From 98653a19760cd3399764eede1ed26b746ef83619 Mon Sep 17 00:00:00 2001 From: "R. RyanTM" Date: Mon, 21 Oct 2019 09:27:01 -0700 Subject: [PATCH 01/21] enchant: 2.2.5 -> 2.2.7 Semi-automatic update generated by https://github.com/ryantm/nixpkgs-update tools. This update was made based on information from https://repology.org/metapackage/enchant/versions --- pkgs/development/libraries/enchant/2.x.nix | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/pkgs/development/libraries/enchant/2.x.nix b/pkgs/development/libraries/enchant/2.x.nix index 92e34145abde..c92afee6dc94 100644 --- a/pkgs/development/libraries/enchant/2.x.nix +++ b/pkgs/development/libraries/enchant/2.x.nix @@ -10,13 +10,13 @@ stdenv.mkDerivation rec { pname = "enchant"; - version = "2.2.5"; + version = "2.2.7"; outputs = [ "out" "dev" ]; src = fetchurl { url = "https://github.com/AbiWord/${pname}/releases/download/v${version}/${pname}-${version}.tar.gz"; - sha256 = "0r41qjz3104h5raiwlw5ywwybafbxdjz12j1bnq3kq60jlr6d2pf"; + sha256 = "029smcna98hllgkm2gy94qa7qphxs4xaa8cdbg5kaaw16mhrf8hv"; }; nativeBuildInputs = [ From e5274c97ccf860c6e763ae8909eb216df4c4729e Mon Sep 17 00:00:00 2001 From: Bas van Dijk Date: Wed, 29 Jan 2020 11:45:38 +0100 Subject: [PATCH 02/21] perlPackages.TimeDate: use fetchpatch instead of storing the patch --- pkgs/development/perl-modules/timedate-2020.patch | 12 ------------ pkgs/top-level/perl-packages.nix | 9 +++++++-- 2 files changed, 7 insertions(+), 14 deletions(-) delete mode 100644 pkgs/development/perl-modules/timedate-2020.patch diff --git a/pkgs/development/perl-modules/timedate-2020.patch b/pkgs/development/perl-modules/timedate-2020.patch deleted file mode 100644 index ea4d8307f03a..000000000000 --- a/pkgs/development/perl-modules/timedate-2020.patch +++ /dev/null @@ -1,12 +0,0 @@ -Index: TimeDate-2.30/t/getdate.t -=================================================================== ---- TimeDate-2.30.orig/t/getdate.t -+++ TimeDate-2.30/t/getdate.t -@@ -156,7 +156,7 @@ Jul 22 10:00:00 UTC 2002 ;102733200 - !; - - require Time::Local; --my $offset = Time::Local::timegm(0,0,0,1,0,70); -+my $offset = Time::Local::timegm(0,0,0,1,0,1970); - - @data = split(/\n/, $data); diff --git a/pkgs/top-level/perl-packages.nix b/pkgs/top-level/perl-packages.nix index 2dc64f63465b..97530052e2a4 100644 --- a/pkgs/top-level/perl-packages.nix +++ b/pkgs/top-level/perl-packages.nix @@ -19545,8 +19545,13 @@ let url = mirror://cpan/authors/id/G/GB/GBARR/TimeDate-2.30.tar.gz; sha256 = "11lf54akr9nbivqkjrhvkmfdgkbhw85sq0q4mak56n6bf542bgbm"; }; - # https://rt.cpan.org/Public/Bug/Display.html?id=124509 - patches = [ ../development/perl-modules/timedate-2020.patch ]; + patches = [ + # https://rt.cpan.org/Public/Bug/Display.html?id=124509 + (fetchpatch { + url = "https://github.com/atoomic/perl-TimeDate/commit/4b67ccbdc1846620470ca524a5f3e2afd7b33f66.patch"; + sha256 = "1q37yw0b2pammvl0aana70nq7krqwhpcanqa11h2pg9sa9ls7q87"; + }) + ]; }; TimeDuration = buildPerlPackage { From f4fb5c259f55c5e77884b9dedef044ef28315d2d Mon Sep 17 00:00:00 2001 From: Cole Mickens Date: Fri, 8 Nov 2019 00:11:20 -0800 Subject: [PATCH 03/21] libxkbcommon: 0.8.4 -> 0.10.0 --- pkgs/development/libraries/libxkbcommon/default.nix | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/pkgs/development/libraries/libxkbcommon/default.nix b/pkgs/development/libraries/libxkbcommon/default.nix index 44530b381505..a773ccdb2ade 100644 --- a/pkgs/development/libraries/libxkbcommon/default.nix +++ b/pkgs/development/libraries/libxkbcommon/default.nix @@ -2,11 +2,11 @@ stdenv.mkDerivation rec { pname = "libxkbcommon"; - version = "0.8.4"; + version = "0.10.0"; src = fetchurl { url = "https://xkbcommon.org/download/${pname}-${version}.tar.xz"; - sha256 = "12vc91ydhphd5sddz15560r41l7k0i7mq6nma8kkbzdp6bwwzpb0"; + sha256 = "1wmnl0hngn6vrqrya4r8hvimlkr4jag39yjprls4gyrqvh667hsp"; }; outputs = [ "out" "dev" "doc" ]; From 9974c650321ebaa73ef8320b42f2479032021088 Mon Sep 17 00:00:00 2001 From: Cole Mickens Date: Thu, 30 Jan 2020 01:23:14 -0800 Subject: [PATCH 04/21] mesa: 19.3.2 -> 19.3.3 --- pkgs/development/libraries/mesa/default.nix | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/pkgs/development/libraries/mesa/default.nix b/pkgs/development/libraries/mesa/default.nix index c041507b2ec5..4e95e4771736 100644 --- a/pkgs/development/libraries/mesa/default.nix +++ b/pkgs/development/libraries/mesa/default.nix @@ -27,7 +27,7 @@ with stdenv.lib; let - version = "19.3.2"; + version = "19.3.3"; branch = versions.major version; in @@ -42,7 +42,7 @@ stdenv.mkDerivation { "ftp://ftp.freedesktop.org/pub/mesa/older-versions/${branch}.x/${version}/mesa-${version}.tar.xz" "https://mesa.freedesktop.org/archive/mesa-${version}.tar.xz" ]; - sha256 = "1hg1gvcwvayksrdh9z8rfz66h3z1ffspmm2qgyy2nd8n8qrfwfjf"; + sha256 = "02czqdqf64i3az5p1allnxycyjad3x35cj0hz0017mi5pc84ikl1"; }; prePatch = "patchShebangs ."; From 2327204ad0a9b18e4e0d86befecda59935fa5744 Mon Sep 17 00:00:00 2001 From: Chuck Date: Wed, 29 Jan 2020 17:07:02 -0800 Subject: [PATCH 05/21] gnupatch: Don't fetch from cgit URLs with unstable hashes cgit cannot serve patches with stable hashes, so store these patches in-tree. cgit community