movefasta/nixpkgs
1
0
Fork 0
mirror of https://github.com/NixOS/nixpkgs.git synced 2025-06-09 19:13:26 +03:00
Code Issues Projects Releases Packages Wiki Activity

Merge branch 'staging' into staging-next

Browse source
This commit is contained in:
Vladimír Čunát 2025-06-08 16:14:35 +02:00
commit ab98f3a362
No known key found for this signature in database
GPG key ID: E747DF1F9575A3AA
222 changed files with 1682 additions and 1866 deletions
Download patch file Download diff file Expand all files Collapse all files

1
doc/hooks/versionCheckHook.section.md
View file

@ -33,6 +33,7 @@ The variables that this phase control are:
- `dontVersionCheck`: Disable adding this hook to the [`preInstallCheckHooks`](#ssec-installCheck-phase). Useful if you do want to load the bash functions of the hook, but run them differently.
- `versionCheckProgram`: The full path to the program that should print the `${version}` string. Defaults roughly to `${placeholder "out"}/bin/${pname}`. Using `$out` in the value of this variable won't work, as environment variables from this variable are not expanded by the hook. Hence using `placeholder` is unavoidable.
- `versionCheckProgramArg`: The argument that needs to be passed to `versionCheckProgram`. If undefined the hook tries first `--help` and then `--version`. Examples: `version`, `-V`, `-v`.
- `versionCheckKeepEnvironment`: A list of environment variables to keep and pass to the command. Only those variables should be added to this list that are actually required for the version command to work. If it is not feasible to explicitly list all these environment variables you can set this parameter to the special value `"*"` to disable the `--ignore-environment` flag and thus keep all environment variables.
- `preVersionCheck`: A hook to run before the check is done.
- `postVersionCheck`: A hook to run after the check is done.

12
lib/licenses.nix
View file

@ -702,6 +702,18 @@ lib.mapAttrs mkLicense (
fullName = "Historic Permission Notice and Disclaimer";
};
hpndDifferentDisclaimer = {
fullName = "HPND with different disclaimer";
url = "https://gitlab.freedesktop.org/xorg/proto/xorgproto/-/blob/1914233e662d23ffb3812b80fadd0bbd064ad91c/COPYING-x11proto#L69-88";
# TODO: if the license gets accepted to spdx then
# add spdxId
# else
# remove license
# && replace reference with whatever this license is supposed to be then
# https://tools.spdx.org/app/license_requests/456
# https://github.com/spdx/license-list-xml/issues/2753
};
hpndSellVariant = {
fullName = "Historical Permission Notice and Disclaimer - sell variant";
spdxId = "HPND-sell-variant";

10
pkgs/applications/networking/browsers/chromium/default.nix
View file

@ -85,16 +85,6 @@ let
url = "https://gn.googlesource.com/gn";
inherit (upstream-info.deps.gn) rev hash;
};
# Relax hardening as otherwise gn unstable 2024-06-06 and later fail with:
# cc1plus: error: '-Wformat-security' ignored without '-Wformat' [-Werror=format-security]
hardeningDisable = [ "format" ];
# At the time of writing, gn is at v2024-05-13 and has a backported patch.
# This patch appears to be already present in v2024-09-09 (from M130), which
# results in the patch not applying and thus failing the build.
# As a work around until gn is updated again, we filter specifically that patch out.
patches = lib.filter (e: lib.getName e != "LFS64.patch") oldAttrs.patches;
});
});

5
pkgs/applications/networking/sync/rsync/default.nix
View file

@ -18,6 +18,7 @@
enableZstd ? true,
zstd,
nixosTests,
fakeroot,
}:
stdenv.mkDerivation rec {
@ -47,6 +48,8 @@ stdenv.mkDerivation rec {
++ lib.optional enableOpenSSL openssl
++ lib.optional enableXXHash xxHash;
checkInputs = [ fakeroot ];
configureFlags =
[
(lib.enableFeature enableLZ4 "lz4")
@ -71,6 +74,8 @@ stdenv.mkDerivation rec {
passthru.tests = { inherit (nixosTests) rsyncd; };
doCheck = true;
meta = with lib; {
description = "Fast incremental file transfer utility";
homepage = "https://rsync.samba.org/";

65
pkgs/build-support/setup-hooks/audit-tmpdir.sh
View file

@ -15,54 +15,27 @@ auditTmpdir() {
echo "checking for references to $TMPDIR/ in $dir..."
local tmpdir elf_fifo script_fifo
tmpdir="$(mktemp -d)"
elf_fifo="$tmpdir/elf"
script_fifo="$tmpdir/script"
mkfifo "$elf_fifo" "$script_fifo"
# Classifier: identify ELF and script files
(
find "$dir" -type f -not -path '*/.build-id/*' -print0 \
| while IFS= read -r -d $'\0' file; do
if isELF "$file"; then
printf '%s\0' "$file" >&3
elif isScript "$file"; then
filename=${file##*/}
dir=${file%/*}
if [ -e "$dir/.$filename-wrapped" ]; then
printf '%s\0' "$file" >&4
_processFile() {
local file="$1"
if isELF "$file"; then
if { printf :; patchelf --print-rpath "$file"; } | grep -q -F ":$TMPDIR/"; then
echo "RPATH of binary $file contains a forbidden reference to $TMPDIR/"
exit 1
fi
elif isScript "$file"; then
filename=${i##*/}
dir=${i%/*}
if [ -e "$dir/.$filename-wrapped" ]; then
if grep -q -F "$TMPDIR/" "$file"; then
echo "wrapper script $file contains a forbidden reference to $TMPDIR/"
exit 1
fi
fi
done
exec 3>&- 4>&-
) 3> "$elf_fifo" 4> "$script_fifo" &
fi
}
# Handler: check RPATHs concurrently
(
xargs -0 -r -P "$NIX_BUILD_CORES" -n 1 sh -c '
if { printf :; patchelf --print-rpath "$1"; } | grep -q -F ":$TMPDIR/"; then
echo "RPATH of binary $1 contains a forbidden reference to $TMPDIR/"
exit 1
fi
' _ < "$elf_fifo"
) &
local pid_elf=$!
find "$dir" -type f -not -path '*/.build-id/*' -print0 \
| parallelMap _processFile
# Handler: check wrapper scripts concurrently
local pid_script
(
xargs -0 -r -P "$NIX_BUILD_CORES" -n 1 sh -c '
if grep -q -F "$TMPDIR/" "$1"; then
echo "wrapper script $1 contains a forbidden reference to $TMPDIR/"
exit 1
fi
' _ < "$script_fifo"
) &
local pid_script=$!
wait "$pid_elf" || { echo "Some binaries contain forbidden references to $TMPDIR/. Check the error above!"; exit 1; }
wait "$pid_script" || { echo "Some scripts contain forbidden references to $TMPDIR/. Check the error above!"; exit 1; }
rm -r "$tmpdir"
unset -f _processFile
}

89
pkgs/build-support/setup-hooks/parallel.sh Normal file
View file

@ -0,0 +1,89 @@
# Parallel execution utilities
# These functions provide a framework for parallel processing of jobs from stdin
# parallelRun - Execute a command in parallel across multiple cores
#
# Reads null-delimited jobs from stdin and distributes them across NIX_BUILD_CORES
# worker processes. Each worker executes the provided command, receiving jobs
# via stdin in null-delimited format.
#
# Usage: some_producer | parallelRun command [args...]
#
# The command receives jobs one at a time via stdin (null-delimited).
#
# Example:
# find . -name '*.log' -print0 | parallelRun sh -c '
# while read -r -d "" file; do gzip "$file"; done
# '
parallelRun() {
local pids
local lock
pids=()
lock=$(mktemp -u)
mkfifo "$lock"
for ((i=0; i<NIX_BUILD_CORES; i++)); do
{
exec 3<"$lock" # fd-3 = read side of lock
exec 4>"$lock" # fd-4 = write side of lock (push token back)
local job
while :; do
# Acquire the lock: blocks until a token can be read
read -r -n1 >/dev/null <&3
# read one job from stdin
# This is guarded by the lock above in order to prevent
# multiple workers from reading from stdin simultaneously.
if ! IFS= read -r -d '' job; then
# If stdin is closed, release lock and exit
printf 'x' >&4
break
fi
# Release the lock: write a token back to the lock FIFO
printf 'y' >&4
# Forward job to the worker process' stdin
printf '%s\0' "$job"
done \
| "$@" # launch the worker process
} &
pids[$i]=$!
done
# launch the workers by writing a token to the lock FIFO
printf 'a' >"$lock" &
# Wait for all workers to finish
for pid in "${pids[@]}"; do
if ! wait "$pid"; then
echo "A parallel job failed with exit code $? (check for errors above)" >&2
echo -e "Failing Command:\n $@" >&2
exit 1
fi
done
rm "$lock"
}
# parallelMap - Apply a shell function to each job in parallel
#
# A higher-level wrapper around parallelRun that applies a shell function to each
# null-delimited job from stdin. The shell function receives each job as its first
# argument.
#
# Usage: some_producer | parallelMap shell_function [additional_args...]
#
# The shell function is called as: shell_function job [additional_args...]
# for each job read from stdin.
#
# Example:
# compress() { gzip "$1" }
# find . -name '*.log' -print0 | parallelMap compress
parallelMap() {
_wrapper() {
while IFS= read -r -d '' job; do
"$@" "$job"
done
}
parallelRun _wrapper "$@"
unset -f _wrapper
}

23
pkgs/build-support/setup-hooks/tests/default.nix Normal file
View file

@ -0,0 +1,23 @@
{
stdenv,
}:
{
# test based on bootstrap tools to prevent rebuilding stdenv on each change
parallel =
(derivation {
name = "test-parallel-hook";
system = stdenv.system;
builder = "${stdenv.bootstrapTools}/bin/bash";
PATH = "${stdenv.bootstrapTools}/bin";
args = [
"-c"
''
. ${../parallel.sh}
. ${./test-parallel.sh}
''
];
})
// {
meta = { };
};
}

146
pkgs/build-support/setup-hooks/tests/test-parallel.sh Normal file
View file

@ -0,0 +1,146 @@
export NIX_BUILD_CORES=4
echo "Testing worker distribution..."
# Generate 100 jobs to ensure all workers get some
for i in {1..100}; do
printf "job%d\0" $i
done | parallelRun sh -c '
while IFS= read -r -d "" job; do
sleep 0.05 # Simulate some work
echo "Worker $$ processed $job" >> /tmp/worker-output
done
'
# Check that all 4 workers were actually utilized
worker_count=$(sort /tmp/worker-output | cut -d" " -f2 | sort -u | wc -l)
if [ "$worker_count" -ne 4 ]; then
echo "ERROR: Expected exactly 4 workers, got $worker_count"
cat /tmp/worker-output
exit 1
fi
echo "SUCCESS: All 4 workers participated"
rm -f /tmp/worker-output
echo "Testing error propagation..."
# Test that errors from workers are propagated
if printf "job1\0job2\0job3\0" | parallelRun sh -c '
while IFS= read -r -d "" job; do
if [ "$job" = "job2" ]; then
echo "Worker failing on $job" >&2
exit 1
fi
echo "Worker processed $job"
done
' 2>/dev/null; then
echo "ERROR: Expected command to fail but it succeeded"
exit 1
else
echo "SUCCESS: Error was properly propagated"
fi
echo "Testing error message..."
error_output=$(printf "job1\0job2\0job3\0" | parallelRun sh -c '
while IFS= read -r -d "" job; do
if [ "$job" = "job2" ]; then
echo "Worker failing on $job" >&2
exit 1
fi
echo "Worker processed $job"
done
' 2>&1 || true)
if [[ "$error_output" != *"job failed"* ]]; then
echo "ERROR: Expected 'job failed' in error message, got: $error_output"
exit 1
fi
echo "SUCCESS: Error message was displayed"
echo "Testing Verify all jobs are processed when no errors occur..."
# Generate jobs and count processed ones
for i in {1..10}; do
printf "job%d\0" $i
done | parallelRun sh -c '
while IFS= read -r -d "" job; do
echo "$job" >> /tmp/processed-jobs
done
'
processed_count=$(wc -l < /tmp/processed-jobs)
if [ "$processed_count" -ne 10 ]; then
echo "ERROR: Expected 10 jobs processed, got $processed_count"
exit 1
fi
echo "SUCCESS: All 10 jobs were processed"
rm -f /tmp/processed-jobs
echo "All parallelRun tests passed!"
# ---------------------------------------------------------------------
echo "Testing parallelMap basic functionality..."
# Define a test function
testFunc() {
echo "Processing: $1" >> /tmp/map-output
}
# Test that parallelMap calls the function with each job
for i in {1..5}; do
printf "item%d\0" $i
done | parallelMap testFunc
# Check all jobs were processed
processed_map_count=$(wc -l < /tmp/map-output)
if [ "$processed_map_count" -ne 5 ]; then
echo "ERROR: Expected 5 items processed by parallelMap, got $processed_map_count"
exit 1
fi
echo "SUCCESS: parallelMap processed all 5 items"
rm -f /tmp/map-output
echo "Testing parallelMap error propagation..."
# Define a function that fails on specific input
failFunc() {
if [ "$1" = "item2" ]; then
echo "Function failing on $1" >&2
exit 1
fi
echo "Function processed $1"
}
# Test that errors are propagated
if printf "item1\0item2\0item3\0" | parallelMap failFunc 2>/dev/null; then
echo "ERROR: Expected parallelMap to fail but it succeeded"
exit 1
else
echo "SUCCESS: parallelMap error was properly propagated"
fi
echo "Testing parallelMap with additional arguments..."
# Define a function that uses additional arguments
argFunc() {
echo "$1: $2" >> /tmp/map-args-output
}
# Test with additional arguments
for i in {1..3}; do
printf "value%d\0" $i
done | parallelMap argFunc "PREFIX"
# Check output contains the prefix
if ! grep -q "PREFIX: value1" /tmp/map-args-output; then
echo "ERROR: parallelMap did not pass additional arguments correctly"
cat /tmp/map-args-output
exit 1
fi
echo "SUCCESS: parallelMap passed additional arguments correctly"
rm -f /tmp/map-args-output
echo "All parallelRun and parallelMap tests passed!"
touch $out

10
pkgs/by-name/an/andcli/package.nix
View file

@ -2,6 +2,8 @@
lib,
fetchFromGitHub,
buildGoModule,
versionCheckHook,
writableTmpDirAsHomeHook,
}:
buildGoModule (finalAttrs: {
@ -26,7 +28,13 @@ buildGoModule (finalAttrs: {
"-X github.com/tjblackheart/andcli/v2/internal/buildinfo.AppVersion=${finalAttrs.src.tag}"
];
# As stated in #404465 the versionCheckHook does not work so it is not used here
nativeInstallCheckInputs = [
writableTmpDirAsHomeHook
versionCheckHook
];
versionCheckProgramArg = "--version";
versionCheckKeepEnvironment = [ "HOME" ];
doInstallCheck = true;
meta = {
homepage = "https://github.com/tjblackheart/andcli";

4
pkgs/by-name/au/auto-patchelf/source/auto-patchelf.py
View file

@ -235,6 +235,10 @@ def auto_patchelf_file(path: Path, runtime_deps: list[Path], append_rpaths: list
except ELFError:
return []
# these platforms are packaged in nixpkgs with ld.so in a separate derivation
# than libc.so and friends. keep_libc is mandatory.
keep_libc |= file_osabi in ('ELFOSABI_FREEBSD', 'ELFOSABI_OPENBSD')
rpath = []
if file_is_dynamic_executable:
print("setting interpreter of", path)

8
pkgs/by-name/bc/bc/package.nix
View file

@ -5,6 +5,7 @@
buildPackages,
fetchurl,
flex,
lzip,
readline,
ed,
texinfo,
@ -12,10 +13,10 @@
stdenv.mkDerivation rec {
pname = "bc";
version = "1.08.1";
version = "1.08.2";
src = fetchurl {
url = "mirror://gnu/bc/bc-${version}.tar.xz";
hash = "sha256-UVQwEVszNMY2MXUDRgoJUN/3mUCqMlnOLBqmfCiB0CM=";
url = "mirror://gnu/bc/bc-${version}.tar.lz";
hash = "sha256-eeMeAiqEsx3YCYFQY9S46lkLQJY3pSxQ7J9Cwr8zJxE=";
};
configureFlags = [ "--with-readline" ];
@ -28,6 +29,7 @@ stdenv.mkDerivation rec {
autoreconfHook
ed
flex
lzip
texinfo
# Libraries for build
buildPackages.readline

