chn/nixpkgs
1
0
Fork 0
mirror of https://github.com/CHN-beta/nixpkgs.git synced 2026-01-13 11:30:35 +08:00
Code Issues Packages Projects Releases Wiki Activity

Merge staging-next-22.11 into staging-22.11

Browse Source
This commit is contained in:
github-actions[bot]
2023-01-19 00:14:31 +00:00
committed by GitHub
parent 6d8e37f862 d533409e21
commit 2fa1877194
16 changed files with 360 additions and 33 deletions
Download Patch File Download Diff File Expand all files Collapse all files

10
pkgs/applications/networking/browsers/librewolf/src.json
View File

@@ -1,11 +1,11 @@
{
"packageVersion": "108.0.1-1",
"packageVersion": "108.0.2-1",
"source": {
"rev": "108.0.1-1",
"sha256": "0ix8ri2s8rnpd9nqvwlk50x9hp51y70gb3r6f7lh4ldg2bay08n0"
"rev": "108.0.2-1",
"sha256": "0mzar03yq8vphhxhjzr2n4v9jm8z5j5vaxfzby7wf42pw7p0fml6"
},
"firefox": {
"version": "108.0.1",
"sha512": "e6219ed6324422ec293ed96868738e056582bb9f7fb82e59362541f3465c6ebca806d26ecd801156b074c3675bd5a22507b1f1fa53eebf82b7dd35f2b1ff0625"
"version": "108.0.2",
"sha512": "f856ef034fa4a526e19968aed092c9ee99e124d2d271ec1c1bbd091d9a03e23293d69c7a9ae17c43258cde7e73c294534b471e36441e576377854f607c9bfa3a"
}
}

4
pkgs/applications/networking/sync/onedrive/default.nix
View File

@@ -14,13 +14,13 @@
stdenv.mkDerivation rec {
pname = "onedrive";
version = "2.4.21";
version = "2.4.23";
src = fetchFromGitHub {
owner = "abraunegg";
repo = pname;
rev = "v${version}";
hash = "sha256-KZVRLXXaJYMqHzjxTfQaD0u7n3ACBEk3fLOmqwybNhM=";
hash = "sha256-yHpjutZV2u1VhnLxsQIu0NtKnqwtoRn4TM+8tXJ4RNo=";
};
nativeBuildInputs = [ autoreconfHook ldc installShellFiles pkg-config ];

4
pkgs/applications/version-management/git-and-tools/git/default.nix
View File

@@ -28,7 +28,7 @@ assert sendEmailSupport -> perlSupport;
assert svnSupport -> perlSupport;
let
version = "2.38.1";
version = "2.38.3";
svn = subversionClient.override { perlBindings = perlSupport; };
gitwebPerlLibs = with perlPackages; [ CGI HTMLParser CGIFast FCGI FCGIProcManager HTMLTagCloud ];
in
@@ -41,7 +41,7 @@ stdenv.mkDerivation (finalAttrs: {
src = fetchurl {
url = "https://www.kernel.org/pub/software/scm/git/git-${version}.tar.xz";
sha256 = "sha256-l9346liiueD7wlCOJFAoynWRG9ONFVFhaxSMGqV0Ctk=";
sha256 = "sha256-JMU5R5Vx27lmeDJEL//XKf4hkugcygczfZXv34RYLGs=";
};
outputs = [ "out" ] ++ lib.optional withManual "doc";

12
pkgs/applications/version-management/gitlab/data.json
View File

@@ -1,14 +1,14 @@
{
"version": "15.7.3",
"repo_hash": "sha256-uB9LC5S/zxb8fwwvLjKRkZ1DOVKLnjYKAE2LeHXdP5E=",
"version": "15.7.5",
"repo_hash": "sha256-zo1b82y114NpX43rJAWQmUhORM1kQxyiSnonqPUQJmY=",
"yarn_hash": "086v3lr4hnz8z8pla1d3mi2smldidmx2z2cmffn830ianpqkk83l",
"owner": "gitlab-org",
"repo": "gitlab",
"rev": "v15.7.3-ee",
"rev": "v15.7.5-ee",
"passthru": {
"GITALY_SERVER_VERSION": "15.7.3",
"GITLAB_PAGES_VERSION": "15.7.3",
"GITALY_SERVER_VERSION": "15.7.5",
"GITLAB_PAGES_VERSION": "15.7.5",
"GITLAB_SHELL_VERSION": "14.14.0",
"GITLAB_WORKHORSE_VERSION": "15.7.3"
"GITLAB_WORKHORSE_VERSION": "15.7.5"
}
}

