dev/nixpkgs
1
0
Fork 0
Code Issues Pull Requests Actions 2 Packages Projects Releases Wiki Activity

Merge master into staging-next

Browse Source
This commit is contained in:
github-actions[bot] 2021-05-01 12:25:25 +00:00 committed by GitHub
commit 26a80d1f70
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
7 changed files with 30 additions and 141 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

130
pkgs/applications/virtualization/qemu/default.nix
View File

@ -39,7 +39,7 @@ let
in
stdenv.mkDerivation rec {
version = "5.2.0";
version = "6.0.0";
pname = "qemu"
+ lib.optionalString xenSupport "-xen"
+ lib.optionalString hostCpuOnly "-host-cpu-only"
@ -47,7 +47,7 @@ stdenv.mkDerivation rec {
src = fetchurl {
url= "https://download.qemu.org/qemu-${version}.tar.xz";
sha256 = "1g0pvx4qbirpcn9mni704y03n3lvkmw2c0rbcwvydyr8ns4xh66b";
sha256 = "1f9hz8rf12jm8baa7kda34yl4hyl0xh0c4ap03krfjx23i3img47";
};
nativeBuildInputs = [ python python.pkgs.sphinx pkg-config flex bison meson ninja ]
@ -84,126 +84,6 @@ stdenv.mkDerivation rec {
patches = [
./fix-qemu-ga.patch
./9p-ignore-noatime.patch
(fetchpatch {
name = "CVE-2020-27821.patch";
url = "https://sources.debian.org/data/main/q/qemu/1:5.2+dfsg-10/debian/patches/memory-clamp-cached-translation-if-points-to-MMIO-region-CVE-2020-27821.patch";
sha256 = "0sj0kr0g6jalygr5mb9i17fgr491jzaxvk3dvala0268940s01x9";
})
(fetchpatch {
name = "CVE-2021-20221.patch";
url = "https://sources.debian.org/data/main/q/qemu/1:5.2+dfsg-10/debian/patches/arm_gic-fix-interrupt-ID-in-GICD_SGIR-CVE-2021-20221.patch";
sha256 = "1iyvcw87hzlc57fg5l87vddqmch8iw2yghk0s125hk5shn1bygjq";
})
(fetchpatch {
name = "CVE-2021-20181.patch";
url = "https://sources.debian.org/data/main/q/qemu/1:5.2+dfsg-10/debian/patches/9pfs-Fully-restart-unreclaim-loop-CVE-2021-20181.patch";
sha256 = "149ifiazj6rn4d4mv2c7lcayq744fijsv5abxlb8bhbkj99wd64f";
})
(fetchpatch {
name = "CVE-2020-35517.part-1.patch";
url = "https://sources.debian.org/data/main/q/qemu/1:5.2+dfsg-10/debian/patches/virtiofsd-extract-lo_do_open-from-lo_open.patch";
sha256 = "0j4waaz6q54by4a7vd5m8s2n8y0an9hqf0ndycxsy03g4ksm669d";
})
(fetchpatch {
name = "CVE-2020-35517.part-2.patch";
url = "https://sources.debian.org/data/main/q/qemu/1:5.2+dfsg-10/debian/patches/virtiofsd-optionally-return-inode-pointer-from-lo_do_lookup.patch";
sha256 = "08bag890r6dx2rhnq58gyvsxvzwqgvn83pjlg95b5ic0z6gyjnsg";
})
(fetchpatch {
name = "CVE-2020-35517.part-3.patch";
url = "https://sources.debian.org/data/main/q/qemu/1:5.2+dfsg-10/debian/patches/virtiofsd-prevent-opening-of-special-files-CVE-2020-35517.patch";
sha256 = "0ziy6638zbkn037l29ywirvgymbqq66l5rngg8iwyky67acilv94";
})
(fetchpatch {
name = "CVE-2021-20263.part-1.patch";
