhbJ|o} z2NG1#|6p%zy+-nYn1bdGTs$z5;TnPHRBNFd=6v23(YLQb)0T64GKf}SJ>K|g)7)vt zT~Vpj;DKf{H9_iBW07?t#wuRA9F?^y-WWP-P%zc5npG)4pfb(E=RnO4Y*$6k zigGf5FO~!;Fq}AyzdpEBn~2W%s8Wv=1(B?keE{C1Y(=I!b+jd@9Olmdv6KZ}Es|jt zi<=}wxdvWoj z5fnVNW(c7-h= zcPMz7rqO|6aBB)W#-7B2Gzd1c+_>B;6rGVz{%BGy6c7Q)RmnTJ2#}5j5=)rQs=I0= zZ{*w%YM|Sn32rygZ4)g7e+A%d%`{l`FN={~reuj&yJoT|dKsv6Nb+$&7ne~CQ_vOd zIk^6=nvm<)ZE!!194t-RL{TM&R%mETf)+={&;y@QiS9ka$xX1KmWyjzPHnBu)c;v zGAS$e1V-!!*|tY_t%&{rk_qF*$wWW-1y)QK@w2fMSY{ zW>cF@?~viOMDwYRnu~qPCnH1NS0W)G$DY8|0TmxS=+6{mo+$QBTC*OVzty8N#S;+> z7(qRuX8`+oaunX%t~5!9u%h z=MU-rzWW>g53X)OKNIcfVVT&p%hUIr ze}K^=yxSV5shq(g$&TFL64&j+N*K}-Xbt0$*KfUZi&@ZZUg)F1O{3j|M$vUC4}ASG z)$gzNY~`^(Q-rR*)j56ZM$9sCBO7h&F1EjIf$CP!|5LT-0`GgdQ4xn%aOyvbAX$Zc0VmgOF-T)=8FP0(mm@igVkz( z8T6G%U%|oLkQeKiM z1VyS;S&J`#L?FUVXr+F9=eCP6j@rBg?BKOMJG(nOGiOfK+I`o%6|Ee4Uc#|?5nCSN zqys9E5k<=rbLa+0Z{1TW?7L(R*r-`O6`pe8yT^I(rXGaTqBwI$(TxU%0s~KBfd~r- zsu}@PNx-Ne5zw~A%sr>Xj8+>KW^K-Y!J3Qmr4sdUdar+@kcIBx$U5L#dv4b*`i=-% zFj|8n`W7aJ8C2}9>8svvcn5l91vZh55Hc_UD`NqMdZ)6UbqyY}#aa9o5q5j`lw8hk zrnld(lgs%zH%x87q z?Zj!nR34Pj100qX3Z=v(PIoFl!646SgYeCsv2yv9Fy+rMv6^;L{ffZwqH5l8jC)a%8&8kSs=t}_Our%}4V9EZhlZNqCD5W>qqbzWocZDV(TNlS#M#I-N1fjg?Ov4 z#h$(#`GAaT^cmj%KKLYwRE;dNhMq@Awel7MfNfHlg~gmFAmi) zi>z-p;aFdIySItCxa?2@5()xY5y`;>_k$T|!LeItU~7Y*h7HQ#tAuxlAXX^zV#WE$ ztIfn{wZqR(JZybA0Ik5U=!wHmnxz(R+qV*rUYFU<@=ksBVxx4nA#TPjc=>K8?vo2E zS^K6PFls}9R< zmzKHQcSm6md-LHiPm3T{qcn&MnJbnY&$(vr(Fj37-EaEQ! z00960yj^Qg9LEyy^Dk9h!&6J3A6Fw?K8>aMP?t~#YxMV&H~Ajp7mlI>734iUr2>H*UFv#5)^Pb349 z6?fX(XO1Bv|5_?j|I(Sj?xd9#2wN ziQ6`D+?V&UM_mGr>_fL7zTr;<_xnV{su`(POHl-o~zPe ze;UW2av9Slp$%Ix_gzcM%7wrpi6=ozxCP4}g6p#E!Kq=T-f%HT+S; zPJ$XU@GVVYN{Msqmdt;M7#$D#)5TztsO_z-cxRx7@n|$1G{vY?axzpN;Ld#tw{!Z> z&RDQLVzR&q6YE9J>7B6aVcH2wac}I8=SPTc6 z7hxE@h$5vY2fuuxGE0X_)rciSTMbX3)T+>%UBTKRWM1(9^7O)9!XY0lA)6|ir!lhJ zk&OK&O*DIw;P6Zz7k{~+qvDxXp5GjtM?W2$lV`N9^z&Jy+ltPPk1vic8H|G6I0rKh z)EewCLoiq}&MqU0_kpx%iVyQDw8&<(Q8RRa{xm@lf^uYvl6Z9V;smSyJC8DbLx*#< zdas2aTmNychbe5 z_fNSF84UXz!ZI8T*uwai38fVq81VQT{b9+jvV5;Mqv*c!7e%7}*PWN!i22$!YmRsA zBsZnpfo_xgFn}fJ$I-7LZAEsN`>h-@r@cqG=lbD8vE(3!cY`&48G)Bdx$$Lj6j2gFY1_r;Aj{k!byq3ks|$DGqGBM_Y9 z=I#Lo^zIjBVYPApk@4T%8D0;D@idONw)*`k#Um~TNpmNuRCW7F=AZaPSlZWcVT*gIYy zZA+BxB$~m`55Qlt8+DEL8F|BI6k`wFFxVo9vIP_(;foa5q8iI{3}HEuoQ!{)A#!M~ zi}1=0`u*vfGn((^LrKa(qHN1Fhoqhl_DCRM$1NSXY(PpEEpbc0 z(THm|O$+P9#pjK!it)l8{*Y-?fWqL-K{8Np=uB46Ht!hl$e}}6j2n6D9O5Y-e*ObG z2UI-{D$SeuvFn+MPW9&_DJWxjnlyk&VoQkwRB&{9%x5zq7uf>Px7O?J#}+HC@90i{ z5G*J(rYQu29DIjpI?(nNu}uLGc|1z%2ucwwllXd=Bz-kmj0dB*KT57gQ#ICF{?1TM z`zo0#^-mZ%$FD|{r;VHkFb^>F6``2$r&q}0lLQ1X=v>p;IDE$9=@}x2iJDEuli6@K zN%RaKC-GpseXaVV`DEUI+TwYVbEekxI?XJ67y>BaDde2u%B^QT^_+JeMX(H}v*}1} ze?|n$HlQ%K1qt&BN4@{EyI7BF&c;_?#7pUU)*oF3$IQf;=8h!&W;aLV|Kn$5L}wza(M z?MHbT$rC?&L8Zg;Hz{!?x4v2ozPZaeJ2ni7B)?$H0PaEnTCq1Uzs_$+)RtDxerW?7 zb^*JGO?q@|?K6QsE?@99t=%wihr9UQ9!eS1wqZ^4s3F7%tjhuYD*6GPf$I9V)irRx zvu7`*yf=#?SIsv(EdA3eC7`u_K;C7UE!^p#jJx0_=U7Ub@{!lIN7EIp!@FFdpn6|Oq)-@(&JnU`c3HhN72MEi1(|-y`woYYIn4rG z_rvDpobfd0h;R|t+tUjMgklfE%}&RA`PvepcJZ&rgL5m}H5m)YgeW-*@FpPyvsCaB zra2-A8nB%WyS|G7JrK594wFZs8HPM#fJc0H$-@(9&WdkCEB!G;+=pN7RuKy;GtT*~ zl8r3=EsyKSp%rF>A=sZu!#fF567-|jrERJXKx**M+ z#uAyDn=dkBURdbeFM=O#C|3qt?dys}a9ntr((Uwot5`GkDM`b{;z4*tO6U0x6@u0! zl7Zpw57`ZSXT}Qsml0B*U5$C#1;?aoids=Q4U7j|1n-J~;#H+ezHn$v?+BSlZ0xZh zky8gB2w;q0OsR&-;T@zKydjA~+6cuJX{B(XfPSCPVJ*zc!pvs>-2F0JhGq@EwktCP zw(>_oSeC`Ci|%?)WCeQ*mfwDI{tb;Ddci>V;ua>(>l+pERWEO0dg+wDVe>HzC*8@I z&>eQVqtV~s66{O=@r+kI8PVrQ({=qlPZl90wO|UgP%#KB)UhKamH!M{2F69Zy{A@c za-9lEYjuR8pRAFGfBW=R&j@L^1kHQdF~2j;W}mC@vQoQZ-wwKC;vT@Lg}=3!n7V$>C{DK^Z6`sy=>*Lxjs5t75;d~>J?!gSbi4z^N_mqm0h~u_f@HSmnBNBz zDrOQ=%BEz(%2q{g&(NjbPjwlnaHbJJj{$v_?!)Z11|tVK{(v-_^s{Sr?k+*Xrwfv# zr$0p}htanO7e`?iDEr3Q(J%_k60d%s;#=exWKr~b#G<&%S%l{gPB%91%6YL=bWDme zm8>i8D_XO(@h&T_aXZy-7D2FGWVLHC6W0=~Rb2{==1n?YU3FCBk;0iJqyoLb8N=6&fGECs=p~Xz+zu zt@s{xIw{5bGN@E^%3ytHULk^Mu|ZJoeNy~(c&X3oKc7UD&GO$@MgWmtd1q?eVKDqYLn~3u>^V_BUxl z7rz%j9K1O?Gk`$jR zHt(X{<{K>Tr~_$YkpZ^(3SAWl=_14d#2Hr04?s`?L_musM2LUS z_}QNEWT)kjy>LNl$w%XOJn#844uRQ)CdByL=R3jcj1WN%38n_#jd_|mpSNXmv1OWO zl$o#vJn7YdM#)B9)l0E93*Z#!drULPs)J@Zg`Tj-B+(!f$o}h1{_7n#!gj5xk(V$H z3fDy$0&$Higrt!wOsGl`Yd2D-4tO}255MKx12hmnKIz2HHKIVq3r(aNy@Z7FwK(Eo z$ELywXZ0aP+pBs}PnEIWh_gEFfTSNPX=PwX3zX4U^|B$q!xXn{aEPE@S@1>0!x zFOc>?*P{FI3Jy?t!yO~2M^AsIulsU4Fdd!t4Mw#Zmq4_C4NDe@eT!KC6QT+g8cR>B zsg?ZkVwx{WADr&OX&Pj?A-qyo$oPA+Mo5RZxfWBQ(WSUIp6uvzF`|*lS_RI9GzfLr zhz5VwfX2aM|NgLPj`k@>e|6W?5A|}D4QR-DNjyWo(;gJRr3nSMV7S!-qDXYz~gaUwlYSXw$6SCt*HJvLi zuCIEyp1ZYNhZBP16al|6ViJUFy6r--Fy@FQAr~g9YJbI73 z488yW0RR7_T}^M(KoC9qU+k?!i6hR1R;nOKNRdFI5(k8W+k|4_tgAR}74hfUdGoQm zj#H9yijvr4dw0Au^XBc0VpP_V?Ll*a+VxVj+YFGCG7}O~4r&YuIa+5vuQsUoLT!pr zkR}pdYz!)o*GX zp6t_c;7CA|V2YvNc8uZ(s%WD|z$~DGmVpQ^QlPWwS8UJOoW7fruR3 zxHT-ePu69yqvD!7>nJsy(R1jk(x*aHcRJ}L>qj~Oy`hVTk z-bV_QsPR{rmOV{1)>Mk_cCM)aZC`bY|LTDEa6!xz)z2Cf&PIQopzcHS7Q^n3?_=wt z1VypTF+(B>)#AC&V^borAoF#-T!fI7SQET#dEbqYOrRexfz+0z@A?gUUu0|L+!O7s z;fe=n9CF{?=$r4pPy2)p+udk+xn)c592*VnRa@V0cjZ7p!#O`%!Ys0a8Q+!cFR1cfrc$eu>%_1X7I(*RF$M~4pW52O1Bo! zT9Wn6a@w`Li;kd4ibpb&E<+-m2!yZw= zA&{3tU+CU)Hue+`7gs&t-HwxVa58zw1I1Jz@(4NIsdxCrbBFJJ4@d5989Yghw`fYu{SbVPPMS=bF8Nut)DEcyM*bS zV|4=T>fMP$p@E4*!bTlms-7GIK$Zko3AZ?6&qhU1p_}%ha||1bvw=JX*;e-N9xD*c zJM-4iJJ*&O(p&O`TWZg6_lub_(g<$3y4?VO)4Gz_p@hu9msUj}%>p*95Z8jQqM8pJ z0o7}G`q)RbZQt2QRH;Xd_+L8!w^T^lz9r4V2Mk^scfZhlRJJBnrCO|=5PQ200960yj|&U+c*~g?!Q89(bisDh7O;RV_$KiJxMpDMBg7RVsa zo}R~3b22Z*7Y;CYxo&hXWmrqgr^K}K#2=Y0uj_E_^8N9(t79}ZJ5Di`CmeoNv@7uP z2F-N7L5UnCy`b;{3Nn=N{cwj~{D}u>Q?)`F$6)`;|7=R&y`gDa!nFY4JiTDppt-UndERlW_cx16x3j|9b~ zs0L9Y6|0BDsD;_mf28XNWd$WLyq-ki{Pjw$vO33vA5@PfW$$Kf=r8GVOQIC})7miM zq{0!7niHw~ame>}nfX#?cA=|CIfrPSJ88H?7lE=T^r!isjg@8@*;zB(4y6%GTOKG# z7*6zVOR0Hl9Ep`8_jiKsGO=w+wMSYhPW6FyoCT(rS$s=(WqqyQ5*V)Elp+-n@W>CT z3P2(iTSv?#7+P0gNTd>C@zMu)Sq7euSbL?FjU^{^^*D-gEA-bve0|j!=EtR>qKZ(P zTk2~45~`l)M`%CQmahXFqZBi1G|GjXKDl!8KnxH{d9PSC&5pyP_?BWldQ?2SgmPDU zu-SD>(^!@C&zo1QdQTJ*C+(718(&0?fxxI2hU|-xDq!63uryIQv};lx&&B$VK?M{y z0c_9Ax$Ri*!}l$P`CNe6sYVKz$j-Weu6$#oV8qEnZMTcZO?38_3ZiwBxZlf0VcPBX zqHOH+y(Fr^NvW-(uxHlYCJzHbpKAAM7eXjkAaE?K43n;NWj!73X=qO)dm0D%1_!12 zbZlM64FoLTVp7Uz8cv^%lW-EzQ3~7yCYJgNBpKol=2rfBn12K62(346-^aA#B%9kJ z+Od2DVtTyT#fN3MYuIlrV*zc7t47rliauD;1_1y!LhH-|*8rb16Fq0A_*V9=P-UjjYGz_BaX^P+QM|M4p z@aFt_8aHf3wovyhnZ{Ej-&<&9mf}}7%kXPHo8wn9yM;EJQ8R6Z%~q=gAM<96zcX_Y z|3SB)s6EGz3_nu*2xpV|B%7qTH%#J5avK2C&FwcCiJAbN%Il`}cXchqE>Q=gNqR}w zyw=}2YBFZrHQHD|Vele52h-`hRsvg2CUV%w4C6;CrJR6RmJiIzk%|5kVB%qz@+SbWVBlNY|V)*wytvJnyq6g{Y{PTDQ z?sdup_CMvV`Y~RnnpC{e*dGe1M1dUz?KpTF6JdldeR@IY*+>#VDsB+db)*ruObnq1 zmv~yES>(bL!(>D=n1;xOYw;|G3vXc_U6{Y%2$K^|LU$5+7q97;wgB~e*o=Ge(tL3X z9+3gGP@C(4m_yGm<#*866quXi560uzAA}&yMZ;t;i2XWguKa8{kAu06Yzc)0w#TE+ z^Z4K>{mgDf=HW|AHy`p`yE-!44R5Epuv~8-|B_8MS?2+nV#6}=BD9e^&$&JgYafg== zh1A69g%n7*3i+0h<*)N}Pw<(|cU-Pxy(>M?!Sk+Fb+Y^iqUYc5)`umbP1AGlKd+HH zRw-sGn9Uexab+=HHR)&-y$L2b*U~CLp%a!jif%dagSws9%TViFuB_KB<8ygBe~fA1 zAig{T^>)1RWrIh-g73H%ffoPt;Ug+@e*5oFzkjfr&<~F@6&N%!E^aLn%wU?4|Af|V zE3?YIz^fD?1QcFBs`bC5oOA^fk%i>`XS@p*=#iq}IE=r9Qq!qg*d3Pz+szI*I5tfr z%N2R*%XUngx||y{7|})tx{EWZyw58!7{i#~$t9F|DwkfN0b1$I%VVXAo>7Tu=T+p! zupHTjxa3baHx%^@GUsfKpA@1a^CCX2Pg_nWI0ea~2S+EP% zgddp+XzeA_VCx7~GuZ7mZdHnw)ctCE)e=V)*;7)$TZ>%jtXG(O5XC{%B<2R2Sl(EV zbw`*OUrov4$Y}v#Ss>)8QdW_3863vw z%Bzib4CAxkg%yV?S`#RyD9wL_K&|0+uj3CDJlZ*u5PL?^oKZU&RqNGhNt$TeX1X#~ zfbyy-kY2~q8)Expt=x)NQw8Mh+*=gZo+e|fwgcQ|r`msQ(5ZVf+f`8?3L&esGDug+ z=+QX-3~7X}fRCv8gyTh-8O)573|aLP!fE9Y$+PVa$Cn<{P&e@mbl%@~iETl>mas3? z+X`>aAP1IiuNDL=%`8pj=E(}F7BHLK$v$)1RGE9>`*f?_*1=OwzvFsV+jHC(jD|V- zIX};m!SSi>g$xjbThQjW;`nTRd$nLh0l^a}uO(HAJ8uB*>}QI~@++)5Ij&TR!m#O` z*Lb)U4zhx$DTf{LN~7~2*6_0ObPW}v2C|L{6rN)3lPA5btAmEBJUB43=#nA#RC+)( zW3shnOy(A6Ea^Qjnpzl<0&$(9)N@2ZfxT;%NsN3?EMv=;p7P25KChamPr0^}Bd}x~ z&eL>#$H7Lrk7^VYPxPv$(5a_DeXDmTYe{<+e5Yld^RPCirka!5SiEWyR-2n5v|%o8 ze>4vLakra}qM_d(N6vThVizi@Pm5hBz?ky>kO6b>2kixLIHo&Nm9jqsD(}gzgJ(3E zuFr%$;S*3Mf-&keR5j$?piBhM0D_*goGI`Tt7t;A40h=KB7q~EtYn0@$nHmIk*NV& zEIJ1-c12|eNkyoLVP&uoyu8Cj=Es^o*^Lrf2qBuI;i>>ZA&zr7yqobG2N7^1S*Z%< zuEJ9Sg@u~?y^igy4tODqs-|xW8PZLiUJ|EqZ|p|NDC>=)el+aGsh?toaM$iZhUVlRx(eQPstuye@SVC!;^C$Wcn>$#rNZH+ z00000|NpFAZBN255dJI8Oq>QWY`i$o4=V6MLnJ{Hjm9iv>l8Bv8H0q#kGFTd8=YWc zqTk3Gt}nM<*Y>&Rss01GX>~vJYajbSF%Uf&2cYmw5H!^$JMocez&5&0Ml)UFLoO~D zE*J@38n5SDMq4#GaUP>d20cgnjHAyy7m0GuJW3e;$!CMoxWZ7BavLz7GLNo?jP3To zpbO&U(sV*Hj(_%HqMJyy zC=UJZsDJfPHk@{~iKjt!6s$X}V$qGd8_aFk(->T}RSO0*gLUmUV=+B$4DLYJT^DD6LW z2PFDwu>?C`cm}yf4x~2A4N%qQAfP4gyb;}RQlgYYPH1QwQLlfyW>LMihW@DcI1-y; zC^pnGw1kfbLl6|QI4>}h_5$%bc@9Z4xQ3}Jj@;uyEQWgn=MGu`N<+ecv!ehRf>;Ih zPfr_8>KqxiEpnUO%28}5muh9eZ;M4Iaz96 zGFffKYjl<7(hm3Sxd@I>1R%4Ps9jY(ho{P+a`0RR8gU1@V0 zM|1uxR(`}rw%-Cs0NneaY?UC2l$k&zi=ZUSwhFZ;iPs<&#sVVgIQi}AV`gsxkev^C zRkk23dgtir>FJs2ep=+xnZ@}y_5=hhrt&ESluk4lzla)(5{7YP7_lSZ5yT*L>7YkO z(h--W*JdFJJq}B|pJuTTbJ!4wY&`51nWrNxDqiP#VY@sffve)~nr2i!`Xv_A$_=;c4mypquwaBQ>NdhlMjYs#LU-F!@>t-x3xIefx}7O_{EbB(!NQ)r^$)pNxnCkYHhKFmFphJn&4( z^?!+C9LI!@d8FK~R(${pSkG7M!-FhcFT?oo)>=Fs9su2; zt{R%B>80W*Os1bENk4e}+Eoz?I8OV#q(UjLv4rUz4CnD}3U(^Ih~EYweR~D+pORM& zZ$H}J9!9sIqn4N)`e&Hw=;d@CuV5g*_w!!{fABA_W*C5z4$|e#ODXdhdu|y<6#GdK zB?vHYB|)IWE<$%LTaO~sfW3*Hn1PCyYVWhSSQ2o+C=gks0qY?9HOtZU?sHbz9oS_r zVdi4ItJFfm{zyE_NlYh794qh=Kk(qYWvZG6JGMBAgV0XmKr@~0RuuXId44dk{LpmW zAn}5oQ0Q$!p?Cj(q0k=)6ngJ-*;)b3NvaZLg|0I&cRG1RWMMqVsG+Q8C$SAmx&@t= z@|9NUNWOoWs zfe0P<}2wEeT;MJ`ESH9{LIpAdSH9PS`nt2y%mg9R;{(&h7r9 zhVI1SVSL_`tXG6wPjHu<=2#x*AWv+IcK5a|;J3c6p$xl{)Yee3o5ZAQ`F216A@KF* zs^WLM%}B2s=rwPIl1=@CvSn0Ww7m4^4@EuyBj@9v7n9-f@wcIJgh?}IWwtM`%kE3BLIl+vG{{B$-3Wi2=EL1Ov7sd*v%!?Yqjj8rcQRnLhn z%~fG3w_`I(tRm-4i;1w!I4B=$>ShmTtzT?x~v5ZAs!yOX)0`O@kt7Xz7tOG_1f4U05mH!N4{X zErPQBmQ>!AS4#;*%a8ezg3^fM2TdQD@D{UX(YjrkMEGRV%;pWn@zmOMMSOZ06lCk^aS;S|${SilD|7aAs014|e7EkbVj)?~3-DxH=h z#SD>mccr$xJ%2yByn@Mab^Yn6oKW$+`rG9C)8)xT#i?H8XCt$T&v{JPo59W}pA4o6 z_M_w5hHd&F0EXqcFdIxabnF0(+91;H*m0ub6f5+nu%~-mE8ok1y_%&UxEWgA^X3u1 zZYv=7I{c@}BYszk{s>#IZ1Y6o|6tC7~bsfn&Fu zK2MibwSb@w;Bs^=)1uNQ6z$HL{|6&x z5(KwAh$&Grpcb9uVYt1&yx}7rwZGDfT(cMggIQ)r!|_iXsX+$U>DBPv$z*)?^NG^w zcRGDf*;mFtU!A;F`ie{cJ}rOw3BF)V<8btDIR4LWmm&yuEvfM`7=W{BA_|DOd4H#M zAO243K0ML7f0xahO!D!bWNEU3l`{2LCHr=_);8+MVvbHUdpOzn10I~5UtfJvI(XtP zB0?u(|AosZ6f_w>^PQfOEqaQ(PxX|7Ym1?N_V6WJJ$qQHOzJTyXgqxBl>e#j^XL@R z+6HQ^L9K6~)*IBu25O^0ZEm188`RbYYO6tQZ=kjt)XoNKM^Ya=$#1nm(qOXIAZc(` zZ;&+DX*5V0JTx054aQjwk_NZz21$cOIbWWd>(B7TFI%Pa1CIm~ZxhZ6@iy745N{LB z3h_3{tPpP#%nI=~xvUUx6Uz@gLQn8nty8oLWrd4M$@MxW-xA$b$g|`~b>tr1YaCBuhWEQP zn&SN^-UE~4CrhS<}6*&-32BWdlcZm z7{tS%vvirc$Dlf}Gu@x3tNjZ8sPI)NwMZaN5BTbdJQKv-|CH~vZxLpF&PW607pIx> zN4!kw@&?_1il3mx%Xqb3ig_)iA72jg{c`D5>lvOLQd`~2oqQjm6AMs-@uA+5#x}V@70V0sxP6bZ2 z#CQ>za_;P~iNm0R0={@9-La}x6Of1gz@HQxv&(`<+AVz7m8xSWvv-_1hGzFe3mzu&XL?9 z>3X_H;`^wK-b^m9PDU5QH+@;S?Bre!mlVclPGl>Rb}@5MdE_zyowXJMwC z`!|ou_nG)Qn8Vjs{_?Ky(%5iKVR*V0T7ju1x@Uxz69$HECzk7IM(F8gpxU+`CzjWC zO@ZgCv#gA5Mqg!Ig%`L+=-Zw>7-)%|xVq|UUMsX2zg9su<41H-YngN{VVOmGnEHfm z0|_glsVEfca37cO-}0=Rk2sBaDadH?DK?PYhnH>!{FhrbYQ?GmVLQ$$1PNAMH{rP@*}SM+~ylX z>J>p%Vp?{&U<`|>>q@<=yr;Dcs=|eh^uV0b-ISJ^4*NgKUl@C&%Ox0H<@I_c?~-|8 zEC+T$gQWQ)JUO8re%0)PGLY&oZ+^qrL)a4bpsZAELDS(~sedKgWG$ulTY8U31UI4} zyQ>UYpX1P@PN%iEJPwp0AiYPt15SaN_ksQrmK$j7c%gKFBh$Hrazg(-0zVdO%aL6F z3Ns?NMnocAVn8v1(}=x3%5KImOwU1c%j>Y*k(k%nI!hQNc0#HKNjqR}g$K zyJ^?OgTSCrT8rG1s{(Ney8yR4MbbkhhtbW8ywcd5NV> z#_z8#NAJh^gev<&rn!$RF37|!cCe*dI|qum?FHSO=fCOkWXVJVCU#j~#$agXU4CZPq^hOb(_?faqMv^MhB3Tq>OL>GM)My?;=2U#18cyRE8 z@+T+gS!uVbzLKrcVIhwk<10OD6_pX(af zKG!wr=336GK85}^+Nr|N{Q#t++Io1}(p<23>uv1=rP}sTYkR0y3Kdk<2WsPqCOT%Q zs@DUn!caAWVuWX-H{_|*CoD$ZO7!u-W)96IcNYF51@L zV(j-KdFVd%{?TR<9Y{8mGDs1C0XJ?`HDML&Xd3M@0!Dmvcq9~T2yZbFEHT6yCK zeB%jv?JMc^r|H?HwH4p1+P4-2)kCPBH;MH#OaRm5BeGQ1zY;2J<&I9 z_r3+1nuLa<>bv$$+of;XFHqs<7kQ-T%Pl)_+;E4Veqix%v z?nF*v?8p&)7mn!pXzOjGt#9dDOSg9Kk?9$_i^1CV4n3-N#^c_gKV7~V#8rcT{ldX=^WOa{r>uI{4N8;e|Y##Dkw40QXOXYaCx99JbV`aoz zQzo#xuKz$#u~B*L+JU-{+`D8uoQ9*bZ`SI-f z$BXyZ%JBS?@^N@|H9Wum^nx~$usShbCq-6cL>q>y;C5ra!hIAK@$Tg6_(ynW`1)*g zcKr!Ea(Z@seli{_rx#bsP`MmlU7sDl9}TaROW0dnj86s}RwX#jylvxp&T$kw3Kfdt zl|P;3i48x&m`+|?&S3Qb!#J9f3aImAp!~6UD z0UG6CP9M&=r0nozo(ix4@XuD!G)3h8(z9rmg!9@n5eZUzD&imxAKG5Yf86*gIp5N6 zdk3Y20Lng0i(d=`)RKWC?=IeSrd{QERSP~>zL_e|!J2rUzhCww1`5I*HyADw%TT*L z`qady-bKvFgKu#5CHSP)l)VFTnn!b&aCtDN4W*R87E(5@2eFsx$l9i#d&<@I=*?s_ z{P`0HF60o7L@D4J3wk8_??%O(z`9xUgFF-Oa2vRaygi%^u3RZo?^rAE5lhupowKvY zJJ}9eSvvbkS7MhCFMvQctcOAUB4Y>AQvPzKQ)7wPlzx{Xj%5c+`EF5bDHYUH7W^h5 z1ARETIy?O|Ir-`ATIu9D(3#-iV1LolH)Wr`Vp=i&3fpbj7vZ~&M;Fz*N3mrmkU=rf zFoS7NBMyB;U`laQO1l<#6&qB_zgftU)_uXb7H~P^<&DeK26(2Hl~0hW2|TfVP%_4O zV%%DEl(z}bJ!)I`B4QlZNzu&e&0TSfKz*$sV))e)iXw6AM^s1oipv+a@~o?Li$tN6 zzzLBhfnd#LUQ;2!rN#&bluxC^QAyE7Tv|m5f)T};C!I?aXB;KAl?7VsDbEw_xy-&P zY$1??nz(>y?j7WKT%6#X1*I58m4&S`tknlPKPb&(wedvA!Z98tl}};)l@JJly-}&R zU3yf!$h%uKZr!UQBx=eJvG{-w`I!$vMRZ}NGUWtj0#0%HHROUiNZaECA-&Qh%<2A_ zPBE;Ap9+qvlHbiG0a@OUmat?l2jR>7io&pB-?2>3v9!ocG{e{3&@uGb_9NTXRWq?- zTlH1D@VOZL$3PjaVNv|&Y_LkxS@!DY4i@U>)dYqE>8hgHcr{_>XdZb`#Di=1ZSyFP zr;k=&z)Xx`fu}swI9DDFT|jkcnroJzIxgn;8yK0GX{dBPH#{31DODS|`1M=mCJNeq z9SjCJFoM$DbC)khXl(WJdilICMeybe436>H+wsZU4?VDaC^m*=hOWc8o?pgbdW6!W zWAyP-(RJH}VfdV1O^e&miBwtWMzVs2<}nn&y@_p#`#2;WjE^+c<+~HrRmy+v(l5W$ z@!xk~TEYVT-BNfybbujUWpVhRd<(xYlT1X*d`O%KQ+cSCZCOd6xdnOinuyMY(LAnt z!qmEOv{!D@ooFkWe^iDbCUuIe?gc)Y( z_3>-IP7^K?y;?E+qoMbMDGRey_I#jjoA|>3!-xbtMo~J*&(-*BGP*2lcxcn07@>sj ztn*n^I#b?s`E04WX~H_>1VP}MYOE)Yt{aYF`o0y0dKkhZFR-@<-4}uOgMp)|mJ^$f zXY3GkPa$uHhIl)vAHr{-sV$!UHD&N@XBF@aC-t-XtnZ7* zZ4>KtwZs@s2WEw$eX^EqG zi4i-#nuLJ{v(mP`z)GCZ{2Pn2cVy~En!a^$UWLKN#o7AYuKa2LcaM?2IOEz@wj!yk zG@XQ&q_X&0uv|au)1xib?X=oRrS29ZA{IvZ=YIhJ0RR8IozH87Fcinn{uk2IU~MpJ zH1;;wWzaF$X_ql#Okk%;>;C_}m!DR2wd}{G(n{is{pS05N_aVaw!!wZne&i$T>(9x zXRPhr$LF==C9@Pj#Lx70&EO{+QzsI~bTp>U!{Fb$U}C(1m_xkJcQ2s(jYki05qu*8 zzv8hUj_6x&Ly!elVVd4OSN6v?vCo#<)LzsC-}lE4c;3Zy*<{;ZmDr~hu&Z_Nif4^E z$kuU?(^lo8qMgu^R=mh-I24TnE>@jT6w_rXb#a-4k$r?z8m6yk6zx`UkQ)y2pK$P> z=#^fem!}(h#ka#@JJ&ery&1U0pQ}ye&$$>`NJz=*rp(J$|2h{dvr(w|oKVqD0{AbN z%q|&QoJGpHtL+kWn`CS?xA;?XKAEAhv6MvWcPw{`YgXYK!9^>{?8Ub!+0CACo5NHF z_2#gQdXQK|JQ>yAy=SIol}bE>s8CHPPL5*AaGf8XoX%q$8UPg7^@dme!ZZ* zD3sOcSTIcI^j*_(xwx?@G&4Znl|Xs z>=L3Ex(Pi3Hq7}%uwl-FuwjOjL=ps<45}invoxuyLRN_=(kPU5>WL^W{U}YVLOqU@ zl1b$KE>eO)2%~+Jf5C&~(~-=0j44h7uSkRRBgiLaSTFbq9<`DEWXsL@lb4%b-XTc+ zvl*Qp<19=Ou(Ko>XV5GVwS(sbKIueZ2Y@xz*$^MBOT3{wE@xr&6Jc*3v3pz>>>sxS-?hzEFt45X?HA^fs~r&=hC198sE z%UfAE2Mzsx)j;3Js@mM&#*PotHJu1y+~R%16?)@6aS$xFL1E?`y*oWQIziGpdUc$` ze@`*a9G5E$MjY&}VMXUU?40qCKD6kDZ1*eVC#&;8;^{gb0}#B=sMnyj_mO|Pw&C+a z!xRqo6FzRM5>>KLMJ!_p>@>@i2$YJlIF>;Y`atechBm#Z-n|1Yh{$@sH!?$P#LcIg zGy1R?fgMH)IHQtL5)_pbcVy|x6;^Q-E=BfX6_IVE7+F{?ud{s)!jW&433+_p^f4kPa&0GlnT4@((=Z?VkDkAd>Q z@988g+fdtR&0(SzPST=7O%5HmTL6rfb+P27gjc_rx;C5njluYI7RAqX0SioMqit*0 zz4{qUlOIS7MG2E6iiJo;8O5ONda>}*Ov*o&_X3vizo4u@5)9&rPmw8Mp9E*qVhY5^ zn2?<-Hm6dg1d+sCj!*MjwagjG&yZpo><;m@NgyEL7tOvbQFXNF)-}dGF7&DGW=oWL z$eKMU2#f zh5^;Dt}vG^^aa1tG%B|aC-SHT=-1pRirp4QY0h)vClO)!ejKN&$}%YtbS*Evh?aKRAE`EIuk1P9yY3Un%H<8CvjQ|CFA;Gtt=#0ZTR~)F{(UL+#ACS)bRtx zmFTJK(;Cbu<&8LboxeSLm!G`)kpcAdKFm%suK2%HeHg3=Vj}yusN*eH9PhY(%VIyr zb*u`%MEzaDMnqIey|(?`c$HVp#%)|dQH0`%{-Rl9$fj^rIM3^q5kR*{Mu>>3WGhD| z`)#|-)pA#(C4$VF7dgzxPu&chzvv!5r>b+zKR+@Ts}^|1b9l!lrZIq_EB7URk}2l6 z&hQ@A;~dbJ01w*XrgwL3GBHzHSHAH+*16^Nb$n6^?d)N*vg_UwSOK}hv=~>8xl9&4 z7ETGTEZ<>yY&ViY9Ue5LqL7f&hr~CmfK889W}-xjQe;I zn`P1M1jP{V5O80~N2va%;_h*4<-H#|>-1L|1GO#^&n>i+IFvGF1vI|Ga?=>d1bGRi5epP= z3|3GV!}Ysfxko<6h4QMf0)YrpF(^IXk1Ejavn0r*ABQ5v-L$9Vx_q2Zo3bB_HMll> zu<{fLTwhga$0!0ni$LKU^1((yg*_04 z!fc7oF>Z4Ca#2>M+!M!Oox5DUUgxmPCWqv!!xZ#nZ_8sF2*qXAuU#Y)7s-T3gr5Gx zS*r(?X&uYbR2Z+KLs)ti6}XViuZ!~XYPncmHzqWUQj9hB?Y61VkixG&-NDuDmRgf* zI7KTkH?p-xI)d!s;hEf1hKKL7r#rZ+mJ3&xW7^rD!zQ$>?t5LAcIF_0)KuZ- z6bjH>?4s@VuF-Ul-u)Z)B;UL}e*Ja+{`+^YUcWs$JKUt+!vM$qGn3-52gz`VWpgf@ zgRXdeF>aP)50UE!AI-CZ1A*~Z_*GjTyNCsXmaaQWtu|`eBrNVG=@^4+vkflNvPgu$ zFvrvnl@Ouyt1X0O-|G>Uy+>yzA|$YMp_jonk%BrD$b+F1aXoKGu#eT*7*`{W)sIfN zSHBui4r#noHMf?Gal_ahz1)u`;UpAme)2&Qo)bPjw*)t>OSJ14g$9eFF3IVZhh^~@ z-5i$HY0a=Z^X6h%*DuUv1FC|`^)}g|Uz5GpPm+;9jNl|4McyNa$fi)}i_~04O62d) zcJiER$#ed|U32tK9PEpOXX@p|d4`VFYXvz`Ab!Qn`fAUh@tHLoT*@YI8@)51k)@$o z7zb_~ppntA=)zsa=z)jdFue!_y2oT-!_Kfxx zBOR?x3HS)fhs?HRWqpM(c8CU`=V#8Y2F5nf4^u+PLFNPeRMLMK+(Gs;_&I15*UQ}5 z(=$#3UM=9ZQIx5-piIxKt!7Wp&d@^Cr?0M?KUmX*^9$lOP=BaJ4eP{em?m_a@(DWt ztD}(@)wtK&_v8oup>=NTa_G7_Wds&>fQOqPsmkk_Q5@T4D`$g&8z_?4>5KMqOpaJ& zxL3gBF#8kLZPDWi3q;GDUTv5%u5<0cV+8_OFm+RuROfQCZ3gZe{hpP~wIlmoMF23& zW@zM|(H3Pc`>8e^%3INDrnJ-JP+Y5?zQOX{yJPX%)+uQ)lck-A9v3qUYCxp8f<_MU zGOW=i6TSZ*nip)^54ST#5?$U9Vcx7!=KlZy0RR62S)_?D9=Ryjg$qH;d|;CgT)1fy z8>ZR>LR0}M?}PfFpwNT496J7qC*Xjo0o0GlLkcI<5PQ*sCy4v`7T@Yq9MiC1eZImQrI& z_?A-8mJVEP6gUR zDJGPEVxbvCb3+g>xZgR!2}bqk@) z*5+jl4L;gvR~M&jYtD66C=g>*tj}Geoaa1YrSafJRgLs07n*V^1O)w<0)D9wGCu}S znx23sm9kjRlUi`VsW)-lk+lzT~k;J$;h~;|0M%Q<>0tD?g)gkr|sN`mh<9OPxCQQ8!uTZCS z@u;pQ8ays6yMmI_Z~bmg^%MSBeIHsI$DD=18*>_4J8hQ7Fdf$}6V4VI#;E4kD%SM~ z?5EVCgr=gIDmhO?p;D=6!WgB}{GDl%jku=lO)X_VH;^ zcG*{cAO~@B58WY90JaoSZJ$g)I;zLH?<92J9gDHvefQR1=GK$rIO^m;NBtK70RR82 zUBOa=Fc3Y*uc*#=a0(6~ZL#CjPw)pE4-GK%fYzy6$AkZFcC!fyP$-2S>5yzT+0DL} zC5xmrUqXG&dCZeQxv;U*)`MSWqcKVgsHkAe(Vb9#O2f0D4K?z#!G~9~CfuPhG~rIz zlx%hy?x5-g58|a#y;ubz8L4`z3kNPn*9%w6rYz0n-#P~pQa=uPPIpf0TnYN}3%(WK z9*TPlXknyy_Nls0%c}IEq3A+JlkM7NfZE^+e>27gvT}25Fm17R+p49-hZ25_{K-I} zyIsho^7gh0YF6!DZ-8ph-FVK4)fg3eP$yJiuqP=L&7hc79FoK?gQ8?-zUeVL+)En; zg|H^|LIdz^+Ec`_O%v?T7-+Rwc%-3WlO(NQWgyRcT{z(FJKcdjWP5~XIp$x!Q~r

=8YyL6P zg=xf01@#_o0y@$*(zb=vHnU)CEIaMt|33f#0RR6>Nl7y`F-l3aG)YcOvoudjGcisE zwua43lP!Qrz|z9PAj#aw)G~>j<}aejtEUIrdtnZ=Dvhk>uL*dj+61~)4R%HpsIo3j zPA<+&i3WAsl^isbHDTH~E%ZzjG@Me4vQu+XD>W62^$jibElrfHK^Jo&jc4eWLe9=Y z7tO;I#2os_$pi*rF<2#+0%CMS!6!dGq_O~%KZE_9z2jZngB*RWK^x3VK%$^-V?Hn< zN2-HqMHNg$k6$jnJYz;oMJ`K{j0<}8fjZ4Ui2qOa>b1F0~DQP%j88=62 o6rwa75dxqB5Yim<^a}wm0R#{KD_}M+6|l4(0XWgH>tVVA0B8`7J^%m! literal 35936 zcmV(^K-Iq=iwFP!000021Dsb`bK5o$e%G(qPG=g)5+z29Ns7Wy;xtWL=s>7p43)$@m0p z({>DVWSACM=ENROtUk0&+cX<9ZAF246|-9LY484qE~L>Q!k&H3e=$61ne zlXQMjYHeW;z#2^~XX1=X?1loB84HC!f!k=ACJ!7knHhLWxFp#E&`|soz6eFOf=7W% zGRafQAxP3p1cKsj5^Es+_EQXRXEX3Q?sKrL4%~jc0*axC$Y%s!Y&1E8%`xPWq-v97 zNQiDpa|iwAeSPZ16hOX197Jg+^u|R(gjb`6)Xk)jMfHe5~+ZwqUc*@Ky8x^9jpbL zj`}0pVdL?55D-F#?qD$BV`}qZtI=R02*5Drs6~23uzU3wcPaS$*Bc^c{0Rcb?$dFf zxNf)W48|^}Y(xUA6La9Y4Z|=F;Wpas_Cf5+OE7G=Gk`X}58?7syL=}ok0l2ZCKxE4 zZnvkKK8ks~YTu1(fVvbOFwK4QRB# z6)_ES#$g%?jH2u=E*elRqM;($T|?uy79$dd2~~^Ai@u5WxBFJdvd|59NCX4MwForz zud`(fj|aLS=^4~EaP>>W0Ib6-Ph*vDlEPUlDn&-E*UILA@v5{M?StZL5v|2T$&bjo z=6F!Z#aJH=_^Rxa88#Eeg3cO^vd$=HmT7S|W{y9k0kdqRBOci9*fptdn*M0eAJLKZ zjC}6NpV)6dk~EJII`gDjT>rs^j_ z?~s~EcfDNUA0ndh1i8p{5x?)0MD#QoOmw#*K_Fvb^J)6YGfgpoudDah5b`;pE1=6< z)>`#GiTHX;NzFcfl7KeBVzuPygOEuoVL=`W2J%o_Fb`gtPa|~CGfnIIRY8Uv87P52 zc$#!jG?$n_nTMI84H3g%xXzi8mkq zkijEaDYn{m5viSMgn)?9kR(9)rQSiCRER@uKlUeoqFnFD4auP?uR{L7L)X*Do}$iI zg<+_bYSt`3JWNlsRSVzG{6X+X^vqvPpq|lMqL=kVM>~nuj&r2q0_2nnaElsOlJTYN zVHxyTXlNfq93UYm4m-G6k|bp=Go8Lgc(-eh`op1PI^%7UJPcAY+BpxF)pK zr;SC7YgIg)k~k7me*jii_>tMK}j@4+Pr-L6aQc zQU1x=g^I{iQU3+t_I41L2dSfaXYe5bT~*+g1>0QltW{DvsH>o`I-~Msa(#5f+LXB= z2$WX_u37Mg`s-Bj?5KQpRH`~EEsEZik~*!5`GrC&l&$NQ+SgJ3gl3iK-WD&Z-Y?0f z%mCvV@`EgLpb@?lA4khzEpkHKOUbR+m#e47e-DU#0?1Y#_Mn(GXVx(*cAHgbJB30= zHQs^5tb?I?>l*~F9rmUAigyBzK}hAzqPJ@sTXJY4QE99^xh*`oy1)NvHaRYOeX8g> z$S+GeM6YMxvvZW^`MFS&kC(^z+<-T~kK;#k zTm5VOXK9{M4{s^(wP-rzy1R0M+Zlh<+@}Y(Wh(G1^4<@57_tPXE}V!W5w5x=te&v& zMM9b2<6Jc^MO;lNLPi=)s;RI(0jdYS5`s`F7(OxMAcM9faUkY-dX$9KP`G}SG5$aG zKzYTkuMnKEU*gieH^~%nN;;};*7mb&Du|Eq--dpt$Juv7a$2~3h^xUk&_EUG>mf!@ zEM-aPA>%o}mb_}b%%{f7JZhZEpQm;8hD@mLJsCA14DbyYBa0_WuF^0RR7#S;0=jFbw^b94TVZ zt^CY?~y4*ohLLP|cKqVf?XKSR}trj-2643&>5`8!;H(znqRSLk|xBVjNL z*cG!wb!1(&lC@JshapRc7abiV0*@dY7S!uOpz0>%0cvHsi}iFtRj>=zyrocLQ<;}) z4*TGk<}@T)qVhzb_*RltvOICA<~r#{WMG-7*tz{?+0dlPwQqQUWWCT?*t4SDC9W@3 z?F1>(CNPdlQ2o-akg45t4luYniJfpWc=WwtVhY1+1SrP*%wefMMN*y32R?b&lZb!8bBELheR?4OITjCv<94I4#y<=R>WZJ z9?$(FylqUX^mp@-+A>%3bAz}JY&U&AzM+bNzvmZ|9;tk!rx#HD!u!D{qARGAQLJ|I zkJ{Yv$u+?zEsynhWRFAk_#?s{TQcwq00960)Ld0Rwul=&_)xw|>X zaW0-FPR4e6&GkAANP-q?iPVvlZMBpC-rWUAkrHJ&_wu10k4S+42w)ex&%QwMR@~Tw z8GG_Fj!-0JmuowUJVZRmb>%|5V_{Dv|uMhNX z0KOgkzQ%LwEWhsC+0E*^*?cF9Z>?Z$R@m61zrk1athH=y7VpQqaU1V;>9NzPr6_}O zp0RFWMA>uwAq9EjX^>`V6*Tc6w!agt9@KA)dBs60w*y66ye-f78bDl#ZB5qvLbcwP zx_3((tJ_9vx9MtoS*C(Nq+bwo7(u#MRI9Zb_qJgSo>bo5+O#Bhg(1tjr| zp{f67n$V!Epfjmv>OED+x3X(>NlhK}cd%>T8xgaH={F*}+q$sV7-O%6t`vKGLr7I? zA))iUW}O=I0N6R6PT8H1(ehMAt>2isGsOdJl9yE}bA%$VUq>r%;YU$ZL$ff}-B^bbbHdonq z6A|46^JEkaX=74eA4Ytx<ue#@-n3+uV>4ug8t8#aPK3#7GoCHA>uDNB7B`dRLG;7#td&#foMpa z#VP2iG+Z>ZmmZ)h1)-?S_fm2lP7wG>rb@!QIZm8$G}nahdEmoja1N7f^z)Fh6!sHq%6ZI3-+bc_1zPr=#c zySK+D6t0vt22i}B0FL7#5RnmXN5 zq>ZZ&4U-+h#X{l)K~e|-3+nQ;0d)AS7AQ~YQJrB$0HdOv0DCL0qqCo3EwsLMt`~Su z+rGkkT012aEvwJX5_cAiq{~}=BS5+fm|o|*S}c?6w&y2ylmIikp=-Ok5Po;Dy6xmr zb<2o}9W+Vk6Taeet=2iuzLoN#CF$7wE|xAVkjC@7jL(8X-lEqEZi~5m{4+8%Jh(2J zI@iTD)tQu4(*@jzOCHM#^d*~F@U3oM7PnX=pVOCl1z$=GyhoyJy(epaf+ZkYHW|o}U3J4enL?>^*QsyqJT+tNnB-3|oyBI0xWQFrm(W-aC9; zvvw00W`^sKFVrg0XABG@3ItkdB7R}}f7zE>fOzXK`-o;WIap97lqh{LT#9mucE={; zbktH!@lK&)A#UrK`px|iSjcgGOE|i(_png6af^?-4=C^3aVhZ|E(Y-vimntib($=L z1kojCa4?nn{QCIsr@{H@6&NRf+rvHg5-3`v^9rB`!Vg$0(49AwzPu>eVh+%#hRUs+ zW(J#0R$0B`aPLr6Xtw6z16%WuVEbAN)~?w~ZQxZtOC!L;pnL-mAVDFf9J6Hizizh} zqQ?QmE z%U&!Hv&D?$4+sNMGlgUvVfu-c2*(3OsyBaaj*;CUryRxN_9$CSr^Ft{&_VP(L_>Q| z!=OYyUl!^0q+^j-Mo|LM9w4P7U_@90U|{M93SlsG z#6vJpuCucJ-XBCJ3O;4;7vU5*sX6oj@5Yi6HaqnaE~&}3X+B4IRw9Nr>)usYLxAbBdazM3J%2&nT(K39iiQpBQw{J;(X%$zKyLpk0>#eO`y zdj0Oh6+1rv$bLM&xHvw)`uM!IMi^LsvM)3O5Ld#K3Z7M%kWO8^J-s-24Q-BJoV_`_ z`iSPqtFx=~Q?PMfy}Mw??EUe@)!E61H^&$3{fCS9?=DY)WiJIqPN;_m7C0dy6{`$Z zHTRD|*K$IZ4LJo05ea}$0D(cN&6m4LN4<2;tgIHZb6n+dM^y+s)Q3$-cW^vx(kd*M zr6$bz<;hE$g|Y!)AU_KB??oxCCrok^cdT5_ zLNFc+fw@vj#A;7KNCUP4@Ra6JHD&bKE=HZ4M>mwd)w*w2!7_~D(WU(WNO3zWubH~G zAAyMpmMDC5Is$nIqD)>o52_-X6d+?*bGJ4|bdoW3Z9n=2?PEX_>Po9kfQJ^^c>4mG z)P#$I3P6|WW^-}SP79z(APKsUzK;V&7xcvhcyuQ?e)Hzt$#HP<;p*M1R|jhYRN$Gd zZrc@5R@F6H_fQ2TQGzv)V_dt_NEWfxqq_2DT~)PyKAvc1E`m##R}bjw^=Oh zqE=6soq5ZP6n*gMC@5xR;mQe<)I*x7mt$+uo{YOq7=&XD6q~o~Hbb1(cX&DhOu!^4G}rK?aE z@;Demn`1ya$s>lH_+stIbp#*lQKXx$>BfHOIf>znb;Gf|u@!r+?Qwe?Cce{g%>|LS;ppRK-q`t)g!v4?#3 z-!Ywi{Wa^P(yYe>+VzjVWliQx`wjGQg3#a&&;GSj($SSkRzaGTP)dM;LLD?q<%R`e zFG>*i()mel#z}rhxB|g!A#T%rQ9^I~>OeM6eBTsf9>(qCf2{+HNqR4oPZ!Ydd{Nb& zX#k|RDS=&{R0>#s!U26^A&QR2otxG@I|(f#jLgUZ2IN8yec{H59a~YNCy8y@V?)H^ z;CDS7xH=Fx8aZ(sT2AE0{_lG@a6H!W0P-PSNj6iOAWR!HmW;N@NJEpX^t9%asu-?P zn4WI3kF2rSV}n&lP?^_*PO8~j2&}&Q=gIpIXD>lcy*&L#VEk)Dxl5x}UK%<)sOKi1 z0i@=jNtJ?uXf?D#u+&OSlPPJP(BPMB8Ex>0?J{U0eZOKnhhMsj4+pzEy9bMSAX@N+NJU`-N&r8N$fw&*B@~Vnz6c43bk|`eOH$<7a9^S$qwE+29 zs#r_?^Ak%}fZ2s%d1;l3Su|e`@j9m)q@C&!DEB(Q1I~g?m`YKLVwWOYs&{EpXXwQT z;z;Z%6?-cEu@u?5n?PwDCzH`UoLD^|FzRqtDoh41$HV9o)C<7pvvkS}mX_s0v?T2b zqQfmwtR^5wFF|Q4z;3LRC!&=4u3kKx?iw{TTI)Hmb6soLs-lXtd5S?1_|r5weoakB zld+|5|7#Ad&qMWs2db>rqxU7F^#kT@K3#~1`1H4j#CHE0NEAAzY1l~=k4?|^BiGhL z!%Q6A_eE^+Xgqce&v-zq0qu??6OJys%BKB9>9g4P00)7<;G>c4n`RVp*BNisXPq84 zlv(E~x&PRqQG5Q*>dhqWvAUiTuDum#%Ut&OF*n~StM(2@KB|8K1q>})Sg^*UQDjBB zXSj|qcFk9Hv2DWYG0xZ~cQ}0dsJHI~zX`xP0_NHef<_{!8~P;?!0lu>BW8d5;my_A z@x{sOJu+97<=Nz!VYPkrI#4fLtI(UUQV>mUc2+)m3&79i-Y8n$r_S@^R$*abme~2qXu9XxhSC zdAPTcT=uYy;_@j)(@Z2de99lbX*?Bw2Eo%v9aJQv$)Azl4-po6-ARTLp&(I#cxP?V z+ig{wySn2VFpPPGfuOM+xw`9zx@(T($c#PP_PJ+r*EA9@Np$y*1q{v~1sJ?%hTR4X zsauc-=%Zrmk8^zgRREhgaI>T!1f+x4uRZGX$wN3q;o?l&j3{GDEZC%Z= z0c_0az%ci}66O40$i5Q%9!ewFii5A{xQ*e;XOCFq`Gc$cKL7v#|NqQf+isjN5d9UD zzU)eAg3W^Mjnua&>RbN+83S9?2&}y*zh95w zQa?PPUCrvcpoq^fv%G3&`5zft{u4_(mVOLJIZCl#6Lpnr!FG8q7;3@&gy@j3j7W8cZ{cqg?;g(Q`hRh@6o=d-qfEzp~y@F(XaGlT?d5 z2X`0VROHfxh_LH5E?|`C;HNFW4sYL0@x*k;oQI<;F`5CW=AF6|O}m$^nXt9JG6ZG84hli!CwFX0RR7-T}w~fKoCB+zryr@ z91UNsnej6aXfH&vch~dSo!y=JW+*-` z*&sOq9lF&fNQNn8sqfgO?lP85pL376ge;Ef9zuIM1g=KAYmrFnkn%~J^)Nw z$C+k);ig+A-T$VmLbb$rO&8RX6Nz3+uBN2U(3fry_Q_&#^QVj{R!wo1TSQlSOdh`5 z+vL`kk=-UBoF11}yfo%Ax0>1U_qC0Kj{B&9o0o`oED z;Nf$1q6{}9&lrfOLgKn;>H*RDMwGJ74XG!J9VDDs&@3gvCme5y5`Y=kQI>XeE|LW$ zLtw*n!Kgh2nmE6#iM3@#`s0KK<{E88=EAN>r$t!=#6w%iHBMIw>;r3eMnf|xoU}zq zXO*sHHZf0=MYIA_5)TJx5V>2NBt+vP> zn>E0jJ!M;KK4lO8;fOun{3}(n({*g&dsHNmH1~Pt>^V#Rjnm|`Ql=Wds69uQ1~+$? zcttA-3(-%pja1r7{&jBSinhhroInFSb+u2?-shPv1UZj&zPP;pcy;;yD<{DE*Oh@9 zZz^L>5^K`tpvV}|Bp)n@C%^FGhFf?t>i}DDxQZ5Ypyo@?Hph5O?uo4nejBx#x%9Gu zb34#bX+^aXH|Y&Ky)Hs0eXld{IEAO!#k4Qk`wC%BEQwOU`7$O=fisBE?=&AeHSik# zIIg+fKU>nt<-T>AXV`}JJ{29l6I(~;8$X)O=zQYFLUN7-lLC~0vePL5fcDgqg*lPL zLRfCzZ(vgx)FL$|5&B;j_-1j>#)^6o)I-jJ@81Z_G*rXt#z3xtX6n)^lCO1n#R5ScDrpBuDVn&{*e!T#{inKkFrl}co|=7KN~HYE z=~i9j9sDp_nib9evLjH-AI^VVe(}%8SN`{(9f8z5JUE-<6f~U4Y^2LhYL{5%s*$G{ zWn0}k!Ksl9!c=A(kK_tqmpN_MYP?sz>i!GfWlR&xjh!__RM;?8@##;V~ zrj=-KS_#tXhMj0@xq!EO(&IvwgAmBbJ2_X;2~mY=2CAAxu)87VxBn}lR%SGMJhc4bK= z$?;?}E)-6i5lL_f%Cg4sf8Td>HyR*FQIab&>#9T&&=CPi?G=WzWUhl-% zoo|M(1qOQ%((XJ8Wm6{Vd!u1PQDL2JMZpw><{F*V&kJBmCUrK*FIj9aHQ}|*6x_UQ z8My`4aYhj3ddk&|3MSkto(Iz_(dp10lY0uLLn&#H**Hqr=VJ}y zfQwP?Bph49o;0|@G>jln)9j{p(Cy;3&OEfq+naF@ENr*%4&9Z=TQVFgfnB1FDhbqw zj9pq1;QUaHiptCwwohU;=H>bMbABJfdks6R1YgpR7RC6k5sVc>7}_#*&==ZDQH@8T zUNs9|X+|+azdHmJGq8v7^I;ffE6%bhX(O>5S4K*;L;@iv@0kjM)R)VV@*7MI0PT7|z^f0hcmJCe4>!Y${;0_UL zg3J{3BL*!m5QooixA0{lqHNmjI;B@U&5o4w-;K1LdgdMQQoib?#3HS(Y{nyk_$angmNMaijXUTq_hzP$jM z_(tjC>fz4%o&)*9LFssqESAD}F)t>gGHZcukqr&_VOaPCu~}}sKDfAiadZ;CJUzKM zJwAGMaCvlk5?=oG{P5zhr^l~Uioa5RL0{dBDlG`ZWv9k}HB22M9343QJ7y#vjW5(g z;jW_r-2(~lu2NCl2Y#0TSB!EW z@YUf~7qFz%c^51;SST&9dt5|%U^Ze|qGGr&40}3_)jpePc`bKl^a*t`KcF!+B(2D9 zMOxb51LgQqMQOY_JwJR2|Aj9PPEJlQ!^`udH`~3fwp-Yu3xRzQfr`z>lUdkDa1Rww z>~c&a3hMBj8x*r}7U3Ns9!11Qs(B1G5$<=(h}1<5X|#+feJ{k0eU-GhhY8;f#y8O| zUfNqS!qWBJ0qLHM=jztaDxDM>w&`;Tr*xH3pJ+7(T9>ne&;VhMj_a3B+C4)o9$<7U zD$8uX*ugfvpCWEU`a@)Cx2he--@1l&b`{I}mFDGvjP{Y#!WabF2E&~c!}T;3jK(?k zHq({&Xo!l#d4#UKS22hZB-?f6G$%*Z!n9P=*|sgJ>TG*lox0%;qtggBNgDJ5qcYSJ zt^&SoH2)#O_^yU9jQ=oB0I|I}09pq>f`>9B6Sd?