4
pkgs/applications/version-management/gitlab/gitaly/default.nix
View File

@@ -11,7 +11,7 @@ let
gemdir = ./.;
};
version = "15.7.3";
version = "15.7.5";
package_version = "v${lib.versions.major version}";
gitaly_package = "gitlab.com/gitlab-org/gitaly/${package_version}";
@@ -22,7 +22,7 @@ let
owner = "gitlab-org";
repo = "gitaly";
rev = "v${version}";
sha256 = "sha256-AcEjwq5dcNsPc3wQJNU1oiGAAqWIFNk8868Xw5ZC/g8=";
sha256 = "sha256-FT77MUcErc/16tChwyNczCLtADTOEzKKTsTlhLI6aV8=";
};
vendorSha256 = "sha256-UEEM0mv7d0gmDcsSKbeh4JcTnX4f5oogZnhRpqaNxwY=";

2
pkgs/applications/version-management/gitlab/gitlab-workhorse/default.nix
View File

@@ -5,7 +5,7 @@ in
buildGoModule rec {
pname = "gitlab-workhorse";
version = "15.7.3";
version = "15.7.5";
src = fetchFromGitLab {
owner = data.owner;

11
pkgs/development/interpreters/perl/default.nix
View File

@@ -36,7 +36,16 @@ let
optional crossCompiling "mini";
setOutputFlags = false;
propagatedBuildInputs = lib.optional enableCrypt libxcrypt;
# On FreeBSD, if Perl is built with threads support, having
# libxcrypt available will result in a build failure, because
# perl.h will get conflicting definitions of struct crypt_data
# from libc's unistd.h and libxcrypt's crypt.h.
#
# FreeBSD Ports has the same issue building the perl port if
# the libxcrypt port has been installed.
#
# Without libxcrypt, Perl will still find FreeBSD's crypt functions.
propagatedBuildInputs = lib.optional (enableCrypt && !stdenv.isFreeBSD) libxcrypt;
disallowedReferences = [ stdenv.cc ];

4
pkgs/development/libraries/libcddb/default.nix
View File

@@ -9,7 +9,7 @@ stdenv.mkDerivation rec {
sha256 = "0fr21a7vprdyy1bq6s99m0x420c9jm5fipsd63pqv8qyfkhhxkim";
};
buildInputs = lib.optional stdenv.isDarwin libiconv;
buildInputs = [ libiconv ];
configureFlags = lib.optionals (stdenv.hostPlatform != stdenv.buildPlatform) [
"ac_cv_func_malloc_0_nonnull=yes"
@@ -23,6 +23,6 @@ stdenv.mkDerivation rec {
homepage = "http://libcddb.sourceforge.net/";
license = licenses.lgpl2Plus;
mainProgram = "cddb_query";
platforms = platforms.linux ++ platforms.darwin;
platforms = platforms.unix;
};
}

5
pkgs/development/libraries/libepoxy/default.nix
View File

@@ -56,10 +56,13 @@ stdenv.mkDerivation rec {
NIX_CFLAGS_COMPILE = lib.optionalString x11Support ''-DLIBGL_PATH="${getLib libGL}/lib"'';
# cgl_epoxy_api fails in darwin sandbox and on Hydra (because it's headless?)
# cgl_core and cgl_epoxy_api fail in darwin sandbox and on Hydra (because it's headless?)
preCheck = lib.optionalString stdenv.isDarwin ''
substituteInPlace ../test/meson.build \
--replace "[ 'cgl_epoxy_api', [ 'cgl_epoxy_api.c' ] ]," ""
'' + lib.optionalString (stdenv.isDarwin && stdenv.isx86_64) ''
substituteInPlace ../test/meson.build \
--replace "[ 'cgl_core', [ 'cgl_core.c' ] ]," ""
'';
doCheck = true;

4
pkgs/development/python-modules/psutil/default.nix
View File

@@ -52,8 +52,8 @@ buildPythonPackage rec {
"disk_io_counters"
"sensors_battery"
"user"
] ++ lib.optionals (with stdenv; isAarch64 && isLinux) [
"test_disk_partitions"
] ++ lib.optionals stdenv.isLinux [
"test_disk_partitions" # problematic on Hydra's Linux builders, apparently
];
pythonImportsCheck = [

6
pkgs/servers/matrix-synapse/default.nix
View File

@@ -11,20 +11,20 @@ in
with python3.pkgs;
buildPythonApplication rec {
pname = "matrix-synapse";
version = "1.74.0";
version = "1.75.0";
format = "pyproject";
src = fetchFromGitHub {
owner = "matrix-org";
repo = "synapse";
rev = "v${version}";
hash = "sha256-UsYodjykcLOgClHegqH598kPoGAI1Z8bLzV5LLE6yLg=";
hash = "sha256-cfvekrZRLbdsUqkkPF8hz9B4qsum1kpIL0aCnJf3HYg=";
};
cargoDeps = rustPlatform.fetchCargoTarball {
inherit src;
name = "${pname}-${version}";
hash = "sha256-XOW9DRUhGIs8x5tQ9l2A85sNv736uMmfC72f8FX3g/I=";
hash = "sha256-oyXgHqOrMKs+mYGAI4Wn+fuVQWsQJIkPwCY4t+cUlQ4=";
};
postPatch = ''