url = "https://sources.debian.org/data/main/q/qemu/1:5.2+dfsg-10/debian/patches/virtiofsd-save-error-code-early-at-the-failure-callsite.patch";
sha256 = "15rwb15yjpclrqaxkhx76npr8zlfm9mj4jb19czg093is2cn4rys";
})
(fetchpatch {
name = "CVE-2021-20263.part-2.patch";
url = "https://sources.debian.org/data/main/q/qemu/1:5.2+dfsg-10/debian/patches/virtiofsd-drop-remapped-security.capability-xattr-as-needed-CVE-2021-20263.patch";
sha256 = "06ylz80ilg30wlskd4dsjx677fp5qr8cranwlakvjhr88b630xw0";
})
(fetchpatch {
name = "CVE-2021-3416.part-1.patch";
url = "https://sources.debian.org/data/main/q/qemu/1:5.2+dfsg-10/debian/patches/net-qemu_receive_packet-for-loopback-introduce.patch";
sha256 = "0hcpf00vqpg9rc0wl8cry905w04614843aqifybyv15wbv190gpz";
})
(fetchpatch {
name = "CVE-2021-3416.part-2.patch";
url = "https://sources.debian.org/data/main/q/qemu/1:5.2+dfsg-10/debian/patches/net-qemu_receive_packet-for-loopback-cadence_gem.patch";
sha256 = "12mjnrvs6p4g5frzqb08k4h86hphdqlka91fcma2a3m4ap98nrxy";
})
(fetchpatch {
name = "CVE-2021-3416.part-3.patch";
url = "https://sources.debian.org/data/main/q/qemu/1:5.2+dfsg-10/debian/patches/net-qemu_receive_packet-for-loopback-dp8393x.patch";
sha256 = "02z6q0578fj55phjlg2larrsx3psch2ixzy470yf57jl3jq1dy6k";
})
(fetchpatch {
name = "CVE-2021-3416.part-4.patch";
url = "https://sources.debian.org/data/main/q/qemu/1:5.2+dfsg-10/debian/patches/net-qemu_receive_packet-for-loopback-e1000.patch";
sha256 = "0zzbiz8i9js524mcdi739c7hrsmn82gnafrygi0xrd5sqf1hp08z";
})
(fetchpatch {
name = "CVE-2021-3416.part-5.patch";
url = "https://sources.debian.org/data/main/q/qemu/1:5.2+dfsg-10/debian/patches/net-qemu_receive_packet-for-loopback-lan9118.patch";
sha256 = "1f44v5znd9s7l7wgc71nbg8jw1bjqiga4wkz7d7cpnkv3l7b9kjj";
})
(fetchpatch {
name = "CVE-2021-3416.part-6.patch";
url = "https://sources.debian.org/data/main/q/qemu/1:5.2+dfsg-10/debian/patches/net-qemu_receive_packet-for-loopback-msf2.patch";
sha256 = "04n1rzn6gfxdalp34903ysdhlvxqkfndnqayjj3iv1k27i5pcidn";
})
(fetchpatch {
name = "CVE-2021-3416.part-7.patch";
url = "https://sources.debian.org/data/main/q/qemu/1:5.2+dfsg-10/debian/patches/net-qemu_receive_packet-for-loopback-pcnet.patch";
sha256 = "1p9ls6f8r6hxprj8ha6278fydcxj3av29p1hvszxmabazml2g7l2";
})
(fetchpatch {
name = "CVE-2021-3416.part-8.patch";
url = "https://sources.debian.org/data/main/q/qemu/1:5.2+dfsg-10/debian/patches/net-qemu_receive_packet-for-loopback-rtl8139.patch";
sha256 = "0lms1zn49kpwblkp54widjjy7fwyhdh1x832l1jvds79l2nm6i04";
})
(fetchpatch {
name = "CVE-2021-3416.part-9.patch";
url = "https://sources.debian.org/data/main/q/qemu/1:5.2+dfsg-10/debian/patches/net-qemu_receive_packet-for-loopback-sungem.patch";
sha256 = "1mkzyrgsp9ml9yqzjxdfqnwjr7n0fd8vxby4yp4ksrskyni8y0p4";
