mirror of
https://github.com/NixOS/nixpkgs.git
synced 2026-07-06 17:13:24 -05:00
staging-next-26.05 iteration 1 - 2026-06-06 (#528906)
This commit is contained in:
commit
1f43886335
86 changed files with 1618 additions and 995 deletions
|
|
@ -1,416 +0,0 @@
|
|||
import functools
|
||||
import hashlib
|
||||
import json
|
||||
import multiprocessing as mp
|
||||
import re
|
||||
import shutil
|
||||
import subprocess
|
||||
import sys
|
||||
import tomllib
|
||||
from os.path import islink, realpath
|
||||
from pathlib import Path
|
||||
from typing import Any, TypedDict, cast
|
||||
from urllib.parse import unquote
|
||||
|
||||
import requests
|
||||
import tomli_w
|
||||
from requests.adapters import HTTPAdapter, Retry
|
||||
|
||||
eprint = functools.partial(print, file=sys.stderr)
|
||||
|
||||
|
||||
def load_toml(path: Path) -> dict[str, Any]:
|
||||
with open(path, "rb") as f:
|
||||
return tomllib.load(f)
|
||||
|
||||
|
||||
def get_lockfile_version(cargo_lock_toml: dict[str, Any]) -> int:
|
||||
# lockfile v1 and v2 don't have the `version` key, so assume v2
|
||||
version = cargo_lock_toml.get("version", 2)
|
||||
|
||||
# TODO: add logic for differentiating between v1 and v2
|
||||
|
||||
return version
|
||||
|
||||
|
||||
def create_http_session() -> requests.Session:
|
||||
retries = Retry(
|
||||
total=5,
|
||||
backoff_factor=0.5,
|
||||
status_forcelist=[500, 502, 503, 504]
|
||||
)
|
||||
session = requests.Session()
|
||||
session.headers["User-Agent"] = "nixpkgs-fetchCargoVendor/2 (https://github.com/NixOS/nixpkgs)"
|
||||
session.mount('http://', HTTPAdapter(max_retries=retries))
|
||||
session.mount('https://', HTTPAdapter(max_retries=retries))
|
||||
return session
|
||||
|
||||
|
||||
def download_file_with_checksum(session: requests.Session, url: str, destination_path: Path) -> str:
|
||||
sha256_hash = hashlib.sha256()
|
||||
with session.get(url, stream=True) as response:
|
||||
if not response.ok:
|
||||
raise Exception(f"Failed to fetch file from {url}. Status code: {response.status_code}")
|
||||
with open(destination_path, "wb") as file:
|
||||
for chunk in response.iter_content(1024): # Download in chunks
|
||||
if chunk: # Filter out keep-alive chunks
|
||||
file.write(chunk)
|
||||
sha256_hash.update(chunk)
|
||||
|
||||
# Compute the final checksum
|
||||
checksum = sha256_hash.hexdigest()
|
||||
return checksum
|
||||
|
||||
|
||||
def get_download_url_for_tarball(pkg: dict[str, Any]) -> str:
|
||||
# TODO: support other registries
|
||||
# maybe fetch config.json from the registry root and get the dl key
|
||||
# See: https://doc.rust-lang.org/cargo/reference/registry-index.html#index-configuration
|
||||
if pkg["source"] != "registry+https://github.com/rust-lang/crates.io-index":
|
||||
raise Exception("Only the default crates.io registry is supported.")
|
||||
|
||||
# Use static.crates.io (CDN) instead of crates.io/api to avoid the 1 req/sec
|
||||
# rate limit on the API servers.
|
||||
return f"https://static.crates.io/crates/{pkg["name"]}/{pkg["version"]}/download"
|
||||
|
||||
|
||||
def download_tarball(session: requests.Session, pkg: dict[str, Any], out_dir: Path) -> None:
|
||||
|
||||
url = get_download_url_for_tarball(pkg)
|
||||
filename = f"{pkg["name"]}-{pkg["version"]}.tar.gz"
|
||||
|
||||
# TODO: allow legacy checksum specification, see importCargoLock for example
|
||||
# also, don't forget about the other usage of the checksum
|
||||
expected_checksum = pkg["checksum"]
|
||||
|
||||
tarball_out_dir = out_dir / "tarballs" / filename
|
||||
eprint(f"Fetching {url} -> tarballs/{filename}")
|
||||
|
||||
calculated_checksum = download_file_with_checksum(session, url, tarball_out_dir)
|
||||
|
||||
if calculated_checksum != expected_checksum:
|
||||
raise Exception(f"Hash mismatch! File fetched from {url} had checksum {calculated_checksum}, expected {expected_checksum}.")
|
||||
|
||||
|
||||
def download_git_tree(url: str, git_sha_rev: str, out_dir: Path) -> None:
|
||||
|
||||
tree_out_dir = out_dir / "git" / git_sha_rev
|
||||
eprint(f"Fetching {url}#{git_sha_rev} -> git/{git_sha_rev}")
|
||||
|
||||
cmd = ["nix-prefetch-git", "--builder", "--quiet", "--fetch-submodules", "--url", url, "--rev", git_sha_rev, "--out", str(tree_out_dir)]
|
||||
subprocess.check_output(cmd)
|
||||
|
||||
|
||||
GIT_SOURCE_REGEX = re.compile("git\\+(?P<url>[^?]+)(\\?(?P<type>rev|tag|branch)=(?P<value>.*))?#(?P<git_sha_rev>.*)")
|
||||
|
||||
|
||||
class GitSourceInfo(TypedDict):
|
||||
url: str
|
||||
type: str | None
|
||||
value: str | None
|
||||
git_sha_rev: str
|
||||
|
||||
|
||||
def parse_git_source(source: str, lockfile_version: int) -> GitSourceInfo:
|
||||
match = GIT_SOURCE_REGEX.match(source)
|
||||
if match is None:
|
||||
raise Exception(f"Unable to process git source: {source}.")
|
||||
|
||||
source_info = cast(GitSourceInfo, match.groupdict(default=None))
|
||||
|
||||
# the source URL is URL-encoded in lockfile_version >=4
|
||||
# since we just used regex to parse it we have to manually decode the escaped branch/tag name
|
||||
if lockfile_version >= 4 and source_info["value"] is not None:
|
||||
source_info["value"] = unquote(source_info["value"])
|
||||
|
||||
return source_info
|
||||
|
||||
|
||||
def create_vendor_staging(lockfile_path: Path, out_dir: Path) -> None:
|
||||
cargo_lock_toml = load_toml(lockfile_path)
|
||||
lockfile_version = get_lockfile_version(cargo_lock_toml)
|
||||
|
||||
git_packages: list[dict[str, Any]] = []
|
||||
registry_packages: list[dict[str, Any]] = []
|
||||
|
||||
for pkg in cargo_lock_toml["package"]:
|
||||
# ignore local dependenices
|
||||
if "source" not in pkg.keys():
|
||||
eprint(f"Skipping local dependency: {pkg["name"]}")
|
||||
continue
|
||||
source = pkg["source"]
|
||||
|
||||
if source.startswith("git+"):
|
||||
git_packages.append(pkg)
|
||||
elif source.startswith("registry+"):
|
||||
registry_packages.append(pkg)
|
||||
else:
|
||||
raise Exception(f"Can't process source: {source}.")
|
||||
|
||||
git_sha_rev_to_url: dict[str, str] = {}
|
||||
for pkg in git_packages:
|
||||
source_info = parse_git_source(pkg["source"], lockfile_version)
|
||||
git_sha_rev_to_url[source_info["git_sha_rev"]] = source_info["url"]
|
||||
|
||||
out_dir.mkdir(exist_ok=True)
|
||||
shutil.copy(lockfile_path, out_dir / "Cargo.lock")
|
||||
|
||||
# fetch git trees sequentially, since fetching concurrently leads to flaky behaviour
|
||||
if len(git_packages) != 0:
|
||||
(out_dir / "git").mkdir()
|
||||
for git_sha_rev, url in git_sha_rev_to_url.items():
|
||||
download_git_tree(url, git_sha_rev, out_dir)
|
||||
|
||||
# run tarball download jobs in parallel, with at most 5 concurrent download jobs
|
||||
with mp.Pool(min(5, mp.cpu_count())) as pool:
|
||||
if len(registry_packages) != 0:
|
||||
(out_dir / "tarballs").mkdir()
|
||||
session = create_http_session()
|
||||
tarball_args_gen = ((session, pkg, out_dir) for pkg in registry_packages)
|
||||
pool.starmap(download_tarball, tarball_args_gen)
|
||||
|
||||
|
||||
def get_manifest_metadata(manifest_path: Path) -> dict[str, Any]:
|
||||
cmd = ["cargo", "metadata", "--format-version", "1", "--no-deps", "--manifest-path", str(manifest_path)]
|
||||
output = subprocess.check_output(cmd)
|
||||
return json.loads(output)
|
||||
|
||||
|
||||
def try_get_crate_manifest_path_from_manifest_path(manifest_path: Path, crate_name: str) -> Path | None:
|
||||
try:
|
||||
metadata = get_manifest_metadata(manifest_path)
|
||||
except subprocess.CalledProcessError:
|
||||
eprint(f"Warning: cargo metadata failed for {manifest_path}, skipping")
|
||||
return None
|
||||
|
||||
for pkg in metadata["packages"]:
|
||||
if pkg["name"] == crate_name:
|
||||
return Path(pkg["manifest_path"])
|
||||
|
||||
return None
|
||||
|
||||
|
||||
def find_crate_manifest_in_tree(tree: Path, crate_name: str) -> Path:
|
||||
# Scan all Cargo.toml files; sort by depth/path to make ordering deterministic
|
||||
# and prefer less-nested manifests first.
|
||||
manifest_paths = sorted(
|
||||
tree.glob("**/Cargo.toml"),
|
||||
key=lambda path: (len(path.parts), str(path)),
|
||||
)
|
||||
|
||||
for manifest_path in manifest_paths:
|
||||
res = try_get_crate_manifest_path_from_manifest_path(manifest_path, crate_name)
|
||||
if res is not None:
|
||||
return res
|
||||
|
||||
raise Exception(f"Couldn't find manifest for crate {crate_name} inside {tree}.")
|
||||
|
||||
|
||||
def copy_and_patch_git_crate_subtree(git_tree: Path, crate_name: str, crate_out_dir: Path) -> None:
|
||||
|
||||
# This function will get called by copytree to decide which entries of a directory should be copied
|
||||
# We'll copy everything except symlinks that are invalid
|
||||
def ignore_func(dir_str: str, path_strs: list[str]) -> list[str]:
|
||||
ignorelist: list[str] = []
|
||||
|
||||
dir = Path(realpath(dir_str, strict=True))
|
||||
|
||||
for path_str in path_strs:
|
||||
path = dir / path_str
|
||||
if not islink(path):
|
||||
continue
|
||||
|
||||
# Filter out cyclic symlinks and symlinks pointing at nonexistant files
|
||||
try:
|
||||
target_path = Path(realpath(path, strict=True))
|
||||
except OSError:
|
||||
ignorelist.append(path_str)
|
||||
eprint(f"Failed to resolve symlink, ignoring: {path}")
|
||||
continue
|
||||
|
||||
# Filter out symlinks that point outside of the current crate's base git tree
|
||||
# This can be useful if the nix build sandbox is turned off and there is a symlink to a common absolute path
|
||||
if not target_path.is_relative_to(git_tree):
|
||||
ignorelist.append(path_str)
|
||||
eprint(f"Symlink points outside of the crate's base git tree, ignoring: {path} -> {target_path}")
|
||||
continue
|
||||
|
||||
return ignorelist
|
||||
|
||||
crate_manifest_path = find_crate_manifest_in_tree(git_tree, crate_name)
|
||||
crate_tree = crate_manifest_path.parent
|
||||
|
||||
eprint(f"Copying to {crate_out_dir}")
|
||||
shutil.copytree(crate_tree, crate_out_dir, ignore=ignore_func)
|
||||
crate_out_dir.chmod(0o755)
|
||||
|
||||
with open(crate_manifest_path, "r") as f:
|
||||
manifest_data = f.read()
|
||||
|
||||
if "workspace" in manifest_data:
|
||||
crate_manifest_metadata = get_manifest_metadata(crate_manifest_path)
|
||||
workspace_root = Path(crate_manifest_metadata["workspace_root"])
|
||||
|
||||
root_manifest_path = workspace_root / "Cargo.toml"
|
||||
manifest_path = crate_out_dir / "Cargo.toml"
|
||||
|
||||
manifest_path.chmod(0o644)
|
||||
eprint(f"Patching {manifest_path}")
|
||||
|
||||
cmd = ["replace-workspace-values", str(manifest_path), str(root_manifest_path)]
|
||||
subprocess.check_output(cmd)
|
||||
|
||||
|
||||
def extract_crate_tarball_contents(tarball_path: Path, crate_out_dir: Path) -> None:
|
||||
eprint(f"Unpacking to {crate_out_dir}")
|
||||
crate_out_dir.mkdir()
|
||||
cmd = ["tar", "xf", str(tarball_path), "-C", str(crate_out_dir), "--strip-components=1"]
|
||||
subprocess.check_output(cmd)
|
||||
|
||||
|
||||
def make_git_source_selector(source_info: GitSourceInfo) -> dict[str, str]:
|
||||
selector = {}
|
||||
selector["git"] = source_info["url"]
|
||||
if source_info["type"] is not None:
|
||||
selector[source_info["type"]] = source_info["value"]
|
||||
return selector
|
||||
|
||||
|
||||
def make_registry_source_selector(source: str) -> dict[str, str]:
|
||||
registry = source[9:] if source.startswith("registry+") else source
|
||||
selector = {}
|
||||
selector["registry"] = registry
|
||||
return selector
|
||||
|
||||
|
||||
def create_vendor(vendor_staging_dir: Path, out_dir: Path) -> None:
|
||||
lockfile_path = vendor_staging_dir / "Cargo.lock"
|
||||
out_dir.mkdir(exist_ok=True)
|
||||
shutil.copy(lockfile_path, out_dir / "Cargo.lock")
|
||||
|
||||
cargo_lock_toml = load_toml(lockfile_path)
|
||||
lockfile_version = get_lockfile_version(cargo_lock_toml)
|
||||
|
||||
source_to_ind: dict[str, str] = {}
|
||||
source_config = {}
|
||||
next_registry_ind = 0
|
||||
next_git_ind = 0
|
||||
|
||||
def add_source_replacement(
|
||||
orig_key: str,
|
||||
orig_selector: dict[str, str],
|
||||
vendored_key: str,
|
||||
vendored_dir: str
|
||||
) -> None:
|
||||
source_config[vendored_key] = {}
|
||||
source_config[vendored_key]["directory"] = vendored_dir
|
||||
source_config[orig_key] = orig_selector
|
||||
source_config[orig_key]["replace-with"] = vendored_key
|
||||
|
||||
# we reserve registry index 0 for crates-io
|
||||
source_to_ind["registry+https://github.com/rust-lang/crates.io-index"] = "registry-0"
|
||||
source_to_ind["sparse+https://index.crates.io/"] = "registry-0"
|
||||
add_source_replacement(
|
||||
orig_key="crates-io",
|
||||
orig_selector={}, # there is an internal selector defined for the `crates-io` source
|
||||
vendored_key="vendored-source-registry-0",
|
||||
vendored_dir="@vendor@/source-registry-0"
|
||||
)
|
||||
next_registry_ind += 1
|
||||
|
||||
for pkg in cargo_lock_toml["package"]:
|
||||
# ignore local dependencies
|
||||
if "source" not in pkg.keys():
|
||||
continue
|
||||
source: str = pkg["source"]
|
||||
if source in source_to_ind:
|
||||
continue
|
||||
|
||||
if source.startswith("git+"):
|
||||
ind = f"git-{next_git_ind}"
|
||||
next_git_ind += 1
|
||||
source_info = parse_git_source(source, lockfile_version)
|
||||
selector = make_git_source_selector(source_info)
|
||||
elif source.startswith("registry+") or source.startswith("sparse+"):
|
||||
ind = f"registry-{next_registry_ind}"
|
||||
next_registry_ind += 1
|
||||
selector = make_registry_source_selector(source)
|
||||
else:
|
||||
raise Exception(f"Can't process source: {source}.")
|
||||
|
||||
source_to_ind[source] = ind
|
||||
add_source_replacement(
|
||||
orig_key=f"original-source-{ind}",
|
||||
orig_selector=selector,
|
||||
vendored_key=f"vendored-source-{ind}",
|
||||
vendored_dir=f"@vendor@/source-{ind}"
|
||||
)
|
||||
|
||||
config_path = out_dir / ".cargo" / "config.toml"
|
||||
config_path.parent.mkdir()
|
||||
|
||||
with open(config_path, "wb") as config_file:
|
||||
tomli_w.dump({"source": source_config}, config_file)
|
||||
|
||||
for pkg in cargo_lock_toml["package"]:
|
||||
|
||||
# ignore local dependenices
|
||||
if "source" not in pkg.keys():
|
||||
continue
|
||||
|
||||
source: str = pkg["source"]
|
||||
source_ind = source_to_ind[source]
|
||||
crate_dir_name = f"{pkg["name"]}-{pkg["version"]}"
|
||||
source_dir_name = f"source-{source_ind}"
|
||||
crate_out_dir = out_dir / source_dir_name / crate_dir_name
|
||||
crate_out_dir.parent.mkdir(exist_ok=True)
|
||||
|
||||
if source.startswith("git+"):
|
||||
|
||||
source_info = parse_git_source(source, lockfile_version)
|
||||
|
||||
git_sha_rev = source_info["git_sha_rev"]
|
||||
git_tree = vendor_staging_dir / "git" / git_sha_rev
|
||||
|
||||
copy_and_patch_git_crate_subtree(git_tree, pkg["name"], crate_out_dir)
|
||||
|
||||
# git based crates allow having no checksum information
|
||||
with open(crate_out_dir / ".cargo-checksum.json", "w") as f:
|
||||
json.dump({"files": {}}, f)
|
||||
|
||||
elif source.startswith("registry+") or source.startswith("sparse+"):
|
||||
filename = f"{pkg["name"]}-{pkg["version"]}.tar.gz"
|
||||
|
||||
# TODO: change this when non-crates-io registries are supported
|
||||
dir_name = "tarballs"
|
||||
|
||||
tarball_path = vendor_staging_dir / dir_name / filename
|
||||
|
||||
extract_crate_tarball_contents(tarball_path, crate_out_dir)
|
||||
|
||||
# non-git based crates need the package checksum at minimum
|
||||
with open(crate_out_dir / ".cargo-checksum.json", "w") as f:
|
||||
json.dump({"files": {}, "package": pkg["checksum"]}, f)
|
||||
|
||||
else:
|
||||
raise Exception(f"Can't process source: {source}.")
|
||||
|
||||
|
||||
def main() -> None:
|
||||
subcommand = sys.argv[1]
|
||||
|
||||
subcommand_func_dict = {
|
||||
"create-vendor-staging": lambda: create_vendor_staging(lockfile_path=Path(sys.argv[2]), out_dir=Path(sys.argv[3])),
|
||||
"create-vendor": lambda: create_vendor(vendor_staging_dir=Path(sys.argv[2]), out_dir=Path(sys.argv[3]))
|
||||
}
|
||||
|
||||
subcommand_func = subcommand_func_dict.get(subcommand)
|
||||
|
||||
if subcommand_func is None:
|
||||
raise Exception(f"Unknown subcommand: '{subcommand}'. Must be one of {list(subcommand_func_dict.keys())}")
|
||||
|
||||
subcommand_func()
|
||||
|
||||
|
||||
if __name__ == "__main__":
|
||||
main()
|
||||
|
|
@ -40,6 +40,7 @@ def create_http_session() -> requests.Session:
|
|||
status_forcelist=[500, 502, 503, 504]
|
||||
)
|
||||
session = requests.Session()
|
||||
session.headers["User-Agent"] = "nixpkgs-fetchCargoVendor/2 (https://github.com/NixOS/nixpkgs)"
|
||||
session.mount('http://', HTTPAdapter(max_retries=retries))
|
||||
session.mount('https://', HTTPAdapter(max_retries=retries))
|
||||
return session
|
||||
|
|
@ -68,7 +69,9 @@ def get_download_url_for_tarball(pkg: dict[str, Any]) -> str:
|
|||
if pkg["source"] != "registry+https://github.com/rust-lang/crates.io-index":
|
||||
raise Exception("Only the default crates.io registry is supported.")
|
||||
|
||||
return f"https://crates.io/api/v1/crates/{pkg["name"]}/{pkg["version"]}/download"
|
||||
# Use static.crates.io (CDN) instead of crates.io/api to avoid the 1 req/sec
|
||||
# rate limit on the API servers.
|
||||
return f"https://static.crates.io/crates/{pkg["name"]}/{pkg["version"]}/download"
|
||||
|
||||
|
||||
def download_tarball(session: requests.Session, pkg: dict[str, Any], out_dir: Path) -> None:
|
||||
|
|
@ -289,6 +292,7 @@ def create_vendor(vendor_staging_dir: Path, out_dir: Path) -> None:
|
|||
lockfile_version = get_lockfile_version(cargo_lock_toml)
|
||||
|
||||
source_to_ind: dict[str, str] = {}
|
||||
selector_to_ind: dict[tuple, str] = {}
|
||||
source_config = {}
|
||||
next_registry_ind = 0
|
||||
next_git_ind = 0
|
||||
|
|
@ -324,24 +328,35 @@ def create_vendor(vendor_staging_dir: Path, out_dir: Path) -> None:
|
|||
continue
|
||||
|
||||
if source.startswith("git+"):
|
||||
ind = f"git-{next_git_ind}"
|
||||
next_git_ind += 1
|
||||
source_info = parse_git_source(source, lockfile_version)
|
||||
selector = make_git_source_selector(source_info)
|
||||
selector_key = (source_info["url"], source_info["type"], source_info["value"])
|
||||
if selector_key in selector_to_ind:
|
||||
ind = selector_to_ind[selector_key]
|
||||
else:
|
||||
ind = f"git-{next_git_ind}"
|
||||
next_git_ind += 1
|
||||
selector_to_ind[selector_key] = ind
|
||||
add_source_replacement(
|
||||
orig_key=f"original-source-{ind}",
|
||||
orig_selector=selector,
|
||||
vendored_key=f"vendored-source-{ind}",
|
||||
vendored_dir=f"@vendor@/source-{ind}"
|
||||
)
|
||||
elif source.startswith("registry+") or source.startswith("sparse+"):
|
||||
ind = f"registry-{next_registry_ind}"
|
||||
next_registry_ind += 1
|
||||
selector = make_registry_source_selector(source)
|
||||
add_source_replacement(
|
||||
orig_key=f"original-source-{ind}",
|
||||
orig_selector=selector,
|
||||
vendored_key=f"vendored-source-{ind}",
|
||||
vendored_dir=f"@vendor@/source-{ind}"
|
||||
)
|
||||
else:
|
||||
raise Exception(f"Can't process source: {source}.")
|
||||
|
||||
source_to_ind[source] = ind
|
||||
add_source_replacement(
|
||||
orig_key=f"original-source-{ind}",
|
||||
orig_selector=selector,
|
||||
vendored_key=f"vendored-source-{ind}",
|
||||
vendored_dir=f"@vendor@/source-{ind}"
|
||||
)
|
||||
|
||||
config_path = out_dir / ".cargo" / "config.toml"
|
||||
config_path.parent.mkdir()
|
||||
|
|
|
|||
|
|
@ -37,29 +37,18 @@ let
|
|||
"hash"
|
||||
];
|
||||
|
||||
mkFetchCargoVendorUtil =
|
||||
name: src:
|
||||
writers.writePython3Bin name {
|
||||
libraries =
|
||||
with python3Packages;
|
||||
[
|
||||
requests
|
||||
tomli-w
|
||||
]
|
||||
++ requests.optional-dependencies.socks; # to support socks proxy envs like ALL_PROXY in requests
|
||||
flakeIgnore = [
|
||||
"E501"
|
||||
];
|
||||
} (builtins.readFile src);
|
||||
|
||||
# Separate util used only by the FOD `vendorStaging` stage below. Kept
|
||||
# distinct from fetchCargoVendorUtil so that changes to the network-facing
|
||||
# bits (User-Agent, download URL) don't invalidate the input-addressed
|
||||
# `-vendor` stage and force a mass rebuild of every Rust package in nixpkgs.
|
||||
# vendorStaging is an FOD, so swapping its util is free for consumers.
|
||||
# TODO: unify with fetchCargoVendorUtil on the next `staging` cycle.
|
||||
fetchCargoVendorUtilV2 = mkFetchCargoVendorUtil "fetch-cargo-vendor-util-v2" ./fetch-cargo-vendor-util-v2.py;
|
||||
fetchCargoVendorUtil = mkFetchCargoVendorUtil "fetch-cargo-vendor-util" ./fetch-cargo-vendor-util.py;
|
||||
fetchCargoVendorUtil = writers.writePython3Bin "fetch-cargo-vendor-util" {
|
||||
libraries =
|
||||
with python3Packages;
|
||||
[
|
||||
requests
|
||||
tomli-w
|
||||
]
|
||||
++ requests.optional-dependencies.socks; # to support socks proxy envs like ALL_PROXY in requests
|
||||
flakeIgnore = [
|
||||
"E501"
|
||||
];
|
||||
} (builtins.readFile ./fetch-cargo-vendor-util.py);
|
||||
in
|
||||
|
||||
{
|
||||
|
|
@ -79,7 +68,7 @@ let
|
|||
impureEnvVars = lib.fetchers.proxyImpureEnvVars;
|
||||
|
||||
nativeBuildInputs = [
|
||||
fetchCargoVendorUtilV2
|
||||
fetchCargoVendorUtil
|
||||
cacert
|
||||
nix-prefetch-git'
|
||||
]
|
||||
|
|
@ -92,7 +81,7 @@ let
|
|||
cd "$cargoRoot"
|
||||
fi
|
||||
|
||||
fetch-cargo-vendor-util-v2 create-vendor-staging ./Cargo.lock "$out"
|
||||
fetch-cargo-vendor-util create-vendor-staging ./Cargo.lock "$out"
|
||||
|
||||
runHook postBuild
|
||||
'';
|
||||
|
|
|
|||
|
|
@ -9,7 +9,7 @@
|
|||
|
||||
stdenv.mkDerivation (finalAttrs: {
|
||||
pname = "assimp";
|
||||
version = "6.0.4";
|
||||
version = "6.0.5";
|
||||
outputs = [
|
||||
"out"
|
||||
"lib"
|
||||
|
|
@ -20,7 +20,7 @@ stdenv.mkDerivation (finalAttrs: {
|
|||
owner = "assimp";
|
||||
repo = "assimp";
|
||||
tag = "v${finalAttrs.version}";
|
||||
hash = "sha256-ryTgsN0z9BZBz7i9aUMKuneN5oqfxpduwJlb+Q0q3Mk=";
|
||||
hash = "sha256-QWBi1pl5C76UtPhB6SmFipm9oEdnfhELMT3MqfV6oxg=";
|
||||
};
|
||||
|
||||
postPatch = ''
|
||||
|
|
|
|||
|
|
@ -29,7 +29,7 @@
|
|||
|
||||
stdenv.mkDerivation (finalAttrs: {
|
||||
pname = "at-spi2-core";
|
||||
version = "2.60.1";
|
||||
version = "2.60.4";
|
||||
|
||||
outputs = [
|
||||
"out"
|
||||
|
|
@ -39,7 +39,7 @@ stdenv.mkDerivation (finalAttrs: {
|
|||
|
||||
src = fetchurl {
|
||||
url = "mirror://gnome/sources/at-spi2-core/${lib.versions.majorMinor finalAttrs.version}/at-spi2-core-${finalAttrs.version}.tar.xz";
|
||||
hash = "sha256-+ZuH48FnT1+8QXzJwdniYcDymqsFUK1jaYBQMdEvaFI=";
|
||||
hash = "sha256-Gh9bqYBZF/QfxqpoI9z4h6KR1gekJ+LVr7a136ZQcMc=";
|
||||
};
|
||||
|
||||
nativeBuildInputs = [
|
||||
|
|
|
|||
|
|
@ -30,13 +30,13 @@
|
|||
}:
|
||||
stdenv.mkDerivation (finalAttrs: {
|
||||
pname = "audit";
|
||||
version = "4.1.2-unstable-2025-09-06"; # fixes to non-static builds right after 4.1.2 release
|
||||
version = "4.1.4";
|
||||
|
||||
src = fetchFromGitHub {
|
||||
owner = "linux-audit";
|
||||
repo = "audit-userspace";
|
||||
rev = "cb13fe75ee2c36d5c525ed9de22aae10dbc8caf4";
|
||||
hash = "sha256-NX0TWA+LtcZgbM9aQfokWv2rGNAAb3ksGqAH8URAkYM=";
|
||||
tag = "v${finalAttrs.version}";
|
||||
hash = "sha256-GdJ9nzlDAdOazOHH/YWuEoELrJh+G5ZJUKwIqAKAzpo=";
|
||||
};
|
||||
|
||||
postPatch = ''
|
||||
|
|
@ -132,10 +132,6 @@ stdenv.mkDerivation (finalAttrs: {
|
|||
# Instead, we load audit rules in a dedicated module.
|
||||
postFixup = ''
|
||||
moveToOutput bin/augenrules $scripts
|
||||
substituteInPlace $scripts/bin/augenrules \
|
||||
--replace-fail "/sbin/auditctl -R" "$bin/bin/auditctl -R" \
|
||||
--replace-fail "auditctl -s" "$bin/bin/auditctl -s" \
|
||||
--replace-fail "/bin/ls" "ls"
|
||||
wrapProgram $scripts/bin/augenrules \
|
||||
--prefix PATH : ${
|
||||
lib.makeBinPath [
|
||||
|
|
|
|||
32
pkgs/by-name/cu/curlMinimal/fix-wakeup-consumption.patch
Normal file
32
pkgs/by-name/cu/curlMinimal/fix-wakeup-consumption.patch
Normal file
|
|
@ -0,0 +1,32 @@
|
|||
From 2a2104f3cff44bb28bb570a093be52bbeeed8f23 Mon Sep 17 00:00:00 2001
|
||||
From: Stefan Eissing <stefan@eissing.org>
|
||||
Date: Mon, 11 May 2026 14:56:04 +0200
|
||||
Subject: [PATCH] event: fix wakeup consumption
|
||||
|
||||
The events on a multi wakeup socketpair were only consumed via
|
||||
curl_multi_poll()/curl_multi_wait() but not in event based processing on
|
||||
a curl_multi_socket() call. That led to busy loops as reported in
|
||||
|
||||
Fixes #21547
|
||||
Reported-by: Earnestly on github
|
||||
Closes #21549
|
||||
---
|
||||
lib/multi.c | 5 +++++
|
||||
1 file changed, 5 insertions(+)
|
||||
|
||||
diff --git a/lib/multi.c b/lib/multi.c
|
||||
index be32740a7097..5e84133f13fd 100644
|
||||
--- a/lib/multi.c
|
||||
+++ b/lib/multi.c
|
||||
@@ -2703,6 +2703,11 @@ static CURLMcode multi_runsingle(struct Curl_multi *multi,
|
||||
Curl_uint32_bset_remove(&multi->dirty, data->mid);
|
||||
|
||||
if(data == multi->admin) {
|
||||
+#ifdef ENABLE_WAKEUP
|
||||
+ /* Consume any pending wakeup signals before processing.