8
pkgs/servers/nextcloud/default.nix
View File

@@ -50,13 +50,13 @@ in {
'';
nextcloud24 = generic {
version = "24.0.8";
sha256 = "a5c3a070516debba991355e6b737b261396b15b9f2cd939617611ab0bed99299";
version = "24.0.9";
sha256 = "580a3384c9c09aefb8e9b41553d21a6e20001799549dbd25b31dea211d97dd1e";
};
nextcloud25 = generic {
version = "25.0.2";
sha256 = "d6ab40faa108937bda42395f570ff111f4c97343b55be1420024da3177e37d59";
version = "25.0.3";
sha256 = "4b2b1423736ef92469096fe24f61c24cad87a34e07c1c7a81b385d3ea25c00ec";
};
# tip: get the sha with:

236
pkgs/tools/misc/grub/2.0x.nix
View File

@@ -78,6 +78,242 @@ stdenv.mkDerivation rec {
url = "https://git.savannah.gnu.org/cgit/grub.git/patch/?id=000b5cd04fd228f9741f5dca0491636bc0b89eb8";
sha256 = "sha256-Mex3qQ0lW7ZCv7ZI7MSSqbylJXZ5RTbR4Pv1+CJ0ciM=";
})
(fetchpatch {
name = "CVE-2021-3981.patch";
url = "https://git.savannah.gnu.org/cgit/grub.git/patch/?id=0adec29674561034771c13e446069b41ef41e4d4";
sha256 = "sha256-3vkvWjcSv0hyY2EX3ig2EXEe+XLiRsXYlcd5kpY4wXw=";
})
# June 2022 security patches
# https://lists.gnu.org/archive/html/grub-devel/2022-06/msg00035.html
(fetchpatch {
name = "CVE-2021-3695.CVE-2021-3696.CVE-2021-3697.CVE-2022-28733.CVE-2022-28734.CVE-2022-28735.CVE-2022-28736.CVE-2022-28737.1.patch";
url = "https://git.savannah.gnu.org/cgit/grub.git/patch/?id=1469983ebb9674753ad333d37087fb8cb20e1dce";
sha256 = "sha256-oB4S0jvIXsDPcjIz1E2LKm7gwdvZjywuI1j0P6JQdJg=";
})
(fetchpatch {
name = "CVE-2021-3695.CVE-2021-3696.CVE-2021-3697.CVE-2022-28733.CVE-2022-28734.CVE-2022-28735.CVE-2022-28736.CVE-2022-28737.2.patch";
url = "https://git.savannah.gnu.org/cgit/grub.git/patch/?id=14ceb3b3ff6db664649138442b6562c114dcf56e";
sha256 = "sha256-mKe8gzd0U4PbV8z3TWCdvv7UugEgYaVIkB4dyMrSGEE=";
})
(fetchpatch {
name = "CVE-2021-3695.CVE-2021-3696.CVE-2021-3697.CVE-2022-28733.CVE-2022-28734.CVE-2022-28735.CVE-2022-28736.CVE-2022-28737.3.patch";
url = "https://git.savannah.gnu.org/cgit/grub.git/patch/?id=04c86e0bb7b58fc2f913f798cdb18934933e532d";
sha256 = "sha256-sA+PTlk4hwYOVKRZBHkEskabzmsf47Hi4h3mzWOFjwM=";
})
(fetchpatch {
name = "CVE-2021-3695.CVE-2021-3696.CVE-2021-3697.CVE-2022-28733.CVE-2022-28734.CVE-2022-28735.CVE-2022-28736.CVE-2022-28737.4.patch";
url = "https://git.savannah.gnu.org/cgit/grub.git/patch/?id=6fe755c5c07bb386fda58306bfd19e4a1c974c53";
sha256 = "sha256-8zmFocUfnjSyhYitUFDHoilHDnm1NJmhcKwO9dueV3k=";
})
(fetchpatch {
name = "CVE-2021-3695.CVE-2021-3696.CVE-2021-3697.CVE-2022-28733.CVE-2022-28734.CVE-2022-28735.CVE-2022-28736.CVE-2022-28737.5.patch";
url = "https://git.savannah.gnu.org/cgit/grub.git/patch/?id=f1ce0e15e70ea1aafcfa26ad93e7585f65783c6f";
sha256 = "sha256-Wrlam6CRPUAHbKqe/X1YLcRxJ2LQTtmQ/Y66gxUlqK4=";
})
(fetchpatch {
name = "CVE-2021-3695.CVE-2021-3696.CVE-2021-3697.CVE-2022-28733.CVE-2022-28734.CVE-2022-28735.CVE-2022-28736.CVE-2022-28737.6.patch";