42
pkgs/by-name/bd/bdftopcf/package.nix Normal file
View file

@ -0,0 +1,42 @@
{
lib,
stdenv,
fetchurl,
pkg-config,
xorgproto,
writeScript,
}:
stdenv.mkDerivation (finalAttrs: {
pname = "bdftopcf";
version = "1.1.2";
src = fetchurl {
url = "mirror://xorg/individual/util/bdftopcf-${finalAttrs.version}.tar.xz";
hash = "sha256-vGC+WQQzD6qj3dKu14dL7i8p5Dh8JF1nh1UvBn6wUjo=";
};
strictDeps = true;
nativeBuildInputs = [ pkg-config ];
buildInputs = [ xorgproto ];
passthru = {
updateScript = writeScript "update-${finalAttrs.pname}" ''
#!/usr/bin/env nix-shell
#!nix-shell -i bash -p common-updater-scripts
version="$(list-directory-versions --pname ${finalAttrs.pname} \
--url https://xorg.freedesktop.org/releases/individual/util/ \
| sort -V | tail -n1)"
update-source-version ${finalAttrs.pname} "$version"
'';
};
meta = {
description = "Converts X font from Bitmap Distribution Format to Portable Compiled Format";
homepage = "https://gitlab.freedesktop.org/xorg/util/bdftopcf";
license = lib.licenses.mitOpenGroup;
mainProgram = "bdftopcf";
maintainers = [ ];
platforms = lib.platforms.unix;
};
})

10
pkgs/by-name/ca/cargo-seek/package.nix
View file

@ -22,13 +22,9 @@ rustPlatform.buildRustPackage (finalAttrs: {
cargoHash = "sha256-DyXRbtvCJte7mCQKusipeikr981vMHPEVYcGSwVI5Kg=";
nativeBuildInputs = [
pkg-config
];
nativeBuildInputs = [ pkg-config ];
buildInputs = [
openssl
];
buildInputs = [ openssl ];
doInstallCheck = true;
nativeInstallCheckInputs = [
@ -36,7 +32,7 @@ rustPlatform.buildRustPackage (finalAttrs: {
writableTmpDirAsHomeHook
];
versionCheckProgramArg = "--version";
versionCheckDontIgnoreEnvironment = true;
versionCheckKeepEnvironment = [ "HOME" ];
passthru.updateScript = nix-update-script { };

4
pkgs/by-name/cr/crc/package.nix
View file

@ -47,12 +47,12 @@ buildGoModule (finalAttrs: {
];
doInstallCheck = true;
nativeCheckInputs = [
nativeInstallCheckInputs = [
versionCheckHook
writableTmpDirAsHomeHook
];
versionCheckProgramArg = "version";
versionCheckDontIgnoreEnvironment = true;
versionCheckKeepEnvironment = [ "HOME" ];
passthru.updateScript = ./update.sh;

209
pkgs/by-name/cu/curlMinimal/fix-add_handle-resizing.patch
View file

@ -1,209 +0,0 @@
From d16ccbd55de80c271fe822f4ba8b6271fd9166ff Mon Sep 17 00:00:00 2001
From: Stefan Eissing <stefan@eissing.org>
Date: Wed, 28 May 2025 14:04:31 +0200
Subject: [PATCH] multi: fix add_handle resizing
Due to someone being stupid, the resizing of the multi's transfer
table was actually shrinking it. Oh my.
Add test751 to reproduce, add code assertion.
Fixes #17473
Reported-by: Jeroen Ooms
Closes #17475
---
lib/multi.c | 3 +-
tests/data/Makefile.am | 2 +-
tests/data/test751 | 33 ++++++++++++++
tests/libtest/Makefile.inc | 4 ++
tests/libtest/lib751.c | 92 ++++++++++++++++++++++++++++++++++++++
5 files changed, 132 insertions(+), 2 deletions(-)
create mode 100644 tests/data/test751
create mode 100644 tests/libtest/lib751.c
diff --git a/lib/multi.c b/lib/multi.c
index 792b30515d8b..b744e03ae52f 100644
--- a/lib/multi.c
+++ b/lib/multi.c
@@ -347,7 +347,8 @@ static CURLMcode multi_xfers_add(struct Curl_multi *multi,
if(unused <= min_unused) {
/* make it a 64 multiple, since our bitsets frow by that and
* small (easy_multi) grows to at least 64 on first resize. */
- unsigned int newsize = ((capacity + min_unused) + 63) / 64;
+ unsigned int newsize = (((capacity + min_unused) + 63) / 64) * 64;
+ DEBUGASSERT(newsize > capacity);
/* Grow the bitsets first. Should one fail, we do not need
* to downsize the already resized ones. The sets continue
* to work properly when larger than the table, but not
diff --git a/tests/data/Makefile.am b/tests/data/Makefile.am
index e8f9e12be71e..16bb57db8e69 100644
--- a/tests/data/Makefile.am
+++ b/tests/data/Makefile.am
@@ -107,7 +107,7 @@ test709 test710 test711 test712 test713 test714 test715 test716 test717 \
test718 test719 test720 test721 test722 test723 test724 test725 test726 \
test727 test728 test729 test730 test731 test732 test733 test734 test735 \
test736 test737 test738 test739 test740 test741 test742 test743 test744 \
-test745 test746 test747 test748 test749 test750 \
+test745 test746 test747 test748 test749 test750 test751 \
\
test780 test781 test782 test783 test784 test785 test786 test787 test788 \
test789 test790 test791 \
diff --git a/tests/data/test751 b/tests/data/test751
new file mode 100644
index 000000000000..ffc6df512f83
--- /dev/null
+++ b/tests/data/test751
@@ -0,0 +1,33 @@
+<testcase>
+<info>
+<keywords>
+MULTI
+</keywords>
+</info>
+<reply>
+<data>
+</data>
+</reply>
+
+# Client-side
+<client>
+<server>
+none
+</server>
+# tool is what to use instead of 'curl'
+<tool>
+lib%TESTNUMBER
+</tool>
+
+<name>
+multi - add many easy handles
+</name>
+<command>
+</command>
+</file>
+</client>
+
+# Verify data after the test has been "shot"
+<verify>
+</verify>
+</testcase>
diff --git a/tests/libtest/Makefile.inc b/tests/libtest/Makefile.inc
index faf7eacdf6af..002e7ab5470d 100644
--- a/tests/libtest/Makefile.inc
+++ b/tests/libtest/Makefile.inc
@@ -50,6 +50,7 @@ LIBTESTPROGS = libauthretry libntlmconnect libprereq \
lib659 lib661 lib666 lib667 lib668 \
lib670 lib671 lib672 lib673 lib674 lib676 lib677 lib678 lib694 lib695 \
lib696 \
+ lib751 \
lib1156 \
lib1301 \
lib1308 \
@@ -349,6 +350,9 @@ lib695_SOURCES = lib695.c $(SUPPORTFILES)
lib696_SOURCES = lib556.c $(SUPPORTFILES) $(WARNLESS)
lib696_CPPFLAGS = $(AM_CPPFLAGS) -DLIB696
+lib751_SOURCES = lib751.c $(SUPPORTFILES) $(TESTUTIL) $(WARNLESS)
+lib751_LDADD = $(TESTUTIL_LIBS)
+
lib1301_SOURCES = lib1301.c $(SUPPORTFILES) $(TESTUTIL)
lib1301_LDADD = $(TESTUTIL_LIBS)
diff --git a/tests/libtest/lib751.c b/tests/libtest/lib751.c
new file mode 100644
index 000000000000..ab2f923b959d
--- /dev/null
+++ b/tests/libtest/lib751.c
@@ -0,0 +1,92 @@
+/***************************************************************************
+ * _ _ ____ _
+ * Project ___| | | | _ \| |
+ * / __| | | | |_) | |
+ * | (__| |_| | _ <| |___
+ * \___|\___/|_| \_\_____|
+ *
+ * Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
+ *
+ * This software is licensed as described in the file COPYING, which
+ * you should have received as part of this distribution. The terms
+ * are also available at https://curl.se/docs/copyright.html.
+ *
+ * You may opt to use, copy, modify, merge, publish, distribute and/or sell
+ * copies of the Software, and permit persons to whom the Software is
+ * furnished to do so, under the terms of the COPYING file.
+ *
+ * This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY
+ * KIND, either express or implied.
+ *
+ * SPDX-License-Identifier: curl
+ *
+ ***************************************************************************/
+#include "test.h"
+
+#include "testutil.h"
+#include "warnless.h"
+#include "memdebug.h"
+
+#define TEST_HANG_TIMEOUT 60 * 1000
+
+/*
+ * Get a single URL without select().
+ */
+
+CURLcode test(char *URL)
+{
+ CURL *easies[1000];
+ CURLM *m;
+ CURLcode res = CURLE_FAILED_INIT;
+ CURLMcode mres;
+ int i;
+
+ (void)URL;
+ memset(easies, 0, sizeof(easies));
+
+ curl_global_init(CURL_GLOBAL_DEFAULT);
+ m = curl_multi_init();
+ if(!m) {
+ res = CURLE_OUT_OF_MEMORY;
+ goto test_cleanup;
+ }
+
+ for(i = 0; i < 1000; i++) {
+ CURL *e = curl_easy_init();
+ if(!e) {
+ res = CURLE_OUT_OF_MEMORY;
+ goto test_cleanup;
+ }
+ easies[i] = e;
+
+ res = curl_easy_setopt(e, CURLOPT_URL, "https://www.example.com/");
+ if(!res)
+ res = curl_easy_setopt(e, CURLOPT_VERBOSE, 1L);
+ if(res)
+ goto test_cleanup;
+
+ mres = curl_multi_add_handle(m, e);
+ if(mres != CURLM_OK) {
+ printf("MULTI ERROR: %s\n", curl_multi_strerror(mres));
+ res = CURLE_FAILED_INIT;
+ goto test_cleanup;
+ }
+ }
+
+test_cleanup:
+
+ if(res)
+ printf("ERROR: %s\n", curl_easy_strerror(res));
+
+ for(i = 0; i < 1000; i++) {
+ if(easies[i]) {
+ curl_multi_add_handle(m, easies[i]);
+ curl_easy_cleanup(easies[i]);
+ easies[i] = NULL;
+ }
+ }
+ curl_multi_cleanup(m);
+ curl_global_cleanup();
+
+ return res;
+}

11
pkgs/by-name/cu/curlMinimal/package.nix
View file

@ -91,7 +91,7 @@ in
stdenv.mkDerivation (finalAttrs: {
pname = "curl";
version = "8.14.0";
version = "8.14.1";
src = fetchurl {
urls = [
@ -100,16 +100,9 @@ stdenv.mkDerivation (finalAttrs: {
builtins.replaceStrings [ "." ] [ "_" ] finalAttrs.version
}/curl-${finalAttrs.version}.tar.xz"
];
hash = "sha256-s2NM/FOMcsnGynlO9Mc9f9vRceje4tuDfYOl5FIxACo=";
hash = "sha256-9GGaHiR0xLv+3IinwhkSCcgzS0j6H05T/VhMwS6RIN0=";
};
patches = [
# Backport of https://github.com/curl/curl/commit/d16ccbd55de80c271fe822f4ba8b6271fd9166ff
# Fixes a regression introduced in 8.14.0
# Remove with 8.14.1
./fix-add_handle-resizing.patch
];
# this could be accomplished by updateAutotoolsGnuConfigScriptsHook, but that causes infinite recursion
# necessary for FreeBSD code path in configure
postPatch = ''

3
pkgs/by-name/ec/ec2-instance-selector/package.nix
View file

@ -31,6 +31,9 @@ buildGoModule (finalAttrs: {
mv $out/bin/cmd $out/bin/ec2-instance-selector
'';
nativeInstallCheckInputs = [ versionCheckHook ];
versionCheckProgramArg = "--version";
versionCheckKeepEnvironment = [ "HOME" ];
doInstallCheck = true;
passthru.updateScript = nix-update-script { };

37
pkgs/by-name/gd/gdbm/freebsd-patch-src-lock-c.patch Normal file
View file

@ -0,0 +1,37 @@
https://github.com/freebsd/freebsd-ports/blob/e198aef78afa4fd78ddc62fb5d0f7caa1b076bb0/databases/gdbm/files/patch-src_lock.c
--- a/src/lock.c.orig 2025-03-06 16:24:09 UTC
+++ b/src/lock.c
@@ -73,15 +73,10 @@ try_lock_flock (GDBM_FILE dbf, int nb)
{
return TRY_LOCK_OK;
}
- else if (errno == EWOULDBLOCK)
+ else if (errno == EWOULDBLOCK || errno == EINTR)
{
return TRY_LOCK_FAIL;
}
- else if (errno == EINTR)
- {
- errno = ETIME;
- return TRY_LOCK_FAIL;
- }
#endif
return TRY_LOCK_NEXT;
}
@@ -116,7 +111,6 @@ try_lock_lockf (GDBM_FILE dbf, int nb)
switch (errno)
{
case EINTR:
- errno = ETIME;
case EACCES:
case EAGAIN:
case EDEADLK:
@@ -162,7 +156,6 @@ try_lock_fcntl (GDBM_FILE dbf, int nb)
switch (errno)
{
case EINTR:
- errno = ETIME;
case EACCES:
case EAGAIN:
case EDEADLK:

17
pkgs/by-name/gd/gdbm/package.nix
View file

@ -1,6 +1,7 @@
{
lib,
fetchurl,
fetchpatch,
stdenv,
testers,
updateAutotoolsGnuConfigScriptsHook,
@ -15,12 +16,16 @@ stdenv.mkDerivation (finalAttrs: {
hash = "sha256-0C2zxZJu2Hf4gXuBzR+S9T73TKjG21Q/u6AnGzTzk+w=";
};
patches = [
# Remove on next release.
./upstream-darwin-clock-nanosleep-fix.patch
./upstream-lockwait-test-fixes.patch
./upstream-musl-ssize_t-fix.patch
];
patches =
[
# Remove on next release.
./upstream-darwin-clock-nanosleep-fix.patch
./upstream-lockwait-test-fixes.patch
./upstream-musl-ssize_t-fix.patch
]
++ lib.optionals stdenv.hostPlatform.isFreeBSD [
./freebsd-patch-src-lock-c.patch
];
nativeBuildInputs = [ updateAutotoolsGnuConfigScriptsHook ];

12
pkgs/by-name/gn/gn/generic.nix
View file

@ -40,15 +40,6 @@ stdenv.mkDerivation {
inherit rev sha256;
};
patches = [
(fetchpatch {
name = "LFS64.patch";
url = "https://gn.googlesource.com/gn/+/b5ff50936a726ff3c8d4dfe2a0ae120e6ce1350d%5E%21/?format=TEXT";
decode = "base64 -d";
hash = "sha256-/kh8t/Ip1EG2OIhydS//st/C80KJ4P31vGx7j8QpFh0=";
})
];
nativeBuildInputs = [
ninja
python3
@ -58,6 +49,9 @@ stdenv.mkDerivation {
];
env.NIX_CFLAGS_COMPILE = "-Wno-error";
# Relax hardening as otherwise gn unstable 2024-06-06 and later fail with:
# cc1plus: error: '-Wformat-security' ignored without '-Wformat' [-Werror=format-security]
hardeningDisable = [ "format" ];
buildPhase = ''
python build/gen.py --no-last-commit-position

12
pkgs/by-name/gn/gn/package.nix
View file

@ -1,10 +1,10 @@
{ callPackage, ... }@args:
callPackage ./generic.nix args {
# Note: Please use the recommended version for Chromium stabe, i.e. from
# <nixpkgs>/pkgs/applications/networking/browsers/chromium/upstream-info.nix
rev = "df98b86690c83b81aedc909ded18857296406159";
revNum = "2168"; # git describe $rev --match initial-commit | cut -d- -f3
version = "2024-05-13";
sha256 = "sha256-mNoQeHSSM+rhR0UHrpbyzLJC9vFqfxK1SD0X8GiRsqw=";
# Note: Please use the recommended version for Chromium stable, i.e. from
# <nixpkgs>/pkgs/applications/networking/browsers/chromium/info.json
rev = "85cc21e94af590a267c1c7a47020d9b420f8a033";
revNum = "2233"; # git describe $rev --match initial-commit | cut -d- -f3
version = "2025-04-28";
sha256 = "sha256-+nKP2hBUKIqdNfDz1vGggXSdCuttOt0GwyGUQ3Z1ZHI=";
}