|
||||
+ * This is necessary for event based processing. See #21547 */
|
||||
+ (void)Curl_wakeup_consume(multi->wakeup_pair, TRUE);
|
||||
+#endif
|
||||
#ifdef USE_RESOLV_THREADED
|
||||
Curl_async_thrdd_multi_process(multi);
|
||||
#endif
|
||||
|
|
@ -96,6 +96,13 @@ stdenv.mkDerivation (finalAttrs: {
|
|||
hash = "sha256-Y/4twUi6DOromSLvg49+XJRicsLni3xZ+rS3nTziuJY=";
|
||||
};
|
||||
|
||||
patches = [
|
||||
# https://github.com/curl/curl/commit/2a2104f3cff44bb28bb570a093be52bbeeed8f23
|
||||
# According to <https://curl.se/mail/distros-2026-05/0000.html>, this fixes
|
||||
# a performance regression, causing high CPU usage
|
||||
./fix-wakeup-consumption.patch
|
||||
];
|
||||
|
||||
# this could be accomplished by updateAutotoolsGnuConfigScriptsHook, but that causes infinite recursion
|
||||
# necessary for FreeBSD code path in configure
|
||||
postPatch = ''
|
||||
|
|
@ -115,6 +122,7 @@ stdenv.mkDerivation (finalAttrs: {
|
|||
enableParallelBuilding = true;
|
||||
|
||||
strictDeps = true;
|
||||
__structuredAttrs = true;
|
||||
|
||||
env = {
|
||||
CXX = "${stdenv.cc.targetPrefix}c++";
|
||||
|
|
|
|||
|
|
@ -12,13 +12,13 @@
|
|||
inherit hamlibSupport gpsdSupport extraScripts;
|
||||
}).overrideAttrs
|
||||
(oldAttrs: {
|
||||
version = "1.8.1-unstable-2026-03-18";
|
||||
version = "1.8.1-unstable-2026-05-27";
|
||||
|
||||
src = fetchFromGitHub {
|
||||
owner = "wb2osz";
|
||||
repo = "direwolf";
|
||||
rev = "78d6559c67b94568b2f093fc9b4d4965749387ae";
|
||||
hash = "sha256-sSXvDTnrOHplmg86kZ+ppPD0Y6JuhHBfrXZToK8EqmY=";
|
||||
rev = "d6151874ecf202cbb401a671a90b15d0fab92fa9";
|
||||
hash = "sha256-t19AjQzjkpteqwfRVI/tM5wCVNeFceWPHjq0UtdevXg=";
|
||||
};
|
||||
|
||||
dontVersionCheck = true;
|
||||
|
|
|
|||
|
|
@ -7,13 +7,13 @@
|
|||
|
||||
stdenv.mkDerivation (finalAttrs: {
|
||||
pname = "doctest";
|
||||
version = "2.5.0";
|
||||
version = "2.5.2";
|
||||
|
||||
src = fetchFromGitHub {
|
||||
owner = "doctest";
|
||||
repo = "doctest";
|
||||
tag = "v${finalAttrs.version}";
|
||||
hash = "sha256-7t/eknv7VtHoBgcuJmI07x//HIyqzE9HUuH5u2y7X8A=";
|
||||
hash = "sha256-4jW6xPFCFxk1l47EkSUVojhycrtluPhOc5Adf/25R7M=";
|
||||
};
|
||||
|
||||
nativeBuildInputs = [ cmake ];
|
||||
|
|
@ -27,6 +27,7 @@ stdenv.mkDerivation (finalAttrs: {
|
|||
doCheck = true;
|
||||
|
||||
meta = {
|
||||
changelog = "https://github.com/doctest/doctest/releases/tag/${finalAttrs.src.tag}";
|
||||
homepage = "https://github.com/doctest/doctest";
|
||||
description = "Fastest feature-rich C++11/14/17/20 single-header testing framework";
|
||||
platforms = lib.platforms.all;
|
||||
|
|
|
|||
|
|
@ -75,20 +75,17 @@ let
|
|||
glib
|
||||
];
|
||||
|
||||
pythonPath =
|
||||
with python3.pkgs;
|
||||
[
|
||||
b2sdk
|
||||
boto3
|
||||
idna
|
||||
pygobject3
|
||||
fasteners
|
||||
paramiko
|
||||
pexpect
|
||||
# Currently marked as broken.
|
||||
# pydrive2
|
||||
]
|
||||
++ paramiko.optional-dependencies.invoke;
|
||||
pythonPath = with python3.pkgs; [
|
||||
b2sdk
|
||||
boto3
|
||||
idna
|
||||
pygobject3
|
||||
fasteners
|
||||
paramiko
|
||||
pexpect
|
||||
# Currently marked as broken.
|
||||
# pydrive2
|
||||
];
|
||||
|
||||
nativeCheckInputs = [
|
||||
gnupg # Add 'gpg' to PATH.
|
||||
|
|
|
|||
|
|
@ -3,7 +3,6 @@
|
|||
stdenv,
|
||||
buildPackages,
|
||||
fetchurl,
|
||||
fetchpatch,
|
||||
pkg-config,
|
||||
libuuid,
|
||||
gettext,
|
||||
|
|
@ -20,25 +19,15 @@
|
|||
|
||||
stdenv.mkDerivation rec {
|
||||
pname = "e2fsprogs";
|
||||
version = "1.47.3";
|
||||
version = "1.47.4";
|
||||
|
||||
__structuredAttrs = true;
|
||||
|
||||
src = fetchurl {
|
||||
url = "mirror://kernel/linux/kernel/people/tytso/e2fsprogs/v${version}/e2fsprogs-${version}.tar.xz";
|
||||
hash = "sha256-hX5u+AD+qiu0V4+8gQIUvl08iLBy6lPFOEczqWVzcyk=";
|
||||
hash = "sha256-/VvziMvb4Aaj07MY2YOylIOCRArMhah/Hn0QhlPo2ws=";
|
||||
};
|
||||
|
||||
patches = [
|
||||
# Upstream patch that fixes musl build (and probably others).
|
||||
# Should be included in next release after 1.47.3.
|
||||
(fetchpatch {
|
||||
name = "stdio-portability.patch";
|
||||
url = "https://git.kernel.org/pub/scm/fs/ext2/e2fsprogs.git/patch/?id=f79abd8554e600eacc2a7c864a8332b670c9e262";
|
||||
hash = "sha256-zZ7zmSMTwGyS3X3b/D/mVG0bV2ul5xtY5DJx9YUvQO8=";
|
||||
})
|
||||
];
|
||||
|
||||
# fuse2fs adds 14mb of dependencies
|
||||
outputs = [
|
||||
"bin"
|
||||
|
|
|
|||
|
|
@ -18,7 +18,7 @@
|
|||
# files.
|
||||
|
||||
let
|
||||
version = "2.8.0";
|
||||
version = "2.8.1";
|
||||
tag = "R_${lib.replaceStrings [ "." ] [ "_" ] version}";
|
||||
in
|
||||
stdenv.mkDerivation (finalAttrs: {
|
||||
|
|
@ -29,7 +29,7 @@ stdenv.mkDerivation (finalAttrs: {
|
|||
url =
|
||||
with finalAttrs;
|
||||
"https://github.com/libexpat/libexpat/releases/download/${tag}/${pname}-${version}.tar.xz";
|
||||
hash = "sha256-o3v64KqXdb2FIevYXcRW1Ibw/zETj2yR/ZAupzJiRUI=";
|
||||
hash = "sha256-ELGV7ngWCpCDiBgKj+NgPU6aEvR1X79fOBayOp11DaA=";
|
||||
};
|
||||
|
||||
strictDeps = true;
|
||||
|
|
|
|||
|
|
@ -1,6 +1,5 @@
|
|||
{
|
||||
fetchurl,
|
||||
fetchpatch,
|
||||
stdenv,
|
||||
lib,
|
||||
gfortran,
|
||||
|
|
@ -22,24 +21,16 @@ assert lib.elem precision [
|
|||
|
||||
stdenv.mkDerivation (finalAttrs: {
|
||||
pname = "fftw-${precision}";
|
||||
version = "3.3.10";
|
||||
version = "3.3.11";
|
||||
|
||||
src = fetchurl {
|
||||
urls = [
|
||||
"https://fftw.org/fftw-${finalAttrs.version}.tar.gz"
|
||||
"ftp://ftp.fftw.org/pub/fftw/fftw-${finalAttrs.version}.tar.gz"
|
||||
];
|
||||
hash = "sha256-VskyVJhSzdz6/as4ILAgDHdCZ1vpIXnlnmIVs0DiZGc=";
|
||||
hash = "sha256-VjDCTN6zOxMWEvfrSxqZNCNHVPnziP+GF0WNC+byOaE=";
|
||||
};
|
||||
|
||||
patches = [
|
||||
(fetchpatch {
|
||||
name = "remove_missing_FFTW3LibraryDepends.patch";
|
||||
url = "https://github.com/FFTW/fftw3/pull/338/commits/f69fef7aa546d4477a2a3fd7f13fa8b2f6c54af7.patch";
|
||||
hash = "sha256-lzX9kAHDMY4A3Td8necXwYLcN6j8Wcegi3A7OIECKeU=";
|
||||
})
|
||||
];
|
||||
|
||||
outputs = [
|
||||
"out"
|
||||
"dev"
|
||||
|
|
@ -107,6 +98,7 @@ stdenv.mkDerivation (finalAttrs: {
|
|||
__structuredAttrs = true;
|
||||
|
||||
meta = {
|
||||
changelog = "https://github.com/FFTW/fftw3/blob/fftw-${finalAttrs.version}/NEWS";
|
||||
description = "Fastest Fourier Transform in the West library";
|
||||
homepage = "https://www.fftw.org/";
|
||||
license = lib.licenses.gpl2Plus;
|
||||
|
|
|
|||
|
|
@ -2,6 +2,7 @@
|
|||
lib,
|
||||
stdenv,
|
||||
fetchurl,
|
||||
fetchpatch,
|
||||
buildPackages,
|
||||
pkgsHostHost,
|
||||
pkg-config,
|
||||
|
|
@ -39,7 +40,7 @@
|
|||
|
||||
stdenv.mkDerivation (finalAttrs: {
|
||||
pname = "freetype";
|
||||
version = "2.14.2";
|
||||
version = "2.14.3";
|
||||
|
||||
src =
|
||||
let
|
||||
|
|
@ -47,7 +48,7 @@ stdenv.mkDerivation (finalAttrs: {
|
|||
in
|
||||
fetchurl {
|
||||
url = "mirror://savannah/freetype/freetype-${version}.tar.xz";
|
||||
sha256 = "sha256-S2Lcq0ySChqGA2mTMiGBQ2LmmeJvVXklFtZx5v9VteE=";
|
||||
sha256 = "sha256-NrxPHMQTM1No7mVsQq/KZcWjmH6HaMwozxG6d154Wl8=";
|
||||
};
|
||||
|
||||
propagatedBuildInputs = [
|
||||
|
|
@ -69,6 +70,53 @@ stdenv.mkDerivation (finalAttrs: {
|
|||
|
||||
patches = [
|
||||
./enable-table-validation.patch
|
||||
|
||||
# https://project-zero.issues.chromium.org/issues/505355061
|
||||
# https://gitlab.freedesktop.org/freetype/freetype/-/work_items/1419
|
||||
# https://gitlab.freedesktop.org/freetype/freetype/-/work_items/1420
|
||||
(fetchpatch {
|
||||
name = "truetype-shz-limit-heap-buffer-overflow-part1.patch";
|
||||
url = "https://gitlab.freedesktop.org/freetype/freetype/-/commit/1803559c4ee407d0bcbf2a67dbe96690cee869d2.patch";
|
||||
hash = "sha256-zxtJ2pJz8pNofgYrJ6c8/eZqRvxTotanF2IdU9ckpM4=";
|
||||
})
|
||||
(fetchpatch {
|
||||
name = "truetype-shz-limit-heap-buffer-overflow-part2.patch";
|
||||
url = "https://gitlab.freedesktop.org/freetype/freetype/-/commit/7d600a022e1d813e85a8c94ffd395f6135872267.patch";
|
||||
hash = "sha256-aHE11C9Cr23D2lqNmTVUDA5E07xxUm+AcYdWJG9zLFs=";
|
||||
})
|
||||
|
||||
# https://project-zero.issues.chromium.org/issues/505357209
|
||||
# https://gitlab.freedesktop.org/freetype/freetype/-/work_items/1421
|
||||
(fetchpatch {
|
||||
name = "truetype-iup-integer-overflow.patch";
|
||||
url = "https://gitlab.freedesktop.org/freetype/freetype/-/commit/7974be74d8b5a2fbf99aa88f0461d1f80af51cee.patch";
|
||||
hash = "sha256-b5Px0ALsnC5K1+601YioAjCLkLVXNnvTIZ1aQtCeNoQ=";
|
||||
})
|
||||
|
||||
# https://project-zero.issues.chromium.org/issues/506902245
|
||||
# https://gitlab.freedesktop.org/freetype/freetype/-/work_items/1423
|
||||
# https://gitlab.freedesktop.org/freetype/freetype/-/merge_requests/428
|
||||
(fetchpatch {
|
||||
name = "truetype-variation-handling-signednes-mismatch.patch";
|
||||
url = "https://gitlab.freedesktop.org/freetype/freetype/-/commit/0d45c7f1911bc6db0bf072eea0c8cdccd77bc6b3.patch";
|
||||
hash = "sha256-bw/9O86sZQa+vwdgx2MTqxWi6vjMcRTyC42ba9CaZ3I=";
|
||||
})
|
||||
|
||||
# prerequisite for the below to apply, since this changes formatting of
|
||||
# affected code.
|
||||
(fetchpatch {
|
||||
name = "ftobjs-formatting.patch";
|
||||
url = "https://gitlab.freedesktop.org/freetype/freetype/-/commit/590b77014bd920d0bdf64c039fddbce89a288b83.patch";
|
||||
hash = "sha256-govOzLBzQMAjSKABVFryDnSn2by2f/W9BgGG3o+qSuE=";
|
||||
})
|
||||
|
||||
# https://project-zero.issues.chromium.org/issues/507321912
|
||||
# https://gitlab.freedesktop.org/freetype/freetype/-/work_items/1425
|
||||
(fetchpatch {
|
||||
name = "sub-byte-bitmaps-heap-buffer-over-read.patch";
|
||||
url = "https://gitlab.freedesktop.org/freetype/freetype/-/commit/cbe12767ea73d1006edc75fcd61c0b0d2a88f34e.patch";
|
||||
hash = "sha256-jMeqY9uX7Ryfdd8icGDT4kEKl6aGRWafSN8GzOhGW7g=";
|
||||
})
|
||||
]
|
||||
++ lib.optional useEncumberedCode ./enable-subpixel-rendering.patch;
|
||||
|
||||
|
|
|
|||
|
|
@ -67,13 +67,13 @@ let
|
|||
in
|
||||
stdenv.mkDerivation (finalAttrs: {
|
||||
pname = "ghostscript${lib.optionalString x11Support "-with-X"}";
|
||||
version = "10.07.0";
|
||||
version = "10.07.1";
|
||||
|
||||
src = fetchurl {
|
||||
url = "https://github.com/ArtifexSoftware/ghostpdl-downloads/releases/download/gs${
|
||||
lib.replaceStrings [ "." ] [ "" ] finalAttrs.version
|
||||
}/ghostscript-${finalAttrs.version}.tar.xz";
|
||||
hash = "sha256-3azk4XIflnpVA5uv9WSEAiXguqHU9UMiR8oczRRzt8E=";
|
||||
hash = "sha256-HNt2bejbjx5YnIF/CcWFXqX2XfyFQORlpprBTBhBYCU=";
|
||||
};
|
||||
|
||||
patches = [
|
||||
|
|
@ -233,6 +233,7 @@ stdenv.mkDerivation (finalAttrs: {
|
|||
|
||||
meta = {
|
||||
homepage = "https://www.ghostscript.com/";
|
||||
changelog = "https://ghostscript.readthedocs.io/en/gs${finalAttrs.version}/News.html";
|
||||
description = "PostScript interpreter (mainline version)";
|
||||
longDescription = ''
|
||||
Ghostscript is the name of a set of tools that provides (i) an
|
||||
|
|
|
|||
|
|
@ -34,6 +34,11 @@ stdenv.mkDerivation {
|
|||
pname = "glfw${lib.optionalString withMinecraftPatch "-minecraft"}";
|
||||
inherit version;
|
||||
|
||||
outputs = [
|
||||
"out"
|
||||
"dev"
|
||||
];
|
||||
|
||||
src = fetchFromGitHub {
|
||||
owner = "glfw";
|
||||
repo = "GLFW";
|
||||
|
|
|
|||
|
|
@ -48,8 +48,7 @@ stdenv.mkDerivation (finalAttrs: {
|
|||
hash = "sha256-dOKBl5W2r/QxrqyYPWOpyJaO6roqLrp9+LpMe0Hnz9g=";
|
||||
};
|
||||
|
||||
patches = lib.optionals stdenv.isLinux [
|
||||
# TODO: apply everywhere on rebuild
|
||||
patches = [
|
||||
# This revert a upstream refactor in continuous rendering mode, but this
|
||||
# causes a big performance regression for big manpages like
|
||||
# `man 5 configuration.nix`.
|
||||
|
|
|
|||
|
|
@ -95,11 +95,13 @@ stdenv.mkDerivation (finalAttrs: {
|
|||
hash = "sha256-Ub2fYMfSOmZaVWxzZMIfsuTiglZrPn4JJFXo+RAzCJM=";
|
||||
};
|
||||
|
||||
patches = lib.optional stdenv.hostPlatform.is32bit (fetchpatch {
|
||||
name = "fix-32bit-VkImage-null.patch";
|
||||
url = "https://gitlab.gnome.org/GNOME/gtk/-/commit/10d43de8f4f942cb591ada3103474bd7213425f1.patch";
|
||||
hash = "sha256-DJIL6M3XcsjBoMO77OxNi84d1DxAphAfot3N7Nq1QqQ=";
|
||||
});
|
||||
patches = [
|
||||
(fetchpatch {
|
||||
name = "fix-32bit-VkImage-null.patch";
|
||||
url = "https://gitlab.gnome.org/GNOME/gtk/-/commit/10d43de8f4f942cb591ada3103474bd7213425f1.patch";
|
||||
hash = "sha256-DJIL6M3XcsjBoMO77OxNi84d1DxAphAfot3N7Nq1QqQ=";
|
||||
})
|
||||
];
|
||||
|
||||
depsBuildBuild = [
|
||||
pkg-config
|
||||
|
|
|
|||
|
|
@ -88,13 +88,13 @@ in
|
|||
|
||||
stdenv.mkDerivation (finalAttrs: {
|
||||
pname = "imagemagick";
|
||||
version = "7.1.2-23";
|
||||
version = "7.1.2-24";
|
||||
|
||||
src = fetchFromGitHub {
|
||||
owner = "ImageMagick";
|
||||
repo = "ImageMagick";
|
||||
tag = finalAttrs.version;
|
||||
hash = "sha256-zYk75q+EyWq5g/AHFU6v8a7gye0aDAEe/ZZvjqR9ZTc=";
|
||||
hash = "sha256-oSH0dsQ3cuFNYJIIr6LHbv82FbFxxcmkjQ5csTNsYCA=";
|
||||
};
|
||||
|
||||
outputs = [
|
||||
|
|
|
|||
61
pkgs/by-name/kr/krb5/CVE-2026-40355-and-CVE-2026-40356.patch
Normal file
61
pkgs/by-name/kr/krb5/CVE-2026-40355-and-CVE-2026-40356.patch
Normal file
|
|
@ -0,0 +1,61 @@
|
|||
From acea6182e46fff3d1d64a3172cdff307b07ca441 Mon Sep 17 00:00:00 2001
|
||||
From: Greg Hudson <ghudson@mit.edu>
|
||||
Date: Wed, 8 Apr 2026 17:57:59 -0400
|
||||
Subject: [PATCH] Fix two NegoEx parsing vulnerabilities
|
||||
|
||||
In parse_nego_message(), check the result of the second call to
|
||||
vector_base() before dereferencing it. In parse_message(), check for
|
||||
a short header_len to prevent an integer underflow when calculating
|
||||
the remaining message length.
|
||||
|
||||
Reported by Cem Onat Karagun.
|
||||
|
||||
CVE-2026-40355:
|
||||
|
||||
In MIT krb5 release 1.18 and later, if an application calls
|
||||
gss_accept_sec_context() on a system with a NegoEx mechanism
|
||||
registered in /etc/gss/mech, an unauthenticated remote attacker can
|
||||
trigger a null pointer dereference, causing the process to terminate.
|
||||
|
||||
CVE-2026-40356:
|
||||
|
||||
In MIT krb5 release 1.18 and later, if an application calls
|
||||
gss_accept_sec_context() on a system with a NegoEx mechanism
|
||||
registered in /etc/gss/mech, an unauthenticated remote attacker can
|
||||
trigger a read overrun of up to 52 bytes, possibly causing the process
|
||||
to terminate. Exfiltration of the bytes read does not appear
|
||||
possible.