url = "https://git.savannah.gnu.org/cgit/grub.git/patch/?id=5bff31cdb6b93d738f850834e6291df1d0b136fa";
sha256 = "sha256-ReLWSePXjRweymsVAL/uoBgYMWt9vRDcY3iXlDNZT0w=";
})
(fetchpatch {
name = "CVE-2021-3695.CVE-2021-3696.CVE-2021-3697.CVE-2022-28733.CVE-2022-28734.CVE-2022-28735.CVE-2022-28736.CVE-2022-28737.7.patch";
url = "https://git.savannah.gnu.org/cgit/grub.git/patch/?id=347880a13c239b4c2811c94c9a7cf78b607332e3";
sha256 = "sha256-07hpHuJFw95xGoJ/6ej7i6HlCFb2QRxP3arvRjKW4uU=";
})
## Needed to apply patch 8
(fetchpatch {
name = "video-remove-trailing-whitespaces.patch";
url = "https://git.savannah.gnu.org/cgit/grub.git/patch/?id=1f48917d8ddb490dcdc70176e0f58136b7f7811a";
sha256 = "sha256-/yf/LGpwYcQ36KITzmiFfg4BvhcApKbrlFzjKK8V2kI=";
})
(fetchpatch {
name = "CVE-2021-3695.CVE-2021-3696.CVE-2021-3697.CVE-2022-28733.CVE-2022-28734.CVE-2022-28735.CVE-2022-28736.CVE-2022-28737.8.patch";
url = "https://git.savannah.gnu.org/cgit/grub.git/patch/?id=e623866d9286410156e8b9d2c82d6253a1b22d08";
sha256 = "sha256-zFxP6JY5Q9s3yJHdkbZ2w+dXFKeOCXjFnQKadB5HLCg=";
})
(fetchpatch {
name = "CVE-2021-3695.CVE-2021-3696.CVE-2021-3697.CVE-2022-28733.CVE-2022-28734.CVE-2022-28735.CVE-2022-28736.CVE-2022-28737.9.patch";
url = "https://git.savannah.gnu.org/cgit/grub.git/patch/?id=210245129c932dc9e1c2748d9d35524fb95b5042";
sha256 = "sha256-FyZhdTlcRVmn7X2hv93RhWP7NOoEMb7ib/DWveyz3Ew=";
})
(fetchpatch {
name = "CVE-2021-3695.CVE-2021-3696.CVE-2021-3697.CVE-2022-28733.CVE-2022-28734.CVE-2022-28735.CVE-2022-28736.CVE-2022-28737.10.patch";
url = "https://git.savannah.gnu.org/cgit/grub.git/patch/?id=690bee69fae6b4bd911293d6b7e56774e29fdf64";
sha256 = "sha256-nOAXxebCW/s5M6sjPKdSdx47/PcH1lc0yYT0flVwoC8=";
})
(fetchpatch {
name = "CVE-2021-3695.CVE-2021-3696.CVE-2021-3697.CVE-2022-28733.CVE-2022-28734.CVE-2022-28735.CVE-2022-28736.CVE-2022-28737.11.patch";
url = "https://git.savannah.gnu.org/cgit/grub.git/patch/?id=d5caac8ab79d068ad9a41030c772d03a4d4fbd7b";
sha256 = "sha256-9fGJJkgZ6+E01MJqVTR1qFITx9EAx41Hv9QNfdqBgu0=";
})
(fetchpatch {
name = "CVE-2021-3695.CVE-2021-3696.CVE-2021-3697.CVE-2022-28733.CVE-2022-28734.CVE-2022-28735.CVE-2022-28736.CVE-2022-28737.12.patch";
url = "https://git.savannah.gnu.org/cgit/grub.git/patch/?id=768ef2199e0265cf455b154f1a80a612f02274c8";
sha256 = "sha256-2/JJJux5vqXUc77bi3aXRy8NclbvyD/0e6UN8/6Ui3c=";
})
(fetchpatch {
name = "CVE-2021-3695.CVE-2021-3696.CVE-2021-3697.CVE-2022-28733.CVE-2022-28734.CVE-2022-28735.CVE-2022-28736.CVE-2022-28737.13.patch";
url = "https://git.savannah.gnu.org/cgit/grub.git/patch/?id=166a4d61448f74745afe1dac2f2cfb85d04909bf";
sha256 = "sha256-XxTZ8P8qr4qEXELdHwaRACPeIZ/iixlATLB5RvVQsC8=";
})
(fetchpatch {
name = "CVE-2021-3695.CVE-2021-3696.CVE-2021-3697.CVE-2022-28733.CVE-2022-28734.CVE-2022-28735.CVE-2022-28736.CVE-2022-28737.14.patch";
url = "https://git.savannah.gnu.org/cgit/grub.git/patch/?id=22a3f97d39f6a10b08ad7fd1cc47c4dcd10413f6";
