I previously didn't update the hash, so was still building ghostscript-9.24
(which explained why docs were still from 9.24)
The ICC profile validation patch from #47937 is included in 9.25, so we
can strip it from the list of patches.
cc @xeji
Highlights in this release include:
This release fixes problems with argument handling, some unintended results of the security fixes to the SAFER file access restrictions (specifically accessing ICC profile files), and some additional security issues over the recent 9.24 release.
CVE-2018-16802
CVE-2018-17183
Note: The ps2epsi utility does not, and cannot call Ghostscript with the -dSAFER command line option. It should never be called with input from untrusted sources.
Security issues have been the primary focus of this release, including solving several (well publicised) real and potential exploits.
PLEASE NOTE: We strongly urge users to upgrade to this latest release to avoid these issues.
As well as Ghostscript itself, jbig2dec has had a significant amount of work improving its robustness in the face of out specification files.
IMPORTANT: We are in the process of forking LittleCMS. LCMS2 is not thread safe, and cannot be made thread safe without breaking the ABI. Our fork will be thread safe, and include performance enhancements (these changes have all be been offered and rejected upstream). We will maintain compatibility between Ghostscript and LCMS2 for a time, but not in perpetuity. Our fork will be available as its own package separately from Ghostscript (and MuPDF).
The usual round of bug fixes, compatibility changes, and incremental improvements.
* Version 4.01.17 works fine for me on NixOS, driving both a Samsung ML-2165w
and a Samsung ML-2510 printer successfully.
* Version 4.00.39 is broken. The build shows errors, but doesn't abort. The
generated binaries don't work, because they are lacking rpaths to their
library dependencies.
* Renamed old default.nix file to 1.00.37.nix. That version wasn't the default
and it feels like a bad idea to mix versioned and unversioned file names in
the same directory.
In a few cases it wasn't clear so I left them as-is.
While visiting these moved other things to nativeBuildInputs
when it was clear they were one of these cases:
* makeWrapper
* archive utilities (in order to unpack src)
* a few of these might no longer be needed but leaving for another day
The default version isn't enabled on darwin either, however it did work
at some point.
/tmp/nix-build-dolphin-emu-2018-08-17.drv-0/source/Source/Core/Core/NetPlayServer.cpp:1180:26: error: unknown type name 'lzo_uint32_t'; did you mean 'lzo_uint32'?
std::vector<u8> wrkmem(LZO1X_1_MEM_COMPRESS);
/cc ZHF #45961
Greybird is dual-licensed as GPLv2 or later and CC-BY-SA 3.0 or later.
The first is free, and the second is unfree in nixpkgs. Currently both
licenses are listed in the package derivation. And nix takes that it is
unfree. If one of the licenses in the list is unfree. nix consider
that the software is unfree. Remove the unfree one.
The darwin build fails and it's probably not particularly useful there.
utils.c:33:19: error: use of undeclared identifier 'CLOCK_MONOTONIC'
clock_gettime(CLOCK_MONOTONIC, &t);
/cc ZHF #45961
A new python script has been added to replace the aged viml-based
updater. The new updater has the following advantages:
- use rss feeds to check for updates quicker
- parallel downloads & better caching
- uses proper override mechanism instead of text substitution
- update generated files in-place instead of having to insert updated plugins manually
Automatically reading `dependencies` from the plugins directory has been
not re-implemented.
This has been mostly been used by Mark Weber's plugins, which seem to
no longer receive regular updates.
This could be implemented in future as required.
The $doc stuff needed changes, probably because of ghostscript newly
reacting to some configure flags that stdenv passes.
- share/ghostscript/9.22/doc was an ugly location for documentation,
and I didn't like their new share/ghostscript/9.24 either,
so that got changed to share/doc/ghostscript/9.24
- their process no longer installs examples, apparently,
but I don't expect that would be any problem for us
Added better practices to update_exts script.
Use `jq` instead of `grep` for more reliable JSON querying.
Check for 404 when requesting package.json information to avoid mangled
output.
Added proper failure points for missing vscode package, unknown version,
and if the code executable couldn't be found.
Switched to using a `nix-shell` shebang for even better reliability and
use the `sh` shell to be that little bit more generic.
Script is still clunky and sequential, anything more and I'd need to
write a proper program to do this and that's getting a bit silly? But
people that have a dozen or so extensions might be in for a long wait.
Be explicit about using bash
Improve the use of jq to remove unnecessary use of tr. Hat-tip coretemp.
Add some comments, finally.
Remove the `fetch` function.
Change the `get_ver` function to more accurately demonstrate what it is trying
to do, as well as add in some better error handling for non-200 http responses.