|
||||
|
||||
(cherry picked from commit 2e75f0d9362fb979f5fc92829431a590a130929f)
|
||||
|
||||
ticket: 9205
|
||||
version_fixed: 1.22.3
|
||||
---
|
||||
lib/gssapi/spnego/negoex_util.c | 7 ++++++-
|
||||
1 file changed, 6 insertions(+), 1 deletion(-)
|
||||
|
||||
diff --git a/lib/gssapi/spnego/negoex_util.c b/src/lib/gssapi/spnego/negoex_util.c
|
||||
index edc5462e844..a65238e5730 100644
|
||||
--- a/lib/gssapi/spnego/negoex_util.c
|
||||
+++ b/lib/gssapi/spnego/negoex_util.c
|
||||
@@ -253,6 +253,10 @@ parse_nego_message(OM_uint32 *minor, struct k5input *in,
|
||||
offset = k5_input_get_uint32_le(in);
|
||||
count = k5_input_get_uint16_le(in);
|
||||
p = vector_base(offset, count, EXTENSION_LENGTH, msg_base, msg_len);
|
||||
+ if (p == NULL) {
|
||||
+ *minor = ERR_NEGOEX_INVALID_MESSAGE_SIZE;
|
||||
+ return GSS_S_DEFECTIVE_TOKEN;
|
||||
+ }
|
||||
for (i = 0; i < count; i++) {
|
||||
extension_type = load_32_le(p + i * EXTENSION_LENGTH);
|
||||
if (extension_type & EXTENSION_FLAG_CRITICAL) {
|
||||
@@ -391,7 +395,8 @@ parse_message(OM_uint32 *minor, spnego_gss_ctx_id_t ctx, struct k5input *in,
|
||||
msg_len = k5_input_get_uint32_le(in);
|
||||
conv_id = k5_input_get_bytes(in, GUID_LENGTH);
|
||||
|
||||
- if (in->status || msg_len > token_remaining || header_len > msg_len) {
|
||||
+ if (in->status || msg_len > token_remaining ||
|
||||
+ header_len < (size_t)(in->ptr - msg_base) || header_len > msg_len) {
|
||||
*minor = ERR_NEGOEX_INVALID_MESSAGE_SIZE;
|
||||
return GSS_S_DEFECTIVE_TOKEN;
|
||||
}
|
||||
|
|
@ -34,16 +34,20 @@
|
|||
|
||||
stdenv.mkDerivation (finalAttrs: {
|
||||
pname = "krb5";
|
||||
version = "1.22.1";
|
||||
version = "1.22.2";
|
||||
|
||||
__structuredAttrs = true;
|
||||
|
||||
src = fetchurl {
|
||||
url = "https://kerberos.org/dist/krb5/${lib.versions.majorMinor finalAttrs.version}/krb5-${finalAttrs.version}.tar.gz";
|
||||
hash = "sha256-GogyuMrZI+u/E5T2fi789B46SfRgKFpm41reyPoAU68=";
|
||||
hash = "sha256-MkP/vI6k1Kwi3cfdKh3FTFeHTEBki2D/lwCXY1VOrxM=";
|
||||
};
|
||||
|
||||
patches = lib.optionals stdenv.hostPlatform.isFreeBSD [
|
||||
patches = [
|
||||
# https://github.com/krb5/krb5/pull/1506
|
||||
./CVE-2026-40355-and-CVE-2026-40356.patch
|
||||
]
|
||||
++ lib.optionals stdenv.hostPlatform.isFreeBSD [
|
||||
(fetchpatch {
|
||||
name = "fix-missing-ENODATA.patch";
|
||||
url = "https://cgit.freebsd.org/ports/plain/security/krb5-122/files/patch-lib_krad_packet.c?id=0501f716c4aff7880fde56e42d641ef504593b7d";
|
||||
|
|
@ -170,6 +174,7 @@ stdenv.mkDerivation (finalAttrs: {
|
|||
];
|
||||
|
||||
meta = {
|
||||
changelog = "https://web.mit.edu/Kerberos/krb5-${lib.versions.majorMinor finalAttrs.version}/";
|
||||
description = "MIT Kerberos 5";
|
||||
homepage = "http://web.mit.edu/kerberos/";
|
||||
license = lib.licenses.mit;
|
||||
|
|
|
|||
|
|
@ -23,7 +23,7 @@
|
|||
|
||||
stdenv.mkDerivation (finalAttrs: {
|
||||
pname = "libadwaita";
|
||||
version = "1.9.0";
|
||||
version = "1.9.1";
|
||||
|
||||
outputs = [
|
||||
"out"
|
||||
|
|
@ -37,7 +37,7 @@ stdenv.mkDerivation (finalAttrs: {
|
|||
owner = "GNOME";
|
||||
repo = "libadwaita";
|
||||
tag = finalAttrs.version;
|
||||
hash = "sha256-JAKP8CjLCKGZvHoB26ih/J3xAru4wiVf/ObG0L8r4pY=";
|
||||
hash = "sha256-Oy3WcsymNbbmAacm5hEOrorI1wKXjSp063mh4jCJRAE=";
|
||||
};
|
||||
|
||||
depsBuildBuild = [
|
||||
|
|
|
|||
|
|
@ -7,13 +7,13 @@
|
|||
|
||||
stdenv.mkDerivation (finalAttrs: {
|
||||
pname = "libaec";
|
||||
version = "1.1.6";
|
||||
version = "1.1.7";
|
||||
|
||||
src = fetchFromGitHub {
|
||||
owner = "Deutsches-Klimarechenzentrum";
|
||||
repo = "libaec";
|
||||
tag = "v${finalAttrs.version}";
|
||||
hash = "sha256-cxDP+JNwokxgzH9hO2zw+rIcz8XG7E8ujbAbWpgUEW8=";
|
||||
hash = "sha256-aBm+CXCq7sdJb6Qq9sNuTzNj0nRwTJI20HsqUg1Qi/8=";
|
||||
};
|
||||
|
||||
nativeBuildInputs = [
|
||||
|
|
|
|||
|
|
@ -44,9 +44,7 @@ stdenv.mkDerivation (finalAttrs: {
|
|||
fribidi
|
||||
harfbuzz
|
||||
]
|
||||
++ lib.optional fontconfigSupport fontconfig
|
||||
# TODO: remove dep after branchoff (in darwin stdenv)
|
||||
++ lib.optional stdenv.hostPlatform.isDarwin libiconv.out;
|
||||
++ lib.optional fontconfigSupport fontconfig;
|
||||
|
||||
meta = {
|
||||
description = "Portable ASS/SSA subtitle renderer";
|
||||
|
|
|
|||
|
|
@ -2,6 +2,7 @@
|
|||
lib,
|
||||
stdenv,
|
||||
fetchFromGitHub,
|
||||
fetchpatch,
|
||||
autoreconfHook,
|
||||
imlib2,
|
||||
libxext,
|
||||
|
|
@ -23,6 +24,14 @@ stdenv.mkDerivation (finalAttrs: {
|
|||
hash = "sha256-N0Lfi0d4kjxirEbIjdeearYWvStkKMyV6lgeyNKXcVw=";
|
||||
};
|
||||
|
||||
patches = [
|
||||
(fetchpatch {
|
||||
name = "CVE-2026-42046.patch";
|
||||
url = "https://github.com/cacalabs/libcaca/commit/fb77acff9ba6bb01d53940da34fb10f20b156a23.patch";
|
||||
hash = "sha256-AdpiE5Gw/CVET//7TTYZCb0glW5HY+T8xZkYs1XCBvY=";
|
||||
})
|
||||
];
|
||||
|
||||
nativeBuildInputs = [
|
||||
autoreconfHook
|
||||
pkg-config
|
||||
|
|
|
|||
|
|
@ -15,14 +15,14 @@
|
|||
}:
|
||||
|
||||
stdenv.mkDerivation (finalAttrs: {
|
||||
version = "1.0.18";
|
||||
version = "1.1.1";
|
||||
pname = "libde265";
|
||||
|
||||
src = fetchFromGitHub {
|
||||
owner = "strukturag";
|
||||
repo = "libde265";
|
||||
tag = "v${finalAttrs.version}";
|
||||
hash = "sha256-N6K82ElrzrMSNKfPTDsc5onrxucIJ8niwFgbaEPPd2I=";
|
||||
hash = "sha256-ZHfPC86oylqt2bwWMJRWVjdMEEmX6UOKR7XkR0HPyok=";
|
||||
};
|
||||
|
||||
nativeBuildInputs = [
|
||||
|
|
@ -43,6 +43,7 @@ stdenv.mkDerivation (finalAttrs: {
|
|||
|
||||
meta = {
|
||||
homepage = "https://github.com/strukturag/libde265";
|
||||
changelog = "https://github.com/strukturag/libde265/releases/tag/${finalAttrs.src.tag}";
|
||||
description = "Open h.265 video codec implementation";
|
||||
mainProgram = "dec265";
|
||||
license = lib.licenses.lgpl3;
|
||||
|
|
|
|||
|
|
@ -17,11 +17,11 @@ assert enableCapabilities -> stdenv.hostPlatform.isLinux;
|
|||
|
||||
stdenv.mkDerivation rec {
|
||||
pname = "libgcrypt";
|
||||
version = "1.11.2";
|
||||
version = "1.12.2";
|
||||
|
||||
src = fetchurl {
|
||||
url = "mirror://gnupg/libgcrypt/${pname}-${version}.tar.bz2";
|
||||
hash = "sha256-a6Wd0ZInDowdIt20GgfZXc28Hw+wLQPEtUsjWBQzCqw=";
|
||||
hash = "sha256-fOM8JJIiGgQ2+WqFACFenz49y1/SanV81BXnqEO6vV4=";
|
||||
};
|
||||
|
||||
outputs = [
|
||||
|
|
@ -73,17 +73,6 @@ stdenv.mkDerivation rec {
|
|||
postConfigure = ''
|
||||
sed -i configure \
|
||||
-e 's/NOEXECSTACK_FLAGS=$/NOEXECSTACK_FLAGS="-Wa,--noexecstack"/'
|
||||
''
|
||||
# The cipher/simd-common-riscv.h wasn't added to the release tarball, please remove this hack on next version update
|
||||
# https://dev.gnupg.org/T7647
|
||||
+ lib.optionalString stdenv.hostPlatform.isRiscV ''
|
||||
cp ${
|
||||
fetchurl {
|
||||
url = "https://git.gnupg.org/cgi-bin/gitweb.cgi?p=libgcrypt.git;a=blob_plain;f=cipher/simd-common-riscv.h;h=8381000f9ac148c60a6963a1d9ec14a3fee1c576;hb=81ce5321b1b79bde6dfdc3c164efb40c13cf656b";
|
||||
hash = "sha256-Toe15YLAOYULnLc2fGMMv/xzs/q1t3LsyiqtL7imc+8=";
|
||||
name = "simd-common-riscv.h";
|
||||
}
|
||||
} cipher/simd-common-riscv.h
|
||||
'';
|
||||
|
||||
enableParallelBuilding = true;
|
||||
|
|
|
|||
|
|
@ -24,7 +24,7 @@
|
|||
|
||||
stdenv.mkDerivation (finalAttrs: {
|
||||
pname = "libheif";
|
||||
version = "1.21.2";
|
||||
version = "1.23.0";
|
||||
|
||||
outputs = [
|
||||
"bin"
|
||||
|
|
@ -38,7 +38,7 @@ stdenv.mkDerivation (finalAttrs: {
|
|||
owner = "strukturag";
|
||||
repo = "libheif";
|
||||
rev = "v${finalAttrs.version}";
|
||||
hash = "sha256-odkJ0wZSGoZ7mX9fkaNREDpMvQuQA9HKaf3so1dYrbc=";
|
||||
hash = "sha256-+LbYwDSxixy4TaraUCN2LiCnn32dkMppCA8EOFXbvtg=";
|
||||
};
|
||||
|
||||
nativeBuildInputs = [
|
||||
|
|
|
|||
|
|
@ -11,10 +11,10 @@
|
|||
assert zlib != null;
|
||||
|
||||
let
|
||||
patchVersion = "1.6.56";
|
||||
patchVersion = "1.6.58";
|
||||
patch_src = fetchurl {
|
||||
url = "mirror://sourceforge/libpng-apng/libpng-${patchVersion}-apng.patch.gz";
|
||||
hash = "sha256-nOMtSidjoqxfJYcmui9J6QETJ8HujDCGKjLQ8wiJ++g=";
|
||||
hash = "sha256-7ufeoi7VAoaAF5cchsY8TtHmCF3guuv9zD0zIvAPPrA=";
|
||||
};
|
||||
whenPatched = lib.optionalString apngSupport;
|
||||
|
||||
|
|
@ -24,11 +24,11 @@ let
|
|||
in
|
||||
stdenv'.mkDerivation (finalAttrs: {
|
||||
pname = "libpng" + whenPatched "-apng";
|
||||
version = "1.6.56";
|
||||
version = "1.6.58";
|
||||
|
||||
src = fetchurl {
|
||||
url = "mirror://sourceforge/libpng/libpng-${finalAttrs.version}.tar.xz";
|
||||
hash = "sha256-99i/FgG3gE9YOiVKs0OmVJymzyfSVcMCxHry2dNqbxg=";
|
||||
hash = "sha256-KOtAP1Hw90BSSRMs7P6C6lwO+X8bMsWmWCiBSuDTR3U=";
|
||||
};
|
||||
postPatch =
|
||||
whenPatched "gunzip < ${patch_src} | patch -Np1"
|
||||
|
|
|
|||
|
|
@ -23,6 +23,9 @@ let
|
|||
pname = "libressl";
|
||||
inherit version;
|
||||
|
||||
strictDeps = true;
|
||||
__structuredAttrs = true;
|
||||
|
||||
src = fetchurl {
|
||||
url = "mirror://openbsd/LibreSSL/libressl-${version}.tar.gz";
|
||||
inherit hash;
|
||||
|
|
@ -60,6 +63,23 @@ let
|
|||
preCheck = ''
|
||||
export PREVIOUS_${ldLibPathEnvName}=$${ldLibPathEnvName}
|
||||
export ${ldLibPathEnvName}="$${ldLibPathEnvName}:$(realpath tls/):$(realpath ssl/):$(realpath crypto/)"
|
||||
''
|
||||
+ lib.optionalString stdenv.hostPlatform.isElf ''
|
||||
# Bail if any shared object has executable stack enabled. This can
|
||||
# happen when an object produced from an assmbly file in libcrypto is
|
||||
# missing a .note.GNU-stack section. An executable stack is dangerous
|
||||
# and unintentional, but without this check the derivation will build
|
||||
# and even run if W^X is not enforced; it would fail dangerously.
|
||||
objdump -p **/*.so | awk '
|
||||
BEGIN { res = 0 }
|
||||
/file format/ { file = $1 }
|
||||
/STACK/ { stack = 1; next }
|
||||
stack {
|
||||
if ($0 ~ /flags.*x/) { print file " has executable stack"; res = 1 }
|
||||
stack = 0
|
||||
}
|
||||
END { exit res }
|
||||
'
|
||||
'';
|
||||
postCheck = ''
|
||||
export ${ldLibPathEnvName}=$PREVIOUS_${ldLibPathEnvName}
|
||||
|
|
@ -96,6 +116,7 @@ let
|
|||
maintainers = with lib.maintainers; [
|
||||
thoughtpolice
|
||||
fpletz
|
||||
ruuda
|
||||
];
|
||||
inherit knownVulnerabilities;
|
||||
|
||||
|
|
@ -111,32 +132,17 @@ let
|
|||
identifiers.cpeParts = lib.meta.cpeFullVersionWithVendor "openbsd" version;
|
||||
};
|
||||
};
|
||||
|
||||
# https://github.com/libressl/portable/pull/1206
|
||||
# This got merged in February 2026 and is included as of LibreSSL 4.3.0.
|
||||
common-cmake-install-full-dirs-patch = fetchpatch {
|
||||
url = "https://github.com/libressl/portable/commit/a15ea0710398eaeed3be53cf643e80a1e80c981d.patch";
|
||||
hash = "sha256-Mlf4SrGCCqALQicbGtmVGdkdfcE8DEGYkOuVyG2CozM=";
|
||||
};
|
||||
in
|
||||
{
|
||||
libressl_4_1 = generic {
|
||||
version = "4.1.2";
|
||||
hash = "sha256-+6Ti+ip/UjBt96OJlwoQ6YuX6w7bKZqf252/SZmcYeE=";
|
||||
# Fixes build on loongarch64
|
||||
# https://github.com/libressl/portable/pull/1184
|
||||
postPatch = ''
|
||||
mkdir -p include/arch/loongarch64
|
||||
cp ${
|
||||
fetchurl {
|
||||
url = "https://github.com/libressl/portable/raw/refs/tags/v4.1.0/include/arch/loongarch64/opensslconf.h";
|
||||
hash = "sha256-68dw5syUy1z6GadCMR4TR9+0UQX6Lw/CbPWvjHGAhgo=";
|
||||
}
|
||||
} include/arch/loongarch64/opensslconf.h
|
||||
'';
|
||||
patches = [
|
||||
common-cmake-install-full-dirs-patch
|
||||
];
|
||||
};
|
||||
|
||||
# 4.2 was released October 2025 and will become unsupported on October 22,
|
||||
# 2026, one year after the release of OpenBSD 7.8.
|
||||
libressl_4_2 = generic {
|
||||
version = "4.2.1";
|
||||
hash = "sha256-bVwvWFg1iOp5H0yGRQBAcdAN+lVKW/eIoAbKHrWr1ws=";
|
||||
|
|
@ -144,4 +150,24 @@ in
|
|||
common-cmake-install-full-dirs-patch
|
||||
];
|
||||
};
|
||||
|
||||
# 4.3 was released April 2026 and will become unsupported one year after the
|
||||
# release of OpenBSD 7.9.
|
||||
libressl_4_3 = generic {
|
||||
version = "4.3.1";
|
||||
hash = "sha256-wttCrOFOfVQZgm+rNadC7G5NEnJaBRpR0M6jwQug+lA=";
|
||||
patches = [
|
||||
# Fix for https://github.com/libressl/portable/issues/1278, where LibreSSL
|
||||
# 4.3 started requiring executable stack because some objects were missing
|
||||
# a .note.GNU-stack section; will probably be included in the next release.
|
||||
(fetchpatch {
|
||||
url = "https://raw.githubusercontent.com/libressl/portable/4dae91d056c6c75ba5cf2bc5e6148b8e02239119/patches/gnu-stack.patch";
|
||||
hash = "sha256-Q1oWL4N8w5Zmjfq5QkTJR53NgZ4GqChSDaBicli5G2I=";
|
||||
# This patch is written to be applied with -p0, with no leading path
|
||||
# component, but Nix applies with -p1 by default, so we add it to not
|
||||
# break compatibility with how other patches must be applied.
|
||||
decode = "sed 's|^--- |--- a/|; s|^+++ |+++ b/|'";
|
||||
})
|
||||
];
|
||||
};
|
||||
}
|
||||
|
|
|
|||
|
|
@ -19,7 +19,7 @@ SSH_DEFAULT_OPTS: Final = [
|
|||
"-o",
|
||||
"ControlMaster=auto",
|
||||
"-o",
|
||||
f"ControlPath={tmpdir.TMPDIR_PATH / 'ssh-%n'}",
|
||||
f"ControlPath={tmpdir.TMPDIR_PATH / 'ssh-%C'}",
|
||||
"-o",
|
||||
"ControlPersist=60",
|
||||
]
|
||||
|
|
|
|||
|
|
@ -12,13 +12,13 @@ let
|
|||
in
|
||||
stdenv.mkDerivation (finalAttrs: {
|
||||
pname = "openapv";
|
||||
version = "0.2.1.2";
|
||||
version = "0.2.1.3";
|
||||
|
||||
src = fetchFromGitHub {
|
||||
owner = "AcademySoftwareFoundation";
|
||||
repo = "openapv";
|
||||
tag = "v${finalAttrs.version}";
|
||||
hash = "sha256-wxncN7j5p0GXpWhOx4Ix0oTgGK2sIrfJgQ45fFwmQBI=";
|
||||
tag = "v${finalAttrs.version}-fix"; # Remove the `-fix` suffix after the next version
|
||||
hash = "sha256-lc/x2dWh6T8c63siHB32ka+SPVYTTyaO4YrQ12EbGqw=";
|
||||
};
|
||||
|
||||
postPatch = ''
|
||||
|
|
|
|||
|
|
@ -122,6 +122,8 @@ stdenv.mkDerivation (finalAttrs: {
|
|||
# https://bugs.openldap.org/show_bug.cgi?id=8623
|
||||
rm -f tests/scripts/test022-ppolicy
|
||||
|
||||
rm -f tests/scripts/test*-sync*
|
||||
|
||||
rm -f tests/scripts/test063-delta-multiprovider
|
||||
|
||||
# https://bugs.openldap.org/show_bug.cgi?id=10009
|
||||
|
|
|
|||
|
|
@ -7,13 +7,13 @@
|
|||
|
||||
stdenvNoCC.mkDerivation {
|
||||
pname = "publicsuffix-list";
|
||||
version = "0-unstable-2026-03-26";
|
||||
version = "0-unstable-2026-05-13";
|
||||
|
||||
src = fetchFromGitHub {
|
||||
owner = "publicsuffix";
|
||||
repo = "list";
|
||||
rev = "d333b72b39575da1ce6932b01d7c421a4107c620";
|
||||
hash = "sha256-LWnvQrIyj+iq96T1u9WEq+HGOZ5sJYN5nCintEr6sBk=";
|
||||
rev = "e452c7058d6946bd76952b128c12f5ce87a5acb8";
|
||||
hash = "sha256-5D4RZAyJOL4hMU32Rmp3SYmjgqEtF36mZJr4YBG0k7E=";
|
||||
};
|
||||
|
||||
dontBuild = true;
|
||||
|
|
|
|||
|
|
@ -1,56 +0,0 @@
|
|||
From 9b104ed9859f17b6ed4c4ad01806c75a0c197dd7 Mon Sep 17 00:00:00 2001
|
||||
From: Emily <hello@emily.moe>
|
||||
Date: Tue, 5 Aug 2025 15:55:24 +0100
|
||||
Subject: [PATCH] Allow `ls(1)` to fail in test setup
|
||||
|
||||
This can happen when the tests are unable to `stat(2)` some files in
|
||||
`/etc`, `/bin`, or `/`, due to Unix permissions or other sandboxing. We
|
||||
still guard against serious errors, which use exit code 2.
|
||||
---
|
||||
testsuite/longdir.test | 4 ++--
|
||||
testsuite/rsync.fns | 8 ++++----
|
||||
2 files changed, 6 insertions(+), 6 deletions(-)
|
||||
|
||||
diff --git a/testsuite/longdir.test b/testsuite/longdir.test
|
||||
index 8d66bb5f..26747292 100644
|
||||
--- a/testsuite/longdir.test
|
||||
+++ b/testsuite/longdir.test
|
||||
@@ -16,9 +16,9 @@ makepath "$longdir" || test_skipped "unable to create long directory"
|
||||
touch "$longdir/1" || test_skipped "unable to create files in long directory"
|
||||
date > "$longdir/1"
|
||||
if [ -r /etc ]; then
|
||||
- ls -la /etc >"$longdir/2"
|
||||
+ ls -la /etc >"$longdir/2" || [ $? -eq 1 ]
|
||||
else
|
||||
- ls -la / >"$longdir/2"
|
||||
+ ls -la / >"$longdir/2" || [ $? -eq 1 ]
|
||||
fi
|
||||
checkit "$RSYNC --delete -avH '$fromdir/' '$todir'" "$fromdir/" "$todir"
|
||||
|
||||
diff --git a/testsuite/rsync.fns b/testsuite/rsync.fns
|
||||
index 2ab97b69..f7da363f 100644
|
||||
--- a/testsuite/rsync.fns
|
||||
+++ b/testsuite/rsync.fns
|
||||
@@ -195,15 +195,15 @@ hands_setup() {
|
||||
echo some data > "$fromdir/dir/subdir/foobar.baz"
|
||||
mkdir "$fromdir/dir/subdir/subsubdir"
|
||||
if [ -r /etc ]; then
|
||||
- ls -ltr /etc > "$fromdir/dir/subdir/subsubdir/etc-ltr-list"
|
||||
+ ls -ltr /etc > "$fromdir/dir/subdir/subsubdir/etc-ltr-list" || [ $? -eq 1 ]
|
||||
else
|
||||
- ls -ltr / > "$fromdir/dir/subdir/subsubdir/etc-ltr-list"
|
||||
+ ls -ltr / > "$fromdir/dir/subdir/subsubdir/etc-ltr-list" || [ $? -eq 1 ]
|
||||
fi
|
||||
mkdir "$fromdir/dir/subdir/subsubdir2"
|
||||
if [ -r /bin ]; then
|
||||
- ls -lt /bin > "$fromdir/dir/subdir/subsubdir2/bin-lt-list"
|
||||
+ ls -lt /bin > "$fromdir/dir/subdir/subsubdir2/bin-lt-list" || [ $? -eq 1 ]
|
||||
else
|
||||
- ls -lt / > "$fromdir/dir/subdir/subsubdir2/bin-lt-list"
|
||||
+ ls -lt / > "$fromdir/dir/subdir/subsubdir2/bin-lt-list" || [ $? -eq 1 ]
|
||||
fi
|
||||
|
||||
# echo testing head:
|
||||
--
|
||||
2.50.1
|
||||
|
||||
|
|
@ -1,12 +1,12 @@
|
|||
{
|
||||
lib,
|
||||
stdenv,
|
||||
fetchpatch,
|
||||
fetchurl,
|
||||
fetchpatch,
|
||||
|
||||
updateAutotoolsGnuConfigScriptsHook,
|
||||
perl,
|
||||
|
||||
python3,
|
||||
libiconv,
|
||||
zlib,
|
||||
popt,
|
||||
|
|
@ -29,24 +29,29 @@
|
|||
|
||||
stdenv.mkDerivation (finalAttrs: {
|
||||
pname = "rsync";
|
||||
version = "3.4.1";
|
||||
version = "3.4.4";
|
||||
|
||||
src = fetchurl {
|
||||
# signed with key 9FEF 112D CE19 A0DC 7E88 2CB8 1BB2 4997 A853 5F6F
|
||||
url = "mirror://samba/rsync/src/rsync-${finalAttrs.version}.tar.gz";
|
||||
hash = "sha256-KSS8s6Hti1UfwQH3QLnw/gogKxFQJ2R89phQ1l/YjFI=";
|
||||
hash = "sha256-vYjPgvplPaMjFPsikTZAfFyQ+A0XWNj0sJF2eHfY+pY=";
|
||||
};
|
||||
|
||||
patches = [
|
||||
# See: <https://github.com/RsyncProject/rsync/pull/790>
|
||||
./fix-tests-in-darwin-sandbox.patch
|
||||
# fix compilation with gcc15
|
||||
patches = lib.optionals (stdenv.hostPlatform.isDarwin) [
|
||||
# Fixes test failure on darwin
|
||||
(fetchpatch {
|
||||
url = "https://github.com/RsyncProject/rsync/commit/a4b926dcdce96b0f2cc0dc7744e95747b233500a.patch";
|
||||
hash = "sha256-UiEQJ+p2gtIDYNJqnxx4qKgItKIZzCpkHnvsgoxBmSE=";
|
||||
url = "https://github.com/RsyncProject/rsync/commit/e1c5f0e93a75dd45f32f3b92ba221ef158ac2e5f.patch";
|
||||
hash = "sha256-pg65K9BCTq/WvS5icK6KT28ARccFKedp2445wLYdRsE=";
|
||||
excludes = [
|
||||
".github/workflows/cygwin-build.yml"
|
||||
];
|
||||
})
|
||||
];
|
||||
|
||||
preBuild = ''
|
||||
patchShebangs ./runtests.py
|
||||
'';
|
||||
|
||||
nativeBuildInputs = [
|
||||
updateAutotoolsGnuConfigScriptsHook
|
||||
perl
|
||||
|
|
@ -86,6 +91,15 @@ stdenv.mkDerivation (finalAttrs: {
|
|||
|
||||
passthru.tests = { inherit (nixosTests) rsyncd; };
|
||||
|
||||
nativeCheckInputs = [
|
||||
python3
|
||||
];
|
||||
|
||||
# Test fails when built in a chroot store
|
||||
preCheck = ''
|
||||
rm testsuite/chgrp.test
|
||||
'';
|
||||
|
||||
doCheck = true;
|
||||
|
||||
__darwinAllowLocalNetworking = true;
|
||||
|
|
|
|||
|
|
@ -14,16 +14,16 @@
|
|||
|
||||
rustPlatform.buildRustPackage (finalAttrs: {
|
||||
pname = "rust-cbindgen";
|
||||
version = "0.29.2";
|
||||
version = "0.29.3";
|
||||
|
||||
src = fetchFromGitHub {
|
||||
owner = "mozilla";
|
||||
repo = "cbindgen";
|
||||
rev = "v${finalAttrs.version}";
|
||||
hash = "sha256-P2A+XSLrcuYsI48gnZSNNs5qX+EatiuEJSEJbMvMSxg=";
|
||||
hash = "sha256-d0rY7Sk37s8HEZlQq9Sbjj1P+DgygD0Yjx8cXlFKEIA=";
|
||||
};
|
||||
|
||||
cargoHash = "sha256-DbmlpjiOraLWPh5RgJqCIGIYzE1h82MH2S6gpLH+CIQ=";
|
||||
cargoHash = "sha256-UeierkQpfCiB5ES9ZW9hO+0AcI9Ip8qSJ/Nd+I1xrmQ=";
|
||||
|
||||
nativeCheckInputs = [
|
||||
cmake
|
||||
|
|
|
|||
|
|
@ -70,7 +70,7 @@ assert lib.assertMsg (ibusSupport -> dbusSupport) "SDL3 requires dbus support to
|
|||
|
||||
stdenv.mkDerivation (finalAttrs: {
|
||||
pname = "sdl3";
|
||||
version = "3.4.8";
|
||||
version = "3.4.10";
|
||||
|
||||
outputs = [
|
||||
"lib"
|
||||
|
|
@ -83,14 +83,21 @@ stdenv.mkDerivation (finalAttrs: {
|
|||
owner = "libsdl-org";
|
||||
repo = "SDL";
|
||||
tag = "release-${finalAttrs.version}";
|
||||
hash = "sha256-uBGyGxrUVx642Ku8qhR2sTy2JagcSioIhh/5RsXVAIM=";
|
||||
hash = "sha256-6Dph2eLiJUmpQzPWe8EuY5LrWhrFwde2f2dwfgCcWNw=";
|
||||
};
|
||||
|
||||
postPatch =
|
||||
# Tests timeout on Darwin
|
||||
lib.optionalString (finalAttrs.finalPackage.doCheck) ''
|
||||
# Tests timeout on Darwin
|
||||
substituteInPlace test/CMakeLists.txt \
|
||||
--replace-fail 'set(noninteractive_timeout 10)' 'set(noninteractive_timeout 30)'
|
||||
|
||||
# intermittent test failure
|
||||
# https://github.com/libsdl-org/SDL/issues/15346
|
||||
substituteInPlace test/CMakeLists.txt \
|
||||
--replace-fail \
|
||||
'add_sdl_test_executable(testrwlock SOURCES testrwlock.c NONINTERACTIVE NONINTERACTIVE_TIMEOUT 20)' \
|
||||
'add_sdl_test_executable(testrwlock SOURCES testrwlock.c NONINTERACTIVE NONINTERACTIVE_TIMEOUT 300)'
|
||||
''
|
||||
+ lib.optionalString waylandSupport ''
|
||||
substituteInPlace src/dialog/unix/SDL_zenitymessagebox.c \
|
||||
|
|
|
|||
|
|
@ -7,13 +7,13 @@
|
|||
|
||||
stdenv.mkDerivation (finalAttrs: {
|
||||
pname = "simdjson";
|
||||
version = "4.6.0";
|
||||
version = "4.6.4";
|
||||
|
||||
src = fetchFromGitHub {
|
||||
owner = "simdjson";
|
||||
repo = "simdjson";
|
||||
tag = "v${finalAttrs.version}";
|
||||
hash = "sha256-VGErBWAHk63XMv8yC+Na+gXHByhYhtIEMSBySwIDlXk=";
|
||||
hash = "sha256-8oQzsR7DSaNTN9su1uI9tRQ9HvOwXShPwSrnQj8+lGM=";
|
||||
};
|
||||
|
||||
nativeBuildInputs = [ cmake ];
|
||||
|
|
|
|||
|
|
@ -57,13 +57,13 @@
|
|||
|
||||
stdenv.mkDerivation (finalAttrs: {
|
||||
pname = "unbound";
|
||||
version = "1.25.0";
|
||||
version = "1.25.1";
|
||||
|
||||
src = fetchFromGitHub {
|
||||
owner = "NLnetLabs";
|
||||
repo = "unbound";
|
||||
tag = "release-${finalAttrs.version}";
|
||||
hash = "sha256-BAqGNi5lfYYTQd7CPH0lssLc5/AkeuKSVEFcrF/cNyc=";
|
||||
hash = "sha256-1PXnxCPxoB5IrVBQIsrxiWAq+IoH7Ma9T1TTJsoTJc4=";
|
||||
};
|
||||
|
||||
outputs = [
|
||||
|
|
|
|||
|
|
@ -2,7 +2,6 @@
|
|||
lib,
|
||||
stdenv,
|
||||
fetchFromGitHub,
|
||||
fetchpatch,
|
||||
lua,
|
||||
jemalloc,
|
||||
pkg-config,
|
||||
|
|
@ -25,13 +24,13 @@
|
|||
|
||||
stdenv.mkDerivation (finalAttrs: {
|
||||
pname = "valkey";
|
||||
version = "9.0.4";
|
||||
version = "9.1.0";
|
||||
|
||||
src = fetchFromGitHub {
|
||||
owner = "valkey-io";
|
||||
repo = "valkey";
|
||||
rev = finalAttrs.version;
|
||||
hash = "sha256-FDm6i6G6h9WapMTj7ke4YtOjZ4rwIJZGONunQi0v7CE=";
|
||||
hash = "sha256-RMZz83fycpOTPWB1dIXU0/hdh4ZGC+6JhCws8htAQ5E=";
|
||||
};
|
||||
|
||||
patches = lib.optional useSystemJemalloc ./use_system_jemalloc.patch;
|
||||
|
|
@ -94,13 +93,14 @@ stdenv.mkDerivation (finalAttrs: {
|
|||
fi
|
||||
|
||||
# Skip some more flaky tests.
|
||||
# Skip test requiring custom jemalloc (unit/memefficiency).
|
||||
# Skip test requiring custom jemalloc (unit/memefficiency, unit/type/string).
|
||||
./runtest \
|
||||
--no-latency \
|
||||
--timeout 2000 \
|
||||
--clients "$CLIENTS" \
|
||||
--tags -leaks \
|
||||
--skipunit unit/memefficiency \
|
||||
--skipunit unit/type/string \
|
||||
--skipunit integration/failover \
|
||||
--skipunit integration/aof-multi-part
|
||||
|
||||
|
|
|
|||
|
|
@ -38,13 +38,7 @@
|
|||
stdenv.mkDerivation (finalAttrs: {
|
||||
pname = "xvfb";
|
||||
|
||||
# TODO: rebuild avoidance. revert on staging.
|
||||
# inherit (xorg-server) src version;
|
||||
version = "21.1.22";
|
||||
src = fetchurl {
|
||||
url = "mirror://xorg/individual/xserver/xorg-server-${finalAttrs.version}.tar.xz";
|
||||
hash = "sha256-GiQsiRfEm6KczB9gIWE9iiuYBd0NJxpmrp0J9LC7BrM=";
|
||||
};
|
||||
inherit (xorg-server) src version;
|
||||
|
||||
strictDeps = true;
|
||||
|
||||
|
|
|
|||
|
|
@ -25,11 +25,11 @@ let
|
|||
in
|
||||
stdenv.mkDerivation (finalAttrs: {
|
||||
pname = "go";
|
||||
version = "1.26.3";
|
||||
version = "1.26.4";
|
||||
|
||||
src = fetchurl {
|
||||
url = "https://go.dev/dl/go${finalAttrs.version}.src.tar.gz";
|
||||
hash = "sha256-HGRoddCqh5kTMYTtV895/yS97+jIggRwYCqdPW2Rkrg=";
|
||||
hash = "sha256-T2aKMvv8ETLmqIH7lowvHa2mMUkqM5IRc1+7JVpCYC0=";
|
||||
};
|
||||
|
||||
strictDeps = true;
|
||||
|
|
|
|||
|
|
@ -3,6 +3,7 @@
|
|||
stdenv,
|
||||
pkgsHostHost,
|
||||
pkgsBuildBuild,
|
||||
fetchpatch,
|
||||
file,
|
||||
curl,
|
||||
pkg-config,
|
||||
|
|
@ -26,6 +27,23 @@ rustPlatform.buildRustPackage.override
|
|||
pname = "cargo";
|
||||
inherit (rustc.unwrapped) version src;
|
||||
|
||||
patches = [
|
||||
(fetchpatch {
|
||||
name = "CVE-2026-5222.patch";
|
||||
url = "https://github.com/rust-lang/cargo/commit/c4d63a44234de22dc745231c416b80ed848d997f.patch";
|
||||
stripLen = 1;
|
||||
extraPrefix = "src/tools/cargo/";
|
||||
hash = "sha256-YG7xtC308z+o1xVzrV81qqWov1121GVouyAXKflyBF8=";
|
||||
})
|
||||
(fetchpatch {
|
||||
name = "CVE-2026-5223.patch";
|
||||
url = "https://github.com/rust-lang/cargo/commit/285cebf58911eca5b7f177f5d0b1c53e1f646577.patch";
|
||||
stripLen = 1;
|
||||
extraPrefix = "src/tools/cargo/";
|
||||
hash = "sha256-DbmPQ31N4AIYZEBiwwGAn59hgPsFEVTzA6PrI071LXE=";
|
||||
})
|
||||
];
|
||||
|
||||
# the rust source tarball already has all the dependencies vendored, no need to fetch them again
|
||||
cargoVendorDir = "vendor";
|
||||
buildAndTestSubdir = "src/tools/cargo";
|
||||
|
|
|
|||
20
pkgs/development/interpreters/perl/CVE-2026-8376.patch
Normal file
20
pkgs/development/interpreters/perl/CVE-2026-8376.patch
Normal file
|
|
@ -0,0 +1,20 @@
|
|||
Targeted patch for CVE-2026-8376, based on 5e7f119eb2bb1181be908701f22bf7068e722f1c but avoids changes to t/re/pat_psycho.t as they do not apply cleanly.
