From 07c40561791fc72fd2fc3e97aa490cd54a9b2d93 Mon Sep 17 00:00:00 2001 From: Florian Klink <flokli@flokli.de> Date: Wed, 23 Dec 2020 01:42:11 +0100 Subject: [PATCH 1/7] gnats: format hardened flag isn't supported MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit When invoking a simple Ada program with `gcc` from `gnats10`, the following warnings are shown: ``` $ gcc -c conftest.adb gnat1: warning: command-line option ‘-Wformat=1’ is valid for C/C++/ObjC/ObjC++ but not for Ada gnat1: warning: command-line option ‘-Wformat-security’ is valid for C/C++/ObjC/ObjC++ but not for Ada gnat1: warning: ‘-Werror=’ argument ‘-Werror=format-security’ is not valid for Ada $ echo $? 0 ``` This is only spammy when compiling Ada programs inside a Nix derivation, but certain configure scripts (such as the ./configure script from the gcc that's built by coreboot's `make crossgcc` command) fail entirely when getting that warning output. https://nixos.wiki/wiki/Coreboot currently suggests manually running > NIX_HARDENING_ENABLE="${NIX_HARDENING_ENABLE/ format/}" make crossgcc … but actually teaching the nixpkgs-provided cc wrapper that `format` isn't supported as a hardening flag seems to be the more canonical way to do this in nixpgks. After this, Ada programs still compile: ``` $ gcc -c conftest.adb $ echo $? 0 ``` And the compiler output is empty. --- pkgs/build-support/cc-wrapper/default.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/pkgs/build-support/cc-wrapper/default.nix b/pkgs/build-support/cc-wrapper/default.nix index 09cef8b8678d..85d71996b397 100644 --- a/pkgs/build-support/cc-wrapper/default.nix +++ b/pkgs/build-support/cc-wrapper/default.nix @@ -437,7 +437,7 @@ stdenv.mkDerivation { '' + optionalString targetPlatform.isNetBSD '' hardening_unsupported_flags+=" stackprotector fortify" '' + optionalString cc.langAda or false '' - hardening_unsupported_flags+=" stackprotector strictoverflow" + hardening_unsupported_flags+=" format stackprotector strictoverflow" '' + optionalString cc.langD or false '' hardening_unsupported_flags+=" format" '' + optionalString targetPlatform.isWasm '' From 7262fb6878d6e7bae3ea472d8242f840122ae7ed Mon Sep 17 00:00:00 2001 From: Doron Behar <doron.behar@gmail.com> Date: Wed, 23 Dec 2020 17:26:52 +0200 Subject: [PATCH 2/7] imapfilter: 2.6.16 -> 2.7.5 --- .../applications/networking/mailreaders/imapfilter.nix | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/pkgs/applications/networking/mailreaders/imapfilter.nix b/pkgs/applications/networking/mailreaders/imapfilter.nix index b677d82dce47..8423beec4687 100644 --- a/pkgs/applications/networking/mailreaders/imapfilter.nix +++ b/pkgs/applications/networking/mailreaders/imapfilter.nix @@ -1,27 +1,27 @@ -{ stdenv, fetchFromGitHub, openssl, lua, pcre }: +{ stdenv, fetchFromGitHub, openssl, lua, pcre2 }: stdenv.mkDerivation rec { pname = "imapfilter"; - version = "2.6.16"; + version = "2.7.5"; src = fetchFromGitHub { owner = "lefcha"; repo = "imapfilter"; rev = "v${version}"; - sha256 = "0f65sg6hhv6778fxwsz4hvarbm97dsb8jj0mg7a9qs273r35pqck"; + sha256 = "nbVwbPkNbJz4GHhvOp+QVgiBqKA/HR34p4x3NXJB7ig="; }; makeFlags = [ "SSLCAFILE=/etc/ssl/certs/ca-bundle.crt" "PREFIX=$(out)" ]; - propagatedBuildInputs = [ openssl pcre lua ]; + buildInputs = [ openssl pcre2 lua ]; meta = { homepage = "https://github.com/lefcha/imapfilter"; description = "Mail filtering utility"; license = stdenv.lib.licenses.mit; platforms = stdenv.lib.platforms.unix; - maintainers = with stdenv.lib.maintainers; [ ]; + maintainers = with stdenv.lib.maintainers; [ doronbehar ]; }; } From ed0c68df46de55925730343119a23d6f53ab7d71 Mon Sep 17 00:00:00 2001 From: "R. RyanTM" <ryantm-bot@ryantm.com> Date: Wed, 23 Dec 2020 21:22:53 +0000 Subject: [PATCH 3/7] python37Packages.zstd: 1.4.5.1 -> 1.4.8.1 --- pkgs/development/python-modules/zstd/default.nix | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/pkgs/development/python-modules/zstd/default.nix b/pkgs/development/python-modules/zstd/default.nix index d57416ac18a4..95626c802bad 100644 --- a/pkgs/development/python-modules/zstd/default.nix +++ b/pkgs/development/python-modules/zstd/default.nix @@ -4,11 +4,11 @@ buildPythonPackage rec { pname = "zstd"; - version = "1.4.5.1"; + version = "1.4.8.1"; src = fetchPypi { inherit pname version; - sha256 = "2a1806d625bd2d8944ead4b3018fc6444a31467fa09935e9c1d4296275f024c6"; + sha256 = "b62b21eb850abd6b8c0046bfc1c5c773c873eeb94f1904ef1ff304e98b62b80e"; }; postPatch = '' From 466759ff2751a386bc77bf80fcb217c0bcbe05c5 Mon Sep 17 00:00:00 2001 From: Mario Rodas <marsam@users.noreply.github.com> Date: Wed, 23 Dec 2020 04:20:00 +0000 Subject: [PATCH 4/7] libnice: 0.1.16 -> 0.1.18 --- pkgs/development/libraries/libnice/default.nix | 9 +++++---- 1 file changed, 5 insertions(+), 4 deletions(-) diff --git a/pkgs/development/libraries/libnice/default.nix b/pkgs/development/libraries/libnice/default.nix index d2333ac0ca59..e7b01ca29cb1 100644 --- a/pkgs/development/libraries/libnice/default.nix +++ b/pkgs/development/libraries/libnice/default.nix @@ -16,13 +16,14 @@ }: stdenv.mkDerivation rec { - name = "libnice-0.1.16"; + pname = "libnice"; + version = "0.1.18"; outputs = [ "bin" "out" "dev" "devdoc" ]; src = fetchurl { - url = "https://nice.freedesktop.org/releases/${name}.tar.gz"; - sha256 = "1pzgxq0qrqlrhd78qnvpfgp8bl5c4znqh599ljaybpcldw37idh6"; + url = "https://libnice.freedesktop.org/releases/${pname}-${version}.tar.gz"; + sha256 = "1x3kj9b3dy9m2h6j96wgywfamas1j8k2ca43k5v82kmml9dx5asy"; }; patches = [ @@ -77,7 +78,7 @@ stdenv.mkDerivation rec { It provides a GLib-based library, libnice and a Glib-free library, libstun as well as GStreamer elements.''; - homepage = "https://nice.freedesktop.org/wiki/"; + homepage = "https://libnice.freedesktop.org/"; platforms = platforms.linux; license = with licenses; [ lgpl21 mpl11 ]; }; From fe23bdaecbc20885a7139ca26d4a4e4ce23dc334 Mon Sep 17 00:00:00 2001 From: Tim Steinbach <tim@nequissimus.com> Date: Wed, 23 Dec 2020 20:03:11 -0500 Subject: [PATCH 5/7] alsaLib: 1.2.3 -> 1.2.4 --- pkgs/os-specific/linux/alsa-lib/default.nix | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) diff --git a/pkgs/os-specific/linux/alsa-lib/default.nix