discussion about this problem: https://lists.zx2c4.com/pipermail/cgit/2017-February/003470.html We pull the patches in-tree rather than strip cgit footers with fetchpatch because per https://github.com/NixOS/nixpkgs/pull/61471#issuecomment-493218587 dependencies of fetchpatch cannot use fetchpatch. Verification that the only difference between the live page, the patch committed here, and the version cached under the old hash at tarballs.nixos.org is the cgit version footer: $ curl -s -L http://tarballs.nixos.org/sha256/"$(nix-hash --type sha256 --to-base16 0iw0lk0yhnhvfjzal48ij6zdr92mgb84jq7fwryy1hdhi47hhq64)" > Allow_input_files_to_be_missing_for_ed-style_patches.patch $ diff -U0 --label cgit-live <( curl -s -L https://git.savannah.gnu.org/cgit/patch.git/patch/?id=b5a91a01e5d0897facdd0f49d64b76b0f02b43e1 ) Allow_input_files_to_be_missing_for_ed-style_patches.patch --- cgit-live +++ Allow_input_files_to_be_missing_for_ed-style_patches.patch 2020-01-29 17:22:00.077312937 -0800 @@ -32 +32 @@ -cgit v1.2.1 +cgit v1.0-41-gc330 $ curl -s -L http://tarballs.nixos.org/sha256/"$(nix-hash --type sha256 --to-base16 1bpy16n3hm5nv9xkrn6c4wglzsdzj3ss1biq16w9kfv48p4hx2vg)" > CVE-2018-1000156.patch $ diff -U0 --label cgit-live <( curl -s -L https://git.savannah.gnu.org/cgit/patch.git/patch/?id=123eaff0d5d1aebe128295959435b9ca5909c26d ) CVE-2018-1000156.patch --- cgit-live +++ CVE-2018-1000156.patch 2020-01-29 17:23:41.021116969 -0800 @@ -210 +210 @@ -cgit v1.2.1 +cgit v1.0-41-gc330 --- ...s_to_be_missing_for_ed-style_patches.patch | 33 +++ .../text/gnupatch/CVE-2018-1000156.patch | 211 ++++++++++++++++++ pkgs/tools/text/gnupatch/default.nix | 17 +- 3 files changed, 251 insertions(+), 10 deletions(-) create mode 100644 pkgs/tools/text/gnupatch/Allow_input_files_to_be_missing_for_ed-style_patches.patch create mode 100644 pkgs/tools/text/gnupatch/CVE-2018-1000156.patch diff --git a/pkgs/tools/text/gnupatch/Allow_input_files_to_be_missing_for_ed-style_patches.patch b/pkgs/tools/text/gnupatch/Allow_input_files_to_be_missing_for_ed-style_patches.patch new file mode 100644 index 000000000000..98c9aa877a72 --- /dev/null +++ b/pkgs/tools/text/gnupatch/Allow_input_files_to_be_missing_for_ed-style_patches.patch @@ -0,0 +1,33 @@ +From b5a91a01e5d0897facdd0f49d64b76b0f02b43e1 Mon Sep 17 00:00:00 2001 +From: Andreas Gruenbacher +Date: Fri, 6 Apr 2018 11:34:51 +0200 +Subject: Allow input files to be missing for ed-style patches + +* src/pch.c (do_ed_script): Allow input files to be missing so that new +files will be created as with non-ed-style patches. +--- + src/pch.c | 8 +++++--- + 1 file changed, 5 insertions(+), 3 deletions(-) + +diff --git a/src/pch.c b/src/pch.c +index bc6278c..0c5cc26 100644 +--- a/src/pch.c ++++ b/src/pch.c +@@ -2394,9 +2394,11 @@ do_ed_script (char const *inname, char const *outname, + + if (! dry_run && ! skip_rest_of_patch) { + int exclusive = *outname_needs_removal ? 0 : O_EXCL; +- assert (! inerrno); +- *outname_needs_removal = true; +- copy_file (inname, outname, 0, exclusive, instat.st_mode, true); ++ if (inerrno != ENOENT) ++ { ++ *outname_needs_removal = true; ++ copy_file (inname, outname, 0, exclusive, instat.st_mode, true); ++ } + sprintf (buf, "%s %s%s", editor_program, + verbosity == VERBOSE ? "" : "- ", + outname); +-- +cgit v1.0-41-gc330 + diff --git a/pkgs/tools/text/gnupatch/CVE-2018-1000156.patch b/pkgs/tools/text/gnupatch/CVE-2018-1000156.patch new file mode 100644 index 000000000000..36f33dea2b90 --- /dev/null +++ b/pkgs/tools/text/gnupatch/CVE-2018-1000156.patch @@ -0,0 +1,211 @@ +From 123eaff0d5d1aebe128295959435b9ca5909c26d Mon Sep 17 00:00:00 2001 +From: Andreas Gruenbacher +Date: Fri, 6 Apr 2018 12:14:49 +0200 +Subject: Fix arbitrary command execution in ed-style patches + (CVE-2018-1000156) + +* src/pch.c (do_ed_script): Write ed script to a temporary file instead +of piping it to ed: this will cause ed to abort on invalid commands +instead of rejecting them and carrying on. +* tests/ed-style: New test case. +* tests/Makefile.am (TESTS): Add test case. +--- + src/pch.c | 91 ++++++++++++++++++++++++++++++++++++++++--------------- + tests/Makefile.am | 1 + + tests/ed-style | 41 +++++++++++++++++++++++++ + 3 files changed, 108 insertions(+), 25 deletions(-) + create mode 100644 tests/ed-style + +diff --git a/src/pch.c b/src/pch.c +index 0c5cc26..4fd5a05 100644 +--- a/src/pch.c ++++ b/src/pch.c +@@ -33,6 +33,7 @@ + # include + #endif + #include ++#include + + #define INITHUNKMAX 125 /* initial dynamic allocation size */ + +@@ -2389,24 +2390,28 @@ do_ed_script (char const *inname, char const *outname, + static char const editor_program[] = EDITOR_PROGRAM; + + file_offset beginning_of_this_line; +- FILE *pipefp = 0; + size_t chars_read; ++ FILE *tmpfp = 0; ++ char const *tmpname; ++ int tmpfd; ++ pid_t pid; ++ ++ if (! dry_run && ! skip_rest_of_patch) ++ { ++ /* Write ed script to a temporary file. This causes ed to abort on ++ invalid commands such as when line numbers or ranges exceed the ++ number of available lines. When ed reads from a pipe, it rejects ++ invalid commands and treats the next line as a new command, which ++ can lead to arbitrary command execution. */ ++ ++ tmpfd = make_tempfile (&tmpname, 'e', NULL, O_RDWR | O_BINARY, 0); ++ if (tmpfd == -1) ++ pfatal ("Can't create temporary file %s", quotearg (tmpname)); ++ tmpfp = fdopen (tmpfd, "w+b"); ++ if (! tmpfp) ++ pfatal ("Can't open stream for file %s", quotearg (tmpname)); ++ } + +- if (! dry_run && ! skip_rest_of_patch) { +- int exclusive = *outname_needs_removal ? 