|
||||
|
||||
diff --git a/regcomp_study.c b/regcomp_study.c
|
||||
index b513454a4258..1602663f4b26 100644
|
||||
--- a/regcomp_study.c
|
||||
+++ b/regcomp_study.c
|
||||
@@ -2784,6 +2784,13 @@ Perl_study_chunk(pTHX_
|
||||
(U8 *) SvEND(data->last_found))
|
||||
- (U8*)s;
|
||||
l -= old;
|
||||
+
|
||||
+ if (l > 0 &&
|
||||
+ (mincount >= SSize_t_MAX / (SSize_t)l
|
||||
+ || old > SSize_t_MAX - mincount * (SSize_t)l)) {
|
||||
+ FAIL("Regexp out of space");
|
||||
+ }
|
||||
+
|
||||
/* Get the added string: */
|
||||
last_str = newSVpvn_utf8(s + old, l, UTF);
|
||||
last_chrs = UTF ? utf8_length((U8*)(s + old),
|
||||
|
|
@ -36,6 +36,8 @@ let
|
|||
commonPatches = [
|
||||
# Do not look in /usr etc. for dependencies.
|
||||
./no-sys-dirs.patch
|
||||
|
||||
./CVE-2026-8376.patch
|
||||
]
|
||||
|
||||
# Fix build on Solaris on x86_64
|
||||
|
|
@ -79,6 +81,61 @@ let
|
|||
# Some more details: https://arsv.github.io/perl-cross/modules.html
|
||||
++ lib.optional crossCompiling ./cross.patch;
|
||||
|
||||
# Inject fixed CPAN releases for bundled dual-life distributions until the
|
||||
# next perl maintenance release includes them.
|
||||
vendoredPerlDistributions = [
|
||||
{
|
||||
# CVE-2026-7010
|
||||
path = "cpan/HTTP-Tiny";
|
||||
src = fetchurl {
|
||||
url = "mirror://cpan/authors/id/H/HA/HAARG/HTTP-Tiny-0.094.tar.gz";
|
||||
hash = "sha256-poQemfwbVdFd6VlHzL17dnvsxRxxAhl/qPBE333cB0M=";
|
||||
};
|
||||
}
|
||||
{
|
||||
# CVE-2026-3381, CVE-2026-4176
|
||||
path = "cpan/Compress-Raw-Zlib";
|
||||
src = fetchurl {
|
||||
url = "mirror://cpan/authors/id/P/PM/PMQS/Compress-Raw-Zlib-2.222.tar.gz";
|
||||
hash = "sha256-Hf19URplVifIGBXTDTurwo+luIRV/wP4sECZ3LUShrg=";
|
||||
};
|
||||
}
|
||||
{
|
||||
# Runtime dependency of IO-Compress 2.220.
|
||||
path = "cpan/Compress-Raw-Bzip2";
|
||||
src = fetchurl {
|
||||
url = "mirror://cpan/authors/id/P/PM/PMQS/Compress-Raw-Bzip2-2.218.tar.gz";
|
||||
hash = "sha256-iRU+ai69pSNJSTsHT6S3VJ/x+QU952E8GKXgXFtBX6g=";
|
||||
};
|
||||
}
|
||||
{
|
||||
# CVE-2026-48962, CVE-2026-48961, CVE-2026-48959
|
||||
path = "cpan/IO-Compress";
|
||||
src = fetchurl {
|
||||
url = "mirror://cpan/authors/id/P/PM/PMQS/IO-Compress-2.220.tar.gz";
|
||||
hash = "sha256-nZbqKR8sVO82fHOWuFfZO6GsHEsvG84T7Yo+Xz7rtic=";
|
||||
};
|
||||
}
|
||||
{
|
||||
# CVE-2026-42496, CVE-2026-42497, CVE-2026-9538
|
||||
path = "cpan/Archive-Tar";
|
||||
src = fetchurl {
|
||||
url = "mirror://cpan/authors/id/B/BI/BINGOS/Archive-Tar-3.12.tar.gz";
|
||||
hash = "sha256-ARTvObZfSfiWgoOrR3Gdfoj5jXNg/jZJvjMcf1PVgyw=";
|
||||
};
|
||||
}
|
||||
];
|
||||
|
||||
replaceVendoredPerlDistributions = lib.concatMapStringsSep "\n" (d: ''
|
||||
rm -rf ${d.path}
|
||||
mkdir -p ${d.path}
|
||||
|
||||
tar --strip-components=1 -C ${d.path} -xf ${d.src}
|
||||
|
||||
# Remove executable bits to make t/porting/exec-bit.t happy.
|
||||
find ${d.path} -type f -exec chmod a-x {} +
|
||||
'') vendoredPerlDistributions;
|
||||
|
||||
libc = if stdenv.cc.libc or null != null then stdenv.cc.libc else "/usr";
|
||||
libcInc = lib.getDev libc;
|
||||
libcLib = lib.getLib libc;
|
||||
|
|
@ -136,10 +193,10 @@ stdenv.mkDerivation (
|
|||
--replace "/bin/pwd" "$(type -P pwd)"
|
||||
''
|
||||
)
|
||||
+
|
||||
# Perl's build system uses the src variable, and its value may end up in
|
||||
# the output in some cases (when cross-compiling)
|
||||
''
|
||||
+ replaceVendoredPerlDistributions
|
||||
+ ''
|
||||
# Perl's build system uses the src variable, and its value may end up in
|
||||
# the output in some cases (when cross-compiling).
|
||||
unset src
|
||||
'';
|
||||
|
||||
|
|
|
|||
|
|
@ -30,8 +30,8 @@ let
|
|||
hash = "sha256-GDN0+tJY8Nap9UkNUfzqT9cGV1IVCuy5Du/64G+8QdE=";
|
||||
};
|
||||
v8 = {
|
||||
version = "8.1";
|
||||
hash = "sha256-FdKhhCveEo5UodEoyUh3aBHABv3OT2VXmwBXE1ce3p0=";
|
||||
version = "8.1.1";
|
||||
hash = "sha256-WPGfjTZjsgpR5QiANRWF4g6LF2ejGzFQUrLjhzw9cfQ=";
|
||||
};
|
||||
in
|
||||
|
||||
|
|
|
|||
|
|
@ -7154,3 +7154,762 @@ index 00181cfefb..e83ea2b939 100644
|
|||
TEST_VERIFY (ret != 0);
|
||||
TEST_COMPARE (errno, EBUSY);
|
||||
}
|
||||
|
||||
commit f13c1bb0f97fbc12a6ba1ab5669ce561ea32b80a
|
||||
Author: Florian Weimer <fweimer@redhat.com>
|
||||
Date: Thu Apr 16 19:13:43 2026 +0200
|
||||
|
||||
Use pending character state in IBM1390, IBM1399 character sets (CVE-2026-4046)
|
||||
|
||||
Follow the example in iso-2022-jp-3.c and use the __count state
|
||||
variable to store the pending character. This avoids restarting
|
||||
the conversion if the output buffer ends between two 4-byte UCS-4
|
||||
code points, so that the assert reported in the bug can no longer
|
||||
happen.
|
||||
|
||||
Even though the fix is applied to ibm1364.c, the change is only
|
||||
effective for the two HAS_COMBINED codecs for IBM1390, IBM1399.
|
||||
|
||||
The test case was mostly auto-generated using
|
||||
claude-4.6-opus-high-thinking, and composer-2-fast shows up in the
|
||||
log as well. During review, gpt-5.4-xhigh flagged that the original
|
||||
version of the test case was not exercising the new character
|
||||
flush logic.
|
||||
|
||||
This fixes bug 33980.
|
||||
|
||||
Assisted-by: LLM
|
||||
Reviewed-by: Carlos O'Donell <carlos@redhat.com>
|
||||
(cherry picked from commit d6f08d1cf027f4eb2ba289a6cc66853722d4badc)
|
||||
|
||||
diff --git a/iconvdata/Makefile b/iconvdata/Makefile
|
||||
index 5a2abeea24..cc689f63e9 100644
|
||||
--- a/iconvdata/Makefile
|
||||
+++ b/iconvdata/Makefile
|
||||
@@ -76,7 +76,7 @@ tests = bug-iconv1 bug-iconv2 tst-loading tst-e2big tst-iconv4 bug-iconv4 \
|
||||
tst-iconv6 bug-iconv5 bug-iconv6 tst-iconv7 bug-iconv8 bug-iconv9 \
|
||||
bug-iconv10 bug-iconv11 bug-iconv12 tst-iconv-big5-hkscs-to-2ucs4 \
|
||||
bug-iconv13 bug-iconv14 bug-iconv15 \
|
||||
- tst-iconv-iso-2022-cn-ext
|
||||
+ tst-iconv-iso-2022-cn-ext tst-bug33980
|
||||
ifeq ($(have-thread-library),yes)
|
||||
tests += bug-iconv3
|
||||
endif
|
||||
@@ -333,6 +333,8 @@ $(objpfx)bug-iconv15.out: $(addprefix $(objpfx), $(gconv-modules)) \
|
||||
$(addprefix $(objpfx),$(modules.so))
|
||||
$(objpfx)tst-iconv-iso-2022-cn-ext.out: $(addprefix $(objpfx), $(gconv-modules)) \
|
||||
$(addprefix $(objpfx),$(modules.so))
|
||||
+$(objpfx)tst-bug33980.out: $(addprefix $(objpfx), $(gconv-modules)) \
|
||||
+ $(addprefix $(objpfx),$(modules.so))
|
||||
|
||||
$(objpfx)iconv-test.out: run-iconv-test.sh \
|
||||
$(addprefix $(objpfx), $(gconv-modules)) \
|
||||
diff --git a/iconvdata/ibm1364.c b/iconvdata/ibm1364.c
|
||||
index 45c62acee5..244c61ad7a 100644
|
||||
--- a/iconvdata/ibm1364.c
|
||||
+++ b/iconvdata/ibm1364.c
|
||||
@@ -67,12 +67,29 @@
|
||||
|
||||
/* Since this is a stateful encoding we have to provide code which resets
|
||||
the output state to the initial state. This has to be done during the
|
||||
- flushing. */
|
||||
+ flushing. For the to-internal direction (FROM_DIRECTION is true),
|
||||
+ there may be a pending character that needs flushing. */
|
||||
#define EMIT_SHIFT_TO_INIT \
|
||||
if ((data->__statep->__count & ~7) != sb) \
|
||||
{ \
|
||||
if (FROM_DIRECTION) \
|
||||
- data->__statep->__count &= 7; \
|
||||
+ { \
|
||||
+ uint32_t ch = data->__statep->__count >> 7; \
|
||||
+ if (__glibc_unlikely (ch != 0)) \
|
||||
+ { \
|
||||
+ if (__glibc_unlikely (outend - outbuf < 4)) \
|
||||
+ status = __GCONV_FULL_OUTPUT; \
|
||||
+ else \
|
||||
+ { \
|
||||
+ put32 (outbuf, ch); \
|
||||
+ outbuf += 4; \
|
||||
+ /* Clear character and db bit. */ \
|
||||
+ data->__statep->__count &= 7; \
|
||||
+ } \
|
||||
+ } \
|
||||
+ else \
|
||||
+ data->__statep->__count &= 7; \
|
||||
+ } \
|
||||
else \
|
||||
{ \
|
||||
/* We are not in the initial state. To switch back we have \
|
||||
@@ -99,11 +116,13 @@
|
||||
*curcsp = save_curcs
|
||||
|
||||
|
||||
-/* Current codeset type. */
|
||||
+/* Current codeset type. The bit is stored in the __count variable of
|
||||
+ the conversion state. If the db bit is set, bit 7 and above store
|
||||
+ a pending UCS-4 code point if non-zero. */
|
||||
enum
|
||||
{
|
||||
- sb = 0,
|
||||
- db = 64
|
||||
+ sb = 0, /* Single byte mode. */
|
||||
+ db = 64 /* Double byte mode. */
|
||||
};
|
||||
|
||||
|
||||
@@ -119,21 +138,29 @@ enum
|
||||
} \
|
||||
else \
|
||||
{ \
|
||||
- /* This is a combined character. Make sure we have room. */ \
|
||||
- if (__glibc_unlikely (outptr + 8 > outend)) \
|
||||
- { \
|
||||
- result = __GCONV_FULL_OUTPUT; \
|
||||
- break; \
|
||||
- } \
|
||||
- \
|
||||
const struct divide *cmbp \
|
||||
= &DB_TO_UCS4_COMB[ch - __TO_UCS4_COMBINED_MIN]; \
|
||||
assert (cmbp->res1 != 0 && cmbp->res2 != 0); \
|
||||
\
|
||||
put32 (outptr, cmbp->res1); \
|
||||
outptr += 4; \
|
||||
- put32 (outptr, cmbp->res2); \
|
||||
- outptr += 4; \
|
||||
+ \
|
||||
+ /* See whether we have room for the second character. */ \
|
||||
+ if (outend - outptr >= 4) \
|
||||
+ { \
|
||||
+ put32 (outptr, cmbp->res2); \
|
||||
+ outptr += 4; \
|
||||
+ } \
|
||||
+ else \
|
||||
+ { \
|
||||
+ /* Otherwise store only the first character now, and \
|
||||
+ put the second one into the queue. */ \
|
||||
+ curcs |= cmbp->res2 << 7; \
|
||||
+ inptr += 2; \
|
||||
+ /* Tell the caller why we terminate the loop. */ \
|
||||
+ result = __GCONV_FULL_OUTPUT; \
|
||||
+ break; \
|
||||
+ } \
|
||||
} \
|
||||
}
|
||||
#else
|
||||
@@ -153,7 +180,20 @@ enum
|
||||
#define LOOPFCT FROM_LOOP
|
||||
#define BODY \
|
||||
{ \
|
||||
- uint32_t ch = *inptr; \
|
||||
+ uint32_t ch; \
|
||||
+ \
|
||||
+ ch = curcs >> 7; \
|
||||
+ if (__glibc_unlikely (ch != 0)) \
|
||||
+ { \
|
||||
+ put32 (outptr, ch); \
|
||||
+ outptr += 4; \
|
||||
+ /* Remove the pending character, but preserve state bits. */ \
|
||||
+ curcs &= (1 << 7) - 1; \
|
||||
+ continue; \
|
||||
+ } \
|
||||
+ \
|
||||
+ /* Otherwise read the next input byte. */ \
|
||||
+ ch = *inptr; \
|
||||
\
|
||||
if (__builtin_expect (ch, 0) == SO) \
|
||||
{ \
|
||||
diff --git a/iconvdata/tst-bug33980.c b/iconvdata/tst-bug33980.c
|
||||
new file mode 100644
|
||||
index 0000000000..c9693e0efe
|
||||
--- /dev/null
|
||||
+++ b/iconvdata/tst-bug33980.c
|
||||
@@ -0,0 +1,153 @@
|
||||
+/* Test for bug 33980: combining characters in IBM1390/IBM1399.
|
||||
+ Copyright (C) 2026 Free Software Foundation, Inc.
|
||||
+ This file is part of the GNU C Library.
|
||||
+
|
||||
+ The GNU C Library is free software; you can redistribute it and/or
|
||||
+ modify it under the terms of the GNU Lesser General Public
|
||||
+ License as published by the Free Software Foundation; either
|
||||
+ version 2.1 of the License, or (at your option) any later version.
|
||||
+
|
||||
+ The GNU C Library is distributed in the hope that it will be useful,
|
||||
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
|
||||
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
|
||||
+ Lesser General Public License for more details.
|
||||
+
|
||||
+ You should have received a copy of the GNU Lesser General Public
|
||||
+ License along with the GNU C Library; if not, see
|
||||
+ <https://www.gnu.org/licenses/>. */
|
||||
+
|
||||
+#include <alloc_buffer.h>
|
||||
+#include <errno.h>
|
||||
+#include <iconv.h>
|
||||
+#include <stdbool.h>
|
||||
+#include <string.h>
|
||||
+
|
||||
+#include <support/check.h>
|
||||
+#include <support/next_to_fault.h>
|
||||
+#include <support/support.h>
|
||||
+
|
||||
+/* Run iconv in a loop with a small output buffer of OUTBUFSIZE bytes
|
||||
+ starting at OUTBUF. OUTBUF should be right before an unmapped page
|
||||
+ so that writing past the end will fault. Skip SHIFT bytes at the
|
||||
+ start of the input and output, to exercise different buffer
|
||||
+ alignment. TRUNCATE indicates skipped bytes at the end of
|
||||
+ input (0 and 1 a valid). */
|
||||
+static void
|
||||
+test_one (const char *encoding, unsigned int shift, unsigned int truncate,
|
||||
+ char *outbuf, size_t outbufsize)
|
||||
+{
|
||||
+ /* In IBM1390 and IBM1399, the DBCS code 0xECB5 expands to two
|
||||
+ Unicode code points when translated. */
|
||||
+ static char input[] =
|
||||
+ {
|
||||
+ /* 8 letters X. */
|
||||
+ 0xe7, 0xe7, 0xe7, 0xe7, 0xe7, 0xe7, 0xe7, 0xe7,
|
||||
+ /* SO, 0xECB5, SI: shift to DBCS, special character, shift back. */
|
||||
+ 0x0e, 0xec, 0xb5, 0x0f
|
||||
+ };
|
||||
+
|
||||
+ /* Expected output after UTF-8 conversion. */
|
||||
+ static char expected[] =
|
||||
+ {
|
||||
+ 'X', 'X', 'X', 'X', 'X', 'X', 'X', 'X',
|
||||
+ /* U+304B (HIRAGANA LETTER KA). */
|
||||
+ 0xe3, 0x81, 0x8b,
|
||||
+ /* U+309A (COMBINING KATAKANA-HIRAGANA SEMI-VOICED SOUND MARK). */
|
||||
+ 0xe3, 0x82, 0x9a
|
||||
+ };
|
||||
+
|
||||
+ iconv_t cd = iconv_open ("UTF-8", encoding);
|
||||
+ TEST_VERIFY_EXIT (cd != (iconv_t) -1);
|
||||
+
|
||||
+ char result_storage[64];
|
||||
+ struct alloc_buffer result_buf
|
||||
+ = alloc_buffer_create (result_storage, sizeof (result_storage));
|
||||
+
|
||||
+ char *inptr = &input[shift];
|
||||
+ size_t inleft = sizeof (input) - shift - truncate;
|
||||
+
|
||||
+ while (inleft > 0)
|
||||
+ {
|
||||
+ char *outptr = outbuf;
|
||||
+ size_t outleft = outbufsize;
|
||||
+ size_t inleft_before = inleft;
|
||||
+
|
||||
+ size_t ret = iconv (cd, &inptr, &inleft, &outptr, &outleft);
|
||||
+ size_t produced = outptr - outbuf;
|
||||
+ alloc_buffer_copy_bytes (&result_buf, outbuf, produced);
|
||||
+
|
||||
+ if (ret == (size_t) -1 && errno == E2BIG)
|
||||
+ {
|
||||
+ if (produced == 0 && inleft == inleft_before)
|
||||
+ {
|
||||
+ /* Output buffer too small to make progress. This is
|
||||
+ expected for very small output buffer sizes. */
|
||||
+ TEST_VERIFY_EXIT (outbufsize < 3);
|
||||
+ break;
|
||||
+ }
|
||||
+ continue;
|
||||
+ }
|
||||
+ if (ret == (size_t) -1)
|
||||
+ FAIL_EXIT1 ("%s (outbufsize %zu): iconv: %m", encoding, outbufsize);
|
||||
+ break;
|
||||
+ }
|
||||
+
|
||||
+ /* Flush any pending state (e.g. a buffered combined character).
|
||||
+ With outbufsize < 3, we could not store the first character, so
|
||||
+ the second character did not become pending, and there is nothing
|
||||
+ to flush. */
|
||||
+ {
|
||||
+ char *outptr = outbuf;
|
||||
+ size_t outleft = outbufsize;
|
||||
+
|
||||
+ size_t ret = iconv (cd, NULL, NULL, &outptr, &outleft);
|
||||
+ TEST_VERIFY_EXIT (ret == 0);
|
||||
+ size_t produced = outptr - outbuf;
|
||||
+ alloc_buffer_copy_bytes (&result_buf, outbuf, produced);
|
||||
+
|
||||
+ /* Second flush does not provide more data. */
|
||||
+ outptr = outbuf;
|
||||
+ outleft = outbufsize;
|
||||
+ ret = iconv (cd, NULL, NULL, &outptr, &outleft);
|
||||
+ TEST_VERIFY_EXIT (ret == 0);
|
||||
+ TEST_VERIFY (outptr == outbuf);
|
||||
+ }
|
||||
+
|
||||
+ TEST_VERIFY_EXIT (!alloc_buffer_has_failed (&result_buf));
|
||||
+ size_t result_used
|
||||
+ = sizeof (result_storage) - alloc_buffer_size (&result_buf);
|
||||
+
|
||||
+ if (outbufsize >= 3)
|
||||
+ {
|
||||
+ TEST_COMPARE (inleft, 0);
|
||||
+ TEST_COMPARE (result_used, sizeof (expected) - shift);
|
||||
+ TEST_COMPARE_BLOB (result_storage, result_used,
|
||||
+ &expected[shift], sizeof (expected) - shift);
|
||||
+ }
|
||||
+ else
|
||||
+ /* If the buffer is too small, only the leading X could be converted. */
|
||||
+ TEST_COMPARE (result_used, 8 - shift);
|
||||
+
|
||||
+ TEST_VERIFY_EXIT (iconv_close (cd) == 0);
|
||||
+}
|
||||
+
|
||||
+static int
|
||||
+do_test (void)
|
||||
+{
|
||||
+ struct support_next_to_fault ntf
|
||||
+ = support_next_to_fault_allocate (8);
|
||||
+
|
||||
+ for (int shift = 0; shift <= 8; ++shift)
|
||||
+ for (int truncate = 0; truncate < 2; ++truncate)
|
||||
+ for (size_t outbufsize = 1; outbufsize <= 8; outbufsize++)
|
||||
+ {
|
||||
+ char *outbuf = ntf.buffer + ntf.length - outbufsize;
|
||||
+ test_one ("IBM1390", shift, truncate, outbuf, outbufsize);
|
||||
+ test_one ("IBM1399", shift, truncate, outbuf, outbufsize);
|
||||
+ }
|
||||
+
|
||||
+ support_next_to_fault_free (&ntf);
|
||||
+ return 0;
|
||||
+}
|
||||
+
|
||||
+#include <support/test-driver.c>
|
||||
|
||||
commit 12feedaf67e11c4618dc50c6aab4dbfd1e6d9531
|
||||
Author: DJ Delorie <dj@redhat.com>
|
||||
Date: Mon Jan 26 22:24:42 2026 -0500
|
||||
|
||||
include: isolate __O_CLOEXEC flag for sys/mount.h and fcntl.h
|
||||
|
||||
Including sys/mount.h should not implicitly include fcntl.h
|
||||
as that causes namespace pollution and conflicts with kernel
|
||||
headers. It only needs O_CLOEXEC for OPEN_TREE_CLOEXEC
|
||||
(although it shouldn't need that, but it's defined that way)
|
||||
so we provide that define (via a private version) separately.