sha256 = "sha256-bzB2gmGvWR2ylvMw779KQ/VHBBMsDNbG96eg9qQlljA=";
})
(fetchpatch {
name = "CVE-2021-3695.CVE-2021-3696.CVE-2021-3697.CVE-2022-28733.CVE-2022-28734.CVE-2022-28735.CVE-2022-28736.CVE-2022-28737.15.patch";
url = "https://git.savannah.gnu.org/cgit/grub.git/patch/?id=830a9628b2c9e1b6388af624aaf4a80818ed6be0";
sha256 = "sha256-8fna2VbbUw8zBx77osaOOHlZFgRrHqwQK87RoUtCF6w=";
})
(fetchpatch {
name = "CVE-2021-3695.CVE-2021-3696.CVE-2021-3697.CVE-2022-28733.CVE-2022-28734.CVE-2022-28735.CVE-2022-28736.CVE-2022-28737.16.patch";
url = "https://git.savannah.gnu.org/cgit/grub.git/patch/?id=3e4817538de828319ba6d59ced2fbb9b5ca13287";
sha256 = "sha256-iCZAyRS/a15x5aJCJBYl9nw6Hc3WRCUG7zF5V+OwDKg=";
})
(fetchpatch {
name = "CVE-2021-3695.CVE-2021-3696.CVE-2021-3697.CVE-2022-28733.CVE-2022-28734.CVE-2022-28735.CVE-2022-28736.CVE-2022-28737.17.patch";
url = "https://git.savannah.gnu.org/cgit/grub.git/patch/?id=f407e34f3871a4c402bbd516e7c28ea193cef1b7";
sha256 = "sha256-S45cLZNTWapAodKudUz2fMjnPsW6vbtNz0bIvIBGmu4=";
})
(fetchpatch {
name = "CVE-2021-3695.CVE-2021-3696.CVE-2021-3697.CVE-2022-28733.CVE-2022-28734.CVE-2022-28735.CVE-2022-28736.CVE-2022-28737.18.patch";
url = "https://git.savannah.gnu.org/cgit/grub.git/patch/?id=c1b7eef9fa4aaefbf7d0507505c3bb2914e1ad6b";
sha256 = "sha256-TWPfEAOePwC77yiVdsTSZIjfsMp7+0XabCz9K3FlV7w=";
})
## Needed to apply patch 19
(fetchpatch {
name = "net-remove-trailing-whitespaces.patch";
url = "https://git.savannah.gnu.org/cgit/grub.git/patch/?id=e453a4a64392a41bc7b37f890aceb358112d1687";
sha256 = "sha256-JCbUB77Y6js5u99uJ9StDxNjjahNy4nO3crK8/GvmPY=";
})
(fetchpatch {
name = "CVE-2021-3695.CVE-2021-3696.CVE-2021-3697.CVE-2022-28733.CVE-2022-28734.CVE-2022-28735.CVE-2022-28736.CVE-2022-28737.19.patch";
url = "https://git.savannah.gnu.org/cgit/grub.git/patch/?id=96abf4fb9d829f4a405d5df39bc74bbccbd0e322";
sha256 = "sha256-6E2MKO5kauFA1TA8YkUgIUusniwHS2Sr44A/a7ZqDCo=";
})
(fetchpatch {
name = "CVE-2021-3695.CVE-2021-3696.CVE-2021-3697.CVE-2022-28733.CVE-2022-28734.CVE-2022-28735.CVE-2022-28736.CVE-2022-28737.20.patch";
url = "https://git.savannah.gnu.org/cgit/grub.git/patch/?id=ee9652031491326736714a988fbbaeab8ef9255c";
sha256 = "sha256-E21q+Mj+JBQlUW0pe4zbaoL3ErXmCanyizwAsRYYZHk=";
})
(fetchpatch {
name = "CVE-2021-3695.CVE-2021-3696.CVE-2021-3697.CVE-2022-28733.CVE-2022-28734.CVE-2022-28735.CVE-2022-28736.CVE-2022-28737.21.patch";
url = "https://git.savannah.gnu.org/cgit/grub.git/patch/?id=8f287c3e13da2bf82049e2e464eca7ca4fef0a85";
sha256 = "sha256-dZ24RwYsHeUrMuiU7PDgPcw+iK9cOd6q+E0xWXbtTkE=";
})
(fetchpatch {
name = "CVE-2021-3695.CVE-2021-3696.CVE-2021-3697.CVE-2022-28733.CVE-2022-28734.CVE-2022-28735.CVE-2022-28736.CVE-2022-28737.22.patch";
url = "https://git.savannah.gnu.org/cgit/grub.git/patch/?id=dad94fffe14be476df5f34a8e5a90ea62a41fe12";