0 : O_EXCL; +- if (inerrno != ENOENT) +- { +- *outname_needs_removal = true; +- copy_file (inname, outname, 0, exclusive, instat.st_mode, true); +- } +- sprintf (buf, "%s %s%s", editor_program, +- verbosity == VERBOSE ? "" : "- ", +- outname); +- fflush (stdout); +- pipefp = popen(buf, binary_transput ? "wb" : "w"); +- if (!pipefp) +- pfatal ("Can't open pipe to %s", quotearg (buf)); +- } + for (;;) { + char ed_command_letter; + beginning_of_this_line = file_tell (pfp); +@@ -2417,14 +2422,14 @@ do_ed_script (char const *inname, char const *outname, + } + ed_command_letter = get_ed_command_letter (buf); + if (ed_command_letter) { +- if (pipefp) +- if (! fwrite (buf, sizeof *buf, chars_read, pipefp)) ++ if (tmpfp) ++ if (! fwrite (buf, sizeof *buf, chars_read, tmpfp)) + write_fatal (); + if (ed_command_letter != 'd' && ed_command_letter != 's') { + p_pass_comments_through = true; + while ((chars_read = get_line ()) != 0) { +- if (pipefp) +- if (! fwrite (buf, sizeof *buf, chars_read, pipefp)) ++ if (tmpfp) ++ if (! fwrite (buf, sizeof *buf, chars_read, tmpfp)) + write_fatal (); + if (chars_read == 2 && strEQ (buf, ".\n")) + break; +@@ -2437,13 +2442,49 @@ do_ed_script (char const *inname, char const *outname, + break; + } + } +- if (!pipefp) ++ if (!tmpfp) + return; +- if (fwrite ("w\nq\n", sizeof (char), (size_t) 4, pipefp) == 0 +- || fflush (pipefp) != 0) ++ if (fwrite ("w\nq\n", sizeof (char), (size_t) 4, tmpfp) == 0 ++ || fflush (tmpfp) != 0) + write_fatal (); +- if (pclose (pipefp) != 0) +- fatal ("%s FAILED", editor_program); ++ ++ if (lseek (tmpfd, 0, SEEK_SET) == -1) ++ pfatal ("Can't rewind to the beginning of file %s", quotearg (tmpname)); ++ ++ if (! dry_run && ! skip_rest_of_patch) { ++ int exclusive = *outname_needs_removal ? 0 : O_EXCL; ++ *outname_needs_removal = true; ++ if (inerrno != ENOENT) ++ { ++ *outname_needs_removal = true; ++ copy_file (inname, outname, 0, exclusive, instat.st_mode, true); ++ } ++ sprintf (buf, "%s %s%s", editor_program, ++ verbosity == VERBOSE ? "" : "- ", ++ outname); ++ fflush (stdout); ++ ++ pid = fork(); ++ if (pid == -1) ++ pfatal ("Can't fork"); ++ else if (pid == 0) ++ { ++ dup2 (tmpfd, 0); ++ execl ("/bin/sh", "sh", "-c", buf, (char *) 0); ++ _exit (2); ++ } ++ else ++ { ++ int wstatus; ++ if (waitpid (pid, &wstatus, 0) == -1 ++ || ! WIFEXITED (wstatus) ++ || WEXITSTATUS (wstatus) != 0) ++ fatal ("%s FAILED", editor_program); ++ } ++ } ++ ++ fclose (tmpfp); ++ safe_unlink (tmpname); + + if (ofp) + { +diff --git a/tests/Makefile.am b/tests/Makefile.am +index 6b6df63..16f8693 100644 +--- a/tests/Makefile.am ++++ b/tests/Makefile.am +@@ -32,6 +32,7 @@ TESTS = \ + crlf-handling \ + dash-o-append \ + deep-directories \ ++ ed-style \ + empty-files \ + false-match \ + fifo \ +diff --git a/tests/ed-style b/tests/ed-style +new file mode 100644 +index 0000000..d8c0689 +--- /dev/null ++++ b/tests/ed-style +@@ -0,0 +1,41 @@ ++# Copyright (C) 2018 Free Software Foundation, Inc. ++# ++# Copying and distribution of this file, with or without modification, ++# in any medium, are permitted without royalty provided the copyright ++# notice and this notice are preserved. ++ ++. $srcdir/test-lib.sh ++ ++require cat ++use_local_patch ++use_tmpdir ++ ++# ============================================================== ++ ++cat > ed1.diff < ed2.diff < /dev/null || echo "Status: $?"' < Date: Thu, 30 Jan 2020 01:41:12 -0500 Subject: [PATCH 06/21] gettext: Add macOS warning patch MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit gettext 0.20 fixed a bug with handling locale on macOS, but this caused it to report an annoying warning on systems where “language” differs from “region”. See Homebrew issue for details: . Add upstream patch that has not been released yet. Details: . --- pkgs/development/libraries/gettext/default.nix | 12 ++++++++++-- 1 file changed, 10 insertions(+), 2 deletions(-) diff --git a/pkgs/development/libraries/gettext/default.nix b/pkgs/development/libraries/gettext/default.nix index c2165a9d9c7a..50f56ec442d5 100644 --- a/pkgs/development/libraries/gettext/default.nix +++ b/pkgs/development/libraries/gettext/default.nix @@ -1,4 +1,4 @@ -{ stdenv, lib, fetchurl, libiconv, xz }: +{ stdenv, lib, fetchurl, libiconv, xz, fetchpatch }: stdenv.mkDerivation rec { pname = "gettext"; @@ -11,7 +11,15 @@ stdenv.mkDerivation rec { patches = [ ./absolute-paths.diff ./gettext.git-2336451ed68d91ff4b5ae1acbc1eca30e47a86a9.patch - ]; + ] + # HACK: Since this is merely a UX fix, to minimise rebuilds only patch + # the final library. + # Remove the entire thing when updating to the next release. + ++ lib.optional (stdenv.isDarwin && !