=vIC#fG2R@VPIuc!qEqQi;h~4?B(btJK|Ev*iU7yuk#u_7WnE9o4hj zoJ$vwj6d|=54t-ovsd?_xxNO7Ym2n>hF=v0ZLA$YRvfRy|EN>fj#cS>^!MLwtbvhq z_>1b!*_Y6CMj4ICM~fV^h&Dx|vGCLa;zWcAdBAT~eZG?pIfYass)MozcXqMqZE$t^ z!pCN-^>Q@du28;hE#b*_1#*3G)$^-PTRF`-sRtNz8hUo=|7u6Mg+jQoB!*1M%flnaa^LrM6Q$Q5x3s) z^>ivyGJ>>*d8<)QK&JMS(c_dV&u^tI{Fk%9z&OsrNVB9s&TY4=99C=da*~8k8T#fG zB(Wt}0nDIO<~t;h5tQ5COKtn2N{3z_CB|fYp80)k43Z45vTR0|NAn(hOSw+T36K(b zD)r~nMY-t7o#@$|$0r>j-$dU(yPkt+&I=IgbTVqg@(z*3RW=p1x;gE)$axW^DJ7PO z#=>h;I3epUxj;BjIlGaABD*&}d5mxK6Fy`VcgyQMA0?RD6u)~Gm8|K@K95RrUtnzo zNyqrnHE&D;s&SSt$mUXIhpSwoD-Y>;mPg5=moXiWdG|7iS+H~|hIedo!hxkK=vJC7v83yJ6BitP)NMhG@8xii* zoc%cIS90Fu;B`wxud}^IQ4cr});WN@Q;ac%RFx1@aOo7n`r9LjI7tSR0ewq7AH!jn&2^zS!ejw90JQ!fuiVNLx8G0AIF55?V3`l~%5~l0kg}oEFa87V1H??Wsm=Da zYA5JsM0A+-=o6u>!Xbam<9(x1Fi+MN#=F2Rg-NW1f!^0Uvb#&=q{7sa`>x`m_gmK3 zGdP2^v})})xKe1om|s&Fn2O~aiL^WI(a6yz6Lw;GPZ*c+}IX-D<9w$zY2Ay{7CxBG)gAcja~56D%L87<7AeG@;a7 zaHdag0BW-*gvhBoVyy}6Es)!j7qSM?kHXs>B~|H-P;mWLfTKA*=M=s0PN=$M{!Nl` zw|OaHaYgzfO+MBy>`Dn4WkODnNp9jlPUK;uOOBF#+pc!2kj#UKjS6wFiEv46w}1lh z$;L`GBRxZxO`&x!@!dTTO5~Yv?=)Lb7@Ts1)mL(Mc^)1dAN_n1zCDAPyVY*U*3Hj^ zqk{?IZqKor+78SP+Zir)wPAbuWBIL0O8d)#P94BO2wXTIhTx1Af6=0Il&>&ul0KpIKL%h!wmfC}5rNsMLK|mI{7Qy8aixULIZuGBU3akn|pssa5!4bph#h zz5D^+#qCGv%^1lKZBmMwuBqYphw9-ftfaX6{RTlQXT(Yt!2d=Ivd&}h+H5>p&^==A zp{8qVNYVSP{6;H#QYVm~M#*9{5jsjZ>E|qUXJ}NSEw>rj@#pMIy&|?GAf)}WObZyQ z0C&tAVgbQ#phs4QyByP>N7GxbKSMBFlq}YCh0y_Xe+t~m3E(klzZj?F@Vv9<6dcG6+m| z^#15~wRG~R&8szfwtT`%Z8{y?%P;h1`DzJWbYs-E?U2cCzlfhqkSKtG39kU{3;Bl( zn#Su&p6v3v0%ujuM#ze8Z2@YKnZQ&8w7MT#E&g!(Z94t6Qp;A03*P-lQRA=!A8rev zJW`wLo432K8aABw`I6<-P0z^a?pDh83Q>h)F5&)Y#>ilX^fu_ydf zT;3HRR%zU-G|m4qu(3P}Du>lA+p3I#NQ>c}G$EM#-vF>g$N}CuL8*xb-4t+#xz_az zwXIw~#RwxI0X^3a|u^8%5mIE!gt=zoo1hkvlAQ}3& zwNv}br0uKX-!2wti1={3C-_d_!V9h*M4V@|(5-vOk_jD%JXS#}1@kPcr)E>-A;@u3 zl#T-gKH^ES$sD$lDvhFVq3~^F*0dBWLIH_FCQ=$EDN0lulN&v7xKazuB`%|}7$KiW zAG8v*xdgk&cduYo*j_TVxtuGBJp6x8VY)p1{ zjqf%65AL_Qt7wMg{-wkBmsU-E-P)#W?3-_7Mrqp)?4gs!dB2|}sh>x-8)U7T`=t?T z8vLcVD0mKi6w@i-0!!5wA(=a6Bg(Zx zNTbToqulg~Js%OlHby|Eu;korIL@XY;12A-7wzr?pKXkq{y!w+;4Zi<&s&y*`)XM( zC+c3_ST>aicm3K9bD0L@`1aMV9XITd+CDA6qMZ@tm_>mU+#NJi_9~Y+tZ*nDaRn+? zHYqZ`arWW-8VhsO(iw>u?0H5ui}+RyqWZ)6WaAta1vn0t>*Ulqh&|+1w{7-R zi$XF4z>j>}v(nU!%rwu;ft#6;Z(5dZSqb3dEFZXa7ln&xV*D4@o->|-z){QY+?qMs zrP@8iJsUG~Sq;yGHG{P}B)Ep<>{$b@?QThj1d+FG&%mn~|HHOyKR_z^nVk%@*E5Kx>{oh@#B(Og~AT!1LY2a--adV|!&5 z;%4D7N`t3u>Dt<8%Z+8`P77emip`TP?SIZ9k=Yvov0wp1eN#Iec^a3J>A<)ny1RUmhGEi;zgt+Ol!u z3b@~FEQ~e0EX3Zb$}7=;37{U4#GLRr>SePj*(q6$CyQxB2CI*Z`pMN53k68kEap?F zT&$wfczbg3_U!ER{POS>_AiTnHm34DI}Y+R9t=|WVS0Y*rm5|xQECI4vRr%M52M%( z{#;B|VW)oI9_F6o1#uSrlQ5O#|9?YOYf((ckhUQd{_i)2R?(ZfW8v^-#s|_u^n5F!K~H*i*`6Br!W1pS+CwZ z-i99L71Rq2Mkvz*c9c~^E|QNoQB2rwp5a*_w$l=HVmZRSjZwz8MO2O-jKOT;>^ubGYjIxNe1=0J0RSRN7)qM4w2Hc zNc{bu^owKnr`e+Y*4jfVhhy$JZK;em8+Z8v2R(CO*!G_5?YT~^%uc~YcIFvMI8*|d zMf>R@LVsqwmb2m}o6i#8Wt~+RV$rMDN5_ZZ>Fd`QhnK#qmonu|%ZC7^@INftHAqrC z9y!(P@aMzJl#c9~Rfv13{T)zWj5=!CVOkU%2#-%RMh|CUke@9{w@T{*opB?3;t$Swfz#`=@&mLp1z5$05ySp8tZ?F zgZ7goF|(l`Sa8shlMJ26i5skm-iyy$e?rF|aDYP~G&U3%W9&UQ{*D`n%t)SmgsTRa zKzlM>j2nOUh$Q?SzqtOaH_l6~EmHm3Sc|guhiKm1iRCegpIh-}8?$B6#!ZT*%;|W*3-qtBZ++wmY(f)Y3T{aLyf7@bKBv zfLP68BW_l})zf&iD4$aQS~2cTnoH4pK$*?m0pN#p7$ISE9BVUp3yDe@|T~z+Zt5WH*DLqKuAgABu|4Z$}`7ufsOS&H_q%V8pM(9`2(*}ERqDJ zto#Jc=a`iAI-_N-Boo zs0cqTC`PQJw@0VpFP8@|jt?)wGF}dO?!%hIhl|j=CKIs!JeSmen;ci82J@y})^HiaB=&>M z^jr`$^I&M^L7uy5;KY_U82VN^uw#JbAZv0Nv_DV91`y(HJduTh0HLJ5WoJRZ@3{FO zv%K6&>bRxZlhH@>Db?viiMIp)Z`6%_Mvc$;O)u9tMd6* zN;U;wo>L;7o)Wg!tc;>>zJJR;-Clpaxzn#x5M7!Om$Nm#AE^z{8I1eB`Sa%FBD*1N zL1w`-e5>{_f6{{v%J_17J+|7${_nI$@dQ|LSMN{RbwckWKrvz}NBu=l2`r=8EDvE` zOGH=*sl~gP&5JZ$mNKnYB3YJE5g#SS9MRzOb+TAT$6ywI1XDxNJO@Kx&jQx(mlgu;cx19_&Kd@0lf zbAY6o_iT-+MYz;CtiozKE%I1Il_=B1mt}rBmSp~SB*&65G`aYQNk(|q18C17J+8dE{`CgoDlKPuAXGs@p88G zPZI+=A%!iF;C3;CYPlh_IQ^#I%8?Dzuu{Xdl0U5<$@6pI{Q@;Qq=-VSldXxfS-hx& zDdpmzl$W{xFIVTUMQ>pyWaKYly_alsis^g8+gB9Y!Nce*$n#mc(#Os`siI2X3zJ0} z>1{p_qom4b$-IzZTrSG+2oj19qtSXE^-SW&lTguW9j^`~lz}KCW0sKpuI1YS55v7&hVxVu>HH1qcpEmoEE@uJ&+O{WhgL}GOsnDBM z#D-04CT0PCV5412`B6}ib%AF!o+27YJFtU$M&{^G}mwcE)_XL zow2HDSIUfnG1%JAaaxp7CRB!MX4F-t;j%)ACUATpo=mS}F)^Yx$0$Ot(%NiTM9{Pu z8?_{P#v*Dfcf9L^76qb%(;SniD{L^Ac61#SW%1j>bE}ONDh2a^xaf4wVAGa6xy`vd ze_`@CMhOq5as`RdD8Zw2A&tzI-F51knTSrq9@Q(_r~$cx_A(kpz6Ag$|+U znW=^;=1KY7=&Sz%00960tX)fQ<3WP++9H}!%Bef`huG7-ts0L9*I}w1+)w&}iNz8Y_>6ek5ALXV;NdWjLcPGSK zgPyQGaJ|}IDDIRjnV{p`o*oe^+aA6Ki&>NpYLVo4~A5vg~nOE<8F_df@A8G`xvkg2-rUj1|1A(lsHF}l1J%O z(!;x6=zd)yz)+NYdHUEh00matKx&+a8e4l9e;du`9A)P+p)(Ujo)}}_>__7w%%%sM6`5lHI^PZMG-MX!<)L(@^mtxf6%(B0!`I$ z1n`~UE_b=>HUCbZ!SRh|^+Q<)6)BwYD-x;2n42xcZ&?#*kg9!u)b7Zaf=SfS&5GIV zI)^`zZl}qDkOfiFDq=ZgB*_W1pmT}*%SvR`;MZ#w$jzaeBMi|ASE)Afg^;lg6rG+g zr2u3=o4;^2S&?Zgot9**xH`fb=qMIctegO%nE95l3g7ca4fm!NJy4e~sH_L=gj@~A z&pJ#^?~eFaF0~~rf0KsSXg+r!7edCodm4?|`6T`75CanwER~jEE0g=1^yc;<{ps%h z?%_`4WVJ4fGGvNBXhR9kz+=>7U=i7wXqBZIEHhdei)bho*;mob=+_`nc58nx-6~B? zx#=uUW3rNM5*JW+cYR{c+C71YWY(C^r;VI)El#&S*a4djYEP7>`Bs@C+CE9|+!h^H zDUqO>71=pF{BC zAmJy;CjskiaU0s>-XgZ%WHd!kOVY4f#`1mlv|hioZ!Ry})rLsErB#MQ=S#ZpFLG7D@`#Z6zY?(7*LCqJW3<$_TtC1 zZd1L&1zpEJ*#4$>Jcc@&Up95(TO_HMs;I3>TU!hpklRFv1m4Ly3`8R%VDlH8cf}e7|CefAH?AeW&vaJodw1 zWLWfXs8$56>B1wv=Wp)!`5r6(3K1TD!Fyw9ROIwC!&WxfH2F-aZO#Qm5MuAiZ55=0 z{omYsQUQ3UUdOu)q~Y>dwQ#xLkA8gT$Dw@VLFhgt5&`l{N=<&PwzQJ53Y`d4wv zGsmhtk3G+14nu!@8}+Q=%@^w)B=Vz(HEXJ}<55c9s?N+0_vqL7ZISE*SZGDIQz7v3 z&`*YMZ5Vn@0s+jTR)(j=)=>di636aL;(FE%K-yyJ7Q?^*80xOxphrmzz<=ak{KjOL z34E6%@w0z-+Em@{wdd>v3?)Vq%6j()9)%|V0RRC1|D;__PXaLzJ@YTt3t12omtcrl zIcW4?q9+a>H$+x~frWq`48h-S=gmxaT0TPXLWFI*-Pv|#`fT6hSIcg)4_5fB-zEI| zTrbJTyGQRpXV96NuoUN(IeV6lvG%c*wa}Vrle;=|xrPfbh1vA3)h+^$(AsP3Q|5o2aWdr=I;E|W%bn!J_WcLI3Kgj%`Y;=&5Y)&TY60K>G;O~ zrO9qPy`FnZMCo|*kGBNI{m(fmOW47Pdv5gB@pT?7Vn}L13mmkf7i6kU8P)NYjN6OM zsJ!@rEvfto##EwsJl0lcyZq&O6*N2!fmI`C{v!2VrmF%s7aa&ARy`%60(%{8y!_F_ zxXipaRY5E{63onky3qt&R-CJ7Bg7jJ03{q@!^Kky6jlRiCrMr2HYVTl@>)DU77zEs zC!)h%eH&o{<4MA&1oHsUy>bO)lrmpko~^0li^}u_!-s*bf>^qI7OB_PZe>Aw6Z3+o znuF^>ekpAT^304aQ4t|a(meE+iy+_!<;;<0%~2^EYFPr82)jJG4Cn}kqYGcLA!gUu zMtEJ@3U+fWA!%Ez2dC=?Npl|tf*O3>4(KDClC zS-@|WmpcNR46YDw#L>PaerqdAKSLJ0h(Tr@=tkZFo6bb0gRE(02BX}Xhkj{W2lJ62 zWQ-zJqoD`~*oR0Wj>u2Dso%9kx$4Lw6pR2~F=yt;__fNx2c&?T7Rq$<@0#=cuAQW^BF?Y*2~9S+-W7o{ zDzM2gIu9CD?MpWODlZleMs;ov>s|F%Zpv!4-LCe>V2^3pkX-kpG0}+2p|1ulMrAaw zQ*jtaGsCNRKf|+?Z_(Uw_=p~1Qjsg4 z86jn`5EEZ+Kl`ED9{>OV|NqooTTdHT5PtT*@Ecf*5lO(5rsSawsgMv<0jUpFgciIB zR`D+Knp%iIpEKWF&SlS<+f!dcZ10{um)W^~Go#JCkO)ct?Uf_N6LO?@T8SsziY^YjoR zyARdSL)O+2D$;s>XBTauKfHhI9_xc7Zlv}5{=Yk|X4vlj1ZcTEw^i@n=9@LI2q1={ zZRJb_DzjYS07;}TDg(p_c4UZ{pWDVC2D<9inv)kkr$E1&VZ2yJeU?5L(ru(_b=lJ^ zH7aYIFgYMFcd_qG?Sr?_zfPH+^5@B>aBghfNZ*k3``{fRitO_k#>=IlxXhJE^g@`Z z*?tiL=i(Zqb%bFJ{;WMs%ImAi?)TmO>+S98{m#4Thsk6wAJvfiqM(L+2lh>`3&G`g zwpxzl!A&Cm@TPgm7)MZi;7_s&Y8Y!vYc5UVTy zrLLs`+|5nkc)Qx(N|wW`krBLKLEuw@vVw_IOCd4RsxqE1-{t$F;V3z(l(&rjpeDkA zmXTkm8T^XUblhRTvAL`v{ZdK`A1@BW#yjuV^-JZ z_z(I`5Z*bZR2?vK{VwYkZYfTD+PNTCO!C+;cpZb$#r?YHeT z0xFX|ZOoDFY-g+ak3@p`-SQzkPaGmyTu^t#$S&1{`+R;DF9%HvyneFNIgtS@&h9k% z9+C?-xRc6ya{jE`{iG&^+s18wpW3*nDEwpSW(x_A%2%OJn6>E<&~OIW;@DE*>&F5x z~1 zN>vMto6o{|5#VhZckBV4oJ4?8W(%C5w7HORNWfsBPIV&+mYx#8h(stzZW>@m_&CPVceH?alpi+N|n+E17mYW1Sujd)%GtqqzCe!f38J zOfCMNIv_%C;_vtKy9~mPC;_n}S-!fg+_^rG9z`1g2N{DgH%AKhL274Rm5vtf+sIc~ z6qroc=*V3E>9<2aJlSjd!^k{&WA*-?Iu(_*IqT6*&Oy#`rm_|d z0J5w@`=qCOs=i#HrlTKcwKu?@LId$UV(ar`{?1$e-r9}}MN{SHb;8aJc)lH5cbk>r z8Z?ujQ9pc#SMC$lB#_RTgH&P{9z&8rk@aA03piWtFv?aNTljK37?>p*fMTSIzu3f# z?{S|)AP~NA*125zN|wek*_UuNJhg|TjV+QI9UcNCJ}3$Qcnn2KE6-GmZh1ABTCQeT1^GLADFh%K^tV2+q2_;{#H&5&ugb!NF zk@>HzXYGx2AZEaGReLr=bUWjwd#JSo6pM7aG5~z#lQ6|$f8OX2h<-4N)oOn!<#SbR zblbx5%_T)i%;;z*%Fy_R&L_DV=*(`J8)Qv#6KUH8luGdj`(o`{k931}cmwVQ>2}#h z%Brf>ScIn6I6}A0%s542w}~Qcu#+qdxDTeMSJ1UzO@bF7$@Q0EFWu70aM!*>a;4 z7v?_G^iWxmP*vk)Gp4_i?;v?6IW0!H9US1fpgvDiwG_?5CJVk8Fd)YcQ?B{MeOcs~ zd(|ho+;pfv&Q8yd&o7QnFT{np?%togU3+iaI1>MR`zh2en%cFcljQiJI5Chm+1&!& zrf74w3%G%ymmOmr+pz3*b4Bj6-@Hgs52tC+yP}8^iKHkFIULU8H{6FB`HSl1GL;nM z2Y0!I#4c54RwVZDD}+>X5);n3Vdf>W?R)pbJEn#ieWr8;o77I1MYDMxDWbHX{1Fm? zY6eQuiE@i7U^bW-ZG;rpy91V>s8+LltjCJCCDJ@%C2)W0mO)OEJ0oR?QdV14Z4}xG za%uSBpiaOptCtK>+S7`R*$TCSc*Hi7mDJ4S$4_G&HeXGyt9qTJ(QXDjEc>fz9av{? zVJ^S==dY8Gm#3G|%$wIAn_^L!=)#QFVl|$9T5ix``bKvA4TCnoktWWLJ}sYpKb}O6 zA>lYvgw>7u1Go1mJPD6*al9%njsbUL+=doxwu3C^j9b&H@c4Q~g7w3(D#*k~h;xUX zwomrG9{_++R8ik*+iZC+Qub~>YX6ol)^uiLr&=2bPHJfp-8sr01MTdhl&8$>vY4V& zhX{&7XKMfq;87CeqTj6~;+@i_uXHrDR%?OeFx!CWkmE_zcoQov!3TzrWgH2#n25O| zPjR|LC8376DJlcdBSniNW+_r@gE0O%&CJ;0w&>zYs0Pvq$&wg8x80FdIbw~xHlP$d z(N%RkFRC;)W(Jr1MTOXQrOT^p^-HLFqN@;V)Rr%a09R6TuCBmO#H~D|w9PHa*)>DG z;zrAaTJDFc6eP&1$=gEMbXe}eYU32hSQd!(>+b4t0QlV6DwwtLL(~|M@Ld?PFZuBW z#tk>MJT!;6X0)3xV6IFsD{QP_OHe`?yH{=NMfif8>tB3wUnn;R*bwePGO1yS*@^%& zYyy?EJqNd&XzwFol!wtYaJzmId5+WblDK;~9fWBOqpWMf;F)!g3HP5EPYW&t$3x+@ zSXgPjJ@?4^dS{P9dlcEDc$lqlP#RzFnkVrS3>04PU_*{Z;ppq#ad;fjR*GQE>jm^a z{X4{8SgLp>k$cw9Ubo|UZB_!P)S`S4+XCI@8%)9tr`n&5$kT?nYLwONe^3mNg4)@p z@%2*tIpECBW>m)FNwGbQQ{CMVVoiu&f&$WdgBvZ>f#n3#cfO*CS>-TYMi^k>3R^}) zhXDG~rf_ySd3Sz(c78@28_w9`YckI$n~x;L<6*Q%2{+etu$4=W49}yW>8O6<0W+Sh zHZUkRFnd#$(-6cj{mc!wB?JmvKKtdP%@zu1u+WTOY6dedZm(A$!=Wcf4jQtV?Px$$ z*vxE&>CAEJA)!MsL*Y>h5J~qgdQ3 zms_3%G~RHa#c+O(d!pTe($}X9QLx@^)+@|M^`!NXd4s-t(F!v@OL%qO37##jpEd0X z3rB@g7c5OBo3t)Ss^MZsO5q}+7^^WGKarFMv`Ap_wZdU59k!;!)@;~HhR>6s4gY6D zdpfk!p&i~0^GP*KPDbM>yc)(Qqi`6Vj8eS9AJdajgb!yYqxgx^_8;t{UwE9k&D#mjU&#mj6w!%H&0g6=e;M%oA)&1MsR%o;KNKFx39Kj<+OwP*Na zia%2P5sraj#K+0;?09+{9j8~ryKi>Q|G#w&I|clVI!Ik>DQ5Todw;5WfbS>9N=fwC z*O_+Tr8-AuWPd@#rW`qdp*H5r&#T2}7Ujt80aygI#Cv6%8_PwKTmVYwbju#>1YWPy zqH8ojVo3kumf6=Y1k91tU^?L*rX0c*01+=4#0{XOy1#M}t)K>{Kra=FvX`Y24ee;y ziigi*S{R{6KmB3o+qfiPsd&Sf?&BKq9=sSrA4)UDqjBT`^?^>&80Zsua4#OmaN{|U z*aOlIaW4#gAl(Dr;6L^aKCK^kLt$!uZ!vnoU5O;cERY)n;&83s#eH2TA0iKE|Qqat{SU&#X>1TW;XCA(_K>0+%ly^{mz1@)U zD@itTSJ}hhBAULu97ZC{)5>kFs*)zi1&`GZbmtCNP&U2^|3;-lhK7}|*4VWi$FbB+ z+vD4g#QBKFIn=$QHYCgR63epp3n!lJ6C$~C5`4%|sC?B7vMR8kD(+i?rvIL$+XZ4c zHx9U5+d3#zXybm})J~S7DtQSjFuvX_cMHU~;Ce4UEm1lq;aD5Xwdw!^6^^WI7b#`1 znyb&VPs?X*>19*Id8Oi`qgzJupnlIY1B&IydPcsD>~mSA9}S(~ZDR%^uj97;-oplu zBK!`xl_q;UQYNa`7r(zh{cvtIpdY>&_d@7BRNR^a*WIcdof;idF=k#eFD_l`2}Vva+@FDoT@Bj*L)T^7QPCLZ9Kx zIbPyVig6LTh)?TRt@?c&9VlW`)8auypelO_v4;Xw>ETpp8D@*ePy*ieJ!ELysTqJ$2r-lc z8NwfeD5DK_$V512e9>={$b=^!r8JM=e3pdkZ61`z-?Q&qZgz|99FMoC8O_0c6$SO& zQ4nMVZnmr*EAogG9Xe67B*gSkF@sgfLWHz!UN^b%yf`b2rPa1H!?P=M;YvI)wZ-Av zQ{ld^Fy@|K##U_yxy5$*UE20i*9+TIQ6ItPibLt+c+wM2X=KSuclAB!AQetd%g+DfD;J*?2ETp(w1 z6+TmaRZ)83=k%!6(!o*U>T+w&hh8u`}0iEq|0;@GV=zk4nN#0VF}{BAfTT|d5= zGpvAs3KZv(D#e{|bKjd1v%jaPOh04R$#$hm7{jJHZ|=2gY-EP_Jck|eOr!k(S&3pc zKkZqisDZ3o1+vuYYgT$$*9Hw$ad3dL==&khqD>n9HDqK6CT)O$NG-&N=s%dWFe1j{ zQV5IMFGAc^4e_o~TwEq5A_p7PHAA}d>xt5REK3)FU8CG$MZ(saqVZn~pYUR&Sl zq%v2ui$b+gJ-#MKy|3KRKZVQ!hfC;?9KhE7A#Kb&Gt&%|+h0cMU&6R%&&j8v>B z34e+=iTr&!m*Is$a7s2RjnVy9Jc5*BVOfj@AOja6`k_gJd_lek)46D49-j6Os1mRU7bcA{VN_Z_Iti;>sQ%P34DMwbIqaCszh$Yl1uqBsFV1 z(WP`l+S%;(CW3QjG$+wv{{SJpI;I;^2dJ<0S(Ik!GTqGMf8>TyBU4fJp-i825cM(V zr+er)K^g{~K@fI=`V2`mjTG}C)fAxJ)9vsn7q2|AVA#?PX-3&U2W>p`t)Ce@FWVO# zhc%!~1WTy>L^VVHDmgH2P0jgoqN`U8tO}^cGA*q}u8!+@0(7LgY0wyFU(KX6SHgT_ z&QF?AsIL<+eV%3V4G*$X*YpYIo(WPiMSUA3`p7|8#E~zhEqhpt|PiLGoIH z*@gz5tquV$54aI+SJOA0Po(Qky`by&!nE&&VLWiXxZe*u(|$VbcKU~dz>VD?>i;mb z{?3u>AGy8%1zLaCtDyBuDkTB2UQE!nW-5t@Kk7!Q7asP5kkerbnyGXpOzi7bOgTO=h=ymuQU&$XgxX}* z7;{GY!0r221qjnW5Mm2$#ga9dI`ciCq-KvE1*A#!^K=H!nkt&m(rB_ZW@aAlE!(dc zc6vdQk>R>*k^edBq?v&~7>i(m_9o!+zuj-Jb9JLC^ILr+d=B5J-gK zuET%p$lL+YE)3$pas0sVM4or(CAIE4Qm^2yBlkopN2%`QDq+va*qQB2@RKIf1kZmI zkwpBKj{@c$!~^HMgyfX86<(b`2!X={)(qHypjhcC5~tt%O8JVUniS9!00<0 zqROI}7101@2QF#o;fWqu{iTgX8;6RNV3g_Lc8$jZ7@qhhQHWpkD``T1A}CO$4!#bv z$@PljY#3(&AFOGEltGJUf{WLZ{Rpy()HbbFF1_$Po(RbiNrF)fIJpjc=1e0 zl)nIHgTezL?wRc(5URFwj>#*Jj6-a;axT#t9TnQGW>K46y%`CJ4li%Xg%%I#I&m-} zcM6{4;?@yHPLrlQsh}jW(cM}&m);-yN(*Q6YruNt2!Yi1w$0xD~>`@9u z;g(UX(O?TolRCxCTej4u)u~?$6`M+gCAQ|eIam7;Bl@6eTx6YUs+luHVV4{HONYA4 zEP*>O-yVI72N6ZS#n7M!7fVcygP%U#EhK?fTZMqp{Hk@oYGG&SM8Q$CR)ZnO z$=7GKA@>sex@NAVrv$hP<9W_(lVo9*0rKRU@Rhi6h|WZ3e3zAMtuYnm8WqyyegV3dOByh?>M{830wOs}g#-m1)$OvP$T=0AjuhJly*n6}n) zoUZ5g6R$T-J5@F+m2w^`HyB%{k24l8JvC#A>=Paq652_R(^d<&Sb{Lf5U6XqA~PXJ z7*I3{!h<**l!lmer6lv89Nwp!Yeq0kt=!E~a^G3+FDGv=PS1p=DnL^-;b`?{&HELx z|D)e>x=bji3AC!B!smMbghp6`^iatT5~LeEa-c9M5W`gY8_jOXuCl&{&1mwu@E1sk z*}sR{XjwOy$GTai(ykwJRVr6MHuxRWML5fF2mEF7XOj$|s+*%)3Mmcc9_r=qv2uj8 zltFE^Tb^QgVwoiVmM2D#Aht) z00960)Llt$+eQ>VH@|`i3dDv?hRbkM;6v-!snH||Ah$i#20;$Vn1~`dqU6^7^?l0> zH_39KvMK6|WG*9e=56z~uXk&!PkM(bpV&Exjfw9tB`^`-={*F1HfiG-N`M#GPjY-r zyO7q{JMFUNt6t3LQGUhBnt7ib)Q~L|>|yq93E?gl<-$8y;HMv;%d+1ME!rpKjcy^W z8jZCn4`=|XcDW#hQAKUBXW*h%@#B#eWYF4ur@qz|NA*LE#z6wVcHGCD(9z8PFlKvl z8@vK1YI54W!t7kp%w_+Q?jUp0^la3CW#4;ZeZi!?xqV`w^Wo9T2u@Lp7EqgS50`KaUO#+xQ-JvxJXeU({ws%b?>j@bIw5V8;k~ zOgJaLsWq{B4vS{;3R*NRZstXQQDa^3deZdI6szE30rwOT0cUIZ*!8RM&j{Dhqb_j#DOl4U?6hw|! z!ZIDoU<8JRAA91WBQwYUI}kb|_ch|H`isbqht!Q|@?C>-Fq@mJx{z;rhUCUS^9pD+4fHL)UYiGPd)vgsWpu?O^Ko z;|kZosPvi$sW&x%+i4~lqmBUas14Us_g~@b@MXqdkUP~szZv)Ge4`;kNjBUqVb66Z1Hq7&B+bm%$;IW{bLFNjBgYe^wfac zKPSLu-*>e&)XQ>#tr23#!FS=K8)J<#`y2EO5dyj)em@xb$S{ z!b=K2ux0M%!8qc@GaNAmS>TVFgTSMDQ!nU>m$P5bO}a$*Za76NA6vPSjsR{du}G5$ za-ObWMz793=*R(k#TQF6g+J_PS9Ed!Dy$*pl76nAgdNhNPVQiE*evOyjRfR*ov3yq ziE3OW2~T~_SjnWE;1xtm$pWkv^vRslowX8mFl*!a3e?+FGrW3_lzT|1Q@ahu-NCYi-@(r{V0=kO)hl}Kw_p=Y@XWH9J z{TI{E6?*n4c0>fI*^YyE)RmHXl$eq-RL~oXY)XjJWWBeX(|-yC^tfAMQ`m~?;q$6i z>9@rH#F7gJ+r?qHDg#-k;}ga}2L;sRDy?rVG~W+03ylBFEHFk>E5;tRqKpp#+H;q5 zg(vLM$AGAgdIWjA%gE@l9MAR3cj>2sqMF(8i1zLJB6G?VWQt|EpwEiTivqXLh{HRX zCx=Hl!tHX7rppm-F2I?b8rRPhEIZ$2RtuQQDmNv0zlUcR#Tsj)wvR7qLavDxhlkC3 zx#I?SNm&6MZJk1ugZmbfDs;9^D=l=*yTI6^t$Qr^wZ6y9`M&`G0RR82U2SW^FcALS z{fc}V)y3*I9LPS2%pnX1bNgJXwwoYrx2DYf``uf`y30VY;0wmwwdo~!(tGYwX1k6i z4?$G|;AsCRj5Xq6pej(0R=d?6|I{^5#1u@?)00T1jxLv*#wXA#>&h<+n)zgLo>Ob? z&3WW~B2%e4kF2l45okJ5mevCWAN1kXLx4cedT-gDj}Jg{c%2Q?D1u2cS>6uT>7Cju z6&bDmsg!d{DfaBs2YU9sI7T7a$#VQX*?iD5DOY2JTen*#&K~)za^#q4_%2+zoi!|P z63^z=yvAeUlqnbyff)d&@GsD_v_opZTbJqY90?NymmUD>t#uG>oJ#^W6Cg{f#_(&p zejK#(3TA;=MyJrDB$tbWvw)wh!N%f6Qi*Ik`QqHRJaz`ioz%MGp*88{7Z{>SQvl5) zVnU5$uQ{S32&+qN}%bf85IEN&1F_zYvviQ_JbC{pwCu!!f+ zV>pg+C_{lnmK6=Q;Y9pMtKh^j;iQA>mm8V@%@ntnSrnQ3Mo=-uow$h#Z_O-UaaDSF z%xs>j(#PdDosXYa0O3GBKF)fl0A zC0>Wfd9KL~m8^lo!v*|s#=wpJqA8QjvrDoJe=&ycUbqPG773X@&O>l&ASQ=myak4QU5auQeR1c0W{2HE4!Wa6jrcLp2zMgZ{7uDBdKo5*OK? zlDd;P3^`_=nbTZeZ?u)enEKqj_Y^oaYi>^ji~QfZm5o;SRIDK1hCtlWdY}_|`1Wy? zWqbXhUOyZTwdFRi?b2m^BSq=@onvV5FblDO0IbjpBRgt7Erl61Rt(gXZnxXK3?`KM4ZXxN5uz_thnvoW#M_Ok)VyW%2i!MtGfFd?{cJ+9#D2zqpqig)V`{J z7TpZojGNn-Br@AfwDtpFaFMNO$yb7fU;y!^oHnCXhJq9pGNypa^^xv@AH+~)-`!=i zeVN4ZOr_;nh5UX}ziZjdI6(e!kRs(Q;>$IyO0KK3>8M*{>T)gc0hHdf-Zom=>Sf0! zxZ&}Mx`$Kj>53~nEi8Gs^TDcX22|B^@rC&))Ka+&UQ_%srTrk1^=Oq7^8q_>ApoNV zw9{fD05U?q9|c;e9EYrNLjBqbgZ5Zmng~2-e(w=yus*hNOgN0`r5(XZ(?IY$zary|Oe<}? zq)BN&7(0rNBPe6l8OINuG)*8Qk`4g@wg26H++!1H75PN-*xS3^+wARAIo?C*gptC! z&#Y&gk93-S$oIS;2F=cOQC!XW6swA(Zz5o)Y~!!)>P^Fq2rcs6=6<*bB~aoT`26px zXx5XfLNcpd{D{6rR6;38!k(vkUWi>bw!C1ucI&$ZKoD*L@YjDWz)}cuSc8o%n*+~H z1zBh|Ih^i4fdePtFD~iO8G_vDv^RyW`_1M^LuR|Kp6_tgrCS*|UDHo34ddd({7M(` z{=FyE_T3gqVK$b-ZATb)1qiL1!K~Z|M(#)^mLTQ3dUWw+ux7F+Y3a3EFd=>*pQWtE zvzoB2bsFLZq|Zn_YJ3J;f191wu-!Ee|5|eo=#iFFw&?;+*5cdy>pOLoed8js-sJs@ zwMS?C6IEv~#9+Me!iXA}PKiU+1(i2`~WQ!+8K`q0P!W9#8QpTD4&_`^pdf$8&F_s3I8cX*uLg!JBanR;`(1R5y&u z-`8DN=UuE9YOyQ1CM|o&TfH`1x#Zjl^_~aZZ3myJC6JIp0QCqoMww3;Id^gEEStvw zqax!=eSi!{J3rgE4os!eJSqY;i&ZqsqIekPNfCyHQiet*S2(S?1Yowo;kl?2qc$;_T|AWX~j>S#wS^ zLe;EkIt!;4RN$4uJ>@vl3t2{6%B75snuw)#yVKbk6CDs=24xDSe_sIOB8QYe;djr5 z(411#IJf+>HOElc-U{oA2(rs5NRFE7k&l%t=hprG^s>KCpssQD^NRep8j|&OG-f=Q zqC>^IvkI6rKm7dFji3e+Agn4OxU7ssoc!=hlPiZ9`2`Q;|Jk(q;F$ZmTvcx zrD##nCB|5j&$tb?nUk3?M@60!VcaQ{DuJQwKw+Ts>{1<=frRYuYa(`#{u^5H5EP+a zdU(9(qEETTl+X%6oaX65gtQ?+F&zS}HG~cm9y6ay(<2I}tDE#xZpqTKx-tzgDWQOw z-l`C~%eM(JnM|ld#HY#hP=dCZ8?^F)Nz{y0>@bd$R=$LYzr(P*s>f8u%&F|BwJvA zeCHr3>hiUHYhHXvoFO@+$kEKl89K5}4#b}BKeR;VDUg0&^CSW(MXGPMZ9L^1o^2F%oSUkey z4Z>M44whE5cVZlv&^?%I806PzL~)(mN}v*0F(@C1^1wKy!PNh1m2jnZYmPX^~hSFeiY&g5uB$$T{)4*1z#Y9?y%d_*#(~r04RJK0P z>y{;sTv&(&IFVI0UT_3qNTR8w+722Y^-U(-%-na@+~*!<3)M1(a(&HlRZhhtF=be= zaisYhQ}RAA5%`L3M$banD>|X%JYlZY60S}$SLesLilHuKolJvG_}7a0=jRL7MGtYl z!lKDlPHQ-*P@x#lwPQ?a4wi3A$Yq^^-i^zQ5STV@hvaw_^~+dFc!UOi$olyW4?7INVIOWS1}dPgjM7;{0ms?DVxVuW52rQT3O9StY{u+ ztpHM3t`X?BG!E;E&mp~y9+dik?u-Ru$P4SkMNI z((ARn5@5mFYBX#?rz@ca_$rPk!{Buek2}8v>~P046(J{v!Ao)OWi*Q{kgo2#D4KgS z%!|wRi}(#k@P;G!U*ZS~y!M4K06Kq?zF5I$x%4foF{=n?`T*0|8H*ss%N)N-MT`_J zdiVG=dRUB%kAnfsn9)NRVIoO`kGfQ>&lFiFe6TPYR7Ai(V2*}}v*F+p9gLr@&+adW z?)m-I;O^r3>eeue7nmxxNd%>|(s$DE^+DoD0D8O8uF=iYDRG83_2I2Vc zWvI|}A&MZy(dpicFSZ_MTC!hr%a_PCZA${+ji$2pl$l?(k&PtjGR#8<;c?QCxgVwr zQsX6vjs6HooAh-FW6?^Pa$BLD!eApaf7E4_5--P9bIr0IX$#+0cDm81D4?J&0jz!FVEo6}#)R~o6ltSGUm_A=>A?WWiKbURKqjDKFht3KxkQ z3|rIT{bR<53CLs_YkG|GFk}=N61&N!#p;_*^QP0h=``EvG)2hBjrE+3Fp%GXT@dY{ zAibOTQ;gmC$IXzSRFlYkeDdKz^)ui=?T$#TkOU-uk(&#iM1n1c+&U-5w<*PLHY;>E zjjkg8;kCl6GWqQj7$gul!g=56z>iuji{eoJdtwEgrqia~@585qAFcl3bKm*0q@76f zp0f*I^MhyEpu^wp_8QH`;qy9jN|Y|#|AK?k1=b>PT$gS3;xL~pe1T>~$);Fw$b!_A z4|f)XOAVKn!>g!$PheKC5Yc3jA>`})Eqz;H-lWr0cX;x@!RgiY74FOuipE%&EdE7P z0Qk7W&r}C|ry&feG$8p;N$UCY(~C=Y_}9gq4MNhHqVnNSRLVA#m^zz|OsbM;Ar6r1 zwLSoql5sszh9s>Hm@suT#nym`EwqW*+I@busWxG^r_Siu8#jA9XcIF{n;=y}t`tg4 zJX`fgrLs*&pQ31agaK*2xjzaUPyW}nZOW5uDhj`QJn^05@z~kAiRHIr?ot*1CelbOMa!=cM*TA+;xpxIL|g;78f$inM;ANny{hL=yTzSEb1x8AYaH z5uBCQIz-LZ^LKNU8_y>rCJw8fBJ9L%!ab@NPx)*`xqPH3K~b*6HXkeuChbk%ccWvy z`r2mQZ{HfO$iKtn&iUy5D1+~2XmOMy;6J#k5io16-ZI z)sE;R-KTB^&BDK~C5GM|$LquoSEHV#S7FYeiW*0OLHuMTfuJyiL#718 zF+rR&QZ+7H5-yIgL>SSIel{37WXfT`R!7Q3XA!3Lb|UpWC7Q0H;hR&yMTNU9&?&uc zz1I6pX6pJ9pXm2ZlRH~nDYJ5Ye_P;v&JEMA<`*Y{7mH)FSxW}etJl0*sNTt_(18I< zLSjdgqFnjWcD&eUxGtMWkI6=n5IB15XKqx`wl+jVeS79amo@OBz%aU8%zgdV&`33!HwAIb%C;Y8;aKJSx{~T7lXf?zT+YeaMej8I{(~n)<~QA z8NTT3cAbZS5gM%>W5mX*$a{O#l$9mZy|#r|SNHX{irdv0L>D$BdQJ%275PpmP)`u9&v04=(HCW2#+mhk5^CiSevi{?hc z^FbH0{jvqvX42TTm$zEUdZT!^Dvga46>+D z%FELrEtRV(-w(?&j-oh}oh*WrF+3D7HE;9l4=RJeoIa0dm=#)->kyQ! z@fr#=Q{p#{`1(Kpp3lpXcu~}&YFZb=@^}cd$z*b8)_~{t!w`yZ6QR{OA@xc143|Aw zCJ=d|XnArm#%!dU^weY;%Jj#ldzxyfu*RD&v6|Nt#%>P=Lp)AtbCwPsrWBY_8%6orot27IOC2rrJN-uB~}&wfCI>ueuwOBn_mP59GaEE;N|I?%O3`BzQI@X zlNEo^_@EyDc1F5ln>ZriQ=aQ4-zoHp)8VWJ5o{EiV#V^`r9GYxm2 zqu3lgEWIJg!->qw{KI7VB|yFO>4Yq|Q6z%kofW9GJKZp0r$G?OEK8zH$vDbVA0-@J z8D?1|Jr#OM>3KyOcFf3YMPT@^CWX2M7e&0tZq#)hq|x!H9xpyRb#}9fQZdoos(#Y< zLeX=>-@~3neXm2TXoxx~u>i&V&_Ae0ngp#vcIxV9=tW{Hr(?rB2hUo1%UX(fRc-c3 zx);JEibx5(3VM9Dz{n7{i^f_`-k1+_746VsZV?*+trTIo$e62lHm}F*XzCpFU0V!0 zo|M^BbKu$gD=qc56(CP>cZ7Y5q*Cp7W_uwl0O`*P_65@rj z2c3WML43+;I%%>Uwi*+e$7SIrVXA^K^-}3ai68laj05;3FJiX}yd=+-jR`-uFZq%2 zqF48bVb+a{AX9m$630or04#|Np_uMM*V2`Gack))1rNj#4u1*YyCcqCoxB{pdU^Tg z>U?l{etz~ASI%FbUxFW(93T*e3z^*Zz@Hg&TtIH@A2}O<#bzI6{Omu@_}Sk!erT6< zS`UZils9=zWu|gdDFxs)(H-i$FyJAui(vLHzeiU1^Q-gk#IBSFw1sg;f8r_a4#m4c zd?{`9=y@#?MPgFI>vrQYUl?fuGb?b%U^$u_*3@dWdJzuQ&dnCv~l)zbXt zc6V1nJhGcX%yC3pQ8t~mlw}pgajH@`%iStbE(*)yk*KJ=IQ5GXCLOgjgG_%Cf33@r zQqw}bxPh<7KaD0gx0@1Jlb#m{57SHge(-zwp>aR(+w;ba8ZXr7%YRI=nFGFf&D`G_ z_a=^Oq#Y?Npb;L>`U-_QLEl_&GEDnga1 zOlE0X7D`rGl?0v}s5Gkr8AYC2vDi(IQHOzrT{@yIcHre%T4i2TfW?+!TuEQarLBqO zE7@W%A7xE8pU5HUlbpVW`Sch);ZM}dpEY(76E16JSWtwjz%gGmvMFYTqQ4`KS;2$~ z*)dO?9}dg<&_l2)w$^bQ)(9LihhLqE9#IDgK=#Q9Oh|7e;(Uv&Nr*(=KJin z%x*<`DL!))n z(z(0#y)>$g`VOp7fbcU+bLGc4c2Ky=_lh`7f~xc~so+0w^F3Mk9iwnHAz%Gv3GWQX zH!r4iz!~ZT$LdBE?C&&=^y(tz)-lA!D8r~D zjLqq?eUkyw3oZ07n*{neF*Do4fww_S`!Q2w%NzocF!z1e&tumuvm`Cc3``IVA}E+=mvQ1j7<3v%CDL=?$^6(T{8Kh)z0<&$RC(+-Yw<+$Ix4CapRl()#p<6lU z+)SOR3O|qW_wnT5*)ABG3xtX4>{T=-;NkBdHCaA4NY+;NHgAGY7IQ@PlK*Agu>B#S z$#7{K%DPVxoR+%z6fOfjyfs;=t7%KKlETeBlXVo+PL>xP$hh@LI;l)pFCm|MYE-LP z4__Z_*_xC*lRCAf1nu*~^t-JXcmSL3ymx;2gE->ud3|zm@#b{!?&{?9{Ai`>O`XQq zUYwy@h!UT0CB96PanH1e$qles`GEf)6lJy;QbOK?M#6H!-e;Up}av~*YrR^hBqZIchlN&9V>Znm=xWZQA#A`AVza?@hf&fZnh{n6c? zq&HuZ@7Ip{EW}i-gP4jf5YrorEfsg*PQ_igQ}F=YDN#bxodh0ZKkg4S6)lvdSVCFy zrnVmDoFE{68|qT*h`Ujjj|yXIpi7P;!3FVrH!S=|hcU@CB5ff2- z*?ZK+v!x8nn4iw(SQ{dQH8BrX&#o6c7GBirz>6G07xmglTHvBJSSEyv?sfOU4Xc>= zZ2j>Hx+*O4G=MNJ2{XTtW$7h;<>tx-A1Dt>nI=)5KQ8AK_{(mLOTBLVdvH!^cRcI| z9nPtRGLha{nmTVD^BXJ_` zDRCmY3Ni46`}ZUXBh2|ap0EdVgpplcM-yiFv-F~CLlM^Q1>A@sMlXUp;$4Z!R4bB9 z1#eGcgg(vcIc2$URnC$)4i4o$%e}0PE?ZHkGOeYk5!Y_9BXc;2}OJN5sNr1>uZ00960tX)k{!!Qi}E4^_UkfbDO5f{F0 z2#|m?O0xt-0$P%_V*ei7={CAaaOt&;Tw6(AZNJ3cU>|l$@^;CMl&}Fxrb@iZ7ROxGuPXzvEH5laALD#A7{r*6aajsKIaqcdyH*o-jFBG9a*1W?k}(IZl4gy zU>d%`k!X;-2`=sMYj0?>v2PkGx<$ttQ{hZ}4`VAM2&;wx)ZLAuqHXO*rlnRr(Eyv7 z{pv%^*45p_P*k^=1>4hza4f_z;{Bo-|o9<)JxM& z)b07M-*tdrwY$zw;84B6aer{^{ZtO+IVOh^1_2_AoX?OWfKHrn)J)*it@4)x1BX`0mK$mH?TiUPzh3$DV|CI61(Ae*X%Ri+bG>zxit&|{9U76?UE;&af=m&*n#Bs=DO_^hfMk*87ZwKS z^tFo&TfTgzG?sjU4cmd|U*POb;QrezZfapchKPqPsYRGpAK&`o{B|1Xs00;U1g zzl#@|OzFO6=b2O!^&&WyqN`Y|H4l?c7f{d%i#WL3mJxFIxlTdpq9>nnEk;(A1e$56 z`xeEHB?1#M{r#Tl-DZ@Er^Sx_D!3go)A?RO=a(EhE3_M7S`&%~shg`3@h_VNc29`C-42=kV6)Qkiu_Ig(K;B0h02xzndF?9%oqEUS8S!dxo!A0R8w0t}1W~6$@r&IG)L{|+3gmeej{Jzve$bYy0eAjTE^n7)Xs_LH zdy>sN0R05i7BV9NQ<4BK6Lxquq39N%S?j2DPG%Dj>ok-y+&0&1IbL+H`Tof=) z1BH_cl1>*}(7cZ}4>1T*TZeVwuqvtxBYN2LkRD4qGTBaKrs9cclmnyC=8E2wnMF^S zCOcb7Rgm($L7$wBs;6GH>gPMkE0m~SDR#ipeOE4z#!D7bBv1(+EKXPfHrj&xg zN0`P$hpm}Pz(l#J81XEqTcZc1wL!;aZ9HdePQHT7Mfg%71$g`v{)IqRML7!E0T1na zwif!903!>u| z$CuOKe0DJz|1k>AuV$A+>eId@;MEL7plKxR6+mMjf`WD!+qB!Jhs&bA;brnTZSGQ@q)Nw)C zaJT|s`F40<9eyz;NiKu3mliA0QSJ%_g zP_%MIOXb&sSBUC=pQ@Fd=;)@(QD9SmeqOK(Or4yWh!3j@Qi3auJiM}Mq}S{apE{am YeaLbdGLaGLbKJpy0kPtGSH;Z%00 2.38-master.patch.gz To compare the archive contents zdiff can be used. @@ -96,6 +96,11 @@ stdenv.mkDerivation ({ & https://github.com/NixOS/nixpkgs/pull/188492#issuecomment-1233802991 */ ./reenable_DT_HASH.patch + + /* Retrieved from https://salsa.debian.org/glibc-team/glibc/-/commit/662dbc4f9287139a0d9c91df328a5ba6cc6abee1#0f3c6d67cb8cf5bb35c421c20f828fea97b68edf + Qualys advisory: https://www.qualys.com/2024/01/30/qsort.txt + */ + ./local-qsort-memory-corruption.patch ] /* NVCC does not support ARM intrinsics. Since is pulled in by almost every HPC piece of software, without this patch CUDA compilation on ARM diff --git a/pkgs/development/libraries/glibc/local-qsort-memory-corruption.patch b/pkgs/development/libraries/glibc/local-qsort-memory-corruption.patch new file mode 100644 index 000000000000..f7e25c72a61c --- /dev/null +++ b/pkgs/development/libraries/glibc/local-qsort-memory-corruption.patch @@ -0,0 +1,14 @@ +diff -rup a/stdlib/qsort.c b/stdlib/qsort.c +--- a/stdlib/qsort.c 2023-07-31 10:54:16.000000000 -0700 ++++ b/stdlib/qsort.c 2024-01-15 09:08:25.596167959 -0800 +@@ -224,7 +224,8 @@ _quicksort (void *const pbase, size_t to + while ((run_ptr += size) <= end_ptr) + { + tmp_ptr = run_ptr - size; +- while ((*cmp) ((void *) run_ptr, (void *) tmp_ptr, arg) < 0) ++ while (tmp_ptr != base_ptr ++ && (*cmp) ((void *) run_ptr, (void *) tmp_ptr, arg) < 0) + tmp_ptr -= size; + + tmp_ptr += size; + From db05de2c35d51d480ed1b87e8ee7db31018bda37 Mon Sep 17 00:00:00 2001 From: "R. Ryantm" Date: Wed, 31 Jan 2024 23:38:17 +0000 Subject: [PATCH 152/212] alsa-lib: 1.2.9 -> 1.2.11 --- pkgs/by-name/al/alsa-lib/package.nix | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/pkgs/by-name/al/alsa-lib/package.nix b/pkgs/by-name/al/alsa-lib/package.nix index f0eb34906073..f22f68d19cf8 100644 --- a/pkgs/by-name/al/alsa-lib/package.nix +++ b/pkgs/by-name/al/alsa-lib/package.nix @@ -8,11 +8,11 @@ stdenv.mkDerivation (finalAttrs: { pname = "alsa-lib"; - version = "1.2.9"; + version = "1.2.11"; src = fetchurl { url = "mirror://alsa/lib/${finalAttrs.pname}-${finalAttrs.version}.tar.bz2"; - hash = "sha256-3JxkP9xMz9BXLMaFhY3UHgivtYPzBGCzF+QYgnX2FbI="; + hash = "sha256-nz8vabmV+a03NZBy+8aaOoi/uggfyD6b4w4UZieVu00="; }; patches = [ From 71378349f4a349ae9708aec6c2c54c163ab52d33 Mon Sep 17 00:00:00 2001 From: "R. Ryantm" Date: Thu, 1 Feb 2024 06:53:20 +0000 Subject: [PATCH 153/212] libusb1: 1.0.26 -> 1.0.27 --- pkgs/development/libraries/libusb1/default.nix | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/pkgs/development/libraries/libusb1/default.nix b/pkgs/development/libraries/libusb1/default.nix index 57ceb5b444df..910368954617 100644 --- a/pkgs/development/libraries/libusb1/default.nix +++ b/pkgs/development/libraries/libusb1/default.nix @@ -15,13 +15,13 @@ stdenv.mkDerivation rec { pname = "libusb"; - version = "1.0.26"; + version = "1.0.27"; src = fetchFromGitHub { owner = "libusb"; repo = "libusb"; rev = "v${version}"; - sha256 = "sha256-LEy45YiFbueCCi8d2hguujMsxBezaTUERHUpFsTKGZQ="; + sha256 = "sha256-OtzYxWwiba0jRK9X+4deWWDDTeZWlysEt0qMyGUarDo="; }; outputs = [ "out" "dev" ]; From e447b1533e92be340607459b97e99cf393078479 Mon Sep 17 00:00:00 2001 From: Sergei Trofimovich Date: Thu, 1 Feb 2024 09:46:48 +0000 Subject: [PATCH 154/212] glibc: enable `cet` only on `x86_64` (skip `x86_32`) `glibc-2.39` improved `--enable-cet` detection on unsupported platforms and `./configure` will start failing as: glibc> configure: error: "CET is only supported on x86_64 or x32" --- pkgs/development/libraries/glibc/common.