sha256 = "sha256-06TyTEvSy19dsnXZZoKBGx7ymJVWogr0NorzLflEwY4=";
})
(fetchpatch {
name = "CVE-2021-3695.CVE-2021-3696.CVE-2021-3697.CVE-2022-28733.CVE-2022-28734.CVE-2022-28735.CVE-2022-28736.CVE-2022-28737.23.patch";
url = "https://git.savannah.gnu.org/cgit/grub.git/patch/?id=ec6bfd3237394c1c7dbf2fd73417173318d22f4b";
sha256 = "sha256-NryxSekO8oSxsnv5G9mFZExm4Pwfc778mslyUDuDhlM=";
})
(fetchpatch {
name = "CVE-2021-3695.CVE-2021-3696.CVE-2021-3697.CVE-2022-28733.CVE-2022-28734.CVE-2022-28735.CVE-2022-28736.CVE-2022-28737.24.patch";
url = "https://git.savannah.gnu.org/cgit/grub.git/patch/?id=b26b4c08e7119281ff30d0fb4a6169bd2afa8fe4";
sha256 = "sha256-fSH3cxl/76DwkE8dHSR9uao9Vf1sJrhz7SmUSgDNodI=";
})
(fetchpatch {
name = "CVE-2021-3695.CVE-2021-3696.CVE-2021-3697.CVE-2022-28733.CVE-2022-28734.CVE-2022-28735.CVE-2022-28736.CVE-2022-28737.25.patch";
url = "https://git.savannah.gnu.org/cgit/grub.git/patch/?id=4bd9877f62166b7e369773ab92fe24a39f6515f8";
sha256 = "sha256-VMtR/sF8F1BMKmJ06ZZEPNH/+l0RySy/E6lVWdCyFKE=";
})
(fetchpatch {
name = "CVE-2021-3695.CVE-2021-3696.CVE-2021-3697.CVE-2022-28733.CVE-2022-28734.CVE-2022-28735.CVE-2022-28736.CVE-2022-28737.26.patch";
url = "https://git.savannah.gnu.org/cgit/grub.git/patch/?id=deae293f399dde3773cf37dfa9b77ca7e04ef772";
sha256 = "sha256-sCC3KE9adavw7jHMTVlxtyuwDFCPRDqT24H3AKUYf68=";
})
(fetchpatch {
name = "CVE-2021-3695.CVE-2021-3696.CVE-2021-3697.CVE-2022-28733.CVE-2022-28734.CVE-2022-28735.CVE-2022-28736.CVE-2022-28737.27.patch";
url = "https://git.savannah.gnu.org/cgit/grub.git/patch/?id=e40b83335bb33d9a2d1c06cc269875b3b3d6c539";
sha256 = "sha256-cviCfBkzacAtnHGW87RLshhduE4Ym/v2Vq4h/sZDmZg=";
})
(fetchpatch {
name = "CVE-2021-3695.CVE-2021-3696.CVE-2021-3697.CVE-2022-28733.CVE-2022-28734.CVE-2022-28735.CVE-2022-28736.CVE-2022-28737.28.patch";
url = "https://git.savannah.gnu.org/cgit/grub.git/patch/?id=11e1cffb7e2492ddac4ab8d19ce466783adbb957";
sha256 = "sha256-I1feoneVeU3XkscKfVprWWJfLUnrc5oauMXYDyDxo5M=";
})
(fetchpatch {
name = "CVE-2021-3695.CVE-2021-3696.CVE-2021-3697.CVE-2022-28733.CVE-2022-28734.CVE-2022-28735.CVE-2022-28736.CVE-2022-28737.29.patch";
url = "https://git.savannah.gnu.org/cgit/grub.git/patch/?id=13dce204cf6f3f0f49c9949971052a4c9657c0c0";
sha256 = "sha256-DzFHxgR9A8FNZ/y9OMeBvTp1K6J5ePyL06dhHQmk7Ik=";
})
(fetchpatch {
name = "CVE-2021-3695.CVE-2021-3696.CVE-2021-3697.CVE-2022-28733.CVE-2022-28734.CVE-2022-28735.CVE-2022-28736.CVE-2022-28737.30.patch";
url = "https://git.savannah.gnu.org/cgit/grub.git/patch/?id=2f4430cc0a44fd8c8aa7aee5c51887667ad3d6c3";
sha256 = "sha256-AufP/10/auO4NMjYQ7yPDDbYShwGaktyQtqJx2Jasz8=";
})
# October 2022 security patches
# https://lists.gnu.org/archive/html/grub-devel/2022-11/msg00059.html
(fetchpatch {
name = "CVE-2022-2601.CVE-2022-3775.1.patch";
url = "https://git.savannah.gnu.org/cgit/grub.git/patch/?id=f6b6236077f059e64ee315f2d7acb8fa4eda87c5";