(lib.hasPrefix "bootstrap" stdenv.name)) + (fetchpatch { + url = "https://git.savannah.gnu.org/cgit/gettext.git/patch?id=ec0e6b307456ceab352669ae6bccca9702108753"; + sha256 = "0xqs01c7xl7vmw6bqvsmrzxxjxk2a4spcdpmlwm3b4hi2wc2lxnf"; + }); outputs = [ "out" "man" "doc" "info" ]; From c0d1f26d42b4cb3f19d30ef48937b00117446e7f Mon Sep 17 00:00:00 2001 From: Kirill Elagin Date: Fri, 31 Jan 2020 15:49:26 -0500 Subject: [PATCH 07/21] gettext: Remove the rebuild optimisation hack --- pkgs/development/libraries/gettext/default.nix | 5 +---- 1 file changed, 1 insertion(+), 4 deletions(-) diff --git a/pkgs/development/libraries/gettext/default.nix b/pkgs/development/libraries/gettext/default.nix index 50f56ec442d5..c28afa174181 100644 --- a/pkgs/development/libraries/gettext/default.nix +++ b/pkgs/development/libraries/gettext/default.nix @@ -12,10 +12,7 @@ stdenv.mkDerivation rec { ./absolute-paths.diff ./gettext.git-2336451ed68d91ff4b5ae1acbc1eca30e47a86a9.patch ] - # HACK: Since this is merely a UX fix, to minimise rebuilds only patch - # the final library. - # Remove the entire thing when updating to the next release. - ++ lib.optional (stdenv.isDarwin && !(lib.hasPrefix "bootstrap" stdenv.name)) + ++ lib.optional stdenv.isDarwin (fetchpatch { url = "https://git.savannah.gnu.org/cgit/gettext.git/patch?id=ec0e6b307456ceab352669ae6bccca9702108753"; sha256 = "0xqs01c7xl7vmw6bqvsmrzxxjxk2a4spcdpmlwm3b4hi2wc2lxnf"; From a826b49c97bcc9d8365b5d18aeec8087116d195d Mon Sep 17 00:00:00 2001 From: Daiderd Jordan Date: Mon, 13 Jan 2020 17:46:11 +0100 Subject: [PATCH 08/21] stdenv: make darwin builds reproducable Fixes #21629 Passing these extra linker flags removes both the semi-random uuid included in most binaries as well as making the sdk version consistent instead of based on the current os version. Load command 8 cmd LC_UUID cmdsize 24 uuid 70FAF921-5DC8-371C-B814-4F121FADFDF4 Load command 9 cmd LC_VERSION_MIN_MACOSX cmdsize 16 version 10.12 sdk 10.13 The -macosx_version_min flag isn't strictly necessary since that's already handled by MACOSX_DEPLOYMENT_TARGET. --- pkgs/stdenv/darwin/default.nix | 15 ++++++++++----- 1 file changed, 10 insertions(+), 5 deletions(-) diff --git a/pkgs/stdenv/darwin/default.nix b/pkgs/stdenv/darwin/default.nix index f73fca48b7a7..207502285b2e 100644 --- a/pkgs/stdenv/darwin/default.nix +++ b/pkgs/stdenv/darwin/default.nix @@ -28,15 +28,20 @@ let ]; in rec { commonPreHook = '' - export NIX_ENFORCE_PURITY="''${NIX_ENFORCE_PURITY-1}" - export NIX_ENFORCE_NO_NATIVE="''${NIX_ENFORCE_NO_NATIVE-1}" + export NIX_ENFORCE_NO_NATIVE=''${NIX_ENFORCE_NO_NATIVE-1} + export NIX_ENFORCE_PURITY=''${NIX_ENFORCE_PURITY-1} export NIX_IGNORE_LD_THROUGH_GCC=1 - stripAllFlags=" " # the Darwin "strip" command doesn't know "-s" - export MACOSX_DEPLOYMENT_TARGET=10.12 - export SDKROOT= export CMAKE_OSX_ARCHITECTURES=x86_64 + export SDKROOT= + + # Ensure consistent LC_VERSION_MIN_MACOSX and remove LC_UUID. + export MACOSX_DEPLOYMENT_TARGET=10.12 + export NIX_LDFLAGS+=" -macosx_version_min 10.12 -sdk_version 10.12 -no_uuid" + # Workaround for https://openradar.appspot.com/22671534 on 10.11. export gl_cv_func_getcwd_abort_bug=no + + stripAllFlags=" " # the Darwin "strip" command doesn't know "-s" ''; bootstrapTools = derivation { From 6567823996e216e8bdfd4fbdb4ad3ed92572dbe7 Mon Sep 17 00:00:00 2001 From: Daiderd Jordan Date: Mon, 13 Jan 2020 17:56:02 +0100 Subject: [PATCH 09/21] stdenv: introduce appleSdkVersion and macosVersionMin --- pkgs/os-specific/darwin/apple-sdk/default.nix | 7 ++++++- pkgs/stdenv/darwin/default.nix | 16 +++++++++------- 2 files changed, 15 insertions(+), 8 deletions(-) diff --git a/pkgs/os-specific/darwin/apple-sdk/default.nix b/pkgs/os-specific/darwin/apple-sdk/default.nix index 9890d385259c..89c13d0b92d7 100644 --- a/pkgs/os-specific/darwin/apple-sdk/default.nix +++ b/pkgs/os-specific/darwin/apple-sdk/default.nix @@ -1,10 +1,15 @@ { stdenv, fetchurl, xar, cpio, pkgs, python3, pbzx, lib }: +let version = "10.12"; in + +# Ensure appleSdkVersion is up to date. +assert stdenv.isDarwin -> stdenv.appleSdkVersion == version; + let # sadly needs to be exported because security_tool needs it sdk = stdenv.mkDerivation rec { - version = "10.12"; pname = "MacOS_SDK"; + inherit version; # This URL comes from https://swscan.apple.com/content/catalogs/others/index-10.12.merged-1.sucatalog, which we found by: # 1. Google: site:swscan.apple.com and look for a name that seems appropriate for your version diff --git a/pkgs/stdenv/darwin/default.nix b/pkgs/stdenv/darwin/default.nix index 207502285b2e..7a9c20fd6a7b 100644 --- a/pkgs/stdenv/darwin/default.nix +++ b/pkgs/stdenv/darwin/default.nix @@ -1,6 +1,9 @@ { lib , localSystem, crossSystem, config, overlays, crossOverlays ? [] - +# The version of darwin.apple_sdk used for sources provided by apple. +, appleSdkVersion ? "10.12" +# Minimum required macOS version, used both for compatibility as well as reproducability. +, macosVersionMin ? "10.12" # Allow passing in bootstrap files directly so we can test the stdenv bootstrap process when changing the bootstrap tools , bootstrapFiles ? let fetch = { file, sha256, executable ? true }: import { @@ -35,8 +38,8 @@ in rec { export SDKROOT= # Ensure consistent LC_VERSION_MIN_MACOSX and remove LC_UUID. - export MACOSX_DEPLOYMENT_TARGET=10.12 - export NIX_LDFLAGS+=" -macosx_version_min 10.12 -sdk_version 10.12 -no_uuid" + export MACOSX_DEPLOYMENT_TARGET=${macosVersionMin} + export NIX_LDFLAGS+=" -macosx_version_min ${macosVersionMin} -sdk_version ${appleSdkVersion} -no_uuid" # Workaround for https://openradar.appspot.com/22671534 on 10.11. export gl_cv_func_getcwd_abort_bug=no @@ -135,8 +138,7 @@ in rec { __extraImpureHostDeps = commonImpureHostDeps; extraAttrs = { - inherit platform; - parent = last; + inherit macosVersionMin appleSdkVersion platform; }; overrides = self: super: (overrides self super) // { fetchurl = thisStdenv.fetchurlBoot; }; }; @@ -405,9 +407,9 @@ in rec { extraBuildInputs = [ pkgs.darwin.CF ]; extraAttrs = { - inherit platform bootstrapTools; - libc = pkgs.darwin.Libsystem; + libc = pkgs.darwin.Libsystem; shellPackage = pkgs.bash; + inherit macosVersionMin appleSdkVersion platform bootstrapTools; }; allowedRequisites = (with pkgs; [ From 9b579843d4069839219d9c16c56695a09749b655 Mon Sep 17 00:00:00 2001 From: Daiderd Jordan Date: Mon, 13 Jan 2020 18:05:52 +0100 Subject: [PATCH 10/21] treewide: use stdenv.macosVersionMin --- pkgs/development/tools/misc/ccls/default.nix | 2 +- pkgs/development/tools/misc/cquery/default.nix | 2 +- pkgs/servers/sql/mysql/8.0.x.nix | 2 +- 3 files changed, 3 insertions(+), 3 deletions(-) diff --git a/pkgs/development/tools/misc/ccls/default.nix b/pkgs/development/tools/misc/ccls/default.nix index 8748cdf52b4f..c3a0e57bd7fc 100644 --- a/pkgs/development/tools/misc/ccls/default.nix +++ b/pkgs/development/tools/misc/ccls/default.nix @@ -17,7 +17,7 @@ stdenv.mkDerivation rec { cmakeFlags = [ "-DCCLS_VERSION=${version}" - "-DCMAKE_OSX_DEPLOYMENT_TARGET=10.12" + "-DCMAKE_OSX_DEPLOYMENT_TARGET=${stdenv.macosVersionMin or ""}" ]; preConfigure = '' diff --git a/pkgs/development/tools/misc/cquery/default.nix b/pkgs/development/tools/misc/cquery/default.nix index c43509a4f43b..ccb4dd5b15a1 100644 --- a/pkgs/development/tools/misc/cquery/default.nix +++ b/pkgs/development/tools/misc/cquery/default.nix @@ -26,7 +26,7 @@ stdenv.mkDerivation { cmakeFlags = [ "-DSYSTEM_CLANG=ON" "-DCLANG_CXX=ON" - "-DCMAKE_OSX_DEPLOYMENT_TARGET=10.12" + "-DCMAKE_OSX_DEPLOYMENT_TARGET=${stdenv.macosVersionMin or ""}" ]; shell = runtimeShell; diff --git a/pkgs/servers/sql/mysql/8.0.x.nix b/pkgs/servers/sql/mysql/8.0.x.nix index fcb64550d6fe..64b4417ea60e 100644 --- a/pkgs/servers/sql/mysql/8.0.x.nix +++ b/pkgs/servers/sql/mysql/8.0.x.nix @@ -31,7 +31,7 @@ self = stdenv.mkDerivation rec { outputs = [ "out" "static" ]; cmakeFlags = [ - "-DCMAKE_OSX_DEPLOYMENT_TARGET=10.12" # For std::shared_timed_mutex. + "-DCMAKE_OSX_DEPLOYMENT_TARGET=${stdenv.macosVersionMin or ""}" # For std::shared_timed_mutex. "-DCMAKE_SKIP_BUILD_RPATH=OFF" # To run libmysql/libmysql_api_test during build. "-DFORCE_UNSUPPORTED_COMPILER=1" # To configure on Darwin. "-DWITH_ROUTER=OFF" # It may be packaged separately. From b984c227d28c0af7b1afaace0c2ad107d94757f6 Mon Sep 17 00:00:00 2001 From: Daiderd Jordan Date: Tue, 14 Jan 2020 12:10:32 +0100 Subject: [PATCH 11/21] cmake: remove CMAKE_OSX_DEPLOYMENT_TARGET overrides We _do_ want minimum versions in our packages. --- pkgs/development/tools/build-managers/cmake/setup-hook.sh | 4 ---- pkgs/development/tools/misc/ccls/default.nix | 5 +---- pkgs/development/tools/misc/cquery/default.nix | 1 - pkgs/servers/sql/mysql/8.0.x.nix | 1 - 4 files changed, 1 insertion(+), 10 deletions(-) diff --git a/pkgs/development/tools/build-managers/cmake/setup-hook.sh b/pkgs/development/tools/build-managers/cmake/setup-hook.sh index 6f3d33bcaa7c..5479067d637e 100755 --- a/pkgs/development/tools/build-managers/cmake/setup-hook.sh +++ b/pkgs/development/tools/build-managers/cmake/setup-hook.sh @@ -53,10 +53,6 @@ cmakeConfigurePhase() { # we never want to use the global macOS SDK cmakeFlags="-DCMAKE_OSX_SYSROOT= $cmakeFlags" - # disable OSX deployment target - # we don't want our binaries to have a "minimum" OSX version - cmakeFlags="-DCMAKE_OSX_DEPLOYMENT_TARGET= $cmakeFlags" - # correctly detect our clang compiler cmakeFlags="-DCMAKE_POLICY_DEFAULT_CMP0025=NEW $cmakeFlags" diff --git a/pkgs/development/tools/misc/ccls/default.nix b/pkgs/development/tools/misc/ccls/default.nix index c3a0e57bd7fc..f442c16e3516 100644 --- a/pkgs/development/tools/misc/ccls/default.nix +++ b/pkgs/development/tools/misc/ccls/default.nix @@ -15,10 +15,7 @@ stdenv.mkDerivation rec { nativeBuildInputs = [ cmake ]; buildInputs = with llvmPackages; [ clang-unwrapped llvm rapidjson ]; - cmakeFlags = [ - "-DCCLS_VERSION=${version}" - "-DCMAKE_OSX_DEPLOYMENT_TARGET=${stdenv.macosVersionMin or ""}" - ]; + cmakeFlags = [ "-DCCLS_VERSION=${version}" ]; preConfigure = '' cmakeFlagsArray+=(-DCMAKE_CXX_FLAGS="-fvisibility=hidden -fno-rtti") diff --git a/pkgs/development/tools/misc/cquery/default.nix b/pkgs/development/tools/misc/cquery/default.nix index ccb4dd5b15a1..87b3cbb7121e 100644 --- a/pkgs/development/tools/misc/cquery/default.nix +++ b/pkgs/development/tools/misc/cquery/default.nix @@ -26,7 +26,6 @@ stdenv.mkDerivation { cmakeFlags = [ "-DSYSTEM_CLANG=ON" "-DCLANG_CXX=ON" - "-DCMAKE_OSX_DEPLOYMENT_TARGET=${stdenv.macosVersionMin or ""}" ]; shell = runtimeShell; diff --git a/pkgs/servers/sql/mysql/8.0.x.nix b/pkgs/servers/sql/mysql/8.0.x.nix