MuPDF 1.17 was kept for `k2pdfopt` but it is no more needed since 01a2741e7a.
There no good reason to keep this old version with known vulnerabilities.
This was broken by the Rust 1.80 upgrade, and is an old version that
we’d have to patch to keep working.
We have already done the 0.4 → 0.5 update without keeping around
the old version or adding in any additional `stateVersion` logic
in <https://github.com/NixOS/nixpkgs/pull/280221>. As a result,
migration for 0.3 users is going to be a little awkward. I’ve done
my best to provide comprehensive instructions for anyone who hasn’t
already bumped to 0.4.
It is probably a footgun to add `stateVersion` logic for any
package that makes backwards‐incompatible schema changes and only
supports migration from the immediately previous version. Users
won’t get migrated by default and we have to either package and
maintain an endlessly growing list of old versions or add complicated
instructions like this. It’s not really practical for us to support
a significantly better migration story than upstream does.
Long‐dead upstream (completely vanished, in fact), using a release
from 2013, barely surviving on a huge pile of Debian patches and
drive‐by fixes. Even the Debian patch set in our package here is
out of date. The `meta.homepage` was updated to point to a GitHub
repository with commits from as recently as 5½ years ago, but that
appears to be a separate fork from another developer, and we never
actually shipped it.
The last time this package was substantially touched was by @vs49688,
who heroically took the time to patch it to update it from FFmpeg
2(!) to FFmpeg 4 as part of a tree‐wide sweep almost three years
ago. Now that I’m dealing with FFmpeg 4, it would need patching
again, and I really don’t feel like it.
I considered simply dropping the FFmpeg dependency by disabling
compressed CDDA support, but it’s just not worth it to keep
this package alive. The state of PlayStation emulation has improved
dramatically from when this fork was current. DuckStation and Mednafen
are both better options for the majority of people. The PCSX Reloaded
code lives on as PCSX ReARMed, which we package as a libretro core,
but not as a standalone emulator. I would encourage anyone who has
reason to want a packaged PCSX fork to package the standalone version
of PCSX ReARMed from <https://github.com/notaz/pcsx_rearmed>. You
can tag me for review if you’d like.
Essentially unmaintained upstream for almost a decade, kept alive
with treewides and drive‐by fixes, and depends on the deprecated
and removed OpenCV C API. Sorry, it looks like a fun toy! Hopefully
someone can port it to a newer OpenCV.
These versions have been obsolete for 5 to 10 years, and have been
broken since 34cd4905d1 unless the user
specifies manual overrides. Given that nobody seems to have reported
an issue with them, I conclude that demand for them is minimal and
that there’s no need for them to block the removal of OpenCV 2.
krb5 and libkrb5 are two separate derivations that can easily end up
in the same closure. They both provide the same shared libraries and
some packages end up getting both copies. Since both copies come from
the same source, packages often get lucky in this situation and just
use whichever library is found first. Sometimes packages are less
fortunate and end up trying to load both. This has gone largely
unnoticed in Nixpkgs, likely because Kerberos is not widely used
outside of enterprise deployments.
This situation seems to have arisen out of a need to break a cycle
in `fetchurl -> curl -> krb5 -> fetchurl`. The libkrb5 build was able to
avoid depending on bison and libedit, making it easier to break the
cycle.
However, we can break the cycle without resorting to two variants of
krb5. Libedit can be removed with configure flags and byacc can be used
instead of bison, allowing a much smaller build closure that can easily
be resolved when breaking the cycle.
This change also adds a "lib" output to krb5 so that packages depending
on krb5 can still benefit from a smaller runtime closure if they only
need the shared libraries.
A future change will include a tree-wide refactor to switch uses of
libkrb5 to krb5.
* remove irrlichtmt input. Minetest's irrlicht fork has been moved into
the minetest repo and is now statically linked.
* remove mesa from buildInputs for darwin. Otherwise startup fails with
"OpenGL driver version is not 1.2 or better." and "Shaders are enabled
but GLSL is not supported by the driver.". Presumably that happens
because minetest tries to use an incomplete OpenGL driver from mesa
instead of the drivers provided by macOS.
* remove withTouchSupport arg, as the upstream CMake option has been
removed. Touch support should now always be enabled.
* make minetest-touch an alias for minetestclient
* remove unused args
Re-roll of https://github.com/NixOS/nixpkgs/pull/328907, but this time
adding the patch from ArchLinux, which keeps both EGL and GLX code paths
active.
Remove overrides where EGL was explicitly requested previously, as well
as the glew-egl package variant.
Add an alias for glew-egl, in case there's any users of this outside
of nixpkgs.
As far as I can tell, the name of the software is "rustic". Every
other distro calls it "rustic". [1] The crate is presumably called
"rustic-rs" because "rustic" is already taken on crates.io, which is
not a problem in Nixpkgs.
I've added "rustic-rs" as an alias, so the old name will continue
working.
[1]: https://repology.org/project/rustic/versions
This package was marked as vulnerable in
<https://github.com/NixOS/nixpkgs/pull/255959>, almost a year ago and
over a year after the project was archived upstream. The package and
module are unusable without bypassing a security warning in 23.05,
23.11, and 24.05.