4
pkgs/by-name/hi/hidapi/package.nix
View file

@ -11,13 +11,13 @@
stdenv.mkDerivation (finalAttrs: {
pname = "hidapi";
version = "0.14.0";
version = "0.15.0";
src = fetchFromGitHub {
owner = "libusb";
repo = "hidapi";
rev = "hidapi-${finalAttrs.version}";
sha256 = "sha256-p3uzBq5VxxQbVuy1lEHEEQdxXwnhQgJDIyAAWjVWNIg=";
sha256 = "sha256-o6IZRG42kTa7EQib9eaV1HGyjaGgeCabk+8fyQTm/0s=";
};
nativeBuildInputs = [

4
pkgs/by-name/hw/hwdata/package.nix
View file

@ -6,13 +6,13 @@
stdenv.mkDerivation (finalAttrs: {
pname = "hwdata";
version = "0.395";
version = "0.396";
src = fetchFromGitHub {
owner = "vcrhonek";
repo = "hwdata";
rev = "v${finalAttrs.version}";
hash = "sha256-wLdJGaJVqClso75iRSpSVlobdx7Rv01YreiPsDzwjok=";
hash = "sha256-fn+Dcl7R3PADoTuilSQrXFBnXQM1c66jliTc0G89RIQ=";
};
doCheck = false; # this does build machine-specific checks (e.g. enumerates PCI bus)

1
pkgs/by-name/ib/ibusMinimal/package.nix Normal file
View file

@ -0,0 +1 @@
{ ibus }: ibus.override { libOnly = true; }

0
pkgs/servers/x11/xorg/imake-cc-wrapper-uberhack.patch → pkgs/by-name/im/imake/cc-wrapper-uberhack.patch
View file

0
pkgs/servers/x11/xorg/imake.patch → pkgs/by-name/im/imake/disable-autodetection.patch
View file

84
pkgs/by-name/im/imake/package.nix Normal file
View file

@ -0,0 +1,84 @@
{
lib,
stdenv,
fetchurl,
tradcpp,
xorg-cf-files,
pkg-config,
xorgproto,
writeScript,
}:
stdenv.mkDerivation (finalAttrs: {
pname = "imake";
version = "1.0.10";
src = fetchurl {
url = "mirror://xorg/individual/util/imake-${finalAttrs.version}.tar.xz";
hash = "sha256-dd7LzqjXs1TPNq3JZ15TxHkO495WoUvYe0LI6KrS7PU=";
};
patches = [
# Disable imake autodetection for:
# - LinuxDistribution to avoid injection of /usr paths
# - gcc to avoid use uf /usr/bin/gcc
# https://github.com/NixOS/nixpkgs/issues/135337
./disable-autodetection.patch
# uberhack to workaround broken 'gcc -x c'
#
# Our cc-wrapper is broken whenever the '-x' flag is used:
# 'gcc -x c foo.c -o bar' doesn't work the same way as 'gcc foo.c -o bar'
# does. (Try both with NIX_DEBUG=1.)
#
# What happens is that passing '-x' causes linker-related flags (such as
# -Wl,-dynamic-linker) not to be added, just like if '-c' is passed.
# The bug happens outside the multiple-outputs branch as well, but it
# doesn't break imake there. It only breaks in multiple-outputs because
# linking without -Wl,-dynamic-linker produces a binary with an invalid
# ELF interpreter path. (Which arguably, is a bug in its own.)
# (copied from the commit message on 0100b270694ecab8aaa13fa5f3d30639b50d7777)
./cc-wrapper-uberhack.patch
];
strictDeps = true;
nativeBuildInputs = [ pkg-config ];
buildInputs = [ xorgproto ];
configureFlags = [
"ac_cv_path_RAWCPP=${stdenv.cc.targetPrefix}cpp"
];
env = {
CFLAGS = "-DIMAKE_COMPILETIME_CPP='\"${
if stdenv.hostPlatform.isDarwin then "${tradcpp}/bin/cpp" else "gcc"
}\"'";
};
inherit tradcpp xorg-cf-files;
setupHook = ./setup-hook.sh;
x11BuildHook = ./x11-build-hook.sh;
passthru = {
updateScript = writeScript "update-${finalAttrs.pname}" ''
#!/usr/bin/env nix-shell
#!nix-shell -i bash -p common-updater-scripts
version="$(list-directory-versions --pname ${finalAttrs.pname} \
--url https://xorg.freedesktop.org/releases/individual/util/ \
| sort -V | tail -n1)"
update-source-version ${finalAttrs.pname} "$version"
'';
};
meta = {
description = "Obsolete C preprocessor interface to the make utility";
homepage = "https://gitlab.freedesktop.org/xorg/util/imake";
license = with lib.licenses; [
mitOpenGroup
x11
];
mainProgram = "imake";
maintainers = [ ];
platforms = lib.platforms.unix;
};
})

0
pkgs/servers/x11/xorg/imake-setup-hook.sh → pkgs/by-name/im/imake/setup-hook.sh
View file

0
pkgs/servers/x11/xorg/imake.sh → pkgs/by-name/im/imake/x11-build-hook.sh
View file

118
pkgs/by-name/jq/jq/0001-Improve-performance-of-repeating-strings-3272.patch
View file

@ -1,118 +0,0 @@
From c15fc903e00fdd3b460e64d5a6a540f944e1eca6 Mon Sep 17 00:00:00 2001
From: itchyny <itchyny@cybozu.co.jp>
Date: Tue, 4 Mar 2025 22:13:55 +0900
Subject: [PATCH 1/5] Improve performance of repeating strings (#3272)
This commit improves the performance of repeating strings, by copying
the result string instead of the string being repeated. Also it adds
an error message when the result string is too long.
---
src/builtin.c | 15 ++-------------
src/jv.c | 26 ++++++++++++++++++++++++++
src/jv.h | 1 +
tests/jq.test | 12 ++++++++++++
4 files changed, 41 insertions(+), 13 deletions(-)
diff --git a/src/builtin.c b/src/builtin.c
index 902490d..abb99f4 100644
--- a/src/builtin.c
+++ b/src/builtin.c
@@ -369,21 +369,10 @@ jv binop_multiply(jv a, jv b) {
str = b;
num = a;
}
- jv res;
double d = jv_number_value(num);
- if (d < 0 || isnan(d)) {
- res = jv_null();
- } else {
- int n = d;
- size_t alen = jv_string_length_bytes(jv_copy(str));
- res = jv_string_empty(alen * n);
- for (; n > 0; n--) {
- res = jv_string_append_buf(res, jv_string_value(str), alen);
- }
- }
- jv_free(str);
jv_free(num);
- return res;
+ return jv_string_repeat(str,
+ d < 0 || isnan(d) ? -1 : d > INT_MAX ? INT_MAX : (int)d);
} else if (ak == JV_KIND_OBJECT && bk == JV_KIND_OBJECT) {
return jv_object_merge_recursive(a, b);
} else {
diff --git a/src/jv.c b/src/jv.c
index e23d8ec..e0478c8 100644
--- a/src/jv.c
+++ b/src/jv.c
@@ -1291,6 +1291,32 @@ jv jv_string_indexes(jv j, jv k) {
return a;
}
+jv jv_string_repeat(jv j, int n) {
+ assert(JVP_HAS_KIND(j, JV_KIND_STRING));
+ if (n < 0) {
+ jv_free(j);
+ return jv_null();
+ }
+ int len = jv_string_length_bytes(jv_copy(j));
+ int64_t res_len = (int64_t)len * n;
+ if (res_len >= INT_MAX) {
+ jv_free(j);
+ return jv_invalid_with_msg(jv_string("Repeat string result too long"));
+ }
+ if (res_len == 0) {
+ jv_free(j);
+ return jv_string("");
+ }
+ jv res = jv_string_empty(res_len);
+ res = jvp_string_append(res, jv_string_value(j), len);
+ for (int curr = len, grow; curr < res_len; curr += grow) {
+ grow = MIN(res_len - curr, curr);
+ res = jvp_string_append(res, jv_string_value(res), grow);
+ }
+ jv_free(j);
+ return res;
+}
+
jv jv_string_split(jv j, jv sep) {
assert(JVP_HAS_KIND(j, JV_KIND_STRING));
assert(JVP_HAS_KIND(sep, JV_KIND_STRING));
diff --git a/src/jv.h b/src/jv.h
index 083509e..a9b13ae 100644
--- a/src/jv.h
+++ b/src/jv.h
@@ -131,6 +131,7 @@ jv jv_string_fmt(const char*, ...) JV_PRINTF_LIKE(1, 2);
jv jv_string_append_codepoint(jv a, uint32_t c);
jv jv_string_append_buf(jv a, const char* buf, int len);
jv jv_string_append_str(jv a, const char* str);
+jv jv_string_repeat(jv j, int n);
jv jv_string_split(jv j, jv sep);
jv jv_string_explode(jv j);
jv jv_string_implode(jv j);
diff --git a/tests/jq.test b/tests/jq.test
index 7036df2..e82cf84 100644
--- a/tests/jq.test
+++ b/tests/jq.test
@@ -1365,6 +1365,18 @@ indices(", ")
"abc"
[null,null]
+. * 100000 | [.[:10],.[-10:]]
+"abc"
+["abcabcabca","cabcabcabc"]
+
+. * 1000000000
+""
+""
+
+try (. * 1000000000) catch .
+"abc"
+"Repeat string result too long"
+
[.[] / ","]
["a, bc, def, ghij, jklmn, a,b, c,d, e,f", "a,b,c,d, e,f,g,h"]
[["a"," bc"," def"," ghij"," jklmn"," a","b"," c","d"," e","f"],["a","b","c","d"," e","f","g","h"]]
--
2.49.0

66
pkgs/by-name/jq/jq/0002-fix-jv_number_value-should-cache-the-double-value-of.patch
View file

@ -1,66 +0,0 @@
From df0ddb83feb656230157f5bc9b7f34caef1f82be Mon Sep 17 00:00:00 2001
From: itchyny <itchyny@cybozu.co.jp>
Date: Sun, 16 Feb 2025 22:08:36 +0900
Subject: [PATCH 2/5] fix: `jv_number_value` should cache the double value of
literal numbers (#3245)
The code of `jv_number_value` is intended to cache the double value of
literal numbers, but it does not work because it accepts the `jv` struct
by value. This patch fixes the behavior by checking if the double value
is `NaN`, which indicates the unconverted value. This patch improves the
performance of major use cases; e.g. `range(1000000)` runs 25% faster.
---
src/jv.c | 14 +++++++-------
1 file changed, 7 insertions(+), 7 deletions(-)
diff --git a/src/jv.c b/src/jv.c
index e0478c8..418d57d 100644
--- a/src/jv.c
+++ b/src/jv.c
@@ -206,9 +206,6 @@ enum {
JVP_NUMBER_DECIMAL = 1
};
-#define JV_NUMBER_SIZE_INIT (0)
-#define JV_NUMBER_SIZE_CONVERTED (1)
-
#define JVP_FLAGS_NUMBER_NATIVE JVP_MAKE_FLAGS(JV_KIND_NUMBER, JVP_MAKE_PFLAGS(JVP_NUMBER_NATIVE, 0))
#define JVP_FLAGS_NUMBER_LITERAL JVP_MAKE_FLAGS(JV_KIND_NUMBER, JVP_MAKE_PFLAGS(JVP_NUMBER_DECIMAL, 1))
@@ -589,8 +586,12 @@ static jv jvp_literal_number_new(const char * literal) {
jv_mem_free(n);
return JV_INVALID;
}
+ if (decNumberIsNaN(&n->num_decimal)) {
+ jv_mem_free(n);
+ return jv_number(NAN);
+ }
- jv r = {JVP_FLAGS_NUMBER_LITERAL, 0, 0, JV_NUMBER_SIZE_INIT, {&n->refcnt}};
+ jv r = {JVP_FLAGS_NUMBER_LITERAL, 0, 0, 0, {&n->refcnt}};
return r;
}
@@ -698,9 +699,8 @@ double jv_number_value(jv j) {
if (JVP_HAS_FLAGS(j, JVP_FLAGS_NUMBER_LITERAL)) {
jvp_literal_number* n = jvp_literal_number_ptr(j);
- if (j.size != JV_NUMBER_SIZE_CONVERTED) {
+ if (isnan(n->num_double)) {
n->num_double = jvp_literal_number_to_double(j);
- j.size = JV_NUMBER_SIZE_CONVERTED;
}
return n->num_double;
@@ -731,7 +731,7 @@ int jvp_number_is_nan(jv n) {
return decNumberIsNaN(pdec);
}
#endif
- return n.u.number != n.u.number;
+ return isnan(n.u.number);
}
int jvp_number_cmp(jv a, jv b) {
--
2.49.0

75
pkgs/by-name/jq/jq/0003-Reject-NaN-with-payload-while-parsing-JSON.patch
View file

@ -1,75 +0,0 @@
From dfd25612454deacb6df47329787844795bf59821 Mon Sep 17 00:00:00 2001
From: itchyny <itchyny@cybozu.co.jp>
Date: Wed, 5 Mar 2025 07:43:54 +0900
Subject: [PATCH 3/5] Reject NaN with payload while parsing JSON
This commit drops support for parsing NaN with payload in JSON like
`NaN123` and fixes CVE-2024-53427. Other JSON extensions like `NaN` and
`Infinity` are still supported. Fixes #3023, fixes #3196, fixes #3246.
---
src/jv.c | 5 +++++
tests/jq.test | 14 ++++++++++----
tests/shtest | 5 -----
3 files changed, 15 insertions(+), 9 deletions(-)
diff --git a/src/jv.c b/src/jv.c
index 418d57d..6147775 100644
--- a/src/jv.c
+++ b/src/jv.c
@@ -587,6 +587,11 @@ static jv jvp_literal_number_new(const char * literal) {
return JV_INVALID;
}
if (decNumberIsNaN(&n->num_decimal)) {
+ // Reject NaN with payload.
+ if (n->num_decimal.digits > 1 || *n->num_decimal.lsu != 0) {
+ jv_mem_free(n);
+ return JV_INVALID;
+ }
jv_mem_free(n);
return jv_number(NAN);
}
diff --git a/tests/jq.test b/tests/jq.test
index e82cf84..97835f2 100644
--- a/tests/jq.test
+++ b/tests/jq.test
@@ -1950,11 +1950,17 @@ tojson | fromjson
{"a":nan}
{"a":null}
-# also "nan with payload" #2985
-fromjson | isnan
-"nan1234"
+# NaN with payload is not parsed
+.[] | try (fromjson | isnan) catch .
+["NaN","-NaN","NaN1","NaN10","NaN100","NaN1000","NaN10000","NaN100000"]
true
-
+true
+"Invalid numeric literal at EOF at line 1, column 4 (while parsing 'NaN1')"
+"Invalid numeric literal at EOF at line 1, column 5 (while parsing 'NaN10')"
+"Invalid numeric literal at EOF at line 1, column 6 (while parsing 'NaN100')"
+"Invalid numeric literal at EOF at line 1, column 7 (while parsing 'NaN1000')"
+"Invalid numeric literal at EOF at line 1, column 8 (while parsing 'NaN10000')"
+"Invalid numeric literal at EOF at line 1, column 9 (while parsing 'NaN100000')"
# calling input/0, or debug/0 in a test doesn't crash jq
diff --git a/tests/shtest b/tests/shtest
index 14aafbf..a471889 100755
--- a/tests/shtest
+++ b/tests/shtest
@@ -594,11 +594,6 @@ if ! x=$($JQ -n "1 # foo$cr + 2") || [ "$x" != 1 ]; then
exit 1
fi
-# CVE-2023-50268: No stack overflow comparing a nan with a large payload
-$VALGRIND $Q $JQ '1 != .' <<\EOF >/dev/null
-Nan4000
-EOF
-
# Allow passing the inline jq script before -- #2919
if ! r=$($JQ --args -rn -- '$ARGS.positional[0]' bar) || [ "$r" != bar ]; then
echo "passing the inline script after -- didn't work"
--
2.49.0

215
pkgs/by-name/jq/jq/0004-Fix-signed-integer-overflow-in-jvp_array_write-and-j.patch
View file