index 64b4417ea60e..3c1d1f6645c6 100644 --- a/pkgs/servers/sql/mysql/8.0.x.nix +++ b/pkgs/servers/sql/mysql/8.0.x.nix @@ -31,7 +31,6 @@ self = stdenv.mkDerivation rec { outputs = [ "out" "static" ]; cmakeFlags = [ - "-DCMAKE_OSX_DEPLOYMENT_TARGET=${stdenv.macosVersionMin or ""}" # For std::shared_timed_mutex. "-DCMAKE_SKIP_BUILD_RPATH=OFF" # To run libmysql/libmysql_api_test during build. "-DFORCE_UNSUPPORTED_COMPILER=1" # To configure on Darwin. "-DWITH_ROUTER=OFF" # It may be packaged separately. From 68513e40711cd942144a1da9c9e434b378c2c762 Mon Sep 17 00:00:00 2001 From: Daiderd Jordan Date: Tue, 14 Jan 2020 12:43:54 +0100 Subject: [PATCH 12/21] cmake: move CMAKE_OSX_ARCHITECTURES out of the stdenv This was initially introduced in 92188d9d1751892ddbf8913da73dfc150d18fadb, not clear how relevant this still is but i686 isn't supported anymore so disable it explicitly. --- pkgs/development/tools/build-managers/cmake/setup-hook.sh | 3 +++ pkgs/stdenv/darwin/default.nix | 1 - 2 files changed, 3 insertions(+), 1 deletion(-) diff --git a/pkgs/development/tools/build-managers/cmake/setup-hook.sh b/pkgs/development/tools/build-managers/cmake/setup-hook.sh index 5479067d637e..87bbefa6bbfa 100755 --- a/pkgs/development/tools/build-managers/cmake/setup-hook.sh +++ b/pkgs/development/tools/build-managers/cmake/setup-hook.sh @@ -50,6 +50,9 @@ cmakeConfigurePhase() { # because we usually do not package the framework cmakeFlags="-DCMAKE_FIND_FRAMEWORK=last $cmakeFlags" + # on macOS i686 was only relevant for 10.5 or earlier. + cmakeFlags="-DCMAKE_OSX_ARCHITECTURES=x86_64 $cmakeFlags" + # we never want to use the global macOS SDK cmakeFlags="-DCMAKE_OSX_SYSROOT= $cmakeFlags" diff --git a/pkgs/stdenv/darwin/default.nix b/pkgs/stdenv/darwin/default.nix index 7a9c20fd6a7b..4f91d18a3764 100644 --- a/pkgs/stdenv/darwin/default.nix +++ b/pkgs/stdenv/darwin/default.nix @@ -34,7 +34,6 @@ in rec { export NIX_ENFORCE_NO_NATIVE=''${NIX_ENFORCE_NO_NATIVE-1} export NIX_ENFORCE_PURITY=''${NIX_ENFORCE_PURITY-1} export NIX_IGNORE_LD_THROUGH_GCC=1 - export CMAKE_OSX_ARCHITECTURES=x86_64 export SDKROOT= # Ensure consistent LC_VERSION_MIN_MACOSX and remove LC_UUID. From a18f9d1fadc890abffbfafd6ffd7813c6420018c Mon Sep 17 00:00:00 2001 From: worldofpeace Date: Thu, 30 Jan 2020 20:40:29 -0500 Subject: [PATCH 13/21] python3Packages.pygobject3: 3.32.1 -> 3.34.0 https://gitlab.gnome.org/GNOME/pygobject/blob/3.34.0/NEWS --- pkgs/development/python-modules/pygobject/3.nix | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/pkgs/development/python-modules/pygobject/3.nix b/pkgs/development/python-modules/pygobject/3.nix index 8372adc9bdb1..e9cbeb422f15 100644 --- a/pkgs/development/python-modules/pygobject/3.nix +++ b/pkgs/development/python-modules/pygobject/3.nix @@ -3,13 +3,13 @@ pycairo, cairo, which, ncurses, meson, ninja, isPy3k, gnome3 }: buildPythonPackage rec { pname = "pygobject"; - version = "3.32.1"; + version = "3.34.0"; format = "other"; src = fetchurl { url = "mirror://gnome/sources/${pname}/${stdenv.lib.versions.majorMinor version}/${pname}-${version}.tar.xz"; - sha256 = "1n04dnvq3bx7vk7pgnxlg6kiwnc7xxv9bjabkv7abpmqjkprvj9j"; + sha256 = "06i7ynnbvgpz0gw09zsjbvhgcp5qz4yzdifw27qjwdazg2mckql7"; }; outputs = [ "out" "dev" ]; From 988d70bac59099b018627a42b9c0614febff876a Mon Sep 17 00:00:00 2001 From: worldofpeace Date: Thu, 30 Jan 2020 20:42:58 -0500 Subject: [PATCH 14/21] python3Packages.pyatspi: 2.32.1 -> 2.34.0 https://gitlab.gnome.org/GNOME/pyatspi2/blob/PYATSPI_2_34_0/NEWS --- pkgs/development/python-modules/pyatspi/default.nix | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/pkgs/development/python-modules/pyatspi/default.nix b/pkgs/development/python-modules/pyatspi/default.nix index 693477d20c08..3f427e340022 100644 --- a/pkgs/development/python-modules/pyatspi/default.nix +++ b/pkgs/development/python-modules/pyatspi/default.nix @@ -2,12 +2,12 @@ buildPythonPackage rec { pname = "pyatspi"; - version = "2.32.1"; + version = "2.34.0"; format = "other"; src = fetchurl { url = "mirror://gnome/sources/${pname}/${stdenv.lib.versions.majorMinor version}/${pname}-${version}.tar.xz"; - sha256 = "1283cbwd2kacgdij96xk26721f6amyzdhy2py11kdj5cprdlm5c4"; + sha256 = "0j3f75j0zd6ca8msg7yr19qsfirqkn9fk8pqbjnlhqrpri455g4p"; }; nativeBuildInputs = [ pkgconfig ]; From 6aa47aa04211211cef9040e1ed76b1abdd1d79a4 Mon Sep 17 00:00:00 2001 From: worldofpeace Date: Sat, 1 Feb 2020 17:16:02 -0500 Subject: [PATCH 15/21] networkmanager: 1.22.4 -> 1.22.6 https://gitlab.freedesktop.org/NetworkManager/NetworkManager/blob/1.22.6/NEWS --- pkgs/tools/networking/network-manager/default.nix | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/pkgs/tools/networking/network-manager/default.nix b/pkgs/tools/networking/network-manager/default.nix index 1a33a735cfe4..571b907ee2f1 100644 --- a/pkgs/tools/networking/network-manager/default.nix +++ b/pkgs/tools/networking/network-manager/default.nix @@ -10,11 +10,11 @@ let pythonForDocs = python3.withPackages (pkgs: with pkgs; [ pygobject3 ]); in stdenv.mkDerivation rec { pname = "network-manager"; - version = "1.22.4"; + version = "1.22.6"; src = fetchurl { url = "mirror://gnome/sources/NetworkManager/${stdenv.lib.versions.majorMinor