I couldn't make the bash `${param/search/replacement}` work for chopping up the
response in the `get_ver` function, hence the use of `sed`. Hopefully it all
makes a bit more sense now.
Remove github requests.
VSIXPackage is just a zip format in disguise so use a tmpdir and unpackage the
package.json file for the file in question so we can get the precise version
that we're interested in without additional redundant calls to github that may
not provide the right answer anyway.
Add trap to try to clean up the temp folders and clean up as we go.
I can't use 'fetchurl' or even 'nix-prefetch-url' because for the former we
don't yet know the hash that we're after and for the latter there isn't a way to
tie the predownloaded file into the next part of the workflow.
Prevent an unnecessary file from being extracted.
Change the unzip command to read the file we're after to stdout so we can use jq
on it directly instead of creating a file, reading it, then deleting it.
Courtesy of worldofpeace, remove the dependency on coreutils and use the
provided nix-hash function to generate the required hash.
Fix up a comment
Remove use of 'awk' and clean up individual Nix printing with cat to EOF expression.
* The ELK stack is upgraded to 6.3.2.
* `elasticsearch6`, `logstash6` and `kibana6` now come with X-Pack which is
a suite of additional features. These are however licensed under the unfree
"Elastic License".
* Fortunately they also provide OSS versions which are now packaged
under: `elasticsearch6-oss`, `logstash6-oss` and `kibana6-oss`.
Note that the naming of the attributes is consistent with upstream.
* The test `nix-build nixos/tests/elk.nix -A ELK-6` will test the OSS
version by default. You can also run the test on the unfree ELK using:
`NIXPKGS_ALLOW_UNFREE=1 nix-build nixos/tests/elk.nix -A ELK-6 --arg enableUnfree true`
This makes the command ‘nix-env -qa -f. --arg config '{skipAliases =
true;}'’ work in Nixpkgs.
Misc...
- qtikz: use libsForQt5.callPackage
This ensures we get the right poppler.
- rewrites:
docbook5_xsl -> docbook_xsl_ns
docbook_xml_xslt -> docbook_xsl
diffpdf: fixup
Semi-automatic update generated by https://github.com/ryantm/nixpkgs-update tools.
This update was made based on information from https://repology.org/metapackage/mxt-app/versions.
Version release notes (from GitHub):
Changes since v1.27
- Added broken line test for sensors
- Added Sensor Variant Algorithm test for sensors
- Added .empty in m4 folder and removed mkdir in autogen.sh
- Fix mxt_convert_hex_test on 32 bit architectures
- Fixed uninitialized variable ctx->active_stylus
- Fixed extended config byte returning zeros
- Other minor fixes
These checks were done:
- built on NixOS
- /nix/store/1769xizqkbd8dd6llqy02rldci3pwijk-mxt-app-1.28/bin/mxt-app passed the binary check.
- 1 of 1 passed binary check by having a zero exit code.
- 1 of 1 passed binary check by having the new version present in output.
- found 1.28 with grep in /nix/store/1769xizqkbd8dd6llqy02rldci3pwijk-mxt-app-1.28
- directory tree listing: https://gist.github.com/fc84545295cbe4aa871675e481f9d678
- du listing: https://gist.github.com/3f8880133bd987a4e81d820e8ae6a5b4
* treewide: http -> https sources
This updates the source urls of all top-level packages from http to
https where possible.
* buildtorrent: fix url and tab -> spaces
Semi-automatic update generated by https://github.com/ryantm/nixpkgs-update tools.
This update was made based on information from https://repology.org/metapackage/snes9x-gtk/versions.
These checks were done:
- built on NixOS
- Warning: no invocation of /nix/store/dwkaz8igww0j8mvlvbmmia9dqn1zfi4r-snes9x-gtk-1.56.2/bin/snes9x-gtk had a zero exit code or showed the expected version
- Warning: no invocation of /nix/store/dwkaz8igww0j8mvlvbmmia9dqn1zfi4r-snes9x-gtk-1.56.2/bin/.snes9x-gtk-wrapped had a zero exit code or showed the expected version
- 0 of 2 passed binary check by having a zero exit code.
- 0 of 2 passed binary check by having the new version present in output.