@ -1,215 +0,0 @@
From dc65d5af447f266d8a4037551e028785aab31e04 Mon Sep 17 00:00:00 2001
From: itchyny <itchyny@cybozu.co.jp>
Date: Wed, 21 May 2025 07:45:00 +0900
Subject: [PATCH 4/5] Fix signed integer overflow in jvp_array_write and
jvp_object_rehash
This commit fixes signed integer overflow and SEGV issues on growing
arrays and objects. The size of arrays and objects is now limited to
`536870912` (`0x20000000`). This fixes CVE-2024-23337 and fixes #3262.
---
src/jv.c | 45 ++++++++++++++++++++++++++++++++++++---------
src/jv_aux.c | 9 +++++----
tests/jq.test | 4 ++++
3 files changed, 45 insertions(+), 13 deletions(-)
diff --git a/src/jv.c b/src/jv.c
index 6147775..6e8cdd3 100644
--- a/src/jv.c
+++ b/src/jv.c
@@ -997,6 +997,11 @@ jv jv_array_set(jv j, int idx, jv val) {
jv_free(val);
return jv_invalid_with_msg(jv_string("Out of bounds negative array index"));
}
+ if (idx > (INT_MAX >> 2) - jvp_array_offset(j)) {
+ jv_free(j);
+ jv_free(val);
+ return jv_invalid_with_msg(jv_string("Array index too large"));
+ }
// copy/free of val,j coalesced
jv* slot = jvp_array_write(&j, idx);
jv_free(*slot);
@@ -1016,6 +1021,7 @@ jv jv_array_concat(jv a, jv b) {
// FIXME: could be faster
jv_array_foreach(b, i, elem) {
a = jv_array_append(a, elem);
+ if (!jv_is_valid(a)) break;
}
jv_free(b);
return a;
@@ -1288,6 +1294,7 @@ jv jv_string_indexes(jv j, jv k) {
p = jstr;
while ((p = _jq_memmem(p, (jstr + jlen) - p, idxstr, idxlen)) != NULL) {
a = jv_array_append(a, jv_number(p - jstr));
+ if (!jv_is_valid(a)) break;
p++;
}
}
@@ -1336,14 +1343,17 @@ jv jv_string_split(jv j, jv sep) {
if (seplen == 0) {
int c;
- while ((jstr = jvp_utf8_next(jstr, jend, &c)))
+ while ((jstr = jvp_utf8_next(jstr, jend, &c))) {
a = jv_array_append(a, jv_string_append_codepoint(jv_string(""), c));
+ if (!jv_is_valid(a)) break;
+ }
} else {
for (p = jstr; p < jend; p = s + seplen) {
s = _jq_memmem(p, jend - p, sepstr, seplen);
if (s == NULL)
s = jend;
a = jv_array_append(a, jv_string_sized(p, s - p));
+ if (!jv_is_valid(a)) break;
// Add an empty string to denote that j ends on a sep
if (s + seplen == jend && seplen != 0)
a = jv_array_append(a, jv_string(""));
@@ -1361,8 +1371,10 @@ jv jv_string_explode(jv j) {
const char* end = i + len;
jv a = jv_array_sized(len);
int c;
- while ((i = jvp_utf8_next(i, end, &c)))
+ while ((i = jvp_utf8_next(i, end, &c))) {
a = jv_array_append(a, jv_number(c));
+ if (!jv_is_valid(a)) break;
+ }
jv_free(j);
return a;
}
@@ -1636,10 +1648,13 @@ static void jvp_object_free(jv o) {
}
}
-static jv jvp_object_rehash(jv object) {
+static int jvp_object_rehash(jv *objectp) {
+ jv object = *objectp;
assert(JVP_HAS_KIND(object, JV_KIND_OBJECT));
assert(jvp_refcnt_unshared(object.u.ptr));
int size = jvp_object_size(object);
+ if (size > INT_MAX >> 2)
+ return 0;
jv new_object = jvp_object_new(size * 2);
for (int i=0; i<size; i++) {
struct object_slot* slot = jvp_object_get_slot(object, i);
@@ -1652,7 +1667,8 @@ static jv jvp_object_rehash(jv object) {
}
// references are transported, just drop the old table
jv_mem_free(jvp_object_ptr(object));
- return new_object;
+ *objectp = new_object;
+ return 1;
}
static jv jvp_object_unshare(jv object) {
@@ -1681,27 +1697,32 @@ static jv jvp_object_unshare(jv object) {
return new_object;
}
-static jv* jvp_object_write(jv* object, jv key) {
+static int jvp_object_write(jv* object, jv key, jv **valpp) {
*object = jvp_object_unshare(*object);
int* bucket = jvp_object_find_bucket(*object, key);
struct object_slot* slot = jvp_object_find_slot(*object, key, bucket);
if (slot) {
// already has the key
jvp_string_free(key);
- return &slot->value;
+ *valpp = &slot->value;
+ return 1;
}
slot = jvp_object_add_slot(*object, key, bucket);
if (slot) {
slot->value = jv_invalid();
} else {
- *object = jvp_object_rehash(*object);
+ if (!jvp_object_rehash(object)) {
+ *valpp = NULL;
+ return 0;
+ }
bucket = jvp_object_find_bucket(*object, key);
assert(!jvp_object_find_slot(*object, key, bucket));
slot = jvp_object_add_slot(*object, key, bucket);
assert(slot);
slot->value = jv_invalid();
}
- return &slot->value;
+ *valpp = &slot->value;
+ return 1;
}
static int jvp_object_delete(jv* object, jv key) {
@@ -1801,7 +1822,11 @@ jv jv_object_set(jv object, jv key, jv value) {
assert(JVP_HAS_KIND(object, JV_KIND_OBJECT));
assert(JVP_HAS_KIND(key, JV_KIND_STRING));
// copy/free of object, key, value coalesced
- jv* slot = jvp_object_write(&object, key);
+ jv* slot;
+ if (!jvp_object_write(&object, key, &slot)) {
+ jv_free(object);
+ return jv_invalid_with_msg(jv_string("Object too big"));
+ }
jv_free(*slot);
*slot = value;
return object;
@@ -1826,6 +1851,7 @@ jv jv_object_merge(jv a, jv b) {
assert(JVP_HAS_KIND(a, JV_KIND_OBJECT));
jv_object_foreach(b, k, v) {
a = jv_object_set(a, k, v);
+ if (!jv_is_valid(a)) break;
}
jv_free(b);
return a;
@@ -1845,6 +1871,7 @@ jv jv_object_merge_recursive(jv a, jv b) {
jv_free(elem);
a = jv_object_set(a, k, v);
}
+ if (!jv_is_valid(a)) break;
}
jv_free(b);
return a;
diff --git a/src/jv_aux.c b/src/jv_aux.c
index 6004799..bbe1c0d 100644
--- a/src/jv_aux.c
+++ b/src/jv_aux.c
@@ -193,18 +193,19 @@ jv jv_set(jv t, jv k, jv v) {
if (slice_len < insert_len) {
// array is growing
int shift = insert_len - slice_len;
- for (int i = array_len - 1; i >= end; i--) {
+ for (int i = array_len - 1; i >= end && jv_is_valid(t); i--) {
t = jv_array_set(t, i + shift, jv_array_get(jv_copy(t), i));
}
} else if (slice_len > insert_len) {
// array is shrinking
int shift = slice_len - insert_len;
- for (int i = end; i < array_len; i++) {
+ for (int i = end; i < array_len && jv_is_valid(t); i++) {
t = jv_array_set(t, i - shift, jv_array_get(jv_copy(t), i));
}
- t = jv_array_slice(t, 0, array_len - shift);
+ if (jv_is_valid(t))
+ t = jv_array_slice(t, 0, array_len - shift);
}
- for (int i=0; i < insert_len; i++) {
+ for (int i = 0; i < insert_len && jv_is_valid(t); i++) {
t = jv_array_set(t, start + i, jv_array_get(jv_copy(v), i));
}
jv_free(v);
diff --git a/tests/jq.test b/tests/jq.test
index 97835f2..10b20e3 100644
--- a/tests/jq.test
+++ b/tests/jq.test
@@ -198,6 +198,10 @@ null
[0,1,2]
[0,5,2]
+try (.[999999999] = 0) catch .
+null
+"Array index too large"
+
#
# Multiple outputs, iteration
#
--
2.49.0

45
pkgs/by-name/jq/jq/0005-Fix-heap-buffer-overflow-when-formatting-an-empty-st.patch
View file

@ -1,45 +0,0 @@
From d73a79035e1d24011a3363d52bf36b4eaea67aa6 Mon Sep 17 00:00:00 2001
From: itchyny <itchyny@cybozu.co.jp>
Date: Sat, 31 May 2025 11:46:40 +0900
Subject: [PATCH 5/5] Fix heap buffer overflow when formatting an empty string
The `jv_string_empty` did not properly null-terminate the string data,
which could lead to a heap buffer overflow. The test case of
GHSA-p7rr-28xf-3m5w (`0[""*0]`) was fixed by the commit dc849e9bb74a,
but another case (`0[[]|implode]`) was still vulnerable. This commit
ensures string data is properly null-terminated, and fixes CVE-2025-48060.
---
src/jv.c | 1 +
tests/jq.test | 4 ++++
2 files changed, 5 insertions(+)
diff --git a/src/jv.c b/src/jv.c
index 6e8cdd3..3303286 100644
--- a/src/jv.c
+++ b/src/jv.c
@@ -1121,6 +1121,7 @@ static jv jvp_string_empty_new(uint32_t length) {
jvp_string* s = jvp_string_alloc(length);
s->length_hashed = 0;
memset(s->data, 0, length);
+ s->data[length] = 0;
jv r = {JVP_FLAGS_STRING, 0, 0, 0, {&s->refcnt}};
return r;
}
diff --git a/tests/jq.test b/tests/jq.test
index 10b20e3..680706b 100644
--- a/tests/jq.test
+++ b/tests/jq.test
@@ -2042,6 +2042,10 @@ map(try implode catch .)
[123,["a"],[nan]]
["implode input must be an array","string (\"a\") can't be imploded, unicode codepoint needs to be numeric","number (null) can't be imploded, unicode codepoint needs to be numeric"]
+try 0[implode] catch .
+[]
+"Cannot index number with string \"\""
+
# walk
walk(.)
{"x":0}
--
2.49.0

78
pkgs/by-name/jq/jq/package.nix
View file

@ -7,16 +7,19 @@
bison,
onigurumaSupport ? true,
oniguruma,
tzdata,
nix-update-script,
testers,
}:
stdenv.mkDerivation rec {
stdenv.mkDerivation (finalAttrs: {
pname = "jq";
version = "1.7.1";
version = "1.8.0";
# Note: do not use fetchpatch or fetchFromGitHub to keep this package available in __bootPackages
src = fetchurl {
url = "https://github.com/jqlang/jq/releases/download/jq-${version}/jq-${version}.tar.gz";
hash = "sha256-R4ycoSn9LjRD/icxS0VeIR4NjGC8j/ffcDhz3u7lgMI=";
url = "https://github.com/jqlang/jq/releases/download/jq-${finalAttrs.version}/jq-${finalAttrs.version}.tar.gz";
hash = "sha256-kYEVd/kdmmGV/1DCv/7JtyyEKdwF7D6gIv2VwG0rMZw=";
};
outputs = [
@ -27,30 +30,6 @@ stdenv.mkDerivation rec {
"out"
];
patches = [
# can't fetchpatch because jq is in bootstrap for darwin
# CVE-2025-48060
# https://github.com/jqlang/jq/commit/dc849e9bb74a7a164a3ea52f661cc712b1ffbd43
./0001-Improve-performance-of-repeating-strings-3272.patch
# needed for the other patches to apply correctly
# https://github.com/jqlang/jq/commit/b86ff49f46a4a37e5a8e75a140cb5fd6e1331384
./0002-fix-jv_number_value-should-cache-the-double-value-of.patch
# CVE-2024-53427
# https://github.com/jqlang/jq/commit/a09a4dfd55e6c24d04b35062ccfe4509748b1dd3
./0003-Reject-NaN-with-payload-while-parsing-JSON.patch
# CVE-2024-23337
# https://github.com/jqlang/jq/commit/de21386681c0df0104a99d9d09db23a9b2a78b1e
./0004-Fix-signed-integer-overflow-in-jvp_array_write-and-j.patch
# CVE-2025-48060, part two
# Improve-performance-of-repeating-strings is only a partial fix
# https://github.com/jqlang/jq/commit/c6e041699d8cd31b97375a2596217aff2cfca85b
./0005-Fix-heap-buffer-overflow-when-formatting-an-empty-st.patch
];
# https://github.com/jqlang/jq/issues/2871
postPatch = lib.optionalString stdenv.hostPlatform.isFreeBSD ''
substituteInPlace Makefile.am --replace-fail "tests/mantest" "" --replace-fail "tests/optionaltest" ""
@ -61,16 +40,19 @@ stdenv.mkDerivation rec {
# doesn't keep.
preConfigure = ''
echo "#!/bin/sh" > scripts/version
echo "echo ${version}" >> scripts/version
echo "echo ${finalAttrs.version}" >> scripts/version
patchShebangs scripts/version
'';
# paranoid mode: make sure we never use vendored version of oniguruma
# Note: it must be run after automake, or automake will complain
preBuild = ''
rm -r ./modules/oniguruma
rm -r ./vendor/oniguruma
'';
strictDeps = true;
enableParallelBuilding = true;
buildInputs = lib.optionals onigurumaSupport [ oniguruma ];
nativeBuildInputs = [
removeReferencesTo
@ -87,9 +69,7 @@ stdenv.mkDerivation rec {
]
++ lib.optional (!onigurumaSupport) "--with-oniguruma=no"
# jq is linked to libjq:
++ lib.optional (!stdenv.hostPlatform.isDarwin) "LDFLAGS=-Wl,-rpath,\\\${libdir}"
# https://github.com/jqlang/jq/issues/3252
++ lib.optional stdenv.hostPlatform.isOpenBSD "CFLAGS=-D_BSD_SOURCE=1";
++ lib.optional (!stdenv.hostPlatform.isDarwin) "LDFLAGS=-Wl,-rpath,\\\${libdir}";
# jq binary includes the whole `configureFlags` in:
# https://github.com/jqlang/jq/commit/583e4a27188a2db097dd043dd203b9c106bba100
@ -106,24 +86,42 @@ stdenv.mkDerivation rec {
doInstallCheck = true;
installCheckTarget = "check";
preInstallCheck = ''
substituteInPlace tests/shtest \
--replace-fail "TZ=" "TZ=${tzdata}/share/zoneinfo/"
'';
postInstallCheck = ''
$bin/bin/jq --help >/dev/null
$bin/bin/jq -r '.values[1]' <<< '{"values":["hello","world"]}' | grep '^world$' > /dev/null
'';
passthru = { inherit onigurumaSupport; };
passthru = {
inherit onigurumaSupport;
tests.version = testers.testVersion {
package = lib.getBin finalAttrs.finalPackage;
command = "jq --version";
};
meta = with lib; {
updateScript = nix-update-script {
extraArgs = [
"--version-regex"
"jq-(.+)"
];
};
};
meta = {
changelog = "https://github.com/jqlang/jq/releases/tag/jq-${finalAttrs.version}";
description = "Lightweight and flexible command-line JSON processor";
homepage = "https://jqlang.github.io/jq/";
license = licenses.mit;
maintainers = with maintainers; [
license = lib.licenses.mit;
maintainers = with lib.maintainers; [
raskin
artturin
ncfavier
];
platforms = platforms.unix;
platforms = lib.platforms.unix;
downloadPage = "https://jqlang.github.io/jq/download/";
mainProgram = "jq";
};
}
})

1
pkgs/by-name/li/libarchive/package.nix
View file

@ -74,6 +74,7 @@ stdenv.mkDerivation (finalAttrs: {
# the filesystem does not necessarily have hardlink capabilities
"libarchive/test/test_write_disk_hardlink.c"
# access-time-related tests flakey on some systems
"libarchive/test/test_read_disk_directory_traversals.c"
"cpio/test/test_option_a.c"
"cpio/test/test_option_t.c"
]