sha256 = "sha256-pk02iVf/u6CdsVjl8HaFBh0Bt473ZQzz5zBp9SoBLtE=";
})
(fetchpatch {
name = "CVE-2022-2601.CVE-2022-3775.2.patch";
url = "https://git.savannah.gnu.org/cgit/grub.git/patch/?id=9c76ec09ae08155df27cd237eaea150b4f02f532";
sha256 = "sha256-axbEOH5WFkUroGna2XY1f2kq7+B1Cs6LiubIA2EBdiM=";
})
(fetchpatch {
name = "CVE-2022-2601.CVE-2022-3775.3.patch";
url = "https://git.savannah.gnu.org/cgit/grub.git/patch/?id=768e1ef2fc159f6e14e7246e4be09363708ac39e";
sha256 = "sha256-aKDUVS/Yx1c87NCrt4EG8BlSpkHijUyAJIwbmtzNjD8=";
})
(fetchpatch {
name = "CVE-2022-2601.CVE-2022-3775.4.patch";
url = "https://git.savannah.gnu.org/cgit/grub.git/patch/?id=c51292274ded3259eb04c2f1c8d253ffbdb5216a";
sha256 = "sha256-OLNOKuAJuHy2MBMnU2xcYM7AaxmDk9fchXhggoDrxJU=";
})
(fetchpatch {
name = "CVE-2022-2601.CVE-2022-3775.5.patch";
url = "https://git.savannah.gnu.org/cgit/grub.git/patch/?id=23843fe8947e4da955a05ad3d1858725bfcb56c8";
sha256 = "sha256-ptn00nqVJlEb1c6HhoMy9nrBuctH077LM4yXKsK47gc=";
})
(fetchpatch {
name = "CVE-2022-2601.CVE-2022-3775.6.patch";
url = "https://git.savannah.gnu.org/cgit/grub.git/patch/?id=b9396daf1c2e3cdc0a1e69b056852e0769fb24de";
sha256 = "sha256-K7XNneDZjLpZh/C908+5uYsB/0oIdgQqmk0yJrdQLG4=";
})
(fetchpatch {
name = "CVE-2022-2601.CVE-2022-3775.7.patch";
url = "https://git.savannah.gnu.org/cgit/grub.git/patch/?id=1d2015598cc7a9fca4b39186273e3519a88e80c7";
sha256 = "sha256-s4pZtszH4b/0u85rpzVapZmNQdYEq/wW06SQ3PW/1aU=";
})
(fetchpatch {
name = "CVE-2022-2601.CVE-2022-3775.8.patch";
url = "https://git.savannah.gnu.org/cgit/grub.git/patch/?id=93a786a00163e50c29f0394df198518617e1c9a5";
sha256 = "sha256-R8x557RMAxJ0ZV2jb6zDmwOPVlk6875q37fNpqKsPT0=";
})
(fetchpatch {
name = "CVE-2022-2601.CVE-2022-3775.9.patch";
url = "https://git.savannah.gnu.org/cgit/grub.git/patch/?id=1eac01c147b4d85d2ec4a7e5671fa4345f2e8549";
sha256 = "sha256-eOnhmU3pT5cCVnNHcY/BzDjldfs7yh/OGsxa15tGv94=";
})
(fetchpatch {
name = "CVE-2022-2601.CVE-2022-3775.10.patch";
url = "https://git.savannah.gnu.org/cgit/grub.git/patch/?id=992c06191babc1e109caf40d6a07ec6fdef427af";
sha256 = "sha256-kezNKPcLmFXwyZbXtJbaPTIbE8tijmHIzdC2jsKwrNk=";
})
(fetchpatch {
name = "CVE-2022-2601.CVE-2022-3775.11.patch";
url = "https://git.savannah.gnu.org/cgit/grub.git/patch/?id=9d81f71c6b8f55cf20cd56f5fe29c759df9b48cc";
sha256 = "sha256-jnniVGy4KvFGFmcOP2YLA46k3cK8vwoByo19ismVUzE=";
})
(fetchpatch {
name = "CVE-2022-2601.CVE-2022-3775.12.patch";
url = "https://git.savannah.gnu.org/cgit/grub.git/patch/?id=22b77b87e10a3a6c9bb9885415bc9a9c678378e6";
sha256 = "sha256-iYTEqN5997I7MVIg82jt/bbEAYhcgq8fNRCNPpY9ze0=";
})
(fetchpatch {
name = "CVE-2022-2601.CVE-2022-3775.13.patch";
url = "https://git.savannah.gnu.org/cgit/grub.git/patch/?id=1514678888595ef41a968a0c69b7ff769edd1e9c";
sha256 = "sha256-tgAEoAtaNKJjscjMFkXXiVn59Pa4c+NiQ3iVW6CMrpo=";
})
];
postPatch = if kbdcompSupport then ''