- found 1.56.2 with grep in /nix/store/dwkaz8igww0j8mvlvbmmia9dqn1zfi4r-snes9x-gtk-1.56.2
- directory tree listing: https://gist.github.com/9099159d34f80ca08f46e16de03222b7
- du listing: https://gist.github.com/089002406d67da563ace4b09e11494ab
* rpcs3: 0.0.4-8032 -> 0.0.5-6884
* rpcs3: update hash
* rpcs3: 0.0.5-6884 -> 0.0.5-6925
* rpcs3: 0.0.5-6925 -> 0.0.5-6938
* rpcs3: 0.0.5-6938 -> 0.0.5-6980
Manually write version header instead of generating it with git, which required leaveDotGit to be enabled.
This caused some hash mismatches (see #8567) has thus been disabled.
Also fixes multiples issues:
- broken plugins:
- `fax_marvell.so file is not present or symbolic link is missing`
- `lj.so library file doesn't have user/group execute permission.`
- `bb_escl.so file is not present or symbolic link is missing`
- multiple error during configuration phase which prevented `*.ppd`
generation:
- `ppdc: Unable to find include file "<font.defs>"`
- patched configure time `perl` script
- patched use of `file`
- some potentially problematic filter and services:
- patched reference to ghost script and fonts dir in filter.
- patched usb configuration service.
- patch scripts so that they refer to valid location.
Add some options:
- `withStaticPPDInstall`: Install `*.ppd` files along with `*.drv`.
When true, configure outputs: `checking for cups ppd install... yes`.
Semi-automatic update generated by https://github.com/ryantm/nixpkgs-update tools.
This update was made based on information from https://repology.org/metapackage/sc-controller/versions.
These checks were done:
- built on NixOS
- Warning: no invocation of /nix/store/2qlhi6fqx37zhcxdfn5gygl8xq4zkyip-sc-controller-0.4.3/bin/sc-controller had a zero exit code or showed the expected version
- /nix/store/2qlhi6fqx37zhcxdfn5gygl8xq4zkyip-sc-controller-0.4.3/bin/scc passed the binary check.
- Warning: no invocation of /nix/store/2qlhi6fqx37zhcxdfn5gygl8xq4zkyip-sc-controller-0.4.3/bin/scc-daemon had a zero exit code or showed the expected version
- Warning: no invocation of /nix/store/2qlhi6fqx37zhcxdfn5gygl8xq4zkyip-sc-controller-0.4.3/bin/scc-osd-dialog had a zero exit code or showed the expected version
- Warning: no invocation of /nix/store/2qlhi6fqx37zhcxdfn5gygl8xq4zkyip-sc-controller-0.4.3/bin/scc-osd-keyboard had a zero exit code or showed the expected version
- Warning: no invocation of /nix/store/2qlhi6fqx37zhcxdfn5gygl8xq4zkyip-sc-controller-0.4.3/bin/scc-osd-launcher had a zero exit code or showed the expected version
- Warning: no invocation of /nix/store/2qlhi6fqx37zhcxdfn5gygl8xq4zkyip-sc-controller-0.4.3/bin/scc-osd-menu had a zero exit code or showed the expected version
- Warning: no invocation of /nix/store/2qlhi6fqx37zhcxdfn5gygl8xq4zkyip-sc-controller-0.4.3/bin/scc-osd-message had a zero exit code or showed the expected version
- Warning: no invocation of /nix/store/2qlhi6fqx37zhcxdfn5gygl8xq4zkyip-sc-controller-0.4.3/bin/scc-osd-radial-menu had a zero exit code or showed the expected version
- Warning: no invocation of /nix/store/2qlhi6fqx37zhcxdfn5gygl8xq4zkyip-sc-controller-0.4.3/bin/scc-osd-show-bindings had a zero exit code or showed the expected version
- Warning: no invocation of /nix/store/2qlhi6fqx37zhcxdfn5gygl8xq4zkyip-sc-controller-0.4.3/bin/..sc-controller-wrapped-wrapped had a zero exit code or showed the expected version
- Warning: no invocation of /nix/store/2qlhi6fqx37zhcxdfn5gygl8xq4zkyip-sc-controller-0.4.3/bin/.sc-controller-wrapped had a zero exit code or showed the expected version
- /nix/store/2qlhi6fqx37zhcxdfn5gygl8xq4zkyip-sc-controller-0.4.3/bin/..scc-wrapped-wrapped passed the binary check.
- /nix/store/2qlhi6fqx37zhcxdfn5gygl8xq4zkyip-sc-controller-0.4.3/bin/.scc-wrapped passed the binary check.