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/pkgs/development/libraries/glibc/common.nix b/pkgs/development/libraries/glibc/common.nix index 3e17817c0bab..fa9a1da69a0c 100644 --- a/pkgs/development/libraries/glibc/common.nix +++ b/pkgs/development/libraries/glibc/common.nix @@ -155,7 +155,7 @@ stdenv.mkDerivation ({ # and on aarch64 with binutils 2.30 or later. # https://sourceware.org/glibc/wiki/PortStatus "--enable-static-pie" - ] ++ lib.optionals stdenv.hostPlatform.isx86 [ + ] ++ lib.optionals stdenv.hostPlatform.isx86_64 [ # Enable Intel Control-flow Enforcement Technology (CET) support "--enable-cet" ] ++ lib.optionals withLinuxHeaders [ From e6b37d5a61dd9e0e4780eaa36b42000257a38233 Mon Sep 17 00:00:00 2001 From: Martin Weinelt Date: Thu, 1 Feb 2024 12:19:31 +0100 Subject: [PATCH 155/212] curl: disable fetchpatch passthru test on darwin MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit `tests` seem to be something else on darwin, leading to an eval failure on the instantiation of this test. ``` … while evaluating the attribute 'tests.fetchpatch' at ./pkgs/tools/networking/curl/default.nix:182:7: 181| withCheck = finalAttrs.finalPackage.overrideAttrs (_: { doCheck = true; }); 182| fetchpatch = tests.fetchpatch.simple.override { fetchpatch = (fetchpatch.override { fetchurl = useThisCurl fetchurl; }) // { version = 1; }; }; | ^ 183| curlpp = useThisCurl curlpp; … while calling a functor (an attribute set with a '__functor' attribute) at ./pkgs/tools/networking/curl/default.nix:182:20: 181| withCheck = finalAttrs.finalPackage.overrideAttrs (_: { doCheck = true; }); 182| fetchpatch = tests.fetchpatch.simple.override { fetchpatch = (fetchpatch.override { fetchurl = useThisCurl fetchurl; }) // { version = 1; }; }; | ^ 183| curlpp = useThisCurl curlpp; (stack trace truncated; use '--show-trace' to show the full trace) error: value is a function while a set was expected ``` --- pkgs/tools/networking/curl/default.nix | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/pkgs/tools/networking/curl/default.nix b/pkgs/tools/networking/curl/default.nix index 0351debfb3c1..9cbf6dc1b0fb 100644 --- a/pkgs/tools/networking/curl/default.nix +++ b/pkgs/tools/networking/curl/default.nix @@ -179,7 +179,6 @@ stdenv.mkDerivation (finalAttrs: { inherit opensslSupport openssl; tests = { withCheck = finalAttrs.finalPackage.overrideAttrs (_: { doCheck = true; }); - fetchpatch = tests.fetchpatch.simple.override { fetchpatch = (fetchpatch.override { fetchurl = useThisCurl fetchurl; }) // { version = 1; }; }; curlpp = useThisCurl curlpp; coeurl = useThisCurl coeurl; haskell-curl = useThisCurl haskellPackages.curl; @@ -191,6 +190,8 @@ stdenv.mkDerivation (finalAttrs: { # nginx-http3 = useThisCurl nixosTests.nginx-http3; nginx-http3 = nixosTests.nginx-http3; pkg-config = testers.testMetaPkgConfig finalAttrs.finalPackage; + } // lib.optionalAttrs (!stdenv.isDarwin) { + fetchpatch = tests.fetchpatch.simple.override { fetchpatch = (fetchpatch.override { fetchurl = useThisCurl fetchurl; }) // { version = 1; }; }; }; }; From e81e82cdccfc40966f4905aafb5f2d19cdc0f4c0 Mon Sep 17 00:00:00 2001 From: ajs124 Date: Thu, 1 Feb 2024 20:47:12 +0100 Subject: [PATCH 156/212] tzdata: 2023d -> 2024a https://mm.icann.org/pipermail/tz-announce/2024-February/000081.html --- pkgs/data/misc/tzdata/default.nix | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/pkgs/data/misc/tzdata/default.nix b/pkgs/data/misc/tzdata/default.nix index b90a560045bb..85bd63d60723 100644 --- a/pkgs/data/misc/tzdata/default.nix +++ b/pkgs/data/misc/tzdata/default.nix @@ -2,16 +2,16 @@ stdenv.mkDerivation rec { pname = "tzdata"; - version = "2023d"; + version = "2024a"; srcs = [ (fetchurl { url = "https://data.iana.org/time-zones/releases/tzdata${version}.tar.gz"; - hash = "sha256-28ohlwsKi4wM7O7B17kfqQO+D27KWucytTKWciMqCPM="; + hash = "sha256-DQQ0RZrL0gWaeo2h8zBKhKhlkfbtacYkj/+lArbt/+M="; }) (fetchurl { url = "https://data.iana.org/time-zones/releases/tzcode${version}.tar.gz"; - hash = "sha256-6aX54RiIbS3pK2K7BVEKKMxsBY15HJO9a4TTKSw8Fh4="; + hash = "sha256-gAcolK3/WkWPHRQ+FuTKHYsqEiycU5naSCy2jLpqH/g="; }) ]; From 17a860e8dc94d0a455d7d819f3f912c17d681c6a Mon Sep 17 00:00:00 2001 From: ajs124 Date: Thu, 1 Feb 2024 20:50:27 +0100 Subject: [PATCH 157/212] tzdata: misc changes and reformats --- pkgs/data/misc/tzdata/default.nix | 22 +++++++++++----------- 1 file changed, 11 insertions(+), 11 deletions(-) diff --git a/pkgs/data/misc/tzdata/default.nix b/pkgs/data/misc/tzdata/default.nix index 85bd63d60723..6dd818939d22 100644 --- a/pkgs/data/misc/tzdata/default.nix +++ b/pkgs/data/misc/tzdata/default.nix @@ -1,16 +1,16 @@ { lib, stdenv, fetchurl, buildPackages }: -stdenv.mkDerivation rec { +stdenv.mkDerivation (finalAttrs: { pname = "tzdata"; version = "2024a"; srcs = [ (fetchurl { - url = "https://data.iana.org/time-zones/releases/tzdata${version}.tar.gz"; + url = "https://data.iana.org/time-zones/releases/tzdata${finalAttrs.version}.tar.gz"; hash = "sha256-DQQ0RZrL0gWaeo2h8zBKhKhlkfbtacYkj/+lArbt/+M="; }) (fetchurl { - url = "https://data.iana.org/time-zones/releases/tzcode${version}.tar.gz"; + url = "https://data.iana.org/time-zones/releases/tzcode${finalAttrs.version}.tar.gz"; hash = "sha256-gAcolK3/WkWPHRQ+FuTKHYsqEiycU5naSCy2jLpqH/g="; }) ]; @@ -25,14 +25,14 @@ stdenv.mkDerivation rec { propagatedBuildOutputs = [ ]; makeFlags = [ - "TOPDIR=$(out)" - "TZDIR=$(out)/share/zoneinfo" - "BINDIR=$(bin)/bin" - "ZICDIR=$(bin)/bin" + "TOPDIR=${placeholder "out"}" + "TZDIR=${placeholder "out"}/share/zoneinfo" + "BINDIR=${placeholder "bin"}/bin" + "ZICDIR=${placeholder "bin"}/bin" "ETCDIR=$(TMPDIR)/etc" "TZDEFAULT=tzdefault-to-remove" - "LIBDIR=$(dev)/lib" - "MANDIR=$(man)/share/man" + "LIBDIR=${placeholder "dev"}/lib" + "MANDIR=${placeholder "man"}/share/man" "AWK=awk" "CFLAGS=-DHAVE_LINK=0" "CFLAGS+=-DZIC_BLOAT_DEFAULT=\\\"fat\\\"" @@ -70,7 +70,7 @@ stdenv.mkDerivation rec { meta = with lib; { homepage = "http://www.iana.org/time-zones"; description = "Database of current and historical time zones"; - changelog = "https://github.com/eggert/tz/blob/${version}/NEWS"; + changelog = "https://github.com/eggert/tz/blob/${finalAttrs.version}/NEWS"; license = with licenses; [ bsd3 # tzcode publicDomain # tzdata @@ -78,4 +78,4 @@ stdenv.mkDerivation rec { platforms = platforms.all; maintainers = with maintainers; [ ajs124 fpletz ]; }; -} +}) From 6c8f89faa9d1dbcae853a218c783fbe06d447507 Mon Sep 17 00:00:00 2001 From: ajs124 Date: Thu, 1 Feb 2024 21:11:49 +0100 Subject: [PATCH 158/212] tzdata: enable (most) checks --- pkgs/data/misc/tzdata/default.nix | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/pkgs/data/misc/tzdata/default.nix b/pkgs/data/misc/tzdata/default.nix index 6dd818939d22..3d40384132cb 100644 --- a/pkgs/data/misc/tzdata/default.nix +++ b/pkgs/data/misc/tzdata/default.nix @@ -45,7 +45,9 @@ stdenv.mkDerivation (finalAttrs: { "CFLAGS+=-DRESERVE_STD_EXT_IDS" ]; - doCheck = false; # needs more tools + doCheck = true; + # everything except for check_web, because that needs curl and wants to talk to https://validator.w3.org + checkTarget = "check_back check_character_set check_white_space check_links check_name_lengths check_now check_slashed_abbrs check_sorted check_tables check_ziguard check_zishrink check_tzs"; installFlags = lib.optionals (stdenv.buildPlatform != stdenv.hostPlatform) [ "zic=${buildPackages.tzdata.bin}/bin/zic" From 8318842f1f46418c5e4c0ae70aeeed9b4989519a Mon Sep 17 00:00:00 2001 From: Alyssa Ross Date: Wed, 31 Jan 2024 01:35:14 +0100 Subject: [PATCH 159/212] libjpeg_turbo: 2.1.5.1 -> 3.0.2 --- ...le-transupp.c-as-part-of-the-library.patch | 36 +++++++++---------- .../libraries/libjpeg-turbo/default.nix | 4 +-- 2 files changed, 20 insertions(+), 20 deletions(-) diff --git a/pkgs/development/libraries/libjpeg-turbo/0001-Compile-transupp.c-as-part-of-the-library.patch b/pkgs/development/libraries/libjpeg-turbo/0001-Compile-transupp.c-as-part-of-the-library.patch index 0a09a8845c13..4e303c3fc9d6 100644 --- a/pkgs/development/libraries/libjpeg-turbo/0001-Compile-transupp.c-as-part-of-the-library.patch +++ b/pkgs/development/libraries/libjpeg-turbo/0001-Compile-transupp.c-as-part-of-the-library.patch @@ -1,4 +1,4 @@ -From 4a0584f7c05641143151ebdc1be1163bebf9d35d Mon Sep 17 00:00:00 2001 +From 6442d11617f95d13e2a371bd3e01f5082a9c356d Mon Sep 17 00:00:00 2001 From: Las Date: Sun, 3 Jan 2021 18:35:37 +0000 Subject: [PATCH] Compile transupp.c as part of the library @@ -11,19 +11,19 @@ of the library that already vendor this functionality. 2 files changed, 9 insertions(+), 9 deletions(-) diff --git a/CMakeLists.txt b/CMakeLists.txt -index 0ca6f98..a9a0fae 100644 +index adb0ca45..46fc16dd 100644 --- a/CMakeLists.txt +++ b/CMakeLists.txt -@@ -533,7 +533,7 @@ set(JPEG_SOURCES jcapimin.c jcapistd.c jccoefct.c jccolor.c jcdctmgr.c jchuff.c - jdatasrc.c jdcoefct.c jdcolor.c jddctmgr.c jdhuff.c jdicc.c jdinput.c - jdmainct.c jdmarker.c jdmaster.c jdmerge.c jdphuff.c jdpostct.c jdsample.c - jdtrans.c jerror.c jfdctflt.c jfdctfst.c jfdctint.c jidctflt.c jidctfst.c -- jidctint.c jidctred.c jquant1.c jquant2.c jutils.c jmemmgr.c jmemnobs.c) -+ jidctint.c jidctred.c jquant1.c jquant2.c jutils.c jmemmgr.c jmemnobs.c transupp.c) +@@ -581,7 +581,7 @@ set(JPEG_SOURCES ${JPEG12_SOURCES} jcapimin.c jchuff.c jcicc.c jcinit.c + jclhuff.c jcmarker.c jcmaster.c jcomapi.c jcparam.c jcphuff.c jctrans.c + jdapimin.c jdatadst.c jdatasrc.c jdhuff.c jdicc.c jdinput.c jdlhuff.c + jdmarker.c jdmaster.c jdphuff.c jdtrans.c jerror.c jfdctflt.c jmemmgr.c +- jmemnobs.c jpeg_nbits.c) ++ jmemnobs.c jpeg_nbits.c transupp.c) if(WITH_ARITH_ENC OR WITH_ARITH_DEC) set(JPEG_SOURCES ${JPEG_SOURCES} jaricom.c) -@@ -1489,7 +1489,7 @@ install(EXPORT ${CMAKE_PROJECT_NAME}Targets +@@ -1803,7 +1803,7 @@ install(EXPORT ${CMAKE_PROJECT_NAME}Targets install(FILES ${CMAKE_CURRENT_BINARY_DIR}/jconfig.h ${CMAKE_CURRENT_SOURCE_DIR}/jerror.h ${CMAKE_CURRENT_SOURCE_DIR}/jmorecfg.h @@ -33,10 +33,10 @@ index 0ca6f98..a9a0fae 100644 include(cmakescripts/BuildPackages.cmake) diff --git a/transupp.c b/transupp.c -index 6e86077..2da49a7 100644 +index 34fbb371..c0ade5a9 100644 --- a/transupp.c +++ b/transupp.c -@@ -1386,7 +1386,7 @@ jt_read_integer(const char **strptr, JDIMENSION *result) +@@ -1388,7 +1388,7 @@ jt_read_integer(const char **strptr, JDIMENSION *result) * This code is loosely based on XParseGeometry from the X11 distribution. */ @@ -45,7 +45,7 @@ index 6e86077..2da49a7 100644 jtransform_parse_crop_spec(jpeg_transform_info *info, const char *spec) { info->crop = FALSE; -@@ -1486,7 +1486,7 @@ trim_bottom_edge(jpeg_transform_info *info, JDIMENSION full_height) +@@ -1488,7 +1488,7 @@ trim_bottom_edge(jpeg_transform_info *info, JDIMENSION full_height) * and transformation is not perfect. Otherwise returns TRUE. */ @@ -54,7 +54,7 @@ index 6e86077..2da49a7 100644 jtransform_request_workspace(j_decompress_ptr srcinfo, jpeg_transform_info *info) { -@@ -2033,7 +2033,7 @@ adjust_exif_parameters(JOCTET *data, unsigned int length, JDIMENSION new_width, +@@ -2035,7 +2035,7 @@ adjust_exif_parameters(JOCTET *data, unsigned int length, JDIMENSION new_width, * to jpeg_write_coefficients(). */ @@ -63,7 +63,7 @@ index 6e86077..2da49a7 100644 jtransform_adjust_parameters(j_decompress_ptr srcinfo, j_compress_ptr dstinfo, jvirt_barray_ptr *src_coef_arrays, jpeg_transform_info *info) -@@ -2152,7 +2152,7 @@ jtransform_adjust_parameters(j_decompress_ptr srcinfo, j_compress_ptr dstinfo, +@@ -2154,7 +2154,7 @@ jtransform_adjust_parameters(j_decompress_ptr srcinfo, j_compress_ptr dstinfo, * Note that some transformations will modify the source data arrays! */ @@ -72,7 +72,7 @@ index 6e86077..2da49a7 100644 jtransform_execute_transform(j_decompress_ptr srcinfo, j_compress_ptr dstinfo, jvirt_barray_ptr *src_coef_arrays, jpeg_transform_info *info) -@@ -2264,7 +2264,7 @@ jtransform_execute_transform(j_decompress_ptr srcinfo, j_compress_ptr dstinfo, +@@ -2266,7 +2266,7 @@ jtransform_execute_transform(j_decompress_ptr srcinfo, j_compress_ptr dstinfo, * (may use custom action then) */ @@ -81,7 +81,7 @@ index 6e86077..2da49a7 100644 jtransform_perfect_transform(JDIMENSION image_width, JDIMENSION image_height, int MCU_width, int MCU_height, JXFORM_CODE transform) -@@ -2303,7 +2303,7 @@ jtransform_perfect_transform(JDIMENSION image_width, JDIMENSION image_height, +@@ -2305,7 +2305,7 @@ jtransform_perfect_transform(JDIMENSION image_width, JDIMENSION image_height, * This must be called before jpeg_read_header() to have the desired effect. */ @@ -90,7 +90,7 @@ index 6e86077..2da49a7 100644 jcopy_markers_setup(j_decompress_ptr srcinfo, JCOPY_OPTION option) { #ifdef SAVE_MARKERS_SUPPORTED -@@ -2331,7 +2331,7 @@ jcopy_markers_setup(j_decompress_ptr srcinfo, JCOPY_OPTION option) +@@ -2337,7 +2337,7 @@ jcopy_markers_setup(j_decompress_ptr srcinfo, JCOPY_OPTION option) * JFIF APP0 or Adobe APP14 markers if selected. */ @@ -100,5 +100,5 @@ index 6e86077..2da49a7 100644 JCOPY_OPTION option) { -- -2.29.2 +2.43.0 diff --git a/pkgs/development/libraries/libjpeg-turbo/default.nix b/pkgs/development/libraries/libjpeg-turbo/default.nix index 711f05779e85..fee28203663b 100644 --- a/pkgs/development/libraries/libjpeg-turbo/default.nix +++ b/pkgs/development/libraries/libjpeg-turbo/default.nix @@ -32,13 +32,13 @@ assert !(enableJpeg7 && enableJpeg8); # pick only one or none, not both stdenv.mkDerivation (finalAttrs: { pname = "libjpeg-turbo"; - version = "2.1.5.1"; + version = "3.0.2"; src = fetchFromGitHub { owner = "libjpeg-turbo"; repo = "libjpeg-turbo"; rev = finalAttrs.version; - sha256 = "sha256-96SBBZp+/4WkXLvHKSPItNi5WuzdVccI/ZcbJOFjYYk="; + hash = "sha256-xHjd0WHN50b75wdWPHUwfmJGsiWKmj+zA59UwakIo74="; }; # This is needed by freeimage From b0b80e15d19e69944d19dd83e1751400300c054a Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Niklas=20Hamb=C3=BCchen?= Date: Sun, 29 Oct 2023 15:00:51 +0000 Subject: [PATCH 160/212] suitesparse: Fix OpenMP build with clang. See #79818 --- .../libraries/science/math/suitesparse/default.nix | 3 +++ pkgs/top-level/all-packages.nix | 4 +++- 2 files changed, 6 insertions(+), 1 deletion(-) diff --git a/pkgs/development/libraries/science/math/suitesparse/default.nix b/pkgs/development/libraries/science/math/suitesparse/default.nix index 45ea5900e286..9561cf2ed779 100644 --- a/pkgs/development/libraries/science/math/suitesparse/default.nix +++ b/pkgs/development/libraries/science/math/suitesparse/default.nix @@ -9,6 +9,7 @@ , config , enableCuda ? config.cudaSupport , cudaPackages +, openmp ? null }: stdenv.mkDerivation rec { @@ -38,6 +39,8 @@ stdenv.mkDerivation rec { gfortran.cc.lib gmp mpfr + ] ++ lib.optionals stdenv.cc.isClang [ + openmp ] ++ lib.optionals enableCuda [ cudaPackages.cuda_cudart.dev cudaPackages.cuda_cudart.lib diff --git a/pkgs/top-level/all-packages.nix b/pkgs/top-level/all-packages.nix index 719594fac6d3..07fb7a2e96bc 100644 --- a/pkgs/top-level/all-packages.nix +++ b/pkgs/top-level/all-packages.nix @@ -39219,7 +39219,9 @@ with pkgs; suitesparse_4_2 = callPackage ../development/libraries/science/math/suitesparse/4.2.nix { }; suitesparse_4_4 = callPackage ../development/libraries/science/math/suitesparse/4.4.nix { }; - suitesparse_5_3 = callPackage ../development/libraries/science/math/suitesparse { }; + suitesparse_5_3 = callPackage ../development/libraries/science/math/suitesparse { + inherit (llvmPackages) openmp; + }; suitesparse = suitesparse_5_3; suitesparse-graphblas = callPackage ../development/libraries/science/math/suitesparse-graphblas { }; From 64fe3481230a2e0788df4556b1b9ee9025b9f483 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Niklas=20Hamb=C3=BCchen?= Date: Sun, 29 Oct 2023 15:01:26 +0000 Subject: [PATCH 161/212] openblas: Fix OpenMP build with clang. See #79818 --- .../libraries/science/math/openblas/default.nix | 7 ++++++- pkgs/top-level/all-packages.nix | 4 +++- 2 files changed, 9 insertions(+), 2 deletions(-) diff --git a/pkgs/development/libraries/science/math/openblas/default.nix b/pkgs/development/libraries/science/math/openblas/default.nix index c5b9f9019e06..4a1e7d9b03cf 100644 --- a/pkgs/development/libraries/science/math/openblas/default.nix +++ b/pkgs/development/libraries/science/math/openblas/default.nix @@ -30,6 +30,7 @@ , octave , opencv , python3 +, openmp ? null }: let blas64_ = blas64; in @@ -179,6 +180,8 @@ stdenv.mkDerivation rec { which ]; + buildInputs = lib.optional (stdenv.cc.isClang && config.USE_OPENMP) openmp; + depsBuildBuild = [ buildPackages.gfortran buildPackages.stdenv.cc @@ -208,7 +211,9 @@ stdenv.mkDerivation rec { # and uses the main make invocation's job count, falling back to 1 if no parallelism is used. # https://github.com/xianyi/OpenBLAS/blob/v0.3.20/getarch.c#L1781-L1792 MAKE_NB_JOBS = 0; - } // (lib.optionalAttrs singleThreaded { + } // (lib.optionalAttrs stdenv.cc.isClang { + LDFLAGS = "-L${lib.getLib buildPackages.gfortran.cc}/lib"; # contains `libgfortran.so`; building with clang needs this, gcc has it implicit + }) // (lib.optionalAttrs singleThreaded { # As described on https://github.com/xianyi/OpenBLAS/wiki/Faq/4bded95e8dc8aadc70ce65267d1093ca7bdefc4c#multi-threaded USE_THREAD = false; USE_LOCKING = true; # available with openblas >= 0.3.7 diff --git a/pkgs/top-level/all-packages.nix b/pkgs/top-level/all-packages.nix index 07fb7a2e96bc..ae67b7d60371 100644 --- a/pkgs/top-level/all-packages.nix +++ b/pkgs/top-level/all-packages.nix @@ -39101,7 +39101,9 @@ with pkgs; notus-scanner = with python3Packages; toPythonApplication notus-scanner; - openblas = callPackage ../development/libraries/science/math/openblas { }; + openblas = callPackage ../development/libraries/science/math/openblas { + inherit (llvmPackages) openmp; + }; # A version of OpenBLAS using 32-bit integers on all platforms for compatibility with # standard BLAS and LAPACK. From c9a40240f06a16d216f7a8d6069d53dd331c81d4 Mon Sep 17 00:00:00 2001 From: Mario Rodas Date: Fri, 2 Feb 2024 04:20:00 +0000 Subject: [PATCH 162/212] grpc: 1.60.0 -> 1.61.0 Diff: https://github.com/grpc/grpc/compare/v1.60.0...v1.61.0 Changelog: https://github.com/grpc/grpc/releases/tag/v1.61.0 --- pkgs/development/libraries/grpc/default.nix | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/pkgs/development/libraries/grpc/default.nix b/pkgs/development/libraries/grpc/default.nix index bcdd9274d091..eddd51f159a8 100644 --- a/pkgs/development/libraries/grpc/default.nix +++ b/pkgs/development/libraries/grpc/default.nix @@ -21,7 +21,7 @@ stdenv.mkDerivation rec { pname = "grpc"; - version = "1.60.0"; # N.B: if you change this, please update: + version = "1.61.0"; # N.B: if you change this, please update: # pythonPackages.grpcio-tools # pythonPackages.grpcio-status @@ -29,7 +29,7 @@ stdenv.mkDerivation rec { owner = "grpc"; repo = "grpc"; rev = "v${version}"; - hash = "sha256-0mn+nQAgaurd1WomzcLUAYwp88l26qGkP+cP1SSYxsE="; + hash = "sha256-NLxcGFQ1F5RLoSFC0XYMjvGXkSWc/vLzgtk5qsOndEo="; fetchSubmodules = true; }; From 0fa5a852b48175275122966465d5cf817e64e859 Mon Sep 17 00:00:00 2001 From: Mario Rodas Date: Fri, 2 Feb 2024 04:20:00 +0000 Subject: [PATCH 163/212] python311Packages.grpcio: 1.60.0 -> 1.60.1 --- pkgs/development/python-modules/grpcio/default.nix | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/pkgs/development/python-modules/grpcio/default.nix b/pkgs/development/python-modules/grpcio/default.nix index 77be060cfd2d..497a4d725e50 100644 --- a/pkgs/development/python-modules/grpcio/default.nix +++ b/pkgs/development/python-modules/grpcio/default.nix @@ -18,11 +18,11 @@ buildPythonPackage rec { pname = "grpcio"; format = "setuptools"; - version = "1.60.0"; + version = "1.60.1"; src = fetchPypi { inherit pname version; - hash = "sha256-IZkWWhr/tmaqJK3wyXQ2aG0KYbxfwRPAN3Aft8f865Y="; + hash = "sha256-3R06jR0uUK2bWeEKp/B8fRvis2fz8tM8X63pbtVGCWI="; }; outputs = [ "out" "dev" ]; From 559446a69107963ff078f3889fdbc3798b6968d5 Mon Sep 17 00:00:00 2001 From: Mario Rodas Date: Fri, 2 Feb 2024 04:20:00 +0000 Subject: [PATCH 164/212] python311Packages.grpcio-tools: 1.60.0 -> 1.60.1 --- pkgs/development/python-modules/grpcio-tools/default.nix | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/pkgs/development/python-modules/grpcio-tools/default.nix b/pkgs/development/python-modules/grpcio-tools/default.nix index 2ab692a2c715..0437e16a8923 100644 --- a/pkgs/development/python-modules/grpcio-tools/default.nix +++ b/pkgs/development/python-modules/grpcio-tools/default.nix @@ -2,12 +2,12 @@ buildPythonPackage rec { pname = "grpcio-tools"; - version = "1.60.0"; + version = "1.60.1"; format = "setuptools"; src = fetchPypi { inherit pname version; - hash = "sha256-7TBJk0AijXM/9p/PSmZZDteSH5TrWiv2kiWLEoC52sc="; + hash = "sha256-2ggiSrhnXG1GS5iL2MoCzM0r8Cdbzu/o9iGb/UpPXoU="; }; postPatch = '' From 1df016d6999f2373789ec293002558d1aa74eda5 Mon Sep 17 00:00:00 2001 From: Mario Rodas Date: Fri, 2 Feb 2024 04:20:00 +0000 Subject: [PATCH 165/212] python311Packages.grpcio-status: 1.60.0 -> 1.60.1 --- pkgs/development/python-modules/grpcio-status/default.nix | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/pkgs/development/python-modules/grpcio-status/default.nix b/pkgs/development/python-modules/grpcio-status/default.nix index a6aaa9e28d5f..fa3f65ebc924 100644 --- a/pkgs/development/python-modules/grpcio-status/default.nix +++ b/pkgs/development/python-modules/grpcio-status/default.nix @@ -9,14 +9,14 @@ buildPythonPackage rec { pname = "grpcio-status"; - version = "1.60.0"; + version = "1.60.1"; format = "setuptools"; disabled = pythonOlder "3.6"; src = fetchPypi { inherit pname version; - hash = "sha256-8Q4LbbOtwP3CRLcZYoFO6YKZbvBhhkRrVpW5+mNaoas="; + hash = "sha256-YbWquJiUmOiqFCwguIgp6l2Q0YwYyFO5+ebUB9N7+LQ="; }; postPatch = '' From 2c0e503c4cb095e3678d682492949cc29b50178f Mon Sep 17 00:00:00 2001 From: Mario Rodas Date: Fri, 2 Feb 2024 04:20:00 +0000 Subject: [PATCH 166/212] python311Packages.grpcio-channelz: 1.60.0 -> 1.60.1 --- pkgs/development/python-modules/grpcio-channelz/default.nix | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/pkgs/development/python-modules/grpcio-channelz/default.nix b/pkgs/development/python-modules/grpcio-channelz/default.nix index 4c66dcc99031..522bf49fafd9 100644 --- a/pkgs/development/python-modules/grpcio-channelz/default.nix +++ b/pkgs/development/python-modules/grpcio-channelz/default.nix @@ -8,12 +8,12 @@ buildPythonPackage rec { pname = "grpcio-channelz"; - version = "1.60.0"; + version = "1.60.1"; format = "setuptools"; src = fetchPypi { inherit pname version; - hash = "sha256-TRTHMDUm50cmFJ0BX1zwd34xCVsuyejqp7hHc33LYKA="; + hash = "sha256-eAYWHTlyThrJ9vTumXPDeEcyk5OC8tfI12K073heF6A="; }; nativeBuildInputs = [ From 1dc3c590290a082a914116780b165d673e825fb4 Mon Sep 17 00:00:00 2001 From: Mario Rodas Date: Fri, 2 Feb 2024 04:20:00 +0000 Subject: [PATCH 167/212] python311Packages.grpcio-health-checking: 1.60.0 -> 1.60.1 --- .../python-modules/grpcio-health-checking/default.nix | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/pkgs/development/python-modules/grpcio-health-checking/default.nix b/pkgs/development/python-modules/grpcio-health-checking/default.nix index 573670a98c30..7873404d6514 100644 --- a/pkgs/development/python-modules/grpcio-health-checking/default.nix +++ b/pkgs/development/python-modules/grpcio-health-checking/default.nix @@ -8,12 +8,12 @@ buildPythonPackage rec { pname = "grpcio-health-checking"; - version = "1.60.0"; + version = "1.60.1"; format = "setuptools"; src = fetchPypi { inherit pname version; - hash = "sha256-R4tTAHeBIP7Z9tE01ysVeln5wGaJeJIYy/9H+vyi8Rk="; + hash = "sha256-fC5Izp1b2xmtV7er40ONR+verVB4ZpORQHILPijGJbM="; }; propagatedBuildInputs = [ From 6187ac4319ad0f206fd62eb6adef337bad62e4c4 Mon Sep 17 00:00:00 2001 From: Mario Rodas Date: Fri, 2 Feb 2024 04:20:00 +0000 Subject: [PATCH 168/212] python311Packages.grpcio-testing: 1.60.0 -> 1.60.1 --- pkgs/development/python-modules/grpcio-testing/default.nix | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/pkgs/development/python-modules/grpcio-testing/default.nix b/pkgs/development/python-modules/grpcio-testing/default.nix index 1d0f47a5c9e1..2fc0e47dd29c 100644 --- a/pkgs/development/python-modules/grpcio-testing/default.nix +++ b/pkgs/development/python-modules/grpcio-testing/default.nix @@ -9,14 +9,14 @@ buildPythonPackage rec { pname = "grpcio-testing"; - version = "1.60.0"; + version = "1.60.1"; format = "setuptools"; disabled = pythonOlder "3.7"; src = fetchPypi { inherit pname version; - hash = "sha256-XF+za8O9x4m/8ewEBQG5reoPiK64vh7VyA1oic0Jq0A="; + hash = "sha256-vvrZX0fes/OTTr1VEpl0jqo/Y+44btlq1pemZFNWixc="; }; postPatch = '' From b1328ab69bccca2678f6ceec8aadac4d146f891b Mon Sep 17 00:00:00 2001 From: jopejoe1 Date: Fri, 2 Feb 2024 09:58:16 +0100 Subject: [PATCH 169/212] ffmpeg: sort features --- pkgs/development/libraries/ffmpeg/generic.nix | 72 +++++++++---------- 1 file changed, 36 insertions(+), 36 deletions(-) diff --git a/pkgs/development/libraries/ffmpeg/generic.nix b/pkgs/development/libraries/ffmpeg/generic.nix index 436715478945..83c029dd6fe1 100644 --- a/pkgs/development/libraries/ffmpeg/generic.nix +++ b/pkgs/development/libraries/ffmpeg/generic.nix @@ -454,13 +454,19 @@ stdenv.mkDerivation (finalAttrs: { * External libraries */ (enableFeature withAlsa "alsa") + (enableFeature withAom "libaom") # FIXME: see if jellyfin-ffmpeg is already on a version >= 6.1 to use enableFeature (optionalString (withAribcaption && lib.versionAtLeast finalAttrs.version "6.1") "--enable-libaribcaption") + (enableFeature withAss "libass") + (enableFeature withBluray "libbluray") + (enableFeature withBs2b "libbs2b") (enableFeature withBzlib "bzlib") (enableFeature withCelt "libcelt") (enableFeature withCuda "cuda") (enableFeature withCudaLLVM "cuda-llvm") (enableFeature withDav1d "libdav1d") + (enableFeature withDc1394 "libdc1394") + (enableFeature withDrm "libdrm") (enableFeature withFdkAac "libfdk-aac") "--disable-libflite" # Force disable until a solution is found (enableFeature withFontconfig "fontconfig") @@ -470,41 +476,15 @@ stdenv.mkDerivation (finalAttrs: { (enableFeature withGme "libgme") (enableFeature withGnutls "gnutls") (enableFeature withGsm "libgsm") - (enableFeature withLadspa "ladspa") - (enableFeature withMp3lame "libmp3lame") - (enableFeature withAom "libaom") - (enableFeature withAss "libass") - (enableFeature withBluray "libbluray") - (enableFeature withBs2b "libbs2b") - (enableFeature withDc1394 "libdc1394") - (enableFeature withDrm "libdrm") (enableFeature withIconv "iconv") (enableFeature withJack "libjack") + (enableFeature withLadspa "ladspa") + (optionalString (versionAtLeast finalAttrs.version "5.0" && withLibplacebo) "--enable-libplacebo") + (enableFeature withLzma "lzma") (enableFeature withMfx "libmfx") (enableFeature withModplug "libmodplug") + (enableFeature withMp3lame "libmp3lame") (enableFeature withMysofa "libmysofa") - (enableFeature withOpus "libopus") - (optionalString (versionAtLeast finalAttrs.version "5.0" && withLibplacebo) "--enable-libplacebo") - (enableFeature withSvg "librsvg") - (enableFeature withSrt "libsrt") - (enableFeature withSsh "libssh") - (enableFeature withTensorflow "libtensorflow") - (enableFeature withTheora "libtheora") - (enableFeature withV4l2 "libv4l2") - (enableFeature withV4l2M2m "v4l2-m2m") - (enableFeature withVaapi "vaapi") - (enableFeature withVdpau "vdpau") - (enableFeature withVorbis "libvorbis") - (enableFeature withVmaf "libvmaf") - (enableFeature withVpx "libvpx") - (enableFeature withWebp "libwebp") - (enableFeature withXlib "xlib") - (enableFeature withXcb "libxcb") - (enableFeature withXcbShm "libxcb-shm") - (enableFeature withXcbxfixes "libxcb-xfixes") - (enableFeature withXcbShape "libxcb-shape") - (enableFeature withXml2 "libxml2") - (enableFeature withLzma "lzma") (enableFeature withNvdec "cuvid") (enableFeature withNvdec "nvdec") (enableFeature withNvenc "nvenc") @@ -515,25 +495,45 @@ stdenv.mkDerivation (finalAttrs: { (enableFeature withOpenh264 "libopenh264") (enableFeature withOpenjpeg "libopenjpeg") (enableFeature withOpenmpt "libopenmpt") + (enableFeature withOpus "libopus") (enableFeature withPulse "libpulse") (enableFeature withRav1e "librav1e") - (enableFeature withSvtav1 "libsvtav1") (enableFeature withRtmp "librtmp") + (enableFeature withSamba "libsmbclient") (enableFeature withSdl2 "sdl2") + (optionalString (lib.versionAtLeast finalAttrs.version "5") (enableFeature withShaderc "libshaderc")) (enableFeature withSoxr "libsoxr") (enableFeature withSpeex "libspeex") + (enableFeature withSrt "libsrt") + (enableFeature withSsh "libssh") + (enableFeature withSvg "librsvg") + (enableFeature withSvtav1 "libsvtav1") + (enableFeature withTensorflow "libtensorflow") + (enableFeature withTheora "libtheora") + (enableFeature withV4l2 "libv4l2") + (enableFeature withV4l2M2m "v4l2-m2m") + (enableFeature withVaapi "vaapi") + (enableFeature withVdpau "vdpau") (enableFeature withVidStab "libvidstab") # Actual min. version 2.0 + (enableFeature withVmaf "libvmaf") (enableFeature withVoAmrwbenc "libvo-amrwbenc") + (enableFeature withVorbis "libvorbis") + (enableFeature withVpx "libvpx") + (enableFeature withVulkan "vulkan") + (enableFeature withWebp "libwebp") (enableFeature withX264 "libx264") (enableFeature withX265 "libx265") (enableFeature withXavs "libxavs") + (enableFeature withXcb "libxcb") + (enableFeature withXcbShape "libxcb-shape") + (enableFeature withXcbShm "libxcb-shm") + (enableFeature withXcbxfixes "libxcb-xfixes") + (enableFeature withXlib "xlib") + (enableFeature withXml2 "libxml2") (enableFeature withXvid "libxvid") - (enableFeature withZmq "libzmq") (enableFeature withZimg "libzimg") (enableFeature withZlib "zlib") - (enableFeature withVulkan "vulkan") - (optionalString (lib.versionAtLeast finalAttrs.version "5") (enableFeature withShaderc "libshaderc")) - (enableFeature withSamba "libsmbclient") + (enableFeature withZmq "libzmq") /* * Developer flags */ @@ -618,6 +618,7 @@ stdenv.mkDerivation (finalAttrs: { ++ optionals withSvtav1 [ svt-av1 ] ++ optionals withTensorflow [ libtensorflow ] ++ optionals withTheora [ libtheora ] + ++ optionals withV4l2 [ libv4l ] ++ optionals withVaapi [ (if withSmallDeps then libva else libva-minimal) ] ++ optionals withVdpau [ libvdpau ] ++ optionals withVidStab [ vid-stab ] @@ -625,7 +626,6 @@ stdenv.mkDerivation (finalAttrs: { ++ optionals withVoAmrwbenc [ vo-amrwbenc ] ++ optionals withVorbis [ libvorbis ] ++ optionals withVpx [ libvpx ] - ++ optionals withV4l2 [ libv4l ] ++ optionals withVulkan [ vulkan-headers vulkan-loader ] ++ optionals withWebp [ libwebp ] ++ optionals withX264 [ x264 ] From 1b22bac1745e831e7a3abc805b78b4a99facaa34 Mon Sep 17 00:00:00 2001 From: jopejoe1 Date: Fri, 2 Feb 2024 09:59:46 +0100 Subject: [PATCH 170/212] ffmpeg: rename withLibplacebo to withPlacebo --- pkgs/development/libraries/ffmpeg/generic.nix | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/pkgs/development/libraries/ffmpeg/generic.nix b/pkgs/development/libraries/ffmpeg/generic.nix index 83c029dd6fe1..846c36c0f585 100644 --- a/pkgs/development/libraries/ffmpeg/generic.nix +++ b/pkgs/development/libraries/ffmpeg/generic.nix @@ -50,7 +50,6 @@ , withIconv ? withHeadlessDeps , withJack ? withFullDeps && !stdenv.isDarwin # Jack audio , withLadspa ? withFullDeps # LADSPA audio filtering -, withLibplacebo ? withFullDeps && !stdenv.isDarwin # libplacebo video processing library , withLzma ? withHeadlessDeps # xz-utils , withMfx ? withFullDeps && (with stdenv.hostPlatform; isLinux && !isAarch) # Hardware acceleration via intel-media-sdk/libmfx , withModplug ? withFullDeps && !stdenv.isDarwin # ModPlug support @@ -67,6 +66,7 @@ , withOpenjpeg ? withFullDeps # JPEG 2000 de/encoder , withOpenmpt ? withFullDeps # Tracked music files decoder , withOpus ? withHeadlessDeps # Opus de/encoder +, withPlacebo ? withFullDeps && !stdenv.isDarwin # libplacebo video processing library , withPulse ? withSmallDeps && !stdenv.isDarwin # Pulseaudio input support , withRav1e ? withFullDeps # AV1 encoder (focused on speed and safety) , withRtmp ? false # RTMP[E] support @@ -479,7 +479,6 @@ stdenv.mkDerivation (finalAttrs: { (enableFeature withIconv "iconv") (enableFeature withJack "libjack") (enableFeature withLadspa "ladspa") - (optionalString (versionAtLeast finalAttrs.version "5.0" && withLibplacebo) "--enable-libplacebo") (enableFeature withLzma "lzma") (enableFeature withMfx "libmfx") (enableFeature withModplug "libmodplug") @@ -496,6 +495,7 @@ stdenv.mkDerivation (finalAttrs: { (enableFeature withOpenjpeg "libopenjpeg") (enableFeature withOpenmpt "libopenmpt") (enableFeature withOpus "libopus") + (optionalString (versionAtLeast finalAttrs.version "5.0" && withPlacebo) "--enable-libplacebo") (enableFeature withPulse "libpulse") (enableFeature withRav1e "librav1e") (enableFeature withRtmp "librtmp") @@ -589,7 +589,6 @@ stdenv.mkDerivation (finalAttrs: { ++ optionals withIconv [ libiconv ] # On Linux this should be in libc, do we really need it? ++ optionals withJack [ libjack2 ] ++ optionals withLadspa [ ladspaH ] - ++ optionals withLibplacebo [ (if (lib.versionAtLeast finalAttrs.version "6.1") then libplacebo else libplacebo_5) vulkan-headers ] ++ optionals withLzma [ xz ] ++ optionals withMfx [ intel-media-sdk ] ++ optionals withModplug [ libmodplug ] @@ -604,6 +603,7 @@ stdenv.mkDerivation (finalAttrs: { ++ optionals withOpenjpeg [ openjpeg ] ++ optionals withOpenmpt [ libopenmpt ] ++ optionals withOpus [ libopus ] + ++ optionals withPlacebo [ (if (lib.versionAtLeast finalAttrs.version "6.1") then libplacebo else libplacebo_5) vulkan-headers ] ++ optionals withPulse [ libpulseaudio ] ++ optionals withRav1e [ rav1e ] ++ optionals withRtmp [ rtmpdump ] From 1cb111b48902f74765eb6354332dbd83a4a175bc Mon Sep 17 00:00:00 2001 From: jopejoe1 Date: Fri, 2 Feb 2024 10:00:50 +0100 Subject: [PATCH 171/212] ffmpeg: move version specific options to enableFeature --- pkgs/development/libraries/ffmpeg/generic.nix | 13 +++++++++---- 1 file changed, 9 insertions(+), 4 deletions(-) diff --git a/pkgs/development/libraries/ffmpeg/generic.nix b/pkgs/development/libraries/ffmpeg/generic.nix index 846c36c0f585..63a83cd3f6fe 100644 --- a/pkgs/development/libraries/ffmpeg/generic.nix +++ b/pkgs/development/libraries/ffmpeg/generic.nix @@ -455,8 +455,9 @@ stdenv.mkDerivation (finalAttrs: { */ (enableFeature withAlsa "alsa") (enableFeature withAom "libaom") - # FIXME: see if jellyfin-ffmpeg is already on a version >= 6.1 to use enableFeature - (optionalString (withAribcaption && lib.versionAtLeast finalAttrs.version "6.1") "--enable-libaribcaption") + ] ++ optionals (versionAtLeast finalAttrs.version "6.1") [ + (enableFeature withAribcaption "libaribcaption") + ] ++ [ (enableFeature withAss "libass") (enableFeature withBluray "libbluray") (enableFeature withBs2b "libbs2b") @@ -495,13 +496,17 @@ stdenv.mkDerivation (finalAttrs: { (enableFeature withOpenjpeg "libopenjpeg") (enableFeature withOpenmpt "libopenmpt") (enableFeature withOpus "libopus") - (optionalString (versionAtLeast finalAttrs.version "5.0" && withPlacebo) "--enable-libplacebo") + ] ++ optionals (versionAtLeast finalAttrs.version "5.0") [ + (enableFeature withPlacebo "libplacebo") + ] ++ [ (enableFeature withPulse "libpulse") (enableFeature withRav1e "librav1e") (enableFeature withRtmp "librtmp") (enableFeature withSamba "libsmbclient") (enableFeature withSdl2 "sdl2") - (optionalString (lib.versionAtLeast finalAttrs.version "5") (enableFeature withShaderc "libshaderc")) + ] ++ optionals (versionAtLeast finalAttrs.version "5.0") [ + (enableFeature withShaderc "libshaderc") + ] ++ [ (enableFeature withSoxr "libsoxr") (enableFeature withSpeex "libspeex") (enableFeature withSrt "libsrt") From 48b20da0fbc133dd43e5ee7d48f7eaab24f3548f Mon Sep 17 00:00:00 2001 From: jopejoe1 Date: Fri, 2 Feb 2024 10:02:04 +0100 Subject: [PATCH 172/212] ffmpeg: turn libflite into option --- pkgs/development/libraries/ffmpeg/generic.nix | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/pkgs/development/libraries/ffmpeg/generic.nix b/pkgs/development/libraries/ffmpeg/generic.nix index 63a83cd3f6fe..a17171422913 100644 --- a/pkgs/development/libraries/ffmpeg/generic.nix +++ b/pkgs/development/libraries/ffmpeg/generic.nix @@ -40,6 +40,7 @@ , withDc1394 ? withFullDeps && !stdenv.isDarwin # IIDC-1394 grabbing (ieee 1394) , withDrm ? withHeadlessDeps && (with stdenv; isLinux || isFreeBSD) # libdrm support , withFdkAac ? withFullDeps && withUnfree # Fraunhofer FDK AAC de/encoder +, withFlite ? withFullDeps # Voice Synthesis , withFontconfig ? withHeadlessDeps # Needed for drawtext filter , withFreetype ? withHeadlessDeps # Needed for drawtext filter , withFrei0r ? withFullDeps && withGPL # frei0r video filtering @@ -190,6 +191,7 @@ , clang , dav1d , fdk_aac +, flite , fontconfig , freetype , frei0r @@ -469,7 +471,7 @@ stdenv.mkDerivation (finalAttrs: { (enableFeature withDc1394 "libdc1394") (enableFeature withDrm "libdrm") (enableFeature withFdkAac "libfdk-aac") - "--disable-libflite" # Force disable until a solution is found + (enableFeature withFlite "libflite") (enableFeature withFontconfig "fontconfig") (enableFeature withFreetype "libfreetype") (enableFeature withFrei0r "frei0r") @@ -584,6 +586,7 @@ stdenv.mkDerivation (finalAttrs: { ++ optionals withDc1394 [ libdc1394 libraw1394 ] ++ optionals withDrm [ libdrm ] ++ optionals withFdkAac [ fdk_aac ] + ++ optionals withFlite [ flite ] ++ optionals withFontconfig [ fontconfig ] ++ optionals withFreetype [ freetype ] ++ optionals withFrei0r [ frei0r ] From f28414a6d1da3ab10851791f56521df4639d3c15 Mon Sep 17 00:00:00 2001 From: jopejoe1 Date: Fri, 2 Feb 2024 10:03:59 +0100 Subject: [PATCH 173/212] ffmpeg: move chromaprint from jellyfin version into regular version --- pkgs/development/libraries/ffmpeg/generic.nix | 4 ++++ pkgs/development/libraries/jellyfin-ffmpeg/default.nix | 4 ---- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/pkgs/development/libraries/ffmpeg/generic.nix b/pkgs/development/libraries/ffmpeg/generic.nix index a17171422913..ab77c9be9271 100644 --- a/pkgs/development/libraries/ffmpeg/generic.nix +++ b/pkgs/development/libraries/ffmpeg/generic.nix @@ -34,6 +34,7 @@ , withBzlib ? withHeadlessDeps , withCaca ? withFullDeps # Textual display (ASCII art) , withCelt ? withFullDeps # CELT decoder +, withChromaprint ? withFullDeps # Audio fingerprinting , withCuda ? withFullDeps && (with stdenv; (!isDarwin && !hostPlatform.isAarch && !hostPlatform.isRiscV)) , withCudaLLVM ? withFullDeps , withDav1d ? withHeadlessDeps # AV1 decoder (focused on speed and correctness) @@ -188,6 +189,7 @@ , alsa-lib , bzip2 , celt +, chromaprint , clang , dav1d , fdk_aac @@ -465,6 +467,7 @@ stdenv.mkDerivation (finalAttrs: { (enableFeature withBs2b "libbs2b") (enableFeature withBzlib "bzlib") (enableFeature withCelt "libcelt") + (enableFeature withChromaprint "chromaprint") (enableFeature withCuda "cuda") (enableFeature withCudaLLVM "cuda-llvm") (enableFeature withDav1d "libdav1d") @@ -582,6 +585,7 @@ stdenv.mkDerivation (finalAttrs: { ++ optionals withBzlib [ bzip2 ] ++ optionals withCaca [ libcaca ] ++ optionals withCelt [ celt ] + ++ optionals withChromaprint [ chromaprint ] ++ optionals withDav1d [ dav1d ] ++ optionals withDc1394 [ libdc1394 libraw1394 ] ++ optionals withDrm [ libdrm ] diff --git a/pkgs/development/libraries/jellyfin-ffmpeg/default.nix b/pkgs/development/libraries/jellyfin-ffmpeg/default.nix index 942f23cb10e6..64f9af046bd2 100644 --- a/pkgs/development/libraries/jellyfin-ffmpeg/default.nix +++ b/pkgs/development/libraries/jellyfin-ffmpeg/default.nix @@ -1,5 +1,4 @@ { ffmpeg_6-full -, chromaprint , fetchFromGitHub , lib }: @@ -18,12 +17,9 @@ ffmpeg_6-full.overrideAttrs (old: rec { # Clobber upstream patches as they don't apply to the Jellyfin fork patches = []; - buildInputs = old.buildInputs ++ [ chromaprint ]; - configureFlags = old.configureFlags ++ [ "--extra-version=Jellyfin" "--disable-ptx-compression" # https://github.com/jellyfin/jellyfin/issues/7944#issuecomment-1156880067 - "--enable-chromaprint" ]; postPatch = '' From b22414ea35c2dfcd5e07c1b8c0de2709fdc12291 Mon Sep 17 00:00:00 2001 From: Martin Weinelt Date: Wed, 31 Jan 2024 00:42:02 +0100 Subject: [PATCH 174/212] cpython: unpin legacy openssl Various packages failed to build due to the removal of hashes like MD5, but they now work or have been dropped. --- .../interpreters/python/cpython/default.nix | 13 ++++--------- 1 file changed, 4 insertions(+), 9 deletions(-) diff --git a/pkgs/development/interpreters/python/cpython/default.nix b/pkgs/development/interpreters/python/cpython/default.nix index 8e13ed51bc74..a1fc48850e23 100644 --- a/pkgs/development/interpreters/python/cpython/default.nix +++ b/pkgs/development/interpreters/python/cpython/default.nix @@ -7,7 +7,6 @@ , mailcap, mimetypesSupport ? true , ncurses , openssl -, openssl_legacy , readline , sqlite , tcl ? null, tk ? null, tix ? null, libX11 ? null, xorgproto ? null, x11Support ? false @@ -87,10 +86,6 @@ assert lib.assertMsg (reproducibleBuild -> (!rebuildBytecode)) with lib; let - # some python packages need legacy ciphers, so we're using openssl 3, but with that config - # null check for Minimal - openssl' = if openssl != null then openssl_legacy else null; - buildPackages = pkgsBuildHost; inherit (passthru) pythonOnBuildForHost; @@ -137,7 +132,7 @@ let ++ optional withGdbm gdbm ++ [ sqlite ] ++ optional withReadline readline - ++ [ ncurses openssl' ] + ++ [ ncurses openssl ] ++ optionals x11Support [ tcl tk libX11 xorgproto ] ++ optionals (bluezSupport && stdenv.isLinux) [ bluez ] ++ optionals stdenv.isDarwin [ configd ]) @@ -360,8 +355,8 @@ in with passthru; stdenv.mkDerivation (finalAttrs: { "--with-threads" ] ++ optionals (sqlite != null && isPy3k) [ "--enable-loadable-sqlite-extensions" - ] ++ optionals (openssl' != null) [ - "--with-openssl=${openssl'.dev}" + ] ++ optionals (openssl != null) [ + "--with-openssl=${openssl.dev}" ] ++ optionals (libxcrypt != null) [ "CFLAGS=-I${libxcrypt}/include" "LIBS=-L${libxcrypt}/lib" @@ -557,7 +552,7 @@ in with passthru; stdenv.mkDerivation (finalAttrs: { # Enforce that we don't have references to the OpenSSL -dev package, which we # explicitly specify in our configure flags above. disallowedReferences = - lib.optionals (openssl' != null && !static && !enableFramework) [ openssl'.dev ] + lib.optionals (openssl != null && !static && !enableFramework) [ openssl.dev ] ++ lib.optionals (stdenv.hostPlatform != stdenv.buildPlatform) [ # Ensure we don't have references to build-time packages. # These typically end up in shebangs. From f2f4cf0515fcbfe584efa3de116c38cdb4f1b6be Mon Sep 17 00:00:00 2001 From: Martin Weinelt Date: Wed, 31 Jan 2024 01:14:55 +0100 Subject: [PATCH 175/212] cpython: resolve substituteStream --replace deprecation --- .../interpreters/python/cpython/default.nix | 15 ++++++++------- 1 file changed, 8 insertions(+), 7 deletions(-) diff --git a/pkgs/development/interpreters/python/cpython/default.nix b/pkgs/development/interpreters/python/cpython/default.nix index a1fc48850e23..716dcbe97bd0 100644 --- a/pkgs/development/interpreters/python/cpython/default.nix +++ b/pkgs/development/interpreters/python/cpython/default.nix @@ -237,10 +237,10 @@ in with passthru; stdenv.mkDerivation (finalAttrs: { prePatch = optionalString stdenv.isDarwin '' - substituteInPlace configure --replace '`/usr/bin/arch`' '"i386"' + substituteInPlace configure --replace-fail '`/usr/bin/arch`' '"i386"' '' + optionalString (pythonOlder "3.9" && stdenv.isDarwin && x11Support) '' # Broken on >= 3.9; replaced with ./3.9/darwin-tcl-tk.patch - substituteInPlace setup.py --replace /Library/Frameworks /no-such-path + substituteInPlace setup.py --replace-fail /Library/Frameworks /no-such-path ''; patches = optionals (version == "3.10.9") [ @@ -318,12 +318,12 @@ in with passthru; stdenv.mkDerivation (finalAttrs: { postPatch = optionalString (!stdenv.hostPlatform.isWindows) '' substituteInPlace Lib/subprocess.py \ - --replace "'/bin/sh'" "'${bash}/bin/sh'" + --replace-fail "'/bin/sh'" "'${bash}/bin/sh'" '' + optionalString mimetypesSupport '' substituteInPlace Lib/mimetypes.py \ - --replace "@mime-types@" "${mailcap}" + --replace-fail "@mime-types@" "${mailcap}" '' + optionalString (pythonOlder "3.13" && x11Support && (tix != null)) '' - substituteInPlace "Lib/tkinter/tix.py" --replace "os.environ.get('TIX_LIBRARY')" "os.environ.get('TIX_LIBRARY') or '${tix}/lib'" + substituteInPlace "Lib/tkinter/tix.py" --replace-fail "os.environ.get('TIX_LIBRARY')" "os.environ.get('TIX_LIBRARY') or '${tix}/lib'" ''; env = { @@ -394,8 +394,9 @@ in with passthru; stdenv.mkDerivation (finalAttrs: { ++ optional (execSuffix != "") "--with-suffix=${execSuffix}"; preConfigure = optionalString (pythonOlder "3.12") '' - for i in /usr /sw /opt /pkg; do # improve purity - substituteInPlace ./setup.py --replace $i /no-such-path + # Improve purity + for path in /usr /sw /opt /pkg; do + substituteInPlace ./setup.py --replace-warn $path /no-such-path done '' + optionalString stdenv.isDarwin '' # Override the auto-detection in setup.py, which assumes a universal build From 97625d0307db3db59b09f4122717cdaed7adc926 Mon Sep 17 00:00:00 2001 From: Martin Weinelt Date: Wed, 31 Jan 2024 01:16:04 +0100 Subject: [PATCH 176/212] cpython: prune patches and configure flags - Using the system-provided ffi has been the default since 3.6 --- .../cpython/3.10/asyncio-deprecation.patch | 598 ------------------ .../interpreters/python/cpython/default.nix | 25 +- 2 files changed, 1 insertion(+), 622 deletions(-) delete mode 100644 pkgs/development/interpreters/python/cpython/3.10/asyncio-deprecation.patch diff --git a/pkgs/development/interpreters/python/cpython/3.10/asyncio-deprecation.patch b/pkgs/development/interpreters/python/cpython/3.10/asyncio-deprecation.patch deleted file mode 100644 index 656e4eb6a4cb..000000000000 --- a/pkgs/development/interpreters/python/cpython/3.10/asyncio-deprecation.patch +++ /dev/null @@ -1,598 +0,0 @@ -REVERT https://github.com/python/cpython/commit/300d812fd1c4d9244e71de0d228cc72439d312a7 ---- b/Doc/library/asyncio-eventloop.rst -+++ a/Doc/library/asyncio-eventloop.rst -@@ -43,12 +43,10 @@ - - Get the current event loop. - -+ If there is no current event loop set in the current OS thread, -+ the OS thread is main, and :func:`set_event_loop` has not yet -+ been called, asyncio will create a new event loop and set it as the -+ current one. -- When called from a coroutine or a callback (e.g. scheduled with -- call_soon or similar API), this function will always return the -- running event loop. -- -- If there is no running event loop set, the function will return -- the result of ``get_event_loop_policy().get_event_loop()`` call. - - Because this function has rather complex behavior (especially - when custom event loop policies are in use), using the -@@ -60,14 +58,10 @@ - event loop. - - .. deprecated:: 3.10 -+ Emits a deprecation warning if there is no running event loop. -+ In future Python releases, this function may become an alias of -+ :func:`get_running_loop` and will accordingly raise a -+ :exc:`RuntimeError` if there is no running event loop. -- Deprecation warning is emitted if there is no current event loop. -- In Python 3.12 it will be an error. -- -- .. note:: -- In Python versions 3.10.0--3.10.8 this function -- (and other functions which used it implicitly) emitted a -- :exc:`DeprecationWarning` if there was no running event loop, even if -- the current loop was set. - - .. function:: set_event_loop(loop) - -reverted: ---- b/Doc/library/asyncio-llapi-index.rst -+++ a/Doc/library/asyncio-llapi-index.rst -@@ -19,7 +19,7 @@ - - The **preferred** function to get the running event loop. - - * - :func:`asyncio.get_event_loop` -+ - Get an event loop instance (current or via the policy). -- - Get an event loop instance (running or current via the current policy). - - * - :func:`asyncio.set_event_loop` - - Set the event loop as current via the current policy. -reverted: ---- b/Doc/library/asyncio-policy.rst -+++ a/Doc/library/asyncio-policy.rst -@@ -112,11 +112,6 @@ - - On Windows, :class:`ProactorEventLoop` is now used by default. - -- .. deprecated:: 3.10.9 -- :meth:`get_event_loop` now emits a :exc:`DeprecationWarning` if there -- is no current event loop set and a new event loop has been implicitly -- created. In Python 3.12 it will be an error. -- - - .. class:: WindowsSelectorEventLoopPolicy - -reverted: ---- b/Lib/asyncio/events.py -+++ a/Lib/asyncio/events.py -@@ -650,21 +650,6 @@ - if (self._local._loop is None and - not self._local._set_called and - threading.current_thread() is threading.main_thread()): -- stacklevel = 2 -- try: -- f = sys._getframe(1) -- except AttributeError: -- pass -- else: -- while f: -- module = f.f_globals.get('__name__') -- if not (module == 'asyncio' or module.startswith('asyncio.')): -- break -- f = f.f_back -- stacklevel += 1 -- import warnings -- warnings.warn('There is no current event loop', -- DeprecationWarning, stacklevel=stacklevel) - self.set_event_loop(self.new_event_loop()) - - if self._local._loop is None: -@@ -778,13 +763,12 @@ - - - def _get_event_loop(stacklevel=3): -- # This internal method is going away in Python 3.12, left here only for -- # backwards compatibility with 3.10.0 - 3.10.8 and 3.11.0. -- # Similarly, this method's C equivalent in _asyncio is going away as well. -- # See GH-99949 for more details. - current_loop = _get_running_loop() - if current_loop is not None: - return current_loop -+ import warnings -+ warnings.warn('There is no current event loop', -+ DeprecationWarning, stacklevel=stacklevel) - return get_event_loop_policy().get_event_loop() - - -reverted: ---- b/Lib/test/test_asyncio/test_base_events.py -+++ a/Lib/test/test_asyncio/test_base_events.py -@@ -752,7 +752,7 @@ - def test_env_var_debug(self): - code = '\n'.join(( - 'import asyncio', -+ 'loop = asyncio.get_event_loop()', -- 'loop = asyncio.new_event_loop()', - 'print(loop.get_debug())')) - - # Test with -E to not fail if the unit test was run with -reverted: ---- b/Lib/test/test_asyncio/test_events.py -+++ a/Lib/test/test_asyncio/test_events.py -@@ -2561,9 +2561,8 @@ - def test_get_event_loop(self): - policy = asyncio.DefaultEventLoopPolicy() - self.assertIsNone(policy._local._loop) -+ -+ loop = policy.get_event_loop() -- with self.assertWarns(DeprecationWarning) as cm: -- loop = policy.get_event_loop() -- self.assertEqual(cm.filename, __file__) - self.assertIsInstance(loop, asyncio.AbstractEventLoop) - - self.assertIs(policy._local._loop, loop) -@@ -2577,10 +2576,7 @@ - policy, "set_event_loop", - wraps=policy.set_event_loop) as m_set_event_loop: - -+ loop = policy.get_event_loop() -- with self.assertWarns(DeprecationWarning) as cm: -- loop = policy.get_event_loop() -- self.addCleanup(loop.close) -- self.assertEqual(cm.filename, __file__) - - # policy._local._loop must be set through .set_event_loop() - # (the unix DefaultEventLoopPolicy needs this call to attach -@@ -2614,8 +2610,7 @@ - - def test_set_event_loop(self): - policy = asyncio.DefaultEventLoopPolicy() -+ old_loop = policy.get_event_loop() -- old_loop = policy.new_event_loop() -- policy.set_event_loop(old_loop) - - self.assertRaises(AssertionError, policy.set_event_loop, object()) - -@@ -2728,11 +2723,15 @@ - asyncio.set_event_loop_policy(Policy()) - loop = asyncio.new_event_loop() - -+ with self.assertWarns(DeprecationWarning) as cm: -+ with self.assertRaises(TestError): -+ asyncio.get_event_loop() -+ self.assertEqual(cm.warnings[0].filename, __file__) -- with self.assertRaises(TestError): -- asyncio.get_event_loop() - asyncio.set_event_loop(None) -+ with self.assertWarns(DeprecationWarning) as cm: -+ with self.assertRaises(TestError): -+ asyncio.get_event_loop() -+ self.assertEqual(cm.warnings[0].filename, __file__) -- with self.assertRaises(TestError): -- asyncio.get_event_loop() - - with self.assertRaisesRegex(RuntimeError, 'no running'): - asyncio.get_running_loop() -@@ -2746,11 +2745,16 @@ - loop.run_until_complete(func()) - - asyncio.set_event_loop(loop) -+ with self.assertWarns(DeprecationWarning) as cm: -+ with self.assertRaises(TestError): -+ asyncio.get_event_loop() -+ self.assertEqual(cm.warnings[0].filename, __file__) -+ -- with self.assertRaises(TestError): -- asyncio.get_event_loop() - asyncio.set_event_loop(None) -+ with self.assertWarns(DeprecationWarning) as cm: -+ with self.assertRaises(TestError): -+ asyncio.get_event_loop() -+ self.assertEqual(cm.warnings[0].filename, __file__) -- with self.assertRaises(TestError): -- asyncio.get_event_loop() - - finally: - asyncio.set_event_loop_policy(old_policy) -@@ -2774,8 +2778,10 @@ - self.addCleanup(loop2.close) - self.assertEqual(cm.warnings[0].filename, __file__) - asyncio.set_event_loop(None) -+ with self.assertWarns(DeprecationWarning) as cm: -+ with self.assertRaisesRegex(RuntimeError, 'no current'): -+ asyncio.get_event_loop() -+ self.assertEqual(cm.warnings[0].filename, __file__) -- with self.assertRaisesRegex(RuntimeError, 'no current'): -- asyncio.get_event_loop() - - with self.assertRaisesRegex(RuntimeError, 'no running'): - asyncio.get_running_loop() -@@ -2789,11 +2795,15 @@ - loop.run_until_complete(func()) - - asyncio.set_event_loop(loop) -+ with self.assertWarns(DeprecationWarning) as cm: -+ self.assertIs(asyncio.get_event_loop(), loop) -+ self.assertEqual(cm.warnings[0].filename, __file__) -- self.assertIs(asyncio.get_event_loop(), loop) - - asyncio.set_event_loop(None) -+ with self.assertWarns(DeprecationWarning) as cm: -+ with self.assertRaisesRegex(RuntimeError, 'no current'): -+ asyncio.get_event_loop() -+ self.assertEqual(cm.warnings[0].filename, __file__) -- with self.assertRaisesRegex(RuntimeError, 'no current'): -- asyncio.get_event_loop() - - finally: - asyncio.set_event_loop_policy(old_policy) -reverted: ---- b/Lib/test/test_asyncio/test_futures.py -+++ a/Lib/test/test_asyncio/test_futures.py -@@ -145,8 +145,10 @@ - self.assertTrue(f.cancelled()) - - def test_constructor_without_loop(self): -+ with self.assertWarns(DeprecationWarning) as cm: -+ with self.assertRaisesRegex(RuntimeError, 'There is no current event loop'): -+ self._new_future() -+ self.assertEqual(cm.warnings[0].filename, __file__) -- with self.assertRaisesRegex(RuntimeError, 'no current event loop'): -- self._new_future() - - def test_constructor_use_running_loop(self): - async def test(): -@@ -156,10 +158,12 @@ - self.assertIs(f.get_loop(), self.loop) - - def test_constructor_use_global_loop(self): -+ # Deprecated in 3.10 -- # Deprecated in 3.10, undeprecated in 3.11.1 - asyncio.set_event_loop(self.loop) - self.addCleanup(asyncio.set_event_loop, None) -+ with self.assertWarns(DeprecationWarning) as cm: -+ f = self._new_future() -+ self.assertEqual(cm.warnings[0].filename, __file__) -- f = self._new_future() - self.assertIs(f._loop, self.loop) - self.assertIs(f.get_loop(), self.loop) - -@@ -495,8 +499,10 @@ - return (arg, threading.get_ident()) - ex = concurrent.futures.ThreadPoolExecutor(1) - f1 = ex.submit(run, 'oi') -+ with self.assertWarns(DeprecationWarning) as cm: -+ with self.assertRaises(RuntimeError): -+ asyncio.wrap_future(f1) -+ self.assertEqual(cm.warnings[0].filename, __file__) -- with self.assertRaisesRegex(RuntimeError, 'no current event loop'): -- asyncio.wrap_future(f1) - ex.shutdown(wait=True) - - def test_wrap_future_use_running_loop(self): -@@ -511,14 +517,16 @@ - ex.shutdown(wait=True) - - def test_wrap_future_use_global_loop(self): -+ # Deprecated in 3.10 -- # Deprecated in 3.10, undeprecated in 3.11.1 - asyncio.set_event_loop(self.loop) - self.addCleanup(asyncio.set_event_loop, None) - def run(arg): - return (arg, threading.get_ident()) - ex = concurrent.futures.ThreadPoolExecutor(1) - f1 = ex.submit(run, 'oi') -+ with self.assertWarns(DeprecationWarning) as cm: -+ f2 = asyncio.wrap_future(f1) -+ self.assertEqual(cm.warnings[0].filename, __file__) -- f2 = asyncio.wrap_future(f1) - self.assertIs(self.loop, f2._loop) - ex.shutdown(wait=True) - -reverted: ---- b/Lib/test/test_asyncio/test_streams.py -+++ a/Lib/test/test_asyncio/test_streams.py -@@ -747,8 +747,10 @@ - self.assertEqual(data, b'data') - - def test_streamreader_constructor_without_loop(self): -+ with self.assertWarns(DeprecationWarning) as cm: -+ with self.assertRaisesRegex(RuntimeError, 'There is no current event loop'): -+ asyncio.StreamReader() -+ self.assertEqual(cm.warnings[0].filename, __file__) -- with self.assertRaisesRegex(RuntimeError, 'no current event loop'): -- asyncio.StreamReader() - - def test_streamreader_constructor_use_running_loop(self): - # asyncio issue #184: Ensure that StreamReaderProtocol constructor -@@ -762,17 +764,21 @@ - def test_streamreader_constructor_use_global_loop(self): - # asyncio issue #184: Ensure that StreamReaderProtocol constructor - # retrieves the current loop if the loop parameter is not set -+ # Deprecated in 3.10 -- # Deprecated in 3.10, undeprecated in 3.11.1 - self.addCleanup(asyncio.set_event_loop, None) - asyncio.set_event_loop(self.loop) -+ with self.assertWarns(DeprecationWarning) as cm: -+ reader = asyncio.StreamReader() -+ self.assertEqual(cm.warnings[0].filename, __file__) -- reader = asyncio.StreamReader() - self.assertIs(reader._loop, self.loop) - - - def test_streamreaderprotocol_constructor_without_loop(self): - reader = mock.Mock() -+ with self.assertWarns(DeprecationWarning) as cm: -+ with self.assertRaisesRegex(RuntimeError, 'There is no current event loop'): -+ asyncio.StreamReaderProtocol(reader) -+ self.assertEqual(cm.warnings[0].filename, __file__) -- with self.assertRaisesRegex(RuntimeError, 'no current event loop'): -- asyncio.StreamReaderProtocol(reader) - - def test_streamreaderprotocol_constructor_use_running_loop(self): - # asyncio issue #184: Ensure that StreamReaderProtocol constructor -@@ -786,11 +792,13 @@ - def test_streamreaderprotocol_constructor_use_global_loop(self): - # asyncio issue #184: Ensure that StreamReaderProtocol constructor - # retrieves the current loop if the loop parameter is not set -+ # Deprecated in 3.10 -- # Deprecated in 3.10, undeprecated in 3.11.1 - self.addCleanup(asyncio.set_event_loop, None) - asyncio.set_event_loop(self.loop) - reader = mock.Mock() -+ with self.assertWarns(DeprecationWarning) as cm: -+ protocol = asyncio.StreamReaderProtocol(reader) -+ self.assertEqual(cm.warnings[0].filename, __file__) -- protocol = asyncio.StreamReaderProtocol(reader) - self.assertIs(protocol._loop, self.loop) - - def test_multiple_drain(self): -reverted: ---- b/Lib/test/test_asyncio/test_tasks.py -+++ a/Lib/test/test_asyncio/test_tasks.py -@@ -210,8 +210,10 @@ - - a = notmuch() - self.addCleanup(a.close) -+ with self.assertWarns(DeprecationWarning) as cm: -+ with self.assertRaisesRegex(RuntimeError, 'There is no current event loop'): -+ asyncio.ensure_future(a) -+ self.assertEqual(cm.warnings[0].filename, __file__) -- with self.assertRaisesRegex(RuntimeError, 'no current event loop'): -- asyncio.ensure_future(a) - - async def test(): - return asyncio.ensure_future(notmuch()) -@@ -221,10 +223,12 @@ - self.assertTrue(t.done()) - self.assertEqual(t.result(), 'ok') - -+ # Deprecated in 3.10 -- # Deprecated in 3.10.0, undeprecated in 3.10.9 - asyncio.set_event_loop(self.loop) - self.addCleanup(asyncio.set_event_loop, None) -+ with self.assertWarns(DeprecationWarning) as cm: -+ t = asyncio.ensure_future(notmuch()) -+ self.assertEqual(cm.warnings[0].filename, __file__) -- t = asyncio.ensure_future(notmuch()) - self.assertIs(t._loop, self.loop) - self.loop.run_until_complete(t) - self.assertTrue(t.done()) -@@ -243,8 +247,10 @@ - - a = notmuch() - self.addCleanup(a.close) -+ with self.assertWarns(DeprecationWarning) as cm: -+ with self.assertRaisesRegex(RuntimeError, 'There is no current event loop'): -+ asyncio.ensure_future(a) -+ self.assertEqual(cm.warnings[0].filename, __file__) -- with self.assertRaisesRegex(RuntimeError, 'There is no current event loop'): -- asyncio.ensure_future(a) - - async def test(): - return asyncio.ensure_future(notmuch()) -@@ -254,10 +260,12 @@ - self.assertTrue(t.done()) - self.assertEqual(t.result(), 'ok') - -+ # Deprecated in 3.10 -- # Deprecated in 3.10.0, undeprecated in 3.10.9 - asyncio.set_event_loop(self.loop) - self.addCleanup(asyncio.set_event_loop, None) -+ with self.assertWarns(DeprecationWarning) as cm: -+ t = asyncio.ensure_future(notmuch()) -+ self.assertEqual(cm.warnings[0].filename, __file__) -- t = asyncio.ensure_future(notmuch()) - self.assertIs(t._loop, self.loop) - self.loop.run_until_complete(t) - self.assertTrue(t.done()) -@@ -1480,8 +1488,10 @@ - self.addCleanup(a.close) - - futs = asyncio.as_completed([a]) -+ with self.assertWarns(DeprecationWarning) as cm: -+ with self.assertRaisesRegex(RuntimeError, 'There is no current event loop'): -+ list(futs) -+ self.assertEqual(cm.warnings[0].filename, __file__) -- with self.assertRaisesRegex(RuntimeError, 'no current event loop'): -- list(futs) - - def test_as_completed_coroutine_use_running_loop(self): - loop = self.new_test_loop() -@@ -1497,14 +1507,17 @@ - loop.run_until_complete(test()) - - def test_as_completed_coroutine_use_global_loop(self): -+ # Deprecated in 3.10 -- # Deprecated in 3.10.0, undeprecated in 3.10.9 - async def coro(): - return 42 - - loop = self.new_test_loop() - asyncio.set_event_loop(loop) - self.addCleanup(asyncio.set_event_loop, None) -+ futs = asyncio.as_completed([coro()]) -+ with self.assertWarns(DeprecationWarning) as cm: -+ futs = list(futs) -+ self.assertEqual(cm.warnings[0].filename, __file__) -- futs = list(asyncio.as_completed([coro()])) - self.assertEqual(len(futs), 1) - self.assertEqual(loop.run_until_complete(futs[0]), 42) - -@@ -1974,8 +1987,10 @@ - - inner = coro() - self.addCleanup(inner.close) -+ with self.assertWarns(DeprecationWarning) as cm: -+ with self.assertRaisesRegex(RuntimeError, 'There is no current event loop'): -+ asyncio.shield(inner) -+ self.assertEqual(cm.warnings[0].filename, __file__) -- with self.assertRaisesRegex(RuntimeError, 'no current event loop'): -- asyncio.shield(inner) - - def test_shield_coroutine_use_running_loop(self): - async def coro(): -@@ -1989,13 +2004,15 @@ - self.assertEqual(res, 42) - - def test_shield_coroutine_use_global_loop(self): -+ # Deprecated in 3.10 -- # Deprecated in 3.10.0, undeprecated in 3.10.9 - async def coro(): - return 42 - - asyncio.set_event_loop(self.loop) - self.addCleanup(asyncio.set_event_loop, None) -+ with self.assertWarns(DeprecationWarning) as cm: -+ outer = asyncio.shield(coro()) -+ self.assertEqual(cm.warnings[0].filename, __file__) -- outer = asyncio.shield(coro()) - self.assertEqual(outer._loop, self.loop) - res = self.loop.run_until_complete(outer) - self.assertEqual(res, 42) -@@ -2933,7 +2950,7 @@ - self.assertIsNone(asyncio.current_task(loop=self.loop)) - - def test_current_task_no_running_loop_implicit(self): -+ with self.assertRaises(RuntimeError): -- with self.assertRaisesRegex(RuntimeError, 'no running event loop'): - asyncio.current_task() - - def test_current_task_with_implicit_loop(self): -@@ -3097,8 +3114,10 @@ - return asyncio.gather(*args, **kwargs) - - def test_constructor_empty_sequence_without_loop(self): -+ with self.assertWarns(DeprecationWarning) as cm: -+ with self.assertRaises(RuntimeError): -+ asyncio.gather() -+ self.assertEqual(cm.warnings[0].filename, __file__) -- with self.assertRaisesRegex(RuntimeError, 'no current event loop'): -- asyncio.gather() - - def test_constructor_empty_sequence_use_running_loop(self): - async def gather(): -@@ -3111,10 +3130,12 @@ - self.assertEqual(fut.result(), []) - - def test_constructor_empty_sequence_use_global_loop(self): -+ # Deprecated in 3.10 -- # Deprecated in 3.10.0, undeprecated in 3.10.9 - asyncio.set_event_loop(self.one_loop) - self.addCleanup(asyncio.set_event_loop, None) -+ with self.assertWarns(DeprecationWarning) as cm: -+ fut = asyncio.gather() -+ self.assertEqual(cm.warnings[0].filename, __file__) -- fut = asyncio.gather() - self.assertIsInstance(fut, asyncio.Future) - self.assertIs(fut._loop, self.one_loop) - self._run_loop(self.one_loop) -@@ -3202,8 +3223,10 @@ - self.addCleanup(gen1.close) - gen2 = coro() - self.addCleanup(gen2.close) -+ with self.assertWarns(DeprecationWarning) as cm: -+ with self.assertRaises(RuntimeError): -+ asyncio.gather(gen1, gen2) -+ self.assertEqual(cm.warnings[0].filename, __file__) -- with self.assertRaisesRegex(RuntimeError, 'no current event loop'): -- asyncio.gather(gen1, gen2) - - def test_constructor_use_running_loop(self): - async def coro(): -@@ -3217,14 +3240,16 @@ - self.one_loop.run_until_complete(fut) - - def test_constructor_use_global_loop(self): -+ # Deprecated in 3.10 -- # Deprecated in 3.10.0, undeprecated in 3.10.9 - async def coro(): - return 'abc' - asyncio.set_event_loop(self.other_loop) - self.addCleanup(asyncio.set_event_loop, None) - gen1 = coro() - gen2 = coro() -+ with self.assertWarns(DeprecationWarning) as cm: -+ fut = asyncio.gather(gen1, gen2) -+ self.assertEqual(cm.warnings[0].filename, __file__) -- fut = asyncio.gather(gen1, gen2) - self.assertIs(fut._loop, self.other_loop) - self.other_loop.run_until_complete(fut) - -reverted: ---- b/Lib/test/test_asyncio/test_unix_events.py -+++ a/Lib/test/test_asyncio/test_unix_events.py -@@ -1740,8 +1740,7 @@ - - def test_child_watcher_replace_mainloop_existing(self): - policy = self.create_policy() -+ loop = policy.get_event_loop() -- loop = policy.new_event_loop() -- policy.set_event_loop(loop) - - # Explicitly setup SafeChildWatcher, - # default ThreadedChildWatcher has no _loop property -reverted: ---- b/Lib/test/test_coroutines.py -+++ a/Lib/test/test_coroutines.py -@@ -2319,8 +2319,7 @@ - def test_unawaited_warning_during_shutdown(self): - code = ("import asyncio\n" - "async def f(): pass\n" -+ "asyncio.gather(f())\n") -- "async def t(): asyncio.gather(f())\n" -- "asyncio.run(t())\n") - assert_python_ok("-c", code) - - code = ("import sys\n" -reverted: ---- b/Modules/_asynciomodule.c -+++ a/Modules/_asynciomodule.c -@@ -332,6 +332,13 @@ - return loop; - } - -+ if (PyErr_WarnEx(PyExc_DeprecationWarning, -+ "There is no current event loop", -+ stacklevel)) -+ { -+ return NULL; -+ } -+ - policy = PyObject_CallNoArgs(asyncio_get_event_loop_policy); - if (policy == NULL) { - return NULL; -@@ -3085,11 +3092,6 @@ - return get_event_loop(1); - } - --// This internal method is going away in Python 3.12, left here only for --// backwards compatibility with 3.10.0 - 3.10.8 and 3.11.0. --// Similarly, this method's Python equivalent in asyncio.events is going --// away as well. --// See GH-99949 for more details. - /*[clinic input] - _asyncio._get_event_loop - stacklevel: int = 3 diff --git a/pkgs/development/interpreters/python/cpython/default.nix b/pkgs/development/interpreters/python/cpython/default.nix index 716dcbe97bd0..ec5d21416dab 100644 --- a/pkgs/development/interpreters/python/cpython/default.nix +++ b/pkgs/development/interpreters/python/cpython/default.nix @@ -243,19 +243,7 @@ in with passthru; stdenv.mkDerivation (finalAttrs: { substituteInPlace setup.py --replace-fail /Library/Frameworks /no-such-path ''; - patches = optionals (version == "3.10.9") [ - # https://github.com/python/cpython/issues/100160 - ./3.10/asyncio-deprecation.patch - ] ++ optionals (version == "3.11.1") [ - # https://github.com/python/cpython/issues/100160 - (fetchpatch { - name = "asyncio-deprecation-3.11.patch"; - url = "https://github.com/python/cpython/commit/3fae04b10e2655a20a3aadb5e0d63e87206d0c67.diff"; - revert = true; - excludes = [ "Misc/NEWS.d/*" ]; - hash = "sha256-PmkXf2D9trtW1gXZilRIWgdg2Y47JfELq1z4DuG3wJY="; - }) - ] ++ [ + patches = [ # Disable the use of ldconfig in ctypes.util.find_library (since # ldconfig doesn't work on NixOS), and don't use # ctypes.util.find_library during the loading of the uuid module @@ -341,7 +329,6 @@ in with passthru; stdenv.mkDerivation (finalAttrs: { configureFlags = [ "--without-ensurepip" "--with-system-expat" - "--with-system-ffi" ] ++ optionals (!static && !enableFramework) [ "--enable-shared" ] ++ optionals enableFramework [ @@ -350,9 +337,6 @@ in with passthru; stdenv.mkDerivation (finalAttrs: { "--enable-optimizations" ] ++ optionals enableLTO [ "--with-lto" - ] ++ optionals (pythonOlder "3.7") [ - # This is unconditionally true starting in CPython 3.7. - "--with-threads" ] ++ optionals (sqlite != null && isPy3k) [ "--enable-loadable-sqlite-extensions" ] ++ optionals (openssl != null) [ @@ -404,10 +388,6 @@ in with passthru; stdenv.mkDerivation (finalAttrs: { '' + optionalString (stdenv.isDarwin && x11Support && pythonAtLeast "3.11") '' export TCLTK_LIBS="-L${tcl}/lib -L${tk}/lib -l${tcl.libPrefix} -l${tk.libPrefix}" export TCLTK_CFLAGS="-I${tcl}/include -I${tk}/include" - '' + optionalString (isPy3k && pythonOlder "3.7") '' - # Determinism: The interpreter is patched to write null timestamps when compiling Python files - # so Python doesn't try to update the bytecode when seeing frozen timestamps in Nix's store. - export DETERMINISTIC_BUILD=1; '' + optionalString stdenv.hostPlatform.isMusl '' export NIX_CFLAGS_COMPILE+=" -DTHREAD_STACK_SIZE=0x100000" '' + @@ -478,9 +458,6 @@ in with passthru; stdenv.mkDerivation (finalAttrs: { # This allows build Python to import host Python's sysconfigdata mkdir -p "$out/${sitePackages}" ln -s "$out/lib/${libPrefix}/"_sysconfigdata*.py "$out/${sitePackages}/" - '' + lib.optionalString (pythonOlder "3.8") '' - # This is gone in Python >= 3.8 - ln -s "$out/include/${executable}m" "$out/include/${executable}" '' + optionalString stripConfig '' rm -R $out/bin/python*-config $out/lib/python*/config-* '' + optionalString stripIdlelib '' From 2d6fa6f35d8a880eb37349f103db7e87742c7292 Mon Sep 17 00:00:00 2001 From: Martin Weinelt Date: Wed, 31 Jan 2024 03:48:41 +0100 Subject: [PATCH 177/212] cpython: refactor & clean up - group dependencies logically - remove `? null` fallback value - remove redundant isPy3k conditions - remove overly broad `with lib` import - more assertion messages - move python310 out of sources attrset --- .../interpreters/python/cpython/default.nix | 197 +++++++++++------- .../interpreters/python/default.nix | 23 +- 2 files changed, 137 insertions(+), 83 deletions(-) diff --git a/pkgs/development/interpreters/python/cpython/default.nix b/pkgs/development/interpreters/python/cpython/default.nix index ec5d21416dab..ed507e3baf9c 100644 --- a/pkgs/development/interpreters/python/cpython/default.nix +++ b/pkgs/development/interpreters/python/cpython/default.nix @@ -1,39 +1,54 @@ -{ lib, stdenv, fetchurl, fetchpatch, fetchgit +{ lib +, stdenv +, fetchurl +, fetchpatch +, fetchgit + +# build dependencies +, autoconf-archive +, autoreconfHook +, nukeReferences +, pkg-config +, python-setup-hook + +# runtime dependencies , bzip2 , expat , libffi -, gdbm -, xz -, mailcap, mimetypesSupport ? true +, libxcrypt , ncurses , openssl -, readline , sqlite -, tcl ? null, tk ? null, tix ? null, libX11 ? null, xorgproto ? null, x11Support ? false -, bluez ? null, bluezSupport ? false +, xz , zlib -, tzdata ? null -, libxcrypt -, self + +# platform-specific dependencies +, bash , configd , darwin , windows -, autoreconfHook -, autoconf-archive -, pkg-config -, python-setup-hook -, nukeReferences -# For the Python package set -, packageOverrides ? (self: super: {}) + +# optional dependencies +, bluezSupport ? false, bluez +, mimetypesSupport ? true, mailcap +, tzdata +, withGdbm ? !stdenv.hostPlatform.isWindows, gdbm +, withReadline ? !stdenv.hostPlatform.isWindows, readline +, x11Support ? false, tcl, tk, tix, libX11, xorgproto + +# splicing/cross +, pythonAttr ? "python${sourceVersion.major}${sourceVersion.minor}" +, self , pkgsBuildBuild , pkgsBuildHost , pkgsBuildTarget , pkgsHostHost , pkgsTargetTarget + +# build customization , sourceVersion , hash , passthruFun -, bash , stripConfig ? false , stripIdlelib ? false , stripTests ? false @@ -43,21 +58,28 @@ , includeSiteCustomize ? true , static ? stdenv.hostPlatform.isStatic , enableFramework ? false +, noldconfigPatch ? ./. + "/${sourceVersion.major}.${sourceVersion.minor}/no-ldconfig.patch" + +# pgo (not reproducible) + -fno-semantic-interposition +# https://docs.python.org/3/using/configure.html#cmdoption-enable-optimizations , enableOptimizations ? false -# these dont build for windows -, withGdbm ? !stdenv.hostPlatform.isWindows -, withReadline ? !stdenv.hostPlatform.isWindows -# enableNoSemanticInterposition is a subset of the enableOptimizations flag that doesn't harm reproducibility. -# clang starts supporting `-fno-sematic-interposition` with version 10 -, enableNoSemanticInterposition ? (!stdenv.cc.isClang || (stdenv.cc.isClang && lib.versionAtLeast stdenv.cc.version "10")) -# enableLTO is a subset of the enableOptimizations flag that doesn't harm reproducibility. + +# improves performance, but remains reproducible +, enableNoSemanticInterposition ? true + # enabling LTO on 32bit arch causes downstream packages to fail when linking # enabling LTO on *-darwin causes python3 to fail when linking. , enableLTO ? stdenv.is64bit && stdenv.isLinux + +# enable asserts to ensure the build remains reproducible , reproducibleBuild ? false -, pythonAttr ? "python${sourceVersion.major}${sourceVersion.minor}" -, noldconfigPatch ? ./. + "/${sourceVersion.major}.${sourceVersion.minor}/no-ldconfig.patch" + +# for the Python package set +, packageOverrides ? (self: super: {}) + +# tests , testers + } @ inputs: # Note: this package is used for bootstrapping fetchurl, and thus @@ -72,7 +94,11 @@ assert x11Support -> tcl != null assert bluezSupport -> bluez != null; -assert enableFramework -> stdenv.isDarwin; +assert lib.assertMsg (bluezSupport -> stdenv.isLinux) + "Bluez support is only available on Linux."; + +assert lib.assertMsg (enableFramework -> stdenv.isDarwin) + "Framework builds are only supported on Darwin."; assert lib.assertMsg (reproducibleBuild -> stripBytecode) "Deterministic builds require stripping bytecode."; @@ -83,14 +109,21 @@ assert lib.assertMsg (reproducibleBuild -> (!enableOptimizations)) assert lib.assertMsg (reproducibleBuild -> (!rebuildBytecode)) "Deterministic builds are not achieved when (default unoptimized) bytecode is created."; -with lib; - let + inherit (lib) + concatMapStringsSep + concatStringsSep + getDev + getLib + optionals + optionalString + replaceStrings + versionOlder + ; + buildPackages = pkgsBuildHost; inherit (passthru) pythonOnBuildForHost; - inherit (darwin.apple_sdk.frameworks) Cocoa; - tzdataSupport = tzdata != null && passthru.pythonAtLeast "3.9"; passthru = let @@ -114,12 +147,12 @@ let version = with sourceVersion; "${major}.${minor}.${patch}${suffix}"; - nativeBuildInputs = optionals (!stdenv.isDarwin) [ + nativeBuildInputs = [ + nukeReferences + ] ++ optionals (!stdenv.isDarwin) [ + autoconf-archive # needed for AX_CHECK_COMPILE_FLAG autoreconfHook pkg-config - autoconf-archive # needed for AX_CHECK_COMPILE_FLAG - ] ++ [ - nukeReferences ] ++ optionals (stdenv.hostPlatform != stdenv.buildPlatform) [ buildPackages.stdenv.cc pythonOnBuildForHost @@ -127,19 +160,37 @@ let stdenv.cc.cc.libllvm.out ]; - buildInputs = filter (p: p != null) ([ - zlib bzip2 expat xz libffi libxcrypt ] - ++ optional withGdbm gdbm - ++ [ sqlite ] - ++ optional withReadline readline - ++ [ ncurses openssl ] - ++ optionals x11Support [ tcl tk libX11 xorgproto ] - ++ optionals (bluezSupport && stdenv.isLinux) [ bluez ] - ++ optionals stdenv.isDarwin [ configd ]) - - ++ optionals enableFramework [ Cocoa ] - ++ optionals stdenv.hostPlatform.isMinGW [ windows.mingw_w64_pthreads windows.dlfcn ] - ++ optionals tzdataSupport [ tzdata ]; # `zoneinfo` module + buildInputs = lib.filter (p: p != null) ([ + bzip2 + expat + libffi + libxcrypt + ncurses + openssl + sqlite + xz + zlib + ] ++ optionals bluezSupport [ + bluez + ] ++ optionals enableFramework [ + darwin.apple_sdk.frameworks.Cocoa + ] ++ optionals stdenv.hostPlatform.isMinGW [ + windows.dlfcn + windows.mingw_w64_pthreads + ] ++ optionals stdenv.isDarwin [ + configd + ] ++ optionals tzdataSupport [ + tzdata + ] ++ optionals withGdbm [ + gdbm + ] ++ optionals withReadline [ + readline + ] ++ optionals x11Support [ + libX11 + tcl + tk + xorgproto + ]); hasDistutilsCxxPatch = !(stdenv.cc.isGNU or false); @@ -202,7 +253,7 @@ let pythonAbi = nixpkgsPythonAbiMappings.