version}/NetworkManager-${version}.tar.xz"; - sha256 = "0682hm5l3ix8cq35yl5pxidri4kxbdnvj9llf8vg9mcg5abdaslv"; + sha256 = "0r65hk7nw44jq4k6h91wrprr0x9410ibd1n7mpmlh4f4kgy276dw"; }; outputs = [ "out" "dev" "devdoc" "man" "doc" ]; From f025935dc60d69fa735a4707af2ccb2d7890f999 Mon Sep 17 00:00:00 2001 From: worldofpeace Date: Sat, 1 Feb 2020 17:19:47 -0500 Subject: [PATCH 16/21] networkmanager: reorganize directory This was a bit of a mess. --- .../network-manager/{applet.nix => applet/default.nix} | 0 .../network-manager/{ => applet}/hardcode-gsettings.patch | 0 .../network-manager/{dmenu.nix => dmenu/default.nix} | 0 .../{strongswan.nix => strongswan/default.nix} | 0 pkgs/top-level/all-packages.nix | 6 +++--- 5 files changed, 3 insertions(+), 3 deletions(-) rename pkgs/tools/networking/network-manager/{applet.nix => applet/default.nix} (100%) rename pkgs/tools/networking/network-manager/{ => applet}/hardcode-gsettings.patch (100%) rename pkgs/tools/networking/network-manager/{dmenu.nix => dmenu/default.nix} (100%) rename pkgs/tools/networking/network-manager/{strongswan.nix => strongswan/default.nix} (100%) diff --git a/pkgs/tools/networking/network-manager/applet.nix b/pkgs/tools/networking/network-manager/applet/default.nix similarity index 100% rename from pkgs/tools/networking/network-manager/applet.nix rename to pkgs/tools/networking/network-manager/applet/default.nix diff --git a/pkgs/tools/networking/network-manager/hardcode-gsettings.patch b/pkgs/tools/networking/network-manager/applet/hardcode-gsettings.patch similarity index 100% rename from pkgs/tools/networking/network-manager/hardcode-gsettings.patch rename to pkgs/tools/networking/network-manager/applet/hardcode-gsettings.patch diff --git a/pkgs/tools/networking/network-manager/dmenu.nix b/pkgs/tools/networking/network-manager/dmenu/default.nix similarity index 100% rename from pkgs/tools/networking/network-manager/dmenu.nix rename to pkgs/tools/networking/network-manager/dmenu/default.nix diff --git a/pkgs/tools/networking/network-manager/strongswan.nix b/pkgs/tools/networking/network-manager/strongswan/default.nix similarity index 100% rename from pkgs/tools/networking/network-manager/strongswan.nix rename to pkgs/tools/networking/network-manager/strongswan/default.nix diff --git a/pkgs/top-level/all-packages.nix b/pkgs/top-level/all-packages.nix index 5e3e48c43783..e5ae392149ce 100644 --- a/pkgs/top-level/all-packages.nix +++ b/pkgs/top-level/all-packages.nix @@ -5254,11 +5254,11 @@ in networkmanager-fortisslvpn = callPackage ../tools/networking/network-manager/fortisslvpn { }; - networkmanager_strongswan = callPackage ../tools/networking/network-manager/strongswan.nix { }; + networkmanager_strongswan = callPackage ../tools/networking/network-manager/strongswan { }; - networkmanagerapplet = callPackage ../tools/networking/network-manager/applet.nix { }; + networkmanagerapplet = callPackage ../tools/networking/network-manager/applet { }; - networkmanager_dmenu = callPackage ../tools/networking/network-manager/dmenu.nix { }; + networkmanager_dmenu = callPackage ../tools/networking/network-manager/dmenu { }; newsboat = callPackage ../applications/networking/feedreaders/newsboat { inherit (darwin.apple_sdk.frameworks) Security; From 147f32ac2b1cfa2c08ecc8fea7e67559aff61402 Mon Sep 17 00:00:00 2001 From: Andrew Dunham Date: Sat, 1 Feb 2020 14:34:21 -0800 Subject: [PATCH 17/21] libxml2: add patch for CVE-2020-7595 --- pkgs/development/libraries/libxml2/default.nix | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) diff --git a/pkgs/development/libraries/libxml2/default.nix b/pkgs/development/libraries/libxml2/default.nix index 42515b7373c1..c07a5699f923 100644 --- a/pkgs/development/libraries/libxml2/default.nix +++ b/pkgs/development/libraries/libxml2/default.nix @@ -1,4 +1,4 @@ -{ stdenv, lib, fetchurl +{ stdenv, lib, fetchurl, fetchpatch , zlib, xz, python, ncurses, findXMLCatalogs , pythonSupport ? stdenv.buildPlatform == stdenv.hostPlatform , icuSupport ? false, icu ? null @@ -27,6 +27,11 @@ stdenv.mkDerivation rec { # https://github.com/NixOS/nixpkgs/pull/63174 # https://github.com/NixOS/nixpkgs/pull/72342 ./utf8-xmlErrorFuncHandler.patch + (fetchpatch { + name = "CVE-2020-7595.patch"; + url = "https://gitlab.gnome.org/GNOME/libxml2/commit/0e1a49c8907645d2e155f0d89d4d9895ac5112b5.patch"; + sha256 = "0klvaxkzakkpyq0m44l9xrpn5kwaii194sqsivfm6zhnb9hhl15l"; + }) ]; outputs = [ "bin" "dev" "out" "man" "doc" ] From e73fa05f30894485a526bf3920b0551a90373af4 Mon Sep 17 00:00:00 2001 From: Benjamin Hipple Date: Sun, 2 Feb 2020 13:41:47 -0500 Subject: [PATCH 18/21] waf: 2.0.18 -> 2.0.19 The patch for sorting files in `tar` is no longer needed, as it has been fixed upstream: https://gitlab.com/ita1024/waf/-/merge_requests/2227 --- .../tools/build-managers/waf/default.nix | 13 +++---------- 1 file changed, 3 insertions(+), 10 deletions(-) diff --git a/pkgs/development/tools/build-managers/waf/default.nix b/pkgs/development/tools/build-managers/waf/default.nix index f8bbda61627a..72ea74c9aad8 100644 --- a/pkgs/development/tools/build-managers/waf/default.nix +++ b/pkgs/development/tools/build-managers/waf/default.nix @@ -1,4 +1,4 @@ -{ stdenv, fetchFromGitLab, fetchpatch, python, ensureNewerSourcesForZipFilesHook +{ stdenv, fetchFromGitLab, python, ensureNewerSourcesForZipFilesHook # optional list of extra waf tools, e.g. `[ "doxygen" "pytest" ]` , withTools ? null }: @@ -8,22 +8,15 @@ let in stdenv.mkDerivation rec { pname = "waf"; - version = "2.0.18"; + version = "2.0.19"; src = fetchFromGitLab { owner = "ita1024"; repo = "waf"; rev = "${pname}-${version}"; - sha256 = "1ifcanm2x2i8qwgfkwgdxwaqcdwsx5jg8bd1d6sqjps3pz7s5qxx"; + sha256 = "1ydmx20blr776qnmnqp0whyiy81a3glln49m9fva2cmampmandpb"; }; - patches = [ - (fetchpatch { - url = "https://gitlab.com/grahamc/waf/commit/fc1c98f1fb575fb26b867a61cbca79aa894db2ea.patch"; - sha256 = "0kzfrr6nh1ay8nyk0i69nhkkrq7hskn7yw1qyjxrda1y3wxj6jp8"; - }) - ]; - buildInputs = [ python ensureNewerSourcesForZipFilesHook ]; configurePhase = '' From 7949dc4291850de1d426b20dcff9542c9d6cbdaf Mon Sep 17 00:00:00 2001 From: "R. RyanTM" Date: Sat, 1 Feb 2020 13:42:33 +0000 Subject: [PATCH 19/21] openldap: 2.4.48 -> 2.4.49 --- pkgs/development/libraries/openldap/default.nix | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/pkgs/development/libraries/openldap/default.nix b/pkgs/development/libraries/openldap/default.nix index fbc9de11e8f7..4c2052ae7915 100644 --- a/pkgs/development/libraries/openldap/default.nix +++ b/pkgs/development/libraries/openldap/default.nix @@ -1,11 +1,11 @@ { stdenv, fetchurl, openssl, cyrus_sasl, db, groff, libtool }: stdenv.mkDerivation rec { - name = "openldap-2.4.48"; + name = "openldap-2.4.49"; src = fetchurl { url = "https://www.openldap.org/software/download/OpenLDAP/openldap-release/${name}.tgz"; - sha256 = "0k87qra4kirb6xgja4q1jyw6piwb9v8b8g6gkxq4plawmgy3ylnr"; + sha256 = "0vp524rsngdcykf6ki7vprsyg7gj8z7hszg8xwxz50219fa1gcg3"; }; # TODO: separate "out" and "bin" From ad78c66eb51138fd18c5375b86c2aea339826688 Mon Sep 17 00:00:00 2001 From: "R. RyanTM" Date: Sat, 1 Feb 2020 10:02:26 +0000 Subject: [PATCH 20/21] mtdev: 1.1.5 -> 1.1.6 --- pkgs/development/libraries/mtdev/default.nix | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/pkgs/development/libraries/mtdev/default.nix b/pkgs/development/libraries/mtdev/default.nix index e999ea73ae2e..7974e14040cd 100644 --- a/pkgs/development/libraries/mtdev/default.nix +++ b/pkgs/development/libraries/mtdev/default.nix @@ -1,11 +1,11 @@ { stdenv, fetchurl }: stdenv.mkDerivation rec { - name = "mtdev-1.1.5"; + name = "mtdev-1.1.6"; src = fetchurl { url = "http://bitmath.org/code/mtdev/${name}.tar.bz2"; - sha256 = "0zxs7shzgbalkvlaiibi25bd902rbmkv9n1lww6q8j3ri9qdaxv6"; + sha256 = "1q700h9dqcm3zl6c3gj0qxxjcx6ibw2c51wjijydhwdcm26v5mqm"; }; meta = with stdenv.lib; { From 401649da349c236d7d10d8cf744d73feafd33a0c Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Niklas=20Hamb=C3=BCchen?= Date: Thu, 30 Jan 2020 04:34:19 +0100 Subject: [PATCH 21/21] pythonPackages.Babel: Fix build with Nix < 2.3. Fixes #75676 --- .../python-modules/Babel/default.nix | 27 +++++++++++++++---- 1 file changed, 22 insertions(+), 5 deletions(-) diff --git a/pkgs/development/python-modules/Babel/default.nix b/pkgs/development/python-modules/Babel/default.nix index 1aafee5bec49..d700a07b275f 100644 --- a/pkgs/development/python-modules/Babel/default.nix +++ b/pkgs/development/python-modules/Babel/default.nix @@ -1,4 +1,4 @@ -{ stdenv, lib, buildPythonPackage, fetchPypi, pytz, pytest, freezegun, glibcLocales }: +{ stdenv, lib, buildPythonPackage, fetchPypi, fetchpatch, pytz, pytest, freezegun, glibcLocales }: buildPythonPackage rec { pname = "Babel"; @@ -9,14 +9,31 @@ buildPythonPackage rec { sha256 = "e86135ae101e31e2c8ec20a4e0c5220f4eed12487d5cf3f78be7e98d3a57fc28"; }; + patches = [ + # The following 2 patches fix the test suite failing on nix < 2.3 with + # Python < 3 because those nix versions do not run in a pseudoterminal, + # which makes Python 2 not set the default encoding to UTF-8, and the + # Babel code crashes when printing a warning in that case. + # See #75676 and https://github.com/python-babel/babel/pull/691. + # It is important to fix this because otherwise Babel is not buildable + # with older nix versions (e.g. on machines used as --builders). + # TODO: Remove at release > 2.8.0. + (fetchpatch { + name = "Babel-Introduce-invariant-that-invalid_pofile-takes-unicode-line.patch"; + url = "https://github.com/python-babel/babel/commit/f4f6653e6aa053724d2c6dc0ee71dcb928013352.patch"; + sha256 = "1kyknwn9blspcf9yxmgdiaxdii1dnkblyhcflqwhxyl1mss1dxv5"; + }) + (fetchpatch { + name = "Babel-Fix-unicode-printing-error-on-Python-2-without-TTY.patch"; + url = "https://github.com/python-babel/babel/commit/da7f31143847659b6b74d802618b03438aceb350.patch"; + sha256 = "09yny8614knr8ngrrddmqzkxk70am135rccv2ncc6dji4xbqbfln"; + }) + ]; + propagatedBuildInputs = [ pytz ]; checkInputs = [ pytest freezegun ]; - # Note that a test will fail with an encoding error on Python 2 with Nix < 2.3 - # due to https://github.com/NixOS/nixpkgs/pull/75676#issuecomment-579008837. - # TODO: Remove the above comment when we use a version that includes the fix - # from https://github.com/python-babel/babel/pull/691 doCheck = !stdenv.isDarwin; meta = with lib; {