3
pkgs/tools/networking/isync/default.nix
View File

@@ -15,6 +15,9 @@ stdenv.mkDerivation rec {
patches = [
# Fixes "Fatal: buffer too small" error
./0001-Increase-imap_vprintf-buffer-size.patch
# Fix #202595: SSL error "Socket error: ... unexpected eof while reading"
# Source: https://sourceforge.net/p/isync/isync/ci/b6c36624f04cd388873785c0631df3f2f9ac4bf0/
./work-around-unexpected-EOF-error-messages-at-end-of-SSL-connections.patch
];
nativeBuildInputs = [ pkg-config perl ];

76
pkgs/tools/networking/isync/work-around-unexpected-EOF-error-messages-at-end-of-SSL-connections.patch Normal file
View File

@@ -0,0 +1,76 @@
From b6c36624f04cd388873785c0631df3f2f9ac4bf0 Mon Sep 17 00:00:00 2001
From: Oswald Buddenhagen <ossi@users.sf.net>
Date: Mon, 6 Jun 2022 11:55:37 +0200
Subject: [PATCH] work around "unexpected EOF" error messages at end of SSL
connections
gmail apparently doesn't send a close notification (SSL_shutdown())
before closing the TCP socket.
---
src/drv_imap.c | 7 +++++--
src/socket.c | 9 +++++++++
src/socket.h | 1 +
3 files changed, 15 insertions(+), 2 deletions(-)
diff --git a/src/drv_imap.c b/src/drv_imap.c
index fb8d165..6286045 100644
--- a/src/drv_imap.c
+++ b/src/drv_imap.c
@@ -1620,6 +1620,7 @@ imap_socket_read( void *aux )
error( "IMAP error: unexpected BYE response: %s\n", cmd );
/* We just wait for the server to close the connection now. */
ctx->expectEOF = 1;
+ socket_expect_eof( &ctx->conn );
} else {
/* We still need to wait for the LOGOUT's tagged OK. */
}
@@ -1882,10 +1883,12 @@ static void
imap_cleanup_p2( imap_store_t *ctx,
imap_cmd_t *cmd ATTR_UNUSED, int response )
{
- if (response == RESP_NO)
+ if (response == RESP_NO) {
imap_cancel_store( &ctx->gen );
- else if (response == RESP_OK)
+ } else if (response == RESP_OK) {
ctx->expectEOF = 1;
+ socket_expect_eof( &ctx->conn );
+ }
}
/******************* imap_open_store *******************/
diff --git a/src/socket.c b/src/socket.c
index ac3c847..892cece 100644
--- a/src/socket.c
+++ b/src/socket.c
@@ -810,6 +810,15 @@ socket_expect_activity( conn_t *conn, int expect )
conf_wakeup( &conn->fd_timeout, expect ? conn->conf->timeout : -1 );
}
+void
+socket_expect_eof( conn_t *sock )
+{
+#ifdef SSL_OP_IGNORE_UNEXPECTED_EOF // implies HAVE_LIBSSL
+ if (sock->ssl)
+ SSL_set_options( sock->ssl, SSL_OP_IGNORE_UNEXPECTED_EOF );
+#endif
+}
+
int
socket_read( conn_t *conn, char *buf, uint len )
{
diff --git a/src/socket.h b/src/socket.h
index 5b1edd0..af679aa 100644
--- a/src/socket.h
+++ b/src/socket.h
@@ -142,6 +142,7 @@ void socket_start_tls(conn_t *conn, void (*cb)( int ok, void *aux ) );
void socket_start_deflate( conn_t *conn );
void socket_close( conn_t *sock );
void socket_expect_activity( conn_t *sock, int expect );
+void socket_expect_eof( conn_t *sock );
int socket_read( conn_t *sock, char *buf, uint len ); /* never waits */
char *socket_read_line( conn_t *sock ); /* don't free return value; never waits */
typedef enum { KeepOwn = 0, GiveOwn } ownership_t;
--
2.38.0

4
pkgs/tools/security/sudo/default.nix
View File

@@ -14,11 +14,11 @@
stdenv.mkDerivation rec {
pname = "sudo";
version = "1.9.12p1";
version = "1.9.12p2";
src = fetchurl {
url = "https://www.sudo.ws/dist/${pname}-${version}.tar.gz";
hash = "sha256-R1oYqOs9qLKRfOqwY6a69R6gkSjDxH4+DjOrdJe6t9g=";
hash = "sha256-uaCxrg8d3Zvn8+r+cL4F7oH1cvb1NmMsRM1BAbsqhTk=";
};
prePatch = ''