19
pkgs/by-name/li/libavif/package.nix
View file

@ -2,7 +2,6 @@
lib,
stdenv,
fetchFromGitHub,
fetchpatch,
libaom,
cmake,
pkg-config,
@ -32,29 +31,15 @@ in
stdenv.mkDerivation rec {
pname = "libavif";
version = "1.2.1";
version = "1.3.0";
src = fetchFromGitHub {
owner = "AOMediaCodec";
repo = "libavif";
rev = "v${version}";
hash = "sha256-cT8Q/VEJ+r971cbuZX92Gf6UX2kMOyZd4Cs2xMxS0Tw=";
hash = "sha256-0J56wpXa2AVh9JUp5UY2kzWijNE3i253RKhpG5oDFJE=";
};
# Adjust some tests to pass on aarch64
# FIXME: remove in next update
patches = [
(fetchpatch {
url = "https://github.com/AOMediaCodec/libavif/commit/1e9ef51f32fa23bd7a94d8c01d5205334bc9c52f.patch";
hash = "sha256-4V7NpuJ+YNm103RMO47TIZaApTm3S6c5RKsjLZFNwYw=";
})
(fetchpatch {
url = "https://github.com/AOMediaCodec/libavif/commit/0f1618a25c5eba41b6fec947207d0a32ae3cc6c5.patch";
hash = "sha256-ORNhD4QtHmBcOYSajnZn7QMfRC3MF4rgUin/Vw+2ztA=";
})
];
postPatch = ''
substituteInPlace contrib/gdk-pixbuf/avif.thumbnailer.in \
--replace-fail '@CMAKE_INSTALL_FULL_BINDIR@/gdk-pixbuf-thumbnailer' "$out/libexec/gdk-pixbuf-thumbnailer-avif"

4
pkgs/by-name/li/libdeflate/package.nix
View file

@ -11,13 +11,13 @@
stdenv.mkDerivation (finalAttrs: {
pname = "libdeflate";
version = "1.23";
version = "1.24";
src = fetchFromGitHub {
owner = "ebiggers";
repo = "libdeflate";
rev = "v${finalAttrs.version}";
hash = "sha256-bucVkRgZdzLe2HFzIP+Trq4+FJ5kLYdIVNUiJ2f52zg=";
hash = "sha256-IaXXm9VrZ0Pgb3yTh1fPKkifJDvCxvCfTH08Sdho0Ko=";
};
cmakeFlags = [

4
pkgs/by-name/li/libfido2/package.nix
View file

@ -16,12 +16,12 @@
stdenv.mkDerivation rec {
pname = "libfido2";
version = "1.15.0";
version = "1.16.0";
# releases on https://developers.yubico.com/libfido2/Releases/ are signed
src = fetchurl {
url = "https://developers.yubico.com/${pname}/Releases/${pname}-${version}.tar.gz";
hash = "sha256-q6qxMY0h0mLs5Bb7inEy+pN0vaifb6UrhqmKL1cSth4=";
hash = "sha256-jCtvsnm1tC6aySrecYMuSFhSZHtTYHxDuqr7vOzqBOQ=";
};
nativeBuildInputs = [

6
pkgs/by-name/li/libraw/package.nix
View file

@ -15,13 +15,13 @@
stdenv.mkDerivation rec {
pname = "libraw";
version = "0.21.3";
version = "0.21.4";
src = fetchFromGitHub {
owner = "LibRaw";
repo = "LibRaw";
rev = version;
hash = "sha256-QFyRQ0V7din/rnkRvEWf521kSzN7HwJ3kZiQ43PAmVI=";
hash = "sha256-JAGIM7A9RbK22F8KczRcb+29t4fDDXzoCA3a4s/z6Q8=";
};
outputs = [
@ -45,7 +45,7 @@ stdenv.mkDerivation rec {
'';
passthru.tests = {
inherit imagemagick hdrmerge freeimage;
inherit imagemagick hdrmerge; # freeimage
inherit (python3.pkgs) rawkit;
};

32
pkgs/by-name/li/libtheora/package.nix
View file

@ -1,11 +1,12 @@
{
lib,
stdenv,
fetchurl,
fetchFromGitHub,
autoreconfHook,
libogg,
libvorbis,
pkg-config,
perl,
testers,
validatePkgConfig,
}:
@ -14,13 +15,19 @@ stdenv.mkDerivation (finalAttrs: {
pname = "libtheora";
version = "1.2.0";
src = fetchurl {
url = "https://downloads.xiph.org/releases/theora/libtheora-${finalAttrs.version}.tar.gz";
hash = "sha256-J5MnM5kDtUTCipKurafQ3P0Dl7WcLzaMxpisVvUVkG4=";
src = fetchFromGitHub {
owner = "xiph";
repo = "theora";
tag = "v${finalAttrs.version}";
hash = "sha256-kzZh4V6wZX9MetDutuqjRenmdpy4PHaRU9MgtIwPpiU=";
};
patches = lib.optionals stdenv.hostPlatform.isMinGW [ ./mingw-remove-export.patch ];
postPatch = lib.optionalString stdenv.hostPlatform.isArmv7 ''
patchShebangs lib/arm/arm2gnu.pl
'';
configureFlags = [ "--disable-examples" ];
outputs = [
@ -30,17 +37,24 @@ stdenv.mkDerivation (finalAttrs: {
];
outputDoc = "devdoc";
nativeBuildInputs = [
autoreconfHook
pkg-config
validatePkgConfig
];
nativeBuildInputs =
[
autoreconfHook
pkg-config
validatePkgConfig
]
++ lib.optionals stdenv.hostPlatform.isArmv7 [
# Needed to run lib/arm/arm2gnu.pl for ARM assembly optimizations
perl
];
propagatedBuildInputs = [
libogg
libvorbis
];
strictDeps = true;
passthru = {
tests.pkg-config = testers.hasPkgConfigModules {
package = finalAttrs.finalPackage;

4
pkgs/by-name/li/libusb1/package.nix
View file

@ -16,13 +16,13 @@
stdenv.mkDerivation rec {
pname = "libusb";
version = "1.0.28";
version = "1.0.29";
src = fetchFromGitHub {
owner = "libusb";
repo = "libusb";
rev = "v${version}";
sha256 = "sha256-ntfDh/+HYm5cthhO8FkAJHo4RcxvZUKmHf4AOrHLysM=";
sha256 = "sha256-m1w+uF8+2WCn72LvoaGUYa+R0PyXHtFFONQjdRfImYY=";
};
outputs = [

4
pkgs/by-name/li/libuv/package.nix
View file

@ -134,6 +134,8 @@ stdenv.mkDerivation (finalAttrs: {
# EOPNOTSUPP when performed in jailed build env
"tcp_reuseport"
"udp_reuseport"
# jailed build env does not have a hostname
"gethostname"
# Fails when built on non-nix FreeBSD
# https://github.com/libuv/libuv/issues/4606
"fs_event_watch_delete_dir"
@ -142,6 +144,8 @@ stdenv.mkDerivation (finalAttrs: {
in
lib.optionalString (finalAttrs.finalPackage.doCheck) ''
sed '/${tdRegexp}/d' -i test/test-list.h
# https://github.com/libuv/libuv/issues/4794
substituteInPlace Makefile.am --replace-fail -lutil "-lutil -lm"
'';
nativeBuildInputs = [

4
pkgs/by-name/li/libzip/package.nix
View file

@ -19,11 +19,11 @@
stdenv.mkDerivation (finalAttrs: {
pname = "libzip";
version = "1.11.3";
version = "1.11.4";
src = fetchurl {
url = "https://libzip.org/download/libzip-${finalAttrs.version}.tar.gz";
hash = "sha256-dmU/E13eMDYDbFAOEYYWSP+/nh/FsjP/RzxgiX2dsOo=";
hash = "sha256-guny8kIfnXwkZrvDFzzQlZWojqN9sNVZqdCi3GDcci4=";
};
outputs = [

59
pkgs/by-name/ln/lndir/package.nix Normal file
View file

@ -0,0 +1,59 @@
{
lib,
stdenv,
fetchurl,
updateAutotoolsGnuConfigScriptsHook,
writeScript,
}:
stdenv.mkDerivation (finalAttrs: {
pname = "lndir";
version = "1.0.5";
src = fetchurl {
url = "mirror://xorg/individual/util/lndir-${finalAttrs.version}.tar.xz";
hash = "sha256-O2VXelV1zOCVZk9UkhZKlpQYAP5ikKEjcx1H8+cQTds=";
};
strictDeps = true;
nativeBuildInputs = [ updateAutotoolsGnuConfigScriptsHook ];
preConfigure = ''
# removes dependency on xorgproto
# from commit 466f1d85d21f79237123d74598a3d7f073513685
# also fix build due to missing import of unistd.h
export XPROTO_CFLAGS=" "
export XPROTO_LIBS=" "
substituteInPlace lndir.c \
--replace-fail '<X11/Xos.h>' "<unistd.h>" \
--replace-fail '#include <X11/Xfuncproto.h>' "" \
--replace-fail '_X_ATTRIBUTE_PRINTF(1,2)' '__attribute__((__format__(__printf__,1,2)))' \
--replace-fail '_X_ATTRIBUTE_PRINTF(2,3)' '__attribute__((__format__(__printf__,2,3)))' \
--replace-fail '_X_NORETURN' '__attribute__((noreturn))'
# supposed to make lndir it work on directories with st_nlink set to 1 (such as on btrfs).
# from commit 26164c05c5a227462e8f076db6018a4c55fa1412
substituteInPlace lndir.c \
--replace-fail 'n_dirs--;' ""
'';
passthru = {
updateScript = writeScript "update-${finalAttrs.pname}" ''
#!/usr/bin/env nix-shell
#!nix-shell -i bash -p common-updater-scripts
version="$(list-directory-versions --pname ${finalAttrs.pname} \
--url https://xorg.freedesktop.org/releases/individual/util/ \
| sort -V | tail -n1)"
update-source-version ${finalAttrs.pname} "$version"
'';
};
meta = {
description = "Create a shadow directory of symbolic links to another directory tree";
homepage = "https://gitlab.freedesktop.org/xorg/util/lndir";
license = lib.licenses.mitOpenGroup;
mainProgram = "lndir";
maintainers = [ ];
platforms = lib.platforms.unix;
};
})

12
pkgs/by-name/mp/mpdecimal/package.nix
View file

@ -7,7 +7,7 @@
stdenv.mkDerivation rec {
pname = "mpdecimal";
version = "4.0.0";
version = "4.0.1";
outputs = [
"out"
"cxx"
@ -17,18 +17,12 @@ stdenv.mkDerivation rec {
src = fetchurl {
url = "https://www.bytereef.org/software/mpdecimal/releases/mpdecimal-${version}.tar.gz";
hash = "sha256-lCRFwyRbInMP1Bpnp8XCMdEcsbmTa5wPdjNPt9C0Row=";
hash = "sha256-ltM6u0uwBwx74P7UJGzThBYYgyX4IEaCFEcZOFRbGsg=";
};
nativeBuildInputs = [ autoreconfHook ];
configureFlags = [ "LD=${stdenv.cc.targetPrefix}cc" ];
postPatch = ''
# Use absolute library install names on Darwin.
substituteInPlace configure.ac \
--replace-fail '-install_name @rpath/' "-install_name $out/lib/"
'';
enableParallelBuilding = true;
postInstall = ''
mkdir -p $cxx/lib

4
pkgs/by-name/pi/pixman/package.nix
View file

@ -25,14 +25,14 @@
stdenv.mkDerivation (finalAttrs: {
pname = "pixman";
version = "0.44.2";
version = "0.46.0";
src = fetchurl {
urls = with finalAttrs; [
"mirror://xorg/individual/lib/${pname}-${version}.tar.gz"
"https://cairographics.org/releases/${pname}-${version}.tar.gz"
];
hash = "sha256-Y0kGHOGjOKtpUrkhlNGwN3RyJEII1H/yW++G/HGXNGY=";
hash = "sha256-Atn/e4RY72FzHD01X4VLv0Yf0KTTVjxR8cHHsAY4BQ0=";
};
# Raise test timeout, 120s can be slightly exceeded on slower hardware

4
pkgs/by-name/re/re2c/package.nix
View file

@ -14,13 +14,13 @@
stdenv.mkDerivation rec {
pname = "re2c";
version = "4.1";
version = "4.2";
src = fetchFromGitHub {
owner = "skvadrik";
repo = "re2c";
rev = version;
sha256 = "sha256-xB4oH0QS0VKTK2we+wdylS8VBijpp6tv7YV7fIX1s4A=";
hash = "sha256-7Niq+Xxq/r86qOeJl6/gNdH1XKm6m0fPhbPmgazZFkU=";
};
nativeBuildInputs = [

4
pkgs/by-name/s2/s2n-tls/package.nix
View file

@ -9,13 +9,13 @@
stdenv.mkDerivation rec {
pname = "s2n-tls";
version = "1.5.17";
version = "1.5.20";
src = fetchFromGitHub {
owner = "aws";
repo = "s2n-tls";
rev = "v${version}";
hash = "sha256-ylaWeYLplAi94PQHauI1lG4PJI193TvrAPM7U446cnE=";
hash = "sha256-qmwo8GZpOtAs3OgdR9DWnOGz8sQcGqZKZn4WwfGpy6M=";
};
nativeBuildInputs = [ cmake ];

10
pkgs/by-name/sd/sdl2-compat/package.nix
View file

@ -21,7 +21,11 @@
ffmpeg,
qemu,
}:
let
# tray support on sdl3 pulls in gtk3, which is quite an expensive dependency.
# sdl2 does not support the tray, so we can just disable that requirement.
sdl3' = sdl3.override { traySupport = false; };
in
stdenv.mkDerivation (finalAttrs: {
pname = "sdl2-compat";
version = "2.32.56";
@ -39,7 +43,7 @@ stdenv.mkDerivation (finalAttrs: {
];
buildInputs = [
sdl3
sdl3'
libX11
];
@ -57,7 +61,7 @@ stdenv.mkDerivation (finalAttrs: {
cmakeFlags = [
(lib.cmakeBool "SDL2COMPAT_TESTS" finalAttrs.finalPackage.doCheck)
(lib.cmakeFeature "CMAKE_INSTALL_RPATH" (lib.makeLibraryPath [ sdl3 ]))
(lib.cmakeFeature "CMAKE_INSTALL_RPATH" (lib.makeLibraryPath [ sdl3' ]))
];
# skip timing-based tests as those are flaky

44
pkgs/by-name/sd/sdl3/package.nix
View file

@ -8,7 +8,7 @@
darwinMinVersionHook,
dbus,
fetchFromGitHub,
ibus,
ibusMinimal,
installShellFiles,
libGL,
libayatana-appindicator,
@ -51,6 +51,7 @@
libudevSupport ? stdenv.hostPlatform.isLinux && !stdenv.hostPlatform.isAndroid,
sndioSupport ? false,
testSupport ? true,
traySupport ? true,
waylandSupport ? stdenv.hostPlatform.isLinux && !stdenv.hostPlatform.isAndroid,
x11Support ? !stdenv.hostPlatform.isAndroid && !stdenv.hostPlatform.isWindows,
}:
@ -58,33 +59,44 @@
assert lib.assertMsg (
waylandSupport -> openglSupport
) "SDL3 requires OpenGL support to enable Wayland";
assert lib.assertMsg (ibusSupport -> dbusSupport) "SDL3 requires dbus support to enable ibus";
stdenv.mkDerivation (finalAttrs: {
pname = "sdl3";
version = "3.2.14";
version = "3.2.16";
outputs = [
"lib"
"dev"
"out"
];
outputs =
[
"lib"
"dev"
"out"
]
++ lib.optionals testSupport [
"installedTests"
];
src = fetchFromGitHub {
owner = "libsdl-org";
repo = "SDL";
tag = "release-${finalAttrs.version}";
hash = "sha256-+CcbvF1nxxsVwuO5g50sBVGth0sr5WTFojSfT6B6bok=";
hash = "sha256-xFWE/i4l3sU1KritwbqvN67kJ3/WUfNP3iScMfQUbwA=";
};
postPatch =
# Tests timeout on Darwin
# `testtray` loads assets from a relative path, which we are patching to be absolute
lib.optionalString testSupport ''
substituteInPlace test/CMakeLists.txt \
--replace-fail 'set(noninteractive_timeout 10)' 'set(noninteractive_timeout 30)'
substituteInPlace test/testtray.c \
--replace-warn '../test/' '${placeholder "installedTests"}/share/assets/'
''
+ lib.optionalString waylandSupport ''
substituteInPlace src/video/wayland/SDL_waylandmessagebox.c \
--replace-fail '"zenity"' '"${lib.getExe zenity}"'
substituteInPlace src/dialog/unix/SDL_zenitydialog.c \
--replace-fail '"zenity"' '"${lib.getExe zenity}"'
'';
strictDeps = true;
@ -104,7 +116,11 @@ stdenv.mkDerivation (finalAttrs: {
apple-sdk_11
]
++ lib.optionals ibusSupport [
ibus
# sdl3 only uses some constants of the ibus headers
# it never actually loads the library
# thus, it also does not have to care about gtk integration,
# so using ibusMinimal avoids an unnecessarily large closure here.
ibusMinimal
]
++ lib.optional waylandSupport zenity;
@ -113,7 +129,7 @@ stdenv.mkDerivation (finalAttrs: {
libusb1
]
++ lib.optional (
stdenv.hostPlatform.isUnix && !stdenv.hostPlatform.isDarwin
stdenv.hostPlatform.isUnix && !stdenv.hostPlatform.isDarwin && traySupport
) libayatana-appindicator
++ lib.optional alsaSupport alsa-lib
++ lib.optional dbusSupport dbus
@ -160,11 +176,13 @@ stdenv.mkDerivation (finalAttrs: {
(lib.cmakeBool "SDL_PULSEAUDIO" pulseaudioSupport)
(lib.cmakeBool "SDL_SNDIO" sndioSupport)
(lib.cmakeBool "SDL_TEST_LIBRARY" testSupport)
(lib.cmakeBool "SDL_TRAY_DUMMY" (!traySupport))
(lib.cmakeBool "SDL_WAYLAND" waylandSupport)
(lib.cmakeBool "SDL_WAYLAND_LIBDECOR" libdecorSupport)
(lib.cmakeBool "SDL_X11" x11Support)
(lib.cmakeBool "SDL_TESTS" finalAttrs.finalPackage.doCheck)
(lib.cmakeBool "SDL_INSTALL_TESTS" testSupport)
];
doCheck = testSupport && stdenv.buildPlatform.canExecute stdenv.hostPlatform;
@ -180,6 +198,12 @@ stdenv.mkDerivation (finalAttrs: {
) "-rpath ${lib.makeLibraryPath (finalAttrs.dlopenBuildInputs)}";
};
postInstall = lib.optionalString testSupport ''
moveToOutput "share/installed-tests" "$installedTests"
moveToOutput "libexec/installed-tests" "$installedTests"
install -Dm 444 -t $installedTests/share/assets test/*.bmp
'';
passthru = {
# Building this in its own derivation to make sure the rpath hack above propagate to users
debug-text-example = stdenv.mkDerivation (finalAttrs': {