${parsed.abi.name} or parsed.abi.name; in # Python <3.11 doesn't distinguish musl and glibc and always prefixes with "gnu" - if lib.versionOlder version "3.11" then + if versionOlder version "3.11" then replaceStrings [ "musl" ] [ "gnu" ] pythonAbi else pythonAbi; @@ -233,8 +284,9 @@ in with passthru; stdenv.mkDerivation (finalAttrs: { inherit src version; inherit nativeBuildInputs; - buildInputs = lib.optionals (!stdenv.hostPlatform.isWindows) [ bash ] ++ buildInputs; # bash is only used for patchShebangs - + buildInputs = lib.optionals (!stdenv.hostPlatform.isWindows) [ + bash # only required for patchShebangs + ] ++ buildInputs; prePatch = optionalString stdenv.isDarwin '' substituteInPlace configure --replace-fail '`/usr/bin/arch`' '"i386"' @@ -265,7 +317,7 @@ in with passthru; stdenv.mkDerivation (finalAttrs: { ] ++ optionals (pythonAtLeast "3.9" && pythonOlder "3.11" && stdenv.isDarwin) [ # Stop checking for TCL/TK in global macOS locations ./3.9/darwin-tcl-tk.patch - ] ++ optionals (isPy3k && hasDistutilsCxxPatch && pythonOlder "3.12") [ + ] ++ optionals (hasDistutilsCxxPatch && pythonOlder "3.12") [ # Fix for http://bugs.python.org/issue1222585 # Upstream distutils is calling C compiler to compile C++ code, which # only works for GCC and Apple Clang. This makes distutils to call C++ @@ -311,7 +363,9 @@ in with passthru; stdenv.mkDerivation (finalAttrs: { substituteInPlace Lib/mimetypes.py \ --replace-fail "@mime-types@" "${mailcap}" '' + optionalString (pythonOlder "3.13" && x11Support && (tix != null)) '' - substituteInPlace "Lib/tkinter/tix.py" --replace-fail "os.environ.get('TIX_LIBRARY')" "os.environ.get('TIX_LIBRARY') or '${tix}/lib'" + substituteInPlace "Lib/tkinter/tix.py" --replace-fail \ + "os.environ.get('TIX_LIBRARY')" \ + "os.environ.get('TIX_LIBRARY') or '${tix}/lib'" ''; env = { @@ -326,21 +380,26 @@ in with passthru; stdenv.mkDerivation (finalAttrs: { PYTHONHASHSEED=0; }; + # https://docs.python.org/3/using/configure.html configureFlags = [ "--without-ensurepip" "--with-system-expat" + ] ++ optionals (openssl != null) [ + "--with-openssl=${openssl.dev}" + ] ++ optionals tzdataSupport [ + "--with-tzpath=${tzdata}/share/zoneinfo" + ] ++ optionals (execSuffix != "") [ + "--with-suffix=${execSuffix}" + ] ++ optionals enableLTO [ + "--with-lto" ] ++ optionals (!static && !enableFramework) [ "--enable-shared" ] ++ optionals enableFramework [ "--enable-framework=${placeholder "out"}/Library/Frameworks" ] ++ optionals enableOptimizations [ "--enable-optimizations" - ] ++ optionals enableLTO [ - "--with-lto" - ] ++ optionals (sqlite != null && isPy3k) [ + ] ++ optionals (sqlite != null) [ "--enable-loadable-sqlite-extensions" - ] ++ optionals (openssl != null) [ - "--with-openssl=${openssl.dev}" ] ++ optionals (libxcrypt != null) [ "CFLAGS=-I${libxcrypt}/include" "LIBS=-L${libxcrypt}/lib" @@ -372,10 +431,9 @@ in with passthru; stdenv.mkDerivation (finalAttrs: { # Never even try to use lchmod on linux, # don't rely on detecting glibc-isms. "ac_cv_func_lchmod=no" - ] ++ optionals tzdataSupport [ - "--with-tzpath=${tzdata}/share/zoneinfo" - ] ++ optional static "LDFLAGS=-static" - ++ optional (execSuffix != "") "--with-suffix=${execSuffix}"; + ] ++ optionals static [ + "LDFLAGS=-static" + ]; preConfigure = optionalString (pythonOlder "3.12") '' # Improve purity @@ -471,7 +529,6 @@ in with passthru; stdenv.mkDerivation (finalAttrs: { '' + optionalString includeSiteCustomize '' # Include a sitecustomize.py file cp ${../sitecustomize.py} $out/${sitePackages}/sitecustomize.py - '' + optionalString stripBytecode '' # Determinism: deterministic bytecode # First we delete all old bytecode. @@ -529,9 +586,9 @@ in with passthru; stdenv.mkDerivation (finalAttrs: { # Enforce that we don't have references to the OpenSSL -dev package, which we # explicitly specify in our configure flags above. - disallowedReferences = - lib.optionals (openssl != null && !static && !enableFramework) [ openssl.dev ] - ++ lib.optionals (stdenv.hostPlatform != stdenv.buildPlatform) [ + disallowedReferences = lib.optionals (openssl != null && !static && !enableFramework) [ + openssl.dev + ] ++ lib.optionals (stdenv.hostPlatform != stdenv.buildPlatform) [ # Ensure we don't have references to build-time packages. # These typically end up in shebangs. pythonOnBuildForHost buildPackages.bash @@ -564,11 +621,11 @@ in with passthru; stdenv.mkDerivation (finalAttrs: { enableParallelBuilding = true; - meta = { + meta = with lib; { homepage = "https://www.python.org"; changelog = let - majorMinor = lib.versions.majorMinor version; - dashedVersion = lib.replaceStrings [ "." "a" ] [ "-" "-alpha-" ] version; + majorMinor = versions.majorMinor version; + dashedVersion = replaceStrings [ "." "a" ] [ "-" "-alpha-" ] version; in if sourceVersion.suffix == "" then "https://docs.python.org/release/${version}/whatsnew/changelog.html" diff --git a/pkgs/development/interpreters/python/default.nix b/pkgs/development/interpreters/python/default.nix index 7f60ba036c5f..1322673c1bc6 100644 --- a/pkgs/development/interpreters/python/default.nix +++ b/pkgs/development/interpreters/python/default.nix @@ -16,16 +16,6 @@ passthruFun = import ./passthrufun.nix args; sources = { - python310 = { - sourceVersion = { - major = "3"; - minor = "10"; - patch = "13"; - suffix = ""; - }; - hash = "sha256-XIiEhmhkDT4VKzW0U27xwjsspL0slX7x7LsFP1cd0/Y="; - }; - python311 = { sourceVersion = { major = "3"; @@ -78,11 +68,18 @@ in { inherit passthruFun; }; - python310 = callPackage ./cpython ({ + python310 = callPackage ./cpython { self = __splicedPackages.python310; + sourceVersion = { + major = "3"; + minor = "10"; + patch = "13"; + suffix = ""; + }; + hash = "sha256-XIiEhmhkDT4VKzW0U27xwjsspL0slX7x7LsFP1cd0/Y="; inherit (darwin) configd; inherit passthruFun; - } // sources.python310); + }; python311 = callPackage ./cpython ({ self = __splicedPackages.python311; @@ -125,8 +122,8 @@ in { readline = null; ncurses = null; gdbm = null; - sqlite = null; configd = null; + sqlite = null; tzdata = null; libffi = libffiBoot; # without test suite stripConfig = true; From 9b516e4288f09374e1426e4ec0a606169db1d52b Mon Sep 17 00:00:00 2001 From: Martin Weinelt Date: Wed, 31 Jan 2024 04:07:48 +0100 Subject: [PATCH 178/212] cpython: build with our own libmpdecimal --- pkgs/development/interpreters/python/cpython/default.nix | 3 +++ 1 file changed, 3 insertions(+) diff --git a/pkgs/development/interpreters/python/cpython/default.nix b/pkgs/development/interpreters/python/cpython/default.nix index ed507e3baf9c..aa7f25ead9cd 100644 --- a/pkgs/development/interpreters/python/cpython/default.nix +++ b/pkgs/development/interpreters/python/cpython/default.nix @@ -16,6 +16,7 @@ , expat , libffi , libxcrypt +, mpdecimal , ncurses , openssl , sqlite @@ -165,6 +166,7 @@ let expat libffi libxcrypt + mpdecimal ncurses openssl sqlite @@ -384,6 +386,7 @@ in with passthru; stdenv.mkDerivation (finalAttrs: { configureFlags = [ "--without-ensurepip" "--with-system-expat" + "--with-system-libmpdec" ] ++ optionals (openssl != null) [ "--with-openssl=${openssl.dev}" ] ++ optionals tzdataSupport [ From c819f1aef8afdce200d1f38283e0f10d489bfcaa Mon Sep 17 00:00:00 2001 From: jopejoe1 Date: Fri, 2 Feb 2024 13:00:36 +0100 Subject: [PATCH 179/212] ffmpeg: add jopejoe1 as maintainer --- pkgs/development/libraries/ffmpeg/generic.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/pkgs/development/libraries/ffmpeg/generic.nix b/pkgs/development/libraries/ffmpeg/generic.nix index ab77c9be9271..89893d32ef5d 100644 --- a/pkgs/development/libraries/ffmpeg/generic.nix +++ b/pkgs/development/libraries/ffmpeg/generic.nix @@ -726,7 +726,7 @@ stdenv.mkDerivation (finalAttrs: { ++ optional (withGPL && withUnfree) unfree; pkgConfigModules = [ "libavutil" ]; platforms = platforms.all; - maintainers = with maintainers; [ atemu arthsmn ]; + maintainers = with maintainers; [ atemu arthsmn jopejoe1 ]; mainProgram = "ffmpeg"; }; }) From 457e32ecef99f0ca220dd4dede97f8180e0a3ab9 Mon Sep 17 00:00:00 2001 From: Martin Weinelt Date: Fri, 2 Feb 2024 18:31:33 +0100 Subject: [PATCH 180/212] python311Packages.cryptography: 41.0.7 -> 42.0.2 https://cryptography.io/en/latest/changelog/#v42-0-2 --- .../python-modules/cryptography/default.nix | 22 +++++++------------ .../python-modules/cryptography/vectors.nix | 6 ++--- 2 files changed, 11 insertions(+), 17 deletions(-) diff --git a/pkgs/development/python-modules/cryptography/default.nix b/pkgs/development/python-modules/cryptography/default.nix index 770561126fb3..4d30630759bb 100644 --- a/pkgs/development/python-modules/cryptography/default.nix +++ b/pkgs/development/python-modules/cryptography/default.nix @@ -3,22 +3,19 @@ , buildPythonPackage , callPackage , cargo +, certifi , cffi , cryptography-vectors ? (callPackage ./vectors.nix { }) , fetchPypi -, hypothesis -, iso8601 , isPyPy , libiconv , libxcrypt , openssl , pkg-config , pretend -, py -, pytest-subtests +, pytest-xdist , pytestCheckHook , pythonOlder -, pytz , rustc , rustPlatform , Security @@ -27,26 +24,26 @@ buildPythonPackage rec { pname = "cryptography"; - version = "41.0.7"; # Also update the hash in vectors.nix + version = "42.0.2"; # Also update the hash in vectors.nix pyproject = true; disabled = pythonOlder "3.7"; src = fetchPypi { inherit pname version; - hash = "sha256-E/k86b6oAWwlOzSvxr1qdZk+XEBnLtVAWpyDLw1KALw="; + hash = "sha256-4OxSujx/G32BPNUmSaWz7x/A1DMhncjJOCfFfqts+Ig="; }; cargoDeps = rustPlatform.fetchCargoTarball { inherit src; sourceRoot = "${pname}-${version}/${cargoRoot}"; name = "${pname}-${version}"; - hash = "sha256-VeZhKisCPDRvmSjGNwCgJJeVj65BZ0Ge+yvXbZw86Rw="; + hash = "sha256-jw/FC5rQO77h6omtBp0Nc2oitkVbNElbkBUduyprTIc="; }; postPatch = '' substituteInPlace pyproject.toml \ - --replace "--benchmark-disable" "" + --replace-fail "--benchmark-disable" "" ''; cargoRoot = "src/rust"; @@ -75,14 +72,11 @@ buildPythonPackage rec { ]; nativeCheckInputs = [ + certifi cryptography-vectors - hypothesis - iso8601 pretend - py pytestCheckHook - pytest-subtests - pytz + pytest-xdist ]; pytestFlagsArray = [ diff --git a/pkgs/development/python-modules/cryptography/vectors.nix b/pkgs/development/python-modules/cryptography/vectors.nix index c02e4d3bcf7e..a5654de86cbb 100644 --- a/pkgs/development/python-modules/cryptography/vectors.nix +++ b/pkgs/development/python-modules/cryptography/vectors.nix @@ -2,7 +2,7 @@ , buildPythonPackage , fetchPypi , cryptography -, setuptools +, flit-core }: buildPythonPackage rec { @@ -14,11 +14,11 @@ buildPythonPackage rec { src = fetchPypi { pname = "cryptography_vectors"; inherit version; - hash = "sha256-ezb5drbljMGAExDhyTxYTGU503Haf4U47dj8Rj3IDVs="; + hash = "sha256-rc3M9dnuZhqWAq0h0lJfZ4ugem52jOeYNZlOIIurDhY="; }; nativeBuildInputs = [ - setuptools + flit-core ]; # No tests included From 419620998d8d4e101ff9545520448179751c23a8 Mon Sep 17 00:00:00 2001 From: Martin Weinelt Date: Fri, 2 Feb 2024 19:12:09 +0100 Subject: [PATCH 181/212] python311Packages.pytest: 7.4.3 -> 7.4.4 https://github.com/pytest-dev/pytest/releases/tag/7.4.4 --- pkgs/development/python-modules/pytest/default.nix | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/pkgs/development/python-modules/pytest/default.nix b/pkgs/development/python-modules/pytest/default.nix index 67fb6989df01..88398d5ab438 100644 --- a/pkgs/development/python-modules/pytest/default.nix +++ b/pkgs/development/python-modules/pytest/default.nix @@ -29,12 +29,12 @@ buildPythonPackage rec { pname = "pytest"; - version = "7.4.3"; + version = "7.4.4"; pyproject = true; src = fetchPypi { inherit pname version; - hash = "sha256-2YnRNpgt5OOynavMg4rVgcZOjtUsEfvobd69naCBjNU="; + hash = "sha256-LPAAWSLGrOSj4uyLQIDrDZdT/ckxB0FTMvUM6eeZQoA="; }; outputs = [ From d4bb178c916d59b4ef6186aa1d5062c379dae89f Mon Sep 17 00:00:00 2001 From: Weijia Wang <9713184+wegank@users.noreply.github.com> Date: Thu, 1 Feb 2024 23:55:48 +0100 Subject: [PATCH 182/212] libjpeg_turbo: add mingw support This commit splits the patch on transupp.c in two, as the part about weak attributes is not applicable to MinGW. Part of a greater effort to get qtbase and qtmultimedia cross compiling for Windows. Co-authored-by: Sean Link --- ...le-transupp.c-as-part-of-the-library.patch | 72 +---------------- ...-exported-symbols-in-transupp.c-weak.patch | 81 +++++++++++++++++++ .../libraries/libjpeg-turbo/default.nix | 10 ++- 3 files changed, 89 insertions(+), 74 deletions(-) create mode 100644 pkgs/development/libraries/libjpeg-turbo/0002-Make-exported-symbols-in-transupp.c-weak.patch diff --git a/pkgs/development/libraries/libjpeg-turbo/0001-Compile-transupp.c-as-part-of-the-library.patch b/pkgs/development/libraries/libjpeg-turbo/0001-Compile-transupp.c-as-part-of-the-library.patch index 4e303c3fc9d6..775315018064 100644 --- a/pkgs/development/libraries/libjpeg-turbo/0001-Compile-transupp.c-as-part-of-the-library.patch +++ b/pkgs/development/libraries/libjpeg-turbo/0001-Compile-transupp.c-as-part-of-the-library.patch @@ -3,12 +3,9 @@ From: Las Date: Sun, 3 Jan 2021 18:35:37 +0000 Subject: [PATCH] Compile transupp.c as part of the library -The exported symbols are made weak to not conflict with users -of the library that already vendor this functionality. --- CMakeLists.txt | 4 ++-- - transupp.c | 14 +++++++------- - 2 files changed, 9 insertions(+), 9 deletions(-) + 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/CMakeLists.txt b/CMakeLists.txt index adb0ca45..46fc16dd 100644 @@ -32,73 +29,6 @@ index adb0ca45..46fc16dd 100644 DESTINATION ${CMAKE_INSTALL_INCLUDEDIR}) include(cmakescripts/BuildPackages.cmake) -diff --git a/transupp.c b/transupp.c -index 34fbb371..c0ade5a9 100644 ---- a/transupp.c -+++ b/transupp.c -@@ -1388,7 +1388,7 @@ jt_read_integer(const char **strptr, JDIMENSION *result) - * This code is loosely based on XParseGeometry from the X11 distribution. - */ - --GLOBAL(boolean) -+GLOBAL(boolean) __attribute__((weak)) - jtransform_parse_crop_spec(jpeg_transform_info *info, const char *spec) - { - info->crop = FALSE; -@@ -1488,7 +1488,7 @@ trim_bottom_edge(jpeg_transform_info *info, JDIMENSION full_height) - * and transformation is not perfect. Otherwise returns TRUE. - */ - --GLOBAL(boolean) -+GLOBAL(boolean) __attribute__((weak)) - jtransform_request_workspace(j_decompress_ptr srcinfo, - jpeg_transform_info *info) - { -@@ -2035,7 +2035,7 @@ adjust_exif_parameters(JOCTET *data, unsigned int length, JDIMENSION new_width, - * to jpeg_write_coefficients(). - */ - --GLOBAL(jvirt_barray_ptr *) -+GLOBAL(jvirt_barray_ptr *) __attribute__((weak)) - jtransform_adjust_parameters(j_decompress_ptr srcinfo, j_compress_ptr dstinfo, - jvirt_barray_ptr *src_coef_arrays, - jpeg_transform_info *info) -@@ -2154,7 +2154,7 @@ jtransform_adjust_parameters(j_decompress_ptr srcinfo, j_compress_ptr dstinfo, - * Note that some transformations will modify the source data arrays! - */ - --GLOBAL(void) -+GLOBAL(void) __attribute__((weak)) - jtransform_execute_transform(j_decompress_ptr srcinfo, j_compress_ptr dstinfo, - jvirt_barray_ptr *src_coef_arrays, - jpeg_transform_info *info) -@@ -2266,7 +2266,7 @@ jtransform_execute_transform(j_decompress_ptr srcinfo, j_compress_ptr dstinfo, - * (may use custom action then) - */ - --GLOBAL(boolean) -+GLOBAL(boolean) __attribute__((weak)) - jtransform_perfect_transform(JDIMENSION image_width, JDIMENSION image_height, - int MCU_width, int MCU_height, - JXFORM_CODE transform) -@@ -2305,7 +2305,7 @@ jtransform_perfect_transform(JDIMENSION image_width, JDIMENSION image_height, - * This must be called before jpeg_read_header() to have the desired effect. - */ - --GLOBAL(void) -+GLOBAL(void) __attribute__((weak)) - jcopy_markers_setup(j_decompress_ptr srcinfo, JCOPY_OPTION option) - { - #ifdef SAVE_MARKERS_SUPPORTED -@@ -2337,7 +2337,7 @@ jcopy_markers_setup(j_decompress_ptr srcinfo, JCOPY_OPTION option) - * JFIF APP0 or Adobe APP14 markers if selected. - */ - --GLOBAL(void) -+GLOBAL(void) __attribute__((weak)) - jcopy_markers_execute(j_decompress_ptr srcinfo, j_compress_ptr dstinfo, - JCOPY_OPTION option) - { -- 2.43.0 diff --git a/pkgs/development/libraries/libjpeg-turbo/0002-Make-exported-symbols-in-transupp.c-weak.patch b/pkgs/development/libraries/libjpeg-turbo/0002-Make-exported-symbols-in-transupp.c-weak.patch new file mode 100644 index 000000000000..fc23b776312a --- /dev/null +++ b/pkgs/development/libraries/libjpeg-turbo/0002-Make-exported-symbols-in-transupp.c-weak.patch @@ -0,0 +1,81 @@ +From 6442d11617f95d13e2a371bd3e01f5082a9c356d Mon Sep 17 00:00:00 2001 +From: Las +Date: Sun, 3 Jan 2021 18:35:37 +0000 +Subject: [PATCH] Make exported symbols in transupp.c weak + +The exported symbols are made weak to not conflict with users +of the library that already vendor this functionality. +--- + transupp.c | 14 +++++++------- + 1 file changed, 7 insertions(+), 7 deletions(-) + +diff --git a/transupp.c b/transupp.c +index 34fbb371..c0ade5a9 100644 +--- a/transupp.c ++++ b/transupp.c +@@ -1388,7 +1388,7 @@ jt_read_integer(const char **strptr, JDIMENSION *result) + * This code is loosely based on XParseGeometry from the X11 distribution. + */ + +-GLOBAL(boolean) ++GLOBAL(boolean) __attribute__((weak)) + jtransform_parse_crop_spec(jpeg_transform_info *info, const char *spec) + { + info->crop = FALSE; +@@ -1488,7 +1488,7 @@ trim_bottom_edge(jpeg_transform_info *info, JDIMENSION full_height) + * and transformation is not perfect. Otherwise returns TRUE. + */ + +-GLOBAL(boolean) ++GLOBAL(boolean) __attribute__((weak)) + jtransform_request_workspace(j_decompress_ptr srcinfo, + jpeg_transform_info *info) + { +@@ -2035,7 +2035,7 @@ adjust_exif_parameters(JOCTET *data, unsigned int length, JDIMENSION new_width, + * to jpeg_write_coefficients(). + */ + +-GLOBAL(jvirt_barray_ptr *) ++GLOBAL(jvirt_barray_ptr *) __attribute__((weak)) + jtransform_adjust_parameters(j_decompress_ptr srcinfo, j_compress_ptr dstinfo, + jvirt_barray_ptr *src_coef_arrays, + jpeg_transform_info *info) +@@ -2154,7 +2154,7 @@ jtransform_adjust_parameters(j_decompress_ptr srcinfo, j_compress_ptr dstinfo, + * Note that some transformations will modify the source data arrays! + */ + +-GLOBAL(void) ++GLOBAL(void) __attribute__((weak)) + jtransform_execute_transform(j_decompress_ptr srcinfo, j_compress_ptr dstinfo, + jvirt_barray_ptr *src_coef_arrays, + jpeg_transform_info *info) +@@ -2266,7 +2266,7 @@ jtransform_execute_transform(j_decompress_ptr srcinfo, j_compress_ptr dstinfo, + * (may use custom action then) + */ + +-GLOBAL(boolean) ++GLOBAL(boolean) __attribute__((weak)) + jtransform_perfect_transform(JDIMENSION image_width, JDIMENSION image_height, + int MCU_width, int MCU_height, + JXFORM_CODE transform) +@@ -2305,7 +2305,7 @@ jtransform_perfect_transform(JDIMENSION image_width, JDIMENSION image_height, + * This must be called before jpeg_read_header() to have the desired effect. + */ + +-GLOBAL(void) ++GLOBAL(void) __attribute__((weak)) + jcopy_markers_setup(j_decompress_ptr srcinfo, JCOPY_OPTION option) + { + #ifdef SAVE_MARKERS_SUPPORTED +@@ -2337,7 +2337,7 @@ jcopy_markers_setup(j_decompress_ptr srcinfo, JCOPY_OPTION option) + * JFIF APP0 or Adobe APP14 markers if selected. + */ + +-GLOBAL(void) ++GLOBAL(void) __attribute__((weak)) + jcopy_markers_execute(j_decompress_ptr srcinfo, j_compress_ptr dstinfo, + JCOPY_OPTION option) + { +-- +2.43.0 + diff --git a/pkgs/development/libraries/libjpeg-turbo/default.nix b/pkgs/development/libraries/libjpeg-turbo/default.nix index fee28203663b..6d4c3face144 100644 --- a/pkgs/development/libraries/libjpeg-turbo/default.nix +++ b/pkgs/development/libraries/libjpeg-turbo/default.nix @@ -42,9 +42,13 @@ stdenv.mkDerivation (finalAttrs: { }; # This is needed by freeimage - patches = [ ./0001-Compile-transupp.c-as-part-of-the-library.patch ] - ++ lib.optional stdenv.hostPlatform.isMinGW - ./mingw-boolean.patch; + patches = [ + ./0001-Compile-transupp.c-as-part-of-the-library.patch + ] ++ lib.optionals (!stdenv.hostPlatform.isMinGW) [ + ./0002-Make-exported-symbols-in-transupp.c-weak.patch + ] ++ lib.optionals stdenv.hostPlatform.isMinGW [ + ./mingw-boolean.patch + ]; outputs = [ "bin" "dev" "dev_private" "out" "man" "doc" ]; From 3ae57dc64de3a43da1ad3bcf9c4086b1288e4cf3 Mon Sep 17 00:00:00 2001 From: K900 Date: Fri, 2 Feb 2024 22:47:04 +0300 Subject: [PATCH 183/212] pipewire: 1.0.2 -> 1.0.3 Diff: https://gitlab.freedesktop.org/pipewire/pipewire/-/compare/1.0.2...1.0.3 Changelog: https://gitlab.freedesktop.org/pipewire/pipewire/-/releases/24.05pre-git --- pkgs/development/libraries/pipewire/default.nix | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/pkgs/development/libraries/pipewire/default.nix b/pkgs/development/libraries/pipewire/default.nix index 9716abdece99..4cfcf9b3a6d8 100644 --- a/pkgs/development/libraries/pipewire/default.nix +++ b/pkgs/development/libraries/pipewire/default.nix @@ -75,7 +75,7 @@ assert ldacbtSupport -> bluezSupport; stdenv.mkDerivation(finalAttrs: { pname = "pipewire"; - version = "1.0.2"; + version = "1.0.3"; outputs = [ "out" @@ -91,7 +91,7 @@ stdenv.mkDerivation(finalAttrs: { owner = "pipewire"; repo = "pipewire"; rev = finalAttrs.version; - sha256 = "sha256-+D9+IvKDrsEdhJd9bRsWg6vwvbEomOxN/5XgTHQimQI="; + sha256 = "sha256-QVw7Q+RNo8BBy/uxoZeSQQn/vQcIl1bOiA9fYMR0+oI="; }; patches = [ From 45581ad4b458878c871ed5038d5e36cf49e005bd Mon Sep 17 00:00:00 2001 From: Alyssa Ross Date: Wed, 31 Jan 2024 16:13:07 +0100 Subject: [PATCH 184/212] libjpeg_turbo: fix cross to compatible platforms Fixes e.g. pkgsStatic.libjpeg_turbo. Link: https://github.com/NixOS/nixpkgs/pull/251853#issuecomment-1754793525 --- pkgs/development/libraries/libjpeg-turbo/default.nix | 9 ++++++++- 1 file changed, 8 insertions(+), 1 deletion(-) diff --git a/pkgs/development/libraries/libjpeg-turbo/default.nix b/pkgs/development/libraries/libjpeg-turbo/default.nix index 6d4c3face144..a34a60b11bf1 100644 --- a/pkgs/development/libraries/libjpeg-turbo/default.nix +++ b/pkgs/development/libraries/libjpeg-turbo/default.nix @@ -1,6 +1,7 @@ { lib , stdenv , fetchFromGitHub +, fetchpatch , cmake , nasm , openjdk @@ -41,8 +42,14 @@ stdenv.mkDerivation (finalAttrs: { hash = "sha256-xHjd0WHN50b75wdWPHUwfmJGsiWKmj+zA59UwakIo74="; }; - # This is needed by freeimage patches = [ + (fetchpatch { + name = "CMAKE_CROSSCOMPILING_EMULATOR=env-fix.patch"; + url = "https://github.com/libjpeg-turbo/libjpeg-turbo/compare/36c51dd3eb60ebde3ca77d3cfa7df3422f1aaaf1..b6ee1016abbc55116304ad396cf88aa19391e10a.patch"; + hash = "sha256-dNwXicvZEsG02TBaM5nYMlZ+VczT/Dfx6ZM/6huZpwE="; + }) + + # This is needed by freeimage ./0001-Compile-transupp.c-as-part-of-the-library.patch ] ++ lib.optionals (!stdenv.hostPlatform.isMinGW) [ ./0002-Make-exported-symbols-in-transupp.c-weak.patch From 68cf88462eec6c7c8a38001a899854251c56381f Mon Sep 17 00:00:00 2001 From: Martin Weinelt Date: Sat, 3 Feb 2024 03:57:14 +0100 Subject: [PATCH 185/212] python311Packages.setuptools: 69.0.2 -> 69.0.3 https://setuptools.pypa.io/en/stable/history.html#v69-0-3 --- pkgs/development/python-modules/setuptools/default.nix | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/pkgs/development/python-modules/setuptools/default.nix b/pkgs/development/python-modules/setuptools/default.nix index 231580cf9675..7cacc0ca5a4d 100644 --- a/pkgs/development/python-modules/setuptools/default.nix +++ b/pkgs/development/python-modules/setuptools/default.nix @@ -8,14 +8,14 @@ buildPythonPackage rec { pname = "setuptools"; - version = "69.0.2"; + version = "69.0.3"; format = "pyproject"; src = fetchFromGitHub { owner = "pypa"; repo = "setuptools"; rev = "refs/tags/v${version}"; - hash = "sha256-7xOZC85glpXPKdPTYOpwjQHRpkKL1hgbMFgJF3q5EW0="; + hash = "sha256-38csULki+SBcg7StScj0/09A+JZesm8iwOBjSgXyXMA="; }; patches = [ From 6f5ac5808c3497c38c969fce266dea38c2871181 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Vladim=C3=ADr=20=C4=8Cun=C3=A1t?