})
(fetchpatch {
name = "CVE-2021-3416.part-10.patch";
url = "https://sources.debian.org/data/main/q/qemu/1:5.2+dfsg-10/debian/patches/net-qemu_receive_packet-for-loopback-tx_pkt-iov.patch";
sha256 = "1pwqq8yw06y3p6hah3dgjhsqzk802wbn7zyajla1zwdfpic63jss";
})
(fetchpatch {
name = "CVE-2021-3409.part-1.patch";
url = "https://sources.debian.org/data/main/q/qemu/1:5.2+dfsg-10/debian/patches/sdhci/dont-transfer-any-data-when-command-time-out.patch";
sha256 = "0wf1yhb9mqpfgh9rv0hff0v1sw3zl2vsfgjrby4r8jvxdfjrxj8s";
})
(fetchpatch {
name = "CVE-2021-3409.part-2.patch";
url = "https://sources.debian.org/data/main/q/qemu/1:5.2+dfsg-10/debian/patches/sdhci/dont-write-to-SDHC_SYSAD-register-when-transfer-is-in-progress.patch";
sha256 = "1dd405dsdc7fbp68yf6f32js1azsv3n595c6nbxh28kfh9lspx4v";
})
(fetchpatch {
name = "CVE-2021-3409.part-3.patch";
url = "https://sources.debian.org/data/main/q/qemu/1:5.2+dfsg-10/debian/patches/sdhci/correctly-set-the-controller-status-for-ADMA.patch";
sha256 = "08jk51pfrbn1zfymahgllrzivajh2v2qx0868rv9zmgi0jldbky6";
})
(fetchpatch {
name = "CVE-2021-3409.part-4.patch";
url = "https://sources.debian.org/data/main/q/qemu/1:5.2+dfsg-10/debian/patches/sdhci/limit-block-size-only-when-SDHC_BLKSIZE-register-is-writable.patch";
sha256 = "1valfhw3l83br1cny6n4kmrv0f416hl625mggayqfz4prsknyhh7";
})
(fetchpatch {
name = "CVE-2021-3409.part-5.patch";
url = "https://sources.debian.org/data/main/q/qemu/1:5.2+dfsg-10/debian/patches/sdhci/reset-the-data-pointer-of-s-fifo_buffer-when-a-different-block-size-is-programmed.patch";
sha256 = "01p5qrr00rh3mlwrp3qq56h7yhqv0w7pw2cw035nxw3mnap03v31";
})
(fetchpatch {
name = "CVE-2021-3392.patch";
url = "https://sources.debian.org/data/main/q/qemu/1:5.2+dfsg-10/debian/patches/mptsas-remove-unused-MPTSASState.pending-CVE-2021-3392.patch";
sha256 = "0n7dn2p102c21mf3ncqrnks0wl5kas6yspafbn8jd03ignjgc4hd";
})
] ++ optional nixosTestRunner ./force-uid0-on-9p.patch
++ optionals stdenv.hostPlatform.isMusl [
(fetchpatch {
@ -234,6 +114,8 @@ stdenv.mkDerivation rec {
patchShebangs .
# avoid conflicts with libc++ include for <version>
mv VERSION QEMU_VERSION
substituteInPlace configure \
--replace '$source_path/VERSION' '$source_path/QEMU_VERSION'
substituteInPlace meson.build \
--replace "'VERSION'" "'QEMU_VERSION'"
'' + optionalString stdenv.hostPlatform.isMusl ''
@ -304,7 +186,7 @@ stdenv.mkDerivation rec {
homepage = "http://www.qemu.org/";
description = "A generic and open source machine emulator and virtualizer";
license = licenses.gpl2Plus;
maintainers = with maintainers; [ eelco ];
platforms = platforms.linux ++ platforms.darwin;
maintainers = with maintainers; [ eelco qyliss ];
platforms = platforms.unix;
};
}