45
pkgs/by-name/se/sessreg/package.nix Normal file
View file

@ -0,0 +1,45 @@
{
lib,
stdenv,
fetchurl,
pkg-config,
xorgproto,
writeScript,
}:
stdenv.mkDerivation (finalAttrs: {
pname = "sessreg";
version = "1.1.3";
src = fetchurl {
url = "mirror://xorg/individual/app/sessreg-${finalAttrs.version}.tar.xz";
hash = "sha256-AirNXegHfd3E+RmWH3nhAuzV8yKKMzaBr1zQ5zRPrMI=";
};
strictDeps = true;
nativeBuildInputs = [ pkg-config ];
buildInputs = [ xorgproto ];
passthru = {
updateScript = writeScript "update-${finalAttrs.pname}" ''
#!/usr/bin/env nix-shell
#!nix-shell -i bash -p common-updater-scripts
version="$(list-directory-versions --pname ${finalAttrs.pname} \
--url https://xorg.freedesktop.org/releases/individual/app/ \
| sort -V | tail -n1)"
update-source-version ${finalAttrs.pname} "$version"
'';
};
meta = {
description = "Utility to manage utmp & wtmp entries for X sessions";
homepage = "https://gitlab.freedesktop.org/xorg/app/sessreg";
license = with lib.licenses; [
mitOpenGroup
mit
];
mainProgram = "sessreg";
maintainers = [ ];
platforms = lib.platforms.unix;
};
})

5
pkgs/by-name/so/softhsm/package.nix
View file

@ -22,6 +22,9 @@ stdenv.mkDerivation rec {
"--with-objectstore-backend-db"
"--sysconfdir=$out/etc"
"--localstatedir=$out/var"
# The configure script checks for the sqlite3 command, but never uses it.
# Provide an arbitrary executable file for cross scenarios.
"ac_cv_path_SQLITE3=/"
];
buildInputs = [
@ -29,6 +32,8 @@ stdenv.mkDerivation rec {
sqlite
];
strictDeps = true;
postInstall = "rm -rf $out/var";
meta = with lib; {

6
pkgs/by-name/sw/swig/package.nix
View file

@ -11,13 +11,13 @@
stdenv.mkDerivation (finalAttrs: {
pname = "swig";
version = "4.3.0";
version = "4.3.1";
src = fetchFromGitHub {
owner = "swig";
repo = "swig";
rev = "v${finalAttrs.version}";
hash = "sha256-hFHEE9wy8Lja9G396tI4fj4LhOkpPKJkDuy1L62AXr4=";
hash = "sha256-wEqbKDgXVU8kQxdh7uC+EZ0u5leeoYh2d/61qB4guOg=";
};
strictDeps = true;
@ -41,6 +41,8 @@ stdenv.mkDerivation (finalAttrs: {
./autogen.sh
'';
enableParallelBuilding = true;
meta = {
changelog = "https://github.com/swig/swig/blob/${finalAttrs.src.rev}/CHANGES.current";
description = "Interface compiler that connects C/C++ code to higher-level languages";

10
pkgs/by-name/va/valgrind/package.nix
View file

@ -11,20 +11,14 @@
stdenv.mkDerivation rec {
pname = "valgrind";
version = "3.24.0";
version = "3.25.1";
src = fetchurl {
url = "https://sourceware.org/pub/${pname}/${pname}-${version}.tar.bz2";
hash = "sha256-ca7iAr3vGuc4mMz36cMVE0+n22wkYGOvxQOu9wLsA70=";
hash = "sha256-Yd640HJ7RcJo79wbO2yeZ5zZfL9e5LKNHerXyLeica8=";
};
patches = [
# Fix build on ELFv2 powerpc64
# https://bugs.kde.org/show_bug.cgi?id=398883
(fetchurl {
url = "https://github.com/void-linux/void-packages/raw/3e16b4606235885463fc9ab45b4c120f1a51aa28/srcpkgs/valgrind/patches/elfv2-ppc64-be.patch";
sha256 = "NV/F+5aqFZz7+OF5oN5MUTpThv4H5PEY9sBgnnWohQY=";
})
# Fix checks on Musl.
# https://bugs.kde.org/show_bug.cgi?id=453929
(fetchpatch {

19
pkgs/by-name/ve/versionCheckHook/hook.sh
View file

@ -1,10 +1,19 @@
_handleCmdOutput(){
local command=("$1" "$2")
local versionOutput
local envArgs=()
if [[ "$3" != "*" ]]; then
envArgs+=("--ignore-environment")
for var in $3; do
envArgs+=("$var=${!var}")
done
fi
versionOutput="$(env \
--chdir=/ \
--argv0="$(basename "${command[0]}")" \
$( [[ -z "$3" || "$3" = "0" ]] && echo --ignore-environment ) \
"${envArgs[@]}" \
"${command[@]}" 2>&1 \
| sed -e 's|@storeDir@/[^/ ]*/|{{storeDir}}/|g' \
|| true)"
@ -25,8 +34,8 @@ versionCheckHook(){
runHook preVersionCheck
echo Executing versionCheckPhase
# Enable --ignore-environment by default unless explicitly disabled
: "${versionCheckDontIgnoreEnvironment:=0}"
# Don't keep any environment variables by default
: "${versionCheckKeepEnvironment:=}"
local cmdProgram cmdArg echoPrefix
if [[ -z "${versionCheckProgram-}" ]]; then
@ -47,14 +56,14 @@ versionCheckHook(){
fi
if [[ -z "${versionCheckProgramArg}" ]]; then
for cmdArg in "--help" "--version"; do
echoPrefix="$(_handleCmdOutput "$cmdProgram" "$cmdArg" "$versionCheckDontIgnoreEnvironment")"
echoPrefix="$(_handleCmdOutput "$cmdProgram" "$cmdArg" "$versionCheckKeepEnvironment")"
if [[ "$echoPrefix" == "Successfully managed to" ]]; then
break
fi
done
else
cmdArg="$versionCheckProgramArg"
echoPrefix="$(_handleCmdOutput "$cmdProgram" "$cmdArg" "$versionCheckDontIgnoreEnvironment")"
echoPrefix="$(_handleCmdOutput "$cmdProgram" "$cmdArg" "$versionCheckKeepEnvironment")"
fi
if [[ "$echoPrefix" == "Did not" ]]; then
exit 2

6
pkgs/by-name/vp/vpnc-scripts/package.nix
View file

@ -10,6 +10,7 @@
nettools,
openresolv,
systemd,
withSystemd ? lib.meta.availableOn stdenv.hostPlatform systemd,
}:
stdenv.mkDerivation {
@ -36,7 +37,10 @@ stdenv.mkDerivation {
''
+ lib.optionalString stdenv.hostPlatform.isLinux ''
substituteInPlace $out/bin/vpnc-script \
--replace "/sbin/resolvconf" "${openresolv}/bin/resolvconf" \
--replace "/sbin/resolvconf" "${openresolv}/bin/resolvconf"
''
+ lib.optionalString withSystemd ''
substituteInPlace $out/bin/vpnc-script \
--replace "/usr/bin/resolvectl" "${systemd}/bin/resolvectl"
''
+ ''

2
pkgs/by-name/wa/waf/package.nix
View file

@ -64,7 +64,7 @@ stdenv.mkDerivation (finalAttrs: {
runHook preInstall
install -D waf "$out"/bin/waf
wrapProgram "$out"/bin/waf --set PYTHONPATH "$out"/${python3.sitePackages}
wrapProgram "$out"/bin/waf --prefix PYTHONPATH : "$out"/${python3.sitePackages}
mkdir -p "$out"/${python3.sitePackages}/
cp -r waflib "$out"/${python3.sitePackages}/
runHook postInstall

136
pkgs/by-name/xo/xorgproto/package.nix Normal file
View file

@ -0,0 +1,136 @@
{
lib,
stdenv,
fetchurl,
fetchpatch,
pkg-config,
python3,
meson,
ninja,
writeScript,
testers,
}:
stdenv.mkDerivation (finalAttrs: {
pname = "xorgproto";
version = "2024.1";
src = fetchurl {
url = "mirror://xorg/individual/proto/xorgproto-${finalAttrs.version}.tar.xz";
hash = "sha256-NyIl/UCBW4QjVH9diQxd68cuiLkQiPv7ExWMIElcy1k=";
};
patches = [
# small fix for mingw
(fetchpatch {
url = "https://aur.archlinux.org/cgit/aur.git/plain/meson.patch?h=mingw-w64-xorgproto&id=7b817efc3144a50e6766817c4ca7242f8ce49307";
sha256 = "sha256-Izzz9In53W7CC++k1bLr78iSrmxpFm1cH8qcSpptoUQ=";
})
];
strictDeps = true;
nativeBuildInputs = [
pkg-config
python3
meson
ninja
];
# adds support for printproto needed for libXp
mesonFlags = [ "-Dlegacy=true" ];
passthru = {
updateScript = writeScript "update-${finalAttrs.pname}" ''
#!/usr/bin/env nix-shell
#!nix-shell -i bash -p common-updater-scripts
version="$(list-directory-versions --pname ${finalAttrs.pname} \
--url https://xorg.freedesktop.org/releases/individual/proto/ \
| sort -V | tail -n1)"
update-source-version ${finalAttrs.pname} "$version"
'';
tests.pkg-config = testers.testMetaPkgConfig finalAttrs.finalPackage;
};
meta = {
description = "X Window System unified protocol definitions";
homepage = "https://gitlab.freedesktop.org/xorg/proto/xorgproto";
license = with lib.licenses; [
# The copyright notices are split between each protocol, so to be able to validate this,
# I listed all the components that have the license for each license:
# applewm, composite, dmx, evie, fixes, input, video, windowswm, x11, xext, xf86dri
mit
# bigreqs, fonts, input, lg3d, pm, x11, xmisc, xext, xinerama
mitOpenGroup
# composite, damage, dri3, fixes, fonts, present, randr, record, render, xext, xwayland
hpndSellVariant
# dri2
icu
# fontcache
bsd2
# gl
sgi-b-20
# fonts, input, kb, trap, video, x11, xext
hpnd
# print, resource, scrnsaver, video, xext, xf86{bigfont,dga,misc,rush,vidmode}, xinerama
# Note: 2 of the licenses actually omit a sentence from the x11 license that is not marked as
# omittable by spdx. But the sentence is not integral to the license's meaning, I think.
x11
# x11
hpndDifferentDisclaimer
# fontsproto and x11proto both contain a license that is almost the X11 license, but with one
# important difference: the sentence "Permission is hereby granted [...] to use, copy,
# modify, merge, publish, distribute ..." is replaced with "All rights reserved."
# Since XFree86 has the copyright and XFree86 was, at least in later releases, free software
# under the X11 license, I will give this the benefit of the doubt and not mark a package
# that idk 30% of nixpkgs depends on (estimate based on nothing other than most xorg stuff
# depends on it) as unfree.
# upstream issue: https://gitlab.freedesktop.org/xorg/proto/xorgproto/-/issues/53
#unfree
];
maintainers = [ ];
pkgConfigModules = [
"applewmproto"
"bigreqsproto"
"compositeproto"
"damageproto"
"dmxproto"
"dpmsproto"
"dri2proto"
"dri3proto"
"evieproto"
"fixesproto"
"fontcacheproto"
"fontsproto"
"glproto"
"inputproto"
"kbproto"
"lg3dproto"
"presentproto"
"printproto"
"randrproto"
"recordproto"
"renderproto"
"resourceproto"
"scrnsaverproto"
"trapproto"
"videoproto"
"windowswmproto"
"xcalibrateproto"
"xcmiscproto"
"xextproto"
"xf86bigfontproto"
"xf86dgaproto"
"xf86driproto"
"xf86miscproto"
"xf86rushproto"
"xf86vidmodeproto"
"xineramaproto"
"xproto"
"xproxymngproto"
"xwaylandproto"
];
platforms = lib.platforms.unix ++ lib.platforms.windows;
};
})

39
pkgs/by-name/xs/xsimd/package.nix
View file

@ -2,37 +2,28 @@
lib,
stdenv,
fetchFromGitHub,
fetchpatch,
cmake,
doctest,
}:
stdenv.mkDerivation (finalAttrs: {
pname = "xsimd";
version = "13.0.0";
version = "13.2.0";
src = fetchFromGitHub {
owner = "xtensor-stack";
repo = "xsimd";
rev = finalAttrs.version;
hash = "sha256-qElJYW5QDj3s59L3NgZj5zkhnUMzIP2mBa1sPks3/CE=";
tag = finalAttrs.version;
hash = "sha256-L4ttJxP46uNwQAEUMoJ8rsc51Le2GeIGbT1kX7ZzcPA=";
};
patches =
[
# Fix of https://github.com/xtensor-stack/xsimd/pull/1024 for
# https://github.com/xtensor-stack/xsimd/issues/456 and
# https://github.com/xtensor-stack/xsimd/issues/807,
(fetchpatch {
url = "https://github.com/xtensor-stack/xsimd/commit/c8a87ed6e04b6782f48f94713adfb0cad6c11ddf.patch";
hash = "sha256-2/FvBGdqTPcayD7rdHPSzL+F8IYKAfMW0WBJ0cW9EZ0=";
})
]
++ lib.optionals stdenv.hostPlatform.isDarwin [
# https://github.com/xtensor-stack/xsimd/issues/1030
./disable-test_error_gamma.patch
# https://github.com/xtensor-stack/xsimd/issues/1063
./relax-asin-precision.diff
];
patches = lib.optionals stdenv.hostPlatform.isDarwin [
# https://github.com/xtensor-stack/xsimd/issues/1030
./disable-test_error_gamma.patch
# https://github.com/xtensor-stack/xsimd/issues/1063
./relax-asin-precision.diff
];
# strictDeps raises the chance that xsimd will be able to be cross compiled
strictDeps = true;
@ -54,17 +45,17 @@ stdenv.mkDerivation (finalAttrs: {
doCheck = true;
checkTarget = "xtest";
meta = with lib; {
meta = {
changelog = "https://github.com/xtensor-stack/xsimd/blob/${finalAttrs.version}/Changelog.rst#${
builtins.replaceStrings [ "." ] [ "" ] finalAttrs.version
}";
description = "C++ wrappers for SIMD intrinsics";
homepage = "https://github.com/xtensor-stack/xsimd";
license = licenses.bsd3;
maintainers = with maintainers; [
license = lib.licenses.bsd3;
maintainers = with lib.maintainers; [
tobim
doronbehar
];
platforms = platforms.all;
platforms = lib.platforms.all;
};
})