|
||||
|
||||
Reviewed-by: Adhemerval Zanella <adhemerval.zanella@linaro.org>
|
||||
Tested-by: Florian Weimer <fweimer@redhat.com>
|
||||
(cherry picked from commit 419245719ccbc7dad6a97f24465e7f09c090327a)
|
||||
|
||||
diff --git a/io/fcntl.c b/io/fcntl.c
|
||||
index e88e28664c..b7dab1bb39 100644
|
||||
--- a/io/fcntl.c
|
||||
+++ b/io/fcntl.c
|
||||
@@ -18,6 +18,10 @@
|
||||
#include <errno.h>
|
||||
#include <fcntl.h>
|
||||
|
||||
+#ifndef __O_CLOEXEC
|
||||
+# error __O_CLOEXEC not defined by fcntl.h/cloexec.h
|
||||
+#endif
|
||||
+
|
||||
/* Perform file control operations on FD. */
|
||||
int
|
||||
__fcntl (int fd, int cmd, ...)
|
||||
diff --git a/sysdeps/unix/sysv/linux/Makefile b/sysdeps/unix/sysv/linux/Makefile
|
||||
index c47cbdf428..053041f256 100644
|
||||
--- a/sysdeps/unix/sysv/linux/Makefile
|
||||
+++ b/sysdeps/unix/sysv/linux/Makefile
|
||||
@@ -129,6 +129,7 @@ CFLAGS-test-errno-linux.c += $(no-fortify-source)
|
||||
|
||||
sysdep_headers += \
|
||||
bits/a.out.h \
|
||||
+ bits/cloexec.h \
|
||||
bits/epoll.h \
|
||||
bits/eventfd.h \
|
||||
bits/inotify.h \
|
||||
diff --git a/sysdeps/unix/sysv/linux/alpha/bits/cloexec.h b/sysdeps/unix/sysv/linux/alpha/bits/cloexec.h
|
||||
new file mode 100644
|
||||
index 0000000000..f381f28a53
|
||||
--- /dev/null
|
||||
+++ b/sysdeps/unix/sysv/linux/alpha/bits/cloexec.h
|
||||
@@ -0,0 +1 @@
|
||||
+#define __O_CLOEXEC 010000000
|
||||
diff --git a/sysdeps/unix/sysv/linux/bits/cloexec.h b/sysdeps/unix/sysv/linux/bits/cloexec.h
|
||||
new file mode 100644
|
||||
index 0000000000..3059fb6473
|
||||
--- /dev/null
|
||||
+++ b/sysdeps/unix/sysv/linux/bits/cloexec.h
|
||||
@@ -0,0 +1 @@
|
||||
+#define __O_CLOEXEC 02000000
|
||||
diff --git a/sysdeps/unix/sysv/linux/bits/fcntl-linux.h b/sysdeps/unix/sysv/linux/bits/fcntl-linux.h
|
||||
index f425a4bf22..98954feaca 100644
|
||||
--- a/sysdeps/unix/sysv/linux/bits/fcntl-linux.h
|
||||
+++ b/sysdeps/unix/sysv/linux/bits/fcntl-linux.h
|
||||
@@ -81,9 +81,7 @@
|
||||
#ifndef __O_NOFOLLOW
|
||||
# define __O_NOFOLLOW 0400000
|
||||
#endif
|
||||
-#ifndef __O_CLOEXEC
|
||||
-# define __O_CLOEXEC 02000000
|
||||
-#endif
|
||||
+#include <bits/cloexec.h>
|
||||
#ifndef __O_DIRECT
|
||||
# define __O_DIRECT 040000
|
||||
#endif
|
||||
diff --git a/sysdeps/unix/sysv/linux/hppa/bits/cloexec.h b/sysdeps/unix/sysv/linux/hppa/bits/cloexec.h
|
||||
new file mode 100644
|
||||
index 0000000000..f381f28a53
|
||||
--- /dev/null
|
||||
+++ b/sysdeps/unix/sysv/linux/hppa/bits/cloexec.h
|
||||
@@ -0,0 +1 @@
|
||||
+#define __O_CLOEXEC 010000000
|
||||
diff --git a/sysdeps/unix/sysv/linux/sparc/bits/cloexec.h b/sysdeps/unix/sysv/linux/sparc/bits/cloexec.h
|
||||
new file mode 100644
|
||||
index 0000000000..6706eaa7d5
|
||||
--- /dev/null
|
||||
+++ b/sysdeps/unix/sysv/linux/sparc/bits/cloexec.h
|
||||
@@ -0,0 +1 @@
|
||||
+#define __O_CLOEXEC 0x400000
|
||||
diff --git a/sysdeps/unix/sysv/linux/sys/mount.h b/sysdeps/unix/sysv/linux/sys/mount.h
|
||||
index b549e75148..365da1c296 100644
|
||||
--- a/sysdeps/unix/sysv/linux/sys/mount.h
|
||||
+++ b/sysdeps/unix/sysv/linux/sys/mount.h
|
||||
@@ -21,7 +21,6 @@
|
||||
#ifndef _SYS_MOUNT_H
|
||||
#define _SYS_MOUNT_H 1
|
||||
|
||||
-#include <fcntl.h>
|
||||
#include <features.h>
|
||||
#include <stdint.h>
|
||||
#include <stddef.h>
|
||||
@@ -266,6 +265,11 @@ enum fsconfig_command
|
||||
|
||||
/* open_tree flags. */
|
||||
#define OPEN_TREE_CLONE 1 /* Clone the target tree and attach the clone */
|
||||
+#ifndef O_CLOEXEC
|
||||
+# include <bits/cloexec.h>
|
||||
+# define O_CLOEXEC __O_CLOEXEC
|
||||
+#endif
|
||||
+#undef OPEN_TREE_CLOEXEC
|
||||
#define OPEN_TREE_CLOEXEC O_CLOEXEC /* Close the file on execve() */
|
||||
|
||||
|
||||
diff --git a/sysdeps/unix/sysv/linux/tst-mount.c b/sysdeps/unix/sysv/linux/tst-mount.c
|
||||
index 40913c7082..78a2772b2f 100644
|
||||
--- a/sysdeps/unix/sysv/linux/tst-mount.c
|
||||
+++ b/sysdeps/unix/sysv/linux/tst-mount.c
|
||||
@@ -20,6 +20,7 @@
|
||||
#include <support/check.h>
|
||||
#include <support/xunistd.h>
|
||||
#include <support/namespace.h>
|
||||
+#include <fcntl.h> /* For AT_ constants. */
|
||||
#include <sys/mount.h>
|
||||
|
||||
_Static_assert (sizeof (struct mount_attr) == MOUNT_ATTR_SIZE_VER0,
|
||||
|
||||
commit 3ecfa68561d723564a1fb565366182eb4acb3e8f
|
||||
Author: Florian Weimer <fweimer@redhat.com>
|
||||
Date: Wed Mar 4 18:32:36 2026 +0100
|
||||
|
||||
Linux: Only define OPEN_TREE_* macros in <sys/mount.h> if undefined (bug 33921)
|
||||
|
||||
There is a conditional inclusion of <linux/mount.h> earlier in the file.
|
||||
If that defines the macros, do not redefine them. This addresses build
|
||||
problems as the token sequence used by the UAPI macro definitions
|
||||
changes between Linux versions.
|
||||
|
||||
Reviewed-by: Adhemerval Zanella <adhemerval.zanella@linaro.org>
|
||||
(cherry picked from commit d12b017cddfeb9fe9920ba054ae3dfcb8e9238b8)
|
||||
|
||||
diff --git a/sysdeps/unix/sysv/linux/sys/mount.h b/sysdeps/unix/sysv/linux/sys/mount.h
|
||||
index 365da1c296..30ba56c1e8 100644
|
||||
--- a/sysdeps/unix/sysv/linux/sys/mount.h
|
||||
+++ b/sysdeps/unix/sysv/linux/sys/mount.h
|
||||
@@ -264,14 +264,16 @@ enum fsconfig_command
|
||||
#define FSOPEN_CLOEXEC 0x00000001
|
||||
|
||||
/* open_tree flags. */
|
||||
-#define OPEN_TREE_CLONE 1 /* Clone the target tree and attach the clone */
|
||||
+#ifndef OPEN_TREE_CLONE
|
||||
+# define OPEN_TREE_CLONE 1 /* Clone the target tree and attach the clone */
|
||||
+#endif
|
||||
#ifndef O_CLOEXEC
|
||||
# include <bits/cloexec.h>
|
||||
# define O_CLOEXEC __O_CLOEXEC
|
||||
#endif
|
||||
-#undef OPEN_TREE_CLOEXEC
|
||||
-#define OPEN_TREE_CLOEXEC O_CLOEXEC /* Close the file on execve() */
|
||||
-
|
||||
+#ifndef OPEN_TREE_CLOEXEC
|
||||
+# define OPEN_TREE_CLOEXEC O_CLOEXEC /* Close the file on execve() */
|
||||
+#endif
|
||||
|
||||
__BEGIN_DECLS
|
||||
|
||||
|
||||
commit 3e87cf9be93acf19d685e8003fc649cdb052a891
|
||||
Author: H.J. Lu <hjl.tools@gmail.com>
|
||||
Date: Mon Apr 13 10:46:42 2026 +0800
|
||||
|
||||
abilist.awk: Handle weak unversioned defined symbols
|
||||
|
||||
After
|
||||
|
||||
commit f685e3953f9a38a41bbd0a597f9882870cee13d5
|
||||
Author: H.J. Lu <hjl.tools@gmail.com>
|
||||
Date: Wed Oct 29 09:49:57 2025 +0800
|
||||
|
||||
elf: Don't set its DT_VERSYM entry for unversioned symbol
|
||||
|
||||
ld no longer assigns version index 1 to unversioned defined symbol.
|
||||
For libmachuser.so, "objdump --dynamic-syms" reports:
|
||||
|
||||
0000dd30 w DF .text 000000f8 processor_start
|
||||
|
||||
instead of
|
||||
|
||||
0000dd30 w DF .text 000000f8 (Base) processor_start
|
||||
|
||||
Also allow NF == 6 for weak unversioned dynamic symbols. This fixes BZ
|
||||
33650.
|
||||
|
||||
Signed-off-by: H.J. Lu <hjl.tools@gmail.com>
|
||||
Reviewed-by: Sam James <sam@gentoo.org>
|
||||
(cherry picked from commit ee5d1db2a81468413fbf7c82779ffa782f429d1a)
|
||||
|
||||
diff --git a/scripts/abilist.awk b/scripts/abilist.awk
|
||||
index 6cc7af6ac8..7ea1edf8c0 100644
|
||||
--- a/scripts/abilist.awk
|
||||
+++ b/scripts/abilist.awk
|
||||
@@ -38,7 +38,7 @@ $4 == "*UND*" { next }
|
||||
$2 == "l" { next }
|
||||
|
||||
# If the target uses ST_OTHER, it will be output before the symbol name.
|
||||
-$2 == "g" || $2 == "w" && (NF == 7 || NF == 8) {
|
||||
+$2 == "g" || $2 == "w" && (NF == 6 || NF == 7 || NF == 8) {
|
||||
type = $3;
|
||||
size = $5;
|
||||
sub(/^0*/, "", size);
|
||||
|
||||
commit b4bca35ab9e76890504c4dbdd5eaf15a93514580
|
||||
Author: Rocket Ma <marocketbd@gmail.com>
|
||||
Date: Fri May 1 20:39:07 2026 -0700
|
||||
|
||||
libio: Fix ungetwc operating on byte stream [BZ #33998]
|
||||
|
||||
* libio/wgenops.c: When _IO_wdefault_pbackfail attempts to push back one
|
||||
character, it accidently compare the wchar to push back with the last
|
||||
char from byte stream, instead of wide stream. Under specific coding,
|
||||
attacker may exploit this to leak information. This commit fix bug
|
||||
33998, or CVE-2026-5928.
|
||||
|
||||
Signed-off-by: Rocket Ma <marocketbd@gmail.com>
|
||||
Reviewed-by: Carlos O'Donell <carlos@redhat.com>
|
||||
(cherry picked from commit ef3bfb5f910011f3780cb06aa47e730035f53285)
|
||||
|
||||
diff --git a/libio/Makefile b/libio/Makefile
|
||||
index f020f8ec4d..fa2b8ae791 100644
|
||||
--- a/libio/Makefile
|
||||
+++ b/libio/Makefile
|
||||
@@ -83,6 +83,7 @@ tests = \
|
||||
bug-ungetwc1 \
|
||||
bug-ungetwc2 \
|
||||
bug-wfflush \
|
||||
+ bug-wgenops-bz33998 \
|
||||
bug-wmemstream1 \
|
||||
bug-wsetpos \
|
||||
test-fmemopen \
|
||||
diff --git a/libio/bug-wgenops-bz33998.c b/libio/bug-wgenops-bz33998.c
|
||||
new file mode 100644
|
||||
index 0000000000..cc4067da99
|
||||
--- /dev/null
|
||||
+++ b/libio/bug-wgenops-bz33998.c
|
||||
@@ -0,0 +1,54 @@
|
||||
+/* Regression test for ungetwc operating on byte stream (BZ #33998)
|
||||
+ Copyright (C) 2026 The GNU Toolchain Authors.
|
||||
+ This file is part of the GNU C Library.
|
||||
+
|
||||
+ The GNU C Library is free software; you can redistribute it and/or
|
||||
+ modify it under the terms of the GNU Lesser General Public
|
||||
+ License as published by the Free Software Foundation; either
|
||||
+ version 2.1 of the License, or (at your option) any later version.
|
||||
+
|
||||
+ The GNU C Library is distributed in the hope that it will be useful,
|
||||
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
|
||||
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
|
||||
+ Lesser General Public License for more details.
|
||||
+
|
||||
+ You should have received a copy of the GNU Lesser General Public
|
||||
+ License along with the GNU C Library; if not, see
|
||||
+ <https://www.gnu.org/licenses/>. */
|
||||
+
|
||||
+#include "support/temp_file.h"
|
||||
+#include "support/xstdio.h"
|
||||
+#include "support/xunistd.h"
|
||||
+#include <stdlib.h>
|
||||
+#include <unistd.h>
|
||||
+#include <sys/mman.h>
|
||||
+#include <stdio.h>
|
||||
+#include <wchar.h>
|
||||
+#include <support/check.h>
|
||||
+
|
||||
+static int
|
||||
+do_test (void)
|
||||
+{
|
||||
+ char *filename;
|
||||
+ int fd = create_temp_file ("tst-bz33998-", &filename);
|
||||
+ TEST_VERIFY (fd != -1);
|
||||
+ xwrite (fd, "A", sizeof ("A")); // write "A\0" by design
|
||||
+ xclose (fd);
|
||||
+
|
||||
+ FILE *fp = xfopen (filename, "r+");
|
||||
+ TEST_COMPARE (getwc (fp), L'A');
|
||||
+ /* If the bug is fixed, then ungetwc should not touch byte stream.
|
||||
+ If the bug is not fixed, ungetwc firstly match last read char, L'A',
|
||||
+ failed, then the pbackfail branch, matching last read char in byte
|
||||
+ stream, that is, '\0' (initialized when setup wide stream). */
|
||||
+ char *old_read_ptr = fp->_IO_read_ptr;
|
||||
+ TEST_COMPARE (ungetwc (L'\0', fp), L'\0');
|
||||
+ TEST_VERIFY (fp->_IO_read_ptr == old_read_ptr);
|
||||
+
|
||||
+ xfclose (fp);
|
||||
+ free (filename);
|
||||
+
|
||||
+ return 0;
|
||||
+}
|
||||
+
|
||||
+#include <support/test-driver.c>
|
||||
diff --git a/libio/wgenops.c b/libio/wgenops.c
|
||||
index 0a11d1b1de..9e0b2c00ea 100644
|
||||
--- a/libio/wgenops.c
|
||||
+++ b/libio/wgenops.c
|
||||
@@ -108,8 +108,8 @@ _IO_wdefault_pbackfail (FILE *fp, wint_t c)
|
||||
{
|
||||
if (fp->_wide_data->_IO_read_ptr > fp->_wide_data->_IO_read_base
|
||||
&& !_IO_in_backup (fp)
|
||||
- && (wint_t) fp->_IO_read_ptr[-1] == c)
|
||||
- --fp->_IO_read_ptr;
|
||||
+ && (wint_t) fp->_wide_data->_IO_read_ptr[-1] == c)
|
||||
+ --fp->_wide_data->_IO_read_ptr;
|
||||
else
|
||||
{
|
||||
/* Need to handle a filebuf in write mode (switch to read mode). FIXME!*/
|
||||
|
||||
commit 4ebd33dd77eabe8d4c45232bed4b42a31d2f9edc
|
||||
Author: Rocket Ma <marocketbd@gmail.com>
|
||||
Date: Fri Apr 17 23:48:41 2026 -0700
|
||||
|
||||
stdio-common: Fix buffer overflow in scanf %mc [BZ #34008]
|
||||
|
||||
* stdio-common/vfscanf-internal.c: When enlarging allocated buffer with
|
||||
format %mc or %mC, glibc allocates one byte less, leading to
|
||||
user-controlled one byte overflow. This commit fixes BZ #34008, or
|
||||
CVE-2026-5450.
|
||||
|
||||
Reviewed-by: Carlos O'Donell <carlos@redhat.com>
|
||||
Signed-off-by: Rocket Ma <marocketbd@gmail.com>
|
||||
Reviewed-by: H.J. Lu <hjl.tools@gmail.com>
|
||||
(cherry picked from commit 839898777226a3ed88c0859f25ffe712519b4ead)
|
||||
|
||||
diff --git a/stdio-common/Makefile b/stdio-common/Makefile
|
||||
index 64b3575acb..e52c333808 100644
|
||||
--- a/stdio-common/Makefile
|
||||
+++ b/stdio-common/Makefile
|
||||
@@ -347,6 +347,7 @@ tests := \
|
||||
tst-vfprintf-user-type \
|
||||
tst-vfprintf-width-i18n \
|
||||
tst-vfprintf-width-prec-alloc \
|
||||
+ tst-vfscanf-bz34008 \
|
||||
tst-wc-printf \
|
||||
tstdiomisc \
|
||||
tstgetln \
|
||||
@@ -562,6 +563,9 @@ tst-printf-bz18872-ENV = MALLOC_TRACE=$(objpfx)tst-printf-bz18872.mtrace \
|
||||
tst-vfprintf-width-prec-ENV = \
|
||||
MALLOC_TRACE=$(objpfx)tst-vfprintf-width-prec.mtrace \
|
||||
LD_PRELOAD=$(common-objpfx)/malloc/libc_malloc_debug.so
|
||||
+tst-vfscanf-bz34008-ENV = \
|
||||
+ MALLOC_CHECK_=3 \
|
||||
+ LD_PRELOAD=$(common-objpfx)/malloc/libc_malloc_debug.so
|
||||
tst-printf-bz25691-ENV = \
|
||||
MALLOC_TRACE=$(objpfx)tst-printf-bz25691.mtrace \
|
||||
LD_PRELOAD=$(common-objpfx)/malloc/libc_malloc_debug.so
|
||||
diff --git a/stdio-common/tst-vfscanf-bz34008.c b/stdio-common/tst-vfscanf-bz34008.c
|
||||
new file mode 100644
|
||||
index 0000000000..48371c8a3d
|
||||
--- /dev/null
|
||||
+++ b/stdio-common/tst-vfscanf-bz34008.c
|
||||
@@ -0,0 +1,48 @@
|
||||
+/* Regression test for vfscanf %Nmc out-of-bound write (BZ #34008)
|
||||
+ Copyright (C) 2026 The GNU Toolchain Authors.
|
||||
+ This file is part of the GNU C Library.
|
||||
+
|
||||
+ The GNU C Library is free software; you can redistribute it and/or
|
||||
+ modify it under the terms of the GNU Lesser General Public
|
||||
+ License as published by the Free Software Foundation; either
|
||||
+ version 2.1 of the License, or (at your option) any later version.
|
||||
+
|
||||
+ The GNU C Library is distributed in the hope that it will be useful,
|
||||
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
|
||||
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
|
||||
+ Lesser General Public License for more details.
|
||||
+
|
||||
+ You should have received a copy of the GNU Lesser General Public
|
||||
+ License along with the GNU C Library; if not, see
|
||||
+ <https://www.gnu.org/licenses/>. */
|
||||
+
|
||||
+#include "malloc/mcheck.h"
|
||||
+#include <stddef.h>
|
||||
+#include <stdio.h>
|
||||
+#include <string.h>
|
||||
+#include <wchar.h>
|
||||
+#include <stdlib.h>
|
||||
+#include <malloc.h>
|
||||
+#include <support/check.h>
|
||||
+
|
||||
+#define WIDTH 0x410
|
||||
+#define SCANFSTR "%1040mc"
|
||||
+static int
|
||||
+do_test (void)
|
||||
+{
|
||||
+ mcheck_pedantic (NULL);
|
||||
+ char *input = malloc (WIDTH + 1);
|
||||
+ TEST_VERIFY (input != NULL);
|
||||
+ memset (input, 'A', WIDTH);
|
||||
+ input[WIDTH] = '\0';
|
||||
+
|
||||
+ char *buf = NULL;
|
||||
+ TEST_VERIFY (sscanf (input, SCANFSTR, &buf) != -1);
|
||||
+ TEST_VERIFY (buf != NULL);
|
||||
+
|
||||
+ free (buf);
|
||||
+ free (input);
|
||||
+ return 0;
|
||||
+}
|
||||
+
|
||||
+#include <support/test-driver.c>
|
||||
diff --git a/stdio-common/vfscanf-internal.c b/stdio-common/vfscanf-internal.c
|
||||
index 86ae5019a6..17b5565d0f 100644
|
||||
--- a/stdio-common/vfscanf-internal.c
|
||||
+++ b/stdio-common/vfscanf-internal.c
|
||||
@@ -853,8 +853,7 @@ __vfscanf_internal (FILE *s, const char *format, va_list argptr,
|
||||
{
|
||||
/* Enlarge the buffer. */
|
||||
size_t newsize
|
||||
- = strsize
|
||||
- + (strsize >= width ? width - 1 : strsize);
|
||||
+ = strsize + (strsize >= width ? width : strsize);
|
||||
|
||||
str = (char *) realloc (*strptr, newsize);
|
||||
if (str == NULL)
|
||||
@@ -925,7 +924,7 @@ __vfscanf_internal (FILE *s, const char *format, va_list argptr,
|
||||
&& wstr == (wchar_t *) *strptr + strsize)
|
||||
{
|
||||
size_t newsize
|
||||
- = strsize + (strsize > width ? width - 1 : strsize);
|
||||
+ = strsize + (strsize >= width ? width : strsize);
|
||||
/* Enlarge the buffer. */
|
||||
wstr = (wchar_t *) realloc (*strptr,
|
||||
newsize * sizeof (wchar_t));
|
||||
@@ -980,7 +979,7 @@ __vfscanf_internal (FILE *s, const char *format, va_list argptr,
|
||||
&& wstr == (wchar_t *) *strptr + strsize)
|
||||
{
|
||||
size_t newsize
|
||||
- = strsize + (strsize > width ? width - 1 : strsize);
|
||||
+ = strsize + (strsize >= width ? width : strsize);
|
||||
/* Enlarge the buffer. */
|
||||
wstr = (wchar_t *) realloc (*strptr,
|
||||
newsize * sizeof (wchar_t));
|
||||
|
|
|
|||
|
|
@ -51,7 +51,7 @@
|
|||
|
||||
let
|
||||
version = "2.42";
|
||||
patchSuffix = "-61";
|
||||
patchSuffix = "-67";
|
||||
sha256 = "sha256-0XdeMuRijmTvkw9DW2e7Y691may2viszW58Z8WUJ8X8=";
|
||||
in
|
||||
|
||||
|
|
@ -68,8 +68,8 @@ stdenv.mkDerivation (
|
|||
patches = [
|
||||
/*
|
||||
No tarballs for stable upstream branch, only https://sourceware.org/git/glibc.git and using git would complicate bootstrapping.
|
||||
$ git fetch --all -p && git checkout origin/release/2.40/master && git describe
|
||||
glibc-2.42-61-ga56a2943d2
|
||||
$ git fetch --all -p && git checkout origin/release/2.42/master && git describe
|
||||
glibc-2.42-67-g4ebd33dd77
|
||||
$ git show --minimal --reverse glibc-2.42.. ':!ADVISORIES' > 2.42-master.patch
|
||||
|
||||
To compare the archive contents zdiff can be used.