Given that the package is intended as an organizer for
potentially‐untrusted media files, the vulnerability is critical and
leads to remote code execution, and there is basically no prospect
of upstream releasing a fix, remove the package and module entirely
for 24.11.
This was a major version behind and using outdated or insecure packages
like sqlalchemy-migrate and Qt WebKit. It hadn’t seen any attention
since it was added in 2020. If anyone wants to step up to update it
to the latest version and maintain it, that would be great!
xen-light was dropped in favour of xen and xen-slim
Signed-off-by: Fernando Rodrigues <alpha@sigmasquadron.net>
Reviewed-by: Matei Dibu <contact@mateidibu.dev>
it's been unmaintained for several years now, so there's no reason to
continue maintaining it at this point. Users should migrate to compose
v2, which is maintained in-tree as just docker-compose
Upstream Changes:
* Wi-Fi Easy Connect
- add support for DPP release 3
- allow Configurator parameters to be provided during config exchange
* MACsec
- add support for GCM-AES-256 cipher suite
- remove incorrect EAP Session-Id length constraint
- add hardware offload support for additional drivers
* HE/IEEE 802.11ax/Wi-Fi 6
- support BSS color updates
- various fixes
* EHT/IEEE 802.11be/Wi-Fi 7
- add preliminary support
* support OpenSSL 3.0 API changes
* improve EAP-TLS support for TLSv1.3
* EAP-SIM/AKA: support IMSI privacy
* improve mitigation against DoS attacks when PMF is used
* improve 4-way handshake operations
- discard unencrypted EAPOL frames in additional cases
- use Secure=1 in message 2 during PTK rekeying
* OCV: do not check Frequency Segment 1 Channel Number for 160 MHz cases
to avoid interoperability issues
* support new SAE AKM suites with variable length keys
* support new AKM for 802.1X/EAP with SHA384
* improve cross-AKM roaming with driver-based SME/BSS selection
* PASN
- extend support for secure ranging
- allow PASN implementation to be used with external programs for
Wi-Fi Aware
* FT: Use SHA256 to derive PMKID for AKM 00-0F-AC:3 (FT-EAP)
- this is based on additional details being added in the IEEE 802.11
standard
- the new implementation is not backwards compatible, but PMKSA
caching with FT-EAP was, and still is, disabled by default
* support a pregenerated MAC (mac_addr=3) as an alternative mechanism
for using per-network random MAC addresses
* EAP-PEAP: require Phase 2 authentication by default (phase2_auth=1)
to improve security for still unfortunately common invalid
configurations that do not set ca_cert
* extend SCS support for QoS Characteristics
* extend MSCS support
* support unsynchronized service discovery (USD)
* add support for explicit SSID protection in 4-way handshake
(a mitigation for CVE-2023-52424; disabled by default for now, can be
enabled with ssid_protection=1)
- in addition, verify SSID after key setup when beacon protection is
used
* fix SAE H2E rejected groups validation to avoid downgrade attacks
* a large number of other fixes, cleanup, and extensions
Changelog:
http://w1.fi/cgit/hostap/tree/wpa_supplicant/ChangeLog?id=d945ddd368085f255e68328f2d3b020ceea359af
Signed-off-by: Markus Theil <theil.markus@gmail.com>
The last oficial release of rapidjson is 8 years old, development has
continued without releases since then. The old version is affected
by CVE-2024-38517.
https://www.opencve.io/cve/CVE-2024-38517
The repository moved out of the openai org, so it doesn't make sense to
prefix the package with it.
(cherry picked from commit af13bb4513647eec3c3790c5272dbd4aa190d208)
Upstream released several versions after 13.0.0, but none of them were
updated accordingly in Nixpkgs. Upstream made it clear about a year ago
that this project was not actively maintained and recommended other
related projects.
The iverilog project is commonly known as ... iverilog, not verilog.
The package name `verilog` so far has been confusing, rename to `iverilog`.
While doing so, move the package to the new by-name/ convention directory.
Fix all the fall-out of packages that referred to the old name.
Dead cryptocurrency; last release was in 2019, last commit was in
2022. This is broken with miniupnpc 2.2.8; I reached out to the
maintainer and we agreed that it’s fine to just drop the package
rather than waste time patching it.
AdoptOpenJDK is a long-deprecated project, having been superceded by
Eclipse Temurin quite a while ago. Additionally, after running the
generate sources command, many of its subpackages fail to evaluate due
to missing binaries for versions the package expects. Because everything
provided by AdoptOpenJDK is either long-deprecated or also provided by
Temurin, its removal should not cause many problems.
By the same token, OpenJDK 12, 13, 14, 15, and 16 have also all been long
deemed EOL, and 13/14 are both actively broken and fail to build. These
packages, and their associated (and unnecessary) bootstrap chain are a
major factor in the tech debt of OpenJDK as an ecosystem in Nixpkgs.
OpenJDK 16 was the only user of OpenJFX 15, so it has also been removed.
By removing these packages, OpenJDK should hopefully be more
maintainable into the future.
This was removed in 329081dc4b, but
since I find this package useful, I'll make an attempt to maintain it.
Fortunately someone had forked the repo before it was deleted.
The derivation has been modified slightly to reflect PR feedback.