9
pkgs/development/compilers/ghc/8.10.7-binary.nix
View file

@ -388,6 +388,15 @@ stdenv.mkDerivation {
# calls install-strip ...
dontBuild = true;
# GHC tries to remove xattrs when installing to work around Gatekeeper
# (see https://gitlab.haskell.org/ghc/ghc/-/issues/17418). This step normally
# succeeds in nixpkgs because xattrs are not allowed in the store, but it
# can fail when a file has the `com.apple.provenance` xattr, and it cant be
# modified (such as target of the symlink to `libiconv.dylib`).
# The `com.apple.provenance` xattr is a new feature of macOS as of macOS 13.
# See: https://eclecticlight.co/2023/03/13/ventura-has-changed-app-quarantine-with-a-new-xattr/
makeFlags = lib.optionals stdenv.buildPlatform.isDarwin [ "XATTR=/does-not-exist" ];
# Patch scripts to include runtime dependencies in $PATH.
postInstall = ''
for i in "$out/bin/"*; do

9
pkgs/development/compilers/ghc/8.6.5-binary.nix
View file

@ -178,6 +178,15 @@ stdenv.mkDerivation rec {
# calls install-strip ...
dontBuild = true;
# GHC tries to remove xattrs when installing to work around Gatekeeper
# (see https://gitlab.haskell.org/ghc/ghc/-/issues/17418). This step normally
# succeeds in nixpkgs because xattrs are not allowed in the store, but it
# can fail when a file has the `com.apple.provenance` xattr, and it cant be
# modified (such as target of the symlink to `libiconv.dylib`).
# The `com.apple.provenance` xattr is a new feature of macOS as of macOS 13.
# See: https://eclecticlight.co/2023/03/13/ventura-has-changed-app-quarantine-with-a-new-xattr/
makeFlags = lib.optionals stdenv.buildPlatform.isDarwin [ "XATTR=/does-not-exist" ];
# Patch scripts to include runtime dependencies in $PATH.
postInstall = ''
for i in "$out/bin/"*; do

9
pkgs/development/compilers/ghc/9.2.4-binary.nix
View file

@ -342,6 +342,15 @@ stdenv.mkDerivation {
# calls install-strip ...
dontBuild = true;
# GHC tries to remove xattrs when installing to work around Gatekeeper
# (see https://gitlab.haskell.org/ghc/ghc/-/issues/17418). This step normally
# succeeds in nixpkgs because xattrs are not allowed in the store, but it
# can fail when a file has the `com.apple.provenance` xattr, and it cant be
# modified (such as target of the symlink to `libiconv.dylib`).
# The `com.apple.provenance` xattr is a new feature of macOS as of macOS 13.
# See: https://eclecticlight.co/2023/03/13/ventura-has-changed-app-quarantine-with-a-new-xattr/
makeFlags = lib.optionals stdenv.buildPlatform.isDarwin [ "XATTR=/does-not-exist" ];
# Patch scripts to include runtime dependencies in $PATH.
postInstall = ''
for i in "$out/bin/"*; do

9
pkgs/development/compilers/ghc/9.6.3-binary.nix
View file

@ -326,6 +326,15 @@ stdenv.mkDerivation {
# calls install-strip ...
dontBuild = true;
# GHC tries to remove xattrs when installing to work around Gatekeeper
# (see https://gitlab.haskell.org/ghc/ghc/-/issues/17418). This step normally
# succeeds in nixpkgs because xattrs are not allowed in the store, but it
# can fail when a file has the `com.apple.provenance` xattr, and it cant be
# modified (such as target of the symlink to `libiconv.dylib`).
# The `com.apple.provenance` xattr is a new feature of macOS as of macOS 13.
# See: https://eclecticlight.co/2023/03/13/ventura-has-changed-app-quarantine-with-a-new-xattr/
makeFlags = lib.optionals stdenv.buildPlatform.isDarwin [ "XATTR=/does-not-exist" ];
# Patch scripts to include runtime dependencies in $PATH.
postInstall =
''

19
pkgs/development/compilers/ghc/common-make-native-bignum.nix
View file

@ -364,6 +364,18 @@ stdenv.mkDerivation (
else
./Cabal-3.2-3.4-paths-fix-cycle-aarch64-darwin.patch
)
]
# Fixes stack overrun in rts which crashes an process whenever
# freeHaskellFunPtr is called with nixpkgs' hardening flags.
# https://gitlab.haskell.org/ghc/ghc/-/issues/25485
# https://gitlab.haskell.org/ghc/ghc/-/merge_requests/13599
# TODO: patch doesn't apply for < 9.4, but may still be necessary?
++ lib.optionals (lib.versionAtLeast version "9.4") [
(fetchpatch {
name = "ghc-rts-adjustor-fix-i386-stack-overrun.patch";
url = "https://gitlab.haskell.org/ghc/ghc/-/commit/39bb6e583d64738db51441a556d499aa93a4fc4a.patch";
sha256 = "0w5fx413z924bi2irsy1l4xapxxhrq158b5gn6jzrbsmhvmpirs0";
})
];
postPatch = "patchShebangs .";
@ -593,6 +605,13 @@ stdenv.mkDerivation (
# Hydra which already warrants a significant speedup
requiredSystemFeatures = [ "big-parallel" ];
# Install occasionally fails due to a race condition in minimal builds.
# > /nix/store/wyzpysxwgs3qpvmylm9krmfzh2plicix-coreutils-9.7/bin/install -c -m 755 -d "/nix/store/xzb3390rhvhg2a0cvzmrvjspw1d8nf8h-ghc-riscv64-unknown-linux-gnu-9.4.8/bin"
# > install: cannot create regular file '/nix/store/xzb3390rhvhg2a0cvzmrvjspw1d8nf8h-ghc-riscv64-unknown-linux-gnu-9.4.8/lib/ghc-9.4.8': No such file or directory
preInstall = ''
mkdir -p "$out/lib/${passthru.haskellCompilerName}"
'';
postInstall =
''
settingsFile="$out/lib/${targetPrefix}${passthru.haskellCompilerName}/settings"

4
pkgs/development/compilers/go/1.24.nix
View file

@ -27,11 +27,11 @@ let
in
stdenv.mkDerivation (finalAttrs: {
pname = "go";
version = "1.24.3";
version = "1.24.4";
src = fetchurl {
url = "https://go.dev/dl/go${finalAttrs.version}.src.tar.gz";
hash = "sha256-IpwItgCxRGeYEJ+uH1aSKBAshHPKuoEEtkGMtbwDKHg=";
hash = "sha256-WoaoOjH5+oFJC4xUIKw4T9PZWj5x+6Zlx7P5XR3+8rQ=";
};
strictDeps = true;

2
pkgs/development/compilers/llvm/common/clang/default.nix
View file

@ -201,6 +201,8 @@ stdenv.mkDerivation (
"python"
];
separateDebugInfo = true;
postInstall =
''
ln -sv $out/bin/clang $out/bin/cpp

2
pkgs/development/compilers/llvm/common/llvm/default.nix
View file

@ -526,6 +526,8 @@ stdenv.mkDerivation (
optionalString stdenv.hostPlatform.isFreeBSD ''
rm test/tools/llvm-libtool-darwin/L-and-l.test
rm test/ExecutionEngine/Interpreter/intrinsics.ll
# Fails in sandbox
substituteInPlace unittests/Support/LockFileManagerTest.cpp --replace-fail "Basic" "DISABLED_Basic"
''
+ ''
patchShebangs test/BugPoint/compile-custom.ll.py

5
pkgs/development/compilers/llvm/common/tblgen.nix
View file

@ -7,6 +7,7 @@
ninja,
patches ? [ ],
python3,
updateAutotoolsGnuConfigScriptsHook,
release_version,
runCommand,
src ? null,
@ -76,6 +77,10 @@ let
cmake
ninja
python3
# while this is not an autotools build, it still includes a config.guess
# this is needed until scripts are updated to not use /usr/bin/uname on FreeBSD native
updateAutotoolsGnuConfigScriptsHook
];
cmakeFlags = [

16
pkgs/development/interpreters/python/default.nix
View file

@ -21,10 +21,10 @@
sourceVersion = {
major = "3";
minor = "13";
patch = "3";
patch = "4";
suffix = "";
};
hash = "sha256-QPhovL3rgUmjFJWAu5v9QHszIc1I8L5jGvlVrJLA4EE=";
hash = "sha256-J7FaeXViopcdzj/+MbshYELOC5lbOddozxX3hMx1c2U=";
};
};
@ -48,10 +48,10 @@
sourceVersion = {
major = "3";
minor = "10";
patch = "17";
patch = "18";
suffix = "";
};
hash = "sha256-TGgFDwSdG0rFqt0N9fJ5QcA1DSqeerCQfuXrUiXZ1rA=";
hash = "sha256-rmZbxnir2atqbhVz0kgWJaU3GbxRfppjTtK5/vrjgX8=";
inherit passthruFun;
};
@ -60,10 +60,10 @@
sourceVersion = {
major = "3";
minor = "11";
patch = "12";
patch = "13";
suffix = "";
};
hash = "sha256-hJ2oevTfE3cQwXluJ2qVX3qFyflxCBBnyPVl0Vw1Kgk=";
hash = "sha256-j7X5+8dgn6giyzFUmIRXXbf9llfL/7iVELXXl1ljqDo=";
inherit passthruFun;
};
@ -72,10 +72,10 @@
sourceVersion = {
major = "3";
minor = "12";
patch = "10";
patch = "11";
suffix = "";
};
hash = "sha256-B6tpdHRZXgbwZkdBfTx/qX3tB6/Bp+RFTFY5kZtG6uo=";
hash = "sha256-wwuyS38emhmxG1WlRkNPdOc5u0wnGj46gP9DgNSfets=";
inherit passthruFun;
};

6
pkgs/development/libraries/avahi/default.nix
View file

@ -134,6 +134,12 @@ stdenv.mkDerivation rec {
url = "https://github.com/avahi/avahi/commit/f8710bdc8b29ee1176fe3bfaeabebbda1b7a79f7.patch";
hash = "sha256-BUQOQ4evKLBzV5UV8xW8XL38qk1rg6MJ/vcT5NBckfA=";
})
# https://github.com/avahi/avahi/pull/265 merged Mar 3, 2020
(fetchpatch {
name = "fix-requires-in-pc-file.patch";
url = "https://github.com/avahi/avahi/commit/366e3798bdbd6b7bf24e59379f4a9a51af575ce9.patch";
hash = "sha256-9AdhtzrimmcpMmeyiFcjmDfG5nqr/S8cxWTaM1mzCWA=";
})
];
depsBuildBuild = [

41
pkgs/development/libraries/fontconfig/default.nix
View file

@ -10,12 +10,14 @@
gperf,
dejavu_fonts,
autoreconfHook,
versionCheckHook,
testers,
gitUpdater,
}:
stdenv.mkDerivation (finalAttrs: {
pname = "fontconfig";
version = "2.16.0";
version = "2.16.2";
outputs = [
"bin"
@ -24,11 +26,11 @@ stdenv.mkDerivation (finalAttrs: {
"out"
]; # $out contains all the config
# GitLab repositrory does not include pre-generated man pages.
# ref: https://github.com/NixOS/nixpkgs/pull/401037#discussion_r2055430206
src = fetchurl {
url =
with finalAttrs;
"https://www.freedesktop.org/software/fontconfig/release/${pname}-${version}.tar.xz";
hash = "sha256-ajPcVVzJuosQyvdpWHjvE07rNtCvNmBB9jmx2ptu0iA=";
url = "https://gitlab.freedesktop.org/api/v4/projects/890/packages/generic/fontconfig/${finalAttrs.version}/fontconfig-${finalAttrs.version}.tar.xz";
hash = "sha256-FluP0qEZhkyHRksjOYbEobwJ77CcZd4cpAzB6F/7d+I=";
};
nativeBuildInputs = [
@ -91,9 +93,32 @@ stdenv.mkDerivation (finalAttrs: {
rm -r $bin/share/man/man3
'';
passthru.tests = {
pkg-config = testers.hasPkgConfigModules {
package = finalAttrs.finalPackage;
nativeInstallCheckInputs = [
versionCheckHook
];
doInstallCheck = true;
versionCheckProgram = "${placeholder "bin"}/bin/fc-list";
versionCheckProgramArg = "--version";
installCheckPhase = ''
runHook preInstallCheck
[ -d "$bin/share/man/man1" ]
[ -d "$bin/share/man/man5" ]
echo "man pages exist"
runHook postInstallCheck
'';
passthru = {
tests = {
pkg-config = testers.hasPkgConfigModules {
package = finalAttrs.finalPackage;
};
};
updateScript = gitUpdater {
url = "https://gitlab.freedesktop.org/fontconfig/fontconfig.git";
};
};

6
pkgs/development/libraries/libunwind/default.nix
View file

@ -11,13 +11,13 @@
stdenv.mkDerivation (finalAttrs: {
pname = "libunwind";
version = "1.8.1";
version = "1.8.2";
src = fetchFromGitHub {
owner = "libunwind";
repo = "libunwind";
rev = "v${finalAttrs.version}";
hash = "sha256-rCFBHs6rCSnp5FEwbUR5veNNTqSQpFblAv8ebSPX0qE=";
hash = "sha256-MsUReXFHlj15SgEZHOYhdSfAbSeVVl8LCi4NnUwvhpw=";
};
patches = lib.optional (stdenv.targetPlatform.useLLVM or false) (fetchpatch {
@ -60,6 +60,8 @@ stdenv.mkDerivation (finalAttrs: {
propagatedBuildInputs = [ xz ];
enableParallelBuilding = true;
postInstall = ''
find $out -name \*.la | while read file; do
sed -i 's,-llzma,${xz.out}/lib/liblzma.la,' $file

3
pkgs/development/libraries/sqlite/default.nix
View file

@ -88,7 +88,10 @@ stdenv.mkDerivation rec {
"-DSQLITE_ENABLE_FTS3_TOKENIZER"
"-DSQLITE_ENABLE_FTS4"
"-DSQLITE_ENABLE_FTS5"
"-DSQLITE_ENABLE_GEOPOLY"
"-DSQLITE_ENABLE_MATH_FUNCTIONS"
"-DSQLITE_ENABLE_PREUPDATE_HOOK"
"-DSQLITE_ENABLE_RBU"
"-DSQLITE_ENABLE_RTREE"
"-DSQLITE_ENABLE_SESSION"
"-DSQLITE_ENABLE_STMT_SCANSTATUS"

2
pkgs/development/python-modules/ahocorasick-rs/default.nix
View file

@ -42,6 +42,8 @@ buildPythonPackage rec {
hypothesis
];
pytestFlagsArray = [ "--benchmark-disable" ];
pythonImportsCheck = [ "ahocorasick_rs" ];
meta = with lib; {

2
pkgs/development/python-modules/automat/default.nix
View file

@ -32,6 +32,8 @@ let
pytestCheckHook
];
pytestFlagsArray = [ "--benchmark-disable" ];
# escape infinite recursion with twisted
doCheck = false;

11
pkgs/development/python-modules/aws-secretsmanager-caching/default.nix
View file

@ -3,6 +3,7 @@
botocore,
buildPythonPackage,
fetchPypi,
pytest-cov-stub,
pytestCheckHook,
pythonAtLeast,
pythonOlder,
@ -23,11 +24,6 @@ buildPythonPackage rec {
hash = "sha256-9tbsnUPg2+T21d6982tMtpHRWpZ7NYsldfXZGXSmwP8=";
};
patches = [
# Remove coverage tests from the pytest invocation in setup.cfg.
./remove-coverage-tests.patch
];
postPatch = ''
substituteInPlace setup.py \
--replace-fail "'pytest-runner'," ""
@ -40,7 +36,10 @@ buildPythonPackage rec {
setuptools # Needs pkg_resources at runtime.
];
nativeCheckInputs = [ pytestCheckHook ];
nativeCheckInputs = [
pytest-cov-stub
pytestCheckHook
];
disabledTestPaths = [
# Integration tests require networking.