|
||||
|
|
|
|||
|
|
@ -46,13 +46,13 @@ let
|
|||
};
|
||||
};
|
||||
libxml2 = callPackage ./common.nix {
|
||||
version = "2.15.2";
|
||||
version = "2.15.3";
|
||||
src = fetchFromGitLab {
|
||||
domain = "gitlab.gnome.org";
|
||||
owner = "GNOME";
|
||||
repo = "libxml2";
|
||||
tag = "v${packages.libxml2.version}";
|
||||
hash = "sha256-k5dZ75D/BOouYAjrof9Jm2lY29XZhOqS1kudDGmGY9Q=";
|
||||
hash = "sha256-fDntZDyITs223by8n7ueOXiO7yyzshtANoWbY0+yeqo=";
|
||||
};
|
||||
extraMeta = {
|
||||
maintainers = with lib.maintainers; [
|
||||
|
|
|
|||
|
|
@ -13,13 +13,13 @@
|
|||
|
||||
stdenv.mkDerivation rec {
|
||||
pname = "openexr";
|
||||
version = "3.4.10";
|
||||
version = "3.4.11";
|
||||
|
||||
src = fetchFromGitHub {
|
||||
owner = "AcademySoftwareFoundation";
|
||||
repo = "openexr";
|
||||
rev = "v${version}";
|
||||
hash = "sha256-jXio+PvagKTR8NjcYIQ/j8LOMNc/0sQBuaixKk/0V3k=";
|
||||
hash = "sha256-5dx2tag6XyuJfNfJgc68X+VWKXaHOL3M7ZJEQbQwFDA=";
|
||||
};
|
||||
|
||||
outputs = [
|
||||
|
|
|
|||
|
|
@ -1,202 +1,202 @@
|
|||
{
|
||||
"qt3d": {
|
||||
"url": "https://invent.kde.org/qt/qt/qt3d.git",
|
||||
"rev": "208f5835e6c2415c9dc5cbe92bba83aa28bab7ea",
|
||||
"sha256": "0zqvdq5y25b1w7agx5wlr16p1wrx54086r0xcdfg9wx8dayhh1md"
|
||||
"rev": "c3892c3ee3c0a2b8a050d0a1532f34806636eade",
|
||||
"sha256": "0y3f4pr0vr7cpwmjxqspv79p7rljgc913fl8nqpv8y2aw8i5r4ly"
|
||||
},
|
||||
"qtactiveqt": {
|
||||
"url": "https://invent.kde.org/qt/qt/qtactiveqt.git",
|
||||
"rev": "e4c93bc7cac45bac6bccda3310947e8fe026a9ed",
|
||||
"sha256": "1qq6jvqkl4ff7sw20pi1mawh5pypv7vxmj56d38z6p06r1azkvls"
|
||||
"rev": "e85773764374878adc197b6a45ae8ec3ff44dafa",
|
||||
"sha256": "1sbayayxgjj8jfi3apxw6m8qsmkba0gph2rm1wsnzjsa80zr17ia"
|
||||
},
|
||||
"qtandroidextras": {
|
||||
"url": "https://invent.kde.org/qt/qt/qtandroidextras.git",
|
||||
"rev": "4928bd58dbc1cdcf44a7e454e3d4654c3c2016f1",
|
||||
"sha256": "02rsh60lyl6bn2jhx0ajn43safbi904nhwvdpikanrmdbg0z6dpp"
|
||||
"rev": "14a14b137f0d794278947e980d99c47e6929e5e2",
|
||||
"sha256": "0nvyxjm5qfq7sk22rp9hxrf8gvs6jq4i3kww1s0i8lsr69fl9biz"
|
||||
},
|
||||
"qtbase": {
|
||||
"url": "https://invent.kde.org/qt/qt/qtbase.git",
|
||||
"rev": "bebdfd54917e25d1c100e6bd9f5dd53c2e645fd8",
|
||||
"sha256": "0bg36lxngkq2k11bhqdyfvbc1qyqaghwsi446zfn67vxvyxya3hx"
|
||||
"rev": "fbed962c3195ab3952fa54d40e012ad1a4fdc42b",
|
||||
"sha256": "1gnbgs7kh0vxjh3spv5g5zaaj1z1b0h8752pqi4lqg6jd1js2bpl"
|
||||
},
|
||||
"qtcharts": {
|
||||
"url": "https://invent.kde.org/qt/qt/qtcharts.git",
|
||||
"rev": "1093fb53ced126100d14af30a8adffd29b7ef855",
|
||||
"sha256": "0cnlg59l743milkki8mjbrfd4cx5ycbqw73apcrnrsag9dqdbw41"
|
||||
"rev": "16e9aff210cd4de7192adfc6cd91cdd44ba45a3d",
|
||||
"sha256": "02virkb7h8hhkdsqpv2qg3lly4msf648f7421z10acxhin6ypw5i"
|
||||
},
|
||||
"qtconnectivity": {
|
||||
"url": "https://invent.kde.org/qt/qt/qtconnectivity.git",
|
||||
"rev": "f1be05c8efeb65b77a8bfd21763ab55bb5c04906",
|
||||
"sha256": "1vl7wfw9sd8qfl8ixzl5wz4v5km5zdf9bii53q3pw4f2lplsralq"
|
||||
"rev": "7e29434e06372efbb2127d0ef41538ff9aec1597",
|
||||
"sha256": "1wv9bh13rq6mnnzsh6g88a2kj2j4nfv83vqpbdxmyavdf349pwdj"
|
||||
},
|
||||
"qtdatavis3d": {
|
||||
"url": "https://invent.kde.org/qt/qt/qtdatavis3d.git",
|
||||
"rev": "d9b988d3c5f9f34b97f3a9ac1347bfb55464cd60",
|
||||
"sha256": "09jk32kw7wgcrd117a9lsm5w7jszsdhdslk10qn631wz203zbs4i"
|
||||
"rev": "b52063032fda9af894ca0e582774364ce8caf0f8",
|
||||
"sha256": "1zbfx7hqh1ydi2vx8pj6dxlrrc7wf8sqcwxzx8acphdyj66zcmch"
|
||||
},
|
||||
"qtdeclarative": {
|
||||
"url": "https://invent.kde.org/qt/qt/qtdeclarative.git",
|
||||
"rev": "1189557a50f11e7bc5716467a149cd09987a9f88",
|
||||
"sha256": "0cd89d8i8chy1j1yanp1cq5s7467qr24b9c7cx9qw0nb0rf6f8qr"
|
||||
"rev": "5bc1ac07b2d2c7839368084a4bb97e4c67eb8294",
|
||||
"sha256": "0xpq0xjiscx72dcyg0lpr90ag5q7gypzcqnwbsnh401jrxn2pll1"
|
||||
},
|
||||
"qtdoc": {
|
||||
"url": "https://invent.kde.org/qt/qt/qtdoc.git",
|
||||
"rev": "ddb2afda6f713259fc8d95fb22a1c96bb448c36a",
|
||||
"sha256": "0nk2vwl0ppix794xzj8nqrhsc333v8v4vr1rmwddymwlrdqlqd5d"
|
||||
"rev": "385efd460ec13a465765fc30dd11217ae46d1846",
|
||||
"sha256": "0djflkibfgjp8gr16hiv6nipj4q4xyclgv84f3d951dj2q7779v6"
|
||||
},
|
||||
"qtgamepad": {
|
||||
"url": "https://invent.kde.org/qt/qt/qtgamepad.git",
|
||||
"rev": "269fc0731f6838a1c02877a83c0ada23659c69fc",
|
||||
"sha256": "06jhby671yzbj753yb0lnk4bv2r0nxxibq7fq1yljxdms0rc72iz"
|
||||
"rev": "9b69ae558f0f9feffe30b0aa8993e270dfcc81ff",
|
||||
"sha256": "056b39r4jsag5d7f5m04vmpydvnwpfs5mcynsdx717qdginlmiam"
|
||||
},
|
||||
"qtgraphicaleffects": {
|
||||
"url": "https://invent.kde.org/qt/qt/qtgraphicaleffects.git",
|
||||
"rev": "dfb2e7b2c98a9b7185c300d0b92b4048f5d89ba5",
|
||||
"sha256": "1sn46lmq0y56mw0q11sgaijr2vg1wpp6lj237finp6vr3bji2816"
|
||||
"rev": "551732fb1d963e53af437e3982a010f69eb76253",
|
||||
"sha256": "1pyjb66nhlhin6ysm4005ng4m2ak857ai761rqx8l2h4fscgwvhf"
|
||||
},
|
||||
"qtimageformats": {
|
||||
"url": "https://invent.kde.org/qt/qt/qtimageformats.git",
|
||||
"rev": "c91e4c63c1eaf1e23806d9df10e3d5a9ae353c1d",
|
||||
"sha256": "0q0vcymiqfyz8sfs9wdkhhwff55acj2rsmrb8w6yikmwcmcxp2a3"
|
||||
"rev": "4076e38d68f05f5e1bcdedb79442d9008f18702c",
|
||||
"sha256": "1kgvs3jgs2qysrx2kr4vn68h9gjv6ir1nd4hg0m2fbsjk644aa8w"
|
||||
},
|
||||
"qtlocation": {
|
||||
"url": "https://invent.kde.org/qt/qt/qtlocation.git",
|
||||
"rev": "ba48a8b5cedd157d972c08d371ac2581db166bf7",
|
||||
"sha256": "00kwv405qq9q8fcwar33s2wvs1dm10fb8plxbz1q0jqcjs2ips6x"
|
||||
"rev": "81f560be2274958011c255efa1d2d573874bed11",
|
||||
"sha256": "1lpxngppxkhych9pkkcvw7ypw02cd324pw0z9hd9kqcd803p2017"
|
||||
},
|
||||
"qtlottie": {
|
||||
"url": "https://invent.kde.org/qt/qt/qtlottie.git",
|
||||
"rev": "27ed5a3c95a0810a96fac2a8661ea94d8ea3c44e",
|
||||
"sha256": "04ivyxnn8d3pkjsbx0gwyj3f5if4m4cih6wyavm8bd2m2kkszx35"
|
||||
"rev": "5f1be885cf4ee0f1eb5400bf0c5d138818fc01d0",
|
||||
"sha256": "01880y8r2acnzfg09qm031kx99vp3zjv3zi38sh17shgcipx1fxp"
|
||||
},
|
||||
"qtmacextras": {
|
||||
"url": "https://invent.kde.org/qt/qt/qtmacextras.git",
|
||||
"rev": "fc7e9f41d9cec2df05c1d38d6e55d3a0d501dd25",
|
||||
"sha256": "07q1arvdjwmbrayp2b213b8gqm4psczhx9z1m83invwmbs8iqj07"
|
||||
"rev": "722060e4edff268feb2dda1298a7837c90f6262f",
|
||||
"sha256": "1fqw1p6vx3gqw1sf1yk4cz1cb3d1xrbjq0p22gi0pspll314c8x0"
|
||||
},
|
||||
"qtmultimedia": {
|
||||
"url": "https://invent.kde.org/qt/qt/qtmultimedia.git",
|
||||
"rev": "ff83d119c75cd8406f73ccc08958fe36747e7390",
|
||||
"sha256": "09jadnvphilcxxy85dlsr8a6x5w32r1c2hrbh93qbvvf9zlg60ld"
|
||||
"rev": "8ddc44103baf166525d6650c842d7f08f651e7bb",
|
||||
"sha256": "0akj2d8b6kdy125ggs9cd7pra3vm47frqpn6p756jafsxylkqwbh"
|
||||
},
|
||||
"qtnetworkauth": {
|
||||
"url": "https://invent.kde.org/qt/qt/qtnetworkauth.git",
|
||||
"rev": "510687fa4fdee84dd3d6d166e8f080c484016199",
|
||||
"sha256": "0a8abmql94wxpfvdj5a1rnh3xsd49c5z8x93hm311sgjkd0aajx7"
|
||||
"rev": "d1ce24a72122c315e3d190c9ebc26ed603b90057",
|
||||
"sha256": "1wcw26x38k619xavrwav21w0vrzb24bn6ncxllcwd9bdn7vvn1wr"
|
||||
},
|
||||
"qtpurchasing": {
|
||||
"url": "https://invent.kde.org/qt/qt/qtpurchasing.git",
|
||||
"rev": "8e9a5ec9f68639162c85c198b28e072e7150883c",
|
||||
"sha256": "04pmwqnw907dg0hpas0pdrh2fxcqn2mvqz82b1vkviksg8ny3saw"
|
||||
"rev": "b471c6ca3edfa5ba459b8694622825b9e776bed6",
|
||||
"sha256": "1plwpxasiw2sx76a294i4i92vk5g5gaigjfy284jpmaargxsyd7k"
|
||||
},
|
||||
"qtquick3d": {
|
||||
"url": "https://invent.kde.org/qt/qt/qtquick3d.git",
|
||||
"rev": "47a325358078b72016081a86be628411df2728a9",
|
||||
"sha256": "18h309g6ni6y4bcss930g04z8ymhl2nfm3sv5s4h2fz3dl0xsqwr"
|
||||
"rev": "4e85bd063c726f015dc8afb05834de7a71bf6a1b",
|
||||
"sha256": "0k6wjkr2jyc1v6xrm34dnlbbdnippiph5jxzjxawlxijzzvmgcp5"
|
||||
},
|
||||
"qtquickcontrols": {
|
||||
"url": "https://invent.kde.org/qt/qt/qtquickcontrols.git",
|
||||
"rev": "0c3c18bf8bdac1ef1afdb8aade903edb5c2bc041",
|
||||
"sha256": "0h8bhrbgfcf7nbfppah8lxnhvygc09983qrvp935r5sw7251km4d"
|
||||
"rev": "af7fc486c8910b51733e1c7e758d50ca1a158b36",
|
||||
"sha256": "1nbgpnz2qi8g24cmli25a9319vgqmk9vgngb12q2j8c8k3nlhhfs"
|
||||
},
|
||||
"qtquickcontrols2": {
|
||||
"url": "https://invent.kde.org/qt/qt/qtquickcontrols2.git",
|
||||
"rev": "e464888c53a641ee44a34ff2350cfb156c8ed59f",
|
||||
"sha256": "08lnqz6v48j1hi6dpll7a052p6r5qfb32md16fppqzn6g5jg9ir2"
|
||||
"rev": "5b808e0995d018c6de9f075d4a61f58d3641c11b",
|
||||
"sha256": "1a65j06nzlxl1hmdh5li1gglcrqms0g560c2cj9vqzqm551krdj8"
|
||||
},
|
||||
"qtquicktimeline": {
|
||||
"url": "https://invent.kde.org/qt/qt/qtquicktimeline.git",
|
||||
"rev": "43130f2681b76a8d743a04704465b716b6b2faee",
|
||||
"sha256": "1z1avxxq9d9nzqyxy5pq5maj73cf6dvsn5k83p3sf5kq3x0y75cj"
|
||||
"rev": "ea9d6c4d5a0a172b4778e8f37d694d02aab83f37",
|
||||
"sha256": "0170n0mcrf8phh3nsg2f904p8vxwmw8lks48zkpnbvyrj4gzqcr2"
|
||||
},
|
||||
"qtremoteobjects": {
|
||||
"url": "https://invent.kde.org/qt/qt/qtremoteobjects.git",
|
||||
"rev": "b2740a7c7f5b6ac810240404a947ca5cff9de5f7",
|
||||
"sha256": "1jxlwc2y165fxdalcr4iqq55gsg5x4nxqd8wdq3dc1824yfnzm6i"
|
||||
"rev": "48d10f341279e08c1bc4abb764c2d3ab9a259a51",
|
||||
"sha256": "0523n172f96w474y804sanppfx2zkgsm342vwa6ailrcfkjw8v58"
|
||||
},
|
||||
"qtscxml": {
|
||||
"url": "https://invent.kde.org/qt/qt/qtscxml.git",
|
||||
"rev": "57491f554bc53bd020978b5744437b7ac7e56a27",
|
||||
"sha256": "00mvwgb3xr116nl7649zq7ai2074clzw760c140sy91zqgqkjsx4"
|
||||
"rev": "edc6f0dd5e806cced1937b2b853717f588e14fd2",
|
||||
"sha256": "1072slgrvy910mxxqsvf7fgi237mjnbd2b8amw1srqzqj2bmnsj3"
|
||||
},
|
||||
"qtsensors": {
|
||||
"url": "https://invent.kde.org/qt/qt/qtsensors.git",
|
||||
"rev": "50a61b360877e7c1300df76b5aabf8d75554a398",
|
||||
"sha256": "0giqwn4grg9999y31avh7ajsv9gkcfzf0xndx8bvv79si0wp59g6"
|
||||
"rev": "8c6d11df60d4d783869c2d81568e3178f5ae75ce",
|
||||
"sha256": "18jc5nncmpmbf758mcj9wj6dfn87hl51zp0ihqcvk6k6a8ra6l7p"
|
||||
},
|
||||
"qtserialbus": {
|
||||
"url": "https://invent.kde.org/qt/qt/qtserialbus.git",
|
||||
"rev": "c23069351ec31563c9ea9fcdce42ccdba95ea518",
|
||||
"sha256": "1qgxlgnl53gabrfqihxwygdbdiqjvn2hfajmwb3h44srpq0srk33"
|
||||
"rev": "6734222bccc5541f9527281c810c6b5f8fdd092f",
|
||||
"sha256": "0ragq01wdwqwqp9720i3xan3a4xnkkvgc8gjy1wgwmdrs0mlb49z"
|
||||
},
|
||||
"qtserialport": {
|
||||
"url": "https://invent.kde.org/qt/qt/qtserialport.git",
|
||||
"rev": "b64a7eeda9b6a65b5ed01b1b40b07177f0aa4c0f",
|
||||
"sha256": "134mn0njfvmzgrf325bikazkiq4xdn5wjhj56kxh1hhaz3q25hyp"
|
||||
"rev": "ca1f2486527e7acf87d466062c035845f9774573",
|
||||
"sha256": "0xdywglxh9sxs2s60shwf6c4m5w20h77l9d58rganqwpbrh49vkj"
|
||||
},
|
||||
"qtspeech": {
|
||||
"url": "https://invent.kde.org/qt/qt/qtspeech.git",
|
||||
"rev": "aa2376f9b1302222edcd16b4641bbd7004318c00",
|
||||
"sha256": "0vcxgkymzhaw01f26zlny4bka9k829rwzkwk95rr3dfq7wlyxshz"
|
||||
"rev": "a384f0d4fb8a2d0743d5dfdf12e40f6d76f8714c",
|
||||
"sha256": "0imn7jskjvz30xnbg1z8wxkcw82hb6v92xls327385wxxj0a5i6r"
|
||||
},
|
||||
"qtsvg": {
|
||||
"url": "https://invent.kde.org/qt/qt/qtsvg.git",
|
||||
"rev": "b74f7291f343dcbcb487b020868f042d8fe83098",
|
||||
"sha256": "1n0sjn8h5k2sh8p2a85cxdpqbnd63gz4rf9wwbshhd13w623f9s8"
|
||||
"rev": "d2abfb9cb1f036446e5913fadb0f065dab9f0159",
|
||||
"sha256": "048lbk25rbfbd2c8pbsifdxjcxb2003hi04lfsmgh7xr27x55gch"
|
||||
},
|
||||
"qttools": {
|
||||
"url": "https://invent.kde.org/qt/qt/qttools.git",
|
||||
"rev": "fa40a2d3373b89be0cd0a43fe0c1d047e3d34058",
|
||||
"sha256": "06kr88gmwc7xh1whdbcg84y1naak5rv99jkscjbhzyz3z91xy7hl"
|
||||
"rev": "3e3ab58b40734a1b9bbb7e72b2969d1f752351b1",
|
||||
"sha256": "18dmmw1r13in7h90y3637jw3sc2pvv33bfr1bs11dyp951spw8d3"
|
||||
},
|
||||
"qttranslations": {
|
||||
"url": "https://invent.kde.org/qt/qt/qttranslations.git",
|
||||
"rev": "3cbcceb8e3e2e63a4022f1be946c7118c527a83e",
|
||||
"sha256": "15lw5snqfkwwcsazh02lhiia39gy08nfijdpkzvll2qvg4b58zkn"
|
||||
"rev": "388e4f32ed4b28d92bd61b917ba0e6b910e2784d",
|
||||
"sha256": "1k76zl5c1x9q8kid3sjv4d66wy9ryl24fyiabrg32c7nbn53pbd4"
|
||||
},
|
||||
"qtvirtualkeyboard": {
|
||||
"url": "https://invent.kde.org/qt/qt/qtvirtualkeyboard.git",
|
||||
"rev": "859d2a6ee329cc08414410b2ef8c0af77a6853d3",
|
||||
"sha256": "06sdpcanzp1a71d99rjivrbjp780mvwssc4w1sap2gskcmmgkwbs"
|
||||
"rev": "4fc9919ee3fad1d520d0921ba3069dca3c34ff78",
|
||||
"sha256": "12kn69l34s1r6s9w7cw9l5524kwrx8xrxwbx4hw059jns1pqac0d"
|
||||
},
|
||||
"qtwayland": {
|
||||
"url": "https://invent.kde.org/qt/qt/qtwayland.git",
|
||||
"rev": "df49b9f3badce793a0a9ea850cf1a02cc5bafef6",
|
||||
"sha256": "01xm2r1pv7kxb4aj72ldfzmax6d799h6bj4h2xhpcii812wf5lda"
|
||||
"rev": "605b8bc942ab263b9d1892af33a81b408f522ccc",
|
||||
"sha256": "09vrd62ikxzjpv6awi7n34pswg4w5yvmac5ckc6ma6rqvps7mbip"
|
||||
},
|
||||
"qtwebchannel": {
|
||||
"url": "https://invent.kde.org/qt/qt/qtwebchannel.git",
|
||||
"rev": "2a157921861e651f43456cb7941b250c89feb736",
|
||||
"sha256": "1w58b602f20mppd0zfr9yvfdn1xwfkfclnjs0p5mgymq6d946dyk"
|
||||
"rev": "6a20afaeba182ce6e3faee592e1e85a0d3ec0fc6",
|
||||
"sha256": "18jfxpasn47qd4glkgvps7nzm07dag6w9jbkq9l7fzbkpcbnqykb"
|
||||
},
|
||||
"qtwebglplugin": {
|
||||
"url": "https://invent.kde.org/qt/qt/qtwebglplugin.git",
|
||||
"rev": "b9aaac72d0853ba48f6bfd710a43df94d83d4701",
|
||||
"sha256": "07zx55f52jgk31bm6c68iydknrih245ndnvz714l6kxw66fv4rjq"
|
||||
"rev": "2a8ce0a61b4b9e892d948948182d935fa6792a1b",
|
||||
"sha256": "10n50frndssj3vmmhghlw48dn0c9b26zgkgjvkza8x234j9dijv2"
|
||||
},
|
||||
"qtwebsockets": {
|
||||
"url": "https://invent.kde.org/qt/qt/qtwebsockets.git",
|
||||
"rev": "0f910acb737cefc889ce1088fc60d15bc18efe9c",
|
||||
"sha256": "1ba9ll28hznd6qpjjiqvc2z6gaz2qgq7105dd0w810xpbaiixy0a"
|
||||
"rev": "10eb706b24aa05f4ee69c2f2fec99b21994dfe2b",
|
||||
"sha256": "1k01s4qkpzsjy7lygb0nhniym6g7yinih3sc16l3kljkabw44rx0"
|
||||
},
|
||||
"qtwebview": {
|
||||
"url": "https://invent.kde.org/qt/qt/qtwebview.git",
|
||||
"rev": "34342073a59f3a27ef3de02f6b21337c4f8db6cf",
|
||||
"sha256": "1h6n7dkd6mjclxllyw2brz8wv4d68dx2ykckbwb3bkxyd6rmg1f6"
|
||||
"rev": "043cb7c0eaf8d1bcee56a62d6a102f727a22fcbc",
|
||||
"sha256": "0ha0ksbxm21hj37z7yk3f09ncgchw78cpcrxv56a205i2f04370d"
|
||||
},
|
||||
"qtwinextras": {
|
||||
"url": "https://invent.kde.org/qt/qt/qtwinextras.git",
|
||||
"rev": "5e5ae2b77078dbe51fb798743de606e6f9a5e19d",
|
||||
"sha256": "04x8ax197z0dr01nxrb6bh4q8c077ny5n812fx5mq56l54v2m1ks"
|
||||
"rev": "0704d01ff1218c2f32a194e38005e625c579222c",
|
||||
"sha256": "0fsfrs770cia9i9ijvx1jyh0mjiza1cn1l7fm1a877h2qbd20l9f"
|
||||
},
|
||||
"qtx11extras": {
|
||||
"url": "https://invent.kde.org/qt/qt/qtx11extras.git",
|
||||
"rev": "c44c4fa86fa0794c25baef4ee1f6272aca8c511a",
|
||||
"sha256": "0287cvs9wqlzz6gnj81gi8rp50s2rdnigcmld3fgddsg8f3v7hdj"
|
||||
"rev": "6695a3df4460577b3fcb5546b45a0c5cb3addac4",
|
||||
"sha256": "1xjdicq8kf6816hgnz4hc7ykcfngispm8xzv3bxacf98zicmy9rm"
|
||||
},
|
||||
"qtxmlpatterns": {
|
||||
"url": "https://invent.kde.org/qt/qt/qtxmlpatterns.git",
|
||||
"rev": "0b644263abca66503db1ce8a4e126cf358a34685",
|
||||
"sha256": "1b1zzglvcdp7wvlpgk1gj8gmyy2r21yi6p8xiyvbccq5bbjpn0hw"
|
||||
"rev": "ed3b333aa56ac193e969725e3c34be9070441271",
|
||||
"sha256": "0s0z9dbivrq5pva6psfcfclw4816zb1rlr9ns03lf286iy196368"
|
||||
}
|
||||
}
|
||||
|
|
|
|||
|
|
@ -5,7 +5,7 @@
|
|||
}:
|
||||
|
||||
let
|
||||
version = "5.15.18";
|
||||
version = "5.15.19";
|
||||
|
||||
mk = name: args: {
|
||||
inherit version;
|
||||
|
|
|
|||
|
|
@ -1 +1 @@
|
|||
WGET_ARGS=( https://download.qt.io/official_releases/qt/6.11/6.11.0/submodules/ -A '*.tar.xz' )
|
||||
WGET_ARGS=( https://download.qt.io/official_releases/qt/6.11/6.11.1/submodules/ -A '*.tar.xz' )
|
||||
|
|
|
|||
|
|
@ -246,11 +246,6 @@ stdenv.mkDerivation {
|
|||
# don't pass qtbase's QML directory to qmlimportscanner if it's empty
|
||||
./skip-missing-qml-directory.patch
|
||||
|
||||
# backport crash fix
|
||||
(fetchpatch {
|
||||
url = "https://github.com/qt/qtbase/commit/1466f88633b2c29a6159a0c2eacd0c0d6601aa5e.diff";
|
||||
hash = "sha256-ubDAXF47SYagRAJ5SYyBxXl2PiHjAZo3xlYPDz1jRYM=";
|
||||
})
|
||||
# another crash fix
|
||||
(fetchpatch {
|
||||
url = "https://github.com/qt/qtbase/commit/515cbbacfba9f4259c9c3b0714a31222c2b4c879.diff";
|
||||
|
|
|
|||
|
|
@ -43,6 +43,12 @@ qtModule {
|
|||
hash = "sha256-ESy35OlmsvI4yFQ/rFT8oelOUBCwCmlcbQJvwcTrCig=";
|
||||
revert = true;
|
||||
})
|
||||
|
||||
# backport fix recommended by KDE
|
||||
(fetchpatch {
|
||||
url = "https://github.com/qt/qtdeclarative/commit/8a2c82be6ad90e3f2a0760d8bab1e3a8cdb2473a.diff";
|
||||
hash = "sha256-3KbyoQPAiRyCwGnwwYV3y0yz2i6UAJcX70EPsXV0ZZM=";
|
||||
})
|
||||
];
|
||||
|
||||
cmakeFlags = [
|
||||
|
|
|
|||
|
|
@ -6,13 +6,13 @@
|
|||
|
||||
qtModule rec {
|
||||
pname = "qtmqtt";
|
||||
version = "6.11.0";
|
||||
version = "6.11.1";
|
||||
|
||||
src = fetchFromGitHub {
|
||||
owner = "qt";
|
||||
repo = "qtmqtt";
|
||||
tag = "v${version}";
|
||||
hash = "sha256-7X+HWAftWHn40RPFQD3/f+bp00LQk8Vsb871WfxdZSE=";
|
||||
hash = "sha256-GWaF4iCPtATL1mJkPHVY0rom8R2FMNWGahE3KWBlfV8=";
|
||||
};
|
||||
|
||||
propagatedBuildInputs = [ qtbase ];
|
||||
|
|
|
|||
|
|
@ -4,339 +4,339 @@
|
|||
|
||||
{
|
||||
qt3d = {
|
||||
version = "6.11.0";
|
||||
version = "6.11.1";
|
||||
src = fetchurl {
|
||||
url = "${mirror}/official_releases/qt/6.11/6.11.0/submodules/qt3d-everywhere-src-6.11.0.tar.xz";
|
||||
sha256 = "086xpissihbil51ryl83dlcpkpv3pp3ryj0712x9k9z6756j7ks0";
|
||||
name = "qt3d-everywhere-src-6.11.0.tar.xz";
|
||||
url = "${mirror}/official_releases/qt/6.11/6.11.1/submodules/qt3d-everywhere-src-6.11.1.tar.xz";
|
||||
sha256 = "01q11bs7vjz1s5wdrdjq904dgl2m6l7r8d3vd2kyf7lx0j78qvd6";
|
||||
name = "qt3d-everywhere-src-6.11.1.tar.xz";
|
||||
};
|
||||
};
|
||||
qt5compat = {
|
||||
version = "6.11.0";
|
||||
version = "6.11.1";
|
||||
src = fetchurl {
|
||||
url = "${mirror}/official_releases/qt/6.11/6.11.0/submodules/qt5compat-everywhere-src-6.11.0.tar.xz";
|
||||
sha256 = "0gn6sj136y8yl1c00nbm81rmhws0mgx35ny7llx74j97ddj58ag6";
|
||||
name = "qt5compat-everywhere-src-6.11.0.tar.xz";
|
||||
url = "${mirror}/official_releases/qt/6.11/6.11.1/submodules/qt5compat-everywhere-src-6.11.1.tar.xz";
|
||||
sha256 = "06qndy534rzabxk9yq07dsl8fj1vd72lmck11r5xbajil3d9zjyg";
|
||||
name = "qt5compat-everywhere-src-6.11.1.tar.xz";
|
||||
};
|
||||
};
|
||||
qtactiveqt = {
|
||||
version = "6.11.0";
|
||||
version = "6.11.1";
|
||||
src = fetchurl {
|
||||
url = "${mirror}/official_releases/qt/6.11/6.11.0/submodules/qtactiveqt-everywhere-src-6.11.0.tar.xz";
|
||||
sha256 = "1kbqa0gx41s097281g4zym9jmjs2ffc75p3rgkbs6bvnlrvl0h89";
|
||||
name = "qtactiveqt-everywhere-src-6.11.0.tar.xz";
|
||||
url = "${mirror}/official_releases/qt/6.11/6.11.1/submodules/qtactiveqt-everywhere-src-6.11.1.tar.xz";
|
||||
sha256 = "05hcnhxkajry4ha7ykmqr83p16qjipspwxid8l2rxgz80wy6aadv";
|
||||
name = "qtactiveqt-everywhere-src-6.11.1.tar.xz";
|
||||
};
|
||||
};
|
||||
qtbase = {
|
||||
version = "6.11.0";
|
||||
version = "6.11.1";
|
||||
src = fetchurl {
|
||||
url = "${mirror}/official_releases/qt/6.11/6.11.0/submodules/qtbase-everywhere-src-6.11.0.tar.xz";
|
||||
sha256 = "0pkmrd8ypw1v21cx0890gc6z4v0xr5qip2jnr56r2kc6g5cxh6i3";
|
||||
name = "qtbase-everywhere-src-6.11.0.tar.xz";
|
||||
url = "${mirror}/official_releases/qt/6.11/6.11.1/submodules/qtbase-everywhere-src-6.11.1.tar.xz";
|
||||
sha256 = "1b616gr7k8byfr2ns4vczs4kj3sznhlrlw9inpb3m8la48qllnfr";
|
||||
name = "qtbase-everywhere-src-6.11.1.tar.xz";
|
||||
};
|
||||
};
|
||||
qtcanvaspainter = {
|
||||
version = "6.11.0";
|
||||
version = "6.11.1";
|
||||
src = fetchurl {
|
||||
url = "${mirror}/official_releases/qt/6.11/6.11.0/submodules/qtcanvaspainter-everywhere-src-6.11.0.tar.xz";
|
||||
sha256 = "1gmgzmh81wrnj81xsmilqwhc1wv7j2avg91mww8jlrv5rplzynjl";
|
||||
name = "qtcanvaspainter-everywhere-src-6.11.0.tar.xz";
|
||||
url = "${mirror}/official_releases/qt/6.11/6.11.1/submodules/qtcanvaspainter-everywhere-src-6.11.1.tar.xz";
|
||||
sha256 = "1l08zp68q3wcr9v5hh82kw6jqvc1wmnrjn7h9959psx520dwcdly";
|
||||
name = "qtcanvaspainter-everywhere-src-6.11.1.tar.xz";
|
||||
};
|
||||
};
|
||||
qtcharts = {
|
||||
version = "6.11.0";
|
||||
version = "6.11.1";
|
||||
src = fetchurl {
|
||||
url = "${mirror}/official_releases/qt/6.11/6.11.0/submodules/qtcharts-everywhere-src-6.11.0.tar.xz";
|
||||
sha256 = "1dcldlw24qd9swynxcdsxnk8haiv442wx323j7qgfwjp13a9nh5c";
|
||||
name = "qtcharts-everywhere-src-6.11.0.tar.xz";
|
||||
url = "${mirror}/official_releases/qt/6.11/6.11.1/submodules/qtcharts-everywhere-src-6.11.1.tar.xz";
|
||||
sha256 = "0p2icmrwb6am7x2kgk9pnpa8ypi7jiscyaawgi0x31iaihqyvqrz";
|
||||
name = "qtcharts-everywhere-src-6.11.1.tar.xz";
|
||||
};
|
||||
};
|
||||
qtconnectivity = {
|
||||
version = "6.11.0";
|
||||
version = "6.11.1";
|
||||
src = fetchurl {
|
||||
url = "${mirror}/official_releases/qt/6.11/6.11.0/submodules/qtconnectivity-everywhere-src-6.11.0.tar.xz";
|
||||
sha256 = "0fhrqqz58h3smkksfgnax73bmsiz7q9a1w9vhwd83vs9r0jc3w60";
|
||||
name = "qtconnectivity-everywhere-src-6.11.0.tar.xz";
|
||||
url = "${mirror}/official_releases/qt/6.11/6.11.1/submodules/qtconnectivity-everywhere-src-6.11.1.tar.xz";
|
||||
sha256 = "14g5h0wixqy981cnn5f8gkjbji804f18gfjkzbanxd0lljg2h191";
|
||||
name = "qtconnectivity-everywhere-src-6.11.1.tar.xz";
|
||||
};
|
||||
};
|
||||
qtdatavis3d = {
|
||||
version = "6.11.0";
|
||||
version = "6.11.1";
|
||||
src = fetchurl {
|
||||