6
pkgs/development/java-modules/postgresql_jdbc/default.nix
View File

@ -2,19 +2,21 @@
stdenv.mkDerivation rec {
pname = "postgresql-jdbc";
version = "42.2.5";
version = "42.2.20";
src = fetchMavenArtifact {
artifactId = "postgresql";
groupId = "org.postgresql";
sha256 = "1p0cbb7ka41xxipzjy81hmcndkqynav22xyipkg7qdqrqvw4dykz";
sha256 = "0kjilsrz9shymfki48kg1q84la1870ixlh2lnfw347x8mqw2k2vh";
inherit version;
};
phases = [ "installPhase" ];
installPhase = ''
runHook preInstall
install -m444 -D $src/share/java/*postgresql-${version}.jar $out/share/java/postgresql-jdbc.jar
runHook postInstall
'';
meta = with lib; {

4
pkgs/development/libraries/CGAL/default.nix
View File

@ -8,13 +8,13 @@
stdenv.mkDerivation rec {
pname = "cgal";
version = "5.2";
version = "5.2.1";
src = fetchFromGitHub {
owner = "CGAL";
repo = "releases";
rev = "CGAL-${version}";
sha256 = "1+ov1fu79MXoW0D8odInMZPFMYg69st//PoMW42oXpA=";
sha256 = "sha256-sJyeehgt84rLX8ZBYIbFgHLG2aJDDHEj5GeVnQhjiOQ=";
};
# note: optional component libCGAL_ImageIO would need zlib and opengl;

6
pkgs/development/libraries/science/math/cudnn/default.nix
View File

@ -30,12 +30,12 @@ in rec {
cudnn_cudatoolkit_10 = cudnn_cudatoolkit_10_2;
cudnn_cudatoolkit_11_0 = generic rec {
version = "8.1.0";
version = "8.1.1";
cudatoolkit = cudatoolkit_11_0;
# 8.1.0 is compatible with CUDA 11.0, 11.1, and 11.2:
# https://docs.nvidia.com/deeplearning/cudnn/support-matrix/index.html#cudnn-cuda-hardware-versions
srcName = "cudnn-11.2-linux-x64-v8.1.0.77.tgz";
sha256 = "sha256-2+gvrwcdkbqbzwBIAUatM/RiSC3+5WyvRHnBuNq+Pss=";
srcName = "cudnn-11.2-linux-x64-v8.1.1.33.tgz";
hash = "sha256-mKh4TpKGLyABjSDCgbMNSgzZUfk2lPZDPM9K6cUCumo=";
};
cudnn_cudatoolkit_11_1 = cudnn_cudatoolkit_11_0.override {

13
pkgs/development/libraries/science/math/cudnn/generic.nix
View File

@ -1,8 +1,11 @@
{ version
, srcName
, sha256
, hash ? null
, sha256 ? null
}:
assert (hash != null) || (sha256 != null);
{ stdenv
, lib
, cudatoolkit
@ -22,11 +25,13 @@ stdenv.mkDerivation {
name = "cudatoolkit-${cudatoolkit.majorVersion}-cudnn-${version}";
inherit version;
src = fetchurl {
src = let
hash_ = if hash != null then { inherit hash; } else { inherit sha256; };
in fetchurl ({
# URL from NVIDIA docker containers: https://gitlab.com/nvidia/cuda/blob/centos7/7.0/runtime/cudnn4/Dockerfile
url = "https://developer.download.nvidia.com/compute/redist/cudnn/v${version}/${srcName}";
inherit sha256;
};
} // hash_);
nativeBuildInputs = [ addOpenGLRunpath ];

6
pkgs/tools/misc/macchina/default.nix
View File

@ -2,16 +2,16 @@
rustPlatform.buildRustPackage rec {
pname = "macchina";
version = "0.6.9";
version = "0.7.2";
src = fetchFromGitHub {
owner = "Macchina-CLI";
repo = pname;
rev = "v${version}";
sha256 = "sha256-y23gpYDnYoiTJcNyWKslVenPTXcCrOvxq+0N9PjQN3g=";
sha256 = "sha256-ICiU0emo5lEs6996TwkauuBWb2+Yy6lL+/x7zQgO470=";
};
cargoSha256 = "sha256-jfLj8kLBG6AeeYo421JCl1bMqWwOGiwQgv7AEomtFcY=";
cargoSha256 = "sha256-OfOh0YXeLT/kBuR9SOV7pHa8Z4b6+JvtVwqqwd1hCJY=";
nativeBuildInputs = [ installShellFiles ];

6
pkgs/tools/security/prs/default.nix
View File

@ -13,16 +13,16 @@
rustPlatform.buildRustPackage rec {
pname = "prs";
version = "0.2.10";
version = "0.2.11";
src = fetchFromGitLab {
owner = "timvisee";
repo = "prs";
rev = "v${version}";
sha256 = "sha256-czGyBdy4emw7bUV6Nn+k+fJm+JqR6o0TEEUuIbEsml4=";
sha256 = "sha256-jBHe3ZeB+GS+Ds8c6ySwoyyJfqoCWKSgIObg+z1TNmU=";
};
cargoSha256 = "sha256-jnBYuk7uvnbvT2OQ35DJk6WIUSqJiZCvsmpSIxw9X1U=";
cargoSha256 = "sha256-dhQuzzML817cDIsYuZElHZfq55AdZ20xeXTNm1nJPqk=";
postPatch = ''
# The GPGME backend is recommended