b/pkgs/os-specific/linux/alsa-lib/default.nix index 3c5427340baf..b1d85f2674cb 100644 --- a/pkgs/os-specific/linux/alsa-lib/default.nix +++ b/pkgs/os-specific/linux/alsa-lib/default.nix @@ -1,11 +1,12 @@ { stdenv, fetchurl, alsa-ucm-conf, alsa-topology-conf }: stdenv.mkDerivation rec { - name = "alsa-lib-1.2.3"; + pname = "alsa-lib"; + version = "1.2.4"; src = fetchurl { - url = "mirror://alsa/lib/${name}.tar.bz2"; - sha256 = "13k7dx1g749z74rz71hs5j8z0pqdjgx7l69pn0vsy7jizhi0kw02"; + url = "mirror://alsa/lib/${pname}-${version}.tar.bz2"; + sha256 = "sha256-91VL4aVs3/RotY/BwpuVtkhkxZADjdMJx6l4xxFpCPc="; }; patches = [ From 72f71e907135f250b656090eeb70d9f95f8e653d Mon Sep 17 00:00:00 2001 From: Tim Steinbach <tim@nequissimus.com> Date: Wed, 23 Dec 2020 20:08:23 -0500 Subject: [PATCH 6/7] alsa-firmware: 1.2.1 -> 1.2.4 --- pkgs/os-specific/linux/alsa-firmware/default.nix | 9 ++------- 1 file changed, 2 insertions(+), 7 deletions(-) diff --git a/pkgs/os-specific/linux/alsa-firmware/default.nix b/pkgs/os-specific/linux/alsa-firmware/default.nix index 01955534bfc7..53b3126705ca 100644 --- a/pkgs/os-specific/linux/alsa-firmware/default.nix +++ b/pkgs/os-specific/linux/alsa-firmware/default.nix @@ -1,18 +1,13 @@ { stdenv, buildPackages, autoreconfHook, fetchurl, fetchpatch }: stdenv.mkDerivation rec { - name = "alsa-firmware-1.2.1"; + name = "alsa-firmware-1.2.4"; src = fetchurl { url = "mirror://alsa/firmware/${name}.tar.bz2"; - sha256 = "1aq8z8ajpjvcx7bwhwp36bh5idzximyn77ygk3ifs0my3mbpr8mf"; + sha256 = "sha256-tnttfQi8/CR+9v8KuIqZwYgwWjz1euLf0LzZpbNs1bs="; }; - patches = [ (fetchpatch { - url = "https://github.com/alsa-project/alsa-firmware/commit/a8a478485a999ff9e4a8d8098107d3b946b70288.patch"; - sha256 = "0zd7vrgz00hn02va5bkv7qj2395a1rl6f8jq1mwbryxs7hiysb78"; - }) ]; - nativeBuildInputs = [ autoreconfHook buildPackages.stdenv.cc ]; configureFlags = [ From e24bf9062b4b23f4c11f57399d11ad73c86e0828 Mon Sep 17 00:00:00 2001 From: upkeep-bot <foo@bar.com> Date: Thu, 17 Dec 2020 00:22:31 +0000 Subject: [PATCH 7/7] vscode: 1.51.1 -> 1.52.1 --- pkgs/applications/editors/vscode/vscode.nix | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/pkgs/applications/editors/vscode/vscode.nix b/pkgs/applications/editors/vscode/vscode.nix index 70f621177105..8f04e6b17861 100644 --- a/pkgs/applications/editors/vscode/vscode.nix +++ b/pkgs/applications/editors/vscode/vscode.nix @@ -11,8 +11,8 @@ let archive_fmt = if system == "x86_64-darwin" then "zip" else "tar.gz"; sha256 = { - x86_64-linux = "0yv6584y4idkl9vvmpxj5ix5brshm1vadiwf7ima84snm0fipb0n"; - x86_64-darwin = "0igndxkwkxyjc9rkf9hbj8903hvfv7ab41q0s3gw8w5qh4b8s48x"; + x86_64-linux = "1kbjbqb03yapz7067q589gaa7d6cqaipj7hmp1l3nh0bmggzsc4c"; + x86_64-darwin = "1qgadm52c5lzkvgvqrz0n8brm4qbjg8hf1dk6a2ynqhqjxcwbj4r"; }.${system}; in callPackage ./generic.nix rec { @@ -21,7 +21,7 @@ in # Please backport all compatible updates to the stable release. # This is important for the extension ecosystem. - version = "1.51.1"; + version = "1.52.1"; pname = "vscode"; executableName = "code" + lib.optionalString isInsiders "-insiders";