14
pkgs/development/python-modules/aws-secretsmanager-caching/remove-coverage-tests.patch
View file

@ -1,14 +0,0 @@
diff --git a/setup.cfg b/setup.cfg
index 5aa81b2..0c02ded 100644
--- a/setup.cfg
+++ b/setup.cfg
@@ -3,9 +3,6 @@ xfail_strict = true
addopts =
--verbose
--doctest-modules
- --cov aws_secretsmanager_caching
- --cov-fail-under 90
- --cov-report term-missing
--ignore doc/
[aliases]

2
pkgs/development/python-modules/boost-histogram/default.nix
View file

@ -58,6 +58,8 @@ buildPythonPackage rec {
pytest-benchmark
];
pytestFlagsArray = [ "--benchmark-disable" ];
disabledTests = lib.optionals (stdenv.hostPlatform.isDarwin && stdenv.hostPlatform.isAarch64) [
# Segfaults: boost_histogram/_internal/hist.py", line 799 in sum
# Fatal Python error: Segmentation fault

39
pkgs/development/python-modules/cairosvg/default.nix
View file

@ -1,30 +1,37 @@
{
lib,
buildPythonPackage,
fetchFromGitHub,
# build-system
setuptools,
# dependencies
cairocffi,
cssselect2,
defusedxml,
fetchPypi,
pillow,
pytestCheckHook,
setuptools,
tinycss2,
# testing
pytestCheckHook,
}:
buildPythonPackage rec {
pname = "cairosvg";
version = "2.7.1";
version = "2.8.2";
pyproject = true;
src = fetchPypi {
pname = "CairoSVG";
inherit version;
hash = "sha256-QyUx1yNHKRuanr+2d3AmtgdWP9hxnEbudC2wrvcnG6A=";
src = fetchFromGitHub {
owner = "Kozea";
repo = "CairoSVG";
tag = version;
hash = "sha256-KWUZA8pcHMnDEkAYZt3zDzPNynhGBuLZuagNPfHF8EA=";
};
nativeBuildInputs = [ setuptools ];
build-system = [ setuptools ];
propagatedBuildInputs = [
dependencies = [
cairocffi
cssselect2
defusedxml
@ -32,20 +39,10 @@ buildPythonPackage rec {
tinycss2
];
propagatedNativeBuildInputs = [ cairocffi ];
nativeBuildInputs = [ cairocffi ];
nativeCheckInputs = [ pytestCheckHook ];
postPatch = ''
substituteInPlace setup.cfg \
--replace "pytest-runner" "" \
--replace "pytest-flake8" "" \
--replace "pytest-isort" "" \
--replace "pytest-cov" "" \
--replace "--flake8" "" \
--replace "--isort" ""
'';
pytestFlagsArray = [ "cairosvg/test_api.py" ];
pythonImportsCheck = [ "cairosvg" ];

7
pkgs/development/python-modules/clldutils/default.nix
View file

@ -11,6 +11,7 @@
mock,
postgresql,
pylatexenc,
pytest-cov-stub,
pytest-mock,
pytestCheckHook,
python-dateutil,
@ -32,11 +33,6 @@ buildPythonPackage rec {
hash = "sha256-OD+WJ9JuYZb/oXDgVqL4i5YlcVEt0+swq0SB3cutyRo=";
};
patchPhase = ''
substituteInPlace setup.cfg \
--replace-fail "--cov" ""
'';
nativeBuildInputs = [ setuptools ];
propagatedBuildInputs = [
@ -53,6 +49,7 @@ buildPythonPackage rec {
nativeCheckInputs = [
mock
postgresql
pytest-cov-stub
pytest-mock
pytestCheckHook
git

11
pkgs/development/python-modules/colorzero/default.nix
View file

@ -4,6 +4,7 @@
fetchFromGitHub,
pkginfo,
pytestCheckHook,
pytest-cov-stub,
}:
buildPythonPackage rec {
@ -18,16 +19,14 @@ buildPythonPackage rec {
hash = "sha256-0NoQsy86OHQNLZsTEuF5s2MlRUoacF28jNeHgFKAH14=";
};
postPatch = ''
substituteInPlace setup.cfg \
--replace "--cov" ""
'';
nativeBuildInputs = [ pkginfo ];
pythonImportsCheck = [ "colorzero" ];
nativeCheckInputs = [ pytestCheckHook ];
nativeCheckInputs = [
pytestCheckHook
pytest-cov-stub
];
meta = with lib; {
description = "Yet another Python color library";

11
pkgs/development/python-modules/configupdater/default.nix
View file

@ -3,6 +3,7 @@
buildPythonPackage,
fetchPypi,
pytestCheckHook,
pytest-cov-stub,
setuptools-scm,
}:
@ -17,16 +18,14 @@ buildPythonPackage rec {
hash = "sha256-n9rFODHBsGKSm/OYtkm4fKMOfxpzXz+/SCBygEEGMGs=";
};
postPatch = ''
substituteInPlace setup.cfg \
--replace '--cov configupdater --cov-report term-missing' ""
'';
nativeBuildInputs = [ setuptools-scm ];
pythonImportsCheck = [ "configupdater" ];
nativeCheckInputs = [ pytestCheckHook ];
nativeCheckInputs = [
pytestCheckHook
pytest-cov-stub
];
meta = with lib; {
description = "Parser like ConfigParser but for updating configuration files";

10
pkgs/development/python-modules/convertertools/default.nix
View file

@ -11,6 +11,7 @@
# checks
pytestCheckHook,
pytest-cov-stub,
}:
buildPythonPackage rec {
@ -27,17 +28,16 @@ buildPythonPackage rec {
hash = "sha256-Oy1Nf/mS2Lr2N7OB27QDlW+uuhafib2kolEXzXLppWU=";
};
postPatch = ''
sed -i "/--cov/d" pyproject.toml
'';
build-system = [
cython
poetry-core
setuptools
];
nativeCheckInputs = [ pytestCheckHook ];
nativeCheckInputs = [
pytestCheckHook
pytest-cov-stub
];
pythonImportsCheck = [ "convertertools" ];

7
pkgs/development/python-modules/csvw/default.nix
View file

@ -10,6 +10,7 @@
rfc3986,
uritemplate,
pytestCheckHook,
pytest-cov-stub,
pytest-mock,
}:
@ -37,14 +38,10 @@ buildPythonPackage rec {
nativeCheckInputs = [
pytestCheckHook
pytest-cov-stub
pytest-mock
];
patchPhase = ''
substituteInPlace setup.cfg \
--replace "--cov" ""
'';
disabledTests =
[
# this test is flaky on darwin because it depends on the resolution of filesystem mtimes

4
pkgs/development/python-modules/dbus-next/default.nix
View file

@ -6,7 +6,6 @@
setuptools,
dbus,
pytest,
pytest-cov-stub,
pytest-asyncio,
pytest-timeout,
}:
@ -28,7 +27,6 @@ buildPythonPackage rec {
nativeCheckInputs = [
dbus
pytest
pytest-cov-stub
pytest-asyncio
pytest-timeout
];
@ -42,7 +40,7 @@ buildPythonPackage rec {
checkPhase = ''
runHook preCheck
dbus-run-session --config-file=${dbus}/share/dbus-1/session.conf \
${python.interpreter} -m pytest -sv --cov=dbus_next \
${python.interpreter} -m pytest -sv \
-k "not test_peer_interface and not test_tcp_connection_with_forwarding"
runHook postCheck
'';

5
pkgs/development/python-modules/deltalake/default.nix
View file

@ -78,7 +78,10 @@ buildPythonPackage rec {
rm -rf deltalake
'';
pytestFlagsArray = [ "-m 'not integration'" ];
pytestFlagsArray = [
"--benchmark-disable"
"-m 'not integration'"
];
meta = with lib; {
description = "Native Rust library for Delta Lake, with bindings into Python";

7
pkgs/development/python-modules/demes/default.nix
View file

@ -7,6 +7,7 @@
attrs,
pythonOlder,
pytest7CheckHook,
pytest-cov-stub,
pytest-xdist,
numpy,
}:
@ -29,13 +30,9 @@ buildPythonPackage rec {
attrs
];
postPatch = ''
# remove coverage arguments to pytest
sed -i '/--cov/d' setup.cfg
'';
nativeCheckInputs = [
pytest7CheckHook
pytest-cov-stub
pytest-xdist
numpy
];

7
pkgs/development/python-modules/demesdraw/default.nix
View file

@ -10,6 +10,7 @@
scipy,
pythonOlder,
pytestCheckHook,
pytest-cov-stub,
pytest-xdist,
mpmath,
}:
@ -34,17 +35,13 @@ buildPythonPackage rec {
scipy
];
postPatch = ''
# remove coverage arguments to pytest
sed -i '/--cov/d' setup.cfg
'';
# This variable is needed to suppress the "Trace/BPT trap: 5" error in Darwin's checkPhase.
# Not sure of the details, but we can avoid it by changing the matplotlib backend during testing.
env.MPLBACKEND = lib.optionalString stdenv.hostPlatform.isDarwin "Agg";
nativeCheckInputs = [
pytestCheckHook
pytest-cov-stub
pytest-xdist
mpmath
];

7
pkgs/development/python-modules/discovery30303/default.nix
View file

@ -4,6 +4,7 @@
fetchFromGitHub,
poetry-core,
pytest-asyncio,
pytest-cov-stub,
pytestCheckHook,
pythonOlder,
}:
@ -22,15 +23,11 @@ buildPythonPackage rec {
hash = "sha256-QIGLRe+nUV3tUOs+pu6Qk/2Amh9IVcQq89o2JeKiTvM=";
};
postPatch = ''
substituteInPlace pyproject.toml \
--replace-fail " --cov=discovery30303" ""
'';
nativeBuildInputs = [ poetry-core ];
nativeCheckInputs = [
pytest-asyncio
pytest-cov-stub
pytestCheckHook
];

6
pkgs/development/python-modules/diskcache/default.nix
View file

@ -3,6 +3,7 @@
stdenv,
buildPythonPackage,
fetchFromGitHub,
pytest-cov-stub,
pytest-django,
pytest-xdist,
pytestCheckHook,
@ -24,15 +25,12 @@ buildPythonPackage rec {
};
nativeCheckInputs = [
pytest-cov-stub
pytest-django
pytest-xdist
pytestCheckHook
];
postPatch = ''
sed -i "/--cov/d" tox.ini
'';
# Darwin sandbox causes most tests to fail
doCheck = !stdenv.hostPlatform.isDarwin;

6
pkgs/development/python-modules/django-markup/default.nix
View file

@ -20,6 +20,7 @@
textile,
# tests
pytest-cov-stub,
pytest-django,
pytestCheckHook,
}:
@ -38,10 +39,6 @@ buildPythonPackage rec {
hash = "sha256-dj5Z36W4Stly203SKWpR/DF+Wf7+ejbZnDCmHNRb3c0=";
};
postPatch = ''
sed -i "/--cov/d" pyproject.toml
'';
build-system = [ poetry-core ];
dependencies = [ django ];
@ -61,6 +58,7 @@ buildPythonPackage rec {
pythonImportsCheck = [ "django_markup" ];
nativeCheckInputs = [
pytest-cov-stub
pytest-django
pytestCheckHook
] ++ optional-dependencies.all_filter_dependencies;

4
pkgs/development/python-modules/django/4.nix
View file

@ -45,7 +45,7 @@
buildPythonPackage rec {
pname = "django";
version = "4.2.21";
version = "4.2.22";
format = "pyproject";
disabled = pythonOlder "3.8";
@ -54,7 +54,7 @@ buildPythonPackage rec {
owner = "django";
repo = "django";
rev = "refs/tags/${version}";
hash = "sha256-GiOPIuYJAkMPW8JccJvFEoQi36rCmySHeLB7mAmg6CM=";
hash = "sha256-+kq3GF2Q8uaa+UsZK5uWQIyW9tSjfKAE+yiuDTSVwwA=";
};
patches =

4
pkgs/development/python-modules/dramatiq/default.nix
View file

@ -9,6 +9,7 @@
prometheus-client,
pylibmc,
pytestCheckHook,
pytest-cov-stub,
redis,
setuptools,
watchdog,
@ -54,6 +55,7 @@ buildPythonPackage rec {
nativeCheckInputs = [
pytestCheckHook
pytest-cov-stub
pika
redis
pylibmc
@ -61,8 +63,6 @@ buildPythonPackage rec {
postPatch = ''
sed -i ./setup.cfg \
-e 's:--cov dramatiq::' \
-e 's:--cov-report html::' \
-e 's:--benchmark-autosave::' \
-e 's:--benchmark-compare::' \
'';

8
pkgs/development/python-modules/duecredit/default.nix
View file

@ -5,6 +5,7 @@
pythonOlder,
setuptools,
pytestCheckHook,
pytest-cov-stub,
vcrpy,
citeproc-py,
looseversion,
@ -23,12 +24,6 @@ buildPythonPackage rec {
hash = "sha256-/nOiDk+7LZcroB7fN97BsLoeZG7+XvTMrwxnJMoofUI=";
};
postPatch = ''
substituteInPlace tox.ini \
--replace-fail "--cov=duecredit" "" \
--replace-fail "--cov-config=tox.ini" ""
'';
nativeBuildInputs = [ setuptools ];
propagatedBuildInputs = [
citeproc-py
@ -38,6 +33,7 @@ buildPythonPackage rec {
nativeCheckInputs = [
pytestCheckHook
pytest-cov-stub
vcrpy
];
disabledTests = [ "test_import_doi" ]; # tries to access network

5
pkgs/development/python-modules/energyzero/default.nix
View file

@ -6,6 +6,7 @@
fetchFromGitHub,
poetry-core,
pytest-asyncio,
pytest-cov-stub,
pytest-freezer,
pytestCheckHook,
pythonOlder,
@ -29,8 +30,7 @@ buildPythonPackage rec {
postPatch = ''
substituteInPlace pyproject.toml \
--replace-fail '"0.0.0"' '"${version}"' \
--replace-fail 'addopts = "--cov"' ""
--replace-fail '"0.0.0"' '"${version}"'
'';
build-system = [ poetry-core ];
@ -43,6 +43,7 @@ buildPythonPackage rec {
nativeCheckInputs = [
aresponses
pytest-asyncio
pytest-cov-stub
pytest-freezer
pytestCheckHook
syrupy

2
pkgs/development/python-modules/fastcrc/default.nix
View file

@ -42,6 +42,8 @@ buildPythonPackage {
pytest-benchmark
];
pytestFlagsArray = [ "--benchmark-disable" ];
# Python source files interfere with testing
preCheck = ''
rm -r fastcrc

6
pkgs/development/python-modules/flask-dramatiq/default.nix
View file

@ -8,6 +8,7 @@
flask,
requests,
pytestCheckHook,
pytest-cov-stub,
flask-migrate,
periodiq,
postgresql,
@ -35,10 +36,6 @@ buildPythonPackage {
--replace 'poetry.masonry.api' 'poetry.core.masonry.api'
patchShebangs --build ./example.py
sed -i ./tests/unit/pytest.ini \
-e 's:--cov=flask_dramatiq::' \
-e 's:--cov-report=term-missing::'
'';
nativeBuildInputs = [ poetry-core ];
@ -47,6 +44,7 @@ buildPythonPackage {
nativeCheckInputs = [
pytestCheckHook
pytest-cov-stub
flask
requests
flask-migrate

6
pkgs/development/python-modules/flit-gettext/default.nix
View file

@ -15,6 +15,7 @@
# tests
build,
pytestCheckHook,
pytest-cov-stub,
}:
buildPythonPackage rec {
@ -35,10 +36,6 @@ buildPythonPackage rec {
})
];
postPatch = ''
sed -i "s/--cov//" pyproject.toml
'';
nativeBuildInputs = [
flit-scm
wheel
@ -53,6 +50,7 @@ buildPythonPackage rec {
nativeCheckInputs = [
build
pytestCheckHook
pytest-cov-stub
wheel
] ++ optional-dependencies.scm;

7
pkgs/development/python-modules/flufl/i18n.nix
View file

@ -6,6 +6,7 @@
atpublic,
pdm-pep517,
pytestCheckHook,
pytest-cov-stub,
sybil,
}:
@ -22,11 +23,6 @@ buildPythonPackage rec {
hash = "sha256-wKz6aggkJ9YBJ+o75XjC4Ddnn+Zi9hlYDnliwTc7DNs=";
};
postPatch = ''
substituteInPlace pyproject.toml \
--replace "--cov=flufl --cov-report=term --cov-report=xml" ""
'';
nativeBuildInputs = [ pdm-pep517 ];
propagatedBuildInputs = [ atpublic ];
@ -35,6 +31,7 @@ buildPythonPackage rec {
nativeCheckInputs = [
pytestCheckHook
pytest-cov-stub
sybil
];

Some files were not shown because too many files have changed in this diff Show more