url = "${mirror}/official_releases/qt/6.11/6.11.0/submodules/qtdatavis3d-everywhere-src-6.11.0.tar.xz";
|
||||
sha256 = "1jr3bkvp4wj1jdafc64ziq4raxbya6jk6s0d4mq0w2kr7zpqrggf";
|
||||
name = "qtdatavis3d-everywhere-src-6.11.0.tar.xz";
|
||||
url = "${mirror}/official_releases/qt/6.11/6.11.1/submodules/qtdatavis3d-everywhere-src-6.11.1.tar.xz";
|
||||
sha256 = "1b4kcqfq5q79lm70f08qiksxl36laa9dgx9ladjk2xwl1af7n6hy";
|
||||
name = "qtdatavis3d-everywhere-src-6.11.1.tar.xz";
|
||||
};
|
||||
};
|
||||
qtdeclarative = {
|
||||
version = "6.11.0";
|
||||
version = "6.11.1";
|
||||
src = fetchurl {
|
||||
url = "${mirror}/official_releases/qt/6.11/6.11.0/submodules/qtdeclarative-everywhere-src-6.11.0.tar.xz";
|
||||
sha256 = "1sgxxmg49flana7mylyz4c5mf5hr00kzl8nkwwj87pqx8dlybv2f";
|
||||
name = "qtdeclarative-everywhere-src-6.11.0.tar.xz";
|
||||
url = "${mirror}/official_releases/qt/6.11/6.11.1/submodules/qtdeclarative-everywhere-src-6.11.1.tar.xz";
|
||||
sha256 = "193ar0fcfzjjr7mi8i2622vip95qrr3qry949d9lyc5hf3v71rjj";
|
||||
name = "qtdeclarative-everywhere-src-6.11.1.tar.xz";
|
||||
};
|
||||
};
|
||||
qtdoc = {
|
||||
version = "6.11.0";
|
||||
version = "6.11.1";
|
||||
src = fetchurl {
|
||||
url = "${mirror}/official_releases/qt/6.11/6.11.0/submodules/qtdoc-everywhere-src-6.11.0.tar.xz";
|
||||
sha256 = "1wwl2vr1qs2lqmz45iqpkzkxqp97g0yzfmz0kb5wpi8sys7c07bx";
|
||||
name = "qtdoc-everywhere-src-6.11.0.tar.xz";
|
||||
url = "${mirror}/official_releases/qt/6.11/6.11.1/submodules/qtdoc-everywhere-src-6.11.1.tar.xz";
|
||||
sha256 = "1hd5z6prx2sbr3wxzkynrn2iyjllvkids505l2xg3p272j4b5306";
|
||||
name = "qtdoc-everywhere-src-6.11.1.tar.xz";
|
||||
};
|
||||
};
|
||||
qtgraphs = {
|
||||
version = "6.11.0";
|
||||
version = "6.11.1";
|
||||
src = fetchurl {
|
||||
url = "${mirror}/official_releases/qt/6.11/6.11.0/submodules/qtgraphs-everywhere-src-6.11.0.tar.xz";
|
||||
sha256 = "0nxifvs5042pzyd5syhgpmxzsq07fhpbbm57ckwzsn55q14cnvyz";
|
||||
name = "qtgraphs-everywhere-src-6.11.0.tar.xz";
|
||||
url = "${mirror}/official_releases/qt/6.11/6.11.1/submodules/qtgraphs-everywhere-src-6.11.1.tar.xz";
|
||||
sha256 = "0qh43qxqg4biyrrsd78nmi4dm3dnbswa95cq8db2k3lans517cc4";
|
||||
name = "qtgraphs-everywhere-src-6.11.1.tar.xz";
|
||||
};
|
||||
};
|
||||
qtgrpc = {
|
||||
version = "6.11.0";
|
||||
version = "6.11.1";
|
||||
src = fetchurl {
|
||||
url = "${mirror}/official_releases/qt/6.11/6.11.0/submodules/qtgrpc-everywhere-src-6.11.0.tar.xz";
|
||||
sha256 = "0yd8jjxigaynv386f3cs1i743nm7yngciw346xqfil3chd8wpvcx";
|
||||
name = "qtgrpc-everywhere-src-6.11.0.tar.xz";
|
||||
url = "${mirror}/official_releases/qt/6.11/6.11.1/submodules/qtgrpc-everywhere-src-6.11.1.tar.xz";
|
||||
sha256 = "0l52w91hd2crq6zyh5a8arv07yixnwcr2pya74bxpk2hqpq08ys3";
|
||||
name = "qtgrpc-everywhere-src-6.11.1.tar.xz";
|
||||
};
|
||||
};
|
||||
qthttpserver = {
|
||||
version = "6.11.0";
|
||||
version = "6.11.1";
|
||||
src = fetchurl {
|
||||
url = "${mirror}/official_releases/qt/6.11/6.11.0/submodules/qthttpserver-everywhere-src-6.11.0.tar.xz";
|
||||
sha256 = "16wqglm8ws63qs7i769xy94bygwbhkz7hjfw27hnps7d4yirb41b";
|
||||
name = "qthttpserver-everywhere-src-6.11.0.tar.xz";
|
||||
url = "${mirror}/official_releases/qt/6.11/6.11.1/submodules/qthttpserver-everywhere-src-6.11.1.tar.xz";
|
||||
sha256 = "01p7li9fvwnz2shx3d9wj9nnnnipya2q0whchyvgjqb8yzy71gq4";
|
||||
name = "qthttpserver-everywhere-src-6.11.1.tar.xz";
|
||||
};
|
||||
};
|
||||
qtimageformats = {
|
||||
version = "6.11.0";
|
||||
version = "6.11.1";
|
||||
src = fetchurl {
|
||||
url = "${mirror}/official_releases/qt/6.11/6.11.0/submodules/qtimageformats-everywhere-src-6.11.0.tar.xz";
|
||||
sha256 = "1j0cjj7gxjbprszw349janl3zk38rkby1bmxil329zp2qlmb1bfk";
|
||||
name = "qtimageformats-everywhere-src-6.11.0.tar.xz";
|
||||
url = "${mirror}/official_releases/qt/6.11/6.11.1/submodules/qtimageformats-everywhere-src-6.11.1.tar.xz";
|
||||
sha256 = "04y4pa5krrpyiqn039d6m8bzcxj6pa1m850rz3bmw5xc8ml6rgxj";
|
||||
name = "qtimageformats-everywhere-src-6.11.1.tar.xz";
|
||||
};
|
||||
};
|
||||
qtlanguageserver = {
|
||||
version = "6.11.0";
|
||||
version = "6.11.1";
|
||||
src = fetchurl {
|
||||
url = "${mirror}/official_releases/qt/6.11/6.11.0/submodules/qtlanguageserver-everywhere-src-6.11.0.tar.xz";
|
||||
sha256 = "1gq5yjvk6iyg606pgpxkb136qlz9hpb7ngll81nhiyb1ym1y9j0v";
|
||||
name = "qtlanguageserver-everywhere-src-6.11.0.tar.xz";
|
||||
url = "${mirror}/official_releases/qt/6.11/6.11.1/submodules/qtlanguageserver-everywhere-src-6.11.1.tar.xz";
|
||||
sha256 = "1vwavpi8swgs88pfjfddnb9cmsb4k1sjcgywp2rsnm6ay8vqa02h";
|
||||
name = "qtlanguageserver-everywhere-src-6.11.1.tar.xz";
|
||||
};
|
||||
};
|
||||
qtlocation = {
|
||||
version = "6.11.0";
|
||||
version = "6.11.1";
|
||||
src = fetchurl {
|
||||
url = "${mirror}/official_releases/qt/6.11/6.11.0/submodules/qtlocation-everywhere-src-6.11.0.tar.xz";
|
||||
sha256 = "1vxb6n8xf98zcg2bw29gsaqa74sg6jn9ilzs8c5b9q79i9m3if49";
|
||||
name = "qtlocation-everywhere-src-6.11.0.tar.xz";
|
||||
url = "${mirror}/official_releases/qt/6.11/6.11.1/submodules/qtlocation-everywhere-src-6.11.1.tar.xz";
|
||||
sha256 = "06z4hbiqki5chhmph131s71czyrjpnjvy3rxb4560vwy55vwx49p";
|
||||
name = "qtlocation-everywhere-src-6.11.1.tar.xz";
|
||||
};
|
||||
};
|
||||
qtlottie = {
|
||||
version = "6.11.0";
|
||||
version = "6.11.1";
|
||||
src = fetchurl {
|
||||
url = "${mirror}/official_releases/qt/6.11/6.11.0/submodules/qtlottie-everywhere-src-6.11.0.tar.xz";
|
||||
sha256 = "02ndplkk4bq01b0fh9l2ykw09v0k5nbsayrs9wcjwrdwg5law8rg";
|
||||
name = "qtlottie-everywhere-src-6.11.0.tar.xz";
|
||||
url = "${mirror}/official_releases/qt/6.11/6.11.1/submodules/qtlottie-everywhere-src-6.11.1.tar.xz";
|
||||
sha256 = "0y969gp64imwh49d5zbnw0wi2yva9fsp6qn58617rs9kvkdzml70";
|
||||
name = "qtlottie-everywhere-src-6.11.1.tar.xz";
|
||||
};
|
||||
};
|
||||
qtmultimedia = {
|
||||
version = "6.11.0";
|
||||
version = "6.11.1";
|
||||
src = fetchurl {
|
||||
url = "${mirror}/official_releases/qt/6.11/6.11.0/submodules/qtmultimedia-everywhere-src-6.11.0.tar.xz";
|
||||
sha256 = "0h30l8zflkla7rcshgs0jfjbjwvq9rqx0wq83f6vd0x9lz0cmi4h";
|
||||
name = "qtmultimedia-everywhere-src-6.11.0.tar.xz";
|
||||
url = "${mirror}/official_releases/qt/6.11/6.11.1/submodules/qtmultimedia-everywhere-src-6.11.1.tar.xz";
|
||||
sha256 = "02lvq1jk6m67m6z0w7vdzxhzmi441j8avvp79mfclfpfvm98w3rr";
|
||||
name = "qtmultimedia-everywhere-src-6.11.1.tar.xz";
|
||||
};
|
||||
};
|
||||
qtnetworkauth = {
|
||||
version = "6.11.0";
|
||||
version = "6.11.1";
|
||||
src = fetchurl {
|
||||
url = "${mirror}/official_releases/qt/6.11/6.11.0/submodules/qtnetworkauth-everywhere-src-6.11.0.tar.xz";
|
||||
sha256 = "1mqly8had79f54dlygh42jr0c0jfiv4j4w2rbr0s7qx9nk9ig342";
|
||||
name = "qtnetworkauth-everywhere-src-6.11.0.tar.xz";
|
||||
url = "${mirror}/official_releases/qt/6.11/6.11.1/submodules/qtnetworkauth-everywhere-src-6.11.1.tar.xz";
|
||||
sha256 = "0gan2qjv97d1387jqaiis2gigm6lz5jbk1k10x13w0yc5kr5n7cz";
|
||||
name = "qtnetworkauth-everywhere-src-6.11.1.tar.xz";
|
||||
};
|
||||
};
|
||||
qtopenapi = {
|
||||
version = "6.11.0";
|
||||
version = "6.11.1";
|
||||
src = fetchurl {
|
||||
url = "${mirror}/official_releases/qt/6.11/6.11.0/submodules/qtopenapi-everywhere-src-6.11.0.tar.xz";
|
||||
sha256 = "1h2pcq6i72yic0r7ns36vj678d1xqy291jamqd6b6jkjddmj1hlg";
|
||||
name = "qtopenapi-everywhere-src-6.11.0.tar.xz";
|
||||
url = "${mirror}/official_releases/qt/6.11/6.11.1/submodules/qtopenapi-everywhere-src-6.11.1.tar.xz";
|
||||
sha256 = "0nzl95w5pbfd6mfb6rzv6arz09pcm6siz1n07pgm9rrdr6z083a4";
|
||||
name = "qtopenapi-everywhere-src-6.11.1.tar.xz";
|
||||
};
|
||||
};
|
||||
qtpositioning = {
|
||||
version = "6.11.0";
|
||||
version = "6.11.1";
|
||||
src = fetchurl {
|
||||
url = "${mirror}/official_releases/qt/6.11/6.11.0/submodules/qtpositioning-everywhere-src-6.11.0.tar.xz";
|
||||
sha256 = "1scnnz65qyfg0nl9vjkqcss8xsw3yf91w71d9p1kwlfybscd07yn";
|
||||
name = "qtpositioning-everywhere-src-6.11.0.tar.xz";
|
||||
url = "${mirror}/official_releases/qt/6.11/6.11.1/submodules/qtpositioning-everywhere-src-6.11.1.tar.xz";
|
||||
sha256 = "1xbq1xjjbhb41lfp9mli8a5rgqf5pniswv0161v6wa5f04cbkrnm";
|
||||
name = "qtpositioning-everywhere-src-6.11.1.tar.xz";
|
||||
};
|
||||
};
|
||||
qtquick3d = {
|
||||
version = "6.11.0";
|
||||
version = "6.11.1";
|
||||
src = fetchurl {
|
||||
url = "${mirror}/official_releases/qt/6.11/6.11.0/submodules/qtquick3d-everywhere-src-6.11.0.tar.xz";
|
||||
sha256 = "1549gdb3yxj1bpl54kgnkkhzjx0zxqi71ssp4rj6qnz56fxh085l";
|
||||
name = "qtquick3d-everywhere-src-6.11.0.tar.xz";
|
||||
url = "${mirror}/official_releases/qt/6.11/6.11.1/submodules/qtquick3d-everywhere-src-6.11.1.tar.xz";
|
||||
sha256 = "0vs5bcz62r32gin0g4lb6wdmqrv0ypzar1s9wsza98la7zg8asy7";
|
||||
name = "qtquick3d-everywhere-src-6.11.1.tar.xz";
|
||||
};
|
||||
};
|
||||
qtquick3dphysics = {
|
||||
version = "6.11.0";
|
||||
version = "6.11.1";
|
||||
src = fetchurl {
|
||||
url = "${mirror}/official_releases/qt/6.11/6.11.0/submodules/qtquick3dphysics-everywhere-src-6.11.0.tar.xz";
|
||||
sha256 = "0dcx9913xss435cijx5bzckvsn66qfi6c39rx0gyv9iiys76qym5";
|
||||
name = "qtquick3dphysics-everywhere-src-6.11.0.tar.xz";
|
||||
url = "${mirror}/official_releases/qt/6.11/6.11.1/submodules/qtquick3dphysics-everywhere-src-6.11.1.tar.xz";
|
||||
sha256 = "1bvrmjb6m0ynq00ybdghvkbmwm237vff23ng8n4njysf05pns26i";
|
||||
name = "qtquick3dphysics-everywhere-src-6.11.1.tar.xz";
|
||||
};
|
||||
};
|
||||
qtquickeffectmaker = {
|
||||
version = "6.11.0";
|
||||
version = "6.11.1";
|
||||
src = fetchurl {
|
||||
url = "${mirror}/official_releases/qt/6.11/6.11.0/submodules/qtquickeffectmaker-everywhere-src-6.11.0.tar.xz";
|
||||
sha256 = "05fpv497rmx2lw7gx05sxyxjwx8gq8fbbnkzhnw73pk2xqzq20mc";
|
||||
name = "qtquickeffectmaker-everywhere-src-6.11.0.tar.xz";
|
||||
url = "${mirror}/official_releases/qt/6.11/6.11.1/submodules/qtquickeffectmaker-everywhere-src-6.11.1.tar.xz";
|
||||
sha256 = "0sqk8hkkdibv0ayxrvpcbgj3dcwfngpd6qjp2xm15pcbx1q3xrng";
|
||||
name = "qtquickeffectmaker-everywhere-src-6.11.1.tar.xz";
|
||||
};
|
||||
};
|
||||
qtquicktimeline = {
|
||||
version = "6.11.0";
|
||||
version = "6.11.1";
|
||||
src = fetchurl {
|
||||
url = "${mirror}/official_releases/qt/6.11/6.11.0/submodules/qtquicktimeline-everywhere-src-6.11.0.tar.xz";
|
||||
sha256 = "1micycw7m25gw0bgbfq7bnr7cg7qrjj2r69320rglc8lak6f3nq6";
|
||||
name = "qtquicktimeline-everywhere-src-6.11.0.tar.xz";
|
||||
url = "${mirror}/official_releases/qt/6.11/6.11.1/submodules/qtquicktimeline-everywhere-src-6.11.1.tar.xz";
|
||||
sha256 = "09wcx83yxif8r4v81h2jfj3wlj60wnc9k4dsp7hlah4yzm1zclxg";
|
||||
name = "qtquicktimeline-everywhere-src-6.11.1.tar.xz";
|
||||
};
|
||||
};
|
||||
qtremoteobjects = {
|
||||
version = "6.11.0";
|
||||
version = "6.11.1";
|
||||
src = fetchurl {
|
||||
url = "${mirror}/official_releases/qt/6.11/6.11.0/submodules/qtremoteobjects-everywhere-src-6.11.0.tar.xz";
|
||||
sha256 = "15yykbaxqc6v2flgjvn92w7gwfvi820dg4cxkjxcfhpix2m21571";
|
||||
name = "qtremoteobjects-everywhere-src-6.11.0.tar.xz";
|
||||
url = "${mirror}/official_releases/qt/6.11/6.11.1/submodules/qtremoteobjects-everywhere-src-6.11.1.tar.xz";
|
||||
sha256 = "06hiiyjpcgn8dp9jmgxj30nlrw73rqb869f0m63scccmqsarhqj0";
|
||||
name = "qtremoteobjects-everywhere-src-6.11.1.tar.xz";
|
||||
};
|
||||
};
|
||||
qtscxml = {
|
||||
version = "6.11.0";
|
||||
version = "6.11.1";
|
||||
src = fetchurl {
|
||||
url = "${mirror}/official_releases/qt/6.11/6.11.0/submodules/qtscxml-everywhere-src-6.11.0.tar.xz";
|
||||
sha256 = "1rylchpvzldy7hhr3icr85w8m4hf7wch17yqh368yrn3q19klf3c";
|
||||
name = "qtscxml-everywhere-src-6.11.0.tar.xz";
|
||||
url = "${mirror}/official_releases/qt/6.11/6.11.1/submodules/qtscxml-everywhere-src-6.11.1.tar.xz";
|
||||
sha256 = "0gr0j09isxgii3aivfvr35x40d9n0kj0g2icc7g7bzniwm2m4jcf";
|
||||
name = "qtscxml-everywhere-src-6.11.1.tar.xz";
|
||||
};
|
||||
};
|
||||
qtsensors = {
|
||||
version = "6.11.0";
|
||||
version = "6.11.1";
|
||||
src = fetchurl {
|
||||
url = "${mirror}/official_releases/qt/6.11/6.11.0/submodules/qtsensors-everywhere-src-6.11.0.tar.xz";
|
||||
sha256 = "1iy33w7gjp06xi4342si979q9w84cvbbk90kxmk2gx69icjjja21";
|
||||
name = "qtsensors-everywhere-src-6.11.0.tar.xz";
|
||||
url = "${mirror}/official_releases/qt/6.11/6.11.1/submodules/qtsensors-everywhere-src-6.11.1.tar.xz";
|
||||
sha256 = "13ygry3lybkgci6gkrd7k081l01icavzkiyy4g82drbvv9i70q93";
|
||||
name = "qtsensors-everywhere-src-6.11.1.tar.xz";
|
||||
};
|
||||
};
|
||||
qtserialbus = {
|
||||
version = "6.11.0";
|
||||
version = "6.11.1";
|
||||
src = fetchurl {
|
||||
url = "${mirror}/official_releases/qt/6.11/6.11.0/submodules/qtserialbus-everywhere-src-6.11.0.tar.xz";
|
||||
sha256 = "1qfs9zqvz3hf16w8gg6nlwxcv6sz72546pds02dabhkcw47nqvmh";
|
||||
name = "qtserialbus-everywhere-src-6.11.0.tar.xz";
|
||||
url = "${mirror}/official_releases/qt/6.11/6.11.1/submodules/qtserialbus-everywhere-src-6.11.1.tar.xz";
|
||||
sha256 = "02pj4jnxc4afl5ymv7w8asggpg0hdj3dbnwwcqd305b8il69qv64";
|
||||
name = "qtserialbus-everywhere-src-6.11.1.tar.xz";
|
||||
};
|
||||
};
|
||||
qtserialport = {
|
||||
version = "6.11.0";
|
||||
version = "6.11.1";
|
||||
src = fetchurl {
|
||||
url = "${mirror}/official_releases/qt/6.11/6.11.0/submodules/qtserialport-everywhere-src-6.11.0.tar.xz";
|
||||
sha256 = "111pmva70mcffhq09q2h1gcr03fivs9j2ywx4ib00pbyxfvr4ii6";
|
||||
name = "qtserialport-everywhere-src-6.11.0.tar.xz";
|
||||
url = "${mirror}/official_releases/qt/6.11/6.11.1/submodules/qtserialport-everywhere-src-6.11.1.tar.xz";
|
||||
sha256 = "0x1r5l3kx7riprf0b2api0bcg0z755fq9vbgmx7px6pxiy4imwws";
|
||||
name = "qtserialport-everywhere-src-6.11.1.tar.xz";
|
||||
};
|
||||
};
|
||||
qtshadertools = {
|
||||
version = "6.11.0";
|
||||
version = "6.11.1";
|
||||
src = fetchurl {
|
||||
url = "${mirror}/official_releases/qt/6.11/6.11.0/submodules/qtshadertools-everywhere-src-6.11.0.tar.xz";
|
||||
sha256 = "0jp1sb9pl7y821awln7rpk0hz7d5ipwnkqhy51caich9i2pb2g74";
|
||||
name = "qtshadertools-everywhere-src-6.11.0.tar.xz";
|
||||
url = "${mirror}/official_releases/qt/6.11/6.11.1/submodules/qtshadertools-everywhere-src-6.11.1.tar.xz";
|
||||
sha256 = "1z42r414jid12jmhm1yf5kw44j886w01igav0kggkg13kcphax90";
|
||||
name = "qtshadertools-everywhere-src-6.11.1.tar.xz";
|
||||
};
|
||||
};
|
||||
qtspeech = {
|
||||
version = "6.11.0";
|
||||
version = "6.11.1";
|
||||
src = fetchurl {
|
||||
url = "${mirror}/official_releases/qt/6.11/6.11.0/submodules/qtspeech-everywhere-src-6.11.0.tar.xz";
|
||||
sha256 = "08fv8v6rvcv0pa6r52kr2na2rcpjr3yk556ksinnh6aslv8qbid9";
|
||||
name = "qtspeech-everywhere-src-6.11.0.tar.xz";
|
||||
url = "${mirror}/official_releases/qt/6.11/6.11.1/submodules/qtspeech-everywhere-src-6.11.1.tar.xz";
|
||||
sha256 = "051z4yf22hkqhy3pkgxq8s77x06k4cd70i9jcmd8f99004cc6df0";
|
||||
name = "qtspeech-everywhere-src-6.11.1.tar.xz";
|
||||
};
|
||||
};
|
||||
qtsvg = {
|
||||
version = "6.11.0";
|
||||
version = "6.11.1";
|
||||
src = fetchurl {
|
||||
url = "${mirror}/official_releases/qt/6.11/6.11.0/submodules/qtsvg-everywhere-src-6.11.0.tar.xz";
|
||||
sha256 = "1rih59jsn0wq12gq5gbs1cz9by27x2x4wjpd0ya7s207pr9xda6z";
|
||||
name = "qtsvg-everywhere-src-6.11.0.tar.xz";
|
||||
url = "${mirror}/official_releases/qt/6.11/6.11.1/submodules/qtsvg-everywhere-src-6.11.1.tar.xz";
|
||||
sha256 = "154adaicyy5wyz6yc95g3lm4iw9v2zdsd7l5qp107gr490pz0g3z";
|
||||
name = "qtsvg-everywhere-src-6.11.1.tar.xz";
|
||||
};
|
||||
};
|
||||
qttasktree = {
|
||||
version = "6.11.0";
|
||||
version = "6.11.1";
|
||||
src = fetchurl {
|
||||
url = "${mirror}/official_releases/qt/6.11/6.11.0/submodules/qttasktree-everywhere-src-6.11.0.tar.xz";
|
||||
sha256 = "0kxkm3qvzw5i5x2ads6skpz8z6shbn2msznmr614yvsdgiga4yjr";
|
||||
name = "qttasktree-everywhere-src-6.11.0.tar.xz";
|
||||
url = "${mirror}/official_releases/qt/6.11/6.11.1/submodules/qttasktree-everywhere-src-6.11.1.tar.xz";
|
||||
sha256 = "1mjdwy3i24ggn2g82z5pg3grzhnaxmq7nmvdc7ba8dsdixzvjam2";
|
||||
name = "qttasktree-everywhere-src-6.11.1.tar.xz";
|
||||
};
|
||||
};
|
||||
qttools = {
|
||||
version = "6.11.0";
|
||||
version = "6.11.1";
|
||||
src = fetchurl {
|
||||
url = "${mirror}/official_releases/qt/6.11/6.11.0/submodules/qttools-everywhere-src-6.11.0.tar.xz";
|
||||
sha256 = "0xpwv483zrw3jkajhv9sbr7bm95qahxg770vn1jqk10hg8yrkcfg";
|
||||
name = "qttools-everywhere-src-6.11.0.tar.xz";
|
||||
url = "${mirror}/official_releases/qt/6.11/6.11.1/submodules/qttools-everywhere-src-6.11.1.tar.xz";
|
||||
sha256 = "03gmr9zpf0raqcvqk2cpw9lblw907hsl5cb5c2fgm4wwcxd86qcf";
|
||||
name = "qttools-everywhere-src-6.11.1.tar.xz";
|
||||
};
|
||||
};
|
||||
qttranslations = {
|
||||
version = "6.11.0";
|
||||
version = "6.11.1";
|
||||
src = fetchurl {
|
||||
url = "${mirror}/official_releases/qt/6.11/6.11.0/submodules/qttranslations-everywhere-src-6.11.0.tar.xz";
|
||||
sha256 = "0mpy3y76n1jw2prhad9rqyn48miqlmqg3581jgzr4s1iwhpqpx2l";
|
||||
name = "qttranslations-everywhere-src-6.11.0.tar.xz";
|
||||
url = "${mirror}/official_releases/qt/6.11/6.11.1/submodules/qttranslations-everywhere-src-6.11.1.tar.xz";
|
||||
sha256 = "0xsnxhiqc3ybwvyn1jbhdf1sjmcf7v4mma6w9sxwg535420jrh1p";
|
||||
name = "qttranslations-everywhere-src-6.11.1.tar.xz";
|
||||
};
|
||||
};
|
||||
qtvirtualkeyboard = {
|
||||
version = "6.11.0";
|
||||
version = "6.11.1";
|
||||
src = fetchurl {
|
||||
url = "${mirror}/official_releases/qt/6.11/6.11.0/submodules/qtvirtualkeyboard-everywhere-src-6.11.0.tar.xz";
|
||||
sha256 = "11p6m1s7r7q2y6a2ak5lyzfd2907s2skfa630snf64x32cblp2nq";
|
||||
name = "qtvirtualkeyboard-everywhere-src-6.11.0.tar.xz";
|
||||
url = "${mirror}/official_releases/qt/6.11/6.11.1/submodules/qtvirtualkeyboard-everywhere-src-6.11.1.tar.xz";
|
||||
sha256 = "073y02qmpwxxdqc4pkm6k9frghsjg1zppg2hip5b4hv269xrdim1";
|
||||
name = "qtvirtualkeyboard-everywhere-src-6.11.1.tar.xz";
|
||||
};
|
||||
};
|
||||
qtwayland = {
|
||||
version = "6.11.0";
|
||||
version = "6.11.1";
|
||||
src = fetchurl {
|
||||
url = "${mirror}/official_releases/qt/6.11/6.11.0/submodules/qtwayland-everywhere-src-6.11.0.tar.xz";
|
||||
sha256 = "0dsdv1d4p1wf0sqd26cmj486bvwlprmqzmjddsw24agrc3kyc477";
|
||||
name = "qtwayland-everywhere-src-6.11.0.tar.xz";
|
||||
url = "${mirror}/official_releases/qt/6.11/6.11.1/submodules/qtwayland-everywhere-src-6.11.1.tar.xz";
|
||||
sha256 = "1cyr5frhglp2krxvpnqk9q426rgp6nr34ngnxpa42m7p0ajqly4m";
|
||||
name = "qtwayland-everywhere-src-6.11.1.tar.xz";
|
||||
};
|
||||
};
|
||||
qtwebchannel = {
|
||||
version = "6.11.0";
|
||||
version = "6.11.1";
|
||||
src = fetchurl {
|
||||
url = "${mirror}/official_releases/qt/6.11/6.11.0/submodules/qtwebchannel-everywhere-src-6.11.0.tar.xz";
|
||||
sha256 = "097vm6pxh18bil9ld9cxg50v861nyhaha4f6bjfjqph1icx18ip9";
|
||||
name = "qtwebchannel-everywhere-src-6.11.0.tar.xz";
|
||||
url = "${mirror}/official_releases/qt/6.11/6.11.1/submodules/qtwebchannel-everywhere-src-6.11.1.tar.xz";
|
||||
sha256 = "10ld2nh6gd1v2ssbgqlf6w0lsjlqkjdfwqv85mn5krnnf45vbyv9";
|
||||
name = "qtwebchannel-everywhere-src-6.11.1.tar.xz";
|
||||
};
|
||||
};
|
||||
qtwebengine = {
|
||||
version = "6.11.0";
|
||||
version = "6.11.1";
|
||||
src = fetchurl {
|
||||
url = "${mirror}/official_releases/qt/6.11/6.11.0/submodules/qtwebengine-everywhere-src-6.11.0.tar.xz";
|
||||
sha256 = "0dk72k92zp19jkph1vl88l2dyrh105v6cycsxln1anfxnb423fb3";
|
||||
name = "qtwebengine-everywhere-src-6.11.0.tar.xz";
|
||||
url = "${mirror}/official_releases/qt/6.11/6.11.1/submodules/qtwebengine-everywhere-src-6.11.1.tar.xz";
|
||||
sha256 = "10vhcvw8j60n0mf38bi3fjcx5v1i0cbfyn4wbqhzqn61qv66d737";
|
||||
name = "qtwebengine-everywhere-src-6.11.1.tar.xz";
|
||||
};
|
||||
};
|
||||
qtwebsockets = {
|
||||
version = "6.11.0";
|
||||
version = "6.11.1";
|
||||
src = fetchurl {
|
||||
url = "${mirror}/official_releases/qt/6.11/6.11.0/submodules/qtwebsockets-everywhere-src-6.11.0.tar.xz";
|
||||
sha256 = "0cnh67ncfh0gvpqfiqhr0cpmswq9zysza130axlmh69mzg8i17sn";
|
||||
name = "qtwebsockets-everywhere-src-6.11.0.tar.xz";
|
||||
url = "${mirror}/official_releases/qt/6.11/6.11.1/submodules/qtwebsockets-everywhere-src-6.11.1.tar.xz";
|
||||
sha256 = "1gvgci383dfm4sljqlapdiva7jhks1i2z2ayck0wbj1436hklgi4";
|
||||
name = "qtwebsockets-everywhere-src-6.11.1.tar.xz";
|
||||
};
|
||||
};
|
||||
qtwebview = {
|
||||
version = "6.11.0";
|
||||
version = "6.11.1";
|
||||
src = fetchurl {
|
||||
url = "${mirror}/official_releases/qt/6.11/6.11.0/submodules/qtwebview-everywhere-src-6.11.0.tar.xz";
|
||||
sha256 = "1cy4x331h0f4d5l8c18xrvdq6hwz7r16qd1xhr8gdm8j9bcsw3nb";
|
||||
name = "qtwebview-everywhere-src-6.11.0.tar.xz";
|
||||
url = "${mirror}/official_releases/qt/6.11/6.11.1/submodules/qtwebview-everywhere-src-6.11.1.tar.xz";
|
||||
sha256 = "0g8k4xs7b0s474x00ds4i8q9b164icdgrdg8ngln10nmf3pwhqld";
|
||||
name = "qtwebview-everywhere-src-6.11.1.tar.xz";
|
||||
};
|
||||
};
|
||||
}
|
||||
|
|
|
|||
|
|
@ -170,7 +170,7 @@ let
|
|||
in
|
||||
stdenv.mkDerivation (finalAttrs: {
|
||||
pname = "openblas";
|
||||
version = "0.3.32";
|
||||
version = "0.3.33";
|
||||
|
||||
outputs = [
|
||||
"out"
|
||||
|
|
@ -181,7 +181,7 @@ stdenv.mkDerivation (finalAttrs: {
|
|||
owner = "OpenMathLib";
|
||||
repo = "OpenBLAS";
|
||||
rev = "v${finalAttrs.version}";
|
||||
hash = "sha256-D0Wu5Ew72aTqSjj970yOfAwPg1T4Qm6zmpaGlQ/5Q1k=";
|
||||
hash = "sha256-EArf0K2Gs+w8IRD5wkMOQv79e8yMoTgQfa9kzjXKn3Y=";
|
||||
};