- Warning: no invocation of /nix/store/2qlhi6fqx37zhcxdfn5gygl8xq4zkyip-sc-controller-0.4.3/bin/..scc-daemon-wrapped-wrapped had a zero exit code or showed the expected version
- Warning: no invocation of /nix/store/2qlhi6fqx37zhcxdfn5gygl8xq4zkyip-sc-controller-0.4.3/bin/.scc-daemon-wrapped had a zero exit code or showed the expected version
- Warning: no invocation of /nix/store/2qlhi6fqx37zhcxdfn5gygl8xq4zkyip-sc-controller-0.4.3/bin/..scc-osd-dialog-wrapped-wrapped had a zero exit code or showed the expected version
- Warning: no invocation of /nix/store/2qlhi6fqx37zhcxdfn5gygl8xq4zkyip-sc-controller-0.4.3/bin/.scc-osd-dialog-wrapped had a zero exit code or showed the expected version
- Warning: no invocation of /nix/store/2qlhi6fqx37zhcxdfn5gygl8xq4zkyip-sc-controller-0.4.3/bin/..scc-osd-keyboard-wrapped-wrapped had a zero exit code or showed the expected version
- Warning: no invocation of /nix/store/2qlhi6fqx37zhcxdfn5gygl8xq4zkyip-sc-controller-0.4.3/bin/.scc-osd-keyboard-wrapped had a zero exit code or showed the expected version
- Warning: no invocation of /nix/store/2qlhi6fqx37zhcxdfn5gygl8xq4zkyip-sc-controller-0.4.3/bin/..scc-osd-launcher-wrapped-wrapped had a zero exit code or showed the expected version
- Warning: no invocation of /nix/store/2qlhi6fqx37zhcxdfn5gygl8xq4zkyip-sc-controller-0.4.3/bin/.scc-osd-launcher-wrapped had a zero exit code or showed the expected version
- Warning: no invocation of /nix/store/2qlhi6fqx37zhcxdfn5gygl8xq4zkyip-sc-controller-0.4.3/bin/..scc-osd-menu-wrapped-wrapped had a zero exit code or showed the expected version
- Warning: no invocation of /nix/store/2qlhi6fqx37zhcxdfn5gygl8xq4zkyip-sc-controller-0.4.3/bin/.scc-osd-menu-wrapped had a zero exit code or showed the expected version
- Warning: no invocation of /nix/store/2qlhi6fqx37zhcxdfn5gygl8xq4zkyip-sc-controller-0.4.3/bin/..scc-osd-message-wrapped-wrapped had a zero exit code or showed the expected version
- Warning: no invocation of /nix/store/2qlhi6fqx37zhcxdfn5gygl8xq4zkyip-sc-controller-0.4.3/bin/.scc-osd-message-wrapped had a zero exit code or showed the expected version
- Warning: no invocation of /nix/store/2qlhi6fqx37zhcxdfn5gygl8xq4zkyip-sc-controller-0.4.3/bin/..scc-osd-radial-menu-wrapped-wrapped had a zero exit code or showed the expected version
- Warning: no invocation of /nix/store/2qlhi6fqx37zhcxdfn5gygl8xq4zkyip-sc-controller-0.4.3/bin/.scc-osd-radial-menu-wrapped had a zero exit code or showed the expected version
- Warning: no invocation of /nix/store/2qlhi6fqx37zhcxdfn5gygl8xq4zkyip-sc-controller-0.4.3/bin/..scc-osd-show-bindings-wrapped-wrapped had a zero exit code or showed the expected version
- Warning: no invocation of /nix/store/2qlhi6fqx37zhcxdfn5gygl8xq4zkyip-sc-controller-0.4.3/bin/.scc-osd-show-bindings-wrapped had a zero exit code or showed the expected version
- 3 of 30 passed binary check by having a zero exit code.
- 0 of 30 passed binary check by having the new version present in output.
- found 0.4.3 with grep in /nix/store/2qlhi6fqx37zhcxdfn5gygl8xq4zkyip-sc-controller-0.4.3
- directory tree listing: https://gist.github.com/28b55137e29bb39ba0741bd1847fe529
- du listing: https://gist.github.com/446c39be30dba3aa0dc166afa85e757a
Lots of packages are missing versions in their name. This adds them
where appropriate. These were found with this command:
$ nix-env -qa -f. | grep -v '\-[0-9A-Za-z.-_+]*$' | grep -v '^hook$'
See issue #41007.
- Update to version 20180519
- Do not unset the environment variable 'name' anymore before running
install.sh. It has been renamed to '_name' in upstream.
The hack of using `crossConfig` to enforce stricter handling of
dependencies is replaced with a dedicated `strictDeps` for that purpose.
(Experience has shown that my punning was a terrible idea that made more
difficult and embarrising to teach teach.)
Now that is is clear, a few packages now use `strictDeps`, to fix
various bugs:
- bintools-wrapper and cc-wrapper