= Date: Sat, 3 Feb 2024 07:06:28 +0100 Subject: [PATCH 186/212] mesa: 23.3.4 -> 23.3.5 https://docs.mesa3d.org/relnotes/23.3.4.html --- pkgs/development/libraries/mesa/default.nix | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/pkgs/development/libraries/mesa/default.nix b/pkgs/development/libraries/mesa/default.nix index 2edd102fd4df..f1a300ca957b 100644 --- a/pkgs/development/libraries/mesa/default.nix +++ b/pkgs/development/libraries/mesa/default.nix @@ -86,8 +86,8 @@ */ let - version = "23.3.4"; - hash = "sha256-3xLXZb5GUP5TKGCxiqGObaHQsH0aId/f4EZg5re6w5o="; + version = "23.3.5"; + hash = "sha256-acyxJ4ZB/1utccoPhmGIrrGpKq3E27nTX1CuvsW4tQ8="; # Release calendar: https://www.mesa3d.org/release-calendar.html # Release frequency: https://www.mesa3d.org/releasing.html#schedule From f3fab8ac983e8f25293ef44abce52ceeb3e9c428 Mon Sep 17 00:00:00 2001 From: K900 Date: Sat, 3 Feb 2024 12:32:38 +0300 Subject: [PATCH 187/212] mesa: don't fail if $dev/lib/pkgconfig/dri.pc doesn't exist It may not, if we're not building DRI --- pkgs/development/libraries/mesa/default.nix | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/pkgs/development/libraries/mesa/default.nix b/pkgs/development/libraries/mesa/default.nix index f1a300ca957b..ea8088d7d8a3 100644 --- a/pkgs/development/libraries/mesa/default.nix +++ b/pkgs/development/libraries/mesa/default.nix @@ -316,8 +316,9 @@ self = stdenv.mkDerivation { postFixup = lib.optionalString stdenv.isLinux '' # set the default search path for DRI drivers; used e.g. by X server - substituteInPlace "$dev/lib/pkgconfig/dri.pc" --replace "$drivers" "${libglvnd.driverLink}" - [ -f "$dev/lib/pkgconfig/d3d.pc" ] && substituteInPlace "$dev/lib/pkgconfig/d3d.pc" --replace "$drivers" "${libglvnd.driverLink}" + for pc in lib/pkgconfig/{dri,d3d}.pc; do + [ -f "$dev/$pc" ] && substituteInPlace "$dev/$pc" --replace "$drivers" "${libglvnd.driverLink}" + done # remove pkgconfig files for GL/EGL; they are provided by libGL. rm -f $dev/lib/pkgconfig/{gl,egl}.pc From 88244b5f75261283681e7486e2b7883973291321 Mon Sep 17 00:00:00 2001 From: K900 Date: Sat, 3 Feb 2024 13:42:18 +0300 Subject: [PATCH 188/212] mesa: remove disk cache key override The cache key isn't derived from a timestamp anymore, but from the build-id, so we can just rely on that. --- pkgs/development/libraries/mesa/default.nix | 2 - ...include-dri-driver-path-in-cache-key.patch | 59 ------------------- 2 files changed, 61 deletions(-) delete mode 100644 pkgs/development/libraries/mesa/disk_cache-include-dri-driver-path-in-cache-key.patch diff --git a/pkgs/development/libraries/mesa/default.nix b/pkgs/development/libraries/mesa/default.nix index f1a300ca957b..a86ea179547f 100644 --- a/pkgs/development/libraries/mesa/default.nix +++ b/pkgs/development/libraries/mesa/default.nix @@ -121,7 +121,6 @@ self = stdenv.mkDerivation { ./musl.patch ./opencl.patch - ./disk_cache-include-dri-driver-path-in-cache-key.patch # Backports to fix build # FIXME: remove when applied upstream @@ -170,7 +169,6 @@ self = stdenv.mkDerivation { # https://gitlab.freedesktop.org/mesa/mesa/blob/master/docs/meson.html#L327 "-Db_ndebug=true" - "-Ddisk-cache-key=${placeholder "drivers"}" "-Ddri-search-path=${libglvnd.driverLink}/lib/dri" "-Dplatforms=${lib.concatStringsSep "," eglPlatforms}" diff --git a/pkgs/development/libraries/mesa/disk_cache-include-dri-driver-path-in-cache-key.patch b/pkgs/development/libraries/mesa/disk_cache-include-dri-driver-path-in-cache-key.patch deleted file mode 100644 index 05f5ec7b6a03..000000000000 --- a/pkgs/development/libraries/mesa/disk_cache-include-dri-driver-path-in-cache-key.patch +++ /dev/null @@ -1,59 +0,0 @@ -diff --git a/meson_options.txt b/meson_options.txt -index 591ed957c85..6cb550593e3 100644 ---- a/meson_options.txt -+++ b/meson_options.txt -@@ -519,6 +519,13 @@ option( - description : 'Enable direct rendering in GLX and EGL for DRI', - ) - -+option( -+ 'disk-cache-key', -+ type : 'string', -+ value : '', -+ description : 'Mesa cache key.' -+) -+ - option('egl-lib-suffix', - type : 'string', - value : '', -diff --git a/src/util/disk_cache.c b/src/util/disk_cache.c -index 1d23b92af7e..fbb4b04f3cf 100644 ---- a/src/util/disk_cache.c -+++ b/src/util/disk_cache.c -@@ -218,8 +218,10 @@ disk_cache_type_create(const char *gpu_name, - - /* Create driver id keys */ - size_t id_size = strlen(driver_id) + 1; -+ size_t key_size = strlen(DISK_CACHE_KEY) + 1; - size_t gpu_name_size = strlen(gpu_name) + 1; - cache->driver_keys_blob_size += id_size; -+ cache->driver_keys_blob_size += key_size; - cache->driver_keys_blob_size += gpu_name_size; - - /* We sometimes store entire structs that contains a pointers in the cache, -@@ -240,6 +242,7 @@ disk_cache_type_create(const char *gpu_name, - uint8_t *drv_key_blob = cache->driver_keys_blob; - DRV_KEY_CPY(drv_key_blob, &cache_version, cv_size) - DRV_KEY_CPY(drv_key_blob, driver_id, id_size) -+ DRV_KEY_CPY(drv_key_blob, DISK_CACHE_KEY, key_size) - DRV_KEY_CPY(drv_key_blob, gpu_name, gpu_name_size) - DRV_KEY_CPY(drv_key_blob, &ptr_size, ptr_size_size) - DRV_KEY_CPY(drv_key_blob, &driver_flags, driver_flags_size) -diff --git a/src/util/meson.build b/src/util/meson.build -index eb88f235c47..eae5c54cc10 100644 ---- a/src/util/meson.build -+++ b/src/util/meson.build -@@ -286,7 +286,12 @@ _libmesa_util = static_library( - include_directories : [inc_util, include_directories('format')], - dependencies : deps_for_libmesa_util, - link_with: [libmesa_util_sse41], -- c_args : [c_msvc_compat_args], -+ c_args : [ -+ c_msvc_compat_args, -+ '-DDISK_CACHE_KEY="@0@"'.format( -+ get_option('disk-cache-key') -+ ), -+ ], - gnu_symbol_visibility : 'hidden', - build_by_default : false - ) From 493a19f131c987c2eeddf5b0db7daf3dfecef8d9 Mon Sep 17 00:00:00 2001 From: Martin Weinelt Date: Sat, 3 Feb 2024 02:51:33 +0100 Subject: [PATCH 189/212] python311Packages.httpx: 0.25.2 -> 0.26.0 https://github.com/encode/httpx/blob/refs/tags/0.26.0/CHANGELOG.md --- pkgs/development/python-modules/httpx/default.nix | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/pkgs/development/python-modules/httpx/default.nix b/pkgs/development/python-modules/httpx/default.nix index 0bbb64652737..9641597a516d 100644 --- a/pkgs/development/python-modules/httpx/default.nix +++ b/pkgs/development/python-modules/httpx/default.nix @@ -30,7 +30,7 @@ buildPythonPackage rec { pname = "httpx"; - version = "0.25.2"; + version = "0.26.0"; format = "pyproject"; disabled = pythonOlder "3.7"; @@ -39,7 +39,7 @@ buildPythonPackage rec { owner = "encode"; repo = pname; rev = "refs/tags/${version}"; - hash = "sha256-rGtIrs4dffs7Ndtjb400q7JrZh+HG9k0uwHw9pRlC5s="; + hash = "sha256-qMMx1CYu2/yH4NRvZFzJOflAPIbcvMYJqU4r+chuzl0="; }; nativeBuildInputs = [ From 605d194842463d2ac6b654b7ecfec59c0e1071b8 Mon Sep 17 00:00:00 2001 From: Alyssa Ross Date: Sat, 3 Feb 2024 14:28:12 +0100 Subject: [PATCH 190/212] pkgsMusl.umockdev: fix build --- pkgs/development/libraries/umockdev/default.nix | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/pkgs/development/libraries/umockdev/default.nix b/pkgs/development/libraries/umockdev/default.nix index 0bc817cde299..9c3026b0c9fb 100644 --- a/pkgs/development/libraries/umockdev/default.nix +++ b/pkgs/development/libraries/umockdev/default.nix @@ -2,6 +2,7 @@ , lib , docbook-xsl-nons , fetchurl +, fetchpatch , glib , gobject-introspection , gtk-doc @@ -42,6 +43,12 @@ stdenv.mkDerivation (finalAttrs: { src = ./substitute-udevadm.patch; udevadm = "${systemdMinimal}/bin/udevadm"; }) + + (fetchpatch { + name = "musl.patch"; + url = "https://github.com/martinpitt/umockdev/commit/d4efe24be59bd859b87473ea3d7efe8100bedc74.patch"; + hash = "sha256-whf3p2e7FWN1xk5+HF9KsbMW74DPOQ0R0+FxBfCZTX0="; + }) ]; nativeBuildInputs = [ From 841b7fc727756cf5606b5f1154a57355b3e74f84 Mon Sep 17 00:00:00 2001 From: Martin Weinelt Date: Sat, 3 Feb 2024 03:04:13 +0100 Subject: [PATCH 191/212] python311Packages.starlette: 0.32.0.post1 -> 0.35.1 https://github.com/encode/starlette/releases/tag/0.33.0 https://github.com/encode/starlette/releases/tag/0.34.0 https://github.com/encode/starlette/releases/tag/0.35.0 https://github.com/encode/starlette/releases/tag/0.35.1 --- .../python-modules/starlette/default.nix | 35 +++++++++---------- pkgs/top-level/python-packages.nix | 4 +-- 2 files changed, 17 insertions(+), 22 deletions(-) diff --git a/pkgs/development/python-modules/starlette/default.nix b/pkgs/development/python-modules/starlette/default.nix index 137bd59c703c..e3cfa2d29626 100644 --- a/pkgs/development/python-modules/starlette/default.nix +++ b/pkgs/development/python-modules/starlette/default.nix @@ -1,18 +1,20 @@ { lib -, stdenv , buildPythonPackage , fetchFromGitHub + +# build-system , hatchling -# runtime -, ApplicationServices +# dependencies , anyio +, typing-extensions + +# optional dependencies , itsdangerous , jinja2 , python-multipart , pyyaml , httpx -, typing-extensions # tests , pytestCheckHook @@ -22,16 +24,16 @@ buildPythonPackage rec { pname = "starlette"; - version = "0.32.0.post1"; - format = "pyproject"; + version = "0.35.1"; + pyproject = true; - disabled = pythonOlder "3.7"; + disabled = pythonOlder "3.8"; src = fetchFromGitHub { owner = "encode"; repo = pname; rev = "refs/tags/${version}"; - hash = "sha256-1twyN3fSlxwfDtyqaFFuCAVehLZ8vCV4voCT7CVSEbk="; + hash = "sha256-ynT1KowVJ1QdKLSOXYWVe5Q/PrYEWQDUbj395ebfk6Y="; }; nativeBuildInputs = [ @@ -40,34 +42,29 @@ buildPythonPackage rec { propagatedBuildInputs = [ anyio + ] ++ lib.optionals (pythonOlder "3.10") [ + typing-extensions + ]; + + passthru.optional-dependencies.full = [ itsdangerous jinja2 python-multipart pyyaml httpx - ] ++ lib.optionals (pythonOlder "3.10") [ - typing-extensions - ] ++ lib.optionals stdenv.isDarwin [ - ApplicationServices ]; nativeCheckInputs = [ pytestCheckHook trio typing-extensions - ]; + ] ++ lib.flatten (lib.attrValues passthru.optional-dependencies); pytestFlagsArray = [ "-W" "ignore::DeprecationWarning" "-W" "ignore::trio.TrioDeprecationWarning" ]; - disabledTests = [ - # asserts fail due to inclusion of br in Accept-Encoding - "test_websocket_headers" - "test_request_headers" - ]; - pythonImportsCheck = [ "starlette" ]; diff --git a/pkgs/top-level/python-packages.nix b/pkgs/top-level/python-packages.nix index a6566f5d4370..342476efff1c 100644 --- a/pkgs/top-level/python-packages.nix +++ b/pkgs/top-level/python-packages.nix @@ -13846,9 +13846,7 @@ self: super: with self; { stanza = callPackage ../development/python-modules/stanza { }; - starlette = callPackage ../development/python-modules/starlette { - inherit (pkgs.darwin.apple_sdk.frameworks) ApplicationServices; - }; + starlette = callPackage ../development/python-modules/starlette { }; starlette-wtf = callPackage ../development/python-modules/starlette-wtf { }; From cd23ee40b551221240c1389f2e454eb4b2808484 Mon Sep 17 00:00:00 2001 From: Martin Weinelt Date: Sat, 3 Feb 2024 03:07:13 +0100 Subject: [PATCH 192/212] python311Packages.fastapi: 0.104.1 -> 0.109.0 https://github.com/tiangolo/fastapi/releases/tag/0.105.0 https://github.com/tiangolo/fastapi/releases/tag/0.106.0 https://github.com/tiangolo/fastapi/releases/tag/0.107.0 https://github.com/tiangolo/fastapi/releases/tag/0.108.0 https://github.com/tiangolo/fastapi/releases/tag/0.109.0 --- .../python-modules/fastapi/default.nix | 31 +++---------------- 1 file changed, 4 insertions(+), 27 deletions(-) diff --git a/pkgs/development/python-modules/fastapi/default.nix b/pkgs/development/python-modules/fastapi/default.nix index 89c1c2ffbe40..74f816d9b8a6 100644 --- a/pkgs/development/python-modules/fastapi/default.nix +++ b/pkgs/development/python-modules/fastapi/default.nix @@ -38,8 +38,8 @@ buildPythonPackage rec { pname = "fastapi"; - version = "0.104.1"; - format = "pyproject"; + version = "0.109.0"; + pyproject = true; disabled = pythonOlder "3.7"; @@ -47,7 +47,7 @@ buildPythonPackage rec { owner = "tiangolo"; repo = pname; rev = "refs/tags/${version}"; - hash = "sha256-xTTFBc+fswLYUhKRkWP/eiYSbG3j1E7CASkEtHVNTlk="; + hash = "sha256-iZBc0tYGmhQuOL/pdthhBYYnZhe+wEttoinePNAIgEs="; }; nativeBuildInputs = [ @@ -98,14 +98,9 @@ buildPythonPackage rec { # ignoring deprecation warnings to avoid test failure from # tests/test_tutorial/test_testing/test_tutorial001.py "-W ignore::DeprecationWarning" - - # http code mismatches - "--deselect=tests/test_annotated.py::test_get" ]; disabledTestPaths = [ - # Disabled tests require orjson which requires rust nightly - "tests/test_default_response_class.py" # Don't test docs and examples "docs_src" # databases is incompatible with SQLAlchemy 2.0 @@ -113,30 +108,12 @@ buildPythonPackage rec { "tests/test_tutorial/test_sql_databases" ]; - disabledTests = [ - "test_get_custom_response" - # Failed: DID NOT RAISE - "test_websocket_invalid_data" - "test_websocket_no_credentials" - # TypeError: __init__() missing 1...starlette-releated - "test_head" - "test_options" - "test_trace" - # Unexpected number of warnings caught - "test_warn_duplicate_operation_id" - # assert state["except"] is True - "test_dependency_gets_exception" - # Fixtures drift - "test_openapi_schema_sub" - # 200 != 404 - "test_flask" - ]; - pythonImportsCheck = [ "fastapi" ]; meta = with lib; { + changelog = "https://github.com/tiangolo/fastapi/releases/tag/${version}"; description = "Web framework for building APIs"; homepage = "https://github.com/tiangolo/fastapi"; license = licenses.mit; From 295ffd29996e1beb31014565164cf6a4b62b90bc Mon Sep 17 00:00:00 2001 From: Martin Weinelt Date: Sat, 3 Feb 2024 03:07:32 +0100 Subject: [PATCH 193/212] python311Packges.starlette: test fastapi in passthru.tests --- pkgs/development/python-modules/starlette/default.nix | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/pkgs/development/python-modules/starlette/default.nix b/pkgs/development/python-modules/starlette/default.nix index e3cfa2d29626..4f248044cc7f 100644 --- a/pkgs/development/python-modules/starlette/default.nix +++ b/pkgs/development/python-modules/starlette/default.nix @@ -20,6 +20,9 @@ , pytestCheckHook , pythonOlder , trio + +# reverse dependencies +, fastapi }: buildPythonPackage rec { @@ -69,6 +72,10 @@ buildPythonPackage rec { "starlette" ]; + passthru.tests = { + inherit fastapi; + }; + meta = with lib; { changelog = "https://github.com/encode/starlette/releases/tag/${version}"; downloadPage = "https://github.com/encode/starlette"; From aa3873aca109e114209e0d5530486f46725347c3 Mon Sep 17 00:00:00 2001 From: Martin Weinelt Date: Fri, 2 Feb 2024 18:57:58 +0100 Subject: [PATCH 194/212] python311Packages.markupsafe: 2.1.3 -> 2.1.5 https://markupsafe.palletsprojects.com/en/2.1.x/changes/#version-2-1-5 --- .../python-modules/markupsafe/default.nix | 23 ++++++++++++++----- 1 file changed, 17 insertions(+), 6 deletions(-) diff --git a/pkgs/development/python-modules/markupsafe/default.nix b/pkgs/development/python-modules/markupsafe/default.nix index e63af344a3a0..f79501aeb501 100644 --- a/pkgs/development/python-modules/markupsafe/default.nix +++ b/pkgs/development/python-modules/markupsafe/default.nix @@ -1,28 +1,39 @@ { lib , buildPythonPackage -, pythonOlder , fetchPypi +, pythonOlder + +# build-system +, setuptools + +# tests , pytestCheckHook }: buildPythonPackage rec { pname = "markupsafe"; - version = "2.1.3"; - format = "setuptools"; + version = "2.1.5"; + pyproject = true; - disabled = pythonOlder "3.7"; + disabled = pythonOlder "3.8"; src = fetchPypi { pname = "MarkupSafe"; inherit version; - hash = "sha256-r1mO0y1q6G8bdHuCeDlYsaSrj2F7Bv5oeVx/Amq73K0="; + hash = "sha256-0oPTeokLpMGuc/+t+ARkNcdue8Ike7tjwAvRpwnGVEs="; }; + nativeBuildInputs = [ + setuptools + ]; + nativeCheckInputs = [ pytestCheckHook ]; - pythonImportsCheck = [ "markupsafe" ]; + pythonImportsCheck = [ + "markupsafe" + ]; meta = with lib; { changelog = "https://markupsafe.palletsprojects.com/en/${versions.majorMinor version}.x/changes/#version-${replaceStrings [ "." ] [ "-" ] version}"; From 6d8c6eb3cdea7abfb89d8ce49b3f75b2895dbe0e Mon Sep 17 00:00:00 2001 From: Martin Weinelt Date: Fri, 2 Feb 2024 19:22:49 +0100 Subject: [PATCH 195/212] python311Packages.markupsafe: test reverse dependencies in passthru --- .../python-modules/markupsafe/default.nix | 15 +++++++++++++++ 1 file changed, 15 insertions(+) diff --git a/pkgs/development/python-modules/markupsafe/default.nix b/pkgs/development/python-modules/markupsafe/default.nix index f79501aeb501..17f8ce118e5b 100644 --- a/pkgs/development/python-modules/markupsafe/default.nix +++ b/pkgs/development/python-modules/markupsafe/default.nix @@ -8,6 +8,12 @@ # tests , pytestCheckHook + +# reverse dependencies +, jinja2 +, mkdocs +, quart +, werkzeug }: buildPythonPackage rec { @@ -35,6 +41,15 @@ buildPythonPackage rec { "markupsafe" ]; + passthru.tests = { + inherit + jinja2 + mkdocs + quart + werkzeug + ; + }; + meta = with lib; { changelog = "https://markupsafe.palletsprojects.com/en/${versions.majorMinor version}.x/changes/#version-${replaceStrings [ "." ] [ "-" ] version}"; description = "Implements a XML/HTML/XHTML Markup safe string"; From bcb6afc76e742aaa6642e216125b04da408e3a88 Mon Sep 17 00:00:00 2001 From: Martin Weinelt Date: Sat, 3 Feb 2024 15:42:33 +0100 Subject: [PATCH 196/212] Revert "python311Packages.markupsafe: 2.1.3 -> 2.1.5" (#286070) Causes a darwin-stdenv rebuild, so I'm retargeting it towards staging instead. --- .../python-modules/markupsafe/default.nix | 38 +++---------------- 1 file changed, 6 insertions(+), 32 deletions(-) diff --git a/pkgs/development/python-modules/markupsafe/default.nix b/pkgs/development/python-modules/markupsafe/default.nix index 17f8ce118e5b..e63af344a3a0 100644 --- a/pkgs/development/python-modules/markupsafe/default.nix +++ b/pkgs/development/python-modules/markupsafe/default.nix @@ -1,54 +1,28 @@ { lib , buildPythonPackage -, fetchPypi , pythonOlder - -# build-system -, setuptools - -# tests +, fetchPypi , pytestCheckHook - -# reverse dependencies -, jinja2 -, mkdocs -, quart -, werkzeug }: buildPythonPackage rec { pname = "markupsafe"; - version = "2.1.5"; - pyproject = true; + version = "2.1.3"; + format = "setuptools"; - disabled = pythonOlder "3.8"; + disabled = pythonOlder "3.7"; src = fetchPypi { pname = "MarkupSafe"; inherit version; - hash = "sha256-0oPTeokLpMGuc/+t+ARkNcdue8Ike7tjwAvRpwnGVEs="; + hash = "sha256-r1mO0y1q6G8bdHuCeDlYsaSrj2F7Bv5oeVx/Amq73K0="; }; - nativeBuildInputs = [ - setuptools - ]; - nativeCheckInputs = [ pytestCheckHook ]; - pythonImportsCheck = [ - "markupsafe" - ]; - - passthru.tests = { - inherit - jinja2 - mkdocs - quart - werkzeug - ; - }; + pythonImportsCheck = [ "markupsafe" ]; meta = with lib; { changelog = "https://markupsafe.palletsprojects.com/en/${versions.majorMinor version}.x/changes/#version-${replaceStrings [ "." ] [ "-" ] version}"; From cee13123c01af4538ee85a683f52794b8e0b5bd6 Mon Sep 17 00:00:00 2001 From: K900 Date: Wed, 31 Jan 2024 11:35:03 +0300 Subject: [PATCH 197/212] xdg-utils: unstable-2022-11-06 -> 1.2.0, resholve --- pkgs/tools/X11/xdg-utils/default.nix | 270 ++++++++++++++++++++++----- pkgs/top-level/all-packages.nix | 4 +- 2 files changed, 225 insertions(+), 49 deletions(-) diff --git a/pkgs/tools/X11/xdg-utils/default.nix b/pkgs/tools/X11/xdg-utils/default.nix index 3be7b2fd0ee6..da0ff0c01677 100644 --- a/pkgs/tools/X11/xdg-utils/default.nix +++ b/pkgs/tools/X11/xdg-utils/default.nix @@ -1,9 +1,10 @@ -{ lib, stdenv, fetchFromGitLab, fetchFromGitHub, fetchpatch -, file, libxslt, docbook_xml_dtd_412, docbook_xsl, xmlto -, w3m, gnugrep, gnused, coreutils, xset, perlPackages -, mimiSupport ? false, gawk -, bash -, glib +{ lib, stdenv, fetchFromGitLab, fetchFromGitHub, fetchpatch, writeText +# docs deps +, libxslt, docbook_xml_dtd_412, docbook_xml_dtd_43, docbook_xsl, xmlto +# runtime deps +, resholve, bash, coreutils, dbus, file, gawk, gnugrep, gnused, jq, lockfileProgs, nettools, procmail, procps, xdg-user-dirs +, perl, perlPackages +, mimiSupport ? false , withXdgOpenUsePortalPatch ? true }: let @@ -15,73 +16,250 @@ let sha256 = "15gw2nyrqmdsdin8gzxihpn77grhk9l97jp7s7pr7sl4n9ya2rpj"; }; - perlPath = with perlPackages; makePerlPath [ - NetDBus XMLTwig XMLParser X11Protocol + # Required by the common desktop detection code + commonDeps = [ dbus coreutils gnugrep gnused ]; + # These are all faked because the current desktop is detected + # based on their presence, so we want them to be missing by default. + commonFakes = [ + "explorer.exe" + "gnome-default-applications-properties" + "kde-config" + "xprop" ]; + # This is still required to work around the eval trickery some scripts do + commonPrologue = "${writeText "xdg-utils-prologue" '' + export PATH=$PATH:${coreutils}/bin + ''}"; + + solutions = [ + { + scripts = [ "bin/xdg-desktop-icon" ]; + interpreter = "${bash}/bin/bash"; + inputs = commonDeps ++ [ xdg-user-dirs ]; + execer = [ + "cannot:${xdg-user-dirs}/bin/xdg-user-dir" + ]; + # These are desktop-specific, so we don't want xdg-utils to be able to + # call them when in a different setup. + fake.external = commonFakes ++ [ + "gconftool-2" # GNOME2 + ]; + keep."$KDE_SESSION_VERSION" = true; + prologue = commonPrologue; + } + + { + scripts = [ "bin/xdg-desktop-menu" ]; + interpreter = "${bash}/bin/bash"; + inputs = commonDeps ++ [ gawk ]; + fake.external = commonFakes; + keep."$KDE_SESSION_VERSION" = true; + prologue = commonPrologue; + } + + { + scripts = [ "bin/xdg-email" ]; + interpreter = "${bash}/bin/bash"; + inputs = commonDeps ++ [ gawk "${placeholder "out"}/bin" ]; + execer = [ + "cannot:${placeholder "out"}/bin/xdg-mime" + "cannot:${placeholder "out"}/bin/xdg-open" + ]; + # These are desktop-specific, so we don't want xdg-utils to be able to + # call them when in a different setup. + fake.external = commonFakes ++ [ + "exo-open" # XFCE + "gconftool-2" # GNOME + "gdbus" # Flatpak (calls xdg-portal) + "gio" # GNOME (new) + "gnome-open" # GNOME (very old) + "gvfs-open" # GNOME (old) + "qtxdg-mat" # LXQT + "xdg-email-hook.sh" # user-defined hook that may be available ambiently + ]; + fix."/bin/echo" = true; + keep = { + "$command" = true; + "$kreadconfig" = true; + "$THUNDERBIRD" = true; + "$utf8" = true; + }; + } + + { + scripts = [ "bin/xdg-icon-resource" ]; + interpreter = "${bash}/bin/bash"; + inputs = commonDeps; + fake.external = commonFakes; + keep."$KDE_SESSION_VERSION" = true; + prologue = commonPrologue; + } + + { + scripts = [ "bin/xdg-mime" ]; + interpreter = "${bash}/bin/bash"; + inputs = commonDeps ++ [ file gawk ]; + # These are desktop-specific, so we don't want xdg-utils to be able to + # call them when in a different setup. + fake.external = commonFakes ++ [ + "gio" # GNOME (new) + "gnomevfs-info" # GNOME (very old) + "gvfs-info" # GNOME (old) + "kde4-config" # Plasma 4 + "kfile" # KDE 3 + "kmimetypefinder" # Plasma (generic) + "kmimetypefinder5" # Plasma 5 + "ktraderclient" # KDE 3 + "ktradertest" # KDE 3 + "mimetype" # alternative tool for file, pulls in perl, avoid + "qtpaths" # Plasma + "qtxdg-mat" # LXQT + ]; + fix."/usr/bin/file" = true; + keep = { + "$KDE_SESSION_VERSION" = true; + "$KTRADER" = true; + }; + prologue = commonPrologue; + } + + { + scripts = [ "bin/xdg-open" ]; + interpreter = "${bash}/bin/bash"; + inputs = commonDeps ++ [ nettools "${placeholder "out"}/bin" ]; + execer = [ + "cannot:${placeholder "out"}/bin/xdg-mime" + ]; + # These are desktop-specific, so we don't want xdg-utils to be able to + # call them when in a different setup. + fake.external = commonFakes ++ [ + "cygstart" # Cygwin + "dde-open" # Deepin + "enlightenment_open" # Enlightenment + "exo-open" # XFCE + "gdbus" # Flatpak (calls xdg-portal) + "gio" # GNOME (new) + "gnome-open" # GNOME (very old) + "gvfs-open" # GNOME (old) + "kde-open" # Plasma + "kfmclient" # KDE3 + "mate-open" # MATE + "mimeopen" # alternative tool for file, pulls in perl, avoid + "open" # macOS + "pcmanfm" # LXDE + "qtxdg-mat" # LXQT + "run-mailcap" # generic + "rundll32.exe" # WSL + "wslpath" # WSL + ]; + fix."$printf" = [ "printf" ]; + keep = { + "env:$command" = true; + "$browser" = true; + "$KDE_SESSION_VERSION" = true; + }; + } + + { + scripts = [ "bin/xdg-screensaver" ]; + interpreter = "${bash}/bin/bash"; + inputs = commonDeps ++ [ lockfileProgs nettools perl procmail procps ]; + # These are desktop-specific, so we don't want xdg-utils to be able to + # call them when in a different setup. + fake.external = commonFakes ++ [ + "dcop" # KDE3 + "mate-screensaver-command" # MATE + "xautolock" # Xautolock + "xscreensaver-command" # Xscreensaver + "xset" # generic-ish X + ]; + fix."$lockfile_command" = [ "lockfile" ]; + keep = { + "$MV" = true; + "$XPROP" = true; + }; + prologue = "${writeText "xdg-screensaver-prologue" '' + export PERL5LIB=${with perlPackages; makePerlPath [ NetDBus XMLTwig XMLParser X11Protocol ]} + export PATH=$PATH:${coreutils}/bin + ''}"; + } + + { + scripts = [ "bin/xdg-settings" ]; + interpreter = "${bash}/bin/bash"; + inputs = commonDeps ++ [ jq "${placeholder "out"}/bin" ]; + execer = [ + "cannot:${placeholder "out"}/bin/xdg-mime" + ]; + # These are desktop-specific, so we don't want xdg-utils to be able to + # call them when in a different setup. + fake.external = commonFakes ++ [ + "gconftool-2" # GNOME + "kreadconfig" # Plasma (generic) + "kreadconfig5" # Plasma 5 + "kreadconfig6" # Plasma 6 + "ktradertest" # KDE3 + "kwriteconfig" # Plasma (generic) + "kwriteconfig5" # Plasma 5 + "kwriteconfig6" # Plasma 6 + "qtxdg-mat" # LXQT + ]; + keep = { + "$KDE_SESSION_VERSION" = true; + # get_browser_$handler + "$handler" = true; + }; + } + ]; in stdenv.mkDerivation rec { pname = "xdg-utils"; - version = "unstable-2022-11-06"; + version = "1.2.0"; src = fetchFromGitLab { domain = "gitlab.freedesktop.org"; owner = "xdg"; repo = "xdg-utils"; - rev = "8ae02631a9806da11b34cd6b274af02d28aee5da"; - sha256 = "sha256-WdnnAiPYbREny633FnBi5tD9hDuF8NCVVbUaAVIKTxM="; + rev = "v${version}"; + hash = "sha256-rjNIO4B9jHsBmPaugWTMqTGNpjiw0MTEmf9/ds2Mud4="; }; - patches = lib.optionals withXdgOpenUsePortalPatch [ + patches = [ + # Backport typo fix + (fetchpatch { + url = "https://gitlab.freedesktop.org/xdg/xdg-utils/-/commit/af2fe0d1dcbcd982d84ddf2bbd174afe90976ed9.patch"; + hash = "sha256-HhQk06wWkyWjSxjXet+sADKf1irswKxDA8WuOknZKRs="; + }) + # Backport docs rendering fixes + # See: https://gitlab.freedesktop.org/xdg/xdg-utils/-/merge_requests/106 + (fetchpatch { + url = "https://gitlab.freedesktop.org/xdg/xdg-utils/-/commit/403a720ad18920030418a7c3d1f2caba9ce3892d.patch"; + hash = "sha256-XxFUeyXENHCy+wplIJ5OzoU5oyA4v1bz/9qMXp1ZwsE="; + }) + (fetchpatch { + url = "https://gitlab.freedesktop.org/xdg/xdg-utils/-/commit/a137f2ba87620402aca21b14fb1d79517782dd29.patch"; + hash = "sha256-XFUAWn4uOyzgLdvupBxsO7wm6VDSzYj1SGZEM+9ouec="; + }) + ] ++ lib.optionals withXdgOpenUsePortalPatch [ # Allow forcing the use of XDG portals using NIXOS_XDG_OPEN_USE_PORTAL environment variable. # Upstream PR: https://github.com/freedesktop/xdg-utils/pull/12 ./allow-forcing-portal-use.patch - # Allow opening files when using portal with xdg-open. - # Upstream PR: https://gitlab.freedesktop.org/xdg/xdg-utils/-/merge_requests/65 - (fetchpatch { - name = "support-openfile-with-portal.patch"; - url = "https://gitlab.freedesktop.org/xdg/xdg-utils/-/commit/5cd8c38f58d9db03240f4bc67267fe3853b66ec7.diff"; - hash = "sha256-snkhxwGF9hpqEh5NGG8xixTi/ydAk5apXRtgYrVgNY8="; - }) ]; # just needed when built from git - nativeBuildInputs = [ libxslt docbook_xml_dtd_412 docbook_xsl xmlto w3m ]; + nativeBuildInputs = [ libxslt docbook_xml_dtd_412 docbook_xml_dtd_43 docbook_xsl xmlto ]; # explicitly provide a runtime shell so patchShebangs is consistent across build platforms buildInputs = [ bash ]; postInstall = lib.optionalString mimiSupport '' cp ${mimisrc}/xdg-open $out/bin/xdg-open - '' + '' - sed '2s#.#\ - sed() { ${gnused}/bin/sed "$@"; }\ - grep() { ${gnugrep}/bin/grep "$@"; }\ - egrep() { ${gnugrep}/bin/egrep "$@"; }\ - file() { ${file}/bin/file "$@"; }\ - awk() { ${gawk}/bin/awk "$@"; }\ - xset() { ${xset}/bin/xset "$@"; }\ - perl() { PERL5LIB=${perlPath} ${perlPackages.perl}/bin/perl "$@"; }\ - mimetype() { ${perlPackages.FileMimeInfo}/bin/mimetype "$@"; }\ - PATH=$PATH:'$out'/bin:${coreutils}/bin\ - &#' -i "$out"/bin/* - - substituteInPlace $out/bin/xdg-open \ - --replace "/usr/bin/printf" "${coreutils}/bin/printf" \ - --replace "gdbus" "${glib}/bin/gdbus" \ - --replace "mimeopen" "${perlPackages.FileMimeInfo}/bin/mimeopen" - - substituteInPlace $out/bin/xdg-mime \ - --replace "/usr/bin/file" "${file}/bin/file" - - substituteInPlace $out/bin/xdg-email \ - --replace "/bin/echo" "${coreutils}/bin/echo" \ - --replace "gdbus" "${glib}/bin/gdbus" - - sed 's|\bwhich\b|type -P|g' -i "$out"/bin/* ''; + preFixup = lib.concatStringsSep "\n" (map (resholve.phraseSolution "xdg-utils-resholved") solutions); + meta = with lib; { homepage = "https://www.freedesktop.org/wiki/Software/xdg-utils/"; description = "A set of command line tools that assist applications with a variety of desktop integration tasks"; diff --git a/pkgs/top-level/all-packages.nix b/pkgs/top-level/all-packages.nix index 5dec3e60a6fe..c8cb0fac8570 100644 --- a/pkgs/top-level/all-packages.nix +++ b/pkgs/top-level/all-packages.nix @@ -36541,9 +36541,7 @@ with pkgs; xdg-user-dirs = callPackage ../tools/X11/xdg-user-dirs { }; - xdg-utils = callPackage ../tools/X11/xdg-utils { - w3m = buildPackages.w3m-batch; - }; + xdg-utils = callPackage ../tools/X11/xdg-utils {}; xdgmenumaker = callPackage ../applications/misc/xdgmenumaker { }; From b79d9beb4b7f16e37120761b8f936da5bdee7557 Mon Sep 17 00:00:00 2001 From: Yureka Date: Sun, 4 Feb 2024 17:24:06 +0100 Subject: [PATCH 198/212] bluez: disable failing test on musl (#286245) --- pkgs/by-name/bl/bluez/package.nix | 11 ++++++++++- 1 file changed, 10 insertions(+), 1 deletion(-) diff --git a/pkgs/by-name/bl/bluez/package.nix b/pkgs/by-name/bl/bluez/package.nix index c6a54a7d7678..b87c84fe7f67 100644 --- a/pkgs/by-name/bl/bluez/package.nix +++ b/pkgs/by-name/bl/bluez/package.nix @@ -5,7 +5,6 @@ , docutils , ell , enableExperimental ? false -, fetchpatch , fetchurl , glib , json_c @@ -26,6 +25,16 @@ stdenv.mkDerivation (finalAttrs: { hash = "sha256-SZ1/o0WplsG7ZQ9cZ0nh2SkRH6bs4L4OmGh/7mEkU24="; }; + patches = + # Disable one failing test with musl libc, also seen by alpine + # https://github.com/bluez/bluez/issues/726 + lib.optional (stdenv.hostPlatform.isMusl && stdenv.hostPlatform.isx86_64) + (fetchurl { + url = "https://git.alpinelinux.org/aports/plain/main/bluez/disable_aics_unit_testcases.patch?id=8e96f7faf01a45f0ad8449c1cd825db63a8dfd48"; + hash = "sha256-1PJkipqBO3qxxOqRFQKfpWlne1kzTCgtnTFYI1cFQt4="; + }) + ; + buildInputs = [ alsa-lib dbus From 630c078fd548064eaa7312bc1345e4c752f6f11b Mon Sep 17 00:00:00 2001 From: Yureka Date: Sun, 4 Feb 2024 17:40:19 +0100 Subject: [PATCH 199/212] libgudev: fix build on musl (#286244) --- .../libraries/libgudev/default.nix | 13 +++++- ...kip-double-test-on-stub-locale-impls.patch | 41 +++++++++++++++++++ 2 files changed, 53 insertions(+), 1 deletion(-) create mode 100644 pkgs/development/libraries/libgudev/tests-skip-double-test-on-stub-locale-impls.patch diff --git a/pkgs/development/libraries/libgudev/default.nix b/pkgs/development/libraries/libgudev/default.nix index 5098bd9f65ca..fd21c9e7f85e 100644 --- a/pkgs/development/libraries/libgudev/default.nix +++ b/pkgs/development/libraries/libgudev/default.nix @@ -9,7 +9,6 @@ , gnome , vala , gobject-introspection -, fetchpatch , glibcLocales , umockdev }: @@ -25,6 +24,18 @@ stdenv.mkDerivation (finalAttrs: { hash = "sha256-YSZqsa/J1z28YKiyr3PpnS/f9H2ZVE0IV2Dk+mZ7XdE="; }; + patches = [ + # Conditionally disable one test that requires a locale implementation + # https://gitlab.gnome.org/GNOME/libgudev/-/merge_requests/31 + ./tests-skip-double-test-on-stub-locale-impls.patch + ]; + + postPatch = '' + # The relative location of LD_PRELOAD works for Glibc but not for other loaders (e.g. pkgsMusl) + substituteInPlace tests/meson.build \ + --replace "LD_PRELOAD=libumockdev-preload.so.0" "LD_PRELOAD=${lib.getLib umockdev}/lib/libumockdev-preload.so.0" + ''; + strictDeps = true; nativeBuildInputs = [ diff --git a/pkgs/development/libraries/libgudev/tests-skip-double-test-on-stub-locale-impls.patch b/pkgs/development/libraries/libgudev/tests-skip-double-test-on-stub-locale-impls.patch new file mode 100644 index 000000000000..277670aeed2b --- /dev/null +++ b/pkgs/development/libraries/libgudev/tests-skip-double-test-on-stub-locale-impls.patch @@ -0,0 +1,41 @@ +From ad8b10870ee2092268f87144d8e5ab7db2011139 Mon Sep 17 00:00:00 2001 +From: Alyssa Ross +Date: Tue, 30 Jan 2024 20:47:21 +0100 +Subject: [PATCH] tests: Skip double test on stub locale impls + +On musl, setlocale() with an unknown locale name will succeed, but +treat the requested locale as if it were C.UTF-8. Therefore, to +properly check whether the locale is supported, we need to actually +verify whether it works the way we expect when deciding whether to +skip the test. +--- + tests/test-double.c | 6 ++++-- + 1 file changed, 4 insertions(+), 2 deletions(-) + +diff --git a/tests/test-double.c b/tests/test-double.c +index 91e77c9..e9d9232 100644 +--- a/tests/test-double.c ++++ b/tests/test-double.c +@@ -39,8 +39,6 @@ fixture_teardown (Fixture *f, G_GNUC_UNUSED const void *data) + static void + test_double (Fixture *f, G_GNUC_UNUSED const void *data) + { +- g_assert_cmpstr (nl_langinfo(RADIXCHAR), ==, ","); +- + umockdev_testbed_add_device (f->testbed, "platform", "dev1", NULL, + "in_accel_scale", "0.0000098", NULL, + "ID_MODEL", "KoolGadget", "SCALE", "0.0000098", NULL); +@@ -73,6 +71,10 @@ int main(int argc, char **argv) + if (setlocale (LC_NUMERIC, "fr_FR.UTF-8") == NULL) + return GNU_SKIP_RETURNCODE; + ++ /* Skip if locale doesn't work how we expect. */ ++ if (strcmp (nl_langinfo(RADIXCHAR), ",")) ++ return GNU_SKIP_RETURNCODE; ++ + g_test_init (&argc, &argv, NULL); + + g_test_add ("/gudev/double", Fixture, NULL, +-- +GitLab + From bc58c5634c3425367116795e9eae913ea5656b6a Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Sandro=20J=C3=A4ckel?= Date: Mon, 5 Feb 2024 00:40:00 +0100 Subject: [PATCH 200/212] xdg-utils: wrap with gdbus which is required for the `xdg.portal.xdgOpenUsePortal` option --- pkgs/tools/X11/xdg-utils/default.nix | 8 +++----- 1 file changed, 3 insertions(+), 5 deletions(-) diff --git a/pkgs/tools/X11/xdg-utils/default.nix b/pkgs/tools/X11/xdg-utils/default.nix index da0ff0c01677..3db16f067148 100644 --- a/pkgs/tools/X11/xdg-utils/default.nix +++ b/pkgs/tools/X11/xdg-utils/default.nix @@ -2,7 +2,7 @@ # docs deps , libxslt, docbook_xml_dtd_412, docbook_xml_dtd_43, docbook_xsl, xmlto # runtime deps -, resholve, bash, coreutils, dbus, file, gawk, gnugrep, gnused, jq, lockfileProgs, nettools, procmail, procps, xdg-user-dirs +, resholve, bash, coreutils, dbus, file, gawk, glib, gnugrep, gnused, jq, lockfileProgs, nettools, procmail, procps, xdg-user-dirs , perl, perlPackages , mimiSupport ? false , withXdgOpenUsePortalPatch ? true }: @@ -61,7 +61,7 @@ let { scripts = [ "bin/xdg-email" ]; interpreter = "${bash}/bin/bash"; - inputs = commonDeps ++ [ gawk "${placeholder "out"}/bin" ]; + inputs = commonDeps ++ [ gawk glib.bin "${placeholder "out"}/bin" ]; execer = [ "cannot:${placeholder "out"}/bin/xdg-mime" "cannot:${placeholder "out"}/bin/xdg-open" @@ -71,7 +71,6 @@ let fake.external = commonFakes ++ [ "exo-open" # XFCE "gconftool-2" # GNOME - "gdbus" # Flatpak (calls xdg-portal) "gio" # GNOME (new) "gnome-open" # GNOME (very old) "gvfs-open" # GNOME (old) @@ -127,7 +126,7 @@ let { scripts = [ "bin/xdg-open" ]; interpreter = "${bash}/bin/bash"; - inputs = commonDeps ++ [ nettools "${placeholder "out"}/bin" ]; + inputs = commonDeps ++ [ nettools glib.bin "${placeholder "out"}/bin" ]; execer = [ "cannot:${placeholder "out"}/bin/xdg-mime" ]; @@ -138,7 +137,6 @@ let "dde-open" # Deepin "enlightenment_open" # Enlightenment "exo-open" # XFCE - "gdbus" # Flatpak (calls xdg-portal) "gio" # GNOME (new) "gnome-open" # GNOME (very old) "gvfs-open" # GNOME (old) From e0ba6099df54fc2024053b43ce7522696a558446 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Vladim=C3=ADr=20=C4=8Cun=C3=A1t?= Date: Mon, 5 Feb 2024 07:54:29 +0100 Subject: [PATCH 201/212] Revert #281577: mpdecimal: 2.5.1 -> 4.0.0 This reverts commit c59d406e84cc40df7be4557ddc5d75550aa67bc0, reversing changes made to ae73151e4a9179bb72f42e43ceb047c42e2a4782. Reverting on staging-next branch, moving to staging. Unfortunate clash with PR #285158 triggered a stdenv rebuild. --- pkgs/development/libraries/mpdecimal/default.nix | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/pkgs/development/libraries/mpdecimal/default.nix b/pkgs/development/libraries/mpdecimal/default.nix index 514c61ffcb0c..3a2e4b1fe7d0 100644 --- a/pkgs/development/libraries/mpdecimal/default.nix +++ b/pkgs/development/libraries/mpdecimal/default.nix @@ -2,12 +2,12 @@ stdenv.mkDerivation rec { pname = "mpdecimal"; - version = "4.0.0"; + version = "2.5.1"; outputs = [ "out" "cxx" "doc" "dev" ]; src = fetchurl { url = "https://www.bytereef.org/software/mpdecimal/releases/mpdecimal-${version}.tar.gz"; - hash = "sha256-lCRFwyRbInMP1Bpnp8XCMdEcsbmTa5wPdjNPt9C0Row="; + hash = "sha256-n5zUwEH5m1xJ/7e1nZ8S2VtoPYhYVgiqVqYwdmeysh8="; }; configureFlags = [ "LD=${stdenv.cc.targetPrefix}cc" ]; From 61f56492a72299692761be974f0b1ee612c64a5f Mon Sep 17 00:00:00 2001 From: Martin Weinelt Date: Tue, 6 Feb 2024 17:21:58 +0100 Subject: [PATCH 202/212] python311Packages.django_4: 4.2.9 -> 4.2.10 https://docs.djangoproject.com/en/4.2/releases/4.2.10/ https://www.djangoproject.com/weblog/2024/feb/06/security-releases/ https://www.openwall.com/lists/oss-security/2024/02/06/2 Fixes: CVE-2024-24680 --- pkgs/development/python-modules/django/4.nix | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/pkgs/development/python-modules/django/4.nix b/pkgs/development/python-modules/django/4.nix index 66ea0f5c1cf8..365a775c11a6 100644 --- a/pkgs/development/python-modules/django/4.nix +++ b/pkgs/development/python-modules/django/4.nix @@ -42,14 +42,14 @@ buildPythonPackage rec { pname = "Django"; - version = "4.2.9"; + version = "4.2.10"; format = "pyproject"; disabled = pythonOlder "3.8"; src = fetchPypi { inherit pname version; - hash = "sha256-EkmMw8uLyAOFOf756Q6V9QdQJDbB8MOmc0ETJPpnXRQ="; + hash = "sha256-sSYO04GxChF1PHNERAjhmGnzJB/EXJhc1VowF3x4nRM="; }; patches = [ From 76f6ad253dfd01ed4709421bace1fe0b264ec109 Mon Sep 17 00:00:00 2001 From: Martin Weinelt Date: Mon, 5 Feb 2024 17:00:10 +0100 Subject: [PATCH 203/212] python312: use vendored mpdecimal library on darwin Building with --with-system-mpdecimal fails on both darwin architectures, independent of the mpdecimal version used. --- pkgs/development/interpreters/python/cpython/default.nix | 3 +++ 1 file changed, 3 insertions(+) diff --git a/pkgs/development/interpreters/python/cpython/default.nix b/pkgs/development/interpreters/python/cpython/default.nix index aa7f25ead9cd..1eea842871fc 100644 --- a/pkgs/development/interpreters/python/cpython/default.nix +++ b/pkgs/development/interpreters/python/cpython/default.nix @@ -386,6 +386,9 @@ in with passthru; stdenv.mkDerivation (finalAttrs: { configureFlags = [ "--without-ensurepip" "--with-system-expat" + ] ++ optionals (!(stdenv.isDarwin && pythonAtLeast "3.12")) [ + # ./Modules/_decimal/_decimal.c:4673:6: error: "No valid combination of CONFIG_64, CONFIG_32 and _PyHASH_BITS" + # https://hydra.nixos.org/build/248410479/nixlog/2/tail "--with-system-libmpdec" ] ++ optionals (openssl != null) [ "--with-openssl=${openssl.dev}" From 4a6e0a204885d972e7938ceb24da997fbe0532fe Mon Sep 17 00:00:00 2001 From: Martin Weinelt Date: Wed, 7 Feb 2024 15:06:52 +0100 Subject: [PATCH 204/212] python312Packages.tqdm: enable without tests This package blocks too many others, and the tests might just be racy after all. --- pkgs/development/python-modules/tqdm/default.nix | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/pkgs/development/python-modules/tqdm/default.nix b/pkgs/development/python-modules/tqdm/default.nix index 6cf4c9713f9e..84489b22ce4a 100644 --- a/pkgs/development/python-modules/tqdm/default.nix +++ b/pkgs/development/python-modules/tqdm/default.nix @@ -2,7 +2,7 @@ , stdenv , buildPythonPackage , fetchPypi -, pythonAtLeast +, pythonOlder , setuptools , setuptools-scm , wheel @@ -20,9 +20,6 @@ buildPythonPackage rec { version = "4.66.1"; format = "pyproject"; - # https://github.com/tqdm/tqdm/issues/1537 - disabled = pythonAtLeast "3.12"; - src = fetchPypi { inherit pname version; hash = "sha256-2I5lH5242FUaYlVtPP+eMDQnTKXWbpMZfPJJDi3Lacc="; @@ -34,6 +31,9 @@ buildPythonPackage rec { wheel ]; + # https://github.com/tqdm/tqdm/issues/1537 + doCheck = pythonOlder "3.12"; + nativeCheckInputs = [ pytestCheckHook pytest-asyncio From a77c95fc8e3bacba2dea50c87971b49fcc315050 Mon Sep 17 00:00:00 2001 From: Martin Weinelt Date: Wed, 7 Feb 2024 15:07:29 +0100 Subject: [PATCH 205/212] python312Packages.fontparts: refactor, fix tests on 3.12 --- .../python-modules/fontparts/default.nix | 55 ++++++++++++++----- 1 file changed, 41 insertions(+), 14 deletions(-) diff --git a/pkgs/development/python-modules/fontparts/default.nix b/pkgs/development/python-modules/fontparts/default.nix index 9f042cf1ef46..d543220c4b25 100644 --- a/pkgs/development/python-modules/fontparts/default.nix +++ b/pkgs/development/python-modules/fontparts/default.nix @@ -1,40 +1,67 @@ -{ lib, buildPythonPackage, fetchPypi, python, pythonOlder -, fonttools, lxml, fs, unicodedata2 -, defcon, fontpens, fontmath, booleanoperations -, pytest, setuptools-scm +{ lib +, buildPythonPackage +, fetchPypi +, fetchpatch2 +, pythonOlder + +# build-system +, setuptools +, setuptools-scm + +# dependencies +, fonttools +, defcon +, fontmath +, booleanoperations + +# tests +, python }: buildPythonPackage rec { - pname = "fontParts"; + pname = "fontparts"; version = "0.12.1"; + pyproject = true; disabled = pythonOlder "3.7"; src = fetchPypi { - inherit pname version; + pname = "fontParts"; + inherit version; hash = "sha256-eeU13S1IcC+bsiK3YDlT4rVDeXDGcxx1wY/is8t5pCA="; extension = "zip"; }; - nativeBuildInputs = [ setuptools-scm ]; + patches = [ + (fetchpatch2 { + # replace remaining usage of assertEquals for Python 3.12 support + # https://github.com/robotools/fontParts/pull/720 + url = "https://github.com/robotools/fontParts/commit/d7484cd98051aa1588683136da0bb99eac31523b.patch"; + hash = "sha256-maoUgbmXY/RC4TUZI4triA9OIfB4T98qjUaQ94uhsbg="; + }) + ]; + + nativeBuildInputs = [ + setuptools + setuptools-scm + ]; propagatedBuildInputs = [ booleanoperations - fonttools - unicodedata2 # fonttools[unicode] extra - lxml # fonttools[lxml] extra - fs # fonttools[ufo] extra defcon - fontpens # defcon[pens] extra fontmath - ]; + fonttools + ] + ++ defcon.optional-dependencies.pens + ++ fonttools.optional-dependencies.ufo + ++ fonttools.optional-dependencies.lxml + ++ fonttools.optional-dependencies.unicode; checkPhase = '' runHook preCheck ${python.interpreter} Lib/fontParts/fontshell/test.py runHook postCheck ''; - nativeCheckInputs = [ pytest ]; meta = with lib; { description = "An API for interacting with the parts of fonts during the font development process."; From ba83271df0ecfd8e9f149b632f370512ff946734 Mon Sep 17 00:00:00 2001 From: Martin Weinelt Date: Thu, 8 Feb 2024 16:20:42 +0100 Subject: [PATCH 206/212] python311Packages.cryptography: skip overflowing tests on 32-bit --- pkgs/development/python-modules/cryptography/default.nix | 9 +++++++++ 1 file changed, 9 insertions(+) diff --git a/pkgs/development/python-modules/cryptography/default.nix b/pkgs/development/python-modules/cryptography/default.nix index 4d30630759bb..4ae2e77de6ac 100644 --- a/pkgs/development/python-modules/cryptography/default.nix +++ b/pkgs/development/python-modules/cryptography/default.nix @@ -7,6 +7,7 @@ , cffi , cryptography-vectors ? (callPackage ./vectors.nix { }) , fetchPypi +, fetchpatch2 , isPyPy , libiconv , libxcrypt @@ -41,6 +42,14 @@ buildPythonPackage rec { hash = "sha256-jw/FC5rQO77h6omtBp0Nc2oitkVbNElbkBUduyprTIc="; }; + patches = [ + (fetchpatch2 { + # skip overflowing tests on 32 bit; https://github.com/pyca/cryptography/pull/10366 + url = "https://github.com/pyca/cryptography/commit/d741901dddd731895346636c0d3556c6fa51fbe6.patch"; + hash = "sha256-eC+MZg5O8Ia5CbjRE4y+JhaFs3Q5c62QtPHr3x9T+zw="; + }) + ]; + postPatch = '' substituteInPlace pyproject.toml \ --replace-fail "--benchmark-disable" "" From 7b01dd0370f6ad1b35d2197baad8ba99a33567b0 Mon Sep 17 00:00:00 2001 From: Sergei Trofimovich Date: Thu, 8 Feb 2024 15:08:52 +0000 Subject: [PATCH 207/212] OVMF: fix buils against `openssl-3.0.13` MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Without the change the build fails on `staging-next` as https://hydra.nixos.org/build/248863953/nixlog/2/tail: /build/edk2-unvendored-src/CryptoPkg/Library/OpensslLib/openssl/crypto/property/property_parse.c:107:19: error: ‘INT64_MAX’ undeclared (first use in this function) 107 | if (v > ((INT64_MAX - (*s - '0')) / 10)) { | ^~~~~~~~~ The unbundled version of `openssl` `nixpkgs` injects into `edk2` started using `INT64_MAX` that `edk2`'s `` does not provide and relies on `openssl` to define as a fallback. Let's pull in `openssl`'s own definition of those. --- pkgs/development/compilers/edk2/default.nix | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/pkgs/development/compilers/edk2/default.nix b/pkgs/development/compilers/edk2/default.nix index 70afb8ba714b..4cfe823e59d9 100644 --- a/pkgs/development/compilers/edk2/default.nix +++ b/pkgs/development/compilers/edk2/default.nix @@ -59,6 +59,11 @@ edk2 = stdenv.mkDerivation rec { mkdir -p $out/CryptoPkg/Library/OpensslLib/openssl tar --strip-components=1 -xf ${buildPackages.openssl.src} -C $out/CryptoPkg/Library/OpensslLib/openssl chmod -R +w $out/ + + # Fix missing INT64_MAX include that edk2 explicitly does not provide + # via it's own . Let's pull in openssl's definition instead: + sed -i $out/CryptoPkg/Library/OpensslLib/openssl/crypto/property/property_parse.c \ + -e '1i #include "internal/numbers.h"' ''; nativeBuildInputs = [ pythonEnv ]; From 14ac4a5bd5aebb9f1055ab9b93ff9bdefa128f5d Mon Sep 17 00:00:00 2001 From: Mario Rodas Date: Fri, 9 Feb 2024 04:20:00 +0000 Subject: [PATCH 208/212] grpc: fix build on darwin --- pkgs/development/libraries/grpc/default.nix | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/pkgs/development/libraries/grpc/default.nix b/pkgs/development/libraries/grpc/default.nix index eddd51f159a8..1110764575e3 100644 --- a/pkgs/development/libraries/grpc/default.nix +++ b/pkgs/development/libraries/grpc/default.nix @@ -40,6 +40,12 @@ stdenv.mkDerivation rec { url = "https://github.com/lopsided98/grpc/commit/a9b917666234f5665c347123d699055d8c2537b2.patch"; hash = "sha256-Lm0GQsz/UjBbXXEE14lT0dcRzVmCKycrlrdBJj+KLu8="; }) + (fetchpatch { + # Fix compatibility with Abseil 202401. Remove with the next release. + url = "https://github.com/grpc/grpc/commit/bc044174401a0842b36b8682936fc93b5041cf88.patch"; + hash = "sha256-VKAuPtLqsR2dmrpKuFXq2HIhuDxPJVSH2w1G00N07RI="; + excludes = [ "src/core/lib/transport/message.cc" ]; + }) ]; nativeBuildInputs = [ cmake pkg-config ] From a59991b77b4d9d16b25f7f1c9db8309d8ae207c2 Mon Sep 17 00:00:00 2001 From: Martin Weinelt Date: Fri, 9 Feb 2024 13:46:03 +0100 Subject: [PATCH 209/212] python311Packages.chacha20poly1305-reuseable: 0.12.0 -> 0.12.1 https://github.com/bdraco/chacha20poly1305-reuseable/blob/v0.12.1/CHANGELOG.md --- .../python-modules/chacha20poly1305-reuseable/default.nix | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/pkgs/development/python-modules/chacha20poly1305-reuseable/default.nix b/pkgs/development/python-modules/chacha20poly1305-reuseable/default.nix index 4c2cabda2cd3..dbab53868f66 100644 --- a/pkgs/development/python-modules/chacha20poly1305-reuseable/default.nix +++ b/pkgs/development/python-modules/chacha20poly1305-reuseable/default.nix @@ -17,7 +17,7 @@ let pname = "chacha20poly1305-reuseable"; - version = "0.12.0"; + version = "0.12.1"; in buildPythonPackage { @@ -30,7 +30,7 @@ buildPythonPackage { owner = "bdraco"; repo = pname; rev = "v${version}"; - hash = "sha256-g1sLmYy5SClkdBSjFFYtikh2nuxfTIoaCyktqoFl+Ho="; + hash = "sha256-jgbtDpl2hXmfzmsiIIG6+B3QoekuAjBJGMxQJPX4ynA="; }; nativeBuildInputs = [ From 4ae0827699ae0b3b412b5683bddb23d251b529c9 Mon Sep 17 00:00:00 2001 From: Alyssa Ross Date: Fri, 9 Feb 2024 17:05:19 +0100 Subject: [PATCH 210/212] pkgsStatic.curl: fix build Link: https://github.com/NixOS/nixpkgs/pull/285295#issuecomment-1935911944 Fixes: 996b4ebc08e5 ("curl: build with public suffix list support") --- pkgs/tools/networking/curl/default.nix | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/pkgs/tools/networking/curl/default.nix b/pkgs/tools/networking/curl/default.nix index 9cbf6dc1b0fb..41cac913f608 100644 --- a/pkgs/tools/networking/curl/default.nix +++ b/pkgs/tools/networking/curl/default.nix @@ -102,6 +102,11 @@ stdenv.mkDerivation (finalAttrs: { preConfigure = '' sed -e 's|/usr/bin|/no-such-path|g' -i.bak configure rm src/tool_hugehelp.c + '' + lib.optionalString (pslSupport && stdenv.hostPlatform.isStatic) '' + # curl doesn't understand that libpsl2 has deps because it doesn't use + # pkg-config. + # https://github.com/curl/curl/pull/12919 + configureFlagsArray+=("LIBS=-lidn2 -lunistring") ''; configureFlags = [ From 817d20170dc6b7b2c195a6c3271d88789f206b0b Mon Sep 17 00:00:00 2001 From: Alyssa Ross Date: Fri, 9 Feb 2024 17:12:58 +0100 Subject: [PATCH 211/212] curl.tests.static: init We need static curl for nixStatic, so we should test that it builds when changing curl. This would have caught a regression introduced by 996b4ebc08e5 ("curl: build with public suffix list support"). --- pkgs/tools/networking/curl/default.nix | 2 ++ 1 file changed, 2 insertions(+) diff --git a/pkgs/tools/networking/curl/default.nix b/pkgs/tools/networking/curl/default.nix index 41cac913f608..c2438f1b5777 100644 --- a/pkgs/tools/networking/curl/default.nix +++ b/pkgs/tools/networking/curl/default.nix @@ -33,6 +33,7 @@ , haskellPackages , ocamlPackages , phpExtensions +, pkgsStatic , python3 , tests , testers @@ -195,6 +196,7 @@ stdenv.mkDerivation (finalAttrs: { # nginx-http3 = useThisCurl nixosTests.nginx-http3; nginx-http3 = nixosTests.nginx-http3; pkg-config = testers.testMetaPkgConfig finalAttrs.finalPackage; + static = pkgsStatic.curl; } // lib.optionalAttrs (!stdenv.isDarwin) { fetchpatch = tests.fetchpatch.simple.override { fetchpatch = (fetchpatch.override { fetchurl = useThisCurl fetchurl; }) // { version = 1; }; }; }; From 9b6dcd65b36b55a4865de0a82f7979d4698d48d1 Mon Sep 17 00:00:00 2001 From: mingchuan Date: Fri, 9 Feb 2024 09:19:57 -0800 Subject: [PATCH 212/212] krita: fix build with libjxl >= 0.9.0 --- pkgs/applications/graphics/krita/generic.nix | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/pkgs/applications/graphics/krita/generic.nix b/pkgs/applications/graphics/krita/generic.nix index affa411aaa3c..9416a4708e4c 100644 --- a/pkgs/applications/graphics/krita/generic.nix +++ b/pkgs/applications/graphics/krita/generic.nix @@ -28,6 +28,12 @@ mkDerivation rec { url = "https://invent.kde.org/graphics/krita/-/commit/2d71c47661d43a4e3c1ab0c27803de980bdf2bb2.diff"; hash = "sha256-U3E44nj4vra++PJV20h4YHjES78kgrJtr4ktNeQfOdA="; }) + # Fixes build with libjxl 0.9.0 + (fetchpatch { + name = "fix-build-with-libjxl-0.9.0.patch"; + url = "https://invent.kde.org/graphics/krita/-/commit/ace7edcca6ad322581ab39620f21ccf3ffbd3b5a.diff"; + hash = "sha256-dXk4+HNS0+Ie/8V4+Oj4rBJrJbNHG57gIzPymXLEc9M="; + }) ]; nativeBuildInputs = [ cmake extra-cmake-modules pkg-config python3Packages.sip makeWrapper ];