|
||||
|
||||
patches = [
|
||||
|
|
@ -190,13 +190,13 @@ stdenv.mkDerivation (finalAttrs: {
|
|||
# INCLUDEDIR already fixed in upstream HEAD & significant refactor
|
||||
# to config gen so not PRing changes
|
||||
./cmake-include-fixes.patch
|
||||
# Fix build on LoongArch (error: '_Float16' is not supported on this target)
|
||||
# This was an attempted fix for the below commit but still leaves some scipy tests failing.
|
||||
(fetchpatch {
|
||||
url = "https://github.com/OpenMathLib/OpenBLAS/commit/7086a1b075ca317e12cfe79d40a32ad342a30496.patch";
|
||||
hash = "sha256-pA3HK2f2MJr/+h/uale7edIYk/KH194EscYFcsujPXY=";
|
||||
url = "https://github.com/OpenMathLib/OpenBLAS/commit/e3ce4623c299068bbd47c35ee87aab334bac73b1.patch";
|
||||
revert = true;
|
||||
hash = "sha256-WrP3RCDk/EbpqVOw9XGLnFI+6/bBGJTIrt2TRYGLVQ4=";
|
||||
})
|
||||
# This commit led to miscompilation of certain ASIMD extensions code paths.
|
||||
# There was an attempted fix in upstream but this still leaves some scipy tests failing.
|
||||
(fetchpatch {
|
||||
url = "https://github.com/OpenMathLib/OpenBLAS/commit/3f6e928d34aca977bd5d4191e6d2c2338a342.patch";
|
||||
revert = true;
|
||||
|
|
|
|||
|
|
@ -8,14 +8,14 @@
|
|||
|
||||
buildPythonPackage (finalAttrs: {
|
||||
pname = "aiodns";
|
||||
version = "4.0.0";
|
||||
version = "4.0.4";
|
||||
pyproject = true;
|
||||
|
||||
src = fetchFromGitHub {
|
||||
owner = "saghul";
|
||||
repo = "aiodns";
|
||||
tag = "v${finalAttrs.version}";
|
||||
hash = "sha256-/iYkhzN01+NaUfMXaM39IvlEKfoKc29+f0S4y0y3GG8=";
|
||||
hash = "sha256-TLiiSRhZaEbHeyrQPk8uvj10VEttRanYEgkBy7DxH4Y=";
|
||||
};
|
||||
|
||||
build-system = [ setuptools ];
|
||||
|
|
|
|||
|
|
@ -49,6 +49,8 @@ buildPythonPackage rec {
|
|||
pythonImportsCheck = [ "asgi_csrf" ];
|
||||
|
||||
meta = {
|
||||
# https://github.com/simonw/asgi-csrf/issues/38
|
||||
broken = lib.versionAtLeast python-multipart.version "0.0.26";
|
||||
description = "ASGI middleware for protecting against CSRF attacks";
|
||||
license = lib.licenses.asl20;
|
||||
homepage = "https://github.com/simonw/asgi-csrf";
|
||||
|
|
|
|||
|
|
@ -69,6 +69,13 @@ buildPythonPackage rec {
|
|||
"test_update_docs"
|
||||
];
|
||||
|
||||
disabledTestPaths = [
|
||||
# unexpected exit code afer nodejs_24 24.16.0 update
|
||||
"test/integration/test_quickstart_templates.py::TestQuickStartTemplates::test_templates"
|
||||
"test/integration/test_quickstart_templates_non_strict.py::TestQuickStartTemplates::test_module_integration"
|
||||
"test/integration/test_quickstart_templates_non_strict.py::TestQuickStartTemplates::test_templates"
|
||||
];
|
||||
|
||||
pythonImportsCheck = [ "cfnlint" ];
|
||||
|
||||
meta = {
|
||||
|
|
|
|||
|
|
@ -41,14 +41,14 @@
|
|||
|
||||
buildPythonPackage rec {
|
||||
pname = "django";
|
||||
version = "5.2.14";
|
||||
version = "5.2.15";
|
||||
pyproject = true;
|
||||
|
||||
src = fetchFromGitHub {
|
||||
owner = "django";
|
||||
repo = "django";
|
||||
tag = version;
|
||||
hash = "sha256-gb/4WL2VLoqRucpXuKyPsMSwKZ6gaxy5JA7QTeeazjk=";
|
||||
hash = "sha256-K9yFHr3IkVNMqoeumESszVlju2fW2r8hS8z6M2OdVpE=";
|
||||
};
|
||||
|
||||
patches = [
|
||||
|
|
|
|||
|
|
@ -20,14 +20,14 @@
|
|||
|
||||
buildPythonPackage (finalAttrs: {
|
||||
pname = "fakeredis";
|
||||
version = "2.35.1";
|
||||
version = "2.36.2";
|
||||
pyproject = true;
|
||||
|
||||
src = fetchFromGitHub {
|
||||
owner = "cunla";
|
||||
repo = "fakeredis-py";
|
||||
tag = "v${finalAttrs.version}";
|
||||
hash = "sha256-euhWKXFERpRoXX7G81ffAygt5e1mt7uy9Y9zAGacu38=";
|
||||
hash = "sha256-vOQBezPsgcjSUigCiW7Q+VueUTtQm3Y7hhB0mTstwKM=";
|
||||
};
|
||||
|
||||
build-system = [ hatchling ];
|
||||
|
|
|
|||
|
|
@ -45,14 +45,14 @@
|
|||
|
||||
buildPythonPackage rec {
|
||||
pname = "fastapi";
|
||||
version = "0.135.3";
|
||||
version = "0.136.3";
|
||||
pyproject = true;
|
||||
|
||||
src = fetchFromGitHub {
|
||||
owner = "tiangolo";
|
||||
repo = "fastapi";
|
||||
tag = version;
|
||||
hash = "sha256-sE5d+MgmP9L+MUosRBsR+KSJkcC9i2EOOtKHq0sXjRM=";
|
||||
hash = "sha256-lfmk8ZveKPukEEfwWq2mKtWmOHAtVzGuE5BsOskDzh0=";
|
||||
};
|
||||
|
||||
build-system = [ pdm-backend ];
|
||||
|
|
|
|||
|
|
@ -31,14 +31,14 @@
|
|||
|
||||
buildPythonPackage (finalAttrs: {
|
||||
pname = "fasthtml";
|
||||
version = "0.12.48";
|
||||
version = "0.13.3";
|
||||
pyproject = true;
|
||||
|
||||
src = fetchFromGitHub {
|
||||
owner = "AnswerDotAI";
|
||||
repo = "fasthtml";
|
||||
tag = finalAttrs.version;
|
||||
hash = "sha256-lMAuIw4sMkS3XSG/0Bs0iQPSjMusbmjUKv0w4cINwas=";
|
||||
hash = "sha256-PS5HGegC6pG/bJAGrKDsRYguBnNS9EDrZIjWvjErO4M=";
|
||||
};
|
||||
|
||||
build-system = [
|
||||
|
|
|
|||
|
|
@ -195,7 +195,8 @@ buildPythonPackage rec {
|
|||
openpyxl
|
||||
xlrd
|
||||
]
|
||||
++ lib.concatAttrValues optional-dependencies;
|
||||
# datasette is transitively broken by asgi-csrf
|
||||
++ lib.concatAttrValues (lib.removeAttrs optional-dependencies [ "datasette" ]);
|
||||
|
||||
disabledTestPaths = [
|
||||
# Requires optional dependencies that have not been packaged (commented out above)
|
||||
|
|
|
|||
|
|
@ -8,14 +8,14 @@
|
|||
|
||||
buildPythonPackage rec {
|
||||
pname = "mistune";
|
||||
version = "3.2.0";
|
||||
version = "3.2.1";
|
||||
pyproject = true;
|
||||
|
||||
src = fetchFromGitHub {
|
||||
owner = "lepture";
|
||||
repo = "mistune";
|
||||
tag = "v${version}";
|
||||
hash = "sha256-rUEZNVuMT5+GsMakrkK6rshKSKtTTN72kK92AmQ8bl8=";
|
||||
hash = "sha256-8AEEh/SWAk/Esq0jAoZGLw1FIQUw6C5Xq8CgnI2fjv0=";
|
||||
};
|
||||
|
||||
build-system = [ setuptools ];
|
||||
|
|
|
|||
|
|
@ -30,6 +30,7 @@ buildPythonPackage rec {
|
|||
dependencies = [
|
||||
bcrypt
|
||||
cryptography
|
||||
invoke
|
||||
pynacl
|
||||
];
|
||||
|
||||
|
|
@ -39,7 +40,6 @@ buildPythonPackage rec {
|
|||
gssapi
|
||||
];
|
||||
ed25519 = [ ];
|
||||
invoke = [ invoke ];
|
||||
};
|
||||
|
||||
nativeCheckInputs = [
|
||||
|
|
|
|||
|
|
@ -77,6 +77,17 @@ buildPythonPackage rec {
|
|||
disabledTests = [
|
||||
# Time sensitive speed test, not reproducible
|
||||
"test_decode_threads"
|
||||
# Tests failing with libheif 1.22.0. To be removed in the next release
|
||||
# https://github.com/bigcat88/pillow_heif/issues/424
|
||||
# these check what happens when the ispe is not valid
|
||||
"test_numpy_array_invalid_ispe"
|
||||
"test_allow_incorrect_headers"
|
||||
"test_invalid_ispe_ok"
|
||||
"test_invalid_ispe_allow"
|
||||
"test_invalid_ispe_stride"
|
||||
"test_invalid_ispe_stride_pillow"
|
||||
# disable version check for libheif
|
||||
"test_libheif_info"
|
||||
]
|
||||
++ lib.optionals stdenv.hostPlatform.isDarwin [
|
||||
# https://github.com/bigcat88/pillow_heif/issues/89
|
||||
|
|
|
|||
|
|
@ -13,14 +13,14 @@
|
|||
|
||||
buildPythonPackage rec {
|
||||
pname = "pyjwt";
|
||||
version = "2.12.1";
|
||||
version = "2.13.0";
|
||||
pyproject = true;
|
||||
|
||||
src = fetchFromGitHub {
|
||||
owner = "jpadilla";
|
||||
repo = "pyjwt";
|
||||
tag = version;
|
||||
hash = "sha256-wgOa5JhQT82ppoad6s8gPH7tGRNbbVWmJaaDF84d+r0=";
|
||||
hash = "sha256-q4ynXCJVDsyZh70439dloyWgRTLVm+elDOahUVOT5vA=";
|
||||
};
|
||||
|
||||
outputs = [
|
||||
|
|
|
|||
|
|
@ -2,10 +2,8 @@
|
|||
lib,
|
||||
buildPythonPackage,
|
||||
fetchFromGitHub,
|
||||
fetchpatch,
|
||||
hatchling,
|
||||
pytestCheckHook,
|
||||
mock,
|
||||
pyyaml,
|
||||
|
||||
# for passthru.tests
|
||||
|
|
@ -18,32 +16,22 @@
|
|||
|
||||
buildPythonPackage (finalAttrs: {
|
||||
pname = "python-multipart";
|
||||
version = "0.0.22";
|
||||
version = "0.0.29";
|
||||
pyproject = true;
|
||||
|
||||
src = fetchFromGitHub {
|
||||
owner = "Kludex";
|
||||
repo = "python-multipart";
|
||||
tag = finalAttrs.version;
|
||||
hash = "sha256-UegnwGxiXQalbp18t1dl2JOQH6BY975cpBa9uo3SOuk=";
|
||||
hash = "sha256-1aV7gWLuulINesm3L8Wm3+prmeD9+OY/ihm36rtQPRs=";
|
||||
};
|
||||
|
||||
patches = [
|
||||
(fetchpatch {
|
||||
name = "CVE-2026-40347-part-1.patch";
|
||||
url = "https://github.com/Kludex/python-multipart/commit/6a7b76dd2653d99d8e5981d7ff09a4a047750b37.patch";
|
||||
hash = "sha256-W1nyYMMoaf+lsNze3ppPeAXN+swG1dScDibazePSt+k=";
|
||||
})
|
||||
./CVE-2026-40347-part-2.patch
|
||||
];
|
||||
|
||||
build-system = [ hatchling ];
|
||||
|
||||
pythonImportsCheck = [ "python_multipart" ];
|
||||
|
||||
nativeCheckInputs = [
|
||||
pytestCheckHook
|
||||
mock
|
||||
pyyaml
|
||||
];
|
||||
|
||||
|
|
|
|||
|
|
@ -27,14 +27,14 @@
|
|||
|
||||
buildPythonPackage rec {
|
||||
pname = "starlette";
|
||||
version = "0.52.1";
|
||||
version = "1.1.0";
|
||||
pyproject = true;
|
||||
|
||||
src = fetchFromGitHub {
|
||||
owner = "encode";
|
||||
repo = "starlette";
|
||||
tag = version;
|
||||
hash = "sha256-XPAeRnh9a0A1/5VGZzzGQBhlBsih1VR8QmFdkxG5cQE=";
|
||||
hash = "sha256-9iQXlpA1VDGw1c7X1zJPmJ3Dub46PwqrVIX1+fWOZ7M=";
|
||||
};
|
||||
|
||||
build-system = [ hatchling ];
|
||||
|
|
|
|||
|
|
@ -40,11 +40,20 @@ buildPythonPackage rec {
|
|||
};
|
||||
|
||||
patches = [
|
||||
# valkey 9.0 compat
|
||||
(fetchpatch {
|
||||
# valkey 9.0 compat
|
||||
url = "https://github.com/valkey-io/valkey-py/commit/c01505e547f614f278b882a016557b6ed652bb9f.patch";
|
||||
hash = "sha256-rvA65inIioqdc+QV4KaaUv1I/TMZUq0TWaFJcJiy8NU=";
|
||||
})
|
||||
# valkey 9.1 compat
|
||||
(fetchpatch {
|
||||
url = "https://github.com/valkey-io/valkey-py/commit/df5c44903dc8e2dda733e5576324ba0ff8c4c6a0.patch";
|
||||
hash = "sha256-0wsWuaOYWBgf6BjlJuciZYRbugYfchTU2khQX7rtRJg=";
|
||||
})
|
||||
(fetchpatch {
|
||||
url = "https://github.com/valkey-io/valkey-py/commit/046c7fb9e8260c2d69d05141b1519903c4e40efe.patch";
|
||||
hash = "sha256-/yN1y0hbmBR6o6ab4h0qkn/qhU6jASOIeqWhxUi5w/I=";
|
||||
})
|
||||
];
|
||||
|
||||
build-system = [ setuptools ];
|
||||
|
|
|
|||
|
|
@ -8,14 +8,14 @@
|
|||
|
||||
buildPythonPackage rec {
|
||||
pname = "xmltodict";
|
||||
version = "1.0.2";
|
||||
version = "1.0.4";
|
||||
pyproject = true;
|
||||
|
||||
src = fetchFromGitHub {
|
||||
owner = "martinblech";
|
||||
repo = "xmltodict";
|
||||
tag = "v${version}";
|
||||
hash = "sha256-gnTNkh0GLfRmjMsLhfvpNrewfinNOhem0i3wzIZvKpA=";
|
||||
hash = "sha256-G7hVtS6toUJC0YY1AXBOJSc3wnAZyWilLnT/5vvFRRw=";
|
||||
};
|
||||
|
||||
build-system = [ setuptools ];
|
||||
|
|
|
|||
|
|
@ -47,7 +47,7 @@
|
|||
uvwasi,
|
||||
zlib,
|
||||
zstd,
|
||||
icu,
|
||||
icu78,
|
||||
bash,
|
||||
ninja,
|
||||
pkgconf,
|
||||
|
|
@ -274,7 +274,7 @@ let
|
|||
# that use bash wrappers, e.g. polaris-web.
|
||||
buildInputs = [
|
||||
bash
|
||||
icu
|
||||
icu78
|
||||
]
|
||||
++ builtins.attrValues sharedLibDeps;
|
||||
|
||||
|
|
|
|||
|
|
@ -23,8 +23,8 @@ let
|
|||
[ ];
|
||||
in
|
||||
buildNodejs {
|
||||
version = "24.15.0";
|
||||
sha256 = "a4f653d79ed140aaad921e8c22a3b585ca85cfdab80d4030f6309e4663a8a1c8";
|
||||
version = "24.16.0";
|
||||
sha256 = "2ff84a6de70b6165290111b0fc656ded1ad207a799816fe720cc7c31232df30f";
|
||||
patches =
|
||||
(
|
||||
if (stdenv.hostPlatform.emulatorAvailable buildPackages) then
|
||||
|
|
@ -56,13 +56,6 @@ buildNodejs {
|
|||
./use-correct-env-in-tests.patch
|
||||
./bin-sh-node-run-v22.patch
|
||||
./use-nix-codesign.patch
|
||||
# https://github.com/NixOS/nixpkgs/pull/507974#issuecomment-4249433124
|
||||
# OpenSSL reports different errors
|
||||
# https://github.com/nodejs/node/pull/62629
|
||||
(fetchpatch2 {
|
||||
url = "https://github.com/nodejs/node/commit/dd25d8f29d3ddadcf5a5ebfdf98ece55f9df96c6.patch?full_index=1";
|
||||
hash = "sha256-6cxRN7TyWmJgUZt3jp2YXbVIjrDb2BNep5LxBOtT3Q0=";
|
||||
})
|
||||
|
||||
# Patch for nghttp2 1.69 support
|
||||
(fetchpatch2 {
|
||||
|
|
|
|||
|
|
@ -24,6 +24,7 @@
|
|||
libqalculate,
|
||||
pipewire,
|
||||
gpsd,
|
||||
fetchpatch,
|
||||
}:
|
||||
mkKdeDerivation {
|
||||
pname = "plasma-workspace";
|
||||
|
|
@ -41,6 +42,12 @@ mkKdeDerivation {
|
|||
|
||||
# stop accidentally duplicating fontconfig configs
|
||||
./fontconfig.patch
|
||||
|
||||
# backport qt 6.11.1 regression workaround
|
||||
(fetchpatch {
|
||||
url = "https://invent.kde.org/plasma/plasma-workspace/-/commit/31a64dfa1a71ab1b6a495f2f44132c86858acb8f.diff";
|
||||
hash = "sha256-j+AEdDlutDuXmYdK8BJH8bgDF9gieCkbFJK8di+9nxk=";
|
||||
})
|
||||
];
|
||||
|
||||
outputs = [
|
||||
|
|
|
|||
|
|
@ -201,13 +201,13 @@ let
|
|||
in
|
||||
stdenv.mkDerivation (finalAttrs: {
|
||||
inherit pname;
|
||||
version = "260.1";
|
||||
version = "260.2";
|
||||
|
||||
src = fetchFromGitHub {
|
||||
owner = "systemd";
|
||||
repo = "systemd";
|
||||
rev = "v${finalAttrs.version}";
|
||||
hash = "sha256-FUKj3lvjz8TIsyu8NyJYtiNele+1BhdJPdw7r7nW6as=";
|
||||
hash = "sha256-NXmmSV7/9WIW6C8wjdOwaerCy4v7Zcrd8+XDzcS8rEk=";
|
||||
};
|
||||
|
||||
# PATCH POLICY
|
||||
|
|
|
|||
|
|
@ -50,5 +50,8 @@ stdenv.mkDerivation (finalAttrs: {
|
|||
pkgConfigModules = [ "bz2" ];
|
||||
platforms = lib.platforms.all;
|
||||
maintainers = [ ];
|
||||
knownVulnerabilities = [
|
||||
"CVE-2026-42250"
|
||||
];
|
||||
};
|
||||
})
|
||||
|
|
|
|||
|
|
@ -30,6 +30,9 @@ stdenv.mkDerivation (
|
|||
patchFlags = [ "-p0" ];
|
||||
|
||||
patches = [
|
||||
# https://sourceware.org/cgit/bzip2/patch/?id=35d122a3df8b0cc4082a4d89fdc6ee99f375fe67
|
||||
./patches/CVE-2026-42250.patch
|
||||
|
||||
./patches/bzip2-1.0.6.2-autoconfiscated.patch
|
||||
];
|
||||
# Fix up hardcoded version from the above patch, e.g. seen in bzip2.pc or libbz2.so.1.0.N
|
||||
|
|
|
|||
34
pkgs/tools/compression/bzip2/patches/CVE-2026-42250.patch
Normal file
34
pkgs/tools/compression/bzip2/patches/CVE-2026-42250.patch
Normal file
|
|
@ -0,0 +1,34 @@
|
|||
From 35d122a3df8b0cc4082a4d89fdc6ee99f375fe67 Mon Sep 17 00:00:00 2001
|
||||
From: Mark Wielaard <mark@klomp.org>
|
||||
Date: Thu, 28 May 2026 16:15:45 +0200
|
||||
Subject: bzip2recover: Make sure to not process more than
|
||||
BZ_MAX_HANDLED_BLOCKS
|
||||
|
||||
There is an off-by-one in the check before calling tooManyBlocks. This
|
||||
causes the scanning loop to run one more time and cause a possible
|
||||
read or write one past the global bStart, bEnd, rbStart and rbEnd
|
||||
buffers. There are no known exploits of this issue and you will need
|
||||
to compile with something like gcc -fsanitize=address (ASAN
|
||||
AddressSanitizer) to observe the faulty read/write.
|
||||
|
||||
This has been assigned CVE-2026-42250.
|
||||
---
|
||||
bzip2recover.c | 2 +-
|
||||
1 file changed, 1 insertion(+), 1 deletion(-)
|
||||
|
||||
diff --git bzip2recover.c bzip2recover.c
|
||||
index a8131e0..4b1c219 100644
|
||||
--- bzip2recover.c
|
||||
+++ bzip2recover.c
|
||||
@@ -402,7 +402,7 @@ Int32 main ( Int32 argc, Char** argv )
|
||||
rbEnd[rbCtr] = bEnd[currBlock];
|
||||
rbCtr++;
|
||||
}
|
||||
- if (currBlock >= BZ_MAX_HANDLED_BLOCKS)
|
||||
+ if (currBlock >= BZ_MAX_HANDLED_BLOCKS - 1)
|
||||
tooManyBlocks(BZ_MAX_HANDLED_BLOCKS);
|
||||
currBlock++;
|
||||
|
||||
--
|
||||
cgit
|
||||
|
||||
|
|
@ -15,8 +15,10 @@ stdenv.mkDerivation (finalAttrs: {
|
|||
hash = "sha256-+Hzuae7CtPy/YKOWsDCtaqNBXxkqpffuhMrV4R9/WuM=";
|
||||
};
|
||||
|
||||
# This test is filesystem-dependent - observed failing on ZFS
|
||||
postPatch = lib.optionalString stdenv.hostPlatform.isFreeBSD ''
|
||||
# This test is filesystem-dependent - observed failing on ZFS.
|
||||
# It is also just plain flaky: it has been observed failing about 10%
|
||||
# of the time on btrfs and ext4 too.
|
||||
postPatch = ''
|
||||
sed -E -i -e '/bad-filenames/d' tests/Makefile.am
|
||||
'';
|
||||
|
||||
|
|
|
|||
|
|
@ -6770,8 +6770,8 @@ with pkgs;
|
|||
zunclient = with python313Packages; toPythonApplication python-zunclient;
|
||||
|
||||
inherit (callPackages ../by-name/li/libressl { })
|
||||
libressl_4_1
|
||||
libressl_4_2
|
||||
libressl_4_3
|
||||
;
|
||||
|
||||
openssl = openssl_3_6;
|
||||
|
|
|
|||
|
|
@ -16655,12 +16655,12 @@ with self;
|
|||
};
|
||||
};
|
||||
|
||||
HTTPDaemon = buildPerlPackage {
|
||||
HTTPDaemon = buildPerlModule {
|
||||
pname = "HTTP-Daemon";
|
||||
version = "6.16";
|
||||
version = "6.17";
|
||||
src = fetchurl {
|
||||
url = "mirror://cpan/authors/id/O/OA/OALDERS/HTTP-Daemon-6.16.tar.gz";
|
||||
hash = "sha256-s40JJyXm+k4MTcKkfhVwcEkbr6Db4Wx4o1joBqp+Fz0=";
|
||||
url = "mirror://cpan/authors/id/O/OA/OALDERS/HTTP-Daemon-6.17.tar.gz";
|
||||
hash = "sha256-FigVgMQOIxCNAoQ0aYtdfVNje/kEyd+CJIHiU8vskgw=";
|
||||
};
|
||||
buildInputs = [
|
||||
ModuleBuildTiny
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue