From 0b041bba27993118d72c38cf25e46b4c1cac799c Mon Sep 17 00:00:00 2001 From: diniamo Date: Sat, 31 May 2025 20:24:21 +0200 Subject: [PATCH 01/35] discord: allow not disabling updates (cherry picked from commit 2605d3a9dbf9ac92632bbfb1e7dd41187ada2f48) --- .../networking/instant-messengers/discord/linux.nix | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/pkgs/applications/networking/instant-messengers/discord/linux.nix b/pkgs/applications/networking/instant-messengers/discord/linux.nix index bf94609409a8..be1542797e95 100644 --- a/pkgs/applications/networking/instant-messengers/discord/linux.nix +++ b/pkgs/applications/networking/instant-messengers/discord/linux.nix @@ -66,6 +66,10 @@ moonlight, withTTS ? true, enableAutoscroll ? false, + # Disabling this would normally break Discord. + # The intended use-case for this is when SKIP_HOST_UPDATE is enabled via other means, + # for example if a settings.json is linked declaratively (e.g., with home-manager). + disableUpdates ? true, }: assert lib.assertMsg ( !(withMoonlight && withVencord) @@ -180,7 +184,7 @@ stdenv.mkDerivation rec { ${lib.strings.optionalString enableAutoscroll "--add-flags \"--enable-blink-features=MiddleClickAutoscroll\""} \ --prefix XDG_DATA_DIRS : "${gtk3}/share/gsettings-schemas/${gtk3.name}/" \ --prefix LD_LIBRARY_PATH : ${libPath}:$out/opt/${binaryName} \ - --run "${lib.getExe disableBreakingUpdates}" + ${lib.strings.optionalString disableUpdates "--run ${lib.getExe disableBreakingUpdates}"} ln -s $out/opt/${binaryName}/${binaryName} $out/bin/ # Without || true the install would fail on case-insensitive filesystems From f1dd86bff82c28193cb5856d5f434a7b5e87e1b7 Mon Sep 17 00:00:00 2001 From: Katherine Jamison Date: Fri, 30 May 2025 16:08:46 -0600 Subject: [PATCH 02/35] linuxKernel.kernels.linux_zen: 6.14.7-zen1 -> 6.14.9-zen1 (cherry picked from commit 98da4519c9b8b3775c4d987dadc61ceaceeadfb2) --- pkgs/os-specific/linux/kernel/zen-kernels.nix | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/pkgs/os-specific/linux/kernel/zen-kernels.nix b/pkgs/os-specific/linux/kernel/zen-kernels.nix index 79d056d2cf91..7e789bed9399 100644 --- a/pkgs/os-specific/linux/kernel/zen-kernels.nix +++ b/pkgs/os-specific/linux/kernel/zen-kernels.nix @@ -16,9 +16,9 @@ let variants = { # ./update-zen.py zen zen = { - version = "6.14.7"; # zen + version = "6.14.9"; # zen suffix = "zen1"; # zen - sha256 = "04vcy71wjs6n1ahnva55i0czayn96w8qq0b0v0qymcq9lrbms2mr"; # zen + sha256 = "1v28cdv8dyn5181z242f63ns6b472jx8a7wmw77n5wijj8fv5ba1"; # zen isLqx = false; }; # ./update-zen.py lqx From 6f4cf132d5fcb25ccb2bf9affb95272d361f3e6a Mon Sep 17 00:00:00 2001 From: Katherine Jamison Date: Fri, 30 May 2025 16:10:25 -0600 Subject: [PATCH 03/35] linuxKernel.kernels.linux_lqx: 6.14.7-lqx1 -> 6.14.9-lqx1 (cherry picked from commit 4bf93b4e31eb2292f47f13131cd42bbafa589966) --- pkgs/os-specific/linux/kernel/zen-kernels.nix | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/pkgs/os-specific/linux/kernel/zen-kernels.nix b/pkgs/os-specific/linux/kernel/zen-kernels.nix index 7e789bed9399..852eacf43829 100644 --- a/pkgs/os-specific/linux/kernel/zen-kernels.nix +++ b/pkgs/os-specific/linux/kernel/zen-kernels.nix @@ -23,9 +23,9 @@ let }; # ./update-zen.py lqx lqx = { - version = "6.14.7"; # lqx + version = "6.14.9"; # lqx suffix = "lqx1"; # lqx - sha256 = "0in1ymvnac9kic974r5sqkk730fm71d49q0cgzk7lj1ykd9jzxpp"; # lqx + sha256 = "1f8sram3xabv119pznpixpm5igyxf33wkg4v8fm5nh9c9g91q19j"; # lqx isLqx = true; }; }; From 6c2a0dbca4447767f1e00f0643eb4a05f9251e10 Mon Sep 17 00:00:00 2001 From: h0nIg Date: Mon, 2 Jun 2025 21:17:59 +0200 Subject: [PATCH 04/35] google-cloud-sdk: 2nd fix for pyopenssl (cherry picked from commit fee9749b90b5bbe51760d9515ff326ef39e1ef39) --- pkgs/tools/admin/google-cloud-sdk/default.nix | 8 +++++++- 1 file changed, 7 insertions(+), 1 deletion(-) diff --git a/pkgs/tools/admin/google-cloud-sdk/default.nix b/pkgs/tools/admin/google-cloud-sdk/default.nix index 356353a99d88..04557b36753b 100644 --- a/pkgs/tools/admin/google-cloud-sdk/default.nix +++ b/pkgs/tools/admin/google-cloud-sdk/default.nix @@ -25,12 +25,18 @@ let pythonCustom = python3.override { self = pythonCustom; packageOverrides = _: super: { + # include a compatible pyopenssl version: https://github.com/NixOS/nixpkgs/issues/379291 + # remove ASAP: https://github.com/googleapis/google-api-python-client/issues/2554 pyopenssl = super.pyopenssl.overridePythonAttrs (old: rec { version = "24.2.1"; src = old.src.override { tag = version; - hash = "sha256-otK7Y7Kb/l3QOErhAcuDHB/CKG9l1vH2BTnOieAWNc0="; + hash = "sha256-/TQnDWdycN4hQ7ZGvBhMJEZVafmL+0wy9eJ8hC6rfio="; }; + disabledTests = old.disabledTests ++ [ + "test_shutdown_closed" + "test_closed" + ]; }); }; }; From e6349fb1da5b2eafb287f3baded8d14301f87d84 Mon Sep 17 00:00:00 2001 From: Robert Rose Date: Wed, 4 Jun 2025 20:35:05 +0200 Subject: [PATCH 05/35] [release-25.05] rke2_1_29: mark as vulnerable due to EOL EOL at 2025-02-28 https://www.suse.com/lifecycle#rke2 --- .../networking/cluster/rke2/default.nix | 24 ++++++++++++------- 1 file changed, 15 insertions(+), 9 deletions(-) diff --git a/pkgs/applications/networking/cluster/rke2/default.nix b/pkgs/applications/networking/cluster/rke2/default.nix index 264770a242af..33859a1ed1d0 100644 --- a/pkgs/applications/networking/cluster/rke2/default.nix +++ b/pkgs/applications/networking/cluster/rke2/default.nix @@ -5,15 +5,21 @@ let extraArgs = builtins.removeAttrs args [ "callPackage" ]; in rec { - rke2_1_29 = common ( - (import ./1_29/versions.nix) - // { - updateScript = [ - ./update-script.sh - "29" - ]; - } - ) extraArgs; + rke2_1_29 = + (common ( + (import ./1_29/versions.nix) + // { + updateScript = [ + ./update-script.sh + "29" + ]; + } + ) extraArgs).overrideAttrs + { + meta.knownVulnerabilities = [ + "rke2_1_29 has reached end-of-life on 2025-02-28. See https://www.suse.com/lifecycle#rke2" + ]; + }; rke2_1_30 = common ( (import ./1_30/versions.nix) From 8565f96296a7f9f5f6153519e49f78f0475e15ad Mon Sep 17 00:00:00 2001 From: "R. Ryantm" Date: Tue, 3 Jun 2025 15:13:26 +0000 Subject: [PATCH 06/35] openvswitch: 3.5.0 -> 3.5.1 (cherry picked from commit f9f715bf71897164b216a43a0afe1733afbdd8fe) --- pkgs/by-name/op/openvswitch/package.nix | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/pkgs/by-name/op/openvswitch/package.nix b/pkgs/by-name/op/openvswitch/package.nix index fc95eed3e8bc..e9fa46d811e1 100644 --- a/pkgs/by-name/op/openvswitch/package.nix +++ b/pkgs/by-name/op/openvswitch/package.nix @@ -30,13 +30,13 @@ stdenv.mkDerivation rec { pname = if withDPDK then "openvswitch-dpdk" else "openvswitch"; - version = "3.5.0"; + version = "3.5.1"; src = fetchFromGitHub { owner = "openvswitch"; repo = "ovs"; tag = "v${version}"; - hash = "sha256-fEntEZHmQX78XZZic9hFr07PWC2RQIpuCfb1FYX3hd0="; + hash = "sha256-iiFpX4w6vdsRxjhRcxXTTtSAb8WPwg1afqwgBpzjhoA="; }; outputs = [ From a29b809b3fc06891a3a5a414f90927a56ab60d1c Mon Sep 17 00:00:00 2001 From: Bobby Rong Date: Tue, 3 Jun 2025 00:07:28 +0800 Subject: [PATCH 07/35] =?UTF-8?q?webkitgtk=5F6=5F0:=202.48.2=20=E2=86=92?= =?UTF-8?q?=202.48.3?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit https://webkitgtk.org/2025/05/28/webkitgtk2.48.3-released.html https://github.com/WebKit/WebKit/compare/webkitgtk-2.48.2...webkitgtk-2.48.3 (cherry picked from commit b62b7136cb8dad6b7aeedf8c6b24f86cc9cb62e1) --- pkgs/development/libraries/webkitgtk/default.nix | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/pkgs/development/libraries/webkitgtk/default.nix b/pkgs/development/libraries/webkitgtk/default.nix index 5b91295cf992..cdba05f195ad 100644 --- a/pkgs/development/libraries/webkitgtk/default.nix +++ b/pkgs/development/libraries/webkitgtk/default.nix @@ -80,7 +80,7 @@ # https://webkitgtk.org/2024/10/04/webkitgtk-2.46.html recommends building with clang. clangStdenv.mkDerivation (finalAttrs: { pname = "webkitgtk"; - version = "2.48.2"; + version = "2.48.3"; name = "${finalAttrs.pname}-${finalAttrs.version}+abi=${ if lib.versionAtLeast gtk3.version "4.0" then "6.0" @@ -100,7 +100,7 @@ clangStdenv.mkDerivation (finalAttrs: { src = fetchurl { url = "https://webkitgtk.org/releases/webkitgtk-${finalAttrs.version}.tar.xz"; - hash = "sha256-7Fj238JdOzYDiOGS+GUGjWmqsJtNffAh+Q4xTS+lTzc="; + hash = "sha256-1NxZcPD8alKf9/1nvL+rK7tekb54my6SeWQLMhengsM="; }; patches = lib.optionals clangStdenv.hostPlatform.isLinux [ From 4d97194ab2e3a3cff215e3d4c208388298caacd9 Mon Sep 17 00:00:00 2001 From: h0nIg Date: Wed, 4 Jun 2025 11:22:32 +0200 Subject: [PATCH 08/35] google-cloud-sdk: docu (cherry picked from commit 1f5f844763c9b2895173d1f23e171fe4692df54c) --- pkgs/tools/admin/google-cloud-sdk/default.nix | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/pkgs/tools/admin/google-cloud-sdk/default.nix b/pkgs/tools/admin/google-cloud-sdk/default.nix index 04557b36753b..13134c7a4112 100644 --- a/pkgs/tools/admin/google-cloud-sdk/default.nix +++ b/pkgs/tools/admin/google-cloud-sdk/default.nix @@ -21,12 +21,11 @@ }: let + # include a compatible pyopenssl version: https://github.com/NixOS/nixpkgs/issues/379291 # remove ASAP: https://github.com/googleapis/google-api-python-client/issues/2554 pythonCustom = python3.override { self = pythonCustom; packageOverrides = _: super: { - # include a compatible pyopenssl version: https://github.com/NixOS/nixpkgs/issues/379291 - # remove ASAP: https://github.com/googleapis/google-api-python-client/issues/2554 pyopenssl = super.pyopenssl.overridePythonAttrs (old: rec { version = "24.2.1"; src = old.src.override { From 234470277fed6814e814289baa1b81e21605a67e Mon Sep 17 00:00:00 2001 From: Ryan Omasta Date: Sat, 24 May 2025 17:26:27 -0600 Subject: [PATCH 09/35] mozhi: init at 0-unstable-2025-04-14 (cherry picked from commit 2844748c4bdf9d001079c225b309df7d5a3b9d2d) --- pkgs/by-name/mo/mozhi/package.nix | 30 ++++++++++++++++++++++++++++++ 1 file changed, 30 insertions(+) create mode 100644 pkgs/by-name/mo/mozhi/package.nix diff --git a/pkgs/by-name/mo/mozhi/package.nix b/pkgs/by-name/mo/mozhi/package.nix new file mode 100644 index 000000000000..0f5fdeb998aa --- /dev/null +++ b/pkgs/by-name/mo/mozhi/package.nix @@ -0,0 +1,30 @@ +{ + lib, + buildGoModule, + fetchFromGitea, + unstableGitUpdater, +}: +buildGoModule { + pname = "mozhi"; + version = "0-unstable-2025-04-14"; + + src = fetchFromGitea { + domain = "codeberg.org"; + owner = "aryak"; + repo = "mozhi"; + rev = "c2c14988c09e6c5fae5a8ac59c07a650f0997a5a"; + hash = "sha256-xJw9BkdKlN1VToKyDlkW8UUZB94gzD9nclNciDmVIkk="; + }; + + vendorHash = "sha256-ptwP+ZuuzxRpIuNDoXnAML1KYEh9zTBcOs9YTI8z63A="; + + passthru.updateScript = unstableGitUpdater { }; + + meta = { + homepage = "https://codeberg.org/aryak/mozhi"; + description = "Alternative-frontend for many translation engines, fork of SimplyTranslate"; + license = lib.licenses.agpl3Plus; + maintainers = [ lib.maintainers.ryand56 ]; + mainProgram = "mozhi"; + }; +} From 6879530a886ae6d0a85e310f9520dd2a3bc1c784 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Robert=20Sch=C3=BCtz?= Date: Fri, 6 Jun 2025 14:19:35 -0700 Subject: [PATCH 10/35] headscale: patch /machine/map endpoint vulnerability --- pkgs/servers/headscale/default.nix | 10 ++++++++++ 1 file changed, 10 insertions(+) diff --git a/pkgs/servers/headscale/default.nix b/pkgs/servers/headscale/default.nix index 68edb88fb00c..8efa5cb67940 100644 --- a/pkgs/servers/headscale/default.nix +++ b/pkgs/servers/headscale/default.nix @@ -2,6 +2,7 @@ lib, buildGoModule, fetchFromGitHub, + fetchpatch, installShellFiles, iana-etc, libredirect, @@ -20,6 +21,15 @@ buildGoModule rec { hash = "sha256-CrdMxRAgrDE1lJ3v9AhCN+cKOVqmIVwjE0x+msSVT+c="; }; + patches = [ + (fetchpatch { + name = "fix-machine-map-endpoint-vulnerability.patch"; + url = "https://github.com/juanfont/headscale/pull/2642.patch"; + excludes = [ "CHANGELOG.md" ]; + hash = "sha256-OmggrI0mkA3mk+k18oYWrQWt9iIFIbKE1cyB3ZBwbC4="; + }) + ]; + vendorHash = "sha256-ZQj2A0GdLhHc7JLW7qgpGBveXXNWg9ueSG47OZQQXEw="; subPackages = [ "cmd/headscale" ]; From dbeb1f6779f21a24eae98efa3c0a6e1615c1e933 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Robert=20Sch=C3=BCtz?= Date: Thu, 5 Jun 2025 09:41:24 -0700 Subject: [PATCH 11/35] rustic: simplify shell completion installation (cherry picked from commit 8e2aa7dae048ec6ffc5ae2bafdc6c6ff93cd1457) --- pkgs/by-name/ru/rustic/package.nix | 15 +++++++-------- 1 file changed, 7 insertions(+), 8 deletions(-) diff --git a/pkgs/by-name/ru/rustic/package.nix b/pkgs/by-name/ru/rustic/package.nix index ea400d9b6ce3..d36140e462e0 100644 --- a/pkgs/by-name/ru/rustic/package.nix +++ b/pkgs/by-name/ru/rustic/package.nix @@ -1,5 +1,6 @@ { lib, + stdenv, fetchFromGitHub, rustPlatform, installShellFiles, @@ -17,17 +18,15 @@ rustPlatform.buildRustPackage rec { hash = "sha256-HYPzgynCeWDRRNyACHqnzkjn6uZWS0TDHuJE9STJxbQ="; }; - useFetchCargoVendor = true; cargoHash = "sha256-+BlLVnvI2qBfwEtyxmZFNhR9MEzs0/a1Ce6ALOKtoPU="; nativeBuildInputs = [ installShellFiles ]; - postInstall = '' - for shell in {ba,fi,z}sh; do - $out/bin/rustic completions $shell > rustic.$shell - done - - installShellCompletion rustic.{ba,fi,z}sh + postInstall = lib.optionalString (stdenv.buildPlatform.canExecute stdenv.hostPlatform) '' + installShellCompletion --cmd rustic \ + --bash <($out/bin/rustic completions bash) \ + --fish <($out/bin/rustic completions fish) \ + --zsh <($out/bin/rustic completions zsh) ''; passthru.updateScript = nix-update-script { }; @@ -35,7 +34,7 @@ rustPlatform.buildRustPackage rec { meta = { homepage = "https://github.com/rustic-rs/rustic"; changelog = "https://github.com/rustic-rs/rustic/blob/${src.rev}/CHANGELOG.md"; - description = "fast, encrypted, deduplicated backups powered by pure Rust"; + description = "Fast, encrypted, deduplicated backups powered by pure Rust"; mainProgram = "rustic"; platforms = lib.platforms.linux ++ lib.platforms.darwin; license = [ From e66f041412da85d35f7496fa732ca5d965037c40 Mon Sep 17 00:00:00 2001 From: Markus Heinrich <68288772+markus-heinrich@users.noreply.github.com> Date: Wed, 4 Jun 2025 22:00:50 +0200 Subject: [PATCH 12/35] sylpheed: fix with gcc 14 (cherry picked from commit f71ddc3b5ae50ce45f7f3cf96d58acc7a657b8f4) --- pkgs/by-name/sy/sylpheed/package.nix | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/pkgs/by-name/sy/sylpheed/package.nix b/pkgs/by-name/sy/sylpheed/package.nix index 26aeb6f93388..9ead50540ca4 100644 --- a/pkgs/by-name/sy/sylpheed/package.nix +++ b/pkgs/by-name/sy/sylpheed/package.nix @@ -36,6 +36,11 @@ stdenv.mkDerivation rec { url = "https://git.claws-mail.org/?p=claws.git;a=patch;h=ac286a71ed78429e16c612161251b9ea90ccd431"; sha256 = "sha256-oLmUShtvO6io3jibKT67eO0O58vEDZEeaB51QTd3UkU="; }) + (fetchurl { + name = "0013-fix-FTBFS-GCC-14.patch"; + url = "https://salsa.debian.org/sylpheed-team/sylpheed/-/raw/22984c6d2bf76b0667256a9e8b660447497e1220/debian/patches/0013-fix-FTBFS-GCC-14.patch?inline=false"; + sha256 = "sha256-ZfQKiOK8pMrN87hrP0/2LxYZZdnaciBoa0khG1Djelo="; + }) ]; nativeBuildInputs = [ pkg-config ]; From c6ee89ba834ef7f312846efb4bd118bf4f5a86b6 Mon Sep 17 00:00:00 2001 From: Frank Doepper Date: Sat, 7 Jun 2025 08:03:38 +0200 Subject: [PATCH 13/35] uudeview: 0.5.20 -> 0.5.20-unstable-2025-03-20, update repo, fixes build (#411084) (cherry picked from commit 72caf3acb7785b0ef5ec48152ccdd2288d44bf29) --- pkgs/by-name/uu/uudeview/package.nix | 27 ++++++++++----------------- 1 file changed, 10 insertions(+), 17 deletions(-) diff --git a/pkgs/by-name/uu/uudeview/package.nix b/pkgs/by-name/uu/uudeview/package.nix index 511ccd0efd1b..211a70b7ff11 100644 --- a/pkgs/by-name/uu/uudeview/package.nix +++ b/pkgs/by-name/uu/uudeview/package.nix @@ -1,19 +1,21 @@ { lib, stdenv, - fetchurl, - fetchpatch, + fetchFromGitHub, tcl, tk, + autoreconfHook, }: stdenv.mkDerivation rec { pname = "uudeview"; - version = "0.5.20"; + version = "0.5.20-unstable-2025-03-20"; - src = fetchurl { - url = "http://www.fpx.de/fp/Software/UUDeview/download/uudeview-${version}.tar.gz"; - sha256 = "0dg4v888fxhmf51vxq1z1gd57fslsidn15jf42pj4817vw6m36p4"; + src = fetchFromGitHub { + owner = "hannob"; + repo = "uudeview"; + rev = "7640bc56aa5016cdc9c139eb1ab3ec874e47c744"; + hash = "sha256-IdHxkrXe+2I+aJpZ0bhimXq4xEXE9HDXrL5DtCs7MKk="; }; buildInputs = [ @@ -21,22 +23,13 @@ stdenv.mkDerivation rec { tk ]; + nativeBuildInputs = [ autoreconfHook ]; + configureFlags = [ "--enable-tk=${tk.dev}" "--enable-tcl=${tcl}" ]; - patches = [ - # https://wiki.tcl.tk/3577 - ./matherr.patch - # format hardening - (fetchpatch { - url = "https://raw.githubusercontent.com/OpenMandrivaAssociation/uudeview/master/uudeview-0.5.20-fix-str-fmt.patch"; - sha256 = "1biipck60mhpd0j6jwizaisvqa8alisw1dpfqm6zf7ic5b93hmfw"; - extraPrefix = ""; - }) - ]; - postPatch = '' substituteInPlace tcl/xdeview --replace "exec uuwish" "exec $out/bin/uuwish" ''; From 4ee336f75d6417a9f19f2b2359f857da4041c69b Mon Sep 17 00:00:00 2001 From: Ryan Omasta Date: Thu, 29 May 2025 04:08:13 -0600 Subject: [PATCH 14/35] shadps4: fix update script (cherry picked from commit f9ceab72671014391386997142704e425358a0dd) --- pkgs/by-name/sh/shadps4/package.nix | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) diff --git a/pkgs/by-name/sh/shadps4/package.nix b/pkgs/by-name/sh/shadps4/package.nix index 43f46afa754a..88da965e9446 100644 --- a/pkgs/by-name/sh/shadps4/package.nix +++ b/pkgs/by-name/sh/shadps4/package.nix @@ -119,7 +119,12 @@ stdenv.mkDerivation (finalAttrs: { passthru = { tests.openorbis-example = nixosTests.shadps4; - updateScript = nix-update-script { }; + updateScript = nix-update-script { + extraArgs = [ + "--version-regex" + "v\\.(.*)" + ]; + }; }; meta = { From 2c4964aae1b5d242d6144da44f8e10042db73e4a Mon Sep 17 00:00:00 2001 From: Maximilian Bosch Date: Sat, 7 Jun 2025 10:50:23 +0200 Subject: [PATCH 15/35] matrix-synapse-unwrapped: restore ability to make backports I'm absolutely not going to do this by hand for the next 6 months! --- pkgs/by-name/ma/matrix-synapse-unwrapped/package.nix | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/pkgs/by-name/ma/matrix-synapse-unwrapped/package.nix b/pkgs/by-name/ma/matrix-synapse-unwrapped/package.nix index b39467d5750e..e61711ebe1f0 100644 --- a/pkgs/by-name/ma/matrix-synapse-unwrapped/package.nix +++ b/pkgs/by-name/ma/matrix-synapse-unwrapped/package.nix @@ -28,8 +28,7 @@ python3.pkgs.buildPythonApplication rec { }; cargoDeps = rustPlatform.fetchCargoVendor { - inherit src; - name = "${pname}-${version}"; + inherit pname version src; hash = "sha256-Gq3QvQSRfxRovzuvdboLCheNuMW58GFO9x2N2os+p38="; }; From 45346c3ee39012e12256998fcb2a0067d3f98a5a Mon Sep 17 00:00:00 2001 From: transcaffeine Date: Tue, 3 Jun 2025 17:05:44 +0200 Subject: [PATCH 16/35] matrix-synapse: 1.130.0 -> 1.131.0 Relase notes: https://github.com/element-hq/synapse/releases/tag/v1.131.0 Full changelog: https://github.com/element-hq/synapse/compare/v1.130.0...v1.131.0 (cherry picked from commit 9b9b529bfa166922a672c7c13ffe872475d90ed1) --- pkgs/by-name/ma/matrix-synapse-unwrapped/package.nix | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/pkgs/by-name/ma/matrix-synapse-unwrapped/package.nix b/pkgs/by-name/ma/matrix-synapse-unwrapped/package.nix index e61711ebe1f0..ab54f87cef24 100644 --- a/pkgs/by-name/ma/matrix-synapse-unwrapped/package.nix +++ b/pkgs/by-name/ma/matrix-synapse-unwrapped/package.nix @@ -17,19 +17,19 @@ let in python3.pkgs.buildPythonApplication rec { pname = "matrix-synapse"; - version = "1.130.0"; + version = "1.131.0"; format = "pyproject"; src = fetchFromGitHub { owner = "element-hq"; repo = "synapse"; rev = "v${version}"; - hash = "sha256-/rPVJvIJfPMV+8hMenNF2dJzgemhaD2Z+/G4+6d7r1k="; + hash = "sha256-nXDVkuV5GCk0Lp4LfyiModKdO30PJ40B5mXdm5tMHQo="; }; cargoDeps = rustPlatform.fetchCargoVendor { inherit pname version src; - hash = "sha256-Gq3QvQSRfxRovzuvdboLCheNuMW58GFO9x2N2os+p38="; + hash = "sha256-9VJnn8aPkShqK2wYGFr+S5koIjma7VOr+LkLXwStL1E="; }; postPatch = '' From 6ef270cf157db96bf27a7a770f46633e634188e6 Mon Sep 17 00:00:00 2001 From: Michael Daniels Date: Thu, 29 May 2025 19:43:42 -0400 Subject: [PATCH 17/35] grafana-image-renderer: 3.12.5 -> 3.12.6 Changelog: https://github.com/grafana/grafana-image-renderer/blob/fad0870550b74210ca58fe5112d41bbb91ecd1e6/CHANGELOG.md (cherry picked from commit 8487c267b5872b27ed7c3cb2ef56a69f029cc081) --- pkgs/by-name/gr/grafana-image-renderer/package.json | 10 +++++++++- pkgs/by-name/gr/grafana-image-renderer/package.nix | 6 +++--- 2 files changed, 12 insertions(+), 4 deletions(-) diff --git a/pkgs/by-name/gr/grafana-image-renderer/package.json b/pkgs/by-name/gr/grafana-image-renderer/package.json index 3c8f51add47c..07b8aeaa9292 100644 --- a/pkgs/by-name/gr/grafana-image-renderer/package.json +++ b/pkgs/by-name/gr/grafana-image-renderer/package.json @@ -28,22 +28,30 @@ "@grpc/grpc-js": "^1.8.22", "@grpc/proto-loader": "^0.7.2", "@hapi/boom": "^10.0.0", + "@opentelemetry/api": "^1.9.0", + "@opentelemetry/auto-instrumentations-node": "^0.49.0", + "@opentelemetry/exporter-trace-otlp-http": "^0.52.1", + "@opentelemetry/resources": "^1.25.1", + "@opentelemetry/sdk-node": "^0.52.1", + "@opentelemetry/semantic-conventions": "^1.25.1", "@puppeteer/browsers": "^2.3.1", "chokidar": "^3.5.2", "dompurify": "^3.2.4", "express": "^4.21.1", "express-prom-bundle": "^6.5.0", + "ioredis": "^5.6.1", "jimp": "^0.22.12", "jsdom": "20.0.0", "lodash": "^4.17.21", "minimist": "^1.2.6", "morgan": "^1.9.0", - "multer": "^1.4.5-lts.1", + "multer": "^2.0.0", "on-finished": "^2.3.0", "poolpeteer": "^0.24.0", "prom-client": "^14.1.0", "puppeteer": "^22.8.2", "puppeteer-cluster": "^0.24.0", + "rate-limiter-flexible": "^7.0.0", "unique-filename": "^2.0.1", "winston": "^3.8.2" }, diff --git a/pkgs/by-name/gr/grafana-image-renderer/package.nix b/pkgs/by-name/gr/grafana-image-renderer/package.nix index 5bc87e3fa7f3..1859d7a75225 100644 --- a/pkgs/by-name/gr/grafana-image-renderer/package.nix +++ b/pkgs/by-name/gr/grafana-image-renderer/package.nix @@ -14,18 +14,18 @@ mkYarnPackage rec { pname = "grafana-image-renderer"; - version = "3.12.5"; + version = "3.12.6"; src = fetchFromGitHub { owner = "grafana"; repo = "grafana-image-renderer"; rev = "v${version}"; - hash = "sha256-dcWmMcvWwG4wGEEyFKa1R0jGGpK5x1F5Amr74JzJaLE="; + hash = "sha256-xParYkEeH/jH18SH0tTwN4a8NsO8D30Tcmc76Xy77Ew="; }; offlineCache = fetchYarnDeps { yarnLock = src + "/yarn.lock"; - hash = "sha256-BBu+vOO0UgX3L7Svj0HgVKHR2lSe4tD6c9HDgJZdhHU="; + hash = "sha256-lV+4r+5E55J4H1zl05SimxIhGVD/PvEkIr3j1yhZS4o="; }; packageJSON = ./package.json; From 4a587be1b67c509a182d2b66f449949d5d467685 Mon Sep 17 00:00:00 2001 From: "R. Ryantm" Date: Fri, 6 Jun 2025 11:35:52 +0000 Subject: [PATCH 18/35] apacheHttpdPackages.php: 8.4.7 -> 8.4.8 (cherry picked from commit fffc35b2bbba8b0a0bf215bf19daa5cabe7da698) --- pkgs/development/interpreters/php/8.4.nix | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/pkgs/development/interpreters/php/8.4.nix b/pkgs/development/interpreters/php/8.4.nix index 865b7b37180a..11a74cee28dc 100644 --- a/pkgs/development/interpreters/php/8.4.nix +++ b/pkgs/development/interpreters/php/8.4.nix @@ -4,8 +4,8 @@ let base = callPackage ./generic.nix ( _args // { - version = "8.4.7"; - hash = "sha256-bsyxsGpN2c6jFNvnDHYtPUdlRxy26/kludowiXi/+Yg="; + version = "8.4.8"; + hash = "sha256-NlacZN0UmeVwxDZgO2Qe7nzeSvV2r3hll9DucRs6Ooo="; } ); in From 07e68f06edfdb782d7353883fece08c72d98545c Mon Sep 17 00:00:00 2001 From: Maximilian Bosch Date: Sat, 7 Jun 2025 12:20:08 +0200 Subject: [PATCH 19/35] php83: 8.3.21 -> 8.3.22 ChangeLog: https://www.php.net/ChangeLog-8.php#8.3.22 (cherry picked from commit 3cf7d02c3eb8a375653a94929361d0b278daa46a) --- pkgs/development/interpreters/php/8.3.nix | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/pkgs/development/interpreters/php/8.3.nix b/pkgs/development/interpreters/php/8.3.nix index 61b3554a3489..00325c5ccb63 100644 --- a/pkgs/development/interpreters/php/8.3.nix +++ b/pkgs/development/interpreters/php/8.3.nix @@ -4,8 +4,8 @@ let base = callPackage ./generic.nix ( _args // { - version = "8.3.21"; - hash = "sha256-0HaebhHPpsWaFt4kFmi+jH8xpymVCo0GGQ360thiKwQ="; + version = "8.3.22"; + hash = "sha256-mRM+LNoq83uqedsX2O/UFGKPFKAux18UGKCqP2qmZzs="; } ); in From 88e036043e2468c1ee98458a3e7f585a4081f03c Mon Sep 17 00:00:00 2001 From: teutat3s <10206665+teutat3s@users.noreply.github.com> Date: Wed, 4 Jun 2025 18:18:05 +0200 Subject: [PATCH 20/35] electron_34-bin: 34.5.7 -> 34.5.8 - Changelog: https://github.com/electron/electron/releases/tag/v34.5.8 - Diff: https://github.com/electron/electron/compare/refs/tags/v34.5.7...v34.5.8 - Fixes CVE-2025-5419 (cherry picked from commit 07dd7435ee2a3fdef3f03227d121eb705d06bc7a) --- pkgs/development/tools/electron/binary/info.json | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/pkgs/development/tools/electron/binary/info.json b/pkgs/development/tools/electron/binary/info.json index ab7370d0d55f..d11cd6dfd364 100644 --- a/pkgs/development/tools/electron/binary/info.json +++ b/pkgs/development/tools/electron/binary/info.json @@ -12,14 +12,14 @@ }, "34": { "hashes": { - "aarch64-darwin": "5d9bba193dd522548da5c9289eae79016f053cefad77d0540e8412f1318462a8", - "aarch64-linux": "65e4c5fbbf452378664777696727384853ca4de699da7c84ac39463d8d0e7de9", - "armv7l-linux": "cd3dbedf798ddfcd28f3931b8d2214ee49af8a753c21b16d4068edad44dba2ef", + "aarch64-darwin": "56c27f79c298bd21f6a0434b70776633ce9971667edf22783b4b3f0051646248", + "aarch64-linux": "2172a9fa02331ba9c645dd6a6c5c6c07235e902c0aebb61b123d2f6c3ea0121f", + "armv7l-linux": "03514c1e42d4215972add90eb828221aec29278113ecf6761ec014aee92b3c4e", "headers": "0gxibckgmbvbr84469fvl1f32aw1hbycnsj1lz5cmx196rpdj0r6", - "x86_64-darwin": "8171d8f26305eb01001ddb2d8ff6c922a6142378e1cdac8d5cc72f727bd4e6b6", - "x86_64-linux": "0ad6461a74c6bb7ef076ee4b2f5c22801ea1efb585d716b01ba499d9158d34e5" + "x86_64-darwin": "fb13c7bf7f01529e0084433166f6b66b149407d8f950ca176fde20f023ee64b6", + "x86_64-linux": "da78b040068b6f0d41b3ccc5e5d26f1130bcdeba83f23ebbdae416c26bcf80e2" }, - "version": "34.5.7" + "version": "34.5.8" }, "35": { "hashes": { From 9c147da893172aed2254fb2fe79a77ace5ca2610 Mon Sep 17 00:00:00 2001 From: teutat3s <10206665+teutat3s@users.noreply.github.com> Date: Wed, 4 Jun 2025 18:18:16 +0200 Subject: [PATCH 21/35] electron-chromedriver_34: 34.5.7 -> 34.5.8 - Changelog: https://github.com/electron/electron/releases/tag/v34.5.8 - Diff: https://github.com/electron/electron/compare/refs/tags/v34.5.7...v34.5.8 - Fixes CVE-2025-5419 (cherry picked from commit 6d5dbf6fae055bd5f4d655c48c925d31ac8a01aa) --- .../tools/electron/chromedriver/info.json | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/pkgs/development/tools/electron/chromedriver/info.json b/pkgs/development/tools/electron/chromedriver/info.json index cdaaf85176c2..f2b95261700f 100644 --- a/pkgs/development/tools/electron/chromedriver/info.json +++ b/pkgs/development/tools/electron/chromedriver/info.json @@ -12,14 +12,14 @@ }, "34": { "hashes": { - "aarch64-darwin": "f8d82b6fde28011e3fd75410fe0d9141deeac78a9a3754f3e9e517b485f75b52", - "aarch64-linux": "1a65ef666f61c695bf92c7beb52ea9ec70e105d822363ade0998277d19e5cd01", - "armv7l-linux": "bfa62551c5ef52f907ebb52004504b083a075d6f6582c1ef41dd180873d86518", + "aarch64-darwin": "a3078146762ff67f27dd97470a9d2b4b5a04c182c6fcc5c949303e9a666b8d73", + "aarch64-linux": "b0a9aa381fb4b12822408d8ca668b64cbc67c1b18b8a4e5dedd2d0ad7b3513f9", + "armv7l-linux": "61a62d8b3d5604a098dc03cac7c89a325ff478d896921e286aabfd22735c64b1", "headers": "0gxibckgmbvbr84469fvl1f32aw1hbycnsj1lz5cmx196rpdj0r6", - "x86_64-darwin": "5dff162e53b4c5200b581cd4e3d93a9d5aec31bd3d69b7ede7d2a697daee7f97", - "x86_64-linux": "8fad178d82cc5e65fa18061f213f6d071e2ae1d773824e18703006dab18acf95" + "x86_64-darwin": "aa2ac2aa0dbe410ca152e85ceaf5baeb2cccb28bac7b52b866468edd5e6eb113", + "x86_64-linux": "1a6b534f65c47d2e839f5da0efeeb449cebe622e731b624ccc8c91f493eeec4f" }, - "version": "34.5.7" + "version": "34.5.8" }, "35": { "hashes": { From c915ca8964225276cbfced32606772f2848e4314 Mon Sep 17 00:00:00 2001 From: teutat3s <10206665+teutat3s@users.noreply.github.com> Date: Wed, 4 Jun 2025 18:18:26 +0200 Subject: [PATCH 22/35] electron_35-bin: 35.5.0 -> 35.5.1 - Changelog: https://github.com/electron/electron/releases/tag/v35.5.1 - Diff: https://github.com/electron/electron/compare/refs/tags/v35.5.0...v35.5.1 - Fixes CVE-2025-5419 (cherry picked from commit 7d88bd44155d663632aad535e32ad57156c994f3) --- pkgs/development/tools/electron/binary/info.json | 14 +++++++------- 1 file changed, 7 insertions(+), 7 deletions(-) diff --git a/pkgs/development/tools/electron/binary/info.json b/pkgs/development/tools/electron/binary/info.json index d11cd6dfd364..d7980b762dc0 100644 --- a/pkgs/development/tools/electron/binary/info.json +++ b/pkgs/development/tools/electron/binary/info.json @@ -23,14 +23,14 @@ }, "35": { "hashes": { - "aarch64-darwin": "03b2926356c6cf8718b2d62ee8dd1eaa0812c1f44c5a751c332401dd2867aa47", - "aarch64-linux": "9e98b01d5c6611437e8eecece093307e3e59733bb64c068fc3f9bd226b92238d", - "armv7l-linux": "3072f6865c6f0202d4059224cb43ecab27f03852025addf09a4fa1b6606cb80c", - "headers": "0wspga950dap8wk6ak2idsmp8irjn4xaxq431vxr5ik6r07zn89b", - "x86_64-darwin": "3cfff8110bd11d2b3c342b56674d3fd5863698d8413a2a97be80169f61e23ddf", - "x86_64-linux": "4e9d927a8edecf59dde02b98fe6bfde64814141898650ca1c69820ae0edbcfa4" + "aarch64-darwin": "3d2759f9ba2201a22c9ea2bc2cc2b2392d00b5584a613c82f0fe2493b2c7c108", + "aarch64-linux": "d3338afa395d2eb9eef1a96278e6ced8aeec87c59e3eff754efdc02325b27c2f", + "armv7l-linux": "d73dbb4e39f21d8fcca98b59b278a3ea53728f5d0c469dcf0b88a67b4b2b50c3", + "headers": "00r5swhxsv7bj8k35ymmprp1mvz337f066jhh1xsh437b1abvscp", + "x86_64-darwin": "87b6abd92012904e2b8cf96062657e4ab9b93d60194da88f44b7d84ca281e847", + "x86_64-linux": "8eeaaf8035e471d4c0f4519765feb383c164168d95659d349f36d906dec02fb5" }, - "version": "35.5.0" + "version": "35.5.1" }, "36": { "hashes": { From 1685b83cc02768846f85c9d2ed5f56029f6da840 Mon Sep 17 00:00:00 2001 From: teutat3s <10206665+teutat3s@users.noreply.github.com> Date: Wed, 4 Jun 2025 18:18:36 +0200 Subject: [PATCH 23/35] electron-chromedriver_35: 35.5.0 -> 35.5.1 - Changelog: https://github.com/electron/electron/releases/tag/v35.5.1 - Diff: https://github.com/electron/electron/compare/refs/tags/v35.5.0...v35.5.1 - Fixes CVE-2025-5419 (cherry picked from commit 0e153293e68b27add2f69228b9b4cc8dab615311) --- .../tools/electron/chromedriver/info.json | 14 +++++++------- 1 file changed, 7 insertions(+), 7 deletions(-) diff --git a/pkgs/development/tools/electron/chromedriver/info.json b/pkgs/development/tools/electron/chromedriver/info.json index f2b95261700f..aa197de72f20 100644 --- a/pkgs/development/tools/electron/chromedriver/info.json +++ b/pkgs/development/tools/electron/chromedriver/info.json @@ -23,14 +23,14 @@ }, "35": { "hashes": { - "aarch64-darwin": "511a3c6a6b6032985224bcbc1c4884f8673f7573bde7f3919e9797d6645b53c4", - "aarch64-linux": "25923b319e958285847d4e5c154eb7877b49380042a20c781185d8b6eb558afa", - "armv7l-linux": "d67750b53d37699ade36ebe1912bd72b64af6e825d2d0ac5095531a0b84b191d", - "headers": "0wspga950dap8wk6ak2idsmp8irjn4xaxq431vxr5ik6r07zn89b", - "x86_64-darwin": "c995faf74d2d7e5b6000b8a1e9551d60e396a19a29796608a090417388a9dd1a", - "x86_64-linux": "a1ef549561d64a9d10c1e658f8e86cd735d4261f0c4fc871d8c342240c23d9e0" + "aarch64-darwin": "20f78c2d699cdfb676afe06984bce966be143755e5be6b36a7a16ceb950861d4", + "aarch64-linux": "1f5442d17ad795ff7e8132b20d0e31dc6c9b275a86011f9827cc1b37c9d7a191", + "armv7l-linux": "a384606f04e08ce777d0eb4810cbcda036c4c94fb4ccf5388f9a65a565b28c65", + "headers": "00r5swhxsv7bj8k35ymmprp1mvz337f066jhh1xsh437b1abvscp", + "x86_64-darwin": "efbc881a7599c5f250f57193d98ad08124e9f678467bc3c0977b694d3a557862", + "x86_64-linux": "1929735f9c3c862bad6ed90edce811f25a38daa9e9a77d49c8d39ce309fd499d" }, - "version": "35.5.0" + "version": "35.5.1" }, "36": { "hashes": { From a82c1d95a9be2db45f336677bcffb48c9bb5b4bd Mon Sep 17 00:00:00 2001 From: teutat3s <10206665+teutat3s@users.noreply.github.com> Date: Wed, 4 Jun 2025 18:18:47 +0200 Subject: [PATCH 24/35] electron_36-bin: 36.3.2 -> 36.4.0 - Changelog: https://github.com/electron/electron/releases/tag/v36.4.0 - Diff: https://github.com/electron/electron/compare/refs/tags/v36.3.2...v36.4.0 - Fixes CVE-2025-5419 (cherry picked from commit 53cbc1a396c2bfaefa140b150a3492fd3c618c32) --- pkgs/development/tools/electron/binary/info.json | 14 +++++++------- 1 file changed, 7 insertions(+), 7 deletions(-) diff --git a/pkgs/development/tools/electron/binary/info.json b/pkgs/development/tools/electron/binary/info.json index d7980b762dc0..91b5a1b967af 100644 --- a/pkgs/development/tools/electron/binary/info.json +++ b/pkgs/development/tools/electron/binary/info.json @@ -34,13 +34,13 @@ }, "36": { "hashes": { - "aarch64-darwin": "2b51b3001a0e79d9130a379d5276b87c22c054ddf4f19413fd9e0aa2983b4a9e", - "aarch64-linux": "0e68a05932d1c662ec8c33a2773aea5575eae1081514cf6ce1c4efe331b772bf", - "armv7l-linux": "216d0c8b6a76ef78e7c3b82a45cda251e5d6b038de89bc62f32a7317590d3995", - "headers": "1s0didlyil9vzxjkmnf49h7k99319l71m37fdz6zj45v5dnqqj7g", - "x86_64-darwin": "460d54a596a3a8a04c6414fb7866e453b7075c1a848bc3230aa01b6d566e8b03", - "x86_64-linux": "d124c39544faf125f45f3adccf83e53ca23589d9f35115f69644cfc5c8133e4e" + "aarch64-darwin": "33744982d4f182df72b8b22c20fc83942a1bdadcd2358deb83000ca578dd767d", + "aarch64-linux": "27bf37e1cecc7683575140730cbcd4e1b0847bace2d5a705c69e6d1bcd1c0f4c", + "armv7l-linux": "5953b7f3747d657334b07bc47971cdbfa1b37ef807e21ef5001637aaaa43f635", + "headers": "0zww9rwrvi6g5vjpmxsvp1cqqkmx9rnl6yzwba8kyvyapk5daz8d", + "x86_64-darwin": "4d33e24a87df1f839053eba4dc8500026df46cc62b7e57c39d5ec2edecddab91", + "x86_64-linux": "d2ef32b2bff3fe2594774fca81abda8d617d5f6c0c40529e39900296309e4a3c" }, - "version": "36.3.2" + "version": "36.4.0" } } From 45c8f2d965ba57712fa59a50e1f7c6c56e4d51d8 Mon Sep 17 00:00:00 2001 From: teutat3s <10206665+teutat3s@users.noreply.github.com> Date: Wed, 4 Jun 2025 18:18:57 +0200 Subject: [PATCH 25/35] electron-chromedriver_36: 36.3.2 -> 36.4.0 - Changelog: https://github.com/electron/electron/releases/tag/v36.4.0 - Diff: https://github.com/electron/electron/compare/refs/tags/v36.3.2...v36.4.0 - Fixes CVE-2025-5419 (cherry picked from commit 6d9e078ea6de978a7d8245e5ecf0c8ff4b715b5b) --- .../tools/electron/chromedriver/info.json | 14 +++++++------- 1 file changed, 7 insertions(+), 7 deletions(-) diff --git a/pkgs/development/tools/electron/chromedriver/info.json b/pkgs/development/tools/electron/chromedriver/info.json index aa197de72f20..cfed30b50ec1 100644 --- a/pkgs/development/tools/electron/chromedriver/info.json +++ b/pkgs/development/tools/electron/chromedriver/info.json @@ -34,13 +34,13 @@ }, "36": { "hashes": { - "aarch64-darwin": "dbbfe5a72cdce199204c32039e5cf38992dd4a5bde95d9a1f351a130fadde340", - "aarch64-linux": "ffacf585beb157ab6e2607ac0d288d8cac979f73f08355a50c2244a700272ec1", - "armv7l-linux": "d7e290f616e8a7ba2d3b9463939e7b48e3b7f49727483424f3b06ecf7d1bebc6", - "headers": "1s0didlyil9vzxjkmnf49h7k99319l71m37fdz6zj45v5dnqqj7g", - "x86_64-darwin": "d1dbd94952411b0663f9da05c1c5938d87f4498c798b4b90c7db21bc311329f1", - "x86_64-linux": "54296abbcc99416528555113ec0871f230eef5492304827a1208591457d6968a" + "aarch64-darwin": "54580cb9d22b469c6eedb5a95b0f499c90e5efb79939dbe401a92461bf2ffda2", + "aarch64-linux": "05499a412299c811357250d00beb26c72e0e8abe9bb1c2dbbc23262399821a9e", + "armv7l-linux": "4296a52873910c65612e45eba86a6967033b4ee5442eb97ffb8d311eab0e5b1e", + "headers": "0zww9rwrvi6g5vjpmxsvp1cqqkmx9rnl6yzwba8kyvyapk5daz8d", + "x86_64-darwin": "971dcef573297e05befc8c8618ea5ac38501945e9cee5bf7d49e5a66718cf7b5", + "x86_64-linux": "215623fd1736752f70a273a2ea591a8ce0a63a3c4305866cc30c80505aadc5ca" }, - "version": "36.3.2" + "version": "36.4.0" } } From ec4862d43292cb2a868e2282076e6f81fad2cb20 Mon Sep 17 00:00:00 2001 From: teutat3s <10206665+teutat3s@users.noreply.github.com> Date: Wed, 4 Jun 2025 18:42:49 +0200 Subject: [PATCH 26/35] electron-source.electron_34: 34.5.7 -> 34.5.8 - Changelog: https://github.com/electron/electron/releases/tag/v34.5.8 - Diff: https://github.com/electron/electron/compare/refs/tags/v34.5.7...v34.5.8 - Fixes CVE-2025-5419 (cherry picked from commit e237be9a454d3ac772db3163d582faf582c1dc25) --- pkgs/development/tools/electron/info.json | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/pkgs/development/tools/electron/info.json b/pkgs/development/tools/electron/info.json index f181728bc62c..a328a6a0e3d2 100644 --- a/pkgs/development/tools/electron/info.json +++ b/pkgs/development/tools/electron/info.json @@ -57,10 +57,10 @@ }, "src/electron": { "args": { - "hash": "sha256-V393R2leEFjj337xVnqo9hlSn7rq44n2PnLcaUrYQ4M=", + "hash": "sha256-ABlVuW0EUsFUyuIaugoI09EsHF+g7fxRSS/bOaOAkjg=", "owner": "electron", "repo": "electron", - "tag": "v34.5.7" + "tag": "v34.5.8" }, "fetcher": "fetchFromGitHub" }, @@ -1274,7 +1274,7 @@ "electron_yarn_hash": "0gh5bcsh23s3rqxqc2l3jz5vjb553sk0a1jycn94zm821pc3csd2", "modules": "132", "node": "20.19.1", - "version": "34.5.7" + "version": "34.5.8" }, "35": { "chrome": "134.0.6998.205", From c7bc25f98cf376fafd33adc5874d6ccc91a80c12 Mon Sep 17 00:00:00 2001 From: teutat3s <10206665+teutat3s@users.noreply.github.com> Date: Wed, 4 Jun 2025 18:59:48 +0200 Subject: [PATCH 27/35] electron-source.electron_35: 35.5.0 -> 35.5.1 - Changelog: https://github.com/electron/electron/releases/tag/v35.5.1 - Diff: https://github.com/electron/electron/compare/refs/tags/v35.5.0...v35.5.1 - Fixes CVE-2025-5419 (cherry picked from commit 84093de5993565084a19f4bc1776b885ff71ed88) --- pkgs/development/tools/electron/info.json | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/pkgs/development/tools/electron/info.json b/pkgs/development/tools/electron/info.json index a328a6a0e3d2..a2069edcb3de 100644 --- a/pkgs/development/tools/electron/info.json +++ b/pkgs/development/tools/electron/info.json @@ -1334,10 +1334,10 @@ }, "src/electron": { "args": { - "hash": "sha256-+Kj09hzwmAs5UvzV2wkBY4pPJDDNNmdIcjWXAbfrwz0=", + "hash": "sha256-jIEeMTY8D4o2cCmk2RupGKu9HTVFjNI+90QZlXNrOWM=", "owner": "electron", "repo": "electron", - "tag": "v35.5.0" + "tag": "v35.5.1" }, "fetcher": "fetchFromGitHub" }, @@ -2583,7 +2583,7 @@ "electron_yarn_hash": "1p9gs8s1zhwxvvmi9zb76k5nn1wly4yq0i12ibr0wvw5ls8bbars", "modules": "133", "node": "22.15.1", - "version": "35.5.0" + "version": "35.5.1" }, "36": { "chrome": "136.0.7103.115", From dd72f3c87530d36c5d071ba576a2e361bdca4b9c Mon Sep 17 00:00:00 2001 From: teutat3s <10206665+teutat3s@users.noreply.github.com> Date: Wed, 4 Jun 2025 19:33:18 +0200 Subject: [PATCH 28/35] electron-source.electron_36: 36.3.2 -> 36.4.0 - Changelog: https://github.com/electron/electron/releases/tag/v36.4.0 - Diff: https://github.com/electron/electron/compare/refs/tags/v36.3.2...v36.4.0 - Fixes CVE-2025-5419 (cherry picked from commit 308e77ddac6ade9b4771711c16f8e603bd3fbfb9) --- pkgs/development/tools/electron/info.json | 18 +++++++++--------- 1 file changed, 9 insertions(+), 9 deletions(-) diff --git a/pkgs/development/tools/electron/info.json b/pkgs/development/tools/electron/info.json index a2069edcb3de..d2e91a284230 100644 --- a/pkgs/development/tools/electron/info.json +++ b/pkgs/development/tools/electron/info.json @@ -2586,7 +2586,7 @@ "version": "35.5.1" }, "36": { - "chrome": "136.0.7103.115", + "chrome": "136.0.7103.149", "chromium": { "deps": { "gn": { @@ -2596,15 +2596,15 @@ "version": "2025-03-24" } }, - "version": "136.0.7103.115" + "version": "136.0.7103.149" }, "chromium_npm_hash": "sha256-QRjk9X4rJW3ofizK33R4T1qym1riqcnpBhDF+FfNZLo=", "deps": { "src": { "args": { - "hash": "sha256-yUWNV65TshvAMaz1kGOUQuy+J5vXPryjisGN3MxTU9Q=", + "hash": "sha256-qu3+U2o7N0MSx+nifQMAfSEjxTDIBSz/DNkEZdo5uFw=", "postFetch": "rm -r $out/third_party/blink/web_tests; rm -r $out/content/test/data; rm -rf $out/courgette/testdata; rm -r $out/extensions/test/data; rm -r $out/media/test/data; ", - "tag": "136.0.7103.115", + "tag": "136.0.7103.149", "url": "https://chromium.googlesource.com/chromium/src.git" }, "fetcher": "fetchFromGitiles" @@ -2643,10 +2643,10 @@ }, "src/electron": { "args": { - "hash": "sha256-bMQJfOkWRFE7Qg4kHiwkNcuXOSWU0EzEGSo8U1SuGTQ=", + "hash": "sha256-DwV8hZ6iK1Pc0j/86UnrkJ6FhOXD3eCBiOk5Y14N4jg=", "owner": "electron", "repo": "electron", - "tag": "v36.3.2" + "tag": "v36.4.0" }, "fetcher": "fetchFromGitHub" }, @@ -3898,8 +3898,8 @@ }, "src/v8": { "args": { - "hash": "sha256-Fi4pl6xSXkHF4XaQNfNzULVjQZSzDfaHFIyIxH103go=", - "rev": "5297e56d91816747d539abca52b578e5832135f0", + "hash": "sha256-COlRcmBtuP/XBe9j4Qxikkz7ZSwcQhcWVe5+I0++OOk=", + "rev": "150f01318cda02f1ef63dd79672eae6c81dd3301", "url": "https://chromium.googlesource.com/v8/v8.git" }, "fetcher": "fetchFromGitiles" @@ -3908,6 +3908,6 @@ "electron_yarn_hash": "10n86jnzcq8kh0nk29ljw9wi1fgj13f07h92b009i1dryagliyrs", "modules": "135", "node": "22.15.1", - "version": "36.3.2" + "version": "36.4.0" } } From ad92b74685872ed23b0bdad9c475d9d39c116f1d Mon Sep 17 00:00:00 2001 From: Winter Date: Tue, 3 Jun 2025 17:56:12 -0400 Subject: [PATCH 29/35] glibc: allow easier overriding of linux headers package Before this change, one would have to `callPackage` `common.nix` manually, but now this can be done via `glibc.override`. (cherry picked from commit 05482c6b799344b813a4b55dd6ebb402c61b28b7) --- pkgs/development/libraries/glibc/common.nix | 1 + pkgs/development/libraries/glibc/default.nix | 3 ++- 2 files changed, 3 insertions(+), 1 deletion(-) diff --git a/pkgs/development/libraries/glibc/common.nix b/pkgs/development/libraries/glibc/common.nix index 5117d420463b..18e7d84477f7 100644 --- a/pkgs/development/libraries/glibc/common.nix +++ b/pkgs/development/libraries/glibc/common.nix @@ -260,6 +260,7 @@ stdenv.mkDerivation ( // (removeAttrs args [ "withLinuxHeaders" + "linuxHeaders" "withGd" "enableCET" "postInstall" diff --git a/pkgs/development/libraries/glibc/default.nix b/pkgs/development/libraries/glibc/default.nix index d165cb8fff62..fc76ebe9ae05 100644 --- a/pkgs/development/libraries/glibc/default.nix +++ b/pkgs/development/libraries/glibc/default.nix @@ -3,6 +3,7 @@ stdenv, callPackage, withLinuxHeaders ? true, + linuxHeaders ? null, profilingLibraries ? false, withGd ? false, enableCET ? if stdenv.hostPlatform.isx86_64 then "permissive" else false, @@ -19,7 +20,7 @@ let ]; in -(callPackage ./common.nix { inherit stdenv; } { +(callPackage ./common.nix { inherit stdenv linuxHeaders; } { inherit withLinuxHeaders withGd From f5da24ea3d4cf4051234406339242001d11f096b Mon Sep 17 00:00:00 2001 From: "R. Ryantm" Date: Sat, 7 Jun 2025 15:57:10 +0000 Subject: [PATCH 30/35] postgresqlPackages.pg_net: 0.14.0 -> 0.15.1 (cherry picked from commit 8308f5ed6a8fe8b816e5668a58cf6ebc1974d163) --- pkgs/servers/sql/postgresql/ext/pg_net.nix | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/pkgs/servers/sql/postgresql/ext/pg_net.nix b/pkgs/servers/sql/postgresql/ext/pg_net.nix index ce821a3b1901..5ac42c9bb499 100644 --- a/pkgs/servers/sql/postgresql/ext/pg_net.nix +++ b/pkgs/servers/sql/postgresql/ext/pg_net.nix @@ -8,13 +8,13 @@ postgresqlBuildExtension (finalAttrs: { pname = "pg_net"; - version = "0.14.0"; + version = "0.15.1"; src = fetchFromGitHub { owner = "supabase"; repo = "pg_net"; tag = "v${finalAttrs.version}"; - hash = "sha256-c1pxhTyrE5j6dY+M5eKAboQNofIORS+Dccz+7HKEKQI="; + hash = "sha256-BhLZdoMeK6QkmEEn3/+G6+TElFea2uifaQBW5aftqpM="; }; buildInputs = [ curl ]; From 54e847a0885f75aa26ecb217efdcdc30a0f5f54e Mon Sep 17 00:00:00 2001 From: "R. Ryantm" Date: Tue, 3 Jun 2025 08:59:48 +0000 Subject: [PATCH 31/35] flake-checker: 0.2.6 -> 0.2.7 (cherry picked from commit 6333a028bb6813fc84a19ca34f9539630815f9dd) --- pkgs/by-name/fl/flake-checker/package.nix | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/pkgs/by-name/fl/flake-checker/package.nix b/pkgs/by-name/fl/flake-checker/package.nix index 51b6b98b2ac2..8a1e86d09794 100644 --- a/pkgs/by-name/fl/flake-checker/package.nix +++ b/pkgs/by-name/fl/flake-checker/package.nix @@ -6,17 +6,17 @@ rustPlatform.buildRustPackage rec { pname = "flake-checker"; - version = "0.2.6"; + version = "0.2.7"; src = fetchFromGitHub { owner = "DeterminateSystems"; repo = "flake-checker"; rev = "v${version}"; - hash = "sha256-qEdwtyk5IaYCx67BFnLp4iUN+ewfPMl/wjs9K4hKqGc="; + hash = "sha256-RwkyyrWm0QRNOn7Bb9jKOyJ049B6pPmhbrx8tXpUf4w="; }; useFetchCargoVendor = true; - cargoHash = "sha256-5eaVjrAPxBQdG+LQ6mQ/ZYAdslpdK3mrZ5Vbuwe3iQw="; + cargoHash = "sha256-lB7+2dQGfbn7IhmCAN0jvFTGjJDBpw57VHi3qIwwOZ4="; meta = with lib; { description = "Health checks for your Nix flakes"; From 2f534ed8eab7d9412fe291d336fca110afb6dd1e Mon Sep 17 00:00:00 2001 From: Katalin Rebhan Date: Mon, 4 Mar 2024 23:15:13 +0100 Subject: [PATCH 32/35] nixos/users-groups: allow changing default home directory (cherry picked from commit 6f7d7cf76fb01215fca32ecd31bcd86d2250472e) --- nixos/modules/config/users-groups.nix | 10 +++++++++- nixos/modules/programs/shadow.nix | 2 +- 2 files changed, 10 insertions(+), 2 deletions(-) diff --git a/nixos/modules/config/users-groups.nix b/nixos/modules/config/users-groups.nix index 1eb3e47a46ae..636ff2655a65 100644 --- a/nixos/modules/config/users-groups.nix +++ b/nixos/modules/config/users-groups.nix @@ -477,7 +477,7 @@ let (mkIf config.isNormalUser { group = mkDefault "users"; createHome = mkDefault true; - home = mkDefault "/home/${config.name}"; + home = mkDefault "${cfg.defaultUserHome}/${config.name}"; homeMode = mkDefault "700"; useDefaultShell = mkDefault true; isSystemUser = mkDefault false; @@ -753,6 +753,14 @@ in ''; }; + users.defaultUserHome = mkOption { + type = types.str; + default = "/home"; + description = '' + The default home directory for normal users. + ''; + }; + # systemd initrd boot.initrd.systemd.users = mkOption { description = '' diff --git a/nixos/modules/programs/shadow.nix b/nixos/modules/programs/shadow.nix index 44e0f44dfecc..e8eb756f8f59 100644 --- a/nixos/modules/programs/shadow.nix +++ b/nixos/modules/programs/shadow.nix @@ -217,7 +217,7 @@ in # /etc/default/useradd: configuration for useradd. "default/useradd".source = pkgs.writeText "useradd" '' GROUP=100 - HOME=/home + HOME=${config.users.defaultUserHome} SHELL=${utils.toShellPath config.users.defaultUserShell} ''; }; From a965735abbeb0ab30fa04ffa7e809f8e75c0c356 Mon Sep 17 00:00:00 2001 From: Peder Bergebakken Sundt Date: Fri, 6 Jun 2025 20:35:31 +0200 Subject: [PATCH 33/35] detach: init at 0.2.3 (cherry picked from commit cb742cea3fc1de19ee8aed81b1083620d010e9f0) --- pkgs/by-name/de/detach/package.nix | 38 ++++++++++++++++++++++++++++++ 1 file changed, 38 insertions(+) create mode 100644 pkgs/by-name/de/detach/package.nix diff --git a/pkgs/by-name/de/detach/package.nix b/pkgs/by-name/de/detach/package.nix new file mode 100644 index 000000000000..a9025beaee11 --- /dev/null +++ b/pkgs/by-name/de/detach/package.nix @@ -0,0 +1,38 @@ +{ + lib, + stdenv, + fetchzip, + installShellFiles, +}: + +stdenv.mkDerivation rec { + pname = "detach"; + version = "0.2.3"; + + src = fetchzip { + url = "http://inglorion.net/download/detach-${version}.tar.bz2"; + hash = "sha256-nnhJGtmPlTeqM20FAKRyhhSMViTXFpQT0A1ol4lhsoc="; + }; + + nativeBuildInputs = [ installShellFiles ]; + + dontConfigure = true; + + makeFlags = [ "PREFIX=$(out)" ]; + + postInstall = '' + installShellCompletion --cmd detach \ + --zsh contrib/zsh-completer/_detach + ''; + + doCheck = false; + + meta = { + description = "Utility for running a command detached from the current terminal"; + homepage = "https://inglorion.net/software/detach/"; + license = lib.licenses.mit; + mainProgram = "detach"; + maintainers = with lib.maintainers; [ pbsds ]; + platforms = lib.platforms.unix; + }; +} From 0016f0134ce515357190ce9d99b836bdf76e1fae Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Maximilian=20G=C3=BCntner?= Date: Sun, 6 Apr 2025 21:48:05 +0200 Subject: [PATCH 34/35] librespot: add withMDNS + withDNS-SD arguments librespot always included the zeroconf mdns backend prior to https://github.com/librespot-org/librespot/commit/94d174c33d30a4baa30799b4e9a85b63d4331b2c (included in release 0.6.0). This added the `with-libmdns` feature and enabled it by default, reflecting the settings of 0.5.0. Since the derivation disables all default features, switching to 0.6.0 silently removed the mdns zeroconf backend of librespot. Also removes `avahi-compat` as buildInput for `withAvahi` as it is not needed. (cherry picked from commit fa56896456dd075d1db65105ed12c05e150276a8) --- pkgs/applications/audio/librespot/default.nix | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/pkgs/applications/audio/librespot/default.nix b/pkgs/applications/audio/librespot/default.nix index 6a29a96e470b..bcb2d3a739f8 100644 --- a/pkgs/applications/audio/librespot/default.nix +++ b/pkgs/applications/audio/librespot/default.nix @@ -15,6 +15,8 @@ libpulseaudio, withRodio ? true, withAvahi ? false, + withMDNS ? true, + withDNS-SD ? false, avahi-compat, }: @@ -44,13 +46,15 @@ rustPlatform.buildRustPackage rec { buildInputs = [ openssl ] ++ lib.optional withALSA alsa-lib - ++ lib.optional withAvahi avahi-compat + ++ lib.optional withDNS-SD avahi-compat ++ lib.optional withPortAudio portaudio ++ lib.optional withPulseAudio libpulseaudio; buildNoDefaultFeatures = true; buildFeatures = lib.optional withRodio "rodio-backend" + ++ lib.optional withMDNS "with-libmdns" + ++ lib.optional withDNS-SD "with-dns-sd" ++ lib.optional withALSA "alsa-backend" ++ lib.optional withAvahi "with-avahi" ++ lib.optional withPortAudio "portaudio-backend" From e25926ac6780a22bf7514fc524cad6bfbbd597dd Mon Sep 17 00:00:00 2001 From: Martin Weinelt Date: Sun, 8 Jun 2025 01:20:28 +0200 Subject: [PATCH 35/35] applyPatches: passthru outputHashAlog MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Fixes evaluation of the find-tarballs.nix script used in the tarballs mirror pipeline. ``` $ nix-instantiate --eval --json --strict maintainers/scripts/find-tarballs.nix --arg expr 'import maintainers/scripts/all-tarballs.nix' --show-trace [...] error: … while calling anonymous lambda at maintainers/scripts/find-tarballs.nix:3:1: 2| 3| { | ^ 4| expr, … while evaluating uniqueFiles at maintainers/scripts/find-tarballs.nix:105:1: 104| in 105| uniqueFiles | ^ 106| … while calling the 'map' builtin at maintainers/scripts/find-tarballs.nix:26:17: 25| 26| uniqueFiles = map (x: x.file) (genericClosure { | ^ 27| startSet = map (file: { … while calling the 'genericClosure' builtin at maintainers/scripts/find-tarballs.nix:26:34: 25| 26| uniqueFiles = map (x: x.file) (genericClosure { | ^ 27| startSet = map (file: { … while evaluating type at maintainers/scripts/find-tarballs.nix:28:28: 27| startSet = map (file: { 28| key = with file; (if type == null then "" else type + "+") + hash; | ^ 29| inherit file; error: attribute 'outputHashAlgo' missing at maintainers/scripts/find-tarballs.nix:38:16: 37| isPatch = (drv ? postFetch && drv.postFetch != ""); 38| type = drv.outputHashAlgo; | ^ 39| name = drv.name; ``` (cherry picked from commit f2aff81018ae4ad8a1e244335db7e77f6f7e8997) --- pkgs/build-support/trivial-builders/default.nix | 1 + 1 file changed, 1 insertion(+) diff --git a/pkgs/build-support/trivial-builders/default.nix b/pkgs/build-support/trivial-builders/default.nix index 96cc43157d38..1b9e799551c9 100644 --- a/pkgs/build-support/trivial-builders/default.nix +++ b/pkgs/build-support/trivial-builders/default.nix @@ -1034,6 +1034,7 @@ rec { "tag" "url" "outputHash" + "